OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // Portions of this code based on Mozilla: | 5 // Portions of this code based on Mozilla: |
6 // (netwerk/cookie/src/nsCookieService.cpp) | 6 // (netwerk/cookie/src/nsCookieService.cpp) |
7 /* ***** BEGIN LICENSE BLOCK ***** | 7 /* ***** BEGIN LICENSE BLOCK ***** |
8 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 8 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
9 * | 9 * |
10 * The contents of this file are subject to the Mozilla Public License Version | 10 * The contents of this file are subject to the Mozilla Public License Version |
(...skipping 388 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
399 const std::string& name, | 399 const std::string& name, |
400 const std::string& value, | 400 const std::string& value, |
401 const std::string& domain, | 401 const std::string& domain, |
402 const std::string& path, | 402 const std::string& path, |
403 base::Time creation_time, | 403 base::Time creation_time, |
404 base::Time expiration_time, | 404 base::Time expiration_time, |
405 base::Time last_access_time, | 405 base::Time last_access_time, |
406 bool secure, | 406 bool secure, |
407 bool http_only, | 407 bool http_only, |
408 CookieSameSite same_site, | 408 CookieSameSite same_site, |
409 bool enforce_strict_secure, | |
410 CookiePriority priority, | 409 CookiePriority priority, |
411 const SetCookiesCallback& callback) | 410 const SetCookiesCallback& callback) |
412 : CookieMonsterTask(cookie_monster), | 411 : CookieMonsterTask(cookie_monster), |
413 url_(url), | 412 url_(url), |
414 name_(name), | 413 name_(name), |
415 value_(value), | 414 value_(value), |
416 domain_(domain), | 415 domain_(domain), |
417 path_(path), | 416 path_(path), |
418 creation_time_(creation_time), | 417 creation_time_(creation_time), |
419 expiration_time_(expiration_time), | 418 expiration_time_(expiration_time), |
420 last_access_time_(last_access_time), | 419 last_access_time_(last_access_time), |
421 secure_(secure), | 420 secure_(secure), |
422 http_only_(http_only), | 421 http_only_(http_only), |
423 same_site_(same_site), | 422 same_site_(same_site), |
424 enforce_strict_secure_(enforce_strict_secure), | |
425 priority_(priority), | 423 priority_(priority), |
426 callback_(callback) {} | 424 callback_(callback) {} |
427 | 425 |
428 // CookieMonsterTask: | 426 // CookieMonsterTask: |
429 void Run() override; | 427 void Run() override; |
430 | 428 |
431 protected: | 429 protected: |
432 ~SetCookieWithDetailsTask() override {} | 430 ~SetCookieWithDetailsTask() override {} |
433 | 431 |
434 private: | 432 private: |
435 GURL url_; | 433 GURL url_; |
436 std::string name_; | 434 std::string name_; |
437 std::string value_; | 435 std::string value_; |
438 std::string domain_; | 436 std::string domain_; |
439 std::string path_; | 437 std::string path_; |
440 base::Time creation_time_; | 438 base::Time creation_time_; |
441 base::Time expiration_time_; | 439 base::Time expiration_time_; |
442 base::Time last_access_time_; | 440 base::Time last_access_time_; |
443 bool secure_; | 441 bool secure_; |
444 bool http_only_; | 442 bool http_only_; |
445 CookieSameSite same_site_; | 443 CookieSameSite same_site_; |
446 bool enforce_strict_secure_; | |
447 CookiePriority priority_; | 444 CookiePriority priority_; |
448 SetCookiesCallback callback_; | 445 SetCookiesCallback callback_; |
449 | 446 |
