Skip to content

GitLab

T
tangled
Commit c68ce9fe authored by cfredric's avatar cfredric Committed by Commit Bot
Browse files
Options

Modify IsSetPermittedInContext to take a CookieAccessParam argument. 

Change-Id: I42bb46e23d0bda34b97754f12bbfcf575ae5d691
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2559157
Commit-Queue: Chris Fredrickson <cfredric@chromium.org>
Reviewed-by: default avatarLily Chen <chlily@chromium.org>
Cr-Commit-Position: refs/heads/master@{#831183}
parent f95fe0b1
Hide whitespace changes
Inline Side-by-side
Showing with 343 additions and 122 deletions
net/cookies/canonical_cookie.cc
View file @ c68ce9fe
...@@ -776,17 +776,17 @@ CookieAccessResult CanonicalCookie::IncludeForRequestURL( ...@@ -776,17 +776,17 @@ CookieAccessResult CanonicalCookie::IncludeForRequestURL(
CookieAccessResult CanonicalCookie::IsSetPermittedInContext( CookieAccessResult CanonicalCookie::IsSetPermittedInContext(
const CookieOptions& options, const CookieOptions& options,
CookieAccessSemantics access_semantics) const { const CookieAccessParams& params) const {
CookieAccessResult access_result; CookieAccessResult access_result;
IsSetPermittedInContext(options, access_semantics, &access_result); IsSetPermittedInContext(options, params, &access_result);
return access_result; return access_result;
} }
void CanonicalCookie::IsSetPermittedInContext( void CanonicalCookie::IsSetPermittedInContext(
const CookieOptions& options, const CookieOptions& options,
CookieAccessSemantics access_semantics, const CookieAccessParams& params,
CookieAccessResult* access_result) const { CookieAccessResult* access_result) const {
access_result->access_semantics = access_semantics; access_result->access_semantics = params.access_semantics;
if (options.exclude_httponly() && IsHttpOnly()) { if (options.exclude_httponly() && IsHttpOnly()) {
DVLOG(net::cookie_util::kVlogSetCookies) DVLOG(net::cookie_util::kVlogSetCookies)
<< "HttpOnly cookie not permitted in script context."; << "HttpOnly cookie not permitted in script context.";
...@@ -797,7 +797,7 @@ void CanonicalCookie::IsSetPermittedInContext( ...@@ -797,7 +797,7 @@ void CanonicalCookie::IsSetPermittedInContext(
// If both SameSiteByDefaultCookies and CookiesWithoutSameSiteMustBeSecure // If both SameSiteByDefaultCookies and CookiesWithoutSameSiteMustBeSecure
// are enabled, non-SameSite cookies without the Secure attribute will be // are enabled, non-SameSite cookies without the Secure attribute will be
// rejected. // rejected.
if (access_semantics != CookieAccessSemantics::LEGACY && if (params.access_semantics != CookieAccessSemantics::LEGACY &&
cookie_util::IsCookiesWithoutSameSiteMustBeSecureEnabled() && cookie_util::IsCookiesWithoutSameSiteMustBeSecureEnabled() &&
SameSite() == CookieSameSite::NO_RESTRICTION && !IsSecure()) { SameSite() == CookieSameSite::NO_RESTRICTION && !IsSecure()) {
DVLOG(net::cookie_util::kVlogSetCookies) DVLOG(net::cookie_util::kVlogSetCookies)
...@@ -813,11 +813,12 @@ void CanonicalCookie::IsSetPermittedInContext( ...@@ -813,11 +813,12 @@ void CanonicalCookie::IsSetPermittedInContext(
// For LEGACY cookies we should always return the schemeless context, // For LEGACY cookies we should always return the schemeless context,
// otherwise let GetContextForCookieInclusion() decide. // otherwise let GetContextForCookieInclusion() decide.
CookieOptions::SameSiteCookieContext::ContextType cookie_inclusion_context = CookieOptions::SameSiteCookieContext::ContextType cookie_inclusion_context =
access_semantics == CookieAccessSemantics::LEGACY params.access_semantics == CookieAccessSemantics::LEGACY
? options.same_site_cookie_context().context() ? options.same_site_cookie_context().context()
: options.same_site_cookie_context().GetContextForCookieInclusion(); : options.same_site_cookie_context().GetContextForCookieInclusion();
access_result->effective_same_site = GetEffectiveSameSite(access_semantics); access_result->effective_same_site =
GetEffectiveSameSite(params.access_semantics);
DCHECK(access_result->effective_same_site != DCHECK(access_result->effective_same_site !=
CookieEffectiveSameSite::UNDEFINED); CookieEffectiveSameSite::UNDEFINED);
switch (access_result->effective_same_site) { switch (access_result->effective_same_site) {
......
net/cookies/canonical_cookie.h
View file @ c68ce9fe
...@@ -307,18 +307,17 @@ class NET_EXPORT CanonicalCookie { ...@@ -307,18 +307,17 @@ class NET_EXPORT CanonicalCookie {
const CookieAccessParams& params) const; const CookieAccessParams& params) const;
// Returns if the cookie with given attributes can be set in context described // Returns if the cookie with given attributes can be set in context described
// by |options|, and if no, describes why. // by |options| and |params|, and if no, describes why.
