1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/base/cookie_util.h"
7 #include "base/logging.h"
8 #include "googleurl/src/gurl.h"
9 #include "net/base/net_util.h"
10 #include "net/base/registry_controlled_domain.h"
13 namespace cookie_util
{
15 bool DomainIsHostOnly(const std::string
& domain_string
) {
16 return (domain_string
.empty() || domain_string
[0] != '.');
19 std::string
GetEffectiveDomain(const std::string
& scheme
,
20 const std::string
& host
) {
21 if (scheme
== "http" || scheme
== "https")
22 return RegistryControlledDomainService::GetDomainAndRegistry(host
);
24 if (!DomainIsHostOnly(host
))
25 return host
.substr(1);
29 bool GetCookieDomainWithString(const GURL
& url
,
30 const std::string
& domain_string
,
31 std::string
* result
) {
32 const std::string
url_host(url
.host());
34 // If no domain was specified in the domain string, default to a host cookie.
35 // We match IE/Firefox in allowing a domain=IPADDR if it matches the url
36 // ip address hostname exactly. It should be treated as a host cookie.
37 if (domain_string
.empty() ||
38 (url
.HostIsIPAddress() && url_host
== domain_string
)) {
40 DCHECK(DomainIsHostOnly(*result
));
44 // Get the normalized domain specified in cookie line.
45 url_canon::CanonHostInfo ignored
;
46 std::string
cookie_domain(CanonicalizeHost(domain_string
, &ignored
));
47 if (cookie_domain
.empty())
49 if (cookie_domain
[0] != '.')
50 cookie_domain
= "." + cookie_domain
;
52 // Ensure |url| and |cookie_domain| have the same domain+registry.
53 const std::string
url_scheme(url
.scheme());
54 const std::string
url_domain_and_registry(
55 GetEffectiveDomain(url_scheme
, url_host
));
56 if (url_domain_and_registry
.empty())
57 return false; // IP addresses/intranet hosts can't set domain cookies.
58 const std::string
cookie_domain_and_registry(
59 GetEffectiveDomain(url_scheme
, cookie_domain
));
60 if (url_domain_and_registry
!= cookie_domain_and_registry
)
61 return false; // Can't set a cookie on a different domain + registry.
63 // Ensure |url_host| is |cookie_domain| or one of its subdomains. Given that
64 // we know the domain+registry are the same from the above checks, this is
65 // basically a simple string suffix check.
66 const bool is_suffix
= (url_host
.length() < cookie_domain
.length()) ?
67 (cookie_domain
!= ("." + url_host
)) :
68 (url_host
.compare(url_host
.length() - cookie_domain
.length(),
69 cookie_domain
.length(), cookie_domain
) != 0);
73 *result
= cookie_domain
;
77 } // namespace cookie_utils