1 // Copyright 2019 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef NET_COOKIES_SITE_FOR_COOKIES_H_ 6 #define NET_COOKIES_SITE_FOR_COOKIES_H_ 7 8 #include <string> 9 10 #include "base/strings/string_piece.h" 11 #include "net/base/net_export.h" 12 #include "url/gurl.h" 13 #include "url/origin.h" 14 15 namespace net { 16 17 // Represents which origins are to be considered first-party for a given 18 // context (e.g. frame). There may be none. 19 // 20 // The currently implemented policy is that two valid URLs would be considered 21 // the same party if either: 22 // 1) They both have non-empty and equal registrable domains or hostnames/IPs. 23 // 2) They both have empty hostnames and equal schemes. 24 // Invalid URLs are not first party to anything. 25 // 26 // TODO(morlovich): It may make sense to require scheme to match in case (1) 27 // too, where the notion of matching makes http/https/ws/wss equivalent, but 28 // all other schemes are distinct. 29 // 30 // This should wait until SiteForCookies type is used everywhere relevant, so 31 // any changes are consistent. 32 class NET_EXPORT SiteForCookies { 33 public: 34 // Matches nothing. 35 SiteForCookies(); 36 37 SiteForCookies(const SiteForCookies& other); 38 SiteForCookies(SiteForCookies&& other); 39 40 ~SiteForCookies(); 41 42 SiteForCookies& operator=(const SiteForCookies& other); 43 SiteForCookies& operator=(SiteForCookies&& other); 44 45 // Tries to construct an instance from (potentially untrusted) values of 46 // scheme() and registrable_domain() that got received over an RPC. 47 // 48 // Returns whether successful or not. Doesn't touch |*out| if false is 49 // returned. This returning |true| does not mean that whoever sent the values 50 // did not lie, merely that they are well-formed. 51 static bool FromWire(const std::string& scheme, 52 const std::string& registrable_domain, 53 SiteForCookies* out); 54 55 // If the origin is opaque, returns SiteForCookies that matches nothing. 56 // 57 // If it's not, returns one that matches URLs which are considered to be 58 // same-party as URLs from |origin|. 59 static SiteForCookies FromOrigin(const url::Origin& origin); 60 61 // Equivalent to FromOrigin(url::Origin::Create(url)). 62 static SiteForCookies FromUrl(const GURL& url); 63 64 std::string ToDebugString() const; 65 66 // Returns true if |url| should be considered first-party to the context 67 // |this| represents. 68 bool IsFirstParty(const GURL& url) const; 69 70 // Returns true if |other.IsFirstParty()| is true for exactly the same URLs 71 // as |this->IsFirstParty| (potentially none). 72 bool IsEquivalent(const SiteForCookies& other) const; 73 74 // Returns a URL that's first party to this SiteForCookies (an empty URL if 75 // none) --- that is, it has the property that 76 // site_for_cookies.IsEquivalent( 77 // SiteForCookies::FromUrl(site_for_cookies.RepresentativeUrl())); 78 // 79 // The convention used here (empty for nothing) is equivalent to that 80 // used before SiteForCookies existed as a type; this method is mostly 81 // meant to help incrementally migrate towards the type. New code probably 82 // should not need this. 83 GURL RepresentativeUrl() const; 84 85 // Guaranteed to be lowercase. scheme()86 const std::string& scheme() const { return scheme_; } 87 registrable_domain()88 const std::string& registrable_domain() const { return registrable_domain_; } 89 90 // Returns true if this SiteForCookies matches nothing. IsNull()91 bool IsNull() const { return scheme_.empty(); } 92 93 private: 94 SiteForCookies(const std::string& scheme, const std::string& host); 95 96 // These should be canonicalized appropriately by GURL/url::Origin. 97 // An empty |scheme_| means that this matches nothing. 98 std::string scheme_; 99 100 // Represents which host or family of hosts this represents. 101 // This is usually an eTLD+1 when one exists, but lacking that it may be 102 // just the bare hostname or IP, or an empty string if this represents 103 // something like file:/// 104 std::string registrable_domain_; 105 }; 106 107 } // namespace net 108 109 #endif // NET_COOKIES_SITE_FOR_COOKIES_H_ 110