android_webview/browser/aw_cookie_access_policy.h - Issue 241143002: Allows AwCookieManager to block ThirdParty cookies

Unified Diff: android_webview/browser/aw_cookie_access_policy.h

Issue 241143002: Allows AwCookieManager to block ThirdParty cookies (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 6 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« no previous file with comments | « android_webview/android_webview_tests.gypi ('k') | android_webview/browser/aw_cookie_access_policy.cc » ('j') | android_webview/browser/aw_cookie_access_policy_unittest.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: android_webview/browser/aw_cookie_access_policy.h

diff --git a/android_webview/browser/aw_cookie_access_policy.h b/android_webview/browser/aw_cookie_access_policy.h

index 701452126c3a953d0293cae9e22f9a0858016563..1041cf9e19c8ff3eb4217240604757cd5547b101 100644

--- a/android_webview/browser/aw_cookie_access_policy.h

+++ b/android_webview/browser/aw_cookie_access_policy.h

@@ -8,7 +8,9 @@

#include "base/basictypes.h"

#include "base/lazy_instance.h"

#include "base/synchronization/lock.h"

+#include "net/base/static_cookie_policy.h"

#include "net/cookies/canonical_cookie.h"

+#include "net/url_request/url_request.h"

namespace content {

class ResourceContext;

@@ -16,7 +18,6 @@ class ResourceContext;

namespace net {

class CookieOptions;

-class URLRequest;

}

class GURL;

@@ -24,6 +25,10 @@ class GURL;

namespace android_webview {

// Manages the cookie access (both setting and getting) policy for WebView.

+// We have two bits of state but only three different cases:

+// If !GlobalAllowAccess then reject all cookies.

+// If GlobalAllowAccess and !ThirdPartyAllowAccess then allow first party only.

+// If GlobalAllowAccess and ThirdPartyAllowAccess then allow all cookies.

class AwCookieAccessPolicy {

public:

static AwCookieAccessPolicy* GetInstance();

@@ -33,6 +38,11 @@ class AwCookieAccessPolicy {

bool GetGlobalAllowAccess();

void SetGlobalAllowAccess(bool allow);

+ // These allow more fine grained control over requests depending on whether

+ // the cookie is third party or not.

+ bool GetThirdPartyAllowAccess();

+ void SetThirdPartyAllowAccess(bool allow);

// These are the functions called when operating over cookies from the

// network. See NetworkDelegate for further descriptions.

bool OnCanGetCookies(const net::URLRequest& request,

@@ -63,8 +73,20 @@ class AwCookieAccessPolicy {

AwCookieAccessPolicy();

~AwCookieAccessPolicy();

bool allow_access_;

+ bool allow_third_party_access_;

base::Lock lock_;

+ // Get the current policy (one of net::StaticCookiePolicy::ALLOW_ALL_COOKIES,

+ // BLOCK_ALL_COOKIES and BLOCK_ALL_THIRD_PARTY_COOKIES) depending on

mkosiba (inactive) 2014/04/17 18:27:30 this is a bit too detailed - you can see all this

hjd_google 2014/04/22 13:34:41 Done.

+ // GetGlobalAllowAccess() and GetThirdPartyAllowAccess() as outlined at the

+ // top of the file.

+ net::StaticCookiePolicy::Type GetPolicy(void);

+ // Given the requested url and the first party url these return true if we

+ // are allowed to get/set that cookie.

mkosiba (inactive) 2014/04/17 18:27:30 redundant comment - you can infer as much from the

hjd_google 2014/04/22 13:34:41 Done.

+ bool AllowGet(const GURL& url, const GURL& first_party);

+ bool AllowSet(const GURL& url, const GURL& first_party);

DISALLOW_COPY_AND_ASSIGN(AwCookieAccessPolicy);

};