net/cookies/site_for_cookies.h - cobalt - Git at Google

 // Copyright 2019 The Chromium Authors
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef NET_COOKIES_SITE_FOR_COOKIES_H_
 #define NET_COOKIES_SITE_FOR_COOKIES_H_

 #include <string>

 #include "base/gtest_prod_util.h"
 #include "base/strings/string_piece.h"
 #include "net/base/net_export.h"
 #include "net/base/schemeful_site.h"
 #include "url/gurl.h"
 #include "url/origin.h"

 namespace net {

 // Represents which origins are to be considered same-site for a given
 // context (e.g. frame). There may be none.
 //
 // The currently implemented policy ("schemeful") is that
 // two valid URLs would be considered same-site if either:
 // 1) They both have compatible schemes along with non-empty and equal
 //    registrable domains or hostnames/IPs. Two schemes are compatible if they
 //    are either equal, or are both in {http, ws}, or are both in {https, wss}.
 //    E.x. "https://example.com" and "wss://example.com"
 // 2) They both have empty hostnames and exactly equal schemes. E.x. "file://"
 // and "file://"
 //
 // With the SchemefulSameSite feature disabled the policy ("schemeless") is that
 // two valid URLs would be considered the same site if either: 1) They both have
 // non-empty and equal registrable domains or hostnames/IPs. E.x. "example.com"
 // and "example.com" 2) They both have empty hostnames and equal schemes. E.x.
 // "file://" and "file://"
 //
 //
 // Invalid URLs are never same-site to anything.
 class NET_EXPORT SiteForCookies {
  public:
   // Matches nothing.
   SiteForCookies();

   SiteForCookies(const SiteForCookies& other);
   SiteForCookies(SiteForCookies&& other);

   explicit SiteForCookies(const SchemefulSite& schemeful_site);

   ~SiteForCookies();

   SiteForCookies& operator=(const SiteForCookies& other);
   SiteForCookies& operator=(SiteForCookies&& other);

   // Tries to construct an instance from (potentially untrusted) values of
   // site() and schemefully_same() that got received over an RPC.
   //
   // Returns whether successful or not. Doesn't touch `*out` if false is
   // returned.  This returning `true` does not mean that whoever sent the values
   // did not lie, merely that they are well-formed.
   static bool FromWire(const SchemefulSite& site,
                        bool schemefully_same,
                        SiteForCookies* out);

   // If the origin is opaque, returns SiteForCookies that matches nothing.
   //
   // If it's not opaque, returns one that matches URLs which are considered to
   // be same-party as URLs from `origin`.
   static SiteForCookies FromOrigin(const url::Origin& origin);

   // Equivalent to FromOrigin(url::Origin::Create(url)).
   static SiteForCookies FromUrl(const GURL& url);

   // Returns a string with the values of the member variables.
   // `schemefully_same` being false does not change the output.
   std::string ToDebugString() const;

   // Returns true if `url` should be considered first-party to the context
   // `this` represents.
   bool IsFirstParty(const GURL& url) const;

   // Don't use this function unless you know what you're doing, if you're unsure
   // you probably want IsFirstParty().
   //
   // If `compute_schemefully` is true this function will return true if `url`
   // should be considered first-party to the context `this` represents when the
   // compatibility of the schemes are taken into account.
   //
   // If `compute_schemefully` is false this function will return true if `url`
   // should be considered first-party to the context `this` represents when the
   // compatibility of the scheme are not taken into account. Note that schemes
   // are still compared for exact equality if neither `this` nor `url` have a
   // registered domain.
   bool IsFirstPartyWithSchemefulMode(const GURL& url,
                                      bool compute_schemefully) const;

   // Returns true if `other.IsFirstParty()` is true for exactly the same URLs
   // as `this->IsFirstParty` (potentially none). Two SFCs are also considered
   // equivalent if neither ever returns true for `IsFirstParty()`. I.e., both
   // are null.
   bool IsEquivalent(const SiteForCookies& other) const;

   // Compares a "candidate" SFC, `this`, with an origin (represented as a
   // SchemefulSite) from the frame tree and revises `this` to be null as
   // required.
   //
   // This method is used when a sub-frame needs to have its SiteForCookies
   // computed, which is dependent on all of its ancestors' origins (`other`). If
   // its or any of its ancestors' frame's origins are not first-party with the
   // top-level origin then this frame's SFC should be null. Otherwise, if it and
   // all its ancestors are first-party with the top-level frame, the frame's
   // SFC is the same as the top-level.
   //
   // This computation gets a bit tricky when considering "Schemeful Same-Site"
   // as we don't know ahead of time if `this` is going to be used for a
   // schemeful or schemeless computation later down the line, so we need to
   // be careful to not completely nullify the entire SFC just because an `other`
   // isn't schemefully first-party. If the computation is schemelessly
   // first-party but *not schemefully* first-party then only the
   // `schemefully_same_` flag will be cleared (which informs other functions to
   // treat `this` as null for schemeful purposes). If the computation is not
   // schemelessly first-party then `this` will have an opaque `site_` which
   // completely nullifies it.
   //
   // This function should be called on all ancestors up to the top-level frame
   // unless it returns false in which case `this` has been completely nullified
   // and the caller may stop early.
   //
   // (This function's return value is the same as IsEquivalent() when "Schemeful
   // Same-Site" is disabled.)
   bool CompareWithFrameTreeSiteAndRevise(const SchemefulSite& other);

   // Converts an Origin into a SchemefulSite and then calls
   //`CompareWithFrameTreeSiteAndRevise(SchemefulSite)`
   //
   // If possible, prefer `CompareWithFrameTreeSiteAndRevise(SchemefulSite)`
   // for performance reasons.
   bool CompareWithFrameTreeOriginAndRevise(const url::Origin& other);

   // Returns a URL that's first party to this SiteForCookies (an empty URL if
   // none) --- that is, it has the property that
   // site_for_cookies.IsEquivalent(
   //     SiteForCookies::FromUrl(site_for_cookies.RepresentativeUrl()));
   //
   // The convention used here (empty for nothing) is equivalent to that
   // used before SiteForCookies existed as a type; this method is mostly
   // meant to help incrementally migrate towards the type. New code probably
   // should not need this.
   GURL RepresentativeUrl() const;

   const SchemefulSite& site() const { return site_; }

   // Guaranteed to be lowercase.
   const std::string& scheme() const { return site_.site_as_origin_.scheme(); }

   const std::string& registrable_domain() const {
     return site_.site_as_origin_.host();
   }

   // Used for serialization/deserialization. This value is irrelevant if
   // site().opaque() is true.
   bool schemefully_same() const { return schemefully_same_; }

   void SetSchemefullySameForTesting(bool schemefully_same) {
     schemefully_same_ = schemefully_same;
   }

   // Returns true if this SiteForCookies matches nothing.
   // If the SchemefulSameSite feature is enabled then !schemefully_same_ causes
   // this function to return true.
   bool IsNull() const;

   // Allows SiteForCookies to be used as a key in STL (for example, a std::set
   // or std::map).
   NET_EXPORT friend bool operator<(const SiteForCookies& lhs,
                                    const SiteForCookies& rhs);

  private:
   FRIEND_TEST_ALL_PREFIXES(SiteForCookiesTest, SameScheme);
   FRIEND_TEST_ALL_PREFIXES(SiteForCookiesTest, SameSchemeOpaque);

   bool IsSchemefullyFirstParty(const GURL& url) const;

   bool IsSchemelesslyFirstParty(const GURL& url) const;

   // Sets the schemefully_same_ flag to false if other`'s scheme is
   // cross-scheme to `this`. Schemes are considered cross-scheme if they're not
   // compatible. Two schemes are compatible if they are either equal, or are
   // both in {http, ws}, or are both in {https, wss}.
   void MarkIfCrossScheme(const SchemefulSite& other);

   // Represents the scheme and registrable domain of the site. The scheme should
   // not be a WebSocket scheme; instead, ws is normalized to http, and
   // wss is normalized to https upon construction.
   SchemefulSite site_;

   // Used to indicate if the SiteForCookies would be the same if computed
   // schemefully. A schemeful computation means to take the scheme as well as
   // the registrable_domain into account when determining same-siteness.
   // See the class-level comment for more details on schemeless vs schemeful.
   //
   // True means to treat `this` as-is while false means that `this` should be
   // treated as if it matches nothing i.e. IsNull() returns true.
   //
   // This value is important in the case where the SiteForCookies is being used
   // to assess the first-partyness of a sub-frame in a document.
   //
   // For a SiteForCookies with !site_.opaque() this value starts as true and
   // will only go false via MarkIfCrossScheme(), otherwise this value is
   // irrelevant (For tests this value can also be modified by
   // SetSchemefullySameForTesting()).
   bool schemefully_same_ = false;
 };

