summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorabarth@chromium.org <abarth@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2011-05-08 20:55:08 +0000
committerabarth@chromium.org <abarth@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2011-05-08 20:55:08 +0000
commit8da62399aa12530f7671eba3340b18aab9f659be (patch)
tree699688b99672b3e81f85cacf692eb2d1f33efeec
parenta2176798cd1bd8a69b4bb8fd5b94e13423a3a345 (diff)
downloadchromium_src-8da62399aa12530f7671eba3340b18aab9f659be.zip
chromium_src-8da62399aa12530f7671eba3340b18aab9f659be.tar.gz
chromium_src-8da62399aa12530f7671eba3340b18aab9f659be.tar.bz2
Add a command-line flag for MAC cookies.
Currently, this flag isn't wired up to anything yet. That will come in http://codereview.chromium.org/6901147/. Review URL: http://codereview.chromium.org/6953012 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@84591 0039d316-1c4b-4281-b951-d872f2087c98
-rw-r--r--chrome/browser/browser_main.cc9
-rw-r--r--chrome/common/chrome_switches.cc5
-rw-r--r--chrome/common/chrome_switches.h1
-rw-r--r--net/url_request/url_request.cc11
-rw-r--r--net/url_request/url_request.h6
5 files changed, 29 insertions, 3 deletions
diff --git a/chrome/browser/browser_main.cc b/chrome/browser/browser_main.cc
index 8b28a2c..274cd00 100644
--- a/chrome/browser/browser_main.cc
+++ b/chrome/browser/browser_main.cc
@@ -236,6 +236,8 @@ void BrowserMainParts::EarlyInitialization() {
net::SSLConfigService::EnableDNSCertProvenanceChecking();
}
+ // TODO(abarth): Should this move to InitializeNetworkOptions? This doesn't
+ // seem dependent on InitializeSSL().
if (parsed_command_line().HasSwitch(switches::kEnableTcpFastOpen))
net::set_tcp_fastopen_enabled(true);
@@ -619,6 +621,9 @@ void InitializeNetworkOptions(const CommandLine& parsed_command_line) {
net::CookieMonster::EnableFileScheme();
}
+ if (parsed_command_line.HasSwitch(switches::kEnableMacCookies))
+ net::URLRequest::EnableMacCookies();
+
if (parsed_command_line.HasSwitch(switches::kIgnoreCertificateErrors))
net::HttpStreamFactory::set_ignore_certificate_errors(true);
@@ -1473,10 +1478,10 @@ int BrowserMain(const MainFunctionParams& parameters) {
// notification it needs to track the logged in user.
g_browser_process->profile_manager();
+ // TODO(abarth): Should this move to InitializeNetworkOptions()?
// Allow access to file:// on ChromeOS for tests.
- if (parsed_command_line.HasSwitch(switches::kAllowFileAccess)) {
+ if (parsed_command_line.HasSwitch(switches::kAllowFileAccess))
net::URLRequest::AllowFileAccess();
- }
// There are two use cases for kLoginUser:
// 1) if passed in tandem with kLoginPassword, to drive a "StubLogin"
diff --git a/chrome/common/chrome_switches.cc b/chrome/common/chrome_switches.cc
index f259cd1..1fe8c98 100644
--- a/chrome/common/chrome_switches.cc
+++ b/chrome/common/chrome_switches.cc
@@ -443,6 +443,11 @@ const char kEnableIPCFuzzing[] = "enable-ipc-fuzzing";
// attempt to use the existing connection.
const char kEnableIPPooling[] = "enable-ip-pooling";
+// Enables MAC cookies in the network stack. These cookies use HMAC to
+// protect session state from passive network attackers.
+// http://tools.ietf.org/html/draft-hammer-oauth-v2-mac-token
+const char kEnableMacCookies[] = "enable-mac-cookies";
+
// Allows reporting memory info (JS heap size) to page.
const char kEnableMemoryInfo[] = "enable-memory-info";
diff --git a/chrome/common/chrome_switches.h b/chrome/common/chrome_switches.h
index 69b55ff..88caefa 100644
--- a/chrome/common/chrome_switches.h
+++ b/chrome/common/chrome_switches.h
@@ -133,6 +133,7 @@ extern const char kEnableInBrowserThumbnailing[];
extern const char kEnableIPv6[];
extern const char kEnableIPCFuzzing[];
extern const char kEnableIPPooling[];
+extern const char kEnableMacCookies[];
extern const char kEnableMemoryInfo[];
extern const char kEnableNaCl[];
extern const char kEnableNaClDebug[];
diff --git a/net/url_request/url_request.cc b/net/url_request/url_request.cc
index d1d46bfb..cb6a4ed 100644
--- a/net/url_request/url_request.cc
+++ b/net/url_request/url_request.cc
@@ -32,6 +32,8 @@ namespace net {
namespace {
+static bool g_mac_cookies_enabled = false;
+
// Max number of http redirects to follow. Same number as gecko.
const int kMaxRedirects = 20;
@@ -328,6 +330,15 @@ bool URLRequest::IsFileAccessAllowed() {
return URLRequestJobManager::GetInstance()->enable_file_access();
}
+// static
+void URLRequest::EnableMacCookies() {
+ g_mac_cookies_enabled = true;
+}
+
+// static
+bool URLRequest::AreMacCookiesEnabled() {
+ return g_mac_cookies_enabled;
+}
void URLRequest::set_first_party_for_cookies(
const GURL& first_party_for_cookies) {
diff --git a/net/url_request/url_request.h b/net/url_request/url_request.h
index 1971426..80f1edd 100644
--- a/net/url_request/url_request.h
+++ b/net/url_request/url_request.h
@@ -270,6 +270,10 @@ class URLRequest : public base::NonThreadSafe {
static void AllowFileAccess();
static bool IsFileAccessAllowed();
+ // See switches::kEnableMacCookies.
+ static void EnableMacCookies();
+ static bool AreMacCookiesEnabled();
+
// The original url is the url used to initialize the request, and it may
// differ from the url if the request was redirected.
const GURL& original_url() const { return url_chain_.front(); }
@@ -281,7 +285,7 @@ class URLRequest : public base::NonThreadSafe {
// The URL that should be consulted for the third-party cookie blocking
// policy.
const GURL& first_party_for_cookies() const {
- return first_party_for_cookies_;
+ return first_party_for_cookies_;
}
// This method may be called before Start() or FollowDeferredRedirect() is
// called.