1*6777b538SAndroid Build Coastguard Worker // Copyright 2012 The Chromium Authors 2*6777b538SAndroid Build Coastguard Worker // Use of this source code is governed by a BSD-style license that can be 3*6777b538SAndroid Build Coastguard Worker // found in the LICENSE file. 4*6777b538SAndroid Build Coastguard Worker 5*6777b538SAndroid Build Coastguard Worker #ifndef NET_COOKIES_COOKIE_UTIL_H_ 6*6777b538SAndroid Build Coastguard Worker #define NET_COOKIES_COOKIE_UTIL_H_ 7*6777b538SAndroid Build Coastguard Worker 8*6777b538SAndroid Build Coastguard Worker #include <optional> 9*6777b538SAndroid Build Coastguard Worker #include <string> 10*6777b538SAndroid Build Coastguard Worker #include <vector> 11*6777b538SAndroid Build Coastguard Worker 12*6777b538SAndroid Build Coastguard Worker #include "base/functional/callback_forward.h" 13*6777b538SAndroid Build Coastguard Worker #include "base/time/time.h" 14*6777b538SAndroid Build Coastguard Worker #include "net/base/net_export.h" 15*6777b538SAndroid Build Coastguard Worker #include "net/cookies/canonical_cookie.h" 16*6777b538SAndroid Build Coastguard Worker #include "net/cookies/cookie_access_result.h" 17*6777b538SAndroid Build Coastguard Worker #include "net/cookies/cookie_constants.h" 18*6777b538SAndroid Build Coastguard Worker #include "net/cookies/cookie_options.h" 19*6777b538SAndroid Build Coastguard Worker #include "net/cookies/site_for_cookies.h" 20*6777b538SAndroid Build Coastguard Worker #include "net/first_party_sets/first_party_set_metadata.h" 21*6777b538SAndroid Build Coastguard Worker #include "net/first_party_sets/first_party_sets_cache_filter.h" 22*6777b538SAndroid Build Coastguard Worker #include "url/origin.h" 23*6777b538SAndroid Build Coastguard Worker 24*6777b538SAndroid Build Coastguard Worker class GURL; 25*6777b538SAndroid Build Coastguard Worker 26*6777b538SAndroid Build Coastguard Worker namespace net { 27*6777b538SAndroid Build Coastguard Worker 28*6777b538SAndroid Build Coastguard Worker class IsolationInfo; 29*6777b538SAndroid Build Coastguard Worker class SchemefulSite; 30*6777b538SAndroid Build Coastguard Worker class CookieAccessDelegate; 31*6777b538SAndroid Build Coastguard Worker class CookieInclusionStatus; 32*6777b538SAndroid Build Coastguard Worker 33*6777b538SAndroid Build Coastguard Worker namespace cookie_util { 34*6777b538SAndroid Build Coastguard Worker 35*6777b538SAndroid Build Coastguard Worker // Constants for use in VLOG 36*6777b538SAndroid Build Coastguard Worker const int kVlogPerCookieMonster = 1; 37*6777b538SAndroid Build Coastguard Worker const int kVlogSetCookies = 7; 38*6777b538SAndroid Build Coastguard Worker const int kVlogGarbageCollection = 5; 39*6777b538SAndroid Build Coastguard Worker 40*6777b538SAndroid Build Coastguard Worker // This enum must match the numbering for StorageAccessResult in 41*6777b538SAndroid Build Coastguard Worker // histograms/enums.xml. Do not reorder or remove items, only add new items 42*6777b538SAndroid Build Coastguard Worker // at the end. 43*6777b538SAndroid Build Coastguard Worker enum class StorageAccessResult { 44*6777b538SAndroid Build Coastguard Worker ACCESS_BLOCKED = 0, 45*6777b538SAndroid Build Coastguard Worker ACCESS_ALLOWED = 1, 46*6777b538SAndroid Build Coastguard Worker ACCESS_ALLOWED_STORAGE_ACCESS_GRANT = 2, 47*6777b538SAndroid Build Coastguard Worker OBSOLETE_ACCESS_ALLOWED_FORCED = 3 /*(DEPRECATED)*/, 48*6777b538SAndroid Build Coastguard Worker ACCESS_ALLOWED_TOP_LEVEL_STORAGE_ACCESS_GRANT = 4, 49*6777b538SAndroid Build Coastguard Worker ACCESS_ALLOWED_3PCD_TRIAL = 5, 50*6777b538SAndroid Build Coastguard Worker ACCESS_ALLOWED_3PCD_METADATA_GRANT = 6, 51*6777b538SAndroid Build Coastguard