| Index: content/browser/frame_host/render_frame_message_filter_browsertest.cc
|
| diff --git a/content/browser/frame_host/render_frame_message_filter_browsertest.cc b/content/browser/frame_host/render_frame_message_filter_browsertest.cc
|
| index adf9516281cb908de49d48f05793ce6aab287c61..0b23ce24fc8f7272fdfe20d02a73c4a3b51fd148 100644
|
| --- a/content/browser/frame_host/render_frame_message_filter_browsertest.cc
|
| +++ b/content/browser/frame_host/render_frame_message_filter_browsertest.cc
|
| @@ -111,17 +111,35 @@ IN_PROC_BROWSER_TEST_F(RenderFrameMessageFilterBrowserTest, SameSiteCookies) {
|
| ASSERT_TRUE(embedded_test_server()->Start());
|
| SetupCrossSiteRedirector(embedded_test_server());
|
|
|
| - // The server sends a SameSite cookie. The RenderFrameMessageFilter should
|
| - // allow this to be sent to the renderer.
|
| - GURL url = embedded_test_server()->GetURL("/set-cookie?samesite=1;SameSite");
|
| + // The server sets five cookies on '127.0.0.1' and on 'baz.com', then loads a
|
| + // page that frames 'baz.com' inside '127.0.0.1'.
|
| + std::string cookies_to_set =
|
| + "/set-cookie?normal=1"
|
| + "&strict=1;SameSite=Strict"
|
| + "&lax=1;SameSite=Lax"
|
| + "&strict-http=1;SameSite=Strict;httponly"
|
| + "&lax-http=1;SameSite=Lax;httponly";
|
| +
|
| + GURL url = embedded_test_server()->GetURL("127.0.0.1", cookies_to_set);
|
| + NavigateToURL(shell(), url);
|
| + url = embedded_test_server()->GetURL("baz.com", cookies_to_set);
|
| + NavigateToURL(shell(), url);
|
| + url = embedded_test_server()->GetURL("127.0.0.1",
|
| + "/frame_with_load_event.html");
|
| NavigateToURL(shell(), url);
|
|
|
| WebContentsImpl* web_contents =
|
| static_cast<WebContentsImpl*>(shell()->web_contents());
|
| - EXPECT_EQ("http://127.0.0.1/",
|
| - web_contents->GetSiteInstance()->GetSiteURL().spec());
|
| + RenderFrameHost* main_frame = web_contents->GetMainFrame();
|
| + RenderFrameHost* iframe =
|
| + web_contents->GetFrameTree()->root()->child_at(0)->current_frame_host();
|
| +
|
| + // The top-level frame should get both kinds of same-site cookies.
|
| + EXPECT_EQ("normal=1; strict=1; lax=1", GetCookieFromJS(main_frame));
|
|
|
| - EXPECT_EQ("samesite=1", GetCookieFromJS(web_contents->GetMainFrame()));
|
| + // Same-site cookies should not be delievered to the frame, as it isn't
|
| + // same-site with its ancestors.
|
| + EXPECT_EQ("normal=1", GetCookieFromJS(iframe));
|
| }
|
|
|
| // The RenderFrameMessageFilter will kill processes when they access the cookies
|
|
|
Chromium Code Reviews
Issue 1783813002:
SameSite: Strict/Lax behavior. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@strict-lax