Exclude cookies from google.com domain

fix #11401 Auditors: @bsclifton, @bbondy Test Plan: 1. #11401 (comment) 2. #11647 (comment) 3. #11401 (comment) 4. 4.a Clear cookies on FF and Chrome, login to gmail account 1 and account 2 4.b Close FF and Chrome, Open Brave (clean profile) 4.c Import cookies only from FF and Chrome 4.d Navigate to mail.google.com --> you have to enter password for account 1 and account 2 (but no 2FA) 4.e Import cookies from FF and Chrome again, refresh gmail page (you will have to enter password again to login both accounts) 4.f Logout and you will see login page with both accounts loggout (no cookie mismatch error) 5. unit test
brave · Dec 4, 2017 · 74f4b11 · 74f4b11
1 parent 5677468
commit 74f4b11
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 5 deletions.
diff --git a/app/importer.js b/app/importer.js
@@ -225,8 +225,9 @@ importer.on('add-autofill-form-data-entries', (e, detail) => {
 const shouldSkipCookie = (cookie) => {
   // Bypassing cookie mismatch error in
   // https://github.com/brave/browser-laptop/issues/11401
-  if (['https://notifications.google.com', 'https://myaccount.google.com',
-    'https://accounts.google.com'].includes(cookie.url)) {
+  const googleDomain = /^.*\.google.com(\..+)*$/
+  if (cookie.domain.match(googleDomain) &&
+      ['OSID', 'LSID', 'SIDCC'].includes(cookie.name)) {
     return true
   }
   return false

diff --git a/test/unit/app/importerTest.js b/test/unit/app/importerTest.js
@@ -24,12 +24,18 @@ describe('importer unit tests', function () {
   })
 
   describe('shouldSkipCookie', function () {
-    it('returns true if domain is google and URL is one which has a mismatch', function () {
-      assert.equal(importer.shouldSkipCookie({domain: '.google.com', url: 'https://notifications.google.com'}), true)
+    it('returns true if domain is google and name is one which has a mismatch', function () {
+      assert.equal(importer.shouldSkipCookie({domain: '.google.com', name: 'OSID'}), true)
+      assert.equal(importer.shouldSkipCookie({domain: 'mail.google.com', name: 'LSID'}), true)
+      assert.equal(importer.shouldSkipCookie({domain: '.google.com.tw', name: 'SIDCC'}), true)
     })
 
     it('returns false for other cases', function () {
-      assert.equal(importer.shouldSkipCookie({domain: '.brave.com', url: 'https://brave.com'}), false)
+      assert.equal(importer.shouldSkipCookie({domain: '.brave.com', name: 'OSID'}), false)
+      assert.equal(importer.shouldSkipCookie({domain: 'ggoogle.com', name: 'OSID'}), false)
+      assert.equal(importer.shouldSkipCookie({domain: '.google.comm', name: 'OSID'}), false)
+      assert.equal(importer.shouldSkipCookie({domain: '.google.comm.', name: 'OSID'}), false)
+      assert.equal(importer.shouldSkipCookie({domain: '.google.com', name: 'BRAVE'}), false)
     })
   })
 })