dotnet · amcasey · Apr 25, 2024 · Apr 25, 2024 · Apr 26, 2024 · Apr 26, 2024
@@ -1 +1,3 @@
 #nullable enable
+Microsoft.Net.Http.Headers.SetCookieHeaderValue.Partitioned.get -> bool
+Microsoft.Net.Http.Headers.SetCookieHeaderValue.Partitioned.set -> void
@@ -30,6 +30,7 @@ public class SetCookieHeaderValue
     private static readonly string SameSiteStrictToken = SameSiteMode.Strict.ToString().ToLowerInvariant();
 
     private const string HttpOnlyToken = "httponly";
+    private const string PartitionedToken = "partitioned";
     private const string SeparatorToken = "; ";
     private const string EqualsToken = "=";
     private const int ExpiresDateLength = 29;
@@ -176,6 +177,16 @@ public StringSegment Value
     /// <remarks>See <see href="https://tools.ietf.org/html/rfc6265#section-4.1.2.6"/>.</remarks>
     public bool HttpOnly { get; set; }
 
+    /// <summary>
+    /// Gets or sets a value for the <c>Partitioned</c> cookie attribute.
+    /// <para>
+    /// Partitioned instructs the user agent to
+    /// omit the cookie when providing access to cookies on a different top-level site
+    /// as part of CHIPS (Cookies Having Independent Partitioned State).
+    /// </para>
+    /// </summary>
+    public bool Partitioned { get; set; }
+
     /// <summary>
     /// Gets a collection of additional values to append to the cookie.
     /// </summary>
@@ -241,6 +252,11 @@ public override string ToString()
             length += SeparatorToken.Length + HttpOnlyToken.Length;
         }
 
+        if (Partitioned)
+        {
+            length += SeparatorToken.Length + PartitionedToken.Length;
+        }
+
         if (_extensions?.Count > 0)
         {
             foreach (var extension in _extensions)
@@ -299,6 +315,11 @@ public override string ToString()
                 AppendSegment(ref span, HttpOnlyToken, null);
             }
 
+            if (headerValue.Partitioned)
+            {
+                AppendSegment(ref span, PartitionedToken, null);
+            }
+
             if (_extensions?.Count > 0)
             {
                 foreach (var extension in _extensions)
@@ -384,6 +405,11 @@ public void AppendToStringBuilder(StringBuilder builder)
             AppendSegment(builder, HttpOnlyToken, null);
         }
 
+        if (Partitioned)
+        {
+            AppendSegment(builder, PartitionedToken, null);
+        }
+
         if (_extensions?.Count > 0)
         {
             foreach (var extension in _extensions)
@@ -654,6 +680,11 @@ private static int GetSetCookieLength(StringSegment input, int startIndex, out S
             {
                 result.HttpOnly = true;
             }
+            // partitioned-av = "Partitioned"
+            else if (StringSegment.Equals(token, PartitionedToken, StringComparison.OrdinalIgnoreCase))
+            {
+                result.Partitioned = true;
+            }
             // extension-av = <any CHAR except CTLs or ";">
             else
             {
@@ -729,6 +760,7 @@ public override bool Equals(object? obj)
             && Secure == other.Secure
             && SameSite == other.SameSite
             && HttpOnly == other.HttpOnly
+            && Partitioned == other.Partitioned
             && HeaderUtilities.AreEqualCollections(_extensions, other._extensions, StringSegmentComparer.OrdinalIgnoreCase);
     }
 
@@ -743,7 +775,8 @@ public override int GetHashCode()
             ^ (Path != null ? StringSegmentComparer.OrdinalIgnoreCase.GetHashCode(Path) : 0)
             ^ Secure.GetHashCode()
             ^ SameSite.GetHashCode()
-            ^ HttpOnly.GetHashCode();
+            ^ HttpOnly.GetHashCode()
+            ^ Partitioned.GetHashCode();
 
         if (_extensions?.Count > 0)
         {

@@ -49,6 +49,15 @@ public virtual string? Name
     /// </remarks>
     public virtual bool HttpOnly { get; set; }
 
+    /// <summary>
+    /// Gets or sets a value that indicates whether a cookie is partitioned across different sites.
+    /// Opts in to CHIPS (Cookies Having Independent Partitioned State).
+    /// </summary>
+    /// <remarks>
+    /// Determines the value that will be set on <see cref="CookieOptions.Partitioned"/>.
+    /// </remarks>
+    public virtual bool Partitioned { get; set; }
+
     /// <summary>
     /// The SameSite attribute of the cookie. The default value is <see cref="SameSiteMode.Unspecified"/>
     /// but specific components may use a different value.
@@ -111,6 +120,7 @@ public virtual CookieOptions Build(HttpContext context, DateTimeOffset expiresFr
             Path = Path ?? "/",
             SameSite = SameSite,
             HttpOnly = HttpOnly,
+            Partitioned = Partitioned,
             MaxAge = MaxAge,
             Domain = Domain,
             IsEssential = IsEssential,

