-
Notifications
You must be signed in to change notification settings - Fork 893
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #1905 from fmarier/issue3443
Set a limit on cookie expiration (fixes brave/brave-browser#3443)
- Loading branch information
Showing
4 changed files
with
144 additions
and
0 deletions.
There are no files selected for viewing
97 changes: 97 additions & 0 deletions
97
chromium_src/net/cookies/brave_canonical_cookie_unittest.cc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,97 @@ | ||
/* Copyright (c) 2019 The Brave Authors. All rights reserved. | ||
* This Source Code Form is subject to the terms of the Mozilla Public | ||
* License, v. 2.0. If a copy of the MPL was not distributed with this file, | ||
* You can obtain one at https://mozilla.org/MPL/2.0/. */ | ||
|
||
#include "net/cookies/canonical_cookie.h" | ||
|
||
#include "net/cookies/cookie_constants.h" | ||
#include "net/cookies/cookie_options.h" | ||
#include "testing/gtest/include/gtest/gtest.h" | ||
#include "url/gurl.h" | ||
|
||
static const std::string cookie_line1 = | ||
"test1=yes; expires=Fri, 31 Dec 9999 23:59:59 GMT"; | ||
static const std::string cookie_line2 = | ||
"test2=yes; max-age=630720000"; // 20 years | ||
static const std::string cookie_line3 = | ||
"test3=yes; max-age=630720000; expires=Fri, 31 Dec 9999 23:59:59 GMT"; | ||
static const std::string cookie_line4 = | ||
"test4=yes; max-age=172800"; // 2 days | ||
static const std::string cookie_line5 = | ||
"test5=yes; httponly; expires=Fri, 31 Dec 9999 23:59:59 GMT"; | ||
|
||
namespace net { | ||
|
||
TEST(BraveCanonicalCookieTest, ClientSide) { | ||
using base::TimeDelta; | ||
|
||
GURL url("https://www.example.com/test"); | ||
base::Time creation_time = base::Time::Now(); | ||
CookieOptions options; | ||
|
||
std::unique_ptr<CanonicalCookie> cookie( | ||
CanonicalCookie::Create(url, cookie_line1, creation_time, options)); | ||
EXPECT_TRUE(cookie.get()); | ||
EXPECT_LT(cookie->ExpiryDate(), creation_time + TimeDelta::FromDays(8)); | ||
EXPECT_GT(cookie->ExpiryDate(), creation_time + TimeDelta::FromDays(6)); | ||
|
||
cookie = CanonicalCookie::Create(url, cookie_line2, creation_time, options); | ||
EXPECT_TRUE(cookie.get()); | ||
EXPECT_LT(cookie->ExpiryDate(), creation_time + TimeDelta::FromDays(8)); | ||
EXPECT_GT(cookie->ExpiryDate(), creation_time + TimeDelta::FromDays(6)); | ||
|
||
cookie = CanonicalCookie::Create(url, cookie_line3, creation_time, options); | ||
EXPECT_TRUE(cookie.get()); | ||
EXPECT_LT(cookie->ExpiryDate(), creation_time + TimeDelta::FromDays(8)); | ||
EXPECT_GT(cookie->ExpiryDate(), creation_time + TimeDelta::FromDays(6)); | ||
|
||
// Short-lived cookies get to keep their shorter expiration. | ||
cookie = CanonicalCookie::Create(url, cookie_line4, creation_time, options); | ||
EXPECT_TRUE(cookie.get()); | ||
EXPECT_LT(cookie->ExpiryDate(), creation_time + TimeDelta::FromDays(3)); | ||
EXPECT_GT(cookie->ExpiryDate(), creation_time + TimeDelta::FromDays(1)); | ||
|
||
// Cookies with 'httponly' can't be set using the document.cookie API. | ||
cookie = CanonicalCookie::Create(url, cookie_line5, creation_time, options); | ||
EXPECT_FALSE(cookie.get()); | ||
} | ||
|
||
TEST(BraveCanonicalCookieTest, ServerSide) { | ||
using base::TimeDelta; | ||
|
||
GURL url("https://www.example.com/test"); | ||
base::Time creation_time = base::Time::Now(); | ||
CookieOptions options; | ||
options.set_include_httponly(); | ||
|
||
std::unique_ptr<CanonicalCookie> cookie( | ||
CanonicalCookie::Create(url, cookie_line1, creation_time, options)); | ||
