Log for SameSite=None without Secure (#24970)

Tratcher · campersau · web-flow · commit bc40f4038266 · 2020-08-18T19:55:42.000Z
* Log for SameSite=None without Secure

* Update src/Http/Http/src/Internal/EventIds.cs

Co-authored-by: campersau &lt;buchholz.bastian@googlemail.com&gt;

Co-authored-by: campersau &lt;buchholz.bastian@googlemail.com&gt;
diff --git a/src/Http/Http/src/Features/ResponseCookiesFeature.cs b/src/Http/Http/src/Features/ResponseCookiesFeature.cs
@@ -15,7 +15,7 @@ public class ResponseCookiesFeature : IResponseCookiesFeature
         // Lambda hoisted to static readonly field to improve inlining https://github.com/dotnet/roslyn/issues/13624
         private readonly static Func<IFeatureCollection, IHttpResponseFeature?> _nullResponseFeature = f => null;
 
-        private FeatureReferences<IHttpResponseFeature> _features;
+        private readonly IFeatureCollection _features;
         private IResponseCookies? _cookiesCollection;
 
         /// <summary>
@@ -27,12 +27,7 @@ public class ResponseCookiesFeature : IResponseCookiesFeature
         /// </param>
         public ResponseCookiesFeature(IFeatureCollection features)
         {
-            if (features == null)
-            {
-                throw new ArgumentNullException(nameof(features));
-            }
-
-            _features.Initalize(features);
+            _features = features ?? throw new ArgumentNullException(nameof(features));
         }
 
         /// <summary>
@@ -46,25 +41,17 @@ public ResponseCookiesFeature(IFeatureCollection features)
         [Obsolete("This constructor is obsolete and will be removed in a future version.")]
         public ResponseCookiesFeature(IFeatureCollection features, ObjectPool<StringBuilder>? builderPool)
         {
-            if (features == null)
-            {
-                throw new ArgumentNullException(nameof(features));
-            }
-
-            _features.Initalize(features);
+            _features = features ?? throw new ArgumentNullException(nameof(features));
         }
 
-        private IHttpResponseFeature HttpResponseFeature => _features.Fetch(ref _features.Cache, _nullResponseFeature)!;
-
         /// <inheritdoc />
         public IResponseCookies Cookies
         {
             get
             {
                 if (_cookiesCollection == null)
                 {
-                    var headers = HttpResponseFeature.Headers;
-                    _cookiesCollection = new ResponseCookies(headers);
+                    _cookiesCollection = new ResponseCookies(_features);
                 }
 
                 return _cookiesCollection;
diff --git a/src/Http/Http/src/Internal/EventIds.cs b/src/Http/Http/src/Internal/EventIds.cs
@@ -0,0 +1,12 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using Microsoft.Extensions.Logging;
+
+namespace Microsoft.AspNetCore.Http
+{
+    internal static class EventIds
+    {
+        public static readonly EventId SameSiteNotSecure = new EventId(1, "SameSiteNotSecure");
+    }
+}
diff --git a/src/Http/Http/src/Internal/ResponseCookies.cs b/src/Http/Http/src/Internal/ResponseCookies.cs
@@ -3,6 +3,9 @@
 
 using System;
 using System.Collections.Generic;
+using Microsoft.AspNetCore.Http.Features;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Primitives;
 using Microsoft.Net.Http.Headers;
 
@@ -16,18 +19,16 @@ internal class ResponseCookies : IResponseCookies
         internal const string EnableCookieNameEncoding = "Microsoft.AspNetCore.Http.EnableCookieNameEncoding";
         internal bool _enableCookieNameEncoding = AppContext.TryGetSwitch(EnableCookieNameEncoding, out var enabled) && enabled;
 
+        private readonly IFeatureCollection _features;
+        private ILogger? _logger;
+
         /// <summary>
         /// Create a new wrapper.
         /// </summary>
-        /// <param name="headers">The <see cref="IHeaderDictionary"/> for the response.</param>
-        public ResponseCookies(IHeaderDictionary headers)
+        internal ResponseCookies(IFeatureCollection features)
         {
-            if (headers == null)
-            {
-                throw new ArgumentNullException(nameof(headers));
-            }
-
-            Headers = headers;
+            _features = features;
+            Headers = _features.Get<IHttpResponseFeature>().Headers;
         }
 
         private IHeaderDictionary Headers { get; set; }
@@ -54,6 +55,21 @@ public void Append(string key, string value, CookieOptions options)
                 throw new ArgumentNullException(nameof(options));
             }
 
