Update cookie value and attribute setting behavior to match other UAs

net/cookies/cookie_store_unittest.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_COOKIES_COOKIE_STORE_UNITTEST_H_
 #define NET_COOKIES_COOKIE_STORE_UNITTEST_H_
 
 #include <set>
 #include <string>
 #include <vector>
@@ skipping 447 matching lines @@
   EXPECT_FALSE(it->IsPersistent());
   // Some CookieStores don't store last access date.
   if (!it->LastAccessDate().is_null())
     EXPECT_EQ(it->CreationDate(), it->LastAccessDate());
   EXPECT_TRUE(it->IsSecure());
   EXPECT_FALSE(it->IsHttpOnly());
 
   EXPECT_TRUE(++it == cookies.end());
 }
 
+// The iOS networking stack uses the iOS cookie parser, which we do not
+// control. While it is spec-compliant, that does not match the practical
+// behavior of most UAs in some cases, which we try to replicate. See
+// https://crbug.com/XXXXXX for more information.
+#if !defined(OS_IOS)
+TYPED_TEST_P(CookieStoreTest, EmptyKeyTest) {
+  CookieStore* cs = this->GetCookieStore();
+
+  GURL url1("http://foo1.bar.com");
+  EXPECT_TRUE(this->SetCookie(cs, url1, "foo"));
+  EXPECT_EQ("foo", this->GetCookies(cs, url1));
+
+  // Regression tests for https://crbug.com/601786
+  GURL url2("http://foo2.bar.com");
+  EXPECT_TRUE(this->SetCookie(cs, url2, "foo"));
+  EXPECT_TRUE(this->SetCookie(cs, url2, "\t"));
+  EXPECT_EQ("", this->GetCookies(cs, url2));
+
+  GURL url3("http://foo3.bar.com");
+  EXPECT_TRUE(this->SetCookie(cs, url3, "foo"));
+  EXPECT_TRUE(this->SetCookie(cs, url3, "="));
+  EXPECT_EQ("", this->GetCookies(cs, url3));
+
+  GURL url4("http://foo4.bar.com");
+  EXPECT_TRUE(this->SetCookie(cs, url4, "foo"));
+  EXPECT_TRUE(this->SetCookie(cs, url4, ""));
+  EXPECT_EQ("", this->GetCookies(cs, url4));
+
+  GURL url5("http://foo5.bar.com");
+  EXPECT_TRUE(this->SetCookie(cs, url5, "foo"));
+  EXPECT_TRUE(this->SetCookie(cs, url5, "; bar"));
+  EXPECT_EQ("", this->GetCookies(cs, url5));
+
+  GURL url6("http://foo6.bar.com");
+  EXPECT_TRUE(this->SetCookie(cs, url6, "foo"));
+  EXPECT_TRUE(this->SetCookie(cs, url6, " "));
+  EXPECT_EQ("", this->GetCookies(cs, url6));
+}
+#endif
+
 TYPED_TEST_P(CookieStoreTest, DomainTest) {
   CookieStore* cs = this->GetCookieStore();
   EXPECT_TRUE(this->SetCookie(cs, this->http_www_google_.url(), "A=B"));
   this->MatchCookieLines("A=B",
                          this->GetCookies(cs, this->http_www_google_.url()));
   EXPECT_TRUE(
       this->SetCookie(cs, this->http_www_google_.url(),
                       this->http_www_google_.Format("C=D; domain=.%D")));
   this->MatchCookieLines("A=B; C=D",
                          this->GetCookies(cs, this->http_www_google_.url()));
@@ skipping 77 matching lines @@
 
 // Test that setting a cookie which specifies an invalid domain has
 // no side-effect. An invalid domain in this context is one which does
 // not match the originating domain.
 TYPED_TEST_P(CookieStoreTest, InvalidDomainTest) {
   CookieStore* cs = this->GetCookieStore();
   GURL url_foobar("http://foo.bar.com");
 
   // More specific sub-domain than allowed.
   EXPECT_FALSE(this->SetCookie(cs, url_foobar, "a=1; domain=.yo.foo.bar.com"));
+  // Regression test for https://crbug.com/601786
+  EXPECT_FALSE(
+      this->SetCookie(cs, url_foobar, "a=1; domain=.yo.foo.bar.com; domain="));
 
   EXPECT_FALSE(this->SetCookie(cs, url_foobar, "b=2; domain=.foo.com"));
   EXPECT_FALSE(this->SetCookie(cs, url_foobar, "c=3; domain=.bar.foo.com"));
 
   // Different TLD, but the rest is a substring.
   EXPECT_FALSE(this->SetCookie(cs, url_foobar, "d=4; domain=.foo.bar.com.net"));
 
   // A substring that isn't really a parent domain.
   EXPECT_FALSE(this->SetCookie(cs, url_foobar, "e=5; domain=ar.com"));
 
@@ skipping 792 matching lines @@
   this->MatchCookieLines("A=B; C=D",
                          this->GetCookies(cs, this->http_www_google_.url()));
   // Delete the session cookie.
   this->DeleteSessionCookies(cs);
   // Check that the session cookie has been deleted but not the persistent one.
   EXPECT_EQ("C=D", this->GetCookies(cs, this->http_www_google_.url()));
 }
 
 REGISTER_TYPED_TEST_CASE_P(CookieStoreTest,
                            SetCookieWithDetailsAsync,
+#if !defined(OS_IOS)
+                           EmptyKeyTest,
+#endif

[mmenke, 2016/08/17 16:23:17]

Looks like Windows doesn't like this (I guess I don't really blame it).  May
have to just make the test exist, but do nothing, on iOS.

[jww, 2016/08/17 16:57:08]

Done.

                            DomainTest,
                            DomainWithTrailingDotTest,
                            ValidSubdomainTest,
                            InvalidDomainTest,
                            InvalidDomainSameDomainAndRegistry,
                            DomainWithoutLeadingDotParentDomain,
                            DomainWithoutLeadingDotSameDomain,
                            CaseInsensitiveDomainTest,
                            TestIpAddress,
                            TestIpAddressNoDomainCookies,
@@ skipping 19 matching lines @@
                            OverwritePersistentCookie,
                            CookieOrdering,
                            GetAllCookiesAsync,
                            DeleteCookieAsync,
                            DeleteCanonicalCookieAsync,
                            DeleteSessionCookie);
 
 }  // namespace net
 
 #endif  // NET_COOKIES_COOKIE_STORE_UNITTEST_H_