Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(182)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cookies/canonical_cookie.h

Issue 2158863003: Fix CanonicalCookie::IsEquivalentForSecureCookieMatching (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | net/cookies/canonical_cookie.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_COOKIES_CANONICAL_COOKIE_H_ 5 #ifndef NET_COOKIES_CANONICAL_COOKIE_H_
6 #define NET_COOKIES_CANONICAL_COOKIE_H_ 6 #define NET_COOKIES_CANONICAL_COOKIE_H_
7 7
8 #include <memory> 8 #include <memory>
9 #include <string> 9 #include <string>
10 #include <vector> 10 #include <vector>
(...skipping 10 matching lines...) Expand all
21 21
22 class ParsedCookie; 22 class ParsedCookie;
23 23
24 class NET_EXPORT CanonicalCookie { 24 class NET_EXPORT CanonicalCookie {
25 public: 25 public:
26 // These constructors do no validation or canonicalization of their inputs; 26 // These constructors do no validation or canonicalization of their inputs;
27 // the resulting CanonicalCookies should not be relied on to be canonical 27 // the resulting CanonicalCookies should not be relied on to be canonical
28 // unless the caller has done appropriate validation and canonicalization 28 // unless the caller has done appropriate validation and canonicalization
29 // themselves. 29 // themselves.
30 CanonicalCookie(); 30 CanonicalCookie();
31 // TODO(mmenke): Remove |url|, as it's not used.
31 CanonicalCookie(const GURL& url, 32 CanonicalCookie(const GURL& url,
32 const std::string& name, 33 const std::string& name,
33 const std::string& value, 34 const std::string& value,
34 const std::string& domain, 35 const std::string& domain,
35 const std::string& path, 36 const std::string& path,
36 const base::Time& creation, 37 const base::Time& creation,
37 const base::Time& expiration, 38 const base::Time& expiration,
38 const base::Time& last_access, 39 const base::Time& last_access,
39 bool secure, 40 bool secure,
40 bool httponly, 41 bool httponly,
(...skipping 79 matching lines...) Expand 10 before | Expand all | Expand 10 after
120 && path_ == ecc.Path()); 121 && path_ == ecc.Path());
121 } 122 }
122 123
123 // Checks if two cookies have the same name and domain-match per RFC 6265. 124 // Checks if two cookies have the same name and domain-match per RFC 6265.
124 // Note that this purposefully ignores paths, and that this function is 125 // Note that this purposefully ignores paths, and that this function is
125 // guaranteed to return |true| for a superset of the inputs that 126 // guaranteed to return |true| for a superset of the inputs that
126 // IsEquivalent() above returns |true| for. 127 // IsEquivalent() above returns |true| for.
127 // 128 //
128 // This is needed for the updates to RFC6265 as per 129 // This is needed for the updates to RFC6265 as per
129 // https://tools.ietf.org/html/draft-west-leave-secure-cookies-alone. 130 // https://tools.ietf.org/html/draft-west-leave-secure-cookies-alone.
130 bool IsEquivalentForSecureCookieMatching(const CanonicalCookie& ecc) const { 131 bool IsEquivalentForSecureCookieMatching(const CanonicalCookie& ecc) const;
131 return (name_ == ecc.Name() && (ecc.IsDomainMatch(Source().host()) ||
132 IsDomainMatch(ecc.Source().host())));
133 }
134 132
135 void SetLastAccessDate(const base::Time& date) { 133 void SetLastAccessDate(const base::Time& date) {
136 last_access_date_ = date; 134 last_access_date_ = date;
137 } 135 }
138 136
139 // Returns true if the given |url_path| path-matches the cookie-path as 137 // Returns true if the given |url_path| path-matches the cookie-path as
140 // described in section 5.1.4 in RFC 6265. 138 // described in section 5.1.4 in RFC 6265.
141 bool IsOnPath(const std::string& url_path) const; 139 bool IsOnPath(const std::string& url_path) const;
142 140
143 // Returns true if the cookie domain matches the given |host| as described in 141 // Returns true if the cookie domain matches the given |host| as described in
(...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after
190 // Records histograms to measure how often cookie prefixes appear in 188 // Records histograms to measure how often cookie prefixes appear in
191 // the wild and how often they would be blocked. 189 // the wild and how often they would be blocked.
192 static void RecordCookiePrefixMetrics(CookiePrefix prefix, 190 static void RecordCookiePrefixMetrics(CookiePrefix prefix,
193 bool is_cookie_valid); 191 bool is_cookie_valid);
194 // Returns true if a prefixed cookie does not violate any of the rules 192 // Returns true if a prefixed cookie does not violate any of the rules
195 // for that cookie. 193 // for that cookie.
196 static bool IsCookiePrefixValid(CookiePrefix prefix, 194 static bool IsCookiePrefixValid(CookiePrefix prefix,
197 const GURL& url, 195 const GURL& url,
198 const ParsedCookie& parsed_cookie); 196 const ParsedCookie& parsed_cookie);
199 197
200 const GURL& Source() const { return source_; } 198 // Returns the cookie's domain, with the leading dot removed, if present.
199 std::string DomainWithoutDot() const;
201 200
202 // The source member of a canonical cookie is the origin of the URL that tried
203 // to set this cookie. This field is not persistent though; its only used in
204 // the in-tab cookies dialog to show the user the source URL. This is used for
205 // both allowed and blocked cookies.
206 // When a CanonicalCookie is constructed from the backing store (common case)
207 // this field will be null. CanonicalCookie consumers should not rely on
208 // this field unless they guarantee that the creator of those
209 // CanonicalCookies properly initialized the field.
210 GURL source_;
211 std::string name_; 201 std::string name_;
212 std::string value_; 202 std::string value_;
213 std::string domain_; 203 std::string domain_;
214 std::string path_; 204 std::string path_;
215 base::Time creation_date_; 205 base::Time creation_date_;
216 base::Time expiry_date_; 206 base::Time expiry_date_;
217 base::Time last_access_date_; 207 base::Time last_access_date_;
218 bool secure_; 208 bool secure_;
219 bool httponly_; 209 bool httponly_;
220 CookieSameSite same_site_; 210 CookieSameSite same_site_;
221 CookiePriority priority_; 211 CookiePriority priority_;
222 }; 212 };
223 213
224 typedef std::vector<CanonicalCookie> CookieList; 214 typedef std::vector<CanonicalCookie> CookieList;
225 215
226 } // namespace net 216 } // namespace net
227 217
228 #endif // NET_COOKIES_CANONICAL_COOKIE_H_ 218 #endif // NET_COOKIES_CANONICAL_COOKIE_H_
OLDNEW
« no previous file with comments | « no previous file | net/cookies/canonical_cookie.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698