Closed brideck closed 1 month ago
@markt-asf @stuartwdouglas it seems the test intended to test that some random cookie attribute wouldn't be added to the Set-Cookie
header with an =
if there was no value to behave the same way as HttpOnly
or Secure
for instance.
What are your thoughts on accepting this challenge?
Seems reasonable to me. I'd lean towards setting some a random cookie attribute for this test.
@markt-asf since we made changes to the 6.1.x TCK for this issue we should tag it with TCK:accepted
any objection?
Challenged Tests: servlet.tck.api.jakarta_servlet_http.cookie.CookieTests#setPartitionedTest
TCK Version: Servlet TCK 6.1.0
Tested Implementation: Open Liberty
Description: setPartitionedTest is attempting to check the syntax of the implementation's response header to ensure that it includes
partitioned
, instead ofpartitioned=
orpartitioned=<some-value>
, but the scenario being tested is a little too simple for Open Liberty's implementation. In keeping with the PrivacyCG's CHIPS design principles, OL currently ignoresPartitioned
being set on a cookie unlessSameSite=None
is also set. Since the test currently doesn't do anything with theSameSite
attribute, OL's response doesn't contain thepartitioned
attribute. I have verified that updating the test to setSameSite=None
on the cookie for this method works for OL, and that OL's subsequent response header syntax passes the test.Alternatively, if this is just a test to make sure that setting an arbitrary attribute to an empty string doesn't result in
<attribute-name>=
as part of the response, then the test could be updated to use a not-special attribute so it doesn't run afoul of any specific handling that an implementation might be doing for that attribute.