Add Schemeful Same-Site exclusion reasons for DevTools Issue Pane

Create new exclusion reasons to send to DevTools for Issue Pane messages. These new reasons will be added when the correct conditions cause a cookie to be blocked because of Schemeful Same-Site. The messages for these new reasons are in progress. Bug: 1054036 Change-Id: If23d4a01cad160b6c7b0b6b342c8982d172a672c Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2292686Reviewed-by: Mike West <mkwst@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Steven Bingler <bingler@chromium.org> Cr-Commit-Position: refs/heads/master@{#792696}

Add Schemeful Same-Site exclusion reasons for DevTools Issue Pane
Create new exclusion reasons to send to DevTools for Issue Pane messages. These new reasons will be added when the correct conditions cause a cookie to be blocked because of Schemeful Same-Site. The messages for these new reasons are in progress. Bug: 1054036 Change-Id: If23d4a01cad160b6c7b0b6b342c8982d172a672c Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2292686Reviewed-by: Mike West <mkwst@chromium.org> Reviewed-by: Sigurd Schneider <sigurds@chromium.org> Commit-Queue: Steven Bingler <bingler@chromium.org> Cr-Commit-Position: refs/heads/master@{#792696}
6dd37117 · Steven Bingler · Commit Bot · b0d2fbbf · 6dd37117 · 6dd37117
Commit 6dd37117 authored Jul 29, 2020 by Steven Bingler Committed by Commit Bot Jul 29, 2020
16 changed files
--- a/content/browser/devtools/devtools_instrumentation.cc
+++ b/content/browser/devtools/devtools_instrumentation.cc
@@ -740,6 +740,19 @@ std::unique_ptr<protocol::Array<protocol::String>> BuildExclusionReasons(
        protocol::Audits::SameSiteCookieExclusionReasonEnum::
            ExcludeSameSiteNoneInsecure);
  }
+  if (status.HasExclusionReason(
+          net::CookieInclusionStatus::EXCLUDE_SAMESITE_LAX)) {
+    exclusion_reasons->push_back(
+        protocol::Audits::SameSiteCookieExclusionReasonEnum::
+            ExcludeSameSiteLax);
+  }
+  if (status.HasExclusionReason(
+          net::CookieInclusionStatus::EXCLUDE_SAMESITE_STRICT)) {
+    exclusion_reasons->push_back(
+        protocol::Audits::SameSiteCookieExclusionReasonEnum::
+            ExcludeSameSiteStrict);
+  }
  return exclusion_reasons;
 }

--- a/third_party/blink/public/devtools_protocol/browser_protocol.pdl
+++ b/third_party/blink/public/devtools_protocol/browser_protocol.pdl
@@ -472,6 +472,8 @@ experimental domain Audits
    enum
      ExcludeSameSiteUnspecifiedTreatedAsLax
      ExcludeSameSiteNoneInsecure
+      ExcludeSameSiteLax
+      ExcludeSameSiteStrict
  type SameSiteCookieWarningReason extends string
    enum

--- a/third_party/blink/public/mojom/devtools/inspector_issue.mojom
+++ b/third_party/blink/public/mojom/devtools/inspector_issue.mojom
@@ -95,6 +95,8 @@ enum SameSiteCookieOperation {
 enum SameSiteCookieExclusionReason {
  kExcludeSameSiteUnspecifiedTreatedAsLax,
  kExcludeSameSiteNoneInsecure,
+  kExcludeSameSiteLax,
+  kExcludeSameSiteStrict,
 };
 enum SameSiteCookieWarningReason {

--- a/third_party/blink/renderer/core/inspector/inspector_audits_agent.cc
+++ b/third_party/blink/renderer/core/inspector/inspector_audits_agent.cc
@@ -206,6 +206,14 @@ protocol::String BuildCookieExclusionReason(
        kExcludeSameSiteNoneInsecure:
      return protocol::Audits::SameSiteCookieExclusionReasonEnum::
          ExcludeSameSiteNoneInsecure;
+    case blink::mojom::blink::SameSiteCookieExclusionReason::
+        kExcludeSameSiteLax:
+      return protocol::Audits::SameSiteCookieExclusionReasonEnum::
+          ExcludeSameSiteLax;
+    case blink::mojom::blink::SameSiteCookieExclusionReason::
+        kExcludeSameSiteStrict:
+      return protocol::Audits::SameSiteCookieExclusionReasonEnum::
+          ExcludeSameSiteStrict;
  }
 }

