Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(142)

Unified Diff: net/cookies/canonical_cookie.cc

Issue 1253353004: WIP: Teach "First-Party-Only" cookies about the requestor origin. Base URL: https://chromium.googlesource.com/chromium/src.git@cookie-options
Patch Set: Created 5 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « content/common/resource_messages.h ('k') | net/cookies/canonical_cookie_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/cookies/canonical_cookie.cc
diff --git a/net/cookies/canonical_cookie.cc b/net/cookies/canonical_cookie.cc
index eae8298fc78e69eb4225739c5c220222012068f4..6297b9647b9db5259aae34a3b7a4ed0a3e1dd325 100644
--- a/net/cookies/canonical_cookie.cc
+++ b/net/cookies/canonical_cookie.cc
@@ -51,6 +51,7 @@
#include "net/cookies/cookie_util.h"
#include "net/cookies/parsed_cookie.h"
#include "url/gurl.h"
+#include "url/origin.h"
#include "url/url_canon.h"
using base::Time;
@@ -404,12 +405,17 @@ bool CanonicalCookie::IncludeForRequestURL(const GURL& url,
if (!IsOnPath(url.path()))
return false;
- // Include first-party-only cookies iff |options| tells us to include all of
- // them, or if a first-party URL is set and its origin matches the origin of
- // |url|.
- if (IsFirstPartyOnly() && !options.include_first_party_only() &&
- options.first_party_url().GetOrigin() != url.GetOrigin()) {
- return false;
+ // Include first-party-only cookies if one of the following is true:
+ //
+ // 1. |options| tells us to include all of them
+ // 2. A first-party URL is set and its origin matches the origin of |url|,
+ // _and_ that first-party URL is same-origin with the requestor origin.
+ if (IsFirstPartyOnly() && !options.include_first_party_only()) {
+ url::Origin first_party(options.first_party_url());
+ url::Origin request(url);
+ if (!first_party.IsSameOriginWith(request) || !options.requestor_origin().IsSameOriginWith(request)) {
+ return false;
+ }
}
return true;
« no previous file with comments | « content/common/resource_messages.h ('k') | net/cookies/canonical_cookie_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698