| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <utility> | 5 #include <utility> |
| 6 | 6 |
| 7 #include "build/build_config.h" | 7 #include "build/build_config.h" |
| 8 | 8 |
| 9 #if defined(OS_WIN) | 9 #if defined(OS_WIN) |
| 10 #include <windows.h> | 10 #include <windows.h> |
| (...skipping 2646 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2657 | 2657 |
| 2658 TestNetworkDelegate network_delegate; | 2658 TestNetworkDelegate network_delegate; |
| 2659 network_delegate.set_experimental_cookie_features_enabled(true); | 2659 network_delegate.set_experimental_cookie_features_enabled(true); |
| 2660 default_context_.set_network_delegate(&network_delegate); | 2660 default_context_.set_network_delegate(&network_delegate); |
| 2661 | 2661 |
| 2662 // Set up a 'SameSite' cookie (on '127.0.0.1', as that's where | 2662 // Set up a 'SameSite' cookie (on '127.0.0.1', as that's where |
| 2663 // LocalHttpTestServer points). | 2663 // LocalHttpTestServer points). |
| 2664 { | 2664 { |
| 2665 TestDelegate d; | 2665 TestDelegate d; |
| 2666 scoped_ptr<URLRequest> req(default_context_.CreateRequest( | 2666 scoped_ptr<URLRequest> req(default_context_.CreateRequest( |
| 2667 test_server.GetURL("/set-cookie?SameSiteCookieToSet=1;SameSite=Strict"), | 2667 test_server.GetURL("/set-cookie?StrictSameSiteCookie=1;SameSite=Strict&L
axSameSiteCookie=1;SameSite=Lax"), |
| 2668 DEFAULT_PRIORITY, &d)); | 2668 DEFAULT_PRIORITY, &d)); |
| 2669 req->Start(); | 2669 req->Start(); |
| 2670 base::RunLoop().Run(); | 2670 base::RunLoop().Run(); |
| 2671 EXPECT_EQ(0, network_delegate.blocked_get_cookies_count()); | 2671 EXPECT_EQ(0, network_delegate.blocked_get_cookies_count()); |
| 2672 EXPECT_EQ(0, network_delegate.blocked_set_cookie_count()); | 2672 EXPECT_EQ(0, network_delegate.blocked_set_cookie_count()); |
| 2673 EXPECT_EQ(1, network_delegate.set_cookie_count()); | 2673 EXPECT_EQ(2, network_delegate.set_cookie_count()); |
| 2674 } | 2674 } |
| 2675 | 2675 |
| 2676 // Verify that the cookie is sent for same-site requests. | 2676 // Verify that both cookies are sent for same-site requests. |
| 2677 { | 2677 { |
| 2678 TestDelegate d; | 2678 TestDelegate d; |
| 2679 scoped_ptr<URLRequest> req(default_context_.CreateRequest( | 2679 scoped_ptr<URLRequest> req(default_context_.CreateRequest( |
| 2680 test_server.GetURL("/echoheader?Cookie"), DEFAULT_PRIORITY, &d)); | 2680 test_server.GetURL("/echoheader?Cookie"), DEFAULT_PRIORITY, &d)); |
| 2681 req->set_first_party_for_cookies(test_server.GetURL("/")); | 2681 req->set_first_party_for_cookies(test_server.GetURL("/")); |
| 2682 req->set_initiator(url::Origin(test_server.GetURL("/"))); | 2682 req->set_initiator(url::Origin(test_server.GetURL("/"))); |
| 2683 req->Start(); | 2683 req->Start(); |
| 2684 base::RunLoop().Run(); | 2684 base::RunLoop().Run(); |
| 2685 | 2685 |
| 2686 EXPECT_TRUE(d.data_received().find("SameSiteCookieToSet=1") != | 2686 EXPECT_NE(std::string::npos, d.data_received().find("StrictSameSiteCookie=1"
