Skip to content

GitLab

T
tangled
Commit c68ce9fe authored by cfredric's avatar cfredric Committed by Commit Bot
Browse files
Options

Modify IsSetPermittedInContext to take a CookieAccessParam argument. 

Change-Id: I42bb46e23d0bda34b97754f12bbfcf575ae5d691
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2559157
Commit-Queue: Chris Fredrickson <cfredric@chromium.org>
Reviewed-by: default avatarLily Chen <chlily@chromium.org>
Cr-Commit-Position: refs/heads/master@{#831183}
parent f95fe0b1
Hide whitespace changes
Inline Side-by-side
Showing with 343 additions and 122 deletions
net/cookies/canonical_cookie.cc
View file @ c68ce9fe
......@@ -776,17 +776,17 @@ CookieAccessResult CanonicalCookie::IncludeForRequestURL(
CookieAccessResult CanonicalCookie::IsSetPermittedInContext(
const CookieOptions& options,
CookieAccessSemantics access_semantics) const {
const CookieAccessParams& params) const {
CookieAccessResult access_result;
IsSetPermittedInContext(options, access_semantics, &access_result);
IsSetPermittedInContext(options, params, &access_result);
return access_result;
}
void CanonicalCookie::IsSetPermittedInContext(
const CookieOptions& options,
CookieAccessSemantics access_semantics,
const CookieAccessParams& params,
CookieAccessResult* access_result) const {
access_result->access_semantics = access_semantics;
access_result->access_semantics = params.access_semantics;
if (options.exclude_httponly() && IsHttpOnly()) {
DVLOG(net::cookie_util::kVlogSetCookies)
<< "HttpOnly cookie not permitted in script context.";
......@@ -797,7 +797,7 @@ void CanonicalCookie::IsSetPermittedInContext(
// If both SameSiteByDefaultCookies and CookiesWithoutSameSiteMustBeSecure
// are enabled, non-SameSite cookies without the Secure attribute will be
// rejected.
if (access_semantics != CookieAccessSemantics::LEGACY &&
if (params.access_semantics != CookieAccessSemantics::LEGACY &&
cookie_util::IsCookiesWithoutSameSiteMustBeSecureEnabled() &&
SameSite() == CookieSameSite::NO_RESTRICTION && !IsSecure()) {
DVLOG(net::cookie_util::kVlogSetCookies)
......@@ -813,11 +813,12 @@ void CanonicalCookie::IsSetPermittedInContext(
// For LEGACY cookies we should always return the schemeless context,
// otherwise let GetContextForCookieInclusion() decide.
CookieOptions::SameSiteCookieContext::ContextType cookie_inclusion_context =
access_semantics == CookieAccessSemantics::LEGACY
params.access_semantics == CookieAccessSemantics::LEGACY
? options.same_site_cookie_context().context()
: options.same_site_cookie_context().GetContextForCookieInclusion();
access_result->effective_same_site = GetEffectiveSameSite(access_semantics);
access_result->effective_same_site =
GetEffectiveSameSite(params.access_semantics);
DCHECK(access_result->effective_same_site !=
CookieEffectiveSameSite::UNDEFINED);
switch (access_result->effective_same_site) {
......
net/cookies/canonical_cookie.h
View file @ c68ce9fe
......@@ -307,18 +307,17 @@ class NET_EXPORT CanonicalCookie {
const CookieAccessParams& params) const;
// Returns if the cookie with given attributes can be set in context described
// by |options|, and if no, describes why.
// WARNING: this does not cover checking whether secure cookies are set in
// a secure schema, since whether the schema is secure isn't part of
// by |options| and |params|, and if no, describes why.
// TODO(cfredric): this does not cover checking whether secure cookies are set
// in a secure scheme, since whether the scheme is secure isn't part of
// |options|.
