From 11aed139b7be25f7e90898292469fe009fd10b65 Mon Sep 17 00:00:00 2001
From: Andrea Marchesini <amarchesini@mozilla.com>
Date: Fri, 3 Jul 2020 14:12:13 +0000
Subject: [PATCH] Bug 1649802 - Expose cookie sameSite=lax-by-default as
 experimental feature,
 r=jaws,fluent-reviewers,mconca,preferences-reviewers,Gijs

Differential Revision: https://phabricator.services.mozilla.com/D81878
---
 ...subdialogs_within_preferences_site_data.js |  6 +++++-
 toolkit/components/featuregates/Features.toml | 20 +++++++++++++++++++
 .../en-US/toolkit/featuregates/features.ftl   | 12 +++++++++++
 .../tests/browser/browser_Troubleshoot.js     | 12 +++++++++++
 4 files changed, 49 insertions(+), 1 deletion(-)

diff --git a/browser/components/preferences/tests/browser_search_subdialogs_within_preferences_site_data.js b/browser/components/preferences/tests/browser_search_subdialogs_within_preferences_site_data.js
index ef9ff9abe447..7622c584a329 100644
--- a/browser/components/preferences/tests/browser_search_subdialogs_within_preferences_site_data.js
+++ b/browser/components/preferences/tests/browser_search_subdialogs_within_preferences_site_data.js
@@ -16,7 +16,11 @@ add_task(async function() {
   await openPreferencesViaOpenPreferencesAPI("paneGeneral", {
     leaveOpen: true,
   });
-  await evaluateSearchResults("cookies", ["siteDataGroup", "trackingGroup"]);
+  await evaluateSearchResults("cookies", [
+    "siteDataGroup",
+    "trackingGroup",
+    "pane-experimental-featureGates",
+  ]);
   BrowserTestUtils.removeTab(gBrowser.selectedTab);
 });
 
diff --git a/toolkit/components/featuregates/Features.toml b/toolkit/components/featuregates/Features.toml
index 3b34ccecf51a..5b9e0076dc41 100644
--- a/toolkit/components/featuregates/Features.toml
+++ b/toolkit/components/featuregates/Features.toml
@@ -28,3 +28,23 @@ type = "boolean"
 bug-numbers = [1443863]
 is-public = {default = false, nightly = true}
 default-value = false
+
+[cookie-samesite-lax-by-default]
+title = "experimental-features-cookie-samesite-lax-by-default"
+description = "experimental-features-cookie-samesite-lax-by-default-description"
+restart-required = false
+preference = "network.cookie.sameSite.laxByDefault"
+type = "boolean"
+bug-numbers = [1618610]
+default-value = {default = false, nightly = true}
+is-public = true
+
+[cookie-samesite-none-requires-secure]
+title = "experimental-features-cookie-samesite-none-requires-secure"
+description = "experimental-features-cookie-samesite-none-requires-secure-description"
+restart-required = false
+preference = "network.cookie.sameSite.noneRequiresSecure"
+type = "boolean"
+bug-numbers = [1618610]
+is-public = true
+default-value = {default = false, nightly = true}
diff --git a/toolkit/locales/en-US/toolkit/featuregates/features.ftl b/toolkit/locales/en-US/toolkit/featuregates/features.ftl
index 9aa9a8ac130a..afcd03044801 100644
--- a/toolkit/locales/en-US/toolkit/featuregates/features.ftl
+++ b/toolkit/locales/en-US/toolkit/featuregates/features.ftl
@@ -19,3 +19,15 @@ experimental-features-web-gpu-description = Experimental API for graphics and co
 experimental-features-avif =
     .label = AVIF
 experimental-features-avif-description = Experimental support for AVIF: AV1 Image File Format
+
+# The title of the experiment should be kept in English as it may be referenced
+# by various online articles and is technical in nature.
+experimental-features-cookie-samesite-lax-by-default =
+    .label = Cookies: SameSite=lax by default
+experimental-features-cookie-samesite-lax-by-default-description = Treat cookies as “sameSite=lax” by default if no “sameSite” attribute is specified. Developers must opt-in to the current status quo of unrestricted use by explicitly asserting “sameSite=none”.
+
+# The title of the experiment should be kept in English as it may be referenced
+# by various online articles and is technical in nature.
+experimental-features-cookie-samesite-none-requires-secure =
+    .label = Cookies: SameSite=none requires secure attribute
+experimental-features-cookie-samesite-none-requires-secure-description = Cookies with “sameSite=none” attribute require the secure attribute. This feature requires “Cookies: SameSite=lax by default”.
diff --git a/toolkit/modules/tests/browser/browser_Troubleshoot.js b/toolkit/modules/tests/browser/browser_Troubleshoot.js
index d1e8e3057247..6603fdc02b16 100644
--- a/toolkit/modules/tests/browser/browser_Troubleshoot.js
+++ b/toolkit/modules/tests/browser/browser_Troubleshoot.js
@@ -36,6 +36,18 @@ registerCleanupFunction(function() {
 });
 
 var tests = [
+  function setup(done) {
+    SpecialPowers.pushPrefEnv(
+      {
+        set: [
+          ["network.cookie.sameSite.laxByDefault", false],
+          ["network.cookie.sameSite.noneRequiresSecure", false],
+        ],
+      },
+      done
+    );
+  },
+
   function snapshotSchema(done) {
     Troubleshoot.snapshot(function(snapshot) {
       try {