OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_URL_REQUEST_URL_REQUEST_H_ | 5 #ifndef NET_URL_REQUEST_URL_REQUEST_H_ |
6 #define NET_URL_REQUEST_URL_REQUEST_H_ | 6 #define NET_URL_REQUEST_URL_REQUEST_H_ |
7 | 7 |
8 #include <stdint.h> | 8 #include <stdint.h> |
9 | 9 |
10 #include <string> | 10 #include <string> |
(...skipping 16 matching lines...) Expand all Loading... |
27 #include "net/base/network_delegate.h" | 27 #include "net/base/network_delegate.h" |
28 #include "net/base/request_priority.h" | 28 #include "net/base/request_priority.h" |
29 #include "net/base/upload_progress.h" | 29 #include "net/base/upload_progress.h" |
30 #include "net/cookies/canonical_cookie.h" | 30 #include "net/cookies/canonical_cookie.h" |
31 #include "net/http/http_request_headers.h" | 31 #include "net/http/http_request_headers.h" |
32 #include "net/http/http_response_info.h" | 32 #include "net/http/http_response_info.h" |
33 #include "net/log/net_log.h" | 33 #include "net/log/net_log.h" |
34 #include "net/socket/connection_attempts.h" | 34 #include "net/socket/connection_attempts.h" |
35 #include "net/url_request/url_request_status.h" | 35 #include "net/url_request/url_request_status.h" |
36 #include "url/gurl.h" | 36 #include "url/gurl.h" |
| 37 #include "url/origin.h" |
37 | 38 |
38 namespace base { | 39 namespace base { |
39 class Value; | 40 class Value; |
40 | 41 |
41 namespace debug { | 42 namespace debug { |
42 class StackTrace; | 43 class StackTrace; |
43 } // namespace debug | 44 } // namespace debug |
44 } // namespace base | 45 } // namespace base |
45 | 46 |
46 namespace net { | 47 namespace net { |
(...skipping 201 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
248 | 249 |
249 // The original url is the url used to initialize the request, and it may | 250 // The original url is the url used to initialize the request, and it may |
250 // differ from the url if the request was redirected. | 251 // differ from the url if the request was redirected. |
251 const GURL& original_url() const { return url_chain_.front(); } | 252 const GURL& original_url() const { return url_chain_.front(); } |
252 // The chain of urls traversed by this request. If the request had no | 253 // The chain of urls traversed by this request. If the request had no |
253 // redirects, this vector will contain one element. | 254 // redirects, this vector will contain one element. |
254 const std::vector<GURL>& url_chain() const { return url_chain_; } | 255 const std::vector<GURL>& url_chain() const { return url_chain_; } |
255 const GURL& url() const { return url_chain_.back(); } | 256 const GURL& url() const { return url_chain_.back(); } |
256 | 257 |
257 // The URL that should be consulted for the third-party cookie blocking | 258 // The URL that should be consulted for the third-party cookie blocking |
258 // policy. | 259 // policy, as defined in Section 2.1.1 and 2.1.2 of |
| 260 // https://tools.ietf.org/html/draft-west-first-party-cookies. |
259 // | 261 // |
260 // WARNING: This URL must only be used for the third-party cookie blocking | 262 // WARNING: This URL must only be used for the third-party cookie blocking |
261 // policy. It MUST NEVER be used for any kind of SECURITY check. | 263 // policy. It MUST NEVER be used for any kind of SECURITY check. |
262 // | 264 // |
263 // For example, if a top-level navigation is redirected, the | 265 // For example, if a top-level navigation is redirected, the |
264 // first-party for cookies will be the URL of the first URL in the | 266 // first-party for cookies will be the URL of the first URL in the |
265 // redirect chain throughout the whole redirect. If it was used for | 267 // redirect chain throughout the whole redirect. If it was used for |
266 // a security check, an attacker might try to get around this check | 268 // a security check, an attacker might try to get around this check |
267 // by starting from some page that redirects to the | 269 // by starting from some page that redirects to the |
268 // host-to-be-attacked. | 270 // host-to-be-attacked. |
269 // | 271 // |
270 // TODO(mkwst): Convert this to a 'url::Origin'. Several callsites are using | 272 // TODO(mkwst): Convert this to a 'url::Origin'. Several callsites are using |
271 // this value as a proxy for the "top-level frame URL", which is simply | 273 // this value as a proxy for the "top-level frame URL", which is simply |
272 // incorrect and fragile. We don't need the full URL for any //net checks, | 274 // incorrect and fragile. We don't need the full URL for any //net checks, |
273 // so we should drop the pieces we don't need. | 275 // so we should drop the pieces we don't need. https://crbug.com/577565 |
274 const GURL& first_party_for_cookies() const { | 276 const GURL& first_party_for_cookies() const { |
275 return first_party_for_cookies_; | 277 return first_party_for_cookies_; |
276 } | 278 } |
277 // This method may only be called before Start(). | 279 // This method may only be called before Start(). |
278 void set_first_party_for_cookies(const GURL& first_party_for_cookies); | 280 void set_first_party_for_cookies(const GURL& first_party_for_cookies); |
279 | 281 |
280 // The first-party URL policy to apply when updating the first party URL | 282 // The first-party URL policy to apply when updating the first party URL |