+            // SameSite=None cookies must be marked as Secure.
+            if (!options.Secure && options.SameSite == SameSiteMode.None)
+            {
+                if (_logger == null)
+                {
+                    var services = _features.Get<Features.IServiceProvidersFeature>()?.RequestServices;
+                    _logger = services?.GetService<ILogger<ResponseCookies>>();
+                }
+
+                if (_logger != null)
+                {
+                    Log.SameSiteCookieNotSecure(_logger, key);
+                }
+            }
+
             var setCookieHeaderValue = new SetCookieHeaderValue(
                 _enableCookieNameEncoding ? Uri.EscapeDataString(key) : key,
                 Uri.EscapeDataString(value))
@@ -135,5 +151,18 @@ public void Delete(string key, CookieOptions options)
                 SameSite = options.SameSite
             });
         }
+
+        private static class Log
+        {
+            private static readonly Action<ILogger, string, Exception?> _samesiteNotSecure = LoggerMessage.Define<string>(
+                LogLevel.Warning,
+                EventIds.SameSiteNotSecure,
+                "The cookie '{name}' has set 'SameSite=None' and must also set 'Secure'.");
+
+            public static void SameSiteCookieNotSecure(ILogger logger, string name)
+            {
+                _samesiteNotSecure(logger, name, null);
+            }
+        }
     }
 }
diff --git a/src/Http/Http/test/ResponseCookiesTest.cs b/src/Http/Http/test/ResponseCookiesTest.cs
@@ -2,18 +2,67 @@
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
 using System;
+using Microsoft.AspNetCore.Http.Features;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Logging.Testing;
 using Microsoft.Net.Http.Headers;
 using Xunit;
 
 namespace Microsoft.AspNetCore.Http.Tests
 {
     public class ResponseCookiesTest
     {
+        private IFeatureCollection MakeFeatures(IHeaderDictionary headers)
+        {
+            var responseFeature = new HttpResponseFeature()
+            {
+                Headers = headers
+            };
+            var features = new FeatureCollection();
+            features.Set<IHttpResponseFeature>(responseFeature);
+            return features;
+        }
+
+        [Fact]
+        public void AppendSameSiteNoneWithoutSecureLogsWarning()
+        {
+            var headers = new HeaderDictionary();
+            var features = MakeFeatures(headers);
+            var services = new ServiceCollection();
+
+            var sink = new TestSink(TestSink.EnableWithTypeName<ResponseCookies>);
+            var loggerFactory = new TestLoggerFactory(sink, enabled: true);
+            services.AddLogging();
+            services.AddSingleton<ILoggerFactory>(loggerFactory);
+
+            features.Set<IServiceProvidersFeature>(new ServiceProvidersFeature() { RequestServices = services.BuildServiceProvider() });
+
+            var cookies = new ResponseCookies(features);
+            var testCookie = "TestCookie";
+
+            cookies.Append(testCookie, "value", new CookieOptions()
+            {
+                SameSite = SameSiteMode.None,
+            });
+
+            var cookieHeaderValues = headers[HeaderNames.SetCookie];
+            Assert.Single(cookieHeaderValues);
+            Assert.StartsWith(testCookie, cookieHeaderValues[0]);
+            Assert.Contains("path=/", cookieHeaderValues[0]);
+            Assert.Contains("samesite=none", cookieHeaderValues[0]);
+            Assert.DoesNotContain("secure", cookieHeaderValues[0]);
+
+            var writeContext = Assert.Single(sink.Writes);
+            Assert.Equal("The cookie 'TestCookie' has set 'SameSite=None' and must also set 'Secure'.", writeContext.Message);
+        }
+
         [Fact]
         public void DeleteCookieShouldSetDefaultPath()
         {
             var headers = new HeaderDictionary();
-            var cookies = new ResponseCookies(headers);
+            var features = MakeFeatures(headers);
+            var cookies = new ResponseCookies(features);
             var testCookie = "TestCookie";
 
             cookies.Delete(testCookie);
@@ -29,7 +78,8 @@ public void DeleteCookieShouldSetDefaultPath()
         public void DeleteCookieWithCookieOptionsShouldKeepPropertiesOfCookieOptions()
         {
             var headers = new HeaderDictionary();
-            var cookies = new ResponseCookies(headers);
+            var features = MakeFeatures(headers);
+            var cookies = new ResponseCookies(features);
             var testCookie = "TestCookie";
             var time = new DateTimeOffset(2000, 1, 1, 1, 1, 1, 1, TimeSpan.Zero);
             var options = new CookieOptions
@@ -58,7 +108,8 @@ public void DeleteCookieWithCookieOptionsShouldKeepPropertiesOfCookieOptions()
         public void NoParamsDeleteRemovesCookieCreatedByAdd()
         {
             var headers = new HeaderDictionary();
-            var cookies = new ResponseCookies(headers);
+            var features = MakeFeatures(headers);
+            var cookies = new ResponseCookies(features);
             var testCookie = "TestCookie";
 
