fix(chromium): disable same site by default and improved controls (#2097)

2020-05-04 13:43:44 -07:00 · 2020-05-04 13:43:44 -07:00 · 710c156d48
parent 142e5859c1
commit 710c156d48
3 changed files with 36 additions and 8 deletions
--- a/src/chromium/crBrowser.ts
+++ b/src/chromium/crBrowser.ts
@ -343,13 +343,6 @@ export class CRBrowserContext extends BrowserContextBase {
  }
  async addCookies(cookies: network.SetNetworkCookieParam[]) {
    cookies = cookies.map(c => {
      const copy = { ...c };
      // Working around setter issue in Chrome. Cookies are now None by default.
      if (copy.sameSite === 'None')
        delete copy.sameSite;
      return copy;
    });
    await this._browser._session.send('Storage.setCookies', { cookies: network.rewriteCookies(cookies), browserContextId: this._browserContextId || undefined });
  }
--- a/src/server/chromium.ts
+++ b/src/server/chromium.ts
@ -304,7 +304,7 @@ const DEFAULT_ARGS = [
  '--disable-dev-shm-usage',
  '--disable-extensions',
  // BlinkGenPropertyTrees disabled due to crbug.com/937609
-  '--disable-features=TranslateUI,BlinkGenPropertyTrees',
+  '--disable-features=TranslateUI,BlinkGenPropertyTrees,ImprovedCookieControls,SameSiteByDefaultCookies',
  '--disable-hang-monitor',
  '--disable-ipc-flooding-protection',
  '--disable-popup-blocking',
--- a/test/headful.spec.js
+++ b/test/headful.spec.js
@ -79,4 +79,39 @@ describe('Headful', function() {
    await page.click('button');
    await browser.close();
  });
  it('should(not) block third party cookies', async({browserType, defaultBrowserOptions, server}) => {
    const browser = await browserType.launch({...defaultBrowserOptions, headless: false });
    const page = await browser.newPage();
    await page.goto(server.EMPTY_PAGE);
    await page.evaluate(src => {
      let fulfill;
      const promise = new Promise(x => fulfill = x);
      const iframe = document.createElement('iframe');
      document.body.appendChild(iframe);
      iframe.onload = fulfill;
      iframe.src = src;
      return promise;
    }, server.CROSS_PROCESS_PREFIX + '/grid.html');
    await page.frames()[1].evaluate(`document.cookie = 'username=John Doe'`);
    await page.waitForTimeout(2000);
    const allowsThirdParty = CHROMIUM || FFOX;
    const cookies = await page.context().cookies(server.CROSS_PROCESS_PREFIX + '/grid.html');
    if (allowsThirdParty) {
      expect(cookies).toEqual([
        {
          "domain": "127.0.0.1",
          "expires": -1,
          "httpOnly": false,
          "name": "username",
          "path": "/",
          "sameSite": "None",
          "secure": false,
          "value": "John Doe"
        }
      ]);
    } else {
      expect(cookies).toEqual([]);
    }
    await browser.close();
  });
 });