| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <utility> | 5 #include <utility> |
| 6 | 6 |
| 7 #include "build/build_config.h" | 7 #include "build/build_config.h" |
| 8 | 8 |
| 9 #if defined(OS_WIN) | 9 #if defined(OS_WIN) |
| 10 #include <windows.h> | 10 #include <windows.h> |
| (...skipping 2641 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2652 } | 2652 } |
| 2653 | 2653 |
| 2654 TEST_F(URLRequestTest, SameSiteCookiesEnabled) { | 2654 TEST_F(URLRequestTest, SameSiteCookiesEnabled) { |
| 2655 LocalHttpTestServer test_server; | 2655 LocalHttpTestServer test_server; |
| 2656 ASSERT_TRUE(test_server.Start()); | 2656 ASSERT_TRUE(test_server.Start()); |
| 2657 | 2657 |
| 2658 TestNetworkDelegate network_delegate; | 2658 TestNetworkDelegate network_delegate; |
| 2659 network_delegate.set_experimental_cookie_features_enabled(true); | 2659 network_delegate.set_experimental_cookie_features_enabled(true); |
| 2660 default_context_.set_network_delegate(&network_delegate); | 2660 default_context_.set_network_delegate(&network_delegate); |
| 2661 | 2661 |
| 2662 // Set up a 'SameSite' cookie (on '127.0.0.1', as that's where | 2662 const std::string kHost = "example.test"; |
| 2663 // LocalHttpTestServer points). | 2663 const std::string kSubHost = "subdomain.example.test"; |
| 2664 const std::string kCrossHost = "cross-origin.test"; |
| 2665 |
| 2666 // Set up two 'SameSite' cookies on 'example.test' |
| 2664 { | 2667 { |
| 2665 TestDelegate d; | 2668 TestDelegate d; |
| 2666 scoped_ptr<URLRequest> req(default_context_.CreateRequest( | 2669 scoped_ptr<URLRequest> req(default_context_.CreateRequest( |
| 2667 test_server.GetURL("/set-cookie?SameSiteCookieToSet=1;SameSite=Strict"), | 2670 test_server.GetURL(kHost, |
| 2671 "/set-cookie?StrictSameSiteCookie=1;SameSite=Strict&" |
| 2672 "LaxSameSiteCookie=1;SameSite=Lax"), |
| 2668 DEFAULT_PRIORITY, &d)); | 2673 DEFAULT_PRIORITY, &d)); |
| 2669 req->Start(); | 2674 req->Start(); |
| 2670 base::RunLoop().Run(); | 2675 base::RunLoop().Run(); |
| 2671 EXPECT_EQ(0, network_delegate.blocked_get_cookies_count()); | 2676 EXPECT_EQ(0, network_delegate.blocked_get_cookies_count()); |
| 2672 EXPECT_EQ(0, network_delegate.blocked_set_cookie_count()); | 2677 EXPECT_EQ(0, network_delegate.blocked_set_cookie_count()); |
| 2673 EXPECT_EQ(1, network_delegate.set_cookie_count()); | 2678 EXPECT_EQ(2, network_delegate.set_cookie_count()); |
| 2674 } | 2679 } |
| 2675 | 2680 |
| 2676 // Verify that the cookie is sent for same-site requests. | 2681 // Verify that both cookies are sent for same-site requests. |
| 2677 { | 2682 { |
| 2678 TestDelegate d; | 2683 TestDelegate d; |
| 2679 scoped_ptr<URLRequest> req(default_context_.CreateRequest( | 2684 scoped_ptr<URLRequest> req(default_context_.CreateRequest( |
| 2680 test_server.GetURL("/echoheader?Cookie"), DEFAULT_PRIORITY, &d)); | 2685 test_server.GetURL(kHost, "/echoheader?Cookie"), DEFAULT_PRIORITY, &d)); |
| 2681 req->set_first_party_for_cookies(test_server.GetURL("/")); | 2686 req->set_first_party_for_cookies(test_server.GetURL(kHost, "/")); |
| 2682 req->set_initiator(url::Origin(test_server.GetURL("/"))); | 2687 req->set_initiator(url::Origin(test_server.GetURL(kHost, "/"))); |
| 2683 req->Start(); | 2688 req->Start(); |
| 2684 base::RunLoop().Run(); | 2689 base::RunLoop().Run(); |
| 2685 | 2690 |
| 2686 EXPECT_TRUE(d.data_received().find("SameSiteCookieToSet=1") != | 2691 EXPECT_NE(std::string::npos, |
| 2687 std::string::npos); | 2692 d.data_received().find("StrictSameSiteCookie=1")); |
| 2693 EXPECT_NE(std::string::npos, d.data_received().find("LaxSameSiteCookie=1")); |
| 2688 EXPECT_EQ(0, network_delegate.blocked_get_cookies_count()); | 2694 EXPECT_EQ(0, network_delegate.blocked_get_cookies_count()); |
| 2689 EXPECT_EQ(0, network_delegate.blocked_set_cookie_count()); | 2695 EXPECT_EQ(0, network_delegate.blocked_set_cookie_count()); |
| 2690 } | 2696 } |
| 2691 | 2697 |
| 2692 // Verify that the cookie is not sent for cross-site requests. | 2698 // Verify that both cookies are sent for same-registrable-domain requests. |
| 2693 { | 2699 { |
| 2694 TestDelegate d; | 2700 TestDelegate d; |
| 2695 scoped_ptr<URLRequest> req(default_context_.CreateRequest( | 2701 scoped_ptr<URLRequest> req(default_context_.CreateRequest( |
| 2696 test_server.GetURL("/echoheader?Cookie"), DEFAULT_PRIORITY, &d)); | 2702 test_server.GetURL(kHost, "/echoheader?Cookie"), DEFAULT_PRIORITY, &d)); |
| 2697 req->set_first_party_for_cookies(GURL("http://cross-site.test/")); | 2703 req->set_first_party_for_cookies(test_server.GetURL(kSubHost, "/")); |
| 2698 req->set_initiator(url::Origin(GURL("http://cross-site.test/"))); | 2704 req->set_initiator(url::Origin(test_server.GetURL(kSubHost, "/"))); |
| 2699 req->Start(); | 2705 req->Start(); |
| 2700 base::RunLoop().Run(); | 2706 base::RunLoop().Run(); |
| 2701 | 2707 |
| 2702 EXPECT_TRUE(d.data_received().find("SameSiteCookieToSet=1") == | 2708 EXPECT_NE(std::string::npos, |
| 2703 std::string::npos); | 2709 d.data_received().find("StrictSameSiteCookie=1")); |
| 2710 EXPECT_NE(std::string::npos, d.data_received().find("LaxSameSiteCookie=1")); |
| 2704 EXPECT_EQ(0, network_delegate.blocked_get_cookies_count()); | 2711 EXPECT_EQ(0, network_delegate.blocked_get_cookies_count()); |
| 2705 EXPECT_EQ(0, network_delegate.blocked_set_cookie_count()); | 2712 EXPECT_EQ(0, network_delegate.blocked_set_cookie_count()); |
| 2706 } | 2713 } |
| 2707 | 2714 |
| 2708 // Verify that the cookie is sent for cross-site initiators when the | 2715 // Verify that neither cookie is not sent for cross-site requests. |
| 2716 { |
| 2717 TestDelegate d; |
| 2718 scoped_ptr<URLRequest> req(default_context_.CreateRequest( |
| 2719 test_server.GetURL(kHost, "/echoheader?Cookie"), DEFAULT_PRIORITY, &d)); |
| 2720 req->set_first_party_for_cookies(test_server.GetURL(kCrossHost, "/")); |
| 2721 req->set_initiator(url::Origin(test_server.GetURL(kCrossHost, "/"))); |
| 2722 req->Start(); |
| 2723 base::RunLoop().Run(); |
| 2724 |
| 2725 EXPECT_EQ(std::string::npos, |
| 2726 d.data_received().find("StrictSameSiteCookie=1")); |
| 2727 EXPECT_EQ(std::string::npos, d.data_received().find("LaxSameSiteCookie=1")); |
| 2728 EXPECT_EQ(0, network_delegate.blocked_get_cookies_count()); |
| 2729 EXPECT_EQ(0, network_delegate.blocked_set_cookie_count()); |
| 2730 } |
| 2731 |
| 2732 // Verify that the lax cookie is sent for cross-site initiators when the |
| 2709 // method is "safe". | 2733 // method is "safe". |
| 2710 { | 2734 { |
| 2711 TestDelegate d; | 2735 TestDelegate d; |
| 2712 scoped_ptr<URLRequest> req(default_context_.CreateRequest( | 2736 scoped_ptr<URLRequest> req(default_context_.CreateRequest( |
| 2713 test_server.GetURL("/echoheader?Cookie"), DEFAULT_PRIORITY, &d)); | 2737 test_server.GetURL(kHost, "/echoheader?Cookie"), DEFAULT_PRIORITY, &d)); |
| 2714 req->set_first_party_for_cookies(test_server.GetURL("/")); | 2738 req->set_first_party_for_cookies(test_server.GetURL(kHost, "/")); |
| 2715 req->set_initiator(url::Origin(GURL("http://cross-site.test/"))); | 2739 req->set_initiator(url::Origin(test_server.GetURL(kCrossHost, "/"))); |
| 2740 req->set_method("GET"); |
| 2716 req->Start(); | 2741 req->Start(); |
| 2717 base::RunLoop().Run(); | 2742 base::RunLoop().Run(); |
| 2718 | 2743 |
| 2719 EXPECT_FALSE(d.data_received().find("SameSiteCookieToSet=1") == | 2744 EXPECT_EQ(std::string::npos, |
| 2720 std::string::npos); | 2745 d.data_received().find("StrictSameSiteCookie=1")); |
| 2746 EXPECT_NE(std::string::npos, d.data_received().find("LaxSameSiteCookie=1")); |
| 2721 EXPECT_EQ(0, network_delegate.blocked_get_cookies_count()); | 2747 EXPECT_EQ(0, network_delegate.blocked_get_cookies_count()); |
| 2722 EXPECT_EQ(0, network_delegate.blocked_set_cookie_count()); | 2748 EXPECT_EQ(0, network_delegate.blocked_set_cookie_count()); |
| 2723 } | 2749 } |
| 2724 | 2750 |
| 2725 // Verify that the cookie is not sent for cross-site initiators when the | 2751 // Verify that neither cookie is sent for cross-site initiators when the |
| 2726 // method is unsafe (e.g. POST). | 2752 // method is unsafe (e.g. POST). |
| 2727 { | 2753 { |
| 2728 TestDelegate d; | 2754 TestDelegate d; |
| 2729 scoped_ptr<URLRequest> req(default_context_.CreateRequest( | 2755 scoped_ptr<URLRequest> req(default_context_.CreateRequest( |
| 2730 test_server.GetURL("/echoheader?Cookie"), DEFAULT_PRIORITY, &d)); | 2756 test_server.GetURL(kHost, "/echoheader?Cookie"), DEFAULT_PRIORITY, &d)); |
| 2731 req->set_first_party_for_cookies(test_server.GetURL("/")); | 2757 req->set_first_party_for_cookies(test_server.GetURL(kHost, "/")); |
| 2732 req->set_initiator(url::Origin(GURL("http://cross-site.test/"))); | 2758 req->set_initiator(url::Origin(test_server.GetURL(kCrossHost, "/"))); |
| 2733 req->set_method("POST"); | 2759 req->set_method("POST"); |
| 2734 req->Start(); | 2760 req->Start(); |
| 2735 base::RunLoop().Run(); | 2761 base::RunLoop().Run(); |
| 2736 | 2762 |
| 2737 EXPECT_TRUE(d.data_received().find("SameSiteCookieToSet=1") == | 2763 EXPECT_EQ(std::string::npos, |
| 2738 std::string::npos); | 2764 d.data_received().find("StrictSameSiteCookie=1")); |
| 2765 EXPECT_EQ(std::string::npos, d.data_received().find("LaxSameSiteCookie=1")); |
| 2739 EXPECT_EQ(0, network_delegate.blocked_get_cookies_count()); | 2766 EXPECT_EQ(0, network_delegate.blocked_get_cookies_count()); |
| 2740 EXPECT_EQ(0, network_delegate.blocked_set_cookie_count()); | 2767 EXPECT_EQ(0, network_delegate.blocked_set_cookie_count()); |
| 2741 } | 2768 } |
| 2742 } | 2769 } |
| 2743 | 2770 |
| 2744 TEST_F(URLRequestTest, SameSiteCookiesDisabled) { | 2771 TEST_F(URLRequestTest, SameSiteCookiesDisabled) { |
| 2745 LocalHttpTestServer test_server; | 2772 LocalHttpTestServer test_server; |
| 2746 ASSERT_TRUE(test_server.Start()); | 2773 ASSERT_TRUE(test_server.Start()); |
| 2747 | 2774 |
| 2748 // Set up a 'SameSite' cookie (on '127.0.0.1', as that's where | 2775 // Set up a 'SameSite' cookie (on '127.0.0.1', as that's where |
| 2749 // LocalHttpTestServer points). | 2776 // LocalHttpTestServer points). |
| 2750 { | 2777 { |
| 2751 TestNetworkDelegate network_delegate; | 2778 TestNetworkDelegate network_delegate; |
| 2752 network_delegate.set_experimental_cookie_features_enabled(false); | 2779 network_delegate.set_experimental_cookie_features_enabled(false); |
| 2753 default_context_.set_network_delegate(&network_delegate); | 2780 default_context_.set_network_delegate(&network_delegate); |
| 2754 | 2781 |
| 2755 TestDelegate d; | 2782 TestDelegate d; |
| 2756 scoped_ptr<URLRequest> req(default_context_.CreateRequest( | 2783 scoped_ptr<URLRequest> req(default_context_.CreateRequest( |
| 2757 test_server.GetURL("/set-cookie?SameSiteCookieToSet=1;SameSite"), | 2784 test_server.GetURL("/set-cookie?StrictSameSiteCookie=1;SameSite=Strict&" |
| 2785 "LaxSameSiteCookie=1;SameSite=Lax"), |
| 2758 DEFAULT_PRIORITY, &d)); | 2786 DEFAULT_PRIORITY, &d)); |
| 2759 req->Start(); | 2787 req->Start(); |
| 2760 base::RunLoop().Run(); | 2788 base::RunLoop().Run(); |
| 2761 EXPECT_EQ(0, network_delegate.blocked_get_cookies_count()); | 2789 EXPECT_EQ(0, network_delegate.blocked_get_cookies_count()); |
| 2762 EXPECT_EQ(0, network_delegate.blocked_set_cookie_count()); | 2790 EXPECT_EQ(0, network_delegate.blocked_set_cookie_count()); |
| 2763 EXPECT_EQ(1, network_delegate.set_cookie_count()); | 2791 EXPECT_EQ(2, network_delegate.set_cookie_count()); |
| 2764 } | 2792 } |
| 2765 | 2793 |
| 2766 // Verify that the cookie is sent for same-site requests. | 2794 // Verify that the cookie is sent for same-site requests. |
| 2767 { | 2795 { |
| 2768 TestNetworkDelegate network_delegate; | 2796 TestNetworkDelegate network_delegate; |
| 2769 network_delegate.set_experimental_cookie_features_enabled(false); | 2797 network_delegate.set_experimental_cookie_features_enabled(false); |
| 2770 default_context_.set_network_delegate(&network_delegate); | 2798 default_context_.set_network_delegate(&network_delegate); |
| 2771 TestDelegate d; | 2799 TestDelegate d; |
| 2772 scoped_ptr<URLRequest> req(default_context_.CreateRequest( | 2800 scoped_ptr<URLRequest> req(default_context_.CreateRequest( |
| 2773 test_server.GetURL("/echoheader?Cookie"), DEFAULT_PRIORITY, &d)); | 2801 test_server.GetURL("/echoheader?Cookie"), DEFAULT_PRIORITY, &d)); |
| 2774 req->set_first_party_for_cookies(test_server.GetURL("/")); | 2802 req->set_first_party_for_cookies(test_server.GetURL("/")); |
| 2775 req->Start(); | 2803 req->Start(); |
| 2776 base::RunLoop().Run(); | 2804 base::RunLoop().Run(); |
| 2777 | 2805 |
| 2778 EXPECT_TRUE(d.data_received().find("SameSiteCookieToSet=1") != | 2806 EXPECT_TRUE(d.data_received().find("StrictSameSiteCookie=1") != |
| 2807 std::string::npos); |
| 2808 EXPECT_TRUE(d.data_received().find("LaxSameSiteCookie=1") != |
| 2779 std::string::npos); | 2809 std::string::npos); |
| 2780 EXPECT_EQ(0, network_delegate.blocked_get_cookies_count()); | 2810 EXPECT_EQ(0, network_delegate.blocked_get_cookies_count()); |
| 2781 EXPECT_EQ(0, network_delegate.blocked_set_cookie_count()); | 2811 EXPECT_EQ(0, network_delegate.blocked_set_cookie_count()); |