CookieAccessResult IsSetPermittedInContext(
const CookieOptions& options,
CookieAccessSemantics access_semantics =
CookieAccessSemantics::UNKNOWN) const;
const CookieAccessParams& params) const;
// Overload that updates an existing |status| rather than returning a new one.
void IsSetPermittedInContext(const CookieOptions& options,
CookieAccessSemantics access_semantics,
const CookieAccessParams& params,
CookieAccessResult* access_result) const;
std::string DebugString() const;
......
net/cookies/canonical_cookie_unittest.cc
View file @ c68ce9fe
......@@ -1464,10 +1464,15 @@ TEST(CanonicalCookieTest, MultipleExclusionReasons) {
auto cookie3 = CanonicalCookie::Create(
url, "name=value;HttpOnly;SameSite=Lax", creation_time, server_time);
ASSERT_TRUE(cookie3);
EXPECT_TRUE(cookie3->IsSetPermittedInContext(options)
.status.HasExactlyExclusionReasonsForTesting(
{CookieInclusionStatus::EXCLUDE_HTTP_ONLY,
CookieInclusionStatus::EXCLUDE_SAMESITE_LAX}));
EXPECT_TRUE(
cookie3
->IsSetPermittedInContext(
options, CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status.HasExactlyExclusionReasonsForTesting(
{CookieInclusionStatus::EXCLUDE_HTTP_ONLY,
CookieInclusionStatus::EXCLUDE_SAMESITE_LAX}));
}
TEST(CanonicalCookieTest, PartialCompare) {
......@@ -2509,14 +2514,34 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) {
CookieOptions context_network;
context_network.set_include_httponly();
EXPECT_TRUE(cookie_scriptable.IsSetPermittedInContext(context_network)
EXPECT_TRUE(cookie_scriptable
.IsSetPermittedInContext(
context_network,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status.IsInclude());
EXPECT_TRUE(cookie_scriptable.IsSetPermittedInContext(context_script)
EXPECT_TRUE(cookie_scriptable
.IsSetPermittedInContext(
context_script,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status.IsInclude());
EXPECT_TRUE(cookie_httponly.IsSetPermittedInContext(context_network)
EXPECT_TRUE(cookie_httponly
.IsSetPermittedInContext(
context_network,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status.IsInclude());
EXPECT_TRUE(cookie_httponly.IsSetPermittedInContext(context_script)
EXPECT_TRUE(cookie_httponly
.IsSetPermittedInContext(
context_script,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status.HasExactlyExclusionReasonsForTesting(
{CookieInclusionStatus::EXCLUDE_HTTP_ONLY}));
......@@ -2555,13 +2580,25 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) {
CookieSameSite::NO_RESTRICTION, COOKIE_PRIORITY_DEFAULT, false);
EXPECT_TRUE(cookie_same_site_unrestricted
.IsSetPermittedInContext(context_cross_site)
.IsSetPermittedInContext(
context_cross_site,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status.IsInclude());
EXPECT_TRUE(cookie_same_site_unrestricted
.IsSetPermittedInContext(context_same_site_lax)
.IsSetPermittedInContext(
context_same_site_lax,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status.IsInclude());
EXPECT_TRUE(cookie_same_site_unrestricted
.IsSetPermittedInContext(context_same_site_strict)
.IsSetPermittedInContext(
context_same_site_strict,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status.IsInclude());
{
......@@ -2571,19 +2608,31 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) {
CookieInclusionStatus status_strict_to_lax =
cookie_same_site_unrestricted
.IsSetPermittedInContext(context_same_site_strict_to_lax)
.IsSetPermittedInContext(
context_same_site_strict_to_lax,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status;
EXPECT_TRUE(status_strict_to_lax.IsInclude());
EXPECT_FALSE(status_strict_to_lax.HasDowngradeWarning());
CookieInclusionStatus status_strict_to_cross =
cookie_same_site_unrestricted
.IsSetPermittedInContext(context_same_site_strict_to_cross)
.IsSetPermittedInContext(
context_same_site_strict_to_cross,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status;
EXPECT_TRUE(status_strict_to_cross.IsInclude());
EXPECT_FALSE(status_strict_to_cross.HasDowngradeWarning());
CookieInclusionStatus status_lax_to_cross =
cookie_same_site_unrestricted
.IsSetPermittedInContext(context_same_site_lax_to_cross)
.IsSetPermittedInContext(
context_same_site_lax_to_cross,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status;
EXPECT_TRUE(status_lax_to_cross.IsInclude());
EXPECT_FALSE(status_lax_to_cross.HasDowngradeWarning());
......@@ -2595,19 +2644,31 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) {
CookieInclusionStatus status_strict_to_lax =
cookie_same_site_unrestricted
.IsSetPermittedInContext(context_same_site_strict_to_lax)
.IsSetPermittedInContext(
