diff --git a/src/Components/WebAssembly/testassets/Wasm.Authentication.Server/Startup.cs b/src/Components/WebAssembly/testassets/Wasm.Authentication.Server/Startup.cs index 1224ee978fdc..038e01f0c711 100644 --- a/src/Components/WebAssembly/testassets/Wasm.Authentication.Server/Startup.cs +++ b/src/Components/WebAssembly/testassets/Wasm.Authentication.Server/Startup.cs @@ -3,6 +3,7 @@ using Microsoft.AspNetCore.Authentication; using Microsoft.AspNetCore.Builder; using Microsoft.AspNetCore.Hosting; +using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Identity; using Microsoft.EntityFrameworkCore; using Microsoft.Extensions.Configuration; @@ -57,6 +58,11 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env) app.UseWebAssemblyDebugging(); } + app.UseCookiePolicy(new CookiePolicyOptions + { + MinimumSameSitePolicy = SameSiteMode.Lax + }); + app.UseBlazorFrameworkFiles(); app.UseStaticFiles(); diff --git a/src/Components/WebAssembly/testassets/Wasm.Authentication.Server/Wasm.Authentication.Server.csproj b/src/Components/WebAssembly/testassets/Wasm.Authentication.Server/Wasm.Authentication.Server.csproj index 3d6b47ebe767..2619203d595e 100644 --- a/src/Components/WebAssembly/testassets/Wasm.Authentication.Server/Wasm.Authentication.Server.csproj +++ b/src/Components/WebAssembly/testassets/Wasm.Authentication.Server/Wasm.Authentication.Server.csproj @@ -11,10 +11,12 @@ + + diff --git a/src/Shared/E2ETesting/E2ETesting.props b/src/Shared/E2ETesting/E2ETesting.props index 47eff5955bfa..96cf8e7eefc4 100644 --- a/src/Shared/E2ETesting/E2ETesting.props +++ b/src/Shared/E2ETesting/E2ETesting.props @@ -18,6 +18,9 @@ false + + + true diff --git a/src/SignalR/clients/ts/FunctionalTests/Startup.cs b/src/SignalR/clients/ts/FunctionalTests/Startup.cs index a7ad5a3886e5..eb8182afb4e9 100644 --- a/src/SignalR/clients/ts/FunctionalTests/Startup.cs +++ b/src/SignalR/clients/ts/FunctionalTests/Startup.cs @@ -160,9 +160,21 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env) { if (context.Request.Path.Value.Contains("/negotiate")) { - context.Response.Cookies.Append("testCookie", "testValue"); - context.Response.Cookies.Append("testCookie2", "testValue2"); - context.Response.Cookies.Append("expiredCookie", "doesntmatter", new CookieOptions() { Expires = DateTimeOffset.Now.AddHours(-1) }); + var cookieOptions = new CookieOptions(); + var expiredCookieOptions = new CookieOptions() { Expires = DateTimeOffset.Now.AddHours(-1) }; + if (context.Request.IsHttps) + { + cookieOptions.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.None; + cookieOptions.Secure = true; + + expiredCookieOptions.SameSite = Microsoft.AspNetCore.Http.SameSiteMode.None; + expiredCookieOptions.Secure = true; + } + context.Response.Cookies.Append("testCookie", "testValue", cookieOptions); + context.Response.Cookies.Append("testCookie2", "testValue2", cookieOptions); + + cookieOptions.Expires = DateTimeOffset.Now.AddHours(-1); + context.Response.Cookies.Append("expiredCookie", "doesntmatter", expiredCookieOptions); } await next.Invoke(); diff --git a/src/SignalR/clients/ts/FunctionalTests/ts/Common.ts b/src/SignalR/clients/ts/FunctionalTests/ts/Common.ts index 2bb33c1c11bc..652fd4182242 100644 --- a/src/SignalR/clients/ts/FunctionalTests/ts/Common.ts +++ b/src/SignalR/clients/ts/FunctionalTests/ts/Common.ts @@ -54,6 +54,7 @@ console.log(`Using SignalR HTTPS Server: '${ENDPOINT_BASE_HTTPS_URL}'`); console.log(`Jasmine DEFAULT_TIMEOUT_INTERVAL: ${jasmine.DEFAULT_TIMEOUT_INTERVAL}`); export const ECHOENDPOINT_URL = ENDPOINT_BASE_URL + "/echo"; +export const HTTPS_ECHOENDPOINT_URL = ENDPOINT_BASE_HTTPS_URL + "/echo"; export function getHttpTransportTypes(): HttpTransportType[] { const transportTypes = []; @@ -100,3 +101,14 @@ export function eachTransportAndProtocol(action: (transport: HttpTransportType, export function getGlobalObject(): any { return typeof window !== "undefined" ? window : global; } + +// Run test in Node or Chrome, but not on macOS +export const shouldRunHttpsTests = + // Need to have an HTTPS URL + !!ENDPOINT_BASE_HTTPS_URL && + + // Run on Node, unless macOS + (process && process.platform !== "darwin") && + + // Only run under Chrome browser + (typeof navigator === "undefined" || navigator.userAgent.search("Chrome") !== -1); diff --git a/src/SignalR/clients/ts/FunctionalTests/ts/ConnectionTests.ts b/src/SignalR/clients/ts/FunctionalTests/ts/ConnectionTests.ts index 7760294123d0..bb6821ef39d6 100644 --- a/src/SignalR/clients/ts/FunctionalTests/ts/ConnectionTests.ts +++ b/src/SignalR/clients/ts/FunctionalTests/ts/ConnectionTests.ts @@ -5,13 +5,15 @@ // tslint:disable:no-floating-promises import { HttpTransportType, IHttpConnectionOptions, TransferFormat } from "@microsoft/signalr"; -import { eachTransport, ECHOENDPOINT_URL } from "./Common"; +import { eachTransport, ECHOENDPOINT_URL, HTTPS_ECHOENDPOINT_URL, shouldRunHttpsTests } from "./Common"; import { TestLogger } from "./TestLogger"; // We want to continue testing HttpConnection, but we don't export it anymore. So just pull it in directly from the source file. import { HttpConnection } from "@microsoft/signalr/dist/esm/HttpConnection"; import "./LogBannerReporter"; +const USED_ECHOENDPOINT_URL = shouldRunHttpsTests ? HTTPS_ECHOENDPOINT_URL : ECHOENDPOINT_URL; + const commonOptions: IHttpConnectionOptions = { logMessageContent: true, logger: TestLogger.instance, @@ -20,7 +22,7 @@ const commonOptions: IHttpConnectionOptions = { describe("connection", () => { it("can connect to the server without specifying transport explicitly", (done) => { const message = "Hello World!"; - const connection = new HttpConnection(ECHOENDPOINT_URL, { + const connection = new HttpConnection(USED_ECHOENDPOINT_URL, { ...commonOptions, }); @@ -49,7 +51,7 @@ describe("connection", () => { const message = "Hello World!"; // the url should be resolved relative to the document.location.host // and the leading '/' should be automatically added to the url - const connection = new HttpConnection(ECHOENDPOINT_URL, { + const connection = new HttpConnection(USED_ECHOENDPOINT_URL, { ...commonOptions, transport: transportType, }); @@ -78,7 +80,7 @@ describe("connection", () => { const message = "Hello World!"; // DON'T use commonOptions because we want to specifically test the scenario where logMessageContent is not set. - const connection = new HttpConnection(ECHOENDPOINT_URL, { + const connection = new HttpConnection(USED_ECHOENDPOINT_URL, { logger: TestLogger.instance, transport: transportType, }); @@ -113,7 +115,7 @@ describe("connection", () => { const message = "Hello World!"; // DON'T use commonOptions because we want to