1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: t; c-basic-offset: 8 -*- */
5 * Copyright (C) 2008 Red Hat, Inc.
15 #include "soup-cookie.h"
16 #include "soup-cookie-jar.h"
17 #include "soup-date.h"
18 #include "soup-enum-types.h"
19 #include "soup-marshal.h"
20 #include "soup-message.h"
21 #include "soup-session-feature.h"
25 * SECTION:soup-cookie-jar
26 * @short_description: Automatic cookie handling for #SoupSession
28 * A #SoupCookieJar stores #SoupCookie<!-- -->s and arrange for them
29 * to be sent with the appropriate #SoupMessage<!-- -->s.
30 * #SoupCookieJar implements #SoupSessionFeature, so you can add a
31 * cookie jar to a session with soup_session_add_feature() or
32 * soup_session_add_feature_by_type().
34 * Note that the base #SoupCookieJar class does not support any form
35 * of long-term cookie persistence.
38 static void soup_cookie_jar_session_feature_init (SoupSessionFeatureInterface *feature_interface, gpointer interface_data);
39 static void request_queued (SoupSessionFeature *feature, SoupSession *session,
41 static void request_started (SoupSessionFeature *feature, SoupSession *session,
42 SoupMessage *msg, SoupSocket *socket);
43 static void request_unqueued (SoupSessionFeature *feature, SoupSession *session,
46 G_DEFINE_TYPE_WITH_CODE (SoupCookieJar, soup_cookie_jar, G_TYPE_OBJECT,
47 G_IMPLEMENT_INTERFACE (SOUP_TYPE_SESSION_FEATURE,
48 soup_cookie_jar_session_feature_init))
55 static guint signals[LAST_SIGNAL] = { 0 };
67 gboolean constructed, read_only;
68 GHashTable *domains, *serials;
70 SoupCookieJarAcceptPolicy accept_policy;
71 } SoupCookieJarPrivate;
72 #define SOUP_COOKIE_JAR_GET_PRIVATE(o) (G_TYPE_INSTANCE_GET_PRIVATE ((o), SOUP_TYPE_COOKIE_JAR, SoupCookieJarPrivate))
74 static void set_property (GObject *object, guint prop_id,
75 const GValue *value, GParamSpec *pspec);
76 static void get_property (GObject *object, guint prop_id,
77 GValue *value, GParamSpec *pspec);
80 soup_cookie_jar_init (SoupCookieJar *jar)
82 SoupCookieJarPrivate *priv = SOUP_COOKIE_JAR_GET_PRIVATE (jar);
84 priv->domains = g_hash_table_new_full (soup_str_case_hash,
87 priv->serials = g_hash_table_new (NULL, NULL);
88 priv->accept_policy = SOUP_COOKIE_JAR_ACCEPT_ALWAYS;
92 constructed (GObject *object)
94 SoupCookieJarPrivate *priv = SOUP_COOKIE_JAR_GET_PRIVATE (object);
96 priv->constructed = TRUE;
100 finalize (GObject *object)
102 SoupCookieJarPrivate *priv = SOUP_COOKIE_JAR_GET_PRIVATE (object);
106 g_hash_table_iter_init (&iter, priv->domains);
107 while (g_hash_table_iter_next (&iter, &key, &value))
108 soup_cookies_free (value);
109 g_hash_table_destroy (priv->domains);
110 g_hash_table_destroy (priv->serials);
112 G_OBJECT_CLASS (soup_cookie_jar_parent_class)->finalize (object);
116 soup_cookie_jar_class_init (SoupCookieJarClass *jar_class)
118 GObjectClass *object_class = G_OBJECT_CLASS (jar_class);
120 g_type_class_add_private (jar_class, sizeof (SoupCookieJarPrivate));
122 object_class->constructed = constructed;
123 object_class->finalize = finalize;
124 object_class->set_property = set_property;
125 object_class->get_property = get_property;
128 * SoupCookieJar::changed
129 * @jar: the #SoupCookieJar
130 * @old_cookie: the old #SoupCookie value
131 * @new_cookie: the new #SoupCookie value
133 * Emitted when @jar changes. If a cookie has been added,
134 * @new_cookie will contain the newly-added cookie and
135 * @old_cookie will be %NULL. If a cookie has been deleted,
136 * @old_cookie will contain the to-be-deleted cookie and
137 * @new_cookie will be %NULL. If a cookie has been changed,
138 * @old_cookie will contain its old value, and @new_cookie its
142 g_signal_new ("changed",
143 G_OBJECT_CLASS_TYPE (object_class),
145 G_STRUCT_OFFSET (SoupCookieJarClass, changed),
147 soup_marshal_NONE__BOXED_BOXED,
149 SOUP_TYPE_COOKIE | G_SIGNAL_TYPE_STATIC_SCOPE,
150 SOUP_TYPE_COOKIE | G_SIGNAL_TYPE_STATIC_SCOPE);
153 * SOUP_COOKIE_JAR_READ_ONLY:
155 * Alias for the #SoupCookieJar:read-only property. (Whether
156 * or not the cookie jar is read-only.)
