OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // Portions of this code based on Mozilla: | 5 // Portions of this code based on Mozilla: |
6 // (netwerk/cookie/src/nsCookieService.cpp) | 6 // (netwerk/cookie/src/nsCookieService.cpp) |
7 /* ***** BEGIN LICENSE BLOCK ***** | 7 /* ***** BEGIN LICENSE BLOCK ***** |
8 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 8 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
9 * | 9 * |
10 * The contents of this file are subject to the Mozilla Public License Version | 10 * The contents of this file are subject to the Mozilla Public License Version |
(...skipping 396 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
407 const std::string& name, | 407 const std::string& name, |
408 const std::string& value, | 408 const std::string& value, |
409 const std::string& domain, | 409 const std::string& domain, |
410 const std::string& path, | 410 const std::string& path, |
411 base::Time creation_time, | 411 base::Time creation_time, |
412 base::Time expiration_time, | 412 base::Time expiration_time, |
413 base::Time last_access_time, | 413 base::Time last_access_time, |
414 bool secure, | 414 bool secure, |
415 bool http_only, | 415 bool http_only, |
416 CookieSameSite same_site, | 416 CookieSameSite same_site, |
417 bool enforce_strict_secure, | |
418 CookiePriority priority, | 417 CookiePriority priority, |
419 const SetCookiesCallback& callback) | 418 const SetCookiesCallback& callback) |
420 : CookieMonsterTask(cookie_monster), | 419 : CookieMonsterTask(cookie_monster), |
421 url_(url), | 420 url_(url), |
422 name_(name), | 421 name_(name), |
423 value_(value), | 422 value_(value), |
424 domain_(domain), | 423 domain_(domain), |
425 path_(path), | 424 path_(path), |
426 creation_time_(creation_time), | 425 creation_time_(creation_time), |
427 expiration_time_(expiration_time), | 426 expiration_time_(expiration_time), |
428 last_access_time_(last_access_time), | 427 last_access_time_(last_access_time), |
429 secure_(secure), | 428 secure_(secure), |
430 http_only_(http_only), | 429 http_only_(http_only), |
431 same_site_(same_site), | 430 same_site_(same_site), |
432 enforce_strict_secure_(enforce_strict_secure), | |
433 priority_(priority), | 431 priority_(priority), |
434 callback_(callback) {} | 432 callback_(callback) {} |
435 | 433 |
436 // CookieMonsterTask: | 434 // CookieMonsterTask: |
437 void Run() override; | 435 void Run() override; |
438 | 436 |
439 protected: | 437 protected: |
440 ~SetCookieWithDetailsTask() override {} | 438 ~SetCookieWithDetailsTask() override {} |
441 | 439 |
442 private: | 440 private: |
443 GURL url_; | 441 GURL url_; |
444 std::string name_; | 442 std::string name_; |
445 std::string value_; | 443 std::string value_; |
446 std::string domain_; | 444 std::string domain_; |
447 std::string path_; | 445 std::string path_; |
448 base::Time creation_time_; | 446 base::Time creation_time_; |
449 base::Time expiration_time_; | 447 base::Time expiration_time_; |
450 base::Time last_access_time_; | 448 base::Time last_access_time_; |
451 bool secure_; | 449 bool secure_; |
452 bool http_only_; | 450 bool http_only_; |
453 CookieSameSite same_site_; | 451 CookieSameSite same_site_; |
454 bool enforce_strict_secure_; | |
455 CookiePriority priority_; | 452 CookiePriority priority_; |
456 SetCookiesCallback callback_; | 453 SetCookiesCallback callback_; |
457 | 454 |
458 DISALLOW_COPY_AND_ASSIGN(SetCookieWithDetailsTask); | 455 DISALLOW_COPY_AND_ASSIGN(SetCookieWithDetailsTask); |
459 }; | 456 }; |
460 | 457 |
461 void CookieMonster::SetCookieWithDetailsTask::Run() { | 458 void CookieMonster::SetCookieWithDetailsTask::Run() { |
462 bool success = this->cookie_monster()->SetCookieWithDetails( | 459 bool success = this->cookie_monster()->SetCookieWithDetails( |
463 url_, name_, value_, domain_, path_, creation_time_, expiration_time_, | 460 url_, name_, value_, domain_, path_, creation_time_, expiration_time_, |
