Bug 1471733 [wpt PR 11696] - Async Cookies: Implement sameSite attribute., a=testonly
authorVictor Costan <pwnall@chromium.org>
Fri, 06 Jul 2018 23:15:56 +0000
changeset 426090 1eb6b94f3c5ee50b056d1d91ed93181a98bc5640
parent 426089 4d37221454142bf2fac5fab714b449f42af9b721
child 426091 7ecfa735133e6ad288e14a85cce7849ca27493eb
push id34267
push userrgurzau@mozilla.com
push dateWed, 11 Jul 2018 22:05:21 +0000
treeherdermozilla-central@3aca103e4915 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerstestonly
bugs1471733, 11696, 856364, 729800, 1115586, 570976
milestone63.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1471733 [wpt PR 11696] - Async Cookies: Implement sameSite attribute., a=testonly Automatic update from web-platform-testsAsync Cookies: Implement sameSite attribute. This CL modifies RestrictedCookieManager to allow renderers to set the SameSite and Priority CanonicalCookie attributes. Renderers must be allowed to set the SameSite and Priority attributes so that RestrictedCookieManager can be used to implement the document.cookie setter. Bug: 856364, 729800 Cq-Include-Trybots: luci.chromium.try :linux_mojo Change-Id: Ic0a520bc6c02c259ef22175c9eb161086fa18782 Reviewed-on: https://chromium-review.googlesource.com/1115586 Commit-Queue: Victor Costan <pwnall@chromium.org> Reviewed-by: Reilly Grant <reillyg@chromium.org> Reviewed-by: Joshua Bell <jsbell@chromium.org> Cr-Commit-Position: refs/heads/master@{#570976} -- wpt-commits: 5392b81b526e3e0bbe805f1407a235d640f879a5 wpt-pr: 11696 MozReview-Commit-ID: 8dBERNSQC7I
testing/web-platform/meta/MANIFEST.json
testing/web-platform/tests/cookie-store/cookieListItem_attributes.tentative.https.window.js
testing/web-platform/tests/interfaces/cookie-store.idl
--- a/testing/web-platform/meta/MANIFEST.json
+++ b/testing/web-platform/meta/MANIFEST.json
@@ -440617,17 +440617,17 @@
    "b0d8c58c78cfd2dcc8a81b83fb17afadeabfb375",
    "support"
   ],
   "cookie-store/README.md": [
    "40595162d15dec7e315ef16f94646045596d7b1c",
    "support"
   ],
   "cookie-store/cookieListItem_attributes.tentative.https.window.js": [
-   "2974358d1d68aaa7a8afdeb3880bb65b218e3cb8",
+   "773ad9b5ea3636497f9f90c57e5bc5a2fa63c289",
    "testharness"
   ],
   "cookie-store/cookieStore_delete_arguments.tentative.https.window.js": [
    "740fccd53713d8ffdd84aa388580630025fc016c",
    "testharness"
   ],
   "cookie-store/cookieStore_delete_basic.tentative.https.window.js": [
    "c0a5c01ffcdd3755eb3db3dc4a6ec398fd2aba37",
@@ -593157,17 +593157,17 @@
    "e674e142d1348afd587b566d86b9390ad8bc56a0",
    "support"
   ],
   "interfaces/console.idl": [
    "43ced34008dc73d05c79140d8dc33c60e2d9df3a",
    "support"
   ],
   "interfaces/cookie-store.idl": [
-   "dbe2d9f9118543d0138ba4f5ba0a49517596ea9d",
+   "427e33a156cad6978e1c9c5ef5a9f906aa67a4c4",
    "support"
   ],
   "interfaces/cors-rfc1918.idl": [
    "d7f133c8dd6e1656f82c077d9795714827b9c869",
    "support"
   ],
   "interfaces/css-animations.idl": [
    "520ed1f6d245c75551aed3f74f988026edf3ff59",
--- a/testing/web-platform/tests/cookie-store/cookieListItem_attributes.tentative.https.window.js
+++ b/testing/web-platform/tests/cookie-store/cookieListItem_attributes.tentative.https.window.js
@@ -11,68 +11,68 @@ async function async_cleanup(cleanup_fun
 }
 
 const kCurrentHostname = (new URL(self.location.href)).hostname;
 
 const kOneDay = 24 * 60 * 60 * 1000;
 const kTenYears = 10 * 365 * kOneDay;
 const kTenYearsFromNow = Date.now() + kTenYears;
 
