Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(327)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cookies/cookie_monster.cc

Issue 2158863003: Fix CanonicalCookie::IsEquivalentForSecureCookieMatching (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/cookies/canonical_cookie.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // Portions of this code based on Mozilla: 5 // Portions of this code based on Mozilla:
6 // (netwerk/cookie/src/nsCookieService.cpp) 6 // (netwerk/cookie/src/nsCookieService.cpp)
7 /* ***** BEGIN LICENSE BLOCK ***** 7 /* ***** BEGIN LICENSE BLOCK *****
8 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 8 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
9 * 9 *
10 * The contents of this file are subject to the Mozilla Public License Version 10 * The contents of this file are subject to the Mozilla Public License Version
(...skipping 1619 matching lines...) Expand 10 before | Expand all | Expand 10 after
1630 CanonicalCookie* cc = curit->second; 1630 CanonicalCookie* cc = curit->second;
1631 ++its.first; 1631 ++its.first;
1632 1632
1633 // If strict secure cookies is being enforced, then the equivalency 1633 // If strict secure cookies is being enforced, then the equivalency
1634 // requirements are looser. If the cookie is being set from an insecure 1634 // requirements are looser. If the cookie is being set from an insecure
1635 // scheme, then if a cookie already exists with the same name and it is 1635 // scheme, then if a cookie already exists with the same name and it is
1636 // Secure, then the cookie should *not* be updated if they domain-match and 1636 // Secure, then the cookie should *not* be updated if they domain-match and
1637 // ignoring the path attribute. 1637 // ignoring the path attribute.
1638 // 1638 //
1639 // See: https://tools.ietf.org/html/draft-west-leave-secure-cookies-alone 1639 // See: https://tools.ietf.org/html/draft-west-leave-secure-cookies-alone
1640 if (enforce_strict_secure && !source_url.SchemeIsCryptographic() && 1640 if (enforce_strict_secure && cc->IsSecure() &&
1641 ecc.IsEquivalentForSecureCookieMatching(*cc) && cc->IsSecure()) { 1641 !source_url.SchemeIsCryptographic() &&
1642 ecc.IsEquivalentForSecureCookieMatching(*cc)) {
1642 skipped_secure_cookie = true; 1643 skipped_secure_cookie = true;
1643 histogram_cookie_delete_equivalent_->Add( 1644 histogram_cookie_delete_equivalent_->Add(
1644 COOKIE_DELETE_EQUIVALENT_SKIPPING_SECURE); 1645 COOKIE_DELETE_EQUIVALENT_SKIPPING_SECURE);
1645 // If the cookie is equivalent to the new cookie and wouldn't have been 1646 // If the cookie is equivalent to the new cookie and wouldn't have been
1646 // skipped for being HTTP-only, record that it is a skipped secure cookie 1647 // skipped for being HTTP-only, record that it is a skipped secure cookie
1647 // that would have been deleted otherwise. 1648 // that would have been deleted otherwise.
1648 if (ecc.IsEquivalent(*cc)) { 1649 if (ecc.IsEquivalent(*cc)) {
1649 found_equivalent_cookie = true; 1650 found_equivalent_cookie = true;
1650 1651
1651 if (!skip_httponly || !cc->IsHttpOnly()) { 1652 if (!skip_httponly || !cc->IsHttpOnly()) {
(...skipping 746 matching lines...) Expand 10 before | Expand all | Expand 10 after
2398 it != hook_map_.end(); ++it) { 2399 it != hook_map_.end(); ++it) {
2399 std::pair<GURL, std::string> key = it->first; 2400 std::pair<GURL, std::string> key = it->first;
2400 if (cookie.IncludeForRequestURL(key.first, opts) && 2401 if (cookie.IncludeForRequestURL(key.first, opts) &&
2401 cookie.Name() == key.second) { 2402 cookie.Name() == key.second) {
2402 it->second->Notify(cookie, removed); 2403 it->second->Notify(cookie, removed);
2403 } 2404 }
2404 } 2405 }
2405 } 2406 }
2406 2407
2407 } // namespace net 2408 } // namespace net
OLDNEW
« no previous file with comments | « net/cookies/canonical_cookie.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698