context_same_site_strict_to_lax,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status;
EXPECT_TRUE(status_strict_to_lax.IsInclude());
EXPECT_FALSE(status_strict_to_lax.HasDowngradeWarning());
CookieInclusionStatus status_strict_to_cross =
cookie_same_site_unrestricted
.IsSetPermittedInContext(context_same_site_strict_to_cross)
.IsSetPermittedInContext(
context_same_site_strict_to_cross,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status;
EXPECT_TRUE(status_strict_to_cross.IsInclude());
EXPECT_FALSE(status_strict_to_cross.HasDowngradeWarning());
CookieInclusionStatus status_lax_to_cross =
cookie_same_site_unrestricted
.IsSetPermittedInContext(context_same_site_lax_to_cross)
.IsSetPermittedInContext(
context_same_site_lax_to_cross,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status;
EXPECT_TRUE(status_lax_to_cross.IsInclude());
EXPECT_FALSE(status_lax_to_cross.HasDowngradeWarning());
......@@ -2620,15 +2681,28 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) {
base::Time(), true /*secure*/, false /*httponly*/,
CookieSameSite::LAX_MODE, COOKIE_PRIORITY_DEFAULT, false);
EXPECT_TRUE(cookie_same_site_lax.IsSetPermittedInContext(context_cross_site)
EXPECT_TRUE(cookie_same_site_lax
.IsSetPermittedInContext(
context_cross_site,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status.HasExactlyExclusionReasonsForTesting(
{CookieInclusionStatus::EXCLUDE_SAMESITE_LAX}));
EXPECT_TRUE(
cookie_same_site_lax.IsSetPermittedInContext(context_same_site_lax)
.status.IsInclude());
EXPECT_TRUE(
cookie_same_site_lax.IsSetPermittedInContext(context_same_site_strict)
.status.IsInclude());
EXPECT_TRUE(cookie_same_site_lax
.IsSetPermittedInContext(
context_same_site_lax,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status.IsInclude());
EXPECT_TRUE(cookie_same_site_lax
.IsSetPermittedInContext(
context_same_site_strict,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status.IsInclude());
{
// Schemeful Same-Site disabled.
......@@ -2637,20 +2711,32 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) {
CookieInclusionStatus status_strict_to_lax =
cookie_same_site_lax
.IsSetPermittedInContext(context_same_site_strict_to_lax)
.IsSetPermittedInContext(
context_same_site_strict_to_lax,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status;
EXPECT_TRUE(status_strict_to_lax.IsInclude());
EXPECT_FALSE(status_strict_to_lax.HasDowngradeWarning());
CookieInclusionStatus status_strict_to_cross =
cookie_same_site_lax
.IsSetPermittedInContext(context_same_site_strict_to_cross)
.IsSetPermittedInContext(
context_same_site_strict_to_cross,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status;
EXPECT_TRUE(status_strict_to_cross.IsInclude());
EXPECT_TRUE(status_strict_to_cross.HasWarningReason(
CookieInclusionStatus::WARN_STRICT_CROSS_DOWNGRADE_LAX_SAMESITE));
CookieInclusionStatus status_lax_to_cross =
cookie_same_site_lax
.IsSetPermittedInContext(context_same_site_lax_to_cross)
.IsSetPermittedInContext(
context_same_site_lax_to_cross,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status;
EXPECT_TRUE(status_lax_to_cross.IsInclude());
EXPECT_TRUE(status_lax_to_cross.HasWarningReason(
......@@ -2663,13 +2749,21 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) {
CookieInclusionStatus status_strict_to_lax =
cookie_same_site_lax
.IsSetPermittedInContext(context_same_site_strict_to_lax)
.IsSetPermittedInContext(
context_same_site_strict_to_lax,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status;
EXPECT_TRUE(status_strict_to_lax.IsInclude());
EXPECT_FALSE(status_strict_to_lax.HasDowngradeWarning());
CookieInclusionStatus status_strict_to_cross =
cookie_same_site_lax
.IsSetPermittedInContext(context_same_site_strict_to_cross)
.IsSetPermittedInContext(
context_same_site_strict_to_cross,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status;
EXPECT_FALSE(status_strict_to_cross.IsInclude());
EXPECT_TRUE(status_strict_to_cross.HasWarningReason(
......@@ -2678,7 +2772,11 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) {
CookieInclusionStatus::EXCLUDE_SAMESITE_LAX));
CookieInclusionStatus status_lax_to_cross =
cookie_same_site_lax
.IsSetPermittedInContext(context_same_site_lax_to_cross)
.IsSetPermittedInContext(
context_same_site_lax_to_cross,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status;
EXPECT_FALSE(status_lax_to_cross.IsInclude());
EXPECT_TRUE(status_lax_to_cross.HasWarningReason(
......@@ -2696,15 +2794,27 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) {
// TODO(morlovich): Do compatibility testing on whether set of strict in lax
// context really should be accepted.
