OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_URL_REQUEST_URL_REQUEST_H_ | 5 #ifndef NET_URL_REQUEST_URL_REQUEST_H_ |
6 #define NET_URL_REQUEST_URL_REQUEST_H_ | 6 #define NET_URL_REQUEST_URL_REQUEST_H_ |
7 | 7 |
8 #include <stdint.h> | 8 #include <stdint.h> |
9 | 9 |
10 #include <string> | 10 #include <string> |
(...skipping 25 matching lines...) Expand all Loading... | |
36 #include "url/gurl.h" | 36 #include "url/gurl.h" |
37 | 37 |
38 namespace base { | 38 namespace base { |
39 class Value; | 39 class Value; |
40 | 40 |
41 namespace debug { | 41 namespace debug { |
42 class StackTrace; | 42 class StackTrace; |
43 } // namespace debug | 43 } // namespace debug |
44 } // namespace base | 44 } // namespace base |
45 | 45 |
46 namespace url { | |
47 class Origin; | |
48 } | |
Mike West
2016/01/13 08:10:22
Dropping this in favor of including the header; th
| |
49 | |
46 namespace net { | 50 namespace net { |
47 | 51 |
48 class ChunkedUploadDataStream; | 52 class ChunkedUploadDataStream; |
49 class CookieOptions; | 53 class CookieOptions; |
50 class HostPortPair; | 54 class HostPortPair; |
51 class IOBuffer; | 55 class IOBuffer; |
52 struct LoadTimingInfo; | 56 struct LoadTimingInfo; |
53 struct RedirectInfo; | 57 struct RedirectInfo; |
54 class SSLCertRequestInfo; | 58 class SSLCertRequestInfo; |
55 class SSLInfo; | 59 class SSLInfo; |
(...skipping 192 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
248 | 252 |
249 // The original url is the url used to initialize the request, and it may | 253 // The original url is the url used to initialize the request, and it may |
250 // differ from the url if the request was redirected. | 254 // differ from the url if the request was redirected. |
251 const GURL& original_url() const { return url_chain_.front(); } | 255 const GURL& original_url() const { return url_chain_.front(); } |
252 // The chain of urls traversed by this request. If the request had no | 256 // The chain of urls traversed by this request. If the request had no |
253 // redirects, this vector will contain one element. | 257 // redirects, this vector will contain one element. |
254 const std::vector<GURL>& url_chain() const { return url_chain_; } | 258 const std::vector<GURL>& url_chain() const { return url_chain_; } |
255 const GURL& url() const { return url_chain_.back(); } | 259 const GURL& url() const { return url_chain_.back(); } |
256 | 260 |
257 // The URL that should be consulted for the third-party cookie blocking | 261 // The URL that should be consulted for the third-party cookie blocking |
258 // policy. | 262 // policy, as defined in Section 2.1.1 and 2.1.2 of |
263 // https://tools.ietf.org/html/draft-west-first-party-cookies. | |
259 // | 264 // |
260 // WARNING: This URL must only be used for the third-party cookie blocking | 265 // WARNING: This URL must only be used for the third-party cookie blocking |
261 // policy. It MUST NEVER be used for any kind of SECURITY check. | 266 // policy. It MUST NEVER be used for any kind of SECURITY check. |
262 // | 267 // |
263 // For example, if a top-level navigation is redirected, the | 268 // For example, if a top-level navigation is redirected, the |
264 // first-party for cookies will be the URL of the first URL in the | 269 // first-party for cookies will be the URL of the first URL in the |
265 // redirect chain throughout the whole redirect. If it was used for | 270 // redirect chain throughout the whole redirect. If it was used for |
266 // a security check, an attacker might try to get around this check | 271 // a security check, an attacker might try to get around this check |
267 // by starting from some page that redirects to the | 272 // by starting from some page that redirects to the |
268 // host-to-be-attacked. | 273 // host-to-be-attacked. |
269 // | 274 // |
270 // TODO(mkwst): Convert this to a 'url::Origin'. Several callsites are using | 275 // TODO(mkwst): Convert this to a 'url::Origin'. Several callsites are using |
