| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_URL_REQUEST_URL_REQUEST_H_ | 5 #ifndef NET_URL_REQUEST_URL_REQUEST_H_ |
| 6 #define NET_URL_REQUEST_URL_REQUEST_H_ | 6 #define NET_URL_REQUEST_URL_REQUEST_H_ |
| 7 | 7 |
| 8 #include <stdint.h> | 8 #include <stdint.h> |
| 9 | 9 |
| 10 #include <string> | 10 #include <string> |
| (...skipping 245 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 256 // | 256 // |
| 257 // WARNING: This URL must only be used for the third-party cookie blocking | 257 // WARNING: This URL must only be used for the third-party cookie blocking |
| 258 // policy. It MUST NEVER be used for any kind of SECURITY check. | 258 // policy. It MUST NEVER be used for any kind of SECURITY check. |
| 259 // | 259 // |
| 260 // For example, if a top-level navigation is redirected, the | 260 // For example, if a top-level navigation is redirected, the |
| 261 // first-party for cookies will be the URL of the first URL in the | 261 // first-party for cookies will be the URL of the first URL in the |
| 262 // redirect chain throughout the whole redirect. If it was used for | 262 // redirect chain throughout the whole redirect. If it was used for |
| 263 // a security check, an attacker might try to get around this check | 263 // a security check, an attacker might try to get around this check |
| 264 // by starting from some page that redirects to the | 264 // by starting from some page that redirects to the |
| 265 // host-to-be-attacked. | 265 // host-to-be-attacked. |
| 266 // |
| 267 // TODO(mkwst): Convert this to a 'url::Origin'. Several callsites are using |
| 268 // this value as a proxy for the "top-level frame URL", which is simply |
| 269 // incorrect and fragile. We don't need the full URL for any //net checks, |
| 270 // so we should drop the pieces we don't need. |
| 266 const GURL& first_party_for_cookies() const { | 271 const GURL& first_party_for_cookies() const { |
| 267 return first_party_for_cookies_; | 272 return first_party_for_cookies_; |
| 268 } | 273 } |
| 269 // This method may only be called before Start(). | 274 // This method may only be called before Start(). |
| 270 void set_first_party_for_cookies(const GURL& first_party_for_cookies); | 275 void set_first_party_for_cookies(const GURL& first_party_for_cookies); |
| 271 | 276 |
| 272 // The first-party URL policy to apply when updating the first party URL | 277 // The first-party URL policy to apply when updating the first party URL |
| 273 // during redirects. The first-party URL policy may only be changed before | 278 // during redirects. The first-party URL policy may only be changed before |
| 274 // Start() is called. | 279 // Start() is called. |
| 275 FirstPartyURLPolicy first_party_url_policy() const { | 280 FirstPartyURLPolicy first_party_url_policy() const { |
| (...skipping 573 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 849 HostPortPair proxy_server_; | 854 HostPortPair proxy_server_; |
| 850 | 855 |
| 851 scoped_ptr<const base::debug::StackTrace> stack_trace_; | 856 scoped_ptr<const base::debug::StackTrace> stack_trace_; |
| 852 | 857 |
| 853 DISALLOW_COPY_AND_ASSIGN(URLRequest); | 858 DISALLOW_COPY_AND_ASSIGN(URLRequest); |
| 854 }; | 859 }; |
| 855 | 860 |
| 856 } // namespace net | 861 } // namespace net |
| 857 | 862 |
| 858 #endif // NET_URL_REQUEST_URL_REQUEST_H_ | 863 #endif // NET_URL_REQUEST_URL_REQUEST_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1413623002:
Convert 'CookieOptions::first_party_url' to a 'url::Origin'. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master