Avi Drissman | 4e1b7bc3 | 2022-09-15 14:03:50 | [diff] [blame] | 1 | // Copyright 2020 The Chromium Authors |
Alexander Timin | 1cc31f4 | 2020-05-12 16:26:01 | [diff] [blame] | 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
danakj | c492bf8 | 2020-09-09 20:02:44 | [diff] [blame] | 5 | #include "content/browser/renderer_host/cookie_utils.h" |
Alexander Timin | 1cc31f4 | 2020-05-12 16:26:01 | [diff] [blame] | 6 | |
Peter Kasting | 1557e5f | 2025-01-28 01:14:08 | [diff] [blame] | 7 | #include <algorithm> |
Sandor Major | 7c3e612f | 2023-12-01 20:48:08 | [diff] [blame] | 8 | #include <cstddef> |
| 9 | #include <ostream> |
| 10 | #include <string> |
| 11 | |
| 12 | #include "base/feature_list.h" |
| 13 | #include "base/logging.h" |
sbingler | 8e26e21 | 2023-09-27 23:23:27 | [diff] [blame] | 14 | #include "base/strings/string_util.h" |
Shuran Huang | 7a6757c2 | 2024-04-17 15:17:39 | [diff] [blame] | 15 | #include "base/unguessable_token.h" |
Alexander Timin | 1cc31f4 | 2020-05-12 16:26:01 | [diff] [blame] | 16 | #include "content/browser/devtools/devtools_instrumentation.h" |
Sandor Major | 7c3e612f | 2023-12-01 20:48:08 | [diff] [blame] | 17 | #include "content/browser/navigation_or_document_handle.h" |
| 18 | #include "content/browser/renderer_host/navigation_request.h" |
danakj | c492bf8 | 2020-09-09 20:02:44 | [diff] [blame] | 19 | #include "content/browser/renderer_host/render_frame_host_impl.h" |
Alexander Timin | 1cc31f4 | 2020-05-12 16:26:01 | [diff] [blame] | 20 | #include "content/public/browser/browser_context.h" |
| 21 | #include "content/public/browser/cookie_access_details.h" |
Sandor Major | 7c3e612f | 2023-12-01 20:48:08 | [diff] [blame] | 22 | #include "content/public/browser/legacy_tech_cookie_issue_details.h" |
Alexander Timin | 1cc31f4 | 2020-05-12 16:26:01 | [diff] [blame] | 23 | #include "content/public/common/content_client.h" |
Sandor Major | 7c3e612f | 2023-12-01 20:48:08 | [diff] [blame] | 24 | #include "content/public/common/content_features.h" |
Jihwan Marc Kim | 3e132f1 | 2020-05-20 17:33:19 | [diff] [blame] | 25 | #include "net/cookies/cookie_inclusion_status.h" |
sbingler | 870b63f | 2023-04-25 16:47:58 | [diff] [blame] | 26 | #include "services/metrics/public/cpp/metrics_utils.h" |
Alexander Timin | 1cc31f4 | 2020-05-12 16:26:01 | [diff] [blame] | 27 | #include "services/metrics/public/cpp/ukm_builders.h" |
Sandor Major | 7c3e612f | 2023-12-01 20:48:08 | [diff] [blame] | 28 | #include "url/gurl.h" |
Alexander Timin | 1cc31f4 | 2020-05-12 16:26:01 | [diff] [blame] | 29 | |
| 30 | namespace content { |
| 31 | |
| 32 | namespace { |
| 33 | |
sbingler | 8e26e21 | 2023-09-27 23:23:27 | [diff] [blame] | 34 | void PotentiallyRecordNonAsciiCookieNameValue( |
| 35 | RenderFrameHost* rfh, |
| 36 | CookieAccessDetails::Type access_type, |
| 37 | const std::string& name, |
| 38 | const std::string& value) { |
| 39 | CHECK(rfh); |
| 40 | |
| 41 | if (access_type != CookieAccessDetails::Type::kChange) { |
| 42 | return; |
| 43 | } |
| 44 | |
| 45 | // Our data collection policy disallows collecting UKMs while prerendering. |
| 46 | // See //content/browser/preloading/prerender/README.md and ask the team to |
| 47 | // explore options to record data for prerendering pages if we need to |
| 48 | // support the case. |
| 49 | if (rfh->IsInLifecycleState(RenderFrameHost::LifecycleState::kPrerendering)) { |
| 50 | return; |
| 51 | } |
| 52 | |
| 53 | bool name_has_non_ascii = !base::IsStringASCII(name); |
| 54 | bool value_has_non_ascii = !base::IsStringASCII(value); |
| 55 | |
| 56 | if (name_has_non_ascii || value_has_non_ascii) { |
| 57 | ukm::SourceId source_id = rfh->GetPageUkmSourceId(); |
| 58 | |
| 59 | auto event = ukm::builders::CookieHasNonAsciiCharacter(source_id); |
| 60 | |
| 61 | // The event itself is what we're interested in, the value of "true" here |
| 62 | // can be ignored. |
| 63 | if (name_has_non_ascii) { |
| 64 | event.SetName(true); |
| 65 | } |
| 66 | |
| 67 | if (value_has_non_ascii) { |
| 68 | event.SetValue(true); |
| 69 | } |
| 70 | |
| 71 | event.Record(ukm::UkmRecorder::Get()); |
| 72 | } |
| 73 | } |
| 74 | |
amarjotgill | d43eb5d1 | 2024-11-11 17:53:36 | [diff] [blame] | 75 | void PotentiallyRecordCookieOriginMismatch( |
| 76 | RenderFrameHost* rfh, |
| 77 | CookieAccessDetails::Type access_type, |
| 78 | const net::CookieInclusionStatus& status) { |
| 79 | CHECK(rfh); |
| 80 | |
