Google Git
Sign in
chromium / chromium / src.git / 52a72af85b8eed3602540036b1c7abdfd3a585b9 / . / chrome / browser / net / cookie_policy_browsertest.cc
blob: 5dbbc165fbe08d733c21f2604c4e1fb3df2aaeb5 [file] [log] [blame]
[email protected]aa84a7e2012-03-15 21:29:06[diff] [blame]1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
[email protected]c145edad2009-11-18 02:14:27[diff] [blame]2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
[email protected]218aa6a12011-09-13 17:38:38[diff] [blame]5#include "base/bind.h"
[email protected]ee611372011-11-29 05:41:17[diff] [blame]6#include "base/bind_helpers.h"
avi6846aef2015-12-26 01:09:38[diff] [blame]7#include "base/macros.h"
Christian Dullweber10d62c12019-08-19 12:08:19[diff] [blame]8#include "base/path_service.h"
Lei Zhangfe5b86932019-02-01 17:26:59[diff] [blame]9#include "base/strings/stringprintf.h"
Christian Dullweber10d62c12019-08-19 12:08:19[diff] [blame]10#include "base/test/scoped_feature_list.h"
11#include "chrome/browser/content_settings/cookie_settings_factory.h"
[email protected]8ecad5e2010-12-02 21:18:33[diff] [blame]12#include "chrome/browser/profiles/profile.h"
[email protected]7b5dc002010-11-16 23:08:10[diff] [blame]13#include "chrome/browser/ui/browser.h"
[email protected]59253a652012-11-20 00:17:26[diff] [blame]14#include "chrome/browser/ui/tabs/tab_strip_model.h"
[email protected]30fde822011-10-28 09:49:05[diff] [blame]15#include "chrome/common/pref_names.h"
[email protected]af44e7fb2011-07-29 18:32:32[diff] [blame]16#include "chrome/test/base/in_process_browser_test.h"
17#include "chrome/test/base/ui_test_utils.h"
Christian Dullweber10d62c12019-08-19 12:08:19[diff] [blame]18#include "components/content_settings/core/browser/cookie_settings.h"
19#include "components/content_settings/core/common/features.h"
droger8ff2b7e2015-06-26 16:30:02[diff] [blame]20#include "components/content_settings/core/common/pref_names.h"
Christian Dullweber4a8afe22019-09-19 16:57:32[diff] [blame]21#include "components/network_session_configurator/common/network_switches.h"
brettwb1fc1b82016-02-02 00:19:08[diff] [blame]22#include "components/prefs/pref_service.h"
Christian Dullweber10d62c12019-08-19 12:08:19[diff] [blame]23#include "content/public/common/content_paths.h"
[email protected]88509ab2012-08-27 15:04:14[diff] [blame]24#include "content/public/test/browser_test_utils.h"
Mike Westdd5cc632018-09-07 17:44:23[diff] [blame]25#include "content/public/test/test_navigation_observer.h"
[email protected]f2cb3cf2013-03-21 01:40:53[diff] [blame]26#include "net/dns/mock_host_resolver.h"
svaldeze2745872015-11-04 23:30:20[diff] [blame]27#include "net/test/embedded_test_server/embedded_test_server.h"
[email protected]c145edad2009-11-18 02:14:27[diff] [blame]28
[email protected]631bb742011-11-02 11:29:39[diff] [blame]29using content::BrowserThread;
30
[email protected]9eaa18e2010-06-29 20:51:01[diff] [blame]31namespace {
32
Christian Dullweber10d62c12019-08-19 12:08:19[diff] [blame]33const std::vector<std::string> kStorageTypes{
Christian Dullweber4a8afe22019-09-19 16:57:32[diff] [blame]34 "Cookie", "LocalStorage", "FileSystem", "SessionStorage",
Christian Dullweber2a2f2182019-09-25 15:44:54[diff] [blame]35 "IndexedDb", "WebSql", "CacheStorage", "ServiceWorker",
Christian Dullweber10d62c12019-08-19 12:08:19[diff] [blame]36};
37
[email protected]9eaa18e2010-06-29 20:51:01[diff] [blame]38class CookiePolicyBrowserTest : public InProcessBrowserTest {
39 protected:
Christian Dullweber4a8afe22019-09-19 16:57:32[diff] [blame]40 CookiePolicyBrowserTest()
41 : https_server_(net::EmbeddedTestServer::TYPE_HTTPS) {}
[email protected]c145edad2009-11-18 02:14:27[diff] [blame]42
jam1a5b5582017-05-01 16:50:10[diff] [blame]43 void SetUpOnMainThread() override {
44 host_resolver()->AddRule("*", "127.0.0.1");
Christian Dullweber10d62c12019-08-19 12:08:19[diff] [blame]45 base::FilePath path;
46 base::PathService::Get(content::DIR_TEST_DATA, &path);
Christian Dullweber4a8afe22019-09-19 16:57:32[diff] [blame]47 https_server_.ServeFilesFromDirectory(path);
48 https_server_.AddDefaultHandlers(GetChromeTestDataDir());
49 ASSERT_TRUE(https_server_.Start());
50 }
51
52 void SetUpCommandLine(base::CommandLine* command_line) override {
53 // HTTPS server only serves a valid cert for localhost, so this is needed
54 // to load pages from other hosts without an error.
