Reject cookies with empty names and values.
As discussed in [1], cookies with empty names and empty values should be
rejected. This patch removes the carveout made in https://crbug.com/601786,
and adjusts unittests accordingly.
This patch does not change the WPT expectations; we'll do that at the same
time we change the spec. In the meantime, we'll check in local expectations
matching the behavior we believe is correct.
[1]: https://github.com/httpwg/http-extensions/issues/159#issuecomment-569233866
Bug: 1037996, 601786
Change-Id: I53319cee385efff019b313479184236c53b1d783
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1982549
Reviewed-by: Lily Chen <[email protected]>
Commit-Queue: Mike West <[email protected]>
Cr-Commit-Position: refs/heads/master@{#729403}
diff --git a/net/cookies/parsed_cookie_unittest.cc b/net/cookies/parsed_cookie_unittest.cc
index d2f6b73..72dbc994 100644
--- a/net/cookies/parsed_cookie_unittest.cc
+++ b/net/cookies/parsed_cookie_unittest.cc
@@ -18,28 +18,14 @@
EXPECT_EQ("b", pc.Value());
}
-// De facto standard behavior, per https://crbug.com/601786.
TEST(ParsedCookieTest, TestEmpty) {
- const struct {
- const char* cookie;
- const char* expected_path;
- bool expect_secure;
- } kTestCookieLines[]{{"", "", false}, {" ", "", false},
- {"=;", "", false}, {"=; path=/; secure;", "/", true},
- {"= ;", "", false}, {"= ; path=/; secure;", "/", true},
- {" =;", "", false}, {" =; path=/; secure;", "/", true},
- {" = ;", "", false}, {" = ; path=/; secure;", "/", true},
- {" ;", "", false}, {" ; path=/; secure;", "/", true},
- {";", "", false}, {"; path=/; secure;", "/", true},
- {"\t;", "", false}, {"\t; path=/; secure;", "/", true}};
+ const char* kTestCookieLines[]{"", " ", "=", "=;", " =;",
+ "= ;", " = ;", ";", " ;", " ; ",
+ "\t", "\t;", "\t=\t", "\t=", "=\t"};
- for (const auto& test : kTestCookieLines) {
- ParsedCookie pc(test.cookie);
- EXPECT_TRUE(pc.IsValid());
- EXPECT_EQ("", pc.Name());
- EXPECT_EQ("", pc.Value());
- EXPECT_EQ(test.expected_path, pc.Path());
- EXPECT_EQ(test.expect_secure, pc.IsSecure());
+ for (const char* test : kTestCookieLines) {
+ ParsedCookie pc(test);
+ EXPECT_FALSE(pc.IsValid());
}
}
@@ -284,13 +270,13 @@
}
TEST(ParsedCookieTest, SetNameAndValue) {
- ParsedCookie empty((std::string()));
- EXPECT_TRUE(empty.IsValid());
- EXPECT_TRUE(empty.SetDomain("foobar.com"));
- EXPECT_TRUE(empty.SetName("name"));
- EXPECT_TRUE(empty.SetValue("value"));
- EXPECT_EQ("name=value; domain=foobar.com", empty.ToCookieLine());
- EXPECT_TRUE(empty.IsValid());
+ ParsedCookie cookie("a=b");
+ EXPECT_TRUE(cookie.IsValid());
+ EXPECT_TRUE(cookie.SetDomain("foobar.com"));
+ EXPECT_TRUE(cookie.SetName("name"));
+ EXPECT_TRUE(cookie.SetValue("value"));
+ EXPECT_EQ("name=value; domain=foobar.com", cookie.ToCookieLine());
+ EXPECT_TRUE(cookie.IsValid());
// We don't test
// ParsedCookie invalid("@foo=bar");