specifically test the scenario where logMessageContent is set to true (even if commonOptions changes). - const connection = new HttpConnection(ECHOENDPOINT_URL, { + const connection = new HttpConnection(USED_ECHOENDPOINT_URL, { logMessageContent: true, logger: TestLogger.instance, transport: transportType, diff --git a/src/SignalR/clients/ts/FunctionalTests/ts/HubConnectionTests.ts b/src/SignalR/clients/ts/FunctionalTests/ts/HubConnectionTests.ts index 3d5f434a1768..bb5366965b2c 100644 --- a/src/SignalR/clients/ts/FunctionalTests/ts/HubConnectionTests.ts +++ b/src/SignalR/clients/ts/FunctionalTests/ts/HubConnectionTests.ts @@ -7,7 +7,7 @@ import { AbortError, DefaultHttpClient, HttpClient, HttpRequest, HttpResponse, HttpTransportType, HubConnectionBuilder, IHttpConnectionOptions, JsonHubProtocol, NullLogger } from "@microsoft/signalr"; import { MessagePackHubProtocol } from "@microsoft/signalr-protocol-msgpack"; -import { eachTransport, eachTransportAndProtocol, ENDPOINT_BASE_HTTPS_URL, ENDPOINT_BASE_URL } from "./Common"; +import { eachTransport, eachTransportAndProtocol, ENDPOINT_BASE_HTTPS_URL, ENDPOINT_BASE_URL, shouldRunHttpsTests } from "./Common"; import "./LogBannerReporter"; import { TestLogger } from "./TestLogger"; @@ -17,6 +17,7 @@ import * as RX from "rxjs"; const TESTHUBENDPOINT_URL = ENDPOINT_BASE_URL + "/testhub"; const TESTHUBENDPOINT_HTTPS_URL = ENDPOINT_BASE_HTTPS_URL ? (ENDPOINT_BASE_HTTPS_URL + "/testhub") : undefined; +const HTTPORHTTPS_TESTHUBENDPOINT_URL = shouldRunHttpsTests ? TESTHUBENDPOINT_HTTPS_URL : TESTHUBENDPOINT_URL; const TESTHUB_NOWEBSOCKETS_ENDPOINT_URL = ENDPOINT_BASE_URL + "/testhub-nowebsockets"; const TESTHUB_REDIRECT_ENDPOINT_URL = ENDPOINT_BASE_URL + "/redirect?numRedirects=0&baseUrl=" + ENDPOINT_BASE_URL; @@ -25,17 +26,6 @@ const commonOptions: IHttpConnectionOptions = { logMessageContent: true, }; -// Run test in Node or Chrome, but not on macOS -const shouldRunHttpsTests = - // Need to have an HTTPS URL - !!TESTHUBENDPOINT_HTTPS_URL && - - // Run on Node, unless macOS - (process && process.platform !== "darwin") && - - // Only run under Chrome browser - (typeof navigator === "undefined" || navigator.userAgent.search("Chrome") !== -1); - function getConnectionBuilder(transportType?: HttpTransportType, url?: string, options?: IHttpConnectionOptions): HubConnectionBuilder { let actualOptions: IHttpConnectionOptions = options || {}; if (transportType) { @@ -690,7 +680,7 @@ describe("hubConnection", () => { } it("preserves cookies between requests", async (done) => { - const hubConnection = getConnectionBuilder(transportType).build(); + const hubConnection = getConnectionBuilder(transportType, HTTPORHTTPS_TESTHUBENDPOINT_URL).build(); await hubConnection.start(); const cookieValue = await hubConnection.invoke("GetCookie", "testCookie"); const cookieValue2 = await hubConnection.invoke("GetCookie", "testCookie2"); @@ -701,7 +691,7 @@ describe("hubConnection", () => { }); it("expired cookies are not preserved", async (done) => { - const hubConnection = getConnectionBuilder(transportType).build(); + const hubConnection = getConnectionBuilder(transportType, HTTPORHTTPS_TESTHUBENDPOINT_URL).build(); await hubConnection.start(); const cookieValue = await hubConnection.invoke("GetCookie", "expiredCookie"); expect(cookieValue).toBeNull();