|
|
|
|
@ -63,38 +63,35 @@ void SetTime(PRTime offsetTime, nsAutoCString& serverString,
|
|
|
|
|
cookieString.Append(timeStringPreset);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void SetACookie(nsICookieService* aCookieService, const char* aSpec1,
|
|
|
|
|
const char* aSpec2, const char* aCookieString) {
|
|
|
|
|
nsCOMPtr<nsIURI> uri1, uri2;
|
|
|
|
|
NS_NewURI(getter_AddRefs(uri1), aSpec1);
|
|
|
|
|
if (aSpec2) NS_NewURI(getter_AddRefs(uri2), aSpec2);
|
|
|
|
|
void SetACookie(nsICookieService* aCookieService, const char* aSpec,
|
|
|
|
|
const char* aCookieString) {
|
|
|
|
|
nsCOMPtr<nsIURI> uri;
|
|
|
|
|
NS_NewURI(getter_AddRefs(uri), aSpec);
|
|
|
|
|
|
|
|
|
|
nsresult rv = aCookieService->SetCookieStringFromHttp(
|
|
|
|
|
uri1, uri2, nsDependentCString(aCookieString), nullptr);
|
|
|
|
|
uri, nsDependentCString(aCookieString), nullptr);
|
|
|
|
|
EXPECT_TRUE(NS_SUCCEEDED(rv));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Custom Cookie Generator specifically for the needs of same-site cookies!
|
|
|
|
|
// Hands off unless you know exactly what you are doing!
|
|
|
|
|
void SetASameSiteCookie(nsICookieService* aCookieService, const char* aSpec1,
|
|
|
|
|
const char* aSpec2, const char* aCookieString,
|
|
|
|
|
const char* aServerTime, bool aAllowed) {
|
|
|
|
|
nsCOMPtr<nsIURI> uri1, uri2;
|
|
|
|
|
NS_NewURI(getter_AddRefs(uri1), aSpec1);
|
|
|
|
|
if (aSpec2) NS_NewURI(getter_AddRefs(uri2), aSpec2);
|
|
|
|
|
void SetASameSiteCookie(nsICookieService* aCookieService, const char* aSpec,
|
|
|
|
|
const char* aCookieString, bool aAllowed) {
|
|
|
|
|
nsCOMPtr<nsIURI> uri;
|
|
|
|
|
NS_NewURI(getter_AddRefs(uri), aSpec);
|
|
|
|
|
|
|
|
|
|
// We create a dummy channel using the aSpec1 to simulate same-siteness
|
|
|
|
|
// We create a dummy channel using the aSpec to simulate same-siteness
|
|
|
|
|
nsresult rv0;
|
|
|
|
|
nsCOMPtr<nsIScriptSecurityManager> ssm =
|
|
|
|
|
do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv0);
|
|
|
|
|
ASSERT_TRUE(NS_SUCCEEDED(rv0));
|
|
|
|
|
nsCOMPtr<nsIPrincipal> spec1Principal;
|
|
|
|
|
nsCString tmpString(aSpec1);
|
|
|
|
|
nsCOMPtr<nsIPrincipal> specPrincipal;
|
|
|
|
|
nsCString tmpString(aSpec);
|
|
|
|
|
ssm->CreateContentPrincipalFromOrigin(tmpString,
|
|
|
|
|
getter_AddRefs(spec1Principal));
|
|
|
|
|
getter_AddRefs(specPrincipal));
|
|
|
|
|
|
|
|
|
|
nsCOMPtr<nsIChannel> dummyChannel;
|
|
|
|
|
NS_NewChannel(getter_AddRefs(dummyChannel), uri1, spec1Principal,
|
|
|
|
|
NS_NewChannel(getter_AddRefs(dummyChannel), uri, specPrincipal,
|
|
|
|
|
nsILoadInfo::SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK,
|
|
|
|
|
nsIContentPolicy::TYPE_OTHER);
|
|
|
|
|
|
|
|
|
|
@ -107,7 +104,7 @@ void SetASameSiteCookie(nsICookieService* aCookieService, const char* aSpec1,
|
|
|
|
|
loadInfo->SetCookieJarSettings(cookieJarSettings);
|
|
|
|
|
|
|
|
|
|
nsresult rv = aCookieService->SetCookieStringFromHttp(
|
|
|
|
|
uri1, uri2, nsDependentCString(aCookieString), dummyChannel);
|
|
|
|
|
uri, nsDependentCString(aCookieString), dummyChannel);
|
|
|
|
|
EXPECT_TRUE(NS_SUCCEEDED(rv));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@ -232,7 +229,7 @@ TEST(TestCookie, TestCookieMain)
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
// test some basic variations of the domain & path
|
|
|
|
|
SetACookie(cookieService, "http://www.basic.com", nullptr, "test=basic");
|
|
|
|
|
SetACookie(cookieService, "http://www.basic.com", "test=basic");
|
|
|
|
|
GetACookie(cookieService, "http://www.basic.com", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=basic"));
|
|
|
|
|
GetACookie(cookieService, "http://www.basic.com/testPath/testfile.txt",
|
|
|
|
|
@ -247,8 +244,7 @@ TEST(TestCookie, TestCookieMain)
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL));
|
|
|
|
|
GetACookie(cookieService, "http://www.basic2.com/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL));
|
|
|
|
|
SetACookie(cookieService, "http://www.basic.com", nullptr,
|
|
|
|
|
"test=basic; max-age=-1");
|
|
|
|
|
SetACookie(cookieService, "http://www.basic.com", "test=basic; max-age=-1");
|
|
|
|
|
GetACookie(cookieService, "http://www.basic.com/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL));
|
|
|
|
|
|
|
|
|
|
@ -256,7 +252,7 @@ TEST(TestCookie, TestCookieMain)
|
|
|
|
|
|
|
|
|
|
// test some variations of the domain & path, for different domains of
|
|
|
|
|
// a domain cookie
|
|
|
|
|
SetACookie(cookieService, "http://www.domain.com", nullptr,
|
|
|
|
|
SetACookie(cookieService, "http://www.domain.com",
|
|
|
|
|
"test=domain; domain=domain.com");
|
|
|
|
|
GetACookie(cookieService, "http://domain.com", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=domain"));
|
|
|
|
|
@ -266,12 +262,12 @@ TEST(TestCookie, TestCookieMain)
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=domain"));
|
|
|
|
|
GetACookie(cookieService, "http://foo.domain.com", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=domain"));
|
|
|
|
|
SetACookie(cookieService, "http://www.domain.com", nullptr,
|
|
|
|
|
SetACookie(cookieService, "http://www.domain.com",
