| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <string> | 5 #include <string> |
| 6 | 6 |
| 7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
| 8 #include "base/files/file_path.h" | 8 #include "base/files/file_path.h" |
| 9 #include "base/test/histogram_tester.h" | 9 #include "base/test/histogram_tester.h" |
| 10 #include "content/browser/bad_message.h" | 10 #include "content/browser/bad_message.h" |
| (...skipping 93 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 104 EXPECT_EQ("B=2; D=4", GetCookieFromJS(web_contents_http->GetMainFrame())); | 104 EXPECT_EQ("B=2; D=4", GetCookieFromJS(web_contents_http->GetMainFrame())); |
| 105 } | 105 } |
| 106 | 106 |
| 107 // SameSite cookies (that aren't marked as http-only) should be available to | 107 // SameSite cookies (that aren't marked as http-only) should be available to |
| 108 // JavaScript. | 108 // JavaScript. |
| 109 IN_PROC_BROWSER_TEST_F(RenderFrameMessageFilterBrowserTest, SameSiteCookies) { | 109 IN_PROC_BROWSER_TEST_F(RenderFrameMessageFilterBrowserTest, SameSiteCookies) { |
| 110 host_resolver()->AddRule("*", "127.0.0.1"); | 110 host_resolver()->AddRule("*", "127.0.0.1"); |
| 111 ASSERT_TRUE(embedded_test_server()->Start()); | 111 ASSERT_TRUE(embedded_test_server()->Start()); |
| 112 SetupCrossSiteRedirector(embedded_test_server()); | 112 SetupCrossSiteRedirector(embedded_test_server()); |
| 113 | 113 |
| 114 // The server sends a SameSite cookie. The RenderFrameMessageFilter should | 114 // The server sets five cookies on '127.0.0.1' and on 'baz.com', then loads a |
| 115 // allow this to be sent to the renderer. | 115 // page that frames 'baz.com' inside '127.0.0.1'. |
| 116 GURL url = embedded_test_server()->GetURL("/set-cookie?samesite=1;SameSite"); | 116 std::string cookies_to_set = |
| 117 "/set-cookie?normal=1" |
| 118 "&strict=1;SameSite=Strict" |
| 119 "&lax=1;SameSite=Lax" |
| 120 "&strict-http=1;SameSite=Strict;httponly" |
| 121 "&lax-http=1;SameSite=Lax;httponly"; |
| 122 |
| 123 GURL url = embedded_test_server()->GetURL("127.0.0.1", cookies_to_set); |
| 124 NavigateToURL(shell(), url); |
| 125 url = embedded_test_server()->GetURL("baz.com", cookies_to_set); |
| 126 NavigateToURL(shell(), url); |
| 127 url = embedded_test_server()->GetURL("127.0.0.1", |
| 128 "/frame_with_load_event.html"); |
| 117 NavigateToURL(shell(), url); | 129 NavigateToURL(shell(), url); |
| 118 | 130 |
| 119 WebContentsImpl* web_contents = | 131 WebContentsImpl* web_contents = |
| 120 static_cast<WebContentsImpl*>(shell()->web_contents()); | 132 static_cast<WebContentsImpl*>(shell()->web_contents()); |
| 121 EXPECT_EQ("http://127.0.0.1/", | 133 RenderFrameHost* main_frame = web_contents->GetMainFrame(); |
| 122 web_contents->GetSiteInstance()->GetSiteURL().spec()); | 134 RenderFrameHost* iframe = |
| 135 web_contents->GetFrameTree()->root()->child_at(0)->current_frame_host(); |
| 123 | 136 |
| 124 EXPECT_EQ("samesite=1", GetCookieFromJS(web_contents->GetMainFrame())); | 137 // The top-level frame should get both kinds of same-site cookies. |
| 138 EXPECT_EQ("normal=1; strict=1; lax=1", GetCookieFromJS(main_frame)); |
| 139 |
| 140 // Same-site cookies should not be delievered to the frame, as it isn't |
| 141 // same-site with its ancestors. |
| 142 EXPECT_EQ("normal=1", GetCookieFromJS(iframe)); |
| 125 } | 143 } |
| 126 | 144 |
| 127 // The RenderFrameMessageFilter will kill processes when they access the cookies | 145 // The RenderFrameMessageFilter will kill processes when they access the cookies |
| 128 // of sites other than the site the process is dedicated to, under site | 146 // of sites other than the site the process is dedicated to, under site |
| 129 // isolation. | 147 // isolation. |
| 130 IN_PROC_BROWSER_TEST_F(RenderFrameMessageFilterBrowserTest, | 148 IN_PROC_BROWSER_TEST_F(RenderFrameMessageFilterBrowserTest, |
| 131 CrossSiteCookieSecurityEnforcement) { | 149 CrossSiteCookieSecurityEnforcement) { |
| 132 // The code under test is only active under site isolation. | 150 // The code under test is only active under site isolation. |
| 133 if (!AreAllSitesIsolatedForTesting()) { | 151 if (!AreAllSitesIsolatedForTesting()) { |
| 134 return; | 152 return; |
| (...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 224 // If the message had gone through, we'd have marked the RFH as dead but | 242 // If the message had gone through, we'd have marked the RFH as dead but |
| 225 // left the RPH and its connection alive, and the Wait below would hang. | 243 // left the RPH and its connection alive, and the Wait below would hang. |
| 226 web_process_killed.Wait(); | 244 web_process_killed.Wait(); |
| 227 | 245 |
| 228 ASSERT_FALSE(web_rfh->GetProcess()->HasConnection()); | 246 ASSERT_FALSE(web_rfh->GetProcess()->HasConnection()); |
| 229 ASSERT_FALSE(web_rfh->IsRenderFrameLive()); | 247 ASSERT_FALSE(web_rfh->IsRenderFrameLive()); |
| 230 ASSERT_FALSE(web_process_killed.did_exit_normally()); | 248 ASSERT_FALSE(web_process_killed.did_exit_normally()); |
| 231 } | 249 } |
| 232 | 250 |
| 233 } // namespace content | 251 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1783813002:
SameSite: Strict/Lax behavior. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@strict-lax