Add full_party_context into CookieOptions.

Add full_party_context into CookieOptions, which is a set of
net::SchemefulSite and will be copied over from IsolationInfo
via URLRequestHttpJob.

Bug: 1136102
Change-Id: Ie8f221ff375b00351fe4d6b73ba842086a942d37
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2505582Reviewed-by: Lily Chen <chlily@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Reviewed-by: Matt Menke <mmenke@chromium.org>
Commit-Queue: Shuran Huang <shuuran@chromium.org>
Cr-Commit-Position: refs/heads/master@{#826272}

net/cookies/cookie_options.cc

@@ -51,12 +51,20 @@ CookieOptions::CookieOptions()
       update_access_time_(true),
       return_excluded_cookies_(false) {}
 
+CookieOptions::CookieOptions(const CookieOptions& other) = default;
+CookieOptions::CookieOptions(CookieOptions&& other) = default;
+CookieOptions::~CookieOptions() = default;
+
+CookieOptions& CookieOptions::operator=(const CookieOptions&) = default;
+CookieOptions& CookieOptions::operator=(CookieOptions&&) = default;
+
 // static
 CookieOptions CookieOptions::MakeAllInclusive() {
   CookieOptions options;
   options.set_include_httponly();
   options.set_same_site_cookie_context(SameSiteCookieContext::MakeInclusive());
   options.set_do_not_update_access_time();
+  options.set_full_party_context(std::set<net::SchemefulSite>());
   return options;
 }
 

net/cookies/cookie_options.h

@@ -7,8 +7,12 @@
 #ifndef NET_COOKIES_COOKIE_OPTIONS_H_
 #define NET_COOKIES_COOKIE_OPTIONS_H_
 
+#include <set>
+
+#include "base/optional.h"
 #include "base/time/time.h"
 #include "net/base/net_export.h"
+#include "net/base/schemeful_site.h"
 #include "net/cookies/cookie_constants.h"
 #include "url/gurl.h"
 
@@ -88,13 +92,21 @@ class NET_EXPORT CookieOptions {
   // * Excludes SameSite cookies
   // * Updates last-accessed time.
   // * Does not report excluded cookies in APIs that can do so.
+  // * Excludes SameParty cookies.
   //
   // These settings can be altered by calling:
   //
   // * |set_{include,exclude}_httponly()|
   // * |set_same_site_cookie_context()|
   // * |set_do_not_update_access_time()|
+  // * |set_full_party_context()|
   CookieOptions();
+  CookieOptions(const CookieOptions& other);
+  CookieOptions(CookieOptions&& other);
+  ~CookieOptions();
+
+  CookieOptions& operator=(const CookieOptions&);
+  CookieOptions& operator=(CookieOptions&&);
 
   void set_exclude_httponly() { exclude_httponly_ = true; }
   void set_include_httponly() { exclude_httponly_ = false; }
@@ -118,6 +130,15 @@ class NET_EXPORT CookieOptions {
   void unset_return_excluded_cookies() { return_excluded_cookies_ = false; }
   bool return_excluded_cookies() const { return return_excluded_cookies_; }
 
+  void set_full_party_context(
+      const base::Optional<std::set<net::SchemefulSite>>& full_party_context) {
+    full_party_context_ = full_party_context;
+  }
+  const base::Optional<std::set<net::SchemefulSite>>& full_party_context()
+      const {
+    return full_party_context_;
+  }
+
   // Convenience method for where you need a CookieOptions that will
   // work for getting/setting all types of cookies, including HttpOnly and
   // SameSite cookies. Also specifies not to update the access time, because
@@ -130,7 +151,8 @@ class NET_EXPORT CookieOptions {
   bool exclude_httponly_;
   SameSiteCookieContext same_site_cookie_context_;
   bool update_access_time_;
-  bool return_excluded_cookies_;
+  bool return_excluded_cookies_ = false;
+  base::Optional<std::set<net::SchemefulSite>> full_party_context_;
 };
 
