Changeset 260807 in webkit


Ignore:
Timestamp:
Apr 27, 2020 7:47:14 PM (4 years ago)
Author:
Devin Rousso
Message:

Web Inspector: Storage: can see third-party cookies
https://bugs.webkit.org/show_bug.cgi?id=211092
<rdar://problem/62469078>

Reviewed by Chris Dumez.

Source/WebKit:

Test: http/tests/inspector/page/get-cookies.html

After r259649, Web Inspector no longer incorrectly bails when attempting to get cookies if
the last resource loaded by a given frame does not have cookie access. We also need to check
whether the resource we're attempting to get cookies for is first-party or third-party so as
to reflect the current cookie policy.

  • WebProcess/WebPage/WebCookieJar.cpp:

(WebKit::shouldBlockCookies):

LayoutTests:

  • http/tests/inspector/page/get-cookies.html:
  • http/tests/inspector/page/get-cookies-expected.txt:
  • http/tests/inspector/page/resources/set-cookie.php:
Location:
trunk
Files:
6 edited

Legend:

Unmodified
Added
Removed
  • trunk/LayoutTests/ChangeLog

    r260804 r260807  
     12020-04-27  Devin Rousso  <drousso@apple.com>
     2
     3        Web Inspector: Storage: can see third-party cookies
     4        https://bugs.webkit.org/show_bug.cgi?id=211092
     5        <rdar://problem/62469078>
     6
     7        Reviewed by Chris Dumez.
     8
     9        * http/tests/inspector/page/get-cookies.html:
     10        * http/tests/inspector/page/get-cookies-expected.txt:
     11        * http/tests/inspector/page/resources/set-cookie.php:
     12
    1132020-04-27  Lauro Moura  <lmoura@igalia.com>
    214
  • trunk/LayoutTests/http/tests/inspector/page/get-cookies-expected.txt

    r247064 r260807  
    33
    44== Running test suite: Page.getCookies
    5 -- Running test case: CheckNoCookies
     5-- Running test case: Page.getCookies.InitiallyNoCookies
    66PASS: Should be no cookies.
    77
    8 -- Running test setup.
    9 -- Running test case: Page.getCookies.OnlyMainResource
    10 PASS: length should be one.
    11 PASS: [Main] Name is 'Main'
    12 PASS: [Main] Value is 'foo'
    13 PASS: [Main] Domain is '127.0.0.1'
     8-- Running test case: Page.getCookies.FirstParty.MainFrame
     9Getting cookies before first-party resource load...
     10Loading first-party resource...
     11Getting cookies after first-party resource load...
     12PASS: Should have set cookies.
     13PASS: New cookie should have name 'FirstPartyResource'.
     14PASS: New cookie should have value 'PASS'.
     15PASS: New cookie should have domain '127.0.0.1'.
    1416
    15 -- Running test setup.
    16 -- Running test case: Page.getCookies.SubResource
    17 PASS: length should be two.
    18 PASS: [Sub] Name is 'Sub'
    19 PASS: [Sub] Value is 'bar'
    20 PASS: [Sub] Domain is 'localhost'
     17-- Running test case: Page.getCookies.FirstParty.SubFrame
     18Getting cookies before first-party resource load...
     19Loading first-party resource...
     20Getting cookies after first-party resource load...
     21PASS: Should have set cookies.
     22PASS: New cookie should have name 'FirstPartyFrame'.
     23PASS: New cookie should have value 'PASS'.
     24PASS: New cookie should have domain '127.0.0.1'.
    2125
     26-- Running test case: Page.getCookies.ThirdParty.MainFrame.WithITP
     27Getting cookies before third-party resource load...
     28Loading third-party resource...
     29Getting cookies after third-party resource load...
     30PASS: Should not have set cookies.
     31
     32-- Running test case: Page.getCookies.ThirdParty.SubFrame.WithITP
     33Getting cookies before third-party resource load...
     34Loading third-party resource...
     35Getting cookies after third-party resource load...
     36PASS: Should not have set cookies.
     37
     38-- Running test case: Page.getCookies.DisableITP
     39PASS
     40
     41-- Running test case: Page.getCookies.ThirdParty.MainFrame.WithoutITP
     42Getting cookies before third-party resource load...
     43Loading third-party resource...
     44Getting cookies after third-party resource load...
     45PASS: Should have set cookies.
     46PASS: New cookie should have name 'ThirdPartyResourceWithoutITP'.
     47PASS: New cookie should have value 'PASS'.
     48PASS: New cookie should have domain 'localhost'.
     49
     50-- Running test case: Page.getCookies.ThirdParty.SubFrame.WithoutITP
     51Getting cookies before third-party resource load...
     52Loading third-party resource...
     53Getting cookies after third-party resource load...
     54PASS: Should have set cookies.
     55PASS: New cookie should have name 'ThirdPartyFrameWithoutITP'.
     56PASS: New cookie should have value 'PASS'.
     57PASS: New cookie should have domain 'localhost'.
     58
  • trunk/LayoutTests/http/tests/inspector/page/get-cookies.html