// WARNING: this does not cover checking whether secure cookies are set in // TODO(cfredric): this does not cover checking whether secure cookies are set
// a secure schema, since whether the schema is secure isn't part of // in a secure scheme, since whether the scheme is secure isn't part of
// |options|. // |options|.
CookieAccessResult IsSetPermittedInContext( CookieAccessResult IsSetPermittedInContext(
const CookieOptions& options, const CookieOptions& options,
CookieAccessSemantics access_semantics = const CookieAccessParams& params) const;
CookieAccessSemantics::UNKNOWN) const;
// Overload that updates an existing |status| rather than returning a new one. // Overload that updates an existing |status| rather than returning a new one.
void IsSetPermittedInContext(const CookieOptions& options, void IsSetPermittedInContext(const CookieOptions& options,
CookieAccessSemantics access_semantics, const CookieAccessParams& params,
CookieAccessResult* access_result) const; CookieAccessResult* access_result) const;
std::string DebugString() const; std::string DebugString() const;
......
net/cookies/canonical_cookie_unittest.cc
View file @ c68ce9fe
...@@ -1464,10 +1464,15 @@ TEST(CanonicalCookieTest, MultipleExclusionReasons) { ...@@ -1464,10 +1464,15 @@ TEST(CanonicalCookieTest, MultipleExclusionReasons) {
auto cookie3 = CanonicalCookie::Create( auto cookie3 = CanonicalCookie::Create(
url, "name=value;HttpOnly;SameSite=Lax", creation_time, server_time); url, "name=value;HttpOnly;SameSite=Lax", creation_time, server_time);
ASSERT_TRUE(cookie3); ASSERT_TRUE(cookie3);
EXPECT_TRUE(cookie3->IsSetPermittedInContext(options) EXPECT_TRUE(
.status.HasExactlyExclusionReasonsForTesting( cookie3
{CookieInclusionStatus::EXCLUDE_HTTP_ONLY, ->IsSetPermittedInContext(
CookieInclusionStatus::EXCLUDE_SAMESITE_LAX})); options, CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status.HasExactlyExclusionReasonsForTesting(
{CookieInclusionStatus::EXCLUDE_HTTP_ONLY,
CookieInclusionStatus::EXCLUDE_SAMESITE_LAX}));
} }
TEST(CanonicalCookieTest, PartialCompare) { TEST(CanonicalCookieTest, PartialCompare) {
...@@ -2509,14 +2514,34 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) { ...@@ -2509,14 +2514,34 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) {
CookieOptions context_network; CookieOptions context_network;
context_network.set_include_httponly(); context_network.set_include_httponly();
EXPECT_TRUE(cookie_scriptable.IsSetPermittedInContext(context_network) EXPECT_TRUE(cookie_scriptable
.IsSetPermittedInContext(
context_network,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status.IsInclude()); .status.IsInclude());
EXPECT_TRUE(cookie_scriptable.IsSetPermittedInContext(context_script) EXPECT_TRUE(cookie_scriptable
.IsSetPermittedInContext(
context_script,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status.IsInclude()); .status.IsInclude());
EXPECT_TRUE(cookie_httponly.IsSetPermittedInContext(context_network) EXPECT_TRUE(cookie_httponly
.IsSetPermittedInContext(
context_network,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status.IsInclude()); .status.IsInclude());
EXPECT_TRUE(cookie_httponly.IsSetPermittedInContext(context_script) EXPECT_TRUE(cookie_httponly
.IsSetPermittedInContext(
context_script,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status.HasExactlyExclusionReasonsForTesting( .status.HasExactlyExclusionReasonsForTesting(
{CookieInclusionStatus::EXCLUDE_HTTP_ONLY})); {CookieInclusionStatus::EXCLUDE_HTTP_ONLY}));
...@@ -2555,13 +2580,25 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) { ...@@ -2555,13 +2580,25 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) {
CookieSameSite::NO_RESTRICTION, COOKIE_PRIORITY_DEFAULT, false); CookieSameSite::NO_RESTRICTION, COOKIE_PRIORITY_DEFAULT, false);
EXPECT_TRUE(cookie_same_site_unrestricted EXPECT_TRUE(cookie_same_site_unrestricted
.IsSetPermittedInContext(context_cross_site) .IsSetPermittedInContext(
context_cross_site,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status.IsInclude()); .status.IsInclude());
EXPECT_TRUE(cookie_same_site_unrestricted EXPECT_TRUE(cookie_same_site_unrestricted
.IsSetPermittedInContext(context_same_site_lax) .IsSetPermittedInContext(
context_same_site_lax,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status.IsInclude()); .status.IsInclude());
EXPECT_TRUE(cookie_same_site_unrestricted EXPECT_TRUE(cookie_same_site_unrestricted
.IsSetPermittedInContext(context_same_site_strict) .IsSetPermittedInContext(
context_same_site_strict,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status.IsInclude()); .status.IsInclude());
{ {
...@@ -2571,19 +2608,31 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) { ...@@ -2571,19 +2608,31 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) {
