/src/mozilla-central/netwerk/test/TestCookie.cpp
Line | Count | Source (jump to first uncovered line) |
1 | | /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ |
2 | | /* This Source Code Form is subject to the terms of the Mozilla Public |
3 | | * License, v. 2.0. If a copy of the MPL was not distributed with this |
4 | | * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
5 | | |
6 | | #include "TestCommon.h" |
7 | | #include "gtest/gtest.h" |
8 | | #include "nsIServiceManager.h" |
9 | | #include "nsICookieService.h" |
10 | | #include "nsICookieManager.h" |
11 | | #include "nsICookie2.h" |
12 | | #include <stdio.h> |
13 | | #include "plstr.h" |
14 | | #include "nsNetUtil.h" |
15 | | #include "nsIChannel.h" |
16 | | #include "nsIPrincipal.h" |
17 | | #include "nsIScriptSecurityManager.h" |
18 | | #include "nsISimpleEnumerator.h" |
19 | | #include "nsServiceManagerUtils.h" |
20 | | #include "nsNetCID.h" |
21 | | #include "nsIPrefBranch.h" |
22 | | #include "nsIPrefService.h" |
23 | | #include "mozilla/Unused.h" |
24 | | #include "nsIURI.h" |
25 | | |
26 | | using mozilla::Unused; |
27 | | |
28 | | static NS_DEFINE_CID(kCookieServiceCID, NS_COOKIESERVICE_CID); |
29 | | static NS_DEFINE_CID(kPrefServiceCID, NS_PREFSERVICE_CID); |
30 | | |
31 | | // various pref strings |
32 | | static const char kCookiesPermissions[] = "network.cookie.cookieBehavior"; |
33 | | static const char kPrefCookieQuotaPerHost[] = "network.cookie.quotaPerHost"; |
34 | | static const char kCookiesMaxPerHost[] = "network.cookie.maxPerHost"; |
35 | | static const char kCookieLeaveSecurityAlone[] = "network.cookie.leave-secure-alone"; |
36 | | |
37 | 0 | #define OFFSET_ONE_WEEK int64_t(604800) * PR_USEC_PER_SEC |
38 | 0 | #define OFFSET_ONE_DAY int64_t(86400) * PR_USEC_PER_SEC |
39 | | |
40 | | //Set server time or expiry time |
41 | | void |
42 | | SetTime(PRTime offsetTime,nsAutoCString& serverString,nsAutoCString& cookieString,bool expiry) |
43 | 0 | { |
44 | 0 | char timeStringPreset[40]; |
45 | 0 | PRTime CurrentTime = PR_Now(); |
46 | 0 | PRTime SetCookieTime = CurrentTime + offsetTime; |
47 | 0 | PRTime SetExpiryTime; |
48 | 0 | if (expiry) { |
49 | 0 | SetExpiryTime = SetCookieTime - OFFSET_ONE_DAY; |
50 | 0 | } else { |
51 | 0 | SetExpiryTime = SetCookieTime + OFFSET_ONE_DAY; |
52 | 0 | } |
53 | 0 |
|
54 | 0 | // Set server time string |
55 | 0 | PRExplodedTime explodedTime; |
56 | 0 | PR_ExplodeTime(SetCookieTime , PR_GMTParameters, &explodedTime); |
57 | 0 | PR_FormatTimeUSEnglish(timeStringPreset, 40, "%c GMT", &explodedTime); |
58 | 0 | serverString.Assign(timeStringPreset); |
59 | 0 |
|
60 | 0 | // Set cookie string |
61 | 0 | PR_ExplodeTime(SetExpiryTime , PR_GMTParameters, &explodedTime); |
62 | 0 | PR_FormatTimeUSEnglish(timeStringPreset, 40, "%c GMT", &explodedTime); |
63 | 0 | cookieString.ReplaceLiteral(0, strlen("test=expiry; expires=") + strlen(timeStringPreset) + 1, "test=expiry; expires="); |
64 | 0 | cookieString.Append(timeStringPreset); |
65 | 0 | } |
66 | | |
67 | | void |
68 | | SetACookie(nsICookieService *aCookieService, const char *aSpec1, const char *aSpec2, const char* aCookieString, const char *aServerTime) |
69 | 0 | { |
70 | 0 | nsCOMPtr<nsIURI> uri1, uri2; |
71 | 0 | NS_NewURI(getter_AddRefs(uri1), aSpec1); |
72 | 0 | if (aSpec2) |
73 | 0 | NS_NewURI(getter_AddRefs(uri2), aSpec2); |
74 | 0 |
|
75 | 0 | nsresult rv = aCookieService->SetCookieStringFromHttp(uri1, uri2, nullptr, (char *)aCookieString, aServerTime, nullptr); |
76 | 0 | EXPECT_TRUE(NS_SUCCEEDED(rv)); |
77 | 0 | } |
78 | | |
79 | | // Custom Cookie Generator specifically for the needs of same-site cookies! |
80 | | // Hands off unless you know exactly what you are doing! |
81 | | void |
82 | | SetASameSiteCookie(nsICookieService *aCookieService, const char *aSpec1, const char *aSpec2, const char* aCookieString, const char *aServerTime) |
83 | 0 | { |
84 | 0 | nsCOMPtr<nsIURI> uri1, uri2; |
85 | 0 | NS_NewURI(getter_AddRefs(uri1), aSpec1); |
86 | 0 | if (aSpec2) |
87 | 0 | NS_NewURI(getter_AddRefs(uri2), aSpec2); |
88 | 0 |
|
89 | 0 | // We create a dummy channel using the aSpec1 to simulate same-siteness |
90 | 0 | nsresult rv0; |
91 | 0 | nsCOMPtr<nsIScriptSecurityManager> ssm = |
92 | 0 | do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv0); |
93 | 0 | ASSERT_TRUE(NS_SUCCEEDED(rv0)); |
94 | 0 | nsCOMPtr<nsIPrincipal> spec1Principal; |
95 | 0 | nsCString tmpString(aSpec1); |
96 | 0 | ssm->CreateCodebasePrincipalFromOrigin(tmpString, getter_AddRefs(spec1Principal)); |
97 | 0 |
|
98 | 0 | nsCOMPtr<nsIChannel> dummyChannel; |
99 | 0 | NS_NewChannel(getter_AddRefs(dummyChannel), |
100 | 0 | uri1, |
101 | 0 | spec1Principal, |
102 | 0 | nsILoadInfo::SEC_ONLY_FOR_EXPLICIT_CONTENTSEC_CHECK, |
103 | 0 | nsIContentPolicy::TYPE_OTHER); |
104 | 0 |
|
105 | 0 | nsresult rv = aCookieService->SetCookieStringFromHttp(uri1, uri2, nullptr, (char *)aCookieString, aServerTime, dummyChannel); |
106 | 0 | EXPECT_TRUE(NS_SUCCEEDED(rv)); |
107 | 0 | } |
108 | | |
109 | | void |
110 | | SetACookieNoHttp(nsICookieService *aCookieService, const char *aSpec, const char* aCookieString) |
111 | 0 | { |
112 | 0 | nsCOMPtr<nsIURI> uri; |
113 | 0 | NS_NewURI(getter_AddRefs(uri), aSpec); |
114 | 0 |
|
115 | 0 | nsresult rv = aCookieService->SetCookieString(uri, nullptr, (char *)aCookieString, nullptr); |
116 | 0 | EXPECT_TRUE(NS_SUCCEEDED(rv)); |
117 | 0 | } |
118 | | |
119 | | // The cookie string is returned via aCookie. |
120 | | void |
121 | | GetACookie(nsICookieService *aCookieService, const char *aSpec1, const char *aSpec2, nsACString& aCookie) |
122 | 0 | { |
123 | 0 | nsCOMPtr<nsIURI> uri1, uri2; |
124 | 0 | NS_NewURI(getter_AddRefs(uri1), aSpec1); |
125 | 0 | if (aSpec2) |
126 | 0 | NS_NewURI(getter_AddRefs(uri2), aSpec2); |
127 | 0 |
|
128 | 0 | Unused << aCookieService->GetCookieStringFromHttp(uri1, uri2, nullptr, getter_Copies(aCookie)); |
129 | 0 | } |
130 | | |
131 | | // The cookie string is returned via aCookie. |
132 | | void |
133 | | GetACookieNoHttp(nsICookieService *aCookieService, const char *aSpec, nsACString& aCookie) |
134 | 0 | { |
135 | 0 | nsCOMPtr<nsIURI> uri; |
136 | 0 | NS_NewURI(getter_AddRefs(uri), aSpec); |
137 | 0 |
|
138 | 0 | Unused << aCookieService->GetCookieString(uri, nullptr, getter_Copies(aCookie)); |
139 | 0 | } |
140 | | |
141 | | // some #defines for comparison rules |
142 | 0 | #define MUST_BE_NULL 0 |
143 | 0 | #define MUST_EQUAL 1 |
144 | 0 | #define MUST_CONTAIN 2 |
145 | 0 | #define MUST_NOT_CONTAIN 3 |
146 | 0 | #define MUST_NOT_EQUAL 4 |
147 | | |
148 | | // a simple helper function to improve readability: |
149 | | // takes one of the #defined rules above, and performs the appropriate test. |
150 | | // true means the test passed; false means the test failed. |
151 | | static inline bool |
152 | | CheckResult(const char *aLhs, uint32_t aRule, const char *aRhs = nullptr) |
