From b1e279006116f1cc6609608fde238ae464074913 Mon Sep 17 00:00:00 2001
From: "trop[bot]" <37223003+trop[bot]@users.noreply.github.com>
Date: Tue, 21 Feb 2023 10:45:55 +0000
Subject: [PATCH] feat: add httpOnly cookies filter

Co-authored-by: Black-Hole1 <158blackhole@gmail.com>
---
 docs/api/cookies.md                       |  1 +
 shell/browser/api/electron_api_cookies.cc |  3 +++
 spec/api-net-spec.ts                      | 33 +++++++++++++++++++++++
 3 files changed, 37 insertions(+)

diff --git a/docs/api/cookies.md b/docs/api/cookies.md
index 99b02ded75e83..0c733266c9a55 100644
--- a/docs/api/cookies.md
+++ b/docs/api/cookies.md
@@ -78,6 +78,7 @@ The following methods are available on instances of `Cookies`:
   * `path` string (optional) - Retrieves cookies whose path matches `path`.
   * `secure` boolean (optional) - Filters cookies by their Secure property.
   * `session` boolean (optional) - Filters out session or persistent cookies.
+  * `httpOnly` boolean (optional) - Filters cookies by httpOnly.
 
 Returns `Promise<Cookie[]>` - A promise which resolves an array of cookie objects.
 
diff --git a/shell/browser/api/electron_api_cookies.cc b/shell/browser/api/electron_api_cookies.cc
index 50208a28ccd0c..8b2edc8fa5e7f 100644
--- a/shell/browser/api/electron_api_cookies.cc
+++ b/shell/browser/api/electron_api_cookies.cc
@@ -133,6 +133,9 @@ bool MatchesCookie(const base::Value::Dict& filter,
   absl::optional<bool> session_filter = filter.FindBool("session");
   if (session_filter && *session_filter == cookie.IsPersistent())
     return false;
+  absl::optional<bool> httpOnly_filter = filter.FindBool("httpOnly");
+  if (httpOnly_filter && *httpOnly_filter != cookie.IsHttpOnly())
+    return false;
   return true;
 }
 
diff --git a/spec/api-net-spec.ts b/spec/api-net-spec.ts
index fb09bd5f88e42..80750dbc14824 100644
--- a/spec/api-net-spec.ts
+++ b/spec/api-net-spec.ts
@@ -878,6 +878,39 @@ describe('net module', () => {
       expect(cookies[0].name).to.equal('cookie2');
     });
 
+    it('should be able correctly filter out cookies that are httpOnly', async () => {
+      const sess = session.fromPartition(`cookie-tests-${Math.random()}`);
+
+      await Promise.all([
+        sess.cookies.set({
+          url: 'https://electronjs.org',
+          domain: 'electronjs.org',
+          name: 'cookie1',
+          value: '1',
+          httpOnly: true
+        }),
+        sess.cookies.set({
+          url: 'https://electronjs.org',
+          domain: 'electronjs.org',
+          name: 'cookie2',
+          value: '2',
+          httpOnly: false
+        })
+      ]);
+
+      const httpOnlyCookies = await sess.cookies.get({
+        httpOnly: true
+      });
+      expect(httpOnlyCookies).to.have.lengthOf(1);
+      expect(httpOnlyCookies[0].name).to.equal('cookie1');
+
+      const cookies = await sess.cookies.get({
+        httpOnly: false
+      });
+      expect(cookies).to.have.lengthOf(1);
+      expect(cookies[0].name).to.equal('cookie2');
+    });
+
     describe('when {"credentials":"omit"}', () => {
       it('should not send cookies');
       it('should not store cookies');