CookieInclusionStatus status_strict_to_lax = CookieInclusionStatus status_strict_to_lax =
cookie_same_site_unrestricted cookie_same_site_unrestricted
.IsSetPermittedInContext(context_same_site_strict_to_lax) .IsSetPermittedInContext(
context_same_site_strict_to_lax,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status; .status;
EXPECT_TRUE(status_strict_to_lax.IsInclude()); EXPECT_TRUE(status_strict_to_lax.IsInclude());
EXPECT_FALSE(status_strict_to_lax.HasDowngradeWarning()); EXPECT_FALSE(status_strict_to_lax.HasDowngradeWarning());
CookieInclusionStatus status_strict_to_cross = CookieInclusionStatus status_strict_to_cross =
cookie_same_site_unrestricted cookie_same_site_unrestricted
.IsSetPermittedInContext(context_same_site_strict_to_cross) .IsSetPermittedInContext(
context_same_site_strict_to_cross,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status; .status;
EXPECT_TRUE(status_strict_to_cross.IsInclude()); EXPECT_TRUE(status_strict_to_cross.IsInclude());
EXPECT_FALSE(status_strict_to_cross.HasDowngradeWarning()); EXPECT_FALSE(status_strict_to_cross.HasDowngradeWarning());
CookieInclusionStatus status_lax_to_cross = CookieInclusionStatus status_lax_to_cross =
cookie_same_site_unrestricted cookie_same_site_unrestricted
.IsSetPermittedInContext(context_same_site_lax_to_cross) .IsSetPermittedInContext(
context_same_site_lax_to_cross,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status; .status;
EXPECT_TRUE(status_lax_to_cross.IsInclude()); EXPECT_TRUE(status_lax_to_cross.IsInclude());
EXPECT_FALSE(status_lax_to_cross.HasDowngradeWarning()); EXPECT_FALSE(status_lax_to_cross.HasDowngradeWarning());
...@@ -2595,19 +2644,31 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) { ...@@ -2595,19 +2644,31 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) {
CookieInclusionStatus status_strict_to_lax = CookieInclusionStatus status_strict_to_lax =
cookie_same_site_unrestricted cookie_same_site_unrestricted
.IsSetPermittedInContext(context_same_site_strict_to_lax) .IsSetPermittedInContext(
context_same_site_strict_to_lax,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status; .status;
EXPECT_TRUE(status_strict_to_lax.IsInclude()); EXPECT_TRUE(status_strict_to_lax.IsInclude());
EXPECT_FALSE(status_strict_to_lax.HasDowngradeWarning()); EXPECT_FALSE(status_strict_to_lax.HasDowngradeWarning());
CookieInclusionStatus status_strict_to_cross = CookieInclusionStatus status_strict_to_cross =
cookie_same_site_unrestricted cookie_same_site_unrestricted
.IsSetPermittedInContext(context_same_site_strict_to_cross) .IsSetPermittedInContext(
context_same_site_strict_to_cross,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status; .status;
EXPECT_TRUE(status_strict_to_cross.IsInclude()); EXPECT_TRUE(status_strict_to_cross.IsInclude());
EXPECT_FALSE(status_strict_to_cross.HasDowngradeWarning()); EXPECT_FALSE(status_strict_to_cross.HasDowngradeWarning());
CookieInclusionStatus status_lax_to_cross = CookieInclusionStatus status_lax_to_cross =
cookie_same_site_unrestricted cookie_same_site_unrestricted
.IsSetPermittedInContext(context_same_site_lax_to_cross) .IsSetPermittedInContext(
context_same_site_lax_to_cross,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status; .status;
EXPECT_TRUE(status_lax_to_cross.IsInclude()); EXPECT_TRUE(status_lax_to_cross.IsInclude());
EXPECT_FALSE(status_lax_to_cross.HasDowngradeWarning()); EXPECT_FALSE(status_lax_to_cross.HasDowngradeWarning());
...@@ -2620,15 +2681,28 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) { ...@@ -2620,15 +2681,28 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) {
base::Time(), true /*secure*/, false /*httponly*/, base::Time(), true /*secure*/, false /*httponly*/,
CookieSameSite::LAX_MODE, COOKIE_PRIORITY_DEFAULT, false); CookieSameSite::LAX_MODE, COOKIE_PRIORITY_DEFAULT, false);
EXPECT_TRUE(cookie_same_site_lax.IsSetPermittedInContext(context_cross_site) EXPECT_TRUE(cookie_same_site_lax
.IsSetPermittedInContext(
context_cross_site,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status.HasExactlyExclusionReasonsForTesting( .status.HasExactlyExclusionReasonsForTesting(
{CookieInclusionStatus::EXCLUDE_SAMESITE_LAX})); {CookieInclusionStatus::EXCLUDE_SAMESITE_LAX}));
EXPECT_TRUE( EXPECT_TRUE(cookie_same_site_lax
cookie_same_site_lax.IsSetPermittedInContext(context_same_site_lax) .IsSetPermittedInContext(
.status.IsInclude()); context_same_site_lax,
EXPECT_TRUE( CookieAccessParams(
cookie_same_site_lax.IsSetPermittedInContext(context_same_site_strict) CookieAccessSemantics::UNKNOWN,
.status.IsInclude()); false /* delegate_treats_url_as_trustworthy */))
.status.IsInclude());
EXPECT_TRUE(cookie_same_site_lax
.IsSetPermittedInContext(
context_same_site_strict,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status.IsInclude());
{ {
// Schemeful Same-Site disabled. // Schemeful Same-Site disabled.
