Add web platform tests for cookie size requirements.
Note: a lot of these will fail in Chromium today, as the latest spec
updates are not yet implemented. That should happen in
crbug.com/1225342.
Bug: 1223516
Change-Id: I077df55a27c3d5bbbff96fd2d2385f76e2b6a64b
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2990029
Reviewed-by: Lily Chen <chlily@chromium.org>
Commit-Queue: Mike Taylor <miketaylr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#900126}
diff --git a/cookies/resources/cookie-test.js b/cookies/resources/cookie-test.js
index 9a96506..8096ffc 100644
--- a/cookies/resources/cookie-test.js
+++ b/cookies/resources/cookie-test.js
@@ -166,3 +166,12 @@
CTLS: ctlCodes.map(i => ({code: i, chr: String.fromCharCode(i)}))
};
}
+
+// Returns a cookie string with name set to "t" * nameLength and value
+// set to "1" * valueLength. Passing in 0 for either allows for creating
+// a name- or value-less cookie.
+//
+// Note: Cookie length checking should ignore the "=".
+function cookieStringWithNameAndValueLengths(nameLength, valueLength) {
+ return `${"t".repeat(nameLength)}=${"1".repeat(valueLength)}`;
+}
diff --git a/cookies/size/attributes.www.sub.html b/cookies/size/attributes.www.sub.html
new file mode 100644
index 0000000..3004007
--- /dev/null
+++ b/cookies/size/attributes.www.sub.html
@@ -0,0 +1,51 @@
+<!doctype html>
+<html>
+
+<head>
+ <meta charset=utf-8>
+ <title>Test cookie attribute size restrictions</title>
+ <meta name=help href="https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis#section-5.4">
+ <meta name="timeout" content="long">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/cookies/resources/cookie-test.js"></script>
+</head>
+
+<body>
+ <div id=log></div>
+ <script>
+ const host = "{{host}}";
+ const attrSizeTests = [
+ {
+ cookie: `test=1; path=/cookies/size; path=/cookies/siz${"e".repeat(1024)}`,
+ expected: "test=1",
+ name: "Too long path attribute (>1024 bytes) is ignored; previous valid path wins.",
+ defaultPath: false,
+ },
+ {
+ cookie: `test=2; path=/cookies/siz${"e".repeat(1024)}; path=/cookies/size`,
+ expected: "test=2",
+ name: "Too long path attribute (>1024 bytes) is ignored; next valid path wins.",
+ defaultPath: false,
+ },
+ {
+ // This page opens on the www subdomain, so we set domain to {{host}}
+ // to see if anything works as expected.
+ cookie: `test=3; domain=${host}; domain=${"a".repeat(1024)}.com`,
+ expected: "test=3",
+ name: "Too long domain attribute (>1024 bytes) is ignored; previous valid domain wins."
+ },
+ {
+ cookie: `test=4; domain=${"a".repeat(1024)}.com; domain=${host}`,
+ expected: "test=4",
+ name: "Too long domain attribute (>1024 bytes) is ignored; next valid domain wins."
+ }
+ ];
+
+ for (const test of attrSizeTests) {
+ httpCookieTest(test.cookie, test.expected, test.name, test.defaultPath);
+ }
+ </script>
+</body>
+
+</html>
diff --git a/cookies/size/name-and-value.html b/cookies/size/name-and-value.html
new file mode 100644
index 0000000..2122c0d
--- /dev/null
+++ b/cookies/size/name-and-value.html
@@ -0,0 +1,76 @@
+<!doctype html>
+<html>
+
+<head>
+ <meta charset=utf-8>
+ <title>Test cookie name size restrictions</title>
+ <meta name=help href="https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis#section-5.4">
+ <meta name="timeout" content="long">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/cookies/resources/cookie-test.js"></script>
+</head>
+
+<body>
+ <div id=log></div>
+ <script>
+ const nameAndValueSizeTests = [
+ {
+ cookie: cookieStringWithNameAndValueLengths(2048, 2048),
+ expected: cookieStringWithNameAndValueLengths(2048, 2048),
+ name: "Set max-size cookie with largest possible name and value (4096 bytes)",
+ },
+ {
+ cookie: cookieStringWithNameAndValueLengths(4097, 1),
+ expected: "",
+ name: "Ignore cookie with name larger than 4096 and 1 byte value",
+ },
+ {
+ cookie: cookieStringWithNameAndValueLengths(4096, 0),
+ expected: cookieStringWithNameAndValueLengths(4096, 0),
+ name: "Set max-size value-less cookie",
+ },
+ {
+ cookie: cookieStringWithNameAndValueLengths(4097, 0),
+ expected: "",
+ name: "Ignore value-less cookie with name larger than 4096 bytes",
+ },
+ {
+ cookie: cookieStringWithNameAndValueLengths(1, 4095),
+ expected: cookieStringWithNameAndValueLengths(1, 4095),
+ name: "Set max-size cookie with largest possible value (4095 bytes)",
+ },
+ {
+ cookie: cookieStringWithNameAndValueLengths(1, 4096),
+ expected: "",
+ name: "Ignore named cookie (with non-zero length) and value larger than 4095 bytes",
+ },
+ {
+ cookie: cookieStringWithNameAndValueLengths(4096, 1),
+ expected: "",
+ name: "Ignore named cookie with length larger than 4095 bytes, and a non-zero value",
+ },
+ {
+ cookie: cookieStringWithNameAndValueLengths(0, 4096),
+ expected: cookieStringWithNameAndValueLengths(0, 4096).slice(1), // it won't come back with leading =
+ name: "Set max-size name-less cookie",
+ },
+ {
+ cookie: cookieStringWithNameAndValueLengths(0, 4097),
+ expected: "",
+ name: "Ignore name-less cookie with value larger than 4096 bytes",
+ },
+ {
+ cookie: cookieStringWithNameAndValueLengths(0, 4097).slice(1), // slice off leading =
+ expected: "",
+ name: "Ignore name-less cookie (without leading =) with value larger than 4096 bytes",
+ },
+ ];
+
+ for (const test of nameAndValueSizeTests) {
+ httpCookieTest(test.cookie, test.expected, test.name);
+ }
+ </script>
+</body>
+
+</html>