EXPECT_TRUE(
cookie_same_site_strict.IsSetPermittedInContext(context_cross_site)
.status.HasExactlyExclusionReasonsForTesting(
{CookieInclusionStatus::EXCLUDE_SAMESITE_STRICT}));
EXPECT_TRUE(
cookie_same_site_strict.IsSetPermittedInContext(context_same_site_lax)
.status.IsInclude());
EXPECT_TRUE(cookie_same_site_strict
.IsSetPermittedInContext(context_same_site_strict)
.IsSetPermittedInContext(
context_cross_site,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status.HasExactlyExclusionReasonsForTesting(
{CookieInclusionStatus::EXCLUDE_SAMESITE_STRICT}));
EXPECT_TRUE(cookie_same_site_strict
.IsSetPermittedInContext(
context_same_site_lax,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status.IsInclude());
EXPECT_TRUE(cookie_same_site_strict
.IsSetPermittedInContext(
context_same_site_strict,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status.IsInclude());
{
......@@ -2714,20 +2824,32 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) {
CookieInclusionStatus status_strict_to_lax =
cookie_same_site_strict
.IsSetPermittedInContext(context_same_site_strict_to_lax)
.IsSetPermittedInContext(
context_same_site_strict_to_lax,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status;
EXPECT_TRUE(status_strict_to_lax.IsInclude());
EXPECT_FALSE(status_strict_to_lax.HasDowngradeWarning());
CookieInclusionStatus status_strict_to_cross =
cookie_same_site_strict
.IsSetPermittedInContext(context_same_site_strict_to_cross)
.IsSetPermittedInContext(
context_same_site_strict_to_cross,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status;
EXPECT_TRUE(status_strict_to_cross.IsInclude());
EXPECT_TRUE(status_strict_to_cross.HasWarningReason(
CookieInclusionStatus::WARN_STRICT_CROSS_DOWNGRADE_STRICT_SAMESITE));
CookieInclusionStatus status_lax_to_cross =
cookie_same_site_strict
.IsSetPermittedInContext(context_same_site_lax_to_cross)
.IsSetPermittedInContext(
context_same_site_lax_to_cross,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status;
EXPECT_TRUE(status_lax_to_cross.IsInclude());
EXPECT_TRUE(status_lax_to_cross.HasWarningReason(
......@@ -2740,13 +2862,21 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) {
CookieInclusionStatus status_strict_to_lax =
cookie_same_site_strict
.IsSetPermittedInContext(context_same_site_strict_to_lax)
.IsSetPermittedInContext(
context_same_site_strict_to_lax,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status;
EXPECT_TRUE(status_strict_to_lax.IsInclude());
EXPECT_FALSE(status_strict_to_lax.HasDowngradeWarning());
CookieInclusionStatus status_strict_to_cross =
cookie_same_site_strict
.IsSetPermittedInContext(context_same_site_strict_to_cross)
.IsSetPermittedInContext(
context_same_site_strict_to_cross,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status;
EXPECT_FALSE(status_strict_to_cross.IsInclude());
EXPECT_TRUE(status_strict_to_cross.HasWarningReason(
......@@ -2755,7 +2885,11 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) {
CookieInclusionStatus::EXCLUDE_SAMESITE_STRICT));
CookieInclusionStatus status_lax_to_cross =
cookie_same_site_strict
.IsSetPermittedInContext(context_same_site_lax_to_cross)
.IsSetPermittedInContext(
context_same_site_lax_to_cross,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status;
EXPECT_FALSE(status_lax_to_cross.IsInclude());
EXPECT_TRUE(status_lax_to_cross.HasWarningReason(
......@@ -2770,23 +2904,29 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) {
