diff options
| author | deanm@chromium.org <deanm@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2008-11-19 19:46:27 +0000 |
|---|---|---|
| committer | deanm@chromium.org <deanm@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2008-11-19 19:46:27 +0000 |
| commit | 3a96c74353aae5bcc15867400927e52f05d9b7e6 (patch) | |
| tree | 8e88a4c722f67c282a095ba5363c95d938a596f3 /chrome/browser/importer | |
| parent | ad4996c5bae5ebb89eb893d49a5802f7e8a9e543 (diff) | |
| download | chromium_src-3a96c74353aae5bcc15867400927e52f05d9b7e6.zip chromium_src-3a96c74353aae5bcc15867400927e52f05d9b7e6.tar.gz chromium_src-3a96c74353aae5bcc15867400927e52f05d9b7e6.tar.bz2 | |
Enforce httponly on cookies coming from the renderer. This prevents javascript from setting a new httponly cookie, and more importantly from overwriting httponly cookies.
Patch from Marius Schilder.
Review URL: http://codereview.chromium.org/11275
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@5700 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/browser/importer')
| -rw-r--r-- | chrome/browser/importer/toolbar_importer.cc | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/chrome/browser/importer/toolbar_importer.cc b/chrome/browser/importer/toolbar_importer.cc index 54f75d6..80d5a7f 100644 --- a/chrome/browser/importer/toolbar_importer.cc +++ b/chrome/browser/importer/toolbar_importer.cc @@ -27,7 +27,8 @@ bool ToolbarImporterUtils::IsGoogleGAIACookieInstalled() { URLRequestContext* context = Profile::GetDefaultRequestContext(); net::CookieMonster* store= context->cookie_store(); GURL url(kGoogleDomainUrl); - net::CookieMonster::CookieOptions options = net::CookieMonster::NORMAL; + net::CookieMonster::CookieOptions options; + options.set_include_httponly(); // The SID cookie might be httponly. std::string cookies = store->GetCookiesWithOptions(url, options); std::vector<std::string> cookie_list; SplitString(cookies, kSplitStringToken, &cookie_list); |