271 // this value as a proxy for the "top-level frame URL", which is simply | 276 // this value as a proxy for the "top-level frame URL", which is simply |
272 // incorrect and fragile. We don't need the full URL for any //net checks, | 277 // incorrect and fragile. We don't need the full URL for any //net checks, |
273 // so we should drop the pieces we don't need. | 278 // so we should drop the pieces we don't need. |
274 const GURL& first_party_for_cookies() const { | 279 const GURL& first_party_for_cookies() const { |
275 return first_party_for_cookies_; | 280 return first_party_for_cookies_; |
276 } | 281 } |
277 // This method may only be called before Start(). | 282 // This method may only be called before Start(). |
278 void set_first_party_for_cookies(const GURL& first_party_for_cookies); | 283 void set_first_party_for_cookies(const GURL& first_party_for_cookies); |
279 | 284 |
280 // The first-party URL policy to apply when updating the first party URL | 285 // The first-party URL policy to apply when updating the first party URL |
281 // during redirects. The first-party URL policy may only be changed before | 286 // during redirects. The first-party URL policy may only be changed before |
282 // Start() is called. | 287 // Start() is called. |
283 FirstPartyURLPolicy first_party_url_policy() const { | 288 FirstPartyURLPolicy first_party_url_policy() const { |
284 return first_party_url_policy_; | 289 return first_party_url_policy_; |
285 } | 290 } |
286 void set_first_party_url_policy(FirstPartyURLPolicy first_party_url_policy); | 291 void set_first_party_url_policy(FirstPartyURLPolicy first_party_url_policy); |
287 | 292 |
293 // The origin of the context which initiated the request. This is distinct | |
294 // from the "first party for cookies" discussed above in a number of ways: | |
295 // | |
296 // 1. The request's initiator does not change during a redirect. If a form | |
297 // submission from `https://example.com/` redirects through a number of | |
298 // sites before landing on `https://not-example.com/`, the initiator for | |
299 // each of those requests will be `https://example.com/`. | |
300 // | |
301 // 2. The request's initiator is the origin of the frame or worker which made | |
302 // the request, even for top-level navigations. That is, if | |
303 // `https://example.com/`'s form submission is made in the top-level frame, | |
304 // the first party for cookies would be the target URL's origin. The | |
305 // initiator remains `https://example.com/`. | |
306 // | |
307 // This value is used to perform the cross-origin check specified in Section | |
308 // 4.3 of https://tools.ietf.org/html/draft-west-first-party-cookies. | |
mmenke
2016/01/12 16:20:58
Thanks for this great description!
| |
309 const url::Origin& initiator() const { return initiator_; } | |
310 // This method may only be called before Start(). | |
311 void set_initiator(const url::Origin& initiator); | |
312 | |
288 // The request method, as an uppercase string. "GET" is the default value. | 313 // The request method, as an uppercase string. "GET" is the default value. |
289 // The request method may only be changed before Start() is called and | 314 // The request method may only be changed before Start() is called and |
290 // should only be assigned an uppercase value. | 315 // should only be assigned an uppercase value. |
291 const std::string& method() const { return method_; } | 316 const std::string& method() const { return method_; } |
292 void set_method(const std::string& method); | 317 void set_method(const std::string& method); |
293 | 318 |
319 // True if the request method is "safe" (per section 4.2.1 of RFC 7231). | |
320 bool IsMethodSafe() const; | |
mmenke
2016/01/12 16:20:58
This class already supports a huge API, I don't wa
Mike West
2016/01/13 08:10:22
Done.
