Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(636)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/renderer/render_frame_impl.cc

Issue 1411813003: Teach URLRequest about initiator checks for First-Party-Only cookies. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: mmenke Created 5 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« content/browser/service_worker/service_worker_write_to_cache_job.cc ('K') | « content/common/resource_messages.h ('k') | net/cookies/canonical_cookie.cc » ('j') | net/url_request/url_request.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/renderer/render_frame_impl.h" 5 #include "content/renderer/render_frame_impl.h"
6 6
7 #include <map> 7 #include <map>
8 #include <string> 8 #include <string>
9 9
10 #include "base/auto_reset.h" 10 #include "base/auto_reset.h"
(...skipping 3210 matching lines...) Expand 10 before | Expand all | Expand 10 after
3221 blink::WebLocalFrame* frame, 3221 blink::WebLocalFrame* frame,
3222 unsigned identifier, 3222 unsigned identifier,
3223 blink::WebURLRequest& request, 3223 blink::WebURLRequest& request,
3224 const blink::WebURLResponse& redirect_response) { 3224 const blink::WebURLResponse& redirect_response) {
3225 DCHECK(!frame_ || frame_ == frame); 3225 DCHECK(!frame_ || frame_ == frame);
3226 // The request my be empty during tests. 3226 // The request my be empty during tests.
3227 if (request.url().isEmpty()) 3227 if (request.url().isEmpty())
3228 return; 3228 return;
3229 3229
3230 // Set the first party for cookies url if it has not been set yet (new 3230 // Set the first party for cookies url if it has not been set yet (new
3231 // requests). For redirects, it is updated by WebURLLoaderImpl. 3231 // requests). This value will be updated during redirects, consistent with
3232 // https://tools.ietf.org/html/draft-west-first-party-cookies-04#section-2.1.1
3232 if (request.firstPartyForCookies().isEmpty()) { 3233 if (request.firstPartyForCookies().isEmpty()) {
3233 if (request.frameType() == blink::WebURLRequest::FrameTypeTopLevel) { 3234 if (request.frameType() == blink::WebURLRequest::FrameTypeTopLevel) {
3234 request.setFirstPartyForCookies(request.url()); 3235 request.setFirstPartyForCookies(request.url());
3235 } else { 3236 } else {
3236 // TODO(nasko): When the top-level frame is remote, there is no document. 3237 // TODO(nasko): When the top-level frame is remote, there is no document.
3237 // This is broken and should be fixed to propagate the first party. 3238 // This is broken and should be fixed to propagate the first party.
3238 WebFrame* top = frame->top(); 3239 WebFrame* top = frame->top();
3239 if (top->isWebLocalFrame()) { 3240 if (top->isWebLocalFrame()) {
3240 request.setFirstPartyForCookies( 3241 request.setFirstPartyForCookies(
3241 frame->top()->document().firstPartyForCookies()); 3242 frame->top()->document().firstPartyForCookies());
3242 } 3243 }
3243 } 3244 }
3245
3246 // If we need to set the first party, then we need to set the request's
3247 // initiator as well; it will not be updated during redirects.
3248 request.setRequestorOrigin(frame->document().securityOrigin());
3244 } 3249 }
3245 3250
3246 WebDataSource* provisional_data_source = frame->provisionalDataSource(); 3251 WebDataSource* provisional_data_source = frame->provisionalDataSource();
3247 WebDataSource* data_source = 3252 WebDataSource* data_source =
3248 provisional_data_source ? provisional_data_source : frame->dataSource(); 3253 provisional_data_source ? provisional_data_source : frame->dataSource();
3249 3254
3250 DocumentState* document_state = DocumentState::FromDataSource(data_source); 3255 DocumentState* document_state = DocumentState::FromDataSource(data_source);
3251 DCHECK(document_state); 3256 DCHECK(document_state);
3252 InternalDocumentStateData* internal_data = 3257 InternalDocumentStateData* internal_data =
3253 InternalDocumentStateData::FromDocumentState(document_state); 3258 InternalDocumentStateData::FromDocumentState(document_state);
(...skipping 1944 matching lines...) Expand 10 before | Expand all | Expand 10 after
5198 mojo::ServiceProviderPtr service_provider; 5203 mojo::ServiceProviderPtr service_provider;
5199 mojo::URLRequestPtr request(mojo::URLRequest::New()); 5204 mojo::URLRequestPtr request(mojo::URLRequest::New());
5200 request->url = mojo::String::From(url); 5205 request->url = mojo::String::From(url);
5201 mojo_shell_->ConnectToApplication(request.Pass(), GetProxy(&service_provider), 5206 mojo_shell_->ConnectToApplication(request.Pass(), GetProxy(&service_provider),
5202 nullptr, nullptr, 5207 nullptr, nullptr,
5203 base::Bind(&OnGotContentHandlerID)); 5208 base::Bind(&OnGotContentHandlerID));
5204 return service_provider.Pass(); 5209 return service_provider.Pass();
5205 } 5210 }
5206 5211
5207 } // namespace content 5212 } // namespace content
OLDNEW
« content/browser/service_worker/service_worker_write_to_cache_job.cc ('K') | « content/common/resource_messages.h ('k') | net/cookies/canonical_cookie.cc » ('j') | net/url_request/url_request.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698