Index: net/cookies/cookie_monster.cc |
diff --git a/net/cookies/cookie_monster.cc b/net/cookies/cookie_monster.cc |
index b656d83e6c078a0594dfd3c0f76d87ca0ea78488..ad56044a057031fe6483002bd272e80629272963 100644 |
--- a/net/cookies/cookie_monster.cc |
+++ b/net/cookies/cookie_monster.cc |
@@ -406,7 +406,6 @@ class CookieMonster::SetCookieWithDetailsTask : public CookieMonsterTask { |
bool secure, |
bool http_only, |
CookieSameSite same_site, |
- bool enforce_strict_secure, |
CookiePriority priority, |
const SetCookiesCallback& callback) |
: CookieMonsterTask(cookie_monster), |
@@ -421,7 +420,6 @@ class CookieMonster::SetCookieWithDetailsTask : public CookieMonsterTask { |
secure_(secure), |
http_only_(http_only), |
same_site_(same_site), |
- enforce_strict_secure_(enforce_strict_secure), |
priority_(priority), |
callback_(callback) {} |
@@ -443,7 +441,6 @@ class CookieMonster::SetCookieWithDetailsTask : public CookieMonsterTask { |
bool secure_; |
bool http_only_; |
CookieSameSite same_site_; |
- bool enforce_strict_secure_; |
CookiePriority priority_; |
SetCookiesCallback callback_; |
@@ -453,8 +450,7 @@ class CookieMonster::SetCookieWithDetailsTask : public CookieMonsterTask { |
void CookieMonster::SetCookieWithDetailsTask::Run() { |
bool success = this->cookie_monster()->SetCookieWithDetails( |
url_, name_, value_, domain_, path_, creation_time_, expiration_time_, |
- last_access_time_, secure_, http_only_, same_site_, |
- enforce_strict_secure_, priority_); |
+ last_access_time_, secure_, http_only_, same_site_, priority_); |
if (!callback_.is_null()) |
callback_.Run(success); |
} |
@@ -847,13 +843,11 @@ void CookieMonster::SetCookieWithDetailsAsync( |
bool secure, |
bool http_only, |
CookieSameSite same_site, |
- bool enforce_strict_secure, |
CookiePriority priority, |
const SetCookiesCallback& callback) { |
scoped_refptr<SetCookieWithDetailsTask> task = new SetCookieWithDetailsTask( |
this, url, name, value, domain, path, creation_time, expiration_time, |
- last_access_time, secure, http_only, same_site, enforce_strict_secure, |
- priority, callback); |
+ last_access_time, secure, http_only, same_site, priority, callback); |
DoCookieTaskForURL(task, url); |
} |
@@ -1040,7 +1034,6 @@ bool CookieMonster::SetCookieWithDetails(const GURL& url, |
bool secure, |
bool http_only, |
CookieSameSite same_site, |
- bool enforce_strict_secure, |
CookiePriority priority) { |
DCHECK(thread_checker_.CalledOnValidThread()); |
@@ -1059,7 +1052,7 @@ bool CookieMonster::SetCookieWithDetails(const GURL& url, |
std::unique_ptr<CanonicalCookie> cc(CanonicalCookie::Create( |
url, name, value, domain, path, actual_creation_time, expiration_time, |
- secure, http_only, same_site, enforce_strict_secure, priority)); |
+ secure, http_only, same_site, priority)); |
if (!cc.get()) |
return false; |
@@ -1071,8 +1064,6 @@ bool CookieMonster::SetCookieWithDetails(const GURL& url, |
options.set_include_httponly(); |
options.set_same_site_cookie_mode( |
CookieOptions::SameSiteCookieMode::INCLUDE_STRICT_AND_LAX); |
- if (enforce_strict_secure) |
- options.set_enforce_strict_secure(); |
return SetCanonicalCookie(std::move(cc), url, options); |
} |
@@ -1608,8 +1599,7 @@ bool CookieMonster::DeleteAnyEquivalentCookie(const std::string& key, |
const CanonicalCookie& ecc, |
const GURL& source_url, |
bool skip_httponly, |
- bool already_expired, |
- bool enforce_strict_secure) { |
+ bool already_expired) { |
DCHECK(thread_checker_.CalledOnValidThread()); |
bool found_equivalent_cookie = false; |
@@ -1624,15 +1614,13 @@ bool CookieMonster::DeleteAnyEquivalentCookie(const std::string& key, |
CanonicalCookie* cc = curit->second.get(); |
++its.first; |
- // If strict secure cookies is being enforced, then the equivalency |
- // requirements are looser. If the cookie is being set from an insecure |
- // scheme, then if a cookie already exists with the same name and it is |
- // Secure, then the cookie should *not* be updated if they domain-match and |
- // ignoring the path attribute. |
+ // If the cookie is being set from an insecure scheme, then if a cookie |
+ // already exists with the same name and it is Secure, then the cookie |
+ // should *not* be updated if they domain-match and ignoring the path |
+ // attribute. |
// |
// See: https://tools.ietf.org/html/draft-west-leave-secure-cookies-alone |
Mike West
2017/01/14 06:24:01
Nit: We should update these references to https://
jww
2017/01/24 18:09:25
Done.
