Modify IsSetPermittedInContext to take a CookieAccessParam argument.

Change-Id: I42bb46e23d0bda34b97754f12bbfcf575ae5d691 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2559157 Commit-Queue: Chris Fredrickson <cfredric@chromium.org> Reviewed-by: Lily Chen <chlily@chromium.org> Cr-Commit-Position: refs/heads/master@{#831183}

Modify IsSetPermittedInContext to take a CookieAccessParam argument.
Change-Id: I42bb46e23d0bda34b97754f12bbfcf575ae5d691 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2559157 Commit-Queue: Chris Fredrickson <cfredric@chromium.org> Reviewed-by: Lily Chen <chlily@chromium.org> Cr-Commit-Position: refs/heads/master@{#831183}
c68ce9fe · cfredric · Commit Bot · f95fe0b1 · c68ce9fe · c68ce9fe
Commit c68ce9fe authored Nov 26, 2020 by cfredric Committed by Commit Bot Nov 26, 2020
4 changed files
--- a/net/cookies/canonical_cookie.cc
+++ b/net/cookies/canonical_cookie.cc
@@ -776,17 +776,17 @@ CookieAccessResult CanonicalCookie::IncludeForRequestURL(

 CookieAccessResult CanonicalCookie::IsSetPermittedInContext(
    const CookieOptions& options,
-    CookieAccessSemantics access_semantics) const {
+    const CookieAccessParams& params) const {
  CookieAccessResult access_result;
-  IsSetPermittedInContext(options, access_semantics, &access_result);
+  IsSetPermittedInContext(options, params, &access_result);
  return access_result;
 }

 void CanonicalCookie::IsSetPermittedInContext(
    const CookieOptions& options,
-    CookieAccessSemantics access_semantics,
+    const CookieAccessParams& params,
    CookieAccessResult* access_result) const {
-  access_result->access_semantics = access_semantics;
+  access_result->access_semantics = params.access_semantics;
  if (options.exclude_httponly() && IsHttpOnly()) {
    DVLOG(net::cookie_util::kVlogSetCookies)
        << "HttpOnly cookie not permitted in script context.";
@@ -797,7 +797,7 @@ void CanonicalCookie::IsSetPermittedInContext(
  // If both SameSiteByDefaultCookies and CookiesWithoutSameSiteMustBeSecure
  // are enabled, non-SameSite cookies without the Secure attribute will be
  // rejected.
-  if (access_semantics != CookieAccessSemantics::LEGACY &&
+  if (params.access_semantics != CookieAccessSemantics::LEGACY &&
      cookie_util::IsCookiesWithoutSameSiteMustBeSecureEnabled() &&
      SameSite() == CookieSameSite::NO_RESTRICTION && !IsSecure()) {
    DVLOG(net::cookie_util::kVlogSetCookies)
@@ -813,11 +813,12 @@ void CanonicalCookie::IsSetPermittedInContext(
  // For LEGACY cookies we should always return the schemeless context,
  // otherwise let GetContextForCookieInclusion() decide.
  CookieOptions::SameSiteCookieContext::ContextType cookie_inclusion_context =
-      access_semantics == CookieAccessSemantics::LEGACY
+      params.access_semantics == CookieAccessSemantics::LEGACY
          ? options.same_site_cookie_context().context()
          : options.same_site_cookie_context().GetContextForCookieInclusion();

-  access_result->effective_same_site = GetEffectiveSameSite(access_semantics);
+  access_result->effective_same_site =
+      GetEffectiveSameSite(params.access_semantics);
  DCHECK(access_result->effective_same_site !=
         CookieEffectiveSameSite::UNDEFINED);
  switch (access_result->effective_same_site) {

--- a/net/cookies/canonical_cookie.h
+++ b/net/cookies/canonical_cookie.h
@@ -307,18 +307,17 @@ class NET_EXPORT CanonicalCookie {
      const CookieAccessParams& params) const;

  // Returns if the cookie with given attributes can be set in context described
-  // by |options|, and if no, describes why.
-  // WARNING: this does not cover checking whether secure cookies are set in
-  // a secure schema, since whether the schema is secure isn't part of
+  // by |options| and |params|, and if no, describes why.
+  // TODO(cfredric): this does not cover checking whether secure cookies are set
+  // in a secure scheme, since whether the scheme is secure isn't part of
  // |options|.
  CookieAccessResult IsSetPermittedInContext(
      const CookieOptions& options,
-      CookieAccessSemantics access_semantics =
-          CookieAccessSemantics::UNKNOWN) const;
+      const CookieAccessParams& params) const;

  // Overload that updates an existing |status| rather than returning a new one.
  void IsSetPermittedInContext(const CookieOptions& options,
-                               CookieAccessSemantics access_semantics,
+                               const CookieAccessParams& params,
                               CookieAccessResult* access_result) const;

  std::string DebugString() const;

--- a/net/cookies/canonical_cookie_unittest.cc
+++ b/net/cookies/canonical_cookie_unittest.cc
--- a/net/cookies/cookie_monster.cc
+++ b/net/cookies/cookie_monster.cc
@@ -1187,11 +1187,13 @@ void CookieMonster::SetCanonicalCookie(std::unique_ptr<CanonicalCookie> cc,
                          ? net::CookieSourceScheme::kSecure
                          : net::CookieSourceScheme::kNonSecure);

+  bool delegate_treats_url_as_trustworthy =
+      cookie_access_delegate() &&
+      cookie_access_delegate()->ShouldTreatUrlAsTrustworthy(source_url);
  CookieAccessScheme access_scheme =
      cookie_util::ProvisionalAccessScheme(source_url);
  if (access_scheme == CookieAccessScheme::kNonCryptographic &&
-      cookie_access_delegate() &&
-      cookie_access_delegate()->ShouldTreatUrlAsTrustworthy(source_url)) {
+      delegate_treats_url_as_trustworthy) {
    access_scheme = CookieAccessScheme::kTrustworthy;
  }

@@ -1227,8 +1229,11 @@ void CookieMonster::SetCanonicalCookie(std::unique_ptr<CanonicalCookie> cc,

  const std::string key(GetKey(cc->Domain()));

-  cc->IsSetPermittedInContext(options, GetAccessSemanticsForCookie(*cc),
-                              &access_result);
+  cc->IsSetPermittedInContext(
+      options,
+      CookieAccessParams(GetAccessSemanticsForCookie(*cc),
+                         delegate_treats_url_as_trustworthy),
+      &access_result);

  base::Time creation_date = cc->CreationDate();
  if (creation_date.is_null()) {