450 DISALLOW_COPY_AND_ASSIGN(SetCookieWithDetailsTask); | 447 DISALLOW_COPY_AND_ASSIGN(SetCookieWithDetailsTask); |
451 }; | 448 }; |
452 | 449 |
453 void CookieMonster::SetCookieWithDetailsTask::Run() { | 450 void CookieMonster::SetCookieWithDetailsTask::Run() { |
454 bool success = this->cookie_monster()->SetCookieWithDetails( | 451 bool success = this->cookie_monster()->SetCookieWithDetails( |
455 url_, name_, value_, domain_, path_, creation_time_, expiration_time_, | 452 url_, name_, value_, domain_, path_, creation_time_, expiration_time_, |
456 last_access_time_, secure_, http_only_, same_site_, | 453 last_access_time_, secure_, http_only_, same_site_, priority_); |
457 enforce_strict_secure_, priority_); | |
458 if (!callback_.is_null()) | 454 if (!callback_.is_null()) |
459 callback_.Run(success); | 455 callback_.Run(success); |
460 } | 456 } |
461 | 457 |
462 // Task class for GetAllCookies call. | 458 // Task class for GetAllCookies call. |
463 class CookieMonster::GetAllCookiesTask : public CookieMonsterTask { | 459 class CookieMonster::GetAllCookiesTask : public CookieMonsterTask { |
464 public: | 460 public: |
465 GetAllCookiesTask(CookieMonster* cookie_monster, | 461 GetAllCookiesTask(CookieMonster* cookie_monster, |
466 const GetCookieListCallback& callback) | 462 const GetCookieListCallback& callback) |
467 : CookieMonsterTask(cookie_monster), callback_(callback) {} | 463 : CookieMonsterTask(cookie_monster), callback_(callback) {} |
(...skipping 372 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
840 const std::string& name, | 836 const std::string& name, |
841 const std::string& value, | 837 const std::string& value, |
842 const std::string& domain, | 838 const std::string& domain, |
843 const std::string& path, | 839 const std::string& path, |
844 Time creation_time, | 840 Time creation_time, |
845 Time expiration_time, | 841 Time expiration_time, |
846 Time last_access_time, | 842 Time last_access_time, |
847 bool secure, | 843 bool secure, |
848 bool http_only, | 844 bool http_only, |
849 CookieSameSite same_site, | 845 CookieSameSite same_site, |
850 bool enforce_strict_secure, | |
851 CookiePriority priority, | 846 CookiePriority priority, |
852 const SetCookiesCallback& callback) { | 847 const SetCookiesCallback& callback) { |
853 scoped_refptr<SetCookieWithDetailsTask> task = new SetCookieWithDetailsTask( | 848 scoped_refptr<SetCookieWithDetailsTask> task = new SetCookieWithDetailsTask( |
854 this, url, name, value, domain, path, creation_time, expiration_time, | 849 this, url, name, value, domain, path, creation_time, expiration_time, |
855 last_access_time, secure, http_only, same_site, enforce_strict_secure, | 850 last_access_time, secure, http_only, same_site, priority, callback); |
856 priority, callback); | |
857 DoCookieTaskForURL(task, url); | 851 DoCookieTaskForURL(task, url); |
858 } | 852 } |
859 | 853 |
860 void CookieMonster::FlushStore(const base::Closure& callback) { | 854 void CookieMonster::FlushStore(const base::Closure& callback) { |
861 DCHECK(thread_checker_.CalledOnValidThread()); | 855 DCHECK(thread_checker_.CalledOnValidThread()); |
862 | 856 |
863 if (initialized_ && store_.get()) | 857 if (initialized_ && store_.get()) |
864 store_->Flush(callback); | 858 store_->Flush(callback); |
865 else if (!callback.is_null()) | 859 else if (!callback.is_null()) |
866 base::ThreadTaskRunnerHandle::Get()->PostTask(FROM_HERE, callback); | 860 base::ThreadTaskRunnerHandle::Get()->PostTask(FROM_HERE, callback); |
(...skipping 166 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1033 const std::string& name, | 1027 const std::string& name, |
1034 const std::string& value, | 1028 const std::string& value, |
1035 const std::string& domain, | 1029 const std::string& domain, |
1036 const std::string& path, | 1030 const std::string& path, |
1037 base::Time creation_time, | 1031 base::Time creation_time, |
1038 base::Time expiration_time, | 1032 base::Time expiration_time, |
1039 base::Time last_access_time, | 1033 base::Time last_access_time, |
1040 bool secure, | 1034 bool secure, |
1041 bool http_only, | 1035 bool http_only, |
1042 CookieSameSite same_site, | 1036 CookieSameSite same_site, |
1043 bool enforce_strict_secure, | |
1044 CookiePriority priority) { | 1037 CookiePriority priority) { |
1045 DCHECK(thread_checker_.CalledOnValidThread()); | 1038 DCHECK(thread_checker_.CalledOnValidThread()); |
1046 | 1039 |
1047 if (!HasCookieableScheme(url)) | 1040 if (!HasCookieableScheme(url)) |
1048 return false; | 1041 return false; |
1049 | 1042 |
1050 // TODO(mmenke): This class assumes each cookie to have a unique creation | 1043 // TODO(mmenke): This class assumes each cookie to have a unique creation |
1051 // time. Allowing the caller to set the creation time violates that | 1044 // time. Allowing the caller to set the creation time violates that |
1052 // assumption. Worth fixing? Worth noting that time changes between browser | 1045 // assumption. Worth fixing? Worth noting that time changes between browser |
1053 // restarts can cause the same issue. | 1046 // restarts can cause the same issue. |
1054 base::Time actual_creation_time = creation_time; | 1047 base::Time actual_creation_time = creation_time; |
1055 if (creation_time.is_null()) { | 1048 if (creation_time.is_null()) { |
1056 actual_creation_time = CurrentTime(); | 1049 actual_creation_time = CurrentTime(); |
1057 last_time_seen_ = actual_creation_time; | 1050 last_time_seen_ = actual_creation_time; |
1058 } | 1051 } |
1059 | 1052 |
1060 std::unique_ptr<CanonicalCookie> cc(CanonicalCookie::Create( | 1053 std::unique_ptr<CanonicalCookie> cc(CanonicalCookie::Create( |
1061 url, name, value, domain, path, actual_creation_time, expiration_time, | 1054 url, name, value, domain, path, actual_creation_time, expiration_time, |
1062 secure, http_only, same_site, enforce_strict_secure, priority)); | 1055 secure, http_only, same_site, priority)); |
1063 | 1056 |
1064 if (!cc.get()) | 1057 if (!cc.get()) |
1065 return false; | 1058 return false; |
1066 | 1059 |
1067 if (!last_access_time.is_null()) | 1060 if (!last_access_time.is_null()) |
1068 cc->SetLastAccessDate(last_access_time); | 1061 cc->SetLastAccessDate(last_access_time); |
1069 | 1062 |
1070 CookieOptions options; | 1063 CookieOptions options; |
1071 options.set_include_httponly(); | 1064 options.set_include_httponly(); |
1072 options.set_same_site_cookie_mode( | 1065 options.set_same_site_cookie_mode( |
1073 CookieOptions::SameSiteCookieMode::INCLUDE_STRICT_AND_LAX); | 1066 CookieOptions::SameSiteCookieMode::INCLUDE_STRICT_AND_LAX); |
1074 if (enforce_strict_secure) | |
1075 options.set_enforce_strict_secure(); | |
1076 return SetCanonicalCookie(std::move(cc), url, options); | 1067 return SetCanonicalCookie(std::move(cc), url, options); |
1077 } | 1068 } |
1078 | 1069 |
1079 CookieList CookieMonster::GetAllCookies() { | 1070 CookieList CookieMonster::GetAllCookies() { |
