OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // Portions of this code based on Mozilla: | 5 // Portions of this code based on Mozilla: |
6 // (netwerk/cookie/src/nsCookieService.cpp) | 6 // (netwerk/cookie/src/nsCookieService.cpp) |
7 /* ***** BEGIN LICENSE BLOCK ***** | 7 /* ***** BEGIN LICENSE BLOCK ***** |
8 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 8 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
9 * | 9 * |
10 * The contents of this file are subject to the Mozilla Public License Version | 10 * The contents of this file are subject to the Mozilla Public License Version |
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
42 * | 42 * |
43 * ***** END LICENSE BLOCK ***** */ | 43 * ***** END LICENSE BLOCK ***** */ |
44 | 44 |
45 #include "net/cookies/canonical_cookie.h" | 45 #include "net/cookies/canonical_cookie.h" |
46 | 46 |
47 #include "base/format_macros.h" | 47 #include "base/format_macros.h" |
48 #include "base/logging.h" | 48 #include "base/logging.h" |
49 #include "base/metrics/histogram_macros.h" | 49 #include "base/metrics/histogram_macros.h" |
50 #include "base/strings/string_util.h" | 50 #include "base/strings/string_util.h" |
51 #include "base/strings/stringprintf.h" | 51 #include "base/strings/stringprintf.h" |
| 52 #include "net/base/url_util.h" |
52 #include "net/cookies/cookie_util.h" | 53 #include "net/cookies/cookie_util.h" |
53 #include "net/cookies/parsed_cookie.h" | 54 #include "net/cookies/parsed_cookie.h" |
54 #include "url/gurl.h" | 55 #include "url/gurl.h" |
55 #include "url/url_canon.h" | 56 #include "url/url_canon.h" |
56 | 57 |
57 using base::Time; | 58 using base::Time; |
58 using base::TimeDelta; | 59 using base::TimeDelta; |
59 | 60 |
60 namespace net { | 61 namespace net { |
61 | 62 |
(...skipping 276 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
338 // than the cookie path length, it's safe to index one byte past. | 339 // than the cookie path length, it's safe to index one byte past. |
339 if (path_.length() != url_path.length() && path_.back() != '/' && | 340 if (path_.length() != url_path.length() && path_.back() != '/' && |
340 url_path[path_.length()] != '/') { | 341 url_path[path_.length()] != '/') { |
341 return false; | 342 return false; |
342 } | 343 } |
343 | 344 |
344 return true; | 345 return true; |
345 } | 346 } |
346 | 347 |
347 bool CanonicalCookie::IsDomainMatch(const std::string& host) const { | 348 bool CanonicalCookie::IsDomainMatch(const std::string& host) const { |
348 // Can domain match in two ways; as a domain cookie (where the cookie | 349 return net::IsDomainMatch(domain_, host); |
349 // domain begins with ".") or as a host cookie (where it doesn't). | |
350 | |
351 // Some consumers of the CookieMonster expect to set cookies on | |
352 // URLs like http://.strange.url. To retrieve cookies in this instance, | |
353 // we allow matching as a host cookie even when the domain_ starts with | |
354 // a period. | |
355 if (host == domain_) | |
356 return true; | |
357 | |
358 // Domain cookie must have an initial ".". To match, it must be | |
359 // equal to url's host with initial period removed, or a suffix of | |
360 // it. | |
361 | |
362 // Arguably this should only apply to "http" or "https" cookies, but | |
363 // extension cookie tests currently use the funtionality, and if we | |
364 // ever decide to implement that it should be done by preventing | |
365 // such cookies from being set. | |
366 if (domain_.empty() || domain_[0] != '.') | |
367 return false; | |
368 | |
369 // The host with a "." prefixed. | |
370 if (domain_.compare(1, std::string::npos, host) == 0) | |
371 return true; | |
372 | |
373 // A pure suffix of the host (ok since we know the domain already | |
374 // starts with a ".") | |
375 return (host.length() > domain_.length() && | |
376 host.compare(host.length() - domain_.length(), | |
377 domain_.length(), domain_) == 0); | |
378 } | 350 } |
379 | 351 |
380 bool CanonicalCookie::IncludeForRequestURL(const GURL& url, | 352 bool CanonicalCookie::IncludeForRequestURL(const GURL& url, |
381 const CookieOptions& options) const { | 353 const CookieOptions& options) const { |
382 // Filter out HttpOnly cookies, per options. | 354 // Filter out HttpOnly cookies, per options. |
383 if (options.exclude_httponly() && IsHttpOnly()) | 355 if (options.exclude_httponly() && IsHttpOnly()) |
384 return false; | 356 return false; |
385 // Secure cookies should not be included in requests for URLs with an | 357 // Secure cookies should not be included in requests for URLs with an |
386 // insecure scheme. | 358 // insecure scheme. |
387 if (IsSecure() && !url.SchemeIsCryptographic()) | 359 if (IsSecure() && !url.SchemeIsCryptographic()) |
(...skipping 105 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
493 if (prefix == CanonicalCookie::COOKIE_PREFIX_SECURE) | 465 if (prefix == CanonicalCookie::COOKIE_PREFIX_SECURE) |
494 return parsed_cookie.IsSecure() && url.SchemeIsCryptographic(); | 466 return parsed_cookie.IsSecure() && url.SchemeIsCryptographic(); |
495 if (prefix == CanonicalCookie::COOKIE_PREFIX_HOST) { | 467 if (prefix == CanonicalCookie::COOKIE_PREFIX_HOST) { |
496 return parsed_cookie.IsSecure() && url.SchemeIsCryptographic() && | 468 return parsed_cookie.IsSecure() && url.SchemeIsCryptographic() && |
497 !parsed_cookie.HasDomain() && parsed_cookie.Path() == "/"; | 469 !parsed_cookie.HasDomain() && parsed_cookie.Path() == "/"; |
498 } | 470 } |
499 return true; | 471 return true; |
500 } | 472 } |
501 | 473 |
502 } // namespace net | 474 } // namespace net |
OLD | NEW |