Support sameSite attribute when constructing a cookie

Cookie toString() includes sameSite attribute if set

Author: rbri

src/changes/changes.xml

@@ -9,6 +9,12 @@
     <body>
         <release version="2.67.0" date="xxxx, 2022" description="Chrome/Edge 107, Firefox 107, Bugfixes">
             <action type="update" dev="rbri">
+                Support sameSite attribute when constructing a cookie.
+            </action>
+            <action type="update" dev="rbri">
+                Cookie toString() includes sameSite attribute if set.
+            </action>
+            <action type="fix" dev="rbri">
                 Treat localhost as secure origin when processing cookies.
             </action>
             <action type="update" dev="rbri">

src/main/java/com/gargoylesoftware/htmlunit/util/Cookie.java

@@ -60,7 +60,7 @@ public Cookie(final String domain, final String name, final String value) {
      */
     public Cookie(final String domain, final String name, final String value, final String path, final Date expires,
         final boolean secure) {
-        this(domain, name, value, path, expires, secure, false);
+        this(domain, name, value, path, expires, secure, false, null);
     }
 
     /**
@@ -76,6 +76,23 @@ public Cookie(final String domain, final String name, final String value, final
      */
     public Cookie(final String domain, final String name, final String value, final String path, final Date expires,
         final boolean secure, final boolean httpOnly) {
+        this(domain, name, value, path, expires, secure, httpOnly, null);
+    }
+
+    /**
+     * Creates a new cookie with the specified name and value which applies to the specified domain,
+     * the specified path, and expires on the specified date.
+     * @param domain the domain to which this cookie applies
+     * @param name the cookie name
+     * @param value the cookie name
+     * @param path the path to which this cookie applies
+     * @param expires the date on which this cookie expires
+     * @param secure whether or not this cookie is secure (i.e. HTTPS vs HTTP)
+     * @param httpOnly whether or not this cookie should be only used for HTTP(S) headers
+     * @param sameSite the sameSite attribute
+     */
+    public Cookie(final String domain, final String name, final String value, final String path, final Date expires,
+        final boolean secure, final boolean httpOnly, final String sameSite) {
         if (domain == null) {
             throw new IllegalArgumentException("Cookie domain must be specified");
         }
@@ -87,12 +104,18 @@ public Cookie(final String domain, final String name, final String value, final
         cookie.setAttribute(ClientCookie.DOMAIN_ATTR, domain);
 
         cookie.setPath(path);
-        cookie.setExpiryDate(expires);
+        if (expires != null) {
+            cookie.setExpiryDate(expires);
+        }
         cookie.setSecure(secure);
         if (httpOnly) {
             cookie.setAttribute("httponly", "true");
         }
 
+        if (sameSite != null) {
+            cookie.setAttribute("samesite", sameSite);
+        }
+
         httpClientCookie_ = cookie;
     }
 
@@ -117,20 +140,19 @@ public Cookie(final ClientCookie clientCookie) {
      */
     public Cookie(final String domain, final String name, final String value, final String path, final int maxAge,
         final boolean secure) {
+        this(domain, name, value, path, convertToExpiryDate(maxAge), secure);
+    }
 
-        final BasicClientCookie cookie = new BasicClientCookie(name, value == null ? "" : value);
-        cookie.setDomain(domain);
-        cookie.setPath(path);
-        cookie.setSecure(secure);
-
+    private static Date convertToExpiryDate(final int maxAge) {
         if (maxAge < -1) {
             throw new IllegalArgumentException("invalid max age:  " + maxAge);
         }
+
         if (maxAge >= 0) {
-            cookie.setExpiryDate(new Date(System.currentTimeMillis() + (maxAge * 1000L)));
+            return new Date(System.currentTimeMillis() + (maxAge * 1000L));
         }
 
