#include "components/content_settings/core/browser/website_settings_registry.h"
#include "components/content_settings/core/common/content_settings.h"
#include "components/content_settings/core/common/features.h"
+#if BUILDFLAG(IS_TIZEN_TV)
+#include "net/cookies/cookie_util.h"
+#endif
namespace content_settings {
WebsiteSettingsRegistry::ALL_PLATFORMS,
ContentSettingsInfo::INHERIT_IN_INCOGNITO,
ContentSettingsInfo::EXCEPTIONS_ON_SECURE_AND_INSECURE_ORIGINS);
-
+#if BUILDFLAG(IS_TIZEN_TV)
+ ContentSetting legacy_cookie_access_initial_default =
+ net::cookie_util::IsSameSiteByDefaultCookiesEnabled()
+ ? CONTENT_SETTING_BLOCK
+ : CONTENT_SETTING_ALLOW;
+#endif
Register(ContentSettingsType::IMAGES, "images", CONTENT_SETTING_ALLOW,
WebsiteSettingsInfo::SYNCABLE,
/*allowlisted_schemes=*/
ContentSettingsInfo::EXCEPTIONS_ON_SECURE_AND_INSECURE_ORIGINS);
Register(ContentSettingsType::LEGACY_COOKIE_ACCESS, "legacy-cookie-access",
- CONTENT_SETTING_BLOCK, WebsiteSettingsInfo::UNSYNCABLE,
- /*allowlisted_schemes=*/{},
+#if BUILDFLAG(IS_TIZEN_TV)
+ legacy_cookie_access_initial_default,
+#else
+ CONTENT_SETTING_BLOCK,
+#endif
+ WebsiteSettingsInfo::UNSYNCABLE, /*allowlisted_schemes=*/{},
/*valid_settings=*/{CONTENT_SETTING_ALLOW, CONTENT_SETTING_BLOCK},
WebsiteSettingsInfo::REQUESTING_ORIGIN_ONLY_SCOPE,
WebsiteSettingsRegistry::ALL_PLATFORMS,
{switches::kEnableExperimentalWebPlatformFeatures,
std::cref(net::features::kCookieSameSiteConsidersRedirectChain),
base::FeatureList::OVERRIDE_ENABLE_FEATURE},
+#if BUILDFLAG(IS_TIZEN_TV)
+ {switches::kEnableExperimentalCookieFeatures,
+ std::cref(net::features::kCookiesWithoutSameSiteMustBeSecure),
+ base::FeatureList::OVERRIDE_ENABLE_FEATURE},
+ {switches::kEnableExperimentalCookieFeatures,
+ std::cref(net::features::kSameSiteByDefaultCookies),
+ base::FeatureList::OVERRIDE_ENABLE_FEATURE},
+#endif
{switches::kEnableExperimentalWebPlatformFeatures,
std::cref(features::kDocumentPolicyNegotiation),
base::FeatureList::OVERRIDE_ENABLE_FEATURE},
"NetUnusedIdleSocketTimeout",
base::FEATURE_DISABLED_BY_DEFAULT);
+#if BUILDFLAG(IS_TIZEN_TV)
+// When enabled, makes cookies without a SameSite attribute behave like
+// SameSite=Lax cookies by default, and requires SameSite=None to be specified
+// in order to make cookies available in a third-party context. When disabled,
+// the default behavior for cookies without a SameSite attribute specified is no
+// restriction, i.e., available in a third-party context.
+// The "Lax-allow-unsafe" mitigation allows these cookies to be sent on
+// top-level cross-site requests with an unsafe (e.g. POST) HTTP method, if the
+// cookie is no more than 2 minutes old.
+BASE_FEATURE(kSameSiteByDefaultCookies,
+ "SameSiteByDefaultCookies",
+ base::FEATURE_DISABLED_BY_DEFAULT);
+// When enabled, cookies without SameSite restrictions that don't specify the
+// Secure attribute will be rejected if set from an insecure context, or treated
+// as secure if set from a secure context. This ONLY has an effect if
+// SameSiteByDefaultCookies is also enabled.
+BASE_FEATURE(kCookiesWithoutSameSiteMustBeSecure,
+ "CookiesWithoutSameSiteMustBeSecure",
+ base::FEATURE_DISABLED_BY_DEFAULT);
+#endif
+
BASE_FEATURE(kShortLaxAllowUnsafeThreshold,
"ShortLaxAllowUnsafeThreshold",
base::FEATURE_DISABLED_BY_DEFAULT);
// Changes the timeout after which unused sockets idle sockets are cleaned up.
NET_EXPORT BASE_DECLARE_FEATURE(kNetUnusedIdleSocketTimeout);
+#if BUILDFLAG(IS_TIZEN_TV)
+// When enabled, makes cookies without a SameSite attribute behave like
+// SameSite=Lax cookies by default, and requires SameSite=None to be specified
+// in order to make cookies available in a third-party context. When disabled,
+// the default behavior for cookies without a SameSite attribute specified is no
+// restriction, i.e., available in a third-party context.
+// The "Lax-allow-unsafe" mitigation allows these cookies to be sent on
+// top-level cross-site requests with an unsafe (e.g. POST) HTTP method, if the
+// cookie is no more than 2 minutes old.
