Don't save or load cookies for non-cookieable scheme requests.

This fixes an IsCanonical() DCHECK failure triggered by calling
CanonicalCookie::Create for a non-cookieable URL.

This change also adds unit test coverage for cross-origin cookie
behavior with sub-resource requests (iframe, XHR, Fetch).
This commit is contained in:
Marshall Greenblatt
2020-09-04 15:08:55 -04:00
parent 19391d8ab0
commit 4791109a28
10 changed files with 288 additions and 44 deletions

View File

@@ -264,6 +264,7 @@ class InterceptedRequestHandlerWrapper : public InterceptedRequestHandler {
CefBrowserContext::FromBrowserContext(browser_context);
iothread_state_ = cef_browser_context->iothread_state();
DCHECK(iothread_state_);
cookieable_schemes_ = cef_browser_context->cookieable_schemes();
// We register to be notified of CEF context or browser destruction so
// that we can stop accepting new requests and cancel pending/in-progress
@@ -312,6 +313,7 @@ class InterceptedRequestHandlerWrapper : public InterceptedRequestHandler {
CefRefPtr<CefBrowserHostImpl> browser_;
CefRefPtr<CefFrame> frame_;
CefIOThreadState* iothread_state_ = nullptr;
CefBrowserContext::CookieableSchemes cookieable_schemes_;
int render_process_id_ = 0;
int render_frame_id_ = -1;
int frame_tree_node_id_ = -1;
@@ -487,6 +489,13 @@ class InterceptedRequestHandlerWrapper : public InterceptedRequestHandler {
base::OnceClosure callback) {
CEF_REQUIRE_IOT();
if (!cookie_helper::IsCookieableScheme(request->url,
init_state_->cookieable_schemes_)) {
// The scheme does not support cookies.
std::move(callback).Run();
return;
}
// We need to load/save cookies ourselves for custom-handled requests, or
// if we're using a cookie filter.
auto allow_cookie_callback =
@@ -499,9 +508,9 @@ class InterceptedRequestHandlerWrapper : public InterceptedRequestHandler {
auto done_cookie_callback = base::BindOnce(
&InterceptedRequestHandlerWrapper::ContinueWithLoadedCookies,
weak_ptr_factory_.GetWeakPtr(), id, request, std::move(callback));
net_service::LoadCookies(init_state_->browser_context_, *request,
allow_cookie_callback,
std::move(done_cookie_callback));
cookie_helper::LoadCookies(init_state_->browser_context_, *request,
allow_cookie_callback,
std::move(done_cookie_callback));
}
static void AllowCookieAlways(const net::CanonicalCookie& cookie,
@@ -850,6 +859,13 @@ class InterceptedRequestHandlerWrapper : public InterceptedRequestHandler {
return;
}
if (!cookie_helper::IsCookieableScheme(request->url,
init_state_->cookieable_schemes_)) {
// The scheme does not support cookies.
std::move(callback).Run();
return;
}
// We need to load/save cookies ourselves for custom-handled requests, or
// if we're using a cookie filter.
auto allow_cookie_callback =
@@ -862,9 +878,9 @@ class InterceptedRequestHandlerWrapper : public InterceptedRequestHandler {
auto done_cookie_callback = base::BindOnce(
&InterceptedRequestHandlerWrapper::ContinueWithSavedCookies,
weak_ptr_factory_.GetWeakPtr(), id, std::move(callback));
net_service::SaveCookies(init_state_->browser_context_, *request, headers,
allow_cookie_callback,
std::move(done_cookie_callback));
cookie_helper::SaveCookies(init_state_->browser_context_, *request, headers,
allow_cookie_callback,
std::move(done_cookie_callback));
}
void AllowCookieSave(const RequestId& id,