 }  // namespace net

net/url_request/url_request_http_job.cc

@@ -204,6 +204,15 @@ void MarkSameSiteCompatPairs(
   }
 }
 
+net::CookieOptions CreateCookieOptions(
+    net::CookieOptions::SameSiteCookieContext cookie_context) {
+  net::CookieOptions options;
+  options.set_return_excluded_cookies();
+  options.set_include_httponly();
+  options.set_same_site_cookie_context(cookie_context);
+  return options;
+}
+
 }  // namespace
 
 namespace net {
@@ -566,9 +575,6 @@ void URLRequestHttpJob::AddCookieHeaderAndStart() {
   // is being overridden by NetworkDelegate and will eventually block them, as
   // blocked cookies still need to be logged in that case.
   if (cookie_store && request_->allow_credentials()) {
-    CookieOptions options;
-    options.set_return_excluded_cookies();
-    options.set_include_httponly();
     bool force_ignore_site_for_cookies =
         request_->force_ignore_site_for_cookies();
     if (cookie_store->cookie_access_delegate() &&
@@ -577,10 +583,13 @@ void URLRequestHttpJob::AddCookieHeaderAndStart() {
                                                request_->site_for_cookies())) {
       force_ignore_site_for_cookies = true;
     }
-    options.set_same_site_cookie_context(
+    CookieOptions::SameSiteCookieContext same_site_context =
         net::cookie_util::ComputeSameSiteContextForRequest(
             request_->method(), request_->url(), request_->site_for_cookies(),
-            request_->initiator(), force_ignore_site_for_cookies));
+            request_->initiator(), force_ignore_site_for_cookies);
+
+    CookieOptions options = CreateCookieOptions(same_site_context);
+
     cookie_store->GetCookieListWithOptionsAsync(
         request_->url(), options,
         base::BindOnce(&URLRequestHttpJob::SetCookieHeaderAndStart,
@@ -711,8 +720,6 @@ void URLRequestHttpJob::SaveCookiesAndNotifyHeadersComplete(int result) {
   if (GetResponseHeaders()->GetDateValue(&response_date))
     server_time = base::make_optional(response_date);
 
-  CookieOptions options;
-  options.set_include_httponly();
   bool force_ignore_site_for_cookies =
       request_->force_ignore_site_for_cookies();
   if (cookie_store->cookie_access_delegate() &&
@@ -720,12 +727,12 @@ void URLRequestHttpJob::SaveCookiesAndNotifyHeadersComplete(int result) {
           request_->url(), request_->site_for_cookies())) {
     force_ignore_site_for_cookies = true;
   }
-  options.set_same_site_cookie_context(
+  CookieOptions::SameSiteCookieContext same_site_context =
       net::cookie_util::ComputeSameSiteContextForResponse(
           request_->url(), request_->site_for_cookies(), request_->initiator(),
-          force_ignore_site_for_cookies));
+          force_ignore_site_for_cookies);
 
-  options.set_return_excluded_cookies();
+  CookieOptions options = CreateCookieOptions(same_site_context);
 
   // Set all cookies, without waiting for them to be set. Any subsequent read
   // will see the combined result of all cookie operation.

services/network/public/cpp/BUILD.gn

@@ -204,6 +204,21 @@ component("cross_origin_embedder_policy") {
   defines = [ "IS_NETWORK_CPP_BASE_IMPL" ]
 }
 
+# This component is separate from cpp_base as it is a dependency of
+# //services/network/public/mojom:cookies_mojom.
+component("schemeful_site_mojom_support") {
+  sources = [
+    "schemeful_site_mojom_traits.cc",
+    "schemeful_site_mojom_traits.h",
+  ]
+  deps = [
+    "//net",
+    "//services/network/public/mojom:mojom_schemeful_site_shared",
+    "//url/mojom:url_mojom_origin",
+  ]
+  defines = [ "IS_NETWORK_CPP_BASE_IMPL" ]
+}
+
 component("cpp_base") {
   output_name = "network_cpp_base"
 
@@ -251,8 +266,6 @@ component("cpp_base") {
     "resource_request.h",
     "resource_request_body.cc",
     "resource_request_body.h",
-    "schemeful_site_mojom_traits.cc",
-    "schemeful_site_mojom_traits.h",
     "trust_token_parameterization.h",
     "url_loader_completion_status.cc",
     "url_loader_completion_status.h",
@@ -267,6 +280,7 @@ component("cpp_base") {
     ":crash_keys",
     ":cross_origin_embedder_policy",
     ":ip_address_mojom_support",
+    ":schemeful_site_mojom_support",
     "//services/network/public/mojom:url_loader_base",
     "//third_party/webrtc_overrides:webrtc_component",
     "//url/ipc:url_ipc",

services/network/public/cpp/cookie_manager_mojom_traits.cc

@@ -343,6 +343,18 @@ bool StructTraits<network::mojom::CookieOptionsDataView, net::CookieOptions>::
   else
     cookie_options->unset_return_excluded_cookies();
 