    r247064 r260807  
    44<script src="../resources/inspector-test.js"></script>
    55<script>
    6 if (window.testRunner)
    7     testRunner.setAlwaysAcceptCookies(true);
    8 
    9 function loadDocumentWithURL(url) {
    10     frame = document.createElement('iframe');
     6function loadFrameWithURL(url) {
     7    let frame = document.createElement('iframe');
    118    frame.src = url;
    12     frame.onload = function() { TestPage.dispatchEventToFrontend("LoadComplete") };
     9    frame.addEventListener("load", (event) => {
     10        TestPage.dispatchEventToFrontend("FrameLoad");
     11    });
    1312    document.body.appendChild(frame);
    1413}
    1514
     15function loadScriptWithURL(url) {
     16    let script = document.createElement('script');
     17    script.src = url;
     18    script.addEventListener("load", (event) => {
     19        TestPage.dispatchEventToFrontend("ScriptLoad");
     20    });
     21    document.body.appendChild(script);
     22}
     23
    1624function test()
    1725{
     26    const firstParty = "127.0.0.1";
     27    const thirdParty = "localhost";
     28
    1829    let suite = InspectorTest.createAsyncSuite("Page.getCookies");
    1930
    2031    suite.addTestCase({
    21         name: "CheckNoCookies",
    22         description: "Ensure there are no cookies.",
    23         test(resolve, reject) {
    24             PageAgent.getCookies().then((payload) => {
    25                 InspectorTest.expectEqual(payload.cookies.length, 0, "Should be no cookies.");
    26                 resolve();
    27             }).catch((error) => {
    28                 InspectorTest.log(error);
    29                 reject();
    30             });
     32        name: "Page.getCookies.InitiallyNoCookies",
     33        description: "Ensure there are no cookies at the start.",
     34        async test() {
     35            let {cookies} = await PageAgent.getCookies()
     36
     37            InspectorTest.expectEqual(cookies.length, 0, "Should be no cookies.");
    3138        }
    3239    });
    3340
    3441    suite.addTestCase({
    35         name: "Page.getCookies.OnlyMainResource",
    36         description: "Get cookies on MainResource.",
    37         setup(resolve) {
    38             InspectorTest.evaluateInPage(`document.cookie = "Main=foo; Max-age=3600";`);
    39             setTimeout(resolve, 500);
    40         },
    41         test(resolve, reject) {
    42             PageAgent.getCookies().then((payload) => {
    43                 InspectorTest.expectEqual(payload.cookies.length, 1, "length should be one.");
    44                 InspectorTest.expectEqual(payload.cookies[0].name, "Main", "[Main] Name is 'Main'");
    45                 InspectorTest.expectEqual(payload.cookies[0].value, "foo", "[Main] Value is 'foo'");
    46                 InspectorTest.expectEqual(payload.cookies[0].domain, "127.0.0.1", "[Main] Domain is '127.0.0.1'");
    47                 resolve();
    48             }).catch((error) => {
    49                 InspectorTest.log("Could not fetch cookies: " + error);
    50                 reject();
    51             });
     42        name: "Page.getCookies.FirstParty.MainFrame",
     43        description: "Get cookies for a first-party resource in the main frame.",
     44        async test() {
     45            InspectorTest.log("Getting cookies before first-party resource load...");
     46            let cookiesBefore = await PageAgent.getCookies();
     47
     48            InspectorTest.log("Loading first-party resource...");
     49            await Promise.all([
     50                InspectorTest.awaitEvent("ScriptLoad"),
     51                InspectorTest.evaluateInPage(`loadScriptWithURL("http://${firstParty}:8000/inspector/page/resources/set-cookie.php?name=FirstPartyResource&value=PASS")`),
     52            ]);
     53
     54            InspectorTest.log("Getting cookies after first-party resource load...");
     55            let cookiesAfter = await PageAgent.getCookies();
     56
     57            InspectorTest.expectNotShallowEqual(cookiesBefore, cookiesAfter, "Should have set cookies.");
     58
     59            let cookies = cookiesAfter.cookies.filter((cookie) => cookie.name === "FirstPartyResource");
     60            InspectorTest.assert(cookies.length === 1, "Should only have one cookie with name 'FirstPartyResource'.");
     61            InspectorTest.expectNotNull(cookies[0], "New cookie should have name 'FirstPartyResource'.");