1080 DCHECK(thread_checker_.CalledOnValidThread()); | 1071 DCHECK(thread_checker_.CalledOnValidThread()); |
1081 | 1072 |
1082 // This function is being called to scrape the cookie list for management UI | 1073 // This function is being called to scrape the cookie list for management UI |
1083 // or similar. We shouldn't show expired cookies in this list since it will | 1074 // or similar. We shouldn't show expired cookies in this list since it will |
1084 // just be confusing to users, and this function is called rarely enough (and | 1075 // just be confusing to users, and this function is called rarely enough (and |
1085 // is already slow enough) that it's OK to take the time to garbage collect | 1076 // is already slow enough) that it's OK to take the time to garbage collect |
(...skipping 515 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1601 InternalUpdateCookieAccessTime(cc, current); | 1592 InternalUpdateCookieAccessTime(cc, current); |
1602 } | 1593 } |
1603 cookies->push_back(cc); | 1594 cookies->push_back(cc); |
1604 } | 1595 } |
1605 } | 1596 } |
1606 | 1597 |
1607 bool CookieMonster::DeleteAnyEquivalentCookie(const std::string& key, | 1598 bool CookieMonster::DeleteAnyEquivalentCookie(const std::string& key, |
1608 const CanonicalCookie& ecc, | 1599 const CanonicalCookie& ecc, |
1609 const GURL& source_url, | 1600 const GURL& source_url, |
1610 bool skip_httponly, | 1601 bool skip_httponly, |
1611 bool already_expired, | 1602 bool already_expired) { |
1612 bool enforce_strict_secure) { | |
1613 DCHECK(thread_checker_.CalledOnValidThread()); | 1603 DCHECK(thread_checker_.CalledOnValidThread()); |
1614 | 1604 |
1615 bool found_equivalent_cookie = false; | 1605 bool found_equivalent_cookie = false; |
1616 bool skipped_httponly = false; | 1606 bool skipped_httponly = false; |
1617 bool skipped_secure_cookie = false; | 1607 bool skipped_secure_cookie = false; |
1618 | 1608 |
1619 histogram_cookie_delete_equivalent_->Add(COOKIE_DELETE_EQUIVALENT_ATTEMPT); | 1609 histogram_cookie_delete_equivalent_->Add(COOKIE_DELETE_EQUIVALENT_ATTEMPT); |
1620 | 1610 |
1621 for (CookieMapItPair its = cookies_.equal_range(key); | 1611 for (CookieMapItPair its = cookies_.equal_range(key); |
1622 its.first != its.second;) { | 1612 its.first != its.second;) { |
1623 CookieMap::iterator curit = its.first; | 1613 CookieMap::iterator curit = its.first; |
1624 CanonicalCookie* cc = curit->second.get(); | 1614 CanonicalCookie* cc = curit->second.get(); |
1625 ++its.first; | 1615 ++its.first; |
1626 | 1616 |
1627 // If strict secure cookies is being enforced, then the equivalency | 1617 // If the cookie is being set from an insecure scheme, then if a cookie |
1628 // requirements are looser. If the cookie is being set from an insecure | 1618 // already exists with the same name and it is Secure, then the cookie |
1629 // scheme, then if a cookie already exists with the same name and it is | 1619 // should *not* be updated if they domain-match and ignoring the path |
1630 // Secure, then the cookie should *not* be updated if they domain-match and | 1620 // attribute. |
1631 // ignoring the path attribute. | |
1632 // | 1621 // |
1633 // See: https://tools.ietf.org/html/draft-west-leave-secure-cookies-alone | 1622 // See: https://tools.ietf.org/html/draft-west-leave-secure-cookies-alone |
Mike West
2017/01/14 06:24:01
Nit: We should update these references to https://
jww
2017/01/24 18:09:25
Done.
