diff --git a/chrome/browser/android/cookies/cookies_fetcher_util.cc b/chrome/browser/android/cookies/cookies_fetcher_util.cc index 87a0ef97a12c81..5f0b9e840222c8 100644 --- a/chrome/browser/android/cookies/cookies_fetcher_util.cc +++ b/chrome/browser/android/cookies/cookies_fetcher_util.cc @@ -117,7 +117,7 @@ static void JNI_CookiesFetcher_RestoreCookies( net::CookieOptions options; options.set_include_httponly(); options.set_same_site_cookie_context( - net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT); + net::CookieOptions::SameSiteCookieContext::MakeInclusive()); GetCookieServiceClient()->SetCanonicalCookie( *cookie, "https", options, network::mojom::CookieManager::SetCanonicalCookieCallback()); diff --git a/chrome/browser/chromeos/android_sms/android_sms_app_setup_controller_impl.cc b/chrome/browser/chromeos/android_sms/android_sms_app_setup_controller_impl.cc index 937c433c1c90b0..5de117b2a9718a 100644 --- a/chrome/browser/chromeos/android_sms/android_sms_app_setup_controller_impl.cc +++ b/chrome/browser/chromeos/android_sms/android_sms_app_setup_controller_impl.cc @@ -101,7 +101,7 @@ void AndroidSmsAppSetupControllerImpl::SetUpApp(const GURL& app_url, << "installation."; net::CookieOptions options; options.set_same_site_cookie_context( - net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT); + net::CookieOptions::SameSiteCookieContext::MakeInclusive()); pwa_delegate_->GetCookieManager(app_url, profile_) ->SetCanonicalCookie( *net::CanonicalCookie::CreateSanitizedCookie( @@ -317,7 +317,7 @@ void AndroidSmsAppSetupControllerImpl::SetMigrationCookie( // the user try to open old client. net::CookieOptions options; options.set_same_site_cookie_context( - net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT); + net::CookieOptions::SameSiteCookieContext::MakeInclusive()); pwa_delegate_->GetCookieManager(app_url, profile_) ->SetCanonicalCookie( *net::CanonicalCookie::CreateSanitizedCookie( diff --git a/chrome/browser/chromeos/android_sms/android_sms_app_setup_controller_impl_unittest.cc b/chrome/browser/chromeos/android_sms/android_sms_app_setup_controller_impl_unittest.cc index 004f33e1aa669e..cfbebc8124f934 100644 --- a/chrome/browser/chromeos/android_sms/android_sms_app_setup_controller_impl_unittest.cc +++ b/chrome/browser/chromeos/android_sms/android_sms_app_setup_controller_impl_unittest.cc @@ -232,7 +232,7 @@ class AndroidSmsAppSetupControllerImplTest : public testing::Test { "true" /* expected_cookie_value */, "https" /* expected_source_scheme */, false /* expected_modify_http_only */, - net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT, + net::CookieOptions::SameSiteCookieContext::MakeInclusive(), true /* success */); fake_cookie_manager_->InvokePendingDeleteCookiesCallback( @@ -294,7 +294,7 @@ class AndroidSmsAppSetupControllerImplTest : public testing::Test { "true" /* expected_cookie_value */, "https" /* expected_source_scheme */, false /* expected_modify_http_only */, - net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT, + net::CookieOptions::SameSiteCookieContext::MakeInclusive(), true /* success */); fake_cookie_manager_->InvokePendingDeleteCookiesCallback( @@ -369,7 +369,7 @@ class AndroidSmsAppSetupControllerImplTest : public testing::Test { migrated_to_app_url.GetContent() /* expected_cookie_value */, "https" /* expected_source_scheme */, false /* expected_modify_http_only */, - net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT, + net::CookieOptions::SameSiteCookieContext::MakeInclusive(), true /* success */); fake_cookie_manager_->InvokePendingDeleteCookiesCallback( diff --git a/chrome/browser/chromeos/login/profile_auth_data.cc b/chrome/browser/chromeos/login/profile_auth_data.cc index 5dded414a61eb8..e30044cf0586d5 100644 --- a/chrome/browser/chromeos/login/profile_auth_data.cc +++ b/chrome/browser/chromeos/login/profile_auth_data.cc @@ -89,7 +89,7 @@ void ImportCookies(base::RepeatingClosure completion_callback, net::CookieOptions options; options.set_include_httponly(); options.set_same_site_cookie_context( - net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT); + net::CookieOptions::SameSiteCookieContext::MakeInclusive()); cookie_manager->SetCanonicalCookie( cookie, "https", options, base::BindOnce(&OnCookieSet, cookie_completion_callback)); diff --git a/chrome/browser/extensions/api/cookies/cookies_api.cc b/chrome/browser/extensions/api/cookies/cookies_api.cc index e30f454b5b33ba..8e0a716fe26ed8 100644 --- a/chrome/browser/extensions/api/cookies/cookies_api.cc +++ b/chrome/browser/extensions/api/cookies/cookies_api.cc @@ -447,7 +447,7 @@ ExtensionFunction::ResponseAction CookiesSetFunction::Run() { net::CookieOptions options; options.set_include_httponly(); options.set_same_site_cookie_context( - net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT); + net::CookieOptions::SameSiteCookieContext::MakeInclusive()); DCHECK(!url_.is_empty() && url_.is_valid()); cookie_manager->SetCanonicalCookie( *cc, url_.scheme(), options, diff --git a/chrome/browser/media/feeds/media_feeds_fetcher_unittest.cc b/chrome/browser/media/feeds/media_feeds_fetcher_unittest.cc index a00658d48bf1d8..b2ae550e604d7f 100644 --- a/chrome/browser/media/feeds/media_feeds_fetcher_unittest.cc +++ b/chrome/browser/media/feeds/media_feeds_fetcher_unittest.cc @@ -86,7 +86,7 @@ class MediaFeedsFetcherTest : public ChromeRenderViewHostTestHarness { net::CookieOptions options; options.set_include_httponly(); options.set_same_site_cookie_context( - net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT); + net::CookieOptions::SameSiteCookieContext::MakeInclusive()); cookie_manager->SetCanonicalCookie( *cc.get(), url.scheme(), options, base::BindOnce( diff --git a/chrome/browser/net/samesite_cookies_policy_browsertest.cc b/chrome/browser/net/samesite_cookies_policy_browsertest.cc index 3e0024d1871843..5028e155e2bd82 100644 --- a/chrome/browser/net/samesite_cookies_policy_browsertest.cc +++ b/chrome/browser/net/samesite_cookies_policy_browsertest.cc @@ -67,9 +67,10 @@ IN_PROC_BROWSER_TEST_P(SameSiteCookiesPolicyTest, // Set a cookie from a same-site context. The cookie does not specify // SameSite, so it may default to Lax if the SameSite features are enabled. // Since the context used is same-site, it should always work. - EXPECT_TRUE(content::SetCookie( - profile, url, "samesite-unspecified=1", - net::CookieOptions::SameSiteCookieContext::SAME_SITE_LAX)); + EXPECT_TRUE(content::SetCookie(profile, url, "samesite-unspecified=1", + net::CookieOptions::SameSiteCookieContext( + net::CookieOptions::SameSiteCookieContext:: + ContextType::SAME_SITE_LAX))); EXPECT_EQ("samesite-unspecified=1", content::GetCookies(profile, url)); // Overwrite the cookie from a cross-site context. Because we have a policy @@ -77,15 +78,17 @@ IN_PROC_BROWSER_TEST_P(SameSiteCookiesPolicyTest, // SameSite features are enabled. (It works regardless, if they are disabled.) EXPECT_TRUE(content::SetCookie( profile, url, "samesite-unspecified=2", - net::CookieOptions::SameSiteCookieContext::CROSS_SITE)); + net::CookieOptions::SameSiteCookieContext( + net::CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE))); // Cookie has the new value because we were able to successfully overwrite it. EXPECT_EQ("samesite-unspecified=2", content::GetCookies(profile, url)); // Fetching the cookies from a cross-site context also works because of the // policy. - EXPECT_EQ( - "samesite-unspecified=2", - content::GetCookies( - profile, url, net::CookieOptions::SameSiteCookieContext::CROSS_SITE)); + EXPECT_EQ("samesite-unspecified=2", + content::GetCookies(profile, url, + net::CookieOptions::SameSiteCookieContext( + net::CookieOptions::SameSiteCookieContext:: + ContextType::CROSS_SITE))); } IN_PROC_BROWSER_TEST_P(SameSiteCookiesPolicyTest, @@ -105,9 +108,10 @@ IN_PROC_BROWSER_TEST_P(SameSiteCookiesPolicyTest, // Set a cookie from a same-site context. The cookie does not specify // SameSite, so it may default to Lax if the SameSite features are enabled. // Since the context used is same-site, it should always work. - EXPECT_TRUE(content::SetCookie( - profile, url, "samesite-unspecified=1", - net::CookieOptions::SameSiteCookieContext::SAME_SITE_LAX)); + EXPECT_TRUE(content::SetCookie(profile, url, "samesite-unspecified=1", + net::CookieOptions::SameSiteCookieContext( + net::CookieOptions::SameSiteCookieContext:: + ContextType::SAME_SITE_LAX))); EXPECT_EQ("samesite-unspecified=1", content::GetCookies(profile, url)); // Overwrite the cookie from a cross-site context. Because we have a policy @@ -116,14 +120,17 @@ IN_PROC_BROWSER_TEST_P(SameSiteCookiesPolicyTest, // enabled.) EXPECT_FALSE(content::SetCookie( profile, url, "samesite-unspecified=2", - net::CookieOptions::SameSiteCookieContext::CROSS_SITE)); + net::CookieOptions::SameSiteCookieContext( + net::CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE))); // Cookie still has the previous value because re-setting it failed. EXPECT_EQ("samesite-unspecified=1", content::GetCookies(profile, url)); // Fetching the unspecified-samesite cookie from a cross-site context does not // work because of the policy. - EXPECT_EQ("", content::GetCookies( - profile, url, - net::CookieOptions::SameSiteCookieContext::CROSS_SITE)); + EXPECT_EQ("", + content::GetCookies(profile, url, + net::CookieOptions::SameSiteCookieContext( + net::CookieOptions::SameSiteCookieContext:: + ContextType::CROSS_SITE))); } IN_PROC_BROWSER_TEST_P(SameSiteCookiesPolicyTest, @@ -150,15 +157,19 @@ IN_PROC_BROWSER_TEST_P(SameSiteCookiesPolicyTest, // Set a cookie from a same-site context. The cookie does not specify // SameSite, so it may default to Lax if the SameSite features are enabled. // Since the context used is same-site, it should always work. - EXPECT_TRUE(content::SetCookie( - profile, legacy_allowed_domain_url, "samesite-unspecified=1", - net::CookieOptions::SameSiteCookieContext::SAME_SITE_LAX)); + EXPECT_TRUE(content::SetCookie(profile, legacy_allowed_domain_url, + "samesite-unspecified=1", + net::CookieOptions::SameSiteCookieContext( + net::CookieOptions::SameSiteCookieContext:: + ContextType::SAME_SITE_LAX))); EXPECT_EQ("samesite-unspecified=1", content::GetCookies(profile, legacy_allowed_domain_url)); // Do the same on the other domain... - EXPECT_TRUE(content::SetCookie( - profile, other_domain_url, "samesite-unspecified=1", - net::CookieOptions::SameSiteCookieContext::SAME_SITE_LAX)); + EXPECT_TRUE(content::SetCookie(profile, other_domain_url, + "samesite-unspecified=1", + net::CookieOptions::SameSiteCookieContext( + net::CookieOptions::SameSiteCookieContext:: + ContextType::SAME_SITE_LAX))); EXPECT_EQ("samesite-unspecified=1", content::GetCookies(profile, other_domain_url)); @@ -169,34 +180,44 @@ IN_PROC_BROWSER_TEST_P(SameSiteCookiesPolicyTest, // disabled.) EXPECT_TRUE(content::SetCookie( profile, legacy_allowed_domain_url, "samesite-unspecified=2", - net::CookieOptions::SameSiteCookieContext::CROSS_SITE)); + net::CookieOptions::SameSiteCookieContext( + net::CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE))); EXPECT_EQ("samesite-unspecified=2", content::GetCookies(profile, legacy_allowed_domain_url)); EXPECT_EQ("samesite-unspecified=2", - content::GetCookies( - profile, legacy_allowed_domain_url, - net::CookieOptions::SameSiteCookieContext::CROSS_SITE)); + content::GetCookies(profile, legacy_allowed_domain_url, + net::CookieOptions::SameSiteCookieContext( + net::CookieOptions::SameSiteCookieContext:: + ContextType::CROSS_SITE))); // For the domain that is not Legacy by policy, we expect it to work only if // the SameSite features are disabled. if (AreSameSiteFeaturesEnabled()) { - EXPECT_FALSE(content::SetCookie( - profile, other_domain_url, "samesite-unspecified=2", - net::CookieOptions::SameSiteCookieContext::CROSS_SITE)); + EXPECT_FALSE( + content::SetCookie(profile, other_domain_url, "samesite-unspecified=2", + net::CookieOptions::SameSiteCookieContext( + net::CookieOptions::SameSiteCookieContext:: + ContextType::CROSS_SITE))); EXPECT_EQ("samesite-unspecified=1", content::GetCookies(profile, other_domain_url)); - EXPECT_EQ("", content::GetCookies( - profile, other_domain_url, - net::CookieOptions::SameSiteCookieContext::CROSS_SITE)); + EXPECT_EQ( + "", content::GetCookies(profile, other_domain_url, + net::CookieOptions::SameSiteCookieContext( + net::CookieOptions::SameSiteCookieContext:: + ContextType::CROSS_SITE))); } else { - EXPECT_TRUE(content::SetCookie( - profile, other_domain_url, "samesite-unspecified=2", - net::CookieOptions::SameSiteCookieContext::CROSS_SITE)); + EXPECT_TRUE( + content::SetCookie(profile, other_domain_url, "samesite-unspecified=2", + net::CookieOptions::SameSiteCookieContext( + net::CookieOptions::SameSiteCookieContext:: + ContextType::CROSS_SITE))); EXPECT_EQ("samesite-unspecified=2", content::GetCookies(profile, other_domain_url)); - EXPECT_EQ("samesite-unspecified=2", - content::GetCookies( - profile, other_domain_url, - net::CookieOptions::SameSiteCookieContext::CROSS_SITE)); + EXPECT_EQ( + "samesite-unspecified=2", + content::GetCookies(profile, other_domain_url, + net::CookieOptions::SameSiteCookieContext( + net::CookieOptions::SameSiteCookieContext:: + ContextType::CROSS_SITE))); } } diff --git a/chrome/browser/prerender/isolated/isolated_prerender_tab_helper_unittest.cc b/chrome/browser/prerender/isolated/isolated_prerender_tab_helper_unittest.cc index 22aa4826f738eb..74631aad1b2950 100644 --- a/chrome/browser/prerender/isolated/isolated_prerender_tab_helper_unittest.cc +++ b/chrome/browser/prerender/isolated/isolated_prerender_tab_helper_unittest.cc @@ -209,7 +209,7 @@ class IsolatedPrerenderTabHelperTest : public ChromeRenderViewHostTestHarness { net::CookieOptions options; options.set_include_httponly(); options.set_same_site_cookie_context( - net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT); + net::CookieOptions::SameSiteCookieContext::MakeInclusive()); cookie_manager->SetCanonicalCookie( *cc.get(), url.scheme(), options, base::BindOnce( diff --git a/components/signin/internal/identity_manager/oauth_multilogin_helper.cc b/components/signin/internal/identity_manager/oauth_multilogin_helper.cc index f796f32008ed0c..08d22b236cdd9e 100644 --- a/components/signin/internal/identity_manager/oauth_multilogin_helper.cc +++ b/components/signin/internal/identity_manager/oauth_multilogin_helper.cc @@ -200,7 +200,7 @@ void OAuthMultiloginHelper::StartSettingCookies( options.set_include_httponly(); // Permit it to set a SameSite cookie if it wants to. options.set_same_site_cookie_context( - net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT); + net::CookieOptions::SameSiteCookieContext::MakeInclusive()); cookie_manager->SetCanonicalCookie( cookie, "https", options, mojo::WrapCallbackWithDefaultInvokeIfNotRun( diff --git a/content/browser/browsing_data/same_site_data_remover_impl_browsertest.cc b/content/browser/browsing_data/same_site_data_remover_impl_browsertest.cc index 42d8c75c01b692..b19bed0a2876af 100644 --- a/content/browser/browsing_data/same_site_data_remover_impl_browsertest.cc +++ b/content/browser/browsing_data/same_site_data_remover_impl_browsertest.cc @@ -96,10 +96,11 @@ class SameSiteDataRemoverBrowserTest : public ContentBrowserTest { IN_PROC_BROWSER_TEST_F(SameSiteDataRemoverBrowserTest, TestClearDataWithStorageRemoval) { StoragePartition* storage_partition = GetStoragePartition(); - CreateCookieForTest("TestCookie", "www.google.com", - net::CookieSameSite::NO_RESTRICTION, - net::CookieOptions::SameSiteCookieContext::CROSS_SITE, - true /* is_cookie_secure */, GetBrowserContext()); + CreateCookieForTest( + "TestCookie", "www.google.com", net::CookieSameSite::NO_RESTRICTION, + net::CookieOptions::SameSiteCookieContext( + net::CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE), + true /* is_cookie_secure */, GetBrowserContext()); browsing_data_browsertest_utils::AddServiceWorker( "www.google.com", storage_partition, GetHttpsServer()); @@ -119,10 +120,11 @@ IN_PROC_BROWSER_TEST_F(SameSiteDataRemoverBrowserTest, IN_PROC_BROWSER_TEST_F(SameSiteDataRemoverBrowserTest, TestClearDataWithoutStorageRemoval) { StoragePartition* storage_partition = GetStoragePartition(); - CreateCookieForTest("TestCookie", "www.google.com", - net::CookieSameSite::NO_RESTRICTION, - net::CookieOptions::SameSiteCookieContext::CROSS_SITE, - true /* is_cookie_secure */, GetBrowserContext()); + CreateCookieForTest( + "TestCookie", "www.google.com", net::CookieSameSite::NO_RESTRICTION, + net::CookieOptions::SameSiteCookieContext( + net::CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE), + true /* is_cookie_secure */, GetBrowserContext()); browsing_data_browsertest_utils::AddServiceWorker( "www.google.com", storage_partition, GetHttpsServer()); diff --git a/content/browser/browsing_data/same_site_data_remover_impl_unittest.cc b/content/browser/browsing_data/same_site_data_remover_impl_unittest.cc index fb61c1804fab8e..c3e0e348e8f0d0 100644 --- a/content/browser/browsing_data/same_site_data_remover_impl_unittest.cc +++ b/content/browser/browsing_data/same_site_data_remover_impl_unittest.cc @@ -107,14 +107,17 @@ class SameSiteDataRemoverImplTest : public testing::Test { TEST_F(SameSiteDataRemoverImplTest, TestRemoveSameSiteNoneCookies) { BrowserContext* browser_context = GetBrowserContext(); - CreateCookieForTest("TestCookie1", "www.google.com", - net::CookieSameSite::NO_RESTRICTION, - net::CookieOptions::SameSiteCookieContext::CROSS_SITE, - true /* is_cookie_secure */, browser_context); - CreateCookieForTest("TestCookie2", "www.gmail.google.com", - net::CookieSameSite::NO_RESTRICTION, - net::CookieOptions::SameSiteCookieContext::CROSS_SITE, - true /* is_cookie_secure */, browser_context); + CreateCookieForTest( + "TestCookie1", "www.google.com", net::CookieSameSite::NO_RESTRICTION, + net::CookieOptions::SameSiteCookieContext( + net::CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE), + true /* is_cookie_secure */, browser_context); + CreateCookieForTest( + "TestCookie2", "www.gmail.google.com", + net::CookieSameSite::NO_RESTRICTION, + net::CookieOptions::SameSiteCookieContext( + net::CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE), + true /* is_cookie_secure */, browser_context); DeleteSameSiteNoneCookies(); @@ -128,15 +131,18 @@ TEST_F(SameSiteDataRemoverImplTest, TestRemoveSameSiteNoneCookies) { TEST_F(SameSiteDataRemoverImplTest, TestRemoveOnlySameSiteNoneCookies) { BrowserContext* browser_context = GetBrowserContext(); - CreateCookieForTest("TestCookie1", "www.google.com", - net::CookieSameSite::NO_RESTRICTION, - net::CookieOptions::SameSiteCookieContext::CROSS_SITE, - true /* is_cookie_secure */, browser_context); - // The second cookie has SameSite value STRICT_MODE instead of NO_RESTRICTION. CreateCookieForTest( - "TestCookie2", "www.gmail.google.com", net::CookieSameSite::STRICT_MODE, - net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT, + "TestCookie1", "www.google.com", net::CookieSameSite::NO_RESTRICTION, + net::CookieOptions::SameSiteCookieContext( + net::CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE), true /* is_cookie_secure */, browser_context); + // The second cookie has SameSite value STRICT_MODE instead of NO_RESTRICTION. + CreateCookieForTest("TestCookie2", "www.gmail.google.com", + net::CookieSameSite::STRICT_MODE, + net::CookieOptions::SameSiteCookieContext( + net::CookieOptions::SameSiteCookieContext:: + ContextType::SAME_SITE_STRICT), + true /* is_cookie_secure */, browser_context); DeleteSameSiteNoneCookies(); @@ -151,16 +157,19 @@ TEST_F(SameSiteDataRemoverImplTest, TestRemoveOnlySameSiteNoneCookies) { TEST_F(SameSiteDataRemoverImplTest, TestRemoveSameDomainCookies) { BrowserContext* browser_context = GetBrowserContext(); - CreateCookieForTest("TestCookie1", "www.google.com", - net::CookieSameSite::NO_RESTRICTION, - net::CookieOptions::SameSiteCookieContext::CROSS_SITE, - true /* is_cookie_secure */, browser_context); + CreateCookieForTest( + "TestCookie1", "www.google.com", net::CookieSameSite::NO_RESTRICTION, + net::CookieOptions::SameSiteCookieContext( + net::CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE), + true /* is_cookie_secure */, browser_context); // The second cookie has the same domain as the first cookie, but also has // SameSite value STRICT_MODE instead of NO_RESTRICTION. - CreateCookieForTest( - "TestCookie2", "www.google.com", net::CookieSameSite::STRICT_MODE, - net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT, - false /* is_cookie_secure */, browser_context); + CreateCookieForTest("TestCookie2", "www.google.com", + net::CookieSameSite::STRICT_MODE, + net::CookieOptions::SameSiteCookieContext( + net::CookieOptions::SameSiteCookieContext:: + ContextType::SAME_SITE_STRICT), + false /* is_cookie_secure */, browser_context); DeleteSameSiteNoneCookies(); @@ -177,12 +186,16 @@ TEST_F(SameSiteDataRemoverImplTest, TestKeepSameSiteCookies) { BrowserContext* browser_context = GetBrowserContext(); CreateCookieForTest("TestCookie1", "www.google.com", net::CookieSameSite::LAX_MODE, - net::CookieOptions::SameSiteCookieContext::SAME_SITE_LAX, + net::CookieOptions::SameSiteCookieContext( + net::CookieOptions::SameSiteCookieContext:: + ContextType::SAME_SITE_LAX), + false /* is_cookie_secure */, browser_context); + CreateCookieForTest("TestCookie2", "www.gmail.google.com", + net::CookieSameSite::STRICT_MODE, + net::CookieOptions::SameSiteCookieContext( + net::CookieOptions::SameSiteCookieContext:: + ContextType::SAME_SITE_STRICT), false /* is_cookie_secure */, browser_context); - CreateCookieForTest( - "TestCookie2", "www.gmail.google.com", net::CookieSameSite::STRICT_MODE, - net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT, - false /* is_cookie_secure */, browser_context); DeleteSameSiteNoneCookies(); @@ -219,7 +232,9 @@ TEST_F(SameSiteDataRemoverImplTest, TestCookieRemovalUnaffectedByParameters) { base::RunLoop run_loop2; options.set_same_site_cookie_context( - net::CookieOptions::SameSiteCookieContext::SAME_SITE_LAX); + net::CookieOptions::SameSiteCookieContext( + net::CookieOptions::SameSiteCookieContext::ContextType:: + SAME_SITE_LAX)); result_out = false; cookie_manager->SetCanonicalCookie( net::CanonicalCookie("TestCookie2", "10", "gmail.google.com", "/", @@ -255,10 +270,11 @@ TEST_F(SameSiteDataRemoverImplTest, TestStoragePartitionDataRemoval) { GetSameSiteDataRemoverImpl()->OverrideStoragePartitionForTesting( &storage_partition); - CreateCookieForTest("TestCookie1", ".google.com", - net::CookieSameSite::NO_RESTRICTION, - net::CookieOptions::SameSiteCookieContext::CROSS_SITE, - true /* is_cookie_secure */, browser_context); + CreateCookieForTest( + "TestCookie1", ".google.com", net::CookieSameSite::NO_RESTRICTION, + net::CookieOptions::SameSiteCookieContext( + net::CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE), + true /* is_cookie_secure */, browser_context); DeleteSameSiteNoneCookies(); ClearStoragePartitionData(); diff --git a/content/browser/cookie_store/cookie_change_subscription.cc b/content/browser/cookie_store/cookie_change_subscription.cc index 0faf3c544d8f26..5367928aa08f36 100644 --- a/content/browser/cookie_store/cookie_change_subscription.cc +++ b/content/browser/cookie_store/cookie_change_subscription.cc @@ -166,7 +166,7 @@ bool CookieChangeSubscription::ShouldObserveChangeTo( net::CookieOptions net_options; net_options.set_same_site_cookie_context( - net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT); + net::CookieOptions::SameSiteCookieContext::MakeInclusive()); return cookie.IncludeForRequestURL(url_, net_options, access_semantics) .IsInclude(); diff --git a/content/browser/devtools/protocol/network_handler.cc b/content/browser/devtools/protocol/network_handler.cc index 9a1e6a28784770..b881e12617753c 100644 --- a/content/browser/devtools/protocol/network_handler.cc +++ b/content/browser/devtools/protocol/network_handler.cc @@ -1182,7 +1182,7 @@ void NetworkHandler::SetCookie(const std::string& name, net::CookieOptions options; // Permit it to set a SameSite cookie if it wants to. options.set_same_site_cookie_context( - net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT); + net::CookieOptions::SameSiteCookieContext::MakeInclusive()); options.set_include_httponly(); storage_partition_->GetCookieManagerForBrowserProcess()->SetCanonicalCookie( *cookie, "https", options, @@ -1219,7 +1219,7 @@ void NetworkHandler::SetCookies( options.set_include_httponly(); // Permit it to set a SameSite cookie if it wants to. options.set_same_site_cookie_context( - net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT); + net::CookieOptions::SameSiteCookieContext::MakeInclusive()); for (const auto& cookie : net_cookies) { cookie_manager->SetCanonicalCookie( *cookie, "https", options, diff --git a/content/browser/frame_host/render_frame_message_filter_browsertest.cc b/content/browser/frame_host/render_frame_message_filter_browsertest.cc index 19bb16fe133538..36b26cc494b5a2 100644 --- a/content/browser/frame_host/render_frame_message_filter_browsertest.cc +++ b/content/browser/frame_host/render_frame_message_filter_browsertest.cc @@ -66,7 +66,7 @@ void SetCookieDirect(WebContentsImpl* tab, net::CookieOptions options; // Allow setting SameSite cookies. options.set_same_site_cookie_context( - net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT); + net::CookieOptions::SameSiteCookieContext::MakeInclusive()); auto cookie_obj = net::CanonicalCookie::Create( url, cookie_line, base::Time::Now(), base::nullopt /* server_time */); @@ -87,7 +87,7 @@ std::string GetCookiesDirect(WebContentsImpl* tab, const GURL& url) { net::CookieOptions options; // Allow setting SameSite cookies. options.set_same_site_cookie_context( - net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT); + net::CookieOptions::SameSiteCookieContext::MakeInclusive()); net::CookieList result; base::RunLoop run_loop; BrowserContext::GetDefaultStoragePartition(tab->GetBrowserContext()) diff --git a/content/browser/storage_partition_impl.cc b/content/browser/storage_partition_impl.cc index e13ea0f83764ea..c9361b52764c29 100644 --- a/content/browser/storage_partition_impl.cc +++ b/content/browser/storage_partition_impl.cc @@ -528,34 +528,50 @@ int64_t CrossSchemeWarningToContextInt64( // SameSiteCookieContext in order to match up with the UMAs which are // recording similar information. // TODO(https://crbug.com/1046456): Remove after deprecated. + net::CookieOptions::SameSiteCookieContext same_site_context; switch (reason) { case net::CanonicalCookie::CookieInclusionStatus:: WARN_SAMESITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_SECURE_URL: - return static_cast( - net::CookieOptions::SameSiteCookieContext:: - SAME_SITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_SECURE_URL); + same_site_context.context = net::CookieOptions::SameSiteCookieContext:: + ContextType::SAME_SITE_LAX_METHOD_UNSAFE; + same_site_context.cross_schemeness = net::CookieOptions:: + SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE; + return same_site_context.ConvertToMetricsValue(); case net::CanonicalCookie::CookieInclusionStatus:: WARN_SAMESITE_LAX_CROSS_SCHEME_SECURE_URL: - return static_cast(net::CookieOptions::SameSiteCookieContext:: - SAME_SITE_LAX_CROSS_SCHEME_SECURE_URL); + same_site_context.context = + net::CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX; + same_site_context.cross_schemeness = net::CookieOptions:: + SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE; + return same_site_context.ConvertToMetricsValue(); case net::CanonicalCookie::CookieInclusionStatus:: WARN_SAMESITE_STRICT_CROSS_SCHEME_SECURE_URL: - return static_cast(net::CookieOptions::SameSiteCookieContext:: - SAME_SITE_STRICT_CROSS_SCHEME_SECURE_URL); + same_site_context.context = net::CookieOptions::SameSiteCookieContext:: + ContextType::SAME_SITE_STRICT; + same_site_context.cross_schemeness = net::CookieOptions:: + SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE; + return same_site_context.ConvertToMetricsValue(); case net::CanonicalCookie::CookieInclusionStatus:: WARN_SAMESITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_INSECURE_URL: - return static_cast( - net::CookieOptions::SameSiteCookieContext:: - SAME_SITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_INSECURE_URL); + same_site_context.context = net::CookieOptions::SameSiteCookieContext:: + ContextType::SAME_SITE_LAX_METHOD_UNSAFE; + same_site_context.cross_schemeness = net::CookieOptions:: + SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE; + return same_site_context.ConvertToMetricsValue(); case net::CanonicalCookie::CookieInclusionStatus:: WARN_SAMESITE_LAX_CROSS_SCHEME_INSECURE_URL: - return static_cast(net::CookieOptions::SameSiteCookieContext:: - SAME_SITE_LAX_CROSS_SCHEME_INSECURE_URL); + same_site_context.context = + net::CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX; + same_site_context.cross_schemeness = net::CookieOptions:: + SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE; + return same_site_context.ConvertToMetricsValue(); case net::CanonicalCookie::CookieInclusionStatus:: WARN_SAMESITE_STRICT_CROSS_SCHEME_INSECURE_URL: - return static_cast( - net::CookieOptions::SameSiteCookieContext:: - SAME_SITE_STRICT_CROSS_SCHEME_INSECURE_URL); + same_site_context.context = net::CookieOptions::SameSiteCookieContext:: + ContextType::SAME_SITE_STRICT; + same_site_context.cross_schemeness = net::CookieOptions:: + SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE; + return same_site_context.ConvertToMetricsValue(); default: // Return invalid value if there is no cross-scheme warning. return -1; diff --git a/content/browser/worker_host/worker_browsertest.cc b/content/browser/worker_host/worker_browsertest.cc index 2e84fdfcaeb433..8a14128e6061aa 100644 --- a/content/browser/worker_host/worker_browsertest.cc +++ b/content/browser/worker_host/worker_browsertest.cc @@ -155,7 +155,9 @@ class WorkerTest : public ContentBrowserTest, cookie_manager.BindNewPipeAndPassReceiver()); net::CookieOptions options; options.set_same_site_cookie_context( - net::CookieOptions::SameSiteCookieContext::SAME_SITE_LAX); + net::CookieOptions::SameSiteCookieContext( + net::CookieOptions::SameSiteCookieContext::ContextType:: + SAME_SITE_LAX)); std::unique_ptr cookie = net::CanonicalCookie::Create( ssl_server_.GetURL(host, "/"), std::string(kSameSiteCookie) + "; SameSite=Lax; Secure", diff --git a/content/public/test/browser_test_utils.cc b/content/public/test/browser_test_utils.cc index aa20fa5f9e375e..d7f88a81950530 100644 --- a/content/public/test/browser_test_utils.cc +++ b/content/public/test/browser_test_utils.cc @@ -1879,7 +1879,7 @@ std::vector GetCanonicalCookies( // Allow access to SameSite cookies in tests. net::CookieOptions options; options.set_same_site_cookie_context( - net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT); + net::CookieOptions::SameSiteCookieContext::MakeInclusive()); cookie_manager->GetCookieList( url, options, base::BindOnce( diff --git a/content/public/test/browser_test_utils.h b/content/public/test/browser_test_utils.h index b3d448b4451ba5..8c2e904462c655 100644 --- a/content/public/test/browser_test_utils.h +++ b/content/public/test/browser_test_utils.h @@ -840,28 +840,28 @@ RenderFrameHost* ChildFrameAt(RenderFrameHost* frame, size_t index); bool ExecuteWebUIResourceTest(WebContents* web_contents, const std::vector& js_resource_ids); -// Returns the serialized cookie string for the given url. Uses a strictly -// same-site SameSiteCookieContext by default, which gets cookies regardless of -// their SameSite attribute. +// Returns the serialized cookie string for the given url. Uses an inclusive +// SameSiteCookieContext by default, which gets cookies regardless of their +// SameSite attribute. std::string GetCookies( BrowserContext* browser_context, const GURL& url, net::CookieOptions::SameSiteCookieContext context = - net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT); + net::CookieOptions::SameSiteCookieContext::MakeInclusive()); // Returns the canonical cookies for the given url. std::vector GetCanonicalCookies( BrowserContext* browser_context, const GURL& url); -// Sets a cookie for the given url. Uses a strictly same-site -// SameSiteCookieContext by default, which gets cookies regardless of their -// SameSite attribute. Returns true on success. +// Sets a cookie for the given url. Uses an inclusive SameSiteCookieContext by +// default, which gets cookies regardless of their SameSite attribute. Returns +// true on success. bool SetCookie(BrowserContext* browser_context, const GURL& url, const std::string& value, net::CookieOptions::SameSiteCookieContext context = - net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT); + net::CookieOptions::SameSiteCookieContext::MakeInclusive()); // Fetch the histograms data from other processes. This should be called after // the test code has been executed but before performing assertions. diff --git a/fuchsia/engine/browser/cookie_manager_impl.cc b/fuchsia/engine/browser/cookie_manager_impl.cc index 937cf06c807eab..e7362ae5618001 100644 --- a/fuchsia/engine/browser/cookie_manager_impl.cc +++ b/fuchsia/engine/browser/cookie_manager_impl.cc @@ -211,7 +211,7 @@ void CookieManagerImpl::GetCookieList( net::CookieOptions options; options.set_include_httponly(); options.set_same_site_cookie_context( - net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT); + net::CookieOptions::SameSiteCookieContext::MakeInclusive()); cookie_manager_->GetCookieList( GURL(*url), options, diff --git a/ios/chrome/browser/signin/gaia_auth_fetcher_ios_ns_url_session_bridge.mm b/ios/chrome/browser/signin/gaia_auth_fetcher_ios_ns_url_session_bridge.mm index 7f7b83a053c5f7..4c5b7e659a7f67 100644 --- a/ios/chrome/browser/signin/gaia_auth_fetcher_ios_ns_url_session_bridge.mm +++ b/ios/chrome/browser/signin/gaia_auth_fetcher_ios_ns_url_session_bridge.mm @@ -94,7 +94,7 @@ - (void)requestCompletedWithData:(NSData*)data net::CookieOptions options; options.set_include_httponly(); options.set_same_site_cookie_context( - net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT); + net::CookieOptions::SameSiteCookieContext::MakeInclusive()); cookie_manager->GetCookieList( GetRequest().url, options, base::BindOnce( @@ -119,7 +119,7 @@ - (void)requestCompletedWithData:(NSData*)data options.set_include_httponly(); // Permit it to set a SameSite cookie if it wants to. options.set_same_site_cookie_context( - net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT); + net::CookieOptions::SameSiteCookieContext::MakeInclusive()); cookie_manager->SetCanonicalCookie( net::CanonicalCookieFromSystemCookie(cookie, base::Time::Now()), base::SysNSStringToUTF8(response.URL.scheme), options, diff --git a/ios/chrome/browser/signin/gaia_auth_fetcher_ios_ns_url_session_bridge_unittests.mm b/ios/chrome/browser/signin/gaia_auth_fetcher_ios_ns_url_session_bridge_unittests.mm index 83fdcc1c9cda8e..d9341ed24150c8 100644 --- a/ios/chrome/browser/signin/gaia_auth_fetcher_ios_ns_url_session_bridge_unittests.mm +++ b/ios/chrome/browser/signin/gaia_auth_fetcher_ios_ns_url_session_bridge_unittests.mm @@ -262,7 +262,7 @@ void OnFetchComplete(const GURL& url, net::CookieOptions options; options.set_include_httponly(); options.set_same_site_cookie_context( - net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT); + net::CookieOptions::SameSiteCookieContext::MakeInclusive()); cookie_manager->SetCanonicalCookie( net::CanonicalCookieFromSystemCookie(cookie, base::Time::Now()), "https", options, base::DoNothing()); diff --git a/net/cookies/canonical_cookie.cc b/net/cookies/canonical_cookie.cc index f8c98061eb7247..7d47fff33d2484 100644 --- a/net/cookies/canonical_cookie.cc +++ b/net/cookies/canonical_cookie.cc @@ -119,16 +119,18 @@ void ApplySameSiteCookieWarningToStatus( CookieSameSite samesite, CookieEffectiveSameSite effective_samesite, bool is_secure, - CookieOptions::SameSiteCookieContext context, + CookieOptions::SameSiteCookieContext same_site_context, CanonicalCookie::CookieInclusionStatus* status) { if (samesite == CookieSameSite::UNSPECIFIED && - context < CookieOptions::SameSiteCookieContext::SAME_SITE_LAX) { + same_site_context.context < + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX) { status->AddWarningReason(CanonicalCookie::CookieInclusionStatus:: WARN_SAMESITE_UNSPECIFIED_CROSS_SITE_CONTEXT); } if (effective_samesite == CookieEffectiveSameSite::LAX_MODE_ALLOW_UNSAFE && - context == - CookieOptions::SameSiteCookieContext::SAME_SITE_LAX_METHOD_UNSAFE) { + same_site_context.context == + CookieOptions::SameSiteCookieContext::ContextType:: + SAME_SITE_LAX_METHOD_UNSAFE) { // This warning is more specific so remove the previous, more general, // warning. status->RemoveWarningReason( @@ -471,26 +473,27 @@ CanonicalCookie::CookieInclusionStatus CanonicalCookie::IncludeForRequestURL( effective_same_site, CookieEffectiveSameSite::COUNT); } - UMA_HISTOGRAM_ENUMERATION("Cookie.RequestSameSiteContext", - options.same_site_cookie_context(), - CookieOptions::SameSiteCookieContext::COUNT); + UMA_HISTOGRAM_ENUMERATION( + "Cookie.RequestSameSiteContext", + options.same_site_cookie_context().context, + CookieOptions::SameSiteCookieContext::ContextType::COUNT); switch (effective_same_site) { case CookieEffectiveSameSite::STRICT_MODE: - if (options.same_site_cookie_context() < - CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT) { + if (options.same_site_cookie_context().context < + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT) { status.AddExclusionReason( CookieInclusionStatus::EXCLUDE_SAMESITE_STRICT); } break; case CookieEffectiveSameSite::LAX_MODE: - if (options.same_site_cookie_context() < - CookieOptions::SameSiteCookieContext::SAME_SITE_LAX) { + if (options.same_site_cookie_context().context < + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX) { // Log metrics for a cookie that would have been included under the // "Lax-allow-unsafe" intervention, had it been new enough. if (SameSite() == CookieSameSite::UNSPECIFIED && - options.same_site_cookie_context() == - CookieOptions::SameSiteCookieContext:: + options.same_site_cookie_context().context == + CookieOptions::SameSiteCookieContext::ContextType:: SAME_SITE_LAX_METHOD_UNSAFE) { UMA_HISTOGRAM_CUSTOM_TIMES( "Cookie.SameSiteUnspecifiedTooOldToAllowUnsafe", cookie_age, @@ -507,13 +510,14 @@ CanonicalCookie::CookieInclusionStatus CanonicalCookie::IncludeForRequestURL( // TODO(crbug.com/990439): Add a browsertest for this behavior. case CookieEffectiveSameSite::LAX_MODE_ALLOW_UNSAFE: DCHECK(SameSite() == CookieSameSite::UNSPECIFIED); - if (options.same_site_cookie_context() < - CookieOptions::SameSiteCookieContext::SAME_SITE_LAX_METHOD_UNSAFE) { + if (options.same_site_cookie_context().context < + CookieOptions::SameSiteCookieContext::ContextType:: + SAME_SITE_LAX_METHOD_UNSAFE) { // TODO(chlily): Do we need a separate CookieInclusionStatus for this? status.AddExclusionReason( CookieInclusionStatus::EXCLUDE_SAMESITE_UNSPECIFIED_TREATED_AS_LAX); - } else if (options.same_site_cookie_context() == - CookieOptions::SameSiteCookieContext:: + } else if (options.same_site_cookie_context().context == + CookieOptions::SameSiteCookieContext::ContextType:: SAME_SITE_LAX_METHOD_UNSAFE) { // Log metrics for cookies that activate the "Lax-allow-unsafe" // intervention. This histogram macro allows up to 3 minutes, which is @@ -549,16 +553,17 @@ CanonicalCookie::CookieInclusionStatus CanonicalCookie::IncludeForRequestURL( effective_same_site, CookieEffectiveSameSite::COUNT); - if (options.IsDifferentScheme() && + if (options.same_site_cookie_context().IsDifferentScheme() && ((effective_same_site == CookieEffectiveSameSite::LAX_MODE) || (effective_same_site == CookieEffectiveSameSite::STRICT_MODE) || (effective_same_site == CookieEffectiveSameSite::LAX_MODE_ALLOW_UNSAFE))) { - UMA_HISTOGRAM_ENUMERATION("Cookie.SameSiteDifferentSchemeRequest", - options.same_site_cookie_context_full(), - CookieOptions::SameSiteCookieContext::COUNT); + UMA_HISTOGRAM_ENUMERATION( + "Cookie.SameSiteDifferentSchemeRequest", + options.same_site_cookie_context().ConvertToMetricsValue(), + CookieOptions::SameSiteCookieContext::MetricCount()); AddSameSiteCrossSchemeWarning(&status, - options.same_site_cookie_context_full()); + options.same_site_cookie_context()); } } @@ -607,8 +612,8 @@ void CanonicalCookie::IsSetPermittedInContext( // This intentionally checks for `< SAME_SITE_LAX`, as we allow // `SameSite=Strict` cookies to be set for top-level navigations that // qualify for receipt of `SameSite=Lax` cookies. - if (options.same_site_cookie_context() < - CookieOptions::SameSiteCookieContext::SAME_SITE_LAX) { + if (options.same_site_cookie_context().context < + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX) { DVLOG(net::cookie_util::kVlogSetCookies) << "Trying to set a `SameSite=Strict` cookie from a " "cross-site URL."; @@ -618,8 +623,8 @@ void CanonicalCookie::IsSetPermittedInContext( break; case CookieEffectiveSameSite::LAX_MODE: case CookieEffectiveSameSite::LAX_MODE_ALLOW_UNSAFE: - if (options.same_site_cookie_context() < - CookieOptions::SameSiteCookieContext::SAME_SITE_LAX) { + if (options.same_site_cookie_context().context < + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX) { if (SameSite() == CookieSameSite::UNSPECIFIED) { DVLOG(net::cookie_util::kVlogSetCookies) << "Cookies with no known SameSite attribute being treated as " @@ -648,18 +653,18 @@ void CanonicalCookie::IsSetPermittedInContext( effective_same_site, CookieEffectiveSameSite::COUNT); - if (options.IsDifferentScheme() && + if (options.same_site_cookie_context().IsDifferentScheme() && ((effective_same_site == CookieEffectiveSameSite::LAX_MODE) || (effective_same_site == CookieEffectiveSameSite::STRICT_MODE) || (effective_same_site == CookieEffectiveSameSite::LAX_MODE_ALLOW_UNSAFE))) { // TODO(crbug.com/1034014): Change enum to one with less confusing // phrasing. - UMA_HISTOGRAM_ENUMERATION("Cookie.SameSiteDifferentSchemeResponse", - options.same_site_cookie_context_full(), - CookieOptions::SameSiteCookieContext::COUNT); - AddSameSiteCrossSchemeWarning(status, - options.same_site_cookie_context_full()); + UMA_HISTOGRAM_ENUMERATION( + "Cookie.SameSiteDifferentSchemeResponse", + options.same_site_cookie_context().ConvertToMetricsValue(), + CookieOptions::SameSiteCookieContext::MetricCount()); + AddSameSiteCrossSchemeWarning(status, options.same_site_cookie_context()); } } @@ -754,43 +759,50 @@ std::string CanonicalCookie::BuildCookieLine( void net::CanonicalCookie::AddSameSiteCrossSchemeWarning( CookieInclusionStatus* status, - CookieOptions::SameSiteCookieContext context) const { - switch (context) { - case CookieOptions::SameSiteCookieContext:: - SAME_SITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_SECURE_URL: - status->AddWarningReason( - CookieInclusionStatus:: - WARN_SAMESITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_SECURE_URL); - break; - case CookieOptions::SameSiteCookieContext:: - SAME_SITE_LAX_CROSS_SCHEME_SECURE_URL: - status->AddWarningReason( - CookieInclusionStatus::WARN_SAMESITE_LAX_CROSS_SCHEME_SECURE_URL); - break; - case CookieOptions::SameSiteCookieContext:: - SAME_SITE_STRICT_CROSS_SCHEME_SECURE_URL: - status->AddWarningReason( - CookieInclusionStatus::WARN_SAMESITE_STRICT_CROSS_SCHEME_SECURE_URL); - break; - case CookieOptions::SameSiteCookieContext:: - SAME_SITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_INSECURE_URL: - status->AddWarningReason( - CookieInclusionStatus:: - WARN_SAMESITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_INSECURE_URL); - break; - case CookieOptions::SameSiteCookieContext:: - SAME_SITE_LAX_CROSS_SCHEME_INSECURE_URL: - status->AddWarningReason( - CookieInclusionStatus::WARN_SAMESITE_LAX_CROSS_SCHEME_INSECURE_URL); - break; - case CookieOptions::SameSiteCookieContext:: - SAME_SITE_STRICT_CROSS_SCHEME_INSECURE_URL: - status->AddWarningReason( - CookieInclusionStatus:: - WARN_SAMESITE_STRICT_CROSS_SCHEME_INSECURE_URL); - break; - default: - break; + CookieOptions::SameSiteCookieContext same_site_context) const { + if (same_site_context.cross_schemeness == + CookieOptions::SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE) { + switch (same_site_context.context) { + case CookieOptions::SameSiteCookieContext::ContextType:: + SAME_SITE_LAX_METHOD_UNSAFE: + status->AddWarningReason( + CookieInclusionStatus:: + WARN_SAMESITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_SECURE_URL); + break; + case CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX: + status->AddWarningReason( + CookieInclusionStatus::WARN_SAMESITE_LAX_CROSS_SCHEME_SECURE_URL); + break; + case CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT: + status->AddWarningReason( + CookieInclusionStatus:: + WARN_SAMESITE_STRICT_CROSS_SCHEME_SECURE_URL); + break; + default: + break; + } + } else if (same_site_context.cross_schemeness == + CookieOptions::SameSiteCookieContext::CrossSchemeness:: + SECURE_INSECURE) { + switch (same_site_context.context) { + case CookieOptions::SameSiteCookieContext::ContextType:: + SAME_SITE_LAX_METHOD_UNSAFE: + status->AddWarningReason( + CookieInclusionStatus:: + WARN_SAMESITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_INSECURE_URL); + break; + case CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX: + status->AddWarningReason( + CookieInclusionStatus::WARN_SAMESITE_LAX_CROSS_SCHEME_INSECURE_URL); + break; + case CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT: + status->AddWarningReason( + CookieInclusionStatus:: + WARN_SAMESITE_STRICT_CROSS_SCHEME_INSECURE_URL); + break; + default: + break; + } } } diff --git a/net/cookies/canonical_cookie_unittest.cc b/net/cookies/canonical_cookie_unittest.cc index 6235f47899dbcc..493af3f415b6cc 100644 --- a/net/cookies/canonical_cookie_unittest.cc +++ b/net/cookies/canonical_cookie_unittest.cc @@ -708,33 +708,38 @@ TEST(CanonicalCookieTest, IncludeForRequestURLSameSite) { const base::TimeDelta kLongAge = kLaxAllowUnsafeMaxAge * 4; const base::TimeDelta kShortAge = kLaxAllowUnsafeMaxAge / 4; + using SameSiteCookieContext = CookieOptions::SameSiteCookieContext; + // Test cases that are the same regardless of feature status or access // semantics: std::vector common_test_cases = { // Strict cookies: {"Common=1;SameSite=Strict", CookieSameSite::STRICT_MODE, CookieEffectiveSameSite::STRICT_MODE, - CookieOptions::SameSiteCookieContext::CROSS_SITE, + SameSiteCookieContext(SameSiteCookieContext::ContextType::CROSS_SITE), CanonicalCookie::CookieInclusionStatus( CanonicalCookie::CookieInclusionStatus::EXCLUDE_SAMESITE_STRICT)}, {"Common=2;SameSite=Strict", CookieSameSite::STRICT_MODE, CookieEffectiveSameSite::STRICT_MODE, - CookieOptions::SameSiteCookieContext::SAME_SITE_LAX_METHOD_UNSAFE, + SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_LAX_METHOD_UNSAFE), CanonicalCookie::CookieInclusionStatus( CanonicalCookie::CookieInclusionStatus::EXCLUDE_SAMESITE_STRICT)}, {"Common=3;SameSite=Strict", CookieSameSite::STRICT_MODE, CookieEffectiveSameSite::STRICT_MODE, - CookieOptions::SameSiteCookieContext::SAME_SITE_LAX, + SameSiteCookieContext(SameSiteCookieContext::ContextType::SAME_SITE_LAX), CanonicalCookie::CookieInclusionStatus( CanonicalCookie::CookieInclusionStatus::EXCLUDE_SAMESITE_STRICT)}, {"Common=4;SameSite=Strict", CookieSameSite::STRICT_MODE, CookieEffectiveSameSite::STRICT_MODE, - CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT, + SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_STRICT), CanonicalCookie::CookieInclusionStatus()}, {"Common=5;SameSite=Strict", CookieSameSite::STRICT_MODE, CookieEffectiveSameSite::STRICT_MODE, - CookieOptions::SameSiteCookieContext:: - SAME_SITE_STRICT_CROSS_SCHEME_SECURE_URL, + SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_STRICT, + SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE), CanonicalCookie::CookieInclusionStatus::MakeFromReasonsForTesting( std::vector< CanonicalCookie::CookieInclusionStatus::ExclusionReason>(), @@ -742,8 +747,9 @@ TEST(CanonicalCookieTest, IncludeForRequestURLSameSite) { WARN_SAMESITE_STRICT_CROSS_SCHEME_SECURE_URL})}, {"Common=6;SameSite=Strict", CookieSameSite::STRICT_MODE, CookieEffectiveSameSite::STRICT_MODE, - CookieOptions::SameSiteCookieContext:: - SAME_SITE_STRICT_CROSS_SCHEME_INSECURE_URL, + SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_STRICT, + SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE), CanonicalCookie::CookieInclusionStatus::MakeFromReasonsForTesting( std::vector< CanonicalCookie::CookieInclusionStatus::ExclusionReason>(), @@ -752,26 +758,29 @@ TEST(CanonicalCookieTest, IncludeForRequestURLSameSite) { // Lax cookies: {"Common=7;SameSite=Lax", CookieSameSite::LAX_MODE, CookieEffectiveSameSite::LAX_MODE, - CookieOptions::SameSiteCookieContext::CROSS_SITE, + SameSiteCookieContext(SameSiteCookieContext::ContextType::CROSS_SITE), CanonicalCookie::CookieInclusionStatus( CanonicalCookie::CookieInclusionStatus::EXCLUDE_SAMESITE_LAX)}, {"Common=8;SameSite=Lax", CookieSameSite::LAX_MODE, CookieEffectiveSameSite::LAX_MODE, - CookieOptions::SameSiteCookieContext::SAME_SITE_LAX_METHOD_UNSAFE, + SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_LAX_METHOD_UNSAFE), CanonicalCookie::CookieInclusionStatus( CanonicalCookie::CookieInclusionStatus::EXCLUDE_SAMESITE_LAX)}, {"Common=9;SameSite=Lax", CookieSameSite::LAX_MODE, CookieEffectiveSameSite::LAX_MODE, - CookieOptions::SameSiteCookieContext::SAME_SITE_LAX, + SameSiteCookieContext(SameSiteCookieContext::ContextType::SAME_SITE_LAX), CanonicalCookie::CookieInclusionStatus()}, {"Common=10;SameSite=Lax", CookieSameSite::LAX_MODE, CookieEffectiveSameSite::LAX_MODE, - CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT, + SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_STRICT), CanonicalCookie::CookieInclusionStatus()}, {"Common=11;SameSite=Lax", CookieSameSite::LAX_MODE, CookieEffectiveSameSite::LAX_MODE, - CookieOptions::SameSiteCookieContext:: - SAME_SITE_LAX_CROSS_SCHEME_SECURE_URL, + SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_LAX, + SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE), CanonicalCookie::CookieInclusionStatus::MakeFromReasonsForTesting( std::vector< CanonicalCookie::CookieInclusionStatus::ExclusionReason>(), @@ -779,8 +788,9 @@ TEST(CanonicalCookieTest, IncludeForRequestURLSameSite) { WARN_SAMESITE_LAX_CROSS_SCHEME_SECURE_URL})}, {"Common=12;SameSite=Lax", CookieSameSite::LAX_MODE, CookieEffectiveSameSite::LAX_MODE, - CookieOptions::SameSiteCookieContext:: - SAME_SITE_STRICT_CROSS_SCHEME_SECURE_URL, + SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_STRICT, + SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE), CanonicalCookie::CookieInclusionStatus::MakeFromReasonsForTesting( std::vector< CanonicalCookie::CookieInclusionStatus::ExclusionReason>(), @@ -788,8 +798,9 @@ TEST(CanonicalCookieTest, IncludeForRequestURLSameSite) { WARN_SAMESITE_STRICT_CROSS_SCHEME_SECURE_URL})}, {"Common=13;SameSite=Lax", CookieSameSite::LAX_MODE, CookieEffectiveSameSite::LAX_MODE, - CookieOptions::SameSiteCookieContext:: - SAME_SITE_LAX_CROSS_SCHEME_INSECURE_URL, + SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_LAX, + SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE), CanonicalCookie::CookieInclusionStatus::MakeFromReasonsForTesting( std::vector< CanonicalCookie::CookieInclusionStatus::ExclusionReason>(), @@ -797,8 +808,9 @@ TEST(CanonicalCookieTest, IncludeForRequestURLSameSite) { WARN_SAMESITE_LAX_CROSS_SCHEME_INSECURE_URL})}, {"Common=14;SameSite=Lax", CookieSameSite::LAX_MODE, CookieEffectiveSameSite::LAX_MODE, - CookieOptions::SameSiteCookieContext:: - SAME_SITE_STRICT_CROSS_SCHEME_INSECURE_URL, + SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_STRICT, + SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE), CanonicalCookie::CookieInclusionStatus::MakeFromReasonsForTesting( std::vector< CanonicalCookie::CookieInclusionStatus::ExclusionReason>(), @@ -807,39 +819,45 @@ TEST(CanonicalCookieTest, IncludeForRequestURLSameSite) { // None and Secure cookies: {"Common=15;SameSite=None;Secure", CookieSameSite::NO_RESTRICTION, CookieEffectiveSameSite::NO_RESTRICTION, - CookieOptions::SameSiteCookieContext::CROSS_SITE, + SameSiteCookieContext(SameSiteCookieContext::ContextType::CROSS_SITE), CanonicalCookie::CookieInclusionStatus()}, {"Common=16;SameSite=None;Secure", CookieSameSite::NO_RESTRICTION, CookieEffectiveSameSite::NO_RESTRICTION, - CookieOptions::SameSiteCookieContext::SAME_SITE_LAX_METHOD_UNSAFE, + SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_LAX_METHOD_UNSAFE), CanonicalCookie::CookieInclusionStatus()}, {"Common=17;SameSite=None;Secure", CookieSameSite::NO_RESTRICTION, CookieEffectiveSameSite::NO_RESTRICTION, - CookieOptions::SameSiteCookieContext::SAME_SITE_LAX, + SameSiteCookieContext(SameSiteCookieContext::ContextType::SAME_SITE_LAX), CanonicalCookie::CookieInclusionStatus()}, {"Common=18;SameSite=None;Secure", CookieSameSite::NO_RESTRICTION, CookieEffectiveSameSite::NO_RESTRICTION, - CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT, + SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_STRICT), CanonicalCookie::CookieInclusionStatus()}, {"Common=19;SameSite=None;Secure", CookieSameSite::NO_RESTRICTION, CookieEffectiveSameSite::NO_RESTRICTION, - CookieOptions::SameSiteCookieContext:: - SAME_SITE_LAX_CROSS_SCHEME_SECURE_URL, + SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_LAX, + SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE), CanonicalCookie::CookieInclusionStatus()}, {"Common=20;SameSite=None;Secure", CookieSameSite::NO_RESTRICTION, CookieEffectiveSameSite::NO_RESTRICTION, - CookieOptions::SameSiteCookieContext:: - SAME_SITE_STRICT_CROSS_SCHEME_SECURE_URL, + SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_STRICT, + SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE), CanonicalCookie::CookieInclusionStatus()}, {"Common=21;SameSite=None;Secure", CookieSameSite::NO_RESTRICTION, CookieEffectiveSameSite::NO_RESTRICTION, - CookieOptions::SameSiteCookieContext:: - SAME_SITE_LAX_CROSS_SCHEME_INSECURE_URL, + SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_LAX, + SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE), CanonicalCookie::CookieInclusionStatus()}, {"Common=22;SameSite=None;Secure", CookieSameSite::NO_RESTRICTION, CookieEffectiveSameSite::NO_RESTRICTION, - CookieOptions::SameSiteCookieContext:: - SAME_SITE_STRICT_CROSS_SCHEME_INSECURE_URL, + SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_STRICT, + SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE), CanonicalCookie::CookieInclusionStatus()}}; // Test cases where the default is None (either access semantics is LEGACY, or @@ -848,7 +866,7 @@ TEST(CanonicalCookieTest, IncludeForRequestURLSameSite) { // Unspecified cookies (without SameSite-by-default): {"DefaultNone=1", CookieSameSite::UNSPECIFIED, CookieEffectiveSameSite::NO_RESTRICTION, - CookieOptions::SameSiteCookieContext::CROSS_SITE, + SameSiteCookieContext(SameSiteCookieContext::ContextType::CROSS_SITE), CanonicalCookie::CookieInclusionStatus::MakeFromReasonsForTesting( std::vector< CanonicalCookie::CookieInclusionStatus::ExclusionReason>(), @@ -856,7 +874,8 @@ TEST(CanonicalCookieTest, IncludeForRequestURLSameSite) { WARN_SAMESITE_UNSPECIFIED_CROSS_SITE_CONTEXT})}, {"DefaultNone=2", CookieSameSite::UNSPECIFIED, CookieEffectiveSameSite::NO_RESTRICTION, - CookieOptions::SameSiteCookieContext::SAME_SITE_LAX_METHOD_UNSAFE, + SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_LAX_METHOD_UNSAFE), CanonicalCookie::CookieInclusionStatus::MakeFromReasonsForTesting( std::vector< CanonicalCookie::CookieInclusionStatus::ExclusionReason>(), @@ -864,11 +883,12 @@ TEST(CanonicalCookieTest, IncludeForRequestURLSameSite) { WARN_SAMESITE_UNSPECIFIED_CROSS_SITE_CONTEXT})}, {"DefaultNone=3", CookieSameSite::UNSPECIFIED, CookieEffectiveSameSite::NO_RESTRICTION, - CookieOptions::SameSiteCookieContext::SAME_SITE_LAX, + SameSiteCookieContext(SameSiteCookieContext::ContextType::SAME_SITE_LAX), CanonicalCookie::CookieInclusionStatus()}, {"DefaultNone=4", CookieSameSite::UNSPECIFIED, CookieEffectiveSameSite::NO_RESTRICTION, - CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT, + SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_STRICT), CanonicalCookie::CookieInclusionStatus()}}; // Test cases where the default is Lax (either access semantics is NONLEGACY, @@ -877,7 +897,7 @@ TEST(CanonicalCookieTest, IncludeForRequestURLSameSite) { // Unspecified recently-created cookies (with SameSite-by-default): {"DefaultLax=1", CookieSameSite::UNSPECIFIED, CookieEffectiveSameSite::LAX_MODE_ALLOW_UNSAFE, - CookieOptions::SameSiteCookieContext::CROSS_SITE, + SameSiteCookieContext(SameSiteCookieContext::ContextType::CROSS_SITE), CanonicalCookie::CookieInclusionStatus( CanonicalCookie::CookieInclusionStatus:: EXCLUDE_SAMESITE_UNSPECIFIED_TREATED_AS_LAX, @@ -886,7 +906,8 @@ TEST(CanonicalCookieTest, IncludeForRequestURLSameSite) { kShortAge}, {"DefaultLax=2", CookieSameSite::UNSPECIFIED, CookieEffectiveSameSite::LAX_MODE_ALLOW_UNSAFE, - CookieOptions::SameSiteCookieContext::SAME_SITE_LAX_METHOD_UNSAFE, + SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_LAX_METHOD_UNSAFE), CanonicalCookie::CookieInclusionStatus::MakeFromReasonsForTesting( std::vector< CanonicalCookie::CookieInclusionStatus::ExclusionReason>(), @@ -895,16 +916,17 @@ TEST(CanonicalCookieTest, IncludeForRequestURLSameSite) { kShortAge}, {"DefaultLax=3", CookieSameSite::UNSPECIFIED, CookieEffectiveSameSite::LAX_MODE_ALLOW_UNSAFE, - CookieOptions::SameSiteCookieContext::SAME_SITE_LAX, + SameSiteCookieContext(SameSiteCookieContext::ContextType::SAME_SITE_LAX), CanonicalCookie::CookieInclusionStatus(), kShortAge}, {"DefaultLax=4", CookieSameSite::UNSPECIFIED, CookieEffectiveSameSite::LAX_MODE_ALLOW_UNSAFE, - CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT, + SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_STRICT), CanonicalCookie::CookieInclusionStatus(), kShortAge}, // Unspecified not-recently-created cookies (with SameSite-by-default): {"DefaultLax=5", CookieSameSite::UNSPECIFIED, CookieEffectiveSameSite::LAX_MODE, - CookieOptions::SameSiteCookieContext::CROSS_SITE, + SameSiteCookieContext(SameSiteCookieContext::ContextType::CROSS_SITE), CanonicalCookie::CookieInclusionStatus( CanonicalCookie::CookieInclusionStatus:: EXCLUDE_SAMESITE_UNSPECIFIED_TREATED_AS_LAX, @@ -913,7 +935,8 @@ TEST(CanonicalCookieTest, IncludeForRequestURLSameSite) { kLongAge}, {"DefaultLax=6", CookieSameSite::UNSPECIFIED, CookieEffectiveSameSite::LAX_MODE, - CookieOptions::SameSiteCookieContext::SAME_SITE_LAX_METHOD_UNSAFE, + SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_LAX_METHOD_UNSAFE), CanonicalCookie::CookieInclusionStatus( CanonicalCookie::CookieInclusionStatus:: EXCLUDE_SAMESITE_UNSPECIFIED_TREATED_AS_LAX, @@ -922,11 +945,12 @@ TEST(CanonicalCookieTest, IncludeForRequestURLSameSite) { kLongAge}, {"DefaultLax=7", CookieSameSite::UNSPECIFIED, CookieEffectiveSameSite::LAX_MODE, - CookieOptions::SameSiteCookieContext::SAME_SITE_LAX, + SameSiteCookieContext(SameSiteCookieContext::ContextType::SAME_SITE_LAX), CanonicalCookie::CookieInclusionStatus(), kLongAge}, {"DefaultLax=8", CookieSameSite::UNSPECIFIED, CookieEffectiveSameSite::LAX_MODE, - CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT, + SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_STRICT), CanonicalCookie::CookieInclusionStatus(), kLongAge}, }; @@ -1032,8 +1056,8 @@ TEST(CanonicalCookieTest, MultipleExclusionReasons) { base::Optional server_time = base::nullopt; CookieOptions options; options.set_exclude_httponly(); - options.set_same_site_cookie_context( - CookieOptions::SameSiteCookieContext::CROSS_SITE); + options.set_same_site_cookie_context(CookieOptions::SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE)); // Test IncludeForRequestURL() // Note: This is a cookie that should never exist normally, because Create() @@ -1978,26 +2002,36 @@ TEST(CanonicalCookieTest, IsSetPermittedInContext) { CookieOptions context_cross_site; CookieOptions context_same_site_lax; context_same_site_lax.set_same_site_cookie_context( - net::CookieOptions::SameSiteCookieContext::SAME_SITE_LAX); + CookieOptions::SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX)); CookieOptions context_same_site_strict; context_same_site_strict.set_same_site_cookie_context( - net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT); + CookieOptions::SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT)); CookieOptions context_same_site_lax_to_secure; context_same_site_lax_to_secure.set_same_site_cookie_context( - net::CookieOptions::SameSiteCookieContext:: - SAME_SITE_LAX_CROSS_SCHEME_SECURE_URL); + CookieOptions::SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX, + CookieOptions::SameSiteCookieContext::CrossSchemeness:: + INSECURE_SECURE)); CookieOptions context_same_site_strict_to_secure; context_same_site_strict_to_secure.set_same_site_cookie_context( - net::CookieOptions::SameSiteCookieContext:: - SAME_SITE_STRICT_CROSS_SCHEME_SECURE_URL); + CookieOptions::SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT, + CookieOptions::SameSiteCookieContext::CrossSchemeness:: + INSECURE_SECURE)); CookieOptions context_same_site_lax_to_insecure; context_same_site_lax_to_insecure.set_same_site_cookie_context( - net::CookieOptions::SameSiteCookieContext:: - SAME_SITE_LAX_CROSS_SCHEME_INSECURE_URL); + CookieOptions::SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX, + CookieOptions::SameSiteCookieContext::CrossSchemeness:: + SECURE_INSECURE)); CookieOptions context_same_site_strict_to_insecure; context_same_site_strict_to_insecure.set_same_site_cookie_context( - net::CookieOptions::SameSiteCookieContext:: - SAME_SITE_STRICT_CROSS_SCHEME_INSECURE_URL); + CookieOptions::SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT, + CookieOptions::SameSiteCookieContext::CrossSchemeness:: + SECURE_INSECURE)); { CanonicalCookie cookie_same_site_unrestricted( diff --git a/net/cookies/cookie_monster.cc b/net/cookies/cookie_monster.cc index 84a7d50dfd71f3..783485c013df43 100644 --- a/net/cookies/cookie_monster.cc +++ b/net/cookies/cookie_monster.cc @@ -301,9 +301,9 @@ size_t CountCookiesForPossibleDeletion( // |same_site_requirement|, and the options permit HttpOnly access. bool IsHttpSameSiteContextAtLeast( const CookieOptions& options, - CookieOptions::SameSiteCookieContext same_site_requirement) { + CookieOptions::SameSiteCookieContext::ContextType same_site_requirement) { return !options.exclude_httponly() && - options.same_site_cookie_context() >= same_site_requirement; + options.same_site_cookie_context().context >= same_site_requirement; } } // namespace @@ -1713,7 +1713,8 @@ CookieAccessSemantics CookieMonster::GetAccessSemanticsForCookieSet( (cookie_util:: IsRecentHttpSameSiteAccessGrantsLegacyCookieSemanticsEnabled() && IsHttpSameSiteContextAtLeast( - options, CookieOptions::SameSiteCookieContext::SAME_SITE_LAX)); + options, + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX)); // If the current cookie access is not itself http-and-same-site, but the last // one that was, was recent enough, (and the corresponding feature is enabled) @@ -1761,10 +1762,11 @@ void CookieMonster::MaybeRecordCookieAccessWithOptions( // time should not be updated when the cookie is accessed to populate the UI.) if (!options.update_access_time()) return; - - CookieOptions::SameSiteCookieContext same_site_requirement = - is_set ? CookieOptions::SameSiteCookieContext::SAME_SITE_LAX - : CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT; + CookieOptions::SameSiteCookieContext::ContextType same_site_requirement; + same_site_requirement = + is_set + ? CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX + : CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT; if (IsHttpSameSiteContextAtLeast(options, same_site_requirement)) last_http_same_site_accesses_[cookie.UniqueKey()] = base::TimeTicks::Now(); } diff --git a/net/cookies/cookie_monster_unittest.cc b/net/cookies/cookie_monster_unittest.cc index 9663b25b831fff..477961d177e400 100644 --- a/net/cookies/cookie_monster_unittest.cc +++ b/net/cookies/cookie_monster_unittest.cc @@ -1631,7 +1631,8 @@ TEST_F(CookieMonsterTest, GetExcludedCookiesForURL) { return_excluded.set_return_excluded_cookies(); return_excluded.set_exclude_httponly(); return_excluded.set_same_site_cookie_context( - CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT); + CookieOptions::SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT)); excluded_cookies = GetExcludedCookiesForURLWithOptions( cm.get(), http_www_foo_.url(), return_excluded); @@ -3366,7 +3367,8 @@ TEST_F(CookieMonsterTest, RejectCreatedSameSiteCookieOnSet) { CookieMonster cm(nullptr, nullptr); CookieOptions env_cross_site; env_cross_site.set_same_site_cookie_context( - CookieOptions::SameSiteCookieContext::CROSS_SITE); + CookieOptions::SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE)); CanonicalCookie::CookieInclusionStatus status; // Cookie can be created successfully; SameSite is not checked on Creation. @@ -3428,7 +3430,8 @@ TEST_F(CookieMonsterTest, RejectCreatedHttpOnlyCookieOnSet) { // not allow httponly. CookieOptions options_no_httponly; options_no_httponly.set_same_site_cookie_context( - CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT); + CookieOptions::SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT)); options_no_httponly.set_exclude_httponly(); // Default, but make it explicit. ResultSavingCookieCallback callback; cm.SetCanonicalCookieAsync(std::move(cookie), "http", options_no_httponly, @@ -3861,7 +3864,8 @@ TEST_F(CookieMonsterLegacyCookieAccessTest, RecentHttpSameSiteAccess) { CookieOptions http_lax_options; http_lax_options.set_include_httponly(); http_lax_options.set_same_site_cookie_context( - CookieOptions::SameSiteCookieContext::SAME_SITE_LAX); + CookieOptions::SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX)); // This one only works because it's treated as Legacy, otherwise it would be // rejected for being SameSite=None without secure. EXPECT_TRUE(CreateAndSetCookie(cm_.get(), kHttpUrl, "cookie=1;SameSite=None", @@ -3899,7 +3903,8 @@ TEST_F(CookieMonsterLegacyCookieAccessTest, RecentHttpSameSiteAccess) { CookieOptions exclude_http_lax_options; exclude_http_lax_options.set_exclude_httponly(); exclude_http_lax_options.set_same_site_cookie_context( - CookieOptions::SameSiteCookieContext::SAME_SITE_LAX); + CookieOptions::SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX)); EXPECT_TRUE(CreateAndSetCookie(cm_.get(), kHttpUrl, "cookie=1", exclude_http_lax_options)); // There is no recent eligible last access time, because we deleted the @@ -3918,7 +3923,8 @@ TEST_F(CookieMonsterLegacyCookieAccessTest, RecentHttpSameSiteAccess) { CookieOptions http_strict_options; http_strict_options.set_include_httponly(); http_strict_options.set_same_site_cookie_context( - CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT); + CookieOptions::SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT)); EXPECT_FALSE(CreateAndSetCookie(cm_.get(), kHttpUrl, "cookie=2;Secure", http_strict_options)); EXPECT_EQ("", GetCookiesWithOptions(cm_.get(), kHttpUrl, CookieOptions())); diff --git a/net/cookies/cookie_options.cc b/net/cookies/cookie_options.cc index 786c338b5bb6a1..252de953cea829 100644 --- a/net/cookies/cookie_options.cc +++ b/net/cookies/cookie_options.cc @@ -8,10 +8,25 @@ namespace net { +CookieOptions::SameSiteCookieContext +CookieOptions::SameSiteCookieContext::MakeInclusive() { + return SameSiteCookieContext(ContextType::SAME_SITE_STRICT); +} + +int64_t CookieOptions::SameSiteCookieContext::ConvertToMetricsValue() const { + if (cross_schemeness == CrossSchemeness::INSECURE_SECURE) { + return static_cast(context) | kToSecureMask; + } else if (cross_schemeness == CrossSchemeness::SECURE_INSECURE) { + return static_cast(context) | kToInsecureMask; + } + return static_cast(context); +} + // Keep default values in sync with content/public/common/cookie_manager.mojom. CookieOptions::CookieOptions() : exclude_httponly_(true), - same_site_cookie_context_(SameSiteCookieContext::CROSS_SITE), + same_site_cookie_context_(SameSiteCookieContext( + SameSiteCookieContext::ContextType::CROSS_SITE)), update_access_time_(true), return_excluded_cookies_(false) {} @@ -19,9 +34,20 @@ CookieOptions::CookieOptions() CookieOptions CookieOptions::MakeAllInclusive() { CookieOptions options; options.set_include_httponly(); - options.set_same_site_cookie_context(SameSiteCookieContext::SAME_SITE_STRICT); + options.set_same_site_cookie_context(SameSiteCookieContext::MakeInclusive()); options.set_do_not_update_access_time(); return options; } +bool operator==(const CookieOptions::SameSiteCookieContext& lhs, + const CookieOptions::SameSiteCookieContext& rhs) { + return std::tie(lhs.context, lhs.cross_schemeness) == + std::tie(rhs.context, rhs.cross_schemeness); +} + +bool operator!=(const CookieOptions::SameSiteCookieContext& lhs, + const CookieOptions::SameSiteCookieContext& rhs) { + return !