OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // Portions of this code based on Mozilla: | 5 // Portions of this code based on Mozilla: |
6 // (netwerk/cookie/src/nsCookieService.cpp) | 6 // (netwerk/cookie/src/nsCookieService.cpp) |
7 /* ***** BEGIN LICENSE BLOCK ***** | 7 /* ***** BEGIN LICENSE BLOCK ***** |
8 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 8 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
9 * | 9 * |
10 * The contents of this file are subject to the Mozilla Public License Version | 10 * The contents of this file are subject to the Mozilla Public License Version |
(...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
43 * ***** END LICENSE BLOCK ***** */ | 43 * ***** END LICENSE BLOCK ***** */ |
44 | 44 |
45 #include "net/cookies/canonical_cookie.h" | 45 #include "net/cookies/canonical_cookie.h" |
46 | 46 |
47 #include "base/format_macros.h" | 47 #include "base/format_macros.h" |
48 #include "base/logging.h" | 48 #include "base/logging.h" |
49 #include "base/memory/ptr_util.h" | 49 #include "base/memory/ptr_util.h" |
50 #include "base/metrics/histogram_macros.h" | 50 #include "base/metrics/histogram_macros.h" |
51 #include "base/strings/string_util.h" | 51 #include "base/strings/string_util.h" |
52 #include "base/strings/stringprintf.h" | 52 #include "base/strings/stringprintf.h" |
53 #include "net/base/url_util.h" | |
53 #include "net/cookies/cookie_util.h" | 54 #include "net/cookies/cookie_util.h" |
54 #include "net/cookies/parsed_cookie.h" | 55 #include "net/cookies/parsed_cookie.h" |
55 #include "url/gurl.h" | 56 #include "url/gurl.h" |
56 #include "url/url_canon.h" | 57 #include "url/url_canon.h" |
58 #include "url/url_util.h" | |
57 | 59 |
58 using base::Time; | 60 using base::Time; |
59 using base::TimeDelta; | 61 using base::TimeDelta; |
60 | 62 |
61 namespace net { | 63 namespace net { |
62 | 64 |
63 namespace { | 65 namespace { |
64 | 66 |
65 const int kVlogSetCookies = 7; | 67 const int kVlogSetCookies = 7; |
66 | 68 |
(...skipping 164 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
231 CookiePrefix prefix = CanonicalCookie::GetCookiePrefix(parsed_cookie.Name()); | 233 CookiePrefix prefix = CanonicalCookie::GetCookiePrefix(parsed_cookie.Name()); |
232 bool is_cookie_valid = | 234 bool is_cookie_valid = |
233 CanonicalCookie::IsCookiePrefixValid(prefix, url, parsed_cookie); | 235 CanonicalCookie::IsCookiePrefixValid(prefix, url, parsed_cookie); |
234 CanonicalCookie::RecordCookiePrefixMetrics(prefix, is_cookie_valid); | 236 CanonicalCookie::RecordCookiePrefixMetrics(prefix, is_cookie_valid); |
235 if (!is_cookie_valid) { | 237 if (!is_cookie_valid) { |
236 VLOG(kVlogSetCookies) | 238 VLOG(kVlogSetCookies) |
237 << "Create() failed because the cookie violated prefix rules."; | 239 << "Create() failed because the cookie violated prefix rules."; |
238 return nullptr; | 240 return nullptr; |
239 } | 241 } |
240 | 242 |
241 return base::WrapUnique(new CanonicalCookie( | 243 std::unique_ptr<CanonicalCookie> cc(base::WrapUnique(new CanonicalCookie( |
mmenke
2017/06/09 18:25:49
base::MakeUnique (pre-existing issue)
Randy Smith (Not in Mondays)
2017/06/09 19:38:32
Done.
