diff options
| author | mkwst <mkwst@chromium.org> | 2016-03-15 03:07:52 -0700 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2016-03-15 10:09:31 +0000 |
| commit | e1a295845cbc338a564dc04e6e3e69b29ba7862f (patch) | |
| tree | 00535f752a8faa939a4d646ca0215423e93e8ee6 | |
| parent | 752434c777d2e7b445e37629bf89ecc7c38c7c5c (diff) | |
| download | chromium_src-e1a295845cbc338a564dc04e6e3e69b29ba7862f.zip chromium_src-e1a295845cbc338a564dc04e6e3e69b29ba7862f.tar.gz chromium_src-e1a295845cbc338a564dc04e6e3e69b29ba7862f.tar.bz2 | |
SameSite: Implement 'Strict'/'Lax' attribute parsing.
https://tools.ietf.org/html/draft-west-first-party-cookies-06 introduced
the notion of "Strict" or "Lax" enforcement of the "SameSite" attribute.
This patch implements the infrastructure changes necessary to support
that distinction, but does not yet implement the behavioral change
(that is, after this patch, `SameSite` will be rejected, while
`SameSite=Strict` and `SameSite=Lax` will have the same behavior that
`SameSite` alone has today).
Most of this patch is occupied with the fairly mechanical process of
swapping out a new 'CookieSameSite' enum for the existing boolean in
various constructors and setters. The most interesting piece is the
change to the storage backend, which now stores 0, 1, or 2 in the
database to represent the possible values, rather than 0 or 1 to
represent the boolean.
BUG=459154
Review URL: https://codereview.chromium.org/1773133002
Cr-Commit-Position: refs/heads/master@{#381201}
37 files changed, 467 insertions, 302 deletions
diff --git a/android_webview/browser/net/aw_cookie_store_wrapper.cc b/android_webview/browser/net/aw_cookie_store_wrapper.cc index 16f55dd..f726448 100644 --- a/android_webview/browser/net/aw_cookie_store_wrapper.cc +++ b/android_webview/browser/net/aw_cookie_store_wrapper.cc @@ -118,7 +118,7 @@ void SetCookieWithDetailsAsyncOnCookieThread( base::Time last_access_time, bool secure, bool http_only, - bool same_site, + net::CookieSameSite same_site, bool enforce_strict_secure, net::CookiePriority priority, const net::CookieStore::SetCookiesCallback& callback) { @@ -219,7 +219,7 @@ void AwCookieStoreWrapper::SetCookieWithDetailsAsync( base::Time last_access_time, bool secure, bool http_only, - bool same_site, + net::CookieSameSite same_site, bool enforce_strict_secure, net::CookiePriority priority, const SetCookiesCallback& callback) { diff --git a/android_webview/browser/net/aw_cookie_store_wrapper.h b/android_webview/browser/net/aw_cookie_store_wrapper.h index 2272c4d1..a5bbf1a 100644 --- a/android_webview/browser/net/aw_cookie_store_wrapper.h +++ b/android_webview/browser/net/aw_cookie_store_wrapper.h @@ -52,7 +52,7 @@ class AwCookieStoreWrapper : public net::CookieStore { base::Time last_access_time, bool secure, bool http_only, - bool same_site, + net::CookieSameSite same_site, bool enforce_strict_secure, net::CookiePriority priority, const SetCookiesCallback& callback) override; diff --git a/chrome/browser/android/cookies/cookies_fetcher.cc b/chrome/browser/android/cookies/cookies_fetcher.cc index b419a48..4a1455d 100644 --- a/chrome/browser/android/cookies/cookies_fetcher.cc +++ b/chrome/browser/android/cookies/cookies_fetcher.cc @@ -85,7 +85,7 @@ void CookiesFetcher::OnCookiesFetchFinished(const net::CookieList& cookies) { base::android::ConvertUTF8ToJavaString(env, i->Path()).obj(), i->CreationDate().ToInternalValue(), i->ExpiryDate().ToInternalValue(), i->LastAccessDate().ToInternalValue(), i->IsSecure(), i->IsHttpOnly(), - i->IsSameSite(), i->Priority()); + static_cast<int>(i->SameSite()), i->Priority()); env->SetObjectArrayElement(joa.obj(), index++, java_cookie.obj()); } @@ -107,7 +107,7 @@ void CookiesFetcher::RestoreCookies(JNIEnv* env, int64_t last_access, bool secure, bool httponly, - bool same_site, + int same_site, int priority) { Profile* profile = ProfileManager::GetPrimaryUserProfile(); if (!profile->HasOffTheRecordProfile()) { @@ -126,7 +126,8 @@ void CookiesFetcher::RestoreCookies(JNIEnv* env, base::android::ConvertJavaStringToUTF8(env, path), base::Time::FromInternalValue(creation), base::Time::FromInternalValue(expiration), - base::Time::FromInternalValue(last_access), secure, httponly, same_site, + base::Time::FromInternalValue(last_access), secure, httponly, + static_cast<net::CookieSameSite>(same_site), static_cast<net::CookiePriority>(priority)); // The rest must be done from the IO thread. @@ -162,7 +163,7 @@ void CookiesFetcher::RestoreToCookieJarInternal( store->SetCookieWithDetailsAsync( cookie.Source(), cookie.Name(), cookie.Value(), cookie.Domain(), cookie.Path(), base::Time(), cookie.ExpiryDate(), cookie.LastAccessDate(), - cookie.IsSecure(), cookie.IsHttpOnly(), cookie.IsSameSite(), + cookie.IsSecure(), cookie.IsHttpOnly(), cookie.SameSite(), experimental_features_enabled, cookie.Priority(), cb); } diff --git a/chrome/browser/android/cookies/cookies_fetcher.h b/chrome/browser/android/cookies/cookies_fetcher.h index 32cf204..9b4108e 100644 --- a/chrome/browser/android/cookies/cookies_fetcher.h +++ b/chrome/browser/android/cookies/cookies_fetcher.h @@ -50,7 +50,7 @@ class CookiesFetcher { int64_t last_access, bool secure, bool httponly, - bool firstpartyonly, + int samesite, int priority); private: diff --git a/chrome/browser/browsing_data/cookies_tree_model.cc b/chrome/browser/browsing_data/cookies_tree_model.cc index 79befce..a904d1b 100644 --- a/chrome/browser/browsing_data/cookies_tree_model.cc +++ b/chrome/browser/browsing_data/cookies_tree_model.cc @@ -993,11 +993,11 @@ CookiesTreeModel::~CookiesTreeModel() { // static int CookiesTreeModel::GetSendForMessageID(const net::CanonicalCookie& cookie) { if (cookie.IsSecure()) { - if (cookie.IsSameSite()) + if (cookie.SameSite() != net::CookieSameSite::NO_RESTRICTION) return IDS_COOKIES_COOKIE_SENDFOR_SECURE_SAME_SITE; return IDS_COOKIES_COOKIE_SENDFOR_SECURE; } - if (cookie.IsSameSite()) + if (cookie.SameSite() != net::CookieSameSite::NO_RESTRICTION) return IDS_COOKIES_COOKIE_SENDFOR_SAME_SITE; return IDS_COOKIES_COOKIE_SENDFOR_ANY; } diff --git a/chrome/browser/chromeos/login/profile_auth_data.cc b/chrome/browser/chromeos/login/profile_auth_data.cc index 482988a..c66f2e8 100644 --- a/chrome/browser/chromeos/login/profile_auth_data.cc +++ b/chrome/browser/chromeos/login/profile_auth_data.cc @@ -50,7 +50,7 @@ void ImportCookies(const net::CookieList& cookies, cookie_store->SetCookieWithDetailsAsync( cookie.Source(), cookie.Name(), cookie.Value(), domain, cookie.Path(), cookie.CreationDate(), cookie.ExpiryDate(), cookie.LastAccessDate(), - cookie.IsSecure(), cookie.IsHttpOnly(), cookie.IsSameSite(), + cookie.IsSecure(), cookie.IsHttpOnly(), cookie.SameSite(), // enforce_strict_secure should have been applied on the original // cookie, prior to import. false, cookie.Priority(), net::CookieStore::SetCookiesCallback()); diff --git a/chrome/browser/chromeos/login/profile_auth_data_unittest.cc b/chrome/browser/chromeos/login/profile_auth_data_unittest.cc index 5626ad9..b4729554 100644 --- a/chrome/browser/chromeos/login/profile_auth_data_unittest.cc +++ b/chrome/browser/chromeos/login/profile_auth_data_unittest.cc @@ -221,12 +221,12 @@ void ProfileAuthDataTest::PopulateBrowserContext( cookies->SetCookieWithDetailsAsync( GURL(kSAMLIdPCookieURL), kCookieName, cookie_value, std::string(), std::string(), base::Time(), base::Time(), base::Time(), true, false, - false, false, net::COOKIE_PRIORITY_DEFAULT, + net::CookieSameSite::DEFAULT_MODE, false, net::COOKIE_PRIORITY_DEFAULT, net::CookieStore::SetCookiesCallback()); cookies->SetCookieWithDetailsAsync( GURL(kGAIACookieURL), kCookieName, cookie_value, std::string(), std::string(), base::Time(), base::Time(), base::Time(), true, false, - false, false, net::COOKIE_PRIORITY_DEFAULT, + net::CookieSameSite::DEFAULT_MODE, false, net::COOKIE_PRIORITY_DEFAULT, net::CookieStore::SetCookiesCallback()); GetChannelIDs(browser_context) diff --git a/chrome/browser/extensions/api/cookies/cookies_api.cc b/chrome/browser/extensions/api/cookies/cookies_api.cc index 7d3d1e0..06de160 100644 --- a/chrome/browser/extensions/api/cookies/cookies_api.cc +++ b/chrome/browser/extensions/api/cookies/cookies_api.cc @@ -395,9 +395,7 @@ void CookiesSetFunction::SetCookieOnIOThread() { : std::string(), parsed_args_->details.path.get() ? *parsed_args_->details.path : std::string(), - base::Time(), - expiration_time, - base::Time(), + base::Time(), expiration_time, base::Time(), parsed_args_->details.secure.get() ? *parsed_args_->details.secure.get() : false, parsed_args_->details.http_only.get() ? *parsed_args_->details.http_only @@ -405,8 +403,8 @@ void CookiesSetFunction::SetCookieOnIOThread() { // TODO(mkwst): If we decide to ship First-party-only cookies, we'll need // to extend the extension API to support them. For the moment, we'll set // all cookies as non-First-party-only. - false, are_experimental_cookie_features_enabled, - net::COOKIE_PRIORITY_DEFAULT, + net::CookieSameSite::DEFAULT_MODE, + are_experimental_cookie_features_enabled, net::COOKIE_PRIORITY_DEFAULT, base::Bind(&CookiesSetFunction::PullCookie, this)); } diff --git a/chrome/browser/extensions/api/cookies/cookies_unittest.cc b/chrome/browser/extensions/api/cookies/cookies_unittest.cc index ad3d8e9..41ee79b 100644 --- a/chrome/browser/extensions/api/cookies/cookies_unittest.cc +++ b/chrome/browser/extensions/api/cookies/cookies_unittest.cc @@ -85,7 +85,8 @@ TEST_F(ExtensionCookiesTest, StoreIdProfileConversion) { TEST_F(ExtensionCookiesTest, ExtensionTypeCreation) { net::CanonicalCookie canonical_cookie1( GURL(), "ABC", "DEF", "www.foobar.com", "/", base::Time(), base::Time(), - base::Time(), false, false, false, net::COOKIE_PRIORITY_DEFAULT); + base::Time(), false, false, net::CookieSameSite::DEFAULT_MODE, + net::COOKIE_PRIORITY_DEFAULT); scoped_ptr<Cookie> cookie1( cookies_helpers::CreateCookie( canonical_cookie1, "some