Fix first party url for cookie filter

Stop using SiteForCookies::RepresentativeUrl() if it is used to provide first party url because it returns a truncated URL and our API is expected to return the full url of the first party. Fixes: QTBUG-90231 Change-Id: I628f7f31bfbeaf3de976ae9af1a8fa6408b661c5 Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
author: Tamas Zakor <ztamas@inf.u-szeged.hu> 2021-02-09 07:25:03 +0100
committer: Peter Varga <pvarga@inf.u-szeged.hu> 2021-04-15 19:38:20 +0200
commit: b5834447f319a43d1bf143c9d2d96d6fcb6dbea9 (patch)
tree: 60667caa239a4b541ab003f3d686a6d55bcf213b
parent: 88564c09bbfa592fab096a7ef4b6db207e4ef90f (diff)
7 files changed, 34 insertions, 18 deletions
diff --git a/src/3rdparty b/src/3rdparty
-Subproject 048f5e99303d4bf6b3c872ada7aadafaaebec93
+Subproject 6764c29f7c5aaf9ecbe6532f9e2b845604c926a
diff --git a/src/core/net/cookie_monster_delegate_qt.cpp b/src/core/net/cookie_monster_delegate_qt.cpp
index 792d34373..6d72a622b 100644
--- a/src/core/net/cookie_monster_delegate_qt.cpp
+++ b/src/core/net/cookie_monster_delegate_qt.cpp
@@ -80,7 +80,7 @@ public:
 
     void AllowedAccess(const GURL &url, const net::SiteForCookies &site_for_cookies, AllowedAccessCallback callback) override
     {
-        bool allow = m_delegate->canGetCookies(toQt(site_for_cookies.RepresentativeUrl()), toQt(url));
+        bool allow = m_delegate->canGetCookies(toQt(site_for_cookies.first_party_url()), toQt(url));
         std::move(callback).Run(allow);
     }
 
diff --git a/src/core/net/proxying_restricted_cookie_manager_qt.cpp b/src/core/net/proxying_restricted_cookie_manager_qt.cpp
index b0d3787de..f86c0e997 100644
--- a/src/core/net/proxying_restricted_cookie_manager_qt.cpp
+++ b/src/core/net/proxying_restricted_cookie_manager_qt.cpp
@@ -197,7 +197,7 @@ bool ProxyingRestrictedCookieManagerQt::allowCookies(const GURL &url, const net:
 {
     if (!m_profileIoData)
         return false;
-    return m_profileIoData->canGetCookies(toQt(site_for_cookies.RepresentativeUrl()), toQt(url));
+    return m_profileIoData->canGetCookies(toQt(site_for_cookies.first_party_url()), toQt(url));
 }
 
 }  // namespace QtWebEngineCore
diff --git a/src/core/net/proxying_url_loader_factory_qt.cpp b/src/core/net/proxying_url_loader_factory_qt.cpp
index ec107fe70..fe9176f1f 100644
--- a/src/core/net/proxying_url_loader_factory_qt.cpp
+++ b/src/core/net/proxying_url_loader_factory_qt.cpp
@@ -266,7 +266,7 @@ void InterceptedRequest::Restart()
     if (!top_document_url.is_empty())
         firstPartyUrl = toQt(top_document_url);
     else
-        firstPartyUrl = toQt(request_.site_for_cookies.RepresentativeUrl()); // m_topDocumentUrl can be empty for the main-frame.
+        firstPartyUrl = toQt(request_.site_for_cookies.first_party_url()); // m_topDocumentUrl can be empty for the main-frame.
 
     auto info = new QWebEngineUrlRequestInfoPrivate(resourceType, navigationType, originalUrl, firstPartyUrl,
                                                     initiator, QByteArray::fromStdString(request_.method));
diff --git a/tests/auto/core/qwebenginecookiestore/tst_qwebenginecookiestore.cpp b/tests/auto/core/qwebenginecookiestore/tst_qwebenginecookiestore.cpp
index 5290d5373..bcaebc5f5 100644
--- a/tests/auto/core/qwebenginecookiestore/tst_qwebenginecookiestore.cpp
+++ b/tests/auto/core/qwebenginecookiestore/tst_qwebenginecookiestore.cpp
@@ -249,22 +249,27 @@ void tst_QWebEngineCookieStore::basicFilterOverHTTP()
     QWebEngineCookieStore *client = m_profile->cookieStore();
 