     62            InspectorTest.expectEqual(cookies[0].value, "PASS", "New cookie should have value 'PASS'.");
     63            InspectorTest.expectEqual(cookies[0].domain, firstParty, `New cookie should have domain '${firstParty}'.`);
    5264        }
    5365    });
    5466
    5567    suite.addTestCase({
    56         name: "Page.getCookies.SubResource",
    57         description: "Get cookies on SubResources.",
    58         setup(resolve) {
    59             InspectorTest.awaitEvent("LoadComplete").then((event) => { resolve() });
    60             InspectorTest.evaluateInPage(`loadDocumentWithURL("http://localhost:8000/inspector/page/resources/set-cookie.php?name=Sub&value=bar")`);
    61         },
    62         test(resolve, reject) {
    63             PageAgent.getCookies().then((payload) => {
    64                 InspectorTest.expectEqual(payload.cookies.length, 2, "length should be two.");
    65                 InspectorTest.expectEqual(payload.cookies[1].name, "Sub", "[Sub] Name is 'Sub'");
    66                 InspectorTest.expectEqual(payload.cookies[1].value, "bar", "[Sub] Value is 'bar'");
    67                 InspectorTest.expectEqual(payload.cookies[1].domain, "localhost", "[Sub] Domain is 'localhost'");
    68                 resolve();
    69             }).catch((error) => {
    70                 InspectorTest.log("Could not fetch cookies: " + error);
    71                 reject();
    72             });
     68        name: "Page.getCookies.FirstParty.SubFrame",
     69        description: "Get cookies for a first-party resource in a sub frame.",
     70        async test() {
     71            InspectorTest.log("Getting cookies before first-party resource load...");
     72            let cookiesBefore = await PageAgent.getCookies();
     73
     74            InspectorTest.log("Loading first-party resource...");
     75            await Promise.all([
     76                InspectorTest.awaitEvent("FrameLoad"),
     77                InspectorTest.evaluateInPage(`loadFrameWithURL("http://${firstParty}:8000/inspector/page/resources/set-cookie.php?name=FirstPartyFrame&value=PASS")`),
     78            ]);
     79
     80            InspectorTest.log("Getting cookies after first-party resource load...");
     81            let cookiesAfter = await PageAgent.getCookies();
     82
     83            InspectorTest.expectNotShallowEqual(cookiesBefore, cookiesAfter, "Should have set cookies.");
     84
     85            let cookies = cookiesAfter.cookies.filter((cookie) => cookie.name === "FirstPartyFrame");
     86            InspectorTest.assert(cookies.length === 1, "Should only have one cookie with name 'FirstPartyFrame'.");
     87            InspectorTest.expectNotNull(cookies[0], "New cookie should have name 'FirstPartyFrame'.");
     88            InspectorTest.expectEqual(cookies[0].value, "PASS", "New cookie should have value 'PASS'.");
     89            InspectorTest.expectEqual(cookies[0].domain, firstParty, `New cookie should have domain '${firstParty}'.`);
    7390        }
     91    });
     92
     93    suite.addTestCase({
     94        name: "Page.getCookies.ThirdParty.MainFrame.WithITP",
     95        description: "Get cookies for a third-party resource in the main frame with ITP enabled.",
     96        async test() {
     97            InspectorTest.log("Getting cookies before third-party resource load...");
     98            let cookiesBefore = await PageAgent.getCookies();
     99
     100            InspectorTest.log("Loading third-party resource...");
     101            await Promise.all([
     102                InspectorTest.awaitEvent("ScriptLoad"),
     103                InspectorTest.evaluateInPage(`loadScriptWithURL("http://${thirdParty}:8000/inspector/page/resources/set-cookie.php?name=ThirdPartyResourceWithITP&value=FAIL")`),
     104            ]);
     105
     106            InspectorTest.log("Getting cookies after third-party resource load...");
     107            let cookiesAfter = await PageAgent.getCookies();
     108
     109            InspectorTest.expectShallowEqual(cookiesBefore, cookiesAfter, "Should not have set cookies.");
     110        },
     111    });
     112
     113    suite.addTestCase({
     114        name: "Page.getCookies.ThirdParty.SubFrame.WithITP",
     115        description: "Get cookies for a third-party resource in a sub frame.",
     116        async test() {
     117            InspectorTest.log("Getting cookies before third-party resource load...");
     118            let cookiesBefore = await PageAgent.getCookies();
     119