+const kCookieListItemKeys =
+    ['domain', 'expires', 'name', 'path', 'sameSite', 'secure', 'value'].sort();
+
 promise_test(async testCase => {
   await cookieStore.delete('cookie-name');
 
   await cookieStore.set('cookie-name', 'cookie-value');
 
   const cookie = await cookieStore.get('cookie-name');
   assert_equals(cookie.name, 'cookie-name');
   assert_equals(cookie.value, 'cookie-value');
   assert_equals(cookie.domain, null);
   assert_equals(cookie.path, '/');
   assert_equals(cookie.expires, null);
   assert_equals(cookie.secure, true);
-  assert_array_equals(
-      Object.keys(cookie).sort(),
-      ['domain', 'expires', 'name', 'path', 'secure', 'value'].sort());
+  assert_equals(cookie.sameSite, 'strict');
+  assert_array_equals(Object.keys(cookie).sort(), kCookieListItemKeys);
 
   await async_cleanup(() => cookieStore.delete('cookie-name'));
 }, 'CookieListItem - cookieStore.set defaults with positional name and value');
 
 promise_test(async testCase => {
   await cookieStore.delete('cookie-name');
 
   await cookieStore.set({ name: 'cookie-name', value: 'cookie-value' });
   const cookie = await cookieStore.get('cookie-name');
   assert_equals(cookie.name, 'cookie-name');
   assert_equals(cookie.value, 'cookie-value');
   assert_equals(cookie.domain, null);
   assert_equals(cookie.path, '/');
   assert_equals(cookie.expires, null);
   assert_equals(cookie.secure, true);
-  assert_array_equals(
-      Object.keys(cookie).sort(),
-      ['domain', 'expires', 'name', 'path', 'secure', 'value'].sort());
+  assert_equals(cookie.sameSite, 'strict');
+  assert_array_equals(Object.keys(cookie).sort(), kCookieListItemKeys);
 
   await async_cleanup(() => cookieStore.delete('cookie-name'));
 }, 'CookieListItem - cookieStore.set defaults with name and value in options');
 
 promise_test(async testCase => {
   await cookieStore.delete('cookie-name');
 
   await cookieStore.set('cookie-name', 'cookie-value',
                         { expires: kTenYearsFromNow });
   const cookie = await cookieStore.get('cookie-name');
   assert_equals(cookie.name, 'cookie-name');
   assert_equals(cookie.value, 'cookie-value');
   assert_equals(cookie.domain, null);
   assert_equals(cookie.path, '/');
   assert_approx_equals(cookie.expires, kTenYearsFromNow, kOneDay);
   assert_equals(cookie.secure, true);
-  assert_array_equals(
-      Object.keys(cookie).sort(),
-      ['domain', 'expires', 'name', 'path', 'secure', 'value'].sort());
+  assert_equals(cookie.sameSite, 'strict');
+  assert_array_equals(Object.keys(cookie).sort(), kCookieListItemKeys);
 
   await async_cleanup(() => cookieStore.delete('cookie-name'));
 }, 'CookieListItem - cookieStore.set with expires set to a timestamp 10 ' +
    'years in the future');
 
 promise_test(async testCase => {
   await cookieStore.delete('cookie-name');
 
@@ -80,19 +80,18 @@ promise_test(async testCase => {
                           expires: kTenYearsFromNow });
   const cookie = await cookieStore.get('cookie-name');
   assert_equals(cookie.name, 'cookie-name');
   assert_equals(cookie.value, 'cookie-value');
   assert_equals(cookie.domain, null);
   assert_equals(cookie.path, '/');
   assert_approx_equals(cookie.expires, kTenYearsFromNow, kOneDay);
   assert_equals(cookie.secure, true);
-  assert_array_equals(
-      Object.keys(cookie).sort(),
-      ['domain', 'expires', 'name', 'path', 'secure', 'value'].sort());
+  assert_equals(cookie.sameSite, 'strict');
+  assert_array_equals(Object.keys(cookie).sort(), kCookieListItemKeys);
 
   await async_cleanup(() => cookieStore.delete('cookie-name'));
 }, 'CookieListItem - cookieStore.set with name and value in options and ' +
    'expires set to a future timestamp');
 
 promise_test(async testCase => {
   await cookieStore.delete('cookie-name');
 