cookie store")); @@ -102,8 +103,8 @@ TEST_F(ExtensionCookiesTest, ExtensionTypeCreation) { net::CanonicalCookie canonical_cookie2( GURL(), "ABC", "DEF", ".foobar.com", "/", base::Time(), - base::Time::FromDoubleT(10000), base::Time(), false, false, false, - net::COOKIE_PRIORITY_DEFAULT); + base::Time::FromDoubleT(10000), base::Time(), false, false, + net::CookieSameSite::DEFAULT_MODE, net::COOKIE_PRIORITY_DEFAULT); scoped_ptr<Cookie> cookie2( cookies_helpers::CreateCookie( canonical_cookie2, "some cookie store")); @@ -124,14 +125,16 @@ TEST_F(ExtensionCookiesTest, ExtensionTypeCreation) { TEST_F(ExtensionCookiesTest, GetURLFromCanonicalCookie) { net::CanonicalCookie cookie1(GURL(), "ABC", "DEF", "www.foobar.com", "/", base::Time(), base::Time(), base::Time(), false, - false, false, net::COOKIE_PRIORITY_DEFAULT); + false, net::CookieSameSite::DEFAULT_MODE, + net::COOKIE_PRIORITY_DEFAULT); EXPECT_EQ("http://www.foobar.com/", cookies_helpers::GetURLFromCanonicalCookie( cookie1).spec()); net::CanonicalCookie cookie2(GURL(), "ABC", "DEF", ".helloworld.com", "/", base::Time(), base::Time(), base::Time(), true, - false, false, net::COOKIE_PRIORITY_DEFAULT); + false, net::CookieSameSite::DEFAULT_MODE, + net::COOKIE_PRIORITY_DEFAULT); EXPECT_EQ("https://helloworld.com/", cookies_helpers::GetURLFromCanonicalCookie( cookie2).spec()); @@ -167,10 +170,10 @@ TEST_F(ExtensionCookiesTest, DomainMatching) { scoped_ptr<GetAll::Params> params(GetAll::Params::Create(args)); cookies_helpers::MatchFilter filter(¶ms->details); - net::CanonicalCookie cookie(GURL(), std::string(), std::string(), - tests[i].domain, std::string(), base::Time(), - base::Time(), base::Time(), false, false, false, - net::COOKIE_PRIORITY_DEFAULT); + net::CanonicalCookie cookie( + GURL(), std::string(), std::string(), tests[i].domain, std::string(), + base::Time(), base::Time(), base::Time(), false, false, + net::CookieSameSite::DEFAULT_MODE, net::COOKIE_PRIORITY_DEFAULT); EXPECT_EQ(tests[i].matches, filter.MatchesCookie(cookie)); } } @@ -178,8 +181,8 @@ TEST_F(ExtensionCookiesTest, DomainMatching) { TEST_F(ExtensionCookiesTest, DecodeUTF8WithErrorHandling) { net::CanonicalCookie canonical_cookie( GURL(), std::string(), "011Q255bNX_1!yd\203e+", "test.com", "/path\203", - base::Time(), base::Time(), base::Time(), false, false, false, - net::COOKIE_PRIORITY_DEFAULT); + base::Time(), base::Time(), base::Time(), false, false, + net::CookieSameSite::DEFAULT_MODE, net::COOKIE_PRIORITY_DEFAULT); scoped_ptr<Cookie> cookie( cookies_helpers::CreateCookie( canonical_cookie, "some cookie store")); diff --git a/components/signin/core/browser/gaia_cookie_manager_service.cc b/components/signin/core/browser/gaia_cookie_manager_service.cc index ecbad16..9ed3799 100644 --- a/components/signin/core/browser/gaia_cookie_manager_service.cc +++ b/components/signin/core/browser/gaia_cookie_manager_service.cc @@ -373,10 +373,10 @@ void GaiaCookieManagerService::TriggerListAccounts() { void GaiaCookieManagerService::ForceOnCookieChangedProcessing() { GURL google_url = GaiaUrls::GetInstance()->google_url(); - net::CanonicalCookie cookie(google_url, kGaiaCookieName, "", - google_url.host(), "", base::Time(), base::Time(), - base::Time(), false, false, false, - net::COOKIE_PRIORITY_DEFAULT); + net::CanonicalCookie cookie( + google_url, kGaiaCookieName, "", google_url.host(), "", base::Time(), + base::Time(), base::Time(), false, false, + net::CookieSameSite::DEFAULT_MODE, net::COOKIE_PRIORITY_DEFAULT); OnCookieChanged(cookie, true); } diff --git a/content/browser/net/quota_policy_cookie_store_unittest.cc b/content/browser/net/quota_policy_cookie_store_unittest.cc index ca33d6e..01db50f 100644 --- a/content/browser/net/quota_policy_cookie_store_unittest.cc +++ b/content/browser/net/quota_policy_cookie_store_unittest.cc @@ -96,10 +96,10 @@ class QuotaPolicyCookieStoreTest : public testing::Test { const std::string& domain, const std::string& path, const base::Time& creation) { - store_->AddCookie( - net::CanonicalCookie( - GURL(), name, value, domain, path, creation, creation, creation, - false, false, false, net::COOKIE_PRIORITY_DEFAULT)); + store_->AddCookie(net::CanonicalCookie( + GURL(), name, value, domain, path, creation, creation, creation, false, + false, net::CookieSameSite::DEFAULT_MODE, + net::COOKIE_PRIORITY_DEFAULT)); } void DestroyStore() { diff --git a/ios/net/cookies/cookie_cache_unittest.cc b/ios/net/cookies/cookie_cache_unittest.cc index 3aba46d..188d0bc 100644 --- a/ios/net/cookies/cookie_cache_unittest.cc +++ b/ios/net/cookies/cookie_cache_unittest.cc @@ -18,7 +18,8 @@ CanonicalCookie MakeCookie(const GURL& url, const std::string& name, const std::string& value) { return CanonicalCookie(url, name, value, url.host(), url.path(), base::Time(), - base::Time(), base::Time(), false, false, false, + base::Time(), base::Time(), false, false, + net::CookieSameSite::DEFAULT_MODE, net::COOKIE_PRIORITY_DEFAULT); } diff --git a/ios/net/cookies/cookie_store_ios.h b/ios/net/cookies/cookie_store_ios.h index c80e7d3e..4a08929 100644 --- a/ios/net/cookies/cookie_store_ios.h +++ b/ios/net/cookies/cookie_store_ios.h @@ -128,7 +128,7 @@ class CookieStoreIOS : public net::CookieStore, base::Time last_access_time, bool secure, bool http_only, - bool same_site, + CookieSameSite same_site, bool enforce_strict_secure, CookiePriority priority, const SetCookiesCallback& callback) override; diff --git a/ios/net/cookies/cookie_store_ios.mm b/ios/net/cookies/cookie_store_ios.mm index 32d760f..78fb510 100644 --- a/ios/net/cookies/cookie_store_ios.mm +++ b/ios/net/cookies/cookie_store_ios.mm @@ -449,7 +449,7 @@ void CookieStoreIOS::SetCookieWithDetailsAsync( base::Time last_access_time, bool secure, bool http_only, - bool same_site, + CookieSameSite same_site, bool enforce_strict_secure, CookiePriority priority, const SetCookiesCallback& callback) { diff --git a/ios/net/cookies/cookie_store_ios_unittest.mm b/ios/net/cookies/cookie_store_ios_unittest.mm index c436cc9..af2c94e 100644 --- a/ios/net/cookies/cookie_store_ios_unittest.mm +++ b/ios/net/cookies/cookie_store_ios_unittest.mm @@ -100,7 +100,7 @@ class RoundTripTestCookieStore : public net::CookieStore { base::Time last_access_time, bool secure, bool http_only, - bool same_site, + CookieSameSite same_site, bool enforce_strict_secure, CookiePriority priority, const SetCookiesCallback& callback) override { @@ -264,8 +264,7 @@ class TestPersistentCookieStore base::Time(), // last_access false, // secure false, // httponly - false, // same_site - net::COOKIE_PRIORITY_DEFAULT); + net::CookieSameSite::DEFAULT_MODE, net::COOKIE_PRIORITY_DEFAULT); cookies.push_back(bad_canonical_cookie); loaded_callback_.Run(cookies); } diff --git a/ios/net/cookies/system_cookie_util.mm b/ios/net/cookies/system_cookie_util.mm index 444a545..9c371dc 100644 --- a/ios/net/cookies/system_cookie_util.mm +++ b/ios/net/cookies/system_cookie_util.mm @@ -72,8 +72,10 @@ net::CanonicalCookie CanonicalCookieFromSystemCookie( base::SysNSStringToUTF8([cookie domain]), base::SysNSStringToUTF8([cookie path]), ceation_time, base::Time::FromDoubleT([[cookie expiresDate] timeIntervalSince1970]), - base::Time(), [cookie isSecure], [cookie isHTTPOnly], false, - net::COOKIE_PRIORITY_DEFAULT); + base::Time(), [cookie isSecure], [cookie isHTTPOnly], + // TODO(mkwst): When iOS begins to support 'SameSite' and 'Priority' + // attributes, pass them through here. + net::CookieSameSite::DEFAULT_MODE, net::COOKIE_PRIORITY_DEFAULT); } // Converts net::CanonicalCookie to NSHTTPCookie. diff --git a/ios/net/cookies/system_cookie_util_unittest.mm b/ios/net/cookies/system_cookie_util_unittest.mm index 0273809..ba97b22 100644 --- a/ios/net/cookies/system_cookie_util_unittest.mm +++ b/ios/net/cookies/system_cookie_util_unittest.mm @@ -31,8 +31,7 @@ void CheckSystemCookie(const base::Time& expires, bool secure, bool httponly) { base::Time(), // creation expires, base::Time(), // last_access - secure, httponly, - false, // same_site + secure, httponly, net::CookieSameSite::DEFAULT_MODE, net::COOKIE_PRIORITY_DEFAULT); // Convert it to system cookie. base::scoped_nsobject<NSHTTPCookie> system_cookie( @@ -125,8 +124,7 @@ TEST(CookieUtil, SystemCookieFromBadCanonicalCookie) { base::Time(), // last_access false, // secure false, // httponly - false, // same_site - net::COOKIE_PRIORITY_DEFAULT); + net::CookieSameSite::DEFAULT_MODE, net::COOKIE_PRIORITY_DEFAULT); // Convert it to system cookie. base::scoped_nsobject<NSHTTPCookie> system_cookie( [SystemCookieFromCanonicalCookie(bad_canonical_cookie) retain]); diff --git a/net/cookies/canonical_cookie.cc b/net/cookies/canonical_cookie.cc index 0a5e794..5647a22 100644 --- a/net/cookies/canonical_cookie.cc +++ b/net/cookies/canonical_cookie.cc @@ -134,7 +134,7 @@ CanonicalCookie::CanonicalCookie(const GURL& url, const base::Time& last_access, bool secure, bool httponly, - bool same_site, + CookieSameSite same_site, CookiePriority priority) : source_(url.SchemeIsFile() ? url : url.GetOrigin()), name_(name), @@ -158,7 +158,7 @@ CanonicalCookie::CanonicalCookie(const GURL& url, const ParsedCookie& pc) last_access_date_(Time()), secure_(pc.IsSecure()), httponly_(pc.IsHttpOnly()), - same_site_(pc.IsSameSite()), + same_site_(pc.SameSite()), priority_(pc.Priority()) { if (pc.HasExpires()) expiry_date_ = CanonExpiration(pc, creation_date_, creation_date_); @@ -277,7 +277,7 @@ scoped_ptr<CanonicalCookie> CanonicalCookie::Create( url, parsed_cookie.Name(), parsed_cookie.Value(), cookie_domain, cookie_path, creation_time, cookie_expires, creation_time, parsed_cookie.IsSecure(), parsed_cookie.IsHttpOnly(), - parsed_cookie.IsSameSite(), parsed_cookie.Priority())); + parsed_cookie.SameSite(), parsed_cookie.Priority())); } // static @@ -291,7 +291,7 @@ scoped_ptr<CanonicalCookie> CanonicalCookie::Create( const base::Time& expiration, bool secure, bool http_only, - bool same_site, + CookieSameSite same_site, bool enforce_strict_secure, CookiePriority priority) { // Expect valid attribute tokens and values, as defined by the ParsedCookie @@ -422,8 +422,14 @@ bool CanonicalCookie::IncludeForRequestURL(const GURL& url, if (!IsOnPath(url.path())) return false; // Don't include same-site cookies for cross-site requests. - if (IsSameSite() && !options.include_same_site()) + // + // TODO(mkwst): This currently treats both "strict" and "lax" SameSite cookies + // in the same way. https://codereview.chromium.org/1783813002 will eventually + // distinguish between them based on attributes of the request. + if (SameSite() != CookieSameSite::NO_RESTRICTION && + !options.include_same_site()) { return false; + } return true; } diff --git a/net/cookies/canonical_cookie.h b/net/cookies/canonical_cookie.h index 6f43d9e..e14cf2e 100644 --- a/net/cookies/canonical_cookie.h +++ b/net/cookies/canonical_cookie.h @@ -38,7 +38,7 @@ class NET_EXPORT CanonicalCookie { const base::Time& last_access, bool secure, bool httponly, - bool same_site, + CookieSameSite same_site, CookiePriority priority); // This constructor does canonicalization but not validation. @@ -72,7 +72,7 @@ class NET_EXPORT CanonicalCookie { const base::Time& expiration, bool secure, bool http_only, - bool same_site, + CookieSameSite same_site, bool enforce_strict_secure, CookiePriority priority); @@ -87,7 +87,7 @@ class NET_EXPORT CanonicalCookie { const base::Time& ExpiryDate() const { return expiry_date_; } bool IsSecure() const { return secure_; } bool IsHttpOnly() const { return httponly_; } - bool IsSameSite() const { return same_site_; } + CookieSameSite SameSite() const { return same_site_; } CookiePriority Priority() const { return priority_; } bool IsDomainCookie() const { return !domain_.empty() && domain_[0] == '.'; } @@ -206,7 +206,7 @@ class NET_EXPORT CanonicalCookie { base::Time last_access_date_; bool secure_; bool httponly_; - bool same_site_; + CookieSameSite same_site_; CookiePriority priority_; }; diff --git a/net/cookies/canonical_cookie_unittest.cc b/net/cookies/canonical_cookie_unittest.cc index e5ad68c..11a20df8 100644 --- a/net/cookies/canonical_cookie_unittest.cc +++ b/net/cookies/canonical_cookie_unittest.cc @@ -19,7 +19,7 @@ TEST(CanonicalCookieTest, Constructor) { CanonicalCookie cookie(url, "A", "2", "www.example.com", "/test", current_time, base::Time(), current_time, false, false, - false, COOKIE_PRIORITY_DEFAULT); + CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT); EXPECT_EQ(url.GetOrigin(), cookie.Source()); EXPECT_EQ("A", cookie.Name()); EXPECT_EQ("2", cookie.Value()); @@ -27,11 +27,12 @@ TEST(CanonicalCookieTest, Constructor) { EXPECT_EQ("/test", cookie.Path()); EXPECT_FALSE(cookie.IsSecure()); EXPECT_FALSE(cookie.IsHttpOnly()); - EXPECT_FALSE(cookie.IsSameSite()); + EXPECT_EQ(CookieSameSite::NO_RESTRICTION, cookie.SameSite()); CanonicalCookie cookie2(url, "A", "2", std::string(), std::string(), current_time, base::Time(), current_time, false, - false, false, COOKIE_PRIORITY_DEFAULT); + false, CookieSameSite::DEFAULT_MODE, + COOKIE_PRIORITY_DEFAULT); EXPECT_EQ(url.GetOrigin(), cookie.Source()); EXPECT_EQ("A", cookie2.Name()); EXPECT_EQ("2", cookie2.Value()); @@ -39,7 +40,7 @@ TEST(CanonicalCookieTest, Constructor) { EXPECT_EQ("", cookie2.Path()); EXPECT_FALSE(cookie2.IsSecure()); EXPECT_FALSE(cookie2.IsHttpOnly()); - EXPECT_FALSE(cookie2.IsSameSite()); + EXPECT_EQ(CookieSameSite::NO_RESTRICTION, cookie2.SameSite()); } TEST(CanonicalCookieTest, Create) { @@ -82,19 +83,28 @@ TEST(CanonicalCookieTest, Create) { httponly_options); EXPECT_TRUE(cookie->IsHttpOnly()); - // Test creating http only cookies. + // Test creating SameSite cookies. CookieOptions same_site_options; same_site_options.set_include_same_site(); + cookie = CanonicalCookie::Create(url, "A=2; SameSite=Strict", creation_time, + same_site_options); + EXPECT_TRUE(cookie.get()); + EXPECT_EQ(CookieSameSite::STRICT_MODE, cookie->SameSite()); + cookie = CanonicalCookie::Create(url, "A=2; SameSite=Lax", creation_time, + same_site_options); + EXPECT_TRUE(cookie.get()); + EXPECT_EQ(CookieSameSite::LAX_MODE, cookie->SameSite()); cookie = CanonicalCookie::Create(url, "A=2; SameSite", creation_time, same_site_options); EXPECT_TRUE(cookie.get()); - EXPECT_TRUE(cookie->IsSameSite()); + EXPECT_EQ(CookieSameSite::NO_RESTRICTION, cookie->SameSite()); // Test the creating cookies using specific parameter instead of a cookie // string. cookie = CanonicalCookie::Create(url, "A", "2", "www.example.com", "/test", creation_time, base::Time(), false, false, - false, false, COOKIE_PRIORITY_DEFAULT); + CookieSameSite::DEFAULT_MODE, false, + COOKIE_PRIORITY_DEFAULT); EXPECT_EQ(url.GetOrigin(), cookie->Source()); EXPECT_EQ("A", cookie->Name()); EXPECT_EQ("2", cookie->Value()); @@ -102,11 +112,12 @@ TEST(CanonicalCookieTest, Create) { EXPECT_EQ("/test", cookie->Path()); EXPECT_FALSE(cookie->IsSecure()); EXPECT_FALSE(cookie->IsHttpOnly()); - EXPECT_FALSE(cookie->IsSameSite()); + EXPECT_EQ(CookieSameSite::NO_RESTRICTION, cookie->SameSite()); cookie = CanonicalCookie::Create(url, "A", "2", ".www.example.com", "/test", creation_time, base::Time(), false, false, - false, false, COOKIE_PRIORITY_DEFAULT); + CookieSameSite::DEFAULT_MODE, false, + COOKIE_PRIORITY_DEFAULT); EXPECT_EQ(url.GetOrigin(), cookie->Source()); EXPECT_EQ("A", cookie->Name()); EXPECT_EQ("2", cookie->Value()); @@ -114,7 +125,7 @@ TEST(CanonicalCookieTest, Create) { EXPECT_EQ("/test", cookie->Path()); EXPECT_FALSE(cookie->IsSecure()); EXPECT_FALSE(cookie->IsHttpOnly()); - EXPECT_FALSE(cookie->IsSameSite()); + EXPECT_EQ(CookieSameSite::NO_RESTRICTION, cookie->SameSite()); } TEST(CanonicalCookieTest, EmptyExpiry) { @@ -159,7 +170,7 @@ TEST(CanonicalCookieTest, IsEquivalent) { base::Time expiration_time = creation_time + base::TimeDelta::FromDays(2); bool secure(false); bool httponly(false); - bool same_site(false); + CookieSameSite same_site(CookieSameSite::NO_RESTRICTION); // Test that a cookie is equivalent to itself. scoped_ptr<CanonicalCookie> cookie(new CanonicalCookie( @@ -205,8 +216,8 @@ TEST(CanonicalCookieTest, IsEquivalent) { other_cookie.reset(new CanonicalCookie( url, cookie_name, cookie_name, cookie_domain, cookie_path, creation_time, - expiration_time, last_access_time, secure, httponly, true, - COOKIE_PRIORITY_LOW)); + expiration_time, last_access_time, secure, httponly, + CookieSameSite::STRICT_MODE, COOKIE_PRIORITY_LOW)); EXPECT_TRUE(cookie->IsEquivalent(*other_cookie)); // Tests that use different variations of attribute values that @@ -249,7 +260,7 @@ TEST(CanonicalCookieTest, IsEquivalentForSecureCookieMatching) { base::Time expiration_time = creation_time + base::TimeDelta::FromDays(2); bool secure(false); bool httponly(false); - bool same_site(false); + CookieSameSite same_site(CookieSameSite::NO_RESTRICTION); // Test that a cookie is equivalent to itself. scoped_ptr<CanonicalCookie> cookie(new CanonicalCookie( @@ -299,8 +310,8 @@ TEST(CanonicalCookieTest, IsEquivalentForSecureCookieMatching) { other_cookie.reset(new CanonicalCookie( url, cookie_name, cookie_name, cookie_domain, cookie_path, creation_time, - expiration_time, last_access_time, secure, httponly, true, - COOKIE_PRIORITY_LOW)); + expiration_time, last_access_time, secure, httponly, + CookieSameSite::STRICT_MODE, COOKIE_PRIORITY_LOW)); EXPECT_TRUE(cookie->IsEquivalentForSecureCookieMatching(*other_cookie)); // The following 3 tests' expected results differ from their IsEquivalent @@ -444,34 +455,34 @@ TEST(CanonicalCookieTest, IncludeSameSiteForSameSiteURL) { // Same-site cookies are not included for cross-site requests, // even if other properties match: - cookie = CanonicalCookie::Create(secure_url, "A=2; SameSite", creation_time, - options); - EXPECT_TRUE(cookie->IsSameSite()); + cookie = CanonicalCookie::Create(secure_url, "A=2; SameSite=Strict", + creation_time, options); + EXPECT_EQ(CookieSameSite::STRICT_MODE, cookie->SameSite()); EXPECT_FALSE(cookie->IncludeForRequestURL(secure_url, options)); - cookie = CanonicalCookie::Create(secure_url, "A=2; Secure; SameSite", + cookie = CanonicalCookie::Create(secure_url, "A=2; Secure; SameSite=Strict", creation_time, options); - EXPECT_TRUE(cookie->IsSameSite()); + EXPECT_EQ(CookieSameSite::STRICT_MODE, cookie->SameSite()); EXPECT_FALSE(cookie->IncludeForRequestURL(secure_url, options)); cookie = CanonicalCookie::Create(secure_url_with_path, - "A=2; SameSite; path=/foo/bar", + "A=2; SameSite=Strict; path=/foo/bar", creation_time, options); - EXPECT_TRUE(cookie->IsSameSite()); + EXPECT_EQ(CookieSameSite::STRICT_MODE, cookie->SameSite()); EXPECT_FALSE(cookie->IncludeForRequestURL(secure_url, options)); // Same-site cookies are included for same-site requests: options.set_include_same_site(); - cookie = CanonicalCookie::Create(secure_url, "A=2; SameSite", creation_time, - options); - EXPECT_TRUE(cookie->IsSameSite()); + cookie = CanonicalCookie::Create(secure_url, "A=2; SameSite=Strict", + creation_time, options); + EXPECT_EQ(CookieSameSite::STRICT_MODE, cookie->SameSite()); EXPECT_TRUE(cookie->IncludeForRequestURL(secure_url, options)); - cookie = CanonicalCookie::Create(secure_url, "A=2; Secure; SameSite", + cookie = CanonicalCookie::Create(secure_url, "A=2; Secure; SameSite=Strict", creation_time, options); - EXPECT_TRUE(cookie->IsSameSite()); + EXPECT_EQ(CookieSameSite::STRICT_MODE, cookie->SameSite()); EXPECT_TRUE(cookie->IncludeForRequestURL(secure_url, options)); cookie = CanonicalCookie::Create(secure_url_with_path, - "A=2; SameSite; path=/foo/bar", + "A=2; SameSite=Strict; path=/foo/bar", creation_time, options); - EXPECT_TRUE(cookie->IsSameSite()); + EXPECT_EQ(CookieSameSite::STRICT_MODE, cookie->SameSite()); EXPECT_TRUE(cookie->IncludeForRequestURL(secure_url_with_path, options)); } @@ -635,21 +646,21 @@ TEST(CanonicalCookieTest, EnforceSecureCookiesRequireSecureScheme) { EXPECT_TRUE(https_cookie_secure.get()); scoped_ptr<CanonicalCookie> http_cookie_no_secure_extended( - CanonicalCookie::Create(http_url, "a", "b", "", "", creation_time, - creation_time, false, false, false, true, - COOKIE_PRIORITY_DEFAULT)); + CanonicalCookie::Create( + http_url, "a", "b", "", "", creation_time, creation_time, false, + false, CookieSameSite::STRICT_MODE, true, COOKIE_PRIORITY_DEFAULT)); scoped_ptr<CanonicalCookie> http_cookie_secure_extended( - CanonicalCookie::Create(http_url, "a", "b", "", "", creation_time, - creation_time, true, false, false, true, - COOKIE_PRIORITY_DEFAULT)); + CanonicalCookie::Create( + http_url, "a", "b", "", "", creation_time, creation_time, true, false, + CookieSameSite::STRICT_MODE, true, COOKIE_PRIORITY_DEFAULT)); scoped_ptr<CanonicalCookie> https_cookie_no_secure_extended( - CanonicalCookie::Create(https_url, "a", "b", "", "", creation_time, - creation_time, false, false, false, true, - COOKIE_PRIORITY_DEFAULT)); + CanonicalCookie::Create( + https_url, "a", "b", "", "", creation_time, creation_time, false, + false, CookieSameSite::STRICT_MODE, true, COOKIE_PRIORITY_DEFAULT)); scoped_ptr<CanonicalCookie> https_cookie_secure_extended( - CanonicalCookie::Create(https_url, "a", "b", "", "", creation_time, - creation_time, true, false, false, true, - COOKIE_PRIORITY_DEFAULT)); + CanonicalCookie::Create( + https_url, "a", "b", "", "", creation_time, creation_time, true, + false, CookieSameSite::STRICT_MODE, true, COOKIE_PRIORITY_DEFAULT)); EXPECT_TRUE(http_cookie_no_secure_extended.get()); EXPECT_FALSE(http_cookie_secure_extended.get()); diff --git a/net/cookies/cookie_constants.cc b/net/cookies/cookie_constants.cc index 05fe22e..b618261 100644 --- a/net/cookies/cookie_constants.cc +++ b/net/cookies/cookie_constants.cc @@ -10,12 +10,17 @@ namespace net { namespace { + const char kPriorityLow[] = "low"; const char kPriorityMedium[] = "medium"; const char kPriorityHigh[] = "high"; + +const char kSameSiteLax[] = "lax"; +const char kSameSiteStrict[] = "strict"; + } // namespace -NET_EXPORT const std::string CookiePriorityToString(CookiePriority priority) { +std::string CookiePriorityToString(CookiePriority priority) { switch(priority) { case COOKIE_PRIORITY_HIGH: return kPriorityHigh; @@ -29,7 +34,7 @@ NET_EXPORT const std::string CookiePriorityToString(CookiePriority priority) { return std::string(); } -NET_EXPORT CookiePriority StringToCookiePriority(const std::string& priority) { +CookiePriority StringToCookiePriority(const std::string& priority) { std::string priority_comp = base::ToLowerASCII(priority); if (priority_comp == kPriorityHigh) @@ -42,4 +47,12 @@ NET_EXPORT CookiePriority StringToCookiePriority(const std::string& priority) { return COOKIE_PRIORITY_DEFAULT; } +CookieSameSite StringToCookieSameSite(const std::string& same_site) { + if (base::EqualsCaseInsensitiveASCII(same_site, kSameSiteLax)) + return CookieSameSite::LAX_MODE; + if (base::EqualsCaseInsensitiveASCII(same_site, kSameSiteStrict)) + return CookieSameSite::STRICT_MODE; + return CookieSameSite::DEFAULT_MODE; +} + } // namespace net diff --git a/net/cookies/cookie_constants.h b/net/cookies/cookie_constants.h index 7e27e14..49dafbd 100644 --- a/net/cookies/cookie_constants.h +++ b/net/cookies/cookie_constants.h @@ -18,13 +18,27 @@ enum CookiePriority { COOKIE_PRIORITY_DEFAULT = COOKIE_PRIORITY_MEDIUM }; +enum class CookieSameSite { + NO_RESTRICTION = 0, + LAX_MODE = 1, + STRICT_MODE = 2, + DEFAULT_MODE = NO_RESTRICTION +}; + // Returns the Set-Cookie header priority token corresponding to |priority|. -NET_EXPORT const std::string CookiePriorityToString(CookiePriority priority); +// +// TODO(mkwst): Remove this once its callsites are refactored. +NET_EXPORT std::string CookiePriorityToString(CookiePriority priority); // Converts the Set-Cookie header priority token |priority| to a CookiePriority. // Defaults to COOKIE_PRIORITY_DEFAULT for empty or unrecognized strings. NET_EXPORT CookiePriority StringToCookiePriority(const std::string& priority); +// Converst the Set-Cookie header SameSite token |same_site| to a +// CookieSameSite. Defaults to CookieSameSite::DEFAULT_MODE for empty or +// unrecognized strings. +NET_EXPORT CookieSameSite StringToCookieSameSite(const std::string& same_site); + } // namespace net #endif // NET_COOKIES_COOKIE_CONSTANTS_H_ diff --git a/net/cookies/cookie_monster.cc b/net/cookies/cookie_monster.cc index 1984bad..a4f99dc 100644 --- a/net/cookies/cookie_monster.cc +++ b/net/cookies/cookie_monster.cc @@ -380,7 +380,7 @@ class CookieMonster::SetCookieWithDetailsTask : public CookieMonsterTask { base::Time last_access_time, bool secure, bool http_only, - bool same_site, + CookieSameSite same_site, bool enforce_strict_secure, CookiePriority priority, const SetCookiesCallback& callback) @@ -417,7 +417,7 @@ class CookieMonster::SetCookieWithDetailsTask : public CookieMonsterTask { base::Time last_access_time_; bool secure_; bool http_only_; - bool same_site_; + CookieSameSite same_site_; bool enforce_strict_secure_; CookiePriority priority_; SetCookiesCallback callback_; @@ -824,7 +824,7 @@ void CookieMonster::SetCookieWithDetailsAsync( Time last_access_time, bool secure, bool http_only, - bool same_site, + CookieSameSite same_site, bool enforce_strict_secure, CookiePriority priority, const SetCookiesCallback& callback) { @@ -1014,7 +1014,7 @@ bool CookieMonster::SetCookieWithDetails(const GURL& url, base::Time last_access_time, bool secure, bool http_only, - bool same_site, + CookieSameSite same_site, bool enforce_strict_secure, CookiePriority priority) { DCHECK(thread_checker_.CalledOnValidThread()); @@ -1677,7 +1677,9 @@ CookieMonster::CookieMap::iterator CookieMonster::InternalInsertCookie( } // See InitializeHistograms() for details. - int32_t type_sample = cc->IsSameSite() ? 1 << COOKIE_TYPE_SAME_SITE : 0; + int32_t type_sample = cc->SameSite() != CookieSameSite::NO_RESTRICTION + ? 1 << COOKIE_TYPE_SAME_SITE + : 0; type_sample |= cc->IsHttpOnly() ? 1 << COOKIE_TYPE_HTTPONLY : 0; type_sample |= cc->IsSecure() ? 1 << COOKIE_TYPE_SECURE : 0; histogram_cookie_type_->Add(type_sample); diff --git a/net/cookies/cookie_monster.h b/net/cookies/cookie_monster.h index d288a84..12e0494 100644 --- a/net/cookies/cookie_monster.h +++ b/net/cookies/cookie_monster.h @@ -163,7 +163,7 @@ class NET_EXPORT CookieMonster : public CookieStore { base::Time last_access_time, bool secure, bool http_only, - bool same_site, + CookieSameSite same_site, bool enforce_strict_secure, CookiePriority priority, const SetCookiesCallback& callback) override; @@ -394,7 +394,7 @@ class NET_EXPORT CookieMonster : public CookieStore { base::Time last_access_time, bool secure, bool http_only, - bool same_site, + CookieSameSite same_site, bool enforce_strict_secure, CookiePriority priority); diff --git a/net/cookies/cookie_monster_store_test.cc b/net/cookies/cookie_monster_store_test.cc index 4271298..54fe5c4 100644 --- a/net/cookies/cookie_monster_store_test.cc +++ b/net/cookies/cookie_monster_store_test.cc @@ -138,7 +138,7 @@ CanonicalCookie BuildCanonicalCookie(const std::string& key, return CanonicalCookie(GURL(), pc.Name(), pc.Value(), key, cookie_path, creation_time, cookie_expires, creation_time, - pc.IsSecure(), pc.IsHttpOnly(), pc.IsSameSite(), + pc.IsSecure(), pc.IsHttpOnly(), pc.SameSite(), pc.Priority()); } @@ -248,8 +248,8 @@ scoped_ptr<CookieMonster> CreateMonsterFromStoreForGC( CanonicalCookie cc(GURL(), "a", "1", base::StringPrintf("h%05d.izzle", i), "/path", creation_time, expiration_time, - last_access_time, secure, false, false, - COOKIE_PRIORITY_DEFAULT); + last_access_time, secure, false, + CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT); store->AddCookie(cc); } diff --git a/net/cookies/cookie_monster_unittest.cc b/net/cookies/cookie_monster_unittest.cc index 5a48d7d..741807c 100644 --- a/net/cookies/cookie_monster_unittest.cc +++ b/net/cookies/cookie_monster_unittest.cc @@ -187,72 +187,73 @@ class CookieMonsterTestBase : public CookieStoreTest<T> { // Domain cookies EXPECT_TRUE(this->SetCookieWithDetails( cm, url_top_level_domain_plus_1, "dom_1", "X", ".harvard.edu", "/", - base::Time(), base::Time(), base::Time(), false, false, false, - COOKIE_PRIORITY_DEFAULT)); + base::Time(), base::Time(), base::Time(), false, false, + CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT)); EXPECT_TRUE(this->SetCookieWithDetails( cm, url_top_level_domain_plus_2, "dom_2", "X", ".math.harvard.edu", "/", - base::Time(), base::Time(), base::Time(), false, false, false, - COOKIE_PRIORITY_DEFAULT)); + base::Time(), base::Time(), base::Time(), false, false, + CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT)); EXPECT_TRUE(this->SetCookieWithDetails( cm, url_top_level_domain_plus_3, "dom_3", "X", ".bourbaki.math.harvard.edu", "/", base::Time(), base::Time(), - base::Time(), false, false, false, COOKIE_PRIORITY_DEFAULT)); + base::Time(), false, false, CookieSameSite::DEFAULT_MODE, + COOKIE_PRIORITY_DEFAULT)); // Host cookies EXPECT_TRUE(this->SetCookieWithDetails( cm, url_top_level_domain_plus_1, "host_1", "X", std::string(), "/", - base::Time(), base::Time(), base::Time(), false, false, false, - COOKIE_PRIORITY_DEFAULT)); + base::Time(), base::Time(), base::Time(), false, false, + CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT)); EXPECT_TRUE(this->SetCookieWithDetails( cm, url_top_level_domain_plus_2, "host_2", "X", std::string(), "/", - base::Time(), base::Time(), base::Time(), false, false, false, - COOKIE_PRIORITY_DEFAULT)); + base::Time(), base::Time(), base::Time(), false, false, + CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT)); EXPECT_TRUE(this->SetCookieWithDetails( cm, url_top_level_domain_plus_3, "host_3", "X", std::string(), "/", - base::Time(), base::Time(), base::Time(), false, false, false, - COOKIE_PRIORITY_DEFAULT)); + base::Time(), base::Time(), base::Time(), false, false, + CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT)); // http_only