diff options
author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2019-02-13 16:23:34 +0100 |
---|---|---|
committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2019-02-14 10:37:21 +0000 |
commit | 38a9a29f4f9436cace7f0e7abf9c586057df8a4e (patch) | |
tree | c4e8c458dc595bc0ddb435708fa2229edfd00bd4 /chromium/net/cookies | |
parent | e684a3455bcc29a6e3e66a004e352dea4e1141e7 (diff) | |
download | qtwebengine-chromium-38a9a29f4f9436cace7f0e7abf9c586057df8a4e.tar.gz |
BASELINE: Update Chromium to 73.0.3683.37
Change-Id: I08c9af2948b645f671e5d933aca1f7a90ea372f2
Reviewed-by: Michael BrĂ¼ning <michael.bruning@qt.io>
Diffstat (limited to 'chromium/net/cookies')
-rw-r--r-- | chromium/net/cookies/canonical_cookie.cc | 19 | ||||
-rw-r--r-- | chromium/net/cookies/canonical_cookie.h | 25 | ||||
-rw-r--r-- | chromium/net/cookies/canonical_cookie_unittest.cc | 61 | ||||
-rw-r--r-- | chromium/net/cookies/cookie_deletion_info.cc | 3 | ||||
-rw-r--r-- | chromium/net/cookies/cookie_monster.cc | 9 | ||||
-rw-r--r-- | chromium/net/cookies/cookie_monster_change_dispatcher.cc | 3 | ||||
-rw-r--r-- | chromium/net/cookies/cookie_monster_unittest.cc | 39 | ||||
-rw-r--r-- | chromium/net/cookies/cookie_util.cc | 4 | ||||
-rw-r--r-- | chromium/net/cookies/cookie_util.h | 5 | ||||
-rw-r--r-- | chromium/net/cookies/cookie_util_unittest.cc | 15 |
10 files changed, 125 insertions, 58 deletions
diff --git a/chromium/net/cookies/canonical_cookie.cc b/chromium/net/cookies/canonical_cookie.cc index d3442c5c92d..91611ac4171 100644 --- a/chromium/net/cookies/canonical_cookie.cc +++ b/chromium/net/cookies/canonical_cookie.cc @@ -349,41 +349,42 @@ bool CanonicalCookie::IsDomainMatch(const std::string& host) const { return cookie_util::IsDomainMatch(domain_, host); } -bool CanonicalCookie::IncludeForRequestURL(const GURL& url, - const CookieOptions& options) const { +CanonicalCookie::CookieInclusionStatus CanonicalCookie::IncludeForRequestURL( + const GURL& url, + const CookieOptions& options) const { // Filter out HttpOnly cookies, per options. if (options.exclude_httponly() && IsHttpOnly()) - return false; + return CanonicalCookie::CookieInclusionStatus::EXCLUDE_HTTP_ONLY; // Secure cookies should not be included in requests for URLs with an // insecure scheme. if (IsSecure() && !url.SchemeIsCryptographic()) - return false; + return CanonicalCookie::CookieInclusionStatus::EXCLUDE_SECURE_ONLY; // Don't include cookies for requests that don't apply to the cookie domain. if (!IsDomainMatch(url.host())) - return false; + return CanonicalCookie::CookieInclusionStatus::EXCLUDE_DOMAIN_MISMATCH; // Don't include cookies for requests with a url path that does not path // match the cookie-path. if (!IsOnPath(url.path())) - return false; + return CanonicalCookie::CookieInclusionStatus::EXCLUDE_NOT_ON_PATH; // Don't include same-site cookies for cross-site requests. switch (SameSite()) { case CookieSameSite::STRICT_MODE: if (options.same_site_cookie_mode() != CookieOptions::SameSiteCookieMode::INCLUDE_STRICT_AND_LAX) { - return false; + return CanonicalCookie::CookieInclusionStatus::EXCLUDE_SAMESITE_STRICT; } break; case CookieSameSite::LAX_MODE: if (options.same_site_cookie_mode() == CookieOptions::SameSiteCookieMode::DO_NOT_INCLUDE) { - return false; + return CanonicalCookie::CookieInclusionStatus::EXCLUDE_SAMESITE_LAX; } break; default: break; } - return true; + return CanonicalCookie::CookieInclusionStatus::INCLUDE; } std::string CanonicalCookie::DebugString() const { diff --git a/chromium/net/cookies/canonical_cookie.h b/chromium/net/cookies/canonical_cookie.h index 2352135b471..b98e9ac62a5 100644 --- a/chromium/net/cookies/canonical_cookie.h +++ b/chromium/net/cookies/canonical_cookie.h @@ -141,12 +141,25 @@ class NET_EXPORT CanonicalCookie { // section 5.1.3 of RFC 6265. bool IsDomainMatch(const std::string& host) const; - // Returns true if the cookie should be included for the given request |url|. - // HTTP only cookies can be filter by using appropriate cookie |options|. - // PLEASE NOTE that this method does not check whether a cookie is expired or - // not! - bool IncludeForRequestURL(const GURL& url, - const CookieOptions& options) const; + // This enum represents if a cookie was included or excluded, and if excluded + // why. + enum class CookieInclusionStatus { + INCLUDE = 0, + EXCLUDE_HTTP_ONLY, + EXCLUDE_SECURE_ONLY, + EXCLUDE_DOMAIN_MISMATCH, + EXCLUDE_NOT_ON_PATH, + EXCLUDE_SAMESITE_STRICT, + EXCLUDE_SAMESITE_LAX + }; + + // Returns if the cookie should be included (and if not, why) for the given + // request |url| using the CookieInclusionStatus enum. HTTP only cookies can + // be filter by using appropriate cookie |options|. PLEASE NOTE that this + // method does not check whether a cookie is expired or not! + CookieInclusionStatus IncludeForRequestURL( + const GURL& url, + const CookieOptions& options) const; std::string DebugString() const; diff --git a/chromium/net/cookies/canonical_cookie_unittest.cc b/chromium/net/cookies/canonical_cookie_unittest.cc index 05363de2c8a..87a47908e52 100644 --- a/chromium/net/cookies/canonical_cookie_unittest.cc +++ b/chromium/net/cookies/canonical_cookie_unittest.cc @@ -416,31 +416,40 @@ TEST(CanonicalCookieTest, IncludeForRequestURL) { std::unique_ptr<CanonicalCookie> cookie( CanonicalCookie::Create(url, "A=2", creation_time, options)); - EXPECT_TRUE(cookie->IncludeForRequestURL(url, options)); - EXPECT_TRUE(cookie->IncludeForRequestURL( - GURL("http://www.example.com/foo/bar"), options)); - EXPECT_TRUE(cookie->IncludeForRequestURL( - GURL("https://www.example.com/foo/bar"), options)); - EXPECT_FALSE( - cookie->IncludeForRequestURL(GURL("https://sub.example.com"), options)); - EXPECT_FALSE(cookie->IncludeForRequestURL(GURL("https://sub.www.example.com"), - options)); + EXPECT_EQ(cookie->IncludeForRequestURL(url, options), + CanonicalCookie::CookieInclusionStatus::INCLUDE); + EXPECT_EQ(cookie->IncludeForRequestURL(GURL("http://www.example.com/foo/bar"), + options), + CanonicalCookie::CookieInclusionStatus::INCLUDE); + EXPECT_EQ(cookie->IncludeForRequestURL( + GURL("https://www.example.com/foo/bar"), options), + CanonicalCookie::CookieInclusionStatus::INCLUDE); + EXPECT_EQ( + cookie->IncludeForRequestURL(GURL("https://sub.example.com"), options), + CanonicalCookie::CookieInclusionStatus::EXCLUDE_DOMAIN_MISMATCH); + EXPECT_EQ(cookie->IncludeForRequestURL(GURL("https://sub.www.example.com"), + options), + CanonicalCookie::CookieInclusionStatus::EXCLUDE_DOMAIN_MISMATCH); // Test that cookie with a cookie path that does not match the url path are // not included. cookie = CanonicalCookie::Create(url, "A=2; Path=/foo/bar", creation_time, options); - EXPECT_FALSE(cookie->IncludeForRequestURL(url, options)); - EXPECT_TRUE(cookie->IncludeForRequestURL( - GURL("http://www.example.com/foo/bar/index.html"), options)); + EXPECT_EQ(cookie->IncludeForRequestURL(url, options), + CanonicalCookie::CookieInclusionStatus::EXCLUDE_NOT_ON_PATH); + EXPECT_EQ(cookie->IncludeForRequestURL( + GURL("http://www.example.com/foo/bar/index.html"), options), + CanonicalCookie::CookieInclusionStatus::INCLUDE); // Test that a secure cookie is not included for a non secure URL. GURL secure_url("https://www.example.com"); cookie = CanonicalCookie::Create(secure_url, "A=2; Secure", creation_time, options); EXPECT_TRUE(cookie->IsSecure()); - EXPECT_TRUE(cookie->IncludeForRequestURL(secure_url, options)); - EXPECT_FALSE(cookie->IncludeForRequestURL(url, options)); + EXPECT_EQ(cookie->IncludeForRequestURL(secure_url, options), + CanonicalCookie::CookieInclusionStatus::INCLUDE); + EXPECT_EQ(cookie->IncludeForRequestURL(url, options), + CanonicalCookie::CookieInclusionStatus::EXCLUDE_SECURE_ONLY); // Test that http only cookies are only included if the include httponly flag // is set on the cookie options. @@ -448,9 +457,11 @@ TEST(CanonicalCookieTest, IncludeForRequestURL) { cookie = CanonicalCookie::Create(url, "A=2; HttpOnly", creation_time, options); EXPECT_TRUE(cookie->IsHttpOnly()); - EXPECT_TRUE(cookie->IncludeForRequestURL(url, options)); + EXPECT_EQ(cookie->IncludeForRequestURL(url, options), + CanonicalCookie::CookieInclusionStatus::INCLUDE); options.set_exclude_httponly(); - EXPECT_FALSE(cookie->IncludeForRequestURL(url, options)); + EXPECT_EQ(cookie->IncludeForRequestURL(url, options), + CanonicalCookie::CookieInclusionStatus::EXCLUDE_HTTP_ONLY); } TEST(CanonicalCookieTest, IncludeSameSiteForSameSiteURL) { @@ -466,13 +477,16 @@ TEST(CanonicalCookieTest, IncludeSameSiteForSameSiteURL) { EXPECT_EQ(CookieSameSite::STRICT_MODE, cookie->SameSite()); options.set_same_site_cookie_mode( CookieOptions::SameSiteCookieMode::DO_NOT_INCLUDE); - EXPECT_FALSE(cookie->IncludeForRequestURL(url, options)); + EXPECT_EQ(cookie->IncludeForRequestURL(url, options), + CanonicalCookie::CookieInclusionStatus::EXCLUDE_SAMESITE_STRICT); options.set_same_site_cookie_mode( CookieOptions::SameSiteCookieMode::INCLUDE_LAX); - EXPECT_FALSE(cookie->IncludeForRequestURL(url, options)); + EXPECT_EQ(cookie->IncludeForRequestURL(url, options), + CanonicalCookie::CookieInclusionStatus::EXCLUDE_SAMESITE_STRICT); options.set_same_site_cookie_mode( CookieOptions::SameSiteCookieMode::INCLUDE_STRICT_AND_LAX); - EXPECT_TRUE(cookie->IncludeForRequestURL(url, options)); + EXPECT_EQ(cookie->IncludeForRequestURL(url, options), + CanonicalCookie::CookieInclusionStatus::INCLUDE); // `SameSite=Lax` cookies are included for a URL only if the options' // SameSiteCookieMode is INCLUDE_STRICT_AND_LAX. @@ -481,13 +495,16 @@ TEST(CanonicalCookieTest, IncludeSameSiteForSameSiteURL) { EXPECT_EQ(CookieSameSite::LAX_MODE, cookie->SameSite()); options.set_same_site_cookie_mode( CookieOptions::SameSiteCookieMode::DO_NOT_INCLUDE); - EXPECT_FALSE(cookie->IncludeForRequestURL(url, options)); + EXPECT_EQ(cookie->IncludeForRequestURL(url, options), + CanonicalCookie::CookieInclusionStatus::EXCLUDE_SAMESITE_LAX); options.set_same_site_cookie_mode( CookieOptions::SameSiteCookieMode::INCLUDE_LAX); - EXPECT_TRUE(cookie->IncludeForRequestURL(url, options)); + EXPECT_EQ(cookie->IncludeForRequestURL(url, options), + CanonicalCookie::CookieInclusionStatus::INCLUDE); options.set_same_site_cookie_mode( CookieOptions::SameSiteCookieMode::INCLUDE_STRICT_AND_LAX); - EXPECT_TRUE(cookie->IncludeForRequestURL(url, options)); + EXPECT_EQ(cookie->IncludeForRequestURL(url, options), + CanonicalCookie::CookieInclusionStatus::INCLUDE); } TEST(CanonicalCookieTest, PartialCompare) { diff --git a/chromium/net/cookies/cookie_deletion_info.cc b/chromium/net/cookies/cookie_deletion_info.cc index 6c3a506eba7..88e5ad10f2b 100644 --- a/chromium/net/cookies/cookie_deletion_info.cc +++ b/chromium/net/cookies/cookie_deletion_info.cc @@ -121,7 +121,8 @@ bool CookieDeletionInfo::Matches(const CanonicalCookie& cookie) const { } if (url.has_value() && - !cookie.IncludeForRequestURL(url.value(), cookie_options)) { + cookie.IncludeForRequestURL(url.value(), cookie_options) != + CanonicalCookie::CookieInclusionStatus::INCLUDE) { return false; } diff --git