mirror of
https://github.com/klzgrad/naiveproxy.git
synced 2024-11-28 00:06:09 +03:00
328 lines
13 KiB
C++
328 lines
13 KiB
C++
// Copyright 2012 The Chromium Authors
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
// Brought to you by number 42.
|
|
|
|
#ifndef NET_COOKIES_COOKIE_OPTIONS_H_
|
|
#define NET_COOKIES_COOKIE_OPTIONS_H_
|
|
|
|
#include <ostream>
|
|
#include <string>
|
|
|
|
#include "base/check_op.h"
|
|
#include "net/base/net_export.h"
|
|
|
|
namespace net {
|
|
|
|
class NET_EXPORT CookieOptions {
|
|
public:
|
|
|
|
// Relation between the cookie and the navigational environment.
|
|
class NET_EXPORT SameSiteCookieContext {
|
|
public:
|
|
// CROSS_SITE to SAME_SITE_STRICT are ordered from least to most trusted
|
|
// environment. Don't renumber, used in histograms.
|
|
enum class ContextType {
|
|
CROSS_SITE = 0,
|
|
// Same rules as lax but the http method is unsafe.
|
|
SAME_SITE_LAX_METHOD_UNSAFE = 1,
|
|
SAME_SITE_LAX = 2,
|
|
SAME_SITE_STRICT = 3,
|
|
|
|
// Keep last, used for histograms.
|
|
COUNT
|
|
};
|
|
|
|
// Holds metadata about the factors that went into deciding the ContextType.
|
|
//
|
|
// These values may be used for recording histograms or
|
|
// CookieInclusionStatus warnings, but SHOULD NOT be relied
|
|
// upon for cookie inclusion decisions. Use only the ContextTypes for that.
|
|
//
|
|
// When adding a field, also update CompleteEquivalenceForTesting.
|
|
struct NET_EXPORT ContextMetadata {
|
|
// Possible "downgrades" for the SameSite context type, e.g. from a more
|
|
// trusted context to a less trusted context, as a result of some behavior
|
|
// change affecting the same-site calculation.
|
|
enum class ContextDowngradeType {
|
|
// Context not downgraded.
|
|
kNoDowngrade,
|
|
// Context was originally strictly same-site, was downgraded to laxly
|
|
// same-site.
|
|
kStrictToLax,
|
|
// Context was originally strictly same-site, was downgraded to
|
|
// cross-site.
|
|
kStrictToCross,
|
|
// Context was originally laxly same-site, was downgraded to cross-site.
|
|
kLaxToCross,
|
|
};
|
|
|
|
// These values are persisted to logs. Entries should not be renumbered
|
|
// and numeric values should never be reused.
|
|
// This enum is to help collect metrics for https://crbug.com/1221316.
|
|
// Specifically it's to help indicate how many cookies are accessed with a
|
|
// given redirect type in order to provide a denominator for the
|
|
// Cookie.CrossSiteRedirectDowngradeChangesInclusion2.* metrics.
|
|
// Note: for this enum the notation A->B->C means that a navigation from
|
|
// A to B was redirected to C. I.e.: A is the initator of the navigation
|
|
// and C is the final url.
|
|
enum class ContextRedirectTypeBug1221316 {
|
|
kUnset =
|
|
0, // Indicates this value was unused and shouldn't be read. E.x.:
|
|
// A javascript access means this value is meaningless.
|
|
kNoRedirect = 1, // There weren't any redirects. E.x.: A->B, A->A
|
|
kCrossSiteRedirect =
|
|
2, // There was a redirect but it didn't start and
|
|
// end at the same site or the redirect was to a different site
|
|
// than the site-for-cookies. E.x.: A->B->C or B->B->B when the
|
|
// site-for-cookies is A.
|
|
kPartialSameSiteRedirect =
|
|
3, // There was a redirect and the start and
|
|
// end are the same site. E.x.: A->B->A. Only this one could
|
|
// potentially set cross_site_redirect_downgrade.
