playwright/test/cookies.spec.js

/**
 * Copyright 2018 Google Inc. All rights reserved.
 * Modifications copyright (c) Microsoft Corporation.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

const {FFOX, CHROMIUM, WEBKIT, WIN} = require('./utils').testOptions(browserType);

describe('BrowserContext.cookies', function() {
  it('should return no cookies in pristine browser context', async({context, page, server}) => {
    expect(await context.cookies()).toEqual([]);
  });
  it('should get a cookie', async({context, page, server}) => {
    await page.goto(server.EMPTY_PAGE);
    const documentCookie = await page.evaluate(() => {
      document.cookie = 'username=John Doe';
      return document.cookie;
    });
    expect(documentCookie).toBe('username=John Doe');
    expect(await context.cookies()).toEqual([{
      name: 'username',
      value: 'John Doe',
      domain: 'localhost',
      path: '/',
      expires: -1,
      httpOnly: false,
      secure: false,
      sameSite: 'None',
    }]);
  });
  it('should get a non-session cookie', async({context, page, server}) => {
    await page.goto(server.EMPTY_PAGE);
    // @see https://en.wikipedia.org/wiki/Year_2038_problem
    const date = +(new Date('1/1/2038'));
    const documentCookie = await page.evaluate(timestamp => {
      const date = new Date(timestamp);
      document.cookie = `username=John Doe;expires=${date.toUTCString()}`;
      return document.cookie;
    }, date);
    expect(documentCookie).toBe('username=John Doe');
    expect(await context.cookies()).toEqual([{
      name: 'username',
      value: 'John Doe',
      domain: 'localhost',
      path: '/',
      expires: date / 1000,
      httpOnly: false,
      secure: false,
      sameSite: 'None',
    }]);
  });
  it('should properly report httpOnly cookie', async({context, page, server}) => {
    server.setRoute('/empty.html', (req, res) => {
      res.setHeader('Set-Cookie', 'name=value;HttpOnly; Path=/');
      res.end();
    });
    await page.goto(server.EMPTY_PAGE);
    const cookies = await context.cookies();
    expect(cookies.length).toBe(1);
    expect(cookies[0].httpOnly).toBe(true);
  });
  it.fail(WEBKIT && WIN)('should properly report "Strict" sameSite cookie', async({context, page, server}) => {
    server.setRoute('/empty.html', (req, res) => {
      res.setHeader('Set-Cookie', 'name=value;SameSite=Strict');
      res.end();
    });
    await page.goto(server.EMPTY_PAGE);
    const cookies = await context.cookies();
    expect(cookies.length).toBe(1);
    expect(cookies[0].sameSite).toBe('Strict');
  });
  it.fail(WEBKIT && WIN)('should properly report "Lax" sameSite cookie', async({context, page, server}) => {
    server.setRoute('/empty.html', (req, res) => {
      res.setHeader('Set-Cookie', 'name=value;SameSite=Lax');
      res.end();
    });
    await page.goto(server.EMPTY_PAGE);
    const cookies = await context.cookies();
    expect(cookies.length).toBe(1);
    expect(cookies[0].sameSite).toBe('Lax');
  });
  it('should get multiple cookies', async({context, page, server}) => {
    await page.goto(server.EMPTY_PAGE);
    const documentCookie = await page.evaluate(() => {
      document.cookie = 'username=John Doe';
      document.cookie = 'password=1234';
      return document.cookie.split('; ').sort().join('; ');
    });
    const cookies = await context.cookies();
    cookies.sort((a, b) => a.name.localeCompare(b.name));
    expect(documentCookie).toBe('password=1234; username=John Doe');
    expect(cookies).toEqual([
      {
        name: 'password',
        value: '1234',
        domain: 'localhost',
        path: '/',
        expires: -1,
        httpOnly: false,
        secure: false,
        sameSite: 'None',
      },
      {
        name: 'username',
        value: 'John Doe',
        domain: 'localhost',
        path: '/',
        expires: -1,
        httpOnly: false,
        secure: false,
        sameSite: 'None',
      },
    ]);
  });
  it('should get cookies from multiple urls', async({context}) => {
    await context.addCookies([{
      url: 'https://foo.com',
      name: 'doggo',
      value: 'woofs',
    }, {
      url: 'https://bar.com',
      name: 'catto',
      value: 'purrs',
    }, {
      url: 'https://baz.com',
      name: 'birdo',
      value: 'tweets',
    }]);
    const cookies = await context.cookies(['https://foo.com', 'https://baz.com']);
    cookies.sort((a, b) => a.name.localeCompare(b.name));
    expect(cookies).toEqual([{
      name: 'birdo',
      value: 'tweets',
      domain: 'baz.com',
      path: '/',
      expires: -1,
      httpOnly: false,
      secure: true,
      sameSite: 'None',
    }, {
      name: 'doggo',
      value: 'woofs',
      domain: 'foo.com',
      path: '/',
      expires: -1,
      httpOnly: false,
      secure: true,
      sameSite: 'None',
    }]);
  });
});

