Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(280)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cookies/canonical_cookie.cc

Issue 1783813002: SameSite: Strict/Lax behavior. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@strict-lax
Patch Set: Comment. Created 4 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/base/registry_controlled_domains/registry_controlled_domain_unittest.cc ('k') | net/cookies/canonical_cookie_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // Portions of this code based on Mozilla: 5 // Portions of this code based on Mozilla:
6 // (netwerk/cookie/src/nsCookieService.cpp) 6 // (netwerk/cookie/src/nsCookieService.cpp)
7 /* ***** BEGIN LICENSE BLOCK ***** 7 /* ***** BEGIN LICENSE BLOCK *****
8 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 8 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
9 * 9 *
10 * The contents of this file are subject to the Mozilla Public License Version 10 * The contents of this file are subject to the Mozilla Public License Version
(...skipping 404 matching lines...) Expand 10 before | Expand all | Expand 10 after
415 if (IsSecure() && !url.SchemeIsCryptographic()) 415 if (IsSecure() && !url.SchemeIsCryptographic())
416 return false; 416 return false;
417 // Don't include cookies for requests that don't apply to the cookie domain. 417 // Don't include cookies for requests that don't apply to the cookie domain.
418 if (!IsDomainMatch(url.host())) 418 if (!IsDomainMatch(url.host()))
419 return false; 419 return false;
420 // Don't include cookies for requests with a url path that does not path 420 // Don't include cookies for requests with a url path that does not path
421 // match the cookie-path. 421 // match the cookie-path.
422 if (!IsOnPath(url.path())) 422 if (!IsOnPath(url.path()))
423 return false; 423 return false;
424 // Don't include same-site cookies for cross-site requests. 424 // Don't include same-site cookies for cross-site requests.
425 // 425 switch (SameSite()) {
426 // TODO(mkwst): This currently treats both "strict" and "lax" SameSite cookies 426 case CookieSameSite::STRICT_MODE:
427 // in the same way. https://codereview.chromium.org/1783813002 will eventually 427 if (options.same_site_cookie_mode() !=
428 // distinguish between them based on attributes of the request. 428 CookieOptions::SameSiteCookieMode::INCLUDE_STRICT_AND_LAX) {
429 if (SameSite() != CookieSameSite::NO_RESTRICTION && 429 return false;
430 !options.include_same_site()) { 430 }
431 return false; 431 break;
432 case CookieSameSite::LAX_MODE:
433 if (options.same_site_cookie_mode() ==
434 CookieOptions::SameSiteCookieMode::DO_NOT_INCLUDE) {
435 return false;
436 }
437 break;
438 default:
439 break;
432 } 440 }
433 441
434 return true; 442 return true;
435 } 443 }
436 444
437 std::string CanonicalCookie::DebugString() const { 445 std::string CanonicalCookie::DebugString() const {
438 return base::StringPrintf( 446 return base::StringPrintf(
439 "name: %s value: %s domain: %s path: %s creation: %" PRId64, 447 "name: %s value: %s domain: %s path: %s creation: %" PRId64,
440 name_.c_str(), value_.c_str(), domain_.c_str(), path_.c_str(), 448 name_.c_str(), value_.c_str(), domain_.c_str(), path_.c_str(),
441 static_cast<int64_t>(creation_date_.ToTimeT())); 449 static_cast<int64_t>(creation_date_.ToTimeT()));
(...skipping 71 matching lines...) Expand 10 before | Expand all | Expand 10 after
513 if (prefix == CanonicalCookie::COOKIE_PREFIX_SECURE) 521 if (prefix == CanonicalCookie::COOKIE_PREFIX_SECURE)
514 return parsed_cookie.IsSecure() && url.SchemeIsCryptographic(); 522 return parsed_cookie.IsSecure() && url.SchemeIsCryptographic();
515 if (prefix == CanonicalCookie::COOKIE_PREFIX_HOST) { 523 if (prefix == CanonicalCookie::COOKIE_PREFIX_HOST) {
516 return parsed_cookie.IsSecure() && url.SchemeIsCryptographic() && 524 return parsed_cookie.IsSecure() && url.SchemeIsCryptographic() &&
517 !parsed_cookie.HasDomain() && parsed_cookie.Path() == "/"; 525 !parsed_cookie.HasDomain() && parsed_cookie.Path() == "/";
518 } 526 }
519 return true; 527 return true;
520 } 528 }
521 529
522 } // namespace net 530 } // namespace net
OLDNEW
« no previous file with comments | « net/base/registry_controlled_domains/registry_controlled_domain_unittest.cc ('k') | net/cookies/canonical_cookie_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698