Index: content/browser/frame_host/render_frame_message_filter_browsertest.cc |
diff --git a/content/browser/frame_host/render_frame_message_filter_browsertest.cc b/content/browser/frame_host/render_frame_message_filter_browsertest.cc |
index adf9516281cb908de49d48f05793ce6aab287c61..0b23ce24fc8f7272fdfe20d02a73c4a3b51fd148 100644 |
--- a/content/browser/frame_host/render_frame_message_filter_browsertest.cc |
+++ b/content/browser/frame_host/render_frame_message_filter_browsertest.cc |
@@ -111,17 +111,35 @@ IN_PROC_BROWSER_TEST_F(RenderFrameMessageFilterBrowserTest, SameSiteCookies) { |
ASSERT_TRUE(embedded_test_server()->Start()); |
SetupCrossSiteRedirector(embedded_test_server()); |
- // The server sends a SameSite cookie. The RenderFrameMessageFilter should |
- // allow this to be sent to the renderer. |
- GURL url = embedded_test_server()->GetURL("/set-cookie?samesite=1;SameSite"); |
+ // The server sets five cookies on '127.0.0.1' and on 'baz.com', then loads a |
+ // page that frames 'baz.com' inside '127.0.0.1'. |
+ std::string cookies_to_set = |
+ "/set-cookie?normal=1" |
+ "&strict=1;SameSite=Strict" |
+ "&lax=1;SameSite=Lax" |
+ "&strict-http=1;SameSite=Strict;httponly" |
+ "&lax-http=1;SameSite=Lax;httponly"; |
+ |
+ GURL url = embedded_test_server()->GetURL("127.0.0.1", cookies_to_set); |
+ NavigateToURL(shell(), url); |
+ url = embedded_test_server()->GetURL("baz.com", cookies_to_set); |
+ NavigateToURL(shell(), url); |
+ url = embedded_test_server()->GetURL("127.0.0.1", |
+ "/frame_with_load_event.html"); |
NavigateToURL(shell(), url); |
WebContentsImpl* web_contents = |
static_cast<WebContentsImpl*>(shell()->web_contents()); |
- EXPECT_EQ("http://127.0.0.1/", |
- web_contents->GetSiteInstance()->GetSiteURL().spec()); |
+ RenderFrameHost* main_frame = web_contents->GetMainFrame(); |
+ RenderFrameHost* iframe = |
+ web_contents->GetFrameTree()->root()->child_at(0)->current_frame_host(); |
+ |
+ // The top-level frame should get both kinds of same-site cookies. |
+ EXPECT_EQ("normal=1; strict=1; lax=1", GetCookieFromJS(main_frame)); |
- EXPECT_EQ("samesite=1", GetCookieFromJS(web_contents->GetMainFrame())); |
+ // Same-site cookies should not be delievered to the frame, as it isn't |
+ // same-site with its ancestors. |
+ EXPECT_EQ("normal=1", GetCookieFromJS(iframe)); |
} |
// The RenderFrameMessageFilter will kill processes when they access the cookies |