Chromium Code Reviews Chromium Code Reviews
Issue 241143002:
Allows AwCookieManager to block ThirdParty cookies (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef ANDROID_WEBVIEW_BROWSER_AW_COOKIE_ACCESS_POLICY_H_ | 5 #ifndef ANDROID_WEBVIEW_BROWSER_AW_COOKIE_ACCESS_POLICY_H_ |
| 6 #define ANDROID_WEBVIEW_BROWSER_AW_COOKIE_ACCESS_POLICY_H_ | 6 #define ANDROID_WEBVIEW_BROWSER_AW_COOKIE_ACCESS_POLICY_H_ |
| 7 | 7 |
| 8 #include "base/basictypes.h" | 8 #include "base/basictypes.h" |
| 9 #include "base/lazy_instance.h" | 9 #include "base/lazy_instance.h" |
| 10 #include "base/synchronization/lock.h" | 10 #include "base/synchronization/lock.h" |
| 11 #include "net/base/static_cookie_policy.h" | |
| 11 #include "net/cookies/canonical_cookie.h" | 12 #include "net/cookies/canonical_cookie.h" |
| 13 #include "net/url_request/url_request.h" | |
| 12 | 14 |
| 13 namespace content { | 15 namespace content { |
| 14 class ResourceContext; | 16 class ResourceContext; |
| 15 } | 17 } |
| 16 | 18 |
| 17 namespace net { | 19 namespace net { |
| 18 class CookieOptions; | 20 class CookieOptions; |
| 19 class URLRequest; | |
| 20 } | 21 } |
| 21 | 22 |
| 22 class GURL; | 23 class GURL; |
| 23 | 24 |
| 24 namespace android_webview { | 25 namespace android_webview { |
| 25 | 26 |
| 26 // Manages the cookie access (both setting and getting) policy for WebView. | 27 // Manages the cookie access (both setting and getting) policy for WebView. |
| 28 // We have two bits of state but only three different cases: | |
| 29 // If !GlobalAllowAccess then reject all cookies. | |
| 30 // If GlobalAllowAccess and !ThirdPartyAllowAccess then allow first party only. | |
| 31 // If GlobalAllowAccess and ThirdPartyAllowAccess then allow all cookies. | |
| 27 class AwCookieAccessPolicy { | 32 class AwCookieAccessPolicy { |
| 28 public: | 33 public: |
| 29 static AwCookieAccessPolicy* GetInstance(); | 34 static AwCookieAccessPolicy* GetInstance(); |
| 30 | 35 |
| 31 // These manage the global access state shared across requests regardless of | 36 // These manage the global access state shared across requests regardless of |
| 32 // source (i.e. network or JavaScript). | 37 // source (i.e. network or JavaScript). |
| 33 bool GetGlobalAllowAccess(); | 38 bool GetGlobalAllowAccess(); |
| 34 void SetGlobalAllowAccess(bool allow); | 39 void SetGlobalAllowAccess(bool allow); |
| 35 | 40 |
| 41 // These allow more fine grained control over requests depending on whether | |
| 42 // the cookie is third party or not. | |
| 43 bool GetThirdPartyAllowAccess(); | |
| 44 void SetThirdPartyAllowAccess(bool allow); | |
| 45 | |
| 36 // These are the functions called when operating over cookies from the | 46 // These are the functions called when operating over cookies from the |
| 37 // network. See NetworkDelegate for further descriptions. | 47 // network. See NetworkDelegate for further descriptions. |
| 38 bool OnCanGetCookies(const net::URLRequest& request, | 48 bool OnCanGetCookies(const net::URLRequest& request, |
| 39 const net::CookieList& cookie_list); | 49 const net::CookieList& cookie_list); |
| 40 bool OnCanSetCookie(const net::URLRequest& request, | 50 bool OnCanSetCookie(const net::URLRequest& request, |
| 41 const std::string& cookie_line, | 51 const std::string& cookie_line, |
| 42 net::CookieOptions* options); | 52 net::CookieOptions* options); |
| 43 | 53 |
| 44 // These are the functions called when operating over cookies from the | 54 // These are the functions called when operating over cookies from the |
| 45 // renderer. See ContentBrowserClient for further descriptions. | 55 // renderer. See ContentBrowserClient for further descriptions. |
| (...skipping 10 matching lines...) Expand all Loading... | |
| 56 int render_process_id, | 66 int render_process_id, |
| 57 int render_frame_id, | 67 int render_frame_id, |
| 58 net::CookieOptions* options); | 68 net::CookieOptions* options); |
| 59 | 69 |
| 60 private: | 70 private: |
| 61 friend struct base::DefaultLazyInstanceTraits<AwCookieAccessPolicy>; | 71 friend struct base::DefaultLazyInstanceTraits<AwCookieAccessPolicy>; |
| 62 | 72 |
| 63 AwCookieAccessPolicy(); | 73 AwCookieAccessPolicy(); |
| 64 ~AwCookieAccessPolicy(); | 74 ~AwCookieAccessPolicy(); |
| 65 bool allow_access_; | 75 bool allow_access_; |
| 76 bool allow_third_party_access_; | |
| 66 base::Lock lock_; | 77 base::Lock lock_; |
| 67 | 78 |
| 79 // Get the current policy (one of net::StaticCookiePolicy::ALLOW_ALL_COOKIES, | |
| 80 // BLOCK_ALL_COOKIES and BLOCK_ALL_THIRD_PARTY_COOKIES) depending on | |
|
mkosiba (inactive)
2014/04/17 18:27:30
this is a bit too detailed - you can see all this
hjd_google
2014/04/22 13:34:41
Done.
| |
| 81 // GetGlobalAllowAccess() and GetThirdPartyAllowAccess() as outlined at the | |
| 82 // top of the file. | |
| 83 net::StaticCookiePolicy::Type GetPolicy(void); | |
| 84 | |
| 85 // Given the requested url and the first party url these return true if we | |
| 86 // are allowed to get/set that cookie. | |
|
mkosiba (inactive)
2014/04/17 18:27:30
redundant comment - you can infer as much from the
hjd_google
2014/04/22 13:34:41
Done.
| |
| 87 bool AllowGet(const GURL& url, const GURL& first_party); | |
| 88 bool AllowSet(const GURL& url, const GURL& first_party); | |
| 89 | |
| 68 DISALLOW_COPY_AND_ASSIGN(AwCookieAccessPolicy); | 90 DISALLOW_COPY_AND_ASSIGN(AwCookieAccessPolicy); |
| 69 }; | 91 }; |
| 70 | 92 |
| 71 } // namespace android_webview | 93 } // namespace android_webview |
| 72 | 94 |
| 73 #endif // ANDROID_WEBVIEW_BROWSER_AW_COOKIE_ACCESS_POLICY_H_ | 95 #endif // ANDROID_WEBVIEW_BROWSER_AW_COOKIE_ACCESS_POLICY_H_ |
| OLD | NEW |
