Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cookie expiry fixes #14852

Merged
merged 11 commits into from
Sep 1, 2022
Merged

Cookie expiry fixes #14852

merged 11 commits into from
Sep 1, 2022

Conversation

ShivanKaul
Copy link
Collaborator

@ShivanKaul ShivanKaul commented Aug 26, 2022

Resolves brave/brave-browser#15048

  1. Removes existing patches for max cookie expiry
  2. Set overall lifetime max (for HTTP cookies) to be 6 months in CanonicalCookie::ValidateAndAdjustExpiryDate
  3. Add browser tests for the 3 ways in which cookies can be set: HTTP, document.cookie and Cookie Store API
  4. Set max expiry for JS cookies in RestrictedCookieManager

Submitter Checklist:

  • I confirm that no security/privacy review is needed, or that I have requested one
  • There is a ticket for my issue
  • Used Github auto-closing keywords in the PR description above
  • Wrote a good PR/commit description
  • Squashed any review feedback or "fixup" commits before merge, so that history is a record of what happened in the repo, not your PR
  • Added appropriate labels (QA/Yes or QA/No; release-notes/include or release-notes/exclude; OS/...) to the associated issue
  • Checked the PR locally: npm run test -- brave_browser_tests, npm run test -- brave_unit_tests, npm run lint, npm run gn_check, npm run tslint
  • Ran git rebase master (if needed)

Reviewer Checklist:

  • A security review is not needed, or a link to one is included in the PR description
  • New files have MPL-2.0 license header
  • Adequate test coverage exists to prevent regressions
  • Major classes, functions and non-trivial code blocks are well-commented
  • Changes in component dependencies are properly reflected in gn
  • Code follows the style guide
  • Test plan is specified in PR before merging

After-merge Checklist:

Test Plan:

Same test plan as #1905 (comment)

@github-actions github-actions bot added the CI/run-network-audit Run network-audit label Aug 26, 2022
@ShivanKaul ShivanKaul marked this pull request as ready for review August 26, 2022 17:20
@ShivanKaul ShivanKaul requested review from a team as code owners August 26, 2022 17:20
@ShivanKaul ShivanKaul requested review from bridiver and fmarier August 26, 2022 17:20
@ShivanKaul ShivanKaul force-pushed the bugfix/js-cookie-expiry branch 2 times, most recently from 5195e33 to 5d8ec11 Compare August 28, 2022 05:08
Copy link
Member

@fmarier fmarier left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security review not needed since this is maintaining the same policy as before, just fixing a regression.

Copy link
Member

@fmarier fmarier left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually, did you forget to git add the browsertest you added?

@ShivanKaul
Copy link
Collaborator Author

Moved the test and didn't add it again 😅

@ShivanKaul ShivanKaul requested a review from fmarier August 29, 2022 21:54
@@ -14,6 +14,8 @@

#define RemoveChangeListener \
NotUsed() const {} \
base::Time ModifyExpiration(const base::Time& expiry_date, \
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

there's no need to make this a method on the class

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No strong feelings on my end, just that it seemed cleanest to keep this method together with the existing ones?

@ShivanKaul ShivanKaul requested review from fmarier and goodov August 30, 2022 17:57
@ShivanKaul ShivanKaul force-pushed the bugfix/js-cookie-expiry branch from a738534 to 98d31d2 Compare August 31, 2022 00:55
@goodov
Copy link
Member

goodov commented Sep 1, 2022

do a rebase please before merging.

@ShivanKaul ShivanKaul force-pushed the bugfix/js-cookie-expiry branch from 8b91fd3 to e4ce029 Compare September 1, 2022 17:56
@ShivanKaul ShivanKaul merged commit 56de593 into master Sep 1, 2022
@ShivanKaul ShivanKaul deleted the bugfix/js-cookie-expiry branch September 1, 2022 17:57
@github-actions github-actions bot added this to the 1.45.x - Nightly milestone Sep 1, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
CI/run-network-audit Run network-audit
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Expiry of JS cookie is capped at 6 months instead of 7 days
5 participants