Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(802)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/core/dom/Document.cpp

Issue 1783813002: SameSite: Strict/Lax behavior. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@strict-lax
Patch Set: Comment. Created 4 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/Source/core/dom/Document.h ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org) 2 * Copyright (C) 1999 Lars Knoll (knoll@kde.org)
3 * (C) 1999 Antti Koivisto (koivisto@kde.org) 3 * (C) 1999 Antti Koivisto (koivisto@kde.org)
4 * (C) 2001 Dirk Mueller (mueller@kde.org) 4 * (C) 2001 Dirk Mueller (mueller@kde.org)
5 * (C) 2006 Alexey Proskuryakov (ap@webkit.org) 5 * (C) 2006 Alexey Proskuryakov (ap@webkit.org)
6 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2011, 2012 Apple Inc. All r ights reserved. 6 * Copyright (C) 2004, 2005, 2006, 2007, 2008, 2009, 2011, 2012 Apple Inc. All r ights reserved.
7 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t orchmobile.com/) 7 * Copyright (C) 2008, 2009 Torch Mobile Inc. All rights reserved. (http://www.t orchmobile.com/)
8 * Copyright (C) 2008, 2009, 2011, 2012 Google Inc. All rights reserved. 8 * Copyright (C) 2008, 2009, 2011, 2012 Google Inc. All rights reserved.
9 * Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies) 9 * Copyright (C) 2010 Nokia Corporation and/or its subsidiary(-ies)
10 * Copyright (C) Research In Motion Limited 2010-2011. All rights reserved. 10 * Copyright (C) Research In Motion Limited 2010-2011. All rights reserved.
(...skipping 4215 matching lines...) Expand 10 before | Expand all | Expand 10 after
4226 } 4226 }
4227 } 4227 }
4228 // FIXME: If this document came from the file system, the HTML5 4228 // FIXME: If this document came from the file system, the HTML5
4229 // specificiation tells us to read the last modification date from the file 4229 // specificiation tells us to read the last modification date from the file
4230 // system. 4230 // system.
4231 if (!foundDate) 4231 if (!foundDate)
4232 date.setMillisecondsSinceEpochForDateTime(convertToLocalTime(currentTime MS())); 4232 date.setMillisecondsSinceEpochForDateTime(convertToLocalTime(currentTime MS()));
4233 return String::format("%02d/%02d/%04d %02d:%02d:%02d", date.month() + 1, dat e.monthDay(), date.fullYear(), date.hour(), date.minute(), date.second()); 4233 return String::format("%02d/%02d/%04d %02d:%02d:%02d", date.month() + 1, dat e.monthDay(), date.fullYear(), date.hour(), date.minute(), date.second());
4234 } 4234 }
4235 4235
4236 const KURL& Document::firstPartyForCookies() const 4236 const KURL Document::firstPartyForCookies() const
4237 { 4237 {
4238 if (SchemeRegistry::shouldTreatURLSchemeAsFirstPartyWhenTopLevel(topDocument ().url().protocol())) 4238 // TODO(mkwst): This doesn't correctly handle sandboxed documents; we want t o look at their URL,
4239 return topDocument().url(); 4239 // but we can't because we don't know what it is.
4240 KURL topDocumentURL = frame()->tree().top()->isLocalFrame()
4241 ? topDocument().url()
4242 : KURL(KURL(), frame()->securityContext()->getSecurityOrigin()->toString ());
4243 if (SchemeRegistry::shouldTreatURLSchemeAsFirstPartyWhenTopLevel(topDocument URL.protocol()))
4244 return topDocumentURL;
4240 4245
4241 // We're intentionally using the URL of each document rather than the docume nt's SecurityOrigin. 4246 // We're intentionally using the URL of each document rather than the docume nt's SecurityOrigin.
4242 // Sandboxing a document into a unique origin shouldn't effect first-/third- party status for 4247 // Sandboxing a document into a unique origin shouldn't effect first-/third- party status for
4243 // cookies and site data. 4248 // cookies and site data.
