net/cookies/cookie_options.h - chromium/src.git - Git at Google

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 // Brought to you by number 42.

 #ifndef NET_COOKIES_COOKIE_OPTIONS_H_
 #define NET_COOKIES_COOKIE_OPTIONS_H_

 #include "base/time/time.h"
 #include "net/base/net_export.h"
 #include "net/cookies/cookie_constants.h"
 #include "url/gurl.h"

 namespace net {

 class NET_EXPORT CookieOptions {
  public:
   // Relation between the cookie and the navigational environment.
   // Ordered from least to most trusted environment.
   // Don't renumber, used in histograms.
   enum class SameSiteCookieContext {
     CROSS_SITE = 0,
     // Same rules as lax but the http method is unsafe.
     SAME_SITE_LAX_METHOD_UNSAFE = 1,
     SAME_SITE_LAX = 2,
     SAME_SITE_STRICT = 3,

     // Keep last, used for histograms.
     COUNT
   };

   // Creates a CookieOptions object which:
   //
   // * Excludes HttpOnly cookies
   // * Excludes SameSite cookies
   // * Updates last-accessed time.
   // * Does not report excluded cookies in APIs that can do so.
   //
   // These settings can be altered by calling:
   //
   // * |set_{include,exclude}_httponly()|
   // * |set_same_site_cookie_context(
   //        CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT)|
   // * |set_do_not_update_access_time()|
   CookieOptions();

   void set_exclude_httponly() { exclude_httponly_ = true; }
   void set_include_httponly() { exclude_httponly_ = false; }
   bool exclude_httponly() const { return exclude_httponly_; }

   // How trusted is the current browser environment when it comes to accessing
   // SameSite cookies. Default is not trusted, e.g. CROSS_SITE.
   void set_same_site_cookie_context(SameSiteCookieContext context) {
     same_site_cookie_context_ = context;
   }
   SameSiteCookieContext same_site_cookie_context() const {
     return same_site_cookie_context_;
   }

   void set_update_access_time() { update_access_time_ = true; }
   void set_do_not_update_access_time() { update_access_time_ = false; }
   bool update_access_time() const { return update_access_time_; }

   void set_return_excluded_cookies() { return_excluded_cookies_ = true; }
   void unset_return_excluded_cookies() { return_excluded_cookies_ = false; }
   bool return_excluded_cookies() const { return return_excluded_cookies_; }

   // Convenience method for where you need a CookieOptions that will
   // work for getting/setting all types of cookies, including HttpOnly and
   // SameSite cookies. Also specifies not to update the access time, because
   // usually this is done to get all the cookies to check that they are correct,
   // including the creation time. This basically makes a CookieOptions that is
   // the opposite of the default CookieOptions.
   static CookieOptions MakeAllInclusive();

  private:
   bool exclude_httponly_;
   SameSiteCookieContext same_site_cookie_context_;
   bool update_access_time_;
   bool return_excluded_cookies_;
 };

 }  // namespace net

 #endif  // NET_COOKIES_COOKIE_OPTIONS_H_
	// Copyright (c) 2012 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	// Brought to you by number 42.

	#ifndef NET_COOKIES_COOKIE_OPTIONS_H_
	#define NET_COOKIES_COOKIE_OPTIONS_H_

	#include "base/time/time.h"
	#include "net/base/net_export.h"
	#include "net/cookies/cookie_constants.h"
	#include "url/gurl.h"

	namespace net {

	class NET_EXPORT CookieOptions {
	public:
	// Relation between the cookie and the navigational environment.
	// Ordered from least to most trusted environment.
	// Don't renumber, used in histograms.
	enum class SameSiteCookieContext {
	CROSS_SITE = 0,
	// Same rules as lax but the http method is unsafe.
	SAME_SITE_LAX_METHOD_UNSAFE = 1,
	SAME_SITE_LAX = 2,
	SAME_SITE_STRICT = 3,

	// Keep last, used for histograms.
	COUNT
	};

	// Creates a CookieOptions object which:
	//
	// * Excludes HttpOnly cookies
	// * Excludes SameSite cookies
	// * Updates last-accessed time.
	// * Does not report excluded cookies in APIs that can do so.
	//
	// These settings can be altered by calling:
	//
	// * \|set_{include,exclude}_httponly()\|
	// * \|set_same_site_cookie_context(
	// CookieOptions::SameSiteCookieContext::SAME_SITE_STRICT)\|
	// * \|set_do_not_update_access_time()\|
	CookieOptions();

	void set_exclude_httponly() { exclude_httponly_ = true; }
	void set_include_httponly() { exclude_httponly_ = false; }
	bool exclude_httponly() const { return exclude_httponly_; }

	// How trusted is the current browser environment when it comes to accessing
	// SameSite cookies. Default is not trusted, e.g. CROSS_SITE.
	void set_same_site_cookie_context(SameSiteCookieContext context) {
	same_site_cookie_context_ = context;
	}
	SameSiteCookieContext same_site_cookie_context() const {
	return same_site_cookie_context_;
	}

	void set_update_access_time() { update_access_time_ = true; }
	void set_do_not_update_access_time() { update_access_time_ = false; }
	bool update_access_time() const { return update_access_time_; }

	void set_return_excluded_cookies() { return_excluded_cookies_ = true; }
	void unset_return_excluded_cookies() { return_excluded_cookies_ = false; }
	bool return_excluded_cookies() const { return return_excluded_cookies_; }

	// Convenience method for where you need a CookieOptions that will
	// work for getting/setting all types of cookies, including HttpOnly and
	// SameSite cookies. Also specifies not to update the access time, because
	// usually this is done to get all the cookies to check that they are correct,
	// including the creation time. This basically makes a CookieOptions that is
	// the opposite of the default CookieOptions.
	static CookieOptions MakeAllInclusive();

	private:
	bool exclude_httponly_;
	SameSiteCookieContext same_site_cookie_context_;
	bool update_access_time_;
	bool return_excluded_cookies_;
	};

	} // namespace net

	#endif // NET_COOKIES_COOKIE_OPTIONS_H_