464 last_access_time_, secure_, http_only_, same_site_, | 461 last_access_time_, secure_, http_only_, same_site_, priority_); |
465 enforce_strict_secure_, priority_); | |
466 if (!callback_.is_null()) | 462 if (!callback_.is_null()) |
467 callback_.Run(success); | 463 callback_.Run(success); |
468 } | 464 } |
469 | 465 |
470 // Task class for GetAllCookies call. | 466 // Task class for GetAllCookies call. |
471 class CookieMonster::GetAllCookiesTask : public CookieMonsterTask { | 467 class CookieMonster::GetAllCookiesTask : public CookieMonsterTask { |
472 public: | 468 public: |
473 GetAllCookiesTask(CookieMonster* cookie_monster, | 469 GetAllCookiesTask(CookieMonster* cookie_monster, |
474 const GetCookieListCallback& callback) | 470 const GetCookieListCallback& callback) |
475 : CookieMonsterTask(cookie_monster), callback_(callback) {} | 471 : CookieMonsterTask(cookie_monster), callback_(callback) {} |
(...skipping 372 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
848 const std::string& name, | 844 const std::string& name, |
849 const std::string& value, | 845 const std::string& value, |
850 const std::string& domain, | 846 const std::string& domain, |
851 const std::string& path, | 847 const std::string& path, |
852 Time creation_time, | 848 Time creation_time, |
853 Time expiration_time, | 849 Time expiration_time, |
854 Time last_access_time, | 850 Time last_access_time, |
855 bool secure, | 851 bool secure, |
856 bool http_only, | 852 bool http_only, |
857 CookieSameSite same_site, | 853 CookieSameSite same_site, |
858 bool enforce_strict_secure, | |
859 CookiePriority priority, | 854 CookiePriority priority, |
860 const SetCookiesCallback& callback) { | 855 const SetCookiesCallback& callback) { |
861 scoped_refptr<SetCookieWithDetailsTask> task = new SetCookieWithDetailsTask( | 856 scoped_refptr<SetCookieWithDetailsTask> task = new SetCookieWithDetailsTask( |
862 this, url, name, value, domain, path, creation_time, expiration_time, | 857 this, url, name, value, domain, path, creation_time, expiration_time, |
863 last_access_time, secure, http_only, same_site, enforce_strict_secure, | 858 last_access_time, secure, http_only, same_site, priority, callback); |
864 priority, callback); | |
865 DoCookieTaskForURL(task, url); | 859 DoCookieTaskForURL(task, url); |
866 } | 860 } |
867 | 861 |
868 void CookieMonster::FlushStore(const base::Closure& callback) { | 862 void CookieMonster::FlushStore(const base::Closure& callback) { |
869 DCHECK(thread_checker_.CalledOnValidThread()); | 863 DCHECK(thread_checker_.CalledOnValidThread()); |
870 | 864 |
871 if (initialized_ && store_.get()) | 865 if (initialized_ && store_.get()) |
872 store_->Flush(callback); | 866 store_->Flush(callback); |
873 else if (!callback.is_null()) | 867 else if (!callback.is_null()) |
874 base::ThreadTaskRunnerHandle::Get()->PostTask(FROM_HERE, callback); | 868 base::ThreadTaskRunnerHandle::Get()->PostTask(FROM_HERE, callback); |
(...skipping 166 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1041 const std::string& name, | 1035 const std::string& name, |
1042 const std::string& value, | 1036 const std::string& value, |
1043 const std::string& domain, | 1037 const std::string& domain, |
1044 const std::string& path, | 1038 const std::string& path, |
1045 base::Time creation_time, | 1039 base::Time creation_time, |
1046 base::Time expiration_time, | 1040 base::Time expiration_time, |
1047 base::Time last_access_time, | 1041 base::Time last_access_time, |
1048 bool secure, | 1042 bool secure, |
1049 bool http_only, | 1043 bool http_only, |
1050 CookieSameSite same_site, | 1044 CookieSameSite same_site, |
1051 bool enforce_strict_secure, | |
1052 CookiePriority priority) { | 1045 CookiePriority priority) { |
1053 DCHECK(thread_checker_.CalledOnValidThread()); | 1046 DCHECK(thread_checker_.CalledOnValidThread()); |
1054 | 1047 |
1055 if (!HasCookieableScheme(url)) | 1048 if (!HasCookieableScheme(url)) |
1056 return false; | 1049 return false; |