--- a/third_party/blink/web_tests/VirtualTestSuites
+++ b/third_party/blink/web_tests/VirtualTestSuites
@@ -225,6 +225,13 @@
    "args": ["--force-device-scale-factor=2",
             "--enable-use-zoom-for-dsf"]
  },
+  {
+    "prefix": "schemeful-same-site",
+    "bases": ["http/tests/inspector-protocol/network/same-site-issue-warn-cookie-strict-subresource-context-downgrade.js",
+              "http/tests/inspector-protocol/network/same-site-issue-warn-cookie-lax-subresource-context-downgrade.js",
+              "http/tests/inspector-protocol/network/same-site-issue-warn-cookie-navigation-context-downgrade.js"],
+    "args": ["--enable-features=SchemefulSameSite"]
+  },
  {
    "prefix": "layout_ng_block_frag",
    "bases": ["external/wpt/css/css-break",

--- a/third_party/blink/web_tests/http/tests/inspector-protocol/network/same-site-issue-warn-cookie-lax-subresource-context-downgrade-expected.txt
+++ b/third_party/blink/web_tests/http/tests/inspector-protocol/network/same-site-issue-warn-cookie-lax-subresource-context-downgrade-expected.txt
+Verifies that a subresource accessing a SameSite=Lax cookie across schemes triggers a context downgrade inspector issue.
+Inspector issue:{
+    issue : {
+        code : SameSiteCookieIssue
+        details : {
+            sameSiteCookieIssueDetails : {
+                cookie : {
+                    domain : cookie.test
+                    name : name
+                    path : /inspector-protocol/network/resources
+                }
+                cookieExclusionReasons : [
+                ]
+                cookieUrl : https://cookie.test:8443/inspector-protocol/network/resources/set-cookie.php?cookie=name%3Dvalue%3B%20SameSite%3DLax
+                cookieWarningReasons : [
+                    [0] : WarnSameSiteLaxCrossDowngradeLax
+                ]
+                operation : SetCookie
+                request : {
+                    requestId : <string>
+                    url : https://cookie.test:8443/inspector-protocol/network/resources/set-cookie.php?cookie=name%3Dvalue%3B%20SameSite%3DLax
+                }
+                siteForCookies : http://cookie.test/
+            }
+        }
+    }
+}
--- a/third_party/blink/web_tests/http/tests/inspector-protocol/network/same-site-issue-warn-cookie-lax-subresource-context-downgrade.js
+++ b/third_party/blink/web_tests/http/tests/inspector-protocol/network/same-site-issue-warn-cookie-lax-subresource-context-downgrade.js
+(async function(testRunner) {
+  const {page, session, dp} = await testRunner.startBlank(
+      `Verifies that a subresource accessing a SameSite=Lax cookie across schemes triggers a context downgrade inspector issue.\n`);
+  await dp.Network.enable();
+  await dp.Audits.enable();
+  await session.navigate('http://cookie.test:8000/inspector-protocol/resources/empty.html');
+  const setCookieUrl = 'https://cookie.test:8443/inspector-protocol/network/resources/set-cookie.php?cookie='
+      + encodeURIComponent('name=value; SameSite=Lax');
+  await session.evaluate(`fetch('${setCookieUrl}', {method: 'POST', credentials: 'include'})`);
+  const issue = await dp.Audits.onceIssueAdded();
+  testRunner.log(issue.params, 'Inspector issue:');
+  testRunner.completeTest();
+});
--- a/third_party/blink/web_tests/http/tests/inspector-protocol/network/same-site-issue-warn-cookie-navigation-context-downgrade-expected.txt