)); |
| 2687 std::string::npos); | 2687 EXPECT_NE(std::string::npos, d.data_received().find("LaxSameSiteCookie=1")); |
| 2688 EXPECT_EQ(0, network_delegate.blocked_get_cookies_count()); | 2688 EXPECT_EQ(0, network_delegate.blocked_get_cookies_count()); |
| 2689 EXPECT_EQ(0, network_delegate.blocked_set_cookie_count()); | 2689 EXPECT_EQ(0, network_delegate.blocked_set_cookie_count()); |
| 2690 } | 2690 } |
| 2691 | 2691 |
| 2692 // Verify that the cookie is not sent for cross-site requests. | 2692 // Verify that neither cookie is not sent for cross-site requests. |
| 2693 { | 2693 { |
| 2694 TestDelegate d; | 2694 TestDelegate d; |
| 2695 scoped_ptr<URLRequest> req(default_context_.CreateRequest( | 2695 scoped_ptr<URLRequest> req(default_context_.CreateRequest( |
| 2696 test_server.GetURL("/echoheader?Cookie"), DEFAULT_PRIORITY, &d)); | 2696 test_server.GetURL("/echoheader?Cookie"), DEFAULT_PRIORITY, &d)); |
| 2697 req->set_first_party_for_cookies(GURL("http://cross-site.test/")); | 2697 req->set_first_party_for_cookies(GURL("http://cross-site.test/")); |
| 2698 req->set_initiator(url::Origin(GURL("http://cross-site.test/"))); | 2698 req->set_initiator(url::Origin(GURL("http://cross-site.test/"))); |
| 2699 req->Start(); | 2699 req->Start(); |
| 2700 base::RunLoop().Run(); | 2700 base::RunLoop().Run(); |
| 2701 | 2701 |
| 2702 EXPECT_TRUE(d.data_received().find("SameSiteCookieToSet=1") == | 2702 EXPECT_EQ(std::string::npos, d.data_received().find("StrictSameSiteCookie=1"
)); |
| 2703 std::string::npos); | 2703 EXPECT_EQ(std::string::npos, d.data_received().find("LaxSameSiteCookie=1")); |
| 2704 EXPECT_EQ(0, network_delegate.blocked_get_cookies_count()); | 2704 EXPECT_EQ(0, network_delegate.blocked_get_cookies_count()); |
| 2705 EXPECT_EQ(0, network_delegate.blocked_set_cookie_count()); | 2705 EXPECT_EQ(0, network_delegate.blocked_set_cookie_count()); |
| 2706 } | 2706 } |
| 2707 | 2707 |
| 2708 // Verify that the cookie is sent for cross-site initiators when the | 2708 // Verify that the lax cookie is sent for cross-site initiators when the |
| 2709 // method is "safe". | 2709 // method is "safe". |
| 2710 { | 2710 { |
| 2711 TestDelegate d; | 2711 TestDelegate d; |
| 2712 scoped_ptr<URLRequest> req(default_context_.CreateRequest( | 2712 scoped_ptr<URLRequest> req(default_context_.CreateRequest( |
| 2713 test_server.GetURL("/echoheader?Cookie"), DEFAULT_PRIORITY, &d)); | 2713 test_server.GetURL("/echoheader?Cookie"), DEFAULT_PRIORITY, &d)); |
| 2714 req->set_first_party_for_cookies(test_server.GetURL("/")); | 2714 req->set_first_party_for_cookies(test_server.GetURL("/")); |
| 2715 req->set_initiator(url::Origin(GURL("http://cross-site.test/"))); | 2715 req->set_initiator(url::Origin(GURL("http://cross-site.test/"))); |
| 2716 req->Start(); | 2716 req->Start(); |
| 2717 base::RunLoop().Run(); | 2717 base::RunLoop().Run(); |
| 2718 | 2718 |
| 2719 EXPECT_FALSE(d.data_received().find("SameSiteCookieToSet=1") == | 2719 EXPECT_EQ(std::string::npos, d.data_received().find("StrictSameSiteCookie=1"
)); |
| 2720 std::string::npos); | 2720 EXPECT_NE(std::string::npos, d.data_received().find("LaxSameSiteCookie=1")); |
| 2721 EXPECT_EQ(0, network_delegate.blocked_get_cookies_count()); | 2721 EXPECT_EQ(0, network_delegate.blocked_get_cookies_count()); |
| 2722 EXPECT_EQ(0, network_delegate.blocked_set_cookie_count()); | 2722 EXPECT_EQ(0, network_delegate.blocked_set_cookie_count()); |
| 2723 } | 2723 } |
| 2724 | 2724 |
| 2725 // Verify that the cookie is not sent for cross-site initiators when the | 2725 // Verify that neither cookie is sent for cross-site initiators when the |
| 2726 // method is unsafe (e.g. POST). | 2726 // method is unsafe (e.g. POST). |
| 2727 { | 2727 { |
| 2728 TestDelegate d; | 2728 TestDelegate d; |
| 2729 scoped_ptr<URLRequest> req(default_context_.CreateRequest( | 2729 scoped_ptr<URLRequest> req(default_context_.CreateRequest( |
| 2730 test_server.GetURL("/echoheader?Cookie"), DEFAULT_PRIORITY, &d)); | 2730 test_server.GetURL("/echoheader?Cookie"), DEFAULT_PRIORITY, &d)); |
| 2731 req->set_first_party_for_cookies(test_server.GetURL("/")); | 2731 req->set_first_party_for_cookies(test_server.GetURL("/")); |
| 2732 req->set_initiator(url::Origin(GURL("http://cross-site.test/"))); | 2732 req->set_initiator(url::Origin(GURL("http://cross-site.test/"))); |
| 2733 req->set_method("POST"); | 2733 req->set_method("POST"); |
| 2734 req->Start(); | 2734 req->Start(); |
| 2735 base::RunLoop().Run(); | 2735 base::RunLoop().Run(); |
| 2736 | 2736 |
| 2737 EXPECT_TRUE(d.data_received().find("SameSiteCookieToSet=1") == | 2737 EXPECT_EQ(std::string::npos, d.data_received().find("StrictSameSiteCookie=1"
)); |
| 2738 std::string::npos); | 2738 EXPECT_EQ(std::string::npos, d.data_received().find("LaxSameSiteCookie=1")); |
| 2739 EXPECT_EQ(0, network_delegate.blocked_get_cookies_count()); | 2739 EXPECT_EQ(0, network_delegate.blocked_get_cookies_count()); |
| 2740 EXPECT_EQ(0, network_delegate.blocked_set_cookie_count()); | 2740 EXPECT_EQ(0, network_delegate.blocked_set_cookie_count()); |
| 2741 } | 2741 } |
| 2742 } | 2742 } |
| 2743 | 2743 |
| 2744 TEST_F(URLRequestTest, SameSiteCookiesDisabled) { | 2744 TEST_F(URLRequestTest, SameSiteCookiesDisabled) { |
| 2745 LocalHttpTestServer test_server; | 2745 LocalHttpTestServer test_server; |
| 2746 ASSERT_TRUE(test_server.Start()); | 2746 ASSERT_TRUE(test_server.Start()); |
| 2747 | 2747 |
| 2748 // Set up a 'SameSite' cookie (on '127.0.0.1', as that's where | 2748 // Set up a 'SameSite' cookie (on '127.0.0.1', as that's where |
| 2749 // LocalHttpTestServer points). | 2749 // LocalHttpTestServer points). |
| 2750 { | 2750 { |
| 2751 TestNetworkDelegate network_delegate; | 2751 TestNetworkDelegate network_delegate; |
| 2752 network_delegate.set_experimental_cookie_features_enabled(false); | 2752 network_delegate.set_experimental_cookie_features_enabled(false); |
| 2753 default_context_.set_network_delegate(&network_delegate); | 2753 default_context_.set_network_delegate(&network_delegate); |
| 2754 | 2754 |
| 2755 TestDelegate d; | 2755 TestDelegate d; |
| 2756 scoped_ptr<URLRequest> req(default_context_.CreateRequest( | 2756 scoped_ptr<URLRequest> req(default_context_.CreateRequest( |
| 2757 test_server.GetURL("/set-cookie?SameSiteCookieToSet=1;SameSite"), | 2757 test_server.GetURL("/set-cookie?StrictSameSiteCookie=1;SameSite=Strict&L
axSameSiteCookie=1;SameSite=Lax"), |
| 2758 DEFAULT_PRIORITY, &d)); | 2758 DEFAULT_PRIORITY, &d)); |
| 2759 req->Start(); | 2759 req->Start(); |
| 2760 base::RunLoop().Run(); | 2760 base::RunLoop().Run(); |
| 2761 EXPECT_EQ(0, network_delegate.blocked_get_cookies_count()); | 2761 EXPECT_EQ(0, network_delegate.blocked_get_cookies_count()); |
| 2762 EXPECT_EQ(0, network_delegate.blocked_set_cookie_count()); | 2762 EXPECT_EQ(0, network_delegate.blocked_set_cookie_count()); |
| 2763 EXPECT_EQ(1, network_delegate.set_cookie_count()); | 2763 EXPECT_EQ(2, network_delegate.set_cookie_count()); |
| 2764 } | 2764 } |
| 2765 | 2765 |
| 2766 // Verify that the cookie is sent for same-site requests. | 2766 // Verify that the cookie is sent for same-site requests. |
| 2767 { | 2767 { |
| 2768 TestNetworkDelegate network_delegate; | 2768 TestNetworkDelegate network_delegate; |
| 2769 network_delegate.set_experimental_cookie_features_enabled(false); | 2769 network_delegate.set_experimental_cookie_features_enabled(false); |
| 2770 default_context_.set_network_delegate(&network_delegate); | 2770 default_context_.set_network_delegate(&network_delegate); |
| 2771 TestDelegate d; | 2771 TestDelegate d; |
| 2772 scoped_ptr<URLRequest> req(default_context_.CreateRequest( | 2772 scoped_ptr<URLRequest> req(default_context_.CreateRequest( |
| 2773 test_server.GetURL("/echoheader?Cookie"), DEFAULT_PRIORITY, &d)); | 2773 test_server.GetURL("/echoheader?Cookie"), DEFAULT_PRIORITY, &d)); |
| 2774 req->set_first_party_for_cookies(test_server.GetURL("/")); | 2774 req->set_first_party_for_cookies(test_server.GetURL("/")); |
| 2775 req->Start(); | 2775 req->Start(); |
| 2776 base::RunLoop().Run(); | 2776 base::RunLoop().Run(); |
| 2777 | 2777 |
| 2778 EXPECT_TRUE(d.data_received().find("SameSiteCookieToSet=1") != | 2778 EXPECT_TRUE(d.data_received().find("StrictSameSiteCookie=1") != |
| 2779 std::string::npos); |
| 2780 EXPECT_TRUE(d.data_received().find("LaxSameSiteCookie=1") != |
| 2779 std::string::npos); | 2781 std::string::npos); |
| 2780 EXPECT_EQ(0, network_delegate.blocked_get_cookies_count()); | 2782 EXPECT_EQ(0, network_delegate.blocked_get_cookies_count()); |
| 2781 EXPECT_EQ(0, network_delegate.blocked_set_cookie_count()); | 2783 EXPECT_EQ(0, network_delegate.blocked_set_cookie_count()); |
| 2782 } | 2784 } |
| 2783 | 2785 |
| 2784 // Verify that the cookie is also sent for cross-site requests. | 2786 // Verify that the cookie is also sent for cross-site requests. |
| 2785 { | 2787 { |
| 2786 TestNetworkDelegate network_delegate; | 2788 TestNetworkDelegate network_delegate; |
