Revert "fix(webkit): make cookie SameSite=Lax by default"

This reverts commit eababcf511.
This commit is contained in:
Yury Semikhatsky 2024-05-24 17:25:48 -07:00
parent eababcf511
commit b1a2d99fd4
5 changed files with 25 additions and 33 deletions

View file

@ -256,11 +256,7 @@ export class WKBrowserContext extends BrowserContext {
async doGetCookies(urls: string[]): Promise<channels.NetworkCookie[]> {
const { cookies } = await this._browser._browserSession.send('Playwright.getAllCookies', { browserContextId: this._browserContextId });
return network.filterCookies(cookies.map((c: channels.NetworkCookie) => {
const copy: any = { ...c };
// "Prevent cross-site tracking." is on by default in Safary, which essentially
// disables SameSite=None and such cookies become Lax.
if (copy.sameSite === 'None')
copy.sameSite = 'Lax';
const copy: any = { ... c };
copy.expires = c.expires === -1 ? -1 : c.expires / 1000;
delete copy.session;
return copy as channels.NetworkCookie;
@ -271,10 +267,7 @@ export class WKBrowserContext extends BrowserContext {
const cc = network.rewriteCookies(cookies).map(c => ({
...c,
session: c.expires === -1 || c.expires === undefined,
expires: c.expires && c.expires !== -1 ? c.expires * 1000 : c.expires,
// With "Prevent cross-site tracking." on by default in Safary, SameSite=None cookies
// behave as Lax.
sameSite: (!c.sameSite || c.sameSite === 'None') ? 'Lax' : c.sameSite,
expires: c.expires && c.expires !== -1 ? c.expires * 1000 : c.expires
})) as Protocol.Playwright.SetCookieParam[];
await this._browser._browserSession.send('Playwright.setCookies', { cookies: cc, browserContextId: this._browserContextId });
}

View file

@ -67,11 +67,11 @@ const test = baseTest.extend<BrowserTestTestFixtures, BrowserTestWorkerFixtures>
await run(false);
}, { scope: 'worker' }],
defaultSameSiteCookieValue: [async ({ browserName, browserMajorVersion, channel, platform }, run) => {
defaultSameSiteCookieValue: [async ({ browserName, browserMajorVersion, channel }, run) => {
if (browserName === 'chromium')
await run('Lax');
else if (browserName === 'webkit')
await run('Lax');
await run('None');
else if (browserName === 'firefox' && channel === 'firefox-beta')
await run(browserMajorVersion >= 103 && browserMajorVersion < 110 ? 'Lax' : 'None');
else if (browserName === 'firefox' && channel !== 'firefox-beta')

View file

@ -224,7 +224,7 @@ it('should have |expires| set to |-1| for session cookies', async ({ context, se
expect(cookies[0].expires).toBe(-1);
});
it('should set cookie with reasonable defaults', async ({ context, server, browserName, defaultSameSiteCookieValue }) => {
it('should set cookie with reasonable defaults', async ({ context, server, browserName }) => {
await context.addCookies([{
url: server.EMPTY_PAGE,
name: 'defaults',
@ -239,7 +239,7 @@ it('should set cookie with reasonable defaults', async ({ context, server, brows
expires: -1,
httpOnly: false,
secure: false,
sameSite: defaultSameSiteCookieValue,
sameSite: browserName === 'chromium' ? 'Lax' : 'None',
}]);
});