+++ b/third_party/blink/web_tests/http/tests/inspector-protocol/network/same-site-issue-warn-cookie-navigation-context-downgrade-expected.txt
+Verifies that accessing a SameSite=Strict cookie across schemes triggers a context downgrade inspector issue.
+Inspector issue:{
+    issue : {
+        code : SameSiteCookieIssue
+        details : {
+            sameSiteCookieIssueDetails : {
+                cookie : {
+                    domain : cookie.test
+                    name : name
+                    path : /inspector-protocol/network/resources
+                }
+                cookieExclusionReasons : [
+                ]
+                cookieUrl : https://cookie.test:8443/inspector-protocol/network/resources/hello-world.html
+                cookieWarningReasons : [
+                    [0] : WarnSameSiteStrictLaxDowngradeStrict
+                ]
+                operation : ReadCookie
+                request : {
+                    requestId : <string>
+                    url : https://cookie.test:8443/inspector-protocol/network/resources/hello-world.html
+                }
+                siteForCookies : https://cookie.test/
+            }
+        }
+    }
+}
--- a/third_party/blink/web_tests/http/tests/inspector-protocol/network/same-site-issue-warn-cookie-navigation-context-downgrade.js
+++ b/third_party/blink/web_tests/http/tests/inspector-protocol/network/same-site-issue-warn-cookie-navigation-context-downgrade.js
+(async function(testRunner) {
+  const {page, session, dp} = await testRunner.startBlank(
+      `Verifies that accessing a SameSite=Strict cookie across schemes triggers a context downgrade inspector issue.\n`);
+  await dp.Network.enable();
+  await dp.Audits.enable();
+  const helper = (await testRunner.loadScript('resources/extra-info-helper.js'))(dp, session);
+  const setCookieUrl = 'http://cookie.test:8000/inspector-protocol/network/resources/set-cookie.php?cookie='
+      + encodeURIComponent('name=value; SameSite=Strict');
+  const baseURL = 'inspector-protocol/network/resources/hello-world.html'
+  const insecureUrl = 'http://cookie.test:8000/' + baseURL;
+  const secureUrl = 'https://cookie.test:8443/' + baseURL;
+  // Set a SameSite=Strict cookie on the cookie.test domain
+  await session.navigate(setCookieUrl);
+  // Navigate first to an insecure site. Note: This isn't strictly necessary
+  // because the setCookieUrl is also insecure but this helps to illustrate the
+  // point as insecureUrl and secureUrl are the same URL except for the scheme.
+  await helper.navigateWithExtraInfo(insecureUrl);
+  const issuePromise = dp.Audits.onceIssueAdded();
+  // Now navigate to the secure site, this should trigger the issue.
+  await helper.jsNavigateWithExtraInfo(secureUrl);
+  const issue = await issuePromise;
+  testRunner.log(issue.params, 'Inspector issue:');
+  testRunner.completeTest();
+});
--- a/third_party/blink/web_tests/http/tests/inspector-protocol/network/same-site-issue-warn-cookie-context-downgrade-expected.txt
+++ b/third_party/blink/web_tests/http/tests/inspector-protocol/network/same-site-issue-warn-cookie-context-downgrade-expected.txt
-Verifies that accessing a cookie in a breaking schemeful context downgrading situation triggers an inspector issue.
+Verifies that a subresource accessing a SameSite=Strict cookie across schemes triggers a context downgrade inspector issue.
 Inspector issue:{
    issue : {