158 g_object_class_install_property (
159 object_class, PROP_READ_ONLY,
160 g_param_spec_boolean (SOUP_COOKIE_JAR_READ_ONLY,
162 "Whether or not the cookie jar is read-only",
164 G_PARAM_READWRITE | G_PARAM_CONSTRUCT_ONLY));
167 * SOUP_COOKIE_JAR_ACCEPT_POLICY:
169 * Alias for the #SoupCookieJar:accept-policy property.
171 g_object_class_install_property (
172 object_class, PROP_ACCEPT_POLICY,
173 g_param_spec_enum (SOUP_COOKIE_JAR_ACCEPT_POLICY,
175 "The policy the jar should follow to accept or reject cookies",
176 SOUP_TYPE_COOKIE_JAR_ACCEPT_POLICY,
177 SOUP_COOKIE_JAR_ACCEPT_ALWAYS,
182 soup_cookie_jar_session_feature_init (SoupSessionFeatureInterface *feature_interface,
183 gpointer interface_data)
185 feature_interface->request_queued = request_queued;
186 feature_interface->request_started = request_started;
187 feature_interface->request_unqueued = request_unqueued;
191 set_property (GObject *object, guint prop_id,
192 const GValue *value, GParamSpec *pspec)
194 SoupCookieJarPrivate *priv =
195 SOUP_COOKIE_JAR_GET_PRIVATE (object);
199 priv->read_only = g_value_get_boolean (value);
201 case PROP_ACCEPT_POLICY:
202 priv->accept_policy = g_value_get_enum (value);
205 G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
211 get_property (GObject *object, guint prop_id,
212 GValue *value, GParamSpec *pspec)
214 SoupCookieJarPrivate *priv =
215 SOUP_COOKIE_JAR_GET_PRIVATE (object);
219 g_value_set_boolean (value, priv->read_only);
221 case PROP_ACCEPT_POLICY:
222 g_value_set_enum (value, priv->accept_policy);
225 G_OBJECT_WARN_INVALID_PROPERTY_ID (object, prop_id, pspec);
231 * soup_cookie_jar_new:
233 * Creates a new #SoupCookieJar. The base #SoupCookieJar class does
234 * not support persistent storage of cookies; use a subclass for that.
