Closed Bug 1568091 Opened 5 years ago Closed 5 years ago

[wpt-sync] Sync PR 17986 - Add cookie SameSite features to experimental web platform features

Categories

(Core :: Networking: Cookies, task, P5)

Product:
Core
Component:
Networking: Cookies
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla70
Tracking Flags:
Tracking Status
firefox70 --- fixed

People

(Reporter: mozilla.org, Unassigned)

References

(
URL
)

Details

(Whiteboard: [necko-triaged][wptsync downstream])

Sync web-platform-tests PR 17986 into mozilla-central (this bug is closed when the sync is complete).

PR: https://github.com/web-platform-tests/wpt/pull/17986
Details from upstream follow.

Lily Chen <chlily@chromium.org> wrote:

Add cookie SameSite features to experimental web platform features

SameSiteByDefaultCookies and CookiesWithoutSameSiteMustBeSecure,
as well as CookieDeprecationMessages can now be turned on by
running with command line flag
--enable-experimental-web-platform-features.

  • SameSiteByDefaultCookies causes cookies that don't specify a
    SameSite attribute to be treated as Lax, and introduces
    SameSite=None to explicitly request cross-site use.
  • CookiesWithoutSameSiteMustBeSecure requires SameSite=None
    cookies to be Secure, otherwise they are rejected.
  • CookieDeprecationMessages shows console messages when cookies
    are not sent or saved due to either of the above SameSite
    features.

The web tests and browser tests run with experimental web
platform features enabled are also updated to reflect the new
behavior, including running on https because of the
CookiesWithoutSameSiteMustBeSecure restriction.

This also adds SameSite=None test coverage to a couple
places that didn't already have it.

Bug: 953306, 954551, 961439
Change-Id: I50ea7a6fb73969acf9ba3088310d7d246bc11a05
Reviewed-on: https://chromium-review.googlesource.com/1691522
WPT-Export-Revision: 9c62bf4baaabd716fc0a65a3985ff30c1350853e

Component: web-platform-tests → Networking: Cookies
Product: Testing → Core
Priority: P4 → P5
Whiteboard: [wptsync downstream] → [necko-triaged][wptsync downstream]
Priority: P5 → P4
Whiteboard: [necko-triaged][wptsync downstream] → [wptsync downstream]
Priority: P4 → P5
Whiteboard: [wptsync downstream] → [necko-triaged][wptsync downstream]
Priority: P5 → P4
Whiteboard: [necko-triaged][wptsync downstream] → [wptsync downstream]
Priority: P4 → P5
Whiteboard: [wptsync downstream] → [necko-triaged][wptsync downstream]
Priority: P5 → P4
Whiteboard: [necko-triaged][wptsync downstream] → [wptsync downstream]
Priority: P4 → P5
Whiteboard: [wptsync downstream] → [necko-triaged][wptsync downstream]
Ran 34 tests and 267[android-em-7.0-x86_64-debug-geckoview,android-em-7.0-x86_64-opt-geckoview], 261[linux32-shippable-opt,linux64-asan-opt,linux64-debug,linux64-opt,linux64-qr-debug,linux64-qr-opt,linux64-shippable-opt,linux64-shippable-qr-opt,windows10-64-debug,windows10-64-opt,windows10-64-qr-debug,windows10-64-qr-opt,windows10-64-shippable-opt,windows10-64-shippable-qr-opt,windows7-32-debug,windows7-32-opt,windows7-32-shippable-opt] subtests
OK     : 32
PASS   : 223
FAIL   : 38
TIMEOUT: 4[android-em-7.0-x86_64-debug-geckoview,android-em-7.0-x86_64-opt-geckoview]
ERROR  : 2[linux32-shippable-opt,linux64-asan-opt,linux64-debug,linux64-opt,linux64-qr-debug,linux64-qr-opt,linux64-shippable-opt,linux64-shippable-qr-opt,windows10-64-debug,windows10-64-opt,windows10-64-qr-debug,windows10-64-qr-opt,windows10-64-shippable-opt,windows10-64-shippable-qr-opt,windows7-32-debug,windows7-32-opt,windows7-32-shippable-opt]
NOTRUN : 4[android-em-7.0-x86_64-debug-geckoview,android-em-7.0-x86_64-opt-geckoview]

