fix(chromium): disable same site by default and improved controls (#2097)

2020-05-04 13:43:44 -07:00 · 2020-05-04 13:43:44 -07:00 · 710c156d48
parent 142e5859c1
commit 710c156d48
3 changed files with 36 additions and 8 deletions
--- a/src/chromium/crBrowser.ts
+++ b/src/chromium/crBrowser.ts
@ -343,13 +343,6 @@ export class CRBrowserContext extends BrowserContextBase {
  }

  async addCookies(cookies: network.SetNetworkCookieParam[]) {
-    cookies = cookies.map(c => {
-      const copy = { ...c };
-      // Working around setter issue in Chrome. Cookies are now None by default.
-      if (copy.sameSite === 'None')
-        delete copy.sameSite;
-      return copy;
-    });
    await this._browser._session.send('Storage.setCookies', { cookies: network.rewriteCookies(cookies), browserContextId: this._browserContextId || undefined });
  }

--- a/src/server/chromium.ts
+++ b/src/server/chromium.ts
@ -304,7 +304,7 @@ const DEFAULT_ARGS = [
  '--disable-dev-shm-usage',
  '--disable-extensions',
  // BlinkGenPropertyTrees disabled due to crbug.com/937609
-  '--disable-features=TranslateUI,BlinkGenPropertyTrees',
+  '--disable-features=TranslateUI,BlinkGenPropertyTrees,ImprovedCookieControls,SameSiteByDefaultCookies',
  '--disable-hang-monitor',
  '--disable-ipc-flooding-protection',
  '--disable-popup-blocking',
--- a/test/headful.spec.js
+++ b/test/headful.spec.js
@ -79,4 +79,39 @@ describe('Headful', function() {
    await page.click('button');
    await browser.close();
  });
+  it('should(not) block third party cookies', async({browserType, defaultBrowserOptions, server}) => {
+    const browser = await browserType.launch({...defaultBrowserOptions, headless: false });
+    const page = await browser.newPage();
+    await page.goto(server.EMPTY_PAGE);
+    await page.evaluate(src => {
+      let fulfill;
+      const promise = new Promise(x => fulfill = x);
+      const iframe = document.createElement('iframe');
+      document.body.appendChild(iframe);
+      iframe.onload = fulfill;
+      iframe.src = src;
+      return promise;
+    }, server.CROSS_PROCESS_PREFIX + '/grid.html');
+    await page.frames()[1].evaluate(`document.cookie = 'username=John Doe'`);
+    await page.waitForTimeout(2000);
+    const allowsThirdParty = CHROMIUM || FFOX;
+    const cookies = await page.context().cookies(server.CROSS_PROCESS_PREFIX + '/grid.html');
+    if (allowsThirdParty) {
+      expect(cookies).toEqual([
+        {
+          "domain": "127.0.0.1",
+          "expires": -1,
+          "httpOnly": false,
+          "name": "username",
+          "path": "/",
+          "sameSite": "None",
+          "secure": false,
+          "value": "John Doe"
+        }
+      ]);
+    } else {
+      expect(cookies).toEqual([]);
+    }
+    await browser.close();
+  });
 });