EXPECT_TRUE(cookie.get()); | ||
EXPECT_LT(cookie->ExpiryDate(), creation_time + TimeDelta::FromDays(30*7)); | ||
EXPECT_GT(cookie->ExpiryDate(), creation_time + TimeDelta::FromDays(30*5)); | ||
|
||
cookie = CanonicalCookie::Create(url, cookie_line2, creation_time, options); | ||
EXPECT_TRUE(cookie.get()); | ||
EXPECT_LT(cookie->ExpiryDate(), creation_time + TimeDelta::FromDays(30*7)); | ||
EXPECT_GT(cookie->ExpiryDate(), creation_time + TimeDelta::FromDays(30*5)); | ||
|
||
cookie = CanonicalCookie::Create(url, cookie_line3, creation_time, options); | ||
EXPECT_TRUE(cookie.get()); | ||
EXPECT_LT(cookie->ExpiryDate(), creation_time + TimeDelta::FromDays(30*7)); | ||
EXPECT_GT(cookie->ExpiryDate(), creation_time + TimeDelta::FromDays(30*5)); | ||
|
||
// Short-lived cookies get to keep their shorter expiration. | ||
cookie = CanonicalCookie::Create(url, cookie_line4, creation_time, options); | ||
EXPECT_TRUE(cookie.get()); | ||
EXPECT_LT(cookie->ExpiryDate(), creation_time + TimeDelta::FromDays(3)); | ||
EXPECT_GT(cookie->ExpiryDate(), creation_time + TimeDelta::FromDays(1)); | ||
|
||
// HTTP cookies with 'httponly' work as expected. | ||
cookie = CanonicalCookie::Create(url, cookie_line5, creation_time, options); | ||
EXPECT_TRUE(cookie.get()); | ||
EXPECT_LT(cookie->ExpiryDate(), creation_time + TimeDelta::FromDays(30*7)); | ||
EXPECT_GT(cookie->ExpiryDate(), creation_time + TimeDelta::FromDays(30*5)); | ||
} | ||
|
||
} // namespace |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
/* Copyright (c) 2019 The Brave Authors. All rights reserved. | ||
* This Source Code Form is subject to the terms of the Mozilla Public | ||
* License, v. 2.0. If a copy of the MPL was not distributed with this file, | ||
* You can obtain one at https://mozilla.org/MPL/2.0/. */ | ||
|
||
#include "net/cookies/canonical_cookie.h" | ||
#include "net/cookies/parsed_cookie.h" | ||
|
||
namespace { | ||
|
||
const base::TimeDelta kMaxClientSideExpiration = base::TimeDelta::FromDays(7); | ||
const base::TimeDelta kMaxServerSideExpiration = | ||
base::TimeDelta::FromDays(30*6); // 6 months | ||
|
||
base::Time BraveCanonExpiration(const net::ParsedCookie& pc, | ||
const base::Time& current, | ||
const base::Time& server_time, | ||
const bool is_from_http) { | ||
const base::Time max_expiration = current + | ||
(is_from_http ? kMaxServerSideExpiration : kMaxClientSideExpiration); | ||
|
||
return std::min(net::CanonicalCookie::CanonExpiration(pc, current, server_time), | ||
max_expiration); | ||
} | ||
|
||
} // namespace | ||
|
||
#include "../../../../net/cookies/canonical_cookie.cc" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
diff --git a/net/cookies/canonical_cookie.cc b/net/cookies/canonical_cookie.cc | ||
index 91611ac4171c19a031044ae6b1459acce246d427..c0636088e332f61c9ee8e6ed07f210fa8e47de58 100644 | ||
--- a/net/cookies/canonical_cookie.cc | ||
+++ b/net/cookies/canonical_cookie.cc | ||
@@ -228,9 +228,10 @@ std::unique_ptr<CanonicalCookie> CanonicalCookie::Create( | ||
server_time = options.server_time(); | ||
|
||
DCHECK(!creation_time.is_null()); | ||
- Time cookie_expires = CanonicalCookie::CanonExpiration(parsed_cookie, | ||
- creation_time, | ||
- server_time); | ||
+ Time cookie_expires = BraveCanonExpiration(parsed_cookie, | ||
+ creation_time, | ||
+ server_time, | ||
+ !options.exclude_httponly()); | ||
|
||
CookiePrefix prefix = GetCookiePrefix(parsed_cookie.Name()); | ||
bool is_cookie_valid = IsCookiePrefixValid(prefix, url, parsed_cookie); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters