diff options
author | Michael Catanzaro <mcatanzaro@igalia.com> | 2018-01-09 14:37:42 -0600 |
---|---|---|
committer | Claudio Saavedra <csaavedra@igalia.com> | 2018-02-05 16:38:18 +0200 |
commit | 20a8463ae65369ac17f8bca7749be188a275a99f (patch) | |
tree | 14b225b2e562b5af3b80ff51ba88d07168c49d67 /tests/cookies-test.c | |
parent | 8fafda68ca672ed7b32f3f170ea26d7438fc0bdb (diff) | |
download | libsoup-20a8463ae65369ac17f8bca7749be188a275a99f.tar.gz |
cookie-jar: use base domain to decide if cookie is third party
Our third-party cookie blocking is too strict. Safari is the only major
browser that blocks third-party cookies by default, so the only way for
SOUP_COOKIE_JAR_ACCEPT_NO_THIRD_PARTY to be web compatible is for it to
match Safari as closely as possible. And Safari does not appear to
consider the full domain when deciding whether to block a third-party
cookie, it only considers the base domain. Reports indicate that Firefox
and Chrome behave similarly if the user chooses to block third-party
cookies in those browsers.
This fixes, in particular, notifications on google.com domains.
https://bugzilla.gnome.org/show_bug.cgi?id=792130
Diffstat (limited to 'tests/cookies-test.c')
-rw-r--r-- | tests/cookies-test.c | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/tests/cookies-test.c b/tests/cookies-test.c index 479bcfe7..e0293974 100644 --- a/tests/cookies-test.c +++ b/tests/cookies-test.c @@ -94,6 +94,53 @@ do_cookies_accept_policy_test (void) soup_test_session_abort_unref (session); } +static void +do_cookies_subdomain_policy_test (void) +{ + SoupCookieJar *jar; + GSList *cookies; + SoupURI *uri1; + SoupURI *uri2; + + g_test_bug ("792130"); + + /* Only the base domain should be considered when deciding + * whether a cookie is a third-party cookie. + */ + uri1 = soup_uri_new ("https://www.gnome.org"); + uri2 = soup_uri_new ("https://foundation.gnome.org"); + + /* We can't check subdomains with a test server running on + * localhost, so we'll just check the cookie jar API itself. + */ + + /* Cookie should be accepted. One cookie in the jar. */ + jar = soup_cookie_jar_new (); + soup_cookie_jar_set_accept_policy (jar, SOUP_COOKIE_JAR_ACCEPT_NO_THIRD_PARTY); + soup_cookie_jar_set_cookie_with_first_party (jar, uri1, uri2, "1=foo"); + cookies = soup_cookie_jar_all_cookies (jar); + g_assert_cmpint (g_slist_length (cookies), ==, 1); + g_slist_free_full (cookies, (GDestroyNotify)soup_cookie_free); + + /* Cookie should be accepted. Two cookies in the jar. */ + soup_cookie_jar_set_cookie_with_first_party (jar, uri2, uri1, "2=foo"); + cookies = soup_cookie_jar_all_cookies (jar); + g_assert_cmpint (g_slist_length (cookies), ==, 2); + g_slist_free_full (cookies, (GDestroyNotify)soup_cookie_free); + + /* Third-party cookie should be rejected, so there are still + * only two cookies in the jar. + */ + soup_cookie_jar_set_cookie_with_first_party (jar, third_party_uri, uri1, "3=foo"); + cookies = soup_cookie_jar_all_cookies (jar); + g_assert_cmpint (g_slist_length (cookies), ==, 2); + g_slist_free_full (cookies, (GDestroyNotify)soup_cookie_free); + + soup_uri_free (uri1); + soup_uri_free (uri2); + g_object_unref (jar); +} + /* FIXME: moar tests! */ static void do_cookies_parsing_test (void) @@ -182,6 +229,7 @@ main (int argc, char **argv) soup_uri_set_port (third_party_uri, server_uri->port); g_test_add_func ("/cookies/accept-policy", do_cookies_accept_policy_test); + g_test_add_func ("/cookies/accept-policy-subdomains", do_cookies_subdomain_policy_test); g_test_add_func ("/cookies/parsing", do_cookies_parsing_test); ret = g_test_run (); |