From 710c156d48158d211ce15dc713b253eab20161fd Mon Sep 17 00:00:00 2001
From: Pavel Feldman <pavel.feldman@gmail.com>
Date: Mon, 4 May 2020 13:43:44 -0700
Subject: [PATCH] fix(chromium): disable same site by default and improved
 controls (#2097)

---
 src/chromium/crBrowser.ts |  7 -------
 src/server/chromium.ts    |  2 +-
 test/headful.spec.js      | 35 +++++++++++++++++++++++++++++++++++
 3 files changed, 36 insertions(+), 8 deletions(-)

diff --git a/src/chromium/crBrowser.ts b/src/chromium/crBrowser.ts
index dbe0d0a3bc..9f72da597b 100644
--- a/src/chromium/crBrowser.ts
+++ b/src/chromium/crBrowser.ts
@@ -343,13 +343,6 @@ export class CRBrowserContext extends BrowserContextBase {
   }
 
   async addCookies(cookies: network.SetNetworkCookieParam[]) {
-    cookies = cookies.map(c => {
-      const copy = { ...c };
-      // Working around setter issue in Chrome. Cookies are now None by default.
-      if (copy.sameSite === 'None')
-        delete copy.sameSite;
-      return copy;
-    });
     await this._browser._session.send('Storage.setCookies', { cookies: network.rewriteCookies(cookies), browserContextId: this._browserContextId || undefined });
   }
 
diff --git a/src/server/chromium.ts b/src/server/chromium.ts
index 6c79eabb1c..e7d6b6f727 100644
--- a/src/server/chromium.ts
+++ b/src/server/chromium.ts
@@ -304,7 +304,7 @@ const DEFAULT_ARGS = [
   '--disable-dev-shm-usage',
   '--disable-extensions',
   // BlinkGenPropertyTrees disabled due to crbug.com/937609
-  '--disable-features=TranslateUI,BlinkGenPropertyTrees',
+  '--disable-features=TranslateUI,BlinkGenPropertyTrees,ImprovedCookieControls,SameSiteByDefaultCookies',
   '--disable-hang-monitor',
   '--disable-ipc-flooding-protection',
   '--disable-popup-blocking',
diff --git a/test/headful.spec.js b/test/headful.spec.js
index 92b63224bf..87ca758e6d 100644
--- a/test/headful.spec.js
+++ b/test/headful.spec.js
@@ -79,4 +79,39 @@ describe('Headful', function() {
     await page.click('button');
     await browser.close();
   });
+  it('should(not) block third party cookies', async({browserType, defaultBrowserOptions, server}) => {
+    const browser = await browserType.launch({...defaultBrowserOptions, headless: false });
+    const page = await browser.newPage();
+    await page.goto(server.EMPTY_PAGE);
+    await page.evaluate(src => {
+      let fulfill;
+      const promise = new Promise(x => fulfill = x);
+      const iframe = document.createElement('iframe');
+      document.body.appendChild(iframe);
+      iframe.onload = fulfill;
+      iframe.src = src;
+      return promise;
+    }, server.CROSS_PROCESS_PREFIX + '/grid.html');
+    await page.frames()[1].evaluate(`document.cookie = 'username=John Doe'`);
+    await page.waitForTimeout(2000);
+    const allowsThirdParty = CHROMIUM || FFOX;
+    const cookies = await page.context().cookies(server.CROSS_PROCESS_PREFIX + '/grid.html');
+    if (allowsThirdParty) {
+      expect(cookies).toEqual([
+        {
+          "domain": "127.0.0.1",
+          "expires": -1,
+          "httpOnly": false,
+          "name": "username",
+          "path": "/",
+          "sameSite": "None",
+          "secure": false,
+          "value": "John Doe"
+        }
+      ]);
+    } else {
+      expect(cookies).toEqual([]);
+    }
+    await browser.close();
+  });
 });