Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(20)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/url_request/url_request_http_job.cc

Issue 1783813002: SameSite: Strict/Lax behavior. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@strict-lax
Patch Set: Moar. Created 4 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/cookies/cookie_options.h ('K') | « net/cookies/cookie_store_unittest.h ('k') | net/url_request/url_request_unittest.cc » ('j') | net/url_request/url_request_unittest.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/url_request/url_request_http_job.cc
diff --git a/net/url_request/url_request_http_job.cc b/net/url_request/url_request_http_job.cc
index ccc38d544ead9009417fdda7e4b7595c53defc7e..96d1f6f642ae8d223ea03cd5c516e0d1bf16ca29 100644
--- a/net/url_request/url_request_http_job.cc
+++ b/net/url_request/url_request_http_job.cc
@@ -26,6 +26,7 @@
#include "net/base/net_errors.h"
#include "net/base/network_delegate.h"
#include "net/base/network_quality_estimator.h"
+#include "net/base/registry_controlled_domains/registry_controlled_domain.h"
#include "net/base/sdch_manager.h"
#include "net/base/sdch_net_log_params.h"
#include "net/base/url_util.h"
@@ -730,14 +731,23 @@ void URLRequestHttpJob::AddCookieHeaderAndStart() {
// once we decide whether or not we're shipping this feature:
// https://crbug.com/459154
url::Origin requested_origin(request_->url());
+ url::Origin site_for_cookies(request_->first_party_for_cookies());
+
if (!network_delegate() ||
!network_delegate()->AreExperimentalCookieFeaturesEnabled()) {
- options.set_include_same_site();
- } else if (requested_origin.IsSameOriginWith(
- url::Origin(request_->first_party_for_cookies())) &&
- (IsMethodSafe(request_->method()) ||
- requested_origin.IsSameOriginWith(request_->initiator()))) {
- options.set_include_same_site();
+ options.set_same_site_mode(
+ CookieOptions::SameSiteMode::INCLUDE_STRICT_AND_LAX);
+ } else if (registry_controlled_domains::SameDomainOrHost(
+ requested_origin, site_for_cookies,
+ registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES)) {
mmenke 2016/03/17 19:15:57 Add draft RFC link here? (Could add it near eithe
Mike West 2016/03/18 14:27:17 I added a comment block at the top of this section
+ if (registry_controlled_domains::SameDomainOrHost(
+ requested_origin, request_->initiator(),
+ registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES)) {
+ options.set_same_site_mode(
+ CookieOptions::SameSiteMode::INCLUDE_STRICT_AND_LAX);
+ } else if (IsMethodSafe(request_->method())) {
+ options.set_same_site_mode(CookieOptions::SameSiteMode::INCLUDE_LAX);
+ }
}
cookie_store->GetCookieListWithOptionsAsync(
« net/cookies/cookie_options.h ('K') | « net/cookies/cookie_store_unittest.h ('k') | net/url_request/url_request_unittest.cc » ('j') | net/url_request/url_request_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698