net/url_request/url_request_http_job.cc - Issue 1411813003: Teach URLRequest about initiator checks for First-Party-Only cookies.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/url_request/url_request_http_job.cc

Issue 1411813003: Teach URLRequest about initiator checks for First-Party-Only cookies. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Feedback. Created 4 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/url_request/url_request_http_job.cc

diff --git a/net/url_request/url_request_http_job.cc b/net/url_request/url_request_http_job.cc

index 47a0666e3fc7ad50225110e7f394da8adf08c83c..c2a70dd3f67447e3fd6029076e387bfc9a2ec82f 100644

--- a/net/url_request/url_request_http_job.cc

+++ b/net/url_request/url_request_http_job.cc

@@ -56,6 +56,16 @@

static const char kAvailDictionaryHeader[] = "Avail-Dictionary";

+namespace {

+// True if the request method is "safe" (per section 4.2.1 of RFC 7231).

+bool IsMethodSafe(const std::string& method) {

+ return method == "GET" || method == "HEAD" || method == "OPTIONS" ||

+ method == "TRACE";

+} // namespace

namespace net {

class URLRequestHttpJob::HttpFilterContext : public FilterContext {

@@ -674,13 +684,20 @@ void URLRequestHttpJob::DoLoadCookies() {

CookieOptions options;

options.set_include_httponly();

- // TODO(mkwst): Drop this `if` once we decide whether or not to ship

- // first-party cookies: https://crbug.com/459154

- if (network_delegate() &&

- network_delegate()->AreExperimentalCookieFeaturesEnabled())

- options.set_first_party(url::Origin(request_->first_party_for_cookies()));

- else

- options.set_include_first_party_only();

+ // TODO(mkwst): If first-party-only cookies aren't enabled, pretend the

+ // request is first-party regardless, in order to include all cookies. Drop

+ // this check once we decide whether or not we're shipping this feature:

+ // https://crbug.com/459154

+ url::Origin requested_origin(request_->url());

+ if (!network_delegate() ||

+ !network_delegate()->AreExperimentalCookieFeaturesEnabled()) {

+ options.set_include_first_party_only_cookies();

+ } else if (requested_origin.IsSameOriginWith(

+ url::Origin(request_->first_party_for_cookies())) &&

+ (IsMethodSafe(request_->method()) ||

+ requested_origin.IsSameOriginWith(request_->initiator()))) {

+ options.set_include_first_party_only_cookies();

+ }

request_->context()->cookie_store()->GetCookiesWithOptionsAsync(

request_->url(), options, base::Bind(&URLRequestHttpJob::OnCookiesLoaded,

« net/url_request/url_fetcher_core.cc ('K') | « net/url_request/url_request.cc ('k') | net/url_request/url_request_unittest.cc » ('j') | no next file with comments »