Google Git
Sign in
chromium / chromium / src / 4b08cb466a7b850cea829b8577b938425ced12de
commit4b08cb466a7b850cea829b8577b938425ced12de[log] [tgz]
authorsbingler <bingler@chromium.org>Mon May 22 19:03:01 2023
committerChromium LUCI CQ <chromium-scoped@luci-project-accounts.iam.gserviceaccount.com>Mon May 22 19:03:01 2023
treeecc0609d43567a2d45b1f4bf777c6619bcb5f3d6
parentd8149480c0ac1aa73a1c90867dd1a4b8dd5be859 [diff]
[OBC] Warn when secure cookies are allowed access via trustworthy urls

Apply warnings to cookies with a secure source scheme that are being
accessed by a trustworthy, but non-cryptographically secure, url.

This Cl also adds a new warning to cookies which are being created by
a non-cryptographically secure url and specify the `Secure` attribute.
Since trustworthy urls are allowed to set `Secure` cookies we also,
tentatively, set the cookie's source scheme and port to indicate a
secure cookie. This will help prevent confusion about why a given cookie
has a secure source scheme.
If these cookies aren't allowed to be set (because the url actually
isn't trustworthy) then they'll get excluded by the CookieStore/CookieMonster.

Bug: 1170548
Change-Id: I96da8ee34fb9bf2477cb08bcb9fcd51d7b9d4250
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4545013
Reviewed-by: Maks Orlovich <morlovich@chromium.org>
Reviewed-by: Dustin Mitchell <djmitche@chromium.org>
Commit-Queue: Steven Bingler <bingler@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1147384}
6 files changed
tree: ecc0609d43567a2d45b1f4bf777c6619bcb5f3d6
  1. android_webview/
  2. apps/
  3. ash/
  4. base/
  5. build/
  6. build_overrides/
  7. buildtools/
  8. cc/
  9. chrome/
  10. chromecast/
  11. chromeos/
  12. codelabs/
  13. components/
  14. content/
  15. courgette/
  16. crypto/
  17. dbus/
  18. device/
  19. docs/
  20. extensions/
  21. fuchsia_web/
  22. gin/
  23. google_apis/
  24. google_update/
  25. gpu/
  26. headless/
  27. infra/
  28. ios/
  29. ipc/
  30. media/
  31. mojo/
  32. native_client_sdk/
  33. net/
  34. pdf/
  35. ppapi/
  36. printing/
  37. remoting/
  38. rlz/
  39. sandbox/
  40. services/
  41. skia/
  42. sql/
  43. storage/
  44. styleguide/
  45. testing/
  46. third_party/
  47. tools/
  48. ui/
  49. url/
  50. weblayer/
  51. .clang-format
  52. .clang-tidy
  53. .eslintrc.js
  54. .git-blame-ignore-revs
  55. .gitattributes
  56. .gitignore
  57. .gn
  58. .mailmap
  59. .rustfmt.toml
  60. .vpython3
  61. .yapfignore
  62. ATL_OWNERS
  63. AUTHORS
  64. BUILD.gn
  65. CODE_OF_CONDUCT.md
  66. codereview.settings
  67. DEPS
  68. DIR_METADATA
  69. LICENSE
  70. LICENSE.chromium_os
  71. OWNERS
  72. PRESUBMIT.py
  73. PRESUBMIT_test.py
  74. PRESUBMIT_test_mocks.py
  75. README.md
  76. WATCHLISTS
README.md

Logo Chromium

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.

The project's web site is https://www.chromium.org.

To check out the source code locally, don't use git clone! Instead, follow the instructions on how to get the code.

Documentation in the source is rooted in docs/README.md.

Learn how to Get Around the Chromium Source Code Directory Structure .

For historical reasons, there are some small top level directories. Now the guidance is that new top level directories are for product (e.g. Chrome, Android WebView, Ash). Even if these products have multiple executables, the code should be in subdirectories of the product.

If you found a bug, please file it at https://crbug.com/new.