Worker ACCESS_ALLOWED_3PCD_HEURISTICS_GRANT = 7, 52*6777b538SAndroid Build Coastguard Worker ACCESS_ALLOWED_CORS_EXCEPTION = 8, 53*6777b538SAndroid Build Coastguard Worker ACCESS_ALLOWED_TOP_LEVEL_3PCD_TRIAL = 9, 54*6777b538SAndroid Build Coastguard Worker kMaxValue = ACCESS_ALLOWED_TOP_LEVEL_3PCD_TRIAL, 55*6777b538SAndroid Build Coastguard Worker }; 56*6777b538SAndroid Build Coastguard Worker 57*6777b538SAndroid Build Coastguard Worker // Helper to fire telemetry indicating if a given request for storage was 58*6777b538SAndroid Build Coastguard Worker // allowed or not by the provided |result|. 59*6777b538SAndroid Build Coastguard Worker NET_EXPORT void FireStorageAccessHistogram(StorageAccessResult result); 60*6777b538SAndroid Build Coastguard Worker 61*6777b538SAndroid Build Coastguard Worker // Returns the effective TLD+1 for a given host. This only makes sense for http 62*6777b538SAndroid Build Coastguard Worker // and https schemes. For other schemes, the host will be returned unchanged 63*6777b538SAndroid Build Coastguard Worker // (minus any leading period). 64*6777b538SAndroid Build Coastguard Worker NET_EXPORT std::string GetEffectiveDomain(const std::string& scheme, 65*6777b538SAndroid Build Coastguard Worker const std::string& host); 66*6777b538SAndroid Build Coastguard Worker 67*6777b538SAndroid Build Coastguard Worker // Determine the actual cookie domain based on the domain string passed 68*6777b538SAndroid Build Coastguard Worker // (if any) and the URL from which the cookie came. 69*6777b538SAndroid Build Coastguard Worker // On success returns true, and sets cookie_domain to either a 70*6777b538SAndroid Build Coastguard Worker // -host cookie domain (ex: "google.com") 71*6777b538SAndroid Build Coastguard Worker // -domain cookie domain (ex: ".google.com") 72*6777b538SAndroid Build Coastguard Worker // On success, DomainIsHostOnly(url.host()) is DCHECKed. The URL's host must not 73*6777b538SAndroid Build Coastguard Worker // begin with a '.' character. 74*6777b538SAndroid Build Coastguard Worker NET_EXPORT bool GetCookieDomainWithString(const GURL& url, 75*6777b538SAndroid Build Coastguard Worker const std::string& domain_string, 76*6777b538SAndroid Build Coastguard Worker CookieInclusionStatus& status, 77*6777b538SAndroid Build Coastguard Worker std::string* result); 78*6777b538SAndroid Build Coastguard Worker 79*6777b538SAndroid Build Coastguard Worker // Returns true if a domain string represents a host-only cookie, 80*6777b538SAndroid Build Coastguard Worker // i.e. it doesn't begin with a leading '.' character. 81*6777b538SAndroid Build Coastguard Worker NET_EXPORT bool DomainIsHostOnly(const std::string& domain_string); 82*6777b538SAndroid Build Coastguard Worker 83*6777b538SAndroid Build Coastguard Worker // If |cookie_domain| is nonempty and starts with a "." character, this returns 84*6777b538SAndroid Build Coastguard Worker // the substring of |cookie_domain| without the leading dot. (Note only one 85*6777b538SAndroid Build Coastguard Worker // leading dot is stripped, if there are multiple.) Otherwise it returns 86*6777b538SAndroid Build Coastguard Worker // |cookie_domain|. This is useful for converting from CanonicalCookie's 87*6777b538SAndroid Build Coastguard Worker // representation of a cookie domain to the RFC's notion of a cookie's domain. 88*6777b538SAndroid Build Coastguard Worker NET_EXPORT std::string CookieDomainAsHost(const std::string& cookie_domain); 89*6777b538SAndroid Build Coastguard Worker 90*6777b538SAndroid Build Coastguard Worker // Parses the string with the cookie expiration time (very forgivingly). 91*6777b538SAndroid Build Coastguard Worker // Returns the "null" time on failure. 