chromium/src
0
Fork 0
Code Activity

Convert SameSiteCookieContext to a class

Browse Source 
Change the SameSiteCookieContext enum into a class containing the
samesite context as well as the type of cross-schemeness.

This Cl is intended to be as close to a no-op for consumers
as feasible.

Bug: 1055342
Change-Id: I90277cc199676d0f90bda13eae52e7f435757fbb
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2103289
Reviewed-by: Scott Violet <sky@chromium.org>
Reviewed-by: Maksim Orlovich <morlovich@chromium.org>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Reviewed-by: Lily Chen <chlily@chromium.org>
Commit-Queue: Steven Bingler <bingler@chromium.org>
Cr-Commit-Position: refs/heads/master@{#752895}
This commit is contained in:
Steven Bingler
2020-03-24 17:13:32 +00:00
committed by Commit Bot
parent 5e0196a261
commit 8d76c2a40b
36 changed files with 1008 additions and 687 deletions

2
chrome/browser/android/cookies/cookies_fetcher_util.cc

@ -117,7 +117,7 @@ static void JNI_CookiesFetcher_RestoreCookies(
net::CookieOptions options;
options.set_include_httponly();
options.set_same_site_cookie_context(
net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT);
net::CookieOptions::SameSiteCookieContext::MakeInclusive());
GetCookieServiceClient()->SetCanonicalCookie(
*cookie, "https", options,
network::mojom::CookieManager::SetCanonicalCookieCallback());

4
chrome/browser/chromeos/android_sms/android_sms_app_setup_controller_impl.cc

@ -101,7 +101,7 @@ void AndroidSmsAppSetupControllerImpl::SetUpApp(const GURL& app_url,
<< "installation.";
net::CookieOptions options;
options.set_same_site_cookie_context(
net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT);
net::CookieOptions::SameSiteCookieContext::MakeInclusive());
pwa_delegate_->GetCookieManager(app_url, profile_)
->SetCanonicalCookie(
*net::CanonicalCookie::CreateSanitizedCookie(
@ -317,7 +317,7 @@ void AndroidSmsAppSetupControllerImpl::SetMigrationCookie(
// the user try to open old client.
net::CookieOptions options;
options.set_same_site_cookie_context(
net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT);
net::CookieOptions::SameSiteCookieContext::MakeInclusive());
pwa_delegate_->GetCookieManager(app_url, profile_)
->SetCanonicalCookie(
*net::CanonicalCookie::CreateSanitizedCookie(

6
chrome/browser/chromeos/android_sms/android_sms_app_setup_controller_impl_unittest.cc

@ -232,7 +232,7 @@ class AndroidSmsAppSetupControllerImplTest : public testing::Test {
"true" /* expected_cookie_value */,
"https" /* expected_source_scheme */,
false /* expected_modify_http_only */,
net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT,
net::CookieOptions::SameSiteCookieContext::MakeInclusive(),
true /* success */);
fake_cookie_manager_->InvokePendingDeleteCookiesCallback(
@ -294,7 +294,7 @@ class AndroidSmsAppSetupControllerImplTest : public testing::Test {
"true" /* expected_cookie_value */,
"https" /* expected_source_scheme */,
false /* expected_modify_http_only */,
net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT,
net::CookieOptions::SameSiteCookieContext::MakeInclusive(),
true /* success */);
fake_cookie_manager_->InvokePendingDeleteCookiesCallback(
@ -369,7 +369,7 @@ class AndroidSmsAppSetupControllerImplTest : public testing::Test {
migrated_to_app_url.GetContent() /* expected_cookie_value */,
"https" /* expected_source_scheme */,
false /* expected_modify_http_only */,
net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT,
net::CookieOptions::SameSiteCookieContext::MakeInclusive(),
true /* success */);
fake_cookie_manager_->InvokePendingDeleteCookiesCallback(

2
chrome/browser/chromeos/login/profile_auth_data.cc

@ -89,7 +89,7 @@ void ImportCookies(base::RepeatingClosure completion_callback,
net::CookieOptions options;
options.set_include_httponly();
options.set_same_site_cookie_context(
net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT);
net::CookieOptions::SameSiteCookieContext::MakeInclusive());
cookie_manager->SetCanonicalCookie(
cookie, "https", options,
base::BindOnce(&OnCookieSet, cookie_completion_callback));

2
chrome/browser/extensions/api/cookies/cookies_api.cc

@ -447,7 +447,7 @@ ExtensionFunction::ResponseAction CookiesSetFunction::Run() {
net::CookieOptions options;
options.set_include_httponly();
options.set_same_site_cookie_context(
net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT);
net::CookieOptions::SameSiteCookieContext::MakeInclusive());
DCHECK(!url_.is_empty() && url_.is_valid());
cookie_manager->SetCanonicalCookie(
*cc, url_.scheme(), options,

2
chrome/browser/media/feeds/media_feeds_fetcher_unittest.cc

@ -86,7 +86,7 @@ class MediaFeedsFetcherTest : public ChromeRenderViewHostTestHarness {
net::CookieOptions options;
options.set_include_httponly();
options.set_same_site_cookie_context(
net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT);
net::CookieOptions::SameSiteCookieContext::MakeInclusive());
cookie_manager->SetCanonicalCookie(
*cc.get(), url.scheme(), options,
base::BindOnce(

97
chrome/browser/net/samesite_cookies_policy_browsertest.cc

@ -67,9 +67,10 @@ IN_PROC_BROWSER_TEST_P(SameSiteCookiesPolicyTest,
// Set a cookie from a same-site context. The cookie does not specify
// SameSite, so it may default to Lax if the SameSite features are enabled.
// Since the context used is same-site, it should always work.
EXPECT_TRUE(content::SetCookie(
profile, url, "samesite-unspecified=1",
net::CookieOptions::SameSiteCookieContext::SAME_SITE_LAX));
EXPECT_TRUE(content::SetCookie(profile, url, "samesite-unspecified=1",
net::CookieOptions::SameSiteCookieContext(
net::CookieOptions::SameSiteCookieContext::
ContextType::SAME_SITE_LAX)));
EXPECT_EQ("samesite-unspecified=1", content::GetCookies(profile, url));
// Overwrite the cookie from a cross-site context. Because we have a policy
@ -77,15 +78,17 @@ IN_PROC_BROWSER_TEST_P(SameSiteCookiesPolicyTest,
// SameSite features are enabled. (It works regardless, if they are disabled.)
EXPECT_TRUE(content::SetCookie(
profile, url, "samesite-unspecified=2",
net::CookieOptions::SameSiteCookieContext::CROSS_SITE));
net::CookieOptions::SameSiteCookieContext(
net::CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE)));
// Cookie has the new value because we were able to successfully overwrite it.
EXPECT_EQ("samesite-unspecified=2", content::GetCookies(profile, url));
// Fetching the cookies from a cross-site context also works because of the
// policy.
EXPECT_EQ(
"samesite-unspecified=2",
content::GetCookies(
profile, url, net::CookieOptions::SameSiteCookieContext::CROSS_SITE));
EXPECT_EQ("samesite-unspecified=2",
content::GetCookies(profile, url,
net::CookieOptions::SameSiteCookieContext(
net::CookieOptions::SameSiteCookieContext::
ContextType::CROSS_SITE)));
}
IN_PROC_BROWSER_TEST_P(SameSiteCookiesPolicyTest,
@ -105,9 +108,10 @@ IN_PROC_BROWSER_TEST_P(SameSiteCookiesPolicyTest,
// Set a cookie from a same-site context. The cookie does not specify
// SameSite, so it may default to Lax if the SameSite features are enabled.
// Since the context used is same-site, it should always work.
EXPECT_TRUE(content::SetCookie(
profile, url, "samesite-unspecified=1",
net::CookieOptions::SameSiteCookieContext::SAME_SITE_LAX));
EXPECT_TRUE(content::SetCookie(profile, url, "samesite-unspecified=1",
net::CookieOptions::SameSiteCookieContext(
net::CookieOptions::SameSiteCookieContext::
ContextType::SAME_SITE_LAX)));
EXPECT_EQ("samesite-unspecified=1", content::GetCookies(profile, url));
// Overwrite the cookie from a cross-site context. Because we have a policy
@ -116,14 +120,17 @@ IN_PROC_BROWSER_TEST_P(SameSiteCookiesPolicyTest,
// enabled.)
EXPECT_FALSE(content::SetCookie(
profile, url, "samesite-unspecified=2",
net::CookieOptions::SameSiteCookieContext::CROSS_SITE));
net::CookieOptions::SameSiteCookieContext(
net::CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE)));
// Cookie still has the previous value because re-setting it failed.
EXPECT_EQ("samesite-unspecified=1", content::GetCookies(profile, url));
// Fetching the unspecified-samesite cookie from a cross-site context does not
// work because of the policy.
EXPECT_EQ("", content::GetCookies(
profile, url,
net::CookieOptions::SameSiteCookieContext::CROSS_SITE));
EXPECT_EQ("",
content::GetCookies(profile, url,
net::CookieOptions::SameSiteCookieContext(
net::CookieOptions::SameSiteCookieContext::
ContextType::CROSS_SITE)));
}
IN_PROC_BROWSER_TEST_P(SameSiteCookiesPolicyTest,
@ -150,15 +157,19 @@ IN_PROC_BROWSER_TEST_P(SameSiteCookiesPolicyTest,
// Set a cookie from a same-site context. The cookie does not specify
// SameSite, so it may default to Lax if the SameSite features are enabled.
// Since the context used is same-site, it should always work.
EXPECT_TRUE(content::SetCookie(
profile, legacy_allowed_domain_url, "samesite-unspecified=1",
net::CookieOptions::SameSiteCookieContext::SAME_SITE_LAX));
EXPECT_TRUE(content::SetCookie(profile, legacy_allowed_domain_url,
"samesite-unspecified=1",
net::CookieOptions::SameSiteCookieContext(
net::CookieOptions::SameSiteCookieContext::
ContextType::SAME_SITE_LAX)));
EXPECT_EQ("samesite-unspecified=1",
content::GetCookies(profile, legacy_allowed_domain_url));
// Do the same on the other domain...
EXPECT_TRUE(content::SetCookie(
profile, other_domain_url, "samesite-unspecified=1",
net::CookieOptions::SameSiteCookieContext::SAME_SITE_LAX));
EXPECT_TRUE(content::SetCookie(profile, other_domain_url,
"samesite-unspecified=1",
net::CookieOptions::SameSiteCookieContext(
net::CookieOptions::SameSiteCookieContext::
ContextType::SAME_SITE_LAX)));
EXPECT_EQ("samesite-unspecified=1",
content::GetCookies(profile, other_domain_url));
@ -169,34 +180,44 @@ IN_PROC_BROWSER_TEST_P(SameSiteCookiesPolicyTest,
// disabled.)
EXPECT_TRUE(content::SetCookie(
profile, legacy_allowed_domain_url, "samesite-unspecified=2",
net::CookieOptions::SameSiteCookieContext::CROSS_SITE));
net::CookieOptions::SameSiteCookieContext(
net::CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE)));
EXPECT_EQ("samesite-unspecified=2",
content::GetCookies(profile, legacy_allowed_domain_url));
EXPECT_EQ("samesite-unspecified=2",
content::GetCookies(
profile, legacy_allowed_domain_url,
net::CookieOptions::SameSiteCookieContext::CROSS_SITE));
content::GetCookies(profile, legacy_allowed_domain_url,
net::CookieOptions::SameSiteCookieContext(
net::CookieOptions::SameSiteCookieContext::
ContextType::CROSS_SITE)));
// For the domain that is not Legacy by policy, we expect it to work only if
// the SameSite features are disabled.
if (AreSameSiteFeaturesEnabled()) {
EXPECT_FALSE(content::SetCookie(
profile, other_domain_url, "samesite-unspecified=2",
net::CookieOptions::SameSiteCookieContext::CROSS_SITE));
EXPECT_FALSE(
content::SetCookie(profile, other_domain_url, "samesite-unspecified=2",
net::CookieOptions::SameSiteCookieContext(
net::CookieOptions::SameSiteCookieContext::
ContextType::CROSS_SITE)));
EXPECT_EQ("samesite-unspecified=1",
content::GetCookies(profile, other_domain_url));
EXPECT_EQ("", content::GetCookies(
profile, other_domain_url,
net::CookieOptions::SameSiteCookieContext::CROSS_SITE));
EXPECT_EQ(
"", content::GetCookies(profile, other_domain_url,
net::CookieOptions::SameSiteCookieContext(
net::CookieOptions::SameSiteCookieContext::
ContextType::CROSS_SITE)));
} else {
EXPECT_TRUE(content::SetCookie(
profile, other_domain_url, "samesite-unspecified=2",
net::CookieOptions::SameSiteCookieContext::CROSS_SITE));
EXPECT_TRUE(
content::SetCookie(profile, other_domain_url, "samesite-unspecified=2",
net::CookieOptions::SameSiteCookieContext(
net::CookieOptions::SameSiteCookieContext::
ContextType::CROSS_SITE)));
EXPECT_EQ("samesite-unspecified=2",
content::GetCookies(profile, other_domain_url));
EXPECT_EQ("samesite-unspecified=2",
content::GetCookies(
profile, other_domain_url,
net::CookieOptions::SameSiteCookieContext::CROSS_SITE));
EXPECT_EQ(
"samesite-unspecified=2",
content::GetCookies(profile, other_domain_url,
net::CookieOptions::SameSiteCookieContext(
net::CookieOptions::SameSiteCookieContext::
ContextType::CROSS_SITE)));
}
}

2
chrome/browser/prerender/isolated/isolated_prerender_tab_helper_unittest.cc

@ -209,7 +209,7 @@ class IsolatedPrerenderTabHelperTest : public ChromeRenderViewHostTestHarness {
net::CookieOptions options;
options.set_include_httponly();
options.set_same_site_cookie_context(
net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT);
net::CookieOptions::SameSiteCookieContext::MakeInclusive());
cookie_manager->SetCanonicalCookie(
*cc.get(), url.scheme(), options,
base::BindOnce(

2
components/signin/internal/identity_manager/oauth_multilogin_helper.cc

@ -200,7 +200,7 @@ void OAuthMultiloginHelper::StartSettingCookies(
options.set_include_httponly();
// Permit it to set a SameSite cookie if it wants to.
options.set_same_site_cookie_context(
net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT);
net::CookieOptions::SameSiteCookieContext::MakeInclusive());
cookie_manager->SetCanonicalCookie(
cookie, "https", options,
mojo::WrapCallbackWithDefaultInvokeIfNotRun(

18
content/browser/browsing_data/same_site_data_remover_impl_browsertest.cc

@ -96,10 +96,11 @@ class SameSiteDataRemoverBrowserTest : public ContentBrowserTest {
IN_PROC_BROWSER_TEST_F(SameSiteDataRemoverBrowserTest,
TestClearDataWithStorageRemoval) {
StoragePartition* storage_partition = GetStoragePartition();
CreateCookieForTest("TestCookie", "www.google.com",
net::CookieSameSite::NO_RESTRICTION,
net::CookieOptions::SameSiteCookieContext::CROSS_SITE,
true /* is_cookie_secure */, GetBrowserContext());
CreateCookieForTest(
"TestCookie", "www.google.com", net::CookieSameSite::NO_RESTRICTION,
net::CookieOptions::SameSiteCookieContext(
net::CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE),
true /* is_cookie_secure */, GetBrowserContext());
browsing_data_browsertest_utils::AddServiceWorker(
"www.google.com", storage_partition, GetHttpsServer());
@ -119,10 +120,11 @@ IN_PROC_BROWSER_TEST_F(SameSiteDataRemoverBrowserTest,
IN_PROC_BROWSER_TEST_F(SameSiteDataRemoverBrowserTest,
TestClearDataWithoutStorageRemoval) {
StoragePartition* storage_partition = GetStoragePartition();
CreateCookieForTest("TestCookie", "www.google.com",
net::CookieSameSite::NO_RESTRICTION,
net::CookieOptions::SameSiteCookieContext::CROSS_SITE,
true /* is_cookie_secure */, GetBrowserContext());
CreateCookieForTest(
"TestCookie", "www.google.com", net::CookieSameSite::NO_RESTRICTION,
net::CookieOptions::SameSiteCookieContext(
net::CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE),
true /* is_cookie_secure */, GetBrowserContext());
browsing_data_browsertest_utils::AddServiceWorker(
"www.google.com", storage_partition, GetHttpsServer());

