From 587464fd636cda1e3bd13dc82d57212c26c45b7e Mon Sep 17 00:00:00 2001
From: Sergio Villar Senin <svillar@igalia.com>
Date: Thu, 19 Apr 2012 20:39:24 +0200
Subject: [PATCH] soup-cookie-jar: do not accept cookies for well known public
 domains

SoupCookieJar uses the new soup_tld_* utils to reject cookies whose domains
are registered public suffixes. This prevents sites from setting supercookies.

https://bugzilla.gnome.org/show_bug.cgi?id=673802
---
 libsoup/soup-cookie-jar.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/libsoup/soup-cookie-jar.c b/libsoup/soup-cookie-jar.c
index 6077717..ab5a803 100644
--- a/libsoup/soup-cookie-jar.c
+++ b/libsoup/soup-cookie-jar.c
@@ -19,6 +19,7 @@
 #include "soup-marshal.h"
 #include "soup-message.h"
 #include "soup-session-feature.h"
+#include "soup-tld.h"
 #include "soup-uri.h"
 
 /**
@@ -479,6 +480,13 @@ soup_cookie_jar_add_cookie (SoupCookieJar *jar, SoupCookie *cookie)
 	g_return_if_fail (SOUP_IS_COOKIE_JAR (jar));
 	g_return_if_fail (cookie != NULL);
 
+	/* Never accept cookies for public domains. */
+	if (!g_hostname_is_ip_address (cookie->domain) &&
+	    soup_tld_domain_is_public_suffix (cookie->domain)) {
+		soup_cookie_free (cookie);
+		return;
+	}
+
 	priv = SOUP_COOKIE_JAR_GET_PRIVATE (jar);
 	old_cookies = g_hash_table_lookup (priv->domains, cookie->domain);
 	for (oc = old_cookies; oc; oc = oc->next) {
-- 
2.7.4