+  base::Optional<std::vector<net::SchemefulSite>> mojo_full_party_context;
+  if (!mojo_options.ReadFullPartyContext(&mojo_full_party_context))
+    return false;
+  base::Optional<std::set<net::SchemefulSite>> full_party_context;
+  if (mojo_full_party_context.has_value()) {
+    full_party_context.emplace(mojo_full_party_context->begin(),
+                               mojo_full_party_context->end());
+    if (mojo_full_party_context->size() != full_party_context->size())
+      return false;
+  }
+  cookie_options->set_full_party_context(full_party_context);
+
   return true;
 }
 

services/network/public/cpp/cookie_manager_mojom_traits.h

@@ -13,8 +13,13 @@
 #include "net/cookies/cookie_constants.h"
 #include "net/cookies/cookie_inclusion_status.h"
 #include "net/cookies/cookie_options.h"
+#include "services/network/public/cpp/schemeful_site_mojom_traits.h"
 #include "services/network/public/mojom/cookie_manager.mojom.h"
 
+namespace net {
+class SchemefulSite;
+}  // namespace net
+
 namespace mojo {
 
 template <>
@@ -110,6 +115,11 @@ struct StructTraits<network::mojom::CookieOptionsDataView, net::CookieOptions> {
     return o.return_excluded_cookies();
   }
 
+  static const base::Optional<std::set<net::SchemefulSite>>& full_party_context(
+      const net::CookieOptions& o) {
+    return o.full_party_context();
+  }
+
   static bool Read(network::mojom::CookieOptionsDataView mojo_options,
                    net::CookieOptions* cookie_options);
 };

services/network/public/cpp/cookie_manager_mojom_traits_unittest.cc

@@ -4,11 +4,13 @@
 
 #include "services/network/public/cpp/cookie_manager_mojom_traits.h"
 
+#include <set>
 #include <vector>
 
 #include "base/test/gtest_util.h"
 #include "mojo/public/cpp/base/time_mojom_traits.h"
 #include "mojo/public/cpp/test_support/test_utils.h"
+#include "net/base/schemeful_site.h"
 #include "services/network/public/cpp/cookie_manager_mojom_traits.h"
 #include "services/network/public/mojom/cookie_manager.mojom.h"
 #include "testing/gtest/include/gtest/gtest.h"
@@ -271,6 +273,7 @@ TEST(CookieManagerTraitsTest, Roundtrips_CookieOptions) {
   {
     net::CookieOptions least_trusted, copy;
     EXPECT_FALSE(least_trusted.return_excluded_cookies());
+
     least_trusted.set_return_excluded_cookies();  // differ from default.
 
     EXPECT_TRUE(mojo::test::SerializeAndDeserialize<mojom::CookieOptions>(
@@ -285,9 +288,12 @@ TEST(CookieManagerTraitsTest, Roundtrips_CookieOptions) {
 
   {
     net::CookieOptions very_trusted, copy;
+    auto kPartyContext = std::set<net::SchemefulSite>{
+        net::SchemefulSite(url::Origin::Create(GURL("https://a.test")))};
     very_trusted.set_include_httponly();
     very_trusted.set_same_site_cookie_context(
         net::CookieOptions::SameSiteCookieContext::MakeInclusive());
+    very_trusted.set_full_party_context(kPartyContext);
 
     EXPECT_TRUE(mojo::test::SerializeAndDeserialize<mojom::CookieOptions>(
         &very_trusted, &copy));
@@ -295,6 +301,38 @@ TEST(CookieManagerTraitsTest, Roundtrips_CookieOptions) {
     EXPECT_EQ(net::CookieOptions::SameSiteCookieContext::MakeInclusive(),
               copy.same_site_cookie_context());
     EXPECT_FALSE(copy.return_excluded_cookies());
+    EXPECT_EQ(kPartyContext, copy.full_party_context());
+  }
+}
+
+TEST(CookieManagerTraitsTest, Roundtrips_FullPartyContext) {
+  {
+    std::vector<std::set<net::SchemefulSite>> kTestCases = {
+        std::set<net::SchemefulSite>(),
+        std::set<net::SchemefulSite>{net::SchemefulSite()},
+        std::set<net::SchemefulSite>{
+            net::SchemefulSite(url::Origin::Create(GURL("https://a.test")))},
+        std::set<net::SchemefulSite>{
+            net::SchemefulSite(url::Origin::Create(GURL("http://a.test"))),
+            net::SchemefulSite(url::Origin::Create(GURL("http://b.test")))},
+    };
+
+    for (const std::set<net::SchemefulSite>& fpc : kTestCases) {
+      net::CookieOptions options, copy;
+      options.set_full_party_context(fpc);
+      EXPECT_TRUE(mojo::test::SerializeAndDeserialize<mojom::CookieOptions>(
+          &options, &copy));
+      EXPECT_EQ(fpc, copy.full_party_context());
+    }
+  }
+  {
+    base::Optional<std::set<net::SchemefulSite>> kFullPartyContext =
+        base::nullopt;
+    net::CookieOptions options, copy;
+    options.set_full_party_context(kFullPartyContext);
+    EXPECT_TRUE(mojo::test::SerializeAndDeserialize<mojom::CookieOptions>(
+        &options, &copy));
+    EXPECT_EQ(kFullPartyContext, copy.full_party_context());
   }
 }
 