-        httpClientCookie_ = cookie;
+        return null;
     }
 
     /**
@@ -207,7 +229,8 @@ public String toString() {
             + (getPath() == null ? "" : ";path=" + getPath())
             + (getExpires() == null ? "" : ";expires=" + getExpires())
             + (isSecure() ? ";secure" : "")
-            + (isHttpOnly() ? ";httpOnly" : "");
+            + (isHttpOnly() ? ";httpOnly" : "")
+            + (getSameSite() == null ? "" : ";sameSite=" + getSameSite());
     }
 
     /**

src/test/java/com/gargoylesoftware/htmlunit/CookieManager2Test.java

@@ -91,7 +91,7 @@ public void resettingCookie() throws Exception {
      * @throws Exception if the test fails
      */
     @Test
-    @Alerts("my_key=")
+    @Alerts("my_key=§")
     public void cookie_nullValue() throws Exception {
         final WebClient webClient = getWebClient();
         final MockWebConnection webConnection = new MockWebConnection();
@@ -106,15 +106,15 @@ public void cookie_nullValue() throws Exception {
         final List<String> collectedAlerts = new ArrayList<>();
         webClient.setAlertHandler(new CollectingAlertHandler(collectedAlerts));
 
-        webClient.getPage(URL_FIRST);
-        assertEquals(getExpectedAlerts(), collectedAlerts);
+        final HtmlPage page = webClient.getPage(URL_FIRST);
+        assertEquals(getExpectedAlerts()[0], page.getTitleText());
     }
 
     /**
      * @throws Exception if the test fails
      */
     @Test
-    @Alerts("my_name=my_data")
+    @Alerts("my_name=my_data§")
     public void cookie_maxAgeMinusOne() throws Exception {
         final WebClient webClient = getWebClient();
         final MockWebConnection webConnection = new MockWebConnection();
@@ -126,11 +126,8 @@ public void cookie_maxAgeMinusOne() throws Exception {
         final CookieManager mgr = webClient.getCookieManager();
         mgr.addCookie(new Cookie(URL_FIRST.getHost(), "my_name", "my_data", "/", -1, false));
 
-        final List<String> collectedAlerts = new ArrayList<>();
-        webClient.setAlertHandler(new CollectingAlertHandler(collectedAlerts));
-
-        webClient.getPage(URL_FIRST);
-        assertEquals(getExpectedAlerts(), collectedAlerts);
+        final HtmlPage page = webClient.getPage(URL_FIRST);
+        assertEquals(getExpectedAlerts()[0], page.getTitleText());
     }
 
     /**

src/test/java/com/gargoylesoftware/htmlunit/CookieManager4Test.java

@@ -146,7 +146,8 @@ public void domain() throws Exception {
                 MimeType.TEXT_HTML, responseHeader);
 
         final URL firstUrl = new URL(URL_HOST1);
-        loadPageWithAlerts2(firstUrl);
+        loadPage2(firstUrl, StandardCharsets.ISO_8859_1);
+        verifyTitle2(getWebDriver(), getExpectedAlerts());
     }
 
     /**
@@ -188,7 +189,7 @@ public void storedDomain1() throws Exception {
                 MimeType.TEXT_HTML, responseHeader);
 
         final WebDriver driver = loadPage2(new URL(URL_HOST1), StandardCharsets.ISO_8859_1);
-        verifyAlerts(driver, getExpectedAlerts()[0]);
+        verifyTitle2(driver, getExpectedAlerts()[0]);
 
         assertEquals(getExpectedAlerts()[1], driver.manage().getCookieNamed("c1").toString());
         assertEquals(getExpectedAlerts()[2], driver.manage().getCookieNamed("c2").toString());
@@ -227,7 +228,7 @@ public void storedDomain2() throws Exception {
                 MimeType.TEXT_HTML, responseHeader);
 
         final WebDriver driver = loadPage2(new URL(URL_HOST2), StandardCharsets.ISO_8859_1);
-        verifyAlerts(driver, getExpectedAlerts()[0]);
+        verifyTitle2(driver, getExpectedAlerts()[0]);
 
