Chromium Code Reviews Chromium Code Reviews
Issue 241143002:
Allows AwCookieManager to block ThirdParty cookies (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: android_webview/javatests/src/org/chromium/android_webview/test/CookieManagerTest.java |
| diff --git a/android_webview/javatests/src/org/chromium/android_webview/test/CookieManagerTest.java b/android_webview/javatests/src/org/chromium/android_webview/test/CookieManagerTest.java |
| index 18cde687786914e7475f42e5f06f1eca475d6d7c..c4bcb2dc508a9ab6570b820a0b4555580d89a7a0 100644 |
| --- a/android_webview/javatests/src/org/chromium/android_webview/test/CookieManagerTest.java |
| +++ b/android_webview/javatests/src/org/chromium/android_webview/test/CookieManagerTest.java |
| @@ -234,4 +234,93 @@ public class CookieManagerTest extends AwTestBase { |
| } |
| }); |
| } |
| + |
| + @MediumTest |
| + @Feature({"AndroidWebView", "Privacy"}) |
| + public void testThirdPartyCookie() throws Throwable { |
| + TestWebServer webServer = null; |
| + try { |
| + // In theory we need two servers to test this, one server ('the first party') |
| + // which returns a response with a link to a second server ('the third party') |
| + // at different origin. This second server attempts to set a cookie which should |
| + // fail if AcceptThirdPartyCookie() is false. |
| + // Strictly according to the letter of RFC6454 it should be possible to set this |
| + // situation up with two TestServers on different ports (these count as having |
| + // different origins) but Chrome is not strict about this and does not check the |
| + // port. Instead we cheat making some of the urls come from localhost and some |
| + // from 127.0.0.1 which count (both in theory and pratice) as having different |
| + // origins. |
| + webServer = new TestWebServer(false); |
| + // Our third party server (e.g. an ad server). |
| + TestWebServer thirdParty = webServer; |
|
mkosiba (inactive)
2014/04/17 18:27:30
I think this is redundant given the comment above.
hjd_google
2014/04/22 13:34:41
Do you mean the assignments or just the comments?
mkosiba (inactive)
2014/04/23 12:51:22
the assignments.
|
| + // The first party server (e.g. some blog). |
| + TestWebServer firstParty = webServer; |
| + |
| + // Turn global allow on. |
| + mCookieManager.setAcceptCookie(true); |
| + mCookieManager.removeAllCookie(); |
| + assertTrue(mCookieManager.acceptCookie()); |
| + assertFalse(mCookieManager.hasCookies()); |
| + |
| + // When third party cookies are disabled... |
| + mCookieManager.setAcceptThirdPartyCookie(false); |
| + assertFalse(mCookieManager.acceptThirdPartyCookie()); |
| + |
| + // ...we can't set third party cookies. |
| + // First on the third party server we create a url which tries to set a cookie. |
| + String cookieUrl = makeUrlWithCookie(thirdParty, "/cookie_1.js", "test1", "value1"); |
| + // This hack causes the CookieManager treat the url as if it was from another domain. |
| + cookieUrl = cookieUrl.replace("localhost", "127.0.0.1"); |
|
mkosiba (inactive)
2014/04/17 18:27:30
maybe have makeUrlWithCookie take an extra boolean
hjd_google
2014/04/22 13:34:41
Done.
|
| + // Then we create a url on the first party server which links to the first url. |
| + String url = makeUrlWithScriptLink(firstParty, "/content_1.html", cookieUrl); |
| + loadUrlSync(mAwContents, mContentsClient.getOnPageFinishedHelper(), url); |
| + assertNull(mCookieManager.getCookie(cookieUrl)); |
| + |
| + // When third party cookies are enabled... |
| + mCookieManager.setAcceptThirdPartyCookie(true); |
| + assertTrue(mCookieManager.acceptThirdPartyCookie()); |
| + |
| + // ...we can set third party cookies. |
| + cookieUrl = makeUrlWithCookie(thirdParty, "/cookie_2.js", "test2", "value2"); |
| + cookieUrl = cookieUrl.replace("localhost", "127.0.0.1"); |
| + url = makeUrlWithScriptLink(firstParty, "/content_2.html", cookieUrl); |
| + loadUrlSync(mAwContents, mContentsClient.getOnPageFinishedHelper(), url); |
| + waitForCookie(cookieUrl); |
| + String cookie = mCookieManager.getCookie(cookieUrl); |
| + assertNotNull(cookie); |
| + validateCookies(cookie, "test2"); |
| + } finally { |
| + if (webServer != null) webServer.shutdown(); |
| + } |
| + } |
| + |
| + /** |
| + * Creates a response on the TestWebServer which attempts to set a cookie when fetched. |
| + * @param webServer the webServer on which to create the response |
| + * @param path the path component of the url (e.g "/cookie_test.html") |
| + * @param key the key of the cookie |
| + * @param value the value of the cookie |
| + * @return the url which gets the response |
| + */ |
| + private String makeUrlWithCookie(TestWebServer webServer, String path, String key, |
| + String value) { |
| + String response = ""; |
| + List<Pair<String, String>> responseHeaders = new ArrayList<Pair<String, String>>(); |
| + responseHeaders.add( |
| + Pair.create("Set-Cookie", key + "=" + value + "; path=" + path)); |
| + return webServer.setResponse(path, response, responseHeaders); |
| + } |
| + |
| + /** |
| + * Creates a response on the TestWebServer which contains a script tag with an external src. |
| + * @param webServer the webServer on which to create the response |
| + * @param path the path component of the url (e.g "my_thing_with_script.html") |
| + * @param url the url which which should appear as the src or the script tag. |
| + * @return the url which gets the response |
| + */ |
| + private String makeUrlWithScriptLink(TestWebServer webServer, String path, String url) { |
| + String responseStr = "<html><head><title>Content!</title></head>" + |
| + "<body><script src=" + url + "></script></body></html>"; |
| + return webServer.setResponse(path, responseStr, null); |
| + } |
| } |
