| Index: net/url_request/url_request_unittest.cc
|
| diff --git a/net/url_request/url_request_unittest.cc b/net/url_request/url_request_unittest.cc
|
| index fef773db63c9db0f2b2cdfa998de448ddfaec5a4..d32fa26b86c91926c312f28a5b59fc216f5e1ac4 100644
|
| --- a/net/url_request/url_request_unittest.cc
|
| +++ b/net/url_request/url_request_unittest.cc
|
| @@ -2659,83 +2659,110 @@ TEST_F(URLRequestTest, SameSiteCookiesEnabled) {
|
| network_delegate.set_experimental_cookie_features_enabled(true);
|
| default_context_.set_network_delegate(&network_delegate);
|
|
|
| - // Set up a 'SameSite' cookie (on '127.0.0.1', as that's where
|
| - // LocalHttpTestServer points).
|
| + const std::string kHost = "example.test";
|
| + const std::string kSubHost = "subdomain.example.test";
|
| + const std::string kCrossHost = "cross-origin.test";
|
| +
|
| + // Set up two 'SameSite' cookies on 'example.test'
|
| {
|
| TestDelegate d;
|
| scoped_ptr<URLRequest> req(default_context_.CreateRequest(
|
| - test_server.GetURL("/set-cookie?SameSiteCookieToSet=1;SameSite=Strict"),
|
| + test_server.GetURL(kHost,
|
| + "/set-cookie?StrictSameSiteCookie=1;SameSite=Strict&"
|
| + "LaxSameSiteCookie=1;SameSite=Lax"),
|
| DEFAULT_PRIORITY, &d));
|
| req->Start();
|
| base::RunLoop().Run();
|
| EXPECT_EQ(0, network_delegate.blocked_get_cookies_count());
|
| EXPECT_EQ(0, network_delegate.blocked_set_cookie_count());
|
| - EXPECT_EQ(1, network_delegate.set_cookie_count());
|
| + EXPECT_EQ(2, network_delegate.set_cookie_count());
|
| }
|
|
|
| - // Verify that the cookie is sent for same-site requests.
|
| + // Verify that both cookies are sent for same-site requests.
|
| {
|
| TestDelegate d;
|
| scoped_ptr<URLRequest> req(default_context_.CreateRequest(
|
| - test_server.GetURL("/echoheader?Cookie"), DEFAULT_PRIORITY, &d));
|
| - req->set_first_party_for_cookies(test_server.GetURL("/"));
|
| - req->set_initiator(url::Origin(test_server.GetURL("/")));
|
| + test_server.GetURL(kHost, "/echoheader?Cookie"), DEFAULT_PRIORITY, &d));
|
| + req->set_first_party_for_cookies(test_server.GetURL(kHost, "/"));
|
| + req->set_initiator(url::Origin(test_server.GetURL(kHost, "/")));
|
| req->Start();
|
| base::RunLoop().Run();
|
|
|
| - EXPECT_TRUE(d.data_received().find("SameSiteCookieToSet=1") !=
|
| - std::string::npos);
|
| + EXPECT_NE(std::string::npos,
|
| + d.data_received().find("StrictSameSiteCookie=1"));
|
| + EXPECT_NE(std::string::npos, d.data_received().find("LaxSameSiteCookie=1"));
|
| EXPECT_EQ(0, network_delegate.blocked_get_cookies_count());
|
| EXPECT_EQ(0, network_delegate.blocked_set_cookie_count());
|
| }
|
|
|
| - // Verify that the cookie is not sent for cross-site requests.
|
| + // Verify that both cookies are sent for same-registrable-domain requests.
|
| {
|
| TestDelegate d;
|
| scoped_ptr<URLRequest> req(default_context_.CreateRequest(
|
| - test_server.GetURL("/echoheader?Cookie"), DEFAULT_PRIORITY, &d));
|
| - req->set_first_party_for_cookies(GURL("http://cross-site.test/"));
|
| - req->set_initiator(url::Origin(GURL("http://cross-site.test/")));
|
| + test_server.GetURL(kHost, "/echoheader?Cookie"), DEFAULT_PRIORITY, &d));
|
| + req->set_first_party_for_cookies(test_server.GetURL(kSubHost, "/"));
|
| + req->set_initiator(url::Origin(test_server.GetURL(kSubHost, "/")));
|
| req->Start();
|
| base::RunLoop().Run();
|
|
|
| - EXPECT_TRUE(d.data_received().find("SameSiteCookieToSet=1") ==
|
| - std::string::npos);
|
| + EXPECT_NE(std::string::npos,
|
| + d.data_received().find("StrictSameSiteCookie=1"));
|
| + EXPECT_NE(std::string::npos, d.data_received().find("LaxSameSiteCookie=1"));
|
| EXPECT_EQ(0, network_delegate.blocked_get_cookies_count());
|
| EXPECT_EQ(0, network_delegate.blocked_set_cookie_count());
|
| }
|
|
|
| - // Verify that the cookie is sent for cross-site initiators when the
|
| + // Verify that neither cookie is not sent for cross-site requests.
|
| + {
|
| + TestDelegate d;
|
| + scoped_ptr<URLRequest> req(default_context_.CreateRequest(
|
| + test_server.GetURL(kHost, "/echoheader?Cookie"), DEFAULT_PRIORITY, &d));
|
| + req->set_first_party_for_cookies(test_server.GetURL(kCrossHost, "/"));
|
| + req->set_initiator(url::Origin(test_server.GetURL(kCrossHost, "/")));
|
| + req->Start();
|
| + base::RunLoop().Run();
|
| +
|
| + EXPECT_EQ(std::string::npos,
|
| + d.data_received().find("StrictSameSiteCookie=1"));
|
| + EXPECT_EQ(std::string::npos, d.data_received().find("LaxSameSiteCookie=1"));
|
| + EXPECT_EQ(0, network_delegate.blocked_get_cookies_count());
|
| + EXPECT_EQ(0, network_delegate.blocked_set_cookie_count());
|
| + }
|
| +
|
| + // Verify that the lax cookie is sent for cross-site initiators when the
|
| // method is "safe".
|
| {
|
| TestDelegate d;
|
| scoped_ptr<URLRequest> req(default_context_.CreateRequest(
|
| - test_server.GetURL("/echoheader?Cookie"), DEFAULT_PRIORITY, &d));
|
| - req->set_first_party_for_cookies(test_server.GetURL("/"));
|
| - req->set_initiator(url::Origin(GURL("http://cross-site.test/")));
|
| + test_server.GetURL(kHost, "/echoheader?Cookie"), DEFAULT_PRIORITY, &d));
|
| + req->set_first_party_for_cookies(test_server.GetURL(kHost, "/"));
|
| + req->set_initiator(url::Origin(test_server.GetURL(kCrossHost, "/")));
|
| + req->set_method("GET");
|
| req->Start();
|
| base::RunLoop().Run();
|
|
|
| - EXPECT_FALSE(d.data_received().find("SameSiteCookieToSet=1") ==
|
| - std::string::npos);
|
| + EXPECT_EQ(std::string::npos,
|
| + d.data_received().find("StrictSameSiteCookie=1"));
|
| + EXPECT_NE(std::string::npos, d.data_received().find("LaxSameSiteCookie=1"));
|
| EXPECT_EQ(0, network_delegate.blocked_get_cookies_count());
|
| EXPECT_EQ(0, network_delegate.blocked_set_cookie_count());
|
| }
|
|
|
| - // Verify that the cookie is not sent for cross-site initiators when the
|
| + // Verify that neither cookie is sent for cross-site initiators when the
|
| // method is unsafe (e.g. POST).
|
| {
|
| TestDelegate d;
|
| scoped_ptr<URLRequest> req(default_context_.CreateRequest(
|
| - test_server.GetURL("/echoheader?Cookie"), DEFAULT_PRIORITY, &d));
|
| - req->set_first_party_for_cookies(test_server.GetURL("/"));
|
| - req->set_initiator(url::Origin(GURL("http://cross-site.test/")));
|
| + test_server.GetURL(kHost, "/echoheader?Cookie"), DEFAULT_PRIORITY, &d));
|
| + req->set_first_party_for_cookies(test_server.GetURL(kHost, "/"));
|
| + req->set_initiator(url::Origin(test_server.GetURL(kCrossHost, "/")));
|
| req->set_method("POST");
|
| req->Start();
|
| base::RunLoop().Run();
|
|
|
| - EXPECT_TRUE(d.data_received().find("SameSiteCookieToSet=1") ==
|
| - std::string::npos);
|
| + EXPECT_EQ(std::string::npos,
|
| + d.data_received().find("StrictSameSiteCookie=1"));
|
| + EXPECT_EQ(std::string::npos, d.data_received().find("LaxSameSiteCookie=1"));
|
| EXPECT_EQ(0, network_delegate.blocked_get_cookies_count());
|
| EXPECT_EQ(0, network_delegate.blocked_set_cookie_count());
|
| }
|
| @@ -2754,13 +2781,14 @@ TEST_F(URLRequestTest, SameSiteCookiesDisabled) {
|
|
|
| TestDelegate d;
|
| scoped_ptr<URLRequest> req(default_context_.CreateRequest(
|
| - test_server.GetURL("/set-cookie?SameSiteCookieToSet=1;SameSite"),
|
| + test_server.GetURL("/set-cookie?StrictSameSiteCookie=1;SameSite=Strict&"
|
| + "LaxSameSiteCookie=1;SameSite=Lax"),
|
| DEFAULT_PRIORITY, &d));
|
| req->Start();
|
| base::RunLoop().Run();
|
| EXPECT_EQ(0, network_delegate.blocked_get_cookies_count());
|
| EXPECT_EQ(0, network_delegate.blocked_set_cookie_count());
|
| - EXPECT_EQ(1, network_delegate.set_cookie_count());
|
| + EXPECT_EQ(2, network_delegate.set_cookie_count());
|
| }
|
|
|
| // Verify that the cookie is sent for same-site requests.
|
| @@ -2775,7 +2803,9 @@ TEST_F(URLRequestTest, SameSiteCookiesDisabled) {
|
| req->Start();
|
| base::RunLoop().Run();
|
|
|
| - EXPECT_TRUE(d.data_received().find("SameSiteCookieToSet=1") !=
|
| + EXPECT_TRUE(d.data_received().find("StrictSameSiteCookie=1") !=
|
| + std::string::npos);
|
| + EXPECT_TRUE(d.data_received().find("LaxSameSiteCookie=1") !=
|
| std::string::npos);
|
| EXPECT_EQ(0, network_delegate.blocked_get_cookies_count());
|
| EXPECT_EQ(0, network_delegate.blocked_set_cookie_count());
|
| @@ -2793,8 +2823,10 @@ TEST_F(URLRequestTest, SameSiteCookiesDisabled) {
|
| req->Start();
|
| base::RunLoop().Run();
|
|
|
| - EXPECT_NE(d.data_received().find("SameSiteCookieToSet=1"),
|
| + EXPECT_NE(d.data_received().find("StrictSameSiteCookie=1"),
|
| std::string::npos);
|
| + EXPECT_TRUE(d.data_received().find("LaxSameSiteCookie=1") !=
|
| + std::string::npos);
|
| EXPECT_EQ(0, network_delegate.blocked_get_cookies_count());
|
| EXPECT_EQ(0, network_delegate.blocked_set_cookie_count());
|
| }
|
|
|
Chromium Code Reviews
Issue 1783813002:
SameSite: Strict/Lax behavior. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@strict-lax