From 8b3e498436912b468a517f7bbcf3f27619ccf08c Mon Sep 17 00:00:00 2001 From: Black-Hole <158blackhole@gmail.com> Date: Mon, 13 Feb 2023 22:02:55 +0800 Subject: [PATCH] fix: cookies filter secure invalid (#37203) --- shell/browser/api/electron_api_cookies.cc | 4 +- spec/api-net-spec.ts | 65 +++++++++++++++++++++++ 2 files changed, 67 insertions(+), 2 deletions(-) diff --git a/shell/browser/api/electron_api_cookies.cc b/shell/browser/api/electron_api_cookies.cc index e4cebe4fb572..50208a28ccd0 100644 --- a/shell/browser/api/electron_api_cookies.cc +++ b/shell/browser/api/electron_api_cookies.cc @@ -128,10 +128,10 @@ bool MatchesCookie(const base::Value::Dict& filter, !MatchesDomain(*str, cookie.Domain())) return false; absl::optional secure_filter = filter.FindBool("secure"); - if (secure_filter && *secure_filter == cookie.IsSecure()) + if (secure_filter && *secure_filter != cookie.IsSecure()) return false; absl::optional session_filter = filter.FindBool("session"); - if (session_filter && *session_filter != !cookie.IsPersistent()) + if (session_filter && *session_filter == cookie.IsPersistent()) return false; return true; } diff --git a/spec/api-net-spec.ts b/spec/api-net-spec.ts index d8c42f9a1eac..fb09bd5f88e4 100644 --- a/spec/api-net-spec.ts +++ b/spec/api-net-spec.ts @@ -813,6 +813,71 @@ describe('net module', () => { }); } + it('should be able correctly filter out cookies that are secure', async () => { + const sess = session.fromPartition(`cookie-tests-${Math.random()}`); + + await Promise.all([ + sess.cookies.set({ + url: 'https://electronjs.org', + domain: 'electronjs.org', + name: 'cookie1', + value: '1', + secure: true + }), + sess.cookies.set({ + url: 'https://electronjs.org', + domain: 'electronjs.org', + name: 'cookie2', + value: '2', + secure: false + }) + ]); + + const secureCookies = await sess.cookies.get({ + secure: true + }); + expect(secureCookies).to.have.lengthOf(1); + expect(secureCookies[0].name).to.equal('cookie1'); + + const cookies = await sess.cookies.get({ + secure: false + }); + expect(cookies).to.have.lengthOf(1); + expect(cookies[0].name).to.equal('cookie2'); + }); + + it('should be able correctly filter out cookies that are session', async () => { + const sess = session.fromPartition(`cookie-tests-${Math.random()}`); + + await Promise.all([ + sess.cookies.set({ + url: 'https://electronjs.org', + domain: 'electronjs.org', + name: 'cookie1', + value: '1' + }), + sess.cookies.set({ + url: 'https://electronjs.org', + domain: 'electronjs.org', + name: 'cookie2', + value: '2', + expirationDate: Math.round(Date.now() / 1000) + 10000 + }) + ]); + + const sessionCookies = await sess.cookies.get({ + session: true + }); + expect(sessionCookies).to.have.lengthOf(1); + expect(sessionCookies[0].name).to.equal('cookie1'); + + const cookies = await sess.cookies.get({ + session: false + }); + expect(cookies).to.have.lengthOf(1); + expect(cookies[0].name).to.equal('cookie2'); + }); + describe('when {"credentials":"omit"}', () => { it('should not send cookies'); it('should not store cookies');