1 /* 2 * Copyright (C) 2006 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.webkit; 18 19 import android.annotation.Nullable; 20 import android.annotation.SystemApi; 21 import android.net.WebAddress; 22 23 /** 24 * Manages the cookies used by an application's {@link WebView} instances. 25 * <p> 26 * CookieManager represents cookies as strings in the same format as the 27 * HTTP {@code Cookie} and {@code Set-Cookie} header fields (defined in 28 * <a href="https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-03">RFC6265bis</a>). 29 */ 30 public abstract class CookieManager { 31 /** 32 * @deprecated This class should not be constructed by applications, use {@link #getInstance} 33 * instead to fetch the singleton instance. 34 */ 35 // TODO(ntfschr): mark this as @SystemApi after a year. 36 @Deprecated CookieManager()37 public CookieManager() {} 38 39 @Override clone()40 protected Object clone() throws CloneNotSupportedException { 41 throw new CloneNotSupportedException("doesn't implement Cloneable"); 42 } 43 44 /** 45 * Gets the singleton CookieManager instance. 46 * 47 * @return the singleton CookieManager instance 48 */ getInstance()49 public static CookieManager getInstance() { 50 return WebViewFactory.getProvider().getCookieManager(); 51 } 52 53 /** 54 * Sets whether the application's {@link WebView} instances should send and 55 * accept cookies. 56 * By default this is set to {@code true} and the WebView accepts cookies. 57 * <p> 58 * When this is {@code true} 59 * {@link CookieManager#setAcceptThirdPartyCookies setAcceptThirdPartyCookies} and 60 * {@link CookieManager#setAcceptFileSchemeCookies setAcceptFileSchemeCookies} 61 * can be used to control the policy for those specific types of cookie. 62 * 63 * @param accept whether {@link WebView} instances should send and accept 64 * cookies 65 */ setAcceptCookie(boolean accept)66 public abstract void setAcceptCookie(boolean accept); 67 68 /** 69 * Gets whether the application's {@link WebView} instances send and accept 70 * cookies. 71 * 72 * @return {@code true} if {@link WebView} instances send and accept cookies 73 */ acceptCookie()74 public abstract boolean acceptCookie(); 75 76 /** 77 * Sets whether the {@link WebView} should allow third party cookies to be set. 78 * Allowing third party cookies is a per WebView policy and can be set 79 * differently on different WebView instances. 80 * <p> 81 * Apps that target {@link android.os.Build.VERSION_CODES#KITKAT} or below 82 * default to allowing third party cookies. Apps targeting 83 * {@link android.os.Build.VERSION_CODES#LOLLIPOP} or later default to disallowing 84 * third party cookies. 85 * 86 * @param webview the {@link WebView} instance to set the cookie policy on 87 * @param accept whether the {@link WebView} instance should accept 88 * third party cookies 89 */ setAcceptThirdPartyCookies(WebView webview, boolean accept)90 public abstract void setAcceptThirdPartyCookies(WebView webview, boolean accept); 91 92 /** 93 * Gets whether the {@link WebView} should allow third party cookies to be set. 94 * 95 * @param webview the {@link WebView} instance to get the cookie policy for 96 * @return {@code true} if the {@link WebView} accepts third party cookies 97 */ acceptThirdPartyCookies(WebView webview)98 public abstract boolean acceptThirdPartyCookies(WebView webview); 99 100 /** 101 * Sets a single cookie (key-value pair) for the given URL. Any existing cookie with the same 102 * host, path and name will be replaced with the new cookie. The cookie being set 103 * will be ignored if it is expired. To set multiple cookies, your application should invoke 104 * this method multiple times. 105 * 106 * <p>The {@code value} parameter must follow the format of the {@code Set-Cookie} HTTP 107 * response header defined by 108 * <a href="https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-03">RFC6265bis</a>. 109 * This is a key-value pair of the form {@code "key=value"}, optionally followed by a list of 110 * cookie attributes delimited with semicolons (ex. {@code "key=value; Max-Age=123"}). Please 111 * consult the RFC specification for a list of valid attributes. 112 * 113 * <p class="note"><b>Note:</b> if specifying a {@code value} containing the {@code "Secure"} 114 * attribute, {@code url} must use the {@code "https://"} scheme. 115 * 116 * @param url the URL for which the cookie is to be set 117 * @param value the cookie as a string, using the format of the 'Set-Cookie' 118 * HTTP response header 119 */ setCookie(String url, String value)120 public abstract void setCookie(String url, String value); 121 122 /** 123 * Sets a single cookie (key-value pair) for the given URL. Any existing cookie with the same 124 * host, path and name will be replaced with the new cookie. The cookie being set 125 * will be ignored if it is expired. To set multiple cookies, your application should invoke 126 * this method multiple times. 