     120            InspectorTest.log("Loading third-party resource...");
     121            await Promise.all([
     122                InspectorTest.awaitEvent("FrameLoad"),
     123                InspectorTest.evaluateInPage(`loadFrameWithURL("http://${thirdParty}:8000/inspector/page/resources/set-cookie.php?name=ThirdPartyFrameWithITP&value=FAIL")`),
     124            ]);
     125
     126            InspectorTest.log("Getting cookies after third-party resource load...");
     127            let cookiesAfter = await PageAgent.getCookies();
     128
     129            InspectorTest.expectShallowEqual(cookiesBefore, cookiesAfter, "Should not have set cookies.");
     130        },
     131    });
     132
     133    suite.addTestCase({
     134        name: "Page.getCookies.DisableITP",
     135        async test() {
     136            await InspectorTest.evaluateInPage(`if (window.testRunner) testRunner.setAlwaysAcceptCookies(true);`);
     137            InspectorTest.log("PASS");
     138        },
     139    });
     140
     141    suite.addTestCase({
     142        name: "Page.getCookies.ThirdParty.MainFrame.WithoutITP",
     143        description: "Get cookies for a third-party resource in the main frame with ITP disabled.",
     144        async test() {
     145            InspectorTest.log("Getting cookies before third-party resource load...");
     146            let cookiesBefore = await PageAgent.getCookies();
     147
     148            InspectorTest.log("Loading third-party resource...");
     149            await Promise.all([
     150                InspectorTest.awaitEvent("ScriptLoad"),
     151                InspectorTest.evaluateInPage(`loadScriptWithURL("http://${thirdParty}:8000/inspector/page/resources/set-cookie.php?name=ThirdPartyResourceWithoutITP&value=PASS")`),
     152            ]);
     153
     154            InspectorTest.log("Getting cookies after third-party resource load...");
     155            let cookiesAfter = await PageAgent.getCookies();
     156
     157            InspectorTest.expectNotShallowEqual(cookiesBefore, cookiesAfter, "Should have set cookies.");
     158
     159            let cookies = cookiesAfter.cookies.filter((cookie) => cookie.name === "ThirdPartyResourceWithoutITP");
     160            InspectorTest.assert(cookies.length === 1, "Should only have one cookie with name 'ThirdPartyResourceWithoutITP'.");
     161            InspectorTest.expectNotNull(cookies[0], "New cookie should have name 'ThirdPartyResourceWithoutITP'.");
     162            InspectorTest.expectEqual(cookies[0].value, "PASS", "New cookie should have value 'PASS'.");
     163            InspectorTest.expectEqual(cookies[0].domain, thirdParty, `New cookie should have domain '${thirdParty}'.`);
     164        },
     165    });
     166
     167    suite.addTestCase({
     168        name: "Page.getCookies.ThirdParty.SubFrame.WithoutITP",
     169        description: "Get cookies for a third-party resource in a sub frame.",
     170        async test() {
     171            InspectorTest.log("Getting cookies before third-party resource load...");
     172            let cookiesBefore = await PageAgent.getCookies();
     173
     174            InspectorTest.log("Loading third-party resource...");
     175            await Promise.all([
     176                InspectorTest.awaitEvent("FrameLoad"),
     177                InspectorTest.evaluateInPage(`loadFrameWithURL("http://${thirdParty}:8000/inspector/page/resources/set-cookie.php?name=ThirdPartyFrameWithoutITP&value=PASS")`),
     178            ]);
     179
     180            InspectorTest.log("Getting cookies after third-party resource load...");
     181            let cookiesAfter = await PageAgent.getCookies();
     182
     183            InspectorTest.expectNotShallowEqual(cookiesBefore, cookiesAfter, "Should have set cookies.");
     184
     185            let cookies = cookiesAfter.cookies.filter((cookie) => cookie.name === "ThirdPartyFrameWithoutITP");
     186            InspectorTest.assert(cookies.length === 1, "Should only have one cookie with name 'ThirdPartyFrameWithoutITP'.");
     187            InspectorTest.expectNotNull(cookies[0], "New cookie should have name 'ThirdPartyFrameWithoutITP'.");
     188            InspectorTest.expectEqual(cookies[0].value, "PASS", "New cookie should have value 'PASS'.");
     189            InspectorTest.expectEqual(cookies[0].domain, thirdParty, `New cookie should have domain '${thirdParty}'.`);
     190        },
    74191    });
    75192
  • trunk/LayoutTests/http/tests/inspector/page/resources/set-cookie.php