(lhs == rhs); +} + } // namespace net diff --git a/net/cookies/cookie_options.h b/net/cookies/cookie_options.h index 1c1aaad1dd6060..4cae02efe3184e 100644 --- a/net/cookies/cookie_options.h +++ b/net/cookies/cookie_options.h @@ -16,38 +16,70 @@ namespace net { class NET_EXPORT CookieOptions { public: - // Mask indicating insecure site-for-cookies and secure request/response. - static const int kToSecureMask = 1 << 5; - // Mask indicating secure site-for-cookies and insecure request/response. - static const int kToInsecureMask = kToSecureMask << 1; // Relation between the cookie and the navigational environment. - // CROSS_SITE to SAME_SITE_STRICT are ordered from least to most trusted - // environment. The remaining values are reiterations with additional bits for - // cross-scheme contexts. Don't renumber, used in histograms. - enum class SameSiteCookieContext { - CROSS_SITE = 0, - // Same rules as lax but the http method is unsafe. - SAME_SITE_LAX_METHOD_UNSAFE = 1, - SAME_SITE_LAX = 2, - SAME_SITE_STRICT = 3, - // The CROSS_SCHEME enums are for when the url and site_for_cookies - // differ in their schemes (http vs https). Their values are chosen such - // that the CROSS_SCHEME flag can be bitmasked out. - // SECURE_URL indicates either a request to a secure url or a response from - // a secure url, similarly for INSECURE. - SAME_SITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_SECURE_URL = - SAME_SITE_LAX_METHOD_UNSAFE | kToSecureMask, - SAME_SITE_LAX_CROSS_SCHEME_SECURE_URL = SAME_SITE_LAX | kToSecureMask, - SAME_SITE_STRICT_CROSS_SCHEME_SECURE_URL = SAME_SITE_STRICT | kToSecureMask, - SAME_SITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_INSECURE_URL = - SAME_SITE_LAX_METHOD_UNSAFE | kToInsecureMask, - SAME_SITE_LAX_CROSS_SCHEME_INSECURE_URL = SAME_SITE_LAX | kToInsecureMask, - SAME_SITE_STRICT_CROSS_SCHEME_INSECURE_URL = - SAME_SITE_STRICT | kToInsecureMask, - - // Keep last, used for histograms. - COUNT + class NET_EXPORT SameSiteCookieContext { + public: + // CROSS_SITE to SAME_SITE_STRICT are ordered from least to most trusted + // environment. Don't renumber, used in histograms. + enum class ContextType { + CROSS_SITE = 0, + // Same rules as lax but the http method is unsafe. + SAME_SITE_LAX_METHOD_UNSAFE = 1, + SAME_SITE_LAX = 2, + SAME_SITE_STRICT = 3, + + // Keep last, used for histograms. + COUNT + }; + + // Used for when, and in what direction, same-site requests and responses + // are made in a cross-scheme context. Currently only used for metrics + // gathering and does not affect cookie behavior. + enum class CrossSchemeness { + NONE, + INSECURE_SECURE, // Insecure site-for-cookies, secure request/response + SECURE_INSECURE // Secure site-for-cookies, insecure request/response + }; + + SameSiteCookieContext() : SameSiteCookieContext(ContextType::CROSS_SITE) {} + explicit SameSiteCookieContext( + ContextType same_site_context, + CrossSchemeness cross_schemeness = CrossSchemeness::NONE) + : context(same_site_context), cross_schemeness(cross_schemeness) {} + + bool IsDifferentScheme() const { + return cross_schemeness != SameSiteCookieContext::CrossSchemeness::NONE; + } + + // Convenience method which returns a SameSiteCookieContext with the most + // inclusive context. This allows access to all SameSite cookies. + static SameSiteCookieContext MakeInclusive(); + + // The following functions are for conversion to the previous style of + // SameSiteCookieContext for metrics usage. This may be removed when the + // metrics using them are also removed. + + // Used as the "COUNT" entry in a histogram enum. + static constexpr int64_t MetricCount() { + return (static_cast(ContextType::SAME_SITE_STRICT) | + kToInsecureMask) + + 1; + } + int64_t ConvertToMetricsValue() const; + + ContextType context; + + CrossSchemeness cross_schemeness; + + private: + // The following variables are for conversion to the previous style of + // SameSiteCookieContext for metrics usage. This may be removed when the + // metrics using them are also removed. + // Mask indicating insecure site-for-cookies and secure request/response. + static const int kToSecureMask = 1 << 5; + // Mask indicating secure site-for-cookies and insecure request/response. + static const int kToInsecureMask = kToSecureMask << 1; }; // Creates a CookieOptions object which: @@ -77,33 +109,9 @@ class NET_EXPORT CookieOptions { // Strips off the cross-scheme bits to only return the same-site context. SameSiteCookieContext same_site_cookie_context() const { - return RemoveCrossSchemeBitmask(same_site_cookie_context_); - } - - SameSiteCookieContext same_site_cookie_context_full() const { return same_site_cookie_context_; } - static SameSiteCookieContext ApplyCrossSchemeBitmask( - SameSiteCookieContext context, - int mask) { - int return_value = static_cast(context); - return_value = return_value | mask; - return static_cast(return_value); - } - - static SameSiteCookieContext RemoveCrossSchemeBitmask( - SameSiteCookieContext context) { - int return_value = static_cast(context); - return_value = return_value & ~(kToSecureMask | kToInsecureMask); - return static_cast(return_value); - } - - bool IsDifferentScheme() const { - return static_cast(same_site_cookie_context_) & - (kToSecureMask | kToInsecureMask); - } - void set_update_access_time() { update_access_time_ = true; } void set_do_not_update_access_time() { update_access_time_ = false; } bool update_access_time() const { return update_access_time_; } @@ -127,6 +135,12 @@ class NET_EXPORT CookieOptions { bool return_excluded_cookies_; }; +NET_EXPORT bool operator==(const CookieOptions::SameSiteCookieContext& lhs, + const CookieOptions::SameSiteCookieContext& rhs); + +NET_EXPORT bool operator!=(const CookieOptions::SameSiteCookieContext& lhs, + const CookieOptions::SameSiteCookieContext& rhs); + } // namespace net #endif // NET_COOKIES_COOKIE_OPTIONS_H_ diff --git a/net/cookies/cookie_store_change_unittest.h b/net/cookies/cookie_store_change_unittest.h index 0361b2659a0abb..ba3767fd67728a 100644 --- a/net/cookies/cookie_store_change_unittest.h +++ b/net/cookies/cookie_store_change_unittest.h @@ -382,7 +382,7 @@ TYPED_TEST_P(CookieStoreChangeGlobalTest, OverwriteWithHttpOnly) { CookieOptions allow_httponly; allow_httponly.set_include_httponly(); allow_httponly.set_same_site_cookie_context( - net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT); + net::CookieOptions::SameSiteCookieContext::MakeInclusive()); EXPECT_TRUE(this->CreateAndSetCookie(cs, this->http_www_foo_.url(), "A=C; path=/path1; httponly", @@ -1179,7 +1179,7 @@ TYPED_TEST_P(CookieStoreChangeUrlTest, OverwriteWithHttpOnly) { CookieOptions allow_httponly; allow_httponly.set_include_httponly(); allow_httponly.set_same_site_cookie_context( - net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT); + net::CookieOptions::SameSiteCookieContext::MakeInclusive()); EXPECT_TRUE(this->CreateAndSetCookie(cs, this->http_www_foo_.url(), "A=C; path=/foo; httponly", @@ -2203,7 +2203,7 @@ TYPED_TEST_P(CookieStoreChangeNamedTest, OverwriteWithHttpOnly) { CookieOptions allow_httponly; allow_httponly.set_include_httponly(); allow_httponly.set_same_site_cookie_context( - net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT); + net::CookieOptions::SameSiteCookieContext::MakeInclusive()); EXPECT_TRUE(this->CreateAndSetCookie(cs, this->http_www_foo_.url(), "abc=hij; path=/foo; httponly", diff --git a/net/cookies/cookie_store_unittest.h b/net/cookies/cookie_store_unittest.h index 847ee04fac45e7..1e86c65f34a611 100644 --- a/net/cookies/cookie_store_unittest.h +++ b/net/cookies/cookie_store_unittest.h @@ -144,7 +144,7 @@ class CookieStoreTest : public testing::Test { if (!CookieStoreTestTraits::supports_http_only) options.set_include_httponly(); options.set_same_site_cookie_context( - net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT); + net::CookieOptions::SameSiteCookieContext::MakeInclusive()); return GetCookiesWithOptions(cs, url, options); } @@ -217,7 +217,7 @@ class CookieStoreTest : public testing::Test { if (can_modify_httponly) options.set_include_httponly(); options.set_same_site_cookie_context( - net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT); + net::CookieOptions::SameSiteCookieContext::MakeInclusive()); cs->SetCanonicalCookieAsync(std::move(cookie), std::move(source_scheme), options, callback.MakeCallback()); callback.WaitUntilDone(); @@ -232,7 +232,7 @@ class CookieStoreTest : public testing::Test { if (!CookieStoreTestTraits::supports_http_only) options.set_include_httponly(); options.set_same_site_cookie_context( - net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT); + net::CookieOptions::SameSiteCookieContext::MakeInclusive()); return CreateAndSetCookie(cs, url, cookie_line, options, base::make_optional(server_time)); } @@ -244,7 +244,7 @@ class CookieStoreTest : public testing::Test { if (!CookieStoreTestTraits::supports_http_only) options.set_include_httponly(); options.set_same_site_cookie_context( - net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT); + net::CookieOptions::SameSiteCookieContext::MakeInclusive()); return CreateAndSetCookie(cs, url, cookie_line, options); } @@ -264,7 +264,7 @@ class CookieStoreTest : public testing::Test { options.set_include_httponly(); // Allow setting SameSite cookies. options.set_same_site_cookie_context( - net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT); + net::CookieOptions::SameSiteCookieContext::MakeInclusive()); DCHECK(cs); ResultSavingCookieCallback callback; @@ -285,7 +285,7 @@ class CookieStoreTest : public testing::Test { if (can_modify_httponly) options.set_include_httponly(); options.set_same_site_cookie_context( - net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT); + net::CookieOptions::SameSiteCookieContext::MakeInclusive()); cs->SetCanonicalCookieAsync(std::move(cookie), std::move(source_scheme), options, callback.MakeCallback()); callback.WaitUntilDone(); @@ -484,7 +484,7 @@ TYPED_TEST_P(CookieStoreTest, FilterTest) { if (TypeParam::supports_http_only) { net::CookieOptions options; options.set_same_site_cookie_context( - net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT); + net::CookieOptions::SameSiteCookieContext::MakeInclusive()); cookies = this->GetCookieListWithOptions(cs, this->www_foo_bar_.url(), options); it = cookies.begin(); @@ -1217,7 +1217,7 @@ TYPED_TEST_P(CookieStoreTest, EmptyExpires) { if (!TypeParam::supports_http_only) options.set_include_httponly(); options.set_same_site_cookie_context( - net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT); + net::CookieOptions::SameSiteCookieContext::MakeInclusive()); GURL url("http://www7.ipdl.inpit.go.jp/Tokujitu/tjkta.ipdl?N0000=108"); std::string set_cookie_line = "ACSTM=20130308043820420042; path=/; domain=ipdl.inpit.go.jp; Expires="; @@ -1247,7 +1247,7 @@ TYPED_TEST_P(CookieStoreTest, HttpOnlyTest) { CookieOptions options; options.set_include_httponly(); options.set_same_site_cookie_context( - net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT); + net::CookieOptions::SameSiteCookieContext::MakeInclusive()); // Create a httponly cookie. EXPECT_TRUE(this->CreateAndSetCookie(cs, this->http_www_foo_.url(), @@ -1535,7 +1535,7 @@ TYPED_TEST_P(CookieStoreTest, OverwritePersistentCookie) { CookieOptions allow_httponly; allow_httponly.set_include_httponly(); allow_httponly.set_same_site_cookie_context( - net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT); + net::CookieOptions::SameSiteCookieContext::MakeInclusive()); EXPECT_TRUE(this->CreateAndSetCookie(cs, url_foo, "b=val2; path=/path1; httponly; " "expires=Mon, 18-Apr-22 22:50:14 GMT", @@ -1591,7 +1591,7 @@ TYPED_TEST_P(CookieStoreTest, EmptyName) { if (!TypeParam::supports_http_only) options.set_include_httponly(); options.set_same_site_cookie_context( - net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT); + net::CookieOptions::SameSiteCookieContext::MakeInclusive()); EXPECT_TRUE(this->CreateAndSetCookie(cs, url_foo, "a", options)); CookieList list = this->GetAllCookiesForURL(cs, url_foo); @@ -1634,7 +1634,7 @@ TYPED_TEST_P(CookieStoreTest, CookieOrdering) { CookieOptions options; options.set_same_site_cookie_context( - net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT); + net::CookieOptions::SameSiteCookieContext::MakeInclusive()); CookieList cookies = this->GetCookieListWithOptions( cs, GURL("http://d.c.b.a.foo.com/aa/bb/cc/dd"), options); diff --git a/net/cookies/cookie_util.cc b/net/cookies/cookie_util.cc index 5f4862922cb782..43b0cac51b9233 100644 --- a/net/cookies/cookie_util.cc +++ b/net/cookies/cookie_util.cc @@ -74,50 +74,53 @@ bool SaturatedTimeFromUTCExploded(const base::Time::Exploded& exploded, return false; } -CookieOptions::SameSiteCookieContext ComputeSchemeChange( +CookieOptions::SameSiteCookieContext::CrossSchemeness ComputeSchemeChange( CookieOptions::SameSiteCookieContext same_site_type, const GURL& url, const SiteForCookies& site_for_cookies) { - DCHECK(same_site_type == - CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT || - same_site_type == CookieOptions::SameSiteCookieContext::SAME_SITE_LAX); + DCHECK(same_site_type.context >= + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX); + CookieOptions::SameSiteCookieContext::CrossSchemeness cross_schemeness = + CookieOptions::SameSiteCookieContext::CrossSchemeness::NONE; bool url_secure = url.SchemeIsCryptographic(); bool site_for_cookies_secure = GURL::SchemeIsCryptographic(site_for_cookies.scheme()); - // Check for different schemes and add flag if so. if (url_secure && !site_for_cookies_secure) { - same_site_type = CookieOptions::ApplyCrossSchemeBitmask( - same_site_type, CookieOptions::kToSecureMask); + cross_schemeness = + CookieOptions::SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE; } else if (!url_secure && site_for_cookies_secure) { - same_site_type = CookieOptions::ApplyCrossSchemeBitmask( - same_site_type, CookieOptions::kToInsecureMask); + cross_schemeness = + CookieOptions::SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE; } - return same_site_type; + return cross_schemeness; } CookieOptions::SameSiteCookieContext ComputeSameSiteContext( const GURL& url, const SiteForCookies& site_for_cookies, const base::Optional& initiator) { + CookieOptions::SameSiteCookieContext same_site_type( + CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE); if (site_for_cookies.IsFirstParty(url)) { - CookieOptions::SameSiteCookieContext same_site_type; // Create a SiteForCookies object from the initiator so that we can reuse // IsFirstParty(). if (!initiator || SiteForCookies::FromOrigin(initiator.value()).IsFirstParty(url)) { - same_site_type = CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT; + same_site_type.context = + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT; } else { - same_site_type = CookieOptions::SameSiteCookieContext::SAME_SITE_LAX; + same_site_type.context = + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX; } - same_site_type = ComputeSchemeChange(same_site_type, url, site_for_cookies); - - return same_site_type; + same_site_type.cross_schemeness = + ComputeSchemeChange(same_site_type, url, site_for_cookies); } - return CookieOptions::SameSiteCookieContext::CROSS_SITE; + + return same_site_type; } } // namespace @@ -449,28 +452,27 @@ CookieOptions::SameSiteCookieContext ComputeSameSiteContextForRequest( // but appear like cross-site ones. // // * Otherwise, do not include same-site cookies. + CookieOptions::SameSiteCookieContext same_site_context; + if (attach_same_site_cookies) { - return ComputeSchemeChange( - CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT, url, - site_for_cookies); + same_site_context.context = + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT; + same_site_context.cross_schemeness = + ComputeSchemeChange(same_site_context, url, site_for_cookies); + return same_site_context; } - CookieOptions::SameSiteCookieContext same_site_context = - ComputeSameSiteContext(url, site_for_cookies, initiator); - - int scheme_bitmask = - static_cast(same_site_context) & - (CookieOptions::kToSecureMask | CookieOptions::kToInsecureMask); + same_site_context = ComputeSameSiteContext(url, site_for_cookies, initiator); // If the method is safe, the context is Lax. Otherwise, make a note that // the method is unsafe. - if (CookieOptions::RemoveCrossSchemeBitmask(same_site_context) == - CookieOptions::SameSiteCookieContext::SAME_SITE_LAX && + if (same_site_context.context == + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX && !net::HttpUtil::IsMethodSafe(http_method)) { - return CookieOptions::ApplyCrossSchemeBitmask( - CookieOptions::SameSiteCookieContext::SAME_SITE_LAX_METHOD_UNSAFE, - scheme_bitmask); + same_site_context.context = CookieOptions::SameSiteCookieContext:: + ContextType::SAME_SITE_LAX_METHOD_UNSAFE; } + return same_site_context; } @@ -480,9 +482,11 @@ ComputeSameSiteContextForScriptGet(const GURL& url, const base::Optional& initiator, bool attach_same_site_cookies) { if (attach_same_site_cookies) { - return ComputeSchemeChange( - CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT, url, - site_for_cookies); + CookieOptions::SameSiteCookieContext same_site_context( + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT); + same_site_context.cross_schemeness = + ComputeSchemeChange(same_site_context, url, site_for_cookies); + return same_site_context; } return