From 96d918c2ddf8529967ff6987aee1ccb845466327 Mon Sep 17 00:00:00 2001 From: Michael Ratcliffe Date: Tue, 28 Nov 2017 14:29:09 +0000 Subject: [PATCH] Bug 1298370 - Add SameSite attribute to Cookie Inspector r=pbro MozReview-Commit-ID: C0n35vEaAdJ --HG-- extra : rebase_source : 217b8eb13374fec057bf626cac586f41d25e44bb --- .../client/locales/en-US/storage.properties | 1 + devtools/client/storage/test/browser.ini | 2 + .../test/browser_storage_cookies_samesite.js | 37 +++++++++++++++++++ .../test/storage-cookies-samesite.html | 17 +++++++++ devtools/server/actors/storage.js | 25 ++++++++++++- 5 files changed, 80 insertions(+), 2 deletions(-) create mode 100644 devtools/client/storage/test/browser_storage_cookies_samesite.js create mode 100644 devtools/client/storage/test/storage-cookies-samesite.html diff --git a/devtools/client/locales/en-US/storage.properties b/devtools/client/locales/en-US/storage.properties index e7c35a13d70b..46a41e9edf17 100644 --- a/devtools/client/locales/en-US/storage.properties +++ b/devtools/client/locales/en-US/storage.properties @@ -43,6 +43,7 @@ table.headers.cookies.expires=Expires on table.headers.cookies.value=Value table.headers.cookies.lastAccessed=Last accessed on table.headers.cookies.creationTime=Created on +table.headers.cookies.sameSite=sameSite table.headers.localStorage.name=Key table.headers.localStorage.value=Value diff --git a/devtools/client/storage/test/browser.ini b/devtools/client/storage/test/browser.ini index 761d261a1e29..5a0c11762237 100644 --- a/devtools/client/storage/test/browser.ini +++ b/devtools/client/storage/test/browser.ini @@ -5,6 +5,7 @@ support-files = storage-cache-error.html storage-complex-values.html storage-cookies.html + storage-cookies-samesite.html storage-empty-objectstores.html storage-idb-delete-blocked.html storage-indexeddb-duplicate-names.html @@ -36,6 +37,7 @@ tags = usercontextid [browser_storage_cookies_domain_port.js] [browser_storage_cookies_edit.js] [browser_storage_cookies_edit_keyboard.js] +[browser_storage_cookies_samesite.js] [browser_storage_cookies_tab_navigation.js] [browser_storage_delete.js] [browser_storage_delete_all.js] diff --git a/devtools/client/storage/test/browser_storage_cookies_samesite.js b/devtools/client/storage/test/browser_storage_cookies_samesite.js new file mode 100644 index 000000000000..c7a30d41457b --- /dev/null +++ b/devtools/client/storage/test/browser_storage_cookies_samesite.js @@ -0,0 +1,37 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +/* import-globals-from ../../framework/test/shared-head.js */ + +"use strict"; + +// Test that the samesite cookie attribute is displayed correctly. + +add_task(function* () { + yield openTabAndSetupStorage(MAIN_DOMAIN + "storage-cookies-samesite.html"); + + let id1 = getCookieId("test1", "test1.example.org", + "/browser/devtools/client/storage/test/"); + let id2 = getCookieId("test2", "test1.example.org", + "/browser/devtools/client/storage/test/"); + let id3 = getCookieId("test3", "test1.example.org", + "/browser/devtools/client/storage/test/"); + + yield checkState([ + [ + ["cookies", "http://test1.example.org"], + [ id1, id2, id3 ] + ] + ]); + + let sameSite1 = getRowValues(id1).sameSite; + let sameSite2 = getRowValues(id2).sameSite; + let sameSite3 = getRowValues(id3).sameSite; + + is(sameSite1, "Unset", `sameSite1 is "Unset"`); + is(sameSite2, "Lax", `sameSite2 is "Lax"`); + is(sameSite3, "Strict", `sameSite3 is "Strict"`); + + yield finishTests(); +}); diff --git a/devtools/client/storage/test/storage-cookies-samesite.html b/devtools/client/storage/test/storage-cookies-samesite.html new file mode 100644 index 000000000000..ca91e1fb59c3 --- /dev/null +++ b/devtools/client/storage/test/storage-cookies-samesite.html @@ -0,0 +1,17 @@ + + + + + Storage inspector cookie samesite test + + + + + diff --git a/devtools/server/actors/storage.js b/devtools/server/actors/storage.js index 89b866daf073..d4cadce106b8 100644 --- a/devtools/server/actors/storage.js +++ b/devtools/server/actors/storage.js @@ -20,6 +20,14 @@ const DEFAULT_VALUE = "value"; loader.lazyRequireGetter(this, "naturalSortCaseInsensitive", "devtools/client/shared/natural-sort", true); +// "Lax", "Strict" and "Unset" are special values of the sameSite property +// that should not be translated. +const COOKIE_SAMESITE = { + LAX: "Lax", + STRICT: "Strict", + UNSET: "Unset" +}; + // GUID to be used as a separator in compound keys. This must match the same // constant in devtools/client/storage/ui.js, // devtools/client/storage/test/head.js and @@ -540,10 +548,22 @@ StorageActors.createActor({ value: new LongStringActor(this.conn, cookie.value || ""), isDomain: cookie.isDomain, isSecure: cookie.isSecure, - isHttpOnly: cookie.isHttpOnly + isHttpOnly: cookie.isHttpOnly, + sameSite: this.getSameSiteStringFromCookie(cookie) }; }, + getSameSiteStringFromCookie(cookie) { + switch (cookie.sameSite) { + case cookie.SAMESITE_LAX: + return COOKIE_SAMESITE.LAX; + case cookie.SAMESITE_STRICT: + return COOKIE_SAMESITE.STRICT; + } + // cookie.SAMESITE_UNSET + return COOKIE_SAMESITE.UNSET; + }, + populateStoresForHost(host) { this.hostVsStores.set(host, new Map()); let doc = this.storageActor.document; @@ -653,7 +673,8 @@ StorageActors.createActor({ { name: "value", editable: true, hidden: false }, { name: "isDomain", editable: false, hidden: true }, { name: "isSecure", editable: true, hidden: true }, - { name: "isHttpOnly", editable: true, hidden: false } + { name: "isHttpOnly", editable: true, hidden: false }, + { name: "sameSite", editable: false, hidden: false } ]; }),