92*6777b538SAndroid Build Coastguard Worker // 93*6777b538SAndroid Build Coastguard Worker // If the expiration date is below or above the platform-specific range 94*6777b538SAndroid Build Coastguard Worker // supported by Time::FromUTCExplodeded(), then this will return Time(1) or 95*6777b538SAndroid Build Coastguard Worker // Time::Max(), respectively. 96*6777b538SAndroid Build Coastguard Worker NET_EXPORT base::Time ParseCookieExpirationTime(const std::string& time_string); 97*6777b538SAndroid Build Coastguard Worker 98*6777b538SAndroid Build Coastguard Worker // Get a cookie's URL from it's domain, path, and source scheme. 99*6777b538SAndroid Build Coastguard Worker // The first field can be the combined domain-and-host-only-flag (e.g. the 100*6777b538SAndroid Build Coastguard Worker // string returned by CanonicalCookie::Domain()) as opposed to the domain 101*6777b538SAndroid Build Coastguard Worker // attribute per RFC6265bis. The GURL is constructed after stripping off any 102*6777b538SAndroid Build Coastguard Worker // leading dot. 103*6777b538SAndroid Build Coastguard Worker // Note: the GURL returned by this method is not guaranteed to be valid. 104*6777b538SAndroid Build Coastguard Worker NET_EXPORT GURL CookieDomainAndPathToURL(const std::string& domain, 105*6777b538SAndroid Build Coastguard Worker const std::string& path, 106*6777b538SAndroid Build Coastguard Worker const std::string& source_scheme); 107*6777b538SAndroid Build Coastguard Worker NET_EXPORT GURL CookieDomainAndPathToURL(const std::string& domain, 108*6777b538SAndroid Build Coastguard Worker const std::string& path, 109*6777b538SAndroid Build Coastguard Worker bool is_https); 110*6777b538SAndroid Build Coastguard Worker NET_EXPORT GURL CookieDomainAndPathToURL(const std::string& domain, 111*6777b538SAndroid Build Coastguard Worker const std::string& path, 112*6777b538SAndroid Build Coastguard Worker CookieSourceScheme source_scheme); 113*6777b538SAndroid Build Coastguard Worker 114*6777b538SAndroid Build Coastguard Worker // Convenience for converting a cookie origin (domain and https pair) to a URL. 115*6777b538SAndroid Build Coastguard Worker NET_EXPORT GURL CookieOriginToURL(const std::string& domain, bool is_https); 116*6777b538SAndroid Build Coastguard Worker 117*6777b538SAndroid Build Coastguard Worker // Returns a URL that could have been the cookie's source. 118*6777b538SAndroid Build Coastguard Worker // Not guaranteed to actually be the URL that set the cookie. Not guaranteed to 119*6777b538SAndroid Build Coastguard Worker // be a valid GURL. Intended as a shim for SetCanonicalCookieAsync calls, where 120*6777b538SAndroid Build Coastguard Worker // a source URL is required but only a source scheme may be available. 121*6777b538SAndroid Build Coastguard Worker NET_EXPORT GURL SimulatedCookieSource(const CanonicalCookie& cookie, 122*6777b538SAndroid Build Coastguard Worker const std::string& source_scheme); 123*6777b538SAndroid Build Coastguard Worker 124*6777b538SAndroid Build Coastguard Worker // Provisional evaluation of acceptability of setting secure cookies on 125*6777b538SAndroid Build Coastguard Worker // `source_url` based only on the `source_url`'s scheme and whether it 126*6777b538SAndroid Build Coastguard Worker // is a localhost URL. If this returns kNonCryptographic, it may be upgraded to 127*6777b538SAndroid Build Coastguard Worker // kTrustworthy by a CookieAccessDelegate when the cookie operation is being 128*6777b538SAndroid Build Coastguard Worker // performed, as the delegate may have access to user settings like manually 129*6777b538SAndroid Build Coastguard Worker // configured test domains which declare additional things trustworthy. 