[MVC][Fixes #8426]TempData does not clear when using __Host- as cookiename prefix (#9741)

2019-04-25 17:32:12 +02:00 · 2019-04-25 17:32:12 +02:00 · 6fa9398781
parent 03a77ef53a
commit 6fa9398781
2 changed files with 35 additions and 9 deletions
--- a/src/Security/CookiePolicy/test/CookieChunkingTests.cs
+++ b/src/Security/CookiePolicy/test/CookieChunkingTests.cs
@ -21,6 +21,29 @@ namespace Microsoft.AspNetCore.Internal
            Assert.Equal("TestCookie=" + testString + "; path=/", values[0]);
        }

+        [Fact]
+        public void AppendLargeCookie_WithOptions_Appended()
+        {
+            HttpContext context = new DefaultHttpContext();
+            var now = DateTimeOffset.UtcNow;
+            var options = new CookieOptions
+            {
+                Domain = "foo.com",
+                HttpOnly = true,
+                SameSite = SameSiteMode.Strict,
+                Path = "/bar",
+                Secure = true,
+                Expires = now.AddMinutes(5),
+                MaxAge = TimeSpan.FromMinutes(5)
+            };
+            var testString = "abcdefghijklmnopqrstuvwxyz0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
+            new ChunkingCookieManager() { ChunkSize = null }.AppendResponseCookie(context, "TestCookie", testString, options);
+
+            var values = context.Response.Headers["Set-Cookie"];
+            Assert.Single(values);
+            Assert.Equal($"TestCookie={testString}; expires={now.AddMinutes(5).ToString("R")}; max-age=300; domain=foo.com; path=/bar; secure; samesite=strict; httponly", values[0]);
+        }
+
        [Fact]
        public void AppendLargeCookieWithLimit_Chunked()
        {
@ -107,19 +130,19 @@ namespace Microsoft.AspNetCore.Internal
            HttpContext context = new DefaultHttpContext();
            context.Request.Headers.Append("Cookie", "TestCookie=chunks-7");

-            new ChunkingCookieManager().DeleteCookie(context, "TestCookie", new CookieOptions() { Domain = "foo.com" });
+            new ChunkingCookieManager().DeleteCookie(context, "TestCookie", new CookieOptions() { Domain = "foo.com", Secure = true });
            var cookies = context.Response.Headers["Set-Cookie"];
            Assert.Equal(8, cookies.Count);
            Assert.Equal(new[]
            {
-                "TestCookie=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/",
-                "TestCookieC1=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/",
-                "TestCookieC2=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/",
-                "TestCookieC3=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/",
-                "TestCookieC4=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/",
-                "TestCookieC5=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/",
-                "TestCookieC6=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/",
-                "TestCookieC7=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/",
+                "TestCookie=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/; secure",
+                "TestCookieC1=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/; secure",
+                "TestCookieC2=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/; secure",
+                "TestCookieC3=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/; secure",
+                "TestCookieC4=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/; secure",
+                "TestCookieC5=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/; secure",
+                "TestCookieC6=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/; secure",
+                "TestCookieC7=; expires=Thu, 01 Jan 1970 00:00:00 GMT; domain=foo.com; path=/; secure",
            }, cookies);
        }
    }
--- a/src/Shared/ChunkingCookieManager/ChunkingCookieManager.cs
+++ b/src/Shared/ChunkingCookieManager/ChunkingCookieManager.cs
@ -169,6 +169,7 @@ namespace Microsoft.AspNetCore.Internal
                HttpOnly = options.HttpOnly,
                Path = options.Path,
                Secure = options.Secure,
+                MaxAge = options.MaxAge,
            };

            var templateLength = template.ToString().Length;
@ -285,6 +286,7 @@ namespace Microsoft.AspNetCore.Internal
                    Path = options.Path,
                    Domain = options.Domain,
                    SameSite = options.SameSite,
+                    Secure = options.Secure,
                    IsEssential = options.IsEssential,
                    Expires = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc),
                });
@ -300,6 +302,7 @@ namespace Microsoft.AspNetCore.Internal
                        Path = options.Path,
                        Domain = options.Domain,
                        SameSite = options.SameSite,
+                        Secure = options.Secure,
                        IsEssential = options.IsEssential,
                        Expires = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc),
                    });