153 | 0 | { |
154 | 0 | switch (aRule) { |
155 | 0 | case MUST_BE_NULL: |
156 | 0 | return !aLhs || !*aLhs; |
157 | 0 |
|
158 | 0 | case MUST_EQUAL: |
159 | 0 | return !PL_strcmp(aLhs, aRhs); |
160 | 0 |
|
161 | 0 | case MUST_NOT_EQUAL: |
162 | 0 | return PL_strcmp(aLhs, aRhs); |
163 | 0 |
|
164 | 0 | case MUST_CONTAIN: |
165 | 0 | return PL_strstr(aLhs, aRhs) != nullptr; |
166 | 0 |
|
167 | 0 | case MUST_NOT_CONTAIN: |
168 | 0 | return PL_strstr(aLhs, aRhs) == nullptr; |
169 | 0 |
|
170 | 0 | default: |
171 | 0 | return false; // failure |
172 | 0 | } |
173 | 0 | } |
174 | | |
175 | | void |
176 | | InitPrefs(nsIPrefBranch *aPrefBranch) |
177 | 0 | { |
178 | 0 | // init some relevant prefs, so the tests don't go awry. |
179 | 0 | // we use the most restrictive set of prefs we can; |
180 | 0 | // however, we don't test third party blocking here. |
181 | 0 | aPrefBranch->SetIntPref(kCookiesPermissions, 0); // accept all |
182 | 0 | aPrefBranch->SetBoolPref(kCookieLeaveSecurityAlone, true); |
183 | 0 | // Set quotaPerHost to maxPerHost - 1, so there is only one cookie |
184 | 0 | // will be evicted everytime. |
185 | 0 | aPrefBranch->SetIntPref(kPrefCookieQuotaPerHost, 49); |
186 | 0 | // Set the base domain limit to 50 so we have a known value. |
187 | 0 | aPrefBranch->SetIntPref(kCookiesMaxPerHost, 50); |
188 | 0 | } |
189 | | |
190 | | |
191 | | TEST(TestCookie,TestCookieMain) |
192 | 0 | { |
193 | 0 | nsresult rv0; |
194 | 0 |
|
195 | 0 | nsCOMPtr<nsICookieService> cookieService = |
196 | 0 | do_GetService(kCookieServiceCID, &rv0); |
197 | 0 | ASSERT_TRUE(NS_SUCCEEDED(rv0)); |
198 | 0 |
|
199 | 0 | nsCOMPtr<nsIPrefBranch> prefBranch = |
200 | 0 | do_GetService(kPrefServiceCID, &rv0); |
201 | 0 | ASSERT_TRUE(NS_SUCCEEDED(rv0)); |
202 | 0 |
|
203 | 0 | InitPrefs(prefBranch); |
204 | 0 |
|
205 | 0 | nsCString cookie; |
206 | 0 |
|
207 | 0 | /* The basic idea behind these tests is the following: |
208 | 0 | * |
209 | 0 | * we set() some cookie, then try to get() it in various ways. we have |
210 | 0 | * several possible tests we perform on the cookie string returned from |
211 | 0 | * get(): |
212 | 0 | * |
213 | 0 | * a) check whether the returned string is null (i.e. we got no cookies |
214 | 0 | * back). this is used e.g. to ensure a given cookie was deleted |
215 | 0 | * correctly, or to ensure a certain cookie wasn't returned to a given |
216 | 0 | * host. |
217 | 0 | * b) check whether the returned string exactly matches a given string. |
218 | 0 | * this is used where we want to make sure our cookie service adheres to |
219 | 0 | * some strict spec (e.g. ordering of multiple cookies), or where we |
220 | 0 | * just know exactly what the returned string should be. |
221 | 0 | * c) check whether the returned string contains/does not contain a given |
222 | 0 | * string. this is used where we don't know/don't care about the |
223 | 0 | * ordering of multiple cookies - we just want to make sure the cookie |
224 | 0 | * string contains them all, in some order. |
225 | 0 | * |
226 | 0 | * NOTE: this testsuite is not yet comprehensive or complete, and is |
227 | 0 | * somewhat contrived - still under development, and needs improving! |
228 | 0 | */ |
229 | 0 |
|
230 | 0 | // test some basic variations of the domain & path |
231 | 0 | SetACookie(cookieService, "http://www.basic.com", nullptr, "test=basic", nullptr); |
232 | 0 | GetACookie(cookieService, "http://www.basic.com", nullptr, cookie); |
233 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=basic")); |
234 | 0 | GetACookie(cookieService, "http://www.basic.com/testPath/testfile.txt", nullptr, cookie); |
235 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=basic")); |
236 | 0 | GetACookie(cookieService, "http://www.basic.com./", nullptr, cookie); |
237 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); |
238 | 0 | GetACookie(cookieService, "http://www.basic.com.", nullptr, cookie); |
239 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); |
240 | 0 | GetACookie(cookieService, "http://www.basic.com./testPath/testfile.txt", nullptr, cookie); |
241 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); |
242 | 0 | GetACookie(cookieService, "http://www.basic2.com/", nullptr, cookie); |
243 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); |
244 | 0 | SetACookie(cookieService, "http://www.basic.com", nullptr, "test=basic; max-age=-1", nullptr); |
245 | 0 | GetACookie(cookieService, "http://www.basic.com/", nullptr, cookie); |
246 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); |
247 | 0 |
|
248 | 0 | // *** domain tests |
249 | 0 |
|
250 | 0 | // test some variations of the domain & path, for different domains of |
251 | 0 | // a domain cookie |
252 | 0 | SetACookie(cookieService, "http://www.domain.com", nullptr, "test=domain; domain=domain.com", nullptr); |
253 | 0 | GetACookie(cookieService, "http://domain.com", nullptr, cookie); |
254 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=domain")); |
255 | 0 | GetACookie(cookieService, "http://domain.com.", nullptr, cookie); |
256 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); |
257 | 0 | GetACookie(cookieService, "http://www.domain.com", nullptr, cookie); |
258 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=domain")); |
259 | 0 | GetACookie(cookieService, "http://foo.domain.com", nullptr, cookie); |
260 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=domain")); |
261 | 0 | SetACookie(cookieService, "http://www.domain.com", nullptr, "test=domain; domain=domain.com; max-age=-1", nullptr); |
262 | 0 | GetACookie(cookieService, "http://domain.com", nullptr, cookie); |
263 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); |
264 | 0 |
|
265 | 0 | SetACookie(cookieService, "http://www.domain.com", nullptr, "test=domain; domain=.domain.com", nullptr); |
266 | 0 | GetACookie(cookieService, "http://domain.com", nullptr, cookie); |
267 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=domain")); |
268 | 0 | GetACookie(cookieService, "http://www.domain.com", nullptr, cookie); |
269 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=domain")); |
270 | 0 | GetACookie(cookieService, "http://bah.domain.com", nullptr, cookie); |
271 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=domain")); |
272 | 0 | SetACookie(cookieService, "http://www.domain.com", nullptr, "test=domain; domain=.domain.com; max-age=-1", nullptr); |
273 | 0 | GetACookie(cookieService, "http://domain.com", nullptr, cookie); |
274 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); |
275 | 0 |
|
276 | 0 | SetACookie(cookieService, "http://www.domain.com", nullptr, "test=domain; domain=.foo.domain.com", nullptr); |
277 | 0 | GetACookie(cookieService, "http://foo.domain.com", nullptr, cookie); |
278 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); |
279 | 0 |
|
280 | 0 | SetACookie(cookieService, "http://www.domain.com", nullptr, "test=domain; domain=moose.com", nullptr); |