130*6777b538SAndroid Build Coastguard Worker NET_EXPORT CookieAccessScheme ProvisionalAccessScheme(const GURL& source_url); 131*6777b538SAndroid Build Coastguard Worker 132*6777b538SAndroid Build Coastguard Worker // |domain| is the output of cookie.Domain() for some cookie. This returns true 133*6777b538SAndroid Build Coastguard Worker // if a |domain| indicates that the cookie can be accessed by |host|. 134*6777b538SAndroid Build Coastguard Worker // See comment on CanonicalCookie::IsDomainMatch(). 135*6777b538SAndroid Build Coastguard Worker NET_EXPORT bool IsDomainMatch(const std::string& domain, 136*6777b538SAndroid Build Coastguard Worker const std::string& host); 137*6777b538SAndroid Build Coastguard Worker 138*6777b538SAndroid Build Coastguard Worker // Returns true if the given |url_path| path-matches |cookie_path| 139*6777b538SAndroid Build Coastguard Worker // as described in section 5.1.4 in RFC 6265. This returns true if |cookie_path| 140*6777b538SAndroid Build Coastguard Worker // and |url_path| are identical, or if |url_path| is a subdirectory of 141*6777b538SAndroid Build Coastguard Worker // |cookie_path|. 142*6777b538SAndroid Build Coastguard Worker NET_EXPORT bool IsOnPath(const std::string& cookie_path, 143*6777b538SAndroid Build Coastguard Worker const std::string& url_path); 144*6777b538SAndroid Build Coastguard Worker 145*6777b538SAndroid Build Coastguard Worker // A ParsedRequestCookie consists of the key and value of the cookie. 146*6777b538SAndroid Build Coastguard Worker using ParsedRequestCookie = std::pair<std::string, std::string>; 147*6777b538SAndroid Build Coastguard Worker using ParsedRequestCookies = std::vector<ParsedRequestCookie>; 148*6777b538SAndroid Build Coastguard Worker 149*6777b538SAndroid Build Coastguard Worker // Assumes that |header_value| is the cookie header value of a HTTP Request 150*6777b538SAndroid Build Coastguard Worker // following the cookie-string schema of RFC 6265, section 4.2.1, and returns 151*6777b538SAndroid Build Coastguard Worker // cookie name/value pairs. If cookie values are presented in double quotes, 152*6777b538SAndroid Build Coastguard Worker // these will appear in |parsed_cookies| as well. The cookie header can be 153*6777b538SAndroid Build Coastguard Worker // written by non-Chromium consumers (such as extensions), so the header may not 154*6777b538SAndroid Build Coastguard Worker // be well-formed. 155*6777b538SAndroid Build Coastguard Worker NET_EXPORT void ParseRequestCookieLine(const std::string& header_value, 156*6777b538SAndroid Build Coastguard Worker ParsedRequestCookies* parsed_cookies); 157*6777b538SAndroid Build Coastguard Worker 158*6777b538SAndroid Build Coastguard Worker // Writes all cookies of |parsed_cookies| into a HTTP Request header value 159*6777b538SAndroid Build Coastguard Worker // that belongs to the "Cookie" header. The entries of |parsed_cookies| must 160*6777b538SAndroid Build Coastguard Worker // already be appropriately escaped. 161*6777b538SAndroid Build Coastguard Worker NET_EXPORT std::string SerializeRequestCookieLine( 162*6777b538SAndroid Build Coastguard Worker const ParsedRequestCookies& parsed_cookies); 163*6777b538SAndroid Build Coastguard Worker 164*6777b538SAndroid Build Coastguard Worker // Determines which of the cookies for the request URL can be accessed, with 165*6777b538SAndroid Build Coastguard Worker // respect to the SameSite attribute. This applies to looking up existing 166*6777b538SAndroid Build Coastguard Worker // cookies for HTTP requests. For looking up cookies for non-HTTP APIs (i.e., 167*6777b538SAndroid Build Coastguard Worker // JavaScript), see ComputeSameSiteContextForScriptGet. For setting new cookies, 168*6777b538SAndroid Build Coastguard Worker // see ComputeSameSiteContextForResponse and ComputeSameSiteContextForScriptSet. 