cookie EXPECT_TRUE(this->SetCookieWithDetails( cm, url_top_level_domain_plus_2, "httpo_check", "x", std::string(), "/", - base::Time(), base::Time(), base::Time(), false, true, false, - COOKIE_PRIORITY_DEFAULT)); + base::Time(), base::Time(), base::Time(), false, true, + CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT)); // same-site cookie EXPECT_TRUE(this->SetCookieWithDetails( cm, url_top_level_domain_plus_2, "firstp_check", "x", std::string(), - "/", base::Time(), base::Time(), base::Time(), false, false, true, - COOKIE_PRIORITY_DEFAULT)); + "/", base::Time(), base::Time(), base::Time(), false, false, + CookieSameSite::STRICT_MODE, COOKIE_PRIORITY_DEFAULT)); // Secure cookies EXPECT_TRUE(this->SetCookieWithDetails( cm, url_top_level_domain_plus_2_secure, "sec_dom", "X", ".math.harvard.edu", "/", base::Time(), base::Time(), base::Time(), - true, false, false, COOKIE_PRIORITY_DEFAULT)); + true, false, CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT)); EXPECT_TRUE(this->SetCookieWithDetails( cm, url_top_level_domain_plus_2_secure, "sec_host", "X", std::string(), - "/", base::Time(), base::Time(), base::Time(), true, false, false, - COOKIE_PRIORITY_DEFAULT)); + "/", base::Time(), base::Time(), base::Time(), true, false, + CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT)); // Domain path cookies EXPECT_TRUE(this->SetCookieWithDetails( cm, url_top_level_domain_plus_2, "dom_path_1", "X", ".math.harvard.edu", - "/dir1", base::Time(), base::Time(), base::Time(), false, false, false, - COOKIE_PRIORITY_DEFAULT)); + "/dir1", base::Time(), base::Time(), base::Time(), false, false, + CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT)); EXPECT_TRUE(this->SetCookieWithDetails( cm, url_top_level_domain_plus_2, "dom_path_2", "X", ".math.harvard.edu", "/dir1/dir2", base::Time(), base::Time(), base::Time(), false, false, - false, COOKIE_PRIORITY_DEFAULT)); + CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT)); // Host path cookies EXPECT_TRUE(this->SetCookieWithDetails( cm, url_top_level_domain_plus_2, "host_path_1", "X", std::string(), - "/dir1", base::Time(), base::Time(), base::Time(), false, false, false, - COOKIE_PRIORITY_DEFAULT)); + "/dir1", base::Time(), base::Time(), base::Time(), false, false, + CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT)); EXPECT_TRUE(this->SetCookieWithDetails( cm, url_top_level_domain_plus_2, "host_path_2", "X", std::string(), "/dir1/dir2", base::Time(), base::Time(), base::Time(), false, false, - false, COOKIE_PRIORITY_DEFAULT)); + CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT)); EXPECT_EQ(14U, this->GetAllCookies(cm).size()); } @@ -622,7 +623,7 @@ struct CookiesInputInfo { const base::Time expiration_time; bool secure; bool http_only; - bool same_site; + CookieSameSite same_site; CookiePriority priority; }; @@ -855,14 +856,14 @@ TEST_F(DeferredCookieTaskTest, DeferredSetCookie) { TEST_F(DeferredCookieTaskTest, DeferredSetAllCookies) { MockSetCookiesCallback set_cookies_callback; CookieList list; - list.push_back(CanonicalCookie(http_www_google_.url(), "A", "B", - http_www_google_.domain(), "/", - base::Time::Now(), base::Time(), base::Time(), - false, true, false, COOKIE_PRIORITY_DEFAULT)); - list.push_back(CanonicalCookie(http_www_google_.url(), "C", "D", - http_www_google_.domain(), "/", - base::Time::Now(), base::Time(), base::Time(), - false, true, false, COOKIE_PRIORITY_DEFAULT)); + list.push_back(CanonicalCookie( + http_www_google_.url(), "A", "B", http_www_google_.domain(), "/", + base::Time::Now(), base::Time(), base::Time(), false, true, + CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT)); + list.push_back(CanonicalCookie( + http_www_google_.url(), "C", "D", http_www_google_.domain(), "/", + base::Time::Now(), base::Time(), base::Time(), false, true, + CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT)); BeginWith( SetAllCookiesAction(&cookie_monster(), list, &set_cookies_callback)); @@ -910,7 +911,7 @@ TEST_F(DeferredCookieTaskTest, DeferredSetCookieWithDetails) { base::Time(), false, false, - false, + CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT}; BeginWithForDomainKey( http_www_google_.domain(), @@ -927,7 +928,7 @@ TEST_F(DeferredCookieTaskTest, DeferredSetCookieWithDetails) { base::Time(), false, false, - false, + CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT}; EXPECT_CALL(set_cookies_callback, Invoke(true)) .WillOnce(SetCookieWithDetailsAction(&cookie_monster(), cookie_info_exp, @@ -1743,15 +1744,15 @@ TEST_F(CookieMonsterTest, UniqueCreationTime) { EXPECT_TRUE(SetCookieWithDetails( cm.get(), http_www_google_.url(), "setCookieWithDetails1", "A", http_www_google_.Format(".%D"), "/", Time(), Time(), Time(), false, false, - false, COOKIE_PRIORITY_DEFAULT)); + CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT)); EXPECT_TRUE(SetCookieWithDetails( cm.get(), http_www_google_.url(), "setCookieWithDetails2", "A", http_www_google_.Format(".%D"), "/", Time(), Time(), Time(), false, false, - false, COOKIE_PRIORITY_DEFAULT)); + CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT)); EXPECT_TRUE(SetCookieWithDetails( cm.get(), http_www_google_.url(), "setCookieWithDetails3", "A", http_www_google_.Format(".%D"), "/", Time(), Time(), Time(), false, false, - false, COOKIE_PRIORITY_DEFAULT)); + CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT)); // Now we check CookieList cookie_list(GetAllCookies(cm.get())); @@ -1811,36 +1812,14 @@ TEST_F(CookieMonsterTest, BackingStoreCommunication) { base::Time expires(base::Time::Now() + base::TimeDelta::FromSeconds(100)); const CookiesInputInfo input_info[] = { - {GURL("http://a.b.google.com"), - "a", - "1", - "", - "/path/to/cookie", - expires, - false, - false, - false, - COOKIE_PRIORITY_DEFAULT}, - {GURL("https://www.google.com"), - "b", - "2", - ".google.com", - "/path/from/cookie", - expires + TimeDelta::FromSeconds(10), - true, - true, - false, - COOKIE_PRIORITY_DEFAULT}, - {GURL("https://google.com"), - "c", - "3", - "", - "/another/path/to/cookie", - base::Time::Now() + base::TimeDelta::FromSeconds(100), - true, - false, - true, - COOKIE_PRIORITY_DEFAULT}}; + {GURL("http://a.b.google.com"), "a", "1", "", "/path/to/cookie", expires, + false, false, CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT}, + {GURL("https://www.google.com"), "b", "2", ".google.com", + "/path/from/cookie", expires + TimeDelta::FromSeconds(10), true, true, + CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT}, + {GURL("https://google.com"), "c", "3", "", "/another/path/to/cookie", + base::Time::Now() + base::TimeDelta::FromSeconds(100), true, false, + CookieSameSite::STRICT_MODE, COOKIE_PRIORITY_DEFAULT}}; const int INPUT_DELETE = 1; // Create new cookies and flush them to the store. @@ -1880,7 +1859,7 @@ TEST_F(CookieMonsterTest, BackingStoreCommunication) { output->CreationDate().ToInternalValue()); EXPECT_EQ(input->secure, output->IsSecure()); EXPECT_EQ(input->http_only, output->IsHttpOnly()); - EXPECT_EQ(input->same_site, output->IsSameSite()); + EXPECT_EQ(input->same_site, output->SameSite()); EXPECT_TRUE(output->IsPersistent()); EXPECT_EQ(input->expiration_time.ToInternalValue(), output->ExpiryDate().ToInternalValue()); @@ -2316,18 +2295,18 @@ TEST_F(CookieMonsterTest, SetAllCookies) { EXPECT_TRUE(SetCookie(cm.get(), http_www_google_.url(), "Y=Z; path=/")); CookieList list; - list.push_back(CanonicalCookie(http_www_google_.url(), "A", "B", - http_www_google_.url().host(), "/", - base::Time::Now(), base::Time(), base::Time(), - false, false, false, COOKIE_PRIORITY_DEFAULT)); - list.push_back(CanonicalCookie(http_www_google_.url(), "W", "X", - http_www_google_.url().host(), "/bar", - base::Time::Now(), base::Time(), base::Time(), - false, false, false, COOKIE_PRIORITY_DEFAULT)); - list.push_back(CanonicalCookie(http_www_google_.url(), "Y", "Z", - http_www_google_.url().host(), "/", - base::Time::Now(), base::Time(), base::Time(), - false, false, false, COOKIE_PRIORITY_DEFAULT)); + list.push_back(CanonicalCookie( + http_www_google_.url(), "A", "B", http_www_google_.url().host(), "/", + base::Time::Now(), base::Time(), base::Time(), false, false, + CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT)); + list.push_back(CanonicalCookie( + http_www_google_.url(), "W", "X", http_www_google_.url().host(), "/bar", + base::Time::Now(), base::Time(), base::Time(), false, false, + CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT)); + list.push_back(CanonicalCookie( + http_www_google_.url(), "Y", "Z", http_www_google_.url().host(), "/", + base::Time::Now(), base::Time(), base::Time(), false, false, + CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT)); // SetAllCookies must not flush. ASSERT_EQ(0, store->flush_count()); @@ -2359,49 +2338,50 @@ TEST_F(CookieMonsterTest, ComputeCookieDiff) { base::Time now = base::Time::Now(); base::Time creation_time = now - base::TimeDelta::FromSeconds(1); - CanonicalCookie cookie1(http_www_google_.url(), "A", "B", - http_www_google_.url().host(), "/", creation_time, - base::Time(), base::Time(), false, false, false, - COOKIE_PRIORITY_DEFAULT); - CanonicalCookie cookie2(http_www_google_.url(), "C", "D", - http_www_google_.url().host(), "/", creation_time, - base::Time(), base::Time(), false, false, false, - COOKIE_PRIORITY_DEFAULT); - CanonicalCookie