fix(fetch): support SameSite attribute (#17748)

Fixes https://github.com/microsoft/playwright/issues/17398
2024-12-13 17:14:02 +03:00 · 2022-09-30 15:01:59 -07:00 · 2022-09-30 15:01:59 -07:00 · 9b35a8071f
commit 9b35a8071f
parent 4a32010dbc
2 changed files with 52 additions and 1 deletions
--- a/packages/playwright-core/src/server/fetch.ts
+++ b/packages/playwright-core/src/server/fetch.ts
@ -566,7 +566,9 @@ function parseCookie(header: string): channels.NetworkCookie | null {
    expires: -1,
    httpOnly: false,
    secure: false,
-    sameSite: 'Lax' // None for non-chromium
+    // From https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite
+    // The cookie-sending behavior if SameSite is not specified is SameSite=Lax.
+    sameSite: 'Lax'
  };
  for (let i = 1; i < pairs.length; i++) {
    const [name, value] = pairs[i];
@ -595,6 +597,19 @@ function parseCookie(header: string): channels.NetworkCookie | null {
      case 'httponly':
        cookie.httpOnly = true;
        break;
+      case 'samesite':
+        switch (value.toLowerCase()) {
+          case 'none':
+            cookie.sameSite = 'None';
+            break;
+          case 'lax':
+            cookie.sameSite = 'Lax';
+            break;
+          case 'strict':
+            cookie.sameSite = 'Strict';
+            break;
+        }
+        break;
    }
  }
  return cookie;
--- a/tests/library/browsercontext-fetch.spec.ts
+++ b/tests/library/browsercontext-fetch.spec.ts
@ -1026,3 +1026,39 @@ it('should work with connectOverCDP', async ({ browserName, browserType, server
    await browserServer.close();
  }
 });
+
+it('should support SameSite cookie attribute over https', async ({ contextFactory, httpsServer }) => {
+  // Cookies with SameSite=None must also specify the Secure attribute. WebKit navigation
+  // to HTTP url will fail if the response contains a cookie with Secure attribute, so
+  // we do HTTPS navigation.
+  const context = await contextFactory({ ignoreHTTPSErrors: true });
+  const page = await context.newPage();
+  for (const value of ['None', 'Lax', 'Strict']) {
+    await it.step(`SameSite=${value}`, async () => {
+      httpsServer.setRoute('/empty.html', (req, res) => {
+        res.setHeader('Set-Cookie', `SID=2022; Path=/; Secure; SameSite=${value}`);
+        res.end();
+      });
+      await page.request.get(httpsServer.EMPTY_PAGE);
+      const [cookie] = await page.context().cookies();
+      expect(cookie.sameSite).toBe(value);
+    });
+  }
+});
+
+it('should support set-cookie with SameSite and without Secure attribute over HTTP', async ({ page, server, browserName }) => {
+  for (const value of ['None', 'Lax', 'Strict']) {
+    await it.step(`SameSite=${value}`, async () => {
+      server.setRoute('/empty.html', (req, res) => {
+        res.setHeader('Set-Cookie', `SID=2022; Path=/; SameSite=${value}`);
+        res.end();
+      });
+      await page.request.get(server.EMPTY_PAGE);
+      const [cookie] = await page.context().cookies();
+      if (browserName === 'chromium' && value === 'None')
+        expect(cookie).toBeFalsy();
+      else
+        expect(cookie.sameSite).toBe(value);
+    });
+  }
+});