| |
242 parsed_cookie.Name(), parsed_cookie.Value(), cookie_domain, cookie_path, | 244 parsed_cookie.Name(), parsed_cookie.Value(), cookie_domain, cookie_path, |
243 creation_time, cookie_expires, creation_time, parsed_cookie.IsSecure(), | 245 creation_time, cookie_expires, creation_time, parsed_cookie.IsSecure(), |
244 parsed_cookie.IsHttpOnly(), parsed_cookie.SameSite(), | 246 parsed_cookie.IsHttpOnly(), parsed_cookie.SameSite(), |
245 parsed_cookie.Priority())); | 247 parsed_cookie.Priority()))); |
248 DCHECK(cc->IsCanonical()); | |
mmenke
2017/06/09 18:25:49
Random comment: Come to think of it, we do have s
Randy Smith (Not in Mondays)
2017/06/09 19:38:33
Acknowledged.
| |
249 return cc; | |
246 } | 250 } |
247 | 251 |
248 bool CanonicalCookie::IsEquivalentForSecureCookieMatching( | 252 bool CanonicalCookie::IsEquivalentForSecureCookieMatching( |
249 const CanonicalCookie& ecc) const { | 253 const CanonicalCookie& ecc) const { |
250 return (name_ == ecc.Name() && (ecc.IsDomainMatch(DomainWithoutDot()) || | 254 return (name_ == ecc.Name() && (ecc.IsDomainMatch(DomainWithoutDot()) || |
251 IsDomainMatch(ecc.DomainWithoutDot())) && | 255 IsDomainMatch(ecc.DomainWithoutDot())) && |
252 ecc.IsOnPath(Path())); | 256 ecc.IsOnPath(Path())); |
253 } | 257 } |
254 | 258 |
255 bool CanonicalCookie::IsOnPath(const std::string& url_path) const { | 259 bool CanonicalCookie::IsOnPath(const std::string& url_path) const { |
(...skipping 136 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
392 | 396 |
393 if (IsSecure() != other.IsSecure()) | 397 if (IsSecure() != other.IsSecure()) |
394 return IsSecure(); | 398 return IsSecure(); |
395 | 399 |
396 if (IsHttpOnly() != other.IsHttpOnly()) | 400 if (IsHttpOnly() != other.IsHttpOnly()) |
397 return IsHttpOnly(); | 401 return IsHttpOnly(); |
398 | 402 |
399 return Priority() < other.Priority(); | 403 return Priority() < other.Priority(); |
400 } | 404 } |
401 | 405 |
406 bool CanonicalCookie::IsCanonical() const { | |
407 if (ParsedCookie::ParseTokenString(name_) != name_ || | |
408 ParsedCookie::ParseValueString(value_) != value_ || | |
409 ParsedCookie::ParseValueString(domain_) != domain_ || | |
410 ParsedCookie::ParseValueString(path_) != path_) { | |
mmenke
2017/06/09 18:25:49
I don't think this is enough.
In particular, disa
mmenke
2017/06/09 19:00:47
Also, may be worth testing if there are any paths
Randy Smith (Not in Mondays)
2017/06/09 19:38:32
See comments elsewhere about currently web platfor
Randy Smith (Not in Mondays)
2017/06/09 19:38:32
Sorry, could you say a bit more? I may be confuse
mmenke
2017/06/09 19:53:59
If they go through SetCookieWithOptions, that's en
mmenke
2017/06/09 19:53:59
Oops, I missed the FindFirstTerminator call, and w
| |
411 return false; | |
412 } | |
413 | |
414 url::CanonHostInfo ignored; | |
415 std::string canonical_domain(CanonicalizeHost(domain_, &ignored)); | |
416 // TODO(rdsmith): This specifically allows for empty domains. This is | |
417 // arguable from the spec (the domain attribute may not be empty, but | |
418 // no specification is made as to the value of the cookie domain in | |
419 // the absence of a domain attribute), but are needed for chrome | |
mmenke
2017/06/09 18:25:49
are -> is. Also, should Chrome be capitalized, or
Randy Smith (Not in Mondays)
2017/06/09 19:38:33
Done.
| |
420 // extension cookies. See http://crbug.com/730633 for more information. | |
421 if (!url::HostIsIPAddress(domain_) && !domain_.empty() && | |
mmenke
2017/06/09 18:25:49
instead of url::HostIsIPAddress, can't we just gra
Randy Smith (Not in Mondays)
2017/06/09 19:38:33
Done.