281 | 0 | GetACookie(cookieService, "http://foo.domain.com", nullptr, cookie); |
282 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); |
283 | 0 |
|
284 | 0 | SetACookie(cookieService, "http://www.domain.com", nullptr, "test=domain; domain=domain.com.", nullptr); |
285 | 0 | GetACookie(cookieService, "http://foo.domain.com", nullptr, cookie); |
286 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); |
287 | 0 |
|
288 | 0 | SetACookie(cookieService, "http://www.domain.com", nullptr, "test=domain; domain=..domain.com", nullptr); |
289 | 0 | GetACookie(cookieService, "http://foo.domain.com", nullptr, cookie); |
290 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); |
291 | 0 |
|
292 | 0 | SetACookie(cookieService, "http://www.domain.com", nullptr, "test=domain; domain=..domain.com.", nullptr); |
293 | 0 | GetACookie(cookieService, "http://foo.domain.com", nullptr, cookie); |
294 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); |
295 | 0 |
|
296 | 0 | SetACookie(cookieService, "http://path.net/path/file", nullptr, R"(test=taco; path="/bogus")", nullptr); |
297 | 0 | GetACookie(cookieService, "http://path.net/path/file", nullptr, cookie); |
298 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=taco")); |
299 | 0 | SetACookie(cookieService, "http://path.net/path/file", nullptr, "test=taco; max-age=-1", nullptr); |
300 | 0 | GetACookie(cookieService, "http://path.net/path/file", nullptr, cookie); |
301 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); |
302 | 0 |
|
303 | 0 | // *** path tests |
304 | 0 |
|
305 | 0 | // test some variations of the domain & path, for different paths of |
306 | 0 | // a path cookie |
307 | 0 | SetACookie(cookieService, "http://path.net/path/file", nullptr, "test=path; path=/path", nullptr); |
308 | 0 | GetACookie(cookieService, "http://path.net/path", nullptr, cookie); |
309 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=path")); |
310 | 0 | GetACookie(cookieService, "http://path.net/path/", nullptr, cookie); |
311 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=path")); |
312 | 0 | GetACookie(cookieService, "http://path.net/path/hithere.foo", nullptr, cookie); |
313 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=path")); |
314 | 0 | GetACookie(cookieService, "http://path.net/path?hithere/foo", nullptr, cookie); |
315 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=path")); |
316 | 0 | GetACookie(cookieService, "http://path.net/path2", nullptr, cookie); |
317 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); |
318 | 0 | GetACookie(cookieService, "http://path.net/path2/", nullptr, cookie); |
319 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); |
320 | 0 | SetACookie(cookieService, "http://path.net/path/file", nullptr, "test=path; path=/path; max-age=-1", nullptr); |
321 | 0 | GetACookie(cookieService, "http://path.net/path/", nullptr, cookie); |
322 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); |
323 | 0 |
|
324 | 0 | SetACookie(cookieService, "http://path.net/path/file", nullptr, "test=path; path=/path/", nullptr); |
325 | 0 | GetACookie(cookieService, "http://path.net/path", nullptr, cookie); |
326 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=path")); |
327 | 0 | GetACookie(cookieService, "http://path.net/path/", nullptr, cookie); |
328 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=path")); |
329 | 0 | SetACookie(cookieService, "http://path.net/path/file", nullptr, "test=path; path=/path/; max-age=-1", nullptr); |
330 | 0 | GetACookie(cookieService, "http://path.net/path/", nullptr, cookie); |
331 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); |
332 | 0 |
|
333 | 0 | // note that a site can set a cookie for a path it's not on. |
334 | 0 | // this is an intentional deviation from spec (see comments in |
335 | 0 | // nsCookieService::CheckPath()), so we test this functionality too |
336 | 0 | SetACookie(cookieService, "http://path.net/path/file", nullptr, "test=path; path=/foo/", nullptr); |
337 | 0 | GetACookie(cookieService, "http://path.net/path", nullptr, cookie); |
338 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); |
339 | 0 | GetACookie(cookieService, "http://path.net/foo", nullptr, cookie); |
340 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=path")); |
341 | 0 | SetACookie(cookieService, "http://path.net/path/file", nullptr, "test=path; path=/foo/; max-age=-1", nullptr); |
342 | 0 | GetACookie(cookieService, "http://path.net/foo/", nullptr, cookie); |
343 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); |
344 | 0 |
|
345 | 0 | // bug 373228: make sure cookies with paths longer than 1024 bytes, |
346 | 0 | // and cookies with paths or names containing tabs, are rejected. |
347 | 0 | // the following cookie has a path > 1024 bytes explicitly specified in the cookie |
348 | 0 | SetACookie(cookieService, "http://path.net/", nullptr, "test=path; path=/1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890/", nullptr); |
349 | 0 | GetACookie(cookieService, "http://path.net/1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890", nullptr, cookie); |
350 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); |
351 | 0 | // the following cookie has a path > 1024 bytes implicitly specified by the uri path |
352 | 0 | SetACookie(cookieService, "http://path.net/1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890/", nullptr, "test=path", nullptr); |
353 | 0 | GetACookie(cookieService, "http://path.net/1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890/", nullptr, cookie); |
354 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); |
355 | 0 | // the following cookie includes a tab in the path |
356 | 0 | SetACookie(cookieService, "http://path.net/", nullptr, "test=path; path=/foo\tbar/", nullptr); |
357 | 0 | GetACookie(cookieService, "http://path.net/foo\tbar/", nullptr, cookie); |
358 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); |
359 | 0 | // the following cookie includes a tab in the name |
360 | 0 | SetACookie(cookieService, "http://path.net/", nullptr, "test\ttabs=tab", nullptr); |
361 | 0 | GetACookie(cookieService, "http://path.net/", nullptr, cookie); |
362 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); |
363 | 0 | // the following cookie includes a tab in the value - allowed |
364 | 0 | SetACookie(cookieService, "http://path.net/", nullptr, "test=tab\ttest", nullptr); |
365 | 0 | GetACookie(cookieService, "http://path.net/", nullptr, cookie); |
366 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=tab\ttest")); |
367 | 0 | SetACookie(cookieService, "http://path.net/", nullptr, "test=tab\ttest; max-age=-1", nullptr); |
368 | 0 | GetACookie(cookieService, "http://path.net/", nullptr, cookie); |
369 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); |
370 | 0 |
|
371 | 0 |
|
372 | 0 | // *** expiry & deletion tests |