4244 const OriginAccessEntry& accessEntry = topDocument().accessEntryFromURL(); 4249 const OriginAccessEntry& accessEntry = frame()->tree().top()->isLocalFrame()
4245 const Document* currentDocument = this; 4250 ? topDocument().accessEntryFromURL()
4246 while (currentDocument) { 4251 : OriginAccessEntry(topDocumentURL.protocol(), topDocumentURL.host(), Or iginAccessEntry::AllowRegisterableDomains);
4252 const Frame* currentFrame = frame();
4253 while (currentFrame) {
4247 // Skip over srcdoc documents, as they are always same-origin with their closest non-srcdoc parent. 4254 // Skip over srcdoc documents, as they are always same-origin with their closest non-srcdoc parent.
4248 while (currentDocument->isSrcdocDocument()) 4255 while (currentFrame->isLocalFrame() && toLocalFrame(currentFrame)->docum ent()->isSrcdocDocument())
4249 currentDocument = currentDocument->parentDocument(); 4256 currentFrame = currentFrame->tree().parent();
4250 ASSERT(currentDocument); 4257 ASSERT(currentFrame);
4251 4258
4252 // We use 'matchesDomain' here, as it turns out that some folks embed HT TPS login forms 4259 // We use 'matchesDomain' here, as it turns out that some folks embed HT TPS login forms
4253 // into HTTP pages; we should allow this kind of upgrade. 4260 // into HTTP pages; we should allow this kind of upgrade.
4254 if (accessEntry.matchesDomain(*currentDocument->getSecurityOrigin()) == OriginAccessEntry::DoesNotMatchOrigin) 4261 if (accessEntry.matchesDomain(*currentFrame->securityContext()->getSecur ityOrigin()) == OriginAccessEntry::DoesNotMatchOrigin)
4255 return SecurityOrigin::urlWithUniqueSecurityOrigin(); 4262 return SecurityOrigin::urlWithUniqueSecurityOrigin();
4256 4263
4257 currentDocument = currentDocument->parentDocument(); 4264 currentFrame = currentFrame->tree().parent();
4258 } 4265 }
4259 4266
4260 return topDocument().url(); 4267 return topDocumentURL;
4261 } 4268 }
4262 4269
4263 static bool isValidNameNonASCII(const LChar* characters, unsigned length) 4270 static bool isValidNameNonASCII(const LChar* characters, unsigned length)
4264 { 4271 {
4265 if (!isValidNameStart(characters[0])) 4272 if (!isValidNameStart(characters[0]))
4266 return false; 4273 return false;
4267 4274
4268 for (unsigned i = 1; i < length; ++i) { 4275 for (unsigned i = 1; i < length; ++i) {
4269 if (!isValidNamePart(characters[i])) 4276 if (!isValidNamePart(characters[i]))
4270 return false; 4277 return false;
(...skipping 1767 matching lines...) Expand 10 before | Expand all | Expand 10 after
6038 #ifndef NDEBUG 6045 #ifndef NDEBUG
6039 using namespace blink; 6046 using namespace blink;
6040 void showLiveDocumentInstances() 6047 void showLiveDocumentInstances()
6041 { 6048 {
6042 Document::WeakDocumentSet& set = Document::liveDocumentSet(); 6049 Document::WeakDocumentSet& set = Document::liveDocumentSet();
6043 fprintf(stderr, "There are %u documents currently alive:\n", set.size()); 6050 fprintf(stderr, "There are %u documents currently alive:\n", set.size());
6044 for (Document* document : set) 6051 for (Document* document : set)
6045 fprintf(stderr, "- Document %p URL: %s\n", document, document->url().get String().utf8().data()); 6052 fprintf(stderr, "- Document %p URL: %s\n", document, document->url().get String().utf8().data());
6046 } 6053 }
6047 #endif 6054 #endif
OLDNEW
« no previous file with comments | « third_party/WebKit/Source/core/dom/Document.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698