| 81 | if (access_type != CookieAccessDetails::Type::kRead) { |
| 82 | return; |
| 83 | } |
| 84 | |
| 85 | // Our data collection policy disallows collecting UKMs while prerendering. |
| 86 | // See //content/browser/preloading/prerender/README.md and ask the team to |
| 87 | // explore options to record data for prerendering pages if we need to |
| 88 | // support the case. |
| 89 | if (rfh->IsInLifecycleState(RenderFrameHost::LifecycleState::kPrerendering)) { |
| 90 | return; |
| 91 | } |
| 92 | const bool port_mismatch = |
Chris Fredrickson | 66f167f | 2025-01-21 18:18:20 | [diff] [blame] | 93 | status.HasWarningReason( |
| 94 | net::CookieInclusionStatus::WarningReason::WARN_PORT_MISMATCH) || |
amarjotgill | d43eb5d1 | 2024-11-11 17:53:36 | [diff] [blame] | 95 | status.HasExclusionReason( |
Chris Fredrickson | 0a9673e | 2025-01-21 16:45:14 | [diff] [blame] | 96 | net::CookieInclusionStatus::ExclusionReason::EXCLUDE_PORT_MISMATCH); |
amarjotgill | d43eb5d1 | 2024-11-11 17:53:36 | [diff] [blame] | 97 | |
| 98 | const bool scheme_mismatch = |
| 99 | status.HasWarningReason( |
Chris Fredrickson | 66f167f | 2025-01-21 18:18:20 | [diff] [blame] | 100 | net::CookieInclusionStatus::WarningReason::WARN_SCHEME_MISMATCH) || |
amarjotgill | d43eb5d1 | 2024-11-11 17:53:36 | [diff] [blame] | 101 | status.HasExclusionReason( |
Chris Fredrickson | 0a9673e | 2025-01-21 16:45:14 | [diff] [blame] | 102 | net::CookieInclusionStatus::ExclusionReason::EXCLUDE_SCHEME_MISMATCH); |
amarjotgill | d43eb5d1 | 2024-11-11 17:53:36 | [diff] [blame] | 103 | |
| 104 | if (port_mismatch || scheme_mismatch) { |
| 105 | ukm::SourceId source_id = rfh->GetPageUkmSourceId(); |
| 106 | |
| 107 | auto event = ukm::builders::Cookies_Blocked_DueToOriginMismatch(source_id); |
| 108 | |
| 109 | // The event itself is what we're interested in, the value of "true" here |
| 110 | // can be ignored. |
| 111 | if (port_mismatch) { |
| 112 | event.SetPortMismatch(true); |
| 113 | } |
| 114 | |
| 115 | if (scheme_mismatch) { |
| 116 | event.SetSchemeMismatch(true); |
| 117 | } |
| 118 | |
| 119 | event.Record(ukm::UkmRecorder::Get()); |
| 120 | } |
| 121 | } |
| 122 | |
selya | 19cc0d2 | 2024-12-10 20:36:07 | [diff] [blame] | 123 | void RecordCookiesExemptedByTopLevelStorage(ukm::SourceId source_id, |
| 124 | int affected_cookies_in_request) { |
| 125 | ukm::builders::RequestStorageAccessFor_TopLevelStorageIsExemptionReason( |
| 126 | source_id) |
| 127 | .SetNumberOfCookies(ukm::GetExponentialBucketMin( |
| 128 | affected_cookies_in_request, /*bucket_spacing=*/2.0)) |
| 129 | .Record(ukm::UkmRecorder::Get()); |
| 130 | } |
| 131 | |
selya | 7d96d618 | 2024-04-22 11:35:51 | [diff] [blame] | 132 | // Relies on checks in RecordPartitionedCookiesUKMs to confirm that that the |
| 133 | // cookie name is not "receive-cookie-deprecation", that cookie is first party |
| 134 | // partitioned and the RenderFrameHost is not prerendering. |
selya | 778265bc | 2023-10-23 14:37:55 | [diff] [blame] | 135 | void RecordFirstPartyPartitionedCookieCrossSiteContextUKM( |
| 136 | RenderFrameHostImpl* render_frame_host_impl, |
selya | 7d96d618 | 2024-04-22 11:35:51 | [diff] [blame] | 137 | const net::CanonicalCookie& cookie, |
| 138 | const ukm::SourceId& source_id) { |
selya | 778265bc | 2023-10-23 14:37:55 | [diff] [blame] | 139 | // Same-site embed with cross-site ancestors (ABA embeds) have a null site |
| 140 | // for cookies since it is a cross-site context. If the result of |
| 141 | // ComputeSiteForCookies is first-party that means we are not in an ABA |
| 142 | // embedded context. |
selya | 01be4aa2 | 2024-01-25 18:36:24 | [diff] [blame] | 143 | bool has_cross_site_ancestor = |
| 144 | !render_frame_host_impl->ComputeSiteForCookies().IsFirstParty( |
selya | 778265bc | 2023-10-23 14:37:55 | [diff] [blame] | 145 | GURL(base::StrCat({url::kHttpsScheme, url::kStandardSchemeSeparator, |
selya | 01be4aa2 | 2024-01-25 18:36:24 | [diff] [blame] | 146 | cookie.DomainWithoutDot()}))); |
selya | 778265bc | 2023-10-23 14:37:55 | [diff] [blame] | 147 | |
selya | 7d96d618 | 2024-04-22 11:35:51 | [diff] [blame] | 148 | ukm::builders::Cookies_FirstPartyPartitionedInCrossSiteContextV3(source_id) |
selya | 01be4aa2 | 2024-01-25 18:36:24 | [diff] [blame] | 149 | .SetCookiePresent(has_cross_site_ancestor) |
selya | 778265bc | 2023-10-23 14:37:55 | [diff] [blame] | 150 | .Record(ukm::UkmRecorder::Get()); |
| 151 | } |
| 152 | |
