From aeb9efc09906da4c32ec2eaccfb9dfd44f1b4c10 Mon Sep 17 00:00:00 2001
From: "ananta@chromium.org"
 <ananta@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Fri, 8 Jan 2010 05:55:50 +0000
Subject: Attempt 2 at landing this.

Deleting cookies by setting the expires attribute on them with an empty value would not work in ChromeFrame
with the host network stack enabled. When we receive a response in the host browser (IE) we send over the
response headers which include the Set-Cookie header and a list of cookies retreived via the InternetGetCookie
API. We call this API to retrieve the persistent cookies and send them over to Chrome.

However this API returns session cookies as well as persistent cookies. There is no documented way to return
only persistent cookies from IE. As a result we would end up setting duplicate cookies in Chrome, which caused
this issu.e. To workaround this issue when we receive the response in the url request automation job which
handles ChromeFrame network requests, we strip out duplicate cookies sent via InternetGetCookie.

When a script deletes a cookie we now handle it correctly in IE and set the data to an empty string. However
this does not delete the cookie. When such cookies show up in Chrome, we strip them out as well.

Fixes bug http://code.google.com/p/chromium/issues/detail?id=30786

The changes to chrome_frame_npapi.cc/.h are to move the NPAPI functions to the chrome_frame namespace as they
conflict with similar functions in NACL.

Added the DeleteCookie function to the CookieStore interface, which I think missed out by oversight.

Bug=30786
Test=Covered by ChromeFrame unit tests. I also added a unit test to test the newly added
    URLRequestAutomationJob::IsCookiePresentInCookieHeader function

TBR=amit

Review URL: http://codereview.chromium.org/521072

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@35778 0039d316-1c4b-4281-b951-d872f2087c98
---
 chrome_frame/test/chrome_frame_unittests.cc        | 21 ++++++++--
 .../test/data/fulltab_delete_cookie_test.html      | 47 ++++++++++++++++++++++
 ...lltab_delete_cookie_test.html.mock-http-headers |  3 ++
 chrome_frame/test/html_util_unittests.cc           | 24 +++++++++++
 4 files changed, 92 insertions(+), 3 deletions(-)
 create mode 100644 chrome_frame/test/data/fulltab_delete_cookie_test.html
 create mode 100644 chrome_frame/test/data/fulltab_delete_cookie_test.html.mock-http-headers

(limited to 'chrome_frame/test')

diff --git a/chrome_frame/test/chrome_frame_unittests.cc b/chrome_frame/test/chrome_frame_unittests.cc
index bfd863b..9497162 100644
--- a/chrome_frame/test/chrome_frame_unittests.cc
+++ b/chrome_frame/test/chrome_frame_unittests.cc
@@ -1745,9 +1745,8 @@ TEST_F(ChromeFrameTestWithWebServer,
        FullTabModeIE_ChromeFrameXHRAuthHeaderTest) {
   chrome_frame_test::TimedMsgLoop loop;
 
-  ASSERT_TRUE(
-      LaunchBrowser(IE,
-                    kChromeFrameFullTabModeXMLHttpRequestAuthHeaderTestUrl));
+  ASSERT_TRUE(LaunchBrowser(
+                  IE, kChromeFrameFullTabModeXMLHttpRequestAuthHeaderTestUrl));
 
   loop.RunFor(kChromeFrameLongNavigationTimeoutInSeconds);
 