| |
1634 if (enforce_strict_secure && cc->IsSecure() && | 1623 if (cc->IsSecure() && !source_url.SchemeIsCryptographic() && |
1635 !source_url.SchemeIsCryptographic() && | |
1636 ecc.IsEquivalentForSecureCookieMatching(*cc)) { | 1624 ecc.IsEquivalentForSecureCookieMatching(*cc)) { |
1637 skipped_secure_cookie = true; | 1625 skipped_secure_cookie = true; |
1638 histogram_cookie_delete_equivalent_->Add( | 1626 histogram_cookie_delete_equivalent_->Add( |
1639 COOKIE_DELETE_EQUIVALENT_SKIPPING_SECURE); | 1627 COOKIE_DELETE_EQUIVALENT_SKIPPING_SECURE); |
1640 // If the cookie is equivalent to the new cookie and wouldn't have been | 1628 // If the cookie is equivalent to the new cookie and wouldn't have been |
1641 // skipped for being HTTP-only, record that it is a skipped secure cookie | 1629 // skipped for being HTTP-only, record that it is a skipped secure cookie |
1642 // that would have been deleted otherwise. | 1630 // that would have been deleted otherwise. |
1643 if (ecc.IsEquivalent(*cc)) { | 1631 if (ecc.IsEquivalent(*cc)) { |
1644 found_equivalent_cookie = true; | 1632 found_equivalent_cookie = true; |
1645 | 1633 |
(...skipping 104 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1750 bool CookieMonster::SetCanonicalCookie(std::unique_ptr<CanonicalCookie> cc, | 1738 bool CookieMonster::SetCanonicalCookie(std::unique_ptr<CanonicalCookie> cc, |
1751 const GURL& source_url, | 1739 const GURL& source_url, |
1752 const CookieOptions& options) { | 1740 const CookieOptions& options) { |
1753 DCHECK(thread_checker_.CalledOnValidThread()); | 1741 DCHECK(thread_checker_.CalledOnValidThread()); |
1754 | 1742 |
1755 Time creation_time = cc->CreationDate(); | 1743 Time creation_time = cc->CreationDate(); |
1756 const std::string key(GetKey(cc->Domain())); | 1744 const std::string key(GetKey(cc->Domain())); |
1757 bool already_expired = cc->IsExpired(creation_time); | 1745 bool already_expired = cc->IsExpired(creation_time); |
1758 | 1746 |
1759 if (DeleteAnyEquivalentCookie(key, *cc, source_url, | 1747 if (DeleteAnyEquivalentCookie(key, *cc, source_url, |
1760 options.exclude_httponly(), already_expired, | 1748 options.exclude_httponly(), already_expired)) { |
1761 options.enforce_strict_secure())) { | |
1762 std::string error; | 1749 std::string error; |
1763 if (options.enforce_strict_secure()) { | 1750 error = |
1764 error = | 1751 "SetCookie() not clobbering httponly cookie or secure cookie for " |
1765 "SetCookie() not clobbering httponly cookie or secure cookie for " | 1752 "insecure scheme"; |
1766 "insecure scheme"; | |
1767 } else { | |
1768 error = "SetCookie() not clobbering httponly cookie"; | |
1769 } | |
1770 | 1753 |
1771 VLOG(kVlogSetCookies) << error; | 1754 VLOG(kVlogSetCookies) << error; |
1772 return false; | 1755 return false; |
1773 } | 1756 } |
1774 | 1757 |
1775 VLOG(kVlogSetCookies) << "SetCookie() key: " << key | 1758 VLOG(kVlogSetCookies) << "SetCookie() key: " << key |
1776 << " cc: " << cc->DebugString(); | 1759 << " cc: " << cc->DebugString(); |
1777 | 1760 |
1778 // Realize that we might be setting an expired cookie, and the only point | 1761 // Realize that we might be setting an expired cookie, and the only point |
1779 // was to delete the cookie which we've already done. | 1762 // was to delete the cookie which we've already done. |
1780 if (!already_expired) { | 1763 if (!already_expired) { |
