Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cookie.sameSite does not defaults to None, if omitted while adding a cookie #7555

Closed
imajithkv opened this issue Oct 15, 2021 · 4 comments
Closed

cookie.sameSite does not defaults to None, if omitted while adding a cookie #7555

imajithkv opened this issue Oct 15, 2021 · 4 comments

Comments

@imajithkv
Copy link

[//]: # NOTE: This repository only maintains packages that are listed in the Readme. Please make sure that your issue is directly caused by one of these packages and if not file an issue in the correct 3rd party package repository.

Environment (please complete the following information):

  • WebdriverIO version: [e.g. 4.13.2] 6.0.12
  • Mode: [Standalone mode or WDIO Testrunner] WDIO Testrunner
  • If WDIO Testrunner, running sync/async: [e.g. sync/async] sync
  • Node.js version: [e.g. 8.11.2] v12.22.5
  • NPM version: [e.g. 5.8.0] 6.14.14
  • Browser name and version: [e.g. Chrome 68] chrome 94
  • Platform name and version: [e.g. Windows 10] Mac
  • Additional wdio packages used (if applicable): [e.g. @wdio/spec reporter, @wdio/selenium-standalone service]

Config of WebdriverIO
An example of how you configured WebdriverIO config
Use any boiler plate projects with webdriverio 6 eg: https://github.com/WarleyGabriel/demo-webdriverio-mocha

Describe the bug
While setting the cookie, the cookie.sameSite does not defaults to None, when it is ignored

To Reproduce
Steps to reproduce the behavior:
Use any boiler plate projects with webdriverio 6 eg: https://github.com/WarleyGabriel/demo-webdriverio-mocha

  1. Open a browser (chrome > 90) navigate to domain
  2. set a cookie by ignoring the sameSite value
  3. Inspect the cookie set in the browser window

[Include code or an example repository that can easily be set up]

Expected behavior
Cookie should get set in the browser with sameSite as 'None'

Log
If applicable, add logs to help explain your problem.
Create a gist which is a paste of your full Selenium/WebdriverIO logs, and link them here. Do not paste your full Appium logs here, as it will make this issue very long and hard to read! If you are reporting a bug, always include Selenium/WebdriverIO logs!

Additional context
https://github.com/webdriverio/webdriverio/blob/v6/packages/webdriver/webdriver.d.ts#L31
Based on the initial debugging, I do not see the option None as a type for SameSiteOptions.

Please use the correct markdown
@christian-bromann
Copy link
Member

Thanks for raising the issue.

Cookie should get set in the browser with sameSite as 'None'

As far as I know the sameSite option is omitted if not explicitly set. If you don't see it set it means it is set to None. Please reference the protocol text that states any differences between not setting the same site option vs setting it to None.

I will close this because WebdriverIO follows the WebDriver protocol and depends on how the browser driver is setting the cookie in the browser.

@imajithkv
Copy link
Author

Just to give a context, running this below code using the setup has allowed me to set the samesite value as None, which I am not able to do it in webdriverio.
Please refer the attached screenshot.

https://github.com/SeleniumHQ/selenium/releases/download/selenium-4.0.0/selenium-server-4.0.0.jar
https://chromedriver.storage.googleapis.com/index.html?path=94.0.4606.61/

System.setProperty("webdriver.chrome.driver", "/Users/ajithkv/workplace/SeleniumGrid/chromedriver");
        WebDriver driver = new ChromeDriver();
        driver.get("https://google.com");
        Cookie cookie = new Cookie.Builder("test-token", "")
                .domain("google.com").path("/")
                .isHttpOnly(true)
                .isSecure
![Screenshot 2021-10-22 at 1 17 56 AM](https://user-images.githubusercontent.com/8138708/138346943-4e07d0c8-e506-4fc9-9358-e586d13118a5.png)
(true)
                .sameSite("None").build();
        driver.manage().addCookie(cookie);

@christian-bromann
Copy link
Member

I am confused, the protocol says:

Whether the cookie applies to a SameSite policy. Defaults to None if omitted when adding a cookie. Can be set to either Lax or Strict.

But I see in the Selenium project that None as value is allowed. I however see tests where they check that an exception is thrown if "None" is set:

        [Test]
        public void ShouldThrowAnExceptionWhenSameSiteIsNoneButNotSecure()
        {
            Assert.That(() => new ReturnedCookie("name", "value", "", "/", DateTime.Now, false, true, "None"), Throws.InstanceOf<ArgumentException>());
        }

I seems that None is an option if secure is set to true.

@christian-bromann
Copy link
Member

Added a patch that allows to set None as option. Will be released in the next version.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@christian-bromann @imajithkv