cookie3(http_www_google_.url(), "E", "F", - http_www_google_.url().host(), "/", creation_time, - base::Time(), base::Time(), false, false, false, - COOKIE_PRIORITY_DEFAULT); - CanonicalCookie cookie4(http_www_google_.url(), "G", "H", - http_www_google_.url().host(), "/", creation_time, - base::Time(), base::Time(), false, false, false, - COOKIE_PRIORITY_DEFAULT); + CanonicalCookie cookie1( + http_www_google_.url(), "A", "B", http_www_google_.url().host(), "/", + creation_time, base::Time(), base::Time(), false, false, + CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT); + CanonicalCookie cookie2( + http_www_google_.url(), "C", "D", http_www_google_.url().host(), "/", + creation_time, base::Time(), base::Time(), false, false, + CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT); + CanonicalCookie cookie3( + http_www_google_.url(), "E", "F", http_www_google_.url().host(), "/", + creation_time, base::Time(), base::Time(), false, false, + CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT); + CanonicalCookie cookie4( + http_www_google_.url(), "G", "H", http_www_google_.url().host(), "/", + creation_time, base::Time(), base::Time(), false, false, + CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT); CanonicalCookie cookie4_with_new_value( http_www_google_.url(), "G", "iamnew", http_www_google_.url().host(), "/", - creation_time, base::Time(), base::Time(), false, false, false, - COOKIE_PRIORITY_DEFAULT); - CanonicalCookie cookie5(http_www_google_.url(), "I", "J", - http_www_google_.url().host(), "/", creation_time, - base::Time(), base::Time(), false, false, false, - COOKIE_PRIORITY_DEFAULT); + creation_time, base::Time(), base::Time(), false, false, + CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT); + CanonicalCookie cookie5( + http_www_google_.url(), "I", "J", http_www_google_.url().host(), "/", + creation_time, base::Time(), base::Time(), false, false, + CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT); CanonicalCookie cookie5_with_new_creation_time( http_www_google_.url(), "I", "J", http_www_google_.url().host(), "/", now, - base::Time(), base::Time(), false, false, false, COOKIE_PRIORITY_DEFAULT); - CanonicalCookie cookie6(http_www_google_.url(), "K", "L", - http_www_google_.url().host(), "/foo", creation_time, - base::Time(), base::Time(), false, false, false, - COOKIE_PRIORITY_DEFAULT); + base::Time(), base::Time(), false, false, CookieSameSite::DEFAULT_MODE, + COOKIE_PRIORITY_DEFAULT); + CanonicalCookie cookie6( + http_www_google_.url(), "K", "L", http_www_google_.url().host(), "/foo", + creation_time, base::Time(), base::Time(), false, false, + CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT); CanonicalCookie cookie6_with_new_path( http_www_google_.url(), "K", "L", http_www_google_.url().host(), "/bar", - creation_time, base::Time(), base::Time(), false, false, false, - COOKIE_PRIORITY_DEFAULT); - CanonicalCookie cookie7(http_www_google_.url(), "M", "N", - http_www_google_.url().host(), "/foo", creation_time, - base::Time(), base::Time(), false, false, false, - COOKIE_PRIORITY_DEFAULT); + creation_time, base::Time(), base::Time(), false, false, + CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT); + CanonicalCookie cookie7( + http_www_google_.url(), "M", "N", http_www_google_.url().host(), "/foo", + creation_time, base::Time(), base::Time(), false, false, + CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT); CanonicalCookie cookie7_with_new_path( http_www_google_.url(), "M", "N", http_www_google_.url().host(), "/bar", - creation_time, base::Time(), base::Time(), false, false, false, - COOKIE_PRIORITY_DEFAULT); + creation_time, base::Time(), base::Time(), false, false, + CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT); CookieList old_cookies; old_cookies.push_back(cookie1); @@ -2495,7 +2475,7 @@ TEST_F(CookieMonsterTest, HistogramCheck) { ASSERT_TRUE(SetCookieWithDetails( cm.get(), GURL("http://fake.a.url"), "a", "b", "a.url", "/", base::Time(), base::Time::Now() + base::TimeDelta::FromMinutes(59), base::Time(), false, - false, false, COOKIE_PRIORITY_DEFAULT)); + false, CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT)); scoped_ptr<base::HistogramSamples> samples2( expired_histogram->SnapshotSamples()); @@ -2613,12 +2593,12 @@ TEST_F(CookieMonsterTest, ControlCharacterPurge) { // We have to manually build this cookie because it contains a control // character, and our cookie line parser rejects control characters. - CanonicalCookie* cc = - new CanonicalCookie(url, "baz", - "\x05" - "boo", - domain, path, now2, later, now2, false, false, false, - COOKIE_PRIORITY_DEFAULT); + CanonicalCookie* cc = new CanonicalCookie( + url, "baz", + "\x05" + "boo", + domain, path, now2, later, now2, false, false, + CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT); initial_cookies.push_back(cc); AddCookieToList(domain, "hello=world; path=" + path, now3, &initial_cookies); diff --git a/net/cookies/cookie_store.h b/net/cookies/cookie_store.h index c44139b..6fabe92 100644 --- a/net/cookies/cookie_store.h +++ b/net/cookies/cookie_store.h @@ -91,7 +91,7 @@ class NET_EXPORT CookieStore { base::Time last_access_time, bool secure, bool http_only, - bool same_site, + CookieSameSite same_site, bool enforce_strict_secure, CookiePriority priority, const SetCookiesCallback& callback) = 0; diff --git a/net/cookies/cookie_store_test_helpers.cc b/net/cookies/cookie_store_test_helpers.cc index fdb8e92..d2dc210 100644 --- a/net/cookies/cookie_store_test_helpers.cc +++ b/net/cookies/cookie_store_test_helpers.cc @@ -86,7 +86,7 @@ void DelayedCookieMonster::SetCookieWithDetailsAsync( base::Time last_access_time, bool secure, bool http_only, - bool same_site, + CookieSameSite same_site, bool enforce_strict_secure, CookiePriority priority, const SetCookiesCallback& callback) { diff --git a/net/cookies/cookie_store_test_helpers.h b/net/cookies/cookie_store_test_helpers.h index 068296c..0ebae5b 100644 --- a/net/cookies/cookie_store_test_helpers.h +++ b/net/cookies/cookie_store_test_helpers.h @@ -41,7 +41,7 @@ class DelayedCookieMonster : public CookieStore { base::Time last_access_time, bool secure, bool http_only, - bool same_site, + CookieSameSite same_site, bool enforce_strict_secure, CookiePriority priority, const SetCookiesCallback& callback) override; diff --git a/net/cookies/cookie_store_unittest.h b/net/cookies/cookie_store_unittest.h index a47e953..b226d31 100644 --- a/net/cookies/cookie_store_unittest.h +++ b/net/cookies/cookie_store_unittest.h @@ -171,7 +171,7 @@ class CookieStoreTest : public testing::Test { const base::Time last_access_time, bool secure, bool http_only, - bool same_site, + CookieSameSite same_site, CookiePriority priority) { DCHECK(cs); ResultSavingCookieCallback<bool> callback; @@ -347,40 +347,40 @@ TYPED_TEST_P(CookieStoreTest, SetCookieWithDetailsAsync) { EXPECT_TRUE(this->SetCookieWithDetails( cs, this->www_google_foo_.url(), "A", "B", std::string(), "/foo", - one_hour_ago, one_hour_from_now, base::Time(), false, false, false, - COOKIE_PRIORITY_DEFAULT)); + one_hour_ago, one_hour_from_now, base::Time(), false, false, + CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT)); // Note that for the creation time to be set exactly, without modification, // it must be different from the one set by the line above. EXPECT_TRUE(this->SetCookieWithDetails( cs, this->www_google_bar_.url(), "C", "D", this->www_google_bar_.domain(), - "/bar", two_hours_ago, base::Time(), one_hour_ago, false, true, false, - COOKIE_PRIORITY_DEFAULT)); + "/bar", two_hours_ago, base::Time(), one_hour_ago, false, true, + CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT)); EXPECT_TRUE(this->SetCookieWithDetails( cs, this->http_www_google_.url(), "E", "F", std::string(), std::string(), - base::Time(), base::Time(), base::Time(), true, false, false, - COOKIE_PRIORITY_DEFAULT)); + base::Time(), base::Time(), base::Time(), true, false, + CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT)); // Test that malformed attributes fail to set the cookie. EXPECT_FALSE(this->SetCookieWithDetails( cs, this->www_google_foo_.url(), " A", "B", std::string(), "/foo", - base::Time(), base::Time(), base::Time(), false, false, false, - COOKIE_PRIORITY_DEFAULT)); + base::Time(), base::Time(), base::Time(), false, false, + CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT)); EXPECT_FALSE(this->SetCookieWithDetails( cs, this->www_google_foo_.url(), "A;", "B", std::string(), "/foo", - base::Time(), base::Time(), base::Time(), false, false, false, - COOKIE_PRIORITY_DEFAULT)); + base::Time(), base::Time(), base::Time(), false, false, + CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT)); EXPECT_FALSE(this->SetCookieWithDetails( cs, this->www_google_foo_.url(), "A=", "B", std::string(), "/foo", - base::Time(), base::Time(), base::Time(), false, false, false, - COOKIE_PRIORITY_DEFAULT)); + base::Time(), base::Time(), base::Time(), false, false, + CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT)); EXPECT_FALSE(this->SetCookieWithDetails( cs, this->www_google_foo_.url(), "A", "B", "google.ozzzzzzle", "foo", - base::Time(), base::Time(), base::Time(), false, false, false, - COOKIE_PRIORITY_DEFAULT)); + base::Time(), base::Time(), base::Time(), false, false, + CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT)); EXPECT_FALSE(this->SetCookieWithDetails( cs, this->www_google_foo_.url(), "A=", "B", std::string(), "foo", - base::Time(), base::Time(), base::Time(), false, false, false, - COOKIE_PRIORITY_DEFAULT)); + base::Time(), base::Time(), base::Time(), false, false, + CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT)); // Get all the cookies for a given URL, regardless of properties. This 'get()' // operation shouldn't update the access time, as the test