|
|
|
|
|
"test=domain; domain=domain.com; max-age=-1");
|
|
|
|
|
GetACookie(cookieService, "http://domain.com", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL));
|
|
|
|
|
|
|
|
|
|
SetACookie(cookieService, "http://www.domain.com", nullptr,
|
|
|
|
|
SetACookie(cookieService, "http://www.domain.com",
|
|
|
|
|
"test=domain; domain=.domain.com");
|
|
|
|
|
GetACookie(cookieService, "http://domain.com", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=domain"));
|
|
|
|
|
@ -279,41 +275,41 @@ TEST(TestCookie, TestCookieMain)
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=domain"));
|
|
|
|
|
GetACookie(cookieService, "http://bah.domain.com", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=domain"));
|
|
|
|
|
SetACookie(cookieService, "http://www.domain.com", nullptr,
|
|
|
|
|
SetACookie(cookieService, "http://www.domain.com",
|
|
|
|
|
"test=domain; domain=.domain.com; max-age=-1");
|
|
|
|
|
GetACookie(cookieService, "http://domain.com", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL));
|
|
|
|
|
|
|
|
|
|
SetACookie(cookieService, "http://www.domain.com", nullptr,
|
|
|
|
|
SetACookie(cookieService, "http://www.domain.com",
|
|
|
|
|
"test=domain; domain=.foo.domain.com");
|
|
|
|
|
GetACookie(cookieService, "http://foo.domain.com", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL));
|
|
|
|
|
|
|
|
|
|
SetACookie(cookieService, "http://www.domain.com", nullptr,
|
|
|
|
|
SetACookie(cookieService, "http://www.domain.com",
|
|
|
|
|
"test=domain; domain=moose.com");
|
|
|
|
|
GetACookie(cookieService, "http://foo.domain.com", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL));
|
|
|
|
|
|
|
|
|
|
SetACookie(cookieService, "http://www.domain.com", nullptr,
|
|
|
|
|
SetACookie(cookieService, "http://www.domain.com",
|
|
|
|
|
"test=domain; domain=domain.com.");
|
|
|
|
|
GetACookie(cookieService, "http://foo.domain.com", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL));
|
|
|
|
|
|
|
|
|
|
SetACookie(cookieService, "http://www.domain.com", nullptr,
|
|
|
|
|
SetACookie(cookieService, "http://www.domain.com",
|
|
|
|
|
"test=domain; domain=..domain.com");
|
|
|
|
|
GetACookie(cookieService, "http://foo.domain.com", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL));
|
|
|
|
|
|
|
|
|
|
SetACookie(cookieService, "http://www.domain.com", nullptr,
|
|
|
|
|
SetACookie(cookieService, "http://www.domain.com",
|
|
|
|
|
"test=domain; domain=..domain.com.");
|
|
|
|
|
GetACookie(cookieService, "http://foo.domain.com", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL));
|
|
|
|
|
|
|
|
|
|
SetACookie(cookieService, "http://path.net/path/file", nullptr,
|
|
|
|
|
SetACookie(cookieService, "http://path.net/path/file",
|
|
|
|
|
R"(test=taco; path="/bogus")");
|
|
|
|
|
GetACookie(cookieService, "http://path.net/path/file", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=taco"));
|
|
|
|
|
SetACookie(cookieService, "http://path.net/path/file", nullptr,
|
|
|
|
|
SetACookie(cookieService, "http://path.net/path/file",
|
|
|
|
|
"test=taco; max-age=-1");
|
|
|
|
|
GetACookie(cookieService, "http://path.net/path/file", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL));
|
|
|
|
|
@ -322,7 +318,7 @@ TEST(TestCookie, TestCookieMain)
|
|
|
|
|
|
|
|
|
|
// test some variations of the domain & path, for different paths of
|
|
|
|
|
// a path cookie
|
|
|
|
|
SetACookie(cookieService, "http://path.net/path/file", nullptr,
|
|
|
|
|
SetACookie(cookieService, "http://path.net/path/file",
|
|
|
|
|
"test=path; path=/path");
|
|
|
|
|
GetACookie(cookieService, "http://path.net/path", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=path"));
|
|
|
|
|
@ -336,18 +332,18 @@ TEST(TestCookie, TestCookieMain)
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL));
|
|
|
|
|
GetACookie(cookieService, "http://path.net/path2/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL));
|
|
|
|
|
SetACookie(cookieService, "http://path.net/path/file", nullptr,
|
|
|
|
|
SetACookie(cookieService, "http://path.net/path/file",
|
|
|
|
|
"test=path; path=/path; max-age=-1");
|
|
|
|
|
GetACookie(cookieService, "http://path.net/path/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL));
|
|
|
|
|
|
|
|
|
|
SetACookie(cookieService, "http://path.net/path/file", nullptr,
|
|
|
|
|
SetACookie(cookieService, "http://path.net/path/file",
|
|
|
|
|
"test=path; path=/path/");
|
|
|
|
|
GetACookie(cookieService, "http://path.net/path", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL));
|
|
|
|
|
GetACookie(cookieService, "http://path.net/path/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=path"));
|
|
|
|
|
SetACookie(cookieService, "http://path.net/path/file", nullptr,
|
|
|
|
|
SetACookie(cookieService, "http://path.net/path/file",
|
|
|
|
|
"test=path; path=/path/; max-age=-1");
|
|
|
|
|
GetACookie(cookieService, "http://path.net/path/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL));
|
|
|
|
|
@ -355,13 +351,13 @@ TEST(TestCookie, TestCookieMain)
|
|
|
|
|
// note that a site can set a cookie for a path it's not on.
