Log if Partitioned is set but Path != /

amcasey · amcasey · commit b5b9af891055 · 2024-07-11T13:00:38.000-07:00
diff --git a/src/Http/Http/src/Internal/ResponseCookies.cs b/src/Http/Http/src/Internal/ResponseCookies.cs
@@ -174,14 +174,23 @@ private static MessagesToLog GetMessagesToLog(CookieOptions options)
             toLog |= MessagesToLog.SameSiteNotSecure;
         }
 
-        if (!options.Secure && options.Partitioned)
+        if (options.Partitioned)
         {
-            toLog |= MessagesToLog.PartitionedNotSecure;
-        }
+            if (!options.Secure)
+            {
+                toLog |= MessagesToLog.PartitionedNotSecure;
+            }
 
-        if (options.Partitioned && options.SameSite != SameSiteMode.None)
-        {
-            toLog |= MessagesToLog.PartitionedNotSameSiteNone;
+            if (options.SameSite != SameSiteMode.None)
+            {
+                toLog |= MessagesToLog.PartitionedNotSameSiteNone;
+            }
+
+            // Chromium checks this
+            if (options.Path != "/")
+            {
+                toLog |= MessagesToLog.PartitionedNotPathRoot;
+            }
         }
 
         return toLog;
@@ -203,6 +212,11 @@ private static void LogMessages(ILogger logger, MessagesToLog messages, string c
         {
             Log.PartitionedCookieNotSameSiteNone(logger, cookieName);
         }
+
+        if ((messages & MessagesToLog.PartitionedNotPathRoot) != 0)
+        {
+            Log.PartitionedCookieNotPathRoot(logger, cookieName);
+        }
     }
 
     [Flags]
@@ -212,6 +226,7 @@ private enum MessagesToLog
         SameSiteNotSecure = 1 << 0,
         PartitionedNotSecure = 1 << 1,
         PartitionedNotSameSiteNone = 1 << 2,
+        PartitionedNotPathRoot = 1 << 3,
     }
 
     private static partial class Log
@@ -224,5 +239,8 @@ private static partial class Log
 
         [LoggerMessage(3, LogLevel.Debug, "The cookie '{name}' has set 'Partitioned' and should also set 'SameSite=None'. This cookie will likely be rejected by the client.", EventName = "PartitionedNotSameSiteNone")]
         public static partial void PartitionedCookieNotSameSiteNone(ILogger logger, string name);
+
+        [LoggerMessage(4, LogLevel.Debug, "The cookie '{name}' has set 'Partitioned' and should also set 'Path=/'. This cookie may be rejected by the client.", EventName = "PartitionedNotPathRoot")]
+        public static partial void PartitionedCookieNotPathRoot(ILogger logger, string name);
     }
 }
diff --git a/src/Http/Http/test/ResponseCookiesTest.cs b/src/Http/Http/test/ResponseCookiesTest.cs
@@ -120,6 +120,7 @@ public void AppendPartitionedLogsWarnings()
             Partitioned = true,
             // Missing SameSite = SameSiteMode.None,
             // Missing Secure = true,
+            Path = "/a", // Should be Path = "/",
         });
 
         var cookieHeaderValues = headers.SetCookie;
@@ -132,6 +133,7 @@ public void AppendPartitionedLogsWarnings()
         [
             entry => Assert.Equal($"The cookie '{testCookie}' has set 'Partitioned' and must also set 'Secure'. This cookie will likely be rejected by the client.", entry.Message),
             entry => Assert.Equal($"The cookie '{testCookie}' has set 'Partitioned' and should also set 'SameSite=None'. This cookie will likely be rejected by the client.", entry.Message),
+            entry => Assert.Equal($"The cookie '{testCookie}' has set 'Partitioned' and should also set 'Path=/'. This cookie may be rejected by the client.", entry.Message),
         ]);
     }
 
@@ -164,6 +166,7 @@ public void AppendPartitionedLogsWarningsForEachCookie()
             Partitioned = true,
             // Missing SameSite = SameSiteMode.None,
             // Missing Secure = true,
+            Path = "/a", // Should be Path = "/",
         });
 
         var cookieHeaderValues = headers.SetCookie;
@@ -178,8 +181,10 @@ public void AppendPartitionedLogsWarningsForEachCookie()
         [
             entry => Assert.Equal($"The cookie '{testCookie1}' has set 'Partitioned' and must also set 'Secure'. This cookie will likely be rejected by the client.", entry.Message),
             entry => Assert.Equal($"The cookie '{testCookie1}' has set 'Partitioned' and should also set 'SameSite=None'. This cookie will likely be rejected by the client.", entry.Message),
+            entry => Assert.Equal($"The cookie '{testCookie1}' has set 'Partitioned' and should also set 'Path=/'. This cookie may be rejected by the client.", entry.Message),
             entry => Assert.Equal($"The cookie '{testCookie2}' has set 'Partitioned' and must also set 'Secure'. This cookie will likely be rejected by the client.", entry.Message),
             entry => Assert.Equal($"The cookie '{testCookie2}' has set 'Partitioned' and should also set 'SameSite=None'. This cookie will likely be rejected by the client.", entry.Message),
+            entry => Assert.Equal($"The cookie '{testCookie2}' has set 'Partitioned' and should also set 'Path=/'. This cookie may be rejected by the client.", entry.Message),
         ]);
     }
 
@@ -205,13 +210,15 @@ public void AppendPartitionedCorrectlyDoesNotLog()
             Partitioned = true,
             SameSite = SameSiteMode.None,
             Secure = true,
+            // Path = "/", // implied
         });
 
         var cookieHeaderValues = headers.SetCookie;
         Assert.Single(cookieHeaderValues);
         Assert.Contains("partitioned", cookieHeaderValues[0]);
         Assert.Contains("secure", cookieHeaderValues[0]);
         Assert.Contains("samesite=none", cookieHeaderValues[0]);
+        Assert.Contains("path=/", cookieHeaderValues[0]);
 
         Assert.Empty(sink.Writes);
     }
