[wpt-sync] Sync PR 23026 - CookieStore: Add validation behavior for __Host- prefixed cookies
Categories
(Testing :: web-platform-tests, task, P4)
Tracking
(firefox77 fixed)
| Tracking | Status | |
|---|---|---|
| firefox77 | --- | fixed |
People
(Reporter: wpt-sync, Unassigned)
References
()
Details
(Whiteboard: [wptsync downstream])
Sync web-platform-tests PR 23026 into mozilla-central (this bug is closed when the sync is complete).
PR: https://github.com/web-platform-tests/wpt/pull/23026
Details from upstream follow.
Ayu Ishii <ayui@chromium.org> wrote:
CookieStore: Add validation behavior for __Host- prefixed cookies
This change adds the following checks for "__Host-" prefixed cookies:
- Disallows overwriting with an explicit domain
- Disallows non "/" path
This behavior is mentioned in the spec here [1].
Creating a cookie that violates this will cause a crash without
this change.[1] https://wicg.github.io/cookie-store/#prefixes
Change-Id: I20968f11759019921aa7a6b37602878a17b091ff
Reviewed-on: https://chromium-review.googlesource.com/2151825
WPT-Export-Revision: f2bcd403d9f8dac7d9b52624aeac432e541b4254
|
Assignee | |
Updated•5 years ago
|
|
|
Assignee | |
Updated•5 years ago
|
|
|
Assignee | |
Comment 1•5 years ago
|
||
|
|
Assignee | |
Comment 2•5 years ago
|
||
CI Results
Ran 13 Firefox configurations based on mozilla-central, and Firefox, Chrome, and Safari on GitHub CI
Total 61 tests
Status Summary
Firefox
OK : 2
PASS: 59
FAIL: 16
Chrome
OK : 2
PASS: 12
FAIL: 4
Safari
OK : 2
FAIL: 16
Links
Gecko CI (Treeherder)
GitHub PR Head
GitHub PR Base
Details
New Tests That Don't Pass
/cookie-store/cookieStore_special_names.tentative.https.any.html
cookieStore.set with __Host- name on secure origin: FAIL (Chrome: PASS, Safari: FAIL)
cookieStore.set of expired __Host- cookie name on secure origin: FAIL (Chrome: PASS, Safari: FAIL)
cookieStore.delete with __Host- name on secure origin: FAIL (Chrome: PASS, Safari: FAIL)
cookieStore.set with __Host- prefix and a domain option: FAIL (Chrome: FAIL, Safari: FAIL)
cookieStore.set of expired __Secure- cookie name on secure origin: FAIL (Chrome: PASS, Safari: FAIL)
cookieStore.set with __Host- prefix a path option: FAIL (Chrome: FAIL, Safari: FAIL)
cookieStore.set with __Secure- name on secure origin: FAIL (Chrome: PASS, Safari: FAIL)
cookieStore.delete with __Secure- name on secure origin: FAIL (Chrome: PASS, Safari: FAIL)
/cookie-store/cookieStore_special_names.tentative.https.any.serviceworker.html
cookieStore.set with __Host- name on secure origin: FAIL (Chrome: PASS, Safari: FAIL)
cookieStore.set of expired __Host- cookie name on secure origin: FAIL (Chrome: PASS, Safari: FAIL)
cookieStore.delete with __Host- name on secure origin: FAIL (Chrome: PASS, Safari: FAIL)
cookieStore.set with __Host- prefix and a domain option: FAIL (Chrome: FAIL, Safari: FAIL)
cookieStore.set of expired __Secure- cookie name on secure origin: FAIL (Chrome: PASS, Safari: FAIL)
cookieStore.set with __Host- prefix a path option: FAIL (Chrome: FAIL, Safari: FAIL)
cookieStore.set with __Secure- name on secure origin: FAIL (Chrome: PASS, Safari: FAIL)
cookieStore.delete with __Secure- name on secure origin: FAIL (Chrome: PASS, Safari: FAIL)
|
||
Comment 5•5 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/b344b9215d48
https://hg.mozilla.org/mozilla-central/rev/e4651ad80765
Description
•