         assertEquals(getExpectedAlerts()[1], driver.manage().getCookieNamed("c1").toString());
         assertEquals(getExpectedAlerts()[2], driver.manage().getCookieNamed("c2").toString());
@@ -264,7 +265,7 @@ public void storedDomain3() throws Exception {
                 MimeType.TEXT_HTML, responseHeader);
 
         final WebDriver driver = loadPage2(new URL(URL_HOST3), StandardCharsets.ISO_8859_1);
-        verifyAlerts(driver, getExpectedAlerts()[0]);
+        verifyTitle2(driver, getExpectedAlerts()[0]);
 
         assertEquals(getExpectedAlerts()[1], driver.manage().getCookieNamed("c1").toString());
         assertEquals(getExpectedAlerts()[2], driver.manage().getCookieNamed("c2").toString());
@@ -303,7 +304,7 @@ public void storedDomain4() throws Exception {
                 MimeType.TEXT_HTML, responseHeader);
 
         final WebDriver driver = loadPage2(new URL(URL_HOST4), StandardCharsets.ISO_8859_1);
-        verifyAlerts(driver, getExpectedAlerts()[0]);
+        verifyTitle2(driver, getExpectedAlerts()[0]);
 
         assertEquals(getExpectedAlerts()[1], driver.manage().getCookieNamed("c12").toString());
         if (driver.manage().getCookieNamed("c11") != null) {
@@ -349,7 +350,7 @@ public void storedDomainFromJs1() throws Exception {
                 + "</html>";
 
         final WebDriver driver = loadPage2(html, new URL(URL_HOST1));
-        verifyAlerts(driver);
+        verifyTitle2(driver);
 
         assertEquals(4, driver.manage().getCookies().size());
         assertEquals(getExpectedAlerts()[0], driver.manage().getCookieNamed("c1").toString());
@@ -391,7 +392,7 @@ public void storedDomainFromJs2() throws Exception {
                 + "</html>";
 
         final WebDriver driver = loadPage2(html, new URL(URL_HOST2));
-        verifyAlerts(driver);
+        verifyTitle2(driver);
 
         assertEquals(2, driver.manage().getCookies().size());
         assertEquals(getExpectedAlerts()[0], driver.manage().getCookieNamed("c1").toString());
@@ -431,7 +432,7 @@ public void storedDomainFromJs3() throws Exception {
                 + "</html>";
 
         final WebDriver driver = loadPage2(html, new URL(URL_HOST3));
-        verifyAlerts(driver);
+        verifyTitle2(driver);
 
         assertEquals(2, driver.manage().getCookies().size());
         assertEquals(getExpectedAlerts()[0], driver.manage().getCookieNamed("c1").toString());
@@ -475,7 +476,7 @@ public void storedDomainFromJs4() throws Exception {
                 + "</html>";
 
         final WebDriver driver = loadPage2(html, new URL(URL_HOST4));
-        verifyAlerts(driver);
+        verifyTitle2(driver);
 
         final String[] expected = getExpectedAlerts();
         assertEquals(Integer.parseInt(expected[0]), driver.manage().getCookies().size());
@@ -499,7 +500,8 @@ public void domainDuplicate() throws Exception {
 
         final URL firstUrl = new URL(URL_HOST1);
 
-        loadPageWithAlerts2(firstUrl);
+        loadPage2(firstUrl, StandardCharsets.ISO_8859_1);
+        verifyTitle2(getWebDriver(), getExpectedAlerts());
     }
 
     /**
@@ -516,7 +518,8 @@ public void domainDuplicateLeadingDot() throws Exception {
 
         final URL firstUrl = new URL(URL_HOST1);
 
-        loadPageWithAlerts2(firstUrl);
+        loadPage2(firstUrl, StandardCharsets.ISO_8859_1);
+        verifyTitle2(getWebDriver(), getExpectedAlerts());
     }
 
