OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <utility> | 5 #include <utility> |
6 | 6 |
7 #include "build/build_config.h" | 7 #include "build/build_config.h" |
8 | 8 |
9 #if defined(OS_WIN) | 9 #if defined(OS_WIN) |
10 #include <windows.h> | 10 #include <windows.h> |
(...skipping 2641 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2652 } | 2652 } |
2653 | 2653 |
2654 TEST_F(URLRequestTest, SameSiteCookiesEnabled) { | 2654 TEST_F(URLRequestTest, SameSiteCookiesEnabled) { |
2655 LocalHttpTestServer test_server; | 2655 LocalHttpTestServer test_server; |
2656 ASSERT_TRUE(test_server.Start()); | 2656 ASSERT_TRUE(test_server.Start()); |
2657 | 2657 |
2658 TestNetworkDelegate network_delegate; | 2658 TestNetworkDelegate network_delegate; |
2659 network_delegate.set_experimental_cookie_features_enabled(true); | 2659 network_delegate.set_experimental_cookie_features_enabled(true); |
2660 default_context_.set_network_delegate(&network_delegate); | 2660 default_context_.set_network_delegate(&network_delegate); |
2661 | 2661 |
2662 // Set up a 'SameSite' cookie (on '127.0.0.1', as that's where | 2662 const std::string kHost = "example.test"; |
2663 // LocalHttpTestServer points). | 2663 const std::string kSubHost = "subdomain.example.test"; |
| 2664 const std::string kCrossHost = "cross-origin.test"; |
| 2665 |
| 2666 // Set up two 'SameSite' cookies on 'example.test' |
2664 { | 2667 { |
2665 TestDelegate d; | 2668 TestDelegate d; |
2666 scoped_ptr<URLRequest> req(default_context_.CreateRequest( | 2669 scoped_ptr<URLRequest> req(default_context_.CreateRequest( |
2667 test_server.GetURL("/set-cookie?SameSiteCookieToSet=1;SameSite=Strict"), | 2670 test_server.GetURL(kHost, |
| 2671 "/set-cookie?StrictSameSiteCookie=1;SameSite=Strict&" |
| 2672 "LaxSameSiteCookie=1;SameSite=Lax"), |
2668 DEFAULT_PRIORITY, &d)); | 2673 DEFAULT_PRIORITY, &d)); |
2669 req->Start(); | 2674 req->Start(); |
2670 base::RunLoop().Run(); | 2675 base::RunLoop().Run(); |
2671 EXPECT_EQ(0, network_delegate.blocked_get_cookies_count()); | 2676 EXPECT_EQ(0, network_delegate.blocked_get_cookies_count()); |
2672 EXPECT_EQ(0, network_delegate.blocked_set_cookie_count()); | 2677 EXPECT_EQ(0, network_delegate.blocked_set_cookie_count()); |
2673 EXPECT_EQ(1, network_delegate.set_cookie_count()); | 2678 EXPECT_EQ(2, network_delegate.set_cookie_count()); |
2674 } | 2679 } |
2675 | 2680 |
2676 // Verify that the cookie is sent for same-site requests. | 2681 // Verify that both cookies are sent for same-site requests. |
2677 { | 2682 { |
2678 TestDelegate d; | 2683 TestDelegate d; |
2679 scoped_ptr<URLRequest> req(default_context_.CreateRequest( | 2684 scoped_ptr<URLRequest> req(default_context_.CreateRequest( |
2680 test_server.GetURL("/echoheader?Cookie"), DEFAULT_PRIORITY, &d)); | 2685 test_server.GetURL(kHost, "/echoheader?Cookie"), DEFAULT_PRIORITY, &d)); |
2681 req->set_first_party_for_cookies(test_server.GetURL("/")); | 2686 req->set_first_party_for_cookies(test_server.GetURL(kHost, "/")); |
2682 req->set_initiator(url::Origin(test_server.GetURL("/"))); | 2687 req->set_initiator(url::Origin(test_server.GetURL(kHost, "/"))); |
2683 req->Start(); | 2688 req->Start(); |
