Cookie Delete sets value to undefined when cookie name does not already exist

didierfred / SimpleModifyHeaders

Extension for firefox and chrome to modify headers

172 stars 31 forks source link

Cookie Delete sets value to undefined when cookie name does not already exist #48

Closed james-valente-simplisafe closed 1 year ago

james-valente-simplisafe commented 1 year ago

Browser

Firefox 110

Bug

When the cookie name in a "Cookie Delete" rule does not already exist in the request, the extension will append the cookie with a value of undefined.

Precondition

For this bug to occur, you must navigate to a web site that already has a cookie associated with it.

To Reproduce

To reproduce on any web site, use the following rules. The first two will remove the entire Cookie header, then add a simple Cookie header. The third rule will attempt to delete the abc cookie which does not exist.

Action	Header Field Name	Header Field Value	Apply on
Delete	Cookie	anything	Request
Add	Cookie	some_cookie=some_value	Request
Cookie Delete	abc	does_not_exist	Request

Result as it appears in Firefox browser

james-valente-simplisafe commented 1 year ago

I suspect the issue may be in these lines of code.

My interpretation of the code: If the cookie name was not found, then push the new element. However, in this case, new_element will be abc=undefined.

The check for the value being undefined only occurs in the else section, which itself depends on the cookie name already existing.

To resolve, there must also be a check at line 124 to ensure that value is not undefined.

    if (selected_cookie_index == -1) {
        if (value != undefined) {          // not sure if this should be != or !==
            cookies_ar.push(new_element);
        }
    } else {

didierfred commented 1 year ago

thanks for the issue and the solution , it will be solve in next release