Google Git
Sign in
chromium / chromium / src.git / 601411ad49d3ef8ffab8038797090dd6fa772863^! / . / net / cookies / cookie_monster.h
commit601411ad49d3ef8ffab8038797090dd6fa772863[log] [tgz]
authorjww <[email protected]>Fri Nov 20 19:46:57 2015
committerCommit bot <[email protected]>Fri Nov 20 19:47:36 2015
treeb1ee4b163555831d473041d5643b4ba06c873522
parentbccc5c48c5345726cf02863e19f80151af95bfc4 [diff] [blame]
Experiment to disallow setting of secure cookies from insecure schemes

Per the draft modification to the Cookie RFC
(https://tools.ietf.org/html/draft-west-leave-secure-cookies-alone),
this adds support for disallowing the setting of Secure cookies from
URLs with insecure schemes, if experimental web features are turned on.

This specifically disallows the setting and creation of Secure cookies
from insecure schemes, as well as disallows the updating of previously
Secure cookies to non-Secure from an insecure scheme. It also updates
the garbage collection algorithm to remove non-Secure cookies before
Secure ones.

BUG=546820
[email protected]

Review URL: https://codereview.chromium.org/1420333002

Cr-Commit-Position: refs/heads/master@{#360886}

diff --git a/net/cookies/cookie_monster.h b/net/cookies/cookie_monster.h
index 44f18b8b..d64534e0 100644
--- a/net/cookies/cookie_monster.h
+++ b/net/cookies/cookie_monster.h

@@ -168,6 +168,7 @@
                                  bool http_only,
                                  bool first_party,
                                  bool enforce_prefixes,
+                                 bool enforce_strict_secure,
                                  CookiePriority priority,
                                  const SetCookiesCallback& callback);
 
@@ -466,6 +467,7 @@
                             bool http_only,
                             bool first_party,
                             bool enforce_prefixes,
+                            bool enforce_strict_secure,
                             CookiePriority priority);
 
   CookieList GetAllCookies();
@@ -563,14 +565,17 @@
 
   // Delete any cookies that are equivalent to |ecc| (same path, domain, etc).
   // If |skip_httponly| is true, httponly cookies will not be deleted.  The
-  // return value with be true if |skip_httponly| skipped an httponly cookie.
-  // |key| is the key to find the cookie in cookies_; see the comment before
-  // the CookieMap typedef for details.
+  // return value will be true if |skip_httponly| skipped an httponly cookie or
+  // |enforce_strict_secure| is true and the cookie to
+  // delete was Secure and the scheme of |ecc| is insecure.  |key| is the key to
+  // find the cookie in cookies_; see the comment before the CookieMap typedef
+  // for details.
   // NOTE: There should never be more than a single matching equivalent cookie.
   bool DeleteAnyEquivalentCookie(const std::string& key,
                                  const CanonicalCookie& ecc,
                                  bool skip_httponly,
-                                 bool already_expired);
+                                 bool already_expired,
+                                 bool enforce_strict_secure);
 
   // Takes ownership of *cc. Returns an iterator that points to the inserted
   // cookie in cookies_. Guarantee: all iterators to cookies_ remain valid.