browser/components/sessionstore/test/browser_cookies_sameSite.js


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89

"use strict";

const TEST_HTTP_URL = "http://example.com";
const TEST_HTTPS_URL = "https://example.com";
const MAX_EXPIRY = Math.pow(2, 62);

function getSingleCookie() {
  let cookies = Array.from(Services.cookies.cookies);
  Assert.equal(cookies.length, 1, "expected one cookie");
  return cookies[0];
}

async function verifyRestore(url, sameSiteSetting) {
  Services.cookies.removeAll();

  // Make sure that sessionstore.js can be forced to be created by setting
  // the interval pref to 0.
  await SpecialPowers.pushPrefEnv({
    set: [["browser.sessionstore.interval", 0]],
  });

  let tab = BrowserTestUtils.addTab(gBrowser, url);
  await BrowserTestUtils.browserLoaded(tab.linkedBrowser);

  // Add a cookie with specific same-site setting.
  let r = Math.floor(Math.random() * MAX_EXPIRY);
  Services.cookies.add(
    url,
    "/",
    "name" + r,
    "value" + r,
    false,
    false,
    true,
    MAX_EXPIRY,
    {},
    sameSiteSetting,
    url.startsWith("https:")
      ? Ci.nsICookie.SCHEME_HTTPS
      : Ci.nsICookie.SCHEME_HTTP
  );
  await TabStateFlusher.flush(tab.linkedBrowser);

  // Get the sessionstore state for the window.
  let state = ss.getBrowserState();

  // Verify our cookie got set.
  let cookie = getSingleCookie();

  // Remove the cookie.
  Services.cookies.removeAll();

  // Restore the window state.
  await setBrowserState(state);

  // At this point, the cookie should be restored.
  let cookie2 = getSingleCookie();

  is(
    cookie2.sameSite,
    cookie.sameSite,
    "cookie same-site flag successfully restored"
  );

  is(
    cookie2.schemeMap,
    cookie.schemeMap,
    "cookie schemeMap flag successfully restored"
  );

  // Clean up.
  Services.cookies.removeAll();
  BrowserTestUtils.removeTab(gBrowser.tabs[1]);
}

/**
 * Tests that cookie.sameSite flag is stored and restored correctly by
 * sessionstore.
 */
add_task(async function() {
  // Test for various possible values of cookie.sameSite and schemeMap.
  await verifyRestore(TEST_HTTP_URL, Ci.nsICookie.SAMESITE_NONE);
  await verifyRestore(TEST_HTTP_URL, Ci.nsICookie.SAMESITE_LAX);
  await verifyRestore(TEST_HTTP_URL, Ci.nsICookie.SAMESITE_STRICT);

  await verifyRestore(TEST_HTTPS_URL, Ci.nsICookie.SAMESITE_NONE);
  await verifyRestore(TEST_HTTPS_URL, Ci.nsICookie.SAMESITE_LAX);
  await verifyRestore(TEST_HTTPS_URL, Ci.nsICookie.SAMESITE_STRICT);
});