OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_URL_REQUEST_URL_REQUEST_H_ | 5 #ifndef NET_URL_REQUEST_URL_REQUEST_H_ |
6 #define NET_URL_REQUEST_URL_REQUEST_H_ | 6 #define NET_URL_REQUEST_URL_REQUEST_H_ |
7 | 7 |
8 #include <stdint.h> | 8 #include <stdint.h> |
9 | 9 |
10 #include <string> | 10 #include <string> |
(...skipping 245 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
256 // | 256 // |
257 // WARNING: This URL must only be used for the third-party cookie blocking | 257 // WARNING: This URL must only be used for the third-party cookie blocking |
258 // policy. It MUST NEVER be used for any kind of SECURITY check. | 258 // policy. It MUST NEVER be used for any kind of SECURITY check. |
259 // | 259 // |
260 // For example, if a top-level navigation is redirected, the | 260 // For example, if a top-level navigation is redirected, the |
261 // first-party for cookies will be the URL of the first URL in the | 261 // first-party for cookies will be the URL of the first URL in the |
262 // redirect chain throughout the whole redirect. If it was used for | 262 // redirect chain throughout the whole redirect. If it was used for |
263 // a security check, an attacker might try to get around this check | 263 // a security check, an attacker might try to get around this check |
264 // by starting from some page that redirects to the | 264 // by starting from some page that redirects to the |
265 // host-to-be-attacked. | 265 // host-to-be-attacked. |
| 266 // |
| 267 // TODO(mkwst): Convert this to a 'url::Origin'. Several callsites are using |
| 268 // this value as a proxy for the "top-level frame URL", which is simply |
| 269 // incorrect and fragile. We don't need the full URL for any //net checks, |
| 270 // so we should drop the pieces we don't need. |
266 const GURL& first_party_for_cookies() const { | 271 const GURL& first_party_for_cookies() const { |
267 return first_party_for_cookies_; | 272 return first_party_for_cookies_; |
268 } | 273 } |
269 // This method may only be called before Start(). | 274 // This method may only be called before Start(). |
270 void set_first_party_for_cookies(const GURL& first_party_for_cookies); | 275 void set_first_party_for_cookies(const GURL& first_party_for_cookies); |
271 | 276 |
272 // The first-party URL policy to apply when updating the first party URL | 277 // The first-party URL policy to apply when updating the first party URL |
273 // during redirects. The first-party URL policy may only be changed before | 278 // during redirects. The first-party URL policy may only be changed before |
274 // Start() is called. | 279 // Start() is called. |
275 FirstPartyURLPolicy first_party_url_policy() const { | 280 FirstPartyURLPolicy first_party_url_policy() const { |
(...skipping 573 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
849 HostPortPair proxy_server_; | 854 HostPortPair proxy_server_; |
850 | 855 |
851 scoped_ptr<const base::debug::StackTrace> stack_trace_; | 856 scoped_ptr<const base::debug::StackTrace> stack_trace_; |
852 | 857 |
853 DISALLOW_COPY_AND_ASSIGN(URLRequest); | 858 DISALLOW_COPY_AND_ASSIGN(URLRequest); |
854 }; | 859 }; |
855 | 860 |
856 } // namespace net | 861 } // namespace net |
857 | 862 |
858 #endif // NET_URL_REQUEST_URL_REQUEST_H_ | 863 #endif // NET_URL_REQUEST_URL_REQUEST_H_ |
OLD | NEW |