describe('BrowserContext.addCookies', function() {
  it('should work', async({context, page, server}) => {
    await page.goto(server.EMPTY_PAGE);
    await context.addCookies([{
      url: server.EMPTY_PAGE,
      name: 'password',
      value: '123456'
    }]);
    expect(await page.evaluate(() => document.cookie)).toEqual('password=123456');
  });
  it('should roundtrip cookie', async({context, page, server}) => {
    await page.goto(server.EMPTY_PAGE);
    // @see https://en.wikipedia.org/wiki/Year_2038_problem
    const date = +(new Date('1/1/2038'));
    const documentCookie = await page.evaluate(timestamp => {
      const date = new Date(timestamp);
      document.cookie = `username=John Doe;expires=${date.toUTCString()}`;
      return document.cookie;
    }, date);
    expect(documentCookie).toBe('username=John Doe');
    const cookies = await context.cookies();
    await context.clearCookies();
    expect(await context.cookies()).toEqual([]);
    await context.addCookies(cookies);
    expect(await context.cookies()).toEqual(cookies);
  });
  it('should send cookie header', async({server, context}) => {
    let cookie = '';
    server.setRoute('/empty.html', (req, res) => {
      cookie = req.headers.cookie;
      res.end();
    });
    await context.addCookies([{url: server.EMPTY_PAGE, name: 'cookie', value: 'value'}]);
    const page = await context.newPage();
    await page.goto(server.EMPTY_PAGE);
    expect(cookie).toBe('cookie=value');
  });
  it('should isolate cookies in browser contexts', async({context, server, browser}) => {
    const anotherContext = await browser.newContext();
    await context.addCookies([{url: server.EMPTY_PAGE, name: 'isolatecookie', value: 'page1value'}]);
    await anotherContext.addCookies([{url: server.EMPTY_PAGE, name: 'isolatecookie', value: 'page2value'}]);

    const cookies1 = await context.cookies();
    const cookies2 = await anotherContext.cookies();
    expect(cookies1.length).toBe(1);
    expect(cookies2.length).toBe(1);
    expect(cookies1[0].name).toBe('isolatecookie');
    expect(cookies1[0].value).toBe('page1value');
    expect(cookies2[0].name).toBe('isolatecookie');
    expect(cookies2[0].value).toBe('page2value');
    await anotherContext.close();
  });
  it('should isolate session cookies', async({context, server, browser}) => {
    server.setRoute('/setcookie.html', (req, res) => {
      res.setHeader('Set-Cookie', 'session=value');
      res.end();
    });
    {
      const page = await context.newPage();
      await page.goto(server.PREFIX + '/setcookie.html');
    }
    {
      const page = await context.newPage();
      await page.goto(server.EMPTY_PAGE);
      const cookies = await context.cookies();
      expect(cookies.length).toBe(1);
      expect(cookies.map(c => c.value).join(',')).toBe('value');
    }
    {
      const context2 = await browser.newContext();
      const page = await context2.newPage();
      await page.goto(server.EMPTY_PAGE);
      const cookies = await context2.cookies();
      expect(cookies[0] && cookies[0].name).toBe(undefined);
      await context2.close();
    }
  });
  it('should isolate persistent cookies', async({context, server, browser}) => {
    server.setRoute('/setcookie.html', (req, res) => {
      res.setHeader('Set-Cookie', 'persistent=persistent-value; max-age=3600');
      res.end();
    });
    const page = await context.newPage();
    await page.goto(server.PREFIX + '/setcookie.html');

    const context1 = context;
    const context2 = await browser.newContext();
    const [page1, page2] = await Promise.all([context1.newPage(), context2.newPage()]);
    await Promise.all([page1.goto(server.EMPTY_PAGE), page2.goto(server.EMPTY_PAGE)]);
    const [cookies1, cookies2] = await Promise.all([context1.cookies(), context2.cookies()]);
    expect(cookies1.length).toBe(1);
    expect(cookies1[0].name).toBe('persistent');
    expect(cookies1[0].value).toBe('persistent-value');
    expect(cookies2.length).toBe(0);
    await context2.close();
  });
  it('should isolate send cookie header', async({server, context, browser}) => {
    let cookie = [];
    server.setRoute('/empty.html', (req, res) => {
      cookie = req.headers.cookie || '';
      res.end();
    });
    await context.addCookies([{url: server.EMPTY_PAGE, name: 'sendcookie', value: 'value'}]);
    {
      const page = await context.newPage();
      await page.goto(server.EMPTY_PAGE);
      expect(cookie).toBe('sendcookie=value');
    }
    {
      const context = await browser.newContext();
      const page = await context.newPage();
      await page.goto(server.EMPTY_PAGE);
      expect(cookie).toBe('');
      await context.close();
    }
  });
  it.slow()('should isolate cookies between launches', async({browserType, server, defaultBrowserOptions}) => {
    const browser1 = await browserType.launch(defaultBrowserOptions);
    const context1 = await browser1.newContext();
    await context1.addCookies([{url: server.EMPTY_PAGE, name: 'cookie-in-context-1', value: 'value', expires: Date.now() / 1000 + 10000}]);
    await browser1.close();

    const browser2 = await browserType.launch(defaultBrowserOptions);
    const context2 = await browser2.newContext();
    const cookies = await context2.cookies();
    expect(cookies.length).toBe(0);
    await browser2.close();
  });
  it('should set multiple cookies', async({context, page, server}) => {
    await page.goto(server.EMPTY_PAGE);
    await context.addCookies([{
      url: server.EMPTY_PAGE,
      name: 'multiple-1',
      value: '123456'
    }, {
      url: server.EMPTY_PAGE,
      name: 'multiple-2',
      value: 'bar'
    }]);
    expect(await page.evaluate(() => {
      const cookies = document.cookie.split(';');
      return cookies.map(cookie => cookie.trim()).sort();
    })).toEqual([
      'multiple-1=123456',
      'multiple-2=bar',
    ]);
  });
  it('should have |expires| set to |-1| for session cookies', async({context, server}) => {
    await context.addCookies([{
      url: server.EMPTY_PAGE,
      name: 'expires',
      value: '123456'
    }]);
    const cookies = await context.cookies();
    expect(cookies[0].expires).toBe(-1);
  });
  it('should set cookie with reasonable defaults', async({context, server}) => {
    await context.addCookies([{
      url: server.EMPTY_PAGE,
      name: 'defaults',
      value: '123456'
    }]);
    const cookies = await context.cookies();
    expect(cookies.sort((a, b) => a.name.localeCompare(b.name))).toEqual([{
      name: 'defaults',
      value: '123456',
      domain: 'localhost',
      path: '/',
      expires: -1,
      httpOnly: false,
      secure: false,
      sameSite: 'None',
    }]);
  });
  it('should set a cookie with a path', async({context, page, server}) => {
    await page.goto(server.PREFIX + '/grid.html');
    await context.addCookies([{
      domain: 'localhost',
      path: '/grid.html',
      name: 'gridcookie',
      value: 'GRID',
    }]);
    expect(await context.cookies()).toEqual([{
      name: 'gridcookie',
      value: 'GRID',
      domain: 'localhost',
      path: '/grid.html',
      expires: -1,
      httpOnly: false,
      secure: false,
      sameSite: 'None',
    }]);
    expect(await page.evaluate('document.cookie')).toBe('gridcookie=GRID');
    await page.goto(server.EMPTY_PAGE);
    expect(await page.evaluate('document.cookie')).toBe('');
    await page.goto(server.PREFIX + '/grid.html');
    expect(await page.evaluate('document.cookie')).toBe('gridcookie=GRID');
  });
  it('should not set a cookie with blank page URL', async function({context, server}) {
    let error = null;
    try {
      await context.addCookies([
          {url: server.EMPTY_PAGE, name: 'example-cookie', value: 'best'},
          {url: 'about:blank', name: 'example-cookie-blank', value: 'best'}
      ]);
    } catch (e) {
      error = e;
    }
    expect(error.message).toEqual(
        `Blank page can not have cookie "example-cookie-blank"`
    );
  });
  it('should not set a cookie on a data URL page', async function({context}) {
    let error = null;
    try {
      await context.addCookies([{url: 'data:,Hello%2C%20World!', name: 'example-cookie', value: 'best'}]);
    } catch (e) {
      error = e;
    }
    expect(error.message).toContain('Data URL page can not have cookie "example-cookie"');
  });
  it('should default to setting secure cookie for HTTPS websites', async({context, page, server}) => {
    await page.goto(server.EMPTY_PAGE);
    const SECURE_URL = 'https://example.com';
    await context.addCookies([{
      url: SECURE_URL,
      name: 'foo',
      value: 'bar',
    }]);
    const [cookie] = await context.cookies(SECURE_URL);
    expect(cookie.secure).toBe(true);
  });
  it('should be able to set unsecure cookie for HTTP website', async({context, page, server}) => {
    await page.goto(server.EMPTY_PAGE);
    const HTTP_URL = 'http://example.com';
    await context.addCookies([{
      url: HTTP_URL,
      name: 'foo',
      value: 'bar',
    }]);
    const [cookie] = await context.cookies(HTTP_URL);
    expect(cookie.secure).toBe(false);
  });
  it('should set a cookie on a different domain', async({context, page, server}) => {
    await page.goto(server.EMPTY_PAGE);
    await context.addCookies([{
      url: 'https://www.example.com',
      name: 'example-cookie',
      value: 'best',
    }]);
    expect(await page.evaluate('document.cookie')).toBe('');
    expect(await context.cookies('https://www.example.com')).toEqual([{
      name: 'example-cookie',
      value: 'best',
      domain: 'www.example.com',
      path: '/',
      expires: -1,
      httpOnly: false,
      secure: true,
      sameSite: 'None',
    }]);
  });
  it('should set cookies for a frame', async({context, page, server}) => {
    await page.goto(server.EMPTY_PAGE);
    await context.addCookies([
      {url: server.PREFIX, name: 'frame-cookie', value: 'value'}
    ]);
    await page.evaluate(src => {
      let fulfill;
      const promise = new Promise(x => fulfill = x);
      const iframe = document.createElement('iframe');
      document.body.appendChild(iframe);
      iframe.onload = fulfill;
      iframe.src = src;
      return promise;
    }, server.PREFIX + '/grid.html');