55 command_line->AppendSwitch(switches::kIgnoreCertificateErrors);
Mike Westdd5cc632018-09-07 17:44:23[diff] [blame]56 }
57
58 void SetBlockThirdPartyCookies(bool value) {
59 browser()->profile()->GetPrefs()->SetBoolean(prefs::kBlockThirdPartyCookies,
60 value);
61 }
62
63 void NavigateToPageWithFrame(const std::string& host) {
Christian Dullweber4a8afe22019-09-19 16:57:32[diff] [blame]64 GURL main_url(https_server_.GetURL(host, "/iframe.html"));
Mike Westdd5cc632018-09-07 17:44:23[diff] [blame]65 ui_test_utils::NavigateToURL(browser(), main_url);
66 }
67
68 void NavigateFrameTo(const std::string& host, const std::string& path) {
Christian Dullweber4a8afe22019-09-19 16:57:32[diff] [blame]69 GURL page = https_server_.GetURL(host, path);
Mike Westdd5cc632018-09-07 17:44:23[diff] [blame]70 content::WebContents* web_contents =
71 browser()->tab_strip_model()->GetActiveWebContents();
72 EXPECT_TRUE(NavigateIframeToURL(web_contents, "test", page));
73 }
74
75 void ExpectFrameContent(const std::string& expected) {
Mike Westdd5cc632018-09-07 17:44:23[diff] [blame]76 std::string content;
77 ASSERT_TRUE(ExecuteScriptAndExtractString(
Christian Dullweber10d62c12019-08-19 12:08:19[diff] [blame]78 GetFrame(),
Mike Westdd5cc632018-09-07 17:44:23[diff] [blame]79 "window.domAutomationController.send(document.body.textContent)",
80 &content));
81 EXPECT_EQ(expected, content);
82 }
83
84 void NavigateNestedFrameTo(const std::string& host, const std::string& path) {
Christian Dullweber4a8afe22019-09-19 16:57:32[diff] [blame]85 GURL url(https_server_.GetURL(host, path));
Mike Westdd5cc632018-09-07 17:44:23[diff] [blame]86 content::WebContents* web_contents =
87 browser()->tab_strip_model()->GetActiveWebContents();
Mike Westdd5cc632018-09-07 17:44:23[diff] [blame]88 content::TestNavigationObserver load_observer(web_contents);
89 ASSERT_TRUE(ExecuteScript(
Christian Dullweber10d62c12019-08-19 12:08:19[diff] [blame]90 GetFrame(),
Mike Westdd5cc632018-09-07 17:44:23[diff] [blame]91 base::StringPrintf("document.body.querySelector('iframe').src = '%s';",
92 url.spec().c_str())));
93 load_observer.Wait();
94 }
95
96 void ExpectNestedFrameContent(const std::string& expected) {
Mike Westdd5cc632018-09-07 17:44:23[diff] [blame]97 std::string content;
98 ASSERT_TRUE(ExecuteScriptAndExtractString(
Christian Dullweber10d62c12019-08-19 12:08:19[diff] [blame]99 GetNestedFrame(),
Mike Westdd5cc632018-09-07 17:44:23[diff] [blame]100 "window.domAutomationController.send(document.body.textContent)",
101 &content));
102 EXPECT_EQ(expected, content);
103 }
104
105 void ExpectCookiesOnHost(const std::string& host,
106 const std::string& expected) {
Christian Dullweber4a8afe22019-09-19 16:57:32[diff] [blame]107 EXPECT_EQ(expected, content::GetCookies(browser()->profile(),
108 https_server_.GetURL(host, "/")));
jam1a5b5582017-05-01 16:50:10[diff] [blame]109 }
110
Christian Dullweber10d62c12019-08-19 12:08:19[diff] [blame]111 void SetStorageForFrame(content::RenderFrameHost* frame) {
112 for (const auto& data_type : kStorageTypes) {
113 bool data;
114 EXPECT_TRUE(content::ExecuteScriptAndExtractBool(
115 frame, "set" + data_type + "()", &data));
116 EXPECT_TRUE(data) << data_type;
117 }
118 }
119
120 void ExpectStorageForFrame(content::RenderFrameHost* frame, bool expected) {
121 for (const auto& data_type : kStorageTypes) {
122 bool data;
123 EXPECT_TRUE(content::ExecuteScriptAndExtractBool(
Christian Dullweber4a8afe22019-09-19 16:57:32[diff] [blame]124 frame, "has" + data_type + "();", &data));
Christian Dullweber10d62c12019-08-19 12:08:19[diff] [blame]125 EXPECT_EQ(expected, data) << data_type;
126 }
127 }
128
129 content::RenderFrameHost* GetFrame() {
130 content::WebContents* web_contents =
131 browser()->tab_strip_model()->GetActiveWebContents();
132 return ChildFrameAt(web_contents->GetMainFrame(), 0);
133 }
134
135 content::RenderFrameHost* GetNestedFrame() {
136 return ChildFrameAt(GetFrame(), 0);
137 }
138
Christian Dullweber4a8afe22019-09-19 16:57:32[diff] [blame]139 protected:
140 net::test_server::EmbeddedTestServer https_server_;
141
[email protected]c145edad2009-11-18 02:14:27[diff] [blame]142 private:
143 DISALLOW_COPY_AND_ASSIGN(CookiePolicyBrowserTest);
144};
145
146// Visits a page that sets a first-party cookie.
