Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(145)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/url_request/url_request_http_job.cc

Issue 1783813002: SameSite: Strict/Lax behavior. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@strict-lax
Patch Set: WIP. Created 4 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/cookies/cookie_options.h ('K') | « net/cookies/cookie_store_unittest.h ('k') | net/url_request/url_request_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/url_request/url_request_http_job.cc
diff --git a/net/url_request/url_request_http_job.cc b/net/url_request/url_request_http_job.cc
index ccc38d544ead9009417fdda7e4b7595c53defc7e..d16d78f5f1e9fe0bc52ec72497af56db890d8d9a 100644
--- a/net/url_request/url_request_http_job.cc
+++ b/net/url_request/url_request_http_job.cc
@@ -26,6 +26,7 @@
#include "net/base/net_errors.h"
#include "net/base/network_delegate.h"
#include "net/base/network_quality_estimator.h"
+#include "net/base/registry_controlled_domains/registry_controlled_domain.h"
#include "net/base/sdch_manager.h"
#include "net/base/sdch_net_log_params.h"
#include "net/base/url_util.h"
@@ -730,14 +731,21 @@ void URLRequestHttpJob::AddCookieHeaderAndStart() {
// once we decide whether or not we're shipping this feature:
// https://crbug.com/459154
url::Origin requested_origin(request_->url());
+ url::Origin site_for_cookies(request_->first_party_for_cookies());
+
if (!network_delegate() ||
!network_delegate()->AreExperimentalCookieFeaturesEnabled()) {
- options.set_include_same_site();
- } else if (requested_origin.IsSameOriginWith(
- url::Origin(request_->first_party_for_cookies())) &&
- (IsMethodSafe(request_->method()) ||
- requested_origin.IsSameOriginWith(request_->initiator()))) {
- options.set_include_same_site();
+ options.set_include_same_site(CookieSameSite::STRICT_MODE);
+ } else if (registry_controlled_domains::SameDomainOrHost(
+ requested_origin, site_for_cookies,
+ registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES)) {
+ if (registry_controlled_domains::SameDomainOrHost(
+ requested_origin, request_->initiator(),
+ registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES)) {
+ options.set_include_same_site(CookieSameSite::STRICT_MODE);
+ } else if (IsMethodSafe(request_->method())) {
+ options.set_include_same_site(CookieSameSite::LAX_MODE);
+ }
Mike West 2016/03/14 15:24:10 This is the core of the change.
}
cookie_store->GetCookieListWithOptionsAsync(
« net/cookies/cookie_options.h ('K') | « net/cookies/cookie_store_unittest.h ('k') | net/url_request/url_request_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698