Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(649)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cookies/canonical_cookie.h

Issue 2306393002: Loosen strict 'Secure' checks for non-overlapping paths. (Closed)
Patch Set: Created 4 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | net/cookies/canonical_cookie.cc » ('j') | net/cookies/canonical_cookie_unittest.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_COOKIES_CANONICAL_COOKIE_H_ 5 #ifndef NET_COOKIES_CANONICAL_COOKIE_H_
6 #define NET_COOKIES_CANONICAL_COOKIE_H_ 6 #define NET_COOKIES_CANONICAL_COOKIE_H_
7 7
8 #include <memory> 8 #include <memory>
9 #include <string> 9 #include <string>
10 #include <vector> 10 #include <vector>
(...skipping 85 matching lines...) Expand 10 before | Expand all | Expand 10 after
96 // having been canonicalized (in 96 // having been canonicalized (in
97 // GetCookieDomainWithString->CanonicalizeHost). 97 // GetCookieDomainWithString->CanonicalizeHost).
98 bool IsEquivalent(const CanonicalCookie& ecc) const { 98 bool IsEquivalent(const CanonicalCookie& ecc) const {
99 // It seems like it would make sense to take secure and httponly into 99 // It seems like it would make sense to take secure and httponly into
100 // account, but the RFC doesn't specify this. 100 // account, but the RFC doesn't specify this.
101 // NOTE: Keep this logic in-sync with TrimDuplicateCookiesForHost(). 101 // NOTE: Keep this logic in-sync with TrimDuplicateCookiesForHost().
102 return (name_ == ecc.Name() && domain_ == ecc.Domain() 102 return (name_ == ecc.Name() && domain_ == ecc.Domain()
103 && path_ == ecc.Path()); 103 && path_ == ecc.Path());
104 } 104 }
105 105
106 // Checks if two cookies have the same name and domain-match per RFC 6265. 106 // Checks a looser set of equivalency rules than 'IsEquivalent()' in order
107 // Note that this purposefully ignores paths, and that this function is 107 // to support the stricter 'Secure' behaviors specified in
108 // guaranteed to return |true| for a superset of the inputs that 108 // https://tools.ietf.org/html/draft-ietf-httpbis-cookie-alone#section-3
109 // IsEquivalent() above returns |true| for.
110 // 109 //
111 // This is needed for the updates to RFC6265 as per 110 // Returns 'true' if this cookie's name matches |ecc|, and this cookie is
112 // https://tools.ietf.org/html/draft-west-leave-secure-cookies-alone. 111 // a domain-match for |ecc| (or vice versa), and |ecc|'s path is "on" this
112 // cookie's path (as per 'IsOnPath()').
jww 2016/09/06 22:45:10 nit: Maybe make a more explicit note that this is
113 bool IsEquivalentForSecureCookieMatching(const CanonicalCookie& ecc) const; 113 bool IsEquivalentForSecureCookieMatching(const CanonicalCookie& ecc) const;
114 114
115 void SetLastAccessDate(const base::Time& date) { 115 void SetLastAccessDate(const base::Time& date) {
116 last_access_date_ = date; 116 last_access_date_ = date;
117 } 117 }
118 118
119 // Returns true if the given |url_path| path-matches the cookie-path as 119 // Returns true if the given |url_path| path-matches the cookie-path as
120 // described in section 5.1.4 in RFC 6265. 120 // described in section 5.1.4 in RFC 6265.
121 bool IsOnPath(const std::string& url_path) const; 121 bool IsOnPath(const std::string& url_path) const;
122 122
(...skipping 84 matching lines...) Expand 10 before | Expand all | Expand 10 after
207 bool httponly_; 207 bool httponly_;
208 CookieSameSite same_site_; 208 CookieSameSite same_site_;
209 CookiePriority priority_; 209 CookiePriority priority_;
210 }; 210 };
211 211
212 typedef std::vector<CanonicalCookie> CookieList; 212 typedef std::vector<CanonicalCookie> CookieList;
213 213
214 } // namespace net 214 } // namespace net
215 215
216 #endif // NET_COOKIES_CANONICAL_COOKIE_H_ 216 #endif // NET_COOKIES_CANONICAL_COOKIE_H_
OLDNEW
« no previous file with comments | « no previous file | net/cookies/canonical_cookie.cc » ('j') | net/cookies/canonical_cookie_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698