Closed
Bug 1452715
Opened 7 years ago
Closed 7 years ago
Add support for same-site cookie attribute to "Cookies" side-panel
Categories
(DevTools :: Netmonitor, enhancement, P3)
DevTools
Netmonitor
Tracking
(firefox62 fixed)
RESOLVED
FIXED
Firefox 62
| Tracking | Status | |
|---|---|---|
| firefox62 | --- | fixed |
People
(Reporter: francois, Assigned: vincent, Mentored)
References
Details
(Keywords: dev-doc-complete, good-first-bug)
Attachments
(2 files)
cookie-panel.png
We are enabling support for the SameSite cookie attribute (values: Strict, Lax) in Firefox.
It would be nice if the cookie panel of the network tab would show the value of this attribute if it's present.
To test this, log into Github and look at the `__Host-user_session_same_site` cookie.
|
||
Updated•7 years ago
|
Severity: normal → enhancement
Priority: -- → P3
|
|
||
Comment 1•7 years ago
|
||
Thanks for reporting this!
Detailed information for anyone interested in fixing this bug:
1) The Network panel is displaying list of cookies is a side panel called "Cookies" (see the attached screenshot). This side panel is implemented as React component: CookiesPanel
https://searchfox.org/mozilla-central/source/devtools/client/netmonitor/src/components/CookiesPanel.js
2) The screenshot shows also `__Host-user_session_same_site` cookies with attributes like: httpOnly, path, secure, etc. But, the new "SameSite" attribute is missing -> BUG
3) HTTP SetCookie header is parsed using `parseSetCookieHeader` helper:
https://searchfox.org/mozilla-central/rev/b55e1a1cbcaee34878e133fbac20c4c2af6e11b5/devtools/shared/webconsole/network-helper.js#358
This method doesn't support the new attribute "SameSite". This is the place that needs to be fixed.
4) This also needs a test to avoid regression.
There is already a test verifying cookies sorting:
devtools\client\netmonitor\test\browser_net_cookies_sorted.js
This test is loading a helper server side file (*.sjs) that is used to set Set-Cookie HTTP header.
devtools/client/netmonitor/test/sjs_simple-unsorted-cookies-test-server.sjs
The new test will be very similar:
1) Initialize Network monitor: `initNetMonitor(THE_NEW_SJS_FILE_WITH_CUSTOM_COOKIE);`
2) Waiting for page to be loaded `waitForNetworkEvents`
3) Selecting the Cookies panel (simulating mouse click): `EventUtils.sendMouseEvent({ type: "click" }, ...`
4) Verifying that `SameSite` value is there: `let labelCells = document.querySelectorAll(".treeLabelCell");` ...
---
STR:
1) Open DevTools Toolbox, select the Network panel
2) Load github.com, login
3) Select the first document request
4) Select the Cookies side panel and check `__Host-user_session_same_site`
5) `SameSite` attribute is missing -> BUG
----
Spec:
https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-02#section-5.3.7
Honza
|
|
||
Updated•7 years ago
|
|
||
Updated•7 years ago
|
Keywords: dev-doc-needed
|
||
Comment 2•7 years ago
|
||
Note that the Storage tool displays the same-site status (added in bug 1298370) so devtools does know this somewhere. It's just missing on the Network details side-panel.
|
|
||
Updated•7 years ago
|
No longer blocks: samesite-cookies
Depends on: samesite-cookies
|
Reporter | |
Updated•7 years ago
|
Summary: Add support for same-site cookie attribute → Add support for same-site cookie attribute to "Cookies" side-panel
See https://searchfox.org/mozilla-central/source/devtools/server/actors/storage.js#575 for the storage inspector's implementation.
|
Assignee | |
Comment 4•7 years ago
|
||
I will work on that :-)
|
|
Assignee | |
Updated•7 years ago
|
Assignee: nobody → vi.le
|
|
Assignee | |
Updated•7 years ago
|
Status: NEW → ASSIGNED
|
|
||
Comment 5•7 years ago
|
||
Great!
Let me know if you have any questions.