82
content/browser/browsing_data/same_site_data_remover_impl_unittest.cc

@ -107,14 +107,17 @@ class SameSiteDataRemoverImplTest : public testing::Test {
TEST_F(SameSiteDataRemoverImplTest, TestRemoveSameSiteNoneCookies) {
BrowserContext* browser_context = GetBrowserContext();
CreateCookieForTest("TestCookie1", "www.google.com",
net::CookieSameSite::NO_RESTRICTION,
net::CookieOptions::SameSiteCookieContext::CROSS_SITE,
true /* is_cookie_secure */, browser_context);
CreateCookieForTest("TestCookie2", "www.gmail.google.com",
net::CookieSameSite::NO_RESTRICTION,
net::CookieOptions::SameSiteCookieContext::CROSS_SITE,
true /* is_cookie_secure */, browser_context);
CreateCookieForTest(
"TestCookie1", "www.google.com", net::CookieSameSite::NO_RESTRICTION,
net::CookieOptions::SameSiteCookieContext(
net::CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE),
true /* is_cookie_secure */, browser_context);
CreateCookieForTest(
"TestCookie2", "www.gmail.google.com",
net::CookieSameSite::NO_RESTRICTION,
net::CookieOptions::SameSiteCookieContext(
net::CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE),
true /* is_cookie_secure */, browser_context);
DeleteSameSiteNoneCookies();
@ -128,15 +131,18 @@ TEST_F(SameSiteDataRemoverImplTest, TestRemoveSameSiteNoneCookies) {
TEST_F(SameSiteDataRemoverImplTest, TestRemoveOnlySameSiteNoneCookies) {
BrowserContext* browser_context = GetBrowserContext();
CreateCookieForTest("TestCookie1", "www.google.com",
net::CookieSameSite::NO_RESTRICTION,
net::CookieOptions::SameSiteCookieContext::CROSS_SITE,
true /* is_cookie_secure */, browser_context);
// The second cookie has SameSite value STRICT_MODE instead of NO_RESTRICTION.
CreateCookieForTest(
"TestCookie2", "www.gmail.google.com", net::CookieSameSite::STRICT_MODE,
net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT,
"TestCookie1", "www.google.com", net::CookieSameSite::NO_RESTRICTION,
net::CookieOptions::SameSiteCookieContext(
net::CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE),
true /* is_cookie_secure */, browser_context);
// The second cookie has SameSite value STRICT_MODE instead of NO_RESTRICTION.
CreateCookieForTest("TestCookie2", "www.gmail.google.com",
net::CookieSameSite::STRICT_MODE,
net::CookieOptions::SameSiteCookieContext(
net::CookieOptions::SameSiteCookieContext::
ContextType::SAME_SITE_STRICT),
true /* is_cookie_secure */, browser_context);
DeleteSameSiteNoneCookies();
@ -151,16 +157,19 @@ TEST_F(SameSiteDataRemoverImplTest, TestRemoveOnlySameSiteNoneCookies) {
TEST_F(SameSiteDataRemoverImplTest, TestRemoveSameDomainCookies) {
BrowserContext* browser_context = GetBrowserContext();
CreateCookieForTest("TestCookie1", "www.google.com",
net::CookieSameSite::NO_RESTRICTION,
net::CookieOptions::SameSiteCookieContext::CROSS_SITE,
true /* is_cookie_secure */, browser_context);
CreateCookieForTest(
"TestCookie1", "www.google.com", net::CookieSameSite::NO_RESTRICTION,
net::CookieOptions::SameSiteCookieContext(
net::CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE),
true /* is_cookie_secure */, browser_context);
// The second cookie has the same domain as the first cookie, but also has
// SameSite value STRICT_MODE instead of NO_RESTRICTION.
CreateCookieForTest(
"TestCookie2", "www.google.com", net::CookieSameSite::STRICT_MODE,
net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT,
false /* is_cookie_secure */, browser_context);
CreateCookieForTest("TestCookie2", "www.google.com",
net::CookieSameSite::STRICT_MODE,
net::CookieOptions::SameSiteCookieContext(
net::CookieOptions::SameSiteCookieContext::
ContextType::SAME_SITE_STRICT),
false /* is_cookie_secure */, browser_context);
DeleteSameSiteNoneCookies();
@ -177,12 +186,16 @@ TEST_F(SameSiteDataRemoverImplTest, TestKeepSameSiteCookies) {
BrowserContext* browser_context = GetBrowserContext();
CreateCookieForTest("TestCookie1", "www.google.com",
net::CookieSameSite::LAX_MODE,
net::CookieOptions::SameSiteCookieContext::SAME_SITE_LAX,
net::CookieOptions::SameSiteCookieContext(
net::CookieOptions::SameSiteCookieContext::
ContextType::SAME_SITE_LAX),
false /* is_cookie_secure */, browser_context);
CreateCookieForTest("TestCookie2", "www.gmail.google.com",
net::CookieSameSite::STRICT_MODE,
net::CookieOptions::SameSiteCookieContext(
net::CookieOptions::SameSiteCookieContext::
ContextType::SAME_SITE_STRICT),
false /* is_cookie_secure */, browser_context);
CreateCookieForTest(
"TestCookie2", "www.gmail.google.com", net::CookieSameSite::STRICT_MODE,
net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT,
false /* is_cookie_secure */, browser_context);
DeleteSameSiteNoneCookies();
@ -219,7 +232,9 @@ TEST_F(SameSiteDataRemoverImplTest, TestCookieRemovalUnaffectedByParameters) {
base::RunLoop run_loop2;
options.set_same_site_cookie_context(
net::CookieOptions::SameSiteCookieContext::SAME_SITE_LAX);
net::CookieOptions::SameSiteCookieContext(
net::CookieOptions::SameSiteCookieContext::ContextType::
SAME_SITE_LAX));
result_out = false;
cookie_manager->SetCanonicalCookie(
net::CanonicalCookie("TestCookie2", "10", "gmail.google.com", "/",
@ -255,10 +270,11 @@ TEST_F(SameSiteDataRemoverImplTest, TestStoragePartitionDataRemoval) {
GetSameSiteDataRemoverImpl()->OverrideStoragePartitionForTesting(
&storage_partition);
CreateCookieForTest("TestCookie1", ".google.com",
net::CookieSameSite::NO_RESTRICTION,
net::CookieOptions::SameSiteCookieContext::CROSS_SITE,
true /* is_cookie_secure */, browser_context);
CreateCookieForTest(
"TestCookie1", ".google.com", net::CookieSameSite::NO_RESTRICTION,
net::CookieOptions::SameSiteCookieContext(
net::CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE),
true /* is_cookie_secure */, browser_context);
DeleteSameSiteNoneCookies();
ClearStoragePartitionData();

2
content/browser/cookie_store/cookie_change_subscription.cc

@ -166,7 +166,7 @@ bool CookieChangeSubscription::ShouldObserveChangeTo(
net::CookieOptions net_options;
net_options.set_same_site_cookie_context(
net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT);
net::CookieOptions::SameSiteCookieContext::MakeInclusive());
return cookie.IncludeForRequestURL(url_, net_options, access_semantics)
.IsInclude();

4
content/browser/devtools/protocol/network_handler.cc

@ -1182,7 +1182,7 @@ void NetworkHandler::SetCookie(const std::string& name,
net::CookieOptions options;
// Permit it to set a SameSite cookie if it wants to.
options.set_same_site_cookie_context(
net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT);
net::CookieOptions::SameSiteCookieContext::MakeInclusive());
options.set_include_httponly();
storage_partition_->GetCookieManagerForBrowserProcess()->SetCanonicalCookie(
*cookie, "https", options,
@ -1219,7 +1219,7 @@ void NetworkHandler::SetCookies(
options.set_include_httponly();
// Permit it to set a SameSite cookie if it wants to.
options.set_same_site_cookie_context(
net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT);
net::CookieOptions::SameSiteCookieContext::MakeInclusive());
for (const auto& cookie : net_cookies) {
cookie_manager->SetCanonicalCookie(
*cookie, "https", options,

4
content/browser/frame_host/render_frame_message_filter_browsertest.cc

@ -66,7 +66,7 @@ void SetCookieDirect(WebContentsImpl* tab,
net::CookieOptions options;
// Allow setting SameSite cookies.
options.set_same_site_cookie_context(
net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT);
net::CookieOptions::SameSiteCookieContext::MakeInclusive());
auto cookie_obj = net::CanonicalCookie::Create(
url, cookie_line, base::Time::Now(), base::nullopt /* server_time */);
@ -87,7 +87,7 @@ std::string GetCookiesDirect(WebContentsImpl* tab, const GURL& url) {
net::CookieOptions options;
// Allow setting SameSite cookies.
options.set_same_site_cookie_context(
net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT);
net::CookieOptions::SameSiteCookieContext::MakeInclusive());
net::CookieList result;
base::RunLoop run_loop;
BrowserContext::GetDefaultStoragePartition(tab->GetBrowserContext())

46
content/browser/storage_partition_impl.cc

@ -528,34 +528,50 @@ int64_t CrossSchemeWarningToContextInt64(
// SameSiteCookieContext in order to match up with the UMAs which are
// recording similar information.
// TODO(https://crbug.com/1046456): Remove after deprecated.
net::CookieOptions::SameSiteCookieContext same_site_context;
switch (reason) {
case net::CanonicalCookie::CookieInclusionStatus::
WARN_SAMESITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_SECURE_URL:
return static_cast<int64_t>(
net::CookieOptions::SameSiteCookieContext::
SAME_SITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_SECURE_URL);
same_site_context.context = net::CookieOptions::SameSiteCookieContext::
ContextType::SAME_SITE_LAX_METHOD_UNSAFE;
same_site_context.cross_schemeness = net::CookieOptions::
SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE;
return same_site_context.ConvertToMetricsValue();
case net::CanonicalCookie::CookieInclusionStatus::
WARN_SAMESITE_LAX_CROSS_SCHEME_SECURE_URL:
return static_cast<int64_t>(net::CookieOptions::SameSiteCookieContext::
SAME_SITE_LAX_CROSS_SCHEME_SECURE_URL);
same_site_context.context =
net::CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX;
same_site_context.cross_schemeness = net::CookieOptions::
SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE;
return same_site_context.ConvertToMetricsValue();
case net::CanonicalCookie::CookieInclusionStatus::
WARN_SAMESITE_STRICT_CROSS_SCHEME_SECURE_URL:
return static_cast<int64_t>(net::CookieOptions::SameSiteCookieContext::
SAME_SITE_STRICT_CROSS_SCHEME_SECURE_URL);
same_site_context.context = net::CookieOptions::SameSiteCookieContext::
ContextType::SAME_SITE_STRICT;
same_site_context.cross_schemeness = net::CookieOptions::
SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE;
return same_site_context.ConvertToMetricsValue();
case net::CanonicalCookie::CookieInclusionStatus::
WARN_SAMESITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_INSECURE_URL:
return static_cast<int64_t>(
net::CookieOptions::SameSiteCookieContext::
SAME_SITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_INSECURE_URL);
same_site_context.context = net::CookieOptions::SameSiteCookieContext::
ContextType::SAME_SITE_LAX_METHOD_UNSAFE;
same_site_context.cross_schemeness = net::CookieOptions::
SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE;
return same_site_context.ConvertToMetricsValue();
case net::CanonicalCookie::CookieInclusionStatus::
WARN_SAMESITE_LAX_CROSS_SCHEME_INSECURE_URL:
return static_cast<int64_t>(net::CookieOptions::SameSiteCookieContext::
SAME_SITE_LAX_CROSS_SCHEME_INSECURE_URL);
same_site_context.context =
net::CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX;
same_site_context.cross_schemeness = net::CookieOptions::
SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE;
return same_site_context.ConvertToMetricsValue();
case net::CanonicalCookie::CookieInclusionStatus::
WARN_SAMESITE_STRICT_CROSS_SCHEME_INSECURE_URL:
return static_cast<int64_t>(
net::CookieOptions::SameSiteCookieContext::
SAME_SITE_STRICT_CROSS_SCHEME_INSECURE_URL);
same_site_context.context = net::CookieOptions::SameSiteCookieContext::
ContextType::SAME_SITE_STRICT;
same_site_context.cross_schemeness = net::CookieOptions::
SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE;
return same_site_context.ConvertToMetricsValue();
default:
// Return invalid value if there is no cross-scheme warning.
return -1;

4
content/browser/worker_host/worker_browsertest.cc

@ -155,7 +155,9 @@ class WorkerTest : public ContentBrowserTest,
cookie_manager.BindNewPipeAndPassReceiver());
net::CookieOptions options;
options.set_same_site_cookie_context(
net::CookieOptions::SameSiteCookieContext::SAME_SITE_LAX);
net::CookieOptions::SameSiteCookieContext(
net::CookieOptions::SameSiteCookieContext::ContextType::
SAME_SITE_LAX));
std::unique_ptr<net::CanonicalCookie> cookie = net::CanonicalCookie::Create(
ssl_server_.GetURL(host, "/"),
std::string(kSameSiteCookie) + "; SameSite=Lax; Secure",

2
content/public/test/browser_test_utils.cc

@ -1879,7 +1879,7 @@ std::vector<net::CanonicalCookie> GetCanonicalCookies(
// Allow access to SameSite cookies in tests.
net::CookieOptions options;
options.set_same_site_cookie_context(
net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT);
net::CookieOptions::SameSiteCookieContext::MakeInclusive());
cookie_manager->GetCookieList(
url, options,
base::BindOnce(

16
content/public/test/browser_test_utils.h

@ -840,28 +840,28 @@ RenderFrameHost* ChildFrameAt(RenderFrameHost* frame, size_t index);
bool ExecuteWebUIResourceTest(WebContents* web_contents,
const std::vector<int>& js_resource_ids);
// Returns the serialized cookie string for the given url. Uses a strictly
// same-site SameSiteCookieContext by default, which gets cookies regardless of
// their SameSite attribute.
// Returns the serialized cookie string for the given url. Uses an inclusive
// SameSiteCookieContext by default, which gets cookies regardless of their
// SameSite attribute.
std::string GetCookies(
BrowserContext* browser_context,
const GURL& url,
net::CookieOptions::SameSiteCookieContext context =
net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT);
net::CookieOptions::SameSiteCookieContext::MakeInclusive());
// Returns the canonical cookies for the given url.
std::vector<net::CanonicalCookie> GetCanonicalCookies(
BrowserContext* browser_context,
const GURL& url);
// Sets a cookie for the given url. Uses a strictly same-site
// SameSiteCookieContext by default, which gets cookies regardless of their
// SameSite attribute. Returns true on success.
// Sets a cookie for the given url. Uses an inclusive SameSiteCookieContext by
// default, which gets cookies regardless of their SameSite attribute. Returns
// true on success.
bool SetCookie(BrowserContext* browser_context,
const GURL& url,
const std::string& value,
net::CookieOptions::SameSiteCookieContext context =
net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT);
net::CookieOptions::SameSiteCookieContext::MakeInclusive());
// Fetch the histograms data from other processes. This should be called after
// the test code has been executed but before performing assertions.

2
fuchsia/engine/browser/cookie_manager_impl.cc

@ -211,7 +211,7 @@ void CookieManagerImpl::GetCookieList(
net::CookieOptions options;
options.set_include_httponly();
options.set_same_site_cookie_context(
net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT);
net::CookieOptions::SameSiteCookieContext::MakeInclusive());
cookie_manager_->GetCookieList(
GURL(*url), options,

4
ios/chrome/browser/signin/gaia_auth_fetcher_ios_ns_url_session_bridge.mm

@ -94,7 +94,7 @@ void GaiaAuthFetcherIOSNSURLSessionBridge::FetchPendingRequest() {
net::CookieOptions options;
options.set_include_httponly();
options.set_same_site_cookie_context(
net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT);
net::CookieOptions::SameSiteCookieContext::MakeInclusive());
cookie_manager->GetCookieList(
GetRequest().url, options,
base::BindOnce(
@ -119,7 +119,7 @@ void GaiaAuthFetcherIOSNSURLSessionBridge::SetCanonicalCookiesFromResponse(
options.set_include_httponly();
// Permit it to set a SameSite cookie if it wants to.
options.set_same_site_cookie_context(
net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT);
net::CookieOptions::SameSiteCookieContext::MakeInclusive());
cookie_manager->SetCanonicalCookie(
net::CanonicalCookieFromSystemCookie(cookie, base::Time::Now()),
base::SysNSStringToUTF8(response.URL.scheme), options,

2
ios/chrome/browser/signin/gaia_auth_fetcher_ios_ns_url_session_bridge_unittests.mm

@ -262,7 +262,7 @@ void GaiaAuthFetcherIOSNSURLSessionBridgeTest::AddCookiesToCookieManager(
net::CookieOptions options;
options.set_include_httponly();
options.set_same_site_cookie_context(
net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT);
net::CookieOptions::SameSiteCookieContext::MakeInclusive());
cookie_manager->SetCanonicalCookie(
net::CanonicalCookieFromSystemCookie(cookie, base::Time::Now()),
"https", options, base::DoNothing());