|
|
|
|
|
// this is an intentional deviation from spec (see comments in
|
|
|
|
|
// CookieService::CheckPath()), so we test this functionality too
|
|
|
|
|
SetACookie(cookieService, "http://path.net/path/file", nullptr,
|
|
|
|
|
SetACookie(cookieService, "http://path.net/path/file",
|
|
|
|
|
"test=path; path=/foo/");
|
|
|
|
|
GetACookie(cookieService, "http://path.net/path", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL));
|
|
|
|
|
GetACookie(cookieService, "http://path.net/foo", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL));
|
|
|
|
|
SetACookie(cookieService, "http://path.net/path/file", nullptr,
|
|
|
|
|
SetACookie(cookieService, "http://path.net/path/file",
|
|
|
|
|
"test=path; path=/foo/; max-age=-1");
|
|
|
|
|
GetACookie(cookieService, "http://path.net/foo/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL));
|
|
|
|
|
@ -371,7 +367,7 @@ TEST(TestCookie, TestCookieMain)
|
|
|
|
|
// the following cookie has a path > 1024 bytes explicitly specified in the
|
|
|
|
|
// cookie
|
|
|
|
|
SetACookie(
|
|
|
|
|
cookieService, "http://path.net/", nullptr,
|
|
|
|
|
cookieService, "http://path.net/",
|
|
|
|
|
"test=path; "
|
|
|
|
|
"path=/"
|
|
|
|
|
"123456789012345678901234567890123456789012345678901234567890123456789012"
|
|
|
|
|
@ -429,7 +425,7 @@ TEST(TestCookie, TestCookieMain)
|
|
|
|
|
"567890123456789012345678901234567890123456789012345678901234567890123456"
|
|
|
|
|
"789012345678901234567890123456789012345678901234567890123456789012345678"
|
|
|
|
|
"9012345678901234567890/",
|
|
|
|
|
nullptr, "test=path");
|
|
|
|
|
"test=path");
|
|
|
|
|
GetACookie(
|
|
|
|
|
cookieService,
|
|
|
|
|
"http://path.net/"
|
|
|
|
|
@ -451,20 +447,18 @@ TEST(TestCookie, TestCookieMain)
|
|
|
|
|
cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL));
|
|
|
|
|
// the following cookie includes a tab in the path
|
|
|
|
|
SetACookie(cookieService, "http://path.net/", nullptr,
|
|
|
|
|
"test=path; path=/foo\tbar/");
|
|
|
|
|
SetACookie(cookieService, "http://path.net/", "test=path; path=/foo\tbar/");
|
|
|
|
|
GetACookie(cookieService, "http://path.net/foo\tbar/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL));
|
|
|
|
|
// the following cookie includes a tab in the name
|
|
|
|
|
SetACookie(cookieService, "http://path.net/", nullptr, "test\ttabs=tab");
|
|
|
|
|
SetACookie(cookieService, "http://path.net/", "test\ttabs=tab");
|
|
|
|
|
GetACookie(cookieService, "http://path.net/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL));
|
|
|
|
|
// the following cookie includes a tab in the value - allowed
|
|
|
|
|
SetACookie(cookieService, "http://path.net/", nullptr, "test=tab\ttest");
|
|
|
|
|
SetACookie(cookieService, "http://path.net/", "test=tab\ttest");
|
|
|
|
|
GetACookie(cookieService, "http://path.net/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=tab\ttest"));
|
|
|
|
|
SetACookie(cookieService, "http://path.net/", nullptr,
|
|
|
|
|
"test=tab\ttest; max-age=-1");
|
|
|
|
|
SetACookie(cookieService, "http://path.net/", "test=tab\ttest; max-age=-1");
|
|
|
|
|
GetACookie(cookieService, "http://path.net/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL));
|
|
|
|
|
|
|
|
|
|
@ -473,68 +467,61 @@ TEST(TestCookie, TestCookieMain)
|
|
|
|
|
|
|
|
|
|
// test some variations of the expiry time,
|
|
|
|
|
// and test deletion of previously set cookies
|
|
|
|
|
SetACookie(cookieService, "http://expireme.org/", nullptr,
|
|
|
|
|
"test=expiry; max-age=-1");
|
|
|
|
|
SetACookie(cookieService, "http://expireme.org/", "test=expiry; max-age=-1");
|
|
|
|
|
GetACookie(cookieService, "http://expireme.org/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL));
|
|
|
|
|
SetACookie(cookieService, "http://expireme.org/", nullptr,
|
|
|
|
|
"test=expiry; max-age=0");
|
|
|
|
|
SetACookie(cookieService, "http://expireme.org/", "test=expiry; max-age=0");
|
|
|
|
|
GetACookie(cookieService, "http://expireme.org/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL));
|
|
|
|
|
SetACookie(cookieService, "http://expireme.org/", nullptr,
|
|
|
|
|
"test=expiry; expires=bad");
|
|
|
|
|
SetACookie(cookieService, "http://expireme.org/", "test=expiry; expires=bad");
|
|
|
|
|
GetACookie(cookieService, "http://expireme.org/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=expiry"));
|
|
|
|
|
SetACookie(cookieService, "http://expireme.org/", nullptr,
|
|
|
|
|
SetACookie(cookieService, "http://expireme.org/",
|
|
|
|
|
"test=expiry; expires=Thu, 10 Apr 1980 16:33:12 GMT");
|
|
|
|
|
GetACookie(cookieService, "http://expireme.org/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL));
|
|
|
|
|
SetACookie(cookieService, "http://expireme.org/", nullptr,
|
|
|
|
|
SetACookie(cookieService, "http://expireme.org/",
|
|
|
|
|
R"(test=expiry; expires="Thu, 10 Apr 1980 16:33:12 GMT)");
|
|
|
|
|
GetACookie(cookieService, "http://expireme.org/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL));
|
|
|
|
|
SetACookie(cookieService, "http://expireme.org/", nullptr,
|
|
|
|
|
SetACookie(cookieService, "http://expireme.org/",
|
|
|
|
|
R"(test=expiry; expires="Thu, 10 Apr 1980 16:33:12 GMT")");
|
|
|
|
|
GetACookie(cookieService, "http://expireme.org/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL));
|
|
|
|
|
|
|
|
|
|
SetACookie(cookieService, "http://expireme.org/", nullptr,
|
|
|
|
|
"test=expiry; max-age=60");
|
|
|
|
|
SetACookie(cookieService, "http://expireme.org/", "test=expiry; max-age=60");
|
|
|
|
|
GetACookie(cookieService, "http://expireme.org/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=expiry"));
|
|
|
|
|
SetACookie(cookieService, "http://expireme.org/", nullptr,
|
|
|
|
|
"test=expiry; max-age=-20");
|
|
|
|
|
SetACookie(cookieService, "http://expireme.org/", "test=expiry; max-age=-20");
|
|
|
|
|
GetACookie(cookieService, "http://expireme.org/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL));
|
|
|
|
|
SetACookie(cookieService, "http://expireme.org/", nullptr,
|
|
|
|
|
"test=expiry; max-age=60");
|
|
|
|
|
SetACookie(cookieService, "http://expireme.org/", "test=expiry; max-age=60");
|
|
|
|
|
GetACookie(cookieService, "http://expireme.org/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=expiry"));
|
|
|
|
|
SetACookie(cookieService, "http://expireme.org/", nullptr,
|
|
|
|
|
SetACookie(cookieService, "http://expireme.org/",
|
|
|
|
|
"test=expiry; expires=Thu, 10 Apr 1980 16:33:12 GMT");
|
|
|
|
|
GetACookie(cookieService, "http://expireme.org/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL));
|
|
|
|
|
SetACookie(cookieService, "http://expireme.org/", nullptr,
|
|
|
|
|
"test=expiry; max-age=60");
|
|
|
|
|
SetACookie(cookieService, "http://expireme.org/", nullptr,