     /**
@@ -604,7 +607,8 @@ public void domain2() throws Exception {
         final URL firstUrl = new URL(URL_HOST1);
         getMockWebConnection().setResponse(firstUrl, html, 200, "Ok", MimeType.TEXT_HTML, responseHeader1);
 
-        loadPageWithAlerts2(firstUrl);
+        loadPage2(firstUrl, StandardCharsets.ISO_8859_1);
+        verifyTitle2(getWebDriver(), getExpectedAlerts());
     }
 
     /**
@@ -634,7 +638,8 @@ public void domain3() throws Exception {
         final URL firstUrl = new URL(URL_HOST3);
         getMockWebConnection().setResponse(firstUrl, html, 200, "Ok", MimeType.TEXT_HTML, responseHeader1);
 
-        loadPageWithAlerts2(firstUrl);
+        loadPage2(firstUrl, StandardCharsets.ISO_8859_1);
+        verifyTitle2(getWebDriver(), getExpectedAlerts());
     }
 
     /**
@@ -660,7 +665,8 @@ public void differentHostsSameDomain() throws Exception {
         final URL firstUrl = new URL(URL_HOST1);
         getMockWebConnection().setResponse(firstUrl, html, 200, "Ok", MimeType.TEXT_HTML, responseHeader1);
 
-        loadPageWithAlerts2(firstUrl);
+        loadPage2(firstUrl, StandardCharsets.ISO_8859_1);
+        verifyTitle2(getWebDriver(), getExpectedAlerts());
     }
 
     /**
@@ -685,7 +691,8 @@ public void differentHostsSameDomainCookieFromJS() throws Exception {
         final URL firstUrl = new URL(URL_HOST1);
         getMockWebConnection().setResponse(firstUrl, html);
 
-        loadPageWithAlerts2(firstUrl);
+        loadPage2(firstUrl, StandardCharsets.ISO_8859_1);
+        verifyTitle2(getWebDriver(), getExpectedAlerts());
     }
 
     /**
@@ -710,7 +717,8 @@ public void differentHostsSameDomainCookieFromMeta() throws Exception {
         final URL firstUrl = new URL(URL_HOST1);
         getMockWebConnection().setResponse(firstUrl, html);
 
-        loadPageWithAlerts2(firstUrl);
+        loadPage2(firstUrl, StandardCharsets.ISO_8859_1);
+        verifyTitle2(getWebDriver(), getExpectedAlerts());
     }
 
     private void testCookies(final URL url, final String cookie1, final String cookie2) throws Exception {
@@ -720,7 +728,8 @@ private void testCookies(final URL url, final String cookie1, final String cooki
         getMockWebConnection().setDefaultResponse(CookieManagerTest.HTML_ALERT_COOKIE, 200, "OK", MimeType.TEXT_HTML,
                 responseHeader);
 
-        loadPageWithAlerts2(url);
+        loadPage2(url, StandardCharsets.ISO_8859_1);
+        verifyTitle2(getWebDriver(), getExpectedAlerts());
     }
 
     /**
@@ -761,7 +770,8 @@ public void sameSite() throws Exception {
         getMockWebConnection().setResponse(new URL(URL_HOST1), HTML_ALERT_COOKIE,
                                         200, "OK", MimeType.TEXT_HTML, responseHeader);
 
-        final WebDriver driver = loadPageWithAlerts2(new URL(URL_HOST1));
+        final WebDriver driver = loadPage2(new URL(URL_HOST1), StandardCharsets.ISO_8859_1);
+        verifyTitle2(driver, getExpectedAlerts());
         driver.get(URL_HOST1 + "foo");
 
         final Map<String, String> lastHeaders = getMockWebConnection().getLastAdditionalHeaders();
@@ -810,7 +820,8 @@ public void sameSiteOtherSubdomain() throws Exception {
         getMockWebConnection().setResponse(new URL(URL_HOST1), HTML_ALERT_COOKIE,
                                         200, "OK", MimeType.TEXT_HTML, responseHeader);
 
