Chromium Code Reviews Chromium Code Reviews
Issue 241143002:
Allows AwCookieManager to block ThirdParty cookies (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "android_webview/browser/aw_cookie_access_policy.h" | 5 #include "android_webview/browser/aw_cookie_access_policy.h" |
| 6 | 6 |
| 7 #include "base/logging.h" | 7 #include "base/logging.h" |
| 8 #include "base/memory/scoped_ptr.h" | 8 #include "base/memory/scoped_ptr.h" |
| 9 #include "content/public/browser/browser_thread.h" | 9 #include "content/public/browser/browser_thread.h" |
| 10 #include "net/base/net_errors.h" | |
| 10 | 11 |
| 11 using base::AutoLock; | 12 using base::AutoLock; |
| 12 using content::BrowserThread; | 13 using content::BrowserThread; |
| 14 using net::StaticCookiePolicy; | |
| 13 | 15 |
| 14 namespace android_webview { | 16 namespace android_webview { |
| 15 | 17 |
| 16 namespace { | 18 namespace { |
| 17 base::LazyInstance<AwCookieAccessPolicy>::Leaky g_lazy_instance; | 19 base::LazyInstance<AwCookieAccessPolicy>::Leaky g_lazy_instance; |
| 18 } // namespace | 20 } // namespace |
| 19 | 21 |
| 20 AwCookieAccessPolicy::~AwCookieAccessPolicy() { | 22 AwCookieAccessPolicy::~AwCookieAccessPolicy() { |
| 21 } | 23 } |
| 22 | 24 |
| 23 AwCookieAccessPolicy::AwCookieAccessPolicy() | 25 AwCookieAccessPolicy::AwCookieAccessPolicy() |
| 24 : allow_access_(true) { | 26 : allow_access_(true), |
| 27 allow_third_party_access_(true) { | |
| 25 } | 28 } |
| 26 | 29 |
| 27 AwCookieAccessPolicy* AwCookieAccessPolicy::GetInstance() { | 30 AwCookieAccessPolicy* AwCookieAccessPolicy::GetInstance() { |
| 28 return g_lazy_instance.Pointer(); | 31 return g_lazy_instance.Pointer(); |
| 29 } | 32 } |
| 30 | 33 |
| 31 bool AwCookieAccessPolicy::GetGlobalAllowAccess() { | 34 bool AwCookieAccessPolicy::GetGlobalAllowAccess() { |
| 32 AutoLock lock(lock_); | 35 AutoLock lock(lock_); |
| 33 return allow_access_; | 36 return allow_access_; |
| 34 } | 37 } |
| 35 | 38 |
| 36 void AwCookieAccessPolicy::SetGlobalAllowAccess(bool allow) { | 39 void AwCookieAccessPolicy::SetGlobalAllowAccess(bool allow) { |
| 37 AutoLock lock(lock_); | 40 AutoLock lock(lock_); |
| 38 allow_access_ = allow; | 41 allow_access_ = allow; |
| 39 } | 42 } |
| 40 | 43 |
| 44 bool AwCookieAccessPolicy::GetThirdPartyAllowAccess() { | |
| 45 AutoLock lock(lock_); | |
| 46 return allow_third_party_access_; | |
| 47 } | |
| 48 | |
| 49 void AwCookieAccessPolicy::SetThirdPartyAllowAccess(bool allow) { | |
| 50 AutoLock lock(lock_); | |
| 51 allow_third_party_access_ = allow; | |
| 52 } | |
| 53 | |
| 41 bool AwCookieAccessPolicy::OnCanGetCookies(const net::URLRequest& request, | 54 bool AwCookieAccessPolicy::OnCanGetCookies(const net::URLRequest& request, |
| 42 const net::CookieList& cookie_list) { | 55 const net::CookieList& cookie_list) { |
| 43 return GetGlobalAllowAccess(); | 56 return AllowGet(request.url(), request.first_party_for_cookies()); |
| 44 } | 57 } |
| 45 | 58 |
| 46 bool AwCookieAccessPolicy::OnCanSetCookie(const net::URLRequest& request, | 59 bool AwCookieAccessPolicy::OnCanSetCookie(const net::URLRequest& request, |
| 47 const std::string& cookie_line, | 60 const std::string& cookie_line, |
| 48 net::CookieOptions* options) { | 61 net::CookieOptions* options) { |
| 49 return GetGlobalAllowAccess(); | 62 return AllowSet(request.url(), request.first_party_for_cookies()); |
| 50 } | 63 } |
| 51 | 64 |
| 52 bool AwCookieAccessPolicy::AllowGetCookie(const GURL& url, | 65 bool AwCookieAccessPolicy::AllowGetCookie(const GURL& url, |
| 53 const GURL& first_party, | 66 const GURL& first_party, |
| 54 const net::CookieList& cookie_list, | 67 const net::CookieList& cookie_list, |
| 55 content::ResourceContext* context, | 68 content::ResourceContext* context, |
| 56 int render_process_id, | 69 int render_process_id, |
| 57 int render_frame_id) { | 70 int render_frame_id) { |
| 58 return GetGlobalAllowAccess(); | 71 return AllowGet(url, first_party); |
| 59 } | 72 } |
| 60 | 73 |
| 61 bool AwCookieAccessPolicy::AllowSetCookie(const GURL& url, | 74 bool AwCookieAccessPolicy::AllowSetCookie(const GURL& url, |
| 62 const GURL& first_party, | 75 const GURL& first_party, |
| 63 const std::string& cookie_line, | 76 const std::string& cookie_line, |
| 64 content::ResourceContext* context, | 77 content::ResourceContext* context, |
| 65 int render_process_id, | 78 int render_process_id, |
| 66 int render_frame_id, | 79 int render_frame_id, |
| 67 net::CookieOptions* options) { | 80 net::CookieOptions* options) { |
| 68 return GetGlobalAllowAccess(); | 81 return AllowSet(url, first_party); |
| 82 } | |
| 83 | |
| 84 StaticCookiePolicy::Type AwCookieAccessPolicy::GetPolicy() { | |
| 85 if (!GetGlobalAllowAccess()) { | |
| 86 return StaticCookiePolicy::BLOCK_ALL_COOKIES; | |
| 87 } else if (!GetThirdPartyAllowAccess()) { | |
| 88 return StaticCookiePolicy::BLOCK_ALL_THIRD_PARTY_COOKIES; | |
| 89 } | |
| 90 return StaticCookiePolicy::ALLOW_ALL_COOKIES; | |
| 91 } | |
| 92 | |
| 93 bool AwCookieAccessPolicy::AllowSet(const GURL& url, const GURL& first_party) { | |
| 94 return StaticCookiePolicy(GetPolicy()).CanSetCookie(url, first_party) | |
|
mkosiba (inactive)
2014/04/23 12:51:22
nit: since get and set have the same policy it mig
hjd_google
2014/04/24 12:48:30
I'll leave this one as we said.
| |
| 95 == net::OK; | |
| 96 } | |
| 97 | |
| 98 bool AwCookieAccessPolicy::AllowGet(const GURL& url, const GURL& first_party) { | |
| 99 return StaticCookiePolicy(GetPolicy()).CanGetCookies(url, first_party) | |
| 100 == net::OK; | |
| 69 } | 101 } |
| 70 | 102 |
| 71 } // namespace android_webview | 103 } // namespace android_webview |
| OLD | NEW |
