Cookie Whitelist

whitelist feature adapted to Midori’s core.

So there was some discussion around white lists and black lists of cookies. I'm thinking we should plan this a bit rather than handling "white list against clearing" only now. So my apologies for the late response.

An idea here is to have one setting "cookie-rules", which has the following syntax:

Example: "-google*.com,-facebook.com,!bugzilla.*.org,+bugs.launchpad.net"
- Values prefixed with "-" are always blocked
- Values prefixed with "+" are always accepted
- Values prefixed with "!" are not cleared in Clear Private Data
- * is a wildcard

And there could be an infobar that shows up for cookies not included in the list. Further UI could be added to the cookie manager. Thoughts welcome.

So I implemented a site-data-rules setting. midori_web_settings_get_site_data_policy returns a policy based on the setting, which is either of MIDORI_SITE_DATA_(UNDETERMINED|BLOCK|ACCEPT|PRESERVE). The syntax currently supported is -, + and ! as given above, no wildcards, matching the start of the full hostname. There's a test case as well.
For now, clearing web cookies (HTTP cookies) through private data and HTML5 database changes honor policy. More to come, but I think it's a good start.

As it stands now it will segfault by default, because settings->site_data_rules is NULL.
e.g, trying to clear cookies from Clear Private Data

(gdb) bt 3
#0 0xb5047336 in __strstr_ia32 () from /lib/libc.so.6
#1 0x080aa012 in midori_web_settings_get_site_data_policy (settings=0x8ced890,
    uri=0x8f73150 ".google.com") at ../midori/midori-websettings.c:1251
#2 0x08065e73 in midori_clear_web_cookies_cb () at ../midori/main.c:1738
(More stack frames follow...)

(gdb) up
#1 0x080aa012 in midori_web_settings_get_site_data_policy (settings=0x8ced890,
    uri=0x8f73150 ".google.com") at ../midori/midori-websettings.c:1251
1251 const gchar* match = strstr (settings->site_data_rules, hostname ? hostname : uri);

(gdb) p settings->site_data_rules
$1 = (gchar *) 0x0

also, don't you need to g_free(hostname) after use, in midori_web_settings_get_site_data_policy()?

Both is correct, and I fixed both now, thanks for the feedback.

suppose i have this in my .config/midori/config:
  site-data-rules=!accounts.google.com,!.google.com
and have a cookie from the .google.com domain.

when i do 'clear private data', the code will find a match at the '.google.com' just after 'accounts.' which will fall-through the warning case and let the policy set to MIDORI_SITE_DATA_UNDETERMINED instead of MIDORI_SITE_DATA_PRESERVE as expected.

instead the code should search the next match, and only when it reach the end of the string without finding a match should it return MIDORI_SITE_DATA_UNDETERMINED.

as a workaround i could just write:
  site-data-rules=!.google.com,!accounts.google.com

What's the status?

As of bug 1114236 there's a new extension providing a UI for accepting cookies on demand. The next question is how far it can be connected to site-data-rules which hasn't progressed and still has no UI.

We now have the ability to accept cookies based on a whitelist with the cookie policy manager extension.