| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // Portions of this code based on Mozilla: | 5 // Portions of this code based on Mozilla: |
| 6 // (netwerk/cookie/src/nsCookieService.cpp) | 6 // (netwerk/cookie/src/nsCookieService.cpp) |
| 7 /* ***** BEGIN LICENSE BLOCK ***** | 7 /* ***** BEGIN LICENSE BLOCK ***** |
| 8 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 8 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| 9 * | 9 * |
| 10 * The contents of this file are subject to the Mozilla Public License Version | 10 * The contents of this file are subject to the Mozilla Public License Version |
| (...skipping 116 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 127 CanonicalCookie::CanonicalCookie(const GURL& url, | 127 CanonicalCookie::CanonicalCookie(const GURL& url, |
| 128 const std::string& name, | 128 const std::string& name, |
| 129 const std::string& value, | 129 const std::string& value, |
| 130 const std::string& domain, | 130 const std::string& domain, |
| 131 const std::string& path, | 131 const std::string& path, |
| 132 const base::Time& creation, | 132 const base::Time& creation, |
| 133 const base::Time& expiration, | 133 const base::Time& expiration, |
| 134 const base::Time& last_access, | 134 const base::Time& last_access, |
| 135 bool secure, | 135 bool secure, |
| 136 bool httponly, | 136 bool httponly, |
| 137 bool same_site, | 137 CookieSameSite same_site, |
| 138 CookiePriority priority) | 138 CookiePriority priority) |
| 139 : source_(url.SchemeIsFile() ? url : url.GetOrigin()), | 139 : source_(url.SchemeIsFile() ? url : url.GetOrigin()), |
| 140 name_(name), | 140 name_(name), |
| 141 value_(value), | 141 value_(value), |
| 142 domain_(domain), | 142 domain_(domain), |
| 143 path_(path), | 143 path_(path), |
| 144 creation_date_(creation), | 144 creation_date_(creation), |
| 145 expiry_date_(expiration), | 145 expiry_date_(expiration), |
| 146 last_access_date_(last_access), | 146 last_access_date_(last_access), |
| 147 secure_(secure), | 147 secure_(secure), |
| 148 httponly_(httponly), | 148 httponly_(httponly), |
| 149 same_site_(same_site), | 149 same_site_(same_site), |
| 150 priority_(priority) {} | 150 priority_(priority) {} |
| 151 | 151 |
| 152 CanonicalCookie::CanonicalCookie(const GURL& url, const ParsedCookie& pc) | 152 CanonicalCookie::CanonicalCookie(const GURL& url, const ParsedCookie& pc) |
| 153 : source_(url.SchemeIsFile() ? url : url.GetOrigin()), | 153 : source_(url.SchemeIsFile() ? url : url.GetOrigin()), |
| 154 name_(pc.Name()), | 154 name_(pc.Name()), |
| 155 value_(pc.Value()), | 155 value_(pc.Value()), |
| 156 path_(CanonPath(url, pc)), | 156 path_(CanonPath(url, pc)), |
| 157 creation_date_(Time::Now()), | 157 creation_date_(Time::Now()), |
| 158 last_access_date_(Time()), | 158 last_access_date_(Time()), |
| 159 secure_(pc.IsSecure()), | 159 secure_(pc.IsSecure()), |
| 160 httponly_(pc.IsHttpOnly()), | 160 httponly_(pc.IsHttpOnly()), |
| 161 same_site_(pc.IsSameSite()), | 161 same_site_(pc.SameSite()), |
| 162 priority_(pc.Priority()) { | 162 priority_(pc.Priority()) { |
| 163 if (pc.HasExpires()) | 163 if (pc.HasExpires()) |
| 164 expiry_date_ = CanonExpiration(pc, creation_date_, creation_date_); | 164 expiry_date_ = CanonExpiration(pc, creation_date_, creation_date_); |
| 165 | 165 |
| 166 // Do the best we can with the domain. | 166 // Do the best we can with the domain. |
| 167 std::string cookie_domain; | 167 std::string cookie_domain; |
| 168 std::string domain_string; | 168 std::string domain_string; |
| 169 if (pc.HasDomain()) { | 169 if (pc.HasDomain()) { |
| 170 domain_string = pc.Domain(); | 170 domain_string = pc.Domain(); |
| 171 } | 171 } |
| (...skipping 98 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 270 if (!is_cookie_valid) { | 270 if (!is_cookie_valid) { |
| 271 VLOG(kVlogSetCookies) | 271 VLOG(kVlogSetCookies) |
| 272 << "Create() failed because the cookie violated prefix rules."; | 272 << "Create() failed because the cookie violated prefix rules."; |
| 273 return nullptr; | 273 return nullptr; |
| 274 } | 274 } |
| 275 | 275 |
| 276 return make_scoped_ptr(new CanonicalCookie( | 276 return make_scoped_ptr(new CanonicalCookie( |
| 277 url, parsed_cookie.Name(), parsed_cookie.Value(), cookie_domain, | 277 url, parsed_cookie.Name(), parsed_cookie.Value(), cookie_domain, |
| 278 cookie_path, creation_time, cookie_expires, creation_time, | 278 cookie_path, creation_time, cookie_expires, creation_time, |
| 279 parsed_cookie.IsSecure(), parsed_cookie.IsHttpOnly(), | 279 parsed_cookie.IsSecure(), parsed_cookie.IsHttpOnly(), |
| 280 parsed_cookie.IsSameSite(), parsed_cookie.Priority())); | 280 parsed_cookie.SameSite(), parsed_cookie.Priority())); |
| 281 } | 281 } |
| 282 | 282 |
| 283 // static | 283 // static |