...@@ -2637,20 +2711,32 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) { ...@@ -2637,20 +2711,32 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) {
CookieInclusionStatus status_strict_to_lax = CookieInclusionStatus status_strict_to_lax =
cookie_same_site_lax cookie_same_site_lax
.IsSetPermittedInContext(context_same_site_strict_to_lax) .IsSetPermittedInContext(
context_same_site_strict_to_lax,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status; .status;
EXPECT_TRUE(status_strict_to_lax.IsInclude()); EXPECT_TRUE(status_strict_to_lax.IsInclude());
EXPECT_FALSE(status_strict_to_lax.HasDowngradeWarning()); EXPECT_FALSE(status_strict_to_lax.HasDowngradeWarning());
CookieInclusionStatus status_strict_to_cross = CookieInclusionStatus status_strict_to_cross =
cookie_same_site_lax cookie_same_site_lax
.IsSetPermittedInContext(context_same_site_strict_to_cross) .IsSetPermittedInContext(
context_same_site_strict_to_cross,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status; .status;
EXPECT_TRUE(status_strict_to_cross.IsInclude()); EXPECT_TRUE(status_strict_to_cross.IsInclude());
EXPECT_TRUE(status_strict_to_cross.HasWarningReason( EXPECT_TRUE(status_strict_to_cross.HasWarningReason(
CookieInclusionStatus::WARN_STRICT_CROSS_DOWNGRADE_LAX_SAMESITE)); CookieInclusionStatus::WARN_STRICT_CROSS_DOWNGRADE_LAX_SAMESITE));
CookieInclusionStatus status_lax_to_cross = CookieInclusionStatus status_lax_to_cross =
cookie_same_site_lax cookie_same_site_lax
.IsSetPermittedInContext(context_same_site_lax_to_cross) .IsSetPermittedInContext(
context_same_site_lax_to_cross,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status; .status;
EXPECT_TRUE(status_lax_to_cross.IsInclude()); EXPECT_TRUE(status_lax_to_cross.IsInclude());
EXPECT_TRUE(status_lax_to_cross.HasWarningReason( EXPECT_TRUE(status_lax_to_cross.HasWarningReason(
...@@ -2663,13 +2749,21 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) { ...@@ -2663,13 +2749,21 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) {
CookieInclusionStatus status_strict_to_lax = CookieInclusionStatus status_strict_to_lax =
cookie_same_site_lax cookie_same_site_lax
.IsSetPermittedInContext(context_same_site_strict_to_lax) .IsSetPermittedInContext(
context_same_site_strict_to_lax,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status; .status;
EXPECT_TRUE(status_strict_to_lax.IsInclude()); EXPECT_TRUE(status_strict_to_lax.IsInclude());
EXPECT_FALSE(status_strict_to_lax.HasDowngradeWarning()); EXPECT_FALSE(status_strict_to_lax.HasDowngradeWarning());
CookieInclusionStatus status_strict_to_cross = CookieInclusionStatus status_strict_to_cross =
cookie_same_site_lax cookie_same_site_lax
.IsSetPermittedInContext(context_same_site_strict_to_cross) .IsSetPermittedInContext(
context_same_site_strict_to_cross,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status; .status;
EXPECT_FALSE(status_strict_to_cross.IsInclude()); EXPECT_FALSE(status_strict_to_cross.IsInclude());
EXPECT_TRUE(status_strict_to_cross.HasWarningReason( EXPECT_TRUE(status_strict_to_cross.HasWarningReason(
...@@ -2678,7 +2772,11 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) { ...@@ -2678,7 +2772,11 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) {
CookieInclusionStatus::EXCLUDE_SAMESITE_LAX)); CookieInclusionStatus::EXCLUDE_SAMESITE_LAX));
CookieInclusionStatus status_lax_to_cross = CookieInclusionStatus status_lax_to_cross =
cookie_same_site_lax cookie_same_site_lax
.IsSetPermittedInContext(context_same_site_lax_to_cross) .IsSetPermittedInContext(
context_same_site_lax_to_cross,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status; .status;
EXPECT_FALSE(status_lax_to_cross.IsInclude()); EXPECT_FALSE(status_lax_to_cross.IsInclude());
EXPECT_TRUE(status_lax_to_cross.HasWarningReason( EXPECT_TRUE(status_lax_to_cross.HasWarningReason(
...@@ -2696,15 +2794,27 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) { ...@@ -2696,15 +2794,27 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) {
// TODO(morlovich): Do compatibility testing on whether set of strict in lax // TODO(morlovich): Do compatibility testing on whether set of strict in lax
// context really should be accepted. // context really should be accepted.