147IN_PROC_BROWSER_TEST_F(CookiePolicyBrowserTest, AllowFirstPartyCookies) {
Mike Westdd5cc632018-09-07 17:44:23[diff] [blame]148 SetBlockThirdPartyCookies(false);
[email protected]c145edad2009-11-18 02:14:27[diff] [blame]149
Christian Dullweber4a8afe22019-09-19 16:57:32[diff] [blame]150 GURL url(https_server_.GetURL("/set-cookie?cookie1"));
[email protected]c145edad2009-11-18 02:14:27[diff] [blame]151
[email protected]1f2469a2012-12-13 21:19:55[diff] [blame]152 std::string cookie = content::GetCookies(browser()->profile(), url);
[email protected]c145edad2009-11-18 02:14:27[diff] [blame]153 ASSERT_EQ("", cookie);
154
155 ui_test_utils::NavigateToURL(browser(), url);
156
[email protected]1f2469a2012-12-13 21:19:55[diff] [blame]157 cookie = content::GetCookies(browser()->profile(), url);
[email protected]c145edad2009-11-18 02:14:27[diff] [blame]158 EXPECT_EQ("cookie1", cookie);
159}
160
[email protected]c145edad2009-11-18 02:14:27[diff] [blame]161// Visits a page that is a redirect across domain boundary to a page that sets
162// a first-party cookie.
163IN_PROC_BROWSER_TEST_F(CookiePolicyBrowserTest,
164 AllowFirstPartyCookiesRedirect) {
Mike Westdd5cc632018-09-07 17:44:23[diff] [blame]165 SetBlockThirdPartyCookies(true);
[email protected]c145edad2009-11-18 02:14:27[diff] [blame]166
Christian Dullweber4a8afe22019-09-19 16:57:32[diff] [blame]167 GURL url(https_server_.GetURL("/server-redirect?"));
168 GURL redirected_url(https_server_.GetURL("/set-cookie?cookie2"));
[email protected]c145edad2009-11-18 02:14:27[diff] [blame]169
[email protected]95409e12010-08-17 20:07:11[diff] [blame]170 // Change the host name from 127.0.0.1 to www.example.com so it triggers
[email protected]c145edad2009-11-18 02:14:27[diff] [blame]171 // third-party cookie blocking if the first party for cookies URL is not
172 // changed when we follow a redirect.
[email protected]95409e12010-08-17 20:07:11[diff] [blame]173 ASSERT_EQ("127.0.0.1", redirected_url.host());
[email protected]c145edad2009-11-18 02:14:27[diff] [blame]174 GURL::Replacements replacements;
mgiuca77752c32015-02-05 07:31:18[diff] [blame]175 replacements.SetHostStr("www.example.com");
[email protected]c145edad2009-11-18 02:14:27[diff] [blame]176 redirected_url = redirected_url.ReplaceComponents(replacements);
177
[email protected]1f2469a2012-12-13 21:19:55[diff] [blame]178 std::string cookie =
179 content::GetCookies(browser()->profile(), redirected_url);
[email protected]c145edad2009-11-18 02:14:27[diff] [blame]180 ASSERT_EQ("", cookie);
181
Lily Chen52a72af2019-10-23 15:37:11[diff] [blame^]182 // This cookie can be set even if it is Lax-by-default because the redirect
183 // counts as a top-level navigation and therefore the context is lax.