|
- if (enforce_strict_secure && cc->IsSecure() && |
- !source_url.SchemeIsCryptographic() && |
+ if (cc->IsSecure() && !source_url.SchemeIsCryptographic() && |
ecc.IsEquivalentForSecureCookieMatching(*cc)) { |
skipped_secure_cookie = true; |
histogram_cookie_delete_equivalent_->Add( |
@@ -1757,16 +1745,11 @@ bool CookieMonster::SetCanonicalCookie(std::unique_ptr<CanonicalCookie> cc, |
bool already_expired = cc->IsExpired(creation_time); |
if (DeleteAnyEquivalentCookie(key, *cc, source_url, |
- options.exclude_httponly(), already_expired, |
- options.enforce_strict_secure())) { |
+ options.exclude_httponly(), already_expired)) { |
std::string error; |
- if (options.enforce_strict_secure()) { |
- error = |
- "SetCookie() not clobbering httponly cookie or secure cookie for " |
- "insecure scheme"; |
- } else { |
- error = "SetCookie() not clobbering httponly cookie"; |
- } |
+ error = |
+ "SetCookie() not clobbering httponly cookie or secure cookie for " |
+ "insecure scheme"; |
VLOG(kVlogSetCookies) << error; |
return false; |
@@ -1794,7 +1777,7 @@ bool CookieMonster::SetCanonicalCookie(std::unique_ptr<CanonicalCookie> cc, |
// make sure that we garbage collect... We can also make the assumption that |
// if a cookie was set, in the common case it will be used soon after, |
// and we will purge the expired cookies in GetCookies(). |
- GarbageCollect(creation_time, key, options.enforce_strict_secure()); |
+ GarbageCollect(creation_time, key); |
return true; |
} |
@@ -1867,8 +1850,7 @@ void CookieMonster::InternalDeleteCookie(CookieMap::iterator it, |
// Domain expiry behavior is unchanged by key/expiry scheme (the |
// meaning of the key is different, but that's not visible to this routine). |
size_t CookieMonster::GarbageCollect(const Time& current, |
- const std::string& key, |
- bool enforce_strict_secure) { |
+ const std::string& key) { |
DCHECK(thread_checker_.CalledOnValidThread()); |
size_t num_deleted = 0; |
@@ -1926,11 +1908,6 @@ size_t CookieMonster::GarbageCollect(const Time& current, |
size_t quota = 0; |
for (const auto& purge_round : purge_rounds) { |
- // Only observe the non-secure purge rounds if strict secure cookies is |
- // enabled. |
- if (!enforce_strict_secure && purge_round.protect_secure_cookies) |
- continue; |
- |
// Adjust quota according to the priority of cookies. Each round should |
// protect certain number of cookies in order to avoid starvation. |
// For example, when each round starts to remove cookies, the number of |
@@ -1983,27 +1960,22 @@ size_t CookieMonster::GarbageCollect(const Time& current, |
size_t purge_goal = cookie_its.size() - (kMaxCookies - kPurgeCookies); |
DCHECK(purge_goal > kPurgeCookies); |
- if (enforce_strict_secure) { |
- CookieItVector secure_cookie_its; |
- CookieItVector non_secure_cookie_its; |
- SplitCookieVectorIntoSecureAndNonSecure(cookie_its, &secure_cookie_its, |
- &non_secure_cookie_its); |
- size_t non_secure_purge_goal = |
- std::min<size_t>(purge_goal, non_secure_cookie_its.size() - 1); |
- |
- size_t just_deleted = GarbageCollectLeastRecentlyAccessed( |
- current, safe_date, non_secure_purge_goal, non_secure_cookie_its); |
- num_deleted += just_deleted; |
- |
- if (just_deleted < purge_goal) { |
- size_t secure_purge_goal = std::min<size_t>( |
- purge_goal - just_deleted, secure_cookie_its.size() - 1); |
- num_deleted += GarbageCollectLeastRecentlyAccessed( |
- current, safe_date, secure_purge_goal, secure_cookie_its); |
- } |
- } else { |
+ CookieItVector secure_cookie_its; |
+ CookieItVector non_secure_cookie_its; |
+ SplitCookieVectorIntoSecureAndNonSecure(cookie_its, &secure_cookie_its, |
+ &non_secure_cookie_its); |
+ size_t non_secure_purge_goal = |
+ std::min<size_t>(purge_goal, non_secure_cookie_its.size() - 1); |
+ |
+ size_t just_deleted = GarbageCollectLeastRecentlyAccessed( |
+ current, safe_date, non_secure_purge_goal, non_secure_cookie_its); |
+ num_deleted += just_deleted; |
+ |
+ if (just_deleted < purge_goal && secure_cookie_its.size() > 0) { |
+ size_t secure_purge_goal = std::min<size_t>( |
+ purge_goal - just_deleted, secure_cookie_its.size() - 1); |
num_deleted += GarbageCollectLeastRecentlyAccessed( |
- current, safe_date, purge_goal, cookie_its); |
+ current, safe_date, secure_purge_goal, secure_cookie_its); |
Mike West
2017/01/14 06:24:01
Hrm. I don't think we ever updated https://tools.i
jww
2017/01/24 18:09:25
Shared a doc with you: https://docs.google.com/doc
|
} |
} |
} |