Add ephemeral storage support for network cookies

mrobinson · mrobinson · commit 2695cfae6b9a · 2020-12-11T11:08:28.000+01:00
diff --git a/browser/ephemeral_storage/ephemeral_storage_browsertest.cc b/browser/ephemeral_storage/ephemeral_storage_browsertest.cc
@@ -18,6 +18,7 @@
 #include "components/prefs/pref_service.h"
 #include "content/public/browser/notification_types.h"
 #include "content/public/browser/render_frame_host.h"
+#include "content/public/browser/storage_partition.h"
 #include "content/public/browser/web_contents.h"
 #include "content/public/test/browser_test.h"
 #include "content/public/test/test_navigation_observer.h"
@@ -449,3 +450,56 @@ IN_PROC_BROWSER_TEST_F(EphemeralStorageBrowserTest,
   EXPECT_EQ("", private_values.iframe_1.cookies);
   EXPECT_EQ("", private_values.iframe_2.cookies);
 }
+
+IN_PROC_BROWSER_TEST_F(EphemeralStorageBrowserTest,
+                       NavigationCookiesArePartitioned) {
+  AllowAllCookies();
+
+  GURL a_site_set_cookie_url = https_server_.GetURL(
+      "a.com", "/set-cookie?name=acom;path=/;SameSite=None;Secure");
+  GURL b_site_set_cookie_url = https_server_.GetURL(
+      "b.com", "/set-cookie?name=bcom;path=/;SameSite=None;Secure");
+
+  ui_test_utils::NavigateToURL(browser(), a_site_set_cookie_url);
+  ui_test_utils::NavigateToURL(browser(), b_site_set_cookie_url);
+  ui_test_utils::NavigateToURL(browser(), a_site_ephemeral_storage_url_);
+
+  std::string a_cookie =
+      content::GetCookies(browser()->profile(), GURL("https://a.com/"));
+  std::string b_cookie =
+      content::GetCookies(browser()->profile(), GURL("https://b.com/"));
+  EXPECT_EQ("name=acom", a_cookie);
+  EXPECT_EQ("name=bcom", b_cookie);
+
+  // The third-party iframe should not have the b.com cookie that was set on the
+  // main frame.
+  auto* web_contents = browser()->tab_strip_model()->GetActiveWebContents();
+  RenderFrameHost* main_frame = web_contents->GetMainFrame();
+  RenderFrameHost* iframe_a = content::ChildFrameAt(main_frame, 0);
+  RenderFrameHost* iframe_b = content::ChildFrameAt(main_frame, 0);
+  ASSERT_EQ("", GetCookiesInFrame(iframe_a));
+  ASSERT_EQ("", GetCookiesInFrame(iframe_b));
+
+  // Setting the cookie directly on the third-party iframe should only set the
+  // cookie in the ephemeral storage area for that frame.
+  GURL b_site_set_ephemeral_cookie_url = https_server_.GetURL(
+      "b.com", "/set-cookie?name=bcom_ephemeral;path=/;SameSite=None;Secure");
+  NavigateIframeToURL(web_contents, "third_party_iframe_a",
+                      b_site_set_ephemeral_cookie_url);
+  ASSERT_EQ("name=bcom_ephemeral", GetCookiesInFrame(iframe_a));
+  ASSERT_EQ("name=bcom_ephemeral", GetCookiesInFrame(iframe_b));
+
+  // The cookie set in the ephemeral area should not visible in the main
+  // cookie storage.
+  b_cookie = content::GetCookies(browser()->profile(), GURL("https://b.com/"));
+  EXPECT_EQ("name=bcom", b_cookie);
+
+  // Navigating to a new TLD should clear all ephemeral cookies.
+  ui_test_utils::NavigateToURL(browser(), b_site_ephemeral_storage_url_);
+  ui_test_utils::NavigateToURL(browser(), a_site_ephemeral_storage_url_);
+
+  ValuesFromFrames values_after = GetValuesFromFrames(web_contents);
+  EXPECT_EQ("name=acom", values_after.main_frame.cookies);
+  EXPECT_EQ("", values_after.iframe_1.cookies);
+  EXPECT_EQ("", values_after.iframe_2.cookies);
+}
diff --git a/chromium_src/net/url_request/url_request_http_job.cc b/chromium_src/net/url_request/url_request_http_job.cc
@@ -0,0 +1,53 @@
+/* Copyright (c) 2020 The Brave Authors. All rights reserved.
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "net/url_request/url_request_http_job.h"
+
+#include "net/base/features.h"
+#include "net/cookies/cookie_monster.h"
+
+namespace {
+
+bool ShouldUseEphemeralStorage(net::URLRequestHttpJob* http_job) {
+  if (!base::FeatureList::IsEnabled(net::features::kBraveEphemeralStorage))
+    return false;
+
+  const net::IsolationInfo& isolation_info =
+      http_job->request()->isolation_info();
+  if (!isolation_info.top_frame_origin().has_value() ||
+      !isolation_info.frame_origin().has_value())
+    return false;
+  if (*isolation_info.top_frame_origin() == *isolation_info.frame_origin())
+    return false;
+
+  return true;
+}
+
+}  // namespace
+
+#define BRAVE_ADDCOOKIEHEADERANDSTART                                          \
+  if (ShouldUseEphemeralStorage(this)) {                                       \
+    DCHECK(request()->isolation_info().top_frame_origin().has_value());        \
+    static_cast<CookieMonster*>(cookie_store)                                  \
+        ->GetEphemeralCookieListWithOptionsAsync(                              \
+            request_->url(),                                                   \
+            request()->isolation_info().top_frame_origin()->GetURL(), options, \
+            base::BindOnce(&URLRequestHttpJob::SetCookieHeaderAndStart,        \
+                           weak_factory_.GetWeakPtr(), options));              \
+  } else  // NOLINT
+
+#define BRAVE_SAVECOOKIESANDNOTIFYHEADERSCOMPLETE                              \
+  if (ShouldUseEphemeralStorage(this)) {                                       \
+    DCHECK(request()->isolation_info().top_frame_origin().has_value());        \
+    static_cast<CookieMonster*>(request_->context()->cookie_store())           \
+        ->SetEphemeralCanonicalCookieAsync(                                    \
+            std::move(cookie), request_->url(),                                \
+            request()->isolation_info().top_frame_origin()->GetURL(), options, \
+            base::BindOnce(&URLRequestHttpJob::OnSetCookieResult,              \
+                           weak_factory_.GetWeakPtr(), options,                \
+                           cookie_to_return, cookie_string));                  \
+  } else  // NOLINT
+
+#include "../../../../../net/url_request/url_request_http_job.cc"
diff --git a/patches/net-url_request-url_request_http_job.cc.patch b/patches/net-url_request-url_request_http_job.cc.patch
@@ -0,0 +1,20 @@
+diff --git a/net/url_request/url_request_http_job.cc b/net/url_request/url_request_http_job.cc
+index f5e754f4ea0288a685a6932b00f692e3c6638621..d7da91c3607d205fd19cae3be369d4e58989f8bb 100644
+--- a/net/url_request/url_request_http_job.cc
++++ b/net/url_request/url_request_http_job.cc
+@@ -583,6 +583,7 @@ void URLRequestHttpJob::AddCookieHeaderAndStart() {
+         net::cookie_util::ComputeSameSiteContextForRequest(
+             request_->method(), request_->url(), request_->site_for_cookies(),
+             request_->initiator(), force_ignore_site_for_cookies));
++    BRAVE_ADDCOOKIEHEADERANDSTART
+     cookie_store->GetCookieListWithOptionsAsync(
+         request_->url(), options,
+         base::BindOnce(&URLRequestHttpJob::SetCookieHeaderAndStart,
+@@ -770,6 +771,7 @@ void URLRequestHttpJob::SaveCookiesAndNotifyHeadersComplete(int result) {
+       continue;
+     }
+ 
++    BRAVE_SAVECOOKIESANDNOTIFYHEADERSCOMPLETE
+     request_->context()->cookie_store()->SetCanonicalCookieAsync(
+         std::move(cookie), request_->url(), options,
+         base::BindOnce(&URLRequestHttpJob::OnSetCookieResult,