[email protected]c145edad2009-11-18 02:14:27[diff] [blame]184 ui_test_utils::NavigateToURL(browser(),
185 GURL(url.spec() + redirected_url.spec()));
186
[email protected]1f2469a2012-12-13 21:19:55[diff] [blame]187 cookie = content::GetCookies(browser()->profile(), redirected_url);
[email protected]c145edad2009-11-18 02:14:27[diff] [blame]188 EXPECT_EQ("cookie2", cookie);
189}
[email protected]9eaa18e2010-06-29 20:51:01[diff] [blame]190
Mike Westdd5cc632018-09-07 17:44:23[diff] [blame]191// Third-Party Frame Tests
192IN_PROC_BROWSER_TEST_F(CookiePolicyBrowserTest,
193 ThirdPartyCookiesIFrameAllowSetting) {
194 SetBlockThirdPartyCookies(false);
195
196 NavigateToPageWithFrame("a.com");
197
198 ExpectCookiesOnHost("b.com", "");
199
200 // Navigate iframe to a cross-site, cookie-setting endpoint, and verify that
201 // the cookie is set:
Lily Chen52a72af2019-10-23 15:37:11[diff] [blame^]202 NavigateFrameTo("b.com", "/set-cookie?thirdparty=1;SameSite=None;Secure");
203 ExpectCookiesOnHost("b.com", "thirdparty=1");
Mike Westdd5cc632018-09-07 17:44:23[diff] [blame]204
205 // Navigate iframe to a cross-site frame with a frame, and navigate _that_
206 // frame to a cross-site, cookie-setting endpoint, and verify that the cookie
207 // is set:
208 NavigateFrameTo("b.com", "/iframe.html");
Lily Chen52a72af2019-10-23 15:37:11[diff] [blame^]209 // Still need SameSite=None and Secure because the top-level is a.com so this
210 // is still cross-site.
211 NavigateNestedFrameTo("b.com",
212 "/set-cookie?thirdparty=2;SameSite=None;Secure");
213 ExpectCookiesOnHost("b.com", "thirdparty=2");
Mike Westdd5cc632018-09-07 17:44:23[diff] [blame]214
215 // Navigate iframe to a cross-site frame with a frame, and navigate _that_
216 // frame to a cross-site, cookie-setting endpoint, and verify that the cookie
217 // is set:
218 NavigateFrameTo("c.com", "/iframe.html");
Lily Chen52a72af2019-10-23 15:37:11[diff] [blame^]219 NavigateNestedFrameTo("b.com",
220 "/set-cookie?thirdparty=3;SameSite=None;Secure");
221 ExpectCookiesOnHost("b.com", "thirdparty=3");
Mike Westdd5cc632018-09-07 17:44:23[diff] [blame]222}
223
Lily Chen52a72af2019-10-23 15:37:11[diff] [blame^]224// This test does the same navigations as the test above, so we can be assured
225// that the cookies are actually blocked because of the
226// block-third-party-cookies setting, and not just because of SameSite or
227// whatever.
Mike Westdd5cc632018-09-07 17:44:23[diff] [blame]228IN_PROC_BROWSER_TEST_F(CookiePolicyBrowserTest,
229 ThirdPartyCookiesIFrameBlockSetting) {
230 SetBlockThirdPartyCookies(true);
231
232 NavigateToPageWithFrame("a.com");
233
234 // Navigate iframe to a cross-site, cookie-setting endpoint, and verify that
235 // the cookie is not set:
Lily Chen52a72af2019-10-23 15:37:11[diff] [blame^]236 NavigateFrameTo("b.com", "/set-cookie?thirdparty=1;SameSite=None;Secure");
Mike Westdd5cc632018-09-07 17:44:23[diff] [blame]237 ExpectCookiesOnHost("b.com", "");
238
239 // Navigate iframe to a cross-site frame with a frame, and navigate _that_
240 // frame to a cross-site, cookie-setting endpoint, and verify that the cookie
241 // is not set:
242 NavigateFrameTo("b.com", "/iframe.html");
Lily Chen52a72af2019-10-23 15:37:11[diff] [blame^]243 NavigateNestedFrameTo("b.com",
244 "/set-cookie?thirdparty=2;SameSite=None;Secure");
Mike Westdd5cc632018-09-07 17:44:23[diff] [blame]245 ExpectCookiesOnHost("b.com", "");
246
247 // Navigate iframe to a cross-site frame with a frame, and navigate _that_
248 // frame to a cross-site, cookie-setting endpoint, and verify that the cookie
249 // is not set:
250 NavigateFrameTo("c.com", "/iframe.html");
Lily Chen52a72af2019-10-23 15:37:11[diff] [blame^]251 NavigateNestedFrameTo("b.com",
252 "/set-cookie?thirdparty=3;SameSite=None;Secure");
Mike Westdd5cc632018-09-07 17:44:23[diff] [blame]253 ExpectCookiesOnHost("b.com", "");
254}
255
256IN_PROC_BROWSER_TEST_F(CookiePolicyBrowserTest,
257 ThirdPartyCookiesIFrameAllowReading) {
258 SetBlockThirdPartyCookies(false);
259
260 // Set a cookie on `b.com`.