127 * 128 * <p>The {@code value} parameter must follow the format of the {@code Set-Cookie} HTTP 129 * response header defined by 130 * <a href="https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-03">RFC6265bis</a>. 131 * This is a key-value pair of the form {@code "key=value"}, optionally followed by a list of 132 * cookie attributes delimited with semicolons (ex. {@code "key=value; Max-Age=123"}). Please 133 * consult the RFC specification for a list of valid attributes. 134 * 135 * <p>This method is asynchronous. If a {@link ValueCallback} is provided, 136 * {@link ValueCallback#onReceiveValue} will be called on the current 137 * thread's {@link android.os.Looper} once the operation is complete. 138 * The value provided to the callback indicates whether the cookie was set successfully. 139 * You can pass {@code null} as the callback if you don't need to know when the operation 140 * completes or whether it succeeded, and in this case it is safe to call the method from a 141 * thread without a Looper. 142 * 143 * <p class="note"><b>Note:</b> if specifying a {@code value} containing the {@code "Secure"} 144 * attribute, {@code url} must use the {@code "https://"} scheme. 145 * 146 * @param url the URL for which the cookie is to be set 147 * @param value the cookie as a string, using the format of the 'Set-Cookie' 148 * HTTP response header 149 * @param callback a callback to be executed when the cookie has been set 150 */ setCookie(String url, String value, @Nullable ValueCallback<Boolean> callback)151 public abstract void setCookie(String url, String value, @Nullable ValueCallback<Boolean> 152 callback); 153 154 /** 155 * Gets all the cookies for the given URL. This may return multiple key-value pairs if multiple 156 * cookies are associated with this URL, in which case each cookie will be delimited by {@code 157 * "; "} characters (semicolon followed by a space). Each key-value pair will be of the form 158 * {@code "key=value"}. 159 * 160 * @param url the URL for which the cookies are requested 161 * @return value the cookies as a string, using the format of the 'Cookie' 162 * HTTP request header 163 */ getCookie(String url)164 public abstract String getCookie(String url); 165 166 /** 167 * See {@link #getCookie(String)}. 168 * 169 * @param url the URL for which the cookies are requested 170 * @param privateBrowsing whether to use the private browsing cookie jar 171 * @return value the cookies as a string, using the format of the 'Cookie' 172 * HTTP request header 173 * @hide Used by Browser and by WebViewProvider implementations. 174 */ 175 @SuppressWarnings("HiddenAbstractMethod") 176 @SystemApi getCookie(String url, boolean privateBrowsing)177 public abstract String getCookie(String url, boolean privateBrowsing); 178 179 /** 180 * Gets cookie(s) for a given uri so that it can be set to "cookie:" in http 181 * request header. 182 * 183 * @param uri the WebAddress for which the cookies are requested 184 * @return value the cookies as a string, using the format of the 'Cookie' 185 * HTTP request header 186 * @hide Used by RequestHandle and by WebViewProvider implementations. 187 */ 188 @SystemApi getCookie(WebAddress uri)189 public synchronized String getCookie(WebAddress uri) { 190 return getCookie(uri.toString()); 191 } 192 193 /** 194 * Removes all session cookies, which are cookies without an expiration 195 * date. 196 * @deprecated use {@link #removeSessionCookies(ValueCallback)} instead. 197 */ 198 @Deprecated removeSessionCookie()199 public abstract void removeSessionCookie(); 200 201 /** 202 * Removes all session cookies, which are cookies without an expiration 203 * date. 204 * <p> 205 * This method is asynchronous. 206 * If a {@link ValueCallback} is provided, 207 * {@link ValueCallback#onReceiveValue(T) onReceiveValue()} will be called on the current 208 * thread's {@link android.os.Looper} once the operation is complete. 209 * The value provided to the callback indicates whether any cookies were removed. 210 * You can pass {@code null} as the callback if you don't need to know when the operation 211 * completes or whether any cookie were removed, and in this case it is safe to call the 212 * method from a thread without a Looper. 