|
|
kAllSameSiteRedirect = 4, // There was a redirect and all urls are the
|
|
// same site. E.x.:, A->A->A
|
|
kMaxValue = kAllSameSiteRedirect
|
|
};
|
|
|
|
// These values are persisted to logs. Entries should not be renumbered
|
|
// and numeric values should never be reused.
|
|
enum class HttpMethod {
|
|
// kUnset indicates this enum wasn't applicable in the context.
|
|
kUnset = -1,
|
|
// kUnknown indicates we were unable to convert the method string to
|
|
// this enum.
|
|
kUnknown = 0,
|
|
kGet = 1,
|
|
kHead = 2,
|
|
kPost = 3,
|
|
KPut = 4,
|
|
kDelete = 5,
|
|
kConnect = 6,
|
|
kOptions = 7,
|
|
kTrace = 8,
|
|
kPatch = 9,
|
|
kMaxValue = kPatch
|
|
};
|
|
|
|
// Records the type of any context downgrade due to a cross-site redirect,
|
|
// i.e. whether the spec change in
|
|
// https://github.com/httpwg/http-extensions/pull/1348 changed the result
|
|
// of the context calculation. Note that a lax-to-cross downgrade can only
|
|
// happen for response cookies, because a laxly same-site context only
|
|
// happens for a top-level cross-site request, which cannot be downgraded
|
|
// due to a cross-site redirect to a non-top-level cross-site request.
|
|
// This only records whether the context was downgraded, not whether the
|
|
// cookie's inclusion result was changed.
|
|
ContextDowngradeType cross_site_redirect_downgrade =
|
|
ContextDowngradeType::kNoDowngrade;
|
|
|
|
ContextRedirectTypeBug1221316 redirect_type_bug_1221316 =
|
|
ContextRedirectTypeBug1221316::kUnset;
|
|
|
|
// Records the HTTP method of requests that result in a cross-site
|
|
// redirect downgrade. May be kUnset if there wasn't a downgrade or if the
|
|
// cookie access wasn't due to a request.
|
|
//
|
|
// Note that this field is always set when there was a context
|
|
// downgrade but the associated histrogram is only recorded when that
|
|
// context downgrade results in a change in inclusion status.
|
|
HttpMethod http_method_bug_1221316 = HttpMethod::kUnset;
|
|
};
|
|
|
|
// The following three constructors apply default values for the metadata
|
|
// members.
|
|
SameSiteCookieContext()
|
|
: SameSiteCookieContext(ContextType::CROSS_SITE,
|
|
ContextType::CROSS_SITE) {}
|
|
|
|
explicit SameSiteCookieContext(ContextType same_site_context)
|
|
: SameSiteCookieContext(same_site_context, same_site_context) {}
|
|
|
|
SameSiteCookieContext(ContextType same_site_context,
|
|
ContextType schemeful_same_site_context)
|
|
: SameSiteCookieContext(same_site_context,
|
|
schemeful_same_site_context,
|
|
ContextMetadata(),
|
|
ContextMetadata()) {}
|
|
|
|
// Schemeful and schemeless context types are consistency-checked against
|
|
// each other, but the metadata is stored as-is (i.e. the values in
|
|
// `metadata` and `schemeful_metadata` may be logically inconsistent), as
|
|
// the metadata is not relied upon for correctness.
|
|
SameSiteCookieContext(ContextType same_site_context,
|
|
ContextType schemeful_same_site_context,
|
|
ContextMetadata metadata,
|
|
ContextMetadata schemeful_metadata)
|
|
: context_(same_site_context),
|
|
schemeful_context_(schemeful_same_site_context),
|
|
metadata_(metadata),
|
|
schemeful_metadata_(schemeful_metadata) {
|
|
DCHECK_LE(schemeful_context_, context_);
|
|
}
|
|
|
|
// Convenience method which returns a SameSiteCookieContext with the most
|
|
// inclusive contexts. This allows access to all SameSite cookies.