a/chromium/net/cookies/cookie_monster.cc b/chromium/net/cookies/cookie_monster.cc index 069df69cf6f..1d64f00e411 100644 --- a/chromium/net/cookies/cookie_monster.cc +++ b/chromium/net/cookies/cookie_monster.cc @@ -806,7 +806,6 @@ void CookieMonster::DeleteCanonicalCookie(const CanonicalCookie& cookie, // and when this ran. The later parts of the conditional (everything but // the equivalence check) attempt to preserve this behavior. if (candidate->IsEquivalent(cookie) && - candidate->CreationDate() == cookie.CreationDate() && candidate->Value() == cookie.Value()) { InternalDeleteCookie(its.first, true, DELETE_COOKIE_EXPLICIT); result = 1u; @@ -1093,6 +1092,8 @@ void CookieMonster::FindCookiesForKey(const std::string& key, std::vector<CanonicalCookie*>* cookies) { DCHECK(thread_checker_.CalledOnValidThread()); + std::vector<CanonicalCookie*> full_cookie_list; + for (CookieMapItPair its = cookies_.equal_range(key); its.first != its.second;) { auto curit = its.first; @@ -1104,11 +1105,15 @@ void CookieMonster::FindCookiesForKey(const std::string& key, InternalDeleteCookie(curit, true, DELETE_COOKIE_EXPIRED); continue; } + full_cookie_list.push_back(cc); + } + for (CanonicalCookie* cc : full_cookie_list) { // Filter out cookies that should not be included for a request to the // given |url|. HTTP only cookies are filtered depending on the passed // cookie |options|. - if (!cc->IncludeForRequestURL(url, options)) + if (cc->IncludeForRequestURL(url, options) != + CanonicalCookie::CookieInclusionStatus::INCLUDE) continue; // Add this cookie to the set of matching cookies. Update the access diff --git a/chromium/net/cookies/cookie_monster_change_dispatcher.cc b/chromium/net/cookies/cookie_monster_change_dispatcher.cc index dc9a3f642fb..d60c888f031 100644 --- a/chromium/net/cookies/cookie_monster_change_dispatcher.cc +++ b/chromium/net/cookies/cookie_monster_change_dispatcher.cc @@ -61,7 +61,8 @@ void CookieMonsterChangeDispatcher::Subscription::DispatchChange( net::CookieChangeCause change_cause) { DCHECK_CALLED_ON_VALID_THREAD(thread_checker_); - if (!url_.is_empty() && !cookie.IncludeForRequestURL(url_, options_)) + if (!url_.is_empty() && cookie.IncludeForRequestURL(url_, options_) != + CanonicalCookie::CookieInclusionStatus::INCLUDE) return; // TODO(mmenke, pwnall): Run callbacks synchronously? diff --git a/chromium/net/cookies/cookie_monster_unittest.cc b/chromium/net/cookies/cookie_monster_unittest.cc index 7d12f2e1a63..db0fe7c8344 100644 --- a/chromium/net/cookies/cookie_monster_unittest.cc +++ b/chromium/net/cookies/cookie_monster_unittest.cc @@ -3221,6 +3221,45 @@ TEST_F(CookieMonsterTest, DeleteDuplicateCTime) { } } +TEST_F(CookieMonsterTest, DeleteCookieWithInheritedTimestamps) { + Time t1 = Time::Now(); + Time t2 = t1 + base::TimeDelta::FromSeconds(1); + GURL url("http://www.example.com"); + std::string cookie_line = "foo=bar"; + CookieOptions options; + CookieMonster cm(nullptr, nullptr, nullptr); + + // Write a cookie created at |t1|. + auto cookie = CanonicalCookie::Create(url, cookie_line, t1, options); + ResultSavingCookieCallback<bool> set_callback_1; + cm.SetCanonicalCookieAsync( + std::move(cookie), url.SchemeIsCryptographic(), + !options.exclude_httponly(), + base::BindOnce(&ResultSavingCookieCallback<bool>::Run, + base::Unretained(&set_callback_1))); + set_callback_1.WaitUntilDone(); + + // Overwrite the cookie at |t2|. + cookie = CanonicalCookie::Create(url, cookie_line, t2, options); + ResultSavingCookieCallback<bool> set_callback_2; + cm.SetCanonicalCookieAsync( + std::move(cookie), url.SchemeIsCryptographic(), + !options.exclude_httponly(), + base::BindOnce(&ResultSavingCookieCallback<bool>::Run, + base::Unretained(&set_callback_2))); + set_callback_2.WaitUntilDone(); + + // The second cookie overwrites the first one but it will inherit the creation + // timestamp |t1|. Test that deleting the new cookie still works. + cookie = CanonicalCookie::Create(url, cookie_line, t2, options); + ResultSavingCookieCallback<unsigned int> delete_callback; + cm.DeleteCanonicalCookieAsync( + *cookie, base::BindOnce(&ResultSavingCookieCallback<unsigned int>::Run, + base::Unretained(&delete_callback))); + delete_callback.WaitUntilDone(); + EXPECT_EQ(1U, delete_callback.result()); +} + class CookieMonsterNotificationTest : public CookieMonsterTest { public: CookieMonsterNotificationTest() diff --git a/chromium/net/cookies/cookie_util.cc b/chromium/net/cookies/cookie_util.cc index ab24456ef6a..72fbf5db862 100644 --- a/chromium/net/cookies/cookie_util.cc +++ b/chromium/net/cookies/cookie_util.cc @@ -9,6 +9,7 @@ #include "base/logging.h" #include "base/stl_util.h" +#include "base/strings/string_piece.h" #include "base/strings/string_tokenizer.h" #include "base/strings/string_util.h" #include "build/build_config.h" @@ -346,7 +347,8 @@ void ParseRequestCookieLine(const std::string& header_value, // i points to ';' or end of string. } } - parsed_cookies->push_back(std::make_pair(cookie_name, cookie_value)); + parsed_cookies->emplace_back(cookie_name.as_string(), + cookie_value.as_string()); // Eat ';'. if (i != header_value.end()) ++i; } diff --git a/chromium/net/cookies/cookie_util.h b/chromium/net/cookies/cookie_util.h index 669457ba9be..2c9ed99d6d0 100644 --- a/chromium/net/cookies/cookie_util.h +++ b/chromium/net/cookies/cookie_util.h @@ -9,7 +9,6 @@ #include <utility> #include <vector> -#include "base/strings/string_piece.h" #include "base/time/time.h" #include "net/base/net_export.h" @@ -59,8 +58,8 @@ NET_EXPORT bool IsDomainMatch(const std::string& domain, const std::string& host); // A ParsedRequestCookie consists of the key and value of the cookie. -typedef std::pair<base::StringPiece, base::StringPiece> ParsedRequestCookie; -typedef std::vector<ParsedRequestCookie> ParsedRequestCookies; +using ParsedRequestCookie = std::pair<std::string, std::string>; +using ParsedRequestCookies = std::vector<ParsedRequestCookie>; // Assumes that |header_value| is the cookie header value of a HTTP Request // following the cookie-string schema of RFC 6265, section 4.2.1, and returns diff --git a/chromium/net/cookies/cookie_util_unittest.cc b/chromium/net/cookies/cookie_util_unittest.cc index 00298cc0703..7812e05b9a2 100644 --- a/chromium/net/cookies/cookie_util_unittest.cc +++ b/chromium/net/cookies/cookie_util_unittest.cc @@ -18,27 +18,16 @@ struct RequestCookieParsingTest { base::StringPairs parsed; }; -cookie_util::ParsedRequestCookies MakeParsedRequestCookies( - const base::StringPairs& data) { - cookie_util::ParsedRequestCookies parsed; - for (size_t i = 0; i < data.size(); i++) { - parsed.push_back(std::make_pair(base::StringPiece(data[i].first), - base::StringPiece(data[i].second))); - } - return parsed; -} - void CheckParse(const std::string& str, const base::StringPairs& parsed_expected) { cookie_util::ParsedRequestCookies parsed; cookie_util::ParseRequestCookieLine(str, &parsed); - EXPECT_EQ(MakeParsedRequestCookies(parsed_expected), parsed); + EXPECT_EQ(parsed_expected, parsed); } void CheckSerialize(const base::StringPairs& parsed, const std::string& str_expected) { - cookie_util::ParsedRequestCookies prc = MakeParsedRequestCookies(parsed); - EXPECT_EQ(str_expected, cookie_util::SerializeRequestCookieLine(prc)); + EXPECT_EQ(str_expected, cookie_util::SerializeRequestCookieLine(parsed)); } TEST(CookieUtilTest, TestDomainIsHostOnly) { |