Christian Dullweber4a8afe22019-09-19 16:57:32[diff] [blame]261 content::SetCookie(browser()->profile(), https_server_.GetURL("b.com", "/"),
Lily Chen52a72af2019-10-23 15:37:11[diff] [blame^]262 "thirdparty=1;SameSite=None;Secure");
263 ExpectCookiesOnHost("b.com", "thirdparty=1");
Mike Westdd5cc632018-09-07 17:44:23[diff] [blame]264
265 NavigateToPageWithFrame("a.com");
266
267 // Navigate iframe to a cross-site, cookie-reading endpoint, and verify that
268 // the cookie is sent:
269 NavigateFrameTo("b.com", "/echoheader?cookie");
Lily Chen52a72af2019-10-23 15:37:11[diff] [blame^]270 ExpectFrameContent("thirdparty=1");
Mike Westdd5cc632018-09-07 17:44:23[diff] [blame]271
272 // Navigate iframe to a cross-site frame with a frame, and navigate _that_
273 // frame to a cross-site page that echos the cookie header, and verify that
274 // the cookie is sent:
275 NavigateFrameTo("b.com", "/iframe.html");
276 NavigateNestedFrameTo("b.com", "/echoheader?cookie");
Lily Chen52a72af2019-10-23 15:37:11[diff] [blame^]277 ExpectNestedFrameContent("thirdparty=1");
Mike Westdd5cc632018-09-07 17:44:23[diff] [blame]278
279 // Navigate iframe to a cross-site frame with a frame, and navigate _that_
280 // frame to a distinct cross-site page that echos the cookie header, and
281 // verify that the cookie is not sent:
282 NavigateFrameTo("c.com", "/iframe.html");
283 NavigateNestedFrameTo("b.com", "/echoheader?cookie");
Lily Chen52a72af2019-10-23 15:37:11[diff] [blame^]284 ExpectNestedFrameContent("thirdparty=1");
Mike Westdd5cc632018-09-07 17:44:23[diff] [blame]285}
286
Lily Chen52a72af2019-10-23 15:37:11[diff] [blame^]287// This test does the same navigations as the test above, so we can be assured
288// that the cookies are actually blocked because of the
289// block-third-party-cookies setting, and not just because of SameSite or
290// whatever.
Mike Westdd5cc632018-09-07 17:44:23[diff] [blame]291IN_PROC_BROWSER_TEST_F(CookiePolicyBrowserTest,
292 ThirdPartyCookiesIFrameBlockReading) {
293 SetBlockThirdPartyCookies(true);
294
295 // Set a cookie on `b.com`.
Christian Dullweber4a8afe22019-09-19 16:57:32[diff] [blame]296 content::SetCookie(browser()->profile(), https_server_.GetURL("b.com", "/"),
Lily Chen52a72af2019-10-23 15:37:11[diff] [blame^]297 "thirdparty=1;SameSite=None;Secure");
298 ExpectCookiesOnHost("b.com", "thirdparty=1");
Mike Westdd5cc632018-09-07 17:44:23[diff] [blame]299
300 NavigateToPageWithFrame("a.com");
301
302 // Navigate iframe to a cross-site, cookie-reading endpoint, and verify that
303 // the cookie is not sent:
304 NavigateFrameTo("b.com", "/echoheader?cookie");
305 ExpectFrameContent("None");
306
307 // Navigate iframe to a cross-site frame with a frame, and navigate _that_
308 // frame to a cross-site page that echos the cookie header, and verify that
309 // the cookie is not sent:
310 NavigateFrameTo("b.com", "/iframe.html");
311 NavigateNestedFrameTo("b.com", "/echoheader?cookie");
312 ExpectNestedFrameContent("None");
313
314 // Navigate iframe to a cross-site frame with a frame, and navigate _that_
315 // frame to a distinct cross-site page that echos the cookie header, and
316 // verify that the cookie is not sent:
317 NavigateFrameTo("c.com", "/iframe.html");
318 NavigateNestedFrameTo("b.com", "/echoheader?cookie");
319 ExpectNestedFrameContent("None");
320}
321
Christian Dullweber7ee07082019-10-15 08:13:37[diff] [blame]322IN_PROC_BROWSER_TEST_F(CookiePolicyBrowserTest,
Christian Dullweber10d62c12019-08-19 12:08:19[diff] [blame]323 ThirdPartyCookiesIFrameExceptions) {
324 SetBlockThirdPartyCookies(true);
325
326 // Set a cookie on `b.com`.
Christian Dullweber4a8afe22019-09-19 16:57:32[diff] [blame]327 content::SetCookie(browser()->profile(), https_server_.GetURL("b.com", "/"),
Lily Chen52a72af2019-10-23 15:37:11[diff] [blame^]328 "thirdparty=1;SameSite=None;Secure");
329 ExpectCookiesOnHost("b.com", "thirdparty=1");
330
331 // Set a cookie on othersite.com.
332 content::SetCookie(browser()->profile(),
333 https_server_.GetURL("othersite.com", "/"),
334 "thirdparty=other;SameSite=None;Secure");
335 ExpectCookiesOnHost("othersite.com", "thirdparty=other");
Christian Dullweber10d62c12019-08-19 12:08:19[diff] [blame]336
337 // Allow all requests to b.com to have cookies.