@@ -4,3 +4,5 @@ Microsoft.AspNetCore.Http.HostString.HostString(string? value) -> void
 *REMOVED*Microsoft.AspNetCore.Http.HostString.Value.get -> string!
 Microsoft.AspNetCore.Http.HostString.Value.get -> string?
 Microsoft.AspNetCore.Http.HttpValidationProblemDetails.HttpValidationProblemDetails(System.Collections.Generic.IEnumerable<System.Collections.Generic.KeyValuePair<string!, string![]!>>! errors) -> void
+virtual Microsoft.AspNetCore.Http.CookieBuilder.Partitioned.get -> bool
+virtual Microsoft.AspNetCore.Http.CookieBuilder.Partitioned.set -> void
@@ -40,6 +40,7 @@ public CookieOptions(CookieOptions options)
         Secure = options.Secure;
         SameSite = options.SameSite;
         HttpOnly = options.HttpOnly;
+        Partitioned = options.Partitioned;
         MaxAge = options.MaxAge;
         IsEssential = options.IsEssential;
 
@@ -85,6 +86,13 @@ public CookieOptions(CookieOptions options)
     /// <returns>true if a cookie must not be accessible by client-side script; otherwise, false.</returns>
     public bool HttpOnly { get; set; }
 
+    /// <summary>
+    /// Gets or sets a value that indicates whether a cookie is partitioned across different sites.
+    /// Opts in to CHIPS (Cookies Having Independent Partitioned State).
+    /// </summary>
+    /// <returns>true if a cookie is partitioned; otherwise, false.</returns>
+    public bool Partitioned { get; set; }
+
     /// <summary>
     /// Gets or sets the max-age for the cookie.
     /// </summary>
@@ -117,6 +125,7 @@ public SetCookieHeaderValue CreateCookieHeader(string name, string value)
             Expires = Expires,
             Secure = Secure,
             HttpOnly = HttpOnly,
+            Partitioned = Partitioned,
             MaxAge = MaxAge,
             SameSite = (Net.Http.Headers.SameSiteMode)SameSite,
         };

@@ -1 +1,3 @@
 #nullable enable
+Microsoft.AspNetCore.Http.CookieOptions.Partitioned.get -> bool
+Microsoft.AspNetCore.Http.CookieOptions.Partitioned.set -> void
@@ -1,6 +1,7 @@
 // Licensed to the .NET Foundation under one or more agreements.
 // The .NET Foundation licenses this file to you under the MIT license.
 
+using System.Diagnostics.CodeAnalysis;
 using Microsoft.AspNetCore.Http.Features;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
@@ -15,7 +16,9 @@ namespace Microsoft.AspNetCore.Http;
 internal sealed partial class ResponseCookies : IResponseCookies
 {
     private readonly IFeatureCollection _features;
+
     private ILogger? _logger;
+    private bool _retrievedLogger;
 
     /// <summary>
     /// Create a new wrapper.
@@ -45,19 +48,10 @@ public void Append(string key, string value, CookieOptions options)
     {
         ArgumentNullException.ThrowIfNull(options);
 
-        // SameSite=None cookies must be marked as Secure.
-        if (!options.Secure && options.SameSite == SameSiteMode.None)
+        var messagesToLog = GetMessagesToLog(options);
+        if (messagesToLog != MessagesToLog.None && TryGetLogger(out var logger))
         {
-            if (_logger == null)
-            {
-                var services = _features.Get<IServiceProvidersFeature>()?.RequestServices;
-                _logger = services?.GetService<ILogger<ResponseCookies>>();
-            }
-
-            if (_logger != null)
-            {
-                Log.SameSiteCookieNotSecure(_logger, key);
-            }
+            LogMessages(logger, messagesToLog, key);
         }
 
         var cookie = options.CreateCookieHeader(key, Uri.EscapeDataString(value)).ToString();
@@ -69,21 +63,12 @@ public void Append(ReadOnlySpan<KeyValuePair<string, string>> keyValuePairs, Coo
     {
         ArgumentNullException.ThrowIfNull(options);
 
-        // SameSite=None cookies must be marked as Secure.
-        if (!options.Secure && options.SameSite == SameSiteMode.None)
+        var messagesToLog = GetMessagesToLog(options);
+        if (messagesToLog != MessagesToLog.None && TryGetLogger(out var logger))
         {
-            if (_logger == null)
+            foreach (var keyValuePair in keyValuePairs)
             {
-                var services = _features.Get<IServiceProvidersFeature>()?.RequestServices;
-                _logger = services?.GetService<ILogger<ResponseCookies>>();
-            }
-
-            if (_logger != null)
-            {
-                foreach (var keyValuePair in keyValuePairs)
-                {
-                    Log.SameSiteCookieNotSecure(_logger, keyValuePair.Key);
-                }
+                LogMessages(logger, messagesToLog, keyValuePair.Key);
             }
         }
 
