Merge branch 'master' into fix/AG-34942

AdguardTeam · Sep 11, 2024 · 24c0f3a · 24c0f3a
2 parents 638b526 + f37ce70
commit 24c0f3a
Show file tree

Hide file tree

Showing 4 changed files with 42 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,7 +7,7 @@ The format is based on [Keep a Changelog], and this project adheres to [Semantic
 <!-- TODO: change `@added unknown` tag due to the actual version -->
 <!--       during new scriptlets or redirects releasing -->
 
-## Unreleased
+## [Unreleased]
 
 ### Added
 
@@ -17,7 +17,14 @@ The format is based on [Keep a Changelog], and this project adheres to [Semantic
 
 - Validator and converter are switched to [`@adguard/agtree`][agtree-npm] library. API remains the same.
 
+### Fixed
+
+- setting cookie which name has special prefix `__Host-` or `__Secure-` by
+  `trusted-set-cookie` and `trusted-set-cookie-reload` scriptlets [#448]
+
+[Unreleased]: https://github.com/AdguardTeam/Scriptlets/compare/v1.11.27...HEAD
 [agtree-npm]: https://www.npmjs.com/package/@adguard/agtree
+[#448]: https://github.com/AdguardTeam/Scriptlets/issues/448
 
 ## [v1.11.27] - 2024-08-29
 

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
     "name": "@adguard/scriptlets",
-    "version": "1.11.27",
+    "version": "1.11.28",
     "description": "AdGuard's JavaScript library of Scriptlets and Redirect resources",
     "scripts": {
         "build": "babel-node -x .js,.ts scripts/build.js",

diff --git a/src/helpers/cookie-utils.ts b/src/helpers/cookie-utils.ts
@@ -42,6 +42,8 @@ export const serializeCookie = (
     domainValue = '',
     shouldEncodeValue = true,
 ) => {
+    const HOST_PREFIX = '__Host-';
+    const SECURE_PREFIX = '__Secure-';
     const COOKIE_BREAKER = ';';
 
     // semicolon will cause the cookie to break
@@ -54,11 +56,30 @@ export const serializeCookie = (
 
     let resultCookie = `${name}=${value}`;
 
+    if (name.startsWith(HOST_PREFIX)) {
+        // Cookie with "__Host-" prefix requires "secure" flag, path must be "/",
+        // and must not have a domain specified
+        // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#attributes
+        // https://github.com/AdguardTeam/Scriptlets/issues/448
+        resultCookie += '; path=/; secure';
+        if (domainValue) {
+            // eslint-disable-next-line no-console
+            console.debug(
+                `Domain value: "${domainValue}" has been ignored, because is not allowed for __Host- prefixed cookies`,
+            );
+        }
+        return resultCookie;
+    }
     const path = getCookiePath(rawPath);
     if (path) {
         resultCookie += `; ${path}`;
     }
 
+    if (name.startsWith(SECURE_PREFIX)) {
+        // Cookie with "__Secure-" prefix requires "secure" flag
+        resultCookie += '; secure';
+    }
+
     if (domainValue) {
         resultCookie += `; domain=${domainValue}`;
     }

diff --git a/tests/helpers/cookie-utils.spec.js b/tests/helpers/cookie-utils.spec.js
@@ -42,6 +42,18 @@ describe('serializeCookie', () => {
                 actual: ['test', '1', '', 'example.com'],
                 expected: 'test=1; domain=example.com',
             },
+            {
+                actual: ['__Host-prefix', 'host_prefix', ''],
+                expected: '__Host-prefix=host_prefix; path=/; secure',
+            },
+            {
+                actual: ['__Host-prefix_domain', 'host_prefix_domain', '', 'example.com'],
+                expected: '__Host-prefix_domain=host_prefix_domain; path=/; secure',
+            },
+            {
+                actual: ['__Secure-prefix', 'secure_prefix', ''],
+                expected: '__Secure-prefix=secure_prefix; secure',
+            },
         ])('$actual -> $expected', ({ actual, expected }) => {
             expect(serializeCookie(...actual)).toBe(expected);
         });