Index: chrome/browser/browsing_data/browsing_data_filter_builder.h |
diff --git a/chrome/browser/browsing_data/browsing_data_filter_builder.h b/chrome/browser/browsing_data/browsing_data_filter_builder.h |
new file mode 100644 |
index 0000000000000000000000000000000000000000..8c075035bb957f86b010d682b0b5656b2773d484 |
--- /dev/null |
+++ b/chrome/browser/browsing_data/browsing_data_filter_builder.h |
@@ -0,0 +1,120 @@ |
+// Copyright 2016 The Chromium Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style license that can be |
+// found in the LICENSE file. |
+ |
+#ifndef CHROME_BROWSER_BROWSING_DATA_BROWSING_DATA_FILTER_BUILDER_H_ |
+#define CHROME_BROWSER_BROWSING_DATA_BROWSING_DATA_FILTER_BUILDER_H_ |
+ |
+#include <ostream> |
+#include <set> |
+#include <vector> |
+ |
+#include "base/callback.h" |
+#include "net/cookies/canonical_cookie.h" |
+#include "url/gurl.h" |
+#include "url/origin.h" |
+ |
+class ContentSettingsPattern; |
+ |
+// A class that constructs URL deletion filters (represented as GURL->bool |
+// predicates) that match registerable domains - which is basically an eTLD + 1. |
+// We use registerable domains as our filter because of the cookie visibility |
+// model. This means that we ignore schemes and subdomains. |
+// |
+// Cookies are domain-scoped, and websites often rely on cookies that are living |
+// on various subdomains. For example, plus.google.com relies on google.com |
+// cookies, which eventually talks to account.google.com cookies for GAIA |
+// account auth. This means that when we save cookies for an origin, we need |
+// to save all cookies for the TLD+1. This means blacklisting (or whitelisting) |
+// https://plus.google.com will have us save (or delete) any cookies for |
+// *.google.com (http://www.google.com, https://accounts.google.com, etc). For |
+// this reason we don't use origins, and instead use registerable domains. |
+// |
+// See net/base/registry_controlled_domains/registry_controlled_domain.h for |
+// more details on registrable domains and the current list of effective eTLDs. |
+class BrowsingDataFilterBuilder { |
+ public: |
+ enum Mode { |
+ // This means that only the origins given will be deleted. |
+ WHITELIST, |
+ // Everyone EXCEPT the origins given will be deleted. |
+ BLACKLIST |
+ }; |
+ |
+ // Constructs a filter with the given |mode| - whitelist or blacklist. |
+ explicit BrowsingDataFilterBuilder(Mode mode); |
+ |
+ ~BrowsingDataFilterBuilder(); |
+ |
+ // Adds a registerable domain to the (white- or black-) list. This is expected |
+ // to not include subdomains, so basically tld+1. This can also be an IP |
+ // address. |
+ // Refer to net/base/registry_controlled_domains/registry_controlled_domain.h |
+ // for more details on registrable domains and the current list of effective. |
+ // TLDs. We expect a string that would be returned by |
+ // net::registry_controlled_domains::GetDomainAndRegistry. |
+ void AddRegisterableDomain(const std::string& domain); |
+ |
+ // Sets the |mode| of the filter. |
+ void SetMode(Mode mode); |
+ |
+ // Returns true if we're an empty blacklist, where we delete everything. |
+ bool IsEmptyBlacklist() const; |
+ |
+ // Builds a filter that matches URLs whose origins or domains are in the |
+ // whitelist, or aren't in the blacklist. |
+ base::Callback<bool(const GURL&)> BuildSameDomainFilter() const; |
+ |
+ // Builds a filter that calls ContentSettingsPattern::Compare on the given |
+ // pattern and a new pattern constructed by each domain in this filter. The |
+ // domain pattern A and given pattern B match when A.Compare(B) is IDENTITY |
+ // or PREDECESSOR. This means we only match patterns that are the same pattern |
+ // or a more specific pattern than our domain (so we shouldn't be matching |
+ // wildcard patterns like "*" or "*:80"). |
+ base::Callback<bool(const ContentSettingsPattern& pattern)> |
+ BuildWebsiteSettingsPatternMatchesFilter() const; |
+ |
+ // We do a direct comparison to the registerable domain of the cookie. A |
+ // whitelist filter will return true if any of its domains match the cookie, |
+ // and a blacklist filter will return true only if none of its domains match |
+ // the cookie. |
+ base::Callback<bool(const net::CanonicalCookie& pattern)> |
+ BuildDomainCookieFilter() const; |
+ |
+ // A convenience method to produce an empty blacklist, a filter that matches |
+ // everything. |
+ static base::Callback<bool(const GURL&)> BuildNoopFilter(); |
+ |
+ private: |
+ // True if the origin or domain of |url| is in the whitelist, or isn't in the |
+ // blacklist. |
+ // The whitelist or blacklist is represented as |origins| and |mode|. |
+ static bool MatchesURL(std::set<std::string>* registerable_domains, |
+ Mode mode, |
+ const GURL& url); |
+ |
+ // True if the pattern something in the whitelist, or doesn't match something |
+ // in the blacklist. |
+ // The whitelist or blacklist is represented as |origins|, and |mode|. |
+ static bool MatchesWebsiteSettingsPattern( |
+ std::vector<ContentSettingsPattern>* domain_patterns, |
+ Mode mode, |
+ const ContentSettingsPattern& pattern); |
+ |
+ // True if no origins can see the given cookie and we're a blacklist, or any |
+ // origins can see the cookie and we're a whitelist. |
+ // The whitelist or blacklist is represented as |origins| and |mode|. |
+ static bool MatchesCookieForRegisterableDomainsAndIPs( |
+ std::set<std::string>* domains_and_ips, |
+ Mode mode, |
+ const net::CanonicalCookie& cookie); |
+ |
+ // The list of domains and whether they should be interpreted as a whitelist |
+ // or blacklist. |
+ std::set<std::string> domain_list_; |
+ Mode mode_; |
+ |
+ DISALLOW_COPY_AND_ASSIGN(BrowsingDataFilterBuilder); |
+}; |
+ |
+#endif // CHROME_BROWSER_BROWSING_DATA_BROWSING_DATA_FILTER_BUILDER_H_ |