|
|
|
|
|
SetACookie(cookieService, "http://expireme.org/", "test=expiry; max-age=60");
|
|
|
|
|
SetACookie(cookieService, "http://expireme.org/",
|
|
|
|
|
"newtest=expiry; max-age=60");
|
|
|
|
|
GetACookie(cookieService, "http://expireme.org/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_CONTAIN, "test=expiry"));
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_CONTAIN, "newtest=expiry"));
|
|
|
|
|
SetACookie(cookieService, "http://expireme.org/", nullptr,
|
|
|
|
|
SetACookie(cookieService, "http://expireme.org/",
|
|
|
|
|
"test=differentvalue; max-age=0");
|
|
|
|
|
GetACookie(cookieService, "http://expireme.org/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "newtest=expiry"));
|
|
|
|
|
SetACookie(cookieService, "http://expireme.org/", nullptr,
|
|
|
|
|
SetACookie(cookieService, "http://expireme.org/",
|
|
|
|
|
"newtest=evendifferentvalue; max-age=0");
|
|
|
|
|
GetACookie(cookieService, "http://expireme.org/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL));
|
|
|
|
|
|
|
|
|
|
SetACookie(cookieService, "http://foo.expireme.org/", nullptr,
|
|
|
|
|
SetACookie(cookieService, "http://foo.expireme.org/",
|
|
|
|
|
"test=expiry; domain=.expireme.org; max-age=60");
|
|
|
|
|
GetACookie(cookieService, "http://expireme.org/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=expiry"));
|
|
|
|
|
SetACookie(cookieService, "http://bar.expireme.org/", nullptr,
|
|
|
|
|
SetACookie(cookieService, "http://bar.expireme.org/",
|
|
|
|
|
"test=differentvalue; domain=.expireme.org; max-age=0");
|
|
|
|
|
GetACookie(cookieService, "http://expireme.org/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL));
|
|
|
|
|
@ -546,7 +533,7 @@ TEST(TestCookie, TestCookieMain)
|
|
|
|
|
|
|
|
|
|
// test the setting of multiple cookies, and test the order of precedence
|
|
|
|
|
// (a later cookie overwriting an earlier one, in the same header string)
|
|
|
|
|
SetACookie(cookieService, "http://multiple.cookies/", nullptr,
|
|
|
|
|
SetACookie(cookieService, "http://multiple.cookies/",
|
|
|
|
|
"test=multiple; domain=.multiple.cookies \n test=different \n "
|
|
|
|
|
"test=same; domain=.multiple.cookies \n newtest=ciao \n "
|
|
|
|
|
"newtest=foo; max-age=-6 \n newtest=reincarnated");
|
|
|
|
|
@ -557,15 +544,15 @@ TEST(TestCookie, TestCookieMain)
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_NOT_CONTAIN, "newtest=ciao"));
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_NOT_CONTAIN, "newtest=foo"));
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_CONTAIN, "newtest=reincarnated"));
|
|
|
|
|
SetACookie(cookieService, "http://multiple.cookies/", nullptr,
|
|
|
|
|
SetACookie(cookieService, "http://multiple.cookies/",
|
|
|
|
|
"test=expiry; domain=.multiple.cookies; max-age=0");
|
|
|
|
|
GetACookie(cookieService, "http://multiple.cookies/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_NOT_CONTAIN, "test=same"));
|
|
|
|
|
SetACookie(cookieService, "http://multiple.cookies/", nullptr,
|
|
|
|
|
SetACookie(cookieService, "http://multiple.cookies/",
|
|
|
|
|
"\n test=different; max-age=0 \n");
|
|
|
|
|
GetACookie(cookieService, "http://multiple.cookies/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_NOT_CONTAIN, "test=different"));
|
|
|
|
|
SetACookie(cookieService, "http://multiple.cookies/", nullptr,
|
|
|
|
|
SetACookie(cookieService, "http://multiple.cookies/",
|
|
|
|
|
"newtest=dead; max-age=0");
|
|
|
|
|
GetACookie(cookieService, "http://multiple.cookies/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL));
|
|
|
|
|
@ -573,22 +560,22 @@ TEST(TestCookie, TestCookieMain)
|
|
|
|
|
// *** parser tests
|
|
|
|
|
|
|
|
|
|
// test the cookie header parser, under various circumstances.
|
|
|
|
|
SetACookie(cookieService, "http://parser.test/", nullptr,
|
|
|
|
|
SetACookie(cookieService, "http://parser.test/",
|
|
|
|
|
"test=parser; domain=.parser.test; ;; ;=; ,,, ===,abc,=; "
|
|
|
|
|
"abracadabra! max-age=20;=;;");
|
|
|
|
|
GetACookie(cookieService, "http://parser.test/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=parser"));
|
|
|
|
|
SetACookie(cookieService, "http://parser.test/", nullptr,
|
|
|
|
|
SetACookie(cookieService, "http://parser.test/",
|
|
|
|
|
"test=parser; domain=.parser.test; max-age=0");
|
|
|
|
|
GetACookie(cookieService, "http://parser.test/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL));
|
|
|
|
|
SetACookie(cookieService, "http://parser.test/", nullptr,
|
|
|
|
|
SetACookie(cookieService, "http://parser.test/",
|
|
|
|
|
"test=\"fubar! = foo;bar\\\";\" parser; domain=.parser.test; "
|
|
|
|
|
"max-age=6\nfive; max-age=2.63,");
|
|
|
|
|
GetACookie(cookieService, "http://parser.test/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_CONTAIN, R"(test="fubar! = foo)"));
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_CONTAIN, "five"));
|
|
|
|
|
SetACookie(cookieService, "http://parser.test/", nullptr,
|
|
|
|
|
SetACookie(cookieService, "http://parser.test/",
|
|
|
|
|
"test=kill; domain=.parser.test; max-age=0 \n five; max-age=0");
|
|
|
|
|
GetACookie(cookieService, "http://parser.test/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL));
|
|
|
|
|
@ -596,16 +583,16 @@ TEST(TestCookie, TestCookieMain)
|
|
|
|
|
// test the handling of VALUE-only cookies (see bug 169091),
|
|
|
|
|
// i.e. "six" should assume an empty NAME, which allows other VALUE-only
|
|
|
|
|
// cookies to overwrite it
|
|
|
|
|
SetACookie(cookieService, "http://parser.test/", nullptr, "six");
|
|
|
|
|
SetACookie(cookieService, "http://parser.test/", "six");
|
|
|
|
|
GetACookie(cookieService, "http://parser.test/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "six"));
|
|
|
|
|
SetACookie(cookieService, "http://parser.test/", nullptr, "seven");
|
|
|
|
|
SetACookie(cookieService, "http://parser.test/", "seven");
|
|
|
|
|
GetACookie(cookieService, "http://parser.test/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "seven"));
|
|
|
|
|
SetACookie(cookieService, "http://parser.test/", nullptr, " =eight");
|
|
|
|
|
SetACookie(cookieService, "http://parser.test/", " =eight");
|
|
|
|
|
GetACookie(cookieService, "http://parser.test/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "eight"));
|
|
|
|
|
SetACookie(cookieService, "http://parser.test/", nullptr, "test=six");
|
|
|
|
|
SetACookie(cookieService, "http://parser.test/", "test=six");
|
|
|
|
|
GetACookie(cookieService, "http://parser.test/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_CONTAIN, "test=six"));
|
|
|
|
|
|
|
|
|
|
@ -613,18 +600,17 @@ TEST(TestCookie, TestCookieMain)
|
|
|
|
|
|
|
|
|
|
// test that cookies are returned in path order - longest to shortest.