EXPECT_TRUE(
cookie_same_site_strict.IsSetPermittedInContext(context_cross_site)
.status.HasExactlyExclusionReasonsForTesting(
{CookieInclusionStatus::EXCLUDE_SAMESITE_STRICT}));
EXPECT_TRUE(
cookie_same_site_strict.IsSetPermittedInContext(context_same_site_lax)
.status.IsInclude());
EXPECT_TRUE(cookie_same_site_strict EXPECT_TRUE(cookie_same_site_strict
.IsSetPermittedInContext(context_same_site_strict) .IsSetPermittedInContext(
context_cross_site,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status.HasExactlyExclusionReasonsForTesting(
{CookieInclusionStatus::EXCLUDE_SAMESITE_STRICT}));
EXPECT_TRUE(cookie_same_site_strict
.IsSetPermittedInContext(
context_same_site_lax,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status.IsInclude());
EXPECT_TRUE(cookie_same_site_strict
.IsSetPermittedInContext(
context_same_site_strict,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status.IsInclude()); .status.IsInclude());
{ {
...@@ -2714,20 +2824,32 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) { ...@@ -2714,20 +2824,32 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) {
CookieInclusionStatus status_strict_to_lax = CookieInclusionStatus status_strict_to_lax =
cookie_same_site_strict cookie_same_site_strict
.IsSetPermittedInContext(context_same_site_strict_to_lax) .IsSetPermittedInContext(
context_same_site_strict_to_lax,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status; .status;
EXPECT_TRUE(status_strict_to_lax.IsInclude()); EXPECT_TRUE(status_strict_to_lax.IsInclude());
EXPECT_FALSE(status_strict_to_lax.HasDowngradeWarning()); EXPECT_FALSE(status_strict_to_lax.HasDowngradeWarning());
CookieInclusionStatus status_strict_to_cross = CookieInclusionStatus status_strict_to_cross =
cookie_same_site_strict cookie_same_site_strict
.IsSetPermittedInContext(context_same_site_strict_to_cross) .IsSetPermittedInContext(
context_same_site_strict_to_cross,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status; .status;
EXPECT_TRUE(status_strict_to_cross.IsInclude()); EXPECT_TRUE(status_strict_to_cross.IsInclude());
EXPECT_TRUE(status_strict_to_cross.HasWarningReason( EXPECT_TRUE(status_strict_to_cross.HasWarningReason(
CookieInclusionStatus::WARN_STRICT_CROSS_DOWNGRADE_STRICT_SAMESITE)); CookieInclusionStatus::WARN_STRICT_CROSS_DOWNGRADE_STRICT_SAMESITE));
CookieInclusionStatus status_lax_to_cross = CookieInclusionStatus status_lax_to_cross =
cookie_same_site_strict cookie_same_site_strict
.IsSetPermittedInContext(context_same_site_lax_to_cross) .IsSetPermittedInContext(
context_same_site_lax_to_cross,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status; .status;
EXPECT_TRUE(status_lax_to_cross.IsInclude()); EXPECT_TRUE(status_lax_to_cross.IsInclude());
EXPECT_TRUE(status_lax_to_cross.HasWarningReason( EXPECT_TRUE(status_lax_to_cross.HasWarningReason(
...@@ -2740,13 +2862,21 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) { ...@@ -2740,13 +2862,21 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) {
CookieInclusionStatus status_strict_to_lax = CookieInclusionStatus status_strict_to_lax =
cookie_same_site_strict cookie_same_site_strict
.IsSetPermittedInContext(context_same_site_strict_to_lax) .IsSetPermittedInContext(
context_same_site_strict_to_lax,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status; .status;
EXPECT_TRUE(status_strict_to_lax.IsInclude()); EXPECT_TRUE(status_strict_to_lax.IsInclude());
EXPECT_FALSE(status_strict_to_lax.HasDowngradeWarning()); EXPECT_FALSE(status_strict_to_lax.HasDowngradeWarning());
CookieInclusionStatus status_strict_to_cross = CookieInclusionStatus status_strict_to_cross =
cookie_same_site_strict cookie_same_site_strict
.IsSetPermittedInContext(context_same_site_strict_to_cross) .IsSetPermittedInContext(
context_same_site_strict_to_cross,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status; .status;
EXPECT_FALSE(status_strict_to_cross.IsInclude()); EXPECT_FALSE(status_strict_to_cross.IsInclude());
EXPECT_TRUE(status_strict_to_cross.HasWarningReason( EXPECT_TRUE(status_strict_to_cross.HasWarningReason(
...@@ -2755,7 +2885,11 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) { ...@@ -2755,7 +2885,11 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) {
CookieInclusionStatus::EXCLUDE_SAMESITE_STRICT)); CookieInclusionStatus::EXCLUDE_SAMESITE_STRICT));
CookieInclusionStatus status_lax_to_cross = CookieInclusionStatus status_lax_to_cross =
cookie_same_site_strict cookie_same_site_strict
.IsSetPermittedInContext(context_same_site_lax_to_cross) .IsSetPermittedInContext(
context_same_site_lax_to_cross,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status; .status;
EXPECT_FALSE(status_lax_to_cross.IsInclude()); EXPECT_FALSE(status_lax_to_cross.IsInclude());
EXPECT_TRUE(status_lax_to_cross.HasWarningReason( EXPECT_TRUE(status_lax_to_cross.HasWarningReason(
...@@ -2770,23 +2904,29 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) { ...@@ -2770,23 +2904,29 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) {
base::test::ScopedFeatureList feature_list; base::test::ScopedFeatureList feature_list;
feature_list.InitAndEnableFeature(features::kSchemefulSameSite); feature_list.InitAndEnableFeature(features::kSchemefulSameSite);
EXPECT_FALSE( EXPECT_FALSE(cookie_same_site_strict
cookie_same_site_strict .IsSetPermittedInContext(
.IsSetPermittedInContext(context_same_site_strict_to_cross, context_same_site_strict_to_cross,
CookieAccessSemantics::UNKNOWN) CookieAccessParams(
.status.IsInclude()); CookieAccessSemantics::UNKNOWN,
EXPECT_FALSE( false /* delegate_treats_url_as_trustworthy */))
cookie_same_site_strict .status.IsInclude());
.IsSetPermittedInContext(context_same_site_strict_to_cross, EXPECT_FALSE(cookie_same_site_strict
CookieAccessSemantics::NONLEGACY) .IsSetPermittedInContext(
.status.IsInclude()); context_same_site_strict_to_cross,
CookieAccessParams(
CookieAccessSemantics::NONLEGACY,
false /* delegate_treats_url_as_trustworthy */))
.status.IsInclude());
// LEGACY semantics should allow cookies which Schemeful Same-Site would // LEGACY semantics should allow cookies which Schemeful Same-Site would
// normally block. // normally block.