236 * Returns: a new #SoupCookieJar
241 soup_cookie_jar_new (void)
243 return g_object_new (SOUP_TYPE_COOKIE_JAR, NULL);
247 soup_cookie_jar_save (SoupCookieJar *jar)
249 /* Does nothing, obsolete */
253 soup_cookie_jar_changed (SoupCookieJar *jar,
254 SoupCookie *old, SoupCookie *new)
256 SoupCookieJarPrivate *priv = SOUP_COOKIE_JAR_GET_PRIVATE (jar);
258 if (old && old != new)
259 g_hash_table_remove (priv->serials, old);
262 g_hash_table_insert (priv->serials, new, GUINT_TO_POINTER (priv->serial));
265 if (priv->read_only || !priv->constructed)
268 g_signal_emit (jar, signals[CHANGED], 0, old, new);
272 compare_cookies (gconstpointer a, gconstpointer b, gpointer jar)
274 SoupCookie *ca = (SoupCookie *)a;
275 SoupCookie *cb = (SoupCookie *)b;
276 SoupCookieJarPrivate *priv = SOUP_COOKIE_JAR_GET_PRIVATE (jar);
278 guint aserial, bserial;
280 /* "Cookies with longer path fields are listed before cookies
281 * with shorter path field."
283 alen = ca->path ? strlen (ca->path) : 0;
284 blen = cb->path ? strlen (cb->path) : 0;
288 /* "Among cookies that have equal length path fields, cookies
289 * with earlier creation dates are listed before cookies with
290 * later creation dates."
292 aserial = GPOINTER_TO_UINT (g_hash_table_lookup (priv->serials, ca));
293 bserial = GPOINTER_TO_UINT (g_hash_table_lookup (priv->serials, cb));
294 return aserial - bserial;
298 * soup_cookie_jar_get_cookies:
299 * @jar: a #SoupCookieJar
301 * @for_http: whether or not the return value is being passed directly
302 * to an HTTP operation
304 * Retrieves (in Cookie-header form) the list of cookies that would
305 * be sent with a request to @uri.
307 * If @for_http is %TRUE, the return value will include cookies marked
308 * "HttpOnly" (that is, cookies that the server wishes to keep hidden
309 * from client-side scripting operations such as the JavaScript
310 * document.cookies property). Since #SoupCookieJar sets the Cookie
311 * header itself when making the actual HTTP request, you should
312 * almost certainly be setting @for_http to %FALSE if you are calling
315 * Return value: the cookies, in string form, or %NULL if there are no
321 soup_cookie_jar_get_cookies (SoupCookieJar *jar, SoupURI *uri,
324 SoupCookieJarPrivate *priv;
325 GSList *cookies, *domain_cookies;
326 char *domain, *cur, *next_domain, *result;
327 GSList *new_head, *cookies_to_remove = NULL, *p;
329 g_return_val_if_fail (SOUP_IS_COOKIE_JAR (jar), NULL);
330 priv = SOUP_COOKIE_JAR_GET_PRIVATE (jar);
331 g_return_val_if_fail (uri != NULL, NULL);
336 /* The logic here is a little weird, but the plan is that if
337 * uri->host is "www.foo.com", we will end up looking up
338 * cookies for ".www.foo.com", "www.foo.com", ".foo.com", and
339 * ".com", in that order. (Logic stolen from Mozilla.)
342 domain = cur = g_strdup_printf (".%s", uri->host);
343 next_domain = domain + 1;
345 new_head = domain_cookies = g_hash_table_lookup (priv->domains, cur);
346 while (domain_cookies) {
347 GSList *next = domain_cookies->next;
348 SoupCookie *cookie = domain_cookies->data;
350 if (cookie->expires && soup_date_is_past (cookie->expires)) {
351 cookies_to_remove = g_slist_append (cookies_to_remove,
353 new_head = g_slist_delete_link (new_head, domain_cookies);
354 g_hash_table_insert (priv->domains,
357 } else if (soup_cookie_applies_to_uri (cookie, uri) &&
358 (for_http || !cookie->http_only))
359 cookies = g_slist_append (cookies, cookie);
361 domain_cookies = next;
365 next_domain = strchr (cur + 1, '.');
369 for (p = cookies_to_remove; p; p = p->next) {
370 SoupCookie *cookie = p->data;
372 soup_cookie_jar_changed (jar, cookie, NULL);
373 soup_cookie_free (cookie);
375 g_slist_free (cookies_to_remove);
378 cookies = g_slist_sort_with_data (cookies, compare_cookies, jar);
379 result = soup_cookies_to_cookie_header (cookies);
380 g_slist_free (cookies);
392 * soup_cookie_jar_add_cookie:
393 * @jar: a #SoupCookieJar
394 * @cookie: a #SoupCookie
396 * Adds @cookie to @jar, emitting the 'changed' signal if we are modifying
397 * an existing cookie or adding a valid new cookie ('valid' means
398 * that the cookie's expire date is not in the past).