1057 | 1050 |
1058 // TODO(mmenke): This class assumes each cookie to have a unique creation | 1051 // TODO(mmenke): This class assumes each cookie to have a unique creation |
1059 // time. Allowing the caller to set the creation time violates that | 1052 // time. Allowing the caller to set the creation time violates that |
1060 // assumption. Worth fixing? Worth noting that time changes between browser | 1053 // assumption. Worth fixing? Worth noting that time changes between browser |
1061 // restarts can cause the same issue. | 1054 // restarts can cause the same issue. |
1062 base::Time actual_creation_time = creation_time; | 1055 base::Time actual_creation_time = creation_time; |
1063 if (creation_time.is_null()) { | 1056 if (creation_time.is_null()) { |
1064 actual_creation_time = CurrentTime(); | 1057 actual_creation_time = CurrentTime(); |
1065 last_time_seen_ = actual_creation_time; | 1058 last_time_seen_ = actual_creation_time; |
1066 } | 1059 } |
1067 | 1060 |
1068 std::unique_ptr<CanonicalCookie> cc(CanonicalCookie::Create( | 1061 std::unique_ptr<CanonicalCookie> cc(CanonicalCookie::Create( |
1069 url, name, value, domain, path, actual_creation_time, expiration_time, | 1062 url, name, value, domain, path, actual_creation_time, expiration_time, |
1070 secure, http_only, same_site, enforce_strict_secure, priority)); | 1063 secure, http_only, same_site, priority)); |
1071 | 1064 |
1072 if (!cc.get()) | 1065 if (!cc.get()) |
1073 return false; | 1066 return false; |
1074 | 1067 |
1075 if (!last_access_time.is_null()) | 1068 if (!last_access_time.is_null()) |
1076 cc->SetLastAccessDate(last_access_time); | 1069 cc->SetLastAccessDate(last_access_time); |
1077 | 1070 |
1078 CookieOptions options; | 1071 CookieOptions options; |
1079 options.set_include_httponly(); | 1072 options.set_include_httponly(); |
1080 options.set_same_site_cookie_mode( | 1073 options.set_same_site_cookie_mode( |
1081 CookieOptions::SameSiteCookieMode::INCLUDE_STRICT_AND_LAX); | 1074 CookieOptions::SameSiteCookieMode::INCLUDE_STRICT_AND_LAX); |
1082 if (enforce_strict_secure) | |
1083 options.set_enforce_strict_secure(); | |
1084 return SetCanonicalCookie(std::move(cc), url, options); | 1075 return SetCanonicalCookie(std::move(cc), url, options); |
1085 } | 1076 } |
1086 | 1077 |
1087 CookieList CookieMonster::GetAllCookies() { | 1078 CookieList CookieMonster::GetAllCookies() { |
1088 DCHECK(thread_checker_.CalledOnValidThread()); | 1079 DCHECK(thread_checker_.CalledOnValidThread()); |
1089 | 1080 |
1090 // This function is being called to scrape the cookie list for management UI | 1081 // This function is being called to scrape the cookie list for management UI |
1091 // or similar. We shouldn't show expired cookies in this list since it will | 1082 // or similar. We shouldn't show expired cookies in this list since it will |
1092 // just be confusing to users, and this function is called rarely enough (and | 1083 // just be confusing to users, and this function is called rarely enough (and |
1093 // is already slow enough) that it's OK to take the time to garbage collect | 1084 // is already slow enough) that it's OK to take the time to garbage collect |
(...skipping 515 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1609 InternalUpdateCookieAccessTime(cc, current); | 1600 InternalUpdateCookieAccessTime(cc, current); |
1610 } | 1601 } |
1611 cookies->push_back(cc); | 1602 cookies->push_back(cc); |
1612 } | 1603 } |
1613 } | 1604 } |
1614 | 1605 |
1615 bool CookieMonster::DeleteAnyEquivalentCookie(const std::string& key, | 1606 bool CookieMonster::DeleteAnyEquivalentCookie(const std::string& key, |
1616 const CanonicalCookie& ecc, | 1607 const CanonicalCookie& ecc, |
1617 const GURL& source_url, | 1608 const GURL& source_url, |
1618 bool skip_httponly, | 1609 bool skip_httponly, |
1619 bool already_expired, | 1610 bool already_expired) { |
1620 bool enforce_strict_secure) { | |
