diff options
| author | jochen@chromium.org <jochen@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-01-12 08:47:57 +0000 |
|---|---|---|
| committer | jochen@chromium.org <jochen@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-01-12 08:47:57 +0000 |
| commit | 4c6452d27812f765c27aefb673eee90a17edbb82 (patch) | |
| tree | 3e61dc8e740278a4b2a140102b4895203508b846 | |
| parent | 6340f49d48a13c600319fc60f774f5ad6e3103e8 (diff) | |
| download | chromium_src-4c6452d27812f765c27aefb673eee90a17edbb82.zip chromium_src-4c6452d27812f765c27aefb673eee90a17edbb82.tar.gz chromium_src-4c6452d27812f765c27aefb673eee90a17edbb82.tar.bz2 | |
Clarify wording around blocking 3rd party cookies and add lab to block reading of 3rd party cookies
BUG=69066
TEST=net_unittests
Review URL: http://codereview.chromium.org/6207005
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@71148 0039d316-1c4b-4281-b951-d872f2087c98
| -rw-r--r-- | chrome/app/generated_resources.grd | 8 | ||||
| -rw-r--r-- | chrome/browser/about_flags.cc | 7 | ||||
| -rw-r--r-- | chrome/browser/content_settings/host_content_settings_map.cc | 2 | ||||
| -rw-r--r-- | chrome/browser/net/chrome_cookie_policy.cc | 14 | ||||
| -rw-r--r-- | chrome/browser/net/chrome_cookie_policy.h | 7 | ||||
| -rw-r--r-- | chrome/common/chrome_switches.cc | 5 | ||||
| -rw-r--r-- | chrome/common/chrome_switches.h | 1 | ||||
| -rw-r--r-- | net/base/static_cookie_policy.cc | 11 | ||||
| -rw-r--r-- | net/base/static_cookie_policy.h | 13 | ||||
| -rw-r--r-- | net/base/static_cookie_policy_unittest.cc | 20 | ||||
| -rw-r--r-- | webkit/tools/test_shell/simple_resource_loader_bridge.cc | 2 |
11 files changed, 74 insertions, 16 deletions
diff --git a/chrome/app/generated_resources.grd b/chrome/app/generated_resources.grd index d55b71e..0bf1ea4 100644 --- a/chrome/app/generated_resources.grd +++ b/chrome/app/generated_resources.grd @@ -4222,6 +4222,12 @@ Keep your key file in a safe place. You will need it to create new versions of y <message name="IDS_FLAGS_EXPERIMENTAL_LOCATION_FEATURES_DESCRIPTION" desc="Description of the 'Enable experimental location features' lab."> Enables experimental extensions to the geolocation feature. Includes using operating system location APIs (where available), and sending additional local network configuration data to the Google location service to provide higher accuracy positioning. </message> + <message name="IDS_FLAGS_BLOCK_ALL_THIRD_PARTY_COOKIES_NAME" desc="Name of the 'Block all third-party cookies' lab."> + Block all third-party cookies + </message> + <message name="IDS_FLAGS_BLOCK_ALL_THIRD_PARTY_COOKIES_DESCRIPTION" desc="Description of the 'Block all third-party cookies' lab."> + When the option to block third-party cookies from being set is enabled, also block third-party cookies from being read. + </message> <!-- Instant --> <message name="IDS_INSTANT_OPT_IN_ENABLE" desc="Button shown in the omnibox dropdown for enabling instant"> @@ -5195,7 +5201,7 @@ Keep your key file in a safe place. You will need it to create new versions of y Exceptions... </message> <message name="IDS_COOKIES_BLOCK_3RDPARTY_CHKBOX" desc="A checkbox in the Content Settings dialog for blocking all 3rd party cookies."> - Block all third-party cookies without exception + Ignore exceptions and block third-party cookies from being set </message> <!