150
net/cookies/canonical_cookie.cc

@ -119,16 +119,18 @@ void ApplySameSiteCookieWarningToStatus(
CookieSameSite samesite,
CookieEffectiveSameSite effective_samesite,
bool is_secure,
CookieOptions::SameSiteCookieContext context,
CookieOptions::SameSiteCookieContext same_site_context,
CanonicalCookie::CookieInclusionStatus* status) {
if (samesite == CookieSameSite::UNSPECIFIED &&
context < CookieOptions::SameSiteCookieContext::SAME_SITE_LAX) {
same_site_context.context <
CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX) {
status->AddWarningReason(CanonicalCookie::CookieInclusionStatus::
WARN_SAMESITE_UNSPECIFIED_CROSS_SITE_CONTEXT);
}
if (effective_samesite == CookieEffectiveSameSite::LAX_MODE_ALLOW_UNSAFE &&
context ==
CookieOptions::SameSiteCookieContext::SAME_SITE_LAX_METHOD_UNSAFE) {
same_site_context.context ==
CookieOptions::SameSiteCookieContext::ContextType::
SAME_SITE_LAX_METHOD_UNSAFE) {
// This warning is more specific so remove the previous, more general,
// warning.
status->RemoveWarningReason(
@ -471,26 +473,27 @@ CanonicalCookie::CookieInclusionStatus CanonicalCookie::IncludeForRequestURL(
effective_same_site,
CookieEffectiveSameSite::COUNT);
}
UMA_HISTOGRAM_ENUMERATION("Cookie.RequestSameSiteContext",
options.same_site_cookie_context(),
CookieOptions::SameSiteCookieContext::COUNT);
UMA_HISTOGRAM_ENUMERATION(
"Cookie.RequestSameSiteContext",
options.same_site_cookie_context().context,
CookieOptions::SameSiteCookieContext::ContextType::COUNT);
switch (effective_same_site) {
case CookieEffectiveSameSite::STRICT_MODE:
if (options.same_site_cookie_context() <
CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT) {
if (options.same_site_cookie_context().context <
CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT) {
status.AddExclusionReason(
CookieInclusionStatus::EXCLUDE_SAMESITE_STRICT);
}
break;
case CookieEffectiveSameSite::LAX_MODE:
if (options.same_site_cookie_context() <
CookieOptions::SameSiteCookieContext::SAME_SITE_LAX) {
if (options.same_site_cookie_context().context <
CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX) {
// Log metrics for a cookie that would have been included under the
// "Lax-allow-unsafe" intervention, had it been new enough.
if (SameSite() == CookieSameSite::UNSPECIFIED &&
options.same_site_cookie_context() ==
CookieOptions::SameSiteCookieContext::
options.same_site_cookie_context().context ==
CookieOptions::SameSiteCookieContext::ContextType::
SAME_SITE_LAX_METHOD_UNSAFE) {
UMA_HISTOGRAM_CUSTOM_TIMES(
"Cookie.SameSiteUnspecifiedTooOldToAllowUnsafe", cookie_age,
@ -507,13 +510,14 @@ CanonicalCookie::CookieInclusionStatus CanonicalCookie::IncludeForRequestURL(
// TODO(crbug.com/990439): Add a browsertest for this behavior.
case CookieEffectiveSameSite::LAX_MODE_ALLOW_UNSAFE:
DCHECK(SameSite() == CookieSameSite::UNSPECIFIED);
if (options.same_site_cookie_context() <
CookieOptions::SameSiteCookieContext::SAME_SITE_LAX_METHOD_UNSAFE) {
if (options.same_site_cookie_context().context <
CookieOptions::SameSiteCookieContext::ContextType::
SAME_SITE_LAX_METHOD_UNSAFE) {
// TODO(chlily): Do we need a separate CookieInclusionStatus for this?
status.AddExclusionReason(
CookieInclusionStatus::EXCLUDE_SAMESITE_UNSPECIFIED_TREATED_AS_LAX);
} else if (options.same_site_cookie_context() ==
CookieOptions::SameSiteCookieContext::
} else if (options.same_site_cookie_context().context ==
CookieOptions::SameSiteCookieContext::ContextType::
SAME_SITE_LAX_METHOD_UNSAFE) {
// Log metrics for cookies that activate the "Lax-allow-unsafe"
// intervention. This histogram macro allows up to 3 minutes, which is
@ -549,16 +553,17 @@ CanonicalCookie::CookieInclusionStatus CanonicalCookie::IncludeForRequestURL(
effective_same_site,
CookieEffectiveSameSite::COUNT);
if (options.IsDifferentScheme() &&
if (options.same_site_cookie_context().IsDifferentScheme() &&
((effective_same_site == CookieEffectiveSameSite::LAX_MODE) ||
(effective_same_site == CookieEffectiveSameSite::STRICT_MODE) ||
(effective_same_site ==
CookieEffectiveSameSite::LAX_MODE_ALLOW_UNSAFE))) {
UMA_HISTOGRAM_ENUMERATION("Cookie.SameSiteDifferentSchemeRequest",
options.same_site_cookie_context_full(),
CookieOptions::SameSiteCookieContext::COUNT);
UMA_HISTOGRAM_ENUMERATION(
"Cookie.SameSiteDifferentSchemeRequest",
options.same_site_cookie_context().ConvertToMetricsValue(),
CookieOptions::SameSiteCookieContext::MetricCount());
AddSameSiteCrossSchemeWarning(&status,
options.same_site_cookie_context_full());
options.same_site_cookie_context());
}
}
@ -607,8 +612,8 @@ void CanonicalCookie::IsSetPermittedInContext(
// This intentionally checks for `< SAME_SITE_LAX`, as we allow
// `SameSite=Strict` cookies to be set for top-level navigations that
// qualify for receipt of `SameSite=Lax` cookies.
if (options.same_site_cookie_context() <
CookieOptions::SameSiteCookieContext::SAME_SITE_LAX) {
if (options.same_site_cookie_context().context <
CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX) {
DVLOG(net::cookie_util::kVlogSetCookies)
<< "Trying to set a `SameSite=Strict` cookie from a "
"cross-site URL.";
@ -618,8 +623,8 @@ void CanonicalCookie::IsSetPermittedInContext(
break;
case CookieEffectiveSameSite::LAX_MODE:
case CookieEffectiveSameSite::LAX_MODE_ALLOW_UNSAFE:
if (options.same_site_cookie_context() <
CookieOptions::SameSiteCookieContext::SAME_SITE_LAX) {
if (options.same_site_cookie_context().context <
CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX) {
if (SameSite() == CookieSameSite::UNSPECIFIED) {
DVLOG(net::cookie_util::kVlogSetCookies)
<< "Cookies with no known SameSite attribute being treated as "
@ -648,18 +653,18 @@ void CanonicalCookie::IsSetPermittedInContext(
effective_same_site,
CookieEffectiveSameSite::COUNT);
if (options.IsDifferentScheme() &&
if (options.same_site_cookie_context().IsDifferentScheme() &&
((effective_same_site == CookieEffectiveSameSite::LAX_MODE) ||
(effective_same_site == CookieEffectiveSameSite::STRICT_MODE) ||
(effective_same_site ==
CookieEffectiveSameSite::LAX_MODE_ALLOW_UNSAFE))) {
// TODO(crbug.com/1034014): Change enum to one with less confusing
// phrasing.
UMA_HISTOGRAM_ENUMERATION("Cookie.SameSiteDifferentSchemeResponse",
options.same_site_cookie_context_full(),
CookieOptions::SameSiteCookieContext::COUNT);
AddSameSiteCrossSchemeWarning(status,
options.same_site_cookie_context_full());
UMA_HISTOGRAM_ENUMERATION(
"Cookie.SameSiteDifferentSchemeResponse",
options.same_site_cookie_context().ConvertToMetricsValue(),
CookieOptions::SameSiteCookieContext::MetricCount());
AddSameSiteCrossSchemeWarning(status, options.same_site_cookie_context());
}
}
@ -754,43 +759,50 @@ std::string CanonicalCookie::BuildCookieLine(
void net::CanonicalCookie::AddSameSiteCrossSchemeWarning(
CookieInclusionStatus* status,
CookieOptions::SameSiteCookieContext context) const {
switch (context) {
case CookieOptions::SameSiteCookieContext::
SAME_SITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_SECURE_URL:
status->AddWarningReason(
CookieInclusionStatus::
WARN_SAMESITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_SECURE_URL);
break;
case CookieOptions::SameSiteCookieContext::
SAME_SITE_LAX_CROSS_SCHEME_SECURE_URL:
status->AddWarningReason(
CookieInclusionStatus::WARN_SAMESITE_LAX_CROSS_SCHEME_SECURE_URL);
break;
case CookieOptions::SameSiteCookieContext::
SAME_SITE_STRICT_CROSS_SCHEME_SECURE_URL:
status->AddWarningReason(
CookieInclusionStatus::WARN_SAMESITE_STRICT_CROSS_SCHEME_SECURE_URL);
break;
case CookieOptions::SameSiteCookieContext::
SAME_SITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_INSECURE_URL:
status->AddWarningReason(
CookieInclusionStatus::
WARN_SAMESITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_INSECURE_URL);
break;
case CookieOptions::SameSiteCookieContext::
SAME_SITE_LAX_CROSS_SCHEME_INSECURE_URL:
status->AddWarningReason(
CookieInclusionStatus::WARN_SAMESITE_LAX_CROSS_SCHEME_INSECURE_URL);
break;
case CookieOptions::SameSiteCookieContext::
SAME_SITE_STRICT_CROSS_SCHEME_INSECURE_URL:
status->AddWarningReason(
CookieInclusionStatus::
WARN_SAMESITE_STRICT_CROSS_SCHEME_INSECURE_URL);
break;
default:
break;
CookieOptions::SameSiteCookieContext same_site_context) const {
if (same_site_context.cross_schemeness ==
CookieOptions::SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE) {
switch (same_site_context.context) {
case CookieOptions::SameSiteCookieContext::ContextType::
SAME_SITE_LAX_METHOD_UNSAFE:
status->AddWarningReason(
CookieInclusionStatus::
WARN_SAMESITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_SECURE_URL);
break;
case CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX:
status->AddWarningReason(
CookieInclusionStatus::WARN_SAMESITE_LAX_CROSS_SCHEME_SECURE_URL);
break;
case CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT:
status->AddWarningReason(
CookieInclusionStatus::
WARN_SAMESITE_STRICT_CROSS_SCHEME_SECURE_URL);
break;
default:
break;
}
} else if (same_site_context.cross_schemeness ==
CookieOptions::SameSiteCookieContext::CrossSchemeness::
SECURE_INSECURE) {
switch (same_site_context.context) {
case CookieOptions::SameSiteCookieContext::ContextType::
SAME_SITE_LAX_METHOD_UNSAFE:
status->AddWarningReason(
CookieInclusionStatus::
WARN_SAMESITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_INSECURE_URL);
break;
case CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX:
status->AddWarningReason(
CookieInclusionStatus::WARN_SAMESITE_LAX_CROSS_SCHEME_INSECURE_URL);
break;
case CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT:
status->AddWarningReason(
CookieInclusionStatus::
WARN_SAMESITE_STRICT_CROSS_SCHEME_INSECURE_URL);
break;
default:
break;
}
}
}

146
net/cookies/canonical_cookie_unittest.cc

@ -708,33 +708,38 @@ TEST(CanonicalCookieTest, IncludeForRequestURLSameSite) {
const base::TimeDelta kLongAge = kLaxAllowUnsafeMaxAge * 4;
const base::TimeDelta kShortAge = kLaxAllowUnsafeMaxAge / 4;
using SameSiteCookieContext = CookieOptions::SameSiteCookieContext;
// Test cases that are the same regardless of feature status or access
// semantics:
std::vector<IncludeForRequestURLTestCase> common_test_cases = {
// Strict cookies:
{"Common=1;SameSite=Strict", CookieSameSite::STRICT_MODE,
CookieEffectiveSameSite::STRICT_MODE,
CookieOptions::SameSiteCookieContext::CROSS_SITE,
SameSiteCookieContext(SameSiteCookieContext::ContextType::CROSS_SITE),
CanonicalCookie::CookieInclusionStatus(
CanonicalCookie::CookieInclusionStatus::EXCLUDE_SAMESITE_STRICT)},
{"Common=2;SameSite=Strict", CookieSameSite::STRICT_MODE,
CookieEffectiveSameSite::STRICT_MODE,
CookieOptions::SameSiteCookieContext::SAME_SITE_LAX_METHOD_UNSAFE,
SameSiteCookieContext(
SameSiteCookieContext::ContextType::SAME_SITE_LAX_METHOD_UNSAFE),
CanonicalCookie::CookieInclusionStatus(
CanonicalCookie::CookieInclusionStatus::EXCLUDE_SAMESITE_STRICT)},
{"Common=3;SameSite=Strict", CookieSameSite::STRICT_MODE,
CookieEffectiveSameSite::STRICT_MODE,
CookieOptions::SameSiteCookieContext::SAME_SITE_LAX,
SameSiteCookieContext(SameSiteCookieContext::ContextType::SAME_SITE_LAX),
CanonicalCookie::CookieInclusionStatus(
CanonicalCookie::CookieInclusionStatus::EXCLUDE_SAMESITE_STRICT)},
{"Common=4;SameSite=Strict", CookieSameSite::STRICT_MODE,
CookieEffectiveSameSite::STRICT_MODE,
CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT,
SameSiteCookieContext(
SameSiteCookieContext::ContextType::SAME_SITE_STRICT),
CanonicalCookie::CookieInclusionStatus()},
{"Common=5;SameSite=Strict", CookieSameSite::STRICT_MODE,
CookieEffectiveSameSite::STRICT_MODE,
CookieOptions::SameSiteCookieContext::
SAME_SITE_STRICT_CROSS_SCHEME_SECURE_URL,
SameSiteCookieContext(
SameSiteCookieContext::ContextType::SAME_SITE_STRICT,
SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE),
CanonicalCookie::CookieInclusionStatus::MakeFromReasonsForTesting(
std::vector<
CanonicalCookie::CookieInclusionStatus::ExclusionReason>(),
@ -742,8 +747,9 @@ TEST(CanonicalCookieTest, IncludeForRequestURLSameSite) {
WARN_SAMESITE_STRICT_CROSS_SCHEME_SECURE_URL})},
{"Common=6;SameSite=Strict", CookieSameSite::STRICT_MODE,
CookieEffectiveSameSite::STRICT_MODE,
CookieOptions::SameSiteCookieContext::
SAME_SITE_STRICT_CROSS_SCHEME_INSECURE_URL,
SameSiteCookieContext(
SameSiteCookieContext::ContextType::SAME_SITE_STRICT,
SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE),
CanonicalCookie::CookieInclusionStatus::MakeFromReasonsForTesting(
std::vector<
CanonicalCookie::CookieInclusionStatus::ExclusionReason>(),
@ -752,26 +758,29 @@ TEST(CanonicalCookieTest, IncludeForRequestURLSameSite) {
// Lax cookies:
{"Common=7;SameSite=Lax", CookieSameSite::LAX_MODE,
CookieEffectiveSameSite::LAX_MODE,
CookieOptions::SameSiteCookieContext::CROSS_SITE,
SameSiteCookieContext(SameSiteCookieContext::ContextType::CROSS_SITE),
CanonicalCookie::CookieInclusionStatus(
CanonicalCookie::CookieInclusionStatus::EXCLUDE_SAMESITE_LAX)},
{"Common=8;SameSite=Lax", CookieSameSite::LAX_MODE,
CookieEffectiveSameSite::LAX_MODE,
CookieOptions::SameSiteCookieContext::SAME_SITE_LAX_METHOD_UNSAFE,
SameSiteCookieContext(
SameSiteCookieContext::ContextType::SAME_SITE_LAX_METHOD_UNSAFE),
CanonicalCookie::CookieInclusionStatus(
CanonicalCookie::CookieInclusionStatus::EXCLUDE_SAMESITE_LAX)},
{"Common=9;SameSite=Lax", CookieSameSite::LAX_MODE,
CookieEffectiveSameSite::LAX_MODE,
CookieOptions::SameSiteCookieContext::SAME_SITE_LAX,
SameSiteCookieContext(SameSiteCookieContext::ContextType::SAME_SITE_LAX),
CanonicalCookie::CookieInclusionStatus()},
{"Common=10;SameSite=Lax", CookieSameSite::LAX_MODE,
CookieEffectiveSameSite::LAX_MODE,
CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT,
SameSiteCookieContext(
SameSiteCookieContext::ContextType::SAME_SITE_STRICT),
CanonicalCookie::CookieInclusionStatus()},
{"Common=11;SameSite=Lax", CookieSameSite::LAX_MODE,
CookieEffectiveSameSite::LAX_MODE,
CookieOptions::SameSiteCookieContext::
SAME_SITE_LAX_CROSS_SCHEME_SECURE_URL,
SameSiteCookieContext(
SameSiteCookieContext::ContextType::SAME_SITE_LAX,
SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE),
CanonicalCookie::CookieInclusionStatus::MakeFromReasonsForTesting(
std::vector<
CanonicalCookie::CookieInclusionStatus::ExclusionReason>(),
@ -779,8 +788,9 @@ TEST(CanonicalCookieTest, IncludeForRequestURLSameSite) {
WARN_SAMESITE_LAX_CROSS_SCHEME_SECURE_URL})},
{"Common=12;SameSite=Lax", CookieSameSite::LAX_MODE,
CookieEffectiveSameSite::LAX_MODE,
CookieOptions::SameSiteCookieContext::
SAME_SITE_STRICT_CROSS_SCHEME_SECURE_URL,
SameSiteCookieContext(
SameSiteCookieContext::ContextType::SAME_SITE_STRICT,
SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE),
CanonicalCookie::CookieInclusionStatus::MakeFromReasonsForTesting(
std::vector<
CanonicalCookie::CookieInclusionStatus::ExclusionReason>(),
@ -788,8 +798,9 @@ TEST(CanonicalCookieTest, IncludeForRequestURLSameSite) {
WARN_SAMESITE_STRICT_CROSS_SCHEME_SECURE_URL})},
{"Common=13;SameSite=Lax", CookieSameSite::LAX_MODE,
CookieEffectiveSameSite::LAX_MODE,
CookieOptions::SameSiteCookieContext::
SAME_SITE_LAX_CROSS_SCHEME_INSECURE_URL,
SameSiteCookieContext(
SameSiteCookieContext::ContextType::SAME_SITE_LAX,
SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE),
CanonicalCookie::CookieInclusionStatus::MakeFromReasonsForTesting(
std::vector<
CanonicalCookie::CookieInclusionStatus::ExclusionReason>(),
@ -797,8 +808,9 @@ TEST(CanonicalCookieTest, IncludeForRequestURLSameSite) {
WARN_SAMESITE_LAX_CROSS_SCHEME_INSECURE_URL})},
{"Common=14;SameSite=Lax", CookieSameSite::LAX_MODE,
CookieEffectiveSameSite::LAX_MODE,
CookieOptions::SameSiteCookieContext::
SAME_SITE_STRICT_CROSS_SCHEME_INSECURE_URL,
SameSiteCookieContext(
SameSiteCookieContext::ContextType::SAME_SITE_STRICT,
SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE),
CanonicalCookie::CookieInclusionStatus::MakeFromReasonsForTesting(
std::vector<
CanonicalCookie::CookieInclusionStatus::ExclusionReason>(),
@ -807,39 +819,45 @@ TEST(CanonicalCookieTest, IncludeForRequestURLSameSite) {
// None and Secure cookies:
{"Common=15;SameSite=None;Secure", CookieSameSite::NO_RESTRICTION,
CookieEffectiveSameSite::NO_RESTRICTION,
CookieOptions::SameSiteCookieContext::CROSS_SITE,
SameSiteCookieContext(SameSiteCookieContext::ContextType::CROSS_SITE),
CanonicalCookie::CookieInclusionStatus()},
{"Common=16;SameSite=None;Secure", CookieSameSite::NO_RESTRICTION,
CookieEffectiveSameSite::NO_RESTRICTION,
CookieOptions::SameSiteCookieContext::SAME_SITE_LAX_METHOD_UNSAFE,
SameSiteCookieContext(
SameSiteCookieContext::ContextType::SAME_SITE_LAX_METHOD_UNSAFE),
CanonicalCookie::CookieInclusionStatus()},
{"Common=17;SameSite=None;Secure", CookieSameSite::NO_RESTRICTION,
CookieEffectiveSameSite::NO_RESTRICTION,
CookieOptions::SameSiteCookieContext::SAME_SITE_LAX,
SameSiteCookieContext(SameSiteCookieContext::ContextType::SAME_SITE_LAX),
CanonicalCookie::CookieInclusionStatus()},
{"Common=18;SameSite=None;Secure", CookieSameSite::NO_RESTRICTION,
CookieEffectiveSameSite::NO_RESTRICTION,
CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT,
SameSiteCookieContext(
SameSiteCookieContext::ContextType::SAME_SITE_STRICT),
CanonicalCookie::CookieInclusionStatus()},
{"Common=19;SameSite=None;Secure", CookieSameSite::NO_RESTRICTION,
CookieEffectiveSameSite::NO_RESTRICTION,
CookieOptions::SameSiteCookieContext::
SAME_SITE_LAX_CROSS_SCHEME_SECURE_URL,
SameSiteCookieContext(
SameSiteCookieContext::ContextType::SAME_SITE_LAX,
SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE),
CanonicalCookie::CookieInclusionStatus()},
{"Common=20;SameSite=None;Secure", CookieSameSite::NO_RESTRICTION,
CookieEffectiveSameSite::NO_RESTRICTION,
CookieOptions::SameSiteCookieContext::
SAME_SITE_STRICT_CROSS_SCHEME_SECURE_URL,
SameSiteCookieContext(
SameSiteCookieContext::ContextType::SAME_SITE_STRICT,
SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE),
CanonicalCookie::CookieInclusionStatus()},
{"Common=21;SameSite=None;Secure", CookieSameSite::NO_RESTRICTION,
CookieEffectiveSameSite::NO_RESTRICTION,
CookieOptions::SameSiteCookieContext::
SAME_SITE_LAX_CROSS_SCHEME_INSECURE_URL,
SameSiteCookieContext(
SameSiteCookieContext::ContextType::SAME_SITE_LAX,
SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE),
CanonicalCookie::CookieInclusionStatus()},
{"Common=22;SameSite=None;Secure", CookieSameSite::NO_RESTRICTION,
CookieEffectiveSameSite::NO_RESTRICTION,
CookieOptions::SameSiteCookieContext::
SAME_SITE_STRICT_CROSS_SCHEME_INSECURE_URL,
SameSiteCookieContext(
SameSiteCookieContext::ContextType::SAME_SITE_STRICT,
SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE),
CanonicalCookie::CookieInclusionStatus()}};
// Test cases where the default is None (either access semantics is LEGACY, or
@ -848,7 +866,7 @@ TEST(CanonicalCookieTest, IncludeForRequestURLSameSite) {
// Unspecified cookies (without SameSite-by-default):
{"DefaultNone=1", CookieSameSite::UNSPECIFIED,
CookieEffectiveSameSite::NO_RESTRICTION,
CookieOptions::SameSiteCookieContext::CROSS_SITE,
SameSiteCookieContext(SameSiteCookieContext::ContextType::CROSS_SITE),
CanonicalCookie::CookieInclusionStatus::MakeFromReasonsForTesting(
std::vector<
CanonicalCookie::CookieInclusionStatus::ExclusionReason>(),
@ -856,7 +874,8 @@ TEST(CanonicalCookieTest, IncludeForRequestURLSameSite) {
WARN_SAMESITE_UNSPECIFIED_CROSS_SITE_CONTEXT})},
{"DefaultNone=2", CookieSameSite::UNSPECIFIED,
CookieEffectiveSameSite::NO_RESTRICTION,
CookieOptions::SameSiteCookieContext::SAME_SITE_LAX_METHOD_UNSAFE,
SameSiteCookieContext(
SameSiteCookieContext::ContextType::SAME_SITE_LAX_METHOD_UNSAFE),
CanonicalCookie::CookieInclusionStatus::MakeFromReasonsForTesting(
std::vector<
CanonicalCookie::CookieInclusionStatus::ExclusionReason>(),
@ -864,11 +883,12 @@ TEST(CanonicalCookieTest, IncludeForRequestURLSameSite) {
WARN_SAMESITE_UNSPECIFIED_CROSS_SITE_CONTEXT})},
{"DefaultNone=3", CookieSameSite::UNSPECIFIED,
CookieEffectiveSameSite::NO_RESTRICTION,
CookieOptions::SameSiteCookieContext::SAME_SITE_LAX,
SameSiteCookieContext(SameSiteCookieContext::ContextType::SAME_SITE_LAX),
CanonicalCookie::CookieInclusionStatus()},
{"DefaultNone=4", CookieSameSite::UNSPECIFIED,
CookieEffectiveSameSite::NO_RESTRICTION,
CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT,
SameSiteCookieContext(
SameSiteCookieContext::ContextType::SAME_SITE_STRICT),
CanonicalCookie::CookieInclusionStatus()}};
// Test cases where the default is Lax (either access semantics is NONLEGACY,
@ -877,7 +897,7 @@ TEST(CanonicalCookieTest, IncludeForRequestURLSameSite) {
// Unspecified recently-created cookies (with SameSite-by-default):
{"DefaultLax=1", CookieSameSite::UNSPECIFIED,
CookieEffectiveSameSite::LAX_MODE_ALLOW_UNSAFE,
CookieOptions::SameSiteCookieContext::CROSS_SITE,
SameSiteCookieContext(SameSiteCookieContext::ContextType::CROSS_SITE),
CanonicalCookie::CookieInclusionStatus(
CanonicalCookie::CookieInclusionStatus::
EXCLUDE_SAMESITE_UNSPECIFIED_TREATED_AS_LAX,
@ -886,7 +906,8 @@ TEST(CanonicalCookieTest, IncludeForRequestURLSameSite) {
kShortAge},
{"DefaultLax=2", CookieSameSite::UNSPECIFIED,
CookieEffectiveSameSite::LAX_MODE_ALLOW_UNSAFE,
CookieOptions::SameSiteCookieContext::SAME_SITE_LAX_METHOD_UNSAFE,
SameSiteCookieContext(
SameSiteCookieContext::ContextType::SAME_SITE_LAX_METHOD_UNSAFE),
CanonicalCookie::CookieInclusionStatus::MakeFromReasonsForTesting(
std::vector<
CanonicalCookie::CookieInclusionStatus::ExclusionReason>(),
@ -895,16 +916,17 @@ TEST(CanonicalCookieTest, IncludeForRequestURLSameSite) {
kShortAge},
{"DefaultLax=3", CookieSameSite::UNSPECIFIED,
CookieEffectiveSameSite::LAX_MODE_ALLOW_UNSAFE,
CookieOptions::SameSiteCookieContext::SAME_SITE_LAX,
SameSiteCookieContext(SameSiteCookieContext::ContextType::SAME_SITE_LAX),
CanonicalCookie::CookieInclusionStatus(), kShortAge},
{"DefaultLax=4", CookieSameSite::UNSPECIFIED,
CookieEffectiveSameSite::LAX_MODE_ALLOW_UNSAFE,
CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT,
SameSiteCookieContext(
SameSiteCookieContext::ContextType::SAME_SITE_STRICT),
CanonicalCookie::CookieInclusionStatus(), kShortAge},
// Unspecified not-recently-created cookies (with SameSite-by-default):
{"DefaultLax=5", CookieSameSite::UNSPECIFIED,
CookieEffectiveSameSite::LAX_MODE,
CookieOptions::SameSiteCookieContext::CROSS_SITE,
SameSiteCookieContext(SameSiteCookieContext::ContextType::CROSS_SITE),
CanonicalCookie::CookieInclusionStatus(
CanonicalCookie::CookieInclusionStatus::
EXCLUDE_SAMESITE_UNSPECIFIED_TREATED_AS_LAX,
@ -913,7 +935,8 @@ TEST(CanonicalCookieTest, IncludeForRequestURLSameSite) {
kLongAge},
{"DefaultLax=6", CookieSameSite::UNSPECIFIED,
CookieEffectiveSameSite::LAX_MODE,
CookieOptions::SameSiteCookieContext::SAME_SITE_LAX_METHOD_UNSAFE,
SameSiteCookieContext(
SameSiteCookieContext::ContextType::SAME_SITE_LAX_METHOD_UNSAFE),
CanonicalCookie::CookieInclusionStatus(
CanonicalCookie::CookieInclusionStatus::
EXCLUDE_SAMESITE_UNSPECIFIED_TREATED_AS_LAX,
@ -922,11 +945,12 @@ TEST(CanonicalCookieTest, IncludeForRequestURLSameSite) {
kLongAge},
{"DefaultLax=7", CookieSameSite::UNSPECIFIED,
CookieEffectiveSameSite::LAX_MODE,
CookieOptions::SameSiteCookieContext::SAME_SITE_LAX,
SameSiteCookieContext(SameSiteCookieContext::ContextType::SAME_SITE_LAX),
CanonicalCookie::CookieInclusionStatus(), kLongAge},
{"DefaultLax=8", CookieSameSite::UNSPECIFIED,
CookieEffectiveSameSite::LAX_MODE,
CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT,
SameSiteCookieContext(
SameSiteCookieContext::ContextType::SAME_SITE_STRICT),
CanonicalCookie::CookieInclusionStatus(), kLongAge},
};
@ -1032,8 +1056,8 @@ TEST(CanonicalCookieTest, MultipleExclusionReasons) {
base::Optional<base::Time> server_time = base::nullopt;
CookieOptions options;
options.set_exclude_httponly();
options.set_same_site_cookie_context(
CookieOptions::SameSiteCookieContext::CROSS_SITE);
options.set_same_site_cookie_context(CookieOptions::SameSiteCookieContext(
CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE));
// Test IncludeForRequestURL()
// Note: This is a cookie that should never exist normally, because Create()
@ -1978,26 +2002,36 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) {
CookieOptions context_cross_site;
CookieOptions context_same_site_lax;
context_same_site_lax.set_same_site_cookie_context(
net::CookieOptions::SameSiteCookieContext::SAME_SITE_LAX);
CookieOptions::SameSiteCookieContext(
CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX));
CookieOptions context_same_site_strict;
context_same_site_strict.set_same_site_cookie_context(
net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT);
CookieOptions::SameSiteCookieContext(
CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT));
CookieOptions context_same_site_lax_to_secure;
context_same_site_lax_to_secure.set_same_site_cookie_context(
net::CookieOptions::SameSiteCookieContext::
SAME_SITE_LAX_CROSS_SCHEME_SECURE_URL);
CookieOptions::SameSiteCookieContext(
CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX,
CookieOptions::SameSiteCookieContext::CrossSchemeness::
INSECURE_SECURE));
CookieOptions context_same_site_strict_to_secure;
context_same_site_strict_to_secure.set_same_site_cookie_context(
net::CookieOptions::SameSiteCookieContext::
SAME_SITE_STRICT_CROSS_SCHEME_SECURE_URL);
CookieOptions::SameSiteCookieContext(
CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT,
CookieOptions::SameSiteCookieContext::CrossSchemeness::
INSECURE_SECURE));
CookieOptions context_same_site_lax_to_insecure;
context_same_site_lax_to_insecure.set_same_site_cookie_context(
net::CookieOptions::SameSiteCookieContext::
SAME_SITE_LAX_CROSS_SCHEME_INSECURE_URL);
CookieOptions::SameSiteCookieContext(
CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX,
CookieOptions::SameSiteCookieContext::CrossSchemeness::
SECURE_INSECURE));
CookieOptions context_same_site_strict_to_insecure;
context_same_site_strict_to_insecure.set_same_site_cookie_context(
net::CookieOptions::SameSiteCookieContext::
SAME_SITE_STRICT_CROSS_SCHEME_INSECURE_URL);
CookieOptions::SameSiteCookieContext(
CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT,
CookieOptions::SameSiteCookieContext::CrossSchemeness::
SECURE_INSECURE));
{
CanonicalCookie cookie_same_site_unrestricted(