Lily Chen52a72af2019-10-23 15:37:11[diff] [blame^]338 // On the other hand, othersite.com does not have an exception set for it.
Christian Dullweber10d62c12019-08-19 12:08:19[diff] [blame]339 auto cookie_settings =
340 CookieSettingsFactory::GetForProfile(browser()->profile());
Christian Dullweber4a8afe22019-09-19 16:57:32[diff] [blame]341 GURL url = https_server_.GetURL("b.com", "/");
Christian Dullweber10d62c12019-08-19 12:08:19[diff] [blame]342 cookie_settings->SetCookieSetting(url, ContentSetting::CONTENT_SETTING_ALLOW);
343
344 NavigateToPageWithFrame("a.com");
345
346 // Navigate iframe to a cross-site, cookie-reading endpoint, and verify that
347 // the cookie is sent:
348 NavigateFrameTo("b.com", "/echoheader?cookie");
Lily Chen52a72af2019-10-23 15:37:11[diff] [blame^]349 ExpectFrameContent("thirdparty=1");
350 // Navigate iframe to othersite.com and verify that the cookie is not sent.
351 NavigateFrameTo("othersite.com", "/echoheader?cookie");
352 ExpectFrameContent("None");
Christian Dullweber10d62c12019-08-19 12:08:19[diff] [blame]353
354 // Navigate iframe to a cross-site frame with a frame, and navigate _that_
355 // frame to a cross-site page that echos the cookie header, and verify that
356 // the cookie is sent:
357 NavigateFrameTo("b.com", "/iframe.html");
358 NavigateNestedFrameTo("b.com", "/echoheader?cookie");
Lily Chen52a72af2019-10-23 15:37:11[diff] [blame^]359 ExpectNestedFrameContent("thirdparty=1");
360 // Navigate nested iframe to othersite.com and verify that the cookie is not
361 // sent.
362 NavigateNestedFrameTo("othersite.com", "/echoheader?cookie");
363 ExpectNestedFrameContent("None");
Christian Dullweber10d62c12019-08-19 12:08:19[diff] [blame]364
365 // Navigate iframe to a cross-site frame with a frame, and navigate _that_
366 // frame to a distinct cross-site page that echos the cookie header, and
367 // verify that the cookie is sent:
368 NavigateFrameTo("c.com", "/iframe.html");
369 NavigateNestedFrameTo("b.com", "/echoheader?cookie");
Lily Chen52a72af2019-10-23 15:37:11[diff] [blame^]370 ExpectNestedFrameContent("thirdparty=1");
371 // Navigate nested iframe to othersite.com and verify that the cookie is not
372 // sent.
373 NavigateNestedFrameTo("othersite.com", "/echoheader?cookie");
374 ExpectNestedFrameContent("None");
Christian Dullweber10d62c12019-08-19 12:08:19[diff] [blame]375}
376
Christian Dullweber7ee07082019-10-15 08:13:37[diff] [blame]377IN_PROC_BROWSER_TEST_F(CookiePolicyBrowserTest,
Christian Dullweber10d62c12019-08-19 12:08:19[diff] [blame]378 ThirdPartyCookiesIFrameThirdPartyExceptions) {
379 SetBlockThirdPartyCookies(true);
380
381 // Set a cookie on `b.com`.
Christian Dullweber4a8afe22019-09-19 16:57:32[diff] [blame]382 content::SetCookie(browser()->profile(), https_server_.GetURL("b.com", "/"),
Lily Chen52a72af2019-10-23 15:37:11[diff] [blame^]383 "thirdparty=1;SameSite=None;Secure");
384 ExpectCookiesOnHost("b.com", "thirdparty=1");
Christian Dullweber10d62c12019-08-19 12:08:19[diff] [blame]385
386 // Allow all requests on the top frame domain a.com to have cookies.
387 auto cookie_settings =
388 CookieSettingsFactory::GetForProfile(browser()->profile());
Christian Dullweber4a8afe22019-09-19 16:57:32[diff] [blame]389 GURL url = https_server_.GetURL("a.com", "/");
Christian Dullweber10d62c12019-08-19 12:08:19[diff] [blame]390 cookie_settings->SetThirdPartyCookieSetting(
391 url, ContentSetting::CONTENT_SETTING_ALLOW);
392
393 NavigateToPageWithFrame("a.com");
394
395 // Navigate iframe to a cross-site, cookie-reading endpoint, and verify that
396 // the cookie is sent:
397 NavigateFrameTo("b.com", "/echoheader?cookie");
Lily Chen52a72af2019-10-23 15:37:11[diff] [blame^]398 ExpectFrameContent("thirdparty=1");
Christian Dullweber10d62c12019-08-19 12:08:19[diff] [blame]399
400 // Navigate iframe to a cross-site frame with a frame, and navigate _that_
401 // frame to a cross-site page that echos the cookie header, and verify that
402 // the cookie is sent:
403 NavigateFrameTo("b.com", "/iframe.html");
404 NavigateNestedFrameTo("b.com", "/echoheader?cookie");
Lily Chen52a72af2019-10-23 15:37:11[diff] [blame^]405 ExpectNestedFrameContent("thirdparty=1");
Christian Dullweber10d62c12019-08-19 12:08:19[diff] [blame]406
407 // Navigate iframe to a cross-site frame with a frame, and navigate _that_
408 // frame to a distinct cross-site page that echos the cookie header, and
409 // verify that the cookie is sent:
410 NavigateFrameTo("c.com", "/iframe.html");
411 NavigateNestedFrameTo("b.com", "/echoheader?cookie");
Lily Chen52a72af2019-10-23 15:37:11[diff] [blame^]412 ExpectNestedFrameContent("thirdparty=1");
413
414 // Now repeat the above with a dfiferent top frame site, which does not have
415 // an exception set for it.