|
|
|
|
|
// if the header doesn't specify a path, it's taken from the host URI.
|
|
|
|
|
SetACookie(cookieService, "http://multi.path.tests/", nullptr,
|
|
|
|
|
SetACookie(cookieService, "http://multi.path.tests/",
|
|
|
|
|
"test1=path; path=/one/two/three");
|
|
|
|
|
SetACookie(cookieService, "http://multi.path.tests/", nullptr,
|
|
|
|
|
SetACookie(cookieService, "http://multi.path.tests/",
|
|
|
|
|
"test2=path; path=/one \n test3=path; path=/one/two/three/four \n "
|
|
|
|
|
"test4=path; path=/one/two \n test5=path; path=/one/two/");
|
|
|
|
|
SetACookie(cookieService, "http://multi.path.tests/one/two/three/four/five/",
|
|
|
|
|
nullptr, "test6=path");
|
|
|
|
|
"test6=path");
|
|
|
|
|
SetACookie(cookieService,
|
|
|
|
|
"http://multi.path.tests/one/two/three/four/five/six/", nullptr,
|
|
|
|
|
"http://multi.path.tests/one/two/three/four/five/six/",
|
|
|
|
|
"test7=path; path=");
|
|
|
|
|
SetACookie(cookieService, "http://multi.path.tests/", nullptr,
|
|
|
|
|
"test8=path; path=/");
|
|
|
|
|
SetACookie(cookieService, "http://multi.path.tests/", "test8=path; path=/");
|
|
|
|
|
GetACookie(cookieService,
|
|
|
|
|
"http://multi.path.tests/one/two/three/four/five/six/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL,
|
|
|
|
|
@ -639,16 +625,14 @@ TEST(TestCookie, TestCookieMain)
|
|
|
|
|
GetACookie(cookieService, "http://httponly.test/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL));
|
|
|
|
|
// Since this cookie is set via http, it can be retrieved
|
|
|
|
|
SetACookie(cookieService, "http://httponly.test/", nullptr,
|
|
|
|
|
"test=httponly; httponly");
|
|
|
|
|
SetACookie(cookieService, "http://httponly.test/", "test=httponly; httponly");
|
|
|
|
|
GetACookie(cookieService, "http://httponly.test/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=httponly"));
|
|
|
|
|
// ... but not by web content
|
|
|
|
|
GetACookieNoHttp(cookieService, "http://httponly.test/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL));
|
|
|
|
|
// Non-Http cookies should not replace HttpOnly cookies
|
|
|
|
|
SetACookie(cookieService, "http://httponly.test/", nullptr,
|
|
|
|
|
"test=httponly; httponly");
|
|
|
|
|
SetACookie(cookieService, "http://httponly.test/", "test=httponly; httponly");
|
|
|
|
|
SetACookieNoHttp(cookieService, "http://httponly.test/", "test=not-httponly");
|
|
|
|
|
GetACookie(cookieService, "http://httponly.test/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=httponly"));
|
|
|
|
|
@ -656,28 +640,24 @@ TEST(TestCookie, TestCookieMain)
|
|
|
|
|
GetACookieNoHttp(cookieService, "http://httponly.test/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL));
|
|
|
|
|
// Non-Http cookies should not delete HttpOnly cookies
|
|
|
|
|
SetACookie(cookieService, "http://httponly.test/", nullptr,
|
|
|
|
|
"test=httponly; httponly");
|
|
|
|
|
SetACookie(cookieService, "http://httponly.test/", "test=httponly; httponly");
|
|
|
|
|
SetACookieNoHttp(cookieService, "http://httponly.test/",
|
|
|
|
|
"test=httponly; max-age=-1");
|
|
|
|
|
GetACookie(cookieService, "http://httponly.test/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=httponly"));
|
|
|
|
|
// ... but HttpOnly cookies should
|
|
|
|
|
SetACookie(cookieService, "http://httponly.test/", nullptr,
|
|
|
|
|
SetACookie(cookieService, "http://httponly.test/",
|
|
|
|
|
"test=httponly; httponly; max-age=-1");
|
|
|
|
|
GetACookie(cookieService, "http://httponly.test/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL));
|
|
|
|
|
// Non-Httponly cookies can replace HttpOnly cookies when set over http
|
|
|
|
|
SetACookie(cookieService, "http://httponly.test/", nullptr,
|
|
|
|
|
"test=httponly; httponly");
|
|
|
|
|
SetACookie(cookieService, "http://httponly.test/", nullptr,
|
|
|
|
|
"test=not-httponly");
|
|
|
|
|
SetACookie(cookieService, "http://httponly.test/", "test=httponly; httponly");
|
|
|
|
|
SetACookie(cookieService, "http://httponly.test/", "test=not-httponly");
|
|
|
|
|
GetACookieNoHttp(cookieService, "http://httponly.test/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=not-httponly"));
|
|
|
|
|
// scripts should not be able to set httponly cookies by replacing an existing
|
|
|
|
|
// non-httponly cookie
|
|
|
|
|
SetACookie(cookieService, "http://httponly.test/", nullptr,
|
|
|
|
|
"test=not-httponly");
|
|
|
|
|
SetACookie(cookieService, "http://httponly.test/", "test=not-httponly");
|
|
|
|
|
SetACookieNoHttp(cookieService, "http://httponly.test/",
|
|
|
|
|
"test=httponly; httponly");
|
|
|
|
|
GetACookieNoHttp(cookieService, "http://httponly.test/", cookie);
|
|
|
|
|
@ -686,29 +666,25 @@ TEST(TestCookie, TestCookieMain)
|
|
|
|
|
// *** Cookie prefix tests
|
|
|
|
|
|
|
|
|
|
// prefixed cookies can't be set from insecure HTTP
|
|
|
|
|
SetACookie(cookieService, "http://prefixed.test/", nullptr,
|
|
|
|
|
"__Secure-test1=test");
|
|
|
|
|
SetACookie(cookieService, "http://prefixed.test/", nullptr,
|
|
|
|
|
SetACookie(cookieService, "http://prefixed.test/", "__Secure-test1=test");
|
|
|
|
|
SetACookie(cookieService, "http://prefixed.test/",
|
|
|
|
|
"__Secure-test2=test; secure");
|
|
|
|
|