    expect(await page.frames()[1].evaluate('document.cookie')).toBe('frame-cookie=value');
  });
  it('should(not) block third party cookies', async({context, page, server}) => {
    await page.goto(server.EMPTY_PAGE);
    await page.evaluate(src => {
      let fulfill;
      const promise = new Promise(x => fulfill = x);
      const iframe = document.createElement('iframe');
      document.body.appendChild(iframe);
      iframe.onload = fulfill;
      iframe.src = src;
      return promise;
    }, server.CROSS_PROCESS_PREFIX + '/grid.html');
    await page.frames()[1].evaluate(`document.cookie = 'username=John Doe'`);
    await page.waitForTimeout(2000);
    const allowsThirdParty = CHROMIUM || FFOX;
    const cookies = await context.cookies(server.CROSS_PROCESS_PREFIX + '/grid.html');
    if (allowsThirdParty) {
      expect(cookies).toEqual([
        {
          "domain": "127.0.0.1",
          "expires": -1,
          "httpOnly": false,
          "name": "username",
          "path": "/",
          "sameSite": "None",
          "secure": false,
          "value": "John Doe"
        }
      ]);
    } else {
      expect(cookies).toEqual([]);
    }
  });
});

describe('BrowserContext.clearCookies', function() {
  it('should clear cookies', async({context, page, server}) => {
    await page.goto(server.EMPTY_PAGE);
    await context.addCookies([{
      url: server.EMPTY_PAGE,
      name: 'cookie1',
      value: '1'
    }]);
    expect(await page.evaluate('document.cookie')).toBe('cookie1=1');
    await context.clearCookies();
    expect(await context.cookies()).toEqual([]);
    await page.reload();
    expect(await page.evaluate('document.cookie')).toBe('');
  });
  it('should isolate cookies when clearing', async({context, server, browser}) => {
    const anotherContext = await browser.newContext();
    await context.addCookies([{url: server.EMPTY_PAGE, name: 'page1cookie', value: 'page1value'}]);
    await anotherContext.addCookies([{url: server.EMPTY_PAGE, name: 'page2cookie', value: 'page2value'}]);

    expect((await context.cookies()).length).toBe(1);
    expect((await anotherContext.cookies()).length).toBe(1);

    await context.clearCookies();
    expect((await context.cookies()).length).toBe(0);
    expect((await anotherContext.cookies()).length).toBe(1);

    await anotherContext.clearCookies();
    expect((await context.cookies()).length).toBe(0);
    expect((await anotherContext.cookies()).length).toBe(0);
    await anotherContext.close();
  });
});