@@ -117,19 +116,18 @@ promise_test(async testCase => {
                           expires: new Date(kTenYearsFromNow) });
   const cookie = await cookieStore.get('cookie-name');
   assert_equals(cookie.name, 'cookie-name');
   assert_equals(cookie.value, 'cookie-value');
   assert_equals(cookie.domain, null);
   assert_equals(cookie.path, '/');
   assert_approx_equals(cookie.expires, kTenYearsFromNow, kOneDay);
   assert_equals(cookie.secure, true);
-  assert_array_equals(
-      Object.keys(cookie).sort(),
-      ['domain', 'expires', 'name', 'path', 'secure', 'value'].sort());
+  assert_equals(cookie.sameSite, 'strict');
+  assert_array_equals(Object.keys(cookie).sort(), kCookieListItemKeys);
 
   await async_cleanup(() => cookieStore.delete('cookie-name'));
 }, 'CookieListItem - cookieStore.set with name and value in options and ' +
    'expires set to a future Date');
 
 promise_test(async testCase => {
   await cookieStore.delete('cookie-name', { domain: kCurrentHostname });
 
@@ -137,19 +135,18 @@ promise_test(async testCase => {
                         { domain: kCurrentHostname });
   const cookie = await cookieStore.get('cookie-name');
   assert_equals(cookie.name, 'cookie-name');
   assert_equals(cookie.value, 'cookie-value');
   assert_equals(cookie.domain, kCurrentHostname);
   assert_equals(cookie.path, '/');
   assert_equals(cookie.expires, null);
   assert_equals(cookie.secure, true);
-  assert_array_equals(
-      Object.keys(cookie).sort(),
-      ['domain', 'expires', 'name', 'path', 'secure', 'value'].sort());
+  assert_equals(cookie.sameSite, 'strict');
+  assert_array_equals(Object.keys(cookie).sort(), kCookieListItemKeys);
 
   await async_cleanup(async () => {
     await cookieStore.delete('cookie-name', { domain: kCurrentHostname });
   });
 }, 'CookieListItem - cookieStore.set with domain set to the current hostname');
 
 promise_test(async testCase => {
   const currentUrl = new URL(self.location.href);
@@ -162,19 +159,18 @@ promise_test(async testCase => {
                         { path: currentDirectory });
   const cookie = await cookieStore.get('cookie-name');
   assert_equals(cookie.name, 'cookie-name');
   assert_equals(cookie.value, 'cookie-value');
   assert_equals(cookie.domain, null);
   assert_equals(cookie.path, currentDirectory);
   assert_equals(cookie.expires, null);
   assert_equals(cookie.secure, true);
-  assert_array_equals(
-      Object.keys(cookie).sort(),
-      ['domain', 'expires', 'name', 'path', 'secure', 'value'].sort());
+  assert_equals(cookie.sameSite, 'strict');
+  assert_array_equals(Object.keys(cookie).sort(), kCookieListItemKeys);
 
   await async_cleanup(async () => {
     await cookieStore.delete('cookie-name', { path: currentDirectory });
   });
 }, 'CookieListItem - cookieStore.set with path set to the current directory');
 
 promise_test(async testCase => {
   await cookieStore.delete('cookie-name', { secure: false });
@@ -182,16 +178,58 @@ promise_test(async testCase => {
   await cookieStore.set('cookie-name', 'cookie-value', { secure: false });
   const cookie = await cookieStore.get('cookie-name');
   assert_equals(cookie.name, 'cookie-name');
   assert_equals(cookie.value, 'cookie-value');
   assert_equals(cookie.domain, null);
   assert_equals(cookie.path, '/');
   assert_equals(cookie.expires, null);
   assert_equals(cookie.secure, false);
-  assert_array_equals(
-      Object.keys(cookie).sort(),
-      ['domain', 'expires', 'name', 'path', 'secure', 'value'].sort());
+  assert_equals(cookie.sameSite, 'strict');
+  assert_array_equals(Object.keys(cookie).sort(), kCookieListItemKeys);
 
   await async_cleanup(async () => {
     await cookieStore.delete('cookie-name', { secure: false });
   });
 }, 'CookieListItem - cookieStore.set with secure set to false');
+
+['strict', 'lax', 'unrestricted'].forEach(sameSiteValue => {
+  promise_test(async testCase => {
+    await cookieStore.delete('cookie-name', { sameSite: sameSiteValue });
+
+    await cookieStore.set({
+        name: 'cookie-name', value: 'cookie-value', sameSite: sameSiteValue });
+    const cookie = await cookieStore.get('cookie-name');
+    assert_equals(cookie.name, 'cookie-name');
+    assert_equals(cookie.value, 'cookie-value');
+    assert_equals(cookie.domain, null);
+    assert_equals(cookie.path, '/');
+    assert_equals(cookie.expires, null);
+    assert_equals(cookie.secure, true);
+    assert_equals(cookie.sameSite, sameSiteValue);
+    assert_array_equals(Object.keys(cookie).sort(), kCookieListItemKeys);
+
+    await async_cleanup(async () => {
+      await cookieStore.delete('cookie-name', { secure: sameSiteValue });
+    });
+  }, `CookieListItem - cookieStore.set with sameSite set to ${sameSiteValue}`);
+
+  promise_test(async testCase => {
+    await cookieStore.delete('cookie-name', { sameSite: sameSiteValue });
+
+    await cookieStore.set('cookie-name', 'cookie-value',
+                          { sameSite: sameSiteValue });
+    const cookie = await cookieStore.get('cookie-name');
+    assert_equals(cookie.name, 'cookie-name');
+    assert_equals(cookie.value, 'cookie-value');
+    assert_equals(cookie.domain, null);
+    assert_equals(cookie.path, '/');
+    assert_equals(cookie.expires, null);
+    assert_equals(cookie.secure, true);
+    assert_equals(cookie.sameSite, sameSiteValue);
+    assert_array_equals(Object.keys(cookie).sort(), kCookieListItemKeys);
+
+    await async_cleanup(async () => {
+      await cookieStore.delete('cookie-name', { secure: sameSiteValue });
+    });
+  }, 'CookieListItem - cookieStore.set with positional name and value and ' +
+     `sameSite set to ${sameSiteValue}`);
+});
--- a/testing/web-platform/tests/interfaces/cookie-store.idl
+++ b/testing/web-platform/tests/interfaces/cookie-store.idl
@@ -1,17 +1,24 @@
 // https://github.com/WICG/cookie-store/blob/gh-pages/explainer.md
 
+enum CookieSameSite {
+  "strict",
+  "lax",
+  "unrestricted"
+};
+
 dictionary CookieListItem {
   USVString name;
   USVString value;
   USVString? domain;
   USVString path;
   DOMTimeStamp? expires;
   boolean secure;
+  CookieSameSite sameSite;
 };
 
 typedef sequence<CookieListItem> CookieList;
 
 dictionary CookieChangeEventInit : EventInit {
   CookieList changed;
   CookieList deleted;
 };
@@ -52,16 +59,17 @@ dictionary CookieStoreGetOptions {
 dictionary CookieStoreSetOptions {
   USVString name;
   USVString value;
   DOMTimeStamp? expires = null;
   USVString domain;
   USVString path = "/";
   boolean secure = true;
   boolean httpOnly = false;
+  CookieSameSite sameSite = "strict";
 };
 
 [
   Exposed=(ServiceWorker,Window),
   SecureContext
 ] interface CookieStore : EventTarget {
   Promise<CookieList?> getAll(USVString name, optional CookieStoreGetOptions options);
   Promise<CookieList?> getAll(optional CookieStoreGetOptions options);