     QAtomicInt accessTested = 0;
-    client->setCookieFilter([&](const QWebEngineCookieStore::FilterRequest &) { ++accessTested; return true; });
+    QList<QPair<QUrl, QUrl>> resourceFirstParty;
+    client->setCookieFilter([&](const QWebEngineCookieStore::FilterRequest &request) {
+        resourceFirstParty.append(qMakePair(request.origin, request.firstPartyUrl));
+        ++accessTested;
+        return true;
+    });
 
     HttpServer httpServer;
-
-    if (!httpServer.start())
-        QSKIP("Failed to start http server");
+    httpServer.setHostDomain(QString("sub.test.localhost"));
+    QVERIFY(httpServer.start());
 
     QByteArray cookieRequestHeader;
     connect(&httpServer, &HttpServer::newRequest, [&cookieRequestHeader](HttpReqRep *rr) {
-        if (rr->requestPath().size() <= 1) {
+        if (rr->requestMethod() == "GET" && rr->requestPath() == "/test.html") {
             cookieRequestHeader = rr->requestHeader(QByteArrayLiteral("Cookie"));
             if (cookieRequestHeader.isEmpty())
                 rr->setResponseHeader(QByteArrayLiteral("Set-Cookie"), QByteArrayLiteral("Test=test"));
+            rr->setResponseBody("<head><link rel='icon' type='image/png' href='resources/Fav.png'/>"
+                                "<title>Page with a favicon and an icon</title></head>"
+                                "<body><img src='resources/Img.ico'></body>");
             rr->sendResponse();
-        } else {
-            rr->sendResponse(404);
         }
     });
 
@@ -273,12 +278,13 @@ void tst_QWebEngineCookieStore::basicFilterOverHTTP()
     QSignalSpy cookieRemovedSpy(client, SIGNAL(cookieRemoved(const QNetworkCookie &)));
     QSignalSpy serverSpy(&httpServer, SIGNAL(newRequest(HttpReqRep *)));
 
-    page.load(httpServer.url());
+    QUrl firstPartyUrl = httpServer.url("/test.html");
+    page.load(firstPartyUrl);
 
     QTRY_COMPARE_WITH_TIMEOUT(loadSpy.count(), 1, 30000);
     QVERIFY(loadSpy.takeFirst().takeFirst().toBool());
     QTRY_COMPARE(cookieAddedSpy.count(), 1);
-    QTRY_COMPARE(accessTested.loadAcquire(), 3);
+    QTRY_COMPARE(accessTested.loadAcquire(), 4);
     QVERIFY(cookieRequestHeader.isEmpty());
 
     page.triggerAction(QWebEnginePage::Reload);
@@ -286,12 +292,16 @@ void tst_QWebEngineCookieStore::basicFilterOverHTTP()
     QVERIFY(loadSpy.takeFirst().takeFirst().toBool());
     QVERIFY(!cookieRequestHeader.isEmpty());
     QTRY_COMPARE(cookieAddedSpy.count(), 1);
-    QTRY_COMPARE(accessTested.loadAcquire(), 5);
+    QTRY_COMPARE(accessTested.loadAcquire(), 7);
 
     client->deleteAllCookies();
     QTRY_COMPARE(cookieRemovedSpy.count(), 1);
 
