1/*
2 * Copyright (C) 2003, 2006, 2008 Apple Inc. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 * 1. Redistributions of source code must retain the above copyright
8 *    notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 *    notice, this list of conditions and the following disclaimer in the
11 *    documentation and/or other materials provided with the distribution.
12 *
13 * THIS SOFTWARE IS PROVIDED BY APPLE COMPUTER, INC. ``AS IS'' AND ANY
14 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16 * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL APPLE COMPUTER, INC. OR
17 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
18 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
19 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
20 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
21 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
23 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 */
25
26#import "config.h"
27#import "CookieJar.h"
28
29#import "BlockExceptions.h"
30#import "Cookie.h"
31#import "Document.h"
32#import "KURL.h"
33#import <wtf/RetainPtr.h>
34
35#ifdef BUILDING_ON_TIGER
36typedef unsigned NSUInteger;
37#endif
38
39@interface NSHTTPCookie (WebCoreHTTPOnlyCookies)
40- (BOOL)isHTTPOnly;
41@end
42
43namespace WebCore {
44
45static bool isHTTPOnly(NSHTTPCookie *cookie)
46{
47    // Once we require a newer version of Foundation with the isHTTPOnly method,
48    // we can eliminate the instancesRespondToSelector: check.
49    static bool supportsHTTPOnlyCookies = [NSHTTPCookie instancesRespondToSelector:@selector(isHTTPOnly)];
50    return supportsHTTPOnlyCookies && [cookie isHTTPOnly];
51}
52
53static RetainPtr<NSArray> filterCookies(NSArray *unfilteredCookies)
54{
55    NSUInteger count = [unfilteredCookies count];
56    RetainPtr<NSMutableArray> filteredCookies(AdoptNS, [[NSMutableArray alloc] initWithCapacity:count]);
57
58    for (NSUInteger i = 0; i < count; ++i) {
59        NSHTTPCookie *cookie = (NSHTTPCookie *)[unfilteredCookies objectAtIndex:i];
60
61        // <rdar://problem/5632883> On 10.5, NSHTTPCookieStorage would store an empty cookie,
62        // which would be sent as "Cookie: =". We have a workaround in setCookies() to prevent
63        // that, but we also need to avoid sending cookies that were previously stored, and
64        // there's no harm to doing this check because such a cookie is never valid.
65        if (![[cookie name] length])
66            continue;
67
68        if (isHTTPOnly(cookie))
69            continue;
70
71        [filteredCookies.get() addObject:cookie];
72    }
73
74    return filteredCookies;
75}
76
77String cookies(const Document*, const KURL& url)
78{
79    BEGIN_BLOCK_OBJC_EXCEPTIONS;
80
81    NSURL *cookieURL = url;
82    NSArray *cookies = [[NSHTTPCookieStorage sharedHTTPCookieStorage] cookiesForURL:cookieURL];
83    return [[NSHTTPCookie requestHeaderFieldsWithCookies:filterCookies(cookies).get()] objectForKey:@"Cookie"];
84
85    END_BLOCK_OBJC_EXCEPTIONS;
86    return String();
87}
88
89String cookieRequestHeaderFieldValue(const Document*, const KURL& url)
90{
91    BEGIN_BLOCK_OBJC_EXCEPTIONS;
92
93    NSURL *cookieURL = url;
94    NSArray *cookies = [[NSHTTPCookieStorage sharedHTTPCookieStorage] cookiesForURL:cookieURL];
95    return [[NSHTTPCookie requestHeaderFieldsWithCookies:cookies] objectForKey:@"Cookie"];
96
97    END_BLOCK_OBJC_EXCEPTIONS;
98    return String();
99}
100
101void setCookies(Document* document, const KURL& url, const String& cookieStr)
102{
103    BEGIN_BLOCK_OBJC_EXCEPTIONS;
104
105    // <rdar://problem/5632883> On 10.5, NSHTTPCookieStorage would store an empty cookie,
106    // which would be sent as "Cookie: =".
107    if (cookieStr.isEmpty())
108        return;
109
110    // <http://bugs.webkit.org/show_bug.cgi?id=6531>, <rdar://4409034>
111    // cookiesWithResponseHeaderFields doesn't parse cookies without a value
112    String cookieString = cookieStr.contains('=') ? cookieStr : cookieStr + "=";
113
114    NSURL *cookieURL = url;
115    NSArray *cookies = [NSHTTPCookie cookiesWithResponseHeaderFields:[NSDictionary dictionaryWithObject:cookieString forKey:@"Set-Cookie"] forURL:cookieURL];
116    [[NSHTTPCookieStorage sharedHTTPCookieStorage] setCookies:filterCookies(cookies).get() forURL:cookieURL mainDocumentURL:document->firstPartyForCookies()];
117
118    END_BLOCK_OBJC_EXCEPTIONS;
119}
120
121bool cookiesEnabled(const Document*)
122{
123    BEGIN_BLOCK_OBJC_EXCEPTIONS;
124
125    NSHTTPCookieAcceptPolicy cookieAcceptPolicy = [[NSHTTPCookieStorage sharedHTTPCookieStorage] cookieAcceptPolicy];
126    return cookieAcceptPolicy == NSHTTPCookieAcceptPolicyAlways || cookieAcceptPolicy == NSHTTPCookieAcceptPolicyOnlyFromMainDocumentDomain;
127
128    END_BLOCK_OBJC_EXCEPTIONS;
129    return false;
130}
131
132bool getRawCookies(const Document*, const KURL& url, Vector<Cookie>& rawCookies)
133{
134    rawCookies.clear();
135    BEGIN_BLOCK_OBJC_EXCEPTIONS;
136
137    NSURL *cookieURL = url;
138    NSArray *cookies = [[NSHTTPCookieStorage sharedHTTPCookieStorage] cookiesForURL:cookieURL];
139
140    NSUInteger count = [cookies count];
141    rawCookies.reserveCapacity(count);
142    for (NSUInteger i = 0; i < count; ++i) {
143        NSHTTPCookie *cookie = (NSHTTPCookie *)[cookies objectAtIndex:i];
144        NSString *name = [cookie name];
145        NSString *value = [cookie value];
146        NSString *domain = [cookie domain];
147        NSString *path = [cookie path];
148        NSTimeInterval expires = [[cookie expiresDate] timeIntervalSince1970] * 1000;
149        bool httpOnly = [cookie isHTTPOnly];
150        bool secure = [cookie isSecure];
151        bool session = [cookie isSessionOnly];
152        rawCookies.uncheckedAppend(Cookie(name, value, domain, path, expires, httpOnly, secure, session));
153    }
154
155    END_BLOCK_OBJC_EXCEPTIONS;
156    return true;
157}
158
159void deleteCookie(const Document*, const KURL& url, const String& cookieName)
160{
161    BEGIN_BLOCK_OBJC_EXCEPTIONS;
162
163    NSURL *cookieURL = url;
164    NSHTTPCookieStorage *cookieStorage = [NSHTTPCookieStorage sharedHTTPCookieStorage];
165    NSArray *cookies = [cookieStorage cookiesForURL:cookieURL];
166    NSString *cookieNameString = (NSString *) cookieName;
167
168    NSUInteger count = [cookies count];
169    for (NSUInteger i = 0; i < count; ++i) {
170        NSHTTPCookie *cookie = (NSHTTPCookie *)[cookies objectAtIndex:i];
171        if ([[cookie name] isEqualToString:cookieNameString]) {
172            [cookieStorage deleteCookie:cookie];
173            break;
174        }
175    }
176
177    END_BLOCK_OBJC_EXCEPTIONS;
178}
179
180}
181