refactor: improve cookie failure rejection messages (#42362)
This commit is contained in:
parent
7f3dc7d4ce
commit
54c315c9b0
3 changed files with 105 additions and 24 deletions
|
@ -171,25 +171,96 @@ base::Time ParseTimeProperty(const std::optional<double>& value) {
|
||||||
return base::Time::FromSecondsSinceUnixEpoch(*value);
|
return base::Time::FromSecondsSinceUnixEpoch(*value);
|
||||||
}
|
}
|
||||||
|
|
||||||
std::string_view InclusionStatusToString(net::CookieInclusionStatus status) {
|
const std::string InclusionStatusToString(net::CookieInclusionStatus status) {
|
||||||
if (status.HasExclusionReason(net::CookieInclusionStatus::EXCLUDE_HTTP_ONLY))
|
// See net/cookies/cookie_inclusion_status.h for cookie error descriptions.
|
||||||
return "Failed to create httponly cookie";
|
constexpr std::array<
|
||||||
if (status.HasExclusionReason(
|
std::pair<net::CookieInclusionStatus::ExclusionReason, std::string_view>,
|
||||||
net::CookieInclusionStatus::EXCLUDE_SECURE_ONLY))
|
net::CookieInclusionStatus::ExclusionReason::NUM_EXCLUSION_REASONS>
|
||||||
return "Cannot create a secure cookie from an insecure URL";
|
exclusion_reasons = {
|
||||||
if (status.HasExclusionReason(
|
{{net::CookieInclusionStatus::EXCLUDE_HTTP_ONLY,
|
||||||
net::CookieInclusionStatus::EXCLUDE_FAILURE_TO_STORE))
|
"The cookie was HttpOnly, but the attempted access was through a "
|
||||||
return "Failed to parse cookie";
|
"non-HTTP API."},
|
||||||
if (status.HasExclusionReason(
|
{net::CookieInclusionStatus::EXCLUDE_SECURE_ONLY,
|
||||||
net::CookieInclusionStatus::EXCLUDE_INVALID_DOMAIN))
|
"The cookie was Secure, but the URL was not allowed to access "
|
||||||
return "Failed to set cookie with an invalid domain attribute";
|
"Secure cookies."},
|
||||||
if (status.HasExclusionReason(
|
{net::CookieInclusionStatus::EXCLUDE_DOMAIN_MISMATCH,
|
||||||
net::CookieInclusionStatus::EXCLUDE_INVALID_PREFIX))
|
"The cookie's domain attribute did not match the domain of the URL "
|
||||||
return "Failed because the cookie violated prefix rules.";
|
"attempting access."},
|
||||||
if (status.HasExclusionReason(
|
{net::CookieInclusionStatus::EXCLUDE_NOT_ON_PATH,
|
||||||
net::CookieInclusionStatus::EXCLUDE_NONCOOKIEABLE_SCHEME))
|
"The cookie's path attribute did not match the path of the URL "
|
||||||
return "Cannot set cookie for current scheme";
|
"attempting access."},
|
||||||
return "Setting cookie failed";
|
{net::CookieInclusionStatus::EXCLUDE_SAMESITE_STRICT,
|
||||||
|
"The cookie had SameSite=Strict, and the attempted access did not "
|
||||||
|
"have an appropriate SameSiteCookieContext"},
|
||||||
|
{net::CookieInclusionStatus::EXCLUDE_SAMESITE_LAX,
|
||||||
|
"The cookie had SameSite=Lax, and the attempted access did not "
|
||||||
|
"have "
|
||||||
|
"an appropriate SameSiteCookieContext"},
|
||||||
|
{net::CookieInclusionStatus::
|
||||||
|
EXCLUDE_SAMESITE_UNSPECIFIED_TREATED_AS_LAX,
|
||||||
|
"The cookie did not specify a SameSite attribute, and therefore "
|
||||||
|
"was "
|
||||||
|
"treated as if it were SameSite=Lax, and the attempted access did "
|
||||||
|
"not have an appropriate SameSiteCookieContext."},
|
||||||
|
{net::CookieInclusionStatus::EXCLUDE_SAMESITE_NONE_INSECURE,
|
||||||
|
"The cookie specified SameSite=None, but it was not Secure."},
|
||||||
|
{net::CookieInclusionStatus::EXCLUDE_USER_PREFERENCES,
|
||||||
|
"Caller did not allow access to the cookie."},
|
||||||
|
{net::CookieInclusionStatus::EXCLUDE_FAILURE_TO_STORE,
|
||||||
|
"The cookie was malformed and could not be stored"},
|
||||||
|
{net::CookieInclusionStatus::EXCLUDE_NONCOOKIEABLE_SCHEME,
|
||||||
|
"Attempted to set a cookie from a scheme that does not support "
|
||||||
|
"cookies."},
|
||||||
|
{net::CookieInclusionStatus::EXCLUDE_OVERWRITE_SECURE,
|
||||||
|
"The cookie would have overwritten a Secure cookie, and was not "
|
||||||
|
"allowed to do so."},
|
||||||
|
{net::CookieInclusionStatus::EXCLUDE_OVERWRITE_HTTP_ONLY,
|
||||||
|
"The cookie would have overwritten an HttpOnly cookie, and was not "
|
||||||
|
"allowed to do so."},
|
||||||
|
{net::CookieInclusionStatus::EXCLUDE_INVALID_DOMAIN,
|
||||||
|
"The cookie was set with an invalid Domain attribute."},
|
||||||
|
{net::CookieInclusionStatus::EXCLUDE_INVALID_PREFIX,
|
||||||
|
"The cookie was set with an invalid __Host- or __Secure- prefix."},
|
||||||
|
{net::CookieInclusionStatus::EXCLUDE_INVALID_PARTITIONED,
|
||||||
|
"Cookie was set with an invalid Partitioned attribute, which is "
|
||||||
|
"only valid if the cookie has a __Host- prefix."},
|
||||||
|
{net::CookieInclusionStatus::
|
||||||
|
EXCLUDE_NAME_VALUE_PAIR_EXCEEDS_MAX_SIZE,
|
||||||
|
"The cookie exceeded the name/value pair size limit."},
|
||||||
|
{net::CookieInclusionStatus::
|
||||||
|
EXCLUDE_ATTRIBUTE_VALUE_EXCEEDS_MAX_SIZE,
|
||||||
|
"Cookie exceeded the attribute size limit."},
|
||||||
|
{net::CookieInclusionStatus::EXCLUDE_DOMAIN_NON_ASCII,
|
||||||
|
"The cookie was set with a Domain attribute containing non ASCII "
|
||||||
|
"characters."},
|
||||||
|
{net::CookieInclusionStatus::
|
||||||
|
EXCLUDE_THIRD_PARTY_BLOCKED_WITHIN_FIRST_PARTY_SET,
|
||||||
|
"The cookie is blocked by third-party cookie blocking but the two "
|
||||||
|
"sites are in the same First-Party Set"},
|
||||||
|
{net::CookieInclusionStatus::EXCLUDE_PORT_MISMATCH,
|
||||||
|
"The cookie's source_port did not match the port of the request."},
|
||||||
|
{net::CookieInclusionStatus::EXCLUDE_SCHEME_MISMATCH,
|
||||||
|
"The cookie's source_scheme did not match the scheme of the "
|
||||||
|
"request."},
|
||||||
|
{net::CookieInclusionStatus::EXCLUDE_SHADOWING_DOMAIN,
|
||||||
|
"The cookie is a domain cookie and has the same name as an origin "
|
||||||
|
"cookie on this origin."},
|
||||||
|
{net::CookieInclusionStatus::EXCLUDE_DISALLOWED_CHARACTER,
|
||||||
|
"The cookie contains ASCII control characters"},
|
||||||
|
{net::CookieInclusionStatus::EXCLUDE_THIRD_PARTY_PHASEOUT,
|
||||||
|
"The cookie is blocked for third-party cookie phaseout."},
|
||||||
|
{net::CookieInclusionStatus::EXCLUDE_NO_COOKIE_CONTENT,
|
||||||
|
"The cookie contains no content or only whitespace."}}};
|
||||||
|
|
||||||
|
std::string reason = "Failed to set cookie - ";
|
||||||
|
for (const auto& [val, str] : exclusion_reasons) {
|
||||||
|
if (status.HasExclusionReason(val)) {
|
||||||
|
reason += str;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
reason += status.GetDebugString();
|
||||||