selya | 7d96d618 | 2024-04-22 11:35:51 | [diff] [blame] | 153 | // Relies on checks in RecordPartitionedCookiesUKMs to confirm that that the |
| 154 | // cookie is partitioned, the cookie name is not |
| 155 | // "receive-cookie-deprecation" and the RenderFrameHost is not prerendering. |
| 156 | void RecordPartitionedCookieUseV2UKM(RenderFrameHost* rfh, |
| 157 | const net::CanonicalCookie& cookie, |
| 158 | const ukm::SourceId& source_id) { |
| 159 | ukm::builders::PartitionedCookiePresentV2(source_id) |
| 160 | .SetPartitionedCookiePresentV2(true) |
| 161 | .Record(ukm::UkmRecorder::Get()); |
| 162 | } |
| 163 | |
| 164 | void RecordPartitionedCookiesUKMs(RenderFrameHostImpl* render_frame_host_impl, |
| 165 | const net::CanonicalCookie& cookie) { |
selya | 27d093e | 2023-08-02 22:20:00 | [diff] [blame] | 166 | // Our data collection policy disallows collecting UKMs while prerendering. |
| 167 | // See //content/browser/preloading/prerender/README.md and ask the team to |
| 168 | // explore options to record data for prerendering pages if we need to |
| 169 | // support the case. |
selya | 7d96d618 | 2024-04-22 11:35:51 | [diff] [blame] | 170 | if (render_frame_host_impl->IsInLifecycleState( |
| 171 | RenderFrameHost::LifecycleState::kPrerendering)) { |
selya | 27d093e | 2023-08-02 22:20:00 | [diff] [blame] | 172 | return; |
| 173 | } |
selya | 27d093e | 2023-08-02 22:20:00 | [diff] [blame] | 174 | |
selya | 7d96d618 | 2024-04-22 11:35:51 | [diff] [blame] | 175 | // Cookies_FirstPartyPartitionedInCrossSiteContextV3 and |
| 176 | // PartitionedCookiePresentV2 both measure cookies |
| 177 | // without the name of 'receive-cookie-deprecation'. Return here to ensure |
| 178 | // that the metrics do not include those cookies. |
| 179 | if (cookie.Name() == "receive-cookie-deprecation") { |
| 180 | return; |
| 181 | } |
| 182 | |
| 183 | ukm::SourceId source_id = render_frame_host_impl->GetPageUkmSourceId(); |
| 184 | |
| 185 | if (cookie.IsFirstPartyPartitioned()) { |
| 186 | RecordFirstPartyPartitionedCookieCrossSiteContextUKM(render_frame_host_impl, |
| 187 | cookie, source_id); |
| 188 | } |
| 189 | |
| 190 | RecordPartitionedCookieUseV2UKM(render_frame_host_impl, cookie, source_id); |
selya | 27d093e | 2023-08-02 22:20:00 | [diff] [blame] | 191 | } |
| 192 | |
sbingler | 870b63f | 2023-04-25 16:47:58 | [diff] [blame] | 193 | void RecordRedirectContextDowngradeUKM(RenderFrameHost* rfh, |
| 194 | CookieAccessDetails::Type access_type, |
| 195 | const net::CanonicalCookie& cookie, |
| 196 | const GURL& url) { |
| 197 | CHECK(rfh); |
Takashi Toyoshima | d540b93 | 2023-06-30 02:30:27 | [diff] [blame] | 198 | |
| 199 | // Our data collection policy disallows collecting UKMs while prerendering. |
| 200 | // See //content/browser/preloading/prerender/README.md and ask the team to |
| 201 | // explore options to record data for prerendering pages if we need to |
| 202 | // support the case. |
| 203 | if (rfh->IsInLifecycleState(RenderFrameHost::LifecycleState::kPrerendering)) { |
| 204 | return; |
| 205 | } |
| 206 | |
sbingler | 870b63f | 2023-04-25 16:47:58 | [diff] [blame] | 207 | ukm::SourceId source_id = rfh->GetPageUkmSourceId(); |
| 208 | |
| 209 | int64_t samesite_value = static_cast<int64_t>(cookie.SameSite()); |
| 210 | if (access_type == CookieAccessDetails::Type::kRead) { |
| 211 | base::TimeDelta cookie_age = base::Time::Now() - cookie.CreationDate(); |
| 212 | |
| 213 | ukm::builders::SamesiteRedirectContextDowngrade(source_id) |
| 214 | .SetSamesiteValueReadPerCookie(samesite_value) |
| 215 | .SetAgePerCookie( |
| 216 | ukm::GetExponentialBucketMinForUserTiming(cookie_age.InMinutes())) |
| 217 | .Record(ukm::UkmRecorder::Get()); |
| 218 | } else { |
| 219 | CHECK(access_type == CookieAccessDetails::Type::kChange); |
| 220 | ukm::builders::SamesiteRedirectContextDowngrade(source_id) |
| 221 | .SetSamesiteValueWritePerCookie(samesite_value) |
| 222 | .Record(ukm::UkmRecorder::Get()); |
| 223 | } |
| 224 | } |
| 225 | |
| 226 | void RecordSchemefulContextDowngradeUKM( |
| 227 | RenderFrameHost* rfh, |
| 228 | CookieAccessDetails::Type access_type, |
| 229 | const net::CookieInclusionStatus& status, |
| 230 | const GURL& url) { |
| 231 | CHECK(rfh); |
Takashi Toyoshima | d540b93 | 2023-06-30 02:30:27 | [diff] [blame] | 232 | |
| 233 | // Our data collection policy disallows collecting UKMs while prerendering. |