373 | 0 | // XXX add server time str parsing tests here |
374 | 0 |
|
375 | 0 | // test some variations of the expiry time, |
376 | 0 | // and test deletion of previously set cookies |
377 | 0 | SetACookie(cookieService, "http://expireme.org/", nullptr, "test=expiry; max-age=-1", nullptr); |
378 | 0 | GetACookie(cookieService, "http://expireme.org/", nullptr, cookie); |
379 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); |
380 | 0 | SetACookie(cookieService, "http://expireme.org/", nullptr, "test=expiry; max-age=0", nullptr); |
381 | 0 | GetACookie(cookieService, "http://expireme.org/", nullptr, cookie); |
382 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); |
383 | 0 | SetACookie(cookieService, "http://expireme.org/", nullptr, "test=expiry; expires=bad", nullptr); |
384 | 0 | GetACookie(cookieService, "http://expireme.org/", nullptr, cookie); |
385 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=expiry")); |
386 | 0 | SetACookie(cookieService, "http://expireme.org/", nullptr, "test=expiry; expires=Thu, 10 Apr 1980 16:33:12 GMT", nullptr); |
387 | 0 | GetACookie(cookieService, "http://expireme.org/", nullptr, cookie); |
388 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); |
389 | 0 | SetACookie(cookieService, "http://expireme.org/", nullptr, R"(test=expiry; expires="Thu, 10 Apr 1980 16:33:12 GMT)", nullptr); |
390 | 0 | GetACookie(cookieService, "http://expireme.org/", nullptr, cookie); |
391 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); |
392 | 0 | SetACookie(cookieService, "http://expireme.org/", nullptr, R"(test=expiry; expires="Thu, 10 Apr 1980 16:33:12 GMT")", nullptr); |
393 | 0 | GetACookie(cookieService, "http://expireme.org/", nullptr, cookie); |
394 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); |
395 | 0 |
|
396 | 0 | SetACookie(cookieService, "http://expireme.org/", nullptr, "test=expiry; max-age=60", nullptr); |
397 | 0 | GetACookie(cookieService, "http://expireme.org/", nullptr, cookie); |
398 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=expiry")); |
399 | 0 | SetACookie(cookieService, "http://expireme.org/", nullptr, "test=expiry; max-age=-20", nullptr); |
400 | 0 | GetACookie(cookieService, "http://expireme.org/", nullptr, cookie); |
401 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); |
402 | 0 | SetACookie(cookieService, "http://expireme.org/", nullptr, "test=expiry; max-age=60", nullptr); |
403 | 0 | GetACookie(cookieService, "http://expireme.org/", nullptr, cookie); |
404 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=expiry")); |
405 | 0 | SetACookie(cookieService, "http://expireme.org/", nullptr, "test=expiry; expires=Thu, 10 Apr 1980 16:33:12 GMT", nullptr); |
406 | 0 | GetACookie(cookieService, "http://expireme.org/", nullptr, cookie); |
407 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); |
408 | 0 | SetACookie(cookieService, "http://expireme.org/", nullptr, "test=expiry; max-age=60", nullptr); |
409 | 0 | SetACookie(cookieService, "http://expireme.org/", nullptr, "newtest=expiry; max-age=60", nullptr); |
410 | 0 | GetACookie(cookieService, "http://expireme.org/", nullptr, cookie); |
411 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_CONTAIN, "test=expiry")); |
412 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_CONTAIN, "newtest=expiry")); |
413 | 0 | SetACookie(cookieService, "http://expireme.org/", nullptr, "test=differentvalue; max-age=0", nullptr); |
414 | 0 | GetACookie(cookieService, "http://expireme.org/", nullptr, cookie); |
415 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "newtest=expiry")); |
416 | 0 | SetACookie(cookieService, "http://expireme.org/", nullptr, "newtest=evendifferentvalue; max-age=0", nullptr); |
417 | 0 | GetACookie(cookieService, "http://expireme.org/", nullptr, cookie); |
418 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); |
419 | 0 |
|
420 | 0 | SetACookie(cookieService, "http://foo.expireme.org/", nullptr, "test=expiry; domain=.expireme.org; max-age=60", nullptr); |
421 | 0 | GetACookie(cookieService, "http://expireme.org/", nullptr, cookie); |
422 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=expiry")); |
423 | 0 | SetACookie(cookieService, "http://bar.expireme.org/", nullptr, "test=differentvalue; domain=.expireme.org; max-age=0", nullptr); |
424 | 0 | GetACookie(cookieService, "http://expireme.org/", nullptr, cookie); |
425 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); |
426 | 0 |
|
427 | 0 | nsAutoCString ServerTime; |
428 | 0 | nsAutoCString CookieString; |
429 | 0 |
|
430 | 0 | SetTime(-OFFSET_ONE_WEEK, ServerTime, CookieString, true); |
431 | 0 | SetACookie(cookieService, "http://expireme.org/", nullptr, CookieString.get(), ServerTime.get()); |
432 | 0 | GetACookie(cookieService, "http://expireme.org/", nullptr, cookie); |
433 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); |
434 | 0 | // Set server time earlier than client time for one year + one day, and expirty time earlier than server time for one day. |
435 | 0 | SetTime(-(OFFSET_ONE_DAY + OFFSET_ONE_WEEK), ServerTime, CookieString, false); |
436 | 0 | SetACookie(cookieService, "http://expireme.org/", nullptr, CookieString.get(), ServerTime.get()); |
437 | 0 | GetACookie(cookieService, "http://expireme.org/", nullptr, cookie); |
438 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); |
439 | 0 | // Set server time later than client time for one year, and expiry time later than server time for one day. |
440 | 0 | SetTime(OFFSET_ONE_WEEK, ServerTime, CookieString, false); |
441 | 0 | SetACookie(cookieService, "http://expireme.org/", nullptr, CookieString.get(), ServerTime.get()); |
442 | 0 | GetACookie(cookieService, "http://expireme.org/", nullptr, cookie); |
443 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=expiry")); |
444 | 0 | // Set server time later than client time for one year + one day, and expiry time earlier than server time for one day. |
445 | 0 | SetTime((OFFSET_ONE_DAY + OFFSET_ONE_WEEK), ServerTime, CookieString, true); |
446 | 0 | SetACookie(cookieService, "http://expireme.org/", nullptr, CookieString.get(), ServerTime.get()); |
447 | 0 | GetACookie(cookieService, "http://expireme.org/", nullptr, cookie); |
448 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=expiry")); |
449 | 0 |
|
450 | 0 | // *** multiple cookie tests |
451 | 0 |
|
452 | 0 | // test the setting of multiple cookies, and test the order of precedence |
453 | 0 | // (a later cookie overwriting an earlier one, in the same header string) |
454 | 0 | SetACookie(cookieService, "http://multiple.cookies/", nullptr, "test=multiple; domain=.multiple.cookies \n test=different \n test=same; domain=.multiple.cookies \n newtest=ciao \n newtest=foo; max-age=-6 \n newtest=reincarnated", nullptr); |
455 | 0 | GetACookie(cookieService, "http://multiple.cookies/", nullptr, cookie); |
456 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_NOT_CONTAIN, "test=multiple")); |
