| blob | 5932c23a8818ef4cf6e0f60983f9694d246c8b78 |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 // Portions of this code based on Mozilla:
6 // (netwerk/cookie/src/nsCookieService.cpp)
7 /* ***** BEGIN LICENSE BLOCK *****
8 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
9 *
10 * The contents of this file are subject to the Mozilla Public License Version
11 * 1.1 (the "License"); you may not use this file except in compliance with
12 * the License. You may obtain a copy of the License at
13 * http://www.mozilla.org/MPL/
14 *
15 * Software distributed under the License is distributed on an "AS IS" basis,
16 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
17 * for the specific language governing rights and limitations under the
18 * License.
19 *
20 * The Original Code is mozilla.org code.
21 *
22 * The Initial Developer of the Original Code is
23 * Netscape Communications Corporation.
24 * Portions created by the Initial Developer are Copyright (C) 2003
25 * the Initial Developer. All Rights Reserved.
26 *
27 * Contributor(s):
28 * Daniel Witte (dwitte@stanford.edu)
29 * Michiel van Leeuwen (mvl@exedo.nl)
30 *
31 * Alternatively, the contents of this file may be used under the terms of
32 * either the GNU General Public License Version 2 or later (the "GPL"), or
33 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
34 * in which case the provisions of the GPL or the LGPL are applicable instead
35 * of those above. If you wish to allow use of your version of this file only
36 * under the terms of either the GPL or the LGPL, and not to allow others to
37 * use your version of this file under the terms of the MPL, indicate your
38 * decision by deleting the provisions above and replace them with the notice
39 * and other provisions required by the GPL or the LGPL. If you do not delete
40 * the provisions above, a recipient may use your version of this file under
41 * the terms of any one of the MPL, the GPL or the LGPL.
42 *
43 * ***** END LICENSE BLOCK ***** */
65 // Determine the cookie domain to use for setting the specified cookie.
73 }
77 // The RFC says the path should be a prefix of the current URL path.
78 // However, Mozilla allows you to set any path for compatibility with
79 // broken websites. We unfortunately will mimic this behavior. We try
80 // to be generous and accept cookies with an invalid path attribute, and
81 // default the path to something reasonable.
83 // The path was supplied in the cookie, we'll take it.
87 // The path was not supplied in the cookie or invalid, we will default
88 // to the current URL path.
89 // """Defaults to the path of the request URL that generated the
90 // Set-Cookie response, up to, but not including, the
91 // right-most /."""
92 // How would this work for a cookie on /? We will include it then.
97 // The cookie path was invalid or a single '/'.
101 // Return up to the rightmost '/'.
103 }
105 // Compares cookies using name, domain and path, so that "equivalent" cookies
106 // (per RFC 2965) are equal to each other.
118 }
125 }
138 CookiePriority priority)
151 }
167 // Do the best we can with the domain.
172 }
173 bool result
176 // Caller is responsible for passing in good arguments.
179 }
182 }
194 }
196 // static
203 }
205 // static
209 // First, try the Max-Age attribute.
212 #ifdef COMPILER_MSVC
214 #else
216 #endif
219 }
221 // Try the Expires attribute.
223 // Adjust for clock skew between server and host.
227 }
229 // Invalid or no expiration, persistent cookie.
231 }
233 // static
243 }
248 }
253 }
261 creation_time,
262 server_time);
269 }
281 CookiePriority priority) {
282 // Expect valid attribute tokens and values, as defined by the ParsedCookie
283 // logic, otherwise don't create the cookie.
298 }
305 // Expect that the path was either not specified (empty), or is valid.
308 // Canonicalize path again to make sure it escapes characters as needed.
320 }
324 // A zero length would be unsafe for our trailing '/' checks, and
325 // would also make no sense for our prefix match. The code that
326 // creates a CanonicalCookie should make sure the path is never zero length,
327 // but we double check anyway.
331 // The Mozilla code broke this into three cases, based on if the cookie path
332 // was longer, the same length, or shorter than the length of the url path.
333 // I think the approach below is simpler.
335 // Make sure the cookie path is a prefix of the url path. If the
336 // url path is shorter than the cookie path, then the cookie path
337 // can't be a prefix.
341 // Now we know that url_path is >= cookie_path, and that cookie_path
342 // is a prefix of url_path. If they are the are the same length then
343 // they are identical, otherwise we need an additional check:
345 // In order to avoid in correctly matching a cookie path of /blah
346 // with a request path of '/blahblah/', we need to make sure that either
347 // the cookie path ends in a trailing '/', or that we prefix up to a '/'
348 // in the url path. Since we know that the url path length is greater
349 // than the cookie path length, it's safe to index one byte past.
356 }
359 // Can domain match in two ways; as a domain cookie (where the cookie
360 // domain begins with ".") or as a host cookie (where it doesn't).
362 // Some consumers of the CookieMonster expect to set cookies on
363 // URLs like http://.strange.url. To retrieve cookies in this instance,
364 // we allow matching as a host cookie even when the domain_ starts with
365 // a period.
369 // Domain cookie must have an initial ".". To match, it must be
370 // equal to url's host with initial period removed, or a suffix of
371 // it.
373 // Arguably this should only apply to "http" or "https" cookies, but
374 // extension cookie tests currently use the funtionality, and if we
375 // ever decide to implement that it should be done by preventing
376 // such cookies from being set.
380 // The host with a "." prefixed.
384 // A pure suffix of the host (ok since we know the domain already
385 // starts with a ".")
389 }
393 // Filter out HttpOnly cookies, per options.
396 // Secure cookies should not be included in requests for URLs with an
397 // insecure scheme.
400 // Don't include cookies for requests that don't apply to the cookie domain.
403 // Don't include cookies for requests with a url path that does not path
404 // match the cookie-path.
408 // Include first-party-only cookies iff |options| tells us to include all of
409 // them, or if a first-party URL is set and its origin matches the origin of
410 // |url|.
414 }
417 }
421 "name: %s value: %s domain: %s path: %s creation: %"
422 PRId64,
426 }
430 }
433 // Do the partial comparison first.
440 // Compare other fields.
461 }