| // Copyright 2017 The Chromium Authors |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| module network.mojom; |
| |
| import "services/network/public/mojom/cookie_manager.mojom"; |
| import "mojo/public/mojom/base/shared_memory.mojom"; |
| import "services/network/public/mojom/site_for_cookies.mojom"; |
| import "url/mojom/url.mojom"; |
| import "url/mojom/origin.mojom"; |
| |
| const uint64 kInvalidCookieVersion = 0; |
| const uint64 kInitialCookieVersion = 1; |
| |
| enum CookieMatchType { |
| EQUALS, |
| STARTS_WITH, |
| }; |
| |
| struct CookieManagerGetOptions { |
| string name; |
| CookieMatchType match_type; |
| }; |
| |
| // Affects whether http-only cookies are accessible, and the rules used for |
| // SameSite cookie computations. |
| enum RestrictedCookieManagerRole { |
| // Used for script access to cookies. Will not be able to get to HttpOnly |
| // cookies, and will apply SameSite cookies access rules appropriate for |
| // script cookie access. OK to give to the renderer. |
| SCRIPT, |
| |
| // Access to cookies appropriate for network requests --- meant for cases |
| // where, for some reason, a fetch needs to be performed by some external |
| // library. Will get HttpOnly cookies, and compute SameSite accessibility |
| // appropriate for subresource loading (but NOT for navigations). |
| // |
| // Should only be used within the browser. |
| NETWORK |
| }; |
| |
| // Capability to access the cookie store on behalf of a single origin. |
| // |
| // Instances of this interface are restricted to a single origin, and will |
| // fail operations on cookies that aren't visible within that origin. Untrusted |
| // processes, like renderer processes, should only receive |
| // RestrictedCookieManager instances for the origins that they are allowed to |
| // represent. |
| // |
| // Implementations of this interface must assume all inputs are untrusted, and |
| // must ensure that a potentially compromised caller process is not able to |
| // access more than the cookies visible to the RestrictedCookieManager's origin. |
| // |
| // TODO(pwnall): Make this a strict subset of CookieManager. At the moment (Q2 |
| // 2018) the interface is diverged from CookieManager to allow its primary user |
| // (the Web Platform's Async Cookies API) to iterate quickly. |
| interface RestrictedCookieManager { |
| // Returns some of the cookies that would be sent in a request to |url|. |
| // |
| // |url| is an URL capable of receiving HTTP requests. |site_for_cookies| is |
| // the "site for cookies" values defined in RFC 6265bis, and roughly maps to |
| // the URL of the top-level frame in Document contexts, and to the script URL |
| // in service workers. |top_frame_origin| is the actual origin of the top |
| // level frame or the script url for service workers. |site_for_cookies| is |
| // used to determine if a cookie is accessed in a third-party context. |
| // |top_frame_origin| is used to check for content settings. |is_ad_tagged| |
| // indicates whether this cookie access is being used for advertising. |
| // |has_storage_access| is used to opt-in to using Storage Access API |
| // permission grants. (Note: it does *not* grant access on its own, but rather |
| // allows an existing permission grant to be used, if one exists.) |
| // |options| filters the returned list of cookies. The returned cookies |
| // include CookieAccessResult information of the cookie. |
| // Any information contained in the CookieInclusionStatus::WarningReasons |
| // as part of CookieAccessResult in the included cookies may be passed to an |
| // untrusted renderer. |
| GetAllForUrl( |
| url.mojom.Url url, SiteForCookies site_for_cookies, |
| url.mojom.Origin top_frame_origin, |
| bool has_storage_access, |
| CookieManagerGetOptions options, |
| bool is_ad_tagged, |
| // Proxied restricted cookie managers need a way to signal to the |
| // restricted cookie manager that we need to filter out 3PCs. |
| // This is because we know of at least one case where this can |
| // be configured _per_ aw contents and the standard way of |