1781 // See InitializeHistograms() for details. | 1764 // See InitializeHistograms() for details. |
1782 if (cc->IsPersistent()) { | 1765 if (cc->IsPersistent()) { |
1783 histogram_expiration_duration_minutes_->Add( | 1766 histogram_expiration_duration_minutes_->Add( |
1784 (cc->ExpiryDate() - creation_time).InMinutes()); | 1767 (cc->ExpiryDate() - creation_time).InMinutes()); |
1785 } | 1768 } |
1786 | 1769 |
1787 InternalInsertCookie(key, std::move(cc), source_url, true); | 1770 InternalInsertCookie(key, std::move(cc), source_url, true); |
1788 } else { | 1771 } else { |
1789 VLOG(kVlogSetCookies) << "SetCookie() not storing already expired cookie."; | 1772 VLOG(kVlogSetCookies) << "SetCookie() not storing already expired cookie."; |
1790 } | 1773 } |
1791 | 1774 |
1792 // We assume that hopefully setting a cookie will be less common than | 1775 // We assume that hopefully setting a cookie will be less common than |
1793 // querying a cookie. Since setting a cookie can put us over our limits, | 1776 // querying a cookie. Since setting a cookie can put us over our limits, |
1794 // make sure that we garbage collect... We can also make the assumption that | 1777 // make sure that we garbage collect... We can also make the assumption that |
1795 // if a cookie was set, in the common case it will be used soon after, | 1778 // if a cookie was set, in the common case it will be used soon after, |
1796 // and we will purge the expired cookies in GetCookies(). | 1779 // and we will purge the expired cookies in GetCookies(). |
1797 GarbageCollect(creation_time, key, options.enforce_strict_secure()); | 1780 GarbageCollect(creation_time, key); |
1798 | 1781 |
1799 return true; | 1782 return true; |
1800 } | 1783 } |
1801 | 1784 |
1802 bool CookieMonster::SetCanonicalCookies(const CookieList& list) { | 1785 bool CookieMonster::SetCanonicalCookies(const CookieList& list) { |
1803 DCHECK(thread_checker_.CalledOnValidThread()); | 1786 DCHECK(thread_checker_.CalledOnValidThread()); |
1804 | 1787 |
1805 CookieOptions options; | 1788 CookieOptions options; |
1806 options.set_include_httponly(); | 1789 options.set_include_httponly(); |
1807 | 1790 |
(...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1860 ChangeCausePair mapping = kChangeCauseMapping[deletion_cause]; | 1843 ChangeCausePair mapping = kChangeCauseMapping[deletion_cause]; |
1861 if (delegate_.get() && mapping.notify) | 1844 if (delegate_.get() && mapping.notify) |
1862 delegate_->OnCookieChanged(*cc, true, mapping.cause); | 1845 delegate_->OnCookieChanged(*cc, true, mapping.cause); |
1863 RunCookieChangedCallbacks(*cc, mapping.cause); | 1846 RunCookieChangedCallbacks(*cc, mapping.cause); |
1864 cookies_.erase(it); | 1847 cookies_.erase(it); |
1865 } | 1848 } |
1866 | 1849 |
1867 // Domain expiry behavior is unchanged by key/expiry scheme (the | 1850 // Domain expiry behavior is unchanged by key/expiry scheme (the |
1868 // meaning of the key is different, but that's not visible to this routine). | 1851 // meaning of the key is different, but that's not visible to this routine). |
1869 size_t CookieMonster::GarbageCollect(const Time& current, | 1852 size_t CookieMonster::GarbageCollect(const Time& current, |
1870 const std::string& key, | 1853 const std::string& key) { |
1871 bool enforce_strict_secure) { | |