457 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_CONTAIN, "test=different")); |
458 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_CONTAIN, "test=same")); |
459 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_NOT_CONTAIN, "newtest=ciao")); |
460 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_NOT_CONTAIN, "newtest=foo")); |
461 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_CONTAIN, "newtest=reincarnated")); |
462 | 0 | SetACookie(cookieService, "http://multiple.cookies/", nullptr, "test=expiry; domain=.multiple.cookies; max-age=0", nullptr); |
463 | 0 | GetACookie(cookieService, "http://multiple.cookies/", nullptr, cookie); |
464 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_NOT_CONTAIN, "test=same")); |
465 | 0 | SetACookie(cookieService, "http://multiple.cookies/", nullptr, "\n test=different; max-age=0 \n", nullptr); |
466 | 0 | GetACookie(cookieService, "http://multiple.cookies/", nullptr, cookie); |
467 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_NOT_CONTAIN, "test=different")); |
468 | 0 | SetACookie(cookieService, "http://multiple.cookies/", nullptr, "newtest=dead; max-age=0", nullptr); |
469 | 0 | GetACookie(cookieService, "http://multiple.cookies/", nullptr, cookie); |
470 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); |
471 | 0 |
|
472 | 0 |
|
473 | 0 | // *** parser tests |
474 | 0 |
|
475 | 0 | // test the cookie header parser, under various circumstances. |
476 | 0 | SetACookie(cookieService, "http://parser.test/", nullptr, "test=parser; domain=.parser.test; ;; ;=; ,,, ===,abc,=; abracadabra! max-age=20;=;;", nullptr); |
477 | 0 | GetACookie(cookieService, "http://parser.test/", nullptr, cookie); |
478 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=parser")); |
479 | 0 | SetACookie(cookieService, "http://parser.test/", nullptr, "test=parser; domain=.parser.test; max-age=0", nullptr); |
480 | 0 | GetACookie(cookieService, "http://parser.test/", nullptr, cookie); |
481 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); |
482 | 0 | SetACookie(cookieService, "http://parser.test/", nullptr, "test=\"fubar! = foo;bar\\\";\" parser; domain=.parser.test; max-age=6\nfive; max-age=2.63,", nullptr); |
483 | 0 | GetACookie(cookieService, "http://parser.test/", nullptr, cookie); |
484 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_CONTAIN, R"(test="fubar! = foo)")); |
485 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_CONTAIN, "five")); |
486 | 0 | SetACookie(cookieService, "http://parser.test/", nullptr, "test=kill; domain=.parser.test; max-age=0 \n five; max-age=0", nullptr); |
487 | 0 | GetACookie(cookieService, "http://parser.test/", nullptr, cookie); |
488 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); |
489 | 0 |
|
490 | 0 | // test the handling of VALUE-only cookies (see bug 169091), |
491 | 0 | // i.e. "six" should assume an empty NAME, which allows other VALUE-only |
492 | 0 | // cookies to overwrite it |
493 | 0 | SetACookie(cookieService, "http://parser.test/", nullptr, "six", nullptr); |
494 | 0 | GetACookie(cookieService, "http://parser.test/", nullptr, cookie); |
495 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "six")); |
496 | 0 | SetACookie(cookieService, "http://parser.test/", nullptr, "seven", nullptr); |
497 | 0 | GetACookie(cookieService, "http://parser.test/", nullptr, cookie); |
498 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "seven")); |
499 | 0 | SetACookie(cookieService, "http://parser.test/", nullptr, " =eight", nullptr); |
500 | 0 | GetACookie(cookieService, "http://parser.test/", nullptr, cookie); |
501 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "eight")); |
502 | 0 | SetACookie(cookieService, "http://parser.test/", nullptr, "test=six", nullptr); |
503 | 0 | GetACookie(cookieService, "http://parser.test/", nullptr, cookie); |
504 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_CONTAIN, "test=six")); |
505 | 0 |
|
506 | 0 | // *** path ordering tests |
507 | 0 |
|
508 | 0 | // test that cookies are returned in path order - longest to shortest. |
509 | 0 | // if the header doesn't specify a path, it's taken from the host URI. |
510 | 0 | SetACookie(cookieService, "http://multi.path.tests/", nullptr, "test1=path; path=/one/two/three", nullptr); |
511 | 0 | SetACookie(cookieService, "http://multi.path.tests/", nullptr, "test2=path; path=/one \n test3=path; path=/one/two/three/four \n test4=path; path=/one/two \n test5=path; path=/one/two/", nullptr); |
512 | 0 | SetACookie(cookieService, "http://multi.path.tests/one/two/three/four/five/", nullptr, "test6=path", nullptr); |
513 | 0 | SetACookie(cookieService, "http://multi.path.tests/one/two/three/four/five/six/", nullptr, "test7=path; path=", nullptr); |
514 | 0 | SetACookie(cookieService, "http://multi.path.tests/", nullptr, "test8=path; path=/", nullptr); |
515 | 0 | GetACookie(cookieService, "http://multi.path.tests/one/two/three/four/five/six/", nullptr, cookie); |
516 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test7=path; test6=path; test3=path; test1=path; test5=path; test4=path; test2=path; test8=path")); |
517 | 0 |
|
518 | 0 |
|
519 | 0 | // *** httponly tests |
520 | 0 |
|
521 | 0 | // Since this cookie is NOT set via http, setting it fails |
522 | 0 | SetACookieNoHttp(cookieService, "http://httponly.test/", "test=httponly; httponly"); |
523 | 0 | GetACookie(cookieService, "http://httponly.test/", nullptr, cookie); |
524 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); |
525 | 0 | // Since this cookie is set via http, it can be retrieved |
526 | 0 | SetACookie(cookieService, "http://httponly.test/", nullptr, "test=httponly; httponly", nullptr); |
527 | 0 | GetACookie(cookieService, "http://httponly.test/", nullptr, cookie); |
528 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=httponly")); |
529 | 0 | // ... but not by web content |
530 | 0 | GetACookieNoHttp(cookieService, "http://httponly.test/", cookie); |
531 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); |
532 | 0 | // Non-Http cookies should not replace HttpOnly cookies |
533 | 0 | SetACookie(cookieService, "http://httponly.test/", nullptr, "test=httponly; httponly", nullptr); |
534 | 0 | SetACookieNoHttp(cookieService, "http://httponly.test/", "test=not-httponly"); |
535 | 0 | GetACookie(cookieService, "http://httponly.test/", nullptr, cookie); |
536 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=httponly")); |
537 | 0 | // ... and, if an HttpOnly cookie already exists, should not be set at all |
538 | 0 | GetACookieNoHttp(cookieService, "http://httponly.test/", cookie); |
539 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); |
540 | 0 | // Non-Http cookies should not delete HttpOnly cookies |
541 | 0 | SetACookie(cookieService, "http://httponly.test/", nullptr, "test=httponly; httponly", nullptr); |
