forked from chromium/chromium
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
AW NS: correctly implement cookie blocking for HTTP
Although we previously implemented cookie blocking in http://crrev.com/c/1507286, this design did not correctly handle the case where the application has decided to block only third party cookies and the request redirects (such that it changes first-party-ness). After the previous CL landed, we realized the design to use load_flags had a significant consequence: this can subtly affect HTTP authentication, since the load_flags opt the request into "privacy mode", and net layer may pool this into a socket with other requests in privacy mode. This might lead to putting requests we don't trust with credentials into an already-authenticated socket (which would have security consequences). This mostly reverts the previous CL (because of the aforementioned problems with load_flags) and instead propagates WebView's cookie policy into the NetworkService via URLLoader options (and, new WebSocket options). The NetworkServiceNetworkDelegate checks these settings and either blocks or allows cookies. Design: http://go/wv-ns-cookie-apis#heading=h.2h285wvuvqal Bug: 941337, 941260 Test: $ run_webview_instrumentation_test_apk \ Test: --enable-features=NetworkService,NetworkServiceInProcess \ Test: -f CookieManagerTest.* Test: $ out/Default/services_unittests --gtest_filter=URLLoaderTest.* \ Test: :NetworkContextTest.*Cookies Cq-Include-Trybots: luci.chromium.try:android_mojo Change-Id: I533886347441ae369b925574f344dd65801509e5 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1542726 Commit-Queue: Nate Fischer <ntfschr@chromium.org> Reviewed-by: Matt Menke <mmenke@chromium.org> Reviewed-by: Richard Coles <torne@chromium.org> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Reviewed-by: John Abd-El-Malek <jam@chromium.org> Cr-Commit-Position: refs/heads/master@{#646986}
- Loading branch information
1 parent
dcef3fb
commit 5f755c6
Showing
35 changed files
with
442 additions
and
57 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.