-- Mac users do not close their browser; they quit it. --> diff --git a/chrome/browser/about_flags.cc b/chrome/browser/about_flags.cc index 9caa41c..44ac3e4 100644 --- a/chrome/browser/about_flags.cc +++ b/chrome/browser/about_flags.cc @@ -273,6 +273,13 @@ const Experiment kExperiments[] = { kOsWin | kOsLinux, SINGLE_VALUE_TYPE(switches::kInstantAutocompleteImmediately) }, + { + "block-reading-third-party-cookies", + IDS_FLAGS_BLOCK_ALL_THIRD_PARTY_COOKIES_NAME, + IDS_FLAGS_BLOCK_ALL_THIRD_PARTY_COOKIES_DESCRIPTION, + kOsAll, + SINGLE_VALUE_TYPE(switches::kBlockReadingThirdPartyCookies) + }, }; const Experiment* experiments = kExperiments; diff --git a/chrome/browser/content_settings/host_content_settings_map.cc b/chrome/browser/content_settings/host_content_settings_map.cc index 7de7a80..133e66f 100644 --- a/chrome/browser/content_settings/host_content_settings_map.cc +++ b/chrome/browser/content_settings/host_content_settings_map.cc @@ -884,7 +884,7 @@ void HostContentSettingsMap::MigrateObsoleteCookiePref(PrefService* prefs) { } if (!prefs->HasPrefPath(prefs::kBlockThirdPartyCookies)) { SetBlockThirdPartyCookies(cookie_behavior == - net::StaticCookiePolicy::BLOCK_THIRD_PARTY_COOKIES); + net::StaticCookiePolicy::BLOCK_SETTING_THIRD_PARTY_COOKIES); } } } diff --git a/chrome/browser/net/chrome_cookie_policy.cc b/chrome/browser/net/chrome_cookie_policy.cc index 88ff606..dbd74d4 100644 --- a/chrome/browser/net/chrome_cookie_policy.cc +++ b/chrome/browser/net/chrome_cookie_policy.cc @@ -4,10 +4,12 @@ #include "chrome/browser/net/chrome_cookie_policy.h" +#include "base/command_line.h" #include "base/string_util.h" #include "chrome/browser/browser_list.h" #include "chrome/browser/browser_thread.h" #include "chrome/browser/content_settings/host_content_settings_map.h" +#include "chrome/common/chrome_switches.h" #include "net/base/net_errors.h" #include "net/base/static_cookie_policy.h" @@ -20,6 +22,8 @@ static const size_t kMaxCompletionsPerHost = 10000; ChromeCookiePolicy::ChromeCookiePolicy(HostContentSettingsMap* map) : host_content_settings_map_(map) { + strict_third_party_blocking_ = CommandLine::ForCurrentProcess()->HasSwitch( + switches::kBlockReadingThirdPartyCookies); } ChromeCookiePolicy::~ChromeCookiePolicy() { @@ -32,8 +36,9 @@ int ChromeCookiePolicy::CanGetCookies(const GURL& url, DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); if (host_content_settings_map_->BlockThirdPartyCookies()) { - net::StaticCookiePolicy policy( - net::StaticCookiePolicy::BLOCK_THIRD_PARTY_COOKIES); + net::StaticCookiePolicy policy(strict_third_party_blocking_ ? + net::StaticCookiePolicy::BLOCK_ALL_THIRD_PARTY_COOKIES : + net::StaticCookiePolicy::BLOCK_SETTING_THIRD_PARTY_COOKIES); int rv = policy.CanGetCookies(url, first_party, NULL); if (rv != net::OK) return rv; @@ -69,8 +74,9 @@ int ChromeCookiePolicy::CanSetCookie(const GURL& url, DCHECK(BrowserThread::CurrentlyOn(BrowserThread::IO)); if (host_content_settings_map_->BlockThirdPartyCookies()) { - net::StaticCookiePolicy policy( - net::StaticCookiePolicy::BLOCK_THIRD_PARTY_COOKIES); + net::StaticCookiePolicy policy(strict_third_party_blocking_ ? + net::StaticCookiePolicy::BLOCK_ALL_THIRD_PARTY_COOKIES : + net::StaticCookiePolicy::BLOCK_SETTING_THIRD_PARTY_COOKIES); int rv = policy.CanSetCookie(url, first_party, cookie_line, NULL); if (rv != net::OK) return rv; diff --git a/chrome/browser/net/chrome_cookie_policy.h b/chrome/browser/net/chrome_cookie_policy.h index ea63e6b..0e53d65 