checks that the diff --git a/net/cookies/parsed_cookie.cc b/net/cookies/parsed_cookie.cc index 5294f07..a6c1e95 100644 --- a/net/cookies/parsed_cookie.cc +++ b/net/cookies/parsed_cookie.cc @@ -182,6 +182,12 @@ bool ParsedCookie::IsValid() const { return !pairs_.empty(); } +CookieSameSite ParsedCookie::SameSite() const { + return (same_site_index_ == 0) + ? CookieSameSite::DEFAULT_MODE + : StringToCookieSameSite(pairs_[same_site_index_].second); +} + CookiePriority ParsedCookie::Priority() const { return (priority_index_ == 0) ? COOKIE_PRIORITY_DEFAULT @@ -230,8 +236,8 @@ bool ParsedCookie::SetIsHttpOnly(bool is_http_only) { return SetBool(&httponly_index_, kHttpOnlyTokenName, is_http_only); } -bool ParsedCookie::SetIsSameSite(bool is_same_site) { - return SetBool(&same_site_index_, kSameSiteTokenName, is_same_site); +bool ParsedCookie::SetSameSite(const std::string& is_same_site) { + return SetString(&same_site_index_, kSameSiteTokenName, is_same_site); } bool ParsedCookie::SetPriority(const std::string& priority) { @@ -244,8 +250,7 @@ std::string ParsedCookie::ToCookieLine() const { if (!out.empty()) out.append("; "); out.append(it->first); - if (it->first != kSecureTokenName && it->first != kHttpOnlyTokenName && - it->first != kSameSiteTokenName) { + if (it->first != kSecureTokenName && it->first != kHttpOnlyTokenName) { out.append("="); out.append(it->second); } diff --git a/net/cookies/parsed_cookie.h b/net/cookies/parsed_cookie.h index bce984c..ebb14de 100644 --- a/net/cookies/parsed_cookie.h +++ b/net/cookies/parsed_cookie.h @@ -50,7 +50,7 @@ class NET_EXPORT ParsedCookie { const std::string& MaxAge() const { return pairs_[maxage_index_].second; } bool IsSecure() const { return secure_index_ != 0; } bool IsHttpOnly() const { return httponly_index_ != 0; } - bool IsSameSite() const { return same_site_index_ != 0; } + CookieSameSite SameSite() const; CookiePriority Priority() const; // Returns the number of attributes, for example, returning 2 for: @@ -70,7 +70,7 @@ class NET_EXPORT ParsedCookie { bool SetMaxAge(const std::string& maxage); bool SetIsSecure(bool is_secure); bool SetIsHttpOnly(bool is_http_only); - bool SetIsSameSite(bool is_same_site); + bool SetSameSite(const std::string& same_site); bool SetPriority(const std::string& priority); // Returns the cookie description as it appears in a HTML response header. diff --git a/net/cookies/parsed_cookie_unittest.cc b/net/cookies/parsed_cookie_unittest.cc index 6cfcf3c..0a3048e 100644 --- a/net/cookies/parsed_cookie_unittest.cc +++ b/net/cookies/parsed_cookie_unittest.cc @@ -92,11 +92,12 @@ TEST(ParsedCookieTest, TestNameless) { } TEST(ParsedCookieTest, TestAttributeCase) { - ParsedCookie pc("BLAHHH; Path=/; sECuRe; httpONLY; sAmESitE; pRIoRitY=hIgH"); + ParsedCookie pc( + "BLAHHH; Path=/; sECuRe; httpONLY; sAmESitE=StrIct; pRIoRitY=hIgH"); EXPECT_TRUE(pc.IsValid()); EXPECT_TRUE(pc.IsSecure()); EXPECT_TRUE(pc.IsHttpOnly()); - EXPECT_TRUE(pc.IsSameSite()); + EXPECT_EQ(CookieSameSite::STRICT_MODE, pc.SameSite()); EXPECT_TRUE(pc.HasPath()); EXPECT_EQ("/", pc.Path()); EXPECT_EQ("", pc.Name()); @@ -147,7 +148,7 @@ TEST(ParsedCookieTest, MissingValue) { } TEST(ParsedCookieTest, Whitespace) { - ParsedCookie pc(" A = BC ;secure;;; samesite "); + ParsedCookie pc(" A = BC ;secure;;; samesite = lax "); EXPECT_TRUE(pc.IsValid()); EXPECT_EQ("A", pc.Name()); EXPECT_EQ("BC", pc.Value()); @@ -155,7 +156,7 @@ TEST(ParsedCookieTest, Whitespace) { EXPECT_FALSE(pc.HasDomain()); EXPECT_TRUE(pc.IsSecure()); EXPECT_FALSE(pc.IsHttpOnly()); - EXPECT_TRUE(pc.IsSameSite()); + EXPECT_EQ(CookieSameSite::LAX_MODE, pc.SameSite()); EXPECT_EQ(COOKIE_PRIORITY_DEFAULT, pc.Priority()); // We parse anything between ; as attributes, so we end up with two // attributes with an empty string name and value. @@ -170,7 +171,7 @@ TEST(ParsedCookieTest, MultipleEquals) { EXPECT_FALSE(pc.HasDomain()); EXPECT_TRUE(pc.IsSecure()); EXPECT_TRUE(pc.IsHttpOnly()); - EXPECT_FALSE(pc.IsSameSite()); + EXPECT_EQ(CookieSameSite::DEFAULT_MODE, pc.SameSite()); EXPECT_EQ(COOKIE_PRIORITY_DEFAULT, pc.Priority()); EXPECT_EQ(4U, pc.NumberOfAttributes()); } @@ -356,12 +357,12 @@ TEST(ParsedCookieTest, SetAttributes) { EXPECT_TRUE(pc.SetIsSecure(true)); EXPECT_TRUE(pc.SetIsHttpOnly(true)); EXPECT_TRUE(pc.SetIsHttpOnly(true)); - EXPECT_TRUE(pc.SetIsSameSite(true)); + EXPECT_TRUE(pc.SetSameSite("LAX")); EXPECT_TRUE(pc.SetPriority("HIGH")); EXPECT_EQ( "name=value; domain=domain.com; path=/; " "expires=Sun, 18-Apr-2027 21:06:29 GMT; max-age=12345; secure; " - "httponly; samesite; priority=HIGH", + "httponly; samesite=LAX; priority=HIGH", pc.ToCookieLine()); EXPECT_TRUE(pc.HasDomain()); EXPECT_TRUE(pc.HasPath()); @@ -369,7 +370,7 @@ TEST(ParsedCookieTest, SetAttributes) { EXPECT_TRUE(pc.HasMaxAge()); EXPECT_TRUE(pc.IsSecure()); EXPECT_TRUE(pc.IsHttpOnly()); - EXPECT_TRUE(pc.IsSameSite()); + EXPECT_EQ(CookieSameSite::LAX_MODE, pc.SameSite()); EXPECT_EQ(COOKIE_PRIORITY_HIGH, pc.Priority()); // Clear one attribute from the middle. @@ -382,7 +383,7 @@ TEST(ParsedCookieTest, SetAttributes) { EXPECT_EQ( "name=value; domain=domain.com; path=/foo; " "expires=Sun, 18-Apr-2027 21:06:29 GMT; max-age=12345; secure; " - "httponly; samesite; priority=HIGH", + "httponly; samesite=LAX; priority=HIGH", pc.ToCookieLine()); // Set priority to medium. @@ -390,7 +391,7 @@ TEST(ParsedCookieTest, SetAttributes) { EXPECT_EQ( "name=value; domain=domain.com; path=/foo; " "expires=Sun, 18-Apr-2027 21:06:29 GMT; max-age=12345; secure; " - "httponly; samesite; priority=medium", + "httponly; samesite=LAX; priority=medium", pc.ToCookieLine()); // Clear the rest and change the name and value. @@ -400,7 +401,7 @@ TEST(ParsedCookieTest, SetAttributes) { EXPECT_TRUE(pc.SetMaxAge(std::string())); EXPECT_TRUE(pc.SetIsSecure(false)); EXPECT_TRUE(pc.SetIsHttpOnly(false)); - EXPECT_TRUE(pc.SetIsSameSite(false)); + EXPECT_TRUE(pc.SetSameSite(std::string())); EXPECT_TRUE(pc.SetName("name2")); EXPECT_TRUE(pc.SetValue("value2")); EXPECT_TRUE(pc.SetPriority(std::string())); @@ -410,7 +411,7 @@ TEST(ParsedCookieTest, SetAttributes) { EXPECT_FALSE(pc.HasMaxAge()); EXPECT_FALSE(pc.IsSecure()); EXPECT_FALSE(pc.IsHttpOnly()); - EXPECT_FALSE(pc.IsSameSite()); + EXPECT_EQ(CookieSameSite::NO_RESTRICTION, pc.SameSite()); EXPECT_EQ("name2=value2", pc.ToCookieLine()); } @@ -448,6 +449,40 @@ TEST(ParsedCookieTest, SetPriority) { EXPECT_EQ(COOKIE_PRIORITY_DEFAULT, pc.Priority()); } +TEST(ParsedCookieTest, SetSameSite) { + ParsedCookie pc("name=value"); + EXPECT_TRUE(pc.IsValid()); + + EXPECT_EQ("name=value", pc.ToCookieLine()); + EXPECT_EQ(CookieSameSite::DEFAULT_MODE, pc.SameSite()); + + // Test each priority, expect case-insensitive compare. + EXPECT_TRUE(pc.SetSameSite("strict")); + EXPECT_EQ("name=value; samesite=strict", pc.ToCookieLine()); + EXPECT_EQ(CookieSameSite::STRICT_MODE, pc.SameSite()); + + EXPECT_TRUE(pc.SetSameSite("lAx")); + EXPECT_EQ("name=value; samesite=lAx", pc.ToCookieLine()); + EXPECT_EQ(CookieSameSite::LAX_MODE, pc.SameSite()); + + EXPECT_TRUE(pc.SetSameSite("LAX")); + EXPECT_EQ("name=value; samesite=LAX", pc.ToCookieLine()); + EXPECT_EQ(CookieSameSite::LAX_MODE, pc.SameSite()); + + // Interpret invalid priority values as CookieSameSite::DEFAULT_MODE. + EXPECT_TRUE(pc.SetSameSite("Blah")); + EXPECT_EQ("name=value; samesite=Blah", pc.ToCookieLine()); + EXPECT_EQ(CookieSameSite::DEFAULT_MODE, pc.SameSite()); + + EXPECT_TRUE(pc.SetSameSite("lowerest")); + EXPECT_EQ("name=value; samesite=lowerest", pc.ToCookieLine()); + EXPECT_EQ(CookieSameSite::DEFAULT_MODE, pc.SameSite()); + + EXPECT_TRUE(pc.SetSameSite("")); + EXPECT_EQ("name=value", pc.ToCookieLine()); + EXPECT_EQ(CookieSameSite::DEFAULT_MODE, pc.SameSite()); +} + TEST(ParsedCookieTest, InvalidNonAlphanumericChars) { ParsedCookie pc1("name=\x05"); ParsedCookie pc2( diff --git a/net/extras/sqlite/sqlite_persistent_cookie_store.cc b/net/extras/sqlite/sqlite_persistent_cookie_store.cc index 1145871..911f05a 100644 --- a/net/extras/sqlite/sqlite_persistent_cookie_store.cc +++ b/net/extras/sqlite/sqlite_persistent_cookie_store.cc @@ -373,6 +373,41 @@ CookiePriority DBCookiePriorityToCookiePriority(DBCookiePriority value) { return COOKIE_PRIORITY_DEFAULT; } +// Possible values for the 'samesite' column +enum DBCookieSameSite { + kCookieSameSiteNoRestriction = 0, + kCookieSameSiteLax = 1, + kCookieSameSiteStrict = 2, +}; + +DBCookieSameSite CookieSameSiteToDBCookieSameSite(CookieSameSite value) { + switch (value) { + case CookieSameSite::NO_RESTRICTION: + return kCookieSameSiteNoRestriction; + case CookieSameSite::LAX_MODE: + return kCookieSameSiteLax; + case CookieSameSite::STRICT_MODE: + return kCookieSameSiteStrict; + } + + NOTREACHED(); + return kCookieSameSiteNoRestriction; +} + +CookieSameSite DBCookieSameSiteToCookieSameSite(DBCookieSameSite value) { + switch (value) { + case kCookieSameSiteNoRestriction: + return CookieSameSite::NO_RESTRICTION; + case kCookieSameSiteLax: + return CookieSameSite::LAX_MODE; + case kCookieSameSiteStrict: + return CookieSameSite::STRICT_MODE; + } + + NOTREACHED(); + return CookieSameSite::DEFAULT_MODE; +} + // Increments a specified TimeDelta by the duration between this object's // constructor and destructor. Not thread safe. Multiple instances may be // created with the same delta instance as long as their lifetimes are nested. @@ -414,8 +449,9 @@ bool InitTable(sql::Connection* db) { "persistent INTEGER NOT NULL DEFAULT 1," "priority INTEGER NOT NULL DEFAULT %d," "encrypted_value BLOB DEFAULT ''," - "firstpartyonly INTEGER NOT NULL DEFAULT 0)", - CookiePriorityToDBCookiePriority(COOKIE_PRIORITY_DEFAULT))); + "firstpartyonly INTEGER NOT NULL DEFAULT %d)", + CookiePriorityToDBCookiePriority(COOKIE_PRIORITY_DEFAULT), + CookieSameSiteToDBCookieSameSite(CookieSameSite::DEFAULT_MODE))); if (!db->Execute(stmt.c_str())) return false; @@ -795,7 +831,8 @@ void SQLitePersistentCookieStore::Backend::MakeCookiesFromSQLStatement( Time::FromInternalValue(smt.ColumnInt64(10)), // last_access_utc smt.ColumnInt(7) != 0, // secure smt.ColumnInt(8) != 0, // httponly - smt.ColumnInt(9) != 0, // firstpartyonly + DBCookieSameSiteToCookieSameSite( + static_cast<DBCookieSameSite>(smt.ColumnInt(9))), // samesite DBCookiePriorityToCookiePriority( static_cast<DBCookiePriority>(smt.ColumnInt(13))))); // priority DLOG_IF(WARNING, cc->CreationDate() > Time::Now()) @@ -1130,7 +1167,8 @@ void SQLitePersistentCookieStore::Backend::Commit() { add_smt.BindInt64(6, po->cc().ExpiryDate().ToInternalValue()); add_smt.BindInt(7, po->cc().IsSecure()); add_smt.BindInt(8, po->cc().IsHttpOnly()); - add_smt.BindInt(9, po->cc().IsSameSite()); + add_smt.BindInt(9, + CookieSameSiteToDBCookieSameSite(po->cc().SameSite())); add_smt.BindInt64(10, po->cc().LastAccessDate().ToInternalValue()); add_smt.BindInt(11, po->cc().IsPersistent()); add_smt.BindInt(12, po->cc().IsPersistent()); diff --git a/net/extras/sqlite/sqlite_persistent_cookie_store_perftest.cc b/net/extras/sqlite/sqlite_persistent_cookie_store_perftest.cc index 4be580b..bbf594c 100644 --- a/net/extras/sqlite/sqlite_persistent_cookie_store_perftest.cc +++ b/net/extras/sqlite/sqlite_persistent_cookie_store_perftest.cc @@ -80,7 +80,8 @@ class SQLitePersistentCookieStorePerfTest : public testing::Test { t += base::TimeDelta::FromInternalValue(10); store_->AddCookie(CanonicalCookie( gurl, base::StringPrintf("Cookie_%d", cookie_num), "1", domain_name, - "/", t, t, t, false, false, false, COOKIE_PRIORITY_DEFAULT)); + "/", t, t, t, false, false, CookieSameSite::DEFAULT_MODE, + COOKIE_PRIORITY_DEFAULT)); } } // Replace the store effectively destroying the current one and forcing it diff --git a/net/extras/sqlite/sqlite_persistent_cookie_store_unittest.cc b/net/extras/sqlite/sqlite_persistent_cookie_store_unittest.cc index 2166be0..8315d74 100644 --- a/net/extras/sqlite/sqlite_persistent_cookie_store_unittest.cc +++ b/net/extras/sqlite/sqlite_persistent_cookie_store_unittest.cc @@ -168,9 +168,9 @@ class SQLitePersistentCookieStoreTest : public testing::Test { const std::string& domain, const std::string& path, const base::Time& creation) { - store_->AddCookie(CanonicalCookie(GURL(), name, value, domain, path, - creation, creation, creation, false, - false, false, COOKIE_PRIORITY_DEFAULT)); + store_->AddCookie(CanonicalCookie( + GURL(), name, value, domain, path, creation, creation, creation, false, + false, CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT)); } void AddCookieWithExpiration(const std::string& name, @@ -179,9 +179,9 @@ class SQLitePersistentCookieStoreTest : public testing::Test { const std::string& path, const base::Time& creation, const base::Time& expiration) { - store_->AddCookie(CanonicalCookie(GURL(), name, value, domain, path, - creation, expiration, creation, false, - false, false, COOKIE_PRIORITY_DEFAULT)); + store_->AddCookie(CanonicalCookie( + GURL(), name, value, domain, path, creation, expiration, creation, + false, false, CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT)); } std::string ReadRawDBContents() { @@ -442,10 +442,10 @@ TEST_F(SQLitePersistentCookieStoreTest, TestLoadOldSessionCookies) { InitializeStore(false, true); // Add a session cookie. - store_->AddCookie(CanonicalCookie(GURL(), "C", "D", "sessioncookie.com", "/", - base::Time::Now(), base::Time(), - base::Time::Now(), false, false, false, - COOKIE_PRIORITY_DEFAULT)); + store_->AddCookie(CanonicalCookie( + GURL(), "C", "D", "sessioncookie.com", "/", base::Time::Now(), + base::Time(), base::Time::Now(), false, false, + CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT)); // Force the store to write its data to the disk. DestroyStore(); @@ -469,10 +469,10 @@ TEST_F(SQLitePersistentCookieStoreTest, TestDontLoadOldSessionCookies) { InitializeStore(false, true); // Add a session cookie. - store_->AddCookie(CanonicalCookie(GURL(), "C", "D", "sessioncookie.com", "/", - base::Time::Now(), base::Time(), - base::Time::Now(), false, false, false, - COOKIE_PRIORITY_DEFAULT)); + store_->AddCookie(CanonicalCookie( + GURL(), "C", "D", "sessioncookie.com", "/", base::Time::Now(), + base::Time(), base::Time::Now(), false, false, + CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT)); // Force the store to write its data to the disk. DestroyStore(); @@ -499,16 +499,16 @@ TEST_F(SQLitePersistentCookieStoreTest, PersistIsPersistent) { static const char kPersistentName[] = "persistent"; // Add a session cookie. - store_->AddCookie(CanonicalCookie(GURL(), kSessionName, "val", - "sessioncookie.com", "/", base::Time::Now(), - base::Time(), base::Time::Now(), false, - false, false, COOKIE_PRIORITY_DEFAULT)); + store_->AddCookie(CanonicalCookie( + GURL(), kSessionName, "val", "sessioncookie.com", "/", base::Time::Now(), + base::Time(), base::Time::Now(), false, false, + CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT)); // Add a persistent cookie. store_->AddCookie(CanonicalCookie( GURL(), kPersistentName, "val", "sessioncookie.com", "/", base::Time::Now() - base::TimeDelta::FromDays(1), base::Time::Now() + base::TimeDelta::FromDays(1), base::Time::Now(), - false, false, false, COOKIE_PRIORITY_DEFAULT)); + false, false, CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_DEFAULT)); // Force the store to write its data to the disk. DestroyStore(); @@ -552,21 +552,21 @@ TEST_F(SQLitePersistentCookieStoreTest, PriorityIsPersistent) { GURL(), kLowName, kCookieValue, kCookieDomain, kCookiePath, base::Time::Now() - base::TimeDelta::FromMinutes(1), base::Time::Now() + base::TimeDelta::FromDays(1), base::Time::Now(), - false, false, false, COOKIE_PRIORITY_LOW)); + false, false, CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_LOW)); // Add a medium-priority persistent cookie. store_->AddCookie(CanonicalCookie( GURL(), kMediumName, kCookieValue, kCookieDomain, kCookiePath, base::Time::Now() - base::TimeDelta::FromMinutes(2), base::Time::Now() + base::TimeDelta::FromDays(1), base::Time::Now(), - false, false, false, COOKIE_PRIORITY_MEDIUM)); + false, false, CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_MEDIUM)); // Add a high-priority peristent cookie. store_->AddCookie(CanonicalCookie( GURL(), kHighName, kCookieValue, kCookieDomain, kCookiePath, base::Time::Now() - base::TimeDelta::FromMinutes(3), base::Time::Now() + base::TimeDelta::FromDays(1), base::Time::Now(), - false, false, false, COOKIE_PRIORITY_HIGH)); + false, false, CookieSameSite::DEFAULT_MODE, COOKIE_PRIORITY_HIGH)); // Force the store to write its data to the disk. DestroyStore(); @@ -601,6 +601,64 @@ TEST_F(SQLitePersistentCookieStoreTest, PriorityIsPersistent) { STLDeleteElements(&cookies); } +TEST_F(SQLitePersistentCookieStoreTest, SameSiteIsPersistent) { + const char kNoneName[] = "none"; + const char kLaxName[] = "lax"; + const char kStrictName[] = "strict"; + const char kCookieDomain[] = "sessioncookie.com"; + const char kCookieValue[] = "value"; + const char kCookiePath[] = "/"; + + InitializeStore(false, true); + + // Add a non-samesite cookie. + store_->AddCookie(CanonicalCookie( + GURL(), kNoneName, kCookieValue, kCookieDomain, kCookiePath, + base::Time::Now() - base::TimeDelta::FromMinutes(1), + base::Time::Now() + base::TimeDelta::FromDays(1), base::Time::Now(), + false, false, CookieSameSite::NO_RESTRICTION, COOKIE_PRIORITY_DEFAULT)); + + // Add a lax-samesite persistent cookie. + store_->AddCookie(CanonicalCookie( + GURL(), kLaxName, kCookieValue, kCookieDomain, kCookiePath, + base::Time::Now() - base::TimeDelta::FromMinutes(2), + base::Time::Now() + base::TimeDelta::FromDays(1), base::Time::Now(), + false, false, CookieSameSite::LAX_MODE, COOKIE_PRIORITY_DEFAULT)); + + // Add a strict-samesite peristent cookie. + store_->AddCookie(CanonicalCookie( + GURL(), kStrictName, kCookieValue, kCookieDomain, kCookiePath, + base::Time::Now() - base::TimeDelta::FromMinutes(3), + base::Time::Now() + base::TimeDelta::FromDays(1), base::Time::Now(), + false, false, CookieSameSite::STRICT_MODE, COOKIE_PRIORITY_DEFAULT)); + + // Force the store to write its data to the disk. + DestroyStore(); + + // Create a store that loads session cookie and test that the priority + // attribute values are restored. + CanonicalCookieVector cookies; + CreateAndLoad(false, true, &cookies); + ASSERT_EQ(3U, cookies.size()); + + // Put the cookies into a map, by name, for comparison below. + std::map<std::string, CanonicalCookie*> cookie_map; + for (const auto& cookie : cookies) + cookie_map[cookie->Name()] = cookie; + + // Validate that each cookie has the correct SameSite. + ASSERT_EQ(1u, cookie_map.count(kNoneName)); + EXPECT_EQ(CookieSameSite::NO_RESTRICTION, cookie_map[kNoneName]->SameSite()); + + ASSERT_EQ(1u, cookie_map.count(kLaxName)); + EXPECT_EQ(CookieSameSite::LAX_MODE, cookie_map[kLaxName]->SameSite()); + + ASSERT_EQ(1u, cookie_map.count(kStrictName)); + EXPECT_EQ(CookieSameSite::STRICT_MODE, cookie_map[kStrictName]->SameSite()); + + STLDeleteElements(&cookies); +} + TEST_F(SQLitePersistentCookieStoreTest, UpdateToEncryption) { CanonicalCookieVector cookies; diff --git a/net/url_request/url_request_unittest.cc b/net/url_request/url_request_unittest.cc index a2da83a..fef773d 100644 --- a/net/url_request/url_request_unittest.cc +++ b/net/url_request/url_request_unittest.cc @@ -2664,7 +2664,7 @@ TEST_F(URLRequestTest, SameSiteCookiesEnabled) { { TestDelegate d; scoped_ptr<URLRequest> req(default_context_.CreateRequest( - test_server.GetURL("/set-cookie?SameSiteCookieToSet=1;SameSite"), + test_server.GetURL("/set-cookie?SameSiteCookieToSet=1;SameSite=Strict"), DEFAULT_PRIORITY, &d)); req->Start(); base::RunLoop().Run(); |