Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(444)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cookies/canonical_cookie_unittest.cc

Issue 1783813002: SameSite: Strict/Lax behavior. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@strict-lax
Patch Set: Comment. Created 4 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/cookies/canonical_cookie.cc ('k') | net/cookies/cookie_monster.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cookies/canonical_cookie.h" 5 #include "net/cookies/canonical_cookie.h"
6 6
7 #include "base/memory/scoped_ptr.h" 7 #include "base/memory/scoped_ptr.h"
8 #include "base/test/histogram_tester.h" 8 #include "base/test/histogram_tester.h"
9 #include "net/cookies/cookie_constants.h" 9 #include "net/cookies/cookie_constants.h"
10 #include "net/cookies/cookie_options.h" 10 #include "net/cookies/cookie_options.h"
(...skipping 67 matching lines...) Expand 10 before | Expand all | Expand 10 after
78 CanonicalCookie::Create(url, "A=2; HttpOnly", creation_time, options); 78 CanonicalCookie::Create(url, "A=2; HttpOnly", creation_time, options);
79 EXPECT_FALSE(cookie.get()); 79 EXPECT_FALSE(cookie.get());
80 CookieOptions httponly_options; 80 CookieOptions httponly_options;
81 httponly_options.set_include_httponly(); 81 httponly_options.set_include_httponly();
82 cookie = CanonicalCookie::Create(url, "A=2; HttpOnly", creation_time, 82 cookie = CanonicalCookie::Create(url, "A=2; HttpOnly", creation_time,
83 httponly_options); 83 httponly_options);
84 EXPECT_TRUE(cookie->IsHttpOnly()); 84 EXPECT_TRUE(cookie->IsHttpOnly());
85 85
86 // Test creating SameSite cookies. 86 // Test creating SameSite cookies.
87 CookieOptions same_site_options; 87 CookieOptions same_site_options;
88 same_site_options.set_include_same_site(); 88 same_site_options.set_same_site_cookie_mode(
89 CookieOptions::SameSiteCookieMode::INCLUDE_STRICT_AND_LAX);
89 cookie = CanonicalCookie::Create(url, "A=2; SameSite=Strict", creation_time, 90 cookie = CanonicalCookie::Create(url, "A=2; SameSite=Strict", creation_time,
90 same_site_options); 91 same_site_options);
91 EXPECT_TRUE(cookie.get()); 92 EXPECT_TRUE(cookie.get());
92 EXPECT_EQ(CookieSameSite::STRICT_MODE, cookie->SameSite()); 93 EXPECT_EQ(CookieSameSite::STRICT_MODE, cookie->SameSite());
93 cookie = CanonicalCookie::Create(url, "A=2; SameSite=Lax", creation_time, 94 cookie = CanonicalCookie::Create(url, "A=2; SameSite=Lax", creation_time,
94 same_site_options); 95 same_site_options);
95 EXPECT_TRUE(cookie.get()); 96 EXPECT_TRUE(cookie.get());
96 EXPECT_EQ(CookieSameSite::LAX_MODE, cookie->SameSite()); 97 EXPECT_EQ(CookieSameSite::LAX_MODE, cookie->SameSite());
97 cookie = CanonicalCookie::Create(url, "A=2; SameSite", creation_time, 98 cookie = CanonicalCookie::Create(url, "A=2; SameSite", creation_time,
98 same_site_options); 99 same_site_options);
(...skipping 339 matching lines...) Expand 10 before | Expand all | Expand 10 after
438 options.set_include_httponly(); 439 options.set_include_httponly();
439 cookie = 440 cookie =
440 CanonicalCookie::Create(url, "A=2; HttpOnly", creation_time, options); 441 CanonicalCookie::Create(url, "A=2; HttpOnly", creation_time, options);
441 EXPECT_TRUE(cookie->IsHttpOnly()); 442 EXPECT_TRUE(cookie->IsHttpOnly());
442 EXPECT_TRUE(cookie->IncludeForRequestURL(url, options)); 443 EXPECT_TRUE(cookie->IncludeForRequestURL(url, options));
443 options.set_exclude_httponly(); 444 options.set_exclude_httponly();
444 EXPECT_FALSE(cookie->IncludeForRequestURL(url, options)); 445 EXPECT_FALSE(cookie->IncludeForRequestURL(url, options));
445 } 446 }
446 447
447 TEST(CanonicalCookieTest, IncludeSameSiteForSameSiteURL) { 448 TEST(CanonicalCookieTest, IncludeSameSiteForSameSiteURL) {
448 GURL insecure_url("http://example.test"); 449 GURL url("https://example.test");
449 GURL secure_url("https://example.test");
450 GURL secure_url_with_path("https://example.test/foo/bar/index.html");
451 GURL third_party_url("https://not-example.test");
452 base::Time creation_time = base::Time::Now(); 450 base::Time creation_time = base::Time::Now();
453 CookieOptions options; 451 CookieOptions options;
454 scoped_ptr<CanonicalCookie> cookie; 452 scoped_ptr<CanonicalCookie> cookie;
455 453
456 // Same-site cookies are not included for cross-site requests, 454 // `SameSite=Strict` cookies are included for a URL only if the options'
457 // even if other properties match: 455 // SameSiteCookieMode is INCLUDE_STRICT_AND_LAX.
458 cookie = CanonicalCookie::Create(secure_url, "A=2; SameSite=Strict", 456 cookie = CanonicalCookie::Create(url, "A=2; SameSite=Strict", creation_time,
459 creation_time, options); 457 options);
460 EXPECT_EQ(CookieSameSite::STRICT_MODE, cookie->SameSite()); 458 EXPECT_EQ(CookieSameSite::STRICT_MODE, cookie->SameSite());
461 EXPECT_FALSE(cookie->IncludeForRequestURL(secure_url, options)); 459 options.set_same_site_cookie_mode(
462 cookie = CanonicalCookie::Create(secure_url, "A=2; Secure; SameSite=Strict", 460 CookieOptions::SameSiteCookieMode::DO_NOT_INCLUDE);
463 creation_time, options); 461 EXPECT_FALSE(cookie->IncludeForRequestURL(url, options));
464 EXPECT_EQ(CookieSameSite::STRICT_MODE, cookie->SameSite()); 462 options.set_same_site_cookie_mode(
465 EXPECT_FALSE(cookie->IncludeForRequestURL(secure_url, options)); 463 CookieOptions::SameSiteCookieMode::INCLUDE_LAX);
466 cookie = CanonicalCookie::Create(secure_url_with_path, 464 EXPECT_FALSE(cookie->IncludeForRequestURL(url, options));
467 "A=2; SameSite=Strict; path=/foo/bar", 465 options.set_same_site_cookie_mode(
468 creation_time, options); 466 CookieOptions::SameSiteCookieMode::INCLUDE_STRICT_AND_LAX);
469 EXPECT_EQ(CookieSameSite::STRICT_MODE, cookie->SameSite()); 467 EXPECT_TRUE(cookie->IncludeForRequestURL(url, options));
470 EXPECT_FALSE(cookie->IncludeForRequestURL(secure_url, options));
471 468
472 // Same-site cookies are included for same-site requests: 469 // `SameSite=Lax` cookies are included for a URL only if the options'
473 options.set_include_same_site(); 470 // SameSiteCookieMode is INCLUDE_STRICT_AND_LAX.
