fix: allow net requests to use Same-Site cookies (#22788)

2020-03-20 16:39:03 -07:00 · 2020-03-20 16:39:03 -07:00 · af46c1ed8d
commit af46c1ed8d
parent 60bd52880f
2 changed files with 43 additions and 0 deletions
--- a/shell/browser/api/electron_api_url_loader.cc
+++ b/shell/browser/api/electron_api_url_loader.cc
@ -345,6 +345,7 @@ gin_helper::WrappableBase* SimpleURLLoaderWrapper::New(gin::Arguments* args) {
    return nullptr;
  }
  auto request = std::make_unique<network::ResourceRequest>();
+  request->attach_same_site_cookies = true;
  opts.Get("method", &request->method);
  opts.Get("url", &request->url);
  std::map<std::string, std::string> extra_headers;
--- a/spec-main/api-net-spec.ts
+++ b/spec-main/api-net-spec.ts
@ -586,6 +586,48 @@ describe('net module', () => {
      });
    });

+    ['Lax', 'Strict'].forEach((mode) => {
+      it(`should be able to use the sessions cookie store with same-site ${mode} cookies`, async () => {
+        const serverUrl = await respondNTimes.toSingleURL((request, response) => {
+          response.statusCode = 200;
+          response.statusMessage = 'OK';
+          response.setHeader('set-cookie', `same=site; SameSite=${mode}`);
+          response.setHeader('x-cookie', `${request.headers.cookie}`);
+          response.end();
+        }, 2);
+        const sess = session.fromPartition(`cookie-tests-same-site-${mode}`);
+        let cookies = await sess.cookies.get({});
+        expect(cookies).to.have.lengthOf(0);
+        const urlRequest = net.request({
+          url: serverUrl,
+          session: sess,
+          useSessionCookies: true
+        });
+        const response = await getResponse(urlRequest);
+        expect(response.headers['x-cookie']).to.equal('undefined');
+        await collectStreamBody(response);
+        cookies = await sess.cookies.get({});
+        expect(cookies).to.have.lengthOf(1);
+        expect(cookies[0]).to.deep.equal({
+          name: 'same',
+          value: 'site',
+          domain: '127.0.0.1',
+          hostOnly: true,
+          path: '/',
+          secure: false,
+          httpOnly: false,
+          session: true
+        });
+        const urlRequest2 = net.request({
+          url: serverUrl,
+          session: sess,
+          useSessionCookies: true
+        });
+        const response2 = await getResponse(urlRequest2);
+        expect(response2.headers['x-cookie']).to.equal('same=site');
+      });
+    });
+
    it('should be able to use the sessions cookie store safely across redirects', async () => {
      const serverUrl = await respondOnce.toSingleURL(async (request, response) => {
        response.statusCode = 302;