169*6777b538SAndroid Build Coastguard Worker // 170*6777b538SAndroid Build Coastguard Worker // `url_chain` is a non-empty vector of URLs, the last of which is the current 171*6777b538SAndroid Build Coastguard Worker // request URL. It represents the redirect chain of the current request. The 172*6777b538SAndroid Build Coastguard Worker // redirect chain is used to calculate whether there has been a cross-site 173*6777b538SAndroid Build Coastguard Worker // redirect. In order for a context to be deemed strictly same-site, there must 174*6777b538SAndroid Build Coastguard Worker // not have been any cross-site redirects. 175*6777b538SAndroid Build Coastguard Worker // 176*6777b538SAndroid Build Coastguard Worker // `site_for_cookies` is the currently navigated to site that should be 177*6777b538SAndroid Build Coastguard Worker // considered "first-party" for cookies. 178*6777b538SAndroid Build Coastguard Worker // 179*6777b538SAndroid Build Coastguard Worker // `initiator` is the origin ultimately responsible for getting the request 180*6777b538SAndroid Build Coastguard Worker // issued. It may be different from `site_for_cookies`. 181*6777b538SAndroid Build Coastguard Worker // 182*6777b538SAndroid Build Coastguard Worker // std::nullopt for `initiator` denotes that the navigation was initiated by 183*6777b538SAndroid Build Coastguard Worker // the user directly interacting with the browser UI, e.g. entering a URL 184*6777b538SAndroid Build Coastguard Worker // or selecting a bookmark. 185*6777b538SAndroid Build Coastguard Worker // 186*6777b538SAndroid Build Coastguard Worker // `is_main_frame_navigation` is whether the request is for a navigation that 187*6777b538SAndroid Build Coastguard Worker // targets the main frame or top-level browsing context. These requests may 188*6777b538SAndroid Build Coastguard Worker // sometimes send SameSite=Lax cookies but not SameSite=Strict cookies. 189*6777b538SAndroid Build Coastguard Worker // 190*6777b538SAndroid Build Coastguard Worker // If `force_ignore_site_for_cookies` is specified, all SameSite cookies will be 191*6777b538SAndroid Build Coastguard Worker // attached, i.e. this will return SAME_SITE_STRICT. This flag is set to true 192*6777b538SAndroid Build Coastguard Worker // when the `site_for_cookies` is a chrome:// URL embedding a secure origin, 193*6777b538SAndroid Build Coastguard Worker // among other scenarios. 194*6777b538SAndroid Build Coastguard Worker // This is *not* set when the *initiator* is chrome-extension://, 195*6777b538SAndroid Build Coastguard Worker // which is intentional, since it would be bad to let an extension arbitrarily 196*6777b538SAndroid Build Coastguard Worker // redirect anywhere and bypass SameSite=Strict rules. 197*6777b538SAndroid Build Coastguard Worker // 198*6777b538SAndroid Build Coastguard Worker // See also documentation for corresponding methods on net::URLRequest. 199*6777b538SAndroid Build Coastguard Worker // 200*6777b538SAndroid Build Coastguard Worker // `http_method` is used to enforce the requirement that, in a context that's 201*6777b538SAndroid Build Coastguard Worker // lax same-site but not strict same-site, SameSite=lax cookies be only sent 202*6777b538SAndroid Build Coastguard Worker // when the method is "safe" in the RFC7231 section 4.2.1 sense. 