diff options
author | Tamas Zakor <ztamas@inf.u-szeged.hu> | 2021-02-09 07:25:03 +0100 |
---|---|---|
committer | Peter Varga <pvarga@inf.u-szeged.hu> | 2021-04-15 19:38:20 +0200 |
commit | b5834447f319a43d1bf143c9d2d96d6fcb6dbea9 (patch) | |
tree | 60667caa239a4b541ab003f3d686a6d55bcf213b | |
parent | 88564c09bbfa592fab096a7ef4b6db207e4ef90f (diff) |
Fix first party url for cookie filter
Stop using SiteForCookies::RepresentativeUrl() if it is used to provide
first party url because it returns a truncated URL and our API is expected
to return the full url of the first party.
Fixes: QTBUG-90231
Change-Id: I628f7f31bfbeaf3de976ae9af1a8fa6408b661c5
Reviewed-by: Kirill Burtsev <kirill.burtsev@qt.io>
7 files changed, 34 insertions, 18 deletions
diff --git a/src/3rdparty b/src/3rdparty -Subproject 048f5e99303d4bf6b3c872ada7aadafaaebec93 +Subproject 6764c29f7c5aaf9ecbe6532f9e2b845604c926a diff --git a/src/core/net/cookie_monster_delegate_qt.cpp b/src/core/net/cookie_monster_delegate_qt.cpp index 792d34373..6d72a622b 100644 --- a/src/core/net/cookie_monster_delegate_qt.cpp +++ b/src/core/net/cookie_monster_delegate_qt.cpp @@ -80,7 +80,7 @@ public: void AllowedAccess(const GURL &url, const net::SiteForCookies &site_for_cookies, AllowedAccessCallback callback) override { - bool allow = m_delegate->canGetCookies(toQt(site_for_cookies.RepresentativeUrl()), toQt(url)); + bool allow = m_delegate->canGetCookies(toQt(site_for_cookies.first_party_url()), toQt(url)); std::move(callback).Run(allow); } diff --git a/src/core/net/proxying_restricted_cookie_manager_qt.cpp b/src/core/net/proxying_restricted_cookie_manager_qt.cpp index b0d3787de..f86c0e997 100644 --- a/src/core/net/proxying_restricted_cookie_manager_qt.cpp +++ b/src/core/net/proxying_restricted_cookie_manager_qt.cpp @@ -197,7 +197,7 @@ bool ProxyingRestrictedCookieManagerQt::allowCookies(const GURL &url, const net: { if (!m_profileIoData) return false; - return m_profileIoData->canGetCookies(toQt(site_for_cookies.RepresentativeUrl()), toQt(url)); + return m_profileIoData->canGetCookies(toQt(site_for_cookies.first_party_url()), toQt(url)); } } // namespace QtWebEngineCore diff --git a/src/core/net/proxying_url_loader_factory_qt.cpp b/src/core/net/proxying_url_loader_factory_qt.cpp index ec107fe70..fe9176f1f 100644 --- a/src/core/net/proxying_url_loader_factory_qt.cpp +++ b/src/core/net/proxying_url_loader_factory_qt.cpp @@ -266,7 +266,7 @@ void InterceptedRequest::Restart() if (!top_document_url.is_empty()) firstPartyUrl = toQt(top_document_url); else - firstPartyUrl = toQt(request_.site_for_cookies.RepresentativeUrl()); // m_topDocumentUrl can be empty for the main-frame. + firstPartyUrl = toQt(request_.site_for_cookies.first_party_url()); // m_topDocumentUrl can be empty for the main-frame. auto info = new QWebEngineUrlRequestInfoPrivate(resourceType, navigationType, originalUrl, firstPartyUrl, initiator, QByteArray::fromStdString(request_.method)); diff --git a/tests/auto/core/qwebenginecookiestore/tst_qwebenginecookiestore.cpp b/tests/auto/core/qwebenginecookiestore/tst_qwebenginecookiestore.cpp index 5290d5373..bcaebc5f5 100644 --- a/tests/auto/core/qwebenginecookiestore/tst_qwebenginecookiestore.cpp +++ b/tests/auto/core/qwebenginecookiestore/tst_qwebenginecookiestore.cpp @@ -249,22 +249,27 @@ void tst_QWebEngineCookieStore::basicFilterOverHTTP() QWebEngineCookieStore *client = m_profile->cookieStore(); QAtomicInt accessTested = 0; - client->setCookieFilter([&](const QWebEngineCookieStore::FilterRequest &) { ++accessTested; return true; }); + QList<QPair<QUrl, QUrl>> resourceFirstParty; + client->setCookieFilter([&](const QWebEngineCookieStore::FilterRequest &request) { + resourceFirstParty.append(qMakePair(request.origin, request.firstPartyUrl)); + ++accessTested; + return true; + }); HttpServer httpServer; - - if (!httpServer.start()) - QSKIP("Failed to start http server"); + httpServer.setHostDomain(QString("sub.test.localhost")); + QVERIFY(httpServer.start()); QByteArray cookieRequestHeader; connect(&httpServer, &HttpServer::newRequest, [&cookieRequestHeader](HttpReqRep *rr) { - if (rr->requestPath().size() <= 1) { + if (rr->requestMethod() == "GET" && rr->requestPath() == "/test.html") { cookieRequestHeader = rr->requestHeader(QByteArrayLiteral("Cookie")); if (cookieRequestHeader.isEmpty()) rr->setResponseHeader(QByteArrayLiteral("Set-Cookie"), QByteArrayLiteral("Test=test")); + rr->setResponseBody("<head><link rel='icon' type='image/png' href='resources/Fav.png'/>" + "<title>Page with a favicon and an icon</title></head>" + "<body><img src='resources/Img.ico'></body>"); rr->sendResponse(); - } else { - rr->sendResponse(404); } }); @@ -273,12 +278,13 @@ void tst_QWebEngineCookieStore::basicFilterOverHTTP() QSignalSpy cookieRemovedSpy(client, SIGNAL(cookieRemoved(const QNetworkCookie &))); QSignalSpy serverSpy(&httpServer, SIGNAL(newRequest(HttpReqRep *))); - page.load(httpServer.url()); + QUrl firstPartyUrl = httpServer.url("/test.html"); + page.load(firstPartyUrl); QTRY_COMPARE_WITH_TIMEOUT(loadSpy.count(), 1, 30000); QVERIFY(loadSpy.takeFirst().takeFirst().toBool()); QTRY_COMPARE(cookieAddedSpy.count(), 1); - QTRY_COMPARE(accessTested.loadAcquire(), 3); + QTRY_COMPARE(accessTested.loadAcquire(), 4); QVERIFY(cookieRequestHeader.isEmpty()); page.triggerAction(QWebEnginePage::Reload); @@ -286,12 +292,16 @@ void tst_QWebEngineCookieStore::basicFilterOverHTTP() QVERIFY(loadSpy.takeFirst().takeFirst().toBool()); QVERIFY(!cookieRequestHeader.isEmpty()); QTRY_COMPARE(cookieAddedSpy.count(), 1); - QTRY_COMPARE(accessTested.loadAcquire(), 5); + QTRY_COMPARE(accessTested.loadAcquire(), 7); client->deleteAllCookies(); QTRY_COMPARE(cookieRemovedSpy.count(), 1); - client->setCookieFilter([&](const QWebEngineCookieStore::FilterRequest &) { ++accessTested; return false; }); + client->setCookieFilter([&](const QWebEngineCookieStore::FilterRequest &request) { + resourceFirstParty.append(qMakePair(request.origin, request.firstPartyUrl)); + ++accessTested; + return false; + }); page.triggerAction(QWebEnginePage::ReloadAndBypassCache); QTRY_COMPARE(loadSpy.count(), 1); QVERIFY(loadSpy.takeFirst().takeFirst().toBool()); @@ -299,8 +309,7 @@ void tst_QWebEngineCookieStore::basicFilterOverHTTP() // Test cookies are NOT added: QTest::qWait(100); QCOMPARE(cookieAddedSpy.count(), 1); - QTRY_COMPARE(accessTested.loadAcquire(), 8); - + QTRY_COMPARE(accessTested.loadAcquire(), 11); page.triggerAction(QWebEnginePage::Reload); QTRY_COMPARE(loadSpy.count(), 1); QVERIFY(loadSpy.takeFirst().takeFirst().toBool()); @@ -308,8 +317,13 @@ void tst_QWebEngineCookieStore::basicFilterOverHTTP() QCOMPARE(cookieAddedSpy.count(), 1); // Wait for last GET /favicon.ico - QTRY_COMPARE(serverSpy.count(), 8); + QTRY_COMPARE(serverSpy.count(), 12); (void) httpServer.stop(); + + QCOMPARE(resourceFirstParty.size(), accessTested.loadAcquire()); + for (auto &&p : qAsConst(resourceFirstParty)) + QVERIFY2(p.second == firstPartyUrl, + qPrintable(QString("Resource [%1] has wrong firstPartyUrl: %2").arg(p.first.toString(), p.second.toString()))); } void tst_QWebEngineCookieStore::html5featureFilter() diff --git a/tests/auto/core/qwebengineurlrequestinterceptor/tst_qwebengineurlrequestinterceptor.cpp b/tests/auto/core/qwebengineurlrequestinterceptor/tst_qwebengineurlrequestinterceptor.cpp index 4750c8d0e..7981a45bf 100644 --- a/tests/auto/core/qwebengineurlrequestinterceptor/tst_qwebengineurlrequestinterceptor.cpp +++ b/tests/auto/core/qwebengineurlrequestinterceptor/tst_qwebengineurlrequestinterceptor.cpp @@ -796,7 +796,7 @@ void tst_QWebEngineUrlRequestInterceptor::jsServiceWorker() QTRY_COMPARE(page->messages.count(), 1); QCOMPARE(page->levels.at(0), QWebEnginePage::InfoMessageLevel); - QUrl firstPartyUrl = QUrl(server.url().toString(QUrl::RemovePort)); + QUrl firstPartyUrl = QUrl(server.url().toString() + "sw.js"); QList<RequestInfo> infos; // Service Worker QTRY_VERIFY(interceptor.hasUrlRequestForType(QWebEngineUrlRequestInfo::ResourceTypeServiceWorker)); diff --git a/tests/auto/shared/httpserver.h b/tests/auto/shared/httpserver.h index 952ead220..3ec69f8ed 100644 --- a/tests/auto/shared/httpserver.h +++ b/tests/auto/shared/httpserver.h @@ -78,6 +78,8 @@ public: Q_INVOKABLE void setResourceDirs(const QStringList &dirs) { m_dirs = dirs; } + Q_INVOKABLE void setHostDomain(const QString &host) { m_url.setHost(host); } + Q_SIGNALS: // Emitted after a HTTP request has been successfully parsed. void newRequest(HttpReqRep *reqRep); |