| 284 scoped_ptr<CanonicalCookie> CanonicalCookie::Create( | 284 scoped_ptr<CanonicalCookie> CanonicalCookie::Create( |
| 285 const GURL& url, | 285 const GURL& url, |
| 286 const std::string& name, | 286 const std::string& name, |
| 287 const std::string& value, | 287 const std::string& value, |
| 288 const std::string& domain, | 288 const std::string& domain, |
| 289 const std::string& path, | 289 const std::string& path, |
| 290 const base::Time& creation, | 290 const base::Time& creation, |
| 291 const base::Time& expiration, | 291 const base::Time& expiration, |
| 292 bool secure, | 292 bool secure, |
| 293 bool http_only, | 293 bool http_only, |
| 294 bool same_site, | 294 CookieSameSite same_site, |
| 295 bool enforce_strict_secure, | 295 bool enforce_strict_secure, |
| 296 CookiePriority priority) { | 296 CookiePriority priority) { |
| 297 // Expect valid attribute tokens and values, as defined by the ParsedCookie | 297 // Expect valid attribute tokens and values, as defined by the ParsedCookie |
| 298 // logic, otherwise don't create the cookie. | 298 // logic, otherwise don't create the cookie. |
| 299 std::string parsed_name = ParsedCookie::ParseTokenString(name); | 299 std::string parsed_name = ParsedCookie::ParseTokenString(name); |
| 300 if (parsed_name != name) | 300 if (parsed_name != name) |
| 301 return nullptr; | 301 return nullptr; |
| 302 std::string parsed_value = ParsedCookie::ParseValueString(value); | 302 std::string parsed_value = ParsedCookie::ParseValueString(value); |
| 303 if (parsed_value != value) | 303 if (parsed_value != value) |
| 304 return nullptr; | 304 return nullptr; |
| (...skipping 110 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 415 if (IsSecure() && !url.SchemeIsCryptographic()) | 415 if (IsSecure() && !url.SchemeIsCryptographic()) |
| 416 return false; | 416 return false; |
| 417 // Don't include cookies for requests that don't apply to the cookie domain. | 417 // Don't include cookies for requests that don't apply to the cookie domain. |
| 418 if (!IsDomainMatch(url.host())) | 418 if (!IsDomainMatch(url.host())) |
| 419 return false; | 419 return false; |
| 420 // Don't include cookies for requests with a url path that does not path | 420 // Don't include cookies for requests with a url path that does not path |
| 421 // match the cookie-path. | 421 // match the cookie-path. |
| 422 if (!IsOnPath(url.path())) | 422 if (!IsOnPath(url.path())) |
| 423 return false; | 423 return false; |
| 424 // Don't include same-site cookies for cross-site requests. | 424 // Don't include same-site cookies for cross-site requests. |
| 425 if (IsSameSite() && !options.include_same_site()) | 425 // |
| 426 // TODO(mkwst): This currently treats both "strict" and "lax" SameSite cookies |
| 427 // in the same way. https://codereview.chromium.org/1783813002 will eventually |
| 428 // distinguish between them based on attributes of the request. |
| 429 if (SameSite() != CookieSameSite::NO_RESTRICTION && |
| 430 !options.include_same_site()) { |
| 426 return false; | 431 return false; |
| 432 } |
| 427 | 433 |
| 428 return true; | 434 return true; |
| 429 } | 435 } |
| 430 | 436 |
| 431 std::string CanonicalCookie::DebugString() const { | 437 std::string CanonicalCookie::DebugString() const { |
| 432 return base::StringPrintf( | 438 return base::StringPrintf( |
| 433 "name: %s value: %s domain: %s path: %s creation: %" PRId64, | 439 "name: %s value: %s domain: %s path: %s creation: %" PRId64, |
| 434 name_.c_str(), value_.c_str(), domain_.c_str(), path_.c_str(), | 440 name_.c_str(), value_.c_str(), domain_.c_str(), path_.c_str(), |
| 435 static_cast<int64_t>(creation_date_.ToTimeT())); | 441 static_cast<int64_t>(creation_date_.ToTimeT())); |
| 436 } | 442 } |
| (...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 507 if (prefix == CanonicalCookie::COOKIE_PREFIX_SECURE) | 513 if (prefix == CanonicalCookie::COOKIE_PREFIX_SECURE) |
| 508 return parsed_cookie.IsSecure() && url.SchemeIsCryptographic(); | 514 return parsed_cookie.IsSecure() && url.SchemeIsCryptographic(); |
| 509 if (prefix == CanonicalCookie::COOKIE_PREFIX_HOST) { | 515 if (prefix == CanonicalCookie::COOKIE_PREFIX_HOST) { |
| 510 return parsed_cookie.IsSecure() && url.SchemeIsCryptographic() && | 516 return parsed_cookie.IsSecure() && url.SchemeIsCryptographic() && |
| 511 !parsed_cookie.HasDomain() && parsed_cookie.Path() == "/"; | 517 !parsed_cookie.HasDomain() && parsed_cookie.Path() == "/"; |
| 512 } | 518 } |
| 513 return true; | 519 return true; |
| 514 } | 520 } |
| 515 | 521 |
| 516 } // namespace net | 522 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1773133002:
SameSite: Implement 'Strict'/'Lax' attribute parsing. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master