| 234 | // See //content/browser/preloading/prerender/README.md and ask the team to |
| 235 | // explore options to record data for prerendering pages if we need to |
| 236 | // support the case. |
| 237 | if (rfh->IsInLifecycleState(RenderFrameHost::LifecycleState::kPrerendering)) { |
| 238 | return; |
| 239 | } |
| 240 | |
Alexander Timin | 1cc31f4 | 2020-05-12 16:26:01 | [diff] [blame] | 241 | ukm::SourceId source_id = rfh->GetPageUkmSourceId(); |
| 242 | |
Lei Zhang | 3ab3019 | 2022-08-15 19:52:20 | [diff] [blame] | 243 | auto downgrade_metric = |
| 244 | static_cast<int64_t>(status.GetBreakingDowngradeMetricsEnumValue(url)); |
Alexander Timin | 1cc31f4 | 2020-05-12 16:26:01 | [diff] [blame] | 245 | if (access_type == CookieAccessDetails::Type::kRead) { |
| 246 | ukm::builders::SchemefulSameSiteContextDowngrade(source_id) |
Lei Zhang | 3ab3019 | 2022-08-15 19:52:20 | [diff] [blame] | 247 | .SetRequestPerCookie(downgrade_metric) |
Alexander Timin | 1cc31f4 | 2020-05-12 16:26:01 | [diff] [blame] | 248 | .Record(ukm::UkmRecorder::Get()); |
| 249 | } else { |
sbingler | 870b63f | 2023-04-25 16:47:58 | [diff] [blame] | 250 | CHECK(access_type == CookieAccessDetails::Type::kChange); |
Alexander Timin | 1cc31f4 | 2020-05-12 16:26:01 | [diff] [blame] | 251 | ukm::builders::SchemefulSameSiteContextDowngrade(source_id) |
Lei Zhang | 3ab3019 | 2022-08-15 19:52:20 | [diff] [blame] | 252 | .SetResponsePerCookie(downgrade_metric) |
Alexander Timin | 1cc31f4 | 2020-05-12 16:26:01 | [diff] [blame] | 253 | .Record(ukm::UkmRecorder::Get()); |
| 254 | } |
| 255 | } |
| 256 | |
Simon Zünd | 657178e | 2021-05-27 06:19:55 | [diff] [blame] | 257 | bool ShouldReportDevToolsIssueForStatus( |
| 258 | const net::CookieInclusionStatus& status) { |
| 259 | return status.ShouldWarn() || |
Chris Fredrickson | 0a9673e | 2025-01-21 16:45:14 | [diff] [blame] | 260 | status.HasExclusionReason(net::CookieInclusionStatus::ExclusionReason:: |
| 261 | EXCLUDE_DOMAIN_NON_ASCII) || |
| 262 | status.HasExclusionReason(net::CookieInclusionStatus::ExclusionReason:: |
| 263 | EXCLUDE_PORT_MISMATCH) || |
| 264 | status.HasExclusionReason(net::CookieInclusionStatus::ExclusionReason:: |
| 265 | EXCLUDE_SCHEME_MISMATCH) || |
Simon Zünd | 657178e | 2021-05-27 06:19:55 | [diff] [blame] | 266 | status.HasExclusionReason( |
Chris Fredrickson | 0a9673e | 2025-01-21 16:45:14 | [diff] [blame] | 267 | net::CookieInclusionStatus::ExclusionReason:: |
Shuran Huang | dc0b8d8 | 2023-09-19 14:49:30 | [diff] [blame] | 268 | EXCLUDE_THIRD_PARTY_BLOCKED_WITHIN_FIRST_PARTY_SET) || |
Chris Fredrickson | 0a9673e | 2025-01-21 16:45:14 | [diff] [blame] | 269 | status.HasExclusionReason(net::CookieInclusionStatus::ExclusionReason:: |
| 270 | EXCLUDE_THIRD_PARTY_PHASEOUT) || |
Joshua Thomas | 48f0eea | 2024-09-17 02:25:52 | [diff] [blame] | 271 | status.exemption_reason() == |
| 272 | net::CookieInclusionStatus::ExemptionReason::k3PCDMetadata || |
| 273 | status.exemption_reason() == |
| 274 | net::CookieInclusionStatus::ExemptionReason::k3PCDHeuristics; |
Simon Zünd | 657178e | 2021-05-27 06:19:55 | [diff] [blame] | 275 | } |
| 276 | |
Sandor Major | 7774211 | 2025-01-14 18:36:11 | [diff] [blame] | 277 | } // namespace |
| 278 | |
| 279 | void SplitCookiesIntoAllowedAndBlocked( |
| 280 | const network::mojom::CookieAccessDetailsPtr& cookie_details, |
Ryan Tarpine | 60f087a9 | 2025-03-10 14:46:59 | [diff] [blame] | 281 | CookieAccessDetails::Source source, |
Sandor Major | 7774211 | 2025-01-14 18:36:11 | [diff] [blame] | 282 | CookieAccessDetails* allowed, |
| 283 | CookieAccessDetails* blocked) { |
| 284 | // For some cases `site_for_cookies` representative url is empty when |
| 285 | // OnCookieAccess is triggered for a third party. For example iframe third |
| 286 | // party accesses cookies when TPCD Metadata allows third party cookie access. |
| 287 | // |
| 288 | // Make `first_party_url` considering both `top_frame_origin` and |
| 289 | // `site_for_cookies` which is similar with GetFirstPartyURL() in |
| 290 | // components/content_settings/core/common/cookie_settings_base.h. |
| 291 | // If the `top_frame_origin` is non-opaque, it is chosen; otherwise, the |
| 292 | // `site_for_cookies` representative url is used. |
| 293 | const GURL first_party_url = |
| 294 | cookie_details->top_frame_origin.opaque() |
| 295 | ? cookie_details->site_for_cookies.RepresentativeUrl() |
| 296 | : cookie_details->top_frame_origin.GetURL(); |