| 2782 } | 2812 } |
| 2783 | 2813 |
| 2784 // Verify that the cookie is also sent for cross-site requests. | 2814 // Verify that the cookie is also sent for cross-site requests. |
| 2785 { | 2815 { |
| 2786 TestNetworkDelegate network_delegate; | 2816 TestNetworkDelegate network_delegate; |
| 2787 network_delegate.set_experimental_cookie_features_enabled(false); | 2817 network_delegate.set_experimental_cookie_features_enabled(false); |
| 2788 default_context_.set_network_delegate(&network_delegate); | 2818 default_context_.set_network_delegate(&network_delegate); |
| 2789 TestDelegate d; | 2819 TestDelegate d; |
| 2790 scoped_ptr<URLRequest> req(default_context_.CreateRequest( | 2820 scoped_ptr<URLRequest> req(default_context_.CreateRequest( |
| 2791 test_server.GetURL("/echoheader?Cookie"), DEFAULT_PRIORITY, &d)); | 2821 test_server.GetURL("/echoheader?Cookie"), DEFAULT_PRIORITY, &d)); |
| 2792 req->set_first_party_for_cookies(GURL("http://cross-site.test/")); | 2822 req->set_first_party_for_cookies(GURL("http://cross-site.test/")); |
| 2793 req->Start(); | 2823 req->Start(); |
| 2794 base::RunLoop().Run(); | 2824 base::RunLoop().Run(); |
| 2795 | 2825 |
| 2796 EXPECT_NE(d.data_received().find("SameSiteCookieToSet=1"), | 2826 EXPECT_NE(d.data_received().find("StrictSameSiteCookie=1"), |
| 2797 std::string::npos); | 2827 std::string::npos); |
| 2828 EXPECT_TRUE(d.data_received().find("LaxSameSiteCookie=1") != |
| 2829 std::string::npos); |
| 2798 EXPECT_EQ(0, network_delegate.blocked_get_cookies_count()); | 2830 EXPECT_EQ(0, network_delegate.blocked_get_cookies_count()); |
| 2799 EXPECT_EQ(0, network_delegate.blocked_set_cookie_count()); | 2831 EXPECT_EQ(0, network_delegate.blocked_set_cookie_count()); |
| 2800 } | 2832 } |
| 2801 } | 2833 } |
| 2802 | 2834 |
| 2803 // Tests that __Secure- cookies can't be set on non-secure origins. | 2835 // Tests that __Secure- cookies can't be set on non-secure origins. |
| 2804 TEST_F(URLRequestTest, SecureCookiePrefixOnNonsecureOrigin) { | 2836 TEST_F(URLRequestTest, SecureCookiePrefixOnNonsecureOrigin) { |
| 2805 EmbeddedTestServer http_server; | 2837 EmbeddedTestServer http_server; |
| 2806 http_server.AddDefaultHandlers( | 2838 http_server.AddDefaultHandlers( |
| 2807 base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))); | 2839 base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))); |
| (...skipping 7207 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 10015 AddTestInterceptor()->set_main_intercept_job(std::move(job)); | 10047 AddTestInterceptor()->set_main_intercept_job(std::move(job)); |
| 10016 | 10048 |
| 10017 req->Start(); | 10049 req->Start(); |
| 10018 req->Cancel(); | 10050 req->Cancel(); |
| 10019 base::RunLoop().RunUntilIdle(); | 10051 base::RunLoop().RunUntilIdle(); |
| 10020 EXPECT_EQ(URLRequestStatus::CANCELED, req->status().status()); | 10052 EXPECT_EQ(URLRequestStatus::CANCELED, req->status().status()); |
| 10021 EXPECT_EQ(0, d.received_redirect_count()); | 10053 EXPECT_EQ(0, d.received_redirect_count()); |
| 10022 } | 10054 } |
| 10023 | 10055 |
| 10024 } // namespace net | 10056 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1783813002:
SameSite: Strict/Lax behavior. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@strict-lax