|
|
static SameSiteCookieContext MakeInclusive();
|
|
|
|
// Convenience method which returns a SameSiteCookieContext with the most
|
|
// inclusive contexts for set. This allows setting all SameSite cookies.
|
|
static SameSiteCookieContext MakeInclusiveForSet();
|
|
|
|
// Returns the context for determining SameSite cookie inclusion.
|
|
ContextType GetContextForCookieInclusion() const;
|
|
|
|
// Returns the metadata describing how this context was calculated, under
|
|
// the currently applicable schemeful/schemeless mode.
|
|
// TODO(chlily): Should take the CookieAccessSemantics as well, to
|
|
// accurately account for the context actually used for a given cookie.
|
|
const ContextMetadata& GetMetadataForCurrentSchemefulMode() const;
|
|
|
|
// If you're just trying to determine if a cookie is accessible you likely
|
|
// want to use GetContextForCookieInclusion() which will return the correct
|
|
// context regardless the status of same-site features.
|
|
ContextType context() const { return context_; }
|
|
ContextType schemeful_context() const { return schemeful_context_; }
|
|
|
|
// You probably want to use GetMetadataForCurrentSchemefulMode() instead of
|
|
// these getters, since that takes into account the applicable schemeful
|
|
// mode.
|
|
const ContextMetadata& metadata() const { return metadata_; }
|
|
ContextMetadata& metadata() { return metadata_; }
|
|
const ContextMetadata& schemeful_metadata() const {
|
|
return schemeful_metadata_;
|
|
}
|
|
ContextMetadata& schemeful_metadata() { return schemeful_metadata_; }
|
|
|
|
// Sets context types. Does not check for consistency between context and
|
|
// schemeful context. Does not touch the metadata.
|
|
void SetContextTypesForTesting(ContextType context_type,
|
|
ContextType schemeful_context_type);
|
|
|
|
// Returns whether the context types and all fields of the metadata structs
|
|
// are the same.
|
|
bool CompleteEquivalenceForTesting(
|
|
const SameSiteCookieContext& other) const;
|
|
|
|
// Equality operators disregard any metadata! (Only the context types are
|
|
// compared, not how they were computed.)
|
|
NET_EXPORT friend bool operator==(
|
|
const CookieOptions::SameSiteCookieContext& lhs,
|
|
const CookieOptions::SameSiteCookieContext& rhs);
|
|
NET_EXPORT friend bool operator!=(
|
|
const CookieOptions::SameSiteCookieContext& lhs,
|
|
const CookieOptions::SameSiteCookieContext& rhs);
|
|
|
|
private:
|
|
ContextType context_;
|
|
ContextType schemeful_context_;
|
|
|
|
ContextMetadata metadata_;
|
|
ContextMetadata schemeful_metadata_;
|
|
};
|
|
|
|
// Creates a CookieOptions object which:
|
|
//
|
|
// * Excludes HttpOnly cookies
|
|
// * Excludes SameSite cookies
|
|
// * Updates last-accessed time.
|
|
// * Does not report excluded cookies in APIs that can do so.
|
|
//
|
|
// These settings can be altered by calling:
|
|
//
|
|
// * |set_{include,exclude}_httponly()|
|
|
// * |set_same_site_cookie_context()|
|
|
// * |set_do_not_update_access_time()|
|
|
CookieOptions();
|
|
CookieOptions(const CookieOptions& other);
|
|
CookieOptions(CookieOptions&& other);
|
|
~CookieOptions();
|
|
|
|
CookieOptions& operator=(const CookieOptions&);
|
|
CookieOptions& operator=(CookieOptions&&);
|
|
|
|
void set_exclude_httponly() { exclude_httponly_ = true; }
|
|
void set_include_httponly() { exclude_httponly_ = false; }
|
|
bool exclude_httponly() const { return exclude_httponly_; }
|
|
|
|
// How trusted is the current browser environment when it comes to accessing
|
|
// SameSite cookies. Default is not trusted, e.g. CROSS_SITE.