Honza
|
|
Assignee | |
Comment 6•7 years ago
|
||
Thanks
| Comment hidden (mozreview-request) |
|
|
||
Comment 8•7 years ago
|
||
| mozreview-review | ||
Comment on attachment 8973466 [details]
Bug 1452715 - Add support for same-site cookie attribute to "Cookies" netmonitor side-panel;
https://reviewboard.mozilla.org/r/241854/#review247858
Thanks for the patch, looks great to me!
Just one inline comment.
Honza
::: devtools/client/netmonitor/test/browser_net_set-cookie-same-site.js:28
(Diff revision 1)
> + EventUtils.sendMouseEvent({ type: "mousedown" },
> + document.querySelectorAll(".request-list-item")[0]);
> + await wait;
> +
> + EventUtils.sendMouseEvent({ type: "mousedown" },
> + document.querySelectorAll(".request-list-item")[0]);
Why you sending 'mousedown' to the first reqest item again?
Attachment #8973466 -
Flags: review?(odvarko)
| Comment hidden (mozreview-request) |
|
|
Assignee | |
Comment 10•7 years ago
|
||
| mozreview-review-reply | ||
Comment on attachment 8973466 [details]
Bug 1452715 - Add support for same-site cookie attribute to "Cookies" netmonitor side-panel;
https://reviewboard.mozilla.org/r/241854/#review247858
> Why you sending 'mousedown' to the first reqest item again?
That was a mistake, sorry!
|
|
||
Comment 11•7 years ago
|
||
| mozreview-review | ||
Comment on attachment 8973466 [details]
Bug 1452715 - Add support for same-site cookie attribute to "Cookies" netmonitor side-panel;
https://reviewboard.mozilla.org/r/241854/#review248174
Looks good to me now, thanks for the patch!
R+
Honza
Attachment #8973466 -
Flags: review?(odvarko) → review+
|
|
Assignee | |
Comment 12•7 years ago
|
||
And thank you for the review!
Try push here: https://treeherder.mozilla.org/#/jobs?repo=try&revision=512270eb189566b391f6873de19344a200dd658c
|
|
Assignee | |
Comment 13•7 years ago
|
||
Everything seems good
|
|
Assignee | |
Updated•7 years ago
|
Keywords: checkin-needed
|
||
Comment 14•7 years ago
|
||
We're sorry, Autoland could not rebase your commits for you automatically. Please manually rebase your commits and try again.
hg error in cmd: hg rebase -s db06a860d50f616c73df5eea1354613dea05d7c6 -d 31b295f557db: rebasing 463063:db06a860d50f "Bug 1452715 - Add support for same-site cookie attribute to "Cookies" netmonitor side-panel; r=Honza" (tip)
merging devtools/client/netmonitor/test/browser.ini
merging devtools/client/netmonitor/test/head.js
warning: conflicts while merging devtools/client/netmonitor/test/head.js! (edit, then use 'hg resolve --mark')
unresolved conflicts (see hg resolve, then hg rebase --continue)
|
||
Updated•7 years ago
|
Keywords: checkin-needed
| Comment hidden (mozreview-request) |
|
|
Assignee | |
Comment 16•7 years ago
|
||
Rebased the commit on top of latest m-c
|
||
Comment 17•7 years ago
|
||
Pushed by ntim.bugs@gmail.com:
https://hg.mozilla.org/integration/autoland/rev/782b1ae19860
Add support for same-site cookie attribute to "Cookies" netmonitor side-panel; r=Honza
|
||
Comment 18•7 years ago
|
||
| bugherder | ||
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
status-firefox62:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → Firefox 62
|
||
Updated•7 years ago
|
Product: Firefox → DevTools
|
|
||
Comment 19•7 years ago
|
||
I have added an extra screenshot and some information about the new attribute being shown in devtools:
https://developer.mozilla.org/en-US/docs/Tools/Network_Monitor#Cookies
And a note in the Fx62 rel notes:
https://developer.mozilla.org/en-US/Firefox/Releases/62#Developer_tools
Let me know if that looks OK. Thanks!
Flags: needinfo?(odvarko)
Keywords: dev-doc-needed → dev-doc-complete
You need to log in
before you can comment on or make changes to this bug.
Description
•