Changeset 244294 in webkit
- Timestamp:
- Apr 15, 2019 2:53:48 PM (5 years ago)
- Location:
- trunk
- Files:
-
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r244288 r244294 1 2019-04-15 Joseph Pecoraro <pecoraro@apple.com> 2 3 Web Inspector: SameSite parsing should be stricter 4 https://bugs.webkit.org/show_bug.cgi?id=196927 5 <rdar://problem/42291601> 6 7 Reviewed by Devin Rousso. 8 9 * inspector/unit-tests/cookie.html: 10 * inspector/unit-tests/cookie-expected.txt: 11 1 12 2019-04-15 John Wilander <wilander@apple.com> 2 13 -
trunk/LayoutTests/inspector/unit-tests/cookie-expected.txt
r239226 r244294 55 55 PASS: cookie.secure should be 'false'. 56 56 PASS: cookie.httpOnly should be 'false'. 57 PASS: cookie.sameSite should be 'None'. 57 58 58 59 HEADER: Set-Cookie: name=value; path=/foo … … 68 69 PASS: cookie.secure should be 'false'. 69 70 PASS: cookie.httpOnly should be 'false'. 71 PASS: cookie.sameSite should be 'None'. 70 72 71 73 HEADER: Set-Cookie: name=value; domain=example.com … … 81 83 PASS: cookie.secure should be 'false'. 82 84 PASS: cookie.httpOnly should be 'false'. 85 PASS: cookie.sameSite should be 'None'. 83 86 84 87 HEADER: Set-Cookie: name=value; secure … … 94 97 PASS: cookie.secure should be 'true'. 95 98 PASS: cookie.httpOnly should be 'false'. 99 PASS: cookie.sameSite should be 'None'. 96 100 97 101 HEADER: Set-Cookie: name=value; Secure … … 107 111 PASS: cookie.secure should be 'true'. 108 112 PASS: cookie.httpOnly should be 'false'. 113 PASS: cookie.sameSite should be 'None'. 109 114 110 115 HEADER: Set-Cookie: name=value; HttpOnly … … 120 125 PASS: cookie.secure should be 'false'. 121 126 PASS: cookie.httpOnly should be 'true'. 127 PASS: cookie.sameSite should be 'None'. 128 129 HEADER: Set-Cookie: name=value; SameSite=lax 130 PASS: Value should be a WI.Cookie. 131 PASS: cookie.header should be the original header text. 132 PASS: cookie.type should be WI.Cookie.Type.Response. 133 PASS: cookie.name should be 'name'. 134 PASS: cookie.value should be 'value'. 135 PASS: cookie.expires should be 'null'. 136 PASS: cookie.maxAge should be 'null'. 137 PASS: cookie.path should be 'null'. 138 PASS: cookie.domain should be 'null'. 139 PASS: cookie.secure should be 'false'. 140 PASS: cookie.httpOnly should be 'false'. 141 PASS: cookie.sameSite should be 'Lax'. 142 143 HEADER: Set-Cookie: name=value; SameSite=strict 144 PASS: Value should be a WI.Cookie. 145 PASS: cookie.header should be the original header text. 146 PASS: cookie.type should be WI.Cookie.Type.Response. 147 PASS: cookie.name should be 'name'. 148 PASS: cookie.value should be 'value'. 149 PASS: cookie.expires should be 'null'. 150 PASS: cookie.maxAge should be 'null'. 151 PASS: cookie.path should be 'null'. 152 PASS: cookie.domain should be 'null'. 153 PASS: cookie.secure should be 'false'. 154 PASS: cookie.httpOnly should be 'false'. 155 PASS: cookie.sameSite should be 'Strict'. 156 157 HEADER: Set-Cookie: name=value; SameSite=invalid 158 PASS: Value should be a WI.Cookie. 159 PASS: cookie.header should be the original header text. 160 PASS: cookie.type should be WI.Cookie.Type.Response. 161 PASS: cookie.name should be 'name'. 162 PASS: cookie.value should be 'value'. 