542 | 0 | SetACookieNoHttp(cookieService, "http://httponly.test/", "test=httponly; max-age=-1"); |
543 | 0 | GetACookie(cookieService, "http://httponly.test/", nullptr, cookie); |
544 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=httponly")); |
545 | 0 | // ... but HttpOnly cookies should |
546 | 0 | SetACookie(cookieService, "http://httponly.test/", nullptr, "test=httponly; httponly; max-age=-1", nullptr); |
547 | 0 | GetACookie(cookieService, "http://httponly.test/", nullptr, cookie); |
548 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); |
549 | 0 | // Non-Httponly cookies can replace HttpOnly cookies when set over http |
550 | 0 | SetACookie(cookieService, "http://httponly.test/", nullptr, "test=httponly; httponly", nullptr); |
551 | 0 | SetACookie(cookieService, "http://httponly.test/", nullptr, "test=not-httponly", nullptr); |
552 | 0 | GetACookieNoHttp(cookieService, "http://httponly.test/", cookie); |
553 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=not-httponly")); |
554 | 0 | // scripts should not be able to set httponly cookies by replacing an existing non-httponly cookie |
555 | 0 | SetACookie(cookieService, "http://httponly.test/", nullptr, "test=not-httponly", nullptr); |
556 | 0 | SetACookieNoHttp(cookieService, "http://httponly.test/", "test=httponly; httponly"); |
557 | 0 | GetACookieNoHttp(cookieService, "http://httponly.test/", cookie); |
558 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=not-httponly")); |
559 | 0 |
|
560 | 0 | // *** Cookie prefix tests |
561 | 0 |
|
562 | 0 | // prefixed cookies can't be set from insecure HTTP |
563 | 0 | SetACookie(cookieService, "http://prefixed.test/", nullptr, "__Secure-test1=test", nullptr); |
564 | 0 | SetACookie(cookieService, "http://prefixed.test/", nullptr, "__Secure-test2=test; secure", nullptr); |
565 | 0 | SetACookie(cookieService, "http://prefixed.test/", nullptr, "__Host-test1=test", nullptr); |
566 | 0 | SetACookie(cookieService, "http://prefixed.test/", nullptr, "__Host-test2=test; secure", nullptr); |
567 | 0 | GetACookie(cookieService, "http://prefixed.test/", nullptr, cookie); |
568 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); |
569 | 0 |
|
570 | 0 | // prefixed cookies won't be set without the secure flag |
571 | 0 | SetACookie(cookieService, "https://prefixed.test/", nullptr, "__Secure-test=test", nullptr); |
572 | 0 | SetACookie(cookieService, "https://prefixed.test/", nullptr, "__Host-test=test", nullptr); |
573 | 0 | GetACookie(cookieService, "https://prefixed.test/", nullptr, cookie); |
574 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); |
575 | 0 |
|
576 | 0 | // prefixed cookies can be set when done correctly |
577 | 0 | SetACookie(cookieService, "https://prefixed.test/", nullptr, "__Secure-test=test; secure", nullptr); |
578 | 0 | SetACookie(cookieService, "https://prefixed.test/", nullptr, "__Host-test=test; secure", nullptr); |
579 | 0 | GetACookie(cookieService, "https://prefixed.test/", nullptr, cookie); |
580 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_CONTAIN, "__Secure-test=test")); |
581 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_CONTAIN, "__Host-test=test")); |
582 | 0 |
|
583 | 0 | // but when set must not be returned to the host insecurely |
584 | 0 | GetACookie(cookieService, "http://prefixed.test/", nullptr, cookie); |
585 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); |
586 | 0 |
|
587 | 0 | // Host-prefixed cookies cannot specify a domain |
588 | 0 | SetACookie(cookieService, "https://host.prefixed.test/", nullptr, "__Host-a=test; secure; domain=prefixed.test", nullptr); |
589 | 0 | SetACookie(cookieService, "https://host.prefixed.test/", nullptr, "__Host-b=test; secure; domain=.prefixed.test", nullptr); |
590 | 0 | SetACookie(cookieService, "https://host.prefixed.test/", nullptr, "__Host-c=test; secure; domain=host.prefixed.test", nullptr); |
591 | 0 | SetACookie(cookieService, "https://host.prefixed.test/", nullptr, "__Host-d=test; secure; domain=.host.prefixed.test", nullptr); |
592 | 0 | GetACookie(cookieService, "https://host.prefixed.test/", nullptr, cookie); |
593 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); |
594 | 0 |
|
595 | 0 | // Host-prefixed cookies can only have a path of "/" |
596 | 0 | SetACookie(cookieService, "https://host.prefixed.test/some/path", nullptr, "__Host-e=test; secure", nullptr); |
597 | 0 | SetACookie(cookieService, "https://host.prefixed.test/some/path", nullptr, "__Host-f=test; secure; path=/", nullptr); |
598 | 0 | SetACookie(cookieService, "https://host.prefixed.test/some/path", nullptr, "__Host-g=test; secure; path=/some", nullptr); |
599 | 0 | GetACookie(cookieService, "https://host.prefixed.test/", nullptr, cookie); |
600 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "__Host-f=test")); |
601 | 0 |
|
602 | 0 | // *** leave-secure-alone tests |
603 | 0 |
|
604 | 0 | // testing items 0 & 1 for 3.1 of spec Deprecate modification of ’secure’ |
605 | 0 | // cookies from non-secure origins |
606 | 0 | SetACookie(cookieService, "http://www.security.test/", nullptr, "test=non-security; secure", nullptr); |
607 | 0 | GetACookieNoHttp(cookieService, "https://www.security.test/", cookie); |
608 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); |
609 | 0 | SetACookie(cookieService, "https://www.security.test/path/", nullptr, "test=security; secure; path=/path/", nullptr); |
610 | 0 | GetACookieNoHttp(cookieService, "https://www.security.test/path/", cookie); |
611 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=security")); |
612 | 0 | // testing items 2 & 3 & 4 for 3.2 of spec Deprecate modification of ’secure’ |
613 | 0 | // cookies from non-secure origins |
614 | 0 | // Secure site can modify cookie value |
615 | 0 | SetACookie(cookieService, "https://www.security.test/path/", nullptr, "test=security2; secure; path=/path/", nullptr); |
616 | 0 | GetACookieNoHttp(cookieService, "https://www.security.test/path/", cookie); |
617 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=security2")); |
618 | 0 | // If new cookie contains same name, same host and partially matching path with |
619 | 0 | // an existing security cookie on non-security site, it can't modify an existing |
620 | 0 | // security cookie. |
621 | 0 | SetACookie(cookieService, "http://www.security.test/path/foo/", nullptr, "test=non-security; path=/path/foo", nullptr); |
622 | 0 | GetACookieNoHttp(cookieService, "https://www.security.test/path/foo/", cookie); |
623 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=security2")); |
624 | 0 | // Non-secure cookie can set by same name, same host and non-matching path. |
625 | 0 | SetACookie(cookieService, "http://www.security.test/bar/", nullptr, "test=non-security; path=/bar", nullptr); |
626 | 0 | GetACookieNoHttp(cookieService, "http://www.security.test/bar/", cookie); |
627 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test=non-security")); |
