Fix same-site calculation for saving cookies from intercepted responses
This fixes an issue where authentication cookies from SAML responses were not being saved.
This commit is contained in:
parent
6d98d2c6ed
commit
a7e50dfe7f
|
@ -39,7 +39,8 @@ network::mojom::CookieManager* GetCookieManager(
|
||||||
->GetCookieManagerForBrowserProcess();
|
->GetCookieManagerForBrowserProcess();
|
||||||
}
|
}
|
||||||
|
|
||||||
net::CookieOptions GetCookieOptions(const network::ResourceRequest& request) {
|
net::CookieOptions GetCookieOptions(const network::ResourceRequest& request,
|
||||||
|
bool for_loading_cookies) {
|
||||||
// Match the logic from InterceptionJob::FetchCookies and
|
// Match the logic from InterceptionJob::FetchCookies and
|
||||||
// ChromeContentBrowserClient::ShouldIgnoreSameSiteCookieRestrictionsWhenTopLevel.
|
// ChromeContentBrowserClient::ShouldIgnoreSameSiteCookieRestrictionsWhenTopLevel.
|
||||||
bool should_treat_as_first_party =
|
bool should_treat_as_first_party =
|
||||||
|
@ -50,14 +51,33 @@ net::CookieOptions GetCookieOptions(const network::ResourceRequest& request) {
|
||||||
request.trusted_params->isolation_info.request_type() ==
|
request.trusted_params->isolation_info.request_type() ==
|
||||||
net::IsolationInfo::RequestType::kMainFrame;
|
net::IsolationInfo::RequestType::kMainFrame;
|
||||||
|
|
||||||
// Match the logic from URLRequestHttpJob::AddCookieHeaderAndStart.
|
// Match the logic from URLRequest::SetURLChain.
|
||||||
|
std::vector<GURL> url_chain{request.url};
|
||||||
|
if (request.navigation_redirect_chain.size() >= 2) {
|
||||||
|
// Keep |request.url| as the final entry in the chain.
|
||||||
|
url_chain.insert(url_chain.begin(),
|
||||||
|
request.navigation_redirect_chain.begin(),
|
||||||
|
request.navigation_redirect_chain.begin() +
|
||||||
|
request.navigation_redirect_chain.size() - 1);
|
||||||
|
}
|
||||||
|
|
||||||
net::CookieOptions options;
|
net::CookieOptions options;
|
||||||
options.set_include_httponly();
|
options.set_include_httponly();
|
||||||
options.set_same_site_cookie_context(
|
if (for_loading_cookies) {
|
||||||
net::cookie_util::ComputeSameSiteContextForRequest(
|
// Match the logic from URLRequestHttpJob::AddCookieHeaderAndStart.
|
||||||
request.method, {request.url}, request.site_for_cookies,
|
options.set_same_site_cookie_context(
|
||||||
request.request_initiator, is_main_frame_navigation,
|
net::cookie_util::ComputeSameSiteContextForRequest(
|
||||||
should_treat_as_first_party));
|
request.method, url_chain, request.site_for_cookies,
|
||||||
|
request.request_initiator, is_main_frame_navigation,
|
||||||
|
should_treat_as_first_party));
|
||||||
|
} else {
|
||||||
|
// Match the logic from
|
||||||
|
// URLRequestHttpJob::SaveCookiesAndNotifyHeadersComplete.
|
||||||
|
options.set_same_site_cookie_context(
|
||||||
|
net::cookie_util::ComputeSameSiteContextForResponse(
|
||||||
|
url_chain, request.site_for_cookies, request.request_initiator,
|
||||||
|
is_main_frame_navigation, should_treat_as_first_party));
|
||||||
|
}
|
||||||
|
|
||||||
return options;
|
return options;
|
||||||
}
|
}
|
||||||
|
@ -227,10 +247,11 @@ void LoadCookies(const CefBrowserContext::Getter& browser_context_getter,
|
||||||
}
|
}
|
||||||
|
|
||||||
CEF_POST_TASK(
|
CEF_POST_TASK(
|
||||||
CEF_UIT, base::BindOnce(LoadCookiesOnUIThread, browser_context_getter,
|
CEF_UIT,
|
||||||
request.url, GetCookieOptions(request),
|
base::BindOnce(LoadCookiesOnUIThread, browser_context_getter, request.url,
|
||||||
net::CookiePartitionKeyCollection(),
|
GetCookieOptions(request, /*for_loading_cookies=*/true),
|
||||||
allow_cookie_callback, std::move(done_callback)));
|
net::CookiePartitionKeyCollection(), allow_cookie_callback,
|
||||||
|
std::move(done_callback)));
|
||||||
}
|
}
|
||||||
|
|
||||||
void SaveCookies(const CefBrowserContext::Getter& browser_context_getter,
|
void SaveCookies(const CefBrowserContext::Getter& browser_context_getter,
|
||||||
|
@ -281,9 +302,10 @@ void SaveCookies(const CefBrowserContext::Getter& browser_context_getter,
|
||||||
if (!allowed_cookies.empty()) {
|
if (!allowed_cookies.empty()) {
|
||||||
CEF_POST_TASK(
|
CEF_POST_TASK(
|
||||||
CEF_UIT,
|
CEF_UIT,
|
||||||
base::BindOnce(SaveCookiesOnUIThread, browser_context_getter,
|
base::BindOnce(
|
||||||
request.url, GetCookieOptions(request), total_count,
|
SaveCookiesOnUIThread, browser_context_getter, request.url,
|
||||||
std::move(allowed_cookies), std::move(done_callback)));
|
GetCookieOptions(request, /*for_loading_cookies=*/false),
|
||||||
|
total_count, std::move(allowed_cookies), std::move(done_callback)));
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
std::move(done_callback).Run(total_count, std::move(allowed_cookies));
|
std::move(done_callback).Run(total_count, std::move(allowed_cookies));
|
||||||
|
|
Loading…
Reference in New Issue