SetACookie(cookieService, "http://prefixed.test/", nullptr,
|
|
|
|
|
"__Host-test1=test");
|
|
|
|
|
SetACookie(cookieService, "http://prefixed.test/", nullptr,
|
|
|
|
|
SetACookie(cookieService, "http://prefixed.test/", "__Host-test1=test");
|
|
|
|
|
SetACookie(cookieService, "http://prefixed.test/",
|
|
|
|
|
"__Host-test2=test; secure");
|
|
|
|
|
GetACookie(cookieService, "http://prefixed.test/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL));
|
|
|
|
|
|
|
|
|
|
// prefixed cookies won't be set without the secure flag
|
|
|
|
|
SetACookie(cookieService, "https://prefixed.test/", nullptr,
|
|
|
|
|
"__Secure-test=test");
|
|
|
|
|
SetACookie(cookieService, "https://prefixed.test/", nullptr,
|
|
|
|
|
"__Host-test=test");
|
|
|
|
|
SetACookie(cookieService, "https://prefixed.test/", "__Secure-test=test");
|
|
|
|
|
SetACookie(cookieService, "https://prefixed.test/", "__Host-test=test");
|
|
|
|
|
GetACookie(cookieService, "https://prefixed.test/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL));
|
|
|
|
|
|
|
|
|
|
// prefixed cookies can be set when done correctly
|
|
|
|
|
SetACookie(cookieService, "https://prefixed.test/", nullptr,
|
|
|
|
|
SetACookie(cookieService, "https://prefixed.test/",
|
|
|
|
|
"__Secure-test=test; secure");
|
|
|
|
|
SetACookie(cookieService, "https://prefixed.test/", nullptr,
|
|
|
|
|
SetACookie(cookieService, "https://prefixed.test/",
|
|
|
|
|
"__Host-test=test; secure");
|
|
|
|
|
GetACookie(cookieService, "https://prefixed.test/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_CONTAIN, "__Secure-test=test"));
|
|
|
|
|
@ -719,23 +695,23 @@ TEST(TestCookie, TestCookieMain)
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL));
|
|
|
|
|
|
|
|
|
|
// Host-prefixed cookies cannot specify a domain
|
|
|
|
|
SetACookie(cookieService, "https://host.prefixed.test/", nullptr,
|
|
|
|
|
SetACookie(cookieService, "https://host.prefixed.test/",
|
|
|
|
|
"__Host-a=test; secure; domain=prefixed.test");
|
|
|
|
|
SetACookie(cookieService, "https://host.prefixed.test/", nullptr,
|
|
|
|
|
SetACookie(cookieService, "https://host.prefixed.test/",
|
|
|
|
|
"__Host-b=test; secure; domain=.prefixed.test");
|
|
|
|
|
SetACookie(cookieService, "https://host.prefixed.test/", nullptr,
|
|
|
|
|
SetACookie(cookieService, "https://host.prefixed.test/",
|
|
|
|
|
"__Host-c=test; secure; domain=host.prefixed.test");
|
|
|
|
|
SetACookie(cookieService, "https://host.prefixed.test/", nullptr,
|
|
|
|
|
SetACookie(cookieService, "https://host.prefixed.test/",
|
|
|
|
|
"__Host-d=test; secure; domain=.host.prefixed.test");
|
|
|
|
|
GetACookie(cookieService, "https://host.prefixed.test/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL));
|
|
|
|
|
|
|
|
|
|
// Host-prefixed cookies can only have a path of "/"
|
|
|
|
|
SetACookie(cookieService, "https://host.prefixed.test/some/path", nullptr,
|
|
|
|
|
SetACookie(cookieService, "https://host.prefixed.test/some/path",
|
|
|
|
|
"__Host-e=test; secure");
|
|
|
|
|
SetACookie(cookieService, "https://host.prefixed.test/some/path", nullptr,
|
|
|
|
|
SetACookie(cookieService, "https://host.prefixed.test/some/path",
|
|
|
|
|
"__Host-f=test; secure; path=/");
|
|
|
|
|
SetACookie(cookieService, "https://host.prefixed.test/some/path", nullptr,
|
|
|
|
|
SetACookie(cookieService, "https://host.prefixed.test/some/path",
|
|
|
|
|
"__Host-g=test; secure; path=/some");
|
|
|
|
|
GetACookie(cookieService, "https://host.prefixed.test/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "__Host-f=test"));
|
|
|
|
|
@ -744,53 +720,52 @@ TEST(TestCookie, TestCookieMain)
|
|
|
|
|
|
|
|
|
|
// testing items 0 & 1 for 3.1 of spec Deprecate modification of ’secure’
|
|
|
|
|
// cookies from non-secure origins
|
|
|
|
|
SetACookie(cookieService, "http://www.security.test/", nullptr,
|
|
|
|
|
SetACookie(cookieService, "http://www.security.test/",
|
|
|
|
|
"test=non-security; secure");
|
|
|
|
|
GetACookieNoHttp(cookieService, "https://www.security.test/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL));
|
|
|
|
|
SetACookie(cookieService, "https://www.security.test/path/", nullptr,
|
|
|
|
|
SetACookie(cookieService, "https://www.security.test/path/",
|
|
|
|
|
"test=security; secure; path=/path/");
|
|
|
|
|
GetACookieNoHttp(cookieService, "https://www.security.test/path/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=security"));
|
|
|
|
|
// testing items 2 & 3 & 4 for 3.2 of spec Deprecate modification of ’secure’
|
|
|
|
|
// cookies from non-secure origins
|
|
|
|
|
// Secure site can modify cookie value
|
|
|
|
|
SetACookie(cookieService, "https://www.security.test/path/", nullptr,
|
|
|
|
|
SetACookie(cookieService, "https://www.security.test/path/",
|
|
|
|
|
"test=security2; secure; path=/path/");
|
|
|
|
|
GetACookieNoHttp(cookieService, "https://www.security.test/path/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=security2"));
|
|
|
|
|
// If new cookie contains same name, same host and partially matching path
|
|
|
|
|
// with an existing security cookie on non-security site, it can't modify an
|
|
|
|
|
// existing security cookie.
