Refactor transmission of security of source and http_only mods in cookie_monster.cc.

net/cookies/cookie_monster.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // Brought to you by the letter D and the number 2.
 
 #ifndef NET_COOKIES_COOKIE_MONSTER_H_
 #define NET_COOKIES_COOKIE_MONSTER_H_
 
 #include <stddef.h>
@@ skipping 132 matching lines @@
                 ChannelIDService* channel_id_service);
 
   // Only used during unit testing.
   CookieMonster(PersistentCookieStore* store,
                 CookieMonsterDelegate* delegate,
                 base::TimeDelta last_access_threshold);
 
   ~CookieMonster() override;
 
   // Replaces all the cookies by |list|. This method does not flush the backend.
-  // This method does not support setting secure cookies, which need source
-  // URLs.
-  // TODO(mmenke): This method is only used on iOS. Consider removing it.
+  // TODO(rdsmith, mmenke): Do not use this function; it is deprecated
+  // and should be removed.
+  // See https://codereview.chromium.org/2882063002/#msg64.

[droger, 2017/06/09 12:22:52]

If this function is broken in some way (i.e. does not support secure cookies),
can you say it in the comment?

[Randy Smith (Not in Mondays), 2017/06/09 13:43:34]

It actually isn't, anymore; it's really just doing a "delete all the cookies
that match this list, and insert everything in the list in the store."  I
figured that was what would be assumed from the comment and the name, so I
didn't worry about putting extra information in.

(A possible mis-assumption would be that this function deletes all cookies, not
just the ones that are being overwritten.  If you want, I can clarify that
and/or make it delete all the cookies; just let me know.)

[droger, 2017/06/09 15:17:32]

I just thought (from comments on other CL) that this function was not working
correctly with secure cookies. But if that's not the case, then it's fine like
this.

[droger, 2017/06/09 15:19:25]

Ah, after reading better... actually I fell into this mis-asumption, so it may
be worth clarifying this.

[Randy Smith (Not in Mondays), 2017/06/09 17:41:50]

It used to not work properly with secure cookies, but one of the effects of the
refactor in this CL is that now it does.

[Randy Smith (Not in Mondays), 2017/06/09 17:41:50]

Done.

   void SetAllCookiesAsync(const CookieList& list,
                           const SetCookiesCallback& callback);
 
   // CookieStore implementation.
   void SetCookieWithOptionsAsync(const GURL& url,
                                  const std::string& cookie_line,
                                  const CookieOptions& options,
                                  const SetCookiesCallback& callback) override;
   void SetCookieWithDetailsAsync(const GURL& url,
                                  const std::string& name,
@@ skipping 341 matching lines @@
                                    const CookieOptions& options,
                                    std::vector<CanonicalCookie*>* cookies);
 
   void FindCookiesForKey(const std::string& key,
                          const GURL& url,
                          const CookieOptions& options,
                          const base::Time& current,
                          std::vector<CanonicalCookie*>* cookies);
 
   // Delete any cookies that are equivalent to |ecc| (same path, domain, etc).
-  // |source_url| is the URL that is attempting to set the cookie.
+  // |source_secure| indicates if the source may override existing secure
+  // cookies.
   // If |skip_httponly| is true, httponly cookies will not be deleted.  The
   // return value will be true if |skip_httponly| skipped an httponly cookie or
   // the cookie to delete was Secure and the scheme of |ecc| is insecure.  |key|
   // is the key to find the cookie in cookies_; see the comment before the
   // CookieMap typedef for details.
   // NOTE: There should never be more than a single matching equivalent cookie.
   bool DeleteAnyEquivalentCookie(const std::string& key,
                                  const CanonicalCookie& ecc,
-                                 const GURL& source_url,
+                                 bool source_secure,
                                  bool skip_httponly,
                                  bool already_expired);
 
   // Inserts |cc| into cookies_. Returns an iterator that points to the inserted
   // cookie in cookies_. Guarantee: all iterators to cookies_ remain valid.
+  // |secure_source| indicates if the setting of the canonical cookie is
+  // coming from a secure source (e.g. a cryptographically schemed URL).
   CookieMap::iterator InternalInsertCookie(const std::string& key,
                                            std::unique_ptr<CanonicalCookie> cc,
-                                           const GURL& source_url,
+                                           bool source_secure,
                                            bool sync_to_store);
 
   // Helper function that sets cookies with more control.
   // Not exposed as we don't want callers to have the ability
   // to specify (potentially duplicate) creation times.
   bool SetCookieWithCreationTimeAndOptions(const GURL& url,
                                            const std::string& cookie_line,
                                            const base::Time& creation_time,
                                            const CookieOptions& options);
 
-  // Helper function that sets a canonical cookie, deleting equivalents and
-  // performing garbage collection.
-  // |source_url| is the URL that's attempting to set the cookie.
-  bool SetCanonicalCookie(std::unique_ptr<CanonicalCookie> cc,
-                          const GURL& source_url,
-                          const CookieOptions& options);
+  // Sets a canonical cookie, deletes equivalents and performs garbage
+  // collection.  |source_secure| indicates if the cookie is being set
+  // from a secure source (e.g. a cryptographic scheme).
+  // |modify_http_only| indicates if this setting operation is allowed
+  // to affect http_only cookies.
+  bool SetCanonicalCookie(std::unique_ptr<CanonicalCookie> cookie,
+                          bool secure_source,
+                          bool can_modify_httponly);
 
-  // Helper function calling SetCanonicalCookie() for all cookies in |list|.
-  bool SetCanonicalCookies(const CookieList& list);
+  // Sets all cookies from |list| after deleting any equivalent cookie.
+  // For data gathering purposes, this routine is treated as if it is
+  // restoring saved cookies; some statistics are not gathered in this case.
+  bool SetAllCookies(const CookieList& list);
 
   void InternalUpdateCookieAccessTime(CanonicalCookie* cc,
                                       const base::Time& current_time);
 
   // |deletion_cause| argument is used for collecting statistics and choosing
   // the correct CookieStore::ChangeCause for OnCookieChanged
   // notifications.  Guarantee: All iterators to cookies_ except to the
   // deleted entry remain valid.
   void InternalDeleteCookie(CookieMap::iterator it,
                             bool sync_to_store,
@@ skipping 252 matching lines @@
   virtual ~PersistentCookieStore() {}
 
  private:
   friend class base::RefCountedThreadSafe<PersistentCookieStore>;
   DISALLOW_COPY_AND_ASSIGN(PersistentCookieStore);
 };
 
 }  // namespace net
 
 #endif  // NET_COOKIES_COOKIE_MONSTER_H_