416 NavigateToPageWithFrame("othersite.com");
417
418 // Navigate iframe to a cross-site, cookie-reading endpoint, and verify that
419 // the cookie is not sent:
420 NavigateFrameTo("b.com", "/echoheader?cookie");
421 ExpectFrameContent("None");
422
423 // Navigate iframe to a cross-site frame with a frame, and navigate _that_
424 // frame to a cross-site page that echos the cookie header, and verify that
425 // the cookie is not sent:
426 NavigateFrameTo("b.com", "/iframe.html");
427 NavigateNestedFrameTo("b.com", "/echoheader?cookie");
428 ExpectNestedFrameContent("None");
429
430 // Navigate iframe to a cross-site frame with a frame, and navigate _that_
431 // frame to a distinct cross-site page that echos the cookie header, and
432 // verify that the cookie is not sent:
433 NavigateFrameTo("c.com", "/iframe.html");
434 NavigateNestedFrameTo("b.com", "/echoheader?cookie");
435 ExpectNestedFrameContent("None");
Christian Dullweber10d62c12019-08-19 12:08:19[diff] [blame]436}
437
Christian Dullweber7ee07082019-10-15 08:13:37[diff] [blame]438IN_PROC_BROWSER_TEST_F(CookiePolicyBrowserTest, ThirdPartyIFrameStorage) {
Christian Dullweber10d62c12019-08-19 12:08:19[diff] [blame]439 NavigateToPageWithFrame("a.com");
440 NavigateFrameTo("b.com", "/browsing_data/site_data.html");
441 ExpectStorageForFrame(GetFrame(), false);
442 SetStorageForFrame(GetFrame());
443 ExpectStorageForFrame(GetFrame(), true);
444
445 SetBlockThirdPartyCookies(true);
446
447 NavigateToPageWithFrame("a.com");
448 NavigateFrameTo("b.com", "/browsing_data/site_data.html");
449 ExpectStorageForFrame(GetFrame(), false);
450
451 // Allow all requests to b.com to access storage.
452 auto cookie_settings =
453 CookieSettingsFactory::GetForProfile(browser()->profile());
Christian Dullweber4a8afe22019-09-19 16:57:32[diff] [blame]454 GURL a_url = https_server_.GetURL("a.com", "/");
455 GURL b_url = https_server_.GetURL("b.com", "/");
Christian Dullweber10d62c12019-08-19 12:08:19[diff] [blame]456 cookie_settings->SetCookieSetting(b_url,
457 ContentSetting::CONTENT_SETTING_ALLOW);
458
459 NavigateToPageWithFrame("a.com");
460 NavigateFrameTo("b.com", "/browsing_data/site_data.html");
461 ExpectStorageForFrame(GetFrame(), true);
462
463 // Remove ALLOW setting.
464 cookie_settings->ResetCookieSetting(b_url);
465
466 NavigateToPageWithFrame("a.com");
467 NavigateFrameTo("b.com", "/browsing_data/site_data.html");
468 ExpectStorageForFrame(GetFrame(), false);
469
470 // Allow all third-parties on a.com to access storage.
471 cookie_settings->SetThirdPartyCookieSetting(
472 a_url, ContentSetting::CONTENT_SETTING_ALLOW);
473
474 NavigateToPageWithFrame("a.com");
475 NavigateFrameTo("b.com", "/browsing_data/site_data.html");
476 ExpectStorageForFrame(GetFrame(), true);
477}
478
Christian Dullweber7ee07082019-10-15 08:13:37[diff] [blame]479IN_PROC_BROWSER_TEST_F(CookiePolicyBrowserTest, NestedThirdPartyIFrameStorage) {
Christian Dullweber10d62c12019-08-19 12:08:19[diff] [blame]480 NavigateToPageWithFrame("a.com");
481 NavigateFrameTo("b.com", "/iframe.html");
482 NavigateNestedFrameTo("c.com", "/browsing_data/site_data.html");
483
484 ExpectStorageForFrame(GetNestedFrame(), false);
485 SetStorageForFrame(GetNestedFrame());
486 ExpectStorageForFrame(GetNestedFrame(), true);
487
488 SetBlockThirdPartyCookies(true);
489
490 NavigateToPageWithFrame("a.com");
491 NavigateFrameTo("b.com", "/iframe.html");
492 NavigateNestedFrameTo("c.com", "/browsing_data/site_data.html");
493 ExpectStorageForFrame(GetNestedFrame(), false);
494
495 // Allow all requests to b.com to access storage.