1621 DCHECK(thread_checker_.CalledOnValidThread()); | 1611 DCHECK(thread_checker_.CalledOnValidThread()); |
1622 | 1612 |
1623 bool found_equivalent_cookie = false; | 1613 bool found_equivalent_cookie = false; |
1624 bool skipped_httponly = false; | 1614 bool skipped_httponly = false; |
1625 bool skipped_secure_cookie = false; | 1615 bool skipped_secure_cookie = false; |
1626 | 1616 |
1627 histogram_cookie_delete_equivalent_->Add(COOKIE_DELETE_EQUIVALENT_ATTEMPT); | 1617 histogram_cookie_delete_equivalent_->Add(COOKIE_DELETE_EQUIVALENT_ATTEMPT); |
1628 | 1618 |
1629 for (CookieMapItPair its = cookies_.equal_range(key); | 1619 for (CookieMapItPair its = cookies_.equal_range(key); |
1630 its.first != its.second;) { | 1620 its.first != its.second;) { |
1631 CookieMap::iterator curit = its.first; | 1621 CookieMap::iterator curit = its.first; |
1632 CanonicalCookie* cc = curit->second.get(); | 1622 CanonicalCookie* cc = curit->second.get(); |
1633 ++its.first; | 1623 ++its.first; |
1634 | 1624 |
1635 // If strict secure cookies is being enforced, then the equivalency | 1625 // If the cookie is being set from an insecure scheme, then if a cookie |
1636 // requirements are looser. If the cookie is being set from an insecure | 1626 // already exists with the same name and it is Secure, then the cookie |
1637 // scheme, then if a cookie already exists with the same name and it is | 1627 // should *not* be updated if they domain-match and ignoring the path |
1638 // Secure, then the cookie should *not* be updated if they domain-match and | 1628 // attribute. |
1639 // ignoring the path attribute. | |
1640 // | 1629 // |
1641 // See: https://tools.ietf.org/html/draft-west-leave-secure-cookies-alone | 1630 // See: https://tools.ietf.org/html/draft-ietf-httpbis-cookie-alone |
1642 if (enforce_strict_secure && cc->IsSecure() && | 1631 if (cc->IsSecure() && !source_url.SchemeIsCryptographic() && |
1643 !source_url.SchemeIsCryptographic() && | |
1644 ecc.IsEquivalentForSecureCookieMatching(*cc)) { | 1632 ecc.IsEquivalentForSecureCookieMatching(*cc)) { |
1645 skipped_secure_cookie = true; | 1633 skipped_secure_cookie = true; |
1646 histogram_cookie_delete_equivalent_->Add( | 1634 histogram_cookie_delete_equivalent_->Add( |
1647 COOKIE_DELETE_EQUIVALENT_SKIPPING_SECURE); | 1635 COOKIE_DELETE_EQUIVALENT_SKIPPING_SECURE); |
1648 // If the cookie is equivalent to the new cookie and wouldn't have been | 1636 // If the cookie is equivalent to the new cookie and wouldn't have been |
1649 // skipped for being HTTP-only, record that it is a skipped secure cookie | 1637 // skipped for being HTTP-only, record that it is a skipped secure cookie |
1650 // that would have been deleted otherwise. | 1638 // that would have been deleted otherwise. |
1651 if (ecc.IsEquivalent(*cc)) { | 1639 if (ecc.IsEquivalent(*cc)) { |
1652 found_equivalent_cookie = true; | 1640 found_equivalent_cookie = true; |
1653 | 1641 |
(...skipping 104 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1758 bool CookieMonster::SetCanonicalCookie(std::unique_ptr<CanonicalCookie> cc, | 1746 bool CookieMonster::SetCanonicalCookie(std::unique_ptr<CanonicalCookie> cc, |
1759 const GURL& source_url, | 1747 const GURL& source_url, |
1760 const CookieOptions& options) { | 1748 const CookieOptions& options) { |
1761 DCHECK(thread_checker_.CalledOnValidThread()); | 1749 DCHECK(thread_checker_.CalledOnValidThread()); |
1762 | 1750 |
1763 Time creation_time = cc->CreationDate(); | 1751 Time creation_time = cc->CreationDate(); |
1764 const std::string key(GetKey(cc->Domain())); | 1752 const std::string key(GetKey(cc->Domain())); |
1765 bool already_expired = cc->IsExpired(creation_time); | 1753 bool already_expired = cc->IsExpired(creation_time); |
1766 | 1754 |
1767 if (DeleteAnyEquivalentCookie(key, *cc, source_url, | 1755 if (DeleteAnyEquivalentCookie(key, *cc, source_url, |
1768 options.exclude_httponly(), already_expired, | 1756 options.exclude_httponly(), already_expired)) { |