|
|
void set_same_site_cookie_context(const SameSiteCookieContext& context) {
|
|
same_site_cookie_context_ = context;
|
|
}
|
|
|
|
const SameSiteCookieContext& same_site_cookie_context() const {
|
|
return same_site_cookie_context_;
|
|
}
|
|
|
|
void set_update_access_time() { update_access_time_ = true; }
|
|
void set_do_not_update_access_time() { update_access_time_ = false; }
|
|
bool update_access_time() const { return update_access_time_; }
|
|
|
|
void set_return_excluded_cookies() { return_excluded_cookies_ = true; }
|
|
void unset_return_excluded_cookies() { return_excluded_cookies_ = false; }
|
|
bool return_excluded_cookies() const { return return_excluded_cookies_; }
|
|
|
|
// Convenience method for where you need a CookieOptions that will
|
|
// work for getting/setting all types of cookies, including HttpOnly and
|
|
// SameSite cookies. Also specifies not to update the access time, because
|
|
// usually this is done to get all the cookies to check that they are correct,
|
|
// including the creation time. This basically makes a CookieOptions that is
|
|
// the opposite of the default CookieOptions.
|
|
static CookieOptions MakeAllInclusive();
|
|
|
|
private:
|
|
// Keep default values in sync with
|
|
// content/public/common/cookie_manager.mojom.
|
|
bool exclude_httponly_ = true;
|
|
SameSiteCookieContext same_site_cookie_context_;
|
|
bool update_access_time_ = true;
|
|
bool return_excluded_cookies_ = false;
|
|
};
|
|
|
|
NET_EXPORT bool operator==(
|
|
const CookieOptions::SameSiteCookieContext::ContextMetadata& lhs,
|
|
const CookieOptions::SameSiteCookieContext::ContextMetadata& rhs);
|
|
NET_EXPORT bool operator!=(
|
|
const CookieOptions::SameSiteCookieContext::ContextMetadata& lhs,
|
|
const CookieOptions::SameSiteCookieContext::ContextMetadata& rhs);
|
|
|
|
// Allows gtest to print more helpful error messages instead of printing hex.
|
|
// (No need to null-check `os` because we can assume gtest will properly pass a
|
|
// non-null pointer, and it is dereferenced immediately anyway.)
|
|
inline void PrintTo(CookieOptions::SameSiteCookieContext::ContextType ct,
|
|
std::ostream* os) {
|
|
*os << static_cast<int>(ct);
|
|
}
|
|
|
|
inline void PrintTo(
|
|
const CookieOptions::SameSiteCookieContext::ContextMetadata& m,
|
|
std::ostream* os) {
|
|
*os << "{";
|
|
*os << " cross_site_redirect_downgrade: "
|
|
<< static_cast<int>(m.cross_site_redirect_downgrade);
|
|
*os << ", redirect_type_bug_1221316: "
|
|
<< static_cast<int>(m.redirect_type_bug_1221316);
|
|
*os << ", http_method_bug_1221316: "
|
|
<< static_cast<int>(m.http_method_bug_1221316);
|
|
*os << " }";
|
|
}
|
|
|
|
inline void PrintTo(const CookieOptions::SameSiteCookieContext& sscc,
|
|
std::ostream* os) {
|
|
*os << "{ context: ";
|
|
PrintTo(sscc.context(), os);
|
|
*os << ", schemeful_context: ";
|
|
PrintTo(sscc.schemeful_context(), os);
|
|
*os << ", metadata: ";
|
|
PrintTo(sscc.metadata(), os);
|
|
*os << ", schemeful_metadata: ";
|
|
PrintTo(sscc.schemeful_metadata(), os);
|
|
*os << " }";
|
|
}
|
|
|
|
} // namespace net
|
|
|
|
#endif // NET_COOKIES_COOKIE_OPTIONS_H_
|