From 2e135c03ff73a7102011f4e610dc7890eb4332a1 Mon Sep 17 00:00:00 2001 From: Staphany Park Date: Thu, 25 Jul 2019 15:53:26 -0700 Subject: [PATCH] Cookie Store API: Fix crashes on http://localhost. Issue #1: The "SecureContext" IDL attribute considers localhost to be secure, but the Cookie Store API assumed that it would only be exposed on cryptographically secure origins, so a DCHECK caused attempts to set/delete cookies on http://localhost to crash. This CL replaces the DCHECK with an exception that is thrown on attempts to set/delete secure cookies on cryptographically insecure origins. Issue #2: The "secure" cookie attribute defaulted to true. Setting/deleting a secure cookie on a cryptographically insecure origin is prohibited. The cookieStore.delete() API excluded the option to set the "secure" attribute, however, so there was no way to delete an insecure cookie. This CL defaults the "secure" attribute to true on cryptographically secure origins, and false otherwise. Bug: 956641 Change-Id: Iff7c22713e8604d60b68d42199a74b2d08235712 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1700357 Commit-Queue: Staphany Park Reviewed-by: Victor Costan Cr-Commit-Position: refs/heads/master@{#681054} --- ..._delete_insecure.tentative.https.window.js | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 cookie-store/cookieStore_delete_insecure.tentative.https.window.js diff --git a/cookie-store/cookieStore_delete_insecure.tentative.https.window.js b/cookie-store/cookieStore_delete_insecure.tentative.https.window.js new file mode 100644 index 00000000000000..bb1907faf58dfd --- /dev/null +++ b/cookie-store/cookieStore_delete_insecure.tentative.https.window.js @@ -0,0 +1,19 @@ +'use strict'; + +promise_test(async t => { + await cookieStore.set('cookie-name', 'cookie-value', { secure: false }); + t.add_cleanup(async () => { await cookieStore.delete('cookie-name'); }); + + await cookieStore.delete('cookie-name'); + const cookie = await cookieStore.get('cookie-name'); + assert_equals(cookie, null); +}, 'cookieStore.delete(name) can delete an insecure cookie'); + +promise_test(async t => { + await cookieStore.set('cookie-name', 'cookie-value', { secure: false }); + t.add_cleanup(async () => { await cookieStore.delete('cookie-name'); }); + + await cookieStore.delete({ name: 'cookie-name' }); + const cookie = await cookieStore.get('cookie-name'); + assert_equals(cookie, null); +}, 'cookieStore.delete(options) can delete an insecure cookie'); \ No newline at end of file