1769 options.enforce_strict_secure())) { | |
1770 std::string error; | 1757 std::string error; |
1771 if (options.enforce_strict_secure()) { | 1758 error = |
1772 error = | 1759 "SetCookie() not clobbering httponly cookie or secure cookie for " |
1773 "SetCookie() not clobbering httponly cookie or secure cookie for " | 1760 "insecure scheme"; |
1774 "insecure scheme"; | |
1775 } else { | |
1776 error = "SetCookie() not clobbering httponly cookie"; | |
1777 } | |
1778 | 1761 |
1779 VLOG(kVlogSetCookies) << error; | 1762 VLOG(kVlogSetCookies) << error; |
1780 return false; | 1763 return false; |
1781 } | 1764 } |
1782 | 1765 |
1783 VLOG(kVlogSetCookies) << "SetCookie() key: " << key | 1766 VLOG(kVlogSetCookies) << "SetCookie() key: " << key |
1784 << " cc: " << cc->DebugString(); | 1767 << " cc: " << cc->DebugString(); |
1785 | 1768 |
1786 // Realize that we might be setting an expired cookie, and the only point | 1769 // Realize that we might be setting an expired cookie, and the only point |
1787 // was to delete the cookie which we've already done. | 1770 // was to delete the cookie which we've already done. |
1788 if (!already_expired) { | 1771 if (!already_expired) { |
1789 // See InitializeHistograms() for details. | 1772 // See InitializeHistograms() for details. |
1790 if (cc->IsPersistent()) { | 1773 if (cc->IsPersistent()) { |
1791 histogram_expiration_duration_minutes_->Add( | 1774 histogram_expiration_duration_minutes_->Add( |
1792 (cc->ExpiryDate() - creation_time).InMinutes()); | 1775 (cc->ExpiryDate() - creation_time).InMinutes()); |
1793 } | 1776 } |
1794 | 1777 |
1795 InternalInsertCookie(key, std::move(cc), source_url, true); | 1778 InternalInsertCookie(key, std::move(cc), source_url, true); |
1796 } else { | 1779 } else { |
1797 VLOG(kVlogSetCookies) << "SetCookie() not storing already expired cookie."; | 1780 VLOG(kVlogSetCookies) << "SetCookie() not storing already expired cookie."; |
1798 } | 1781 } |
1799 | 1782 |
1800 // We assume that hopefully setting a cookie will be less common than | 1783 // We assume that hopefully setting a cookie will be less common than |
1801 // querying a cookie. Since setting a cookie can put us over our limits, | 1784 // querying a cookie. Since setting a cookie can put us over our limits, |
1802 // make sure that we garbage collect... We can also make the assumption that | 1785 // make sure that we garbage collect... We can also make the assumption that |
1803 // if a cookie was set, in the common case it will be used soon after, | 1786 // if a cookie was set, in the common case it will be used soon after, |
1804 // and we will purge the expired cookies in GetCookies(). | 1787 // and we will purge the expired cookies in GetCookies(). |
1805 GarbageCollect(creation_time, key, options.enforce_strict_secure()); | 1788 GarbageCollect(creation_time, key); |
1806 | 1789 |
1807 return true; | 1790 return true; |
1808 } | 1791 } |
1809 | 1792 |
1810 bool CookieMonster::SetCanonicalCookies(const CookieList& list) { | 1793 bool CookieMonster::SetCanonicalCookies(const CookieList& list) { |
1811 DCHECK(thread_checker_.CalledOnValidThread()); | 1794 DCHECK(thread_checker_.CalledOnValidThread()); |
1812 | 1795 |
1813 CookieOptions options; | 1796 CookieOptions options; |
1814 options.set_include_httponly(); | 1797 options.set_include_httponly(); |
1815 | 1798 |
(...skipping 57 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1873 ChangeCausePair mapping = kChangeCauseMapping[deletion_cause]; | 1856 ChangeCausePair mapping = kChangeCauseMapping[deletion_cause]; |
1874 if (delegate_.get() && mapping.notify) | 1857 if (delegate_.get() && mapping.notify) |
1875 delegate_->OnCookieChanged(*cc, true, mapping.cause); | 1858 delegate_->OnCookieChanged(*cc, true, mapping.cause); |
1876 RunCookieChangedCallbacks(*cc, mapping.cause); | 1859 RunCookieChangedCallbacks(*cc, mapping.cause); |
1877 cookies_.erase(it); | 1860 cookies_.erase(it); |
1878 } | 1861 } |
1879 | 1862 |