EXPECT_TRUE( EXPECT_TRUE(cookie_same_site_strict
cookie_same_site_strict .IsSetPermittedInContext(
.IsSetPermittedInContext(context_same_site_strict_to_cross, context_same_site_strict_to_cross,
CookieAccessSemantics::LEGACY) CookieAccessParams(
.status.IsInclude()); CookieAccessSemantics::LEGACY,
false /* delegate_treats_url_as_trustworthy */))
.status.IsInclude());
} }
} }
...@@ -2801,42 +2941,69 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) { ...@@ -2801,42 +2941,69 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) {
feature_list.InitAndDisableFeature(features::kSameSiteByDefaultCookies); feature_list.InitAndDisableFeature(features::kSameSiteByDefaultCookies);
EXPECT_TRUE(cookie_same_site_unspecified EXPECT_TRUE(cookie_same_site_unspecified
.IsSetPermittedInContext(context_cross_site, .IsSetPermittedInContext(
CookieAccessSemantics::UNKNOWN) context_cross_site,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status.IsInclude()); .status.IsInclude());
EXPECT_TRUE(cookie_same_site_unspecified EXPECT_TRUE(cookie_same_site_unspecified
.IsSetPermittedInContext(context_same_site_lax, .IsSetPermittedInContext(
CookieAccessSemantics::UNKNOWN) context_same_site_lax,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status.IsInclude()); .status.IsInclude());
EXPECT_TRUE(cookie_same_site_unspecified EXPECT_TRUE(cookie_same_site_unspecified
.IsSetPermittedInContext(context_same_site_strict, .IsSetPermittedInContext(
CookieAccessSemantics::UNKNOWN) context_same_site_strict,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status.IsInclude()); .status.IsInclude());
EXPECT_TRUE(cookie_same_site_unspecified EXPECT_TRUE(cookie_same_site_unspecified
.IsSetPermittedInContext(context_cross_site, .IsSetPermittedInContext(
CookieAccessSemantics::LEGACY) context_cross_site,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status.IsInclude()); .status.IsInclude());
EXPECT_TRUE(cookie_same_site_unspecified EXPECT_TRUE(cookie_same_site_unspecified
.IsSetPermittedInContext(context_same_site_lax, .IsSetPermittedInContext(
CookieAccessSemantics::LEGACY) context_same_site_lax,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status.IsInclude()); .status.IsInclude());
EXPECT_TRUE(cookie_same_site_unspecified EXPECT_TRUE(cookie_same_site_unspecified
.IsSetPermittedInContext(context_same_site_strict, .IsSetPermittedInContext(
CookieAccessSemantics::LEGACY) context_same_site_strict,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status.IsInclude()); .status.IsInclude());
EXPECT_TRUE(cookie_same_site_unspecified EXPECT_TRUE(cookie_same_site_unspecified
.IsSetPermittedInContext(context_cross_site, .IsSetPermittedInContext(
CookieAccessSemantics::NONLEGACY) context_cross_site,
CookieAccessParams(
CookieAccessSemantics::NONLEGACY,
false /* delegate_treats_url_as_trustworthy */))
.status.HasExactlyExclusionReasonsForTesting( .status.HasExactlyExclusionReasonsForTesting(
{CookieInclusionStatus:: {CookieInclusionStatus::
EXCLUDE_SAMESITE_UNSPECIFIED_TREATED_AS_LAX})); EXCLUDE_SAMESITE_UNSPECIFIED_TREATED_AS_LAX}));
EXPECT_TRUE(cookie_same_site_unspecified EXPECT_TRUE(cookie_same_site_unspecified
.IsSetPermittedInContext(context_same_site_lax, .IsSetPermittedInContext(
CookieAccessSemantics::NONLEGACY) context_same_site_lax,
CookieAccessParams(
CookieAccessSemantics::NONLEGACY,
false /* delegate_treats_url_as_trustworthy */))
.status.IsInclude()); .status.IsInclude());
EXPECT_TRUE(cookie_same_site_unspecified EXPECT_TRUE(cookie_same_site_unspecified
.IsSetPermittedInContext(context_same_site_strict, .IsSetPermittedInContext(
CookieAccessSemantics::NONLEGACY) context_same_site_strict,
CookieAccessParams(
CookieAccessSemantics::NONLEGACY,
false /* delegate_treats_url_as_trustworthy */))
.status.IsInclude()); .status.IsInclude());
} }
...@@ -2845,44 +3012,71 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) { ...@@ -2845,44 +3012,71 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) {
feature_list.InitAndEnableFeature(features::kSameSiteByDefaultCookies); feature_list.InitAndEnableFeature(features::kSameSiteByDefaultCookies);
EXPECT_TRUE(cookie_same_site_unspecified EXPECT_TRUE(cookie_same_site_unspecified
.IsSetPermittedInContext(context_cross_site, .IsSetPermittedInContext(
CookieAccessSemantics::UNKNOWN) context_cross_site,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status.HasExactlyExclusionReasonsForTesting( .status.HasExactlyExclusionReasonsForTesting(
{CookieInclusionStatus:: {CookieInclusionStatus::
EXCLUDE_SAMESITE_UNSPECIFIED_TREATED_AS_LAX})); EXCLUDE_SAMESITE_UNSPECIFIED_TREATED_AS_LAX}));
EXPECT_TRUE(cookie_same_site_unspecified EXPECT_TRUE(cookie_same_site_unspecified
.IsSetPermittedInContext(context_same_site_lax, .IsSetPermittedInContext(
CookieAccessSemantics::UNKNOWN) context_same_site_lax,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status.IsInclude()); .status.IsInclude());
EXPECT_TRUE(cookie_same_site_unspecified EXPECT_TRUE(cookie_same_site_unspecified
.IsSetPermittedInContext(context_same_site_strict, .IsSetPermittedInContext(
CookieAccessSemantics::UNKNOWN) context_same_site_strict,
CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.status.IsInclude()); .status.IsInclude());
EXPECT_TRUE(cookie_same_site_unspecified EXPECT_TRUE(cookie_same_site_unspecified
.IsSetPermittedInContext(context_cross_site, .IsSetPermittedInContext(
CookieAccessSemantics::LEGACY) context_cross_site,
CookieAccessParams(
CookieAccessSemantics::LEGACY,
false /* delegate_treats_url_as_trustworthy */))
.status.IsInclude()); .status.IsInclude());
EXPECT_TRUE(cookie_same_site_unspecified EXPECT_TRUE(cookie_same_site_unspecified
.IsSetPermittedInContext(context_same_site_lax, .IsSetPermittedInContext(
CookieAccessSemantics::LEGACY) context_same_site_lax,
CookieAccessParams(
CookieAccessSemantics::LEGACY,
false /* delegate_treats_url_as_trustworthy */))
.status.IsInclude()); .status.IsInclude());
EXPECT_TRUE(cookie_same_site_unspecified EXPECT_TRUE(cookie_same_site_unspecified
.IsSetPermittedInContext(context_same_site_strict, .IsSetPermittedInContext(
CookieAccessSemantics::LEGACY) context_same_site_strict,
CookieAccessParams(
CookieAccessSemantics::LEGACY,
false /* delegate_treats_url_as_trustworthy */))
.status.IsInclude()); .status.IsInclude());
EXPECT_TRUE(cookie_same_site_unspecified EXPECT_TRUE(cookie_same_site_unspecified
.IsSetPermittedInContext(context_cross_site, .IsSetPermittedInContext(
CookieAccessSemantics::NONLEGACY) context_cross_site,
CookieAccessParams(
CookieAccessSemantics::NONLEGACY,
false /* delegate_treats_url_as_trustworthy */))
.status.HasExactlyExclusionReasonsForTesting( .status.HasExactlyExclusionReasonsForTesting(
{CookieInclusionStatus:: {CookieInclusionStatus::
EXCLUDE_SAMESITE_UNSPECIFIED_TREATED_AS_LAX})); EXCLUDE_SAMESITE_UNSPECIFIED_TREATED_AS_LAX}));
EXPECT_TRUE(cookie_same_site_unspecified EXPECT_TRUE(cookie_same_site_unspecified
.IsSetPermittedInContext(context_same_site_lax, .IsSetPermittedInContext(
CookieAccessSemantics::NONLEGACY) context_same_site_lax,
CookieAccessParams(
CookieAccessSemantics::NONLEGACY,
false /* delegate_treats_url_as_trustworthy */))
.status.IsInclude()); .status.IsInclude());
EXPECT_TRUE(cookie_same_site_unspecified EXPECT_TRUE(cookie_same_site_unspecified
.IsSetPermittedInContext(context_same_site_strict, .IsSetPermittedInContext(
CookieAccessSemantics::NONLEGACY) context_same_site_strict,
CookieAccessParams(
CookieAccessSemantics::NONLEGACY,
false /* delegate_treats_url_as_trustworthy */))
.status.IsInclude()); .status.IsInclude());
} }
} }
...@@ -2901,7 +3095,10 @@ TEST(CanonicalCookieTest, IsSetPermittedEffectiveSameSite) { ...@@ -2901,7 +3095,10 @@ TEST(CanonicalCookieTest, IsSetPermittedEffectiveSameSite) {
EXPECT_EQ( EXPECT_EQ(
cookie_no_restriction cookie_no_restriction
.IsSetPermittedInContext(options, CookieAccessSemantics::UNKNOWN) .IsSetPermittedInContext(
options, CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.effective_same_site, .effective_same_site,
CookieEffectiveSameSite::NO_RESTRICTION); CookieEffectiveSameSite::NO_RESTRICTION);
...@@ -2914,7 +3111,10 @@ TEST(CanonicalCookieTest, IsSetPermittedEffectiveSameSite) { ...@@ -2914,7 +3111,10 @@ TEST(CanonicalCookieTest, IsSetPermittedEffectiveSameSite) {
EXPECT_EQ( EXPECT_EQ(
cookie_lax cookie_lax
.IsSetPermittedInContext(options, CookieAccessSemantics::UNKNOWN) .IsSetPermittedInContext(
options, CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.effective_same_site, .effective_same_site,
CookieEffectiveSameSite::LAX_MODE); CookieEffectiveSameSite::LAX_MODE);
...@@ -2927,7 +3127,10 @@ TEST(CanonicalCookieTest, IsSetPermittedEffectiveSameSite) { ...@@ -2927,7 +3127,10 @@ TEST(CanonicalCookieTest, IsSetPermittedEffectiveSameSite) {
EXPECT_EQ( EXPECT_EQ(
cookie_strict cookie_strict
.IsSetPermittedInContext(options, CookieAccessSemantics::UNKNOWN) .IsSetPermittedInContext(
options, CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.effective_same_site, .effective_same_site,
CookieEffectiveSameSite::STRICT_MODE); CookieEffectiveSameSite::STRICT_MODE);
...@@ -2945,26 +3148,39 @@ TEST(CanonicalCookieTest, IsSetPermittedEffectiveSameSite) { ...@@ -2945,26 +3148,39 @@ TEST(CanonicalCookieTest, IsSetPermittedEffectiveSameSite) {
EXPECT_EQ( EXPECT_EQ(
cookie_old_unspecified cookie_old_unspecified
.IsSetPermittedInContext(options, CookieAccessSemantics::UNKNOWN) .IsSetPermittedInContext(
options, CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.effective_same_site, .effective_same_site,
CookieEffectiveSameSite::LAX_MODE); CookieEffectiveSameSite::LAX_MODE);
EXPECT_EQ( EXPECT_EQ(
cookie_unspecified cookie_unspecified
.IsSetPermittedInContext(options, CookieAccessSemantics::UNKNOWN) .IsSetPermittedInContext(
options, CookieAccessParams(
CookieAccessSemantics::UNKNOWN,
false /* delegate_treats_url_as_trustworthy */))
.effective_same_site, .effective_same_site,
CookieEffectiveSameSite::LAX_MODE_ALLOW_UNSAFE); CookieEffectiveSameSite::LAX_MODE_ALLOW_UNSAFE);
EXPECT_EQ( EXPECT_EQ(
cookie_unspecified cookie_unspecified
.IsSetPermittedInContext(options, CookieAccessSemantics::NONLEGACY) .IsSetPermittedInContext(
options, CookieAccessParams(
CookieAccessSemantics::NONLEGACY,
false /* delegate_treats_url_as_trustworthy */))
.effective_same_site, .effective_same_site,
CookieEffectiveSameSite::LAX_MODE_ALLOW_UNSAFE); CookieEffectiveSameSite::LAX_MODE_ALLOW_UNSAFE);
EXPECT_EQ(cookie_unspecified EXPECT_EQ(
.IsSetPermittedInContext(options, CookieAccessSemantics::LEGACY) cookie_unspecified
.effective_same_site, .IsSetPermittedInContext(
CookieEffectiveSameSite::NO_RESTRICTION); options, CookieAccessParams(
CookieAccessSemantics::LEGACY,
false /* delegate_treats_url_as_trustworthy */))
.effective_same_site,
CookieEffectiveSameSite::NO_RESTRICTION);
} }
} // namespace net } // namespace net
net/cookies/cookie_monster.cc
View file @ c68ce9fe
...@@ -1187,11 +1187,13 @@ void CookieMonster::SetCanonicalCookie(std::unique_ptr<CanonicalCookie> cc, ...@@ -1187,11 +1187,13 @@ void CookieMonster::SetCanonicalCookie(std::unique_ptr<CanonicalCookie> cc,
? net::CookieSourceScheme::kSecure ? net::CookieSourceScheme::kSecure
: net::CookieSourceScheme::kNonSecure); : net::CookieSourceScheme::kNonSecure);
bool delegate_treats_url_as_trustworthy =
cookie_access_delegate() &&
cookie_access_delegate()->ShouldTreatUrlAsTrustworthy(source_url);
CookieAccessScheme access_scheme = CookieAccessScheme access_scheme =
cookie_util::ProvisionalAccessScheme(source_url); cookie_util::ProvisionalAccessScheme(source_url);
if (access_scheme == CookieAccessScheme::kNonCryptographic && if (access_scheme == CookieAccessScheme::kNonCryptographic &&
cookie_access_delegate() && delegate_treats_url_as_trustworthy) {
cookie_access_delegate()->ShouldTreatUrlAsTrustworthy(source_url)) {
access_scheme = CookieAccessScheme::kTrustworthy; access_scheme = CookieAccessScheme::kTrustworthy;
} }
...@@ -1227,8 +1229,11 @@ void CookieMonster::SetCanonicalCookie(std::unique_ptr<CanonicalCookie> cc, ...@@ -1227,8 +1229,11 @@ void CookieMonster::SetCanonicalCookie(std::unique_ptr<CanonicalCookie> cc,
const std::string key(GetKey(cc->Domain())); const std::string key(GetKey(cc->Domain()));
cc->IsSetPermittedInContext(options, GetAccessSemanticsForCookie(*cc), cc->IsSetPermittedInContext(
&access_result); options,
CookieAccessParams(GetAccessSemanticsForCookie(*cc),
delegate_treats_url_as_trustworthy),
&access_result);
base::Time creation_date = cc->CreationDate(); base::Time creation_date = cc->CreationDate();
if (creation_date.is_null()) { if (creation_date.is_null()) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment