android_webview/javatests/src/org/chromium/android_webview/test/CookieManagerTest.java - Issue 241143002: Allows AwCookieManager to block ThirdParty cookies

Side by Side Diff: android_webview/javatests/src/org/chromium/android_webview/test/CookieManagerTest.java

Issue 241143002: Allows AwCookieManager to block ThirdParty cookies (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: fix issues raised Created 6 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« android_webview/browser/aw_cookie_access_policy_unittest.cc ('K') | « android_webview/java/src/org/chromium/android_webview/AwCookieManager.java ('k') | android_webview/native/cookie_manager.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2012 The Chromium Authors. All rights reserved.	1 // Copyright 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 package org.chromium.android_webview.test;	5 package org.chromium.android_webview.test;

6	6

7 import android.test.MoreAsserts;	7 import android.test.MoreAsserts;

8 import android.test.suitebuilder.annotation.MediumTest;	8 import android.test.suitebuilder.annotation.MediumTest;

9 import android.test.suitebuilder.annotation.SmallTest;	9 import android.test.suitebuilder.annotation.SmallTest;

10 import android.util.Pair;	10 import android.util.Pair;

(...skipping 216 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
227 });	227 });

228	228

229 mCookieManager.removeAllCookie();	229 mCookieManager.removeAllCookie();

230 poll(new Callable<Boolean>() {	230 poll(new Callable<Boolean>() {

231 @Override	231 @Override

232 public Boolean call() throws Exception {	232 public Boolean call() throws Exception {

233 return mCookieManager.getCookie(url) == null;	233 return mCookieManager.getCookie(url) == null;

234 }	234 }

235 });	235 });

236 }	236 }

	237

	238 @MediumTest

	239 @Feature({"AndroidWebView", "Privacy"})

	240 public void testThirdPartyCookie() throws Throwable {
	mkosiba (inactive) 2014/04/23 12:51:22 like I mentioned offline - you probably want a tes like I mentioned offline - you probably want a test that uses the JS API too. hjd_google 2014/04/24 12:48:30 Done. I added it as a separate test for clarity. Show quoted text On 2014/04/23 12:51:22, mkosiba wrote: > like I mentioned offline - you probably want a test that uses the JS API too. Done. I added it as a separate test for clarity.
	241 TestWebServer webServer = null;

	242 try {

	243 // In theory we need two servers to test this, one server ('the firs t party')

	244 // which returns a response with a link to a second server ('the thi rd party')

	245 // at different origin. This second server attempts to set a cookie which should

	246 // fail if AcceptThirdPartyCookie() is false.

	247 // Strictly according to the letter of RFC6454 it should be possible to set this

	248 // situation up with two TestServers on different ports (these count as having

	249 // different origins) but Chrome is not strict about this and does n ot check the

	250 // port. Instead we cheat making some of the urls come from localhos t and some

	251 // from 127.0.0.1 which count (both in theory and pratice) as having different

	252 // origins.

	253 webServer = new TestWebServer(false);

	254 TestWebServer thirdParty = webServer;

	255 TestWebServer firstParty = webServer;

	256

	257 // Turn global allow on.

	258 mCookieManager.setAcceptCookie(true);

	259 mCookieManager.removeAllCookie();

	260 assertTrue(mCookieManager.acceptCookie());

	261 assertFalse(mCookieManager.hasCookies());

	262

	263 // When third party cookies are disabled...

	264 mCookieManager.setAcceptThirdPartyCookie(false);

	265 assertFalse(mCookieManager.acceptThirdPartyCookie());

	266

	267 String cookieUrl, url;
	mkosiba (inactive) 2014/04/23 12:51:22 I think the style is to declare + initialize. If t I think the style is to declare + initialize. If the line is too long break after =, so String cookieUrl = makeUrl... cant't remember if indent is supposed to be 4 or 8 spaces in this case though. hjd_google 2014/04/24 12:48:30 Done. Show quoted text On 2014/04/23 12:51:22, mkosiba wrote: > I think the style is to declare + initialize. If the line is too long break > after =, so > > String cookieUrl = > makeUrl... > > cant't remember if indent is supposed to be 4 or 8 spaces in this case though. Done.
	268

	269 // ...we can't set third party cookies.

	270 // First on the third party server we create a url which tries to se t a cookie.

	271 cookieUrl = makeUrlWithCookie(thirdParty, "/cookie_1.js", "test1", " value1", true);

	272 // Then we create a url on the first party server which links to the first url.

	273 url = makeUrlWithScriptLink(firstParty, "/content_1.html", cookieUrl );

	274 loadUrlSync(mAwContents, mContentsClient.getOnPageFinishedHelper(), url);

	275 assertNull(mCookieManager.getCookie(cookieUrl));

	276

	277 // When third party cookies are enabled...

	278 mCookieManager.setAcceptThirdPartyCookie(true);

	279 assertTrue(mCookieManager.acceptThirdPartyCookie());

	280

	281 // ...we can set third party cookies.

	282 cookieUrl = makeUrlWithCookie(thirdParty, "/cookie_2.js", "test2", " value2", true);

	283 url = makeUrlWithScriptLink(firstParty, "/content_2.html", cookieUrl );

	284 loadUrlSync(mAwContents, mContentsClient.getOnPageFinishedHelper(), url);

	285 waitForCookie(cookieUrl);

	286 String cookie = mCookieManager.getCookie(cookieUrl);

	287 assertNotNull(cookie);

	288 validateCookies(cookie, "test2");

	289 } finally {

	290 if (webServer != null) webServer.shutdown();

	291 }

	292 }

	293

	294 /**

	295 * Creates a response on the TestWebServer which attempts to set a cookie wh en fetched.

	296 * @param webServer the webServer on which to create the response

	297 * @param path the path component of the url (e.g "/cookie_test.html")

	298 * @param key the key of the cookie

	299 * @param value the value of the cookie

	300 * @param thirdParty if true we should fake the url to look like a diffrent domain.

	301 * @return the url which gets the response

	302 */

	303 private String makeUrlWithCookie(TestWebServer webServer, String path, Strin g key,
	mkosiba (inactive) 2014/04/23 12:51:22 seems like you only ever call this with thirdParty seems like you only ever call this with thirdParty == true, so maybe rename method to makeThridPartyUrlWithCookie(...) and drop the extra bool? Alternatively have two methods: makeUrlWithCookie(...) and toThirdPartyUrl(String url) { return url.replace... } hjd_google 2014/04/24 12:48:30 Done. Show quoted text On 2014/04/23 12:51:22, mkosiba wrote: > seems like you only ever call this with thirdParty == true, so maybe rename > method to makeThridPartyUrlWithCookie(...) and drop the extra bool? > Alternatively have two methods: > makeUrlWithCookie(...) and toThirdPartyUrl(String url) { return url.replace... } Done.
	304 String value, boolean thirdParty) {

	305 String response = "";

	306 List<Pair<String, String>> responseHeaders = new ArrayList<Pair<String, String>>();

	307 responseHeaders.add(

	308 Pair.create("Set-Cookie", key + "=" + value + "; path=" + path));

	309 String url = webServer.setResponse(path, response, responseHeaders);

	310 if (thirdParty) {

	311 return url.replace("localhost", "127.0.0.1");

	312 }

	313 return url;

	314 }

	315

	316 /**

	317 * Creates a response on the TestWebServer which contains a script tag with an external src.

	318 * @param webServer the webServer on which to create the response

	319 * @param path the path component of the url (e.g "my_thing_with_script.htm l")

	320 * @param url the url which which should appear as the src or the script ta g.

	321 * @return the url which gets the response

	322 */

	323 private String makeUrlWithScriptLink(TestWebServer webServer, String path, S tring url) {

	324 String responseStr = "<html><head><title>Content!</title></head>" +

	325 "<body><script src=" + url + "></script></body></html>";

	326 return webServer.setResponse(path, responseStr, null);

	327 }

237 }	328 }

OLD	NEW