16
net/cookies/cookie_monster.cc

@ -301,9 +301,9 @@ size_t CountCookiesForPossibleDeletion(
// |same_site_requirement|, and the options permit HttpOnly access.
bool IsHttpSameSiteContextAtLeast(
const CookieOptions& options,
CookieOptions::SameSiteCookieContext same_site_requirement) {
CookieOptions::SameSiteCookieContext::ContextType same_site_requirement) {
return !options.exclude_httponly() &&
options.same_site_cookie_context() >= same_site_requirement;
options.same_site_cookie_context().context >= same_site_requirement;
}
} // namespace
@ -1713,7 +1713,8 @@ CookieAccessSemantics CookieMonster::GetAccessSemanticsForCookieSet(
(cookie_util::
IsRecentHttpSameSiteAccessGrantsLegacyCookieSemanticsEnabled() &&
IsHttpSameSiteContextAtLeast(
options, CookieOptions::SameSiteCookieContext::SAME_SITE_LAX));
options,
CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX));
// If the current cookie access is not itself http-and-same-site, but the last
// one that was, was recent enough, (and the corresponding feature is enabled)
@ -1761,10 +1762,11 @@ void CookieMonster::MaybeRecordCookieAccessWithOptions(
// time should not be updated when the cookie is accessed to populate the UI.)
if (!options.update_access_time())
return;
CookieOptions::SameSiteCookieContext same_site_requirement =
is_set ? CookieOptions::SameSiteCookieContext::SAME_SITE_LAX
: CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT;
CookieOptions::SameSiteCookieContext::ContextType same_site_requirement;
same_site_requirement =
is_set
? CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX
: CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT;
if (IsHttpSameSiteContextAtLeast(options, same_site_requirement))
last_http_same_site_accesses_[cookie.UniqueKey()] = base::TimeTicks::Now();
}

18
net/cookies/cookie_monster_unittest.cc

@ -1631,7 +1631,8 @@ TEST_F(CookieMonsterTest, GetExcludedCookiesForURL) {
return_excluded.set_return_excluded_cookies();
return_excluded.set_exclude_httponly();
return_excluded.set_same_site_cookie_context(
CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT);
CookieOptions::SameSiteCookieContext(
CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT));
excluded_cookies = GetExcludedCookiesForURLWithOptions(
cm.get(), http_www_foo_.url(), return_excluded);
@ -3366,7 +3367,8 @@ TEST_F(CookieMonsterTest, RejectCreatedSameSiteCookieOnSet) {
CookieMonster cm(nullptr, nullptr);
CookieOptions env_cross_site;
env_cross_site.set_same_site_cookie_context(
CookieOptions::SameSiteCookieContext::CROSS_SITE);
CookieOptions::SameSiteCookieContext(
CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE));
CanonicalCookie::CookieInclusionStatus status;
// Cookie can be created successfully; SameSite is not checked on Creation.
@ -3428,7 +3430,8 @@ TEST_F(CookieMonsterTest, RejectCreatedHttpOnlyCookieOnSet) {
// not allow httponly.
CookieOptions options_no_httponly;
options_no_httponly.set_same_site_cookie_context(
CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT);
CookieOptions::SameSiteCookieContext(
CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT));
options_no_httponly.set_exclude_httponly(); // Default, but make it explicit.
ResultSavingCookieCallback<CanonicalCookie::CookieInclusionStatus> callback;
cm.SetCanonicalCookieAsync(std::move(cookie), "http", options_no_httponly,
@ -3861,7 +3864,8 @@ TEST_F(CookieMonsterLegacyCookieAccessTest, RecentHttpSameSiteAccess) {
CookieOptions http_lax_options;
http_lax_options.set_include_httponly();
http_lax_options.set_same_site_cookie_context(
CookieOptions::SameSiteCookieContext::SAME_SITE_LAX);
CookieOptions::SameSiteCookieContext(
CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX));
// This one only works because it's treated as Legacy, otherwise it would be
// rejected for being SameSite=None without secure.
EXPECT_TRUE(CreateAndSetCookie(cm_.get(), kHttpUrl, "cookie=1;SameSite=None",
@ -3899,7 +3903,8 @@ TEST_F(CookieMonsterLegacyCookieAccessTest, RecentHttpSameSiteAccess) {
CookieOptions exclude_http_lax_options;
exclude_http_lax_options.set_exclude_httponly();
exclude_http_lax_options.set_same_site_cookie_context(
CookieOptions::SameSiteCookieContext::SAME_SITE_LAX);
CookieOptions::SameSiteCookieContext(
CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX));
EXPECT_TRUE(CreateAndSetCookie(cm_.get(), kHttpUrl, "cookie=1",
exclude_http_lax_options));
// There is no recent eligible last access time, because we deleted the
@ -3918,7 +3923,8 @@ TEST_F(CookieMonsterLegacyCookieAccessTest, RecentHttpSameSiteAccess) {
CookieOptions http_strict_options;
http_strict_options.set_include_httponly();
http_strict_options.set_same_site_cookie_context(
CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT);
CookieOptions::SameSiteCookieContext(
CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT));
EXPECT_FALSE(CreateAndSetCookie(cm_.get(), kHttpUrl, "cookie=2;Secure",
http_strict_options));
EXPECT_EQ("", GetCookiesWithOptions(cm_.get(), kHttpUrl, CookieOptions()));

30
net/cookies/cookie_options.cc

@ -8,10 +8,25 @@
namespace net {
CookieOptions::SameSiteCookieContext
CookieOptions::SameSiteCookieContext::MakeInclusive() {
return SameSiteCookieContext(ContextType::SAME_SITE_STRICT);
}
int64_t CookieOptions::SameSiteCookieContext::ConvertToMetricsValue() const {
if (cross_schemeness == CrossSchemeness::INSECURE_SECURE) {
return static_cast<int64_t>(context) | kToSecureMask;
} else if (cross_schemeness == CrossSchemeness::SECURE_INSECURE) {
return static_cast<int64_t>(context) | kToInsecureMask;
}
return static_cast<int64_t>(context);
}
// Keep default values in sync with content/public/common/cookie_manager.mojom.
CookieOptions::CookieOptions()
: exclude_httponly_(true),
same_site_cookie_context_(SameSiteCookieContext::CROSS_SITE),
same_site_cookie_context_(SameSiteCookieContext(
SameSiteCookieContext::ContextType::CROSS_SITE)),
update_access_time_(true),
return_excluded_cookies_(false) {}
@ -19,9 +34,20 @@ CookieOptions::CookieOptions()
CookieOptions CookieOptions::MakeAllInclusive() {
CookieOptions options;
options.set_include_httponly();
options.set_same_site_cookie_context(SameSiteCookieContext::SAME_SITE_STRICT);
options.set_same_site_cookie_context(SameSiteCookieContext::MakeInclusive());
options.set_do_not_update_access_time();
return options;
}
bool operator==(const CookieOptions::SameSiteCookieContext& lhs,
const CookieOptions::SameSiteCookieContext& rhs) {
return std::tie(lhs.context, lhs.cross_schemeness) ==
std::tie(rhs.context, rhs.cross_schemeness);
}
bool operator!=(const CookieOptions::SameSiteCookieContext& lhs,
const CookieOptions::SameSiteCookieContext& rhs) {
return !(lhs == rhs);
}
} // namespace net