1872 DCHECK(thread_checker_.CalledOnValidThread()); | 1854 DCHECK(thread_checker_.CalledOnValidThread()); |
1873 | 1855 |
1874 size_t num_deleted = 0; | 1856 size_t num_deleted = 0; |
1875 Time safe_date(Time::Now() - TimeDelta::FromDays(kSafeFromGlobalPurgeDays)); | 1857 Time safe_date(Time::Now() - TimeDelta::FromDays(kSafeFromGlobalPurgeDays)); |
1876 | 1858 |
1877 // Collect garbage for this key, minding cookie priorities. | 1859 // Collect garbage for this key, minding cookie priorities. |
1878 if (cookies_.count(key) > kDomainMaxCookies) { | 1860 if (cookies_.count(key) > kDomainMaxCookies) { |
1879 VLOG(kVlogGarbageCollection) << "GarbageCollect() key: " << key; | 1861 VLOG(kVlogGarbageCollection) << "GarbageCollect() key: " << key; |
1880 | 1862 |
1881 CookieItVector* cookie_its; | 1863 CookieItVector* cookie_its; |
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1919 // 4. High-priority non-secure cookies. | 1901 // 4. High-priority non-secure cookies. |
1920 {COOKIE_PRIORITY_HIGH, true}, | 1902 {COOKIE_PRIORITY_HIGH, true}, |
1921 // 5. Medium-priority secure cookies. | 1903 // 5. Medium-priority secure cookies. |
1922 {COOKIE_PRIORITY_MEDIUM, false}, | 1904 {COOKIE_PRIORITY_MEDIUM, false}, |
1923 // 6. High-priority secure cookies. | 1905 // 6. High-priority secure cookies. |
1924 {COOKIE_PRIORITY_HIGH, false}, | 1906 {COOKIE_PRIORITY_HIGH, false}, |
1925 }; | 1907 }; |
1926 | 1908 |
1927 size_t quota = 0; | 1909 size_t quota = 0; |
1928 for (const auto& purge_round : purge_rounds) { | 1910 for (const auto& purge_round : purge_rounds) { |
1929 // Only observe the non-secure purge rounds if strict secure cookies is | |
1930 // enabled. | |
1931 if (!enforce_strict_secure && purge_round.protect_secure_cookies) | |
1932 continue; | |
1933 | |
1934 // Adjust quota according to the priority of cookies. Each round should | 1911 // Adjust quota according to the priority of cookies. Each round should |
1935 // protect certain number of cookies in order to avoid starvation. | 1912 // protect certain number of cookies in order to avoid starvation. |
1936 // For example, when each round starts to remove cookies, the number of | 1913 // For example, when each round starts to remove cookies, the number of |
1937 // cookies of that priority are counted and a decision whether they | 1914 // cookies of that priority are counted and a decision whether they |
1938 // should be deleted or not is made. If yes, some number of cookies of | 1915 // should be deleted or not is made. If yes, some number of cookies of |
1939 // that priority are deleted considering the quota. | 1916 // that priority are deleted considering the quota. |
1940 switch (purge_round.priority) { | 1917 switch (purge_round.priority) { |
1941 case COOKIE_PRIORITY_LOW: | 1918 case COOKIE_PRIORITY_LOW: |
1942 quota = kDomainCookiesQuotaLow; | 1919 quota = kDomainCookiesQuotaLow; |
1943 break; | 1920 break; |
(...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1976 | 1953 |
1977 num_deleted += GarbageCollectExpired( | 1954 num_deleted += GarbageCollectExpired( |
1978 current, CookieMapItPair(cookies_.begin(), cookies_.end()), | 1955 current, CookieMapItPair(cookies_.begin(), cookies_.end()), |
1979 &cookie_its); | 1956 &cookie_its); |
1980 | 1957 |
1981 if (cookie_its.size() > kMaxCookies) { | 1958 if (cookie_its.size() > kMaxCookies) { |
