Add histograms for SameSite cookie Lax-allow-unsafe intervention

Bug: 990439 Change-Id: Ibf7f5a23486f3d55d728c02c5d03bc34b1a4cfa5 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1753590 Reviewed-by: Charlie Harrison <csharrison@chromium.org> Reviewed-by: Maks Orlovich <morlovich@chromium.org> Commit-Queue: Lily Chen <chlily@chromium.org> Cr-Commit-Position: refs/heads/master@{#687254}
chromium · Aug 15, 2019 · 0a4457e · 0a4457e
1 parent 04c8208
commit 0a4457e
Show file tree

Hide file tree

Showing 2 changed files with 47 additions and 1 deletion.
diff --git a/net/cookies/canonical_cookie.cc b/net/cookies/canonical_cookie.cc
@@ -363,6 +363,7 @@ bool CanonicalCookie::IsDomainMatch(const std::string& host) const {
 CanonicalCookie::CookieInclusionStatus CanonicalCookie::IncludeForRequestURL(
     const GURL& url,
     const CookieOptions& options) const {
+  base::TimeDelta cookie_age = base::Time::Now() - CreationDate();
   // Filter out HttpOnly cookies, per options.
   if (options.exclude_httponly() && IsHttpOnly())
     return CanonicalCookie::CookieInclusionStatus::EXCLUDE_HTTP_ONLY;
@@ -388,6 +389,17 @@ CanonicalCookie::CookieInclusionStatus CanonicalCookie::IncludeForRequestURL(
     case CookieSameSite::LAX_MODE:
       if (options.same_site_cookie_context() <
           CookieOptions::SameSiteCookieContext::SAME_SITE_LAX) {
+        // Log metrics for a cookie that would have been included under the
+        // "Lax-allow-unsafe" intervention, had it been new enough.
+        if (SameSite() == CookieSameSite::UNSPECIFIED &&
+            options.same_site_cookie_context() ==
+                CookieOptions::SameSiteCookieContext::
+                    SAME_SITE_LAX_METHOD_UNSAFE) {
+          UMA_HISTOGRAM_CUSTOM_TIMES(
+              "Cookie.SameSiteUnspecifiedTooOldToAllowUnsafe", cookie_age,
+              base::TimeDelta::FromMinutes(1), base::TimeDelta::FromDays(5),
+              100);
+        }
         return (SameSite() == CookieSameSite::UNSPECIFIED)
                    ? CanonicalCookie::CookieInclusionStatus::
                          EXCLUDE_SAMESITE_UNSPECIFIED_TREATED_AS_LAX
@@ -397,12 +409,20 @@ CanonicalCookie::CookieInclusionStatus CanonicalCookie::IncludeForRequestURL(
       break;
     // TODO(crbug.com/990439): Add a browsertest for this behavior.
     case CookieSameSite::LAX_MODE_ALLOW_UNSAFE:
+      DCHECK(SameSite() == CookieSameSite::UNSPECIFIED);
       if (options.same_site_cookie_context() <
           CookieOptions::SameSiteCookieContext::SAME_SITE_LAX_METHOD_UNSAFE) {
-        DCHECK(SameSite() == CookieSameSite::UNSPECIFIED);
         // TODO(chlily): Do we need a separate CookieInclusionStatus for this?
         return CanonicalCookie::CookieInclusionStatus::
             EXCLUDE_SAMESITE_UNSPECIFIED_TREATED_AS_LAX;
+      } else if (options.same_site_cookie_context() ==
+                 CookieOptions::SameSiteCookieContext::
+                     SAME_SITE_LAX_METHOD_UNSAFE) {
+        // Log metrics for cookies that activate the "Lax-allow-unsafe"
+        // intervention. This histogram macro allows up to 3 minutes, which is
+        // enough for the current threshold of 2 minutes.
+        UMA_HISTOGRAM_MEDIUM_TIMES("Cookie.LaxAllowUnsafeCookieIncludedAge",
+                                   cookie_age);
       }
       break;
     default:

diff --git a/tools/metrics/histograms/histograms.xml b/tools/metrics/histograms/histograms.xml
@@ -23392,6 +23392,19 @@ uploading your change for review.
   </summary>
 </histogram>
 
+<histogram name="Cookie.LaxAllowUnsafeCookieIncludedAge" units="ms"
+    expires_after="M85">
+  <owner>chlily@chromium.org</owner>
+  <owner>morlovich@chromium.org</owner>
+  <summary>
+    The age in milliseconds of a cookie that activates the Lax-allow-unsafe
+    intervention. Emitted whenever a cookie is included in a request with an
+    unsafe HTTP method, where the cookie has an unspecified SameSite attribute
+    and is only included because it is new enough to fall under the age
+    threshold for allowing Lax-allow-unsafe.
+  </summary>
+</histogram>
+
 <histogram name="Cookie.LoadProblem" enum="CookieLoadProblem"
     expires_after="2020-01-26">
   <owner>morlovich@chromium.org</owner>
@@ -23471,6 +23484,19 @@ uploading your change for review.
   </summary>
 </histogram>
 
+<histogram name="Cookie.SameSiteUnspecifiedTooOldToAllowUnsafe" units="ms"
+    expires_after="M85">
+  <owner>chlily@chromium.org</owner>
+  <owner>morlovich@chromium.org</owner>
+  <summary>
+    The age in milliseconds of a cookie that would have activated the
+    Lax-allow-unsafe intervention except for the fact that it is too old.
+    Emitted whenever a cookie is excluded from being sent on a request with an
+    unsafe method, where the cookie has an unspecified SameSite attribute and is
+    too old to fall under the age threshold to allow Lax-allow-unsafe.
+  </summary>
+</histogram>
+
 <histogram name="Cookie.SetAttributePairCharsValidity" enum="BooleanValid"
     expires_after="2013-09-21">
   <obsolete>