| 297 | |
| 298 | *allowed = CookieAccessDetails({cookie_details->type, |
| 299 | cookie_details->url, |
| 300 | first_party_url, |
| 301 | {}, |
| 302 | /* blocked_by_policy=*/false, |
| 303 | cookie_details->is_ad_tagged, |
| 304 | cookie_details->cookie_setting_overrides, |
Ryan Tarpine | 60f087a9 | 2025-03-10 14:46:59 | [diff] [blame] | 305 | cookie_details->site_for_cookies, |
| 306 | source}); |
Peter Kasting | 1557e5f | 2025-01-28 01:14:08 | [diff] [blame] | 307 | int allowed_count = std::ranges::count_if( |
Sandor Major | 7774211 | 2025-01-14 18:36:11 | [diff] [blame] | 308 | cookie_details->cookie_list, |
| 309 | [](const network::mojom::CookieOrLineWithAccessResultPtr& |
| 310 | cookie_and_access_result) { |
| 311 | // "Included" cookies have no exclusion reasons so we don't also have to |
Chris Fredrickson | 0a9673e | 2025-01-21 16:45:14 | [diff] [blame] | 312 | // check for |
| 313 | // !(net::CookieInclusionStatus::ExclusionReason::EXCLUDE_USER_PREFERENCES). |
Sandor Major | 7774211 | 2025-01-14 18:36:11 | [diff] [blame] | 314 | return cookie_and_access_result->access_result.status.IsInclude(); |
| 315 | }); |
| 316 | allowed->cookie_access_result_list.reserve(allowed_count); |
| 317 | |
| 318 | *blocked = CookieAccessDetails({cookie_details->type, |
| 319 | cookie_details->url, |
| 320 | first_party_url, |
| 321 | {}, |
| 322 | /* blocked_by_policy=*/true, |
| 323 | cookie_details->is_ad_tagged, |
| 324 | cookie_details->cookie_setting_overrides, |
Ryan Tarpine | 60f087a9 | 2025-03-10 14:46:59 | [diff] [blame] | 325 | cookie_details->site_for_cookies, |
| 326 | source}); |
Peter Kasting | 1557e5f | 2025-01-28 01:14:08 | [diff] [blame] | 327 | int blocked_count = std::ranges::count_if( |
Sandor Major | 7774211 | 2025-01-14 18:36:11 | [diff] [blame] | 328 | cookie_details->cookie_list, |
| 329 | [](const network::mojom::CookieOrLineWithAccessResultPtr& |
| 330 | cookie_and_access_result) { |
| 331 | return cookie_and_access_result->access_result.status |
| 332 | .ExcludedByUserPreferencesOrTPCD(); |
| 333 | }); |
| 334 | blocked->cookie_access_result_list.reserve(blocked_count); |
| 335 | |
| 336 | for (const auto& cookie_and_access_result : cookie_details->cookie_list) { |
| 337 | if (cookie_and_access_result->access_result.status |
| 338 | .ExcludedByUserPreferencesOrTPCD()) { |
| 339 | blocked->cookie_access_result_list.emplace_back( |
| 340 | std::move(cookie_and_access_result->cookie_or_line->get_cookie()), |
| 341 | cookie_and_access_result->access_result); |
| 342 | } else if (cookie_and_access_result->access_result.status.IsInclude()) { |
| 343 | allowed->cookie_access_result_list.emplace_back( |
| 344 | std::move(cookie_and_access_result->cookie_or_line->get_cookie()), |
| 345 | cookie_and_access_result->access_result); |
| 346 | } |
| 347 | } |
Sandor Major | 7c3e612f | 2023-12-01 20:48:08 | [diff] [blame] | 348 | } |
Sandor Major | 7c3e612f | 2023-12-01 20:48:08 | [diff] [blame] | 349 | |
| 350 | // Logs cookie issues to DevTools Issues Panel and logs events to UseCounters |
Shuran Huang | 8fa11c7 | 2023-12-04 16:53:44 | [diff] [blame] | 351 | // and UKM for a single cookie-accessed event. |
Alison Gale | 770f3fc | 2024-04-27 00:39:58 | [diff] [blame] | 352 | // TODO(crbug.com/40632967): Remove when no longer needed. |
Sandor Major | 7774211 | 2025-01-14 18:36:11 | [diff] [blame] | 353 | void EmitCookieWarningsAndMetrics( |
Alexander Timin | 1cc31f4 | 2020-05-12 16:26:01 | [diff] [blame] | 354 | RenderFrameHostImpl* rfh, |
| 355 | const network::mojom::CookieAccessDetailsPtr& cookie_details) { |
| 356 | RenderFrameHostImpl* root_frame_host = rfh->GetMainFrame(); |
| 357 | |
Sreeja Kamishetty | e49854f8 | 2021-06-02 00:52:03 | [diff] [blame] | 358 | if (!root_frame_host->IsActive()) |
Alexander Timin | 1cc31f4 | 2020-05-12 16:26:01 | [diff] [blame] | 359 | return; |
| 360 | |
| 361 | bool samesite_treated_as_lax_cookies = false; |
| 362 | bool samesite_none_insecure_cookies = false; |
Alexander Timin | 1cc31f4 | 2020-05-12 16:26:01 | [diff] [blame] | 363 | bool breaking_context_downgrade = false; |
Lily Chen | c4423c0 | 2021-03-11 16:02:02 | [diff] [blame] | 364 | bool lax_allow_unsafe_cookies = false; |
Alexander Timin | 1cc31f4 | 2020-05-12 16:26:01 | [diff] [blame] | 365 | |
Lily Chen | 2db3a42 | 2021-07-20 18:02:25 | [diff] [blame] | 366 | bool samesite_cookie_inclusion_changed_by_cross_site_redirect = false; |