| |
422 canonical_domain != domain_) { | |
mmenke
2017/06/09 18:25:49
If the URL is an IP address, shouldn't canonical_d
Randy Smith (Not in Mondays)
2017/06/09 19:38:32
Is the issue what "canonical" means, i.e. that you
mmenke
2017/06/09 19:53:59
I'm not sure if canonicalizing domain names canoni
mmenke
2017/06/09 20:05:04
So...this is really weird: CanonicalCookie::Creat
Randy Smith (Not in Mondays)
2017/06/11 15:35:24
That's an excellent clarifying question. I think
Randy Smith (Not in Mondays)
2017/06/11 15:35:24
Yeah, that fits with my understanding, and it soun
mmenke
2017/06/12 15:27:00
I think that's reasonable, and should be documente
mmenke
2017/06/12 15:27:00
I agree this CL shouldn't try to change behavior,
Randy Smith (Not in Mondays)
2017/06/13 15:06:02
Ignore the above about modification times; they do
Randy Smith (Not in Mondays)
2017/06/13 20:37:35
Huh. Good point. I think the only code modificat
| |
423 return false; | |
424 } | |
425 | |
426 if (path_.empty() || path_[0] != '/') | |
mmenke
2017/06/09 18:25:49
Hrm...I guess we do nothing about invalid characte
Randy Smith (Not in Mondays)
2017/06/09 19:38:32
That sounds right to me, though if there's anythin
| |
427 return false; | |
428 | |
429 return true; | |
mmenke
2017/06/09 18:25:49
What if there's no creation time, or the creation
Randy Smith (Not in Mondays)
2017/06/09 19:38:32
As noted above, I'd like to put in the Mojo-requir
mmenke
2017/06/12 15:27:00
I think that's fine. Part of the trouble I'm havi
mmenke
2017/06/12 15:28:48
Another option would be to land this largely as-is
Randy Smith (Not in Mondays)
2017/06/13 15:06:02
I see that as part of the basic philosophical tens
Randy Smith (Not in Mondays)
2017/06/13 15:06:02
Not really any point; let's keep the CL conceptual
| |
430 } | |
431 | |
402 // static | 432 // static |
403 CanonicalCookie::CookiePrefix CanonicalCookie::GetCookiePrefix( | 433 CanonicalCookie::CookiePrefix CanonicalCookie::GetCookiePrefix( |
404 const std::string& name) { | 434 const std::string& name) { |
405 const char kSecurePrefix[] = "__Secure-"; | 435 const char kSecurePrefix[] = "__Secure-"; |
406 const char kHostPrefix[] = "__Host-"; | 436 const char kHostPrefix[] = "__Host-"; |
407 if (base::StartsWith(name, kSecurePrefix, base::CompareCase::SENSITIVE)) | 437 if (base::StartsWith(name, kSecurePrefix, base::CompareCase::SENSITIVE)) |
408 return CanonicalCookie::COOKIE_PREFIX_SECURE; | 438 return CanonicalCookie::COOKIE_PREFIX_SECURE; |
409 if (base::StartsWith(name, kHostPrefix, base::CompareCase::SENSITIVE)) | 439 if (base::StartsWith(name, kHostPrefix, base::CompareCase::SENSITIVE)) |
410 return CanonicalCookie::COOKIE_PREFIX_HOST; | 440 return CanonicalCookie::COOKIE_PREFIX_HOST; |
411 return CanonicalCookie::COOKIE_PREFIX_NONE; | 441 return CanonicalCookie::COOKIE_PREFIX_NONE; |
(...skipping 30 matching lines...) Expand all Loading... | |
442 return true; | 472 return true; |
443 } | 473 } |
444 | 474 |
445 std::string CanonicalCookie::DomainWithoutDot() const { | 475 std::string CanonicalCookie::DomainWithoutDot() const { |
446 if (domain_.empty() || domain_[0] != '.') | 476 if (domain_.empty() || domain_[0] != '.') |
447 return domain_; | 477 return domain_; |
448 return domain_.substr(1); | 478 return domain_.substr(1); |
449 } | 479 } |
450 | 480 |
451 } // namespace net | 481 } // namespace net |
OLD | NEW |