+NET_EXPORT BASE_DECLARE_FEATURE(kSameSiteByDefaultCookies);
+// When enabled, cookies without SameSite restrictions that don't specify the
+// Secure attribute will be rejected if set from an insecure context, or treated
+// as secure if set from a secure context. This ONLY has an effect if
+// SameSiteByDefaultCookies is also enabled.
+NET_EXPORT BASE_DECLARE_FEATURE(kCookiesWithoutSameSiteMustBeSecure);
+#endif
+
// When enabled, the time threshold for Lax-allow-unsafe cookies will be lowered
// from 2 minutes to 10 seconds. This time threshold refers to the age cutoff
// for which cookies that default into SameSite=Lax, which are newer than the
// Unless legacy access semantics are in effect, SameSite=None cookies without
// the Secure attribute will be rejected.
if (params.access_semantics != CookieAccessSemantics::LEGACY &&
+#if BUILDFLAG(IS_TIZEN_TV)
+ cookie_util::IsCookiesWithoutSameSiteMustBeSecureEnabled() &&
+#endif
SameSite() == CookieSameSite::NO_RESTRICTION && !IsSecure()) {
DVLOG(net::cookie_util::kVlogSetCookies)
<< "SetCookie() rejecting insecure cookie with SameSite=None.";
features::kShortLaxAllowUnsafeThreshold)
? kShortLaxAllowUnsafeMaxAge
: kLaxAllowUnsafeMaxAge);
+#if BUILDFLAG(IS_TIZEN_TV)
+ bool should_apply_same_site_lax_by_default =
+ cookie_util::IsSameSiteByDefaultCookiesEnabled();
+ if (access_semantics == CookieAccessSemantics::LEGACY) {
+ should_apply_same_site_lax_by_default = false;
+ } else if (access_semantics == CookieAccessSemantics::NONLEGACY) {
+ should_apply_same_site_lax_by_default = true;
+ }
+#endif
switch (SameSite()) {
// If a cookie does not have a SameSite attribute, the effective SameSite
// mode depends on the access semantics and whether the cookie is
// recently-created.
case CookieSameSite::UNSPECIFIED:
+#if BUILDFLAG(IS_TIZEN_TV)
+ return should_apply_same_site_lax_by_default
+ ? (IsRecentlyCreated(lax_allow_unsafe_threshold_age)
+ ? CookieEffectiveSameSite::LAX_MODE_ALLOW_UNSAFE
+ : CookieEffectiveSameSite::LAX_MODE)
+ : CookieEffectiveSameSite::NO_RESTRICTION;
+#else
return (access_semantics == CookieAccessSemantics::LEGACY)
? CookieEffectiveSameSite::NO_RESTRICTION
: (IsRecentlyCreated(lax_allow_unsafe_threshold_age)
? CookieEffectiveSameSite::LAX_MODE_ALLOW_UNSAFE
: CookieEffectiveSameSite::LAX_MODE);
+#endif
case CookieSameSite::NO_RESTRICTION:
return CookieEffectiveSameSite::NO_RESTRICTION;
case CookieSameSite::LAX_MODE:
return CookieOptions::SameSiteCookieContext::MakeInclusive();
}
+#if BUILDFLAG(IS_TIZEN_TV)
+bool IsSameSiteByDefaultCookiesEnabled() {
+ return base::FeatureList::IsEnabled(features::kSameSiteByDefaultCookies);
+}
+
+bool IsCookiesWithoutSameSiteMustBeSecureEnabled() {
+ return IsSameSiteByDefaultCookiesEnabled() &&
+ base::FeatureList::IsEnabled(
+ features::kCookiesWithoutSameSiteMustBeSecure);
+}
+#endif
+
bool IsPortBoundCookiesEnabled() {
return base::FeatureList::IsEnabled(features::kEnablePortBoundCookies);
}
// Returns whether the respective feature is enabled.
NET_EXPORT bool IsSchemefulSameSiteEnabled();
+#if BUILDFLAG(IS_TIZEN_TV)
+NET_EXPORT bool IsSameSiteByDefaultCookiesEnabled();
+NET_EXPORT bool IsCookiesWithoutSameSiteMustBeSecureEnabled();
+#endif
+
// Computes the First-Party Sets metadata and cache match information.
// `isolation_info` must be fully populated.
//
const GURL& secondary_url,
ContentSettingsType content_type,
content_settings::SettingInfo* info) const {
+ ContentSetting setting = CONTENT_SETTING_BLOCK;
+#if BUILDFLAG(IS_TIZEN_TV)
+ setting = net::cookie_util::IsSameSiteByDefaultCookiesEnabled()
+ ? CONTENT_SETTING_BLOCK
+ : CONTENT_SETTING_ALLOW;
+#else
+ setting = CONTENT_SETTING_BLOCK;
+#endif
+
const ContentSettingPatternSource* result = FindMatchingSetting(
primary_url, secondary_url, GetContentSettings(content_type));
info->primary_pattern = ContentSettingsPattern::Wildcard();
info->secondary_pattern = ContentSettingsPattern::Wildcard();
}
- return CONTENT_SETTING_BLOCK;
+ return setting;
}
if (info) {