120
net/cookies/cookie_options.h

@ -16,38 +16,70 @@ namespace net {
class NET_EXPORT CookieOptions {
public:
// Mask indicating insecure site-for-cookies and secure request/response.
static const int kToSecureMask = 1 << 5;
// Mask indicating secure site-for-cookies and insecure request/response.
static const int kToInsecureMask = kToSecureMask << 1;
// Relation between the cookie and the navigational environment.
// CROSS_SITE to SAME_SITE_STRICT are ordered from least to most trusted
// environment. The remaining values are reiterations with additional bits for
// cross-scheme contexts. Don't renumber, used in histograms.
enum class SameSiteCookieContext {
CROSS_SITE = 0,
// Same rules as lax but the http method is unsafe.
SAME_SITE_LAX_METHOD_UNSAFE = 1,
SAME_SITE_LAX = 2,
SAME_SITE_STRICT = 3,
// The CROSS_SCHEME enums are for when the url and site_for_cookies
// differ in their schemes (http vs https). Their values are chosen such
// that the CROSS_SCHEME flag can be bitmasked out.
// SECURE_URL indicates either a request to a secure url or a response from
// a secure url, similarly for INSECURE.
SAME_SITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_SECURE_URL =
SAME_SITE_LAX_METHOD_UNSAFE | kToSecureMask,
SAME_SITE_LAX_CROSS_SCHEME_SECURE_URL = SAME_SITE_LAX | kToSecureMask,
SAME_SITE_STRICT_CROSS_SCHEME_SECURE_URL = SAME_SITE_STRICT | kToSecureMask,
SAME_SITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_INSECURE_URL =
SAME_SITE_LAX_METHOD_UNSAFE | kToInsecureMask,
SAME_SITE_LAX_CROSS_SCHEME_INSECURE_URL = SAME_SITE_LAX | kToInsecureMask,
SAME_SITE_STRICT_CROSS_SCHEME_INSECURE_URL =
SAME_SITE_STRICT | kToInsecureMask,
class NET_EXPORT SameSiteCookieContext {
public:
// CROSS_SITE to SAME_SITE_STRICT are ordered from least to most trusted
// environment. Don't renumber, used in histograms.
enum class ContextType {
CROSS_SITE = 0,
// Same rules as lax but the http method is unsafe.
SAME_SITE_LAX_METHOD_UNSAFE = 1,
SAME_SITE_LAX = 2,
SAME_SITE_STRICT = 3,
// Keep last, used for histograms.
COUNT
// Keep last, used for histograms.
COUNT
};
// Used for when, and in what direction, same-site requests and responses
// are made in a cross-scheme context. Currently only used for metrics
// gathering and does not affect cookie behavior.
enum class CrossSchemeness {
NONE,
INSECURE_SECURE, // Insecure site-for-cookies, secure request/response
SECURE_INSECURE // Secure site-for-cookies, insecure request/response
};
SameSiteCookieContext() : SameSiteCookieContext(ContextType::CROSS_SITE) {}
explicit SameSiteCookieContext(
ContextType same_site_context,
CrossSchemeness cross_schemeness = CrossSchemeness::NONE)
: context(same_site_context), cross_schemeness(cross_schemeness) {}
bool IsDifferentScheme() const {
return cross_schemeness != SameSiteCookieContext::CrossSchemeness::NONE;
}
// Convenience method which returns a SameSiteCookieContext with the most
// inclusive context. This allows access to all SameSite cookies.
static SameSiteCookieContext MakeInclusive();
// The following functions are for conversion to the previous style of
// SameSiteCookieContext for metrics usage. This may be removed when the
// metrics using them are also removed.
// Used as the "COUNT" entry in a histogram enum.
static constexpr int64_t MetricCount() {
return (static_cast<int>(ContextType::SAME_SITE_STRICT) |
kToInsecureMask) +
1;
}
int64_t ConvertToMetricsValue() const;
ContextType context;
CrossSchemeness cross_schemeness;
private:
// The following variables are for conversion to the previous style of
// SameSiteCookieContext for metrics usage. This may be removed when the
// metrics using them are also removed.
// Mask indicating insecure site-for-cookies and secure request/response.
static const int kToSecureMask = 1 << 5;
// Mask indicating secure site-for-cookies and insecure request/response.
static const int kToInsecureMask = kToSecureMask << 1;
};
// Creates a CookieOptions object which:
@ -77,33 +109,9 @@ class NET_EXPORT CookieOptions {
// Strips off the cross-scheme bits to only return the same-site context.
SameSiteCookieContext same_site_cookie_context() const {
return RemoveCrossSchemeBitmask(same_site_cookie_context_);
}
SameSiteCookieContext same_site_cookie_context_full() const {
return same_site_cookie_context_;
}
static SameSiteCookieContext ApplyCrossSchemeBitmask(
SameSiteCookieContext context,
int mask) {
int return_value = static_cast<int>(context);
return_value = return_value | mask;
return static_cast<CookieOptions::SameSiteCookieContext>(return_value);
}
static SameSiteCookieContext RemoveCrossSchemeBitmask(
SameSiteCookieContext context) {
int return_value = static_cast<int>(context);
return_value = return_value & ~(kToSecureMask | kToInsecureMask);
return static_cast<CookieOptions::SameSiteCookieContext>(return_value);
}
bool IsDifferentScheme() const {
return static_cast<int>(same_site_cookie_context_) &
(kToSecureMask | kToInsecureMask);
}
void set_update_access_time() { update_access_time_ = true; }
void set_do_not_update_access_time() { update_access_time_ = false; }
bool update_access_time() const { return update_access_time_; }
@ -127,6 +135,12 @@ class NET_EXPORT CookieOptions {
bool return_excluded_cookies_;
};
NET_EXPORT bool operator==(const CookieOptions::SameSiteCookieContext& lhs,
const CookieOptions::SameSiteCookieContext& rhs);
NET_EXPORT bool operator!=(const CookieOptions::SameSiteCookieContext& lhs,
const CookieOptions::SameSiteCookieContext& rhs);
} // namespace net
#endif // NET_COOKIES_COOKIE_OPTIONS_H_

6
net/cookies/cookie_store_change_unittest.h

@ -382,7 +382,7 @@ TYPED_TEST_P(CookieStoreChangeGlobalTest, OverwriteWithHttpOnly) {
CookieOptions allow_httponly;
allow_httponly.set_include_httponly();
allow_httponly.set_same_site_cookie_context(
net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT);
net::CookieOptions::SameSiteCookieContext::MakeInclusive());
EXPECT_TRUE(this->CreateAndSetCookie(cs, this->http_www_foo_.url(),
"A=C; path=/path1; httponly",
@ -1179,7 +1179,7 @@ TYPED_TEST_P(CookieStoreChangeUrlTest, OverwriteWithHttpOnly) {
CookieOptions allow_httponly;
allow_httponly.set_include_httponly();
allow_httponly.set_same_site_cookie_context(
net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT);
net::CookieOptions::SameSiteCookieContext::MakeInclusive());
EXPECT_TRUE(this->CreateAndSetCookie(cs, this->http_www_foo_.url(),
"A=C; path=/foo; httponly",
@ -2203,7 +2203,7 @@ TYPED_TEST_P(CookieStoreChangeNamedTest, OverwriteWithHttpOnly) {
CookieOptions allow_httponly;
allow_httponly.set_include_httponly();
allow_httponly.set_same_site_cookie_context(
net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT);
net::CookieOptions::SameSiteCookieContext::MakeInclusive());
EXPECT_TRUE(this->CreateAndSetCookie(cs, this->http_www_foo_.url(),
"abc=hij; path=/foo; httponly",

24
net/cookies/cookie_store_unittest.h

@ -144,7 +144,7 @@ class CookieStoreTest : public testing::Test {
if (!CookieStoreTestTraits::supports_http_only)
options.set_include_httponly();
options.set_same_site_cookie_context(
net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT);
net::CookieOptions::SameSiteCookieContext::MakeInclusive());
return GetCookiesWithOptions(cs, url, options);
}
@ -217,7 +217,7 @@ class CookieStoreTest : public testing::Test {
if (can_modify_httponly)
options.set_include_httponly();
options.set_same_site_cookie_context(
net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT);
net::CookieOptions::SameSiteCookieContext::MakeInclusive());
cs->SetCanonicalCookieAsync(std::move(cookie), std::move(source_scheme),
options, callback.MakeCallback());
callback.WaitUntilDone();
@ -232,7 +232,7 @@ class CookieStoreTest : public testing::Test {
if (!CookieStoreTestTraits::supports_http_only)
options.set_include_httponly();
options.set_same_site_cookie_context(
net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT);
net::CookieOptions::SameSiteCookieContext::MakeInclusive());
return CreateAndSetCookie(cs, url, cookie_line, options,
base::make_optional(server_time));
}
@ -244,7 +244,7 @@ class CookieStoreTest : public testing::Test {
if (!CookieStoreTestTraits::supports_http_only)
options.set_include_httponly();
options.set_same_site_cookie_context(
net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT);
net::CookieOptions::SameSiteCookieContext::MakeInclusive());
return CreateAndSetCookie(cs, url, cookie_line, options);
}
@ -264,7 +264,7 @@ class CookieStoreTest : public testing::Test {
options.set_include_httponly();
// Allow setting SameSite cookies.
options.set_same_site_cookie_context(
net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT);
net::CookieOptions::SameSiteCookieContext::MakeInclusive());
DCHECK(cs);
ResultSavingCookieCallback<CanonicalCookie::CookieInclusionStatus> callback;
@ -285,7 +285,7 @@ class CookieStoreTest : public testing::Test {
if (can_modify_httponly)
options.set_include_httponly();
options.set_same_site_cookie_context(
net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT);
net::CookieOptions::SameSiteCookieContext::MakeInclusive());
cs->SetCanonicalCookieAsync(std::move(cookie), std::move(source_scheme),
options, callback.MakeCallback());
callback.WaitUntilDone();
@ -484,7 +484,7 @@ TYPED_TEST_P(CookieStoreTest, FilterTest) {
if (TypeParam::supports_http_only) {
net::CookieOptions options;
options.set_same_site_cookie_context(
net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT);
net::CookieOptions::SameSiteCookieContext::MakeInclusive());
cookies =
this->GetCookieListWithOptions(cs, this->www_foo_bar_.url(), options);
it = cookies.begin();
@ -1217,7 +1217,7 @@ TYPED_TEST_P(CookieStoreTest, EmptyExpires) {
if (!TypeParam::supports_http_only)
options.set_include_httponly();
options.set_same_site_cookie_context(
net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT);
net::CookieOptions::SameSiteCookieContext::MakeInclusive());
GURL url("http://www7.ipdl.inpit.go.jp/Tokujitu/tjkta.ipdl?N0000=108");
std::string set_cookie_line =
"ACSTM=20130308043820420042; path=/; domain=ipdl.inpit.go.jp; Expires=";
@ -1247,7 +1247,7 @@ TYPED_TEST_P(CookieStoreTest, HttpOnlyTest) {
CookieOptions options;
options.set_include_httponly();
options.set_same_site_cookie_context(
net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT);
net::CookieOptions::SameSiteCookieContext::MakeInclusive());
// Create a httponly cookie.
EXPECT_TRUE(this->CreateAndSetCookie(cs, this->http_www_foo_.url(),
@ -1535,7 +1535,7 @@ TYPED_TEST_P(CookieStoreTest, OverwritePersistentCookie) {
CookieOptions allow_httponly;
allow_httponly.set_include_httponly();
allow_httponly.set_same_site_cookie_context(
net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT);
net::CookieOptions::SameSiteCookieContext::MakeInclusive());
EXPECT_TRUE(this->CreateAndSetCookie(cs, url_foo,
"b=val2; path=/path1; httponly; "
"expires=Mon, 18-Apr-22 22:50:14 GMT",
@ -1591,7 +1591,7 @@ TYPED_TEST_P(CookieStoreTest, EmptyName) {
if (!TypeParam::supports_http_only)
options.set_include_httponly();
options.set_same_site_cookie_context(
net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT);
net::CookieOptions::SameSiteCookieContext::MakeInclusive());
EXPECT_TRUE(this->CreateAndSetCookie(cs, url_foo, "a", options));
CookieList list = this->GetAllCookiesForURL(cs, url_foo);
@ -1634,7 +1634,7 @@ TYPED_TEST_P(CookieStoreTest, CookieOrdering) {
CookieOptions options;
options.set_same_site_cookie_context(
net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT);
net::CookieOptions::SameSiteCookieContext::MakeInclusive());
CookieList cookies = this->GetCookieListWithOptions(
cs, GURL("http://d.c.b.a.foo.com/aa/bb/cc/dd"), options);

111
net/cookies/cookie_util.cc

@ -74,50 +74,53 @@ bool SaturatedTimeFromUTCExploded(const base::Time::Exploded& exploded,
return false;
}
CookieOptions::SameSiteCookieContext ComputeSchemeChange(
CookieOptions::SameSiteCookieContext::CrossSchemeness ComputeSchemeChange(
CookieOptions::SameSiteCookieContext same_site_type,
const GURL& url,
const SiteForCookies& site_for_cookies) {
DCHECK(same_site_type ==
CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT ||
same_site_type == CookieOptions::SameSiteCookieContext::SAME_SITE_LAX);
DCHECK(same_site_type.context >=
CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX);
CookieOptions::SameSiteCookieContext::CrossSchemeness cross_schemeness =
CookieOptions::SameSiteCookieContext::CrossSchemeness::NONE;
bool url_secure = url.SchemeIsCryptographic();
bool site_for_cookies_secure =
GURL::SchemeIsCryptographic(site_for_cookies.scheme());
// Check for different schemes and add flag if so.
if (url_secure && !site_for_cookies_secure) {
same_site_type = CookieOptions::ApplyCrossSchemeBitmask(
same_site_type, CookieOptions::kToSecureMask);
cross_schemeness =
CookieOptions::SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE;
} else if (!url_secure && site_for_cookies_secure) {
same_site_type = CookieOptions::ApplyCrossSchemeBitmask(
same_site_type, CookieOptions::kToInsecureMask);
cross_schemeness =
CookieOptions::SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE;
}
return same_site_type;
return cross_schemeness;
}
CookieOptions::SameSiteCookieContext ComputeSameSiteContext(
const GURL& url,
const SiteForCookies& site_for_cookies,
const base::Optional<url::Origin>& initiator) {
CookieOptions::SameSiteCookieContext same_site_type(
CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE);
if (site_for_cookies.IsFirstParty(url)) {
CookieOptions::SameSiteCookieContext same_site_type;
// Create a SiteForCookies object from the initiator so that we can reuse
// IsFirstParty().
if (!initiator ||
SiteForCookies::FromOrigin(initiator.value()).IsFirstParty(url)) {
same_site_type = CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT;
same_site_type.context =
CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT;
} else {
same_site_type = CookieOptions::SameSiteCookieContext::SAME_SITE_LAX;
same_site_type.context =
CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX;
}
same_site_type = ComputeSchemeChange(same_site_type, url, site_for_cookies);
return same_site_type;
same_site_type.cross_schemeness =
ComputeSchemeChange(same_site_type, url, site_for_cookies);
}
return CookieOptions::SameSiteCookieContext::CROSS_SITE;
return same_site_type;
}
} // namespace
@ -449,28 +452,27 @@ CookieOptions::SameSiteCookieContext ComputeSameSiteContextForRequest(
// but appear like cross-site ones.
//
// * Otherwise, do not include same-site cookies.
CookieOptions::SameSiteCookieContext same_site_context;
if (attach_same_site_cookies) {
return ComputeSchemeChange(
CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT, url,
site_for_cookies);
same_site_context.context =
CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT;
same_site_context.cross_schemeness =
ComputeSchemeChange(same_site_context, url, site_for_cookies);
return same_site_context;
}
CookieOptions::SameSiteCookieContext same_site_context =
ComputeSameSiteContext(url, site_for_cookies, initiator);
int scheme_bitmask =
static_cast<int>(same_site_context) &
(CookieOptions::kToSecureMask | CookieOptions::kToInsecureMask);
same_site_context = ComputeSameSiteContext(url, site_for_cookies, initiator);
// If the method is safe, the context is Lax. Otherwise, make a note that
// the method is unsafe.
if (CookieOptions::RemoveCrossSchemeBitmask(same_site_context) ==
CookieOptions::SameSiteCookieContext::SAME_SITE_LAX &&
if (same_site_context.context ==
CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX &&
!net::HttpUtil::IsMethodSafe(http_method)) {
return CookieOptions::ApplyCrossSchemeBitmask(
CookieOptions::SameSiteCookieContext::SAME_SITE_LAX_METHOD_UNSAFE,
scheme_bitmask);
same_site_context.context = CookieOptions::SameSiteCookieContext::
ContextType::SAME_SITE_LAX_METHOD_UNSAFE;
}
return same_site_context;
}
@ -480,9 +482,11 @@ ComputeSameSiteContextForScriptGet(const GURL& url,
const base::Optional<url::Origin>& initiator,
bool attach_same_site_cookies) {
if (attach_same_site_cookies) {
return ComputeSchemeChange(
CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT, url,
site_for_cookies);
CookieOptions::SameSiteCookieContext same_site_context(
CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT);
same_site_context.cross_schemeness =
ComputeSchemeChange(same_site_context, url, site_for_cookies);
return same_site_context;
}
return ComputeSameSiteContext(url, site_for_cookies, initiator);
}
@ -492,14 +496,19 @@ CookieOptions::SameSiteCookieContext ComputeSameSiteContextForResponse(
const SiteForCookies& site_for_cookies,
const base::Optional<url::Origin>& initiator,
bool attach_same_site_cookies) {
CookieOptions::SameSiteCookieContext same_site_context;
// |initiator| is here in case it'll be decided to ignore |site_for_cookies|
// for entirely browser-side requests (see https://crbug.com/958335).
if (attach_same_site_cookies || site_for_cookies.IsFirstParty(url)) {
return ComputeSchemeChange(
CookieOptions::SameSiteCookieContext::SAME_SITE_LAX, url,
site_for_cookies);
same_site_context.context =
CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX;
same_site_context.cross_schemeness =
ComputeSchemeChange(same_site_context, url, site_for_cookies);
return same_site_context;
} else {
return CookieOptions::SameSiteCookieContext::CROSS_SITE;
same_site_context.context =
CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE;
return same_site_context;
}
}
@ -507,12 +516,17 @@ CookieOptions::SameSiteCookieContext ComputeSameSiteContextForScriptSet(
const GURL& url,
const SiteForCookies& site_for_cookies,
bool attach_same_site_cookies) {
CookieOptions::SameSiteCookieContext same_site_context;
if (attach_same_site_cookies || site_for_cookies.IsFirstParty(url)) {
return ComputeSchemeChange(
CookieOptions::SameSiteCookieContext::SAME_SITE_LAX, url,
site_for_cookies);
same_site_context.context =
CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX;
same_site_context.cross_schemeness =
ComputeSchemeChange(same_site_context, url, site_for_cookies);
return same_site_context;
} else {
return CookieOptions::SameSiteCookieContext::CROSS_SITE;
same_site_context.context =
CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE;
return same_site_context;
}
}
@ -520,14 +534,19 @@ CookieOptions::SameSiteCookieContext ComputeSameSiteContextForSubresource(
const GURL& url,
const SiteForCookies& site_for_cookies,
bool attach_same_site_cookies) {
CookieOptions::SameSiteCookieContext same_site_context;
// If the URL is same-site as site_for_cookies it's same-site as all frames
// in the tree from the initiator frame up --- including the initiator frame.
if (attach_same_site_cookies || site_for_cookies.IsFirstParty(url)) {
return ComputeSchemeChange(
CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT, url,
site_for_cookies);
same_site_context.context =
CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT;
same_site_context.cross_schemeness =
ComputeSchemeChange(same_site_context, url, site_for_cookies);
return same_site_context;
} else {
return CookieOptions::SameSiteCookieContext::CROSS_SITE;
same_site_context.context =
CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE;
return same_site_context;
}
}

444
net/cookies/cookie_util_unittest.cc

@ -254,70 +254,79 @@ TEST(CookieUtilTest, TestIsDomainMatch) {
}
TEST(CookieUtilTest, TestComputeSameSiteContextForScriptGet) {
using SameSiteCookieContext = CookieOptions::SameSiteCookieContext;
// |site_for_cookies| not matching the URL -> it's cross-site.
EXPECT_EQ(
CookieOptions::SameSiteCookieContext::CROSS_SITE,
SameSiteCookieContext(SameSiteCookieContext::ContextType::CROSS_SITE),
cookie_util::ComputeSameSiteContextForScriptGet(
GURL("http://example.com"),
SiteForCookies::FromUrl(GURL("http://notexample.com")),
base::nullopt /*initiator*/, false /* attach_same_site_cookies */));
EXPECT_EQ(CookieOptions::SameSiteCookieContext::CROSS_SITE,
cookie_util::ComputeSameSiteContextForScriptGet(
GURL("http://example.com"),
SiteForCookies::FromUrl(GURL("http://notexample.com")),
url::Origin::Create(GURL("http://example.com")),
false /* attach_same_site_cookies */));
EXPECT_EQ(
SameSiteCookieContext(SameSiteCookieContext::ContextType::CROSS_SITE),
cookie_util::ComputeSameSiteContextForScriptGet(
GURL("http://example.com"),
SiteForCookies::FromUrl(GURL("http://notexample.com")),
url::Origin::Create(GURL("http://example.com")),
false /* attach_same_site_cookies */));
EXPECT_EQ(
CookieOptions::SameSiteCookieContext::CROSS_SITE,
SameSiteCookieContext(SameSiteCookieContext::ContextType::CROSS_SITE),
cookie_util::ComputeSameSiteContextForScriptGet(
GURL("http://a.com"), SiteForCookies::FromUrl(GURL("http://b.com")),
url::Origin::Create(GURL("http://from-elsewhere.com")),
false /* attach_same_site_cookies */));
// Same |site_for_cookies|, but not |initiator| -> it's same-site lax.
EXPECT_EQ(CookieOptions::SameSiteCookieContext::SAME_SITE_LAX,
cookie_util::ComputeSameSiteContextForScriptGet(
GURL("http://example.com"),
SiteForCookies::FromUrl(GURL("http://example.com")),
url::Origin::Create(GURL("http://from-elsewhere.com")),
false /* attach_same_site_cookies */));
EXPECT_EQ(
CookieOptions::SameSiteCookieContext(
CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX),
cookie_util::ComputeSameSiteContextForScriptGet(
GURL("http://example.com"),
SiteForCookies::FromUrl(GURL("http://example.com")),
url::Origin::Create(GURL("http://from-elsewhere.com")),
false /* attach_same_site_cookies */));
// This isn't a full on origin check --- subdomains and different schema are
// accepted.
EXPECT_EQ(CookieOptions::SameSiteCookieContext::
SAME_SITE_LAX_CROSS_SCHEME_SECURE_URL,
EXPECT_EQ(SameSiteCookieContext(
SameSiteCookieContext::ContextType::SAME_SITE_LAX,
SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE),
cookie_util::ComputeSameSiteContextForScriptGet(
GURL("https://example.com"),
SiteForCookies::FromUrl(GURL("http://example.com")),
url::Origin::Create(GURL("http://from-elsewhere.com")),
false /* attach_same_site_cookies */));
EXPECT_EQ(CookieOptions::SameSiteCookieContext::
SAME_SITE_LAX_CROSS_SCHEME_INSECURE_URL,
EXPECT_EQ(SameSiteCookieContext(
SameSiteCookieContext::ContextType::SAME_SITE_LAX,
SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE),
cookie_util::ComputeSameSiteContextForScriptGet(
GURL("http://example.com"),
SiteForCookies::FromUrl(GURL("https://example.com")),
url::Origin::Create(GURL("http://from-elsewhere.com")),
false /* attach_same_site_cookies */));
EXPECT_EQ(CookieOptions::SameSiteCookieContext::SAME_SITE_LAX,
cookie_util::ComputeSameSiteContextForScriptGet(
GURL("http://sub.example.com"),
SiteForCookies::FromUrl(GURL("http://sub2.example.com")),
url::Origin::Create(GURL("http://from-elsewhere.com")),
false /* attach_same_site_cookies */));
EXPECT_EQ(
SameSiteCookieContext(SameSiteCookieContext::ContextType::SAME_SITE_LAX),
cookie_util::ComputeSameSiteContextForScriptGet(
GURL("http://sub.example.com"),
SiteForCookies::FromUrl(GURL("http://sub2.example.com")),
url::Origin::Create(GURL("http://from-elsewhere.com")),
false /* attach_same_site_cookies */));
EXPECT_EQ(CookieOptions::SameSiteCookieContext::SAME_SITE_LAX,
cookie_util::ComputeSameSiteContextForScriptGet(
GURL("http://sub.example.com"),
SiteForCookies::FromUrl(GURL("http://sub.example.com:8080")),
url::Origin::Create(GURL("http://from-elsewhere.com")),
false /* attach_same_site_cookies */));
EXPECT_EQ(
SameSiteCookieContext(SameSiteCookieContext::ContextType::SAME_SITE_LAX),
cookie_util::ComputeSameSiteContextForScriptGet(
GURL("http://sub.example.com"),
SiteForCookies::FromUrl(GURL("http://sub.example.com:8080")),
url::Origin::Create(GURL("http://from-elsewhere.com")),
false /* attach_same_site_cookies */));
// nullopt |initiator| is trusted for purposes of strict, an opaque one isn't.
EXPECT_EQ(CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT,
EXPECT_EQ(SameSiteCookieContext(
SameSiteCookieContext::ContextType::SAME_SITE_STRICT),
cookie_util::ComputeSameSiteContextForScriptGet(
GURL("http://example.com"),
SiteForCookies::FromUrl(GURL("http://example.com")),
@ -325,165 +334,198 @@ TEST(CookieUtilTest, TestComputeSameSiteContextForScriptGet) {
false /* attach_same_site_cookies */));
EXPECT_EQ(
CookieOptions::SameSiteCookieContext::
SAME_SITE_STRICT_CROSS_SCHEME_SECURE_URL,
SameSiteCookieContext(
SameSiteCookieContext::ContextType::SAME_SITE_STRICT,
SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE),
cookie_util::ComputeSameSiteContextForScriptGet(
GURL("https://example.com"),
SiteForCookies::FromUrl(GURL("http://example.com")),
base::nullopt /*initiator*/, false /* attach_same_site_cookies */));
EXPECT_EQ(
CookieOptions::SameSiteCookieContext::
SAME_SITE_STRICT_CROSS_SCHEME_INSECURE_URL,
SameSiteCookieContext(
SameSiteCookieContext::ContextType::SAME_SITE_STRICT,
SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE),
cookie_util::ComputeSameSiteContextForScriptGet(
GURL("http://example.com"),
SiteForCookies::FromUrl(GURL("https://example.com")),
base::nullopt /*initiator*/, false /* attach_same_site_cookies */));
EXPECT_EQ(
CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT,
SameSiteCookieContext(
CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT),
cookie_util::ComputeSameSiteContextForScriptGet(
GURL("http://example.com"),
SiteForCookies::FromUrl(GURL("http://example.com")),
base::nullopt /*initiator*/, false /* attach_same_site_cookies */));
EXPECT_EQ(CookieOptions::SameSiteCookieContext::SAME_SITE_LAX,
cookie_util::ComputeSameSiteContextForScriptGet(
GURL("http://example.com"),
SiteForCookies::FromUrl(GURL("http://example.com")),
url::Origin(), false /* attach_same_site_cookies */));
EXPECT_EQ(
SameSiteCookieContext(
CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX),
cookie_util::ComputeSameSiteContextForScriptGet(
GURL("http://example.com"),
SiteForCookies::FromUrl(GURL("http://example.com")), url::Origin(),
false /* attach_same_site_cookies */));
// |attach_same_site_cookies| causes (some variant of) SAME_SITE_STRICT to be
// returned.
EXPECT_EQ(
CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT,
SameSiteCookieContext(
CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT),
cookie_util::ComputeSameSiteContextForScriptGet(
GURL("http://example.com"),
SiteForCookies::FromUrl(GURL("http://notexample.com")),
base::nullopt /*initiator*/, true /* attach_same_site_cookies */));
EXPECT_EQ(CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT,
cookie_util::ComputeSameSiteContextForScriptGet(
GURL("http://example.com"),
SiteForCookies::FromUrl(GURL("http://notexample.com")),
url::Origin::Create(GURL("http://example.com")),
true /* attach_same_site_cookies */));
EXPECT_EQ(
SameSiteCookieContext(
CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT),
cookie_util::ComputeSameSiteContextForScriptGet(
GURL("http://example.com"),
SiteForCookies::FromUrl(GURL("http://notexample.com")),
url::Origin::Create(GURL("http://example.com")),
true /* attach_same_site_cookies */));
EXPECT_EQ(
CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT,
SameSiteCookieContext(
CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT),
cookie_util::ComputeSameSiteContextForScriptGet(
GURL("http://a.com"), SiteForCookies::FromUrl(GURL("http://b.com")),
url::Origin::Create(GURL("http://from-elsewhere.com")),
true /* attach_same_site_cookies */));
EXPECT_EQ(CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT,
cookie_util::ComputeSameSiteContextForScriptGet(
GURL("http://example.com"),
SiteForCookies::FromUrl(GURL("http://example.com")),
url::Origin::Create(GURL("http://from-elsewhere.com")),
true /* attach_same_site_cookies */));
EXPECT_EQ(
SameSiteCookieContext(
CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT),
cookie_util::ComputeSameSiteContextForScriptGet(
GURL("http://example.com"),
SiteForCookies::FromUrl(GURL("http://example.com")),
url::Origin::Create(GURL("http://from-elsewhere.com")),
true /* attach_same_site_cookies */));
EXPECT_EQ(CookieOptions::SameSiteCookieContext::
SAME_SITE_STRICT_CROSS_SCHEME_SECURE_URL,
EXPECT_EQ(SameSiteCookieContext(
SameSiteCookieContext::ContextType::SAME_SITE_STRICT,
SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE),
cookie_util::ComputeSameSiteContextForScriptGet(
GURL("https://example.com"),
SiteForCookies::FromUrl(GURL("http://example.com")),
url::Origin::Create(GURL("http://from-elsewhere.com")),
true /* attach_same_site_cookies */));
EXPECT_EQ(CookieOptions::SameSiteCookieContext::
SAME_SITE_STRICT_CROSS_SCHEME_INSECURE_URL,
EXPECT_EQ(SameSiteCookieContext(
SameSiteCookieContext::ContextType::SAME_SITE_STRICT,
SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE),
cookie_util::ComputeSameSiteContextForScriptGet(
GURL("http://example.com"),
SiteForCookies::FromUrl(GURL("https://example.com")),
url::Origin::Create(GURL("http://from-elsewhere.com")),
true /* attach_same_site_cookies */));
EXPECT_EQ(CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT,
cookie_util::ComputeSameSiteContextForScriptGet(
GURL("http://sub.example.com"),
SiteForCookies::FromUrl(GURL("http://sub2.example.com")),
url::Origin::Create(GURL("http://from-elsewhere.com")),
true /* attach_same_site_cookies */));
EXPECT_EQ(
SameSiteCookieContext(
CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT),
cookie_util::ComputeSameSiteContextForScriptGet(
GURL("http://sub.example.com"),
SiteForCookies::FromUrl(GURL("http://sub2.example.com")),
url::Origin::Create(GURL("http://from-elsewhere.com")),
true /* attach_same_site_cookies */));
EXPECT_EQ(CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT,
cookie_util::ComputeSameSiteContextForScriptGet(
GURL("http://sub.example.com"),
SiteForCookies::FromUrl(GURL("http://sub.example.com:8080")),
url::Origin::Create(GURL("http://from-elsewhere.com")),
true /* attach_same_site_cookies */));
EXPECT_EQ(
SameSiteCookieContext(
CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT),
cookie_util::ComputeSameSiteContextForScriptGet(
GURL("http://sub.example.com"),
SiteForCookies::FromUrl(GURL("http://sub.example.com:8080")),
url::Origin::Create(GURL("http://from-elsewhere.com")),
true /* attach_same_site_cookies */));
}
TEST(CookieUtilTest, ComputeSameSiteContextForRequest) {
using SameSiteCookieContext = CookieOptions::SameSiteCookieContext;
EXPECT_EQ(
CookieOptions::SameSiteCookieContext::CROSS_SITE,
SameSiteCookieContext(
CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE),
cookie_util::ComputeSameSiteContextForRequest(
"GET", GURL("http://example.com"),
SiteForCookies::FromUrl(GURL("http://notexample.com")),
base::nullopt /*initiator*/, false /*attach_same_site_cookies*/));
// |attach_same_site_cookies| = true bypasses all checks.
EXPECT_EQ(CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT,
cookie_util::ComputeSameSiteContextForRequest(
"GET", GURL("http://example.com"),
SiteForCookies::FromUrl(GURL("http://example.com")),
url::Origin::Create(GURL("http://from-elsewhere.com")),
true /*attach_same_site_cookies*/));
EXPECT_EQ(
SameSiteCookieContext(
CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT),
cookie_util::ComputeSameSiteContextForRequest(
"GET", GURL("http://example.com"),
SiteForCookies::FromUrl(GURL("http://example.com")),
url::Origin::Create(GURL("http://from-elsewhere.com")),
true /*attach_same_site_cookies*/));
EXPECT_EQ(CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT,
cookie_util::ComputeSameSiteContextForRequest(
"POST", GURL("http://example.com"),
SiteForCookies::FromUrl(GURL("http://example.com")),
url::Origin::Create(GURL("http://from-elsewhere.com")),
true /*attach_same_site_cookies*/));
EXPECT_EQ(
SameSiteCookieContext(
CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT),
cookie_util::ComputeSameSiteContextForRequest(
"POST", GURL("http://example.com"),
SiteForCookies::FromUrl(GURL("http://example.com")),
url::Origin::Create(GURL("http://from-elsewhere.com")),
true /*attach_same_site_cookies*/));
EXPECT_EQ(CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT,
cookie_util::ComputeSameSiteContextForRequest(
"GET", GURL("http://example.com"),
SiteForCookies::FromUrl(GURL("http://question.com")),
url::Origin::Create(GURL("http://from-elsewhere.com")),
true /*attach_same_site_cookies*/));
EXPECT_EQ(
SameSiteCookieContext(
CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT),
cookie_util::ComputeSameSiteContextForRequest(
"GET", GURL("http://example.com"),
SiteForCookies::FromUrl(GURL("http://question.com")),
url::Origin::Create(GURL("http://from-elsewhere.com")),
true /*attach_same_site_cookies*/));
EXPECT_EQ(CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT,
cookie_util::ComputeSameSiteContextForRequest(
"GET", GURL("http://example.com"),
SiteForCookies::FromUrl(GURL("http://example.com")),
url::Origin::Create(GURL("http://example.com")),
false /*attach_same_site_cookies*/));
EXPECT_EQ(
SameSiteCookieContext(
CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT),
cookie_util::ComputeSameSiteContextForRequest(
"GET", GURL("http://example.com"),
SiteForCookies::FromUrl(GURL("http://example.com")),
url::Origin::Create(GURL("http://example.com")),
false /*attach_same_site_cookies*/));
EXPECT_EQ(CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT,
cookie_util::ComputeSameSiteContextForRequest(
"POST", GURL("http://example.com"),
SiteForCookies::FromUrl(GURL("http://example.com")),
url::Origin::Create(GURL("http://example.com")),
false /*attach_same_site_cookies*/));
EXPECT_EQ(
SameSiteCookieContext(
CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT),
cookie_util::ComputeSameSiteContextForRequest(
"POST", GURL("http://example.com"),
SiteForCookies::FromUrl(GURL("http://example.com")),
url::Origin::Create(GURL("http://example.com")),
false /*attach_same_site_cookies*/));
EXPECT_EQ(CookieOptions::SameSiteCookieContext::
SAME_SITE_STRICT_CROSS_SCHEME_SECURE_URL,
EXPECT_EQ(SameSiteCookieContext(
SameSiteCookieContext::ContextType::SAME_SITE_STRICT,
SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE),
cookie_util::ComputeSameSiteContextForRequest(
"GET", GURL("https://example.com"),
SiteForCookies::FromUrl(GURL("http://example.com")),
url::Origin::Create(GURL("http://example.com")),
false /*attach_same_site_cookies*/));
EXPECT_EQ(CookieOptions::SameSiteCookieContext::
SAME_SITE_STRICT_CROSS_SCHEME_SECURE_URL,
EXPECT_EQ(SameSiteCookieContext(
SameSiteCookieContext::ContextType::SAME_SITE_STRICT,
SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE),
cookie_util::ComputeSameSiteContextForRequest(
"POST", GURL("https://example.com"),
SiteForCookies::FromUrl(GURL("http://example.com")),
url::Origin::Create(GURL("http://example.com")),
false /*attach_same_site_cookies*/));
EXPECT_EQ(CookieOptions::SameSiteCookieContext::
SAME_SITE_STRICT_CROSS_SCHEME_INSECURE_URL,
EXPECT_EQ(SameSiteCookieContext(
SameSiteCookieContext::ContextType::SAME_SITE_STRICT,
SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE),
cookie_util::ComputeSameSiteContextForRequest(
"GET", GURL("http://example.com"),
SiteForCookies::FromUrl(GURL("https://example.com")),
url::Origin::Create(GURL("http://example.com")),
false /*attach_same_site_cookies*/));
EXPECT_EQ(CookieOptions::SameSiteCookieContext::
SAME_SITE_STRICT_CROSS_SCHEME_INSECURE_URL,
EXPECT_EQ(SameSiteCookieContext(
SameSiteCookieContext::ContextType::SAME_SITE_STRICT,
SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE),
cookie_util::ComputeSameSiteContextForRequest(
"POST", GURL("http://example.com"),
SiteForCookies::FromUrl(GURL("https://example.com")),
@ -491,61 +533,71 @@ TEST(CookieUtilTest, ComputeSameSiteContextForRequest) {
false /*attach_same_site_cookies*/));
// Normally, lax requests also require a safe method.
EXPECT_EQ(CookieOptions::SameSiteCookieContext::SAME_SITE_LAX,
cookie_util::ComputeSameSiteContextForRequest(
"GET", GURL("http://example.com"),
SiteForCookies::FromUrl(GURL("http://example.com")),
url::Origin::Create(GURL("http://from-elsewhere.com")),
false /*attach_same_site_cookies*/));
EXPECT_EQ(
SameSiteCookieContext(
CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX),
cookie_util::ComputeSameSiteContextForRequest(
"GET", GURL("http://example.com"),
SiteForCookies::FromUrl(GURL("http://example.com")),
url::Origin::Create(GURL("http://from-elsewhere.com")),
false /*attach_same_site_cookies*/));
EXPECT_EQ(CookieOptions::SameSiteCookieContext::SAME_SITE_LAX,
cookie_util::ComputeSameSiteContextForRequest(
"HEAD", GURL("http://example.com"),
SiteForCookies::FromUrl(GURL("http://example.com")),
url::Origin::Create(GURL("http://from-elsewhere.com")),
false /*attach_same_site_cookies*/));
EXPECT_EQ(
SameSiteCookieContext(
CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX),
cookie_util::ComputeSameSiteContextForRequest(
"HEAD", GURL("http://example.com"),
SiteForCookies::FromUrl(GURL("http://example.com")),
url::Origin::Create(GURL("http://from-elsewhere.com")),
false /*attach_same_site_cookies*/));
EXPECT_EQ(CookieOptions::SameSiteCookieContext::
SAME_SITE_LAX_CROSS_SCHEME_SECURE_URL,
EXPECT_EQ(SameSiteCookieContext(
SameSiteCookieContext::ContextType::SAME_SITE_LAX,
SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE),
cookie_util::ComputeSameSiteContextForRequest(
"GET", GURL("https://example.com"),
SiteForCookies::FromUrl(GURL("http://example.com")),
url::Origin::Create(GURL("http://from-elsewhere.com")),
false /*attach_same_site_cookies*/));
EXPECT_EQ(CookieOptions::SameSiteCookieContext::
SAME_SITE_LAX_CROSS_SCHEME_INSECURE_URL,
EXPECT_EQ(SameSiteCookieContext(
SameSiteCookieContext::ContextType::SAME_SITE_LAX,
SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE),
cookie_util::ComputeSameSiteContextForRequest(
"GET", GURL("http://example.com"),
SiteForCookies::FromUrl(GURL("https://example.com")),
url::Origin::Create(GURL("http://from-elsewhere.com")),
false /*attach_same_site_cookies*/));
EXPECT_EQ(CookieOptions::SameSiteCookieContext::SAME_SITE_LAX_METHOD_UNSAFE,
EXPECT_EQ(SameSiteCookieContext(CookieOptions::SameSiteCookieContext::
ContextType::SAME_SITE_LAX_METHOD_UNSAFE),
cookie_util::ComputeSameSiteContextForRequest(
"POST", GURL("http://example.com"),
SiteForCookies::FromUrl(GURL("http://example.com")),
url::Origin::Create(GURL("http://from-elsewhere.com")),
false /*attach_same_site_cookies*/));
EXPECT_EQ(CookieOptions::SameSiteCookieContext::
SAME_SITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_SECURE_URL,
EXPECT_EQ(SameSiteCookieContext(
SameSiteCookieContext::ContextType::SAME_SITE_LAX_METHOD_UNSAFE,
SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE),
cookie_util::ComputeSameSiteContextForRequest(
"POST", GURL("https://example.com"),
SiteForCookies::FromUrl(GURL("http://example.com")),
url::Origin::Create(GURL("http://from-elsewhere.com")),
false /*attach_same_site_cookies*/));
EXPECT_EQ(CookieOptions::SameSiteCookieContext::
SAME_SITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_INSECURE_URL,
EXPECT_EQ(SameSiteCookieContext(
SameSiteCookieContext::ContextType::SAME_SITE_LAX_METHOD_UNSAFE,
SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE),
cookie_util::ComputeSameSiteContextForRequest(
"POST", GURL("http://example.com"),
SiteForCookies::FromUrl(GURL("https://example.com")),
url::Origin::Create(GURL("http://from-elsewhere.com")),
false /*attach_same_site_cookies*/));
EXPECT_EQ(CookieOptions::SameSiteCookieContext::
SAME_SITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_SECURE_URL,
EXPECT_EQ(SameSiteCookieContext(
SameSiteCookieContext::ContextType::SAME_SITE_LAX_METHOD_UNSAFE,
SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE),
cookie_util::ComputeSameSiteContextForRequest(
"POST", GURL("https://example.com"),
SiteForCookies::FromUrl(GURL("http://example.com")),
@ -554,80 +606,99 @@ TEST(CookieUtilTest, ComputeSameSiteContextForRequest) {
}
TEST(CookieUtilTest, ComputeSameSiteContextForSet) {
EXPECT_EQ(CookieOptions::SameSiteCookieContext::CROSS_SITE,
using SameSiteCookieContext = CookieOptions::SameSiteCookieContext;
EXPECT_EQ(SameSiteCookieContext(
CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE),
cookie_util::ComputeSameSiteContextForResponse(
GURL("http://example.com"),
SiteForCookies::FromUrl(GURL("http://notexample.com")),
base::nullopt, false /* attach_same_site_cookies */));
// Same as above except |attach_same_site_cookies| makes it return LAX.
EXPECT_EQ(CookieOptions::SameSiteCookieContext::SAME_SITE_LAX,
cookie_util::ComputeSameSiteContextForResponse(
GURL("http://example.com"),
SiteForCookies::FromUrl(GURL("http://notexample.com")),
base::nullopt, true /* attach_same_site_cookies */));
EXPECT_EQ(
SameSiteCookieContext(
CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX),
cookie_util::ComputeSameSiteContextForResponse(
GURL("http://example.com"),
SiteForCookies::FromUrl(GURL("http://notexample.com")), base::nullopt,
true /* attach_same_site_cookies */));
EXPECT_EQ(CookieOptions::SameSiteCookieContext::CROSS_SITE,
EXPECT_EQ(SameSiteCookieContext(
CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE),
cookie_util::ComputeSameSiteContextForScriptSet(
GURL("http://example.com"),
SiteForCookies::FromUrl(GURL("http://notexample.com")),
false /* attach_same_site_cookies */));
// Same as above except |attach_same_site_cookies| makes it return LAX.
EXPECT_EQ(CookieOptions::SameSiteCookieContext::SAME_SITE_LAX,
cookie_util::ComputeSameSiteContextForScriptSet(
GURL("http://example.com"),
SiteForCookies::FromUrl(GURL("http://notexample.com")),
true /* attach_same_site_cookies */));
EXPECT_EQ(
SameSiteCookieContext(
CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX),
cookie_util::ComputeSameSiteContextForScriptSet(
GURL("http://example.com"),
SiteForCookies::FromUrl(GURL("http://notexample.com")),
true /* attach_same_site_cookies */));
EXPECT_EQ(CookieOptions::SameSiteCookieContext::SAME_SITE_LAX,
cookie_util::ComputeSameSiteContextForResponse(
GURL("http://example.com/dir"),
SiteForCookies::FromUrl(GURL("http://sub.example.com")),
base::nullopt, false /* attach_same_site_cookies */));
EXPECT_EQ(CookieOptions::SameSiteCookieContext::SAME_SITE_LAX,
cookie_util::ComputeSameSiteContextForResponse(
GURL("http://example.com/dir"),
SiteForCookies::FromUrl(GURL("http://sub.example.com")),
base::nullopt, true /* attach_same_site_cookies */));
EXPECT_EQ(CookieOptions::SameSiteCookieContext::
SAME_SITE_LAX_CROSS_SCHEME_INSECURE_URL,
EXPECT_EQ(
SameSiteCookieContext(
CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX),
cookie_util::ComputeSameSiteContextForResponse(
GURL("http://example.com/dir"),
SiteForCookies::FromUrl(GURL("http://sub.example.com")),
base::nullopt, false /* attach_same_site_cookies */));
EXPECT_EQ(
SameSiteCookieContext(
CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX),
cookie_util::ComputeSameSiteContextForResponse(
GURL("http://example.com/dir"),
SiteForCookies::FromUrl(GURL("http://sub.example.com")),
base::nullopt, true /* attach_same_site_cookies */));
EXPECT_EQ(SameSiteCookieContext(
SameSiteCookieContext::ContextType::SAME_SITE_LAX,
SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE),
cookie_util::ComputeSameSiteContextForResponse(
GURL("http://example.com/dir"),
SiteForCookies::FromUrl(GURL("https://sub.example.com")),
base::nullopt, false /* attach_same_site_cookies */));
EXPECT_EQ(CookieOptions::SameSiteCookieContext::
SAME_SITE_LAX_CROSS_SCHEME_INSECURE_URL,
EXPECT_EQ(SameSiteCookieContext(
SameSiteCookieContext::ContextType::SAME_SITE_LAX,
SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE),
cookie_util::ComputeSameSiteContextForResponse(
GURL("http://example.com/dir"),
SiteForCookies::FromUrl(GURL("https://sub.example.com")),
base::nullopt, true /* attach_same_site_cookies */));
EXPECT_EQ(CookieOptions::SameSiteCookieContext::
SAME_SITE_LAX_CROSS_SCHEME_SECURE_URL,
EXPECT_EQ(SameSiteCookieContext(
SameSiteCookieContext::ContextType::SAME_SITE_LAX,
SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE),
cookie_util::ComputeSameSiteContextForResponse(
GURL("https://example.com/dir"),
SiteForCookies::FromUrl(GURL("http://sub.example.com")),
base::nullopt, false /* attach_same_site_cookies */));
EXPECT_EQ(CookieOptions::SameSiteCookieContext::
SAME_SITE_LAX_CROSS_SCHEME_SECURE_URL,
EXPECT_EQ(SameSiteCookieContext(
SameSiteCookieContext::ContextType::SAME_SITE_LAX,
SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE),
cookie_util::ComputeSameSiteContextForResponse(
GURL("https://example.com/dir"),
SiteForCookies::FromUrl(GURL("http://sub.example.com")),
base::nullopt, true /* attach_same_site_cookies */));
EXPECT_EQ(CookieOptions::SameSiteCookieContext::SAME_SITE_LAX,
cookie_util::ComputeSameSiteContextForScriptSet(
GURL("http://example.com/dir"),
SiteForCookies::FromUrl(GURL("http://sub.example.com")),
false /* attach_same_site_cookies */));
EXPECT_EQ(CookieOptions::SameSiteCookieContext::
SAME_SITE_LAX_CROSS_SCHEME_INSECURE_URL,
EXPECT_EQ(
SameSiteCookieContext(
CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX),
cookie_util::ComputeSameSiteContextForScriptSet(
GURL("http://example.com/dir"),
SiteForCookies::FromUrl(GURL("http://sub.example.com")),
false /* attach_same_site_cookies */));
EXPECT_EQ(SameSiteCookieContext(
SameSiteCookieContext::ContextType::SAME_SITE_LAX,
SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE),
cookie_util::ComputeSameSiteContextForScriptSet(
GURL("http://example.com/dir"),
SiteForCookies::FromUrl(GURL("https://sub.example.com")),
false /* attach_same_site_cookies */));
EXPECT_EQ(CookieOptions::SameSiteCookieContext::
SAME_SITE_LAX_CROSS_SCHEME_SECURE_URL,
EXPECT_EQ(SameSiteCookieContext(
SameSiteCookieContext::ContextType::SAME_SITE_LAX,
SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE),
cookie_util::ComputeSameSiteContextForScriptSet(
GURL("https://example.com/dir"),
SiteForCookies::FromUrl(GURL("http://sub.example.com")),
@ -635,15 +706,18 @@ TEST(CookieUtilTest, ComputeSameSiteContextForSet) {
}
TEST(CookieUtilTest, TestComputeSameSiteContextForSubresource) {
using SameSiteCookieContext = CookieOptions::SameSiteCookieContext;
// |site_for_cookies| not matching the URL -> it's cross-site.
EXPECT_EQ(CookieOptions::SameSiteCookieContext::CROSS_SITE,
cookie_util::ComputeSameSiteContextForSubresource(
GURL("http://example.com"),
SiteForCookies::FromUrl(GURL("http://notexample.com")),
false /* attach_same_site_cookies */));
EXPECT_EQ(
SameSiteCookieContext(SameSiteCookieContext::ContextType::CROSS_SITE),
cookie_util::ComputeSameSiteContextForSubresource(
GURL("http://example.com"),
SiteForCookies::FromUrl(GURL("http://notexample.com")),
false /* attach_same_site_cookies */));
// Same as above except |attach_same_site_cookies| makes it return STRICT.
EXPECT_EQ(CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT,
EXPECT_EQ(SameSiteCookieContext(
SameSiteCookieContext::ContextType::SAME_SITE_STRICT),
cookie_util::ComputeSameSiteContextForSubresource(
GURL("http://example.com"),
SiteForCookies::FromUrl(GURL("http://notexample.com")),
@ -651,26 +725,30 @@ TEST(CookieUtilTest, TestComputeSameSiteContextForSubresource) {
// This isn't a full on origin check --- subdomains and different schema are
// accepted.
EXPECT_EQ(CookieOptions::SameSiteCookieContext::
SAME_SITE_STRICT_CROSS_SCHEME_SECURE_URL,
EXPECT_EQ(SameSiteCookieContext(
SameSiteCookieContext::ContextType::SAME_SITE_STRICT,
SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE),
cookie_util::ComputeSameSiteContextForSubresource(
GURL("https://example.com"),
SiteForCookies::FromUrl(GURL("http://example.com")),
false /* attach_same_site_cookies */));
EXPECT_EQ(CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT,
EXPECT_EQ(SameSiteCookieContext(
SameSiteCookieContext::ContextType::SAME_SITE_STRICT),
cookie_util::ComputeSameSiteContextForSubresource(
GURL("http://sub.example.com"),
SiteForCookies::FromUrl(GURL("http://sub2.example.com")),
false /* attach_same_site_cookies */));
EXPECT_EQ(CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT,
EXPECT_EQ(SameSiteCookieContext(
SameSiteCookieContext::ContextType::SAME_SITE_STRICT),
cookie_util::ComputeSameSiteContextForSubresource(
GURL("http://sub.example.com"),
SiteForCookies::FromUrl(GURL("http://sub.example.com:8080")),
false /* attach_same_site_cookies */));
EXPECT_EQ(CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT,
EXPECT_EQ(SameSiteCookieContext(
SameSiteCookieContext::ContextType::SAME_SITE_STRICT),
cookie_util::ComputeSameSiteContextForSubresource(
GURL("http://example.com"),
SiteForCookies::FromUrl(GURL("http://example.com")),