628 | 0 | // Modify value and downgrade secure level. |
629 | 0 | SetACookie(cookieService, "https://www.security.test/", nullptr, "test_modify_cookie=security-cookie; secure; domain=.security.test", nullptr); |
630 | 0 | GetACookieNoHttp(cookieService, "https://www.security.test/", cookie); |
631 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test_modify_cookie=security-cookie")); |
632 | 0 | SetACookie(cookieService, "https://www.security.test/", nullptr, "test_modify_cookie=non-security-cookie; domain=.security.test", nullptr); |
633 | 0 | GetACookieNoHttp(cookieService, "https://www.security.test/", cookie); |
634 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, "test_modify_cookie=non-security-cookie")); |
635 | 0 | // Test the non-security cookie can set when domain or path not same to secure cookie of same name. |
636 | 0 | SetACookie(cookieService, "https://www.security.test/", nullptr, "test=security3", nullptr); |
637 | 0 | GetACookieNoHttp(cookieService, "http://www.security.test/", cookie); |
638 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_CONTAIN, "test=security3")); |
639 | 0 | SetACookie(cookieService, "http://www.security.test/", nullptr, "test=non-security2; domain=security.test", nullptr); |
640 | 0 | GetACookieNoHttp(cookieService, "http://www.security.test/", cookie); |
641 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_CONTAIN, "test=non-security2")); |
642 | 0 |
|
643 | 0 | // *** nsICookieManager interface tests |
644 | 0 | nsCOMPtr<nsICookieManager> cookieMgr = do_GetService(NS_COOKIEMANAGER_CONTRACTID, &rv0); |
645 | 0 | ASSERT_TRUE(NS_SUCCEEDED(rv0)); |
646 | 0 |
|
647 | 0 | nsCOMPtr<nsICookieManager> cookieMgr2 = cookieMgr; |
648 | 0 | ASSERT_TRUE(cookieMgr2); |
649 | 0 |
|
650 | 0 | mozilla::OriginAttributes attrs; |
651 | 0 |
|
652 | 0 | // first, ensure a clean slate |
653 | 0 | EXPECT_TRUE(NS_SUCCEEDED(cookieMgr->RemoveAll())); |
654 | 0 | // add some cookies |
655 | 0 | EXPECT_TRUE(NS_SUCCEEDED(cookieMgr2->AddNative(NS_LITERAL_CSTRING("cookiemgr.test"), // domain |
656 | 0 | NS_LITERAL_CSTRING("/foo"), // path |
657 | 0 | NS_LITERAL_CSTRING("test1"), // name |
658 | 0 | NS_LITERAL_CSTRING("yes"), // value |
659 | 0 | false, // is secure |
660 | 0 | false, // is httponly |
661 | 0 | true, // is session |
662 | 0 | INT64_MAX, // expiry time |
663 | 0 | &attrs, // originAttributes |
664 | 0 | nsICookie2::SAMESITE_UNSET))); |
665 | 0 | EXPECT_TRUE(NS_SUCCEEDED(cookieMgr2->AddNative(NS_LITERAL_CSTRING("cookiemgr.test"), // domain |
666 | 0 | NS_LITERAL_CSTRING("/foo"), // path |
667 | 0 | NS_LITERAL_CSTRING("test2"), // name |
668 | 0 | NS_LITERAL_CSTRING("yes"), // value |
669 | 0 | false, // is secure |
670 | 0 | true, // is httponly |
671 | 0 | true, // is session |
672 | 0 | PR_Now() / PR_USEC_PER_SEC + 2, // expiry time |
673 | 0 | &attrs, // originAttributes |
674 | 0 | nsICookie2::SAMESITE_UNSET))); |
675 | 0 | EXPECT_TRUE(NS_SUCCEEDED(cookieMgr2->AddNative(NS_LITERAL_CSTRING("new.domain"), // domain |
676 | 0 | NS_LITERAL_CSTRING("/rabbit"), // path |
677 | 0 | NS_LITERAL_CSTRING("test3"), // name |
678 | 0 | NS_LITERAL_CSTRING("yes"), // value |
679 | 0 | false, // is secure |
680 | 0 | false, // is httponly |
681 | 0 | true, // is session |
682 | 0 | INT64_MAX, // expiry time |
683 | 0 | &attrs, // originAttributes |
684 | 0 | nsICookie2::SAMESITE_UNSET))); |
685 | 0 | // confirm using enumerator |
686 | 0 | nsCOMPtr<nsISimpleEnumerator> enumerator; |
687 | 0 | EXPECT_TRUE(NS_SUCCEEDED(cookieMgr->GetEnumerator(getter_AddRefs(enumerator)))); |
688 | 0 | int32_t i = 0; |
689 | 0 | bool more; |
690 | 0 | nsCOMPtr<nsICookie2> expiredCookie, newDomainCookie; |
691 | 0 | while (NS_SUCCEEDED(enumerator->HasMoreElements(&more)) && more) { |
692 | 0 | nsCOMPtr<nsISupports> cookie; |
693 | 0 | if (NS_FAILED(enumerator->GetNext(getter_AddRefs(cookie)))) break; |
694 | 0 | ++i; |
695 | 0 |
|
696 | 0 | // keep tabs on the second and third cookies, so we can check them later |
697 | 0 | nsCOMPtr<nsICookie2> cookie2(do_QueryInterface(cookie)); |
698 | 0 | if (!cookie2) break; |
699 | 0 | nsAutoCString name; |
700 | 0 | cookie2->GetName(name); |
701 | 0 | if (name.EqualsLiteral("test2")) |
702 | 0 | expiredCookie = cookie2; |
703 | 0 | else if (name.EqualsLiteral("test3")) |
704 | 0 | newDomainCookie = cookie2; |
705 | 0 | } |
706 | 0 | EXPECT_EQ(i, 3); |
707 | 0 | // check the httpOnly attribute of the second cookie is honored |
708 | 0 | GetACookie(cookieService, "http://cookiemgr.test/foo/", nullptr, cookie); |
709 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_CONTAIN, "test2=yes")); |
710 | 0 | GetACookieNoHttp(cookieService, "http://cookiemgr.test/foo/", cookie); |
711 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_NOT_CONTAIN, "test2=yes")); |
712 | 0 | // check CountCookiesFromHost() |
713 | 0 | uint32_t hostCookies = 0; |
714 | 0 | EXPECT_TRUE(NS_SUCCEEDED(cookieMgr2->CountCookiesFromHost(NS_LITERAL_CSTRING("cookiemgr.test"), &hostCookies))); |
715 | 0 | EXPECT_EQ(hostCookies, 2u); |
716 | 0 | // check CookieExistsNative() using the third cookie |
717 | 0 | bool found; |
718 | 0 | EXPECT_TRUE(NS_SUCCEEDED(cookieMgr2->CookieExistsNative(NS_LITERAL_CSTRING("new.domain"), |
719 | 0 | NS_LITERAL_CSTRING("/rabbit"), |
720 | 0 | NS_LITERAL_CSTRING("test3"), |
721 | 0 | &attrs, &found))); |
722 | 0 | EXPECT_TRUE(found); |
723 | 0 |
|
724 | 0 |
|
725 | 0 | // remove the cookie, block it, and ensure it can't be added again |
726 | 0 | EXPECT_TRUE(NS_SUCCEEDED(cookieMgr->RemoveNative(NS_LITERAL_CSTRING("new.domain"), // domain |
727 | 0 | NS_LITERAL_CSTRING("test3"), // name |
728 | 0 | NS_LITERAL_CSTRING("/rabbit"), // path |
729 | 0 | true, // is blocked |
730 | 0 | &attrs))); // originAttributes |
731 | 0 | EXPECT_TRUE(NS_SUCCEEDED(cookieMgr2->CookieExistsNative(NS_LITERAL_CSTRING("new.domain"), |
732 | 0 | NS_LITERAL_CSTRING("/rabbit"), |
733 | 0 | NS_LITERAL_CSTRING("test3"), |
734 | 0 | &attrs, &found))); |
735 | 0 | EXPECT_FALSE(found); |
736 | 0 | EXPECT_TRUE(NS_SUCCEEDED(cookieMgr2->AddNative(NS_LITERAL_CSTRING("new.domain"), // domain |
737 | 0 | NS_LITERAL_CSTRING("/rabbit"), // path |
738 | 0 | NS_LITERAL_CSTRING("test3"), // name |
739 | 0 | NS_LITERAL_CSTRING("yes"), // value |
740 | 0 | false, // is secure |
741 | 0 | false, // is httponly |
742 | 0 | true, // is session |
743 | 0 | INT64_MIN, // expiry time |
744 | 0 | &attrs, // originAttributes |
745 | 0 | nsICookie2::SAMESITE_UNSET))); |
746 | 0 | EXPECT_TRUE(NS_SUCCEEDED(cookieMgr2->CookieExistsNative(NS_LITERAL_CSTRING("new.domain"), |
747 | 0 | NS_LITERAL_CSTRING("/rabbit"), |
748 | 0 | NS_LITERAL_CSTRING("test3"), |
749 | 0 | &attrs, &found))); |
750 | 0 | EXPECT_FALSE(found); |
751 | 0 | // sleep four seconds, to make sure the second cookie has expired |
752 | 0 | PR_Sleep(4 * PR_TicksPerSecond()); |