-    client->setCookieFilter([&](const QWebEngineCookieStore::FilterRequest &) { ++accessTested; return false; });
+    client->setCookieFilter([&](const QWebEngineCookieStore::FilterRequest &request) {
+        resourceFirstParty.append(qMakePair(request.origin, request.firstPartyUrl));
+        ++accessTested;
+        return false;
+    });
     page.triggerAction(QWebEnginePage::ReloadAndBypassCache);
     QTRY_COMPARE(loadSpy.count(), 1);
     QVERIFY(loadSpy.takeFirst().takeFirst().toBool());
@@ -299,8 +309,7 @@ void tst_QWebEngineCookieStore::basicFilterOverHTTP()
     // Test cookies are NOT added:
     QTest::qWait(100);
     QCOMPARE(cookieAddedSpy.count(), 1);
-    QTRY_COMPARE(accessTested.loadAcquire(), 8);
-
+    QTRY_COMPARE(accessTested.loadAcquire(), 11);
     page.triggerAction(QWebEnginePage::Reload);
     QTRY_COMPARE(loadSpy.count(), 1);
     QVERIFY(loadSpy.takeFirst().takeFirst().toBool());
@@ -308,8 +317,13 @@ void tst_QWebEngineCookieStore::basicFilterOverHTTP()
     QCOMPARE(cookieAddedSpy.count(), 1);
 
     // Wait for last GET /favicon.ico
-    QTRY_COMPARE(serverSpy.count(), 8);
+    QTRY_COMPARE(serverSpy.count(), 12);
     (void) httpServer.stop();
+
+    QCOMPARE(resourceFirstParty.size(), accessTested.loadAcquire());
+    for (auto &&p : qAsConst(resourceFirstParty))
+        QVERIFY2(p.second == firstPartyUrl,
+                 qPrintable(QString("Resource [%1] has wrong firstPartyUrl: %2").arg(p.first.toString(), p.second.toString())));
 }
 
 void tst_QWebEngineCookieStore::html5featureFilter()
diff --git a/tests/auto/core/qwebengineurlrequestinterceptor/tst_qwebengineurlrequestinterceptor.cpp b/tests/auto/core/qwebengineurlrequestinterceptor/tst_qwebengineurlrequestinterceptor.cpp
index 4750c8d0e..7981a45bf 100644
--- a/tests/auto/core/qwebengineurlrequestinterceptor/tst_qwebengineurlrequestinterceptor.cpp
+++ b/tests/auto/core/qwebengineurlrequestinterceptor/tst_qwebengineurlrequestinterceptor.cpp
@@ -796,7 +796,7 @@ void tst_QWebEngineUrlRequestInterceptor::jsServiceWorker()
     QTRY_COMPARE(page->messages.count(), 1);
     QCOMPARE(page->levels.at(0), QWebEnginePage::InfoMessageLevel);
 
-    QUrl firstPartyUrl = QUrl(server.url().toString(QUrl::RemovePort));
+    QUrl firstPartyUrl = QUrl(server.url().toString() + "sw.js");
     QList<RequestInfo> infos;
     // Service Worker
     QTRY_VERIFY(interceptor.hasUrlRequestForType(QWebEngineUrlRequestInfo::ResourceTypeServiceWorker));
diff --git a/tests/auto/shared/httpserver.h b/tests/auto/shared/httpserver.h
index 952ead220..3ec69f8ed 100644
--- a/tests/auto/shared/httpserver.h
+++ b/tests/auto/shared/httpserver.h
@@ -78,6 +78,8 @@ public:
 
     Q_INVOKABLE void setResourceDirs(const QStringList &dirs) { m_dirs = dirs; }
 
+    Q_INVOKABLE void setHostDomain(const QString &host) { m_url.setHost(host); }
+
 Q_SIGNALS:
     // Emitted after a HTTP request has been successfully parsed.
     void newRequest(HttpReqRep *reqRep);
author	Tamas Zakor <ztamas@inf.u-szeged.hu>	2021-02-09 07:25:03 +0100
committer	Peter Varga <pvarga@inf.u-szeged.hu>	2021-04-15 19:38:20 +0200
commit	b5834447f319a43d1bf143c9d2d96d6fcb6dbea9 (patch)
tree	60667caa239a4b541ab003f3d686a6d55bcf213b
parent	88564c09bbfa592fab096a7ef4b6db207e4ef90f (diff)