| // configuring this per cookie settings (from each browser |
| // context), is not sufficient. |
| bool force_disable_third_party_cookies) => ( |
| array<CookieWithAccessResult> cookies); |
| |
| // Sets a canonical cookie. |status| must be an inclusion status as defined |
| // by the C++ net::CookieInclusionStatus::IsInclude() method. It is expected |
| // that exclusion reasons have been taken care of on the renderer side. |
| SetCanonicalCookie(CanonicalCookie cookie, |
| url.mojom.Url url, |
| SiteForCookies site_for_cookies, |
| url.mojom.Origin top_frame_origin, |
| bool has_storage_access, |
| CookieInclusionStatus status) => (bool success); |
| |
| // Subscribes to changes in the cookies transmitted in a request to an URL. |
| // |
| // The subscription is canceled by closing the pipe. |
| AddChangeListener(url.mojom.Url url, SiteForCookies site_for_cookies, |
| url.mojom.Origin top_frame_origin, |
| bool has_storage_access, |
| pending_remote<CookieChangeListener> listener) => (); |
| |
| // Sets a cookie. If setting of this cookie is not permitted either by web |
| // platform rules, or user preferences, the attempt will be silently ignored. |
| // This does not extend to passing in a |url| that does not match the origin |
| // RestrictedCookieManager is bound to --- that will be treated as the |
| // renderer violating security rules. |
| // |
| // The implementation may block, e.g. while cookies are still being loaded, or |
| // to serialize with other operations. |
| [Sync] |
| SetCookieFromString(url.mojom.Url url, SiteForCookies site_for_cookies, |
| url.mojom.Origin top_frame_origin, |
| bool has_storage_access, |
| string cookie) => (); |
| |
| // Used to get cookies for the given URL. Cookies that are blocked by user |
| // preferences will be skipped, down to potentially returning an empty string. |
| // The implementation may block, e.g. while cookies are still being loaded, or |
| // to serialize with other operations. |
| // |
| // Passing in |url| that does not match the origin RestrictedCookieManager |
| // is bounded to will be treated as the renderer violating security rules. |
| // |
| // This function also sets up shared memory communication with the requester |
| // when get_version_shared_memory is true. This allows the requester to get |
| // versioning information without suffering the overhead of a full IPC. |
| // |
| // |version_buffer| is a handle to a shared memory region that only |
| // contains a single 64 bit atomic integer used as a cookie version number. |
| // The number is read from renderers and incremented monotonically from the |
| // network process when cookie state changes. It can be null if |
| // |get_version_shared_memory| was false or if initialization of the region |
| // failed. |version| contains the cookie version at the time of returning the |
| // string. |
| [Sync] |
| GetCookiesString(url.mojom.Url url, |
| SiteForCookies site_for_cookies, |
| url.mojom.Origin top_frame_origin, |
| bool has_storage_access, bool get_version_shared_memory, |
| bool is_ad_tagged, |
| // Proxied restricted cookie managers need a way to signal to |
| // the restricted cookie manager that we need to filter out |
| // 3PCs. |
| // This is because we know of at least one case where this |
| // can be configured _per_ aw contents and the standard way |
| // of configuring this per cookie settings (from each |
| // browser context), is not sufficient. |
| bool force_disable_third_party_cookies) => ( |
| uint64 version, |
| mojo_base.mojom.ReadOnlySharedMemoryRegion? version_buffer, |
| string cookies); |
| |
| // Used to check if cookies are enabled for the given URL in context of a |
| // given site. |
| // |
| // Passing in |url| that does not match the origin RestrictedCookieManager |
| // is bounded to will be treated as the renderer violating security rules. |
| [Sync] |
| CookiesEnabledFor( |
| url.mojom.Url url, |
| SiteForCookies site_for_cookies, |
| url.mojom.Origin top_frame_origin, |
| bool has_storage_access) => (bool cookies_enabled); |
| }; |