services/network/public/mojom/BUILD.gn

@@ -219,6 +219,34 @@ mojom("url_loader_base") {
   blink_cpp_typemaps = shared_typemaps
 }
 
+# Make this a separate target to avoid a circular dependency.
+mojom("mojom_schemeful_site") {
+  generate_java = true
+  sources = [ "schemeful_site.mojom" ]
+
+  public_deps = [ "//url/mojom:url_mojom_origin" ]
+
+  if (!is_ios) {
+    export_class_attribute_blink = "BLINK_PLATFORM_EXPORT"
+    export_define_blink = "BLINK_PLATFORM_IMPLEMENTATION=1"
+    export_header_blink = "third_party/blink/public/platform/web_common.h"
+  }
+
+  cpp_typemaps = [
+    {
+      types = [
+        {
+          mojom = "network.mojom.SchemefulSite"
+          cpp = "::net::SchemefulSite"
+        },
+      ]
+      traits_headers =
+          [ "//services/network/public/cpp/schemeful_site_mojom_traits.h" ]
+      traits_public_deps = [ "//net" ]
+    },
+  ]
+}
+
 # This target is split from "mojom" target as the lazy serialization may
 # cause problems. See https://crbug.com/822732.
 mojom("websocket_mojom") {
@@ -313,6 +341,7 @@ mojom("cookies_mojom") {
   ]
 
   public_deps = [
+    ":mojom_schemeful_site",
     "//components/content_settings/core/common:mojo_bindings",
     "//mojo/public/mojom/base",
     "//url/mojom:url_mojom_gurl",
@@ -471,7 +500,6 @@ mojom("mojom") {
     "proxy_resolving_socket.mojom",
     "quic_transport.mojom",
     "referrer_policy.mojom",
-    "schemeful_site.mojom",
     "source_location.mojom",
     "ssl_config.mojom",
     "supports_loading_mode.mojom",
@@ -489,6 +517,7 @@ mojom("mojom") {
     ":cookies_mojom",
     ":mojom_ip_address",
     ":mojom_network_isolation_key",
+    ":mojom_schemeful_site",
     ":url_loader_base",
     ":websocket_mojom",
     "//mojo/public/mojom/base",
@@ -856,17 +885,6 @@ mojom("mojom") {
         "//net",
       ]
     },
-    {
-      types = [
-        {
-          mojom = "network.mojom.SchemefulSite"
-          cpp = "::net::SchemefulSite"
-        },
-      ]
-      traits_headers =
-          [ "//services/network/public/cpp/schemeful_site_mojom_traits.h" ]
-      traits_public_deps = [ "//net" ]
-    },
   ]
   cpp_typemaps += shared_cpp_typemaps
 

services/network/public/mojom/cookie_manager.mojom

@@ -6,6 +6,7 @@ module network.mojom;
 
 import "components/content_settings/core/common/content_settings.mojom";
 import "mojo/public/mojom/base/time.mojom";
+import "services/network/public/mojom/schemeful_site.mojom";
 import "url/mojom/url.mojom";
 
 // Parameters for constructing a cookie manager.
@@ -114,6 +115,7 @@ struct CookieOptions {
   CookieSameSiteContext same_site_cookie_context;
   bool update_access_time = true;
   bool return_excluded_cookies = false;
+  array<SchemefulSite>? full_party_context;
 };
 
 // See net/cookies/canonical_cookie.{h,cc} for documentation.