24
services/network/cookie_manager_unittest.cc

@ -143,7 +143,7 @@ class SynchronousCookieManager {
net::CanonicalCookie::CookieInclusionStatus::EXCLUDE_UNKNOWN_ERROR);
net::CookieOptions options;
options.set_same_site_cookie_context(
net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT);
net::CookieOptions::SameSiteCookieContext::MakeInclusive());
if (modify_http_only)
options.set_include_httponly();
cookie_service_->SetCanonicalCookie(
@ -166,7 +166,7 @@ class SynchronousCookieManager {
base::RunLoop run_loop;
net::CookieOptions options;
options.set_same_site_cookie_context(
net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT);
net::CookieOptions::SameSiteCookieContext::MakeInclusive());
if (modify_http_only)
options.set_include_httponly();
net::CanonicalCookie::CookieInclusionStatus result_out(
@ -264,7 +264,7 @@ class CookieManagerTest : public testing::Test {
callback;
net::CookieOptions options;
options.set_same_site_cookie_context(
net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT);
net::CookieOptions::SameSiteCookieContext::MakeInclusive());
if (can_modify_httponly)
options.set_include_httponly();
@ -572,7 +572,7 @@ TEST_F(CookieManagerTest, GetCookieList) {
// Want the SameSite=lax cookies, but not httponly ones.
net::CookieOptions options;
options.set_same_site_cookie_context(
net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT);
net::CookieOptions::SameSiteCookieContext::MakeInclusive());
std::vector<net::CanonicalCookie> cookies = service_wrapper()->GetCookieList(
GURL("https://foo_host.com/with/path"), options);
@ -622,7 +622,7 @@ TEST_F(CookieManagerTest, GetCookieListHttpOnly) {
// Retrieve without httponly cookies (default)
net::CookieOptions options;
options.set_same_site_cookie_context(
net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT);
net::CookieOptions::SameSiteCookieContext::MakeInclusive());
EXPECT_TRUE(options.exclude_httponly());
std::vector<net::CanonicalCookie> cookies = service_wrapper()->GetCookieList(
@ -677,8 +677,10 @@ TEST_F(CookieManagerTest, GetCookieListSameSite) {
// Retrieve only unrestricted cookies.
net::CookieOptions options;
EXPECT_EQ(net::CookieOptions::SameSiteCookieContext::CROSS_SITE,
options.same_site_cookie_context());
EXPECT_EQ(
net::CookieOptions::SameSiteCookieContext(
net::CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE),
options.same_site_cookie_context());
std::vector<net::CanonicalCookie> cookies = service_wrapper()->GetCookieList(
GURL("https://foo_host.com/with/path"), options);
ASSERT_EQ(1u, cookies.size());
@ -693,7 +695,9 @@ TEST_F(CookieManagerTest, GetCookieListSameSite) {
// Retrieve unrestricted and lax cookies.
options.set_same_site_cookie_context(
net::CookieOptions::SameSiteCookieContext::SAME_SITE_LAX);
net::CookieOptions::SameSiteCookieContext(
net::CookieOptions::SameSiteCookieContext::ContextType::
SAME_SITE_LAX));
cookies = service_wrapper()->GetCookieList(
GURL("https://foo_host.com/with/path"), options);
ASSERT_EQ(2u, cookies.size());
@ -707,7 +711,7 @@ TEST_F(CookieManagerTest, GetCookieListSameSite) {
// Retrieve everything.
options.set_same_site_cookie_context(
net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT);
net::CookieOptions::SameSiteCookieContext::MakeInclusive());
cookies = service_wrapper()->GetCookieList(
GURL("https://foo_host.com/with/path"), options);
ASSERT_EQ(3u, cookies.size());
@ -735,7 +739,7 @@ TEST_F(CookieManagerTest, GetCookieListAccessTime) {
// the access time is null.
net::CookieOptions options;
options.set_same_site_cookie_context(
net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT);
net::CookieOptions::SameSiteCookieContext::MakeInclusive());
options.set_do_not_update_access_time();
std::vector<net::CanonicalCookie> cookies = service_wrapper()->GetCookieList(

