bug 1453806 - verify that cookies aren't sent back by TRR r?mcmanus
MozReview-Commit-ID: LOeDNqhNZYN
--- a/testing/xpcshell/moz-http2/moz-http2.js
+++ b/testing/xpcshell/moz-http2/moz-http2.js
@@ -579,16 +579,18 @@ function handleRequest(req, res) {
return;
}
// for use with test_trr.js
else if (u.pathname === "/dns") {
// bar.example.com has A entry 127.0.0.1
var content= new Buffer("00000100000100010000000003626172076578616D706C6503636F6D0000010001C00C000100010000003700047F000001", "hex");
res.setHeader('Content-Type', 'application/dns-udpwireformat');
res.setHeader('Content-Length', content.length);
+ // pass back a cookie here, check it in /dns-auth
+ res.setHeader('Set-Cookie', 'trackyou=yes; path=/; max-age=100000;');
res.writeHead(200);
res.write(content);
res.end("");
return;
}
else if (u.pathname === "/dns-ns") {
// confirm.example.com has NS entry ns.example.com
var content= new Buffer("00000100000100010000000007636F6E6669726D076578616D706C6503636F6D0000020001C00C00020001000000370012026E73076578616D706C6503636F6D010A00", "hex");
@@ -667,16 +669,25 @@ function handleRequest(req, res) {
res.setHeader('Content-Length', content.length);
res.writeHead(200);
res.write(content);
res.end("");
return;
}
// for use with test_trr.js
else if (u.pathname === "/dns-auth") {
+ // There's a Set-Cookie: header in the response for "/dns" , which this
+ // request subsequently would include if the http channel wasn't
+ // anonymous. Thus, if there's a cookie in this request, we know Firefox
+ // mishaved. If there's not, we're fine.
+ if (req.headers['cookie']) {
+ res.writeHead(403);
+ res.end("cookie for me, not for you");
+ return;
+ }
if (req.headers['authorization'] != "user:password") {
res.writeHead(401);
res.end("bad boy!");
return;
}
// bar.example.com has A entry 127.0.0.1
var content= new Buffer("00000100000100010000000003626172076578616D706C6503636F6D0000010001C00C000100010000003700047F000001", "hex");
res.setHeader('Content-Type', 'application/dns-udpwireformat');