|
|
|
|
|
SetACookie(cookieService, "http://www.security.test/path/foo/", nullptr,
|
|
|
|
|
SetACookie(cookieService, "http://www.security.test/path/foo/",
|
|
|
|
|
"test=non-security; path=/path/foo");
|
|
|
|
|
GetACookieNoHttp(cookieService, "https://www.security.test/path/foo/",
|
|
|
|
|
cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=security2"));
|
|
|
|
|
// Non-secure cookie can set by same name, same host and non-matching path.
|
|
|
|
|
SetACookie(cookieService, "http://www.security.test/bar/", nullptr,
|
|
|
|
|
SetACookie(cookieService, "http://www.security.test/bar/",
|
|
|
|
|
"test=non-security; path=/bar");
|
|
|
|
|
GetACookieNoHttp(cookieService, "http://www.security.test/bar/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=non-security"));
|
|
|
|
|
// Modify value and downgrade secure level.
|
|
|
|
|
SetACookie(
|
|
|
|
|
cookieService, "https://www.security.test/", nullptr,
|
|
|
|
|
cookieService, "https://www.security.test/",
|
|
|
|
|
"test_modify_cookie=security-cookie; secure; domain=.security.test");
|
|
|
|
|
GetACookieNoHttp(cookieService, "https://www.security.test/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL,
|
|
|
|
|
"test_modify_cookie=security-cookie"));
|
|
|
|
|
SetACookie(cookieService, "https://www.security.test/", nullptr,
|
|
|
|
|
SetACookie(cookieService, "https://www.security.test/",
|
|
|
|
|
"test_modify_cookie=non-security-cookie; domain=.security.test");
|
|
|
|
|
GetACookieNoHttp(cookieService, "https://www.security.test/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL,
|
|
|
|
|
"test_modify_cookie=non-security-cookie"));
|
|
|
|
|
// Test the non-security cookie can set when domain or path not same to secure
|
|
|
|
|
// cookie of same name.
|
|
|
|
|
SetACookie(cookieService, "https://www.security.test/", nullptr,
|
|
|
|
|
"test=security3");
|
|
|
|
|
SetACookie(cookieService, "https://www.security.test/", "test=security3");
|
|
|
|
|
GetACookieNoHttp(cookieService, "http://www.security.test/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_CONTAIN, "test=security3"));
|
|
|
|
|
SetACookie(cookieService, "http://www.security.test/", nullptr,
|
|
|
|
|
SetACookie(cookieService, "http://www.security.test/",
|
|
|
|
|
"test=non-security2; domain=security.test");
|
|
|
|
|
GetACookieNoHttp(cookieService, "http://www.security.test/", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_CONTAIN, "test=non-security2"));
|
|
|
|
|
@ -900,8 +875,7 @@ TEST(TestCookie, TestCookieMain)
|
|
|
|
|
name = NS_LITERAL_CSTRING("test");
|
|
|
|
|
name.AppendInt(i);
|
|
|
|
|
name += NS_LITERAL_CSTRING("=creation");
|
|
|
|
|
SetACookie(cookieService, "http://creation.ordering.tests/", nullptr,
|
|
|
|
|
name.get());
|
|
|
|
|
SetACookie(cookieService, "http://creation.ordering.tests/", name.get());
|
|
|
|
|
|
|
|
|
|
if (i >= 10) {
|
|
|
|
|
expected += name;
|
|
|
|
|
@ -921,13 +895,11 @@ TEST(TestCookie, TestCookieMain)
|
|
|
|
|
// Create 50 cookies that include the secure flag.
|
|
|
|
|
if (i < 50) {
|
|
|
|
|
name += NS_LITERAL_CSTRING("; secure");
|
|
|
|
|
SetACookie(cookieService, "https://creation.ordering.tests/", nullptr,
|
|
|
|
|
name.get());
|
|
|
|
|
SetACookie(cookieService, "https://creation.ordering.tests/", name.get());
|
|
|
|
|
} else {
|
|
|
|
|
// non-security cookies will be removed beside the latest cookie that be
|
|
|
|
|
// created.
|
|
|
|
|
SetACookie(cookieService, "http://creation.ordering.tests/", nullptr,
|
|
|
|
|
name.get());
|
|
|
|
|
SetACookie(cookieService, "http://creation.ordering.tests/", name.get());
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
GetACookie(cookieService, "http://creation.ordering.tests/", cookie);
|
|
|
|
|
@ -940,18 +912,17 @@ TEST(TestCookie, TestCookieMain)
|
|
|
|
|
|
|
|
|
|
// None of these cookies will be set because using
|
|
|
|
|
// CookieJarSettings::GetBlockingAll().
