electron/spec/api-session-spec.ts

import { expect } from 'chai';
import * as crypto from 'node:crypto';
import * as http from 'node:http';
import * as https from 'node:https';
import * as path from 'node:path';
import * as fs from 'node:fs';
import * as ChildProcess from 'node:child_process';
import { app, session, BrowserWindow, net, ipcMain, Session, webFrameMain, WebFrameMain } from 'electron/main';
import * as send from 'send';
import * as auth from 'basic-auth';
import { closeAllWindows } from './lib/window-helpers';
import { defer, listen } from './lib/spec-helpers';
import { once } from 'node:events';
import { setTimeout } from 'node:timers/promises';

describe('session module', () => {
  const fixtures = path.resolve(__dirname, 'fixtures');
  const url = 'http://127.0.0.1';

  describe('session.defaultSession', () => {
    it('returns the default session', () => {
      expect(session.defaultSession).to.equal(session.fromPartition(''));
    });
  });

  describe('session.fromPartition(partition, options)', () => {
    it('returns existing session with same partition', () => {
      expect(session.fromPartition('test')).to.equal(session.fromPartition('test'));
    });
  });

  describe('session.fromPath(path)', () => {
    it('returns storage path of a session which was created with an absolute path', () => {
      const tmppath = require('electron').app.getPath('temp');
      const ses = session.fromPath(tmppath);
      expect(ses.storagePath).to.equal(tmppath);
    });
  });

  describe('ses.cookies', () => {
    const name = '0';
    const value = '0';
    afterEach(closeAllWindows);

    // Clear cookie of defaultSession after each test.
    afterEach(async () => {
      const { cookies } = session.defaultSession;
      const cs = await cookies.get({ url });
      for (const c of cs) {
        await cookies.remove(url, c.name);
      }
    });

    it('should get cookies', async () => {
      const server = http.createServer((req, res) => {
        res.setHeader('Set-Cookie', [`${name}=${value}`]);
        res.end('finished');
        server.close();
      });
      const { port } = await listen(server);
      const w = new BrowserWindow({ show: false });
      await w.loadURL(`${url}:${port}`);
      const list = await w.webContents.session.cookies.get({ url });
      const cookie = list.find(cookie => cookie.name === name);
      expect(cookie).to.exist.and.to.have.property('value', value);
    });

    it('sets cookies', async () => {
      const { cookies } = session.defaultSession;
      const name = '1';
      const value = '1';

      await cookies.set({ url, name, value, expirationDate: (Date.now()) / 1000 + 120 });
      const c = (await cookies.get({ url }))[0];
      expect(c.name).to.equal(name);
      expect(c.value).to.equal(value);
      expect(c.session).to.equal(false);
    });

    it('sets session cookies', async () => {
      const { cookies } = session.defaultSession;
      const name = '2';
      const value = '1';

      await cookies.set({ url, name, value });
      const c = (await cookies.get({ url }))[0];
      expect(c.name).to.equal(name);
      expect(c.value).to.equal(value);
      expect(c.session).to.equal(true);
    });

    it('sets cookies without name', async () => {
      const { cookies } = session.defaultSession;
      const value = '3';

      await cookies.set({ url, value });
      const c = (await cookies.get({ url }))[0];
      expect(c.name).to.be.empty();
      expect(c.value).to.equal(value);
    });

    for (const sameSite of <const>['unspecified', 'no_restriction', 'lax', 'strict']) {
      it(`sets cookies with samesite=${sameSite}`, async () => {
        const { cookies } = session.defaultSession;
        const value = 'hithere';
        await cookies.set({ url, value, sameSite });
        const c = (await cookies.get({ url }))[0];
        expect(c.name).to.be.empty();
        expect(c.value).to.equal(value);
        expect(c.sameSite).to.equal(sameSite);
      });
    }

    it('fails to set cookies with samesite=garbage', async () => {
      const { cookies } = session.defaultSession;
      const value = 'hithere';
      await expect(cookies.set({ url, value, sameSite: 'garbage' as any })).to.eventually.be.rejectedWith('Failed to convert \'garbage\' to an appropriate cookie same site value');
    });

    it('gets cookies without url', async () => {
      const { cookies } = session.defaultSession;
      const name = '1';
      const value = '1';

      await cookies.set({ url, name, value, expirationDate: (Date.now()) / 1000 + 120 });
      const cs = await cookies.get({ domain: '127.0.0.1' });
      expect(cs.some(c => c.name === name && c.value === value)).to.equal(true);
    });

    it('does not match on empty domain filter strings', async () => {
      const { cookies } = session.defaultSession;
      const name = crypto.randomBytes(20).toString('hex');
      const value = '1';
      const url = 'https://microsoft.com/';

      await cookies.set({ url, name, value });
      const cs = await cookies.get({ domain: '' });
      expect(cs.some(c => c.name === name && c.value === value)).to.equal(false);
      cookies.remove(url, name);
    });

    it('gets domain-equal cookies', async () => {
      const { cookies } = session.defaultSession;
      const name = crypto.randomBytes(20).toString('hex');
      const value = '1';
      const url = 'https://microsoft.com/';

      await cookies.set({ url, name, value });
      const cs = await cookies.get({ domain: 'microsoft.com' });
      expect(cs.some(c => c.name === name && c.value === value)).to.equal(true);
      cookies.remove(url, name);
    });