400 * @cookie will be 'stolen' by the jar, so don't free it afterwards.
405 soup_cookie_jar_add_cookie (SoupCookieJar *jar, SoupCookie *cookie)
407 SoupCookieJarPrivate *priv;
408 GSList *old_cookies, *oc, *last = NULL;
409 SoupCookie *old_cookie;
411 g_return_if_fail (SOUP_IS_COOKIE_JAR (jar));
412 g_return_if_fail (cookie != NULL);
414 priv = SOUP_COOKIE_JAR_GET_PRIVATE (jar);
415 old_cookies = g_hash_table_lookup (priv->domains, cookie->domain);
416 for (oc = old_cookies; oc; oc = oc->next) {
417 old_cookie = oc->data;
418 if (!strcmp (cookie->name, old_cookie->name) &&
419 !g_strcmp0 (cookie->path, old_cookie->path)) {
420 if (cookie->expires && soup_date_is_past (cookie->expires)) {
421 /* The new cookie has an expired date,
422 * this is the way the the server has
423 * of telling us that we have to
426 old_cookies = g_slist_delete_link (old_cookies, oc);
427 g_hash_table_insert (priv->domains,
428 g_strdup (cookie->domain),
430 soup_cookie_jar_changed (jar, old_cookie, NULL);
431 soup_cookie_free (old_cookie);
432 soup_cookie_free (cookie);
435 soup_cookie_jar_changed (jar, old_cookie, cookie);
436 soup_cookie_free (old_cookie);
444 /* The new cookie is... a new cookie */
445 if (cookie->expires && soup_date_is_past (cookie->expires)) {
446 soup_cookie_free (cookie);
451 last->next = g_slist_append (NULL, cookie);
453 old_cookies = g_slist_append (NULL, cookie);
454 g_hash_table_insert (priv->domains, g_strdup (cookie->domain),
458 soup_cookie_jar_changed (jar, NULL, cookie);
462 * soup_cookie_jar_set_cookie:
463 * @jar: a #SoupCookieJar
464 * @uri: the URI setting the cookie
465 * @cookie: the stringified cookie to set
467 * Adds @cookie to @jar, exactly as though it had appeared in a
468 * Set-Cookie header returned from a request to @uri.
470 * Keep in mind that if the #SoupCookieJarAcceptPolicy
471 * %SOUP_COOKIE_JAR_ACCEPT_NO_THIRD_PARTY is set you'll need to use
472 * soup_cookie_jar_set_cookie_with_first_party(), otherwise the jar
473 * will have no way of knowing if the cookie is being set by a third
479 soup_cookie_jar_set_cookie (SoupCookieJar *jar, SoupURI *uri,
482 SoupCookie *soup_cookie;
483 SoupCookieJarPrivate *priv;
485 g_return_if_fail (SOUP_IS_COOKIE_JAR (jar));
486 g_return_if_fail (uri != NULL);
487 g_return_if_fail (cookie != NULL);
492 priv = SOUP_COOKIE_JAR_GET_PRIVATE (jar);
493 if (priv->accept_policy == SOUP_COOKIE_JAR_ACCEPT_NEVER)
496 g_return_if_fail (priv->accept_policy != SOUP_COOKIE_JAR_ACCEPT_NO_THIRD_PARTY);
498 soup_cookie = soup_cookie_parse (cookie, uri);
500 /* will steal or free soup_cookie */
501 soup_cookie_jar_add_cookie (jar, soup_cookie);
506 * soup_cookie_jar_set_cookie_with_first_party:
507 * @jar: a #SoupCookieJar
508 * @uri: the URI setting the cookie
509 * @first_party: the URI for the main document
510 * @cookie: the stringified cookie to set
512 * Adds @cookie to @jar, exactly as though it had appeared in a
513 * Set-Cookie header returned from a request to @uri. @first_party
514 * will be used to reject cookies coming from third party resources in
515 * case such a security policy is set in the @jar.
520 soup_cookie_jar_set_cookie_with_first_party (SoupCookieJar *jar,
522 SoupURI *first_party,
525 SoupCookie *soup_cookie;
526 SoupCookieJarPrivate *priv;
528 g_return_if_fail (SOUP_IS_COOKIE_JAR (jar));
529 g_return_if_fail (uri != NULL);
530 g_return_if_fail (first_party != NULL);
531 g_return_if_fail (cookie != NULL);
536 priv = SOUP_COOKIE_JAR_GET_PRIVATE (jar);
537 if (priv->accept_policy == SOUP_COOKIE_JAR_ACCEPT_NEVER)
540 soup_cookie = soup_cookie_parse (cookie, uri);
542 if (priv->accept_policy == SOUP_COOKIE_JAR_ACCEPT_ALWAYS ||
543 soup_cookie_domain_matches (soup_cookie, first_party->host)) {
544 /* will steal or free soup_cookie */
545 soup_cookie_jar_add_cookie (jar, soup_cookie);
547 soup_cookie_free (soup_cookie);
553 process_set_cookie_header (SoupMessage *msg, gpointer user_data)
555 SoupCookieJar *jar = user_data;
556 SoupCookieJarPrivate *priv = SOUP_COOKIE_JAR_GET_PRIVATE (jar);
557 GSList *new_cookies, *nc;
559 if (priv->accept_policy == SOUP_COOKIE_JAR_ACCEPT_NEVER)
562 new_cookies = soup_cookies_from_response (msg);
563 for (nc = new_cookies; nc; nc = nc->next) {
564 SoupURI *first_party = soup_message_get_first_party (msg);
566 if ((priv->accept_policy == SOUP_COOKIE_JAR_ACCEPT_NO_THIRD_PARTY &&
567 first_party != NULL &&
568 soup_cookie_domain_matches (nc->data, first_party->host)) ||
569 priv->accept_policy == SOUP_COOKIE_JAR_ACCEPT_ALWAYS)
570 soup_cookie_jar_add_cookie (jar, nc->data);
572 soup_cookie_free (nc->data);
574 g_slist_free (new_cookies);
578 request_queued (SoupSessionFeature *feature, SoupSession *session,
581 soup_message_add_header_handler (msg, "got-headers",
583 G_CALLBACK (process_set_cookie_header),
588 request_started (SoupSessionFeature *feature, SoupSession *session,
589 SoupMessage *msg, SoupSocket *socket)
591 SoupCookieJar *jar = SOUP_COOKIE_JAR (feature);
594 cookies = soup_cookie_jar_get_cookies (jar, soup_message_get_uri (msg), TRUE);
596 soup_message_headers_replace (msg->request_headers,
600 soup_message_headers_remove (msg->request_headers, "Cookie");
604 request_unqueued (SoupSessionFeature *feature, SoupSession *session,
607 g_signal_handlers_disconnect_by_func (msg, process_set_cookie_header, feature);
611 * soup_cookie_jar_all_cookies:
612 * @jar: a #SoupCookieJar
614 * Constructs a #GSList with every cookie inside the @jar.
615 * The cookies in the list are a copy of the original, so
616 * you have to free them when you are done with them.
618 * Return value: (transfer full): a #GSList with all the cookies in
624 soup_cookie_jar_all_cookies (SoupCookieJar *jar)
626 SoupCookieJarPrivate *priv;
631 g_return_val_if_fail (SOUP_IS_COOKIE_JAR (jar), NULL);
633 priv = SOUP_COOKIE_JAR_GET_PRIVATE (jar);
635 g_hash_table_iter_init (&iter, priv->domains);
637 while (g_hash_table_iter_next (&iter, &key, &value)) {
638 GSList *p, *cookies = value;
639 for (p = cookies; p; p = p->next)
640 l = g_slist_prepend (l, soup_cookie_copy (p->data));
647 * soup_cookie_jar_delete_cookie:
648 * @jar: a #SoupCookieJar
649 * @cookie: a #SoupCookie
651 * Deletes @cookie from @jar, emitting the 'changed' signal.
656 soup_cookie_jar_delete_cookie (SoupCookieJar *jar,
659 SoupCookieJarPrivate *priv;
663 g_return_if_fail (SOUP_IS_COOKIE_JAR (jar));
664 g_return_if_fail (cookie != NULL);
666 priv = SOUP_COOKIE_JAR_GET_PRIVATE (jar);
668 domain = g_strdup (cookie->domain);
670 cookies = g_hash_table_lookup (priv->domains, domain);
674 for (p = cookies; p; p = p->next ) {
675 SoupCookie *c = (SoupCookie*)p->data;
676 if (soup_cookie_equal (cookie, c)) {
677 cookies = g_slist_delete_link (cookies, p);
678 g_hash_table_insert (priv->domains,
681 soup_cookie_jar_changed (jar, c, NULL);
682 soup_cookie_free (c);
689 * SoupCookieJarAcceptPolicy:
690 * @SOUP_COOKIE_JAR_ACCEPT_ALWAYS: accept all cookies unconditionally.
691 * @SOUP_COOKIE_JAR_ACCEPT_NEVER: reject all cookies unconditionally.
692 * @SOUP_COOKIE_JAR_ACCEPT_NO_THIRD_PARTY: accept all cookies set by
693 * the main document loaded in the application using libsoup. An
694 * example of the most common case, web browsers, would be: If
695 * http://www.example.com is the page loaded, accept all cookies set
696 * by example.com, but if a resource from http://www.third-party.com
697 * is loaded from that page reject any cookie that it could try to
698 * set. For libsoup to be able to tell apart first party cookies from
699 * the rest, the application must call soup_message_set_first_party()
700 * on each outgoing #SoupMessage, setting the #SoupURI of the main
701 * document. If no first party is set in a message when this policy is
702 * in effect, cookies will be assumed to be third party by default.
707 * soup_cookie_jar_get_accept_policy:
708 * @jar: a #SoupCookieJar
710 * Returns: the #SoupCookieJarAcceptPolicy set in the @jar
714 SoupCookieJarAcceptPolicy
715 soup_cookie_jar_get_accept_policy (SoupCookieJar *jar)
717 SoupCookieJarPrivate *priv;
719 g_return_val_if_fail (SOUP_IS_COOKIE_JAR (jar), SOUP_COOKIE_JAR_ACCEPT_ALWAYS);
721 priv = SOUP_COOKIE_JAR_GET_PRIVATE (jar);
722 return priv->accept_policy;
726 * soup_cookie_jar_set_accept_policy:
727 * @jar: a #SoupCookieJar
728 * @policy: a #SoupCookieJarAcceptPolicy
730 * Sets @policy as the cookie acceptance policy for @jar.
735 soup_cookie_jar_set_accept_policy (SoupCookieJar *jar,
736 SoupCookieJarAcceptPolicy policy)
738 SoupCookieJarPrivate *priv;
740 g_return_if_fail (SOUP_IS_COOKIE_JAR (jar));
742 priv = SOUP_COOKIE_JAR_GET_PRIVATE (jar);
744 if (priv->accept_policy != policy) {
745 priv->accept_policy = policy;
746 g_object_notify (G_OBJECT (jar), SOUP_COOKIE_JAR_ACCEPT_POLICY);