View file

@ -147,7 +147,7 @@ it('should get cookies from multiple urls', async ({ context, browserName, isWin
url: 'https://foo.com',
name: 'doggo',
value: 'woofs',
sameSite: 'Lax',
sameSite: 'None',
}, {
url: 'https://bar.com',
name: 'catto',
@ -168,7 +168,7 @@ it('should get cookies from multiple urls', async ({ context, browserName, isWin
expires: -1,
httpOnly: false,
secure: true,
sameSite: 'Lax',
sameSite: (browserName === 'webkit' && isWindows) ? 'None' : 'Lax',
}, {
name: 'doggo',
value: 'woofs',
@ -177,7 +177,7 @@ it('should get cookies from multiple urls', async ({ context, browserName, isWin
expires: -1,
httpOnly: false,
secure: true,
sameSite: 'Lax',
sameSite: 'None',
}]));
});
@ -279,7 +279,7 @@ it('should add cookies with an expiration', async ({ context }) => {
url: 'https://foo.com',
name: 'doggo',
value: 'woofs',
sameSite: 'Lax',
sameSite: 'None',
expires,
}]);
const cookies = await context.cookies(['https://foo.com']);
@ -292,7 +292,7 @@ it('should add cookies with an expiration', async ({ context }) => {
expires,
httpOnly: false,
secure: true,
sameSite: 'Lax',
sameSite: 'None',
}]);
{
// Rollover to 5-digit year
@ -300,14 +300,14 @@ it('should add cookies with an expiration', async ({ context }) => {
url: 'https://foo.com',
name: 'doggo',
value: 'woofs',
sameSite: 'Lax',
sameSite: 'None',
expires: 253402300799, // Fri, 31 Dec 9999 23:59:59 +0000 (UTC)
}]);
await expect(context.addCookies([{
url: 'https://foo.com',
name: 'doggo',
value: 'woofs',
sameSite: 'Lax',
sameSite: 'None',
expires: 253402300800, // Sat, 1 Jan 1000 00:00:00 +0000 (UTC)
}])).rejects.toThrow(/Cookie should have a valid expires/);
}
@ -316,7 +316,7 @@ it('should add cookies with an expiration', async ({ context }) => {
url: 'https://foo.com',
name: 'doggo',
value: 'woofs',
sameSite: 'Lax',
sameSite: 'None',
expires: -42,
}])).rejects.toThrow(/Cookie should have a valid expires/);
});
@ -350,26 +350,26 @@ it('should be able to send third party cookies via an iframe', async ({ browser,
}
});
it('should support requestStorageAccess', async ({ browser, httpsServer, channel, browserName, isLinux, isMac }) => {
const page = await browser.newPage({ ignoreHTTPSErrors: true });
it('should support requestStorageAccess', async ({ page, server, channel, browserName, isMac, isLinux, isWindows }) => {
it.info().annotations.push({ type: 'issue', description: 'https://github.com/microsoft/playwright/issues/17285' });
it.skip(browserName === 'chromium', 'requestStorageAccess API is not available in Chromium');
it.skip(channel === 'firefox-beta', 'hasStorageAccess returns true, but no cookie is sent');
httpsServer.setRoute('/set-cookie.html', (req, res) => {
res.setHeader('Set-Cookie', 'name=value; Path=/; SameSite=None; Secure');
server.setRoute('/set-cookie.html', (req, res) => {
res.setHeader('Set-Cookie', 'name=value; Path=/');
res.end();
});
// Navigate once to the domain as top level.
await page.goto(httpsServer.CROSS_PROCESS_PREFIX + '/set-cookie.html');
await page.goto(httpsServer.EMPTY_PAGE);
await page.setContent(`<iframe src="${httpsServer.CROSS_PROCESS_PREFIX + '/empty.html'}"></iframe>`);
await page.goto(server.CROSS_PROCESS_PREFIX + '/set-cookie.html');
await page.goto(server.EMPTY_PAGE);
await page.setContent(`<iframe src="${server.CROSS_PROCESS_PREFIX + '/empty.html'}"></iframe>`);
const frame = page.frames()[1];
if (browserName === 'firefox') {
expect(await frame.evaluate(() => document.hasStorageAccess())).toBeTruthy();
{
const [serverRequest] = await Promise.all([
httpsServer.waitForRequest('/title.html'),
server.waitForRequest('/title.html'),
frame.evaluate(() => fetch('/title.html'))
]);
expect(serverRequest.headers.cookie).toBe('name=value');
@ -381,7 +381,7 @@ it('should support requestStorageAccess', async ({ browser, httpsServer, channel
expect(await frame.evaluate(() => document.hasStorageAccess())).toBeFalsy();
{
const [serverRequest] = await Promise.all([
httpsServer.waitForRequest('/title.html'),
server.waitForRequest('/title.html'),
frame.evaluate(() => fetch('/title.html'))
]);
if (!isMac && browserName === 'webkit')
@ -393,13 +393,12 @@ it('should support requestStorageAccess', async ({ browser, httpsServer, channel
expect(await frame.evaluate(() => document.hasStorageAccess())).toBeTruthy();
{
const [serverRequest] = await Promise.all([
httpsServer.waitForRequest('/title.html'),
server.waitForRequest('/title.html'),
frame.evaluate(() => fetch('/title.html'))
]);
expect(serverRequest.headers.cookie).toBe('name=value');
}
}
await page.close();
});
it('should parse cookie with large Max-Age correctly', async ({ server, page, defaultSameSiteCookieValue, browserName, platform }) => {

View file

@ -1211,7 +1211,7 @@ it('should support set-cookie with SameSite and without Secure attribute over HT
});
await page.request.get(server.EMPTY_PAGE);
const [cookie] = await page.context().cookies();
if (['chromium', 'webkit'].includes(browserName) && value === 'None')
if (browserName === 'chromium' && value === 'None')
expect(cookie).toBeFalsy();
else if (browserName === 'webkit' && isWindows)
expect(cookie.sameSite).toBe('None');