naiveproxy/src/net/cookies/cookie_options.h

328 lines
13 KiB
C
Raw Normal View History

2024-11-20 14:32:56 +03:00
// Copyright 2012 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// Brought to you by number 42.
#ifndef NET_COOKIES_COOKIE_OPTIONS_H_
#define NET_COOKIES_COOKIE_OPTIONS_H_
#include <ostream>
#include <string>
#include "base/check_op.h"
#include "net/base/net_export.h"
namespace net {
class NET_EXPORT CookieOptions {
public:
// Relation between the cookie and the navigational environment.
class NET_EXPORT SameSiteCookieContext {
public:
// CROSS_SITE to SAME_SITE_STRICT are ordered from least to most trusted
// environment. Don't renumber, used in histograms.
enum class ContextType {
CROSS_SITE = 0,
// Same rules as lax but the http method is unsafe.
SAME_SITE_LAX_METHOD_UNSAFE = 1,
SAME_SITE_LAX = 2,
SAME_SITE_STRICT = 3,
// Keep last, used for histograms.
COUNT
};
// Holds metadata about the factors that went into deciding the ContextType.
//
// These values may be used for recording histograms or
// CookieInclusionStatus warnings, but SHOULD NOT be relied
// upon for cookie inclusion decisions. Use only the ContextTypes for that.
//
// When adding a field, also update CompleteEquivalenceForTesting.
struct NET_EXPORT ContextMetadata {
// Possible "downgrades" for the SameSite context type, e.g. from a more
// trusted context to a less trusted context, as a result of some behavior
// change affecting the same-site calculation.
enum class ContextDowngradeType {
// Context not downgraded.
kNoDowngrade,
// Context was originally strictly same-site, was downgraded to laxly
// same-site.
kStrictToLax,
// Context was originally strictly same-site, was downgraded to
// cross-site.
kStrictToCross,
// Context was originally laxly same-site, was downgraded to cross-site.
kLaxToCross,
};
// These values are persisted to logs. Entries should not be renumbered
// and numeric values should never be reused.
// This enum is to help collect metrics for https://crbug.com/1221316.
// Specifically it's to help indicate how many cookies are accessed with a
// given redirect type in order to provide a denominator for the
// Cookie.CrossSiteRedirectDowngradeChangesInclusion2.* metrics.
// Note: for this enum the notation A->B->C means that a navigation from
// A to B was redirected to C. I.e.: A is the initator of the navigation
// and C is the final url.
enum class ContextRedirectTypeBug1221316 {
kUnset =
0, // Indicates this value was unused and shouldn't be read. E.x.:
// A javascript access means this value is meaningless.
kNoRedirect = 1, // There weren't any redirects. E.x.: A->B, A->A
kCrossSiteRedirect =
2, // There was a redirect but it didn't start and
// end at the same site or the redirect was to a different site
// than the site-for-cookies. E.x.: A->B->C or B->B->B when the
// site-for-cookies is A.
kPartialSameSiteRedirect =
3, // There was a redirect and the start and
// end are the same site. E.x.: A->B->A. Only this one could
// potentially set cross_site_redirect_downgrade.
kAllSameSiteRedirect = 4, // There was a redirect and all urls are the
// same site. E.x.:, A->A->A
kMaxValue = kAllSameSiteRedirect
};
// These values are persisted to logs. Entries should not be renumbered
// and numeric values should never be reused.
enum class HttpMethod {
// kUnset indicates this enum wasn't applicable in the context.
kUnset = -1,
// kUnknown indicates we were unable to convert the method string to
// this enum.
kUnknown = 0,
kGet = 1,
kHead = 2,
kPost = 3,
KPut = 4,
kDelete = 5,
kConnect = 6,
kOptions = 7,
kTrace = 8,
kPatch = 9,
kMaxValue = kPatch
};
// Records the type of any context downgrade due to a cross-site redirect,
// i.e. whether the spec change in
// https://github.com/httpwg/http-extensions/pull/1348 changed the result
// of the context calculation. Note that a lax-to-cross downgrade can only
// happen for response cookies, because a laxly same-site context only
// happens for a top-level cross-site request, which cannot be downgraded
// due to a cross-site redirect to a non-top-level cross-site request.
