bug 1453806 - verify that cookies aren't sent back by TRR r=mcmanus
authorDaniel Stenberg <daniel@haxx.se>
Fri, 13 Apr 2018 00:26:00 +0200
changeset 466653 484a538efb4950f2dce09ad389432deddf62d8ea
parent 466652 5b0c886b11cdae2b672bad7930f2f906c9d1ffa9
child 466654 260e4c83c8a91313595b26a830963b927d2ad29d
push id9165
push userasasaki@mozilla.com
push dateThu, 26 Apr 2018 21:04:54 +0000
treeherdermozilla-beta@064c3804de2e [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmcmanus
bugs1453806
milestone61.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
bug 1453806 - verify that cookies aren't sent back by TRR r=mcmanus MozReview-Commit-ID: LOeDNqhNZYN
testing/xpcshell/moz-http2/moz-http2.js
--- a/testing/xpcshell/moz-http2/moz-http2.js
+++ b/testing/xpcshell/moz-http2/moz-http2.js
@@ -579,16 +579,18 @@ function handleRequest(req, res) {
     return;
   }
   // for use with test_trr.js
   else if (u.pathname === "/dns") {
     // bar.example.com has A entry 127.0.0.1
     var content= new Buffer("00000100000100010000000003626172076578616D706C6503636F6D0000010001C00C000100010000003700047F000001", "hex");
     res.setHeader('Content-Type', 'application/dns-udpwireformat');
     res.setHeader('Content-Length', content.length);
+    // pass back a cookie here, check it in /dns-auth
+    res.setHeader('Set-Cookie', 'trackyou=yes; path=/; max-age=100000;');
     res.writeHead(200);
     res.write(content);
     res.end("");
     return;
   }
   else if (u.pathname === "/dns-ns") {
     // confirm.example.com has NS entry ns.example.com
     var content= new Buffer("00000100000100010000000007636F6E6669726D076578616D706C6503636F6D0000020001C00C00020001000000370012026E73076578616D706C6503636F6D010A00", "hex");
@@ -667,16 +669,25 @@ function handleRequest(req, res) {
     res.setHeader('Content-Length', content.length);
     res.writeHead(200);
     res.write(content);
     res.end("");
     return;
   }
   // for use with test_trr.js
   else if (u.pathname === "/dns-auth") {
+    // There's a Set-Cookie: header in the response for "/dns" , which this
+    // request subsequently would include if the http channel wasn't
+    // anonymous. Thus, if there's a cookie in this request, we know Firefox
+    // mishaved. If there's not, we're fine.
+    if (req.headers['cookie']) {
+      res.writeHead(403);
+      res.end("cookie for me, not for you");
+      return;
+    }
     if (req.headers['authorization'] != "user:password") {
       res.writeHead(401);
       res.end("bad boy!");
       return;
     }
     // bar.example.com has A entry 127.0.0.1
     var content= new Buffer("00000100000100010000000003626172076578616D706C6503636F6D0000010001C00C000100010000003700047F000001", "hex");
     res.setHeader('Content-Type', 'application/dns-udpwireformat');