753 | 0 | // check that both CountCookiesFromHost() and CookieExistsNative() count the |
754 | 0 | // expired cookie |
755 | 0 | EXPECT_TRUE(NS_SUCCEEDED(cookieMgr2->CountCookiesFromHost(NS_LITERAL_CSTRING("cookiemgr.test"), &hostCookies))); |
756 | 0 | EXPECT_EQ(hostCookies, 2u); |
757 | 0 | EXPECT_TRUE(NS_SUCCEEDED(cookieMgr2->CookieExistsNative(NS_LITERAL_CSTRING("cookiemgr.test"), |
758 | 0 | NS_LITERAL_CSTRING("/foo"), |
759 | 0 | NS_LITERAL_CSTRING("test2"), |
760 | 0 | &attrs, &found))); |
761 | 0 | EXPECT_TRUE(found); |
762 | 0 | // double-check RemoveAll() using the enumerator |
763 | 0 | EXPECT_TRUE(NS_SUCCEEDED(cookieMgr->RemoveAll())); |
764 | 0 | EXPECT_TRUE(NS_SUCCEEDED(cookieMgr->GetEnumerator(getter_AddRefs(enumerator))) && |
765 | 0 | NS_SUCCEEDED(enumerator->HasMoreElements(&more)) && |
766 | 0 | !more); |
767 | 0 |
|
768 | 0 | // *** eviction and creation ordering tests |
769 | 0 |
|
770 | 0 | // test that cookies are |
771 | 0 | // a) returned by order of creation time (oldest first, newest last) |
772 | 0 | // b) evicted by order of lastAccessed time, if the limit on cookies per host (50) is reached |
773 | 0 | nsAutoCString name; |
774 | 0 | nsAutoCString expected; |
775 | 0 | for (int32_t i = 0; i < 60; ++i) { |
776 | 0 | name = NS_LITERAL_CSTRING("test"); |
777 | 0 | name.AppendInt(i); |
778 | 0 | name += NS_LITERAL_CSTRING("=creation"); |
779 | 0 | SetACookie(cookieService, "http://creation.ordering.tests/", nullptr, name.get(), nullptr); |
780 | 0 |
|
781 | 0 | if (i >= 10) { |
782 | 0 | expected += name; |
783 | 0 | if (i < 59) |
784 | 0 | expected += NS_LITERAL_CSTRING("; "); |
785 | 0 | } |
786 | 0 | } |
787 | 0 | GetACookie(cookieService, "http://creation.ordering.tests/", nullptr, cookie); |
788 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_EQUAL, expected.get())); |
789 | 0 |
|
790 | 0 | // *** eviction and creation ordering tests after enable network.cookie.leave-secure-alone |
791 | 0 | // reset cookie |
792 | 0 | cookieMgr->RemoveAll(); |
793 | 0 |
|
794 | 0 | for (int32_t i = 0; i < 60; ++i) { |
795 | 0 | name = NS_LITERAL_CSTRING("test"); |
796 | 0 | name.AppendInt(i); |
797 | 0 | name += NS_LITERAL_CSTRING("=delete_non_security"); |
798 | 0 |
|
799 | 0 | // Create 50 cookies that include the secure flag. |
800 | 0 | if (i < 50) { |
801 | 0 | name += NS_LITERAL_CSTRING("; secure"); |
802 | 0 | SetACookie(cookieService, "https://creation.ordering.tests/", nullptr, name.get(), nullptr); |
803 | 0 | } else { |
804 | 0 | // non-security cookies will be removed beside the latest cookie that be created. |
805 | 0 | SetACookie(cookieService, "http://creation.ordering.tests/", nullptr, name.get(), nullptr); |
806 | 0 | } |
807 | 0 | } |
808 | 0 | GetACookie(cookieService, "http://creation.ordering.tests/", nullptr, cookie); |
809 | 0 |
|
810 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); |
811 | 0 |
|
812 | 0 |
|
813 | 0 | // *** SameSite attribute - parsing and cookie storage tests |
814 | 0 | // Clear the cookies |
815 | 0 | EXPECT_TRUE(NS_SUCCEEDED(cookieMgr->RemoveAll())); |
816 | 0 |
|
817 | 0 | // Set cookies with various incantations of the samesite attribute: |
818 | 0 | // No same site attribute present |
819 | 0 | SetASameSiteCookie(cookieService, "http://samesite.test", nullptr, "unset=yes", nullptr); |
820 | 0 | // samesite attribute present but with no value |
821 | 0 | SetASameSiteCookie(cookieService, "http://samesite.test", nullptr, "unspecified=yes; samesite", nullptr); |
822 | 0 | // samesite attribute present but with an empty value |
823 | 0 | SetASameSiteCookie(cookieService, "http://samesite.test", nullptr, "empty=yes; samesite=", nullptr); |
824 | 0 | // samesite attribute present but with an invalid value |
825 | 0 | SetASameSiteCookie(cookieService, "http://samesite.test", nullptr, "bogus=yes; samesite=bogus", nullptr); |
826 | 0 | // samesite=strict |
827 | 0 | SetASameSiteCookie(cookieService, "http://samesite.test", nullptr, "strict=yes; samesite=strict", nullptr); |
828 | 0 | // samesite=lax |
829 | 0 | SetASameSiteCookie(cookieService, "http://samesite.test", nullptr, "lax=yes; samesite=lax", nullptr); |
830 | 0 |
|
831 | 0 | EXPECT_TRUE(NS_SUCCEEDED(cookieMgr->GetEnumerator(getter_AddRefs(enumerator)))); |
832 | 0 | i = 0; |
833 | 0 |
|
834 | 0 | // check the cookies for the required samesite value |
835 | 0 | while (NS_SUCCEEDED(enumerator->HasMoreElements(&more)) && more) { |
836 | 0 | nsCOMPtr<nsISupports> cookie; |
837 | 0 | if (NS_FAILED(enumerator->GetNext(getter_AddRefs(cookie)))) break; |
838 | 0 | ++i; |
839 | 0 |
|
840 | 0 | // keep tabs on the second and third cookies, so we can check them later |
841 | 0 | nsCOMPtr<nsICookie2> cookie2(do_QueryInterface(cookie)); |
842 | 0 | if (!cookie2) break; |
843 | 0 | nsAutoCString name; |
844 | 0 | cookie2->GetName(name); |
845 | 0 | int32_t sameSiteAttr; |
846 | 0 | cookie2->GetSameSite(&sameSiteAttr); |
847 | 0 | if (name.EqualsLiteral("unset")) { |
848 | 0 | EXPECT_TRUE(sameSiteAttr == nsICookie2::SAMESITE_UNSET); |
849 | 0 | } else if (name.EqualsLiteral("unspecified")) { |
850 | 0 | EXPECT_TRUE(sameSiteAttr == nsICookie2::SAMESITE_UNSET); |
851 | 0 | } else if (name.EqualsLiteral("empty")) { |
852 | 0 | EXPECT_TRUE(sameSiteAttr == nsICookie2::SAMESITE_UNSET); |
853 | 0 | } else if (name.EqualsLiteral("bogus")) { |
854 | 0 | EXPECT_TRUE(sameSiteAttr == nsICookie2::SAMESITE_UNSET); |
855 | 0 | } else if (name.EqualsLiteral("strict")) { |
856 | 0 | EXPECT_TRUE(sameSiteAttr == nsICookie2::SAMESITE_STRICT); |
857 | 0 | } else if (name.EqualsLiteral("lax")) { |
858 | 0 | EXPECT_TRUE(sameSiteAttr == nsICookie2::SAMESITE_LAX); |
859 | 0 | } |
860 | 0 | } |
861 | 0 |
|
862 | 0 | EXPECT_TRUE(i == 6); |
863 | 0 |
|
864 | 0 | // *** SameSite attribute |
865 | 0 | // Clear the cookies |
866 | 0 | EXPECT_TRUE(NS_SUCCEEDED(cookieMgr->RemoveAll())); |
867 | 0 |
|
868 | 0 | // please note that the flag aForeign is always set to true using this test setup because no nsIChannel is |
869 | 0 | // passed to SetCookieString(). therefore we can only test that no cookies are sent for cross origin requests |
870 | 0 | // using same-site cookies. |
871 | 0 | SetACookie(cookieService, "http://www.samesite.com", nullptr, "test=sameSiteStrictVal; samesite=strict", nullptr); |
872 | 0 | GetACookie(cookieService, "http://www.notsamesite.com", nullptr, cookie); |
873 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); |
874 | 0 |
|
875 | 0 | SetACookie(cookieService, "http://www.samesite.test", nullptr, "test=sameSiteLaxVal; samesite=lax", nullptr); |
876 | 0 | GetACookie(cookieService, "http://www.notsamesite.com", nullptr, cookie); |
877 | 0 | EXPECT_TRUE(CheckResult(cookie.get(), MUST_BE_NULL)); |
878 | 0 |
|
879 | 0 | // XXX the following are placeholders: add these tests please! |
880 | 0 | // *** "noncompliant cookie" tests |
881 | 0 | // *** IP address tests |
882 | 0 | // *** speed tests |
883 | 0 | } |