Closed Bug 1630709 Opened 4 months ago Closed 3 months ago

[wpt-sync] Sync PR 23026 - CookieStore: Add validation behavior for __Host- prefixed cookies

Categories

(Testing :: web-platform-tests, task, P4)

task

Tracking

(firefox77 fixed)

RESOLVED FIXED
mozilla77
Tracking Status
firefox77 --- fixed

People

(Reporter: mozilla.org, Unassigned)

References

()

Details

(Whiteboard: [wptsync downstream])

Sync web-platform-tests PR 23026 into mozilla-central (this bug is closed when the sync is complete).

PR: https://github.com/web-platform-tests/wpt/pull/23026
Details from upstream follow.

Ayu Ishii <ayui@chromium.org> wrote:

CookieStore: Add validation behavior for __Host- prefixed cookies

This change adds the following checks for "__Host-" prefixed cookies:

  1. Disallows overwriting with an explicit domain
  2. Disallows non "/" path

This behavior is mentioned in the spec here [1].
Creating a cookie that violates this will cause a crash without
this change.

[1] https://wicg.github.io/cookie-store/#prefixes

Change-Id: I20968f11759019921aa7a6b37602878a17b091ff

Reviewed-on: https://chromium-review.googlesource.com/2151825
WPT-Export-Revision: f2bcd403d9f8dac7d9b52624aeac432e541b4254

Status: NEW → RESOLVED
Closed: 3 months ago
Resolution: --- → INVALID
Status: RESOLVED → REOPENED
Resolution: INVALID → ---

CI Results

Ran 13 Firefox configurations based on mozilla-central, and Firefox, Chrome, and Safari on GitHub CI

Total 61 tests

Status Summary

Firefox

OK : 2
PASS: 59
FAIL: 16

Chrome

OK : 2
PASS: 12
FAIL: 4

Safari

OK : 2
FAIL: 16

Links

Gecko CI (Treeherder)
GitHub PR Head
GitHub PR Base

Details

New Tests That Don't Pass

/cookie-store/cookieStore_special_names.tentative.https.any.html
cookieStore.set with __Host- name on secure origin: FAIL (Chrome: PASS, Safari: FAIL)
cookieStore.set of expired __Host- cookie name on secure origin: FAIL (Chrome: PASS, Safari: FAIL)
cookieStore.delete with __Host- name on secure origin: FAIL (Chrome: PASS, Safari: FAIL)
cookieStore.set with __Host- prefix and a domain option: FAIL (Chrome: FAIL, Safari: FAIL)
cookieStore.set of expired __Secure- cookie name on secure origin: FAIL (Chrome: PASS, Safari: FAIL)
cookieStore.set with __Host- prefix a path option: FAIL (Chrome: FAIL, Safari: FAIL)
cookieStore.set with __Secure- name on secure origin: FAIL (Chrome: PASS, Safari: FAIL)
cookieStore.delete with __Secure- name on secure origin: FAIL (Chrome: PASS, Safari: FAIL)
/cookie-store/cookieStore_special_names.tentative.https.any.serviceworker.html
cookieStore.set with __Host- name on secure origin: FAIL (Chrome: PASS, Safari: FAIL)
cookieStore.set of expired __Host- cookie name on secure origin: FAIL (Chrome: PASS, Safari: FAIL)
cookieStore.delete with __Host- name on secure origin: FAIL (Chrome: PASS, Safari: FAIL)
cookieStore.set with __Host- prefix and a domain option: FAIL (Chrome: FAIL, Safari: FAIL)
cookieStore.set of expired __Secure- cookie name on secure origin: FAIL (Chrome: PASS, Safari: FAIL)
cookieStore.set with __Host- prefix a path option: FAIL (Chrome: FAIL, Safari: FAIL)
cookieStore.set with __Secure- name on secure origin: FAIL (Chrome: PASS, Safari: FAIL)
cookieStore.delete with __Secure- name on secure origin: FAIL (Chrome: PASS, Safari: FAIL)

Pushed by wptsync@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/a8adacf0c03c
[wpt PR 23026] - CookieStore: Add validation behavior for __Host- prefixed cookies, a=testonly
https://hg.mozilla.org/integration/autoland/rev/91ca84116f3a
[wpt PR 23026] - Update wpt metadata, a=testonly
Pushed by archaeopteryx@coole-files.de:
https://hg.mozilla.org/integration/autoland/rev/b344b9215d48
[wpt PR 23026] - CookieStore: Add validation behavior for __Host- prefixed cookies, a=testonly
https://hg.mozilla.org/integration/autoland/rev/e4651ad80765
[wpt PR 23026] - Update wpt metadata, a=testonly
Status: REOPENED → RESOLVED
Closed: 3 months ago3 months ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla77
You need to log in before you can comment on or make changes to this bug.