OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/url_request/url_request_http_job.h" | 5 #include "net/url_request/url_request_http_job.h" |
6 | 6 |
7 #include "base/base_switches.h" | 7 #include "base/base_switches.h" |
8 #include "base/bind.h" | 8 #include "base/bind.h" |
9 #include "base/bind_helpers.h" | 9 #include "base/bind_helpers.h" |
10 #include "base/command_line.h" | 10 #include "base/command_line.h" |
11 #include "base/compiler_specific.h" | 11 #include "base/compiler_specific.h" |
12 #include "base/file_version_info.h" | 12 #include "base/file_version_info.h" |
13 #include "base/location.h" | 13 #include "base/location.h" |
14 #include "base/macros.h" | 14 #include "base/macros.h" |
15 #include "base/metrics/field_trial.h" | 15 #include "base/metrics/field_trial.h" |
16 #include "base/metrics/histogram_macros.h" | 16 #include "base/metrics/histogram_macros.h" |
17 #include "base/profiler/scoped_tracker.h" | 17 #include "base/profiler/scoped_tracker.h" |
18 #include "base/rand_util.h" | 18 #include "base/rand_util.h" |
19 #include "base/single_thread_task_runner.h" | 19 #include "base/single_thread_task_runner.h" |
20 #include "base/strings/string_util.h" | 20 #include "base/strings/string_util.h" |
21 #include "base/thread_task_runner_handle.h" | 21 #include "base/thread_task_runner_handle.h" |
22 #include "base/time/time.h" | 22 #include "base/time/time.h" |
23 #include "base/values.h" | 23 #include "base/values.h" |
24 #include "net/base/host_port_pair.h" | 24 #include "net/base/host_port_pair.h" |
25 #include "net/base/load_flags.h" | 25 #include "net/base/load_flags.h" |
26 #include "net/base/net_errors.h" | 26 #include "net/base/net_errors.h" |
27 #include "net/base/network_delegate.h" | 27 #include "net/base/network_delegate.h" |
28 #include "net/base/network_quality_estimator.h" | 28 #include "net/base/network_quality_estimator.h" |
| 29 #include "net/base/registry_controlled_domains/registry_controlled_domain.h" |
29 #include "net/base/sdch_manager.h" | 30 #include "net/base/sdch_manager.h" |
30 #include "net/base/sdch_net_log_params.h" | 31 #include "net/base/sdch_net_log_params.h" |
31 #include "net/base/url_util.h" | 32 #include "net/base/url_util.h" |
32 #include "net/cert/cert_status_flags.h" | 33 #include "net/cert/cert_status_flags.h" |
33 #include "net/cookies/cookie_store.h" | 34 #include "net/cookies/cookie_store.h" |
34 #include "net/http/http_content_disposition.h" | 35 #include "net/http/http_content_disposition.h" |
35 #include "net/http/http_network_session.h" | 36 #include "net/http/http_network_session.h" |
36 #include "net/http/http_request_headers.h" | 37 #include "net/http/http_request_headers.h" |
37 #include "net/http/http_response_headers.h" | 38 #include "net/http/http_response_headers.h" |
38 #include "net/http/http_response_info.h" | 39 #include "net/http/http_response_info.h" |
(...skipping 679 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
718 void URLRequestHttpJob::AddCookieHeaderAndStart() { | 719 void URLRequestHttpJob::AddCookieHeaderAndStart() { |
719 // If the request was destroyed, then there is no more work to do. | 720 // If the request was destroyed, then there is no more work to do. |
720 if (!request_) | 721 if (!request_) |
721 return; | 722 return; |
722 | 723 |
723 CookieStore* cookie_store = request_->context()->cookie_store(); | 724 CookieStore* cookie_store = request_->context()->cookie_store(); |
724 if (cookie_store && !(request_info_.load_flags & LOAD_DO_NOT_SEND_COOKIES)) { | 725 if (cookie_store && !(request_info_.load_flags & LOAD_DO_NOT_SEND_COOKIES)) { |
725 CookieOptions options; | 726 CookieOptions options; |
726 options.set_include_httponly(); | 727 options.set_include_httponly(); |
727 | 728 |
728 // TODO(mkwst): If same-site cookies aren't enabled, pretend the request is | 729 // Set |options|' SameSiteCookieMode according to the rules laid out in |
729 // same-site regardless, in order to include all cookies. Drop this check | 730 // https://tools.ietf.org/html/draft-west-first-party-cookies. In short, |
730 // once we decide whether or not we're shipping this feature: | 731 // include both "strict" and "lax" same-site cookies if the request's |URL|, |
731 // https://crbug.com/459154 | 732 // |initiator|, and |first_party_for_cookies| all have the same registrable |
| 733 // domain. Include "lax" same-site cookies if the request's |URL| and |
| 734 // |first_party_for_cookies| have the same registrable domain, _and_ the |
| 735 // request's |method| is "safe" ("GET" or "HEAD"). Otherwise, do not include |
| 736 // same-site cookies. |
732 url::Origin requested_origin(request_->url()); | 737 url::Origin requested_origin(request_->url()); |
| 738 url::Origin site_for_cookies(request_->first_party_for_cookies()); |
| 739 |
733 if (!network_delegate() || | 740 if (!network_delegate() || |
734 !network_delegate()->AreExperimentalCookieFeaturesEnabled()) { | 741 !network_delegate()->AreExperimentalCookieFeaturesEnabled()) { |
735 options.set_include_same_site(); | 742 // TODO(mkwst): If same-site cookies aren't enabled, then tag the request |
736 } else if (requested_origin.IsSameOriginWith( | 743 // as including both strict and lax same-site cookies. Drop this check |
737 url::Origin(request_->first_party_for_cookies())) && | 744 // once the feature is no longer behind a flag: https://crbug.com/459154. |
738 (IsMethodSafe(request_->method()) || | 745 options.set_same_site_cookie_mode( |
739 requested_origin.IsSameOriginWith(request_->initiator()))) { | 746 CookieOptions::SameSiteCookieMode::INCLUDE_STRICT_AND_LAX); |
740 options.set_include_same_site(); | 747 } else if (registry_controlled_domains::SameDomainOrHost( |
| 748 requested_origin, site_for_cookies, |
| 749 registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES)) { |
| 750 if (registry_controlled_domains::SameDomainOrHost( |
| 751 requested_origin, request_->initiator(), |
| 752 registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES)) { |
| 753 options.set_same_site_cookie_mode( |
| 754 CookieOptions::SameSiteCookieMode::INCLUDE_STRICT_AND_LAX); |
| 755 } else if (IsMethodSafe(request_->method())) { |
| 756 options.set_same_site_cookie_mode( |
| 757 CookieOptions::SameSiteCookieMode::INCLUDE_LAX); |
| 758 } |
741 } | 759 } |
742 | 760 |
743 cookie_store->GetCookieListWithOptionsAsync( | 761 cookie_store->GetCookieListWithOptionsAsync( |
744 request_->url(), options, | 762 request_->url(), options, |
745 base::Bind(&URLRequestHttpJob::SetCookieHeaderAndStart, | 763 base::Bind(&URLRequestHttpJob::SetCookieHeaderAndStart, |
746 weak_factory_.GetWeakPtr())); | 764 weak_factory_.GetWeakPtr())); |
747 } else { | 765 } else { |
748 DoStartTransaction(); | 766 DoStartTransaction(); |
749 } | 767 } |
750 } | 768 } |
(...skipping 850 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1601 return override_response_headers_.get() ? | 1619 return override_response_headers_.get() ? |
1602 override_response_headers_.get() : | 1620 override_response_headers_.get() : |
1603 transaction_->GetResponseInfo()->headers.get(); | 1621 transaction_->GetResponseInfo()->headers.get(); |
1604 } | 1622 } |
1605 | 1623 |
1606 void URLRequestHttpJob::NotifyURLRequestDestroyed() { | 1624 void URLRequestHttpJob::NotifyURLRequestDestroyed() { |
1607 awaiting_callback_ = false; | 1625 awaiting_callback_ = false; |
1608 } | 1626 } |
1609 | 1627 |
1610 } // namespace net | 1628 } // namespace net |
OLD | NEW |