mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-09 11:25:00 +00:00
Bug 1452496: gtest for discarding same-site cookies in cross site context. r=dveditz
This commit is contained in:
parent
dadd18d654
commit
a6f01f147d
@ -12,6 +12,9 @@
|
||||
#include <stdio.h>
|
||||
#include "plstr.h"
|
||||
#include "nsNetUtil.h"
|
||||
#include "nsIChannel.h"
|
||||
#include "nsIPrincipal.h"
|
||||
#include "nsIScriptSecurityManager.h"
|
||||
#include "nsISimpleEnumerator.h"
|
||||
#include "nsServiceManagerUtils.h"
|
||||
#include "nsNetCID.h"
|
||||
@ -75,6 +78,36 @@ SetACookie(nsICookieService *aCookieService, const char *aSpec1, const char *aSp
|
||||
EXPECT_TRUE(NS_SUCCEEDED(rv));
|
||||
}
|
||||
|
||||
// Custom Cookie Generator specifically for the needs of same-site cookies!
|
||||
// Hands off unless you know exactly what you are doing!
|
||||
void
|
||||
SetASameSiteCookie(nsICookieService *aCookieService, const char *aSpec1, const char *aSpec2, const char* aCookieString, const char *aServerTime)
|
||||
{
|
||||
nsCOMPtr<nsIURI> uri1, uri2;
|
||||
NS_NewURI(getter_AddRefs(uri1), aSpec1);
|
||||
if (aSpec2)
|
||||
NS_NewURI(getter_AddRefs(uri2), aSpec2);
|
||||
|
||||
// We create a dummy channel using the aSpec1 to simulate same-siteness
|
||||
nsresult rv0;
|
||||
nsCOMPtr<nsIScriptSecurityManager> ssm =
|
||||
do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv0);
|
||||
ASSERT_TRUE(NS_SUCCEEDED(rv0));
|
||||
nsCOMPtr<nsIPrincipal> spec1Principal;
|
||||
nsCString tmpString(aSpec1);
|
||||
ssm->CreateCodebasePrincipalFromOrigin(tmpString, getter_AddRefs(spec1Principal));
|
||||
|
||||
nsCOMPtr<nsIChannel> dummyChannel;
|
||||
NS_NewChannel(getter_AddRefs(dummyChannel),
|
||||
uri1,
|
||||
spec1Principal,
|
||||
nsILoadInfo::SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK,
|
||||
nsIContentPolicy::TYPE_OTHER);
|
||||
|
||||
nsresult rv = aCookieService->SetCookieStringFromHttp(uri1, uri2, nullptr, (char *)aCookieString, aServerTime, dummyChannel);
|
||||
EXPECT_TRUE(NS_SUCCEEDED(rv));
|
||||
}
|
||||
|
||||
void
|
||||
SetACookieNoHttp(nsICookieService *aCookieService, const char *aSpec, const char* aCookieString)
|
||||
{
|
||||
@ -773,17 +806,17 @@ TEST(TestCookie,TestCookieMain)
|
||||
|
||||
// Set cookies with various incantations of the samesite attribute:
|
||||
// No same site attribute present
|
||||
SetACookie(cookieService, "http://samesite.test", nullptr, "unset=yes", nullptr);
|
||||
SetASameSiteCookie(cookieService, "http://samesite.test", nullptr, "unset=yes", nullptr);
|
||||
// samesite attribute present but with no value
|
||||
SetACookie(cookieService, "http://samesite.test", nullptr, "unspecified=yes; samesite", nullptr);
|
||||
SetASameSiteCookie(cookieService, "http://samesite.test", nullptr, "unspecified=yes; samesite", nullptr);
|
||||
// samesite attribute present but with an empty value
|
||||
SetACookie(cookieService, "http://samesite.test", nullptr, "empty=yes; samesite=", nullptr);
|
||||
SetASameSiteCookie(cookieService, "http://samesite.test", nullptr, "empty=yes; samesite=", nullptr);
|
||||
// samesite attribute present but with an invalid value
|
||||
SetACookie(cookieService, "http://samesite.test", nullptr, "bogus=yes; samesite=bogus", nullptr);
|
||||
SetASameSiteCookie(cookieService, "http://samesite.test", nullptr, "bogus=yes; samesite=bogus", nullptr);
|
||||
// samesite=strict
|
||||
SetACookie(cookieService, "http://samesite.test", nullptr, "strict=yes; samesite=strict", nullptr);
|
||||
SetASameSiteCookie(cookieService, "http://samesite.test", nullptr, "strict=yes; samesite=strict", nullptr);
|
||||
// samesite=lax
|
||||
SetACookie(cookieService, "http://samesite.test", nullptr, "lax=yes; samesite=lax", nullptr);
|
||||
SetASameSiteCookie(cookieService, "http://samesite.test", nullptr, "lax=yes; samesite=lax", nullptr);
|
||||
|
||||
EXPECT_TRUE(NS_SUCCEEDED(cookieMgr->GetEnumerator(getter_AddRefs(enumerator))));
|
||||
i = 0;
|
||||
|
Loading…
Reference in New Issue
Block a user