             cookies.Append(testCookie, testCookie);
@@ -75,7 +126,8 @@ public void NoParamsDeleteRemovesCookieCreatedByAdd()
         public void ProvidesMaxAgeWithCookieOptionsArgumentExpectMaxAgeToBeSet()
         {
             var headers = new HeaderDictionary();
-            var cookies = new ResponseCookies(headers);
+            var features = MakeFeatures(headers);
+            var cookies = new ResponseCookies(features);
             var cookieOptions = new CookieOptions();
             var maxAgeTime = TimeSpan.FromHours(1);
             cookieOptions.MaxAge = TimeSpan.FromHours(1);
@@ -96,7 +148,8 @@ public void ProvidesMaxAgeWithCookieOptionsArgumentExpectMaxAgeToBeSet()
         public void EscapesValuesBeforeSettingCookie(string value, string expected)
         {
             var headers = new HeaderDictionary();
-            var cookies = new ResponseCookies(headers);
+            var features = MakeFeatures(headers);
+            var cookies = new ResponseCookies(features);
 
             cookies.Append("key", value);
 
@@ -111,7 +164,8 @@ public void EscapesValuesBeforeSettingCookie(string value, string expected)
         public void InvalidKeysThrow(string key)
         {
             var headers = new HeaderDictionary();
-            var cookies = new ResponseCookies(headers);
+            var features = MakeFeatures(headers);
+            var cookies = new ResponseCookies(features);
 
             Assert.Throws<ArgumentException>(() => cookies.Append(key, "1"));
         }
@@ -124,7 +178,8 @@ public void InvalidKeysThrow(string key)
         public void AppContextSwitchEscapesKeysAndValuesBeforeSettingCookie(string key, string value, string expected)
         {
             var headers = new HeaderDictionary();
-            var cookies = new ResponseCookies(headers);
+            var features = MakeFeatures(headers);
+            var cookies = new ResponseCookies(features);
             cookies._enableCookieNameEncoding = true;
 
             cookies.Append(key, value);

Original file line number	Diff line number	Diff line change
`@@ -15,7 +15,7 @@ public class ResponseCookiesFeature : IResponseCookiesFeature`
`15`	`15`	`// Lambda hoisted to static readonly field to improve inlining https://github.com/dotnet/roslyn/issues/13624`
`16`	`16`	`private readonly static Func<IFeatureCollection, IHttpResponseFeature?> _nullResponseFeature = f => null;`
`17`	`17`
`18`		`- private FeatureReferences<IHttpResponseFeature> _features;`
	`18`	`+ private readonly IFeatureCollection _features;`
`19`	`19`	`private IResponseCookies? _cookiesCollection;`
`20`	`20`
`21`	`21`	`/// <summary>`
`@@ -27,12 +27,7 @@ public class ResponseCookiesFeature : IResponseCookiesFeature`
`27`	`27`	`/// </param>`
`28`	`28`	`public ResponseCookiesFeature(IFeatureCollection features)`
`29`	`29`	`{`
`30`		`- if (features == null)`
`31`		`- {`
`32`		`- throw new ArgumentNullException(nameof(features));`
`33`		`- }`
`34`		`-`
`35`		`- _features.Initalize(features);`
	`30`	`+ _features = features ?? throw new ArgumentNullException(nameof(features));`
`36`	`31`	`}`
`37`	`32`
`38`	`33`	`/// <summary>`
`@@ -46,25 +41,17 @@ public ResponseCookiesFeature(IFeatureCollection features)`
`46`	`41`	`[Obsolete("This constructor is obsolete and will be removed in a future version.")]`
`47`	`42`	`public ResponseCookiesFeature(IFeatureCollection features, ObjectPool<StringBuilder>? builderPool)`
`48`	`43`	`{`
`49`		`- if (features == null)`
`50`		`- {`
`51`		`- throw new ArgumentNullException(nameof(features));`
`52`		`- }`
`53`		`-`
`54`		`- _features.Initalize(features);`
	`44`	`+ _features = features ?? throw new ArgumentNullException(nameof(features));`
`55`	`45`	`}`
`56`	`46`
`57`		`- private IHttpResponseFeature HttpResponseFeature => _features.Fetch(ref _features.Cache, _nullResponseFeature)!;`
`58`		`-`
`59`	`47`	`/// <inheritdoc />`
`60`	`48`	`public IResponseCookies Cookies`
`61`	`49`	`{`
`62`	`50`	`get`
`63`	`51`	`{`
`64`	`52`	`if (_cookiesCollection == null)`
`65`	`53`	`{`
`66`		`- var headers = HttpResponseFeature.Headers;`
`67`		`- _cookiesCollection = new ResponseCookies(headers);`
	`54`	`+ _cookiesCollection = new ResponseCookies(_features);`
`68`	`55`	`}`
`69`	`56`
`70`	`57`	`return _cookiesCollection;`