474 cookie = CanonicalCookie::Create(secure_url, "A=2; SameSite=Strict", 471 cookie =
475 creation_time, options); 472 CanonicalCookie::Create(url, "A=2; SameSite=Lax", creation_time, options);
476 EXPECT_EQ(CookieSameSite::STRICT_MODE, cookie->SameSite()); 473 EXPECT_EQ(CookieSameSite::LAX_MODE, cookie->SameSite());
477 EXPECT_TRUE(cookie->IncludeForRequestURL(secure_url, options)); 474 options.set_same_site_cookie_mode(
478 cookie = CanonicalCookie::Create(secure_url, "A=2; Secure; SameSite=Strict", 475 CookieOptions::SameSiteCookieMode::DO_NOT_INCLUDE);
479 creation_time, options); 476 EXPECT_FALSE(cookie->IncludeForRequestURL(url, options));
480 EXPECT_EQ(CookieSameSite::STRICT_MODE, cookie->SameSite()); 477 options.set_same_site_cookie_mode(
481 EXPECT_TRUE(cookie->IncludeForRequestURL(secure_url, options)); 478 CookieOptions::SameSiteCookieMode::INCLUDE_LAX);
482 cookie = CanonicalCookie::Create(secure_url_with_path, 479 EXPECT_TRUE(cookie->IncludeForRequestURL(url, options));
483 "A=2; SameSite=Strict; path=/foo/bar", 480 options.set_same_site_cookie_mode(
484 creation_time, options); 481 CookieOptions::SameSiteCookieMode::INCLUDE_STRICT_AND_LAX);
485 EXPECT_EQ(CookieSameSite::STRICT_MODE, cookie->SameSite()); 482 EXPECT_TRUE(cookie->IncludeForRequestURL(url, options));
486 EXPECT_TRUE(cookie->IncludeForRequestURL(secure_url_with_path, options));
487 } 483 }
488 484
489 TEST(CanonicalCookieTest, PartialCompare) { 485 TEST(CanonicalCookieTest, PartialCompare) {
490 GURL url("http://www.example.com"); 486 GURL url("http://www.example.com");
491 base::Time creation_time = base::Time::Now(); 487 base::Time creation_time = base::Time::Now();
492 CookieOptions options; 488 CookieOptions options;
493 scoped_ptr<CanonicalCookie> cookie( 489 scoped_ptr<CanonicalCookie> cookie(
494 CanonicalCookie::Create(url, "a=b", creation_time, options)); 490 CanonicalCookie::Create(url, "a=b", creation_time, options));
495 scoped_ptr<CanonicalCookie> cookie_different_path( 491 scoped_ptr<CanonicalCookie> cookie_different_path(
496 CanonicalCookie::Create(url, "a=b; path=/foo", creation_time, options)); 492 CanonicalCookie::Create(url, "a=b; path=/foo", creation_time, options));
(...skipping 215 matching lines...) Expand 10 before | Expand all | Expand 10 after
712 CanonicalCookie::COOKIE_PREFIX_SECURE, 1); 708 CanonicalCookie::COOKIE_PREFIX_SECURE, 1);
713 EXPECT_TRUE(CanonicalCookie::Create(https_url, "__SecureA=B; Path=/; Secure", 709 EXPECT_TRUE(CanonicalCookie::Create(https_url, "__SecureA=B; Path=/; Secure",
714 creation_time, options)); 710 creation_time, options));
715 histograms.ExpectBucketCount(kCookiePrefixHistogram, 711 histograms.ExpectBucketCount(kCookiePrefixHistogram,
716 CanonicalCookie::COOKIE_PREFIX_SECURE, 2); 712 CanonicalCookie::COOKIE_PREFIX_SECURE, 2);
717 histograms.ExpectBucketCount(kCookiePrefixBlockedHistogram, 713 histograms.ExpectBucketCount(kCookiePrefixBlockedHistogram,
718 CanonicalCookie::COOKIE_PREFIX_SECURE, 1); 714 CanonicalCookie::COOKIE_PREFIX_SECURE, 1);
719 } 715 }
720 716
721 } // namespace net 717 } // namespace net
OLDNEW
« no previous file with comments | « net/cookies/canonical_cookie.cc ('k') | net/cookies/cookie_monster.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698