chrome/browser/net/cookie_store_samesite_browsertest.cc - chromium/src - Git at Google

 // Copyright (c) 2020 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "base/path_service.h"
 #include "base/strings/stringprintf.h"
 #include "base/test/scoped_feature_list.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/ui/browser.h"
 #include "chrome/browser/ui/tabs/tab_strip_model.h"
 #include "chrome/test/base/in_process_browser_test.h"
 #include "chrome/test/base/ui_test_utils.h"
 #include "components/content_settings/core/common/features.h"
 #include "content/public/common/content_paths.h"
 #include "content/public/common/content_switches.h"
 #include "content/public/test/browser_test.h"
 #include "content/public/test/browser_test_utils.h"
 #include "net/base/features.h"
 #include "net/dns/mock_host_resolver.h"
 #include "net/test/embedded_test_server/embedded_test_server.h"

 namespace {

 class CookieStoreSameSiteTest : public InProcessBrowserTest,
                                 public ::testing::WithParamInterface<bool> {
  protected:
   CookieStoreSameSiteTest()
       : https_server_(net::EmbeddedTestServer::TYPE_HTTPS) {
     if (SameSiteFeatureEnabled()) {
       feature_list_.InitAndEnableFeature(
           net::features::kSameSiteByDefaultCookies);
     } else {
       feature_list_.InitAndDisableFeature(
           net::features::kSameSiteByDefaultCookies);
     }
   }

   void SetUpOnMainThread() override {
     host_resolver()->AddRule("*", "127.0.0.1");
     base::FilePath path;
     base::PathService::Get(content::DIR_TEST_DATA, &path);
     https_server_.ServeFilesFromDirectory(path);
     https_server_.AddDefaultHandlers(GetChromeTestDataDir());
     https_server_.SetSSLConfig(net::EmbeddedTestServer::CERT_TEST_NAMES);
     ASSERT_TRUE(https_server_.Start());
   }

   void NavigateToPageWithFrame(const std::string& host) {
     GURL main_url(https_server_.GetURL(host, "/iframe.html"));
     ui_test_utils::NavigateToURL(browser(), main_url);
   }

   content::RenderFrameHost* GetFrame() {
     content::WebContents* web_contents =
         browser()->tab_strip_model()->GetActiveWebContents();
     return ChildFrameAt(web_contents->GetMainFrame(), 0);
   }

   std::string GetCookieSameSite(const std::string& cookie_name) {
     std::string script = base::StringPrintf(R"(
       (async () => {
           const cookie = await cookieStore.get('%s');
           return cookie ? cookie.sameSite : '';
       }) ();
     )",
                                             cookie_name.c_str());
     return content::EvalJs(GetFrame(), script).ExtractString();
   }

  protected:
   bool SameSiteFeatureEnabled() { return GetParam(); }

   net::test_server::EmbeddedTestServer https_server_;
   base::test::ScopedFeatureList feature_list_;

  private:
   DISALLOW_COPY_AND_ASSIGN(CookieStoreSameSiteTest);
 };

 IN_PROC_BROWSER_TEST_P(CookieStoreSameSiteTest,
                        CookieStoreUsesEffectiveSameSiteForUnspecifiedCookies) {
   NavigateToPageWithFrame("a.test");

   // Create unspecified sameSite cookie with document.cookie because CookieStore
   // doesn't allow unspecified sameSite.
   EXPECT_TRUE(content::ExecJs(GetFrame(),
                               "document.cookie='unspecified-cookie=value'"));

   std::string sameSite = GetCookieSameSite("unspecified-cookie");
   if (SameSiteFeatureEnabled()) {
     EXPECT_EQ("lax", sameSite);
   } else {
     EXPECT_EQ("none", sameSite);
   }
 }

 IN_PROC_BROWSER_TEST_P(CookieStoreSameSiteTest,
                        CookieStoreSameSiteDefaultsToStrict) {
   NavigateToPageWithFrame("a.test");

   // Create cookie with CookieStore with no sameSite.
   EXPECT_TRUE(content::ExecJs(GetFrame(),
                               "cookieStore.set('default-cookie', 'value')"));

   EXPECT_EQ("strict", GetCookieSameSite("default-cookie"));
 }

 IN_PROC_BROWSER_TEST_P(CookieStoreSameSiteTest,
                        CookieStoreUsesSpecifiedSameSite) {
   NavigateToPageWithFrame("a.test");

   // Create cookie with CookieStore with none sameSite. CookieStore defaults to
   // Secure when written from a secure web origin, therefore allows for sameSite
   // none.
   EXPECT_TRUE(content::ExecJs(GetFrame(),
                               "cookieStore.set({name: 'none-cookie', value: "
                               "'value', sameSite: 'none'})"));

   EXPECT_EQ("none", GetCookieSameSite("none-cookie"));
 }

 INSTANTIATE_TEST_SUITE_P(All, CookieStoreSameSiteTest, ::testing::Bool());
 }  // namespace
	// Copyright (c) 2020 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "base/path_service.h"
	#include "base/strings/stringprintf.h"
	#include "base/test/scoped_feature_list.h"
	#include "chrome/browser/profiles/profile.h"
	#include "chrome/browser/ui/browser.h"
	#include "chrome/browser/ui/tabs/tab_strip_model.h"
	#include "chrome/test/base/in_process_browser_test.h"
	#include "chrome/test/base/ui_test_utils.h"
	#include "components/content_settings/core/common/features.h"
	#include "content/public/common/content_paths.h"
	#include "content/public/common/content_switches.h"
	#include "content/public/test/browser_test.h"
	#include "content/public/test/browser_test_utils.h"
	#include "net/base/features.h"
	#include "net/dns/mock_host_resolver.h"
	#include "net/test/embedded_test_server/embedded_test_server.h"

	namespace {

	class CookieStoreSameSiteTest : public InProcessBrowserTest,
	public ::testing::WithParamInterface<bool> {
	protected:
	CookieStoreSameSiteTest()
	: https_server_(net::EmbeddedTestServer::TYPE_HTTPS) {
	if (SameSiteFeatureEnabled()) {
	feature_list_.InitAndEnableFeature(
	net::features::kSameSiteByDefaultCookies);
	} else {
	feature_list_.InitAndDisableFeature(
	net::features::kSameSiteByDefaultCookies);
	}
	}

	void SetUpOnMainThread() override {
	host_resolver()->AddRule("*", "127.0.0.1");
	base::FilePath path;
	base::PathService::Get(content::DIR_TEST_DATA, &path);
	https_server_.ServeFilesFromDirectory(path);
	https_server_.AddDefaultHandlers(GetChromeTestDataDir());
	https_server_.SetSSLConfig(net::EmbeddedTestServer::CERT_TEST_NAMES);
	ASSERT_TRUE(https_server_.Start());
	}

	void NavigateToPageWithFrame(const std::string& host) {
	GURL main_url(https_server_.GetURL(host, "/iframe.html"));
	ui_test_utils::NavigateToURL(browser(), main_url);
	}

	content::RenderFrameHost* GetFrame() {
	content::WebContents* web_contents =
	browser()->tab_strip_model()->GetActiveWebContents();
	return ChildFrameAt(web_contents->GetMainFrame(), 0);
	}

	std::string GetCookieSameSite(const std::string& cookie_name) {
	std::string script = base::StringPrintf(R"(
	(async () => {
	const cookie = await cookieStore.get('%s');
	return cookie ? cookie.sameSite : '';
	}) ();
	)",
	cookie_name.c_str());
	return content::EvalJs(GetFrame(), script).ExtractString();
	}

	protected:
	bool SameSiteFeatureEnabled() { return GetParam(); }

	net::test_server::EmbeddedTestServer https_server_;
	base::test::ScopedFeatureList feature_list_;

	private:
	DISALLOW_COPY_AND_ASSIGN(CookieStoreSameSiteTest);
	};

	IN_PROC_BROWSER_TEST_P(CookieStoreSameSiteTest,
	CookieStoreUsesEffectiveSameSiteForUnspecifiedCookies) {
	NavigateToPageWithFrame("a.test");

	// Create unspecified sameSite cookie with document.cookie because CookieStore
	// doesn't allow unspecified sameSite.
	EXPECT_TRUE(content::ExecJs(GetFrame(),
	"document.cookie='unspecified-cookie=value'"));

	std::string sameSite = GetCookieSameSite("unspecified-cookie");
	if (SameSiteFeatureEnabled()) {
	EXPECT_EQ("lax", sameSite);
	} else {
	EXPECT_EQ("none", sameSite);
	}
	}

	IN_PROC_BROWSER_TEST_P(CookieStoreSameSiteTest,
	CookieStoreSameSiteDefaultsToStrict) {
	NavigateToPageWithFrame("a.test");

	// Create cookie with CookieStore with no sameSite.
	EXPECT_TRUE(content::ExecJs(GetFrame(),
	"cookieStore.set('default-cookie', 'value')"));

	EXPECT_EQ("strict", GetCookieSameSite("default-cookie"));
	}

	IN_PROC_BROWSER_TEST_P(CookieStoreSameSiteTest,
	CookieStoreUsesSpecifiedSameSite) {
	NavigateToPageWithFrame("a.test");

	// Create cookie with CookieStore with none sameSite. CookieStore defaults to
	// Secure when written from a secure web origin, therefore allows for sameSite
	// none.
	EXPECT_TRUE(content::ExecJs(GetFrame(),
	"cookieStore.set({name: 'none-cookie', value: "
	"'value', sameSite: 'none'})"));

	EXPECT_EQ("none", GetCookieSameSite("none-cookie"));
	}

	INSTANTIATE_TEST_SUITE_P(All, CookieStoreSameSiteTest, ::testing::Bool());
	} // namespace