base::test::ScopedFeatureList feature_list;
feature_list.InitAndEnableFeature(features::kSchemefulSameSite);
EXPECT_FALSE(
cookie_same_site_strict
.IsSetPermittedInContext(context_same_site_strict_to_cross,
CookieAccessSemantics::UNKNOWN)
.status.IsInclude());
EXPECT_FALSE(
cookie_same_site_strict
.IsSetPermittedInContext(context_same_site_strict_to_cross,
CookieAccessSemantics::NONLEGACY)
.status.IsInclude());
EXPECT_FALSE(cookie_same_site_strict
.IsSetPermittedInContext(
context_same_site_strict_to_cross,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status.IsInclude());
EXPECT_FALSE(cookie_same_site_strict
.IsSetPermittedInContext(
context_same_site_strict_to_cross,
CookieAccessParams(
CookieAccessSemantics::NONLEGACY,
false /* delegate_treats_url_as_trustworthy */))
.status.IsInclude());
// LEGACY semantics should allow cookies which Schemeful Same-Site would
// normally block.
EXPECT_TRUE(
cookie_same_site_strict
.IsSetPermittedInContext(context_same_site_strict_to_cross,
CookieAccessSemantics::LEGACY)
.status.IsInclude());
EXPECT_TRUE(cookie_same_site_strict
.IsSetPermittedInContext(
context_same_site_strict_to_cross,
CookieAccessParams(
CookieAccessSemantics::LEGACY,
false /* delegate_treats_url_as_trustworthy */))
.status.IsInclude());
}
}
......@@ -2801,42 +2941,69 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) {
feature_list.InitAndDisableFeature(features::kSameSiteByDefaultCookies);
EXPECT_TRUE(cookie_same_site_unspecified
.IsSetPermittedInContext(context_cross_site,
CookieAccessSemantics::UNKNOWN)
.IsSetPermittedInContext(
context_cross_site,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status.IsInclude());
EXPECT_TRUE(cookie_same_site_unspecified
.IsSetPermittedInContext(context_same_site_lax,
CookieAccessSemantics::UNKNOWN)
.IsSetPermittedInContext(
context_same_site_lax,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status.IsInclude());
EXPECT_TRUE(cookie_same_site_unspecified
.IsSetPermittedInContext(context_same_site_strict,
CookieAccessSemantics::UNKNOWN)
.IsSetPermittedInContext(
context_same_site_strict,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status.IsInclude());
EXPECT_TRUE(cookie_same_site_unspecified
.IsSetPermittedInContext(context_cross_site,
CookieAccessSemantics::LEGACY)
.IsSetPermittedInContext(
context_cross_site,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status.IsInclude());
EXPECT_TRUE(cookie_same_site_unspecified
.IsSetPermittedInContext(context_same_site_lax,
CookieAccessSemantics::LEGACY)
.IsSetPermittedInContext(
context_same_site_lax,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status.IsInclude());
EXPECT_TRUE(cookie_same_site_unspecified
.IsSetPermittedInContext(context_same_site_strict,
CookieAccessSemantics::LEGACY)
.IsSetPermittedInContext(
context_same_site_strict,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status.IsInclude());
EXPECT_TRUE(cookie_same_site_unspecified
.IsSetPermittedInContext(context_cross_site,
CookieAccessSemantics::NONLEGACY)
.IsSetPermittedInContext(
context_cross_site,
CookieAccessParams(
CookieAccessSemantics::NONLEGACY,
false /* delegate_treats_url_as_trustworthy */))
.status.HasExactlyExclusionReasonsForTesting(
{CookieInclusionStatus::
EXCLUDE_SAMESITE_UNSPECIFIED_TREATED_AS_LAX}));
EXPECT_TRUE(cookie_same_site_unspecified
.IsSetPermittedInContext(context_same_site_lax,
CookieAccessSemantics::NONLEGACY)
