0

Record a boolean metric indicating when an included SameParty cookie

would also have been included due to SameSite rules.


Bug: 1143756
Change-Id: I443a042e08ed0c091c65e55138c5ad0547a6f652
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2611946
Reviewed-by: Brian White <bcwhite@chromium.org>
Reviewed-by: Lily Chen <chlily@chromium.org>
Commit-Queue: Chris Fredrickson <cfredric@chromium.org>
Cr-Commit-Position: refs/heads/master@{#841119}
This commit is contained in:
cfredric
2021-01-07 18:45:04 +00:00
committed by Chromium LUCI CQ
parent e2cf5fa1f6
commit 4991a86194
2 changed files with 60 additions and 10 deletions
net/cookies
tools/metrics/histograms/histograms_xml/cookie

@ -771,17 +771,31 @@ CookieAccessResult CanonicalCookie::IncludeForRequestURL(
status.AddExclusionReason(
CookieInclusionStatus::EXCLUDE_SAMEPARTY_CROSS_PARTY_CONTEXT);
FALLTHROUGH;
case CookieSamePartyStatus::kEnforceSamePartyInclude:
case CookieSamePartyStatus::kEnforceSamePartyInclude: {
// Remove any SameSite exclusion reasons, since SameParty overrides
// SameSite.
DCHECK(!status.HasExclusionReason(
CookieInclusionStatus::EXCLUDE_SAMESITE_STRICT));
DCHECK_NE(effective_same_site, CookieEffectiveSameSite::STRICT_MODE);
status.RemoveExclusionReasons({
CookieInclusionStatus::EXCLUDE_SAMESITE_LAX,
CookieInclusionStatus::EXCLUDE_SAMESITE_UNSPECIFIED_TREATED_AS_LAX,
});
bool included_by_samesite =
!status.HasExclusionReason(
CookieInclusionStatus::EXCLUDE_SAMESITE_LAX) &&
!status.HasExclusionReason(
CookieInclusionStatus::
EXCLUDE_SAMESITE_UNSPECIFIED_TREATED_AS_LAX);
if (!included_by_samesite) {
status.RemoveExclusionReasons({
CookieInclusionStatus::EXCLUDE_SAMESITE_LAX,
CookieInclusionStatus::EXCLUDE_SAMESITE_UNSPECIFIED_TREATED_AS_LAX,
});
}
if (status.IsInclude()) {
UMA_HISTOGRAM_BOOLEAN(
"Cookie.SamePartyReadIncluded.InclusionUnderSameSite",
included_by_samesite);
}
break;
}
case CookieSamePartyStatus::kNoSamePartyEnforcement:
break;
}
@ -931,7 +945,7 @@ CookieAccessResult CanonicalCookie::IsSetPermittedInContext(
access_result.status.AddExclusionReason(
CookieInclusionStatus::EXCLUDE_SAMEPARTY_CROSS_PARTY_CONTEXT);
FALLTHROUGH;
case CookieSamePartyStatus::kEnforceSamePartyInclude:
case CookieSamePartyStatus::kEnforceSamePartyInclude: {
DCHECK(IsSameParty());
// Remove any SameSite exclusion reasons, since SameParty overrides
// SameSite.
@ -939,11 +953,25 @@ CookieAccessResult CanonicalCookie::IsSetPermittedInContext(
CookieInclusionStatus::EXCLUDE_SAMESITE_STRICT));
DCHECK_NE(access_result.effective_same_site,
CookieEffectiveSameSite::STRICT_MODE);
access_result.status.RemoveExclusionReasons({
CookieInclusionStatus::EXCLUDE_SAMESITE_LAX,
CookieInclusionStatus::EXCLUDE_SAMESITE_UNSPECIFIED_TREATED_AS_LAX,
});
bool included_by_samesite =
!access_result.status.HasExclusionReason(
CookieInclusionStatus::EXCLUDE_SAMESITE_LAX) &&
!access_result.status.HasExclusionReason(
CookieInclusionStatus::
EXCLUDE_SAMESITE_UNSPECIFIED_TREATED_AS_LAX);
if (!included_by_samesite) {
access_result.status.RemoveExclusionReasons({
CookieInclusionStatus::EXCLUDE_SAMESITE_LAX,
CookieInclusionStatus::EXCLUDE_SAMESITE_UNSPECIFIED_TREATED_AS_LAX,
});
}
if (access_result.status.IsInclude()) {
UMA_HISTOGRAM_BOOLEAN(
"Cookie.SamePartySetIncluded.InclusionUnderSameSite",
included_by_samesite);
}
break;
}
case CookieSamePartyStatus::kNoSamePartyEnforcement:
break;
}

@ -418,6 +418,17 @@ reviews. Googlers can read more about this at go/gwsq-gerrit.
</summary>
</histogram>
<histogram name="Cookie.SamePartyReadIncluded.InclusionUnderSameSite"
enum="BooleanIncluded" expires_after="2022-01-05">
<owner>cfredric@chromium.org</owner>
<owner>chlily@chromium.org</owner>
<summary>
This histogram records, for each cookie with the SameParty attribute that is
read, whether the access would have been allowed by the cookie's SameSite
attribute (if SameParty had not been specified).
</summary>
</histogram>
<histogram name="Cookie.SamePartyReadIncluded.IsHTTP" enum="BooleanHTTPVsJS"
expires_after="2022-01-05">
<owner>cfredric@chromium.org</owner>
@ -440,6 +451,17 @@ reviews. Googlers can read more about this at go/gwsq-gerrit.
</summary>
</histogram>
<histogram name="Cookie.SamePartySetIncluded.InclusionUnderSameSite"
enum="BooleanIncluded" expires_after="2022-01-05">
<owner>cfredric@chromium.org</owner>
<owner>chlily@chromium.org</owner>
<summary>
This histogram records, for each cookie with the SameParty attribute that is
set, whether the access would have been allowed by the cookie's SameSite
attribute (if SameParty had not been specified).
</summary>
</histogram>
<histogram name="Cookie.SamePartySetIncluded.IsHTTP" enum="BooleanHTTPVsJS"
expires_after="2022-01-05">
<owner>cfredric@chromium.org</owner>