2684 base::RunLoop().Run(); | 2689 base::RunLoop().Run(); |
2685 | 2690 |
2686 EXPECT_TRUE(d.data_received().find("SameSiteCookieToSet=1") != | 2691 EXPECT_NE(std::string::npos, |
2687 std::string::npos); | 2692 d.data_received().find("StrictSameSiteCookie=1")); |
| 2693 EXPECT_NE(std::string::npos, d.data_received().find("LaxSameSiteCookie=1")); |
2688 EXPECT_EQ(0, network_delegate.blocked_get_cookies_count()); | 2694 EXPECT_EQ(0, network_delegate.blocked_get_cookies_count()); |
2689 EXPECT_EQ(0, network_delegate.blocked_set_cookie_count()); | 2695 EXPECT_EQ(0, network_delegate.blocked_set_cookie_count()); |
2690 } | 2696 } |
2691 | 2697 |
2692 // Verify that the cookie is not sent for cross-site requests. | 2698 // Verify that both cookies are sent for same-registrable-domain requests. |
2693 { | 2699 { |
2694 TestDelegate d; | 2700 TestDelegate d; |
2695 scoped_ptr<URLRequest> req(default_context_.CreateRequest( | 2701 scoped_ptr<URLRequest> req(default_context_.CreateRequest( |
2696 test_server.GetURL("/echoheader?Cookie"), DEFAULT_PRIORITY, &d)); | 2702 test_server.GetURL(kHost, "/echoheader?Cookie"), DEFAULT_PRIORITY, &d)); |
2697 req->set_first_party_for_cookies(GURL("http://cross-site.test/")); | 2703 req->set_first_party_for_cookies(test_server.GetURL(kSubHost, "/")); |
2698 req->set_initiator(url::Origin(GURL("http://cross-site.test/"))); | 2704 req->set_initiator(url::Origin(test_server.GetURL(kSubHost, "/"))); |
2699 req->Start(); | 2705 req->Start(); |
2700 base::RunLoop().Run(); | 2706 base::RunLoop().Run(); |
2701 | 2707 |
2702 EXPECT_TRUE(d.data_received().find("SameSiteCookieToSet=1") == | 2708 EXPECT_NE(std::string::npos, |
2703 std::string::npos); | 2709 d.data_received().find("StrictSameSiteCookie=1")); |
| 2710 EXPECT_NE(std::string::npos, d.data_received().find("LaxSameSiteCookie=1")); |
2704 EXPECT_EQ(0, network_delegate.blocked_get_cookies_count()); | 2711 EXPECT_EQ(0, network_delegate.blocked_get_cookies_count()); |
2705 EXPECT_EQ(0, network_delegate.blocked_set_cookie_count()); | 2712 EXPECT_EQ(0, network_delegate.blocked_set_cookie_count()); |
2706 } | 2713 } |
2707 | 2714 |
2708 // Verify that the cookie is sent for cross-site initiators when the | 2715 // Verify that neither cookie is not sent for cross-site requests. |
| 2716 { |
| 2717 TestDelegate d; |
| 2718 scoped_ptr<URLRequest> req(default_context_.CreateRequest( |
| 2719 test_server.GetURL(kHost, "/echoheader?Cookie"), DEFAULT_PRIORITY, &d)); |
| 2720 req->set_first_party_for_cookies(test_server.GetURL(kCrossHost, "/")); |
| 2721 req->set_initiator(url::Origin(test_server.GetURL(kCrossHost, "/"))); |
| 2722 req->Start(); |
| 2723 base::RunLoop().Run(); |
| 2724 |
| 2725 EXPECT_EQ(std::string::npos, |
| 2726 d.data_received().find("StrictSameSiteCookie=1")); |
| 2727 EXPECT_EQ(std::string::npos, d.data_received().find("LaxSameSiteCookie=1")); |
| 2728 EXPECT_EQ(0, network_delegate.blocked_get_cookies_count()); |
| 2729 EXPECT_EQ(0, network_delegate.blocked_set_cookie_count()); |
| 2730 } |
| 2731 |
| 2732 // Verify that the lax cookie is sent for cross-site initiators when the |
2709 // method is "safe". | 2733 // method is "safe". |
2710 { | 2734 { |
2711 TestDelegate d; | 2735 TestDelegate d; |
2712 scoped_ptr<URLRequest> req(default_context_.CreateRequest( | 2736 scoped_ptr<URLRequest> req(default_context_.CreateRequest( |
2713 test_server.GetURL("/echoheader?Cookie"), DEFAULT_PRIORITY, &d)); | 2737 test_server.GetURL(kHost, "/echoheader?Cookie"), DEFAULT_PRIORITY, &d)); |
2714 req->set_first_party_for_cookies(test_server.GetURL("/")); | 2738 req->set_first_party_for_cookies(test_server.GetURL(kHost, "/")); |
2715 req->set_initiator(url::Origin(GURL("http://cross-site.test/"))); | 2739 req->set_initiator(url::Origin(test_server.GetURL(kCrossHost, "/"))); |
| 2740 req->set_method("GET"); |
2716 req->Start(); | 2741 req->Start(); |
2717 base::RunLoop().Run(); | 2742 base::RunLoop().Run(); |
2718 | 2743 |
2719 EXPECT_FALSE(d.data_received().find("SameSiteCookieToSet=1") == | 2744 EXPECT_EQ(std::string::npos, |
2720 std::string::npos); | 2745 d.data_received().find("StrictSameSiteCookie=1")); |
| 2746 EXPECT_NE(std::string::npos, d.data_received().find("LaxSameSiteCookie=1")); |
2721 EXPECT_EQ(0, network_delegate.blocked_get_cookies_count()); | 2747 EXPECT_EQ(0, network_delegate.blocked_get_cookies_count()); |
2722 EXPECT_EQ(0, network_delegate.blocked_set_cookie_count()); | 2748 EXPECT_EQ(0, network_delegate.blocked_set_cookie_count()); |
2723 } | 2749 } |
2724 | 2750 |
2725 // Verify that the cookie is not sent for cross-site initiators when the | 2751 // Verify that neither cookie is sent for cross-site initiators when the |
2726 // method is unsafe (e.g. POST). | 2752 // method is unsafe (e.g. POST). |
2727 { | 2753 { |
2728 TestDelegate d; | 2754 TestDelegate d; |
2729 scoped_ptr<URLRequest> req(default_context_.CreateRequest( | 2755 scoped_ptr<URLRequest> req(default_context_.CreateRequest( |
2730 test_server.GetURL("/echoheader?Cookie"), DEFAULT_PRIORITY, &d)); | 2756 test_server.GetURL(kHost, "/echoheader?Cookie"), DEFAULT_PRIORITY, &d)); |
2731 req->set_first_party_for_cookies(test_server.GetURL("/")); | 2757 req->set_first_party_for_cookies(test_server.GetURL(kHost, "/")); |
2732 req->set_initiator(url::Origin(GURL("http://cross-site.test/"))); | 2758 req->set_initiator(url::Origin(test_server.GetURL(kCrossHost, "/"))); |
2733 req->set_method("POST"); | 2759 req->set_method("POST"); |
2734 req->Start(); | 2760 req->Start(); |
2735 base::RunLoop().Run(); | 2761 base::RunLoop().Run(); |
2736 | 2762 |
2737 EXPECT_TRUE(d.data_received().find("SameSiteCookieToSet=1") == | 2763 EXPECT_EQ(std::string::npos, |
2738 std::string::npos); | 2764 d.data_received().find("StrictSameSiteCookie=1")); |
| 2765 EXPECT_EQ(std::string::npos, d.data_received().find("LaxSameSiteCookie=1")); |
2739 EXPECT_EQ(0, network_delegate.blocked_get_cookies_count()); | 2766 EXPECT_EQ(0, network_delegate.blocked_get_cookies_count()); |
2740 EXPECT_EQ(0, network_delegate.blocked_set_cookie_count()); | 2767 EXPECT_EQ(0, network_delegate.blocked_set_cookie_count()); |
2741 } | 2768 } |
2742 } | 2769 } |
2743 | 2770 |
2744 TEST_F(URLRequestTest, SameSiteCookiesDisabled) { | 2771 TEST_F(URLRequestTest, SameSiteCookiesDisabled) { |
2745 LocalHttpTestServer test_server; | 2772 LocalHttpTestServer test_server; |