.IsSetPermittedInContext(
context_same_site_lax,
CookieAccessParams(
CookieAccessSemantics::NONLEGACY,
false /* delegate_treats_url_as_trustworthy */))
.status.IsInclude());
EXPECT_TRUE(cookie_same_site_unspecified
.IsSetPermittedInContext(context_same_site_strict,
CookieAccessSemantics::NONLEGACY)
.IsSetPermittedInContext(
context_same_site_strict,
CookieAccessParams(
CookieAccessSemantics::NONLEGACY,
false /* delegate_treats_url_as_trustworthy */))
.status.IsInclude());
}
......@@ -2845,44 +3012,71 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) {
feature_list.InitAndEnableFeature(features::kSameSiteByDefaultCookies);
EXPECT_TRUE(cookie_same_site_unspecified
.IsSetPermittedInContext(context_cross_site,
CookieAccessSemantics::UNKNOWN)
.IsSetPermittedInContext(
context_cross_site,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status.HasExactlyExclusionReasonsForTesting(
{CookieInclusionStatus::
EXCLUDE_SAMESITE_UNSPECIFIED_TREATED_AS_LAX}));
EXPECT_TRUE(cookie_same_site_unspecified
.IsSetPermittedInContext(context_same_site_lax,
CookieAccessSemantics::UNKNOWN)
.IsSetPermittedInContext(
context_same_site_lax,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status.IsInclude());
EXPECT_TRUE(cookie_same_site_unspecified
.IsSetPermittedInContext(context_same_site_strict,
CookieAccessSemantics::UNKNOWN)
.IsSetPermittedInContext(
context_same_site_strict,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status.IsInclude());
EXPECT_TRUE(cookie_same_site_unspecified
.IsSetPermittedInContext(context_cross_site,
CookieAccessSemantics::LEGACY)
.IsSetPermittedInContext(
context_cross_site,
CookieAccessParams(
CookieAccessSemantics::LEGACY,
false /* delegate_treats_url_as_trustworthy */))
.status.IsInclude());
EXPECT_TRUE(cookie_same_site_unspecified
.IsSetPermittedInContext(context_same_site_lax,
CookieAccessSemantics::LEGACY)
.IsSetPermittedInContext(
context_same_site_lax,
CookieAccessParams(
CookieAccessSemantics::LEGACY,
false /* delegate_treats_url_as_trustworthy */))
.status.IsInclude());
EXPECT_TRUE(cookie_same_site_unspecified
.IsSetPermittedInContext(context_same_site_strict,
CookieAccessSemantics::LEGACY)
.IsSetPermittedInContext(
context_same_site_strict,
CookieAccessParams(
CookieAccessSemantics::LEGACY,
false /* delegate_treats_url_as_trustworthy */))
.status.IsInclude());
EXPECT_TRUE(cookie_same_site_unspecified
.IsSetPermittedInContext(context_cross_site,
CookieAccessSemantics::NONLEGACY)
.IsSetPermittedInContext(
context_cross_site,
CookieAccessParams(
CookieAccessSemantics::NONLEGACY,
false /* delegate_treats_url_as_trustworthy */))
.status.HasExactlyExclusionReasonsForTesting(
{CookieInclusionStatus::
EXCLUDE_SAMESITE_UNSPECIFIED_TREATED_AS_LAX}));
EXPECT_TRUE(cookie_same_site_unspecified
.IsSetPermittedInContext(context_same_site_lax,
CookieAccessSemantics::NONLEGACY)
.IsSetPermittedInContext(
context_same_site_lax,
CookieAccessParams(
CookieAccessSemantics::NONLEGACY,
false /* delegate_treats_url_as_trustworthy */))
.status.IsInclude());
EXPECT_TRUE(cookie_same_site_unspecified
.IsSetPermittedInContext(context_same_site_strict,
CookieAccessSemantics::NONLEGACY)
.IsSetPermittedInContext(
context_same_site_strict,
CookieAccessParams(
CookieAccessSemantics::NONLEGACY,
false /* delegate_treats_url_as_trustworthy */))
.status.IsInclude());
}
}
......@@ -2901,7 +3095,10 @@ TEST(CanonicalCookieTest, IsSetPermittedEffectiveSameSite) {
EXPECT_EQ(