100644 --- a/chrome/browser/net/chrome_cookie_policy.h +++ b/chrome/browser/net/chrome_cookie_policy.h @@ -28,7 +28,7 @@ class ChromeCookiePolicy public net::CookiePolicy { public: explicit ChromeCookiePolicy(HostContentSettingsMap* map); - ~ChromeCookiePolicy(); + virtual ~ChromeCookiePolicy(); // CookiePolicy methods: virtual int CanGetCookies(const GURL& url, const GURL& first_party, @@ -70,6 +70,11 @@ class ChromeCookiePolicy HostCompletionsMap host_completions_map_; scoped_refptr<HostContentSettingsMap> host_content_settings_map_; + + // True if blocking third-party cookies also applies to reading them. + bool strict_third_party_blocking_; + + DISALLOW_COPY_AND_ASSIGN(ChromeCookiePolicy); }; #endif // CHROME_BROWSER_NET_CHROME_COOKIE_POLICY_H_ diff --git a/chrome/common/chrome_switches.cc b/chrome/common/chrome_switches.cc index fa39677..ec029c6 100644 --- a/chrome/common/chrome_switches.cc +++ b/chrome/common/chrome_switches.cc @@ -87,6 +87,11 @@ const char kAuthServerWhitelist[] = "auth-server-whitelist"; // automation-related messages on IPC channel with the given ID. const char kAutomationClientChannelID[] = "automation-channel"; +// When the option to block third-party cookies from being set is enabled, +// also block third-party cookies from being read. +const char kBlockReadingThirdPartyCookies[] = + "block-reading-third-party-cookies"; + // Causes the browser process to throw an assertion on startup. const char kBrowserAssertTest[] = "assert-test"; diff --git a/chrome/common/chrome_switches.h b/chrome/common/chrome_switches.h index 1e92060..71274ae 100644 --- a/chrome/common/chrome_switches.h +++ b/chrome/common/chrome_switches.h @@ -38,6 +38,7 @@ extern const char kAuthNegotiateDelegateWhitelist[]; extern const char kAuthSchemes[]; extern const char kAuthServerWhitelist[]; extern const char kAutomationClientChannelID[]; +extern const char kBlockReadingThirdPartyCookies[]; extern const char kBrowserAssertTest[]; extern const char kBrowserCrashTest[]; extern const char kBrowserSubprocessPath[]; diff --git a/net/base/static_cookie_policy.cc b/net/base/static_cookie_policy.cc index 0ff6ead..19e0a16 100644 --- a/net/base/static_cookie_policy.cc +++ b/net/base/static_cookie_policy.cc @@ -16,9 +16,13 @@ int StaticCookiePolicy::CanGetCookies(const GURL& url, CompletionCallback* callback) { switch (type_) { case StaticCookiePolicy::ALLOW_ALL_COOKIES: + case StaticCookiePolicy::BLOCK_SETTING_THIRD_PARTY_COOKIES: return OK; - case StaticCookiePolicy::BLOCK_THIRD_PARTY_COOKIES: - return OK; + case StaticCookiePolicy::BLOCK_ALL_THIRD_PARTY_COOKIES: + if (first_party_for_cookies.is_empty()) + return OK; // Empty first-party URL indicates a first-party request. + return RegistryControlledDomainService::SameDomainOrHost( + url, first_party_for_cookies) ? OK : ERR_ACCESS_DENIED; case StaticCookiePolicy::BLOCK_ALL_COOKIES: return ERR_ACCESS_DENIED; default: @@ -34,7 +38,8 @@ int StaticCookiePolicy::CanSetCookie(const GURL& url, switch (type_) { case StaticCookiePolicy::ALLOW_ALL_COOKIES: return OK; - case StaticCookiePolicy::BLOCK_THIRD_PARTY_COOKIES: + case StaticCookiePolicy::BLOCK_SETTING_THIRD_PARTY_COOKIES: + case StaticCookiePolicy::BLOCK_ALL_THIRD_PARTY_COOKIES: if (first_party_for_cookies.is_empty()) return OK; // Empty first-party URL indicates a first-party request. return RegistryControlledDomainService::SameDomainOrHost( diff --git