net/cookies/canonical_cookie.cc - Issue 1783813002: SameSite: Strict/Lax behavior.

Side by Side Diff: net/cookies/canonical_cookie.cc

Issue 1783813002: SameSite: Strict/Lax behavior. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@strict-lax

Patch Set: Moar. Created 4 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« net/base/registry_controlled_domains/registry_controlled_domain.cc ('K') | « net/base/registry_controlled_domains/registry_controlled_domain.cc ('k') | net/cookies/canonical_cookie_unittest.cc » ('j') | net/cookies/cookie_options.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 // Portions of this code based on Mozilla:	5 // Portions of this code based on Mozilla:

6 // (netwerk/cookie/src/nsCookieService.cpp)	6 // (netwerk/cookie/src/nsCookieService.cpp)

7 /* *** BEGIN LICENSE BLOCK ***	7 /* *** BEGIN LICENSE BLOCK ***

8 * Version: MPL 1.1/GPL 2.0/LGPL 2.1	8 * Version: MPL 1.1/GPL 2.0/LGPL 2.1

9 *	9 *

10 * The contents of this file are subject to the Mozilla Public License Version	10 * The contents of this file are subject to the Mozilla Public License Version

(...skipping 404 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
415 if (IsSecure() && !url.SchemeIsCryptographic())	415 if (IsSecure() && !url.SchemeIsCryptographic())

416 return false;	416 return false;

417 // Don't include cookies for requests that don't apply to the cookie domain.	417 // Don't include cookies for requests that don't apply to the cookie domain.

418 if (!IsDomainMatch(url.host()))	418 if (!IsDomainMatch(url.host()))

419 return false;	419 return false;

420 // Don't include cookies for requests with a url path that does not path	420 // Don't include cookies for requests with a url path that does not path

421 // match the cookie-path.	421 // match the cookie-path.

422 if (!IsOnPath(url.path()))	422 if (!IsOnPath(url.path()))

423 return false;	423 return false;

424 // Don't include same-site cookies for cross-site requests.	424 // Don't include same-site cookies for cross-site requests.

425 //	425 if (SameSite() == CookieSameSite::STRICT_MODE &&
	mmenke 2016/03/17 19:15:56 Suggest a switch statement, just to make clear how Suggest a switch statement, just to make clear how these are related to each other. Mike West 2016/03/18 14:27:17 I've turned this into a switch, but I'm not actual Show quoted text On 2016/03/17 at 19:15:56, mmenke wrote: > Suggest a switch statement, just to make clear how these are related to each other. I've turned this into a switch, but I'm not actually sure it's any clearer... WDYT? mmenke 2016/03/18 15:58:12 I think it's marginally better, but not really a h Show quoted text On 2016/03/18 14:27:17, Mike West wrote: > On 2016/03/17 at 19:15:56, mmenke wrote: > > Suggest a switch statement, just to make clear how these are related to each > other. > > I've turned this into a switch, but I'm not actually sure it's any clearer... > WDYT? I think it's marginally better, but not really a huge improvement. IF you disagree, feel free to revert.
426 // TODO(mkwst): This currently treats both "strict" and "lax" SameSite cookies	426 options.same_site_mode() !=

427 // in the same way. https://codereview.chromium.org/1783813002 will eventually	427 CookieOptions::SameSiteMode::INCLUDE_STRICT_AND_LAX) {

428 // distinguish between them based on attributes of the request.	428 return false;

429 if (SameSite() != CookieSameSite::NO_RESTRICTION &&	429 }

430 !options.include_same_site()) {	430 if (SameSite() == CookieSameSite::LAX_MODE &&

	431 options.same_site_mode() == CookieOptions::SameSiteMode::DO_NOT_INCLUDE) {

431 return false;	432 return false;

432 }	433 }

433	434

434 return true;	435 return true;

435 }	436 }

436	437

437 std::string CanonicalCookie::DebugString() const {	438 std::string CanonicalCookie::DebugString() const {

438 return base::StringPrintf(	439 return base::StringPrintf(

439 "name: %s value: %s domain: %s path: %s creation: %" PRId64,	440 "name: %s value: %s domain: %s path: %s creation: %" PRId64,

440 name_.c_str(), value_.c_str(), domain_.c_str(), path_.c_str(),	441 name_.c_str(), value_.c_str(), domain_.c_str(), path_.c_str(),

(...skipping 72 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
513 if (prefix == CanonicalCookie::COOKIE_PREFIX_SECURE)	514 if (prefix == CanonicalCookie::COOKIE_PREFIX_SECURE)

514 return parsed_cookie.IsSecure() && url.SchemeIsCryptographic();	515 return parsed_cookie.IsSecure() && url.SchemeIsCryptographic();

515 if (prefix == CanonicalCookie::COOKIE_PREFIX_HOST) {	516 if (prefix == CanonicalCookie::COOKIE_PREFIX_HOST) {

516 return parsed_cookie.IsSecure() && url.SchemeIsCryptographic() &&	517 return parsed_cookie.IsSecure() && url.SchemeIsCryptographic() &&

517 !parsed_cookie.HasDomain() && parsed_cookie.Path() == "/";	518 !parsed_cookie.HasDomain() && parsed_cookie.Path() == "/";

518 }	519 }

519 return true;	520 return true;

520 }	521 }

521	522

522 } // namespace net	523 } // namespace net

OLD	NEW