496 auto cookie_settings =
497 CookieSettingsFactory::GetForProfile(browser()->profile());
Christian Dullweber4a8afe22019-09-19 16:57:32[diff] [blame]498 GURL a_url = https_server_.GetURL("a.com", "/");
499 GURL c_url = https_server_.GetURL("c.com", "/");
Christian Dullweber10d62c12019-08-19 12:08:19[diff] [blame]500 cookie_settings->SetCookieSetting(c_url,
501 ContentSetting::CONTENT_SETTING_ALLOW);
502
503 NavigateToPageWithFrame("a.com");
504 NavigateFrameTo("b.com", "/iframe.html");
505 NavigateNestedFrameTo("c.com", "/browsing_data/site_data.html");
506 ExpectStorageForFrame(GetNestedFrame(), true);
507
508 // Remove ALLOW setting.
509 cookie_settings->ResetCookieSetting(c_url);
510
511 NavigateToPageWithFrame("a.com");
512 NavigateFrameTo("b.com", "/iframe.html");
513 NavigateNestedFrameTo("c.com", "/browsing_data/site_data.html");
514 ExpectStorageForFrame(GetNestedFrame(), false);
515
516 // Allow all third-parties on a.com to access storage.
517 cookie_settings->SetThirdPartyCookieSetting(
518 a_url, ContentSetting::CONTENT_SETTING_ALLOW);
519
520 NavigateToPageWithFrame("a.com");
521 NavigateFrameTo("b.com", "/iframe.html");
522 NavigateNestedFrameTo("c.com", "/browsing_data/site_data.html");
523 ExpectStorageForFrame(GetNestedFrame(), true);
524}
525
Christian Dullweber7ee07082019-10-15 08:13:37[diff] [blame]526IN_PROC_BROWSER_TEST_F(CookiePolicyBrowserTest, NestedFirstPartyIFrameStorage) {
Christian Dullweber10d62c12019-08-19 12:08:19[diff] [blame]527 NavigateToPageWithFrame("a.com");
528 NavigateFrameTo("b.com", "/iframe.html");
529 NavigateNestedFrameTo("a.com", "/browsing_data/site_data.html");
530
531 ExpectStorageForFrame(GetNestedFrame(), false);
532 SetStorageForFrame(GetNestedFrame());
533 ExpectStorageForFrame(GetNestedFrame(), true);
534
535 SetBlockThirdPartyCookies(true);
536
537 NavigateToPageWithFrame("a.com");
538 NavigateFrameTo("b.com", "/iframe.html");
539 NavigateNestedFrameTo("a.com", "/browsing_data/site_data.html");
540 ExpectStorageForFrame(GetNestedFrame(), false);
541
542 // Allow all requests to b.com to access storage.
543 auto cookie_settings =
544 CookieSettingsFactory::GetForProfile(browser()->profile());
Christian Dullweber4a8afe22019-09-19 16:57:32[diff] [blame]545 GURL a_url = https_server_.GetURL("a.com", "/");
Christian Dullweber10d62c12019-08-19 12:08:19[diff] [blame]546 cookie_settings->SetCookieSetting(a_url,
547 ContentSetting::CONTENT_SETTING_ALLOW);
548
549 NavigateToPageWithFrame("a.com");
550 NavigateFrameTo("b.com", "/iframe.html");
551 NavigateNestedFrameTo("a.com", "/browsing_data/site_data.html");
552 ExpectStorageForFrame(GetNestedFrame(), true);
553
554 // Remove ALLOW setting.
555 cookie_settings->ResetCookieSetting(a_url);
556
557 NavigateToPageWithFrame("a.com");
558 NavigateFrameTo("b.com", "/iframe.html");
559 NavigateNestedFrameTo("a.com", "/browsing_data/site_data.html");
560 ExpectStorageForFrame(GetNestedFrame(), false);
561
562 // Allow all third-parties on a.com to access storage.
563 cookie_settings->SetThirdPartyCookieSetting(
564 a_url, ContentSetting::CONTENT_SETTING_ALLOW);
565
566 NavigateToPageWithFrame("a.com");
567 NavigateFrameTo("b.com", "/iframe.html");
568 NavigateNestedFrameTo("a.com", "/browsing_data/site_data.html");
569 ExpectStorageForFrame(GetNestedFrame(), true);
570}
571
[email protected]9eaa18e2010-06-29 20:51:01[diff] [blame]572} // namespace