-        final WebDriver driver = loadPageWithAlerts2(new URL(URL_HOST1));
+        final WebDriver driver = loadPage2(new URL(URL_HOST1), StandardCharsets.ISO_8859_1);
+        verifyTitle2(driver, getExpectedAlerts());
         driver.get(URL_HOST2 + "foo");
 
         final Map<String, String> lastHeaders = getMockWebConnection().getLastAdditionalHeaders();
@@ -839,7 +850,8 @@ public void sameSiteOriginOtherSubdomain() throws Exception {
         getMockWebConnection().setResponse(new URL(URL_HOST1), HTML_ALERT_COOKIE,
                                         200, "OK", MimeType.TEXT_HTML, responseHeader);
 
-        final WebDriver driver = loadPageWithAlerts2(new URL(URL_HOST1));
+        final WebDriver driver = loadPage2(new URL(URL_HOST1), StandardCharsets.ISO_8859_1);
+        verifyTitle2(driver, getExpectedAlerts());
         driver.get(URL_HOST2 + "foo");
         driver.get(URL_HOST1 + "foo");
 
@@ -893,7 +905,8 @@ public void sameSiteIncludeFromSameDomain() throws Exception {
         getMockWebConnection().setResponse(new URL(URL_HOST1 + "include"), html,
                                         200, "OK", MimeType.TEXT_HTML, responseHeader);
 
-        final WebDriver driver = loadPageWithAlerts2(new URL(URL_HOST1));
+        final WebDriver driver = loadPage2(new URL(URL_HOST1), StandardCharsets.ISO_8859_1);
+        verifyTitle2(driver, getExpectedAlerts());
         driver.get(URL_HOST1 + "include");
 
         assertEquals(URL_HOST1 + "css/style.css", getMockWebConnection().getLastWebRequest().getUrl());
@@ -947,7 +960,8 @@ public void sameSiteIncludeFromSubDomain() throws Exception {
         getMockWebConnection().setResponse(new URL(URL_HOST2), html,
                                         200, "OK", MimeType.TEXT_HTML, responseHeader);
 
-        final WebDriver driver = loadPageWithAlerts2(new URL(URL_HOST1));
+        final WebDriver driver = loadPage2(new URL(URL_HOST1), StandardCharsets.ISO_8859_1);
+        verifyTitle2(driver, getExpectedAlerts());
         driver.get(URL_HOST2);
 
         assertEquals(URL_HOST1 + "css/style.css", getMockWebConnection().getLastWebRequest().getUrl());
@@ -1001,7 +1015,8 @@ public void sameSiteIFrameFromSameDomain() throws Exception {
         getMockWebConnection().setResponse(new URL(URL_HOST1 + "include"), html,
                                         200, "OK", MimeType.TEXT_HTML, responseHeader);
 
-        final WebDriver driver = loadPageWithAlerts2(new URL(URL_HOST1));
+        final WebDriver driver = loadPage2(new URL(URL_HOST1), StandardCharsets.ISO_8859_1);
+        verifyTitle2(driver, getExpectedAlerts());
         driver.get(URL_HOST1 + "include");
 
         assertEquals(URL_HOST1 + "iframe.html", getMockWebConnection().getLastWebRequest().getUrl());
@@ -1055,7 +1070,8 @@ public void sameSiteIFrameFromSubDomain() throws Exception {
         getMockWebConnection().setResponse(new URL(URL_HOST2 + "include"), html,
                                         200, "OK", MimeType.TEXT_HTML, responseHeader);
 
-        final WebDriver driver = loadPageWithAlerts2(new URL(URL_HOST1));
+        final WebDriver driver = loadPage2(new URL(URL_HOST1), StandardCharsets.ISO_8859_1);
+        verifyTitle2(driver, getExpectedAlerts());
         driver.get(URL_HOST2 + "include");
 
         assertEquals(URL_HOST1 + "iframe.html", getMockWebConnection().getLastWebRequest().getUrl());