2746 ASSERT_TRUE(test_server.Start()); | 2773 ASSERT_TRUE(test_server.Start()); |
2747 | 2774 |
2748 // Set up a 'SameSite' cookie (on '127.0.0.1', as that's where | 2775 // Set up a 'SameSite' cookie (on '127.0.0.1', as that's where |
2749 // LocalHttpTestServer points). | 2776 // LocalHttpTestServer points). |
2750 { | 2777 { |
2751 TestNetworkDelegate network_delegate; | 2778 TestNetworkDelegate network_delegate; |
2752 network_delegate.set_experimental_cookie_features_enabled(false); | 2779 network_delegate.set_experimental_cookie_features_enabled(false); |
2753 default_context_.set_network_delegate(&network_delegate); | 2780 default_context_.set_network_delegate(&network_delegate); |
2754 | 2781 |
2755 TestDelegate d; | 2782 TestDelegate d; |
2756 scoped_ptr<URLRequest> req(default_context_.CreateRequest( | 2783 scoped_ptr<URLRequest> req(default_context_.CreateRequest( |
2757 test_server.GetURL("/set-cookie?SameSiteCookieToSet=1;SameSite"), | 2784 test_server.GetURL("/set-cookie?StrictSameSiteCookie=1;SameSite=Strict&" |
| 2785 "LaxSameSiteCookie=1;SameSite=Lax"), |
2758 DEFAULT_PRIORITY, &d)); | 2786 DEFAULT_PRIORITY, &d)); |
2759 req->Start(); | 2787 req->Start(); |
2760 base::RunLoop().Run(); | 2788 base::RunLoop().Run(); |
2761 EXPECT_EQ(0, network_delegate.blocked_get_cookies_count()); | 2789 EXPECT_EQ(0, network_delegate.blocked_get_cookies_count()); |
2762 EXPECT_EQ(0, network_delegate.blocked_set_cookie_count()); | 2790 EXPECT_EQ(0, network_delegate.blocked_set_cookie_count()); |
2763 EXPECT_EQ(1, network_delegate.set_cookie_count()); | 2791 EXPECT_EQ(2, network_delegate.set_cookie_count()); |
2764 } | 2792 } |
2765 | 2793 |
2766 // Verify that the cookie is sent for same-site requests. | 2794 // Verify that the cookie is sent for same-site requests. |
2767 { | 2795 { |
2768 TestNetworkDelegate network_delegate; | 2796 TestNetworkDelegate network_delegate; |
2769 network_delegate.set_experimental_cookie_features_enabled(false); | 2797 network_delegate.set_experimental_cookie_features_enabled(false); |
2770 default_context_.set_network_delegate(&network_delegate); | 2798 default_context_.set_network_delegate(&network_delegate); |
2771 TestDelegate d; | 2799 TestDelegate d; |
2772 scoped_ptr<URLRequest> req(default_context_.CreateRequest( | 2800 scoped_ptr<URLRequest> req(default_context_.CreateRequest( |
2773 test_server.GetURL("/echoheader?Cookie"), DEFAULT_PRIORITY, &d)); | 2801 test_server.GetURL("/echoheader?Cookie"), DEFAULT_PRIORITY, &d)); |
2774 req->set_first_party_for_cookies(test_server.GetURL("/")); | 2802 req->set_first_party_for_cookies(test_server.GetURL("/")); |
2775 req->Start(); | 2803 req->Start(); |
2776 base::RunLoop().Run(); | 2804 base::RunLoop().Run(); |
2777 | 2805 |
2778 EXPECT_TRUE(d.data_received().find("SameSiteCookieToSet=1") != | 2806 EXPECT_TRUE(d.data_received().find("StrictSameSiteCookie=1") != |
| 2807 std::string::npos); |
| 2808 EXPECT_TRUE(d.data_received().find("LaxSameSiteCookie=1") != |
2779 std::string::npos); | 2809 std::string::npos); |
2780 EXPECT_EQ(0, network_delegate.blocked_get_cookies_count()); | 2810 EXPECT_EQ(0, network_delegate.blocked_get_cookies_count()); |
2781 EXPECT_EQ(0, network_delegate.blocked_set_cookie_count()); | 2811 EXPECT_EQ(0, network_delegate.blocked_set_cookie_count()); |
2782 } | 2812 } |
2783 | 2813 |
2784 // Verify that the cookie is also sent for cross-site requests. | 2814 // Verify that the cookie is also sent for cross-site requests. |
2785 { | 2815 { |
2786 TestNetworkDelegate network_delegate; | 2816 TestNetworkDelegate network_delegate; |
2787 network_delegate.set_experimental_cookie_features_enabled(false); | 2817 network_delegate.set_experimental_cookie_features_enabled(false); |
2788 default_context_.set_network_delegate(&network_delegate); | 2818 default_context_.set_network_delegate(&network_delegate); |
2789 TestDelegate d; | 2819 TestDelegate d; |
2790 scoped_ptr<URLRequest> req(default_context_.CreateRequest( | 2820 scoped_ptr<URLRequest> req(default_context_.CreateRequest( |
2791 test_server.GetURL("/echoheader?Cookie"), DEFAULT_PRIORITY, &d)); | 2821 test_server.GetURL("/echoheader?Cookie"), DEFAULT_PRIORITY, &d)); |
2792 req->set_first_party_for_cookies(GURL("http://cross-site.test/")); | 2822 req->set_first_party_for_cookies(GURL("http://cross-site.test/")); |
2793 req->Start(); | 2823 req->Start(); |
2794 base::RunLoop().Run(); | 2824 base::RunLoop().Run(); |
2795 | 2825 |
2796 EXPECT_NE(d.data_received().find("SameSiteCookieToSet=1"), | 2826 EXPECT_NE(d.data_received().find("StrictSameSiteCookie=1"), |
2797 std::string::npos); | 2827 std::string::npos); |
| 2828 EXPECT_TRUE(d.data_received().find("LaxSameSiteCookie=1") != |
| 2829 std::string::npos); |
2798 EXPECT_EQ(0, network_delegate.blocked_get_cookies_count()); | 2830 EXPECT_EQ(0, network_delegate.blocked_get_cookies_count()); |
2799 EXPECT_EQ(0, network_delegate.blocked_set_cookie_count()); | 2831 EXPECT_EQ(0, network_delegate.blocked_set_cookie_count()); |
2800 } | 2832 } |
2801 } | 2833 } |
2802 | 2834 |
2803 // Tests that __Secure- cookies can't be set on non-secure origins. | 2835 // Tests that __Secure- cookies can't be set on non-secure origins. |
2804 TEST_F(URLRequestTest, SecureCookiePrefixOnNonsecureOrigin) { | 2836 TEST_F(URLRequestTest, SecureCookiePrefixOnNonsecureOrigin) { |
2805 EmbeddedTestServer http_server; | 2837 EmbeddedTestServer http_server; |
2806 http_server.AddDefaultHandlers( | 2838 http_server.AddDefaultHandlers( |
2807 base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))); | 2839 base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))); |
(...skipping 7207 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
10015 AddTestInterceptor()->set_main_intercept_job(std::move(job)); | 10047 AddTestInterceptor()->set_main_intercept_job(std::move(job)); |
10016 | 10048 |
10017 req->Start(); | 10049 req->Start(); |
10018 req->Cancel(); | 10050 req->Cancel(); |
10019 base::RunLoop().RunUntilIdle(); | 10051 base::RunLoop().RunUntilIdle(); |
10020 EXPECT_EQ(URLRequestStatus::CANCELED, req->status().status()); | 10052 EXPECT_EQ(URLRequestStatus::CANCELED, req->status().status()); |
10021 EXPECT_EQ(0, d.received_redirect_count()); | 10053 EXPECT_EQ(0, d.received_redirect_count()); |
10022 } | 10054 } |
10023 | 10055 |
10024 } // namespace net | 10056 } // namespace net |
OLD | NEW |