OLD | NEW |
(Empty) | |
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #ifndef CHROME_BROWSER_BROWSING_DATA_BROWSING_DATA_FILTER_BUILDER_H_ |
| 6 #define CHROME_BROWSER_BROWSING_DATA_BROWSING_DATA_FILTER_BUILDER_H_ |
| 7 |
| 8 #include <ostream> |
| 9 #include <set> |
| 10 #include <vector> |
| 11 |
| 12 #include "base/callback.h" |
| 13 #include "net/cookies/canonical_cookie.h" |
| 14 #include "url/gurl.h" |
| 15 #include "url/origin.h" |
| 16 |
| 17 class ContentSettingsPattern; |
| 18 |
| 19 // A class that constructs URL deletion filters (represented as GURL->bool |
| 20 // predicates) that match registerable domains - which is basically an eTLD + 1. |
| 21 // We use registerable domains as our filter because of the cookie visibility |
| 22 // model. This means that we ignore schemes and subdomains. |
| 23 // |
| 24 // Cookies are domain-scoped, and websites often rely on cookies that are living |
| 25 // on various subdomains. For example, plus.google.com relies on google.com |
| 26 // cookies, which eventually talks to account.google.com cookies for GAIA |
| 27 // account auth. This means that when we save cookies for an origin, we need |
| 28 // to save all cookies for the TLD+1. This means blacklisting (or whitelisting) |
| 29 // https://plus.google.com will have us save (or delete) any cookies for |
| 30 // *.google.com (http://www.google.com, https://accounts.google.com, etc). For |
| 31 // this reason we don't use origins, and instead use registerable domains. |
| 32 // |
| 33 // See net/base/registry_controlled_domains/registry_controlled_domain.h for |
| 34 // more details on registrable domains and the current list of effective eTLDs. |
| 35 class BrowsingDataFilterBuilder { |
| 36 public: |
| 37 enum Mode { |
| 38 // This means that only the origins given will be deleted. |
| 39 WHITELIST, |
| 40 // Everyone EXCEPT the origins given will be deleted. |
| 41 BLACKLIST |
| 42 }; |
| 43 |
| 44 // Constructs a filter with the given |mode| - whitelist or blacklist. |
| 45 explicit BrowsingDataFilterBuilder(Mode mode); |
| 46 |
| 47 ~BrowsingDataFilterBuilder(); |
| 48 |
| 49 // Adds a registerable domain to the (white- or black-) list. This is expected |
| 50 // to not include subdomains, so basically tld+1. This can also be an IP |
| 51 // address. |
| 52 // Refer to net/base/registry_controlled_domains/registry_controlled_domain.h |
| 53 // for more details on registrable domains and the current list of effective. |
| 54 // TLDs. We expect a string that would be returned by |
| 55 // net::registry_controlled_domains::GetDomainAndRegistry. |
| 56 void AddRegisterableDomain(const std::string& domain); |
| 57 |
| 58 // Sets the |mode| of the filter. |
| 59 void SetMode(Mode mode); |
| 60 |
| 61 // Returns true if we're an empty blacklist, where we delete everything. |
| 62 bool IsEmptyBlacklist() const; |
| 63 |
| 64 // Builds a filter that matches URLs whose origins or domains are in the |
| 65 // whitelist, or aren't in the blacklist. |
| 66 base::Callback<bool(const GURL&)> BuildSameDomainFilter() const; |
| 67 |
| 68 // Builds a filter that calls ContentSettingsPattern::Compare on the given |
| 69 // pattern and a new pattern constructed by each domain in this filter. The |
| 70 // domain pattern A and given pattern B match when A.Compare(B) is IDENTITY |
| 71 // or PREDECESSOR. This means we only match patterns that are the same pattern |
| 72 // or a more specific pattern than our domain (so we shouldn't be matching |
| 73 // wildcard patterns like "*" or "*:80"). |
| 74 base::Callback<bool(const ContentSettingsPattern& pattern)> |
| 75 BuildWebsiteSettingsPatternMatchesFilter() const; |
| 76 |
| 77 // We do a direct comparison to the registerable domain of the cookie. A |
| 78 // whitelist filter will return true if any of its domains match the cookie, |
| 79 // and a blacklist filter will return true only if none of its domains match |
| 80 // the cookie. |
| 81 base::Callback<bool(const net::CanonicalCookie& pattern)> |
| 82 BuildDomainCookieFilter() const; |
| 83 |
| 84 // A convenience method to produce an empty blacklist, a filter that matches |
| 85 // everything. |
| 86 static base::Callback<bool(const GURL&)> BuildNoopFilter(); |
| 87 |
| 88 private: |
| 89 // True if the origin or domain of |url| is in the whitelist, or isn't in the |
| 90 // blacklist. |
| 91 // The whitelist or blacklist is represented as |origins| and |mode|. |
| 92 static bool MatchesURL(std::set<std::string>* registerable_domains, |
| 93 Mode mode, |
| 94 const GURL& url); |
| 95 |
| 96 // True if the pattern something in the whitelist, or doesn't match something |
| 97 // in the blacklist. |
| 98 // The whitelist or blacklist is represented as |origins|, and |mode|. |
| 99 static bool MatchesWebsiteSettingsPattern( |
| 100 std::vector<ContentSettingsPattern>* domain_patterns, |
| 101 Mode mode, |
| 102 const ContentSettingsPattern& pattern); |
| 103 |
| 104 // True if no origins can see the given cookie and we're a blacklist, or any |
| 105 // origins can see the cookie and we're a whitelist. |
| 106 // The whitelist or blacklist is represented as |origins| and |mode|. |
| 107 static bool MatchesCookieForRegisterableDomainsAndIPs( |
| 108 std::set<std::string>* domains_and_ips, |
| 109 Mode mode, |
| 110 const net::CanonicalCookie& cookie); |
| 111 |
| 112 // The list of domains and whether they should be interpreted as a whitelist |
| 113 // or blacklist. |
| 114 std::set<std::string> domain_list_; |
| 115 Mode mode_; |
| 116 |
| 117 DISALLOW_COPY_AND_ASSIGN(BrowsingDataFilterBuilder); |
| 118 }; |
| 119 |
| 120 #endif // CHROME_BROWSER_BROWSING_DATA_BROWSING_DATA_FILTER_BUILDER_H_ |
OLD | NEW |