163 PASS: cookie.expires should be 'null'. 164 PASS: cookie.maxAge should be 'null'. 165 PASS: cookie.path should be 'null'. 166 PASS: cookie.domain should be 'null'. 167 PASS: cookie.secure should be 'false'. 168 PASS: cookie.httpOnly should be 'false'. 169 PASS: cookie.sameSite should be 'None'. 170 171 HEADER: Set-Cookie: name=value; SameSite 172 PASS: Value should be a WI.Cookie. 173 PASS: cookie.header should be the original header text. 174 PASS: cookie.type should be WI.Cookie.Type.Response. 175 PASS: cookie.name should be 'name'. 176 PASS: cookie.value should be 'value'. 177 PASS: cookie.expires should be 'null'. 178 PASS: cookie.maxAge should be 'null'. 179 PASS: cookie.path should be 'null'. 180 PASS: cookie.domain should be 'null'. 181 PASS: cookie.secure should be 'false'. 182 PASS: cookie.httpOnly should be 'false'. 183 PASS: cookie.sameSite should be 'None'. 122 184 123 185 HEADER: Set-Cookie: name=value; expires=Fri 06-Oct-2017 03:20:27 GMT; Max-Age=3600 … … 133 195 PASS: cookie.secure should be 'false'. 134 196 PASS: cookie.httpOnly should be 'false'. 197 PASS: cookie.sameSite should be 'None'. 135 198 136 199 HEADER: Set-Cookie: name=value; expires=Fri 06-Oct-2017 03:43:47 GMT; Max-Age=5000; path=/foo; domain=example.com; secure; HttpOnly … … 146 209 PASS: cookie.secure should be 'true'. 147 210 PASS: cookie.httpOnly should be 'true'. 211 PASS: cookie.sameSite should be 'None'. 148 212 149 213 HEADER: Set-Cookie: name=value; Unknown; path=/one/two … … 160 224 PASS: cookie.secure should be 'false'. 161 225 PASS: cookie.httpOnly should be 'false'. 226 PASS: cookie.sameSite should be 'None'. 162 227 163 228 HEADER: Set-Cookie: name=value; Unknown=Ignored; path=/one/two … … 174 239 PASS: cookie.secure should be 'false'. 175 240 PASS: cookie.httpOnly should be 'false'. 241 PASS: cookie.sameSite should be 'None'. 176 242 177 243 HEADER: Set-Cookie: name=somewhat longer value than normal with spaces, and commas; domain=other.example.com … … 187 253 PASS: cookie.secure should be 'false'. 188 254 PASS: cookie.httpOnly should be 'false'. 255 PASS: cookie.sameSite should be 'None'. 189 256 190 257 HEADER: Set-Cookie: name==value=;Domain=.example.com;Expires=Wed, 04-Apr-2018 03:34:02 GMT … … 200 267 PASS: cookie.secure should be 'false'. 201 268 PASS: cookie.httpOnly should be 'false'. 269 PASS: cookie.sameSite should be 'None'. 202 270 203 271 -
trunk/LayoutTests/inspector/unit-tests/cookie.html
r239226 r244294 69 69 InspectorTest.expectEqual(cookie.secure, expected.secure, `cookie.secure should be '${expected.secure}'.`); 70 70 InspectorTest.expectEqual(cookie.httpOnly, expected.httpOnly, `cookie.httpOnly should be '${expected.httpOnly}'.`); 71 InspectorTest.expectEqual(cookie.sameSite, expected.sameSite, `cookie.sameSite should be '${expected.sameSite}'.