 }  // namespace net

 #endif  // NET_COOKIES_SITE_FOR_COOKIES_H_
	// Copyright 2019 The Chromium Authors
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef NET_COOKIES_SITE_FOR_COOKIES_H_
	#define NET_COOKIES_SITE_FOR_COOKIES_H_

	#include <string>

	#include "base/gtest_prod_util.h"
	#include "base/strings/string_piece.h"
	#include "net/base/net_export.h"
	#include "net/base/schemeful_site.h"
	#include "url/gurl.h"
	#include "url/origin.h"

	namespace net {

	// Represents which origins are to be considered same-site for a given
	// context (e.g. frame). There may be none.
	//
	// The currently implemented policy ("schemeful") is that
	// two valid URLs would be considered same-site if either:
	// 1) They both have compatible schemes along with non-empty and equal
	// registrable domains or hostnames/IPs. Two schemes are compatible if they
	// are either equal, or are both in {http, ws}, or are both in {https, wss}.
	// E.x. "https://example.com" and "wss://example.com"
	// 2) They both have empty hostnames and exactly equal schemes. E.x. "file://"
	// and "file://"
	//
	// With the SchemefulSameSite feature disabled the policy ("schemeless") is that
	// two valid URLs would be considered the same site if either: 1) They both have
	// non-empty and equal registrable domains or hostnames/IPs. E.x. "example.com"
	// and "example.com" 2) They both have empty hostnames and equal schemes. E.x.
	// "file://" and "file://"
	//
	//
	// Invalid URLs are never same-site to anything.
	class NET_EXPORT SiteForCookies {
	public:
	// Matches nothing.
	SiteForCookies();

	SiteForCookies(const SiteForCookies& other);
	SiteForCookies(SiteForCookies&& other);

	explicit SiteForCookies(const SchemefulSite& schemeful_site);

	~SiteForCookies();

	SiteForCookies& operator=(const SiteForCookies& other);
	SiteForCookies& operator=(SiteForCookies&& other);

	// Tries to construct an instance from (potentially untrusted) values of
	// site() and schemefully_same() that got received over an RPC.
	//
	// Returns whether successful or not. Doesn't touch `*out` if false is
	// returned. This returning `true` does not mean that whoever sent the values
	// did not lie, merely that they are well-formed.
	static bool FromWire(const SchemefulSite& site,
	bool schemefully_same,
	SiteForCookies* out);

	// If the origin is opaque, returns SiteForCookies that matches nothing.
	//
	// If it's not opaque, returns one that matches URLs which are considered to
	// be same-party as URLs from `origin`.
	static SiteForCookies FromOrigin(const url::Origin& origin);

	// Equivalent to FromOrigin(url::Origin::Create(url)).
	static SiteForCookies FromUrl(const GURL& url);

	// Returns a string with the values of the member variables.
	// `schemefully_same` being false does not change the output.
	std::string ToDebugString() const;

	// Returns true if `url` should be considered first-party to the context
	// `this` represents.
	bool IsFirstParty(const GURL& url) const;

	// Don't use this function unless you know what you're doing, if you're unsure
	// you probably want IsFirstParty().
	//
	// If `compute_schemefully` is true this function will return true if `url`
	// should be considered first-party to the context `this` represents when the
	// compatibility of the schemes are taken into account.
	//
	// If `compute_schemefully` is false this function will return true if `url`
	// should be considered first-party to the context `this` represents when the
	// compatibility of the scheme are not taken into account. Note that schemes
	// are still compared for exact equality if neither `this` nor `url` have a
	// registered domain.
	bool IsFirstPartyWithSchemefulMode(const GURL& url,
	bool compute_schemefully) const;

	// Returns true if `other.IsFirstParty()` is true for exactly the same URLs
	// as `this->IsFirstParty` (potentially none). Two SFCs are also considered
	// equivalent if neither ever returns true for `IsFirstParty()`. I.e., both
	// are null.
	bool IsEquivalent(const SiteForCookies& other) const;

