[SAA] Add use counter for cross-origin, same-site SAA usage
By "cross-origin, same-site", I mean that the iframe that called
`document.requestStorageAccess()` and then sent a network fetch, is
cross-origin but same-site to the origin that it's sending the network
fetch to. This is an interesting case because there ought to be a
security boundary between those origins, but there's no privacy boundary
since they're the same site.
This will give more actionable breakage metrics (including UKM) which
will be useful to decide whether we can ship this feature
(http://chromestatus/5169937372676096).
Bug: 379030052
Change-Id: If2938c3ac64e6abefcda3b0e7c3e3a0f371e4bfc
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6397807
Reviewed-by: Maks Orlovich <[email protected]>
Reviewed-by: Ken Buchanan <[email protected]>
Reviewed-by: Alex Moshchuk <[email protected]>
Auto-Submit: Chris Fredrickson <[email protected]>
Reviewed-by: Theresa Sullivan <[email protected]>
Reviewed-by: Robert Kaplow <[email protected]>
Commit-Queue: Robert Kaplow <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1439029}
diff --git a/content/browser/renderer_host/cookie_utils.cc b/content/browser/renderer_host/cookie_utils.cc
index b389dfb..13e0fce7 100644
--- a/content/browser/renderer_host/cookie_utils.cc
+++ b/content/browser/renderer_host/cookie_utils.cc
@@ -22,9 +22,12 @@
#include "content/public/browser/legacy_tech_cookie_issue_details.h"
#include "content/public/common/content_client.h"
#include "content/public/common/content_features.h"
+#include "net/cookies/cookie_constants.h"
#include "net/cookies/cookie_inclusion_status.h"
+#include "net/cookies/cookie_setting_override.h"
#include "services/metrics/public/cpp/metrics_utils.h"
#include "services/metrics/public/cpp/ukm_builders.h"
+#include "third_party/blink/public/mojom/use_counter/metrics/web_feature.mojom-shared.h"
#include "url/gurl.h"
namespace content {
@@ -274,6 +277,21 @@
net::CookieInclusionStatus::ExemptionReason::k3PCDHeuristics;
}
+bool IsCrossOriginSameSiteNetworkAccessWithStorageAccessEligible(
+ const network::mojom::CookieAccessDetailsPtr& cookie_details) {
+ if (!cookie_details->frame_origin ||
+ !cookie_details->cookie_setting_overrides.Has(
+ net::CookieSettingOverride::kStorageAccessGrantEligible)) {
+ // `frame_origin` is unset for script accesses, and network accesses whose
+ // IsolationInfo's `frame_origin` was nullptr.
+ return false;
+ }
+ const url::Origin origin = url::Origin::Create(cookie_details->url);
+ return !origin.IsSameOriginWith(cookie_details->frame_origin.value()) &&
+ net::SchemefulSite::IsSameSite(origin,
+ cookie_details->frame_origin.value());
+}
+
} // namespace
void SplitCookiesIntoAllowedAndBlocked(
@@ -375,6 +393,11 @@
int cookies_exempted_by_top_level_storage_access = 0;
+ const bool cross_origin_same_site_with_storage_access_eligible =
+ IsCrossOriginSameSiteNetworkAccessWithStorageAccessEligible(
+ cookie_details);
+ bool cross_origin_same_site_cookie_via_storage_access_api = false;
+
for (const network::mojom::CookieOrLineWithAccessResultPtr& cookie :
cookie_details->cookie_list) {
const net::CookieInclusionStatus& status = cookie->access_result.status;
@@ -499,6 +522,12 @@
cookie_has_not_been_refreshed_in_351_to_400_days |=
days_since_refresh > 350 && days_since_refresh <= 400;
}
+
+ cross_origin_same_site_cookie_via_storage_access_api |=
+ cross_origin_same_site_with_storage_access_eligible &&
+ cookie->access_result.status.IsInclude() &&
+ cookie->access_result.status.exemption_reason() ==
+ net::CookieInclusionStatus::ExemptionReason::kStorageAccess;
}
if (samesite_treated_as_lax_cookies) {
@@ -560,6 +589,12 @@
rfh->GetPageUkmSourceId(),
cookies_exempted_by_top_level_storage_access);
}
+
+ if (cross_origin_same_site_cookie_via_storage_access_api) {
+ GetContentClient()->browser()->LogWebFeatureForCurrentPage(
+ rfh, blink::mojom::WebFeature::
+ kCrossOriginSameSiteCookieAccessViaStorageAccessAPI);
+ }
}
} // namespace content