281 // during redirects. The first-party URL policy may only be changed before | 283 // during redirects. The first-party URL policy may only be changed before |
282 // Start() is called. | 284 // Start() is called. |
283 FirstPartyURLPolicy first_party_url_policy() const { | 285 FirstPartyURLPolicy first_party_url_policy() const { |
284 return first_party_url_policy_; | 286 return first_party_url_policy_; |
285 } | 287 } |
286 void set_first_party_url_policy(FirstPartyURLPolicy first_party_url_policy); | 288 void set_first_party_url_policy(FirstPartyURLPolicy first_party_url_policy); |
287 | 289 |
| 290 // The origin of the context which initiated the request. This is distinct |
| 291 // from the "first party for cookies" discussed above in a number of ways: |
| 292 // |
| 293 // 1. The request's initiator does not change during a redirect. If a form |
| 294 // submission from `https://example.com/` redirects through a number of |
| 295 // sites before landing on `https://not-example.com/`, the initiator for |
| 296 // each of those requests will be `https://example.com/`. |
| 297 // |
| 298 // 2. The request's initiator is the origin of the frame or worker which made |
| 299 // the request, even for top-level navigations. That is, if |
| 300 // `https://example.com/`'s form submission is made in the top-level frame, |
| 301 // the first party for cookies would be the target URL's origin. The |
| 302 // initiator remains `https://example.com/`. |
| 303 // |
| 304 // This value is used to perform the cross-origin check specified in Section |
| 305 // 4.3 of https://tools.ietf.org/html/draft-west-first-party-cookies. |
| 306 const url::Origin& initiator() const { return initiator_; } |
| 307 // This method may only be called before Start(). |
| 308 void set_initiator(const url::Origin& initiator); |
| 309 |
288 // The request method, as an uppercase string. "GET" is the default value. | 310 // The request method, as an uppercase string. "GET" is the default value. |
289 // The request method may only be changed before Start() is called and | 311 // The request method may only be changed before Start() is called and |
290 // should only be assigned an uppercase value. | 312 // should only be assigned an uppercase value. |
291 const std::string& method() const { return method_; } | 313 const std::string& method() const { return method_; } |
292 void set_method(const std::string& method); | 314 void set_method(const std::string& method); |
293 | 315 |
294 // The referrer URL for the request. This header may actually be suppressed | 316 // The referrer URL for the request. This header may actually be suppressed |
295 // from the underlying network request for security reasons (e.g., a HTTPS | 317 // from the underlying network request for security reasons (e.g., a HTTPS |
296 // URL will not be sent as the referrer for a HTTP request). The referrer | 318 // URL will not be sent as the referrer for a HTTP request). The referrer |
297 // may only be changed before Start() is called. | 319 // may only be changed before Start() is called. |
(...skipping 461 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
759 BoundNetLog net_log_; | 781 BoundNetLog net_log_; |
760 | 782 |
761 scoped_ptr<URLRequestJob> job_; | 783 scoped_ptr<URLRequestJob> job_; |
762 scoped_ptr<UploadDataStream> upload_data_stream_; | 784 scoped_ptr<UploadDataStream> upload_data_stream_; |
763 // TODO(mmenke): Make whether or not an upload is chunked transparent to the | 785 // TODO(mmenke): Make whether or not an upload is chunked transparent to the |
764 // URLRequest. | 786 // URLRequest. |
765 ChunkedUploadDataStream* upload_chunked_data_stream_; | 787 ChunkedUploadDataStream* upload_chunked_data_stream_; |
766 | 788 |
767 std::vector<GURL> url_chain_; | 789 std::vector<GURL> url_chain_; |
768 GURL first_party_for_cookies_; | 790 GURL first_party_for_cookies_; |
| 791 url::Origin initiator_; |
769 GURL delegate_redirect_url_; | 792 GURL delegate_redirect_url_; |
770 std::string method_; // "GET", "POST", etc. Should be all uppercase. | 793 std::string method_; // "GET", "POST", etc. Should be all uppercase. |
771 std::string referrer_; | 794 std::string referrer_; |
772 ReferrerPolicy referrer_policy_; | 795 ReferrerPolicy referrer_policy_; |
773 FirstPartyURLPolicy first_party_url_policy_; | 796 FirstPartyURLPolicy first_party_url_policy_; |
774 HttpRequestHeaders extra_request_headers_; | 797 HttpRequestHeaders extra_request_headers_; |
775 int load_flags_; // Flags indicating the request type for the load; | 798 int load_flags_; // Flags indicating the request type for the load; |
776 // expected values are LOAD_* enums above. | 799 // expected values are LOAD_* enums above. |
777 | 800 |
778 // Never access methods of the |delegate_| directly. Always use the | 801 // Never access methods of the |delegate_| directly. Always use the |
(...skipping 82 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
861 HostPortPair proxy_server_; | 884 HostPortPair proxy_server_; |
862 | 885 |
863 scoped_ptr<const base::debug::StackTrace> stack_trace_; | 886 scoped_ptr<const base::debug::StackTrace> stack_trace_; |
864 | 887 |
865 DISALLOW_COPY_AND_ASSIGN(URLRequest); | 888 DISALLOW_COPY_AND_ASSIGN(URLRequest); |
866 }; | 889 }; |
867 | 890 |
868 } // namespace net | 891 } // namespace net |
869 | 892 |
870 #endif // NET_URL_REQUEST_URL_REQUEST_H_ | 893 #endif // NET_URL_REQUEST_URL_REQUEST_H_ |
OLD | NEW |