203*6777b538SAndroid Build Coastguard Worker NET_EXPORT CookieOptions::SameSiteCookieContext 204*6777b538SAndroid Build Coastguard Worker ComputeSameSiteContextForRequest(const std::string& http_method, 205*6777b538SAndroid Build Coastguard Worker const std::vector<GURL>& url_chain, 206*6777b538SAndroid Build Coastguard Worker const SiteForCookies& site_for_cookies, 207*6777b538SAndroid Build Coastguard Worker const std::optional<url::Origin>& initiator, 208*6777b538SAndroid Build Coastguard Worker bool is_main_frame_navigation, 209*6777b538SAndroid Build Coastguard Worker bool force_ignore_site_for_cookies); 210*6777b538SAndroid Build Coastguard Worker 211*6777b538SAndroid Build Coastguard Worker // As above, but applying for scripts. `initiator` here should be the initiator 212*6777b538SAndroid Build Coastguard Worker // used when fetching the document. 213*6777b538SAndroid Build Coastguard Worker // If `force_ignore_site_for_cookies` is true, this returns SAME_SITE_STRICT. 214*6777b538SAndroid Build Coastguard Worker NET_EXPORT CookieOptions::SameSiteCookieContext 215*6777b538SAndroid Build Coastguard Worker ComputeSameSiteContextForScriptGet(const GURL& url, 216*6777b538SAndroid Build Coastguard Worker const SiteForCookies& site_for_cookies, 217*6777b538SAndroid Build Coastguard Worker const std::optional<url::Origin>& initiator, 218*6777b538SAndroid Build Coastguard Worker bool force_ignore_site_for_cookies); 219*6777b538SAndroid Build Coastguard Worker 220*6777b538SAndroid Build Coastguard Worker // Determines which of the cookies for the request URL can be set from a network 221*6777b538SAndroid Build Coastguard Worker // response, with respect to the SameSite attribute. This will only return 222*6777b538SAndroid Build Coastguard Worker // CROSS_SITE or SAME_SITE_LAX (cookie sets of SameSite=strict cookies are 223*6777b538SAndroid Build Coastguard Worker // permitted in same contexts that sets of SameSite=lax cookies are). 224*6777b538SAndroid Build Coastguard Worker // `url_chain` is a non-empty vector of URLs, the last of which is the current 225*6777b538SAndroid Build Coastguard Worker // request URL. It represents the redirect chain of the current request. The 226*6777b538SAndroid Build Coastguard Worker // redirect chain is used to calculate whether there has been a cross-site 227*6777b538SAndroid Build Coastguard Worker // redirect. 228*6777b538SAndroid Build Coastguard Worker // `is_main_frame_navigation` is whether the request was for a navigation that 229*6777b538SAndroid Build Coastguard Worker // targets the main frame or top-level browsing context. Both SameSite=Lax and 230*6777b538SAndroid Build Coastguard Worker // SameSite=Strict cookies may be set by any main frame navigation. 231*6777b538SAndroid Build Coastguard Worker // If `force_ignore_site_for_cookies` is true, this returns SAME_SITE_LAX. 232*6777b538SAndroid Build Coastguard Worker NET_EXPORT CookieOptions::SameSiteCookieContext 233*6777b538SAndroid Build Coastguard Worker ComputeSameSiteContextForResponse(const std::vector<GURL>& url_chain, 234*6777b538SAndroid Build Coastguard Worker const SiteForCookies& site_for_cookies, 235*6777b538SAndroid Build Coastguard Worker const std::optional<url::Origin>& initiator, 236*6777b538SAndroid Build Coastguard Worker bool is_main_frame_navigation, 237*6777b538SAndroid Build Coastguard Worker bool force_ignore_site_for_cookies); 238*6777b538SAndroid Build Coastguard Worker 239*6777b538SAndroid Build Coastguard Worker // Determines which of the cookies for `url` can be set from a script context, 240*6777b538SAndroid Build Coastguard Worker // with respect to the SameSite attribute. This will only return CROSS_SITE or 241*6777b538SAndroid Build Coastguard Worker // SAME_SITE_LAX (cookie sets of SameSite=strict cookies are permitted in same 242*6777b538SAndroid Build Coastguard Worker // contexts that sets of SameSite=lax cookies are). 243*6777b538SAndroid Build Coastguard Worker // If `force_ignore_site_for_cookies` is true, this returns SAME_SITE_LAX. 244*6777b538SAndroid Build Coastguard Worker NET_EXPORT CookieOptions::SameSiteCookieContext 245*6777b538SAndroid Build Coastguard Worker ComputeSameSiteContextForScriptSet(const GURL& url, 246*6777b538SAndroid Build Coastguard Worker const SiteForCookies& site_for_cookies, 247*6777b538SAndroid Build Coastguard Worker bool force_ignore_site_for_cookies); 248*6777b538SAndroid Build Coastguard Worker 249*6777b538SAndroid Build Coastguard Worker // Determines which of the cookies for |url| can be accessed when fetching a 250*6777b538SAndroid Build Coastguard Worker // subresources. This is either CROSS_SITE or SAME_SITE_STRICT, 251*6777b538SAndroid Build Coastguard Worker // since the initiator for a subresource is the frame loading it. 252*6777b538SAndroid Build Coastguard Worker NET_EXPORT CookieOptions::SameSiteCookieContext 253*6777b538SAndroid Build Coastguard Worker // If |force_ignore_site_for_cookies| is true, this returns SAME_SITE_STRICT. 254*6777b538SAndroid Build Coastguard Worker ComputeSameSiteContextForSubresource(const GURL& url, 255*6777b538SAndroid Build Coastguard Worker const SiteForCookies& site_for_cookies, 256*6777b538SAndroid Build Coastguard Worker bool force_ignore_site_for_cookies); 257*6777b538SAndroid Build Coastguard Worker 258*6777b538SAndroid Build Coastguard Worker NET_EXPORT bool IsPortBoundCookiesEnabled(); 259*6777b538SAndroid Build Coastguard Worker 260*6777b538SAndroid Build Coastguard Worker NET_EXPORT bool IsSchemeBoundCookiesEnabled(); 261*6777b538SAndroid Build Coastguard Worker 262*6777b538SAndroid Build Coastguard Worker // Returns true if either portion of OBC is enabled. 263*6777b538SAndroid Build Coastguard Worker NET_EXPORT bool IsOriginBoundCookiesPartiallyEnabled(); 264*6777b538SAndroid Build Coastguard Worker 265*6777b538SAndroid Build Coastguard Worker NET_EXPORT bool IsTimeLimitedInsecureCookiesEnabled(); 266*6777b538SAndroid Build Coastguard Worker 267*6777b538SAndroid Build Coastguard Worker // Returns whether the respective feature is enabled. 268*6777b538SAndroid Build Coastguard Worker NET_EXPORT bool IsSchemefulSameSiteEnabled(); 269*6777b538SAndroid Build Coastguard Worker 270*6777b538SAndroid Build Coastguard Worker // Computes the First-Party Sets metadata and cache match information. 271*6777b538SAndroid Build Coastguard Worker // `isolation_info` must be fully populated. 272*6777b538SAndroid Build Coastguard Worker // 273*6777b538SAndroid Build Coastguard Worker // The result may be returned synchronously, or `callback` may be invoked 274*6777b538SAndroid Build Coastguard Worker // asynchronously with the result. The callback will be invoked iff the return 275*6777b538SAndroid Build Coastguard Worker // value is nullopt; i.e. a result will be provided via return value or 276*6777b538SAndroid Build Coastguard Worker // callback, but not both, and not neither. 277*6777b538SAndroid Build Coastguard Worker [[nodiscard]] NET_EXPORT std::optional< 278*6777b538SAndroid Build Coastguard Worker std::pair<FirstPartySetMetadata, FirstPartySetsCacheFilter::MatchInfo>> 279*6777b538SAndroid Build Coastguard Worker ComputeFirstPartySetMetadataMaybeAsync( 280*6777b538SAndroid Build Coastguard Worker const SchemefulSite& request_site, 281*6777b538SAndroid Build Coastguard Worker const IsolationInfo& isolation_info, 282*6777b538SAndroid Build Coastguard Worker const CookieAccessDelegate* cookie_access_delegate, 283*6777b538SAndroid Build Coastguard Worker base::OnceCallback<void(FirstPartySetMetadata, 284*6777b538SAndroid Build Coastguard Worker FirstPartySetsCacheFilter::MatchInfo)> callback); 285*6777b538SAndroid Build Coastguard Worker 286*6777b538SAndroid Build Coastguard Worker // Converts a string representing the http request method to its enum 287*6777b538SAndroid Build Coastguard Worker // representation. 