a/net/base/static_cookie_policy.h b/net/base/static_cookie_policy.h index 4633161..815aadc 100644 --- a/net/base/static_cookie_policy.h +++ b/net/base/static_cookie_policy.h @@ -23,10 +23,17 @@ namespace net { // class StaticCookiePolicy : public CookiePolicy { public: + // Do not change the order of these types as they are persisted in + // preferences. enum Type { - ALLOW_ALL_COOKIES = 0, // Do not perform any cookie blocking. - BLOCK_THIRD_PARTY_COOKIES, // Prevent third-party cookies from being set. - BLOCK_ALL_COOKIES // Disable cookies. + // Do not perform any cookie blocking. + ALLOW_ALL_COOKIES = 0, + // Prevent only third-party cookies from being set. + BLOCK_SETTING_THIRD_PARTY_COOKIES, + // Block all cookies (third-party or not) from begin set or read. + BLOCK_ALL_COOKIES, + // Prevent only third-party cookies from being set or read. + BLOCK_ALL_THIRD_PARTY_COOKIES }; StaticCookiePolicy() diff --git a/net/base/static_cookie_policy_unittest.cc b/net/base/static_cookie_policy_unittest.cc index 35c1a82..57dc4fa 100644 --- a/net/base/static_cookie_policy_unittest.cc +++ b/net/base/static_cookie_policy_unittest.cc @@ -62,8 +62,8 @@ TEST_F(StaticCookiePolicyTest, AllowAllCookiesTest) { EXPECT_EQ(net::OK, CanSetCookie(url_google_, GURL())); } -TEST_F(StaticCookiePolicyTest, BlockThirdPartyCookiesTest) { - SetPolicyType(net::StaticCookiePolicy::BLOCK_THIRD_PARTY_COOKIES); +TEST_F(StaticCookiePolicyTest, BlockSettingThirdPartyCookiesTest) { + SetPolicyType(net::StaticCookiePolicy::BLOCK_SETTING_THIRD_PARTY_COOKIES); EXPECT_EQ(net::OK, CanGetCookies(url_google_, url_google_)); EXPECT_EQ(net::OK, CanGetCookies(url_google_, url_google_secure_)); @@ -78,6 +78,22 @@ TEST_F(StaticCookiePolicyTest, BlockThirdPartyCookiesTest) { EXPECT_EQ(net::OK, CanSetCookie(url_google_, GURL())); } +TEST_F(StaticCookiePolicyTest, BlockAllThirdPartyCookiesTest) { + SetPolicyType(net::StaticCookiePolicy::BLOCK_ALL_THIRD_PARTY_COOKIES); + + EXPECT_EQ(net::OK, CanGetCookies(url_google_, url_google_)); + EXPECT_EQ(net::OK, CanGetCookies(url_google_, url_google_secure_)); + EXPECT_EQ(net::OK, CanGetCookies(url_google_, url_google_mail_)); + EXPECT_NE(net::OK, CanGetCookies(url_google_, url_google_analytics_)); + EXPECT_EQ(net::OK, CanGetCookies(url_google_, GURL())); + + EXPECT_EQ(net::OK, CanSetCookie(url_google_, url_google_)); + EXPECT_EQ(net::OK, CanSetCookie(url_google_, url_google_secure_)); + EXPECT_EQ(net::OK, CanSetCookie(url_google_, url_google_mail_)); + EXPECT_NE(net::OK, CanSetCookie(url_google_, url_google_analytics_)); + EXPECT_EQ(net::OK, CanSetCookie(url_google_, GURL())); +} + TEST_F(StaticCookiePolicyTest, BlockAllCookiesTest) { SetPolicyType(net::StaticCookiePolicy::BLOCK_ALL_COOKIES); diff --git a/webkit/tools/test_shell/simple_resource_loader_bridge.cc b/webkit/tools/test_shell/simple_resource_loader_bridge.cc index 14171a4..e0348ff 100644 --- a/webkit/tools/test_shell/simple_resource_loader_bridge.cc +++ b/webkit/tools/test_shell/simple_resource_loader_bridge.cc @@ -166,7 +166,7 @@ class IOThread : public base::Thread { void SetAcceptAllCookies(bool accept_all_cookies) { StaticCookiePolicy::Type policy_type = accept_all_cookies ? StaticCookiePolicy::ALLOW_ALL_COOKIES : - StaticCookiePolicy::BLOCK_THIRD_PARTY_COOKIES; + StaticCookiePolicy::BLOCK_SETTING_THIRD_PARTY_COOKIES; static_cast<StaticCookiePolicy*>(g_request_context->cookie_policy())-> set_type(policy_type); } |