1880 // Domain expiry behavior is unchanged by key/expiry scheme (the | 1863 // Domain expiry behavior is unchanged by key/expiry scheme (the |
1881 // meaning of the key is different, but that's not visible to this routine). | 1864 // meaning of the key is different, but that's not visible to this routine). |
1882 size_t CookieMonster::GarbageCollect(const Time& current, | 1865 size_t CookieMonster::GarbageCollect(const Time& current, |
1883 const std::string& key, | 1866 const std::string& key) { |
1884 bool enforce_strict_secure) { | |
1885 DCHECK(thread_checker_.CalledOnValidThread()); | 1867 DCHECK(thread_checker_.CalledOnValidThread()); |
1886 | 1868 |
1887 size_t num_deleted = 0; | 1869 size_t num_deleted = 0; |
1888 Time safe_date(Time::Now() - TimeDelta::FromDays(kSafeFromGlobalPurgeDays)); | 1870 Time safe_date(Time::Now() - TimeDelta::FromDays(kSafeFromGlobalPurgeDays)); |
1889 | 1871 |
1890 // Collect garbage for this key, minding cookie priorities. | 1872 // Collect garbage for this key, minding cookie priorities. |
1891 if (cookies_.count(key) > kDomainMaxCookies) { | 1873 if (cookies_.count(key) > kDomainMaxCookies) { |
1892 VLOG(kVlogGarbageCollection) << "GarbageCollect() key: " << key; | 1874 VLOG(kVlogGarbageCollection) << "GarbageCollect() key: " << key; |
1893 | 1875 |
1894 CookieItVector* cookie_its; | 1876 CookieItVector* cookie_its; |
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1932 // 4. High-priority non-secure cookies. | 1914 // 4. High-priority non-secure cookies. |
1933 {COOKIE_PRIORITY_HIGH, true}, | 1915 {COOKIE_PRIORITY_HIGH, true}, |
1934 // 5. Medium-priority secure cookies. | 1916 // 5. Medium-priority secure cookies. |
1935 {COOKIE_PRIORITY_MEDIUM, false}, | 1917 {COOKIE_PRIORITY_MEDIUM, false}, |
1936 // 6. High-priority secure cookies. | 1918 // 6. High-priority secure cookies. |
1937 {COOKIE_PRIORITY_HIGH, false}, | 1919 {COOKIE_PRIORITY_HIGH, false}, |
1938 }; | 1920 }; |
1939 | 1921 |
1940 size_t quota = 0; | 1922 size_t quota = 0; |
1941 for (const auto& purge_round : purge_rounds) { | 1923 for (const auto& purge_round : purge_rounds) { |
1942 // Only observe the non-secure purge rounds if strict secure cookies is | |
1943 // enabled. | |
1944 if (!enforce_strict_secure && purge_round.protect_secure_cookies) | |
1945 continue; | |
1946 | |
1947 // Adjust quota according to the priority of cookies. Each round should | 1924 // Adjust quota according to the priority of cookies. Each round should |
1948 // protect certain number of cookies in order to avoid starvation. | 1925 // protect certain number of cookies in order to avoid starvation. |
1949 // For example, when each round starts to remove cookies, the number of | 1926 // For example, when each round starts to remove cookies, the number of |
1950 // cookies of that priority are counted and a decision whether they | 1927 // cookies of that priority are counted and a decision whether they |
1951 // should be deleted or not is made. If yes, some number of cookies of | 1928 // should be deleted or not is made. If yes, some number of cookies of |
1952 // that priority are deleted considering the quota. | 1929 // that priority are deleted considering the quota. |
1953 switch (purge_round.priority) { | 1930 switch (purge_round.priority) { |
1954 case COOKIE_PRIORITY_LOW: | 1931 case COOKIE_PRIORITY_LOW: |
1955 quota = kDomainCookiesQuotaLow; | 1932 quota = kDomainCookiesQuotaLow; |
1956 break; | 1933 break; |
1957 case COOKIE_PRIORITY_MEDIUM: | 1934 case COOKIE_PRIORITY_MEDIUM: |
1958 quota = kDomainCookiesQuotaMedium; | 1935 quota = kDomainCookiesQuotaMedium; |
1959 break; | 1936 break; |
1960 case COOKIE_PRIORITY_HIGH: | 1937 case COOKIE_PRIORITY_HIGH: |
1961 quota = kDomainCookiesQuotaHigh; | 1938 quota = kDomainCookiesQuotaHigh; |
1962 break; | 1939 break; |
1963 } | 1940 } |
1964 size_t just_deleted = 0u; | 1941 size_t just_deleted = 0u; |
1965 // Purge up to |purge_goal| for all cookies at the given priority. This | 1942 // Purge up to |purge_goal| for all cookies at the given priority. This |
1966 // path will always execute if strict secure cookies is disabled since | 1943 // path will be taken only if the initial non-secure purge did not evict |
1967 // |purge_goal| must be positive because of the for-loop guard. If | 1944 // enough cookies. |
1968 // strict secure cookies is enabled, this path will be taken only if the | |
1969 // initial non-secure purge did not evict enough cookies. | |
1970 if (purge_goal > 0) { | 1945 if (purge_goal > 0) { |
1971 just_deleted = PurgeLeastRecentMatches( | 1946 just_deleted = PurgeLeastRecentMatches( |
1972 cookie_its, purge_round.priority, quota, purge_goal, | 1947 cookie_its, purge_round.priority, quota, purge_goal, |
1973 purge_round.protect_secure_cookies); | 1948 purge_round.protect_secure_cookies); |
1974 DCHECK_LE(just_deleted, purge_goal); | 1949 DCHECK_LE(just_deleted, purge_goal); |
1975 purge_goal -= just_deleted; | 1950 purge_goal -= just_deleted; |
1976 num_deleted += just_deleted; | 1951 num_deleted += just_deleted; |
1977 } | 1952 } |
1978 } | 1953 } |
1979 | 1954 |
1980 DCHECK_EQ(0u, purge_goal); | 1955 DCHECK_EQ(0u, purge_goal); |
1981 } | 1956 } |
1982 } | 1957 } |
1983 | 1958 |
1984 // Collect garbage for everything. With firefox style we want to preserve | 1959 // Collect garbage for everything. With firefox style we want to preserve |
1985 // cookies accessed in kSafeFromGlobalPurgeDays, otherwise evict. | 1960 // cookies accessed in kSafeFromGlobalPurgeDays, otherwise evict. |
1986 if (cookies_.size() > kMaxCookies && earliest_access_time_ < safe_date) { | 1961 if (cookies_.size() > kMaxCookies && earliest_access_time_ < safe_date) { |
1987 VLOG(kVlogGarbageCollection) << "GarbageCollect() everything"; | 1962 VLOG(kVlogGarbageCollection) << "GarbageCollect() everything"; |
1988 CookieItVector cookie_its; | 1963 CookieItVector cookie_its; |
1989 | 1964 |
1990 num_deleted += GarbageCollectExpired( | 1965 num_deleted += GarbageCollectExpired( |
1991 current, CookieMapItPair(cookies_.begin(), cookies_.end()), | 1966 current, CookieMapItPair(cookies_.begin(), cookies_.end()), |
1992 &cookie_its); | 1967 &cookie_its); |
1993 | 1968 |
1994 if (cookie_its.size() > kMaxCookies) { | 1969 if (cookie_its.size() > kMaxCookies) { |
1995 VLOG(kVlogGarbageCollection) << "Deep Garbage Collect everything."; | 1970 VLOG(kVlogGarbageCollection) << "Deep Garbage Collect everything."; |
1996 size_t purge_goal = cookie_its.size() - (kMaxCookies - kPurgeCookies); | 1971 size_t purge_goal = cookie_its.size() - (kMaxCookies - kPurgeCookies); |
1997 DCHECK(purge_goal > kPurgeCookies); | 1972 DCHECK(purge_goal > kPurgeCookies); |
1998 | 1973 |
1999 if (enforce_strict_secure) { | 1974 CookieItVector secure_cookie_its; |
2000 CookieItVector secure_cookie_its; | 1975 CookieItVector non_secure_cookie_its; |
2001 CookieItVector non_secure_cookie_its; | 1976 SplitCookieVectorIntoSecureAndNonSecure(cookie_its, &secure_cookie_its, |
2002 SplitCookieVectorIntoSecureAndNonSecure(cookie_its, &secure_cookie_its, | 1977 &non_secure_cookie_its); |
2003 &non_secure_cookie_its); | 1978 size_t non_secure_purge_goal = |
2004 size_t non_secure_purge_goal = | 1979 std::min<size_t>(purge_goal, non_secure_cookie_its.size() - 1); |
2005 std::min<size_t>(purge_goal, non_secure_cookie_its.size() - 1); | |
2006 | 1980 |
2007 size_t just_deleted = GarbageCollectLeastRecentlyAccessed( | 1981 size_t just_deleted = GarbageCollectLeastRecentlyAccessed( |
2008 current, safe_date, non_secure_purge_goal, non_secure_cookie_its); | 1982 current, safe_date, non_secure_purge_goal, non_secure_cookie_its); |
2009 num_deleted += just_deleted; | 1983 num_deleted += just_deleted; |
2010 | 1984 |
2011 if (just_deleted < purge_goal) { | 1985 if (just_deleted < purge_goal && secure_cookie_its.size() > 0) { |
2012 size_t secure_purge_goal = std::min<size_t>( | 1986 size_t secure_purge_goal = std::min<size_t>( |
2013 purge_goal - just_deleted, secure_cookie_its.size() - 1); | 1987 purge_goal - just_deleted, secure_cookie_its.size() - 1); |
2014 num_deleted += GarbageCollectLeastRecentlyAccessed( | |
2015 current, safe_date, secure_purge_goal, secure_cookie_its); | |
2016 } | |
2017 } else { | |
2018 num_deleted += GarbageCollectLeastRecentlyAccessed( | 1988 num_deleted += GarbageCollectLeastRecentlyAccessed( |
2019 current, safe_date, purge_goal, cookie_its); | 1989 current, safe_date, secure_purge_goal, secure_cookie_its); |
2020 } | 1990 } |
2021 } | 1991 } |
2022 } | 1992 } |
2023 | 1993 |
2024 return num_deleted; | 1994 return num_deleted; |
2025 } | 1995 } |
2026 | 1996 |
2027 size_t CookieMonster::PurgeLeastRecentMatches(CookieItVector* cookies, | 1997 size_t CookieMonster::PurgeLeastRecentMatches(CookieItVector* cookies, |
2028 CookiePriority priority, | 1998 CookiePriority priority, |
2029 size_t to_protect, | 1999 size_t to_protect, |
(...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2119 CookieItVector cookie_its) { | 2089 CookieItVector cookie_its) { |
2120 DCHECK(thread_checker_.CalledOnValidThread()); | 2090 DCHECK(thread_checker_.CalledOnValidThread()); |
2121 | 2091 |
2122 // Sorts up to *and including* |cookie_its[purge_goal]|, so | 2092 // Sorts up to *and including* |cookie_its[purge_goal]|, so |
2123 // |earliest_access_time| will be properly assigned even if | 2093 // |earliest_access_time| will be properly assigned even if |
2124 // |global_purge_it| == |cookie_its.begin() + purge_goal|. | 2094 // |global_purge_it| == |cookie_its.begin() + purge_goal|. |
2125 SortLeastRecentlyAccessed(cookie_its.begin(), cookie_its.end(), purge_goal); | 2095 SortLeastRecentlyAccessed(cookie_its.begin(), cookie_its.end(), purge_goal); |
2126 // Find boundary to cookies older than safe_date. | 2096 // Find boundary to cookies older than safe_date. |
2127 CookieItVector::iterator global_purge_it = LowerBoundAccessDate( | 2097 CookieItVector::iterator global_purge_it = LowerBoundAccessDate( |
2128 cookie_its.begin(), cookie_its.begin() + purge_goal, safe_date); | 2098 cookie_its.begin(), cookie_its.begin() + purge_goal, safe_date); |
2129 // Only delete the old cookies, and if strict secure is enabled, delete | 2099 // Only delete the old cookies and delete non-secure ones first. |
2130 // non-secure ones first. | |
2131 size_t num_deleted = | 2100 size_t num_deleted = |
2132 GarbageCollectDeleteRange(current, DELETE_COOKIE_EVICTED_GLOBAL, | 2101 GarbageCollectDeleteRange(current, DELETE_COOKIE_EVICTED_GLOBAL, |
2133 cookie_its.begin(), global_purge_it); | 2102 cookie_its.begin(), global_purge_it); |
2134 // Set access day to the oldest cookie that wasn't deleted. | 2103 // Set access day to the oldest cookie that wasn't deleted. |
2135 earliest_access_time_ = (*global_purge_it)->second->LastAccessDate(); | 2104 earliest_access_time_ = (*global_purge_it)->second->LastAccessDate(); |
2136 return num_deleted; | 2105 return num_deleted; |
2137 } | 2106 } |
2138 | 2107 |
2139 // A wrapper around registry_controlled_domains::GetDomainAndRegistry | 2108 // A wrapper around registry_controlled_domains::GetDomainAndRegistry |
2140 // to make clear we're creating a key for our local map. Here and | 2109 // to make clear we're creating a key for our local map. Here and |
(...skipping 258 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2399 it != hook_map_.end(); ++it) { | 2368 it != hook_map_.end(); ++it) { |
2400 std::pair<GURL, std::string> key = it->first; | 2369 std::pair<GURL, std::string> key = it->first; |
2401 if (cookie.IncludeForRequestURL(key.first, opts) && | 2370 if (cookie.IncludeForRequestURL(key.first, opts) && |
2402 cookie.Name() == key.second) { | 2371 cookie.Name() == key.second) { |
2403 it->second->Notify(cookie, cause); | 2372 it->second->Notify(cookie, cause); |
2404 } | 2373 } |
2405 } | 2374 } |
2406 } | 2375 } |
2407 | 2376 |
2408 } // namespace net | 2377 } // namespace net |
OLD | NEW |