1 /* Any copyright is dedicated to the Public Domain.
2 http://creativecommons.org/publicdomain/zero/1.0/ */
7 var cm = Services.cookies;
8 var expiry = (Date.now() + 1000) * 1000;
13 Services.prefs.setIntPref("network.cookie.cookieBehavior", 0);
14 Services.prefs.setBoolPref("dom.security.https_first", false);
16 // test that variants of 'baz.com' get normalized appropriately, but that
17 // malformed hosts are rejected
28 Ci.nsICookie.SAMESITE_NONE,
29 Ci.nsICookie.SCHEME_HTTPS
31 Assert.equal(cm.countCookiesFromHost("baz.com"), 1);
32 Assert.equal(cm.countCookiesFromHost("BAZ.com"), 1);
33 Assert.equal(cm.countCookiesFromHost(".baz.com"), 1);
34 Assert.equal(cm.countCookiesFromHost("baz.com."), 0);
35 Assert.equal(cm.countCookiesFromHost(".baz.com."), 0);
36 do_check_throws(function () {
37 cm.countCookiesFromHost("baz.com..");
38 }, Cr.NS_ERROR_ILLEGAL_VALUE);
39 do_check_throws(function () {
40 cm.countCookiesFromHost("baz..com");
41 }, Cr.NS_ERROR_ILLEGAL_VALUE);
42 do_check_throws(function () {
43 cm.countCookiesFromHost("..baz.com");
44 }, Cr.NS_ERROR_ILLEGAL_VALUE);
45 cm.remove("BAZ.com.", "foo", "/", {});
46 Assert.equal(cm.countCookiesFromHost("baz.com"), 1);
47 cm.remove("baz.com", "foo", "/", {});
48 Assert.equal(cm.countCookiesFromHost("baz.com"), 0);
50 // Test that 'baz.com' and 'baz.com.' are treated differently
61 Ci.nsICookie.SAMESITE_NONE,
62 Ci.nsICookie.SCHEME_HTTPS
64 Assert.equal(cm.countCookiesFromHost("baz.com"), 0);
65 Assert.equal(cm.countCookiesFromHost("BAZ.com"), 0);
66 Assert.equal(cm.countCookiesFromHost(".baz.com"), 0);
67 Assert.equal(cm.countCookiesFromHost("baz.com."), 1);
68 Assert.equal(cm.countCookiesFromHost(".baz.com."), 1);
69 cm.remove("baz.com", "foo", "/", {});
70 Assert.equal(cm.countCookiesFromHost("baz.com."), 1);
71 cm.remove("baz.com.", "foo", "/", {});
72 Assert.equal(cm.countCookiesFromHost("baz.com."), 0);
74 // test that domain cookies are illegal for IP addresses, aliases such as
75 // 'localhost', and eTLD's such as 'co.uk'
86 Ci.nsICookie.SAMESITE_NONE,
87 Ci.nsICookie.SCHEME_HTTPS
89 Assert.equal(cm.countCookiesFromHost("192.168.0.1"), 1);
90 Assert.equal(cm.countCookiesFromHost("192.168.0.1."), 0);
91 do_check_throws(function () {
92 cm.countCookiesFromHost(".192.168.0.1");
93 }, Cr.NS_ERROR_ILLEGAL_VALUE);
94 do_check_throws(function () {
95 cm.countCookiesFromHost(".192.168.0.1.");
96 }, Cr.NS_ERROR_ILLEGAL_VALUE);
108 Ci.nsICookie.SAMESITE_NONE,
109 Ci.nsICookie.SCHEME_HTTPS
111 Assert.equal(cm.countCookiesFromHost("localhost"), 1);
112 Assert.equal(cm.countCookiesFromHost("localhost."), 0);
113 do_check_throws(function () {
114 cm.countCookiesFromHost(".localhost");
115 }, Cr.NS_ERROR_ILLEGAL_VALUE);
116 do_check_throws(function () {
117 cm.countCookiesFromHost(".localhost.");
118 }, Cr.NS_ERROR_ILLEGAL_VALUE);
130 Ci.nsICookie.SAMESITE_NONE,
131 Ci.nsICookie.SCHEME_HTTPS
133 Assert.equal(cm.countCookiesFromHost("co.uk"), 1);
134 Assert.equal(cm.countCookiesFromHost("co.uk."), 0);
135 do_check_throws(function () {
136 cm.countCookiesFromHost(".co.uk");
137 }, Cr.NS_ERROR_ILLEGAL_VALUE);
138 do_check_throws(function () {
139 cm.countCookiesFromHost(".co.uk.");
140 }, Cr.NS_ERROR_ILLEGAL_VALUE);
144 CookieXPCShellUtils.createServer({
145 hosts: ["baz.com", "192.168.0.1", "localhost", "co.uk", "foo.com"],
148 var uri = NetUtil.newURI("http://baz.com/");
