Skip to content
Commit 4b08cb46 authored by sbingler's avatar sbingler Committed by Chromium LUCI CQ
Browse files

[OBC] Warn when secure cookies are allowed access via trustworthy urls 

Apply warnings to cookies with a secure source scheme that are being
accessed by a trustworthy, but non-cryptographically secure, url.

This Cl also adds a new warning to cookies which are being created by
a non-cryptographically secure url and specify the `Secure` attribute.
Since trustworthy urls are allowed to set `Secure` cookies we also,
tentatively, set the cookie's source scheme and port to indicate a
secure cookie. This will help prevent confusion about why a given cookie
has a secure source scheme.
If these cookies aren't allowed to be set (because the url actually
isn't trustworthy) then they'll get excluded by the CookieStore/CookieMonster.

Bug: 1170548
Change-Id: I96da8ee34fb9bf2477cb08bcb9fcd51d7b9d4250
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4545013


Reviewed-by: default avatarMaks Orlovich <morlovich@chromium.org>
Reviewed-by: default avatarDustin Mitchell <djmitche@chromium.org>
Commit-Queue: Steven Bingler <bingler@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1147384}
parent d8149480
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment