diff options
author | abarth@chromium.org <abarth@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-05-08 20:55:08 +0000 |
---|---|---|
committer | abarth@chromium.org <abarth@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-05-08 20:55:08 +0000 |
commit | 8da62399aa12530f7671eba3340b18aab9f659be (patch) | |
tree | 699688b99672b3e81f85cacf692eb2d1f33efeec | |
parent | a2176798cd1bd8a69b4bb8fd5b94e13423a3a345 (diff) | |
download | chromium_src-8da62399aa12530f7671eba3340b18aab9f659be.zip chromium_src-8da62399aa12530f7671eba3340b18aab9f659be.tar.gz chromium_src-8da62399aa12530f7671eba3340b18aab9f659be.tar.bz2 |
Add a command-line flag for MAC cookies.
Currently, this flag isn't wired up to anything yet. That will come in
http://codereview.chromium.org/6901147/.
Review URL: http://codereview.chromium.org/6953012
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@84591 0039d316-1c4b-4281-b951-d872f2087c98
-rw-r--r-- | chrome/browser/browser_main.cc | 9 | ||||
-rw-r--r-- | chrome/common/chrome_switches.cc | 5 | ||||
-rw-r--r-- | chrome/common/chrome_switches.h | 1 | ||||
-rw-r--r-- | net/url_request/url_request.cc | 11 | ||||
-rw-r--r-- | net/url_request/url_request.h | 6 |
5 files changed, 29 insertions, 3 deletions
diff --git a/chrome/browser/browser_main.cc b/chrome/browser/browser_main.cc index 8b28a2c..274cd00 100644 --- a/chrome/browser/browser_main.cc +++ b/chrome/browser/browser_main.cc @@ -236,6 +236,8 @@ void BrowserMainParts::EarlyInitialization() { net::SSLConfigService::EnableDNSCertProvenanceChecking(); } + // TODO(abarth): Should this move to InitializeNetworkOptions? This doesn't + // seem dependent on InitializeSSL(). if (parsed_command_line().HasSwitch(switches::kEnableTcpFastOpen)) net::set_tcp_fastopen_enabled(true); @@ -619,6 +621,9 @@ void InitializeNetworkOptions(const CommandLine& parsed_command_line) { net::CookieMonster::EnableFileScheme(); } + if (parsed_command_line.HasSwitch(switches::kEnableMacCookies)) + net::URLRequest::EnableMacCookies(); + if (parsed_command_line.HasSwitch(switches::kIgnoreCertificateErrors)) net::HttpStreamFactory::set_ignore_certificate_errors(true); @@ -1473,10 +1478,10 @@ int BrowserMain(const MainFunctionParams& parameters) { // notification it needs to track the logged in user. g_browser_process->profile_manager(); + // TODO(abarth): Should this move to InitializeNetworkOptions()? // Allow access to file:// on ChromeOS for tests. - if (parsed_command_line.HasSwitch(switches::kAllowFileAccess)) { + if (parsed_command_line.HasSwitch(switches::kAllowFileAccess)) net::URLRequest::AllowFileAccess(); - } // There are two use cases for kLoginUser: // 1) if passed in tandem with kLoginPassword, to drive a "StubLogin" diff --git a/chrome/common/chrome_switches.cc b/chrome/common/chrome_switches.cc index f259cd1..1fe8c98 100644 --- a/chrome/common/chrome_switches.cc +++ b/chrome/common/chrome_switches.cc @@ -443,6 +443,11 @@ const char kEnableIPCFuzzing[] = "enable-ipc-fuzzing"; // attempt to use the existing connection. const char kEnableIPPooling[] = "enable-ip-pooling"; +// Enables MAC cookies in the network stack. These cookies use HMAC to +// protect session state from passive network attackers. +// http://tools.ietf.org/html/draft-hammer-oauth-v2-mac-token +const char kEnableMacCookies[] = "enable-mac-cookies"; + // Allows reporting memory info (JS heap size) to page. const char kEnableMemoryInfo[] = "enable-memory-info"; diff --git a/chrome/common/chrome_switches.h b/chrome/common/chrome_switches.h index 69b55ff..88caefa 100644 --- a/chrome/common/chrome_switches.h +++ b/chrome/common/chrome_switches.h @@ -133,6 +133,7 @@ extern const char kEnableInBrowserThumbnailing[]; extern const char kEnableIPv6[]; extern const char kEnableIPCFuzzing[]; extern const char kEnableIPPooling[]; +extern const char kEnableMacCookies[]; extern const char kEnableMemoryInfo[]; extern const char kEnableNaCl[]; extern const char kEnableNaClDebug[]; diff --git a/net/url_request/url_request.cc b/net/url_request/url_request.cc index d1d46bfb..cb6a4ed 100644 --- a/net/url_request/url_request.cc +++ b/net/url_request/url_request.cc @@ -32,6 +32,8 @@ namespace net { namespace { +static bool g_mac_cookies_enabled = false; + // Max number of http redirects to follow. Same number as gecko. const int kMaxRedirects = 20; @@ -328,6 +330,15 @@ bool URLRequest::IsFileAccessAllowed() { return URLRequestJobManager::GetInstance()->enable_file_access(); } +// static +void URLRequest::EnableMacCookies() { + g_mac_cookies_enabled = true; +} + +// static +bool URLRequest::AreMacCookiesEnabled() { + return g_mac_cookies_enabled; +} void URLRequest::set_first_party_for_cookies( const GURL& first_party_for_cookies) { diff --git a/net/url_request/url_request.h b/net/url_request/url_request.h index 1971426..80f1edd 100644 --- a/net/url_request/url_request.h +++ b/net/url_request/url_request.h @@ -270,6 +270,10 @@ class URLRequest : public base::NonThreadSafe { static void AllowFileAccess(); static bool IsFileAccessAllowed(); + // See switches::kEnableMacCookies. + static void EnableMacCookies(); + static bool AreMacCookiesEnabled(); + // The original url is the url used to initialize the request, and it may // differ from the url if the request was redirected. const GURL& original_url() const { return url_chain_.front(); } @@ -281,7 +285,7 @@ class URLRequest : public base::NonThreadSafe { // The URL that should be consulted for the third-party cookie blocking // policy. const GURL& first_party_for_cookies() const { - return first_party_for_cookies_; + return first_party_for_cookies_; } // This method may be called before Start() or FollowDeferredRedirect() is // called. |