New tests that have failures or other problems:
/cookies/samesite/fetch.https.html
    Cross-site fetches are cross-site: FAIL
    Cross-site redirecting to cross-site fetches are cross-site: FAIL
    Cross-site redirecting to same-host fetches are strictly same-site: FAIL
    Cross-site redirecting to subdomain fetches are strictly same-site: FAIL
    Same-host redirecting to cross-site fetches are cross-site: FAIL
    Subdomain redirecting to cross-site fetches are cross-site: FAIL
/cookies/samesite/fetch.https.html?legacy-samesite
    Cross-site redirecting to same-host fetches are strictly same-site: FAIL
    Cross-site redirecting to subdomain fetches are strictly same-site: FAIL
/cookies/samesite/form-get-blank.https.html
    Cross-site redirecting to same-host top-level form GETs are strictly same-site: FAIL
    Cross-site redirecting to subdomain top-level form GETs are strictly same-site: FAIL
/cookies/samesite/form-get-blank.https.html?legacy-samesite
    Cross-site redirecting to same-host top-level form GETs are strictly same-site: FAIL
    Cross-site redirecting to subdomain top-level form GETs are strictly same-site: FAIL
/cookies/samesite/form-post-blank-reload.https.html: TIMEOUT[android-em-7.0-x86_64-debug-geckoview,android-em-7.0-x86_64-opt-geckoview], ERROR[linux32-shippable-opt,linux64-asan-opt,linux64-debug,linux64-opt,linux64-qr-debug,linux64-qr-opt,linux64-shippable-opt,linux64-shippable-qr-opt,windows10-64-debug,windows10-64-opt,windows10-64-qr-debug,windows10-64-qr-opt,windows10-64-shippable-opt,windows10-64-shippable-qr-opt,windows7-32-debug,windows7-32-opt,windows7-32-shippable-opt]
    Reloaded cross-site top-level form POSTs are not same-site: NOTRUN[android-em-7.0-x86_64-debug-geckoview,android-em-7.0-x86_64-opt-geckoview]
    Reloaded same-host top-level form POSTs are strictly same-site: TIMEOUT[android-em-7.0-x86_64-debug-geckoview,android-em-7.0-x86_64-opt-geckoview]
    Reloaded subdomain top-level form POSTs are strictly same-site: NOTRUN[android-em-7.0-x86_64-debug-geckoview,android-em-7.0-x86_64-opt-geckoview]
/cookies/samesite/form-post-blank-reload.https.html?legacy-samesite: TIMEOUT[android-em-7.0-x86_64-debug-geckoview,android-em-7.0-x86_64-opt-geckoview], ERROR[linux32-shippable-opt,linux64-asan-opt,linux64-debug,linux64-opt,linux64-qr-debug,linux64-qr-opt,linux64-shippable-opt,linux64-shippable-qr-opt,windows10-64-debug,windows10-64-opt,windows10-64-qr-debug,windows10-64-qr-opt,windows10-64-shippable-opt,windows10-64-shippable-qr-opt,windows7-32-debug,windows7-32-opt,windows7-32-shippable-opt]
    Reloaded cross-site top-level form POSTs are not same-site: NOTRUN[android-em-7.0-x86_64-debug-geckoview,android-em-7.0-x86_64-opt-geckoview]
    Reloaded same-host top-level form POSTs are strictly same-site: TIMEOUT[android-em-7.0-x86_64-debug-geckoview,android-em-7.0-x86_64-opt-geckoview]
    Reloaded subdomain top-level form POSTs are strictly same-site: NOTRUN[android-em-7.0-x86_64-debug-geckoview,android-em-7.0-x86_64-opt-geckoview]
/cookies/samesite/form-post-blank.https.html
    Cross-site redirecting to cross-site top-level form POSTs are cross-site: FAIL
    Cross-site redirecting to same-host top-level form POSTs are strictly same-site: FAIL
    Cross-site redirecting to subdomain top-level form POSTs are strictly same-site: FAIL
    Cross-site top-level form POSTs are cross-site: FAIL
    Same-host redirecting to cross-site top-level form POSTs are cross-site: FAIL
    Subdomain redirecting to cross-site top-level form POSTs are cross-site: FAIL
/cookies/samesite/form-post-blank.https.html?legacy-samesite
    Cross-site redirecting to same-host top-level form POSTs are strictly same-site: FAIL
    Cross-site redirecting to subdomain top-level form POSTs are strictly same-site: FAIL
/cookies/samesite/iframe-reload.https.html
    Reloaded cross-site fetches are cross-site: FAIL
/cookies/samesite/iframe.https.html
    Cross-site fetches are cross-site: FAIL
    Cross-site redirecting to cross-site fetches are cross-site: FAIL
    Cross-site redirecting to same-host fetches are strictly same-site: FAIL
    Cross-site redirecting to subdomain fetches are strictly same-site: FAIL
    Same-host redirecting to cross-site fetches are cross-site: FAIL
    Subdomain redirecting to cross-site fetches are cross-site: FAIL
/cookies/samesite/iframe.https.html?legacy-samesite
    Cross-site redirecting to same-host fetches are strictly same-site: FAIL
    Cross-site redirecting to subdomain fetches are strictly same-site: FAIL
/cookies/samesite/img.https.html
    Cross-site images are cross-site: FAIL
    Cross-site redirecting to cross-site images are cross-site: FAIL
    Cross-site redirecting to same-host images are strictly same-site: FAIL
    Cross-site redirecting to subdomain images are strictly same-site: FAIL
    Same-host redirecting to cross-site images are cross-site: FAIL
    Subdomain redirecting to cross-site images are cross-site: FAIL
/cookies/samesite/img.https.html?legacy-samesite
    Cross-site redirecting to same-host images are strictly same-site: FAIL
    Cross-site redirecting to subdomain images are strictly same-site: FAIL
/cookies/samesite/setcookie-lax.https.html
    Cross-site window shouldn't be able to set `SameSite=Lax` or `SameSite=Strict` cookies.: FAIL
Pushed by wptsync@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/e0a7d47faddb
[wpt PR 17986] - Add cookie SameSite features to experimental web platform features, a=testonly
https://hg.mozilla.org/integration/mozilla-inbound/rev/a2a802a992a0
[wpt PR 17986] - Update wpt metadata, a=testonly

https://hg.mozilla.org/mozilla-central/rev/e0a7d47faddb
https://hg.mozilla.org/mozilla-central/rev/a2a802a992a0

Status: NEW → RESOLVED
Closed: 5 years ago
status-firefox70: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla70
You need to log in before you can comment on or make changes to this bug.