    r247064 r260807  
    22    setcookie($_GET["name"], $_GET["value"], time() + 3600);
    33?>
    4 Set <?= $_GET["name"] ?>=<?= $_GET["value"] ?>
  • trunk/Source/WebKit/ChangeLog

    r260801 r260807  
     12020-04-27  Devin Rousso  <drousso@apple.com>
     2
     3        Web Inspector: Storage: can see third-party cookies
     4        https://bugs.webkit.org/show_bug.cgi?id=211092
     5        <rdar://problem/62469078>
     6
     7        Reviewed by Chris Dumez.
     8
     9        Test: http/tests/inspector/page/get-cookies.html
     10
     11        After r259649, Web Inspector no longer incorrectly bails when attempting to get cookies if
     12        the last resource loaded by a given frame does not have cookie access. We also need to check
     13        whether the resource we're attempting to get cookies for is first-party or third-party so as
     14        to reflect the current cookie policy.
     15
     16        * WebProcess/WebPage/WebCookieJar.cpp:
     17        (WebKit::shouldBlockCookies):
     18
    1192020-04-27  Brent Fulgham  <bfulgham@apple.com>
    220
  • trunk/Source/WebKit/WebProcess/WebPage/WebCookieJar.cpp

    r259173 r260807  
    5959        return false;
    6060
    61     if (frame && frame->isMainFrame())
    62         return false;
    63 
    6461    RegistrableDomain firstPartyDomain { firstPartyForCookies };
    6562    if (firstPartyDomain.isEmpty())
Note: See TracChangeset for help on using the changeset viewer.