@@ -1755,3 +1754,19 @@ TEST_F(ChromeFrameTestWithWebServer,
   ASSERT_TRUE(
       CheckResultFile(L"FullTab_XMLHttpRequestAuthorizationHeaderTest", "OK"));
 }
+
+const wchar_t kChromeFrameFullTabModeDeleteCookieTest[] =
+    L"files/fulltab_delete_cookie_test.html";
+
+TEST_F(ChromeFrameTestWithWebServer,
+       FullTabModeIE_ChromeFrameDeleteCookieTest) {
+  chrome_frame_test::TimedMsgLoop loop;
+
+  ASSERT_TRUE(LaunchBrowser(IE, kChromeFrameFullTabModeDeleteCookieTest));
+
+  loop.RunFor(kChromeFrameLongNavigationTimeoutInSeconds);
+
+  chrome_frame_test::CloseAllIEWindows();
+  ASSERT_TRUE(CheckResultFile(L"FullTab_DeleteCookieTest", "OK"));
+}
+
diff --git a/chrome_frame/test/data/fulltab_delete_cookie_test.html b/chrome_frame/test/data/fulltab_delete_cookie_test.html
new file mode 100644
index 0000000..62c5df0
--- /dev/null
+++ b/chrome_frame/test/data/fulltab_delete_cookie_test.html
@@ -0,0 +1,47 @@
+<html>
+  <head>
+    <meta http-equiv="x-ua-compatible" content="chrome=1" />
+    <title>FullTab mode cookie deletion test</title>
+  </head>
+
+  <script type="text/javascript"
+  src="chrome_frame_tester_helpers.js"></script>
+
+  <script type="text/javascript">
+    function onLoad() {
+      if (!isRunningInChrome()) {
+        onFailure("FullTab_DeleteCookieTest", 1, "Not running in Chrome");
+        return;
+      }
+
+      // The path of the cookie in this test is set to "/." As a result it
+      // is set twice, once for the original URL and once for the
+      // chrome_frame_tester_helpers.js script. We attempt to delete
+      // the cookie twice and validate that the end result is null.
+      // First validate that the document cookie contains the substring
+      // CF_FullTabDeleteCookie=1; CF_FullTabDeleteCookie=1
+      // Then erase the first cookie and validate that it no longer contains
+      // this string.
+      var cookie_found =
+          /CF_FullTabDeleteCookie=1; CF_FullTabDeleteCookie=1/.test(
+              document.cookie);
+      if (cookie_found) {
+        eraseCookie("CF_FullTabDeleteCookie");
+        cookie_found =
+          /CF_FullTabDeleteCookie=1; CF_FullTabDeleteCookie=1/.test(
+              document.cookie);
+        if (!cookie_found) {
+          onSuccess("FullTab_DeleteCookieTest", 1);
+        } else {
+          onFailure("FullTab_DeleteCookieTest", 1, "Delete cookie failed");
+        }
+      } else {
+        onFailure("FullTab_DeleteCookieTest", 1, "Expected cookies not set");
+      }
+    }
+  </script>
+
+  <body onload="onLoad();">
+    This tests whether cookies get deleted correctly in full tab mode
+  </body>
+</html>
diff --git a/chrome_frame/test/data/fulltab_delete_cookie_test.html.mock-http-headers b/chrome_frame/test/data/fulltab_delete_cookie_test.html.mock-http-headers
new file mode 100644
index 0000000..53edac0
--- /dev/null
+++ b/chrome_frame/test/data/fulltab_delete_cookie_test.html.mock-http-headers
@@ -0,0 +1,3 @@
+HTTP/1.0 200 OK
+Content-type: text/html
+Set-Cookie: CF_FullTabDeleteCookie=1;path=/
diff --git a/chrome_frame/test/html_util_unittests.cc b/chrome_frame/test/html_util_unittests.cc
index 969e680..7884638 100644
--- a/chrome_frame/test/html_util_unittests.cc
+++ b/chrome_frame/test/html_util_unittests.cc
@@ -5,6 +5,8 @@
 #include <windows.h>
 #include <atlsecurity.h>
 #include <shellapi.h>
+#include <string>
+#include <vector>
 
 #include "base/basictypes.h"
 #include "base/file_util.h"
@@ -22,6 +24,7 @@
 #include "chrome_frame/chrome_frame_delegate.h"
 #include "chrome_frame/html_utils.h"
 #include "testing/gtest/include/gtest/gtest.h"
+#include "chrome/browser/automation/url_request_automation_job.h"
 
 const char kChromeFrameUserAgent[] = "chromeframe";
 
@@ -360,4 +363,25 @@ TEST(HttpUtils, HasFrameBustingHeader) {
     "X-Frame-Options: ALLOWall\r\n"));
 }
 
+TEST(HttpCookieTest, IdentifyDuplicateCookieTest) {
+  std::vector<std::string> header_cookies;
+  header_cookies.push_back("BLAHHH; Path=/;");
+
+  EXPECT_FALSE(URLRequestAutomationJob::IsCookiePresentInCookieHeader(
+                  "BLAHHH=1", header_cookies));
+
+  header_cookies.clear();
+
+  header_cookies.push_back("BLAHHH=1; Path=/;");
+
+  EXPECT_TRUE(URLRequestAutomationJob::IsCookiePresentInCookieHeader(
+                  "BLAHHH=1", header_cookies));
+
+  header_cookies.clear();
+
+  header_cookies.push_back("BLAH=1; Path=/blah;");
+
+  EXPECT_FALSE(URLRequestAutomationJob::IsCookiePresentInCookieHeader(
+                  "BLAH", header_cookies));
+}
 
-- 
cgit v1.1