|
return reason;
|
||||||
}
|
}
|
||||||
|
|
||||||
std::string StringToCookieSameSite(const std::string* str_ptr,
|
std::string StringToCookieSameSite(const std::string* str_ptr,
|
||||||
|
|
|
@ -378,7 +378,7 @@ describe('net module (session)', () => {
|
||||||
url: 'https://electronjs.org',
|
url: 'https://electronjs.org',
|
||||||
domain: 'wssss.iamabaddomain.fun',
|
domain: 'wssss.iamabaddomain.fun',
|
||||||
name: 'cookie1'
|
name: 'cookie1'
|
||||||
})).to.eventually.be.rejectedWith(/Failed to set cookie with an invalid domain attribute/);
|
})).to.eventually.be.rejectedWith(/Failed to set cookie - The cookie was set with an invalid Domain attribute./);
|
||||||
});
|
});
|
||||||
|
|
||||||
it('should be able correctly filter out cookies that are session', async () => {
|
it('should be able correctly filter out cookies that are session', async () => {
|
||||||
|
|
|
@ -126,24 +126,34 @@ describe('session module', () => {
|
||||||
expect(cs.some(c => c.name === name && c.value === value)).to.equal(true);
|
expect(cs.some(c => c.name === name && c.value === value)).to.equal(true);
|
||||||
});
|
});
|
||||||
|
|
||||||
it('yields an error when setting a cookie with missing required fields', async () => {
|
it('rejects when setting a cookie with missing required fields', async () => {
|
||||||
const { cookies } = session.defaultSession;
|
const { cookies } = session.defaultSession;
|
||||||
const name = '1';
|
const name = '1';
|
||||||
const value = '1';
|
const value = '1';
|
||||||
|
|
||||||
await expect(
|
await expect(
|
||||||
cookies.set({ url: '', name, value })
|
cookies.set({ url: '', name, value })
|
||||||
).to.eventually.be.rejectedWith('Failed to set cookie with an invalid domain attribute');
|
).to.eventually.be.rejectedWith('Failed to set cookie - The cookie was set with an invalid Domain attribute.');
|
||||||
});
|
});
|
||||||
|
|
||||||
it('yields an error when setting a cookie with an invalid URL', async () => {
|
it('rejects when setting a cookie with an invalid URL', async () => {
|
||||||
const { cookies } = session.defaultSession;
|
const { cookies } = session.defaultSession;
|
||||||
const name = '1';
|
const name = '1';
|
||||||
const value = '1';
|
const value = '1';
|
||||||
|
|
||||||
await expect(
|
await expect(
|
||||||
cookies.set({ url: 'asdf', name, value })
|
cookies.set({ url: 'asdf', name, value })
|
||||||
).to.eventually.be.rejectedWith('Failed to set cookie with an invalid domain attribute');
|
).to.eventually.be.rejectedWith('Failed to set cookie - The cookie was set with an invalid Domain attribute.');
|
||||||
|
});
|
||||||
|
|
||||||
|
it('rejects when setting a cookie with an invalid ASCII control character', async () => {
|
||||||
|
const { cookies } = session.defaultSession;
|
||||||
|
const name = 'BadCookie';
|
||||||
|
const value = 'test;test';
|
||||||
|
|
||||||
|
await expect(
|
||||||
|
cookies.set({ url, name, value })
|
||||||
|
).to.eventually.be.rejectedWith('Failed to set cookie - The cookie contains ASCII control characters');
|
||||||
});
|
});
|
||||||
|
|
||||||
it('should overwrite previous cookies', async () => {
|
it('should overwrite previous cookies', async () => {
|
||||||
|
|
Loading…
Reference in a new issue