Mike West
2016/01/13 08:10:22
Done.
| |
321 | |
294 // The referrer URL for the request. This header may actually be suppressed | 322 // The referrer URL for the request. This header may actually be suppressed |
295 // from the underlying network request for security reasons (e.g., a HTTPS | 323 // from the underlying network request for security reasons (e.g., a HTTPS |
296 // URL will not be sent as the referrer for a HTTP request). The referrer | 324 // URL will not be sent as the referrer for a HTTP request). The referrer |
297 // may only be changed before Start() is called. | 325 // may only be changed before Start() is called. |
298 const std::string& referrer() const { return referrer_; } | 326 const std::string& referrer() const { return referrer_; } |
299 // Referrer is sanitized to remove URL fragment, user name and password. | 327 // Referrer is sanitized to remove URL fragment, user name and password. |
300 void SetReferrer(const std::string& referrer); | 328 void SetReferrer(const std::string& referrer); |
301 | 329 |
302 // The referrer policy to apply when updating the referrer during redirects. | 330 // The referrer policy to apply when updating the referrer during redirects. |
303 // The referrer policy may only be changed before Start() is called. | 331 // The referrer policy may only be changed before Start() is called. |
(...skipping 455 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
759 BoundNetLog net_log_; | 787 BoundNetLog net_log_; |
760 | 788 |
761 scoped_ptr<URLRequestJob> job_; | 789 scoped_ptr<URLRequestJob> job_; |
762 scoped_ptr<UploadDataStream> upload_data_stream_; | 790 scoped_ptr<UploadDataStream> upload_data_stream_; |
763 // TODO(mmenke): Make whether or not an upload is chunked transparent to the | 791 // TODO(mmenke): Make whether or not an upload is chunked transparent to the |
764 // URLRequest. | 792 // URLRequest. |
765 ChunkedUploadDataStream* upload_chunked_data_stream_; | 793 ChunkedUploadDataStream* upload_chunked_data_stream_; |
766 | 794 |
767 std::vector<GURL> url_chain_; | 795 std::vector<GURL> url_chain_; |
768 GURL first_party_for_cookies_; | 796 GURL first_party_for_cookies_; |
797 url::Origin initiator_; | |
769 GURL delegate_redirect_url_; | 798 GURL delegate_redirect_url_; |
770 std::string method_; // "GET", "POST", etc. Should be all uppercase. | 799 std::string method_; // "GET", "POST", etc. Should be all uppercase. |
771 std::string referrer_; | 800 std::string referrer_; |
772 ReferrerPolicy referrer_policy_; | 801 ReferrerPolicy referrer_policy_; |
773 FirstPartyURLPolicy first_party_url_policy_; | 802 FirstPartyURLPolicy first_party_url_policy_; |
774 HttpRequestHeaders extra_request_headers_; | 803 HttpRequestHeaders extra_request_headers_; |
775 int load_flags_; // Flags indicating the request type for the load; | 804 int load_flags_; // Flags indicating the request type for the load; |
776 // expected values are LOAD_* enums above. | 805 // expected values are LOAD_* enums above. |
777 | 806 |
778 // Never access methods of the |delegate_| directly. Always use the | 807 // Never access methods of the |delegate_| directly. Always use the |
(...skipping 82 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
861 HostPortPair proxy_server_; | 890 HostPortPair proxy_server_; |
862 | 891 |
863 scoped_ptr<const base::debug::StackTrace> stack_trace_; | 892 scoped_ptr<const base::debug::StackTrace> stack_trace_; |
864 | 893 |
865 DISALLOW_COPY_AND_ASSIGN(URLRequest); | 894 DISALLOW_COPY_AND_ASSIGN(URLRequest); |
866 }; | 895 }; |
867 | 896 |
868 } // namespace net | 897 } // namespace net |
869 | 898 |
870 #endif // NET_URL_REQUEST_URL_REQUEST_H_ | 899 #endif // NET_URL_REQUEST_URL_REQUEST_H_ |
OLD | NEW |