| 2787 network_delegate.set_experimental_cookie_features_enabled(false); | 2789 network_delegate.set_experimental_cookie_features_enabled(false); |
| 2788 default_context_.set_network_delegate(&network_delegate); | 2790 default_context_.set_network_delegate(&network_delegate); |
| 2789 TestDelegate d; | 2791 TestDelegate d; |
| 2790 scoped_ptr<URLRequest> req(default_context_.CreateRequest( | 2792 scoped_ptr<URLRequest> req(default_context_.CreateRequest( |
| 2791 test_server.GetURL("/echoheader?Cookie"), DEFAULT_PRIORITY, &d)); | 2793 test_server.GetURL("/echoheader?Cookie"), DEFAULT_PRIORITY, &d)); |
| 2792 req->set_first_party_for_cookies(GURL("http://cross-site.test/")); | 2794 req->set_first_party_for_cookies(GURL("http://cross-site.test/")); |
| 2793 req->Start(); | 2795 req->Start(); |
| 2794 base::RunLoop().Run(); | 2796 base::RunLoop().Run(); |
| 2795 | 2797 |
| 2796 EXPECT_NE(d.data_received().find("SameSiteCookieToSet=1"), | 2798 EXPECT_NE(d.data_received().find("StrictSameSiteCookie=1"), |
| 2797 std::string::npos); | 2799 std::string::npos); |
| 2800 EXPECT_TRUE(d.data_received().find("LaxSameSiteCookie=1") != |
| 2801 std::string::npos); |
| 2798 EXPECT_EQ(0, network_delegate.blocked_get_cookies_count()); | 2802 EXPECT_EQ(0, network_delegate.blocked_get_cookies_count()); |
| 2799 EXPECT_EQ(0, network_delegate.blocked_set_cookie_count()); | 2803 EXPECT_EQ(0, network_delegate.blocked_set_cookie_count()); |
| 2800 } | 2804 } |
| 2801 } | 2805 } |
| 2802 | 2806 |
| 2803 // Tests that __Secure- cookies can't be set on non-secure origins. | 2807 // Tests that __Secure- cookies can't be set on non-secure origins. |
| 2804 TEST_F(URLRequestTest, SecureCookiePrefixOnNonsecureOrigin) { | 2808 TEST_F(URLRequestTest, SecureCookiePrefixOnNonsecureOrigin) { |
| 2805 EmbeddedTestServer http_server; | 2809 EmbeddedTestServer http_server; |
| 2806 http_server.AddDefaultHandlers( | 2810 http_server.AddDefaultHandlers( |
| 2807 base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))); | 2811 base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))); |
| (...skipping 7207 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 10015 AddTestInterceptor()->set_main_intercept_job(std::move(job)); | 10019 AddTestInterceptor()->set_main_intercept_job(std::move(job)); |
| 10016 | 10020 |
| 10017 req->Start(); | 10021 req->Start(); |
| 10018 req->Cancel(); | 10022 req->Cancel(); |
| 10019 base::RunLoop().RunUntilIdle(); | 10023 base::RunLoop().RunUntilIdle(); |
| 10020 EXPECT_EQ(URLRequestStatus::CANCELED, req->status().status()); | 10024 EXPECT_EQ(URLRequestStatus::CANCELED, req->status().status()); |
| 10021 EXPECT_EQ(0, d.received_redirect_count()); | 10025 EXPECT_EQ(0, d.received_redirect_count()); |
| 10022 } | 10026 } |
| 10023 | 10027 |
| 10024 } // namespace net | 10028 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1783813002:
SameSite: Strict/Lax behavior. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@strict-lax