162
services/network/public/cpp/cookie_manager_mojom_traits.cc

@ -150,96 +150,88 @@ bool EnumTraits<network::mojom::CookieAccessSemantics,
return false;
}
network::mojom::CookieSameSiteContext
EnumTraits<network::mojom::CookieSameSiteContext,
net::CookieOptions::SameSiteCookieContext>::
ToMojom(net::CookieOptions::SameSiteCookieContext input) {
network::mojom::ContextType
EnumTraits<network::mojom::ContextType,
net::CookieOptions::SameSiteCookieContext::ContextType>::
ToMojom(net::CookieOptions::SameSiteCookieContext::ContextType input) {
switch (input) {
case net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT:
return network::mojom::CookieSameSiteContext::SAME_SITE_STRICT;
case net::CookieOptions::SameSiteCookieContext::SAME_SITE_LAX:
return network::mojom::CookieSameSiteContext::SAME_SITE_LAX;
case net::CookieOptions::SameSiteCookieContext::SAME_SITE_LAX_METHOD_UNSAFE:
return network::mojom::CookieSameSiteContext::SAME_SITE_LAX_METHOD_UNSAFE;
case net::CookieOptions::SameSiteCookieContext::CROSS_SITE:
return network::mojom::CookieSameSiteContext::CROSS_SITE;
case net::CookieOptions::SameSiteCookieContext::
SAME_SITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_SECURE_URL:
return network::mojom::CookieSameSiteContext::
SAME_SITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_SECURE_URL;
case net::CookieOptions::SameSiteCookieContext::
SAME_SITE_LAX_CROSS_SCHEME_SECURE_URL:
return network::mojom::CookieSameSiteContext::
SAME_SITE_LAX_CROSS_SCHEME_SECURE_URL;
case net::CookieOptions::SameSiteCookieContext::
SAME_SITE_STRICT_CROSS_SCHEME_SECURE_URL:
return network::mojom::CookieSameSiteContext::
SAME_SITE_STRICT_CROSS_SCHEME_SECURE_URL;
case net::CookieOptions::SameSiteCookieContext::
SAME_SITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_INSECURE_URL:
return network::mojom::CookieSameSiteContext::
SAME_SITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_INSECURE_URL;
case net::CookieOptions::SameSiteCookieContext::
SAME_SITE_LAX_CROSS_SCHEME_INSECURE_URL:
return network::mojom::CookieSameSiteContext::
SAME_SITE_LAX_CROSS_SCHEME_INSECURE_URL;
case net::CookieOptions::SameSiteCookieContext::
SAME_SITE_STRICT_CROSS_SCHEME_INSECURE_URL:
return network::mojom::CookieSameSiteContext::
SAME_SITE_STRICT_CROSS_SCHEME_INSECURE_URL;
case net::CookieOptions::SameSiteCookieContext::ContextType::
SAME_SITE_STRICT:
return network::mojom::ContextType::SAME_SITE_STRICT;
case net::CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX:
return network::mojom::ContextType::SAME_SITE_LAX;
case net::CookieOptions::SameSiteCookieContext::ContextType::
SAME_SITE_LAX_METHOD_UNSAFE:
return network::mojom::ContextType::SAME_SITE_LAX_METHOD_UNSAFE;
case net::CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE:
return network::mojom::ContextType::CROSS_SITE;
default:
NOTREACHED();
return network::mojom::CookieSameSiteContext::CROSS_SITE;
return network::mojom::ContextType::CROSS_SITE;
}
}
bool EnumTraits<network::mojom::CookieSameSiteContext,
net::CookieOptions::SameSiteCookieContext>::
FromMojom(network::mojom::CookieSameSiteContext input,
net::CookieOptions::SameSiteCookieContext* output) {
bool EnumTraits<network::mojom::ContextType,
net::CookieOptions::SameSiteCookieContext::ContextType>::
FromMojom(network::mojom::ContextType input,
net::CookieOptions::SameSiteCookieContext::ContextType* output) {
switch (input) {
case network::mojom::CookieSameSiteContext::SAME_SITE_STRICT:
*output = net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT;
case network::mojom::ContextType::SAME_SITE_STRICT:
*output = net::CookieOptions::SameSiteCookieContext::ContextType::
SAME_SITE_STRICT;
return true;
case network::mojom::CookieSameSiteContext::SAME_SITE_LAX:
*output = net::CookieOptions::SameSiteCookieContext::SAME_SITE_LAX;
case network::mojom::ContextType::SAME_SITE_LAX:
*output =
net::CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX;
return true;
case network::mojom::CookieSameSiteContext::SAME_SITE_LAX_METHOD_UNSAFE:
*output = net::CookieOptions::SameSiteCookieContext::
case network::mojom::ContextType::SAME_SITE_LAX_METHOD_UNSAFE:
*output = net::CookieOptions::SameSiteCookieContext::ContextType::
SAME_SITE_LAX_METHOD_UNSAFE;
return true;
case network::mojom::CookieSameSiteContext::CROSS_SITE:
*output = net::CookieOptions::SameSiteCookieContext::CROSS_SITE;
case network::mojom::ContextType::CROSS_SITE:
*output =
net::CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE;
return true;
case network::mojom::CookieSameSiteContext::
SAME_SITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_SECURE_URL:
*output = net::CookieOptions::SameSiteCookieContext::
SAME_SITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_SECURE_URL;
}
return false;
}
network::mojom::CrossSchemeness
EnumTraits<network::mojom::CrossSchemeness,
net::CookieOptions::SameSiteCookieContext::CrossSchemeness>::
ToMojom(net::CookieOptions::SameSiteCookieContext::CrossSchemeness input) {
switch (input) {
case net::CookieOptions::SameSiteCookieContext::CrossSchemeness::NONE:
return network::mojom::CrossSchemeness::NONE;
case net::CookieOptions::SameSiteCookieContext::CrossSchemeness::
INSECURE_SECURE:
return network::mojom::CrossSchemeness::INSECURE_SECURE;
case net::CookieOptions::SameSiteCookieContext::CrossSchemeness::
SECURE_INSECURE:
return network::mojom::CrossSchemeness::SECURE_INSECURE;
default:
NOTREACHED();
return network::mojom::CrossSchemeness::NONE;
}
}
bool EnumTraits<network::mojom::CrossSchemeness,
net::CookieOptions::SameSiteCookieContext::CrossSchemeness>::
FromMojom(
network::mojom::CrossSchemeness input,
net::CookieOptions::SameSiteCookieContext::CrossSchemeness* output) {
switch (input) {
case network::mojom::CrossSchemeness::NONE:
*output =
net::CookieOptions::SameSiteCookieContext::CrossSchemeness::NONE;
return true;
case network::mojom::CookieSameSiteContext::
SAME_SITE_LAX_CROSS_SCHEME_SECURE_URL:
*output = net::CookieOptions::SameSiteCookieContext::
SAME_SITE_LAX_CROSS_SCHEME_SECURE_URL;
case network::mojom::CrossSchemeness::INSECURE_SECURE:
*output = net::CookieOptions::SameSiteCookieContext::CrossSchemeness::
INSECURE_SECURE;
return true;
case network::mojom::CookieSameSiteContext::
SAME_SITE_STRICT_CROSS_SCHEME_SECURE_URL:
*output = net::CookieOptions::SameSiteCookieContext::
SAME_SITE_STRICT_CROSS_SCHEME_SECURE_URL;
return true;
case network::mojom::CookieSameSiteContext::
SAME_SITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_INSECURE_URL:
*output = net::CookieOptions::SameSiteCookieContext::
SAME_SITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_INSECURE_URL;
return true;
case network::mojom::CookieSameSiteContext::
SAME_SITE_LAX_CROSS_SCHEME_INSECURE_URL:
*output = net::CookieOptions::SameSiteCookieContext::
SAME_SITE_LAX_CROSS_SCHEME_INSECURE_URL;
return true;
case network::mojom::CookieSameSiteContext::
SAME_SITE_STRICT_CROSS_SCHEME_INSECURE_URL:
*output = net::CookieOptions::SameSiteCookieContext::
SAME_SITE_STRICT_CROSS_SCHEME_INSECURE_URL;
case network::mojom::CrossSchemeness::SECURE_INSECURE:
*output = net::CookieOptions::SameSiteCookieContext::CrossSchemeness::
SECURE_INSECURE;
return true;
}
return false;
@ -301,6 +293,24 @@ bool EnumTraits<network::mojom::CookieChangeCause, net::CookieChangeCause>::
return false;
}
bool StructTraits<network::mojom::CookieSameSiteContextDataView,
net::CookieOptions::SameSiteCookieContext>::
Read(network::mojom::CookieSameSiteContextDataView mojo_context,
net::CookieOptions::SameSiteCookieContext* context) {
net::CookieOptions::SameSiteCookieContext::ContextType context_type;
if (!mojo_context.ReadContext(&context_type))
return false;
net::CookieOptions::SameSiteCookieContext::CrossSchemeness cross_schemeness;
if (!mojo_context.ReadCrossSchemeness(&cross_schemeness))
return false;
*context =
net::CookieOptions::SameSiteCookieContext(context_type, cross_schemeness);
return true;
}
bool StructTraits<network::mojom::CookieOptionsDataView, net::CookieOptions>::
Read(network::mojom::CookieOptionsDataView mojo_options,
net::CookieOptions* cookie_options) {

39
services/network/public/cpp/cookie_manager_mojom_traits.h

@ -39,13 +39,23 @@ struct EnumTraits<network::mojom::CookieAccessSemantics,
};
template <>
struct EnumTraits<network::mojom::CookieSameSiteContext,
net::CookieOptions::SameSiteCookieContext> {
static network::mojom::CookieSameSiteContext ToMojom(
net::CookieOptions::SameSiteCookieContext input);
struct EnumTraits<network::mojom::ContextType,
net::CookieOptions::SameSiteCookieContext::ContextType> {
static network::mojom::ContextType ToMojom(
net::CookieOptions::SameSiteCookieContext::ContextType input);
static bool FromMojom(
network::mojom::ContextType input,
net::CookieOptions::SameSiteCookieContext::ContextType* output);
};
static bool FromMojom(network::mojom::CookieSameSiteContext input,
net::CookieOptions::SameSiteCookieContext* output);
template <>
struct EnumTraits<network::mojom::CrossSchemeness,
net::CookieOptions::SameSiteCookieContext::CrossSchemeness> {
static network::mojom::CrossSchemeness ToMojom(
net::CookieOptions::SameSiteCookieContext::CrossSchemeness input);
static bool FromMojom(
network::mojom::CrossSchemeness input,
net::CookieOptions::SameSiteCookieContext::CrossSchemeness* output);
};
template <>
@ -66,6 +76,23 @@ struct EnumTraits<network::mojom::CookieChangeCause, net::CookieChangeCause> {
net::CookieChangeCause* output);
};
template <>
struct StructTraits<network::mojom::CookieSameSiteContextDataView,
net::CookieOptions::SameSiteCookieContext> {
static net::CookieOptions::SameSiteCookieContext::ContextType context(
net::CookieOptions::SameSiteCookieContext& s) {
return s.context;
}
static net::CookieOptions::SameSiteCookieContext::CrossSchemeness
cross_schemeness(net::CookieOptions::SameSiteCookieContext& s) {
return s.cross_schemeness;
}
static bool Read(network::mojom::CookieSameSiteContextDataView mojo_options,
net::CookieOptions::SameSiteCookieContext* context);
};
template <>
struct StructTraits<network::mojom::CookieOptionsDataView, net::CookieOptions> {
static bool exclude_httponly(const net::CookieOptions& o) {

76
services/network/public/cpp/cookie_manager_mojom_traits_unittest.cc

@ -133,6 +133,31 @@ TEST(CookieManagerTraitsTest, Roundtrips_CookieSameSite) {
}
}
TEST(CookieManagerTraitsTest, Roundtrips_ContextType) {
using ContextType = net::CookieOptions::SameSiteCookieContext::ContextType;
for (ContextType context_type :
{ContextType::CROSS_SITE, ContextType::SAME_SITE_LAX_METHOD_UNSAFE,
ContextType::SAME_SITE_LAX, ContextType::SAME_SITE_STRICT}) {
ContextType roundtrip;
ASSERT_TRUE(SerializeAndDeserializeEnum<mojom::ContextType>(context_type,
&roundtrip));
EXPECT_EQ(context_type, roundtrip);
}
}
TEST(CookieManagerTraitsTest, Roundtrips_CrossSchemeness) {
using CrossSchemeness =
net::CookieOptions::SameSiteCookieContext::CrossSchemeness;
for (CrossSchemeness cross_schemeness :
{CrossSchemeness::NONE, CrossSchemeness::INSECURE_SECURE,
CrossSchemeness::SECURE_INSECURE}) {
CrossSchemeness roundtrip;
ASSERT_TRUE(SerializeAndDeserializeEnum<mojom::CrossSchemeness>(
cross_schemeness, &roundtrip));
EXPECT_EQ(cross_schemeness, roundtrip);
}
}
TEST(CookieManagerTraitsTest, Roundtrips_CookieAccessSemantics) {
for (net::CookieAccessSemantics access_semantics :
{net::CookieAccessSemantics::UNKNOWN,
@ -160,27 +185,26 @@ TEST(CookieManagerTraitsTest, Roundtrips_CookieChangeCause) {
}
TEST(CookieManagerTraitsTest, Roundtrips_CookieSameSiteContext) {
for (net::CookieOptions::SameSiteCookieContext context_state :
{net::CookieOptions::SameSiteCookieContext::CROSS_SITE,
net::CookieOptions::SameSiteCookieContext::SAME_SITE_LAX,
net::CookieOptions::SameSiteCookieContext::SAME_SITE_LAX_METHOD_UNSAFE,
net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT,
net::CookieOptions::SameSiteCookieContext::
SAME_SITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_SECURE_URL,
net::CookieOptions::SameSiteCookieContext::
SAME_SITE_LAX_CROSS_SCHEME_SECURE_URL,
net::CookieOptions::SameSiteCookieContext::
SAME_SITE_STRICT_CROSS_SCHEME_SECURE_URL,
net::CookieOptions::SameSiteCookieContext::
SAME_SITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_INSECURE_URL,
net::CookieOptions::SameSiteCookieContext::
SAME_SITE_LAX_CROSS_SCHEME_INSECURE_URL,
net::CookieOptions::SameSiteCookieContext::
SAME_SITE_STRICT_CROSS_SCHEME_INSECURE_URL}) {
net::CookieOptions::SameSiteCookieContext roundtrip;
ASSERT_TRUE(SerializeAndDeserializeEnum<mojom::CookieSameSiteContext>(
context_state, &roundtrip));
EXPECT_EQ(context_state, roundtrip);
using ContextType = net::CookieOptions::SameSiteCookieContext::ContextType;
using CrossSchemeness =
net::CookieOptions::SameSiteCookieContext::CrossSchemeness;
for (ContextType context_type :
{ContextType::CROSS_SITE, ContextType::SAME_SITE_LAX_METHOD_UNSAFE,
ContextType::SAME_SITE_LAX, ContextType::SAME_SITE_STRICT}) {
for (CrossSchemeness cross_schemeness :
{CrossSchemeness::NONE, CrossSchemeness::INSECURE_SECURE,
CrossSchemeness::SECURE_INSECURE}) {
net::CookieOptions::SameSiteCookieContext context_in(context_type,
cross_schemeness),
copy;
EXPECT_TRUE(
mojo::test::SerializeAndDeserialize<mojom::CookieSameSiteContext>(
&context_in, &copy));
EXPECT_EQ(context_in.context, copy.context);
EXPECT_EQ(context_in.cross_schemeness, copy.cross_schemeness);
}
}
}
@ -193,8 +217,10 @@ TEST(CookieManagerTraitsTest, Roundtrips_CookieOptions) {
EXPECT_TRUE(mojo::test::SerializeAndDeserialize<mojom::CookieOptions>(
&least_trusted, &copy));
EXPECT_TRUE(copy.exclude_httponly());
EXPECT_EQ(net::CookieOptions::SameSiteCookieContext::CROSS_SITE,
copy.same_site_cookie_context());
EXPECT_EQ(
net::CookieOptions::SameSiteCookieContext(
net::CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE),
copy.same_site_cookie_context());
EXPECT_TRUE(copy.return_excluded_cookies());
}
@ -202,12 +228,12 @@ TEST(CookieManagerTraitsTest, Roundtrips_CookieOptions) {
net::CookieOptions very_trusted, copy;
very_trusted.set_include_httponly();
very_trusted.set_same_site_cookie_context(
net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT);
net::CookieOptions::SameSiteCookieContext::MakeInclusive());
EXPECT_TRUE(mojo::test::SerializeAndDeserialize<mojom::CookieOptions>(
&very_trusted, &copy));
EXPECT_FALSE(copy.exclude_httponly());
EXPECT_EQ(net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT,
EXPECT_EQ(net::CookieOptions::SameSiteCookieContext::MakeInclusive(),
copy.same_site_cookie_context());
EXPECT_FALSE(copy.return_excluded_cookies());
}

24
services/network/public/mojom/cookie_manager.mojom

@ -73,17 +73,23 @@ enum CookieSameSite {
// Reserved 3 (was EXTENDED_MODE), next number is 4.
};
enum CookieSameSiteContext {
enum ContextType {
CROSS_SITE,
SAME_SITE_LAX_METHOD_UNSAFE,
SAME_SITE_LAX,
SAME_SITE_STRICT,
SAME_SITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_SECURE_URL,
SAME_SITE_LAX_CROSS_SCHEME_SECURE_URL,
SAME_SITE_STRICT_CROSS_SCHEME_SECURE_URL,
SAME_SITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_INSECURE_URL,
SAME_SITE_LAX_CROSS_SCHEME_INSECURE_URL,
SAME_SITE_STRICT_CROSS_SCHEME_INSECURE_URL
SAME_SITE_STRICT
};
enum CrossSchemeness {
NONE,
INSECURE_SECURE,
SECURE_INSECURE
};
// Keep defaults here in sync with net/cookies/cookie_options.h.
struct CookieSameSiteContext {
ContextType context = CROSS_SITE;
CrossSchemeness cross_schemeness = NONE;
};
// What rules to apply when determining whether access to a particular cookie is
@ -98,7 +104,7 @@ enum CookieAccessSemantics {
// Keep defaults here in sync with net/cookies/cookie_options.cc.
struct CookieOptions {
bool exclude_httponly = true;
CookieSameSiteContext same_site_cookie_context = CROSS_SITE;
CookieSameSiteContext same_site_cookie_context;
bool update_access_time = true;
bool return_excluded_cookies = false;
};