Merge pull request #8258 from deepak1556/net_header_patch

net: disallow cookies from cookie store
2017-01-05 16:47:44 -08:00 · 2017-01-05 16:47:44 -08:00 · e788b9f959
--- a/atom/browser/net/atom_url_request.cc
+++ b/atom/browser/net/atom_url_request.cc
@ -11,6 +11,7 @@
 #include "content/public/browser/browser_thread.h"
 #include "net/base/elements_upload_data_stream.h"
 #include "net/base/io_buffer.h"
+#include "net/base/load_flags.h"
 #include "net/base/upload_bytes_element_reader.h"

 namespace {
@ -113,6 +114,8 @@ void AtomURLRequest::DoInitialize(
    return;
  }
  request_->set_method(method);
+  // Do not send cookies from the cookie store.
+  DoSetLoadFlags(net::LOAD_DO_NOT_SEND_COOKIES);
 }

 void AtomURLRequest::DoTerminate() {
--- a/spec/api-net-spec.js
+++ b/spec/api-net-spec.js
@ -487,6 +487,55 @@ describe('net module', function () {
      urlRequest.end()
    })

+    it('should be able to set cookie header line', function (done) {
+      const requestUrl = '/requestUrl'
+      const cookieHeaderName = 'Cookie'
+      const cookieHeaderValue = 'test=12345'
+      const customSession = session.fromPartition('test-cookie-header')
+      server.on('request', function (request, response) {
+        switch (request.url) {
+          case requestUrl:
+            assert.equal(request.headers[cookieHeaderName.toLowerCase()],
+              cookieHeaderValue)
+            response.statusCode = 200
+            response.statusMessage = 'OK'
+            response.end()
+            break
+          default:
+            assert(false)
+        }
+      })
+      customSession.cookies.set({
+        url: `${server.url}`,
+        name: 'test',
+        value: '11111'
+      }, function (error) {
+        if (error) {
+          return done(error)
+        }
+        const urlRequest = net.request({
+          method: 'GET',
+          url: `${server.url}${requestUrl}`,
+          session: customSession
+        })
+        urlRequest.on('response', function (response) {
+          const statusCode = response.statusCode
+          assert.equal(statusCode, 200)
+          response.pause()
+          response.on('data', function (chunk) {
+          })
+          response.on('end', function () {
+            done()
+          })
+          response.resume()
+        })
+        urlRequest.setHeader(cookieHeaderName, cookieHeaderValue)
+        assert.equal(urlRequest.getHeader(cookieHeaderName),
+          cookieHeaderValue)
+        urlRequest.end()
+      })
+    })
+
    it('should be able to abort an HTTP request before first write', function (done) {
      const requestUrl = '/requestUrl'
      server.on('request', function (request, response) {