1982 VLOG(kVlogGarbageCollection) << "Deep Garbage Collect everything."; | 1959 VLOG(kVlogGarbageCollection) << "Deep Garbage Collect everything."; |
1983 size_t purge_goal = cookie_its.size() - (kMaxCookies - kPurgeCookies); | 1960 size_t purge_goal = cookie_its.size() - (kMaxCookies - kPurgeCookies); |
1984 DCHECK(purge_goal > kPurgeCookies); | 1961 DCHECK(purge_goal > kPurgeCookies); |
1985 | 1962 |
1986 if (enforce_strict_secure) { | 1963 CookieItVector secure_cookie_its; |
1987 CookieItVector secure_cookie_its; | 1964 CookieItVector non_secure_cookie_its; |
1988 CookieItVector non_secure_cookie_its; | 1965 SplitCookieVectorIntoSecureAndNonSecure(cookie_its, &secure_cookie_its, |
1989 SplitCookieVectorIntoSecureAndNonSecure(cookie_its, &secure_cookie_its, | 1966 &non_secure_cookie_its); |
1990 &non_secure_cookie_its); | 1967 size_t non_secure_purge_goal = |
1991 size_t non_secure_purge_goal = | 1968 std::min<size_t>(purge_goal, non_secure_cookie_its.size() - 1); |
1992 std::min<size_t>(purge_goal, non_secure_cookie_its.size() - 1); | |
1993 | 1969 |
1994 size_t just_deleted = GarbageCollectLeastRecentlyAccessed( | 1970 size_t just_deleted = GarbageCollectLeastRecentlyAccessed( |
1995 current, safe_date, non_secure_purge_goal, non_secure_cookie_its); | 1971 current, safe_date, non_secure_purge_goal, non_secure_cookie_its); |
1996 num_deleted += just_deleted; | 1972 num_deleted += just_deleted; |
1997 | 1973 |
1998 if (just_deleted < purge_goal) { | 1974 if (just_deleted < purge_goal && secure_cookie_its.size() > 0) { |
1999 size_t secure_purge_goal = std::min<size_t>( | 1975 size_t secure_purge_goal = std::min<size_t>( |
2000 purge_goal - just_deleted, secure_cookie_its.size() - 1); | 1976 purge_goal - just_deleted, secure_cookie_its.size() - 1); |
2001 num_deleted += GarbageCollectLeastRecentlyAccessed( | |
2002 current, safe_date, secure_purge_goal, secure_cookie_its); | |
2003 } | |
2004 } else { | |
2005 num_deleted += GarbageCollectLeastRecentlyAccessed( | 1977 num_deleted += GarbageCollectLeastRecentlyAccessed( |
2006 current, safe_date, purge_goal, cookie_its); | 1978 current, safe_date, secure_purge_goal, secure_cookie_its); |
Mike West
2017/01/14 06:24:01
Hrm. I don't think we ever updated https://tools.i
jww
2017/01/24 18:09:25
Shared a doc with you: https://docs.google.com/doc
| |
2007 } | 1979 } |
2008 } | 1980 } |
2009 } | 1981 } |
2010 | 1982 |
2011 return num_deleted; | 1983 return num_deleted; |
2012 } | 1984 } |
2013 | 1985 |
2014 size_t CookieMonster::PurgeLeastRecentMatches(CookieItVector* cookies, | 1986 size_t CookieMonster::PurgeLeastRecentMatches(CookieItVector* cookies, |
2015 CookiePriority priority, | 1987 CookiePriority priority, |
2016 size_t to_protect, | 1988 size_t to_protect, |
(...skipping 369 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
2386 it != hook_map_.end(); ++it) { | 2358 it != hook_map_.end(); ++it) { |
2387 std::pair<GURL, std::string> key = it->first; | 2359 std::pair<GURL, std::string> key = it->first; |
2388 if (cookie.IncludeForRequestURL(key.first, opts) && | 2360 if (cookie.IncludeForRequestURL(key.first, opts) && |
2389 cookie.Name() == key.second) { | 2361 cookie.Name() == key.second) { |
2390 it->second->Notify(cookie, cause); | 2362 it->second->Notify(cookie, cause); |
2391 } | 2363 } |
2392 } | 2364 } |
2393 } | 2365 } |
2394 | 2366 |
2395 } // namespace net | 2367 } // namespace net |
OLD | NEW |