ComputeSameSiteContext(url, site_for_cookies, initiator); } @@ -492,14 +496,19 @@ CookieOptions::SameSiteCookieContext ComputeSameSiteContextForResponse( const SiteForCookies& site_for_cookies, const base::Optional& initiator, bool attach_same_site_cookies) { + CookieOptions::SameSiteCookieContext same_site_context; // |initiator| is here in case it'll be decided to ignore |site_for_cookies| // for entirely browser-side requests (see https://crbug.com/958335). if (attach_same_site_cookies || site_for_cookies.IsFirstParty(url)) { - return ComputeSchemeChange( - CookieOptions::SameSiteCookieContext::SAME_SITE_LAX, url, - site_for_cookies); + same_site_context.context = + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX; + same_site_context.cross_schemeness = + ComputeSchemeChange(same_site_context, url, site_for_cookies); + return same_site_context; } else { - return CookieOptions::SameSiteCookieContext::CROSS_SITE; + same_site_context.context = + CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE; + return same_site_context; } } @@ -507,12 +516,17 @@ CookieOptions::SameSiteCookieContext ComputeSameSiteContextForScriptSet( const GURL& url, const SiteForCookies& site_for_cookies, bool attach_same_site_cookies) { + CookieOptions::SameSiteCookieContext same_site_context; if (attach_same_site_cookies || site_for_cookies.IsFirstParty(url)) { - return ComputeSchemeChange( - CookieOptions::SameSiteCookieContext::SAME_SITE_LAX, url, - site_for_cookies); + same_site_context.context = + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX; + same_site_context.cross_schemeness = + ComputeSchemeChange(same_site_context, url, site_for_cookies); + return same_site_context; } else { - return CookieOptions::SameSiteCookieContext::CROSS_SITE; + same_site_context.context = + CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE; + return same_site_context; } } @@ -520,14 +534,19 @@ CookieOptions::SameSiteCookieContext ComputeSameSiteContextForSubresource( const GURL& url, const SiteForCookies& site_for_cookies, bool attach_same_site_cookies) { + CookieOptions::SameSiteCookieContext same_site_context; // If the URL is same-site as site_for_cookies it's same-site as all frames // in the tree from the initiator frame up --- including the initiator frame. if (attach_same_site_cookies || site_for_cookies.IsFirstParty(url)) { - return ComputeSchemeChange( - CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT, url, - site_for_cookies); + same_site_context.context = + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT; + same_site_context.cross_schemeness = + ComputeSchemeChange(same_site_context, url, site_for_cookies); + return same_site_context; } else { - return CookieOptions::SameSiteCookieContext::CROSS_SITE; + same_site_context.context = + CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE; + return same_site_context; } } diff --git a/net/cookies/cookie_util_unittest.cc b/net/cookies/cookie_util_unittest.cc index 10ee01bcbda3ac..62c900207ac43d 100644 --- a/net/cookies/cookie_util_unittest.cc +++ b/net/cookies/cookie_util_unittest.cc @@ -254,70 +254,79 @@ TEST(CookieUtilTest, TestIsDomainMatch) { } TEST(CookieUtilTest, TestComputeSameSiteContextForScriptGet) { + using SameSiteCookieContext = CookieOptions::SameSiteCookieContext; // |site_for_cookies| not matching the URL -> it's cross-site. EXPECT_EQ( - CookieOptions::SameSiteCookieContext::CROSS_SITE, + SameSiteCookieContext(SameSiteCookieContext::ContextType::CROSS_SITE), cookie_util::ComputeSameSiteContextForScriptGet( GURL("http://example.com"), SiteForCookies::FromUrl(GURL("http://notexample.com")), base::nullopt /*initiator*/, false /* attach_same_site_cookies */)); - EXPECT_EQ(CookieOptions::SameSiteCookieContext::CROSS_SITE, - cookie_util::ComputeSameSiteContextForScriptGet( - GURL("http://example.com"), - SiteForCookies::FromUrl(GURL("http://notexample.com")), - url::Origin::Create(GURL("http://example.com")), - false /* attach_same_site_cookies */)); + EXPECT_EQ( + SameSiteCookieContext(SameSiteCookieContext::ContextType::CROSS_SITE), + cookie_util::ComputeSameSiteContextForScriptGet( + GURL("http://example.com"), + SiteForCookies::FromUrl(GURL("http://notexample.com")), + url::Origin::Create(GURL("http://example.com")), + false /* attach_same_site_cookies */)); EXPECT_EQ( - CookieOptions::SameSiteCookieContext::CROSS_SITE, + SameSiteCookieContext(SameSiteCookieContext::ContextType::CROSS_SITE), cookie_util::ComputeSameSiteContextForScriptGet( GURL("http://a.com"), SiteForCookies::FromUrl(GURL("http://b.com")), url::Origin::Create(GURL("http://from-elsewhere.com")), false /* attach_same_site_cookies */)); // Same |site_for_cookies|, but not |initiator| -> it's same-site lax. - EXPECT_EQ(CookieOptions::SameSiteCookieContext::SAME_SITE_LAX, - cookie_util::ComputeSameSiteContextForScriptGet( - GURL("http://example.com"), - SiteForCookies::FromUrl(GURL("http://example.com")), - url::Origin::Create(GURL("http://from-elsewhere.com")), - false /* attach_same_site_cookies */)); + EXPECT_EQ( + CookieOptions::SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX), + cookie_util::ComputeSameSiteContextForScriptGet( + GURL("http://example.com"), + SiteForCookies::FromUrl(GURL("http://example.com")), + url::Origin::Create(GURL("http://from-elsewhere.com")), + false /* attach_same_site_cookies */)); // This isn't a full on origin check --- subdomains and different schema are // accepted. - EXPECT_EQ(CookieOptions::SameSiteCookieContext:: - SAME_SITE_LAX_CROSS_SCHEME_SECURE_URL, + EXPECT_EQ(SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_LAX, + SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE), cookie_util::ComputeSameSiteContextForScriptGet( GURL("https://example.com"), SiteForCookies::FromUrl(GURL("http://example.com")), url::Origin::Create(GURL("http://from-elsewhere.com")), false /* attach_same_site_cookies */)); - EXPECT_EQ(CookieOptions::SameSiteCookieContext:: - SAME_SITE_LAX_CROSS_SCHEME_INSECURE_URL, + EXPECT_EQ(SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_LAX, + SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE), cookie_util::ComputeSameSiteContextForScriptGet( GURL("http://example.com"), SiteForCookies::FromUrl(GURL("https://example.com")), url::Origin::Create(GURL("http://from-elsewhere.com")), false /* attach_same_site_cookies */)); - EXPECT_EQ(CookieOptions::SameSiteCookieContext::SAME_SITE_LAX, - cookie_util::ComputeSameSiteContextForScriptGet( - GURL("http://sub.example.com"), - SiteForCookies::FromUrl(GURL("http://sub2.example.com")), - url::Origin::Create(GURL("http://from-elsewhere.com")), - false /* attach_same_site_cookies */)); + EXPECT_EQ( + SameSiteCookieContext(SameSiteCookieContext::ContextType::SAME_SITE_LAX), + cookie_util::ComputeSameSiteContextForScriptGet( + GURL("http://sub.example.com"), + SiteForCookies::FromUrl(GURL("http://sub2.example.com")), + url::Origin::Create(GURL("http://from-elsewhere.com")), + false /* attach_same_site_cookies */)); - EXPECT_EQ(CookieOptions::SameSiteCookieContext::SAME_SITE_LAX, - cookie_util::ComputeSameSiteContextForScriptGet( - GURL("http://sub.example.com"), - SiteForCookies::FromUrl(GURL("http://sub.example.com:8080")), - url::Origin::Create(GURL("http://from-elsewhere.com")), - false /* attach_same_site_cookies */)); + EXPECT_EQ( + SameSiteCookieContext(SameSiteCookieContext::ContextType::SAME_SITE_LAX), + cookie_util::ComputeSameSiteContextForScriptGet( + GURL("http://sub.example.com"), + SiteForCookies::FromUrl(GURL("http://sub.example.com:8080")), + url::Origin::Create(GURL("http://from-elsewhere.com")), + false /* attach_same_site_cookies */)); // nullopt |initiator| is trusted for purposes of strict, an opaque one isn't. - EXPECT_EQ(CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT, + EXPECT_EQ(SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_STRICT), cookie_util::ComputeSameSiteContextForScriptGet( GURL("http://example.com"), SiteForCookies::FromUrl(GURL("http://example.com")), @@ -325,165 +334,198 @@ TEST(CookieUtilTest, TestComputeSameSiteContextForScriptGet) { false /* attach_same_site_cookies */)); EXPECT_EQ( - CookieOptions::SameSiteCookieContext:: - SAME_SITE_STRICT_CROSS_SCHEME_SECURE_URL, + SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_STRICT, + SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE), cookie_util::ComputeSameSiteContextForScriptGet( GURL("https://example.com"), SiteForCookies::FromUrl(GURL("http://example.com")), base::nullopt /*initiator*/, false /* attach_same_site_cookies */)); EXPECT_EQ( - CookieOptions::SameSiteCookieContext:: - SAME_SITE_STRICT_CROSS_SCHEME_INSECURE_URL, + SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_STRICT, + SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE), cookie_util::ComputeSameSiteContextForScriptGet( GURL("http://example.com"), SiteForCookies::FromUrl(GURL("https://example.com")), base::nullopt /*initiator*/, false /* attach_same_site_cookies */)); EXPECT_EQ( - CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT, + SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT), cookie_util::ComputeSameSiteContextForScriptGet( GURL("http://example.com"), SiteForCookies::FromUrl(GURL("http://example.com")), base::nullopt /*initiator*/, false /* attach_same_site_cookies */)); - EXPECT_EQ(CookieOptions::SameSiteCookieContext::SAME_SITE_LAX, - cookie_util::ComputeSameSiteContextForScriptGet( - GURL("http://example.com"), - SiteForCookies::FromUrl(GURL("http://example.com")), - url::Origin(), false /* attach_same_site_cookies */)); + EXPECT_EQ( + SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX), + cookie_util::ComputeSameSiteContextForScriptGet( + GURL("http://example.com"), + SiteForCookies::FromUrl(GURL("http://example.com")), url::Origin(), + false /* attach_same_site_cookies */)); // |attach_same_site_cookies| causes (some variant of) SAME_SITE_STRICT to be // returned. EXPECT_EQ( - CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT, + SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT), cookie_util::ComputeSameSiteContextForScriptGet( GURL("http://example.com"), SiteForCookies::FromUrl(GURL("http://notexample.com")), base::nullopt /*initiator*/, true /* attach_same_site_cookies */)); - EXPECT_EQ(CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT, - cookie_util::ComputeSameSiteContextForScriptGet( - GURL("http://example.com"), - SiteForCookies::FromUrl(GURL("http://notexample.com")), - url::Origin::Create(GURL("http://example.com")), - true /* attach_same_site_cookies */)); + EXPECT_EQ( + SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT), + cookie_util::ComputeSameSiteContextForScriptGet( + GURL("http://example.com"), + SiteForCookies::FromUrl(GURL("http://notexample.com")), + url::Origin::Create(GURL("http://example.com")), + true /* attach_same_site_cookies */)); EXPECT_EQ( - CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT, + SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT), cookie_util::ComputeSameSiteContextForScriptGet( GURL("http://a.com"), SiteForCookies::FromUrl(GURL("http://b.com")), url::Origin::Create(GURL("http://from-elsewhere.com")), true /* attach_same_site_cookies */)); - EXPECT_EQ(CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT, - cookie_util::ComputeSameSiteContextForScriptGet( - GURL("http://example.com"), - SiteForCookies::FromUrl(GURL("http://example.com")), - url::Origin::Create(GURL("http://from-elsewhere.com")), - true /* attach_same_site_cookies */)); + EXPECT_EQ( + SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT), + cookie_util::ComputeSameSiteContextForScriptGet( + GURL("http://example.com"), + SiteForCookies::FromUrl(GURL("http://example.com")), + url::Origin::Create(GURL("http://from-elsewhere.com")), + true /* attach_same_site_cookies */)); - EXPECT_EQ(CookieOptions::SameSiteCookieContext:: - SAME_SITE_STRICT_CROSS_SCHEME_SECURE_URL, + EXPECT_EQ(SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_STRICT, + SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE), cookie_util::ComputeSameSiteContextForScriptGet( GURL("https://example.com"), SiteForCookies::FromUrl(GURL("http://example.com")), url::Origin::Create(GURL("http://from-elsewhere.com")), true /* attach_same_site_cookies */)); - EXPECT_EQ(CookieOptions::SameSiteCookieContext:: - SAME_SITE_STRICT_CROSS_SCHEME_INSECURE_URL, + EXPECT_EQ(SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_STRICT, + SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE), cookie_util::ComputeSameSiteContextForScriptGet( GURL("http://example.com"), SiteForCookies::FromUrl(GURL("https://example.com")), url::Origin::Create(GURL("http://from-elsewhere.com")), true /* attach_same_site_cookies */)); - EXPECT_EQ(CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT, - cookie_util::ComputeSameSiteContextForScriptGet( - GURL("http://sub.example.com"), - SiteForCookies::FromUrl(GURL("http://sub2.example.com")), - url::Origin::Create(GURL("http://from-elsewhere.com")), - true /* attach_same_site_cookies */)); + EXPECT_EQ( + SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT), + cookie_util::ComputeSameSiteContextForScriptGet( + GURL("http://sub.example.com"), + SiteForCookies::FromUrl(GURL("http://sub2.example.com")), + url::Origin::Create(GURL("http://from-elsewhere.com")), + true /* attach_same_site_cookies */)); - EXPECT_EQ(CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT, - cookie_util::ComputeSameSiteContextForScriptGet( - GURL("http://sub.example.com"), - SiteForCookies::FromUrl(GURL("http://sub.example.com:8080")), - url::Origin::Create(GURL("http://from-elsewhere.com")), - true /* attach_same_site_cookies */)); + EXPECT_EQ( + SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT), + cookie_util::ComputeSameSiteContextForScriptGet( + GURL("http://sub.example.com"), + SiteForCookies::FromUrl(GURL("http://sub.example.com:8080")), + url::Origin::Create(GURL("http://from-elsewhere.com")), + true /* attach_same_site_cookies */)); } TEST(CookieUtilTest, ComputeSameSiteContextForRequest) { + using SameSiteCookieContext = CookieOptions::SameSiteCookieContext; EXPECT_EQ( - CookieOptions::SameSiteCookieContext::CROSS_SITE, + SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE), cookie_util::ComputeSameSiteContextForRequest( "GET", GURL("http://example.com"), SiteForCookies::FromUrl(GURL("http://notexample.com")), base::nullopt /*initiator*/, false /*attach_same_site_cookies*/)); // |attach_same_site_cookies| = true bypasses all checks. - EXPECT_EQ(CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT, - cookie_util::ComputeSameSiteContextForRequest( - "GET", GURL("http://example.com"), - SiteForCookies::FromUrl(GURL("http://example.com")), - url::Origin::Create(GURL("http://from-elsewhere.com")), - true /*attach_same_site_cookies*/)); + EXPECT_EQ( + SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT), + cookie_util::ComputeSameSiteContextForRequest( + "GET", GURL("http://example.com"), + SiteForCookies::FromUrl(GURL("http://example.com")), + url::Origin::Create(GURL("http://from-elsewhere.com")), + true /*attach_same_site_cookies*/)); - EXPECT_EQ(CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT, - cookie_util::ComputeSameSiteContextForRequest( - "POST", GURL("http://example.com"), - SiteForCookies::FromUrl(GURL("http://example.com")), - url::Origin::Create(GURL("http://from-elsewhere.com")), - true /*attach_same_site_cookies*/)); + EXPECT_EQ( + SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT), + cookie_util::ComputeSameSiteContextForRequest( + "POST", GURL("http://example.com"), + SiteForCookies::FromUrl(GURL("http://example.com")), + url::Origin::Create(GURL("http://from-elsewhere.com")), + true /*attach_same_site_cookies*/)); - EXPECT_EQ(CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT, - cookie_util::ComputeSameSiteContextForRequest( - "GET", GURL("http://example.com"), - SiteForCookies::FromUrl(GURL("http://question.com")), - url::Origin::Create(GURL("http://from-elsewhere.com")), - true /*attach_same_site_cookies*/)); + EXPECT_EQ( + SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT), + cookie_util::ComputeSameSiteContextForRequest( + "GET", GURL("http://example.com"), + SiteForCookies::FromUrl(GURL("http://question.com")), + url::Origin::Create(GURL("http://from-elsewhere.com")), + true /*attach_same_site_cookies*/)); - EXPECT_EQ(CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT, - cookie_util::ComputeSameSiteContextForRequest( - "GET", GURL("http://example.com"), - SiteForCookies::FromUrl(GURL("http://example.com")), - url::Origin::Create(GURL("http://example.com")), - false /*attach_same_site_cookies*/)); + EXPECT_EQ( + SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT), + cookie_util::ComputeSameSiteContextForRequest( + "GET", GURL("http://example.com"), + SiteForCookies::FromUrl(GURL("http://example.com")), + url::Origin::Create(GURL("http://example.com")), + false /*attach_same_site_cookies*/)); - EXPECT_EQ(CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT, - cookie_util::ComputeSameSiteContextForRequest( - "POST", GURL("http://example.com"), - SiteForCookies::FromUrl(GURL("http://example.com")), - url::Origin::Create(GURL("http://example.com")), - false /*attach_same_site_cookies*/)); + EXPECT_EQ( + SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_STRICT), + cookie_util::ComputeSameSiteContextForRequest( + "POST", GURL("http://example.com"), + SiteForCookies::FromUrl(GURL("http://example.com")), + url::Origin::Create(GURL("http://example.com")), + false /*attach_same_site_cookies*/)); - EXPECT_EQ(CookieOptions::SameSiteCookieContext:: - SAME_SITE_STRICT_CROSS_SCHEME_SECURE_URL, + EXPECT_EQ(SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_STRICT, + SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE), cookie_util::ComputeSameSiteContextForRequest( "GET", GURL("https://example.com"), SiteForCookies::FromUrl(GURL("http://example.com")), url::Origin::Create(GURL("http://example.com")), false /*attach_same_site_cookies*/)); - EXPECT_EQ(CookieOptions::SameSiteCookieContext:: - SAME_SITE_STRICT_CROSS_SCHEME_SECURE_URL, + EXPECT_EQ(SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_STRICT, + SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE), cookie_util::ComputeSameSiteContextForRequest( "POST", GURL("https://example.com"), SiteForCookies::FromUrl(GURL("http://example.com")), url::Origin::Create(GURL("http://example.com")), false /*attach_same_site_cookies*/)); - EXPECT_EQ(CookieOptions::SameSiteCookieContext:: - SAME_SITE_STRICT_CROSS_SCHEME_INSECURE_URL, + EXPECT_EQ(SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_STRICT, + SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE), cookie_util::ComputeSameSiteContextForRequest( "GET", GURL("http://example.com"), SiteForCookies::FromUrl(GURL("https://example.com")), url::Origin::Create(GURL("http://example.com")), false /*attach_same_site_cookies*/)); - EXPECT_EQ(CookieOptions::SameSiteCookieContext:: - SAME_SITE_STRICT_CROSS_SCHEME_INSECURE_URL, + EXPECT_EQ(SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_STRICT, + SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE), cookie_util::ComputeSameSiteContextForRequest( "POST", GURL("http://example.com"), SiteForCookies::FromUrl(GURL("https://example.com")), @@ -491,61 +533,71 @@ TEST(CookieUtilTest, ComputeSameSiteContextForRequest) { false /*attach_same_site_cookies*/)); // Normally, lax requests also require a safe method. - EXPECT_EQ(CookieOptions::SameSiteCookieContext::SAME_SITE_LAX, - cookie_util::ComputeSameSiteContextForRequest( - "GET", GURL("http://example.com"), - SiteForCookies::FromUrl(GURL("http://example.com")), - url::Origin::Create(GURL("http://from-elsewhere.com")), - false /*attach_same_site_cookies*/)); + EXPECT_EQ( + SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX), + cookie_util::ComputeSameSiteContextForRequest( + "GET", GURL("http://example.com"), + SiteForCookies::FromUrl(GURL("http://example.com")), + url::Origin::Create(GURL("http://from-elsewhere.com")), + false /*attach_same_site_cookies*/)); - EXPECT_EQ(CookieOptions::SameSiteCookieContext::SAME_SITE_LAX, - cookie_util::ComputeSameSiteContextForRequest( - "HEAD", GURL("http://example.com"), - SiteForCookies::FromUrl(GURL("http://example.com")), - url::Origin::Create(GURL("http://from-elsewhere.com")), - false /*attach_same_site_cookies*/)); + EXPECT_EQ( + SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX), + cookie_util::ComputeSameSiteContextForRequest( + "HEAD", GURL("http://example.com"), + SiteForCookies::FromUrl(GURL("http://example.com")), + url::Origin::Create(GURL("http://from-elsewhere.com")), + false /*attach_same_site_cookies*/)); - EXPECT_EQ(CookieOptions::SameSiteCookieContext:: - SAME_SITE_LAX_CROSS_SCHEME_SECURE_URL, + EXPECT_EQ(SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_LAX, + SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE), cookie_util::ComputeSameSiteContextForRequest( "GET", GURL("https://example.com"), SiteForCookies::FromUrl(GURL("http://example.com")), url::Origin::Create(GURL("http://from-elsewhere.com")), false /*attach_same_site_cookies*/)); - EXPECT_EQ(CookieOptions::SameSiteCookieContext:: - SAME_SITE_LAX_CROSS_SCHEME_INSECURE_URL, + EXPECT_EQ(SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_LAX, + SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE), cookie_util::ComputeSameSiteContextForRequest( "GET", GURL("http://example.com"), SiteForCookies::FromUrl(GURL("https://example.com")), url::Origin::Create(GURL("http://from-elsewhere.com")), false /*attach_same_site_cookies*/)); - EXPECT_EQ(CookieOptions::SameSiteCookieContext::SAME_SITE_LAX_METHOD_UNSAFE, + EXPECT_EQ(SameSiteCookieContext(CookieOptions::SameSiteCookieContext:: + ContextType::SAME_SITE_LAX_METHOD_UNSAFE), cookie_util::ComputeSameSiteContextForRequest( "POST", GURL("http://example.com"), SiteForCookies::FromUrl(GURL("http://example.com")), url::Origin::Create(GURL("http://from-elsewhere.com")), false /*attach_same_site_cookies*/)); - EXPECT_EQ(CookieOptions::SameSiteCookieContext:: - SAME_SITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_SECURE_URL, + EXPECT_EQ(SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_LAX_METHOD_UNSAFE, + SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE), cookie_util::ComputeSameSiteContextForRequest( "POST", GURL("https://example.com"), SiteForCookies::FromUrl(GURL("http://example.com")), url::Origin::Create(GURL("http://from-elsewhere.com")), false /*attach_same_site_cookies*/)); - EXPECT_EQ(CookieOptions::SameSiteCookieContext:: - SAME_SITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_INSECURE_URL, + EXPECT_EQ(SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_LAX_METHOD_UNSAFE, + SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE), cookie_util::ComputeSameSiteContextForRequest( "POST", GURL("http://example.com"), SiteForCookies::FromUrl(GURL("https://example.com")), url::Origin::Create(GURL("http://from-elsewhere.com")), false /*attach_same_site_cookies*/)); - EXPECT_EQ(CookieOptions::SameSiteCookieContext:: - SAME_SITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_SECURE_URL, + EXPECT_EQ(SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_LAX_METHOD_UNSAFE, + SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE), cookie_util::ComputeSameSiteContextForRequest( "POST", GURL("https://example.com"), SiteForCookies::FromUrl(GURL("http://example.com")), @@ -554,80 +606,99 @@ TEST(CookieUtilTest, ComputeSameSiteContextForRequest) { } TEST(CookieUtilTest, ComputeSameSiteContextForSet) { - EXPECT_EQ(CookieOptions::SameSiteCookieContext::CROSS_SITE, + using SameSiteCookieContext = CookieOptions::SameSiteCookieContext; + EXPECT_EQ(SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE), cookie_util::ComputeSameSiteContextForResponse( GURL("http://example.com"), SiteForCookies::FromUrl(GURL("http://notexample.com")), base::nullopt, false /* attach_same_site_cookies */)); // Same as above except |attach_same_site_cookies| makes it return LAX. - EXPECT_EQ(CookieOptions::SameSiteCookieContext::SAME_SITE_LAX, - cookie_util::ComputeSameSiteContextForResponse( - GURL("http://example.com"), - SiteForCookies::FromUrl(GURL("http://notexample.com")), - base::nullopt, true /* attach_same_site_cookies */)); + EXPECT_EQ( + SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX), + cookie_util::ComputeSameSiteContextForResponse( + GURL("http://example.com"), + SiteForCookies::FromUrl(GURL("http://notexample.com")), base::nullopt, + true /* attach_same_site_cookies */)); - EXPECT_EQ(CookieOptions::SameSiteCookieContext::CROSS_SITE, + EXPECT_EQ(SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE), cookie_util::ComputeSameSiteContextForScriptSet( GURL("http://example.com"), SiteForCookies::FromUrl(GURL("http://notexample.com")), false /* attach_same_site_cookies */)); // Same as above except |attach_same_site_cookies| makes it return LAX. - EXPECT_EQ(CookieOptions::SameSiteCookieContext::SAME_SITE_LAX, - cookie_util::ComputeSameSiteContextForScriptSet( - GURL("http://example.com"), - SiteForCookies::FromUrl(GURL("http://notexample.com")), - true /* attach_same_site_cookies */)); + EXPECT_EQ( + SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX), + cookie_util::ComputeSameSiteContextForScriptSet( + GURL("http://example.com"), + SiteForCookies::FromUrl(GURL("http://notexample.com")), + true /* attach_same_site_cookies */)); - EXPECT_EQ(CookieOptions::SameSiteCookieContext::SAME_SITE_LAX, - cookie_util::ComputeSameSiteContextForResponse( - GURL("http://example.com/dir"), - SiteForCookies::FromUrl(GURL("http://sub.example.com")), - base::nullopt, false /* attach_same_site_cookies */)); - EXPECT_EQ(CookieOptions::SameSiteCookieContext::SAME_SITE_LAX, - cookie_util::ComputeSameSiteContextForResponse( - GURL("http://example.com/dir"), - SiteForCookies::FromUrl(GURL("http://sub.example.com")), - base::nullopt, true /* attach_same_site_cookies */)); - EXPECT_EQ(CookieOptions::SameSiteCookieContext:: - SAME_SITE_LAX_CROSS_SCHEME_INSECURE_URL, + EXPECT_EQ( + SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX), + cookie_util::ComputeSameSiteContextForResponse( + GURL("http://example.com/dir"), + SiteForCookies::FromUrl(GURL("http://sub.example.com")), + base::nullopt, false /* attach_same_site_cookies */)); + EXPECT_EQ( + SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX), + cookie_util::ComputeSameSiteContextForResponse( + GURL("http://example.com/dir"), + SiteForCookies::FromUrl(GURL("http://sub.example.com")), + base::nullopt, true /* attach_same_site_cookies */)); + EXPECT_EQ(SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_LAX, + SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE), cookie_util::ComputeSameSiteContextForResponse( GURL("http://example.com/dir"), SiteForCookies::FromUrl(GURL("https://sub.example.com")), base::nullopt, false /* attach_same_site_cookies */)); - EXPECT_EQ(CookieOptions::SameSiteCookieContext:: - SAME_SITE_LAX_CROSS_SCHEME_INSECURE_URL, + EXPECT_EQ(SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_LAX, + SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE), cookie_util::ComputeSameSiteContextForResponse( GURL("http://example.com/dir"), SiteForCookies::FromUrl(GURL("https://sub.example.com")), base::nullopt, true /* attach_same_site_cookies */)); - EXPECT_EQ(CookieOptions::SameSiteCookieContext:: - SAME_SITE_LAX_CROSS_SCHEME_SECURE_URL, + EXPECT_EQ(SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_LAX, + SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE), cookie_util::ComputeSameSiteContextForResponse( GURL("https://example.com/dir"), SiteForCookies::FromUrl(GURL("http://sub.example.com")), base::nullopt, false /* attach_same_site_cookies */)); - EXPECT_EQ(CookieOptions::SameSiteCookieContext:: - SAME_SITE_LAX_CROSS_SCHEME_SECURE_URL, + EXPECT_EQ(SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_LAX, + SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE), cookie_util::ComputeSameSiteContextForResponse( GURL("https://example.com/dir"), SiteForCookies::FromUrl(GURL("http://sub.example.com")), base::nullopt, true /* attach_same_site_cookies */)); - EXPECT_EQ(CookieOptions::SameSiteCookieContext::SAME_SITE_LAX, - cookie_util::ComputeSameSiteContextForScriptSet( - GURL("http://example.com/dir"), - SiteForCookies::FromUrl(GURL("http://sub.example.com")), - false /* attach_same_site_cookies */)); - EXPECT_EQ(CookieOptions::SameSiteCookieContext:: - SAME_SITE_LAX_CROSS_SCHEME_INSECURE_URL, + EXPECT_EQ( + SameSiteCookieContext( + CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX), + cookie_util::ComputeSameSiteContextForScriptSet( + GURL("http://example.com/dir"), + SiteForCookies::FromUrl(GURL("http://sub.example.com")), + false /* attach_same_site_cookies */)); + EXPECT_EQ(SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_LAX, + SameSiteCookieContext::CrossSchemeness::SECURE_INSECURE), cookie_util::ComputeSameSiteContextForScriptSet( GURL("http://example.com/dir"), SiteForCookies::FromUrl(GURL("https://sub.example.com")), false /* attach_same_site_cookies */)); - EXPECT_EQ(CookieOptions::SameSiteCookieContext:: - SAME_SITE_LAX_CROSS_SCHEME_SECURE_URL, + EXPECT_EQ(SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_LAX, + SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE), cookie_util::ComputeSameSiteContextForScriptSet( GURL("https://example.com/dir"), SiteForCookies::FromUrl(GURL("http://sub.example.com")), @@ -635,15 +706,18 @@ TEST(CookieUtilTest, ComputeSameSiteContextForSet) { } TEST(CookieUtilTest, TestComputeSameSiteContextForSubresource) { + using SameSiteCookieContext = CookieOptions::SameSiteCookieContext; // |site_for_cookies| not matching the URL -> it's cross-site. - EXPECT_EQ(CookieOptions::SameSiteCookieContext::CROSS_SITE, - cookie_util::ComputeSameSiteContextForSubresource( - GURL("http://example.com"), - SiteForCookies::FromUrl(GURL("http://notexample.com")), - false /* attach_same_site_cookies */)); + EXPECT_EQ( + SameSiteCookieContext(SameSiteCookieContext::ContextType::CROSS_SITE), + cookie_util::ComputeSameSiteContextForSubresource( + GURL("http://example.com"), + SiteForCookies::FromUrl(GURL("http://notexample.com")), + false /* attach_same_site_cookies */)); // Same as above except |attach_same_site_cookies| makes it return STRICT. - EXPECT_EQ(CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT, + EXPECT_EQ(SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_STRICT), cookie_util::ComputeSameSiteContextForSubresource( GURL("http://example.com"), SiteForCookies::FromUrl(GURL("http://notexample.com")), @@ -651,26 +725,30 @@ TEST(CookieUtilTest, TestComputeSameSiteContextForSubresource) { // This isn't a full on origin check --- subdomains and different schema are // accepted. - EXPECT_EQ(CookieOptions::SameSiteCookieContext:: - SAME_SITE_STRICT_CROSS_SCHEME_SECURE_URL, + EXPECT_EQ(SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_STRICT, + SameSiteCookieContext::CrossSchemeness::INSECURE_SECURE), cookie_util::ComputeSameSiteContextForSubresource( GURL("https://example.com"), SiteForCookies::FromUrl(GURL("http://example.com")), false /* attach_same_site_cookies */)); - EXPECT_EQ(CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT, + EXPECT_EQ(SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_STRICT), cookie_util::ComputeSameSiteContextForSubresource( GURL("http://sub.example.com"), SiteForCookies::FromUrl(GURL("http://sub2.example.com")), false /* attach_same_site_cookies */)); - EXPECT_EQ(CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT, + EXPECT_EQ(SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_STRICT), cookie_util::ComputeSameSiteContextForSubresource( GURL("http://sub.example.com"), SiteForCookies::FromUrl(GURL("http://sub.example.com:8080")), false /* attach_same_site_cookies */)); - EXPECT_EQ(CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT, + EXPECT_EQ(SameSiteCookieContext( + SameSiteCookieContext::ContextType::SAME_SITE_STRICT), cookie_util::ComputeSameSiteContextForSubresource( GURL("http://example.com"), SiteForCookies::FromUrl(GURL("http://example.com")), diff --git a/services/network/cookie_manager_unittest.cc b/services/network/cookie_manager_unittest.cc index 43fc6fee7ef5d0..dcbc8361f57da2 100644 --- a/services/network/cookie_manager_unittest.cc +++ b/services/network/cookie_manager_unittest.cc @@ -143,7 +143,7 @@ class SynchronousCookieManager { net::CanonicalCookie::CookieInclusionStatus::EXCLUDE_UNKNOWN_ERROR); net::CookieOptions options; options.set_same_site_cookie_context( - net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT); + net::CookieOptions::SameSiteCookieContext::MakeInclusive()); if (modify_http_only) options.set_include_httponly(); cookie_service_->SetCanonicalCookie( @@ -166,7 +166,7 @@ class SynchronousCookieManager { base::RunLoop run_loop; net::CookieOptions options; options.set_same_site_cookie_context( - net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT); + net::CookieOptions::SameSiteCookieContext::MakeInclusive()); if (modify_http_only) options.set_include_httponly(); net::CanonicalCookie::CookieInclusionStatus result_out( @@ -264,7 +264,7 @@ class CookieManagerTest : public testing::Test { callback; net::CookieOptions options; options.set_same_site_cookie_context( - net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT); + net::CookieOptions::SameSiteCookieContext::MakeInclusive()); if (can_modify_httponly) options.set_include_httponly(); @@ -572,7 +572,7 @@ TEST_F(CookieManagerTest, GetCookieList) { // Want the SameSite=lax cookies, but not httponly ones. net::CookieOptions options; options.set_same_site_cookie_context( - net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT); + net::CookieOptions::SameSiteCookieContext::MakeInclusive()); std::vector cookies = service_wrapper()->GetCookieList( GURL("https://foo_host.com/with/path"), options); @@ -622,7 +622,7 @@ TEST_F(CookieManagerTest, GetCookieListHttpOnly) { // Retrieve without httponly cookies (default) net::CookieOptions options; options.set_same_site_cookie_context( - net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT); + net::CookieOptions::SameSiteCookieContext::MakeInclusive()); EXPECT_TRUE(options.exclude_httponly()); std::vector cookies = service_wrapper()->GetCookieList( @@ -677,8 +677,10 @@ TEST_F(CookieManagerTest, GetCookieListSameSite) { // Retrieve only unrestricted cookies. net::CookieOptions