| 367 | |
Dylan Cutler | 8d5f891 | 2022-03-04 17:39:19 | [diff] [blame] | 368 | bool partitioned_cookies_exist = false; |
| 369 | |
Ari Chivukula | 5f21c11 | 2022-04-26 19:23:34 | [diff] [blame] | 370 | bool cookie_has_not_been_refreshed_in_201_to_300_days = false; |
| 371 | bool cookie_has_not_been_refreshed_in_301_to_350_days = false; |
| 372 | bool cookie_has_not_been_refreshed_in_351_to_400_days = false; |
| 373 | |
Johann Hofmann | e5764d1 | 2022-07-13 23:06:28 | [diff] [blame] | 374 | bool cookie_has_domain_non_ascii = false; |
| 375 | |
selya | 19cc0d2 | 2024-12-10 20:36:07 | [diff] [blame] | 376 | int cookies_exempted_by_top_level_storage_access = 0; |
| 377 | |
cfredric | 76b2d22 | 2021-01-27 20:12:04 | [diff] [blame] | 378 | for (const network::mojom::CookieOrLineWithAccessResultPtr& cookie : |
Alexander Timin | 1cc31f4 | 2020-05-12 16:26:01 | [diff] [blame] | 379 | cookie_details->cookie_list) { |
Johann Hofmann | 975c0b4 | 2022-08-02 21:05:51 | [diff] [blame] | 380 | const net::CookieInclusionStatus& status = cookie->access_result.status; |
| 381 | if (ShouldReportDevToolsIssueForStatus(status)) { |
Shuran Huang | 7a6757c2 | 2024-04-17 15:17:39 | [diff] [blame] | 382 | std::optional<std::string> devtools_issue_id; |
| 383 | if (status.HasExclusionReason( |
Chris Fredrickson | 0a9673e | 2025-01-21 16:45:14 | [diff] [blame] | 384 | net::CookieInclusionStatus::ExclusionReason:: |
| 385 | EXCLUDE_THIRD_PARTY_PHASEOUT) || |
Chris Fredrickson | 66f167f | 2025-01-21 18:18:20 | [diff] [blame] | 386 | status.HasWarningReason(net::CookieInclusionStatus::WarningReason:: |
| 387 | WARN_THIRD_PARTY_PHASEOUT)) { |
Shuran Huang | 7a6757c2 | 2024-04-17 15:17:39 | [diff] [blame] | 388 | devtools_issue_id = base::UnguessableToken::Create().ToString(); |
| 389 | } |
Juba Borgohain | c93969e | 2022-02-25 21:56:12 | [diff] [blame] | 390 | devtools_instrumentation::ReportCookieIssue( |
Simon Zünd | 657178e | 2021-05-27 06:19:55 | [diff] [blame] | 391 | root_frame_host, cookie, cookie_details->url, |
| 392 | cookie_details->site_for_cookies, |
| 393 | cookie_details->type == CookieAccessDetails::Type::kRead |
Juba Borgohain | c93969e | 2022-02-25 21:56:12 | [diff] [blame] | 394 | ? blink::mojom::CookieOperation::kReadCookie |
| 395 | : blink::mojom::CookieOperation::kSetCookie, |
Shuran Huang | 7a6757c2 | 2024-04-17 15:17:39 | [diff] [blame] | 396 | cookie_details->devtools_request_id, devtools_issue_id); |
Shuran Huang | 8fa11c7 | 2023-12-04 16:53:44 | [diff] [blame] | 397 | } |
| 398 | |
cfredric | 76b2d22 | 2021-01-27 20:12:04 | [diff] [blame] | 399 | if (cookie->access_result.status.ShouldWarn()) { |
Lily Chen | 9de4065b | 2020-06-24 20:18:47 | [diff] [blame] | 400 | samesite_treated_as_lax_cookies = |
| 401 | samesite_treated_as_lax_cookies || |
cfredric | a5fb098 | 2021-01-09 00:18:01 | [diff] [blame] | 402 | status.HasWarningReason( |
Chris Fredrickson | 66f167f | 2025-01-21 18:18:20 | [diff] [blame] | 403 | net::CookieInclusionStatus::WarningReason:: |
Lily Chen | 9de4065b | 2020-06-24 20:18:47 | [diff] [blame] | 404 | WARN_SAMESITE_UNSPECIFIED_CROSS_SITE_CONTEXT) || |
cfredric | a5fb098 | 2021-01-09 00:18:01 | [diff] [blame] | 405 | status.HasWarningReason( |
Chris Fredrickson | 66f167f | 2025-01-21 18:18:20 | [diff] [blame] | 406 | net::CookieInclusionStatus::WarningReason:: |
Lily Chen | 9de4065b | 2020-06-24 20:18:47 | [diff] [blame] | 407 | WARN_SAMESITE_UNSPECIFIED_LAX_ALLOW_UNSAFE); |
Alexander Timin | 1cc31f4 | 2020-05-12 16:26:01 | [diff] [blame] | 408 | |
Lily Chen | 9de4065b | 2020-06-24 20:18:47 | [diff] [blame] | 409 | samesite_none_insecure_cookies = |
| 410 | samesite_none_insecure_cookies || |
Chris Fredrickson | 66f167f | 2025-01-21 18:18:20 | [diff] [blame] | 411 | status.HasWarningReason(net::CookieInclusionStatus::WarningReason:: |
| 412 | WARN_SAMESITE_NONE_INSECURE); |
Lily Chen | 9de4065b | 2020-06-24 20:18:47 | [diff] [blame] | 413 | |
Lily Chen | c4423c0 | 2021-03-11 16:02:02 | [diff] [blame] | 414 | lax_allow_unsafe_cookies = |
| 415 | lax_allow_unsafe_cookies || |
| 416 | status.HasWarningReason( |
Chris Fredrickson | 66f167f | 2025-01-21 18:18:20 | [diff] [blame] | 417 | net::CookieInclusionStatus::WarningReason:: |
Lily Chen | c4423c0 | 2021-03-11 16:02:02 | [diff] [blame] | 418 | WARN_SAMESITE_UNSPECIFIED_LAX_ALLOW_UNSAFE); |
| 419 | |
Lily Chen | 2db3a42 | 2021-07-20 18:02:25 | [diff] [blame] | 420 | samesite_cookie_inclusion_changed_by_cross_site_redirect = |