`); 71 72 InspectorTest.log(""); 72 73 } … … 83 84 secure: false, 84 85 httpOnly: false, 86 sameSite: WI.Cookie.SameSiteType.None, 85 87 }); 86 88 … … 94 96 secure: false, 95 97 httpOnly: false, 98 sameSite: WI.Cookie.SameSiteType.None, 96 99 }); 97 100 … … 105 108 secure: false, 106 109 httpOnly: false, 110 sameSite: WI.Cookie.SameSiteType.None, 107 111 }); 108 112 … … 116 120 secure: true, 117 121 httpOnly: false, 122 sameSite: WI.Cookie.SameSiteType.None, 118 123 }); 119 124 … … 127 132 secure: true, 128 133 httpOnly: false, 134 sameSite: WI.Cookie.SameSiteType.None, 129 135 }); 130 136 … … 138 144 secure: false, 139 145 httpOnly: true, 146 sameSite: WI.Cookie.SameSiteType.None, 147 }); 148 149 test(`name=value; SameSite=lax`, { 150 name: "name", 151 value: "value", 152 expires: null, 153 maxAge: null, 154 path: null, 155 domain: null, 156 secure: false, 157 httpOnly: false, 158 sameSite: WI.Cookie.SameSiteType.Lax, 159 }); 160 161 test(`name=value; SameSite=strict`, { 162 name: "name", 163 value: "value", 164 expires: null, 165 maxAge: null, 166 path: null, 167 domain: null, 168 secure: false, 169 httpOnly: false, 170 sameSite: WI.Cookie.SameSiteType.Strict, 171 }); 172 173 // SameSite with unknown value is ignored. 174 test(`name=value; SameSite=invalid`, { 175 name: "name", 176 value: "value", 177 expires: null, 178 maxAge: null, 179 path: null, 180 domain: null, 181 secure: false, 182 httpOnly: false, 183 sameSite: WI.Cookie.SameSiteType.None, 184 }); 185 186 // SameSite without value is ignored. 187 test(`name=value; SameSite`, { 188 name: "name", 189 value: "value", 190 expires: null, 191 maxAge: null, 192 path: null, 193 domain: null, 194 secure: false, 195 httpOnly: false, 196 sameSite: WI.Cookie.SameSiteType.None, 140 197 }); 141 198 … … 149 206 secure: false, 150 207 httpOnly: false, 208 sameSite: WI.Cookie.SameSiteType.None, 151 209 }); 152 210 … … 160 218 secure: true, 161 219 httpOnly: true, 220 sameSite: WI.Cookie.SameSiteType.None, 162 221 }); 163 222 … … 171 230 secure: false, 172 231 httpOnly: false, 232 sameSite: WI.Cookie.SameSiteType.None, 173 233 }); 174 234 … … 182 242 secure: false, 183 243 httpOnly: false, 244 sameSite: WI.Cookie.SameSiteType.None, 184 245 }); 185 246 … … 193 254 secure: false, 194 255 httpOnly: false, 256 sameSite: WI.Cookie.SameSiteType.None, 195 257 }); 196 258 … … 205 267 secure: false, 206 268 httpOnly: false, 269 sameSite: WI.Cookie.SameSiteType.None, 207 270 }); 208 271 -
trunk/Source/WebInspectorUI/ChangeLog
r244290 r244294 1 2019-04-15 Joseph Pecoraro <pecoraro@apple.com> 2 3 Web Inspector: SameSite parsing should be stricter 4 https://bugs.webkit.org/show_bug.cgi?id=196927 5 <rdar://problem/42291601> 6 7 Reviewed by Devin Rousso. 8 9 * UserInterface/Models/Cookie.js: 10 (WI.Cookie.parseSameSiteAttributeValue): 11 1 12 2019-04-15 Joseph Pecoraro <pecoraro@apple.com> 2 13 -
trunk/Source/WebInspectorUI/UserInterface/Models/Cookie.js
r239226 r244294 115 115 } 116 116 117 // Derived from <https://tools.ietf.org/html/draft-west-first-party-cookies-06#section-3.2>.117 // <https://httpwg.org/http-extensions/rfc6265bis.html#the-samesite-attribute-1> 118 118 static parseSameSiteAttributeValue(attributeValue) 119 119 { 120 120 if (!attributeValue) 121 return WI.Cookie.SameSiteType.Strict; 121 return WI.Cookie.SameSiteType.None; 122 122 123 switch (attributeValue.toLowerCase()) { 123 124 case "lax": 124 125 return WI.Cookie.SameSiteType.Lax; 125 126 case "strict": 126 default:127 127 return WI.Cookie.SameSiteType.Strict; 128 128 } 129 130 return WI.Cookie.SameSiteType.None; 129 131 } 130 132
Note: See TracChangeset
for help on using the changeset viewer.