Bug 1629112 - Group console warnings about invalid sameSite cookie attributes, r=nchevobbe
authorAndrea Marchesini <amarchesini@mozilla.com>
Fri, 17 Apr 2020 07:56:45 +0000
changeset 524557 b7332cecb58ab71f5e36bfdddb9817b06be0ae7e
parent 524556 7488b281a91503d8d082a5835ee7be48cba472a3
child 524558 219a8f2d153f89cb8d93939f5a942e69ebc65036
push id37323
push userdluca@mozilla.com
push dateFri, 17 Apr 2020 16:25:55 +0000
treeherdermozilla-central@b4b1d6f91ef0 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersnchevobbe
bugs1629112
milestone77.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1629112 - Group console warnings about invalid sameSite cookie attributes, r=nchevobbe Invalid sameSite cookie attributes generate console warning messages in the wrong 'generic' category. In this patch, we put them under the 'sameSite' category. We also rename the 'generic' category to 'oversize' because all the remaining messages are about invalid cookie sizes. Differential Revision: https://phabricator.services.mozilla.com/D70795
devtools/client/webconsole/test/browser/browser_webconsole_warning_group_cookies.js
netwerk/cookie/CookieService.cpp
--- a/devtools/client/webconsole/test/browser/browser_webconsole_warning_group_cookies.js
+++ b/devtools/client/webconsole/test/browser/browser_webconsole_warning_group_cookies.js
@@ -99,8 +99,52 @@ add_task(async function testSameSiteCook
       `| ${test.message2}`,
     ]);
 
     await win.close();
   }
 });
 
 add_task(cleanUp);
+
+add_task(async function testInvalidSameSiteMessage() {
+  await pushPref("network.cookie.sameSite.laxByDefault", true);
+
+  const groupLabel =
+    "Some cookies are misusing the “sameSite“ attribute, so it won’t work as expected";
+  const message1 =
+    "Invalid “sameSite“ value for cookie “a”. The supported values are: “lax“, “strict“, “none“.";
+  const message2 =
+    "Cookie “a” has “sameSite” policy set to “lax” because it is missing a “sameSite” attribute, and “sameSite=lax” is the default value for this attribute.";
+
+  const { hud, tab, win } = await openNewWindowAndConsole(
+    "http://example.org/" + TEST_FILE
+  );
+
+  info("Test cookie messages");
+
+  SpecialPowers.spawn(tab.linkedBrowser, [], () => {
+    content.wrappedJSObject.createCookie("a=1; sameSite=batman");
+  });
+
+  const { node } = await waitForMessage(hud, groupLabel, ".warn");
+  is(
+    node.querySelector(".warning-group-badge").textContent,
+    "2",
+    "The badge has the expected text"
+  );
+
+  checkConsoleOutputForWarningGroup(hud, [`▶︎⚠ ${groupLabel} 2`]);
+
+  info("Open the group");
+  node.querySelector(".arrow").click();
+  await waitFor(() => findMessage(hud, "sameSite"));
+
+  checkConsoleOutputForWarningGroup(hud, [
+    `▼︎⚠ ${groupLabel} 2`,
+    `| ${message1}`,
+    `| ${message2}`,
+  ]);
+
+  await win.close();
+});
+
+add_task(cleanUp);
--- a/netwerk/cookie/CookieService.cpp
+++ b/netwerk/cookie/CookieService.cpp
@@ -36,17 +36,18 @@ namespace net {
 /******************************************************************************
  * CookieService impl:
  * useful types & constants
  ******************************************************************************/
 
 static StaticRefPtr<CookieService> gCookieService;
 
 constexpr auto CONSOLE_SAMESITE_CATEGORY = NS_LITERAL_CSTRING("cookieSameSite");
-constexpr auto CONSOLE_GENERIC_CATEGORY = NS_LITERAL_CSTRING("cookies");
+constexpr auto CONSOLE_OVERSIZE_CATEGORY =
+    NS_LITERAL_CSTRING("cookiesOversize");
 
 constexpr auto SAMESITE_MDN_URL = NS_LITERAL_STRING(
     "https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite");
 
 namespace {
 
 // Return false if the cookie should be ignored for the current channel.
 bool ProcessSameSiteCookieForForeignRequest(nsIChannel* aChannel,
@@ -872,17 +873,17 @@ bool CookieService::CanSetCookie(nsIURI*
     AutoTArray<nsString, 2> params = {
         NS_ConvertUTF8toUTF16(aCookieData.name())};
 
     nsString size;
     size.AppendInt(kMaxBytesPerCookie);
     params.AppendElement(size);
 
     LogMessageToConsole(aChannel, aHostURI, nsIScriptError::warningFlag,
-                        CONSOLE_GENERIC_CATEGORY,
+                        CONSOLE_OVERSIZE_CATEGORY,
                         NS_LITERAL_CSTRING("CookieOversize"), params);
     return newCookie;
   }
 
   if (!CookieCommons::CheckName(aCookieData)) {
     COOKIE_LOGFAILURE(SET_COOKIE, aHostURI, savedCookieHeader,
                       "invalid name character");
     return newCookie;
@@ -1277,17 +1278,17 @@ bool CookieService::ParseAttributes(nsIC
         sameSiteSet = true;
       } else if (tokenValue.LowerCaseEqualsLiteral(kSameSiteNone)) {
         aCookieData.sameSite() = nsICookie::SAMESITE_NONE;
         aCookieData.rawSameSite() = nsICookie::SAMESITE_NONE;
         sameSiteSet = true;
       } else {
         LogMessageToConsole(
             aChannel, aHostURI, nsIScriptError::infoFlag,
-            CONSOLE_GENERIC_CATEGORY,
+            CONSOLE_SAMESITE_CATEGORY,
             NS_LITERAL_CSTRING("CookieSameSiteValueInvalid"),
             AutoTArray<nsString, 1>{NS_ConvertUTF8toUTF16(aCookieData.name())});
       }
     }
   }
 
   Telemetry::Accumulate(Telemetry::COOKIE_SAMESITE_SET_VS_UNSET,
                         sameSiteSet ? 1 : 0);
@@ -1648,17 +1649,17 @@ bool CookieService::CheckPath(CookieStru
     AutoTArray<nsString, 2> params = {
         NS_ConvertUTF8toUTF16(aCookieData.name())};
 
     nsString size;
     size.AppendInt(kMaxBytesPerPath);
     params.AppendElement(size);
 
     LogMessageToConsole(aChannel, aHostURI, nsIScriptError::warningFlag,
-                        CONSOLE_GENERIC_CATEGORY,
+                        CONSOLE_OVERSIZE_CATEGORY,
                         NS_LITERAL_CSTRING("CookiePathOversize"), params);
     return false;
   }
 
   if (aCookieData.path().Contains('\t')) {
     return false;
   }