Filip/playwright
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

fix(fetch): support SameSite attribute (#17748)

Browse source 
Fixes https://github.com/microsoft/playwright/issues/17398
This commit is contained in:
Yury Semikhatsky 2022-09-30 15:01:59 -07:00 committed by GitHub
parent 4a32010dbc
commit 9b35a8071f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 52 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
packages/playwright-core/src/server/fetch.ts
View file

@ -566,7 +566,9 @@ function parseCookie(header: string): channels.NetworkCookie | null {
expires: -1, expires: -1,
httpOnly: false, httpOnly: false,
secure: false, secure: false,
sameSite: 'Lax' // None for non-chromium // From https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
// The cookie-sending behavior if SameSite is not specified is SameSite=Lax.
sameSite: 'Lax'
}; };
for (let i = 1; i < pairs.length; i++) { for (let i = 1; i < pairs.length; i++) {
const [name, value] = pairs[i]; const [name, value] = pairs[i];
@ -595,6 +597,19 @@ function parseCookie(header: string): channels.NetworkCookie | null {
case 'httponly': case 'httponly':
cookie.httpOnly = true; cookie.httpOnly = true;
break; break;
case 'samesite':
switch (value.toLowerCase()) {
case 'none':
cookie.sameSite = 'None';
break;
case 'lax':
cookie.sameSite = 'Lax';
break;
case 'strict':
cookie.sameSite = 'Strict';
break;
}
break;
} }
} }
return cookie; return cookie;

36
tests/library/browsercontext-fetch.spec.ts
View file

@ -1026,3 +1026,39 @@ it('should work with connectOverCDP', async ({ browserName, browserType, server
await browserServer.close(); await browserServer.close();
} }
}); });
it('should support SameSite cookie attribute over https', async ({ contextFactory, httpsServer }) => {
// Cookies with SameSite=None must also specify the Secure attribute. WebKit navigation
// to HTTP url will fail if the response contains a cookie with Secure attribute, so
// we do HTTPS navigation.
const context = await contextFactory({ ignoreHTTPSErrors: true });
const page = await context.newPage();
for (const value of ['None', 'Lax', 'Strict']) {
await it.step(`SameSite=${value}`, async () => {
httpsServer.setRoute('/empty.html', (req, res) => {
res.setHeader('Set-Cookie', `SID=2022; Path=/; Secure; SameSite=${value}`);
res.end();
});
await page.request.get(httpsServer.EMPTY_PAGE);
const [cookie] = await page.context().cookies();
expect(cookie.sameSite).toBe(value);
});
}
});
it('should support set-cookie with SameSite and without Secure attribute over HTTP', async ({ page, server, browserName }) => {
for (const value of ['None', 'Lax', 'Strict']) {
await it.step(`SameSite=${value}`, async () => {
server.setRoute('/empty.html', (req, res) => {
res.setHeader('Set-Cookie', `SID=2022; Path=/; SameSite=${value}`);
res.end();
});
await page.request.get(server.EMPTY_PAGE);
const [cookie] = await page.context().cookies();
if (browserName === 'chromium' && value === 'None')
expect(cookie).toBeFalsy();
else
expect(cookie.sameSite).toBe(value);
});
}
});