net/cookies/cookie_monster_unittest.cc - Issue 2306393002: Loosen strict 'Secure' checks for non-overlapping paths.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/cookies/cookie_monster_unittest.cc

Issue 2306393002: Loosen strict 'Secure' checks for non-overlapping paths. (Closed)

Patch Set: oops Created 4 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

Index: net/cookies/cookie_monster_unittest.cc

diff --git a/net/cookies/cookie_monster_unittest.cc b/net/cookies/cookie_monster_unittest.cc

index bba8fa401bab9409081d80d76f25ade0afcd0020..6aa9a33613a172e1c4d3475611d0081896fd896a 100644

--- a/net/cookies/cookie_monster_unittest.cc

+++ b/net/cookies/cookie_monster_unittest.cc

@@ -3070,16 +3070,25 @@ TEST_F(CookieMonsterStrictSecureTest, SetSecureCookies) {

EXPECT_TRUE(SetCookie(cm.get(), https_url, "A=C;"));

// If a non-secure cookie is created from a URL with an insecure scheme, and

- // a secure cookie with the same name already exists, no matter what the path

- // is, do not update the cookie.

+ // a secure cookie with the same name already exists, do not update the cookie

+ // if the new cookie's path matches the existing cookie's path.

+ //

+ // With an existing cookie whose path is '/', a cookie with the same name

+ // cannot be set on the same domain, regardless of path:

EXPECT_TRUE(SetCookie(cm.get(), https_url, "A=B; Secure"));

EXPECT_FALSE(SetCookie(cm.get(), http_url, "A=C; path=/"));

EXPECT_FALSE(SetCookie(cm.get(), http_url, "A=C; path=/my/path"));

- EXPECT_TRUE(SetCookie(cm.get(), https_url, "A=B; Secure; path=/my/path"));

- EXPECT_FALSE(SetCookie(cm.get(), http_url, "A=C"));

- EXPECT_FALSE(SetCookie(cm.get(), http_url, "A=C; path=/"));

- EXPECT_FALSE(SetCookie(cm.get(), http_url, "A=C; path=/my/path"));

+ // But if the existing cookie has a path somewhere under the root, cookies

+ // with the same name may be set for paths which don't overlap the existing

+ // cookie.

+ EXPECT_TRUE(

+ SetCookie(cm.get(), https_url, "WITH_PATH=B; Secure; path=/my/path"));

+ EXPECT_TRUE(SetCookie(cm.get(), http_url, "WITH_PATH=C"));

+ EXPECT_TRUE(SetCookie(cm.get(), http_url, "WITH_PATH=C; path=/"));

+ EXPECT_TRUE(SetCookie(cm.get(), http_url, "WITH_PATH=C; path=/your/path"));

+ EXPECT_FALSE(SetCookie(cm.get(), http_url, "WITH_PATH=C; path=/my/path"));

+ EXPECT_FALSE(SetCookie(cm.get(), http_url, "WITH_PATH=C; path=/my/path/sub"));

// If a non-secure cookie is created from a URL with an insecure scheme, and

// a secure cookie with the same name already exists, if the domain strings

« no previous file with comments | « net/cookies/canonical_cookie_unittest.cc ('k') | no next file » | no next file with comments »