options; - EXPECT_EQ(net::CookieOptions::SameSiteCookieContext::CROSS_SITE, - options.same_site_cookie_context()); + EXPECT_EQ( + net::CookieOptions::SameSiteCookieContext( + net::CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE), + options.same_site_cookie_context()); std::vector cookies = service_wrapper()->GetCookieList( GURL("https://foo_host.com/with/path"), options); ASSERT_EQ(1u, cookies.size()); @@ -693,7 +695,9 @@ TEST_F(CookieManagerTest, GetCookieListSameSite) { // Retrieve unrestricted and lax cookies. options.set_same_site_cookie_context( - net::CookieOptions::SameSiteCookieContext::SAME_SITE_LAX); + net::CookieOptions::SameSiteCookieContext( + net::CookieOptions::SameSiteCookieContext::ContextType:: + SAME_SITE_LAX)); cookies = service_wrapper()->GetCookieList( GURL("https://foo_host.com/with/path"), options); ASSERT_EQ(2u, cookies.size()); @@ -707,7 +711,7 @@ TEST_F(CookieManagerTest, GetCookieListSameSite) { // Retrieve everything. options.set_same_site_cookie_context( - net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT); + net::CookieOptions::SameSiteCookieContext::MakeInclusive()); cookies = service_wrapper()->GetCookieList( GURL("https://foo_host.com/with/path"), options); ASSERT_EQ(3u, cookies.size()); @@ -735,7 +739,7 @@ TEST_F(CookieManagerTest, GetCookieListAccessTime) { // the access time is null. net::CookieOptions options; options.set_same_site_cookie_context( - net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT); + net::CookieOptions::SameSiteCookieContext::MakeInclusive()); options.set_do_not_update_access_time(); std::vector cookies = service_wrapper()->GetCookieList( diff --git a/services/network/public/cpp/cookie_manager_mojom_traits.cc b/services/network/public/cpp/cookie_manager_mojom_traits.cc index 9404bc28caff16..c7c8b53b9a951e 100644 --- a/services/network/public/cpp/cookie_manager_mojom_traits.cc +++ b/services/network/public/cpp/cookie_manager_mojom_traits.cc @@ -150,96 +150,88 @@ bool EnumTraits:: - ToMojom(net::CookieOptions::SameSiteCookieContext input) { +network::mojom::ContextType +EnumTraits:: + ToMojom(net::CookieOptions::SameSiteCookieContext::ContextType input) { switch (input) { - case net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT: - return network::mojom::CookieSameSiteContext::SAME_SITE_STRICT; - case net::CookieOptions::SameSiteCookieContext::SAME_SITE_LAX: - return network::mojom::CookieSameSiteContext::SAME_SITE_LAX; - case net::CookieOptions::SameSiteCookieContext::SAME_SITE_LAX_METHOD_UNSAFE: - return network::mojom::CookieSameSiteContext::SAME_SITE_LAX_METHOD_UNSAFE; - case net::CookieOptions::SameSiteCookieContext::CROSS_SITE: - return network::mojom::CookieSameSiteContext::CROSS_SITE; - case net::CookieOptions::SameSiteCookieContext:: - SAME_SITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_SECURE_URL: - return network::mojom::CookieSameSiteContext:: - SAME_SITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_SECURE_URL; - case net::CookieOptions::SameSiteCookieContext:: - SAME_SITE_LAX_CROSS_SCHEME_SECURE_URL: - return network::mojom::CookieSameSiteContext:: - SAME_SITE_LAX_CROSS_SCHEME_SECURE_URL; - case net::CookieOptions::SameSiteCookieContext:: - SAME_SITE_STRICT_CROSS_SCHEME_SECURE_URL: - return network::mojom::CookieSameSiteContext:: - SAME_SITE_STRICT_CROSS_SCHEME_SECURE_URL; - case net::CookieOptions::SameSiteCookieContext:: - SAME_SITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_INSECURE_URL: - return network::mojom::CookieSameSiteContext:: - SAME_SITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_INSECURE_URL; - case net::CookieOptions::SameSiteCookieContext:: - SAME_SITE_LAX_CROSS_SCHEME_INSECURE_URL: - return network::mojom::CookieSameSiteContext:: - SAME_SITE_LAX_CROSS_SCHEME_INSECURE_URL; - case net::CookieOptions::SameSiteCookieContext:: - SAME_SITE_STRICT_CROSS_SCHEME_INSECURE_URL: - return network::mojom::CookieSameSiteContext:: - SAME_SITE_STRICT_CROSS_SCHEME_INSECURE_URL; + case net::CookieOptions::SameSiteCookieContext::ContextType:: + SAME_SITE_STRICT: + return network::mojom::ContextType::SAME_SITE_STRICT; + case net::CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX: + return network::mojom::ContextType::SAME_SITE_LAX; + case net::CookieOptions::SameSiteCookieContext::ContextType:: + SAME_SITE_LAX_METHOD_UNSAFE: + return network::mojom::ContextType::SAME_SITE_LAX_METHOD_UNSAFE; + case net::CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE: + return network::mojom::ContextType::CROSS_SITE; default: NOTREACHED(); - return network::mojom::CookieSameSiteContext::CROSS_SITE; + return network::mojom::ContextType::CROSS_SITE; } } -bool EnumTraits:: - FromMojom(network::mojom::CookieSameSiteContext input, - net::CookieOptions::SameSiteCookieContext* output) { +bool EnumTraits:: + FromMojom(network::mojom::ContextType input, + net::CookieOptions::SameSiteCookieContext::ContextType* output) { switch (input) { - case network::mojom::CookieSameSiteContext::SAME_SITE_STRICT: - *output = net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT; + case network::mojom::ContextType::SAME_SITE_STRICT: + *output = net::CookieOptions::SameSiteCookieContext::ContextType:: + SAME_SITE_STRICT; return true; - case network::mojom::CookieSameSiteContext::SAME_SITE_LAX: - *output = net::CookieOptions::SameSiteCookieContext::SAME_SITE_LAX; + case network::mojom::ContextType::SAME_SITE_LAX: + *output = + net::CookieOptions::SameSiteCookieContext::ContextType::SAME_SITE_LAX; return true; - case network::mojom::CookieSameSiteContext::SAME_SITE_LAX_METHOD_UNSAFE: - *output = net::CookieOptions::SameSiteCookieContext:: + case network::mojom::ContextType::SAME_SITE_LAX_METHOD_UNSAFE: + *output = net::CookieOptions::SameSiteCookieContext::ContextType:: SAME_SITE_LAX_METHOD_UNSAFE; return true; - case network::mojom::CookieSameSiteContext::CROSS_SITE: - *output = net::CookieOptions::SameSiteCookieContext::CROSS_SITE; + case network::mojom::ContextType::CROSS_SITE: + *output = + net::CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE; return true; - case network::mojom::CookieSameSiteContext:: - SAME_SITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_SECURE_URL: - *output = net::CookieOptions::SameSiteCookieContext:: - SAME_SITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_SECURE_URL; - return true; - case network::mojom::CookieSameSiteContext:: - SAME_SITE_LAX_CROSS_SCHEME_SECURE_URL: - *output = net::CookieOptions::SameSiteCookieContext:: - SAME_SITE_LAX_CROSS_SCHEME_SECURE_URL; - return true; - case network::mojom::CookieSameSiteContext:: - SAME_SITE_STRICT_CROSS_SCHEME_SECURE_URL: - *output = net::CookieOptions::SameSiteCookieContext:: - SAME_SITE_STRICT_CROSS_SCHEME_SECURE_URL; - return true; - case network::mojom::CookieSameSiteContext:: - SAME_SITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_INSECURE_URL: - *output = net::CookieOptions::SameSiteCookieContext:: - SAME_SITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_INSECURE_URL; + } + return false; +} + +network::mojom::CrossSchemeness +EnumTraits:: + ToMojom(net::CookieOptions::SameSiteCookieContext::CrossSchemeness input) { + switch (input) { + case net::CookieOptions::SameSiteCookieContext::CrossSchemeness::NONE: + return network::mojom::CrossSchemeness::NONE; + case net::CookieOptions::SameSiteCookieContext::CrossSchemeness:: + INSECURE_SECURE: + return network::mojom::CrossSchemeness::INSECURE_SECURE; + case net::CookieOptions::SameSiteCookieContext::CrossSchemeness:: + SECURE_INSECURE: + return network::mojom::CrossSchemeness::SECURE_INSECURE; + default: + NOTREACHED(); + return network::mojom::CrossSchemeness::NONE; + } +} + +bool EnumTraits:: + FromMojom( + network::mojom::CrossSchemeness input, + net::CookieOptions::SameSiteCookieContext::CrossSchemeness* output) { + switch (input) { + case network::mojom::CrossSchemeness::NONE: + *output = + net::CookieOptions::SameSiteCookieContext::CrossSchemeness::NONE; return true; - case network::mojom::CookieSameSiteContext:: - SAME_SITE_LAX_CROSS_SCHEME_INSECURE_URL: - *output = net::CookieOptions::SameSiteCookieContext:: - SAME_SITE_LAX_CROSS_SCHEME_INSECURE_URL; + case network::mojom::CrossSchemeness::INSECURE_SECURE: + *output = net::CookieOptions::SameSiteCookieContext::CrossSchemeness:: + INSECURE_SECURE; return true; - case network::mojom::CookieSameSiteContext:: - SAME_SITE_STRICT_CROSS_SCHEME_INSECURE_URL: - *output = net::CookieOptions::SameSiteCookieContext:: - SAME_SITE_STRICT_CROSS_SCHEME_INSECURE_URL; + case network::mojom::CrossSchemeness::SECURE_INSECURE: + *output = net::CookieOptions::SameSiteCookieContext::CrossSchemeness:: + SECURE_INSECURE; return true; } return false; @@ -301,6 +293,24 @@ bool EnumTraits:: return false; } +bool StructTraits:: + Read(network::mojom::CookieSameSiteContextDataView mojo_context, + net::CookieOptions::SameSiteCookieContext* context) { + net::CookieOptions::SameSiteCookieContext::ContextType context_type; + if (!mojo_context.ReadContext(&context_type)) + return false; + + net::CookieOptions::SameSiteCookieContext::CrossSchemeness cross_schemeness; + if (!mojo_context.ReadCrossSchemeness(&cross_schemeness)) + return false; + + *context = + net::CookieOptions::SameSiteCookieContext(context_type, cross_schemeness); + + return true; +} + bool StructTraits:: Read(network::mojom::CookieOptionsDataView mojo_options, net::CookieOptions* cookie_options) { diff --git a/services/network/public/cpp/cookie_manager_mojom_traits.h b/services/network/public/cpp/cookie_manager_mojom_traits.h index 6e4849bcc4e88b..3a9814dcad7c38 100644 --- a/services/network/public/cpp/cookie_manager_mojom_traits.h +++ b/services/network/public/cpp/cookie_manager_mojom_traits.h @@ -39,13 +39,23 @@ struct EnumTraits -struct EnumTraits { - static network::mojom::CookieSameSiteContext ToMojom( - net::CookieOptions::SameSiteCookieContext input); +struct EnumTraits { + static network::mojom::ContextType ToMojom( + net::CookieOptions::SameSiteCookieContext::ContextType input); + static bool FromMojom( + network::mojom::ContextType input, + net::CookieOptions::SameSiteCookieContext::ContextType* output); +}; - static bool FromMojom(network::mojom::CookieSameSiteContext input, - net::CookieOptions::SameSiteCookieContext* output); +template <> +struct EnumTraits { + static network::mojom::CrossSchemeness ToMojom( + net::CookieOptions::SameSiteCookieContext::CrossSchemeness input); + static bool FromMojom( + network::mojom::CrossSchemeness input, + net::CookieOptions::SameSiteCookieContext::CrossSchemeness* output); }; template <> @@ -66,6 +76,23 @@ struct EnumTraits { net::CookieChangeCause* output); }; +template <> +struct StructTraits { + static net::CookieOptions::SameSiteCookieContext::ContextType context( + net::CookieOptions::SameSiteCookieContext& s) { + return s.context; + } + + static net::CookieOptions::SameSiteCookieContext::CrossSchemeness + cross_schemeness(net::CookieOptions::SameSiteCookieContext& s) { + return s.cross_schemeness; + } + + static bool Read(network::mojom::CookieSameSiteContextDataView mojo_options, + net::CookieOptions::SameSiteCookieContext* context); +}; + template <> struct StructTraits { static bool exclude_httponly(const net::CookieOptions& o) { diff --git a/services/network/public/cpp/cookie_manager_mojom_traits_unittest.cc b/services/network/public/cpp/cookie_manager_mojom_traits_unittest.cc index 1d134c950735bd..8b5180c9dc3bb5 100644 --- a/services/network/public/cpp/cookie_manager_mojom_traits_unittest.cc +++ b/services/network/public/cpp/cookie_manager_mojom_traits_unittest.cc @@ -133,6 +133,31 @@ TEST(CookieManagerTraitsTest, Roundtrips_CookieSameSite) { } } +TEST(CookieManagerTraitsTest, Roundtrips_ContextType) { + using ContextType = net::CookieOptions::SameSiteCookieContext::ContextType; + for (ContextType context_type : + {ContextType::CROSS_SITE, ContextType::SAME_SITE_LAX_METHOD_UNSAFE, + ContextType::SAME_SITE_LAX, ContextType::SAME_SITE_STRICT}) { + ContextType roundtrip; + ASSERT_TRUE(SerializeAndDeserializeEnum(context_type, + &roundtrip)); + EXPECT_EQ(context_type, roundtrip); + } +} + +TEST(CookieManagerTraitsTest, Roundtrips_CrossSchemeness) { + using CrossSchemeness = + net::CookieOptions::SameSiteCookieContext::CrossSchemeness; + for (CrossSchemeness cross_schemeness : + {CrossSchemeness::NONE, CrossSchemeness::INSECURE_SECURE, + CrossSchemeness::SECURE_INSECURE}) { + CrossSchemeness roundtrip; + ASSERT_TRUE(SerializeAndDeserializeEnum( + cross_schemeness, &roundtrip)); + EXPECT_EQ(cross_schemeness, roundtrip); + } +} + TEST(CookieManagerTraitsTest, Roundtrips_CookieAccessSemantics) { for (net::CookieAccessSemantics access_semantics : {net::CookieAccessSemantics::UNKNOWN, @@ -160,27 +185,26 @@ TEST(CookieManagerTraitsTest, Roundtrips_CookieChangeCause) { } TEST(CookieManagerTraitsTest, Roundtrips_CookieSameSiteContext) { - for (net::CookieOptions::SameSiteCookieContext context_state : - {net::CookieOptions::SameSiteCookieContext::CROSS_SITE, - net::CookieOptions::SameSiteCookieContext::SAME_SITE_LAX, - net::CookieOptions::SameSiteCookieContext::SAME_SITE_LAX_METHOD_UNSAFE, - net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT, - net::CookieOptions::SameSiteCookieContext:: - SAME_SITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_SECURE_URL, - net::CookieOptions::SameSiteCookieContext:: - SAME_SITE_LAX_CROSS_SCHEME_SECURE_URL, - net::CookieOptions::SameSiteCookieContext:: - SAME_SITE_STRICT_CROSS_SCHEME_SECURE_URL, - net::CookieOptions::SameSiteCookieContext:: - SAME_SITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_INSECURE_URL, - net::CookieOptions::SameSiteCookieContext:: - SAME_SITE_LAX_CROSS_SCHEME_INSECURE_URL, - net::CookieOptions::SameSiteCookieContext:: - SAME_SITE_STRICT_CROSS_SCHEME_INSECURE_URL}) { - net::CookieOptions::SameSiteCookieContext roundtrip; - ASSERT_TRUE(SerializeAndDeserializeEnum( - context_state, &roundtrip)); - EXPECT_EQ(context_state, roundtrip); + using ContextType = net::CookieOptions::SameSiteCookieContext::ContextType; + using CrossSchemeness = + net::CookieOptions::SameSiteCookieContext::CrossSchemeness; + for (ContextType context_type : + {ContextType::CROSS_SITE, ContextType::SAME_SITE_LAX_METHOD_UNSAFE, + ContextType::SAME_SITE_LAX, ContextType::SAME_SITE_STRICT}) { + for (CrossSchemeness cross_schemeness : + {CrossSchemeness::NONE, CrossSchemeness::INSECURE_SECURE, + CrossSchemeness::SECURE_INSECURE}) { + net::CookieOptions::SameSiteCookieContext context_in(context_type, + cross_schemeness), + copy; + + EXPECT_TRUE( + mojo::test::SerializeAndDeserialize( + &context_in, ©)); + + EXPECT_EQ(context_in.context, copy.context); + EXPECT_EQ(context_in.cross_schemeness, copy.cross_schemeness); + } } } @@ -193,8 +217,10 @@ TEST(CookieManagerTraitsTest, Roundtrips_CookieOptions) { EXPECT_TRUE(mojo::test::SerializeAndDeserialize( &least_trusted, ©)); EXPECT_TRUE(copy.exclude_httponly()); - EXPECT_EQ(net::CookieOptions::SameSiteCookieContext::CROSS_SITE, - copy.same_site_cookie_context()); + EXPECT_EQ( + net::CookieOptions::SameSiteCookieContext( + net::CookieOptions::SameSiteCookieContext::ContextType::CROSS_SITE), + copy.same_site_cookie_context()); EXPECT_TRUE(copy.return_excluded_cookies()); } @@ -202,12 +228,12 @@ TEST(CookieManagerTraitsTest, Roundtrips_CookieOptions) { net::CookieOptions very_trusted, copy; very_trusted.set_include_httponly(); very_trusted.set_same_site_cookie_context( - net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT); + net::CookieOptions::SameSiteCookieContext::MakeInclusive()); EXPECT_TRUE(mojo::test::SerializeAndDeserialize( &very_trusted, ©)); EXPECT_FALSE(copy.exclude_httponly()); - EXPECT_EQ(net::CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT, + EXPECT_EQ(net::CookieOptions::SameSiteCookieContext::MakeInclusive(), copy.same_site_cookie_context()); EXPECT_FALSE(copy.return_excluded_cookies()); } diff --git a/services/network/public/mojom/cookie_manager.mojom b/services/network/public/mojom/cookie_manager.mojom index 2fc0f4b6b9d402..f36677db1115c3 100644 --- a/services/network/public/mojom/cookie_manager.mojom +++ b/services/network/public/mojom/cookie_manager.mojom @@ -73,17 +73,23 @@ enum CookieSameSite { // Reserved 3 (was EXTENDED_MODE), next number is 4. }; -enum CookieSameSiteContext { +enum ContextType { CROSS_SITE, SAME_SITE_LAX_METHOD_UNSAFE, SAME_SITE_LAX, - SAME_SITE_STRICT, - SAME_SITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_SECURE_URL, - SAME_SITE_LAX_CROSS_SCHEME_SECURE_URL, - SAME_SITE_STRICT_CROSS_SCHEME_SECURE_URL, - SAME_SITE_LAX_METHOD_UNSAFE_CROSS_SCHEME_INSECURE_URL, - SAME_SITE_LAX_CROSS_SCHEME_INSECURE_URL, - SAME_SITE_STRICT_CROSS_SCHEME_INSECURE_URL + SAME_SITE_STRICT +}; + +enum CrossSchemeness { + NONE, + INSECURE_SECURE, + SECURE_INSECURE +}; + +// Keep defaults here in sync with net/cookies/cookie_options.h. +struct CookieSameSiteContext { + ContextType context = CROSS_SITE; + CrossSchemeness cross_schemeness = NONE; }; // What rules to apply when determining whether access to a particular cookie is @@ -98,7 +104,7 @@ enum CookieAccessSemantics { // Keep defaults here in sync with net/cookies/cookie_options.cc. struct CookieOptions { bool exclude_httponly = true; - CookieSameSiteContext same_site_cookie_context = CROSS_SITE; + CookieSameSiteContext same_site_cookie_context; bool update_access_time = true; bool return_excluded_cookies = false; };