@@ -167,9 +152,95 @@ public void Delete(string key, CookieOptions options)
         });
     }
 
+    private bool TryGetLogger([NotNullWhen(true)] out ILogger? logger)
+    {
+        if (!_retrievedLogger)
+        {
+            _retrievedLogger = true;
+            var services = _features.Get<IServiceProvidersFeature>()?.RequestServices;
+            _logger = services?.GetService<ILogger<ResponseCookies>>();
+        }
+
+        logger = _logger;
+        return logger is not null;
+    }
+
+    private static MessagesToLog GetMessagesToLog(CookieOptions options)
+    {
+        var toLog = MessagesToLog.None;
+
+        if (!options.Secure && options.SameSite == SameSiteMode.None)
+        {
+            toLog |= MessagesToLog.SameSiteNotSecure;
+        }
+
+        if (options.Partitioned)
+        {
+            if (!options.Secure)
+            {
+                toLog |= MessagesToLog.PartitionedNotSecure;
+            }
+
+            if (options.SameSite != SameSiteMode.None)
+            {
+                toLog |= MessagesToLog.PartitionedNotSameSiteNone;
+            }
+
+            // Chromium checks this
+            if (options.Path != "/")
+            {
+                toLog |= MessagesToLog.PartitionedNotPathRoot;
+            }
+        }
+
+        return toLog;
+    }
+
+    private static void LogMessages(ILogger logger, MessagesToLog messages, string cookieName)
+    {
+        if ((messages & MessagesToLog.SameSiteNotSecure) != 0)
+        {
+            Log.SameSiteCookieNotSecure(logger, cookieName);
+        }
+
+        if ((messages & MessagesToLog.PartitionedNotSecure) != 0)
+        {
+            Log.PartitionedCookieNotSecure(logger, cookieName);
+        }
+
+        if ((messages & MessagesToLog.PartitionedNotSameSiteNone) != 0)
+        {
+            Log.PartitionedCookieNotSameSiteNone(logger, cookieName);
+        }
+
+        if ((messages & MessagesToLog.PartitionedNotPathRoot) != 0)
+        {
+            Log.PartitionedCookieNotPathRoot(logger, cookieName);
+        }
+    }
+
+    [Flags]
+    private enum MessagesToLog
-    private enum MessagesToLog
+    private enum MessagesToLog : byte
-    private enum MessagesToLog
+    private enum MessagesToLog : byte
+    {
+        None,
+        SameSiteNotSecure = 1 << 0,
+        PartitionedNotSecure = 1 << 1,
+        PartitionedNotSameSiteNone = 1 << 2,
+        PartitionedNotPathRoot = 1 << 3,
+    }
+
     private static partial class Log
     {
-        [LoggerMessage(1, LogLevel.Warning, "The cookie '{name}' has set 'SameSite=None' and must also set 'Secure'.", EventName = "SameSiteNotSecure")]
+        [LoggerMessage(1, LogLevel.Warning, "The cookie '{name}' has set 'SameSite=None' and must also set 'Secure'. This cookie will likely be rejected by the client.", EventName = "SameSiteNotSecure")]
         public static partial void SameSiteCookieNotSecure(ILogger logger, string name);
+
+        [LoggerMessage(2, LogLevel.Warning, "The cookie '{name}' has set 'Partitioned' and must also set 'Secure'. This cookie will likely be rejected by the client.", EventName = "PartitionedNotSecure")]
+        public static partial void PartitionedCookieNotSecure(ILogger logger, string name);
+
+        [LoggerMessage(3, LogLevel.Debug, "The cookie '{name}' has set 'Partitioned' and should also set 'SameSite=None'. This cookie will likely be rejected by the client.", EventName = "PartitionedNotSameSiteNone")]
+        public static partial void PartitionedCookieNotSameSiteNone(ILogger logger, string name);
+
+        [LoggerMessage(4, LogLevel.Debug, "The cookie '{name}' has set 'Partitioned' and should also set 'Path=/'. This cookie may be rejected by the client.", EventName = "PartitionedNotPathRoot")]
+        public static partial void PartitionedCookieNotPathRoot(ILogger logger, string name);
     }
 }
@@ -23,6 +23,7 @@ public void CopyCtor_AllPropertiesCopied()
             HttpOnly = true,
             IsEssential = true,
             MaxAge = TimeSpan.FromSeconds(10),
+            Partitioned = true,
             Path = "/foo",
             Secure = true,
             SameSite = SameSiteMode.Strict,
@@ -40,6 +41,7 @@ public void CopyCtor_AllPropertiesCopied()
                 case "HttpOnly":
                 case "IsEssential":
                 case "MaxAge":
+                case "Partitioned":
                 case "Path":
                 case "Secure":
                 case "SameSite":