213 * @param callback a callback which is executed when the session cookies have been removed 214 */ removeSessionCookies(@ullable ValueCallback<Boolean> callback)215 public abstract void removeSessionCookies(@Nullable ValueCallback<Boolean> callback); 216 217 /** 218 * Removes all cookies. 219 * @deprecated Use {@link #removeAllCookies(ValueCallback)} instead. 220 */ 221 @Deprecated removeAllCookie()222 public abstract void removeAllCookie(); 223 224 /** 225 * Removes all cookies. 226 * <p> 227 * This method is asynchronous. 228 * If a {@link ValueCallback} is provided, 229 * {@link ValueCallback#onReceiveValue(T) onReceiveValue()} will be called on the current 230 * thread's {@link android.os.Looper} once the operation is complete. 231 * The value provided to the callback indicates whether any cookies were removed. 232 * You can pass {@code null} as the callback if you don't need to know when the operation 233 * completes or whether any cookies were removed, and in this case it is safe to call the 234 * method from a thread without a Looper. 235 * @param callback a callback which is executed when the cookies have been removed 236 */ removeAllCookies(@ullable ValueCallback<Boolean> callback)237 public abstract void removeAllCookies(@Nullable ValueCallback<Boolean> callback); 238 239 /** 240 * Gets whether there are stored cookies. 241 * 242 * @return {@code true} if there are stored cookies 243 */ hasCookies()244 public abstract boolean hasCookies(); 245 246 /** 247 * See {@link #hasCookies()}. 248 * 249 * @param privateBrowsing whether to use the private browsing cookie jar 250 * @hide Used by Browser and WebViewProvider implementations. 251 */ 252 @SuppressWarnings("HiddenAbstractMethod") 253 @SystemApi hasCookies(boolean privateBrowsing)254 public abstract boolean hasCookies(boolean privateBrowsing); 255 256 /** 257 * Removes all expired cookies. 258 * @deprecated The WebView handles removing expired cookies automatically. 259 */ 260 @Deprecated removeExpiredCookie()261 public abstract void removeExpiredCookie(); 262 263 /** 264 * Ensures all cookies currently accessible through the getCookie API are 265 * written to persistent storage. 266 * This call will block the caller until it is done and may perform I/O. 267 */ flush()268 public abstract void flush(); 269 270 /** 271 * Gets whether the application's {@link WebView} instances send and accept 272 * cookies for file scheme URLs. 273 * 274 * @return {@code true} if {@link WebView} instances send and accept cookies for 275 * file scheme URLs 276 */ 277 // Static for backward compatibility. allowFileSchemeCookies()278 public static boolean allowFileSchemeCookies() { 279 return getInstance().allowFileSchemeCookiesImpl(); 280 } 281 282 /** 283 * Implements {@link #allowFileSchemeCookies()}. 284 * 285 * @hide Only for use by WebViewProvider implementations 286 */ 287 @SuppressWarnings("HiddenAbstractMethod") 288 @SystemApi allowFileSchemeCookiesImpl()289 protected abstract boolean allowFileSchemeCookiesImpl(); 290 291 /** 292 * Sets whether the application's {@link WebView} instances should send and accept cookies for 293 * file scheme URLs. 294 * <p> 295 * Use of cookies with file scheme URLs is potentially insecure and turned off by default. All 296 * {@code file://} URLs share all their cookies, which may lead to leaking private app cookies 297 * (ex. any malicious file can access cookies previously set by other (trusted) files). 298 * <p class="note"> 299 * Loading content via {@code file://} URLs is generally discouraged. See the note in 300 * {@link WebSettings#setAllowFileAccess}. 301 * Using <a href="{@docRoot}reference/androidx/webkit/WebViewAssetLoader.html"> 302 * androidx.webkit.WebViewAssetLoader</a> to load files over {@code http(s)://} URLs allows 303 * the standard web security model to be used for setting and sharing cookies for local files. 304 * <p> 305 * Note that calls to this method will have no effect if made after calling other 306 * {@link CookieManager} APIs. 307 * 308 * @deprecated This setting is not secure, please use 309 * <a href="{@docRoot}reference/androidx/webkit/WebViewAssetLoader.html"> 310 * androidx.webkit.WebViewAssetLoader</a> instead. 311 */ 312 // Static for backward compatibility. 313 @Deprecated setAcceptFileSchemeCookies(boolean accept)314 public static void setAcceptFileSchemeCookies(boolean accept) { 315 getInstance().setAcceptFileSchemeCookiesImpl(accept); 316 } 317 318 /** 319 * Implements {@link #setAcceptFileSchemeCookies(boolean)}. 320 * 321 * @hide Only for use by WebViewProvider implementations 322 */ 323 @SuppressWarnings("HiddenAbstractMethod") 324 @SystemApi setAcceptFileSchemeCookiesImpl(boolean accept)325 protected abstract void setAcceptFileSchemeCookiesImpl(boolean accept); 326 } 327