diff options
| author | Simon Wülker <simon.wuelker@arcor.de> | 2024-10-09 06:52:48 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-10-09 04:52:48 +0000 |
| commit | ff6523c37e132605c0945bdc49f15b75b0566d2e (patch) | |
| tree | f8f12e423474a519611ce62551aba5d526dd0a42 /components/net/tests | |
| parent | a2b27012a5e7e312345afc2d79ba995af9f5e68b (diff) | |
| download | servo-ff6523c37e132605c0945bdc49f15b75b0566d2e.tar.gz servo-ff6523c37e132605c0945bdc49f15b75b0566d2e.zip | |
Fix handling of `__Secure-` and `__Host-` Cookie prefixes (#33717)
* Make checking for cookie prefixes case-insensitive
Cookie-Prefixes like "__Host-" and "__Secure-" are case insensitive
as per https://www.ietf.org/archive/id/draft-ietf-httpbis-rfc6265bis-15.html#name-storage-model.
This is tested by many WPT tests in cookies/prefix, for example
* cookies/prefix/__host.document-cookie.html
* cookies/prefix/__host.document-cookie.https.html
Since the implementation and the specification had diverged quite
significantly i also updated/added spec comments where appropriate
and slightly restructured code so its easier to follow. However,
the only change in behaviour is the prefix check described above.
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Update WPT expectations
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Remove unused import
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Fix cookie test cases
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Fix ignore cookie with __Host prefix and no specified path attribute
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
* Fix another cookie test case
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
---------
Signed-off-by: Simon Wülker <simon.wuelker@arcor.de>
Diffstat (limited to 'components/net/tests')
| -rw-r--r-- | components/net/tests/cookie.rs | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/components/net/tests/cookie.rs b/components/net/tests/cookie.rs index f36fbfeb2f9..cf8fcf4baf9 100644 --- a/components/net/tests/cookie.rs +++ b/components/net/tests/cookie.rs @@ -79,13 +79,17 @@ fn fn_cookie_constructor() { assert!(ServoCookie::new_wrapped(cookie, url, CookieSource::HTTP).is_none()); let cookie = cookie::Cookie::parse(" baz = bar ; Secure; Path = /foo/bar/").unwrap(); - assert!(ServoCookie::new_wrapped(cookie, url, CookieSource::HTTP).is_some()); + assert!( + ServoCookie::new_wrapped(cookie, url, CookieSource::HTTP).is_none(), + "Cookie with \"Secure\" attribute from non-secure source should be rejected" + ); let cookie = cookie::Cookie::parse(" baz = bar ; HttpOnly").unwrap(); assert!(ServoCookie::new_wrapped(cookie, url, CookieSource::NonHTTP).is_none()); + let secure_url = &ServoUrl::parse("https://example.com/foo").unwrap(); let cookie = cookie::Cookie::parse(" baz = bar ; Secure; Path = /foo/bar/").unwrap(); - let cookie = ServoCookie::new_wrapped(cookie, url, CookieSource::HTTP).unwrap(); + let cookie = ServoCookie::new_wrapped(cookie, secure_url, CookieSource::HTTP).unwrap(); assert_eq!(cookie.cookie.value(), "bar"); assert_eq!(cookie.cookie.name(), "baz"); assert!(cookie.cookie.secure().unwrap_or(false)); |