Properly handle a '/' in the cookie's path when setting a cookie with…

… the Cookie Store API https://bugs.webkit.org/show_bug.cgi?id=259505 Reviewed by Chris Dumez and Alex Christensen. The spec (https://wicg.github.io/cookie-store/#set-cookie-algorithm) dictates that in the set function, if the path is not null, then if the path does not begin with a '/', the promise should be rejected with a TypeError. If the path does begin with a '/', but does not end with a '/', then a '/' should be added, and then the rest of the * LayoutTests/imported/w3c/web-platform-tests/cookie-store/cookieStore_delete_arguments.https.any-expected.txt: * LayoutTests/imported/w3c/web-platform-tests/cookie-store/cookieStore_set_arguments.https.any-expected.txt: * Source/WebCore/Modules/cookie-store/CookieStore.cpp: (WebCore::CookieStore::set): Canonical link: https://commits.webkit.org/266317@main
WebKit · Jul 26, 2023 · d52eb02 · d52eb02
1 parent 5d9f4aa
commit d52eb02
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 13 deletions.
diff --git a/...d/w3c/web-platform-tests/cookie-store/cookieStore_delete_arguments.https.any-expected.txt b/...d/w3c/web-platform-tests/cookie-store/cookieStore_delete_arguments.https.any-expected.txt
@@ -9,7 +9,7 @@ FAIL cookieStore.delete with domain set to a non-domain-matching suffix of the c
 FAIL cookieStore.delete with path set to the current directory assert_equals: expected null but got object "[object Object]"
 PASS cookieStore.delete with path set to subdirectory of the current directory
 FAIL cookieStore.delete with missing / at the end of path assert_equals: expected null but got object "[object Object]"
-FAIL cookieStore.delete with path that does not start with / assert_unreached: Should have rejected: undefined Reached unreachable code
+PASS cookieStore.delete with path that does not start with /
 FAIL cookieStore.delete with get result assert_equals: expected null but got object "[object Object]"
 FAIL cookieStore.delete with positional empty name promise_test: Unhandled rejection with value: object "TypeError: Type error"
 FAIL cookieStore.delete with empty name in options promise_test: Unhandled rejection with value: object "TypeError: Type error"

diff --git a/...rted/w3c/web-platform-tests/cookie-store/cookieStore_set_arguments.https.any-expected.txt b/...rted/w3c/web-platform-tests/cookie-store/cookieStore_set_arguments.https.any-expected.txt
@@ -16,7 +16,7 @@ FAIL cookieStore.set default domain is null and differs from current hostname as
 PASS cookieStore.set with path set to the current directory
 FAIL cookieStore.set with path set to a subdirectory of the current directory assert_equals: expected null but got object "[object Object]"
 FAIL cookieStore.set default path is / assert_equals: expected 1 but got 2
-FAIL cookieStore.set adds / to path that does not end with / assert_equals: expected "/cookie-store/" but got "/cookie-store"
-FAIL cookieStore.set with path that does not start with / assert_unreached: Should have rejected: undefined Reached unreachable code
+PASS cookieStore.set adds / to path that does not end with /
+PASS cookieStore.set with path that does not start with /
 FAIL cookieStore.set with get result assert_equals: expected "old-cookie-value" but got "cookie-value"
 
diff --git a/Source/WebCore/Modules/cookie-store/CookieStore.cpp b/Source/WebCore/Modules/cookie-store/CookieStore.cpp
@@ -208,22 +208,22 @@ void CookieStore::set(CookieInit&& options, Ref<DeferredPromise>&& promise)
         return;
     }
 
-    auto& url = document.url();
-    auto& cookieJar = page->cookieJar();
-    auto completionHandler = [promise = WTFMove(promise)] (bool setSuccessfully) {
-        if (!setSuccessfully)
-            promise->reject(TypeError);
-        else
-            promise->resolve();
-    };
-
     Cookie cookie;
     cookie.name = WTFMove(options.name);
     cookie.value = WTFMove(options.value);
     cookie.domain = options.domain.isNull() ? document.domain() : WTFMove(options.domain);
-    cookie.path = WTFMove(options.path);
     cookie.created = WallTime::now().secondsSinceEpoch().milliseconds();
 
+    cookie.path = WTFMove(options.path);
+    if (!cookie.path.isNull()) {
+        if (!cookie.path.startsWith('/')) {
+            promise->reject(Exception { TypeError, "The path must begin with a '/'"_s });
+            return;
+        }
+        if (!cookie.path.endsWith('/'))
+            cookie.path = cookie.path + '/';
+    }
+
     if (options.expires)
         cookie.expires = *options.expires;
 
@@ -239,6 +239,15 @@ void CookieStore::set(CookieInit&& options, Ref<DeferredPromise>&& promise)
         break;
     }
 
+    auto& url = document.url();
+    auto& cookieJar = page->cookieJar();
+    auto completionHandler = [promise = WTFMove(promise)] (bool setSuccessfully) {
+        if (!setSuccessfully)
+            promise->reject(TypeError);
+        else
+            promise->resolve();
+    };
+
     cookieJar.setCookieAsync(document, url, cookie, WTFMove(completionHandler));
 }