| blob | eae8298fc78e69eb4225739c5c220222012068f4 |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 // Portions of this code based on Mozilla:
6 // (netwerk/cookie/src/nsCookieService.cpp)
7 /* ***** BEGIN LICENSE BLOCK *****
8 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
9 *
10 * The contents of this file are subject to the Mozilla Public License Version
11 * 1.1 (the "License"); you may not use this file except in compliance with
12 * the License. You may obtain a copy of the License at
13 * http://www.mozilla.org/MPL/
14 *
15 * Software distributed under the License is distributed on an "AS IS" basis,
16 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
17 * for the specific language governing rights and limitations under the
18 * License.
19 *
20 * The Original Code is mozilla.org code.
21 *
22 * The Initial Developer of the Original Code is
23 * Netscape Communications Corporation.
24 * Portions created by the Initial Developer are Copyright (C) 2003
25 * the Initial Developer. All Rights Reserved.
26 *
27 * Contributor(s):
28 * Daniel Witte (dwitte@stanford.edu)
29 * Michiel van Leeuwen (mvl@exedo.nl)
30 *
31 * Alternatively, the contents of this file may be used under the terms of
32 * either the GNU General Public License Version 2 or later (the "GPL"), or
33 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
34 * in which case the provisions of the GPL or the LGPL are applicable instead
35 * of those above. If you wish to allow use of your version of this file only
36 * under the terms of either the GPL or the LGPL, and not to allow others to
37 * use your version of this file under the terms of the MPL, indicate your
38 * decision by deleting the provisions above and replace them with the notice
39 * and other provisions required by the GPL or the LGPL. If you do not delete
40 * the provisions above, a recipient may use your version of this file under
41 * the terms of any one of the MPL, the GPL or the LGPL.
42 *
43 * ***** END LICENSE BLOCK ***** */
65 // Determine the cookie domain to use for setting the specified cookie.
73 }
77 // The RFC says the path should be a prefix of the current URL path.
78 // However, Mozilla allows you to set any path for compatibility with
79 // broken websites. We unfortunately will mimic this behavior. We try
80 // to be generous and accept cookies with an invalid path attribute, and
81 // default the path to something reasonable.
83 // The path was supplied in the cookie, we'll take it.
87 // The path was not supplied in the cookie or invalid, we will default
88 // to the current URL path.
89 // """Defaults to the path of the request URL that generated the
90 // Set-Cookie response, up to, but not including, the
91 // right-most /."""
92 // How would this work for a cookie on /? We will include it then.
97 // The cookie path was invalid or a single '/'.
101 // Return up to the rightmost '/'.
103 }
105 // Compares cookies using name, domain and path, so that "equivalent" cookies
106 // (per RFC 2965) are equal to each other.
117 }
124 }
137 CookiePriority priority)
150 }
166 // Do the best we can with the domain.
171 }
172 bool result
175 // Caller is responsible for passing in good arguments.
178 }
181 }
193 }
195 // static
202 }
204 // static
208 // First, try the Max-Age attribute.
211 #ifdef COMPILER_MSVC
213 #else
215 #endif
218 }
220 // Try the Expires attribute.
222 // Adjust for clock skew between server and host.
226 }
228 // Invalid or no expiration, persistent cookie.
230 }
232 // static
242 }
247 }
252 }
260 creation_time,
261 server_time);
268 }
280 CookiePriority priority) {
281 // Expect valid attribute tokens and values, as defined by the ParsedCookie
282 // logic, otherwise don't create the cookie.
297 }
304 // Expect that the path was either not specified (empty), or is valid.
307 // Canonicalize path again to make sure it escapes characters as needed.
319 }
323 // A zero length would be unsafe for our trailing '/' checks, and
324 // would also make no sense for our prefix match. The code that
325 // creates a CanonicalCookie should make sure the path is never zero length,
326 // but we double check anyway.
330 // The Mozilla code broke this into three cases, based on if the cookie path
331 // was longer, the same length, or shorter than the length of the url path.
332 // I think the approach below is simpler.
334 // Make sure the cookie path is a prefix of the url path. If the
335 // url path is shorter than the cookie path, then the cookie path
336 // can't be a prefix.
340 // Now we know that url_path is >= cookie_path, and that cookie_path
341 // is a prefix of url_path. If they are the are the same length then
342 // they are identical, otherwise we need an additional check:
344 // In order to avoid in correctly matching a cookie path of /blah
345 // with a request path of '/blahblah/', we need to make sure that either
346 // the cookie path ends in a trailing '/', or that we prefix up to a '/'
347 // in the url path. Since we know that the url path length is greater
348 // than the cookie path length, it's safe to index one byte past.
355 }
358 // Can domain match in two ways; as a domain cookie (where the cookie
359 // domain begins with ".") or as a host cookie (where it doesn't).
361 // Some consumers of the CookieMonster expect to set cookies on
362 // URLs like http://.strange.url. To retrieve cookies in this instance,
363 // we allow matching as a host cookie even when the domain_ starts with
364 // a period.
368 // Domain cookie must have an initial ".". To match, it must be
369 // equal to url's host with initial period removed, or a suffix of
370 // it.
372 // Arguably this should only apply to "http" or "https" cookies, but
373 // extension cookie tests currently use the funtionality, and if we
374 // ever decide to implement that it should be done by preventing
375 // such cookies from being set.
379 // The host with a "." prefixed.
383 // A pure suffix of the host (ok since we know the domain already
384 // starts with a ".")
388 }
392 // Filter out HttpOnly cookies, per options.
395 // Secure cookies should not be included in requests for URLs with an
396 // insecure scheme.
399 // Don't include cookies for requests that don't apply to the cookie domain.
402 // Don't include cookies for requests with a url path that does not path
403 // match the cookie-path.
407 // Include first-party-only cookies iff |options| tells us to include all of
408 // them, or if a first-party URL is set and its origin matches the origin of
409 // |url|.
413 }
416 }
420 "name: %s value: %s domain: %s path: %s creation: %"
421 PRId64,
425 }
429 }
432 // Do the partial comparison first.
439 // Compare other fields.
460 }