--- a/third_party/blink/web_tests/http/tests/inspector-protocol/network/same-site-issue-warn-cookie-context-downgrade.js
+++ b/third_party/blink/web_tests/http/tests/inspector-protocol/network/same-site-issue-warn-cookie-context-downgrade.js
 (async function(testRunner) {
  const {page, session, dp} = await testRunner.startBlank(
-      `Verifies that accessing a cookie in a breaking schemeful context downgrading situation triggers an inspector issue.\n`);
+      `Verifies that a subresource accessing a SameSite=Strict cookie across schemes triggers a context downgrade inspector issue.\n`);
  await dp.Network.enable();
  await dp.Audits.enable();

--- a/third_party/blink/web_tests/virtual/schemeful-same-site/http/README.md
+++ b/third_party/blink/web_tests/virtual/schemeful-same-site/http/README.md
+# virtual/schemeful-same-site
+This directory is for tests that need the Schemeful Same-Site feature enabled.
+Tests under `virtual/schemeful-same-site` are run with `--enable-features=SchemefulSameSite`
--- a/third_party/blink/web_tests/virtual/schemeful-same-site/http/tests/inspector-protocol/network/README.txt
+++ b/third_party/blink/web_tests/virtual/schemeful-same-site/http/tests/inspector-protocol/network/README.txt
+This suite runs inspector protocol networks tests with SchemefulSameSite enabled.
--- a/third_party/blink/web_tests/virtual/schemeful-same-site/http/tests/inspector-protocol/network/same-site-issue-warn-cookie-lax-subresource-context-downgrade-expected.txt
+++ b/third_party/blink/web_tests/virtual/schemeful-same-site/http/tests/inspector-protocol/network/same-site-issue-warn-cookie-lax-subresource-context-downgrade-expected.txt
+Verifies that a subresource accessing a SameSite=Lax cookie across schemes triggers a context downgrade inspector issue.
+Inspector issue:{
+    issue : {
+        code : SameSiteCookieIssue
+        details : {
+            sameSiteCookieIssueDetails : {
+                cookie : {
+                    domain : cookie.test
+                    name : name
+                    path : /inspector-protocol/network/resources
+                }
+                cookieExclusionReasons : [
+                    [0] : ExcludeSameSiteLax
+                ]
+                cookieUrl : https://cookie.test:8443/inspector-protocol/network/resources/set-cookie.php?cookie=name%3Dvalue%3B%20SameSite%3DLax
+                cookieWarningReasons : [
+                    [0] : WarnSameSiteLaxCrossDowngradeLax
+                ]
+                operation : SetCookie
+                request : {
+                    requestId : <string>
+                    url : https://cookie.test:8443/inspector-protocol/network/resources/set-cookie.php?cookie=name%3Dvalue%3B%20SameSite%3DLax
+                }
+                siteForCookies : http://cookie.test/
+            }
+        }
+    }
+}
--- a/third_party/blink/web_tests/virtual/schemeful-same-site/http/tests/inspector-protocol/network/same-site-issue-warn-cookie-navigation-context-downgrade-expected.txt
+++ b/third_party/blink/web_tests/virtual/schemeful-same-site/http/tests/inspector-protocol/network/same-site-issue-warn-cookie-navigation-context-downgrade-expected.txt
+Verifies that accessing a SameSite=Strict cookie across schemes triggers a context downgrade inspector issue.
+Inspector issue:{
+    issue : {
+        code : SameSiteCookieIssue
+        details : {
+            sameSiteCookieIssueDetails : {
+                cookie : {
+                    domain : cookie.test
+                    name : name
+                    path : /inspector-protocol/network/resources
+                }
+                cookieExclusionReasons : [
+                    [0] : ExcludeSameSiteStrict
+                ]
+                cookieUrl : https://cookie.test:8443/inspector-protocol/network/resources/hello-world.html
+                cookieWarningReasons : [
+                    [0] : WarnSameSiteStrictLaxDowngradeStrict
+                ]
+                operation : ReadCookie
+                request : {
+                    requestId : <string>
+                    url : https://cookie.test:8443/inspector-protocol/network/resources/hello-world.html
+                }
+                siteForCookies : https://cookie.test/
+            }
+        }
+    }
+}
--- a/third_party/blink/web_tests/virtual/schemeful-same-site/http/tests/inspector-protocol/network/same-site-issue-warn-cookie-strict-subresource-context-downgrade-expected.txt
+++ b/third_party/blink/web_tests/virtual/schemeful-same-site/http/tests/inspector-protocol/network/same-site-issue-warn-cookie-strict-subresource-context-downgrade-expected.txt
+Verifies that a subresource accessing a SameSite=Strict cookie across schemes triggers a context downgrade inspector issue.
+Inspector issue:{
+    issue : {
+        code : SameSiteCookieIssue
+        details : {
+            sameSiteCookieIssueDetails : {
+                cookie : {
+                    domain : cookie.test
+                    name : name
+                    path : /inspector-protocol/network/resources
+                }
+                cookieExclusionReasons : [
+                    [0] : ExcludeSameSiteStrict
+                ]
+                cookieUrl : https://cookie.test:8443/inspector-protocol/network/resources/set-cookie.php?cookie=name%3Dvalue%3B%20SameSite%3DStrict
+                cookieWarningReasons : [
+                    [0] : WarnSameSiteLaxCrossDowngradeStrict
+                ]
+                operation : SetCookie
+                request : {
+                    requestId : <string>
+                    url : https://cookie.test:8443/inspector-protocol/network/resources/set-cookie.php?cookie=name%3Dvalue%3B%20SameSite%3DStrict
+                }
+                siteForCookies : http://cookie.test/
+            }
+        }
+    }
+}