From 3a96c74353aae5bcc15867400927e52f05d9b7e6 Mon Sep 17 00:00:00 2001
From: "deanm@chromium.org"
 <deanm@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Wed, 19 Nov 2008 19:46:27 +0000
Subject: Enforce httponly on cookies coming from the renderer.  This prevents
 javascript from setting a new httponly cookie, and more importantly from
 overwriting httponly cookies.

Patch from Marius Schilder.
Review URL: http://codereview.chromium.org/11275

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@5700 0039d316-1c4b-4281-b951-d872f2087c98
---
 chrome/browser/importer/toolbar_importer.cc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'chrome/browser/importer')

diff --git a/chrome/browser/importer/toolbar_importer.cc b/chrome/browser/importer/toolbar_importer.cc
index 54f75d6..80d5a7f 100644
--- a/chrome/browser/importer/toolbar_importer.cc
+++ b/chrome/browser/importer/toolbar_importer.cc
@@ -27,7 +27,8 @@ bool ToolbarImporterUtils::IsGoogleGAIACookieInstalled() {
   URLRequestContext* context = Profile::GetDefaultRequestContext();
   net::CookieMonster* store= context->cookie_store();
   GURL url(kGoogleDomainUrl);
-  net::CookieMonster::CookieOptions options = net::CookieMonster::NORMAL;
+  net::CookieMonster::CookieOptions options;
+  options.set_include_httponly();  // The SID cookie might be httponly.
   std::string cookies = store->GetCookiesWithOptions(url, options);
   std::vector<std::string> cookie_list;
   SplitString(cookies, kSplitStringToken, &cookie_list);
-- 
cgit v1.1