Don't save or load cookies for non-cookieable scheme requests.

This fixes an IsCanonical() DCHECK failure triggered by calling
CanonicalCookie::Create for a non-cookieable URL.

This change also adds unit test coverage for cross-origin cookie
behavior with sub-resource requests (iframe, XHR, Fetch).
This commit is contained in:
Marshall Greenblatt
2020-09-04 15:08:55 -04:00
parent 19391d8ab0
commit 4791109a28
10 changed files with 288 additions and 44 deletions

View File

@@ -2605,11 +2605,13 @@ void RegisterSchemeHandlerCustomSchemes(
// Add a custom standard scheme.
registrar->AddCustomScheme(
"customstd", CEF_SCHEME_OPTION_STANDARD | CEF_SCHEME_OPTION_CORS_ENABLED);
cookiable_schemes.push_back("customstd");
// Also used in cors_unittest.cc.
registrar->AddCustomScheme("customstdfetch",
CEF_SCHEME_OPTION_STANDARD |
CEF_SCHEME_OPTION_CORS_ENABLED |
CEF_SCHEME_OPTION_FETCH_ENABLED);
cookiable_schemes.push_back("customstdfetch");
// Add a custom non-standard scheme.
registrar->AddCustomScheme("customnonstd", CEF_SCHEME_OPTION_NONE);
registrar->AddCustomScheme("customnonstdfetch",