| 421 | samesite_cookie_inclusion_changed_by_cross_site_redirect || |
| 422 | status.HasWarningReason( |
Chris Fredrickson | 66f167f | 2025-01-21 18:18:20 | [diff] [blame] | 423 | net::CookieInclusionStatus::WarningReason:: |
Lily Chen | 2db3a42 | 2021-07-20 18:02:25 | [diff] [blame] | 424 | WARN_CROSS_SITE_REDIRECT_DOWNGRADE_CHANGES_INCLUSION); |
Alexander Timin | 1cc31f4 | 2020-05-12 16:26:01 | [diff] [blame] | 425 | } |
Alexander Timin | 1cc31f4 | 2020-05-12 16:26:01 | [diff] [blame] | 426 | |
Johann Hofmann | 975c0b4 | 2022-08-02 21:05:51 | [diff] [blame] | 427 | cookie_has_domain_non_ascii = |
| 428 | cookie_has_domain_non_ascii || |
| 429 | status.HasWarningReason( |
Chris Fredrickson | 66f167f | 2025-01-21 18:18:20 | [diff] [blame] | 430 | net::CookieInclusionStatus::WarningReason::WARN_DOMAIN_NON_ASCII) || |
Chris Fredrickson | 0a9673e | 2025-01-21 16:45:14 | [diff] [blame] | 431 | status.HasExclusionReason(net::CookieInclusionStatus::ExclusionReason:: |
| 432 | EXCLUDE_DOMAIN_NON_ASCII); |
Johann Hofmann | 975c0b4 | 2022-08-02 21:05:51 | [diff] [blame] | 433 | |
Dylan Cutler | 8d5f891 | 2022-03-04 17:39:19 | [diff] [blame] | 434 | partitioned_cookies_exist = |
| 435 | partitioned_cookies_exist || |
| 436 | (cookie->cookie_or_line->is_cookie() && |
Dylan Cutler | 051411b4 | 2022-07-12 22:20:07 | [diff] [blame] | 437 | cookie->cookie_or_line->get_cookie().IsPartitioned() && |
| 438 | // Ignore nonced partition keys since this metric is meant to track |
| 439 | // usage of the Partitioned attribute. |
| 440 | !cookie->cookie_or_line->get_cookie().PartitionKey()->nonce()); |
Dylan Cutler | 8d5f891 | 2022-03-04 17:39:19 | [diff] [blame] | 441 | |
selya | 27d093e | 2023-08-02 22:20:00 | [diff] [blame] | 442 | |
selya | 778265bc | 2023-10-23 14:37:55 | [diff] [blame] | 443 | if (partitioned_cookies_exist) { |
selya | 7d96d618 | 2024-04-22 11:35:51 | [diff] [blame] | 444 | RecordPartitionedCookiesUKMs(rfh, cookie->cookie_or_line->get_cookie()); |
selya | 778265bc | 2023-10-23 14:37:55 | [diff] [blame] | 445 | } |
| 446 | |
selya | 19cc0d2 | 2024-12-10 20:36:07 | [diff] [blame] | 447 | if (cookie->access_result.status.exemption_reason() == |
| 448 | net::CookieInclusionStatus::ExemptionReason::kTopLevelStorageAccess) { |
| 449 | cookies_exempted_by_top_level_storage_access++; |
| 450 | } |
| 451 | |
Ayu Ishii | 2e399890 | 2020-07-14 18:22:30 | [diff] [blame] | 452 | breaking_context_downgrade = |
| 453 | breaking_context_downgrade || |
sbingler | 870b63f | 2023-04-25 16:47:58 | [diff] [blame] | 454 | cookie->access_result.status.HasSchemefulDowngradeWarning(); |
Alexander Timin | 1cc31f4 | 2020-05-12 16:26:01 | [diff] [blame] | 455 | |
sbingler | 870b63f | 2023-04-25 16:47:58 | [diff] [blame] | 456 | if (cookie->access_result.status.HasSchemefulDowngradeWarning()) { |
| 457 | // Unlike with UMA, do not record cookies that have no schemeful downgrade |
| 458 | // warning. |
| 459 | RecordSchemefulContextDowngradeUKM(rfh, cookie_details->type, |
| 460 | cookie->access_result.status, |
| 461 | cookie_details->url); |
| 462 | } |
| 463 | |
| 464 | if (status.HasWarningReason( |
Chris Fredrickson | 66f167f | 2025-01-21 18:18:20 | [diff] [blame] | 465 | net::CookieInclusionStatus::WarningReason:: |
sbingler | 870b63f | 2023-04-25 16:47:58 | [diff] [blame] | 466 | WARN_CROSS_SITE_REDIRECT_DOWNGRADE_CHANGES_INCLUSION) && |
| 467 | cookie->cookie_or_line->is_cookie()) { |
| 468 | RecordRedirectContextDowngradeUKM(rfh, cookie_details->type, |
| 469 | cookie->cookie_or_line->get_cookie(), |
| 470 | cookie_details->url); |
Alexander Timin | 1cc31f4 | 2020-05-12 16:26:01 | [diff] [blame] | 471 | } |
Ari Chivukula | 5f21c11 | 2022-04-26 19:23:34 | [diff] [blame] | 472 | |
sbingler | 8e26e21 | 2023-09-27 23:23:27 | [diff] [blame] | 473 | if (cookie->cookie_or_line->is_cookie()) { |
| 474 | PotentiallyRecordNonAsciiCookieNameValue( |
| 475 | rfh, cookie_details->type, |
| 476 | cookie->cookie_or_line->get_cookie().Name(), |
| 477 | cookie->cookie_or_line->get_cookie().Value()); |
| 478 | } |
| 479 | |
amarjotgill | d43eb5d1 | 2024-11-11 17:53:36 | [diff] [blame] | 480 | PotentiallyRecordCookieOriginMismatch(rfh, cookie_details->type, status); |
| 481 | |
Ari Chivukula | 5f21c11 | 2022-04-26 19:23:34 | [diff] [blame] | 482 | // In order to anticipate the potential effects of the expiry limit in |
