CookieStore: Add validation behavior for __Host- prefixed cookies

This change adds the following checks for "__Host-" prefixed cookies: 1. Disallows overwriting with an explicit domain 2. Disallows non "/" path This behavior is mentioned in the spec here [1]. Creating a cookie that violates this will cause a crash without this change. [1] https://wicg.github.io/cookie-store/#prefixes Change-Id: I20968f11759019921aa7a6b37602878a17b091ff
web-platform-tests · Apr 16, 2020 · 87cb026 · 87cb026
1 parent 4428f41
commit 87cb026
Showing 1 changed file with 21 additions and 0 deletions.
diff --git a/cookie-store/cookieStore_special_names.tentative.https.any.js b/cookie-store/cookieStore_special_names.tentative.https.any.js
@@ -32,3 +32,24 @@
       `Deleting ${prefix} cookies should not fail in secure context`);
   }, `cookieStore.delete with ${prefix} name on secure origin`);
 });
+
+promise_test(async testCase => {
+  const currentUrl = new URL(self.location.href);
+  const currentDomain = currentUrl.hostname;
+  await promise_rejects_js(testCase, TypeError,
+      cookieStore.set('__Host-cookie-name', 'cookie-value', {
+        domain: currentDomain
+      }));
+}, 'cookieStore.set with __Host- prefix and a domain option');
+
+promise_test(async testCase => {
+  await cookieStore.set('__Host-cookie-name', 'cookie-value', { path: "/" });
+
+  assert_equals(
+      (await cookieStore.get(`__Host-cookie-name`)).value, "cookie-value");
+
+  await promise_rejects_js(testCase, TypeError,
+      cookieStore.set('__Host-cookie-name', 'cookie-value', {
+        path: "/path"
+      }));
+}, 'cookieStore.set with __Host- prefix a path option');