149 Services.scriptSecurityManager.createContentPrincipal(uri, {});
151 Assert.equal(uri.asciiHost, "baz.com");
153 await CookieXPCShellUtils.setCookieToDocument(uri.spec, "foo=bar");
154 const docCookies = await CookieXPCShellUtils.getCookieStringFromDocument(
157 Assert.equal(docCookies, "foo=bar");
159 Assert.equal(cm.countCookiesFromHost(""), 0);
160 do_check_throws(function () {
161 cm.countCookiesFromHost(".");
162 }, Cr.NS_ERROR_ILLEGAL_VALUE);
163 do_check_throws(function () {
164 cm.countCookiesFromHost("..");
165 }, Cr.NS_ERROR_ILLEGAL_VALUE);
167 var cookies = cm.getCookiesFromHost("", {});
168 Assert.ok(!cookies.length);
169 do_check_throws(function () {
170 cm.getCookiesFromHost(".", {});
171 }, Cr.NS_ERROR_ILLEGAL_VALUE);
172 do_check_throws(function () {
173 cm.getCookiesFromHost("..", {});
174 }, Cr.NS_ERROR_ILLEGAL_VALUE);
176 cookies = cm.getCookiesFromHost("baz.com", {});
177 Assert.equal(cookies.length, 1);
178 Assert.equal(cookies[0].name, "foo");
179 cookies = cm.getCookiesFromHost("", {});
180 Assert.ok(!cookies.length);
181 do_check_throws(function () {
182 cm.getCookiesFromHost(".", {});
183 }, Cr.NS_ERROR_ILLEGAL_VALUE);
184 do_check_throws(function () {
185 cm.getCookiesFromHost("..", {});
186 }, Cr.NS_ERROR_ILLEGAL_VALUE);
190 // test that an empty host to add() or remove() works,
191 // but a host of '.' doesn't
202 Ci.nsICookie.SAMESITE_NONE,
203 Ci.nsICookie.SCHEME_HTTPS
205 Assert.equal(getCookieCount(), 1);
206 do_check_throws(function () {
217 Ci.nsICookie.SAMESITE_NONE,
218 Ci.nsICookie.SCHEME_HTTPS
220 }, Cr.NS_ERROR_ILLEGAL_VALUE);
221 Assert.equal(getCookieCount(), 1);
223 cm.remove("", "foo2", "/", {});
224 Assert.equal(getCookieCount(), 0);
225 do_check_throws(function () {
226 cm.remove(".", "foo3", "/", {});
227 }, Cr.NS_ERROR_ILLEGAL_VALUE);
229 // test that the 'domain' attribute accepts a leading dot for IP addresses,
230 // aliases such as 'localhost', and eTLD's such as 'co.uk'; but that the
231 // resulting cookie is for the exact host only.
232 await testDomainCookie("http://192.168.0.1/", "192.168.0.1");
233 await testDomainCookie("http://localhost/", "localhost");
234 await testDomainCookie("http://co.uk/", "co.uk");
236 // Test that trailing dots are treated differently for purposes of the
237 // 'domain' attribute when using setCookieStringFromDocument.
238 await testTrailingDotCookie("http://localhost/", "localhost");
239 await testTrailingDotCookie("http://foo.com/", "foo.com");
244 function getCookieCount() {
245 var cm = Services.cookies;
246 return cm.cookies.length;
249 async function testDomainCookie(uriString, domain) {
250 var cm = Services.cookies;
254 await CookieXPCShellUtils.setCookieToDocument(
256 "foo=bar; domain=" + domain
259 var cookies = cm.getCookiesFromHost(domain, {});
260 Assert.ok(cookies.length);
261 Assert.equal(cookies[0].host, domain);
264 await CookieXPCShellUtils.setCookieToDocument(
266 "foo=bar; domain=." + domain
269 cookies = cm.getCookiesFromHost(domain, {});
270 Assert.ok(cookies.length);
271 Assert.equal(cookies[0].host, domain);
275 async function testTrailingDotCookie(uriString, domain) {
276 var cm = Services.cookies;
280 await CookieXPCShellUtils.setCookieToDocument(
282 "foo=bar; domain=" + domain + "/"
285 Assert.equal(cm.countCookiesFromHost(domain), 0);
286 Assert.equal(cm.countCookiesFromHost(domain + "."), 0);
288 Services.prefs.clearUserPref("dom.security.https_first");