// This only records whether the context was downgraded, not whether the
// cookie's inclusion result was changed.
ContextDowngradeType cross_site_redirect_downgrade =
ContextDowngradeType::kNoDowngrade;
ContextRedirectTypeBug1221316 redirect_type_bug_1221316 =
ContextRedirectTypeBug1221316::kUnset;
// Records the HTTP method of requests that result in a cross-site
// redirect downgrade. May be kUnset if there wasn't a downgrade or if the
// cookie access wasn't due to a request.
//
// Note that this field is always set when there was a context
// downgrade but the associated histrogram is only recorded when that
// context downgrade results in a change in inclusion status.
HttpMethod http_method_bug_1221316 = HttpMethod::kUnset;
};
// The following three constructors apply default values for the metadata
// members.
SameSiteCookieContext()
: SameSiteCookieContext(ContextType::CROSS_SITE,
ContextType::CROSS_SITE) {}
explicit SameSiteCookieContext(ContextType same_site_context)
: SameSiteCookieContext(same_site_context, same_site_context) {}
SameSiteCookieContext(ContextType same_site_context,
ContextType schemeful_same_site_context)
: SameSiteCookieContext(same_site_context,
schemeful_same_site_context,
ContextMetadata(),
ContextMetadata()) {}
// Schemeful and schemeless context types are consistency-checked against
// each other, but the metadata is stored as-is (i.e. the values in
// `metadata` and `schemeful_metadata` may be logically inconsistent), as
// the metadata is not relied upon for correctness.
SameSiteCookieContext(ContextType same_site_context,
ContextType schemeful_same_site_context,
ContextMetadata metadata,
ContextMetadata schemeful_metadata)
: context_(same_site_context),
schemeful_context_(schemeful_same_site_context),
metadata_(metadata),
schemeful_metadata_(schemeful_metadata) {
DCHECK_LE(schemeful_context_, context_);
}
// Convenience method which returns a SameSiteCookieContext with the most
// inclusive contexts. This allows access to all SameSite cookies.
static SameSiteCookieContext MakeInclusive();
// Convenience method which returns a SameSiteCookieContext with the most
// inclusive contexts for set. This allows setting all SameSite cookies.
static SameSiteCookieContext MakeInclusiveForSet();
// Returns the context for determining SameSite cookie inclusion.
ContextType GetContextForCookieInclusion() const;
// Returns the metadata describing how this context was calculated, under
// the currently applicable schemeful/schemeless mode.
// TODO(chlily): Should take the CookieAccessSemantics as well, to
// accurately account for the context actually used for a given cookie.
const ContextMetadata& GetMetadataForCurrentSchemefulMode() const;
// If you're just trying to determine if a cookie is accessible you likely
// want to use GetContextForCookieInclusion() which will return the correct
// context regardless the status of same-site features.
ContextType context() const { return context_; }
ContextType schemeful_context() const { return schemeful_context_; }
// You probably want to use GetMetadataForCurrentSchemefulMode() instead of
// these getters, since that takes into account the applicable schemeful
// mode.
const ContextMetadata& metadata() const { return metadata_; }
ContextMetadata& metadata() { return metadata_; }
const ContextMetadata& schemeful_metadata() const {
return schemeful_metadata_;
}
ContextMetadata& schemeful_metadata() { return schemeful_metadata_; }
// Sets context types. Does not check for consistency between context and
// schemeful context. Does not touch the metadata.
void SetContextTypesForTesting(ContextType context_type,
ContextType schemeful_context_type);
// Returns whether the context types and all fields of the metadata structs
// are the same.
bool CompleteEquivalenceForTesting(
const SameSiteCookieContext& other) const;
// Equality operators disregard any metadata! (Only the context types are
// compared, not how they were computed.)
NET_EXPORT friend bool operator==(
const CookieOptions::SameSiteCookieContext& lhs,
const CookieOptions::SameSiteCookieContext& rhs);
NET_EXPORT friend bool operator!=(
const CookieOptions::SameSiteCookieContext& lhs,
const CookieOptions::SameSiteCookieContext& rhs);
private:
ContextType context_;
ContextType schemeful_context_;
ContextMetadata metadata_;
ContextMetadata schemeful_metadata_;
};
// Creates a CookieOptions object which:
//
// * Excludes HttpOnly cookies
// * Excludes SameSite cookies
// * Updates last-accessed time.
// * Does not report excluded cookies in APIs that can do so.
//
// These settings can be altered by calling:
//
// * |set_{include,exclude}_httponly()|
// * |set_same_site_cookie_context()|
// * |set_do_not_update_access_time()|
CookieOptions();
CookieOptions(const CookieOptions& other);
CookieOptions(CookieOptions&& other);
~CookieOptions();
CookieOptions& operator=(const CookieOptions&);
CookieOptions& operator=(CookieOptions&&);
void set_exclude_httponly() { exclude_httponly_ = true; }
void set_include_httponly() { exclude_httponly_ = false; }
bool exclude_httponly() const { return exclude_httponly_; }
// How trusted is the current browser environment when it comes to accessing
// SameSite cookies. Default is not trusted, e.g. CROSS_SITE.
void set_same_site_cookie_context(const SameSiteCookieContext& context) {
same_site_cookie_context_ = context;
}
const SameSiteCookieContext& same_site_cookie_context() const {
return same_site_cookie_context_;
}
void set_update_access_time() { update_access_time_ = true; }
void set_do_not_update_access_time() { update_access_time_ = false; }
bool update_access_time() const { return update_access_time_; }
void set_return_excluded_cookies() { return_excluded_cookies_ = true; }
void unset_return_excluded_cookies() { return_excluded_cookies_ = false; }
bool return_excluded_cookies() const { return return_excluded_cookies_; }
// Convenience method for where you need a CookieOptions that will
// work for getting/setting all types of cookies, including HttpOnly and
// SameSite cookies. Also specifies not to update the access time, because
// usually this is done to get all the cookies to check that they are correct,
// including the creation time. This basically makes a CookieOptions that is
// the opposite of the default CookieOptions.
static CookieOptions MakeAllInclusive();
private:
// Keep default values in sync with
// content/public/common/cookie_manager.mojom.
bool exclude_httponly_ = true;
SameSiteCookieContext same_site_cookie_context_;
bool update_access_time_ = true;
bool return_excluded_cookies_ = false;
};
NET_EXPORT bool operator==(
const CookieOptions::SameSiteCookieContext::ContextMetadata& lhs,
const CookieOptions::SameSiteCookieContext::ContextMetadata& rhs);
NET_EXPORT bool operator!=(
const CookieOptions::SameSiteCookieContext::ContextMetadata& lhs,
const CookieOptions::SameSiteCookieContext::ContextMetadata& rhs);
// Allows gtest to print more helpful error messages instead of printing hex.
// (No need to null-check `os` because we can assume gtest will properly pass a
// non-null pointer, and it is dereferenced immediately anyway.)
inline void PrintTo(CookieOptions::SameSiteCookieContext::ContextType ct,
std::ostream* os) {
*os << static_cast<int>(ct);
}
inline void PrintTo(
const CookieOptions::SameSiteCookieContext::ContextMetadata& m,
std::ostream* os) {
*os << "{";
*os << " cross_site_redirect_downgrade: "
<< static_cast<int>(m.cross_site_redirect_downgrade);
*os << ", redirect_type_bug_1221316: "
<< static_cast<int>(m.redirect_type_bug_1221316);
*os << ", http_method_bug_1221316: "
<< static_cast<int>(m.http_method_bug_1221316);
*os << " }";
}
inline void PrintTo(const CookieOptions::SameSiteCookieContext& sscc,
std::ostream* os) {
*os << "{ context: ";
PrintTo(sscc.context(), os);
*os << ", schemeful_context: ";
PrintTo(sscc.schemeful_context(), os);
*os << ", metadata: ";
PrintTo(sscc.metadata(), os);
*os << ", schemeful_metadata: ";
PrintTo(sscc.schemeful_metadata(), os);
*os << " }";
}
} // namespace net
#endif // NET_COOKIES_COOKIE_OPTIONS_H_