	// Compares a "candidate" SFC, `this`, with an origin (represented as a
	// SchemefulSite) from the frame tree and revises `this` to be null as
	// required.
	//
	// This method is used when a sub-frame needs to have its SiteForCookies
	// computed, which is dependent on all of its ancestors' origins (`other`). If
	// its or any of its ancestors' frame's origins are not first-party with the
	// top-level origin then this frame's SFC should be null. Otherwise, if it and
	// all its ancestors are first-party with the top-level frame, the frame's
	// SFC is the same as the top-level.
	//
	// This computation gets a bit tricky when considering "Schemeful Same-Site"
	// as we don't know ahead of time if `this` is going to be used for a
	// schemeful or schemeless computation later down the line, so we need to
	// be careful to not completely nullify the entire SFC just because an `other`
	// isn't schemefully first-party. If the computation is schemelessly
	// first-party but not schemefully first-party then only the
	// `schemefully_same_` flag will be cleared (which informs other functions to
	// treat `this` as null for schemeful purposes). If the computation is not
	// schemelessly first-party then `this` will have an opaque `site_` which
	// completely nullifies it.
	//
	// This function should be called on all ancestors up to the top-level frame
	// unless it returns false in which case `this` has been completely nullified
	// and the caller may stop early.
	//
	// (This function's return value is the same as IsEquivalent() when "Schemeful
	// Same-Site" is disabled.)
	bool CompareWithFrameTreeSiteAndRevise(const SchemefulSite& other);

	// Converts an Origin into a SchemefulSite and then calls
	//`CompareWithFrameTreeSiteAndRevise(SchemefulSite)`
	//
	// If possible, prefer `CompareWithFrameTreeSiteAndRevise(SchemefulSite)`
	// for performance reasons.
	bool CompareWithFrameTreeOriginAndRevise(const url::Origin& other);

	// Returns a URL that's first party to this SiteForCookies (an empty URL if
	// none) --- that is, it has the property that
	// site_for_cookies.IsEquivalent(
	// SiteForCookies::FromUrl(site_for_cookies.RepresentativeUrl()));
	//
	// The convention used here (empty for nothing) is equivalent to that
	// used before SiteForCookies existed as a type; this method is mostly
	// meant to help incrementally migrate towards the type. New code probably
	// should not need this.
	GURL RepresentativeUrl() const;

	const SchemefulSite& site() const { return site_; }

	// Guaranteed to be lowercase.
	const std::string& scheme() const { return site_.site_as_origin_.scheme(); }

	const std::string& registrable_domain() const {
	return site_.site_as_origin_.host();
	}

	// Used for serialization/deserialization. This value is irrelevant if
	// site().opaque() is true.
	bool schemefully_same() const { return schemefully_same_; }

	void SetSchemefullySameForTesting(bool schemefully_same) {
	schemefully_same_ = schemefully_same;
	}

	// Returns true if this SiteForCookies matches nothing.
	// If the SchemefulSameSite feature is enabled then !schemefully_same_ causes
	// this function to return true.
	bool IsNull() const;

	// Allows SiteForCookies to be used as a key in STL (for example, a std::set
	// or std::map).
	NET_EXPORT friend bool operator<(const SiteForCookies& lhs,
	const SiteForCookies& rhs);

	private:
	FRIEND_TEST_ALL_PREFIXES(SiteForCookiesTest, SameScheme);
	FRIEND_TEST_ALL_PREFIXES(SiteForCookiesTest, SameSchemeOpaque);

	bool IsSchemefullyFirstParty(const GURL& url) const;

	bool IsSchemelesslyFirstParty(const GURL& url) const;

	// Sets the schemefully_same_ flag to false if other`'s scheme is
	// cross-scheme to `this`. Schemes are considered cross-scheme if they're not
	// compatible. Two schemes are compatible if they are either equal, or are
	// both in {http, ws}, or are both in {https, wss}.
	void MarkIfCrossScheme(const SchemefulSite& other);

	// Represents the scheme and registrable domain of the site. The scheme should
	// not be a WebSocket scheme; instead, ws is normalized to http, and
	// wss is normalized to https upon construction.
	SchemefulSite site_;

	// Used to indicate if the SiteForCookies would be the same if computed
	// schemefully. A schemeful computation means to take the scheme as well as
	// the registrable_domain into account when determining same-siteness.
	// See the class-level comment for more details on schemeless vs schemeful.
	//
	// True means to treat `this` as-is while false means that `this` should be
	// treated as if it matches nothing i.e. IsNull() returns true.
	//
	// This value is important in the case where the SiteForCookies is being used
	// to assess the first-partyness of a sub-frame in a document.
	//
	// For a SiteForCookies with !site_.opaque() this value starts as true and
	// will only go false via MarkIfCrossScheme(), otherwise this value is
	// irrelevant (For tests this value can also be modified by
	// SetSchemefullySameForTesting()).
	bool schemefully_same_ = false;
	};

	} // namespace net

	#endif // NET_COOKIES_SITE_FOR_COOKIES_H_