| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/url_request/url_request_http_job.h" | 5 #include "net/url_request/url_request_http_job.h" |
| 6 | 6 |
| 7 #include "base/base_switches.h" | 7 #include "base/base_switches.h" |
| 8 #include "base/bind.h" | 8 #include "base/bind.h" |
| 9 #include "base/bind_helpers.h" | 9 #include "base/bind_helpers.h" |
| 10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
| (...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 49 #include "net/url_request/url_request_context.h" | 49 #include "net/url_request/url_request_context.h" |
| 50 #include "net/url_request/url_request_error_job.h" | 50 #include "net/url_request/url_request_error_job.h" |
| 51 #include "net/url_request/url_request_job_factory.h" | 51 #include "net/url_request/url_request_job_factory.h" |
| 52 #include "net/url_request/url_request_redirect_job.h" | 52 #include "net/url_request/url_request_redirect_job.h" |
| 53 #include "net/url_request/url_request_throttler_manager.h" | 53 #include "net/url_request/url_request_throttler_manager.h" |
| 54 #include "net/websockets/websocket_handshake_stream_base.h" | 54 #include "net/websockets/websocket_handshake_stream_base.h" |
| 55 #include "url/origin.h" | 55 #include "url/origin.h" |
| 56 | 56 |
| 57 static const char kAvailDictionaryHeader[] = "Avail-Dictionary"; | 57 static const char kAvailDictionaryHeader[] = "Avail-Dictionary"; |
| 58 | 58 |
| 59 namespace { |
| 60 |
| 61 // True if the request method is "safe" (per section 4.2.1 of RFC 7231). |
| 62 bool IsMethodSafe(const std::string& method) { |
| 63 return method == "GET" || method == "HEAD" || method == "OPTIONS" || |
| 64 method == "TRACE"; |
| 65 } |
| 66 |
| 67 } // namespace |
| 68 |
| 59 namespace net { | 69 namespace net { |
| 60 | 70 |
| 61 class URLRequestHttpJob::HttpFilterContext : public FilterContext { | 71 class URLRequestHttpJob::HttpFilterContext : public FilterContext { |
| 62 public: | 72 public: |
| 63 explicit HttpFilterContext(URLRequestHttpJob* job); | 73 explicit HttpFilterContext(URLRequestHttpJob* job); |
| 64 ~HttpFilterContext() override; | 74 ~HttpFilterContext() override; |
| 65 | 75 |
| 66 // FilterContext implementation. | 76 // FilterContext implementation. |
| 67 bool GetMimeType(std::string* mime_type) const override; | 77 bool GetMimeType(std::string* mime_type) const override; |
| 68 bool GetURL(GURL* gurl) const override; | 78 bool GetURL(GURL* gurl) const override; |
| (...skipping 598 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 667 weak_factory_.GetWeakPtr())); | 677 weak_factory_.GetWeakPtr())); |
| 668 } else { | 678 } else { |
| 669 DoStartTransaction(); | 679 DoStartTransaction(); |
| 670 } | 680 } |
| 671 } | 681 } |
| 672 | 682 |
| 673 void URLRequestHttpJob::DoLoadCookies() { | 683 void URLRequestHttpJob::DoLoadCookies() { |
| 674 CookieOptions options; | 684 CookieOptions options; |
| 675 options.set_include_httponly(); | 685 options.set_include_httponly(); |
| 676 | 686 |
| 677 // TODO(mkwst): Drop this `if` once we decide whether or not to ship | 687 // TODO(mkwst): If first-party-only cookies aren't enabled, pretend the |
| 678 // first-party cookies: https://crbug.com/459154 | 688 // request is first-party regardless, in order to include all cookies. Drop |
| 679 if (network_delegate() && | 689 // this check once we decide whether or not we're shipping this feature: |
| 680 network_delegate()->AreExperimentalCookieFeaturesEnabled()) | 690 // https://crbug.com/459154 |
| 681 options.set_first_party(url::Origin(request_->first_party_for_cookies())); | 691 url::Origin requested_origin(request_->url()); |
| 682 else | 692 if (!network_delegate() || |
| 683 options.set_include_first_party_only(); | 693 !network_delegate()->AreExperimentalCookieFeaturesEnabled()) { |
| 694 options.set_include_first_party_only_cookies(); |
| 695 } else if (requested_origin.IsSameOriginWith( |
| 696 url::Origin(request_->first_party_for_cookies())) && |
| 697 (IsMethodSafe(request_->method()) || |
| 698 requested_origin.IsSameOriginWith(request_->initiator()))) { |
| 699 options.set_include_first_party_only_cookies(); |
| 700 } |
| 684 | 701 |
| 685 request_->context()->cookie_store()->GetCookiesWithOptionsAsync( | 702 request_->context()->cookie_store()->GetCookiesWithOptionsAsync( |
| 686 request_->url(), options, base::Bind(&URLRequestHttpJob::OnCookiesLoaded, | 703 request_->url(), options, base::Bind(&URLRequestHttpJob::OnCookiesLoaded, |
| 687 weak_factory_.GetWeakPtr())); | 704 weak_factory_.GetWeakPtr())); |
| 688 } | 705 } |
| 689 | 706 |
| 690 void URLRequestHttpJob::CheckCookiePolicyAndLoad( | 707 void URLRequestHttpJob::CheckCookiePolicyAndLoad( |
| 691 const CookieList& cookie_list) { | 708 const CookieList& cookie_list) { |
| 692 if (CanGetCookies(cookie_list)) | 709 if (CanGetCookies(cookie_list)) |
| 693 DoLoadCookies(); | 710 DoLoadCookies(); |
| (...skipping 916 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1610 return override_response_headers_.get() ? | 1627 return override_response_headers_.get() ? |
| 1611 override_response_headers_.get() : | 1628 override_response_headers_.get() : |
| 1612 transaction_->GetResponseInfo()->headers.get(); | 1629 transaction_->GetResponseInfo()->headers.get(); |
| 1613 } | 1630 } |
| 1614 | 1631 |
| 1615 void URLRequestHttpJob::NotifyURLRequestDestroyed() { | 1632 void URLRequestHttpJob::NotifyURLRequestDestroyed() { |
| 1616 awaiting_callback_ = false; | 1633 awaiting_callback_ = false; |
| 1617 } | 1634 } |
| 1618 | 1635 |
| 1619 } // namespace net | 1636 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1411813003:
Teach URLRequest about initiator checks for First-Party-Only cookies. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master