Bug 1556151 - SessionStore: Save and restore cookie.sameSite flag r=mikedeboer

Differential Revision: https://phabricator.services.mozilla.com/D38792

--HG--
extra : moz-landing-system : lando

browser/components/sessionstore/SessionCookies.jsm

@@ -79,7 +79,7 @@ var SessionCookiesInternal = {
             /* isSession = */ true,
             expiry,
             cookie.originAttributes || {},
-            Ci.nsICookie.SAMESITE_NONE
+            cookie.sameSite || Ci.nsICookie.SAMESITE_NONE
           );
         } catch (ex) {
           Cu.reportError(
@@ -243,6 +243,10 @@ var CookieStore = {
       jscookie.originAttributes = cookie.originAttributes;
     }
 
+    if (cookie.sameSite) {
+      jscookie.sameSite = cookie.sameSite;
+    }
+
     this._entries.set(this._getKeyForCookie(cookie), jscookie);
   },
 

browser/components/sessionstore/test/browser.ini

@@ -298,3 +298,4 @@ skip-if = !crashreporter || !e10s # Tabs can't crash without e10s
 [browser_1446343-windowsize.js]
 [browser_restore_reversed_z_order.js]
 skip-if = true #Bug 1455602
+[browser_cookies_sameSite.js]

browser/components/sessionstore/test/browser_cookies_sameSite.js

@@ -0,0 +1,75 @@
+"use strict";
+
+const TEST_URL = "http://example.com";
+const MAX_EXPIRY = Math.pow(2, 62);
+
+function getSingleCookie() {
+  let cookies = Array.from(Services.cookies.enumerator);
+  Assert.equal(cookies.length, 1, "expected one cookie");
+  return cookies[0];
+}
+
+async function verifyRestore(sameSiteSetting) {
+  Services.cookies.removeAll();
+
+  // Make sure that sessionstore.js can be forced to be created by setting
+  // the interval pref to 0.
+  await SpecialPowers.pushPrefEnv({
+    set: [["browser.sessionstore.interval", 0]],
+  });
+
+  let tab = BrowserTestUtils.addTab(gBrowser, TEST_URL);
+  await BrowserTestUtils.browserLoaded(tab.linkedBrowser);
+
+  // Add a cookie with specific same-site setting.
+  let r = Math.floor(Math.random() * MAX_EXPIRY);
+  Services.cookies.add(
+    TEST_URL,
+    "/",
+    "name" + r,
+    "value" + r,
+    false,
+    false,
+    true,
+    MAX_EXPIRY,
+    {},
+    sameSiteSetting
+  );
+  await TabStateFlusher.flush(tab.linkedBrowser);
+
+  // Get the sessionstore state for the window.
+  let state = ss.getBrowserState();
+
+  // Verify our cookie got set.
+  let cookie = getSingleCookie();
+
+  // Remove the cookie.
+  Services.cookies.removeAll();
+
+  // Restore the window state.
+  await setBrowserState(state);
+
+  // At this point, the cookie should be restored.
+  let cookie2 = getSingleCookie();
+
+  is(
+    cookie2.sameSite,
+    cookie.sameSite,
+    "cookie same-site flag successfully restored"
+  );
+
+  // Clean up.
+  Services.cookies.removeAll();
+  BrowserTestUtils.removeTab(gBrowser.tabs[1]);
+}
+
+/**
+ * Tests that cookie.sameSite flag is stored and restored correctly by
+ * sessionstore.
+ */
+add_task(async function() {
+  // Test for various possible values of cookie.sameSite.
+  await verifyRestore(Ci.nsICookie.SAMESITE_NONE);
+  await verifyRestore(Ci.nsICookie.SAMESITE_LAX);
+  await verifyRestore(Ci.nsICookie.SAMESITE_STRICT);
+});