288*6777b538SAndroid Build Coastguard Worker NET_EXPORT CookieOptions::SameSiteCookieContext::ContextMetadata::HttpMethod 289*6777b538SAndroid Build Coastguard Worker HttpMethodStringToEnum(const std::string& in); 290*6777b538SAndroid Build Coastguard Worker 291*6777b538SAndroid Build Coastguard Worker // Takes a CookieAccessResult and returns a bool, returning true if the 292*6777b538SAndroid Build Coastguard Worker // CookieInclusionStatus in CookieAccessResult was set to "include", else 293*6777b538SAndroid Build Coastguard Worker // returning false. 294*6777b538SAndroid Build Coastguard Worker // 295*6777b538SAndroid Build Coastguard Worker // Can be used with SetCanonicalCookie when you don't need to know why a cookie 296*6777b538SAndroid Build Coastguard Worker // was blocked, only whether it was blocked. 297*6777b538SAndroid Build Coastguard Worker NET_EXPORT bool IsCookieAccessResultInclude( 298*6777b538SAndroid Build Coastguard Worker CookieAccessResult cookie_access_result); 299*6777b538SAndroid Build Coastguard Worker 300*6777b538SAndroid Build Coastguard Worker // Turn a CookieAccessResultList into a CookieList by stripping out access 301*6777b538SAndroid Build Coastguard Worker // results (for callers who only care about cookies). 302*6777b538SAndroid Build Coastguard Worker NET_EXPORT CookieList 303*6777b538SAndroid Build Coastguard Worker StripAccessResults(const CookieAccessResultList& cookie_access_result_list); 304*6777b538SAndroid Build Coastguard Worker 305*6777b538SAndroid Build Coastguard Worker // Records port related metrics from Omnibox navigations. 306*6777b538SAndroid Build Coastguard Worker NET_EXPORT void RecordCookiePortOmniboxHistograms(const GURL& url); 307*6777b538SAndroid Build Coastguard Worker 308*6777b538SAndroid Build Coastguard Worker // Checks invariants that should be upheld w.r.t. the included and excluded 309*6777b538SAndroid Build Coastguard Worker // cookies. Namely: the included cookies should be elements of 310*6777b538SAndroid Build Coastguard Worker // `included_cookies`; excluded cookies should be elements of 311*6777b538SAndroid Build Coastguard Worker // `excluded_cookies`; and included cookies should be in the correct sorted 312*6777b538SAndroid Build Coastguard Worker // order. 313*6777b538SAndroid Build Coastguard Worker NET_EXPORT void DCheckIncludedAndExcludedCookieLists( 314*6777b538SAndroid Build Coastguard Worker const CookieAccessResultList& included_cookies, 315*6777b538SAndroid Build Coastguard Worker const CookieAccessResultList& excluded_cookies); 316*6777b538SAndroid Build Coastguard Worker 317*6777b538SAndroid Build Coastguard Worker // Returns the default third-party cookie blocking setting, which is false 318*6777b538SAndroid Build Coastguard Worker // unless you enable ForceThirdPartyCookieBlocking with the command line switch 319*6777b538SAndroid Build Coastguard Worker // --test-third-party-cookie-phaseout. 320*6777b538SAndroid Build Coastguard Worker NET_EXPORT bool IsForceThirdPartyCookieBlockingEnabled(); 321*6777b538SAndroid Build Coastguard Worker 322*6777b538SAndroid Build Coastguard Worker } // namespace cookie_util 323*6777b538SAndroid Build Coastguard Worker 324*6777b538SAndroid Build Coastguard Worker } // namespace net 325*6777b538SAndroid Build Coastguard Worker 326*6777b538SAndroid Build Coastguard Worker #endif // NET_COOKIES_COOKIE_UTIL_H_ 327