|
|
|
|
|
SetASameSiteCookie(cookieService, "http://samesite.test", nullptr,
|
|
|
|
|
"unset=yes", nullptr, false);
|
|
|
|
|
SetASameSiteCookie(cookieService, "http://samesite.test", nullptr,
|
|
|
|
|
"unspecified=yes; samesite", nullptr, false);
|
|
|
|
|
SetASameSiteCookie(cookieService, "http://samesite.test", nullptr,
|
|
|
|
|
"empty=yes; samesite=", nullptr, false);
|
|
|
|
|
SetASameSiteCookie(cookieService, "http://samesite.test", nullptr,
|
|
|
|
|
"bogus=yes; samesite=bogus", nullptr, false);
|
|
|
|
|
SetASameSiteCookie(cookieService, "http://samesite.test", nullptr,
|
|
|
|
|
"strict=yes; samesite=strict", nullptr, false);
|
|
|
|
|
SetASameSiteCookie(cookieService, "http://samesite.test", nullptr,
|
|
|
|
|
"lax=yes; samesite=lax", nullptr, false);
|
|
|
|
|
SetASameSiteCookie(cookieService, "http://samesite.test", "unset=yes", false);
|
|
|
|
|
SetASameSiteCookie(cookieService, "http://samesite.test",
|
|
|
|
|
"unspecified=yes; samesite", false);
|
|
|
|
|
SetASameSiteCookie(cookieService, "http://samesite.test",
|
|
|
|
|
"empty=yes; samesite=", false);
|
|
|
|
|
SetASameSiteCookie(cookieService, "http://samesite.test",
|
|
|
|
|
"bogus=yes; samesite=bogus", false);
|
|
|
|
|
SetASameSiteCookie(cookieService, "http://samesite.test",
|
|
|
|
|
"strict=yes; samesite=strict", false);
|
|
|
|
|
SetASameSiteCookie(cookieService, "http://samesite.test",
|
|
|
|
|
"lax=yes; samesite=lax", false);
|
|
|
|
|
|
|
|
|
|
cookies.SetLength(0);
|
|
|
|
|
EXPECT_TRUE(NS_SUCCEEDED(cookieMgr->GetCookies(cookies)));
|
|
|
|
|
@ -960,23 +931,22 @@ TEST(TestCookie, TestCookieMain)
|
|
|
|
|
|
|
|
|
|
// Set cookies with various incantations of the samesite attribute:
|
|
|
|
|
// No same site attribute present
|
|
|
|
|
SetASameSiteCookie(cookieService, "http://samesite.test", nullptr,
|
|
|
|
|
"unset=yes", nullptr, true);
|
|
|
|
|
SetASameSiteCookie(cookieService, "http://samesite.test", "unset=yes", true);
|
|
|
|
|
// samesite attribute present but with no value
|
|
|
|
|
SetASameSiteCookie(cookieService, "http://samesite.test", nullptr,
|
|
|
|
|
"unspecified=yes; samesite", nullptr, true);
|
|
|
|
|
SetASameSiteCookie(cookieService, "http://samesite.test",
|
|
|
|
|
"unspecified=yes; samesite", true);
|
|
|
|
|
// samesite attribute present but with an empty value
|
|
|
|
|
SetASameSiteCookie(cookieService, "http://samesite.test", nullptr,
|
|
|
|
|
"empty=yes; samesite=", nullptr, true);
|
|
|
|
|
SetASameSiteCookie(cookieService, "http://samesite.test",
|
|
|
|
|
"empty=yes; samesite=", true);
|
|
|
|
|
// samesite attribute present but with an invalid value
|
|
|
|
|
SetASameSiteCookie(cookieService, "http://samesite.test", nullptr,
|
|
|
|
|
"bogus=yes; samesite=bogus", nullptr, true);
|
|
|
|
|
SetASameSiteCookie(cookieService, "http://samesite.test",
|
|
|
|
|
"bogus=yes; samesite=bogus", true);
|
|
|
|
|
// samesite=strict
|
|
|
|
|
SetASameSiteCookie(cookieService, "http://samesite.test", nullptr,
|
|
|
|
|
"strict=yes; samesite=strict", nullptr, true);
|
|
|
|
|
SetASameSiteCookie(cookieService, "http://samesite.test",
|
|
|
|
|
"strict=yes; samesite=strict", true);
|
|
|
|
|
// samesite=lax
|
|
|
|
|
SetASameSiteCookie(cookieService, "http://samesite.test", nullptr,
|
|
|
|
|
"lax=yes; samesite=lax", nullptr, true);
|
|
|
|
|
SetASameSiteCookie(cookieService, "http://samesite.test",
|
|
|
|
|
"lax=yes; samesite=lax", true);
|
|
|
|
|
|
|
|
|
|
cookies.SetLength(0);
|
|
|
|
|
EXPECT_TRUE(NS_SUCCEEDED(cookieMgr->GetCookies(cookies)));
|
|
|
|
|
@ -1012,12 +982,12 @@ TEST(TestCookie, TestCookieMain)
|
|
|
|
|
// setup because no nsIChannel is passed to SetCookieString(). therefore we
|
|
|
|
|
// can only test that no cookies are sent for cross origin requests using
|
|
|
|
|
// same-site cookies.
|
|
|
|
|
SetACookie(cookieService, "http://www.samesite.com", nullptr,
|
|
|
|
|
SetACookie(cookieService, "http://www.samesite.com",
|
|
|
|
|
"test=sameSiteStrictVal; samesite=strict");
|
|
|
|
|
GetACookie(cookieService, "http://www.notsamesite.com", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL));
|
|
|
|
|
|
|
|
|
|
SetACookie(cookieService, "http://www.samesite.test", nullptr,
|
|
|
|
|
SetACookie(cookieService, "http://www.samesite.test",
|
|
|
|
|
"test=sameSiteLaxVal; samesite=lax");
|
|
|
|
|
GetACookie(cookieService, "http://www.notsamesite.com", cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL));
|
|
|
|
|
@ -1030,7 +1000,7 @@ TEST(TestCookie, TestCookieMain)
|
|
|
|
|
|
|
|
|
|
uint32_t numSecureURIs = sizeof(secureURIs) / sizeof(const char*);
|
|
|
|
|
for (uint32_t i = 0; i < numSecureURIs; ++i) {
|
|
|
|
|
SetACookie(cookieService, secureURIs[i], nullptr, "test=basic; secure");
|
|
|
|
|
SetACookie(cookieService, secureURIs[i], "test=basic; secure");
|
|
|
|
|
GetACookie(cookieService, secureURIs[i], cookie);
|
|
|
|
|
EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=basic"));
|
|
|
|
|
}
|
|
|
|
|
@ -1057,8 +1027,7 @@ TEST(TestCookie, SameSiteLax)
|
|
|
|
|
|
|
|
|
|
EXPECT_TRUE(NS_SUCCEEDED(cookieMgr->RemoveAll()));
|
|
|
|
|
|
|
|
|
|
SetASameSiteCookie(cookieService, "http://samesite.test", nullptr,
|
|
|
|
|
"unset=yes", nullptr, true);
|
|
|
|
|
SetASameSiteCookie(cookieService, "http://samesite.test", "unset=yes", true);
|
|
|
|
|
|
|
|
|
|
nsTArray<RefPtr<nsICookie>> cookies;
|
|
|
|
|
EXPECT_TRUE(NS_SUCCEEDED(cookieMgr->GetCookies(cookies)));
|
|
|
|
|
@ -1077,8 +1046,7 @@ TEST(TestCookie, SameSiteLax)
|
|
|
|
|
EXPECT_TRUE(NS_SUCCEEDED(cookieMgr->GetCookies(cookies)));
|
|
|
|
|
EXPECT_EQ(cookies.Length(), (uint64_t)0);
|
|
|
|
|
|
|
|
|
|
SetASameSiteCookie(cookieService, "http://samesite.test", nullptr,
|
|
|
|
|
"unset=yes", nullptr, true);
|
|
|
|
|
SetASameSiteCookie(cookieService, "http://samesite.test", "unset=yes", true);
|
|
|
|
|
|
|
|
|
|
cookies.SetLength(0);
|
|
|
|
|
EXPECT_TRUE(NS_SUCCEEDED(cookieMgr->GetCookies(cookies)));
|
|
|
|
|
|
Andrea Marchesini