| 483 | // rfc6265bis, we need to check how long it's been since the cookie was |
| 484 | // refreshed (if LastUpdateDate is populated). These three buckets were |
| 485 | // picked so we could engage sites with some granularity around urgency. |
| 486 | // We ignore the space under 200 days as these cookies are not at risk |
| 487 | // of expiring and we ignore the space over 400 days as these cookies |
| 488 | // have already expired. Metrics will take 200 days from M103 to populate. |
| 489 | base::Time last_update_date = |
| 490 | cookie->cookie_or_line->is_cookie() |
| 491 | ? cookie->cookie_or_line->get_cookie().LastUpdateDate() |
| 492 | : base::Time(); |
| 493 | if (!last_update_date.is_null()) { |
| 494 | int days_since_refresh = (base::Time::Now() - last_update_date).InDays(); |
| 495 | cookie_has_not_been_refreshed_in_201_to_300_days |= |
| 496 | days_since_refresh > 200 && days_since_refresh <= 300; |
| 497 | cookie_has_not_been_refreshed_in_301_to_350_days |= |
| 498 | days_since_refresh > 300 && days_since_refresh <= 350; |
| 499 | cookie_has_not_been_refreshed_in_351_to_400_days |= |
| 500 | days_since_refresh > 350 && days_since_refresh <= 400; |
| 501 | } |
Alexander Timin | 1cc31f4 | 2020-05-12 16:26:01 | [diff] [blame] | 502 | } |
| 503 | |
Alexander Timin | 1cc31f4 | 2020-05-12 16:26:01 | [diff] [blame] | 504 | if (samesite_treated_as_lax_cookies) { |
| 505 | GetContentClient()->browser()->LogWebFeatureForCurrentPage( |
| 506 | rfh, blink::mojom::WebFeature::kCookieNoSameSite); |
| 507 | } |
| 508 | |
| 509 | if (samesite_none_insecure_cookies) { |
| 510 | GetContentClient()->browser()->LogWebFeatureForCurrentPage( |
| 511 | rfh, blink::mojom::WebFeature::kCookieInsecureAndSameSiteNone); |
| 512 | } |
| 513 | |
| 514 | if (breaking_context_downgrade) { |
| 515 | GetContentClient()->browser()->LogWebFeatureForCurrentPage( |
| 516 | rfh, blink::mojom::WebFeature::kSchemefulSameSiteContextDowngrade); |
| 517 | } |
cfredric | a5fb098 | 2021-01-09 00:18:01 | [diff] [blame] | 518 | |
Lily Chen | c4423c0 | 2021-03-11 16:02:02 | [diff] [blame] | 519 | if (lax_allow_unsafe_cookies) { |
| 520 | GetContentClient()->browser()->LogWebFeatureForCurrentPage( |
| 521 | rfh, blink::mojom::WebFeature::kLaxAllowingUnsafeCookies); |
| 522 | } |
| 523 | |
Lily Chen | 2db3a42 | 2021-07-20 18:02:25 | [diff] [blame] | 524 | if (samesite_cookie_inclusion_changed_by_cross_site_redirect) { |
| 525 | GetContentClient()->browser()->LogWebFeatureForCurrentPage( |
| 526 | rfh, blink::mojom::WebFeature:: |
| 527 | kSameSiteCookieInclusionChangedByCrossSiteRedirect); |
| 528 | } |
Dylan Cutler | 8d5f891 | 2022-03-04 17:39:19 | [diff] [blame] | 529 | |
| 530 | if (partitioned_cookies_exist) { |
| 531 | GetContentClient()->browser()->LogWebFeatureForCurrentPage( |
| 532 | rfh, blink::mojom::WebFeature::kPartitionedCookies); |
| 533 | } |
Ari Chivukula | 5f21c11 | 2022-04-26 19:23:34 | [diff] [blame] | 534 | |
| 535 | if (cookie_has_not_been_refreshed_in_201_to_300_days) { |
| 536 | GetContentClient()->browser()->LogWebFeatureForCurrentPage( |
| 537 | rfh, |
| 538 | blink::mojom::WebFeature::kCookieHasNotBeenRefreshedIn201To300Days); |
| 539 | } |
| 540 | |
| 541 | if (cookie_has_not_been_refreshed_in_301_to_350_days) { |
| 542 | GetContentClient()->browser()->LogWebFeatureForCurrentPage( |
| 543 | rfh, |
| 544 | blink::mojom::WebFeature::kCookieHasNotBeenRefreshedIn301To350Days); |
| 545 | } |
| 546 | |
| 547 | if (cookie_has_not_been_refreshed_in_351_to_400_days) { |
| 548 | GetContentClient()->browser()->LogWebFeatureForCurrentPage( |
| 549 | rfh, |
| 550 | blink::mojom::WebFeature::kCookieHasNotBeenRefreshedIn351To400Days); |
| 551 | } |
Johann Hofmann | e5764d1 | 2022-07-13 23:06:28 | [diff] [blame] | 552 | |
| 553 | if (cookie_has_domain_non_ascii) { |
| 554 | GetContentClient()->browser()->LogWebFeatureForCurrentPage( |
| 555 | rfh, blink::mojom::WebFeature::kCookieDomainNonASCII); |
| 556 | } |
selya | 19cc0d2 | 2024-12-10 20:36:07 | [diff] [blame] | 557 | |
| 558 | if (cookies_exempted_by_top_level_storage_access) { |
| 559 | RecordCookiesExemptedByTopLevelStorage( |
| 560 | rfh->GetPageUkmSourceId(), |
| 561 | cookies_exempted_by_top_level_storage_access); |
| 562 | } |
Alexander Timin | 1cc31f4 | 2020-05-12 16:26:01 | [diff] [blame] | 563 | } |
| 564 | |
Alexander Timin | 1cc31f4 | 2020-05-12 16:26:01 | [diff] [blame] | 565 | } // namespace content |