cookie_no_restriction
.IsSetPermittedInContext(options, CookieAccessSemantics::UNKNOWN)
.IsSetPermittedInContext(
options, CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.effective_same_site,
CookieEffectiveSameSite::NO_RESTRICTION);
......@@ -2914,7 +3111,10 @@ TEST(CanonicalCookieTest, IsSetPermittedEffectiveSameSite) {
EXPECT_EQ(
cookie_lax
.IsSetPermittedInContext(options, CookieAccessSemantics::UNKNOWN)
.IsSetPermittedInContext(
options, CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.effective_same_site,
CookieEffectiveSameSite::LAX_MODE);
......@@ -2927,7 +3127,10 @@ TEST(CanonicalCookieTest, IsSetPermittedEffectiveSameSite) {
EXPECT_EQ(
cookie_strict
.IsSetPermittedInContext(options, CookieAccessSemantics::UNKNOWN)
.IsSetPermittedInContext(
options, CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.effective_same_site,
CookieEffectiveSameSite::STRICT_MODE);
......@@ -2945,26 +3148,39 @@ TEST(CanonicalCookieTest, IsSetPermittedEffectiveSameSite) {
EXPECT_EQ(
cookie_old_unspecified
.IsSetPermittedInContext(options, CookieAccessSemantics::UNKNOWN)
.IsSetPermittedInContext(
options, CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.effective_same_site,
CookieEffectiveSameSite::LAX_MODE);
EXPECT_EQ(
cookie_unspecified
.IsSetPermittedInContext(options, CookieAccessSemantics::UNKNOWN)
.IsSetPermittedInContext(
options, CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.effective_same_site,
CookieEffectiveSameSite::LAX_MODE_ALLOW_UNSAFE);
EXPECT_EQ(
cookie_unspecified
.IsSetPermittedInContext(options, CookieAccessSemantics::NONLEGACY)
.IsSetPermittedInContext(
options, CookieAccessParams(
CookieAccessSemantics::NONLEGACY,
false /* delegate_treats_url_as_trustworthy */))
.effective_same_site,
CookieEffectiveSameSite::LAX_MODE_ALLOW_UNSAFE);
EXPECT_EQ(cookie_unspecified
.IsSetPermittedInContext(options, CookieAccessSemantics::LEGACY)
.effective_same_site,
CookieEffectiveSameSite::NO_RESTRICTION);
EXPECT_EQ(
cookie_unspecified
.IsSetPermittedInContext(
options, CookieAccessParams(
CookieAccessSemantics::LEGACY,
false /* delegate_treats_url_as_trustworthy */))
.effective_same_site,
CookieEffectiveSameSite::NO_RESTRICTION);
}
} // namespace net
net/cookies/cookie_monster.cc
View file @ c68ce9fe
......@@ -1187,11 +1187,13 @@ void CookieMonster::SetCanonicalCookie(std::unique_ptr<CanonicalCookie> cc,
? net::CookieSourceScheme::kSecure
: net::CookieSourceScheme::kNonSecure);
bool delegate_treats_url_as_trustworthy =
cookie_access_delegate() &&
cookie_access_delegate()->ShouldTreatUrlAsTrustworthy(source_url);
CookieAccessScheme access_scheme =
cookie_util::ProvisionalAccessScheme(source_url);
if (access_scheme == CookieAccessScheme::kNonCryptographic &&
cookie_access_delegate() &&
cookie_access_delegate()->ShouldTreatUrlAsTrustworthy(source_url)) {
delegate_treats_url_as_trustworthy) {
access_scheme = CookieAccessScheme::kTrustworthy;
}
......@@ -1227,8 +1229,11 @@ void CookieMonster::SetCanonicalCookie(std::unique_ptr<CanonicalCookie> cc,
const std::string key(GetKey(cc->Domain()));
cc->IsSetPermittedInContext(options, GetAccessSemanticsForCookie(*cc),
&access_result);
cc->IsSetPermittedInContext(
options,
CookieAccessParams(GetAccessSemanticsForCookie(*cc),
delegate_treats_url_as_trustworthy),
&access_result);
base::Time creation_date = cc->CreationDate();
if (creation_date.is_null()) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment