bug 1453806 - verify that cookies aren't sent back by TRR r=mcmanus

MozReview-Commit-ID: LOeDNqhNZYN --HG-- extra : rebase_source : fc0a09bba614b9c2ff458badc0affc91aa7cec34
2024-11-28 23:31:56 +00:00 · 2018-04-13 00:26:00 +02:00 · 2018-04-13 00:26:00 +02:00 · 3dea228f86
commit 3dea228f86
parent 10036a689e
1 changed files with 11 additions and 0 deletions
--- a/testing/xpcshell/moz-http2/moz-http2.js
+++ b/testing/xpcshell/moz-http2/moz-http2.js
@ -584,6 +584,8 @@ function handleRequest(req, res) {
    var content= new Buffer("00000100000100010000000003626172076578616D706C6503636F6D0000010001C00C000100010000003700047F000001", "hex");
    res.setHeader('Content-Type', 'application/dns-udpwireformat');
    res.setHeader('Content-Length', content.length);
+    // pass back a cookie here, check it in /dns-auth
+    res.setHeader('Set-Cookie', 'trackyou=yes; path=/; max-age=100000;');
    res.writeHead(200);
    res.write(content);
    res.end("");
@ -672,6 +674,15 @@ function handleRequest(req, res) {
  }
  // for use with test_trr.js
  else if (u.pathname === "/dns-auth") {
+    // There's a Set-Cookie: header in the response for "/dns" , which this
+    // request subsequently would include if the http channel wasn't
+    // anonymous. Thus, if there's a cookie in this request, we know Firefox
+    // mishaved. If there's not, we're fine.
+    if (req.headers['cookie']) {
+      res.writeHead(403);
+      res.end("cookie for me, not for you");
+      return;
+    }
    if (req.headers['authorization'] != "user:password") {
      res.writeHead(401);
      res.end("bad boy!");