    it('gets domain-inclusive cookies', async () => {
      const { cookies } = session.defaultSession;
      const name = crypto.randomBytes(20).toString('hex');
      const value = '1';
      const url = 'https://subdomain.microsoft.com/';

      await cookies.set({ url, name, value });
      const cs = await cookies.get({ domain: 'microsoft.com' });
      expect(cs.some(c => c.name === name && c.value === value)).to.equal(true);
      cookies.remove(url, name);
    });

    it('omits domain-exclusive cookies', async () => {
      const { cookies } = session.defaultSession;
      const name = crypto.randomBytes(20).toString('hex');
      const value = '1';
      const url = 'https://microsoft.com';

      await cookies.set({ url, name, value });
      const cs = await cookies.get({ domain: 'subdomain.microsoft.com' });
      expect(cs.some(c => c.name === name && c.value === value)).to.equal(false);
      cookies.remove(url, name);
    });

    it('rejects when setting a cookie with missing required fields', async () => {
      const { cookies } = session.defaultSession;
      const name = '1';
      const value = '1';

      await expect(
        cookies.set({ url: '', name, value })
      ).to.eventually.be.rejectedWith('Failed to set cookie - The cookie was set with an invalid Domain attribute.');
    });

    it('rejects when setting a cookie with an invalid URL', async () => {
      const { cookies } = session.defaultSession;
      const name = '1';
      const value = '1';

      await expect(
        cookies.set({ url: 'asdf', name, value })
      ).to.eventually.be.rejectedWith('Failed to set cookie - The cookie was set with an invalid Domain attribute.');
    });

    it('rejects when setting a cookie with an invalid ASCII control character', async () => {
      const { cookies } = session.defaultSession;
      const name = 'BadCookie';
      const value = 'test;test';

      await expect(
        cookies.set({ url, name, value })
      ).to.eventually.be.rejectedWith('Failed to set cookie - The cookie contains ASCII control characters');
    });

    it('should overwrite previous cookies', async () => {
      const { cookies } = session.defaultSession;
      const name = 'DidOverwrite';
      for (const value of ['No', 'Yes']) {
        await cookies.set({ url, name, value, expirationDate: (Date.now()) / 1000 + 120 });
        const list = await cookies.get({ url });

        expect(list.some(cookie => cookie.name === name && cookie.value === value)).to.equal(true);
      }
    });

    it('should remove cookies', async () => {
      const { cookies } = session.defaultSession;
      const name = '2';
      const value = '2';

      await cookies.set({ url, name, value, expirationDate: (Date.now()) / 1000 + 120 });
      await cookies.remove(url, name);
      const list = await cookies.get({ url });

      expect(list.some(cookie => cookie.name === name && cookie.value === value)).to.equal(false);
    });

    // DISABLED-FIXME
    it('should set cookie for standard scheme', async () => {
      const { cookies } = session.defaultSession;
      const domain = 'fake-host';
      const url = `${standardScheme}://${domain}`;
      const name = 'custom';
      const value = '1';

      await cookies.set({ url, name, value, expirationDate: (Date.now()) / 1000 + 120 });
      const list = await cookies.get({ url });

      expect(list).to.have.lengthOf(1);
      expect(list[0]).to.have.property('name', name);
      expect(list[0]).to.have.property('value', value);
      expect(list[0]).to.have.property('domain', domain);
    });

    it('emits a changed event when a cookie is added or removed', async () => {
      const { cookies } = session.fromPartition('cookies-changed');
      const name = 'foo';
      const value = 'bar';

      const a = once(cookies, 'changed');
      await cookies.set({ url, name, value, expirationDate: (Date.now()) / 1000 + 120 });
      const [, setEventCookie, setEventCause, setEventRemoved] = await a;

      const b = once(cookies, 'changed');
      await cookies.remove(url, name);
      const [, removeEventCookie, removeEventCause, removeEventRemoved] = await b;

      expect(setEventCookie.name).to.equal(name);
      expect(setEventCookie.value).to.equal(value);
      expect(setEventCause).to.equal('explicit');
      expect(setEventRemoved).to.equal(false);

      expect(removeEventCookie.name).to.equal(name);
      expect(removeEventCookie.value).to.equal(value);
      expect(removeEventCause).to.equal('explicit');
      expect(removeEventRemoved).to.equal(true);
    });

    describe('ses.cookies.flushStore()', async () => {
      it('flushes the cookies to disk', async () => {
        const name = 'foo';
        const value = 'bar';
        const { cookies } = session.defaultSession;

        await cookies.set({ url, name, value });
        await cookies.flushStore();
      });
    });

    it('should survive an app restart for persistent partition', async function () {
      this.timeout(60000);
      const appPath = path.join(fixtures, 'api', 'cookie-app');

      const runAppWithPhase = (phase: string) => {
        return new Promise((resolve) => {
          let output = '';

          const appProcess = ChildProcess.spawn(
            process.execPath,
            [appPath],
            { env: { PHASE: phase, ...process.env } }
          );

          appProcess.stdout.on('data', data => { output += data; });
          appProcess.on('exit', () => {
            resolve(output.replaceAll(/(\r\n|\n|\r)/gm, ''));
          });
        });
      };

      expect(await runAppWithPhase('one')).to.equal('011');
      expect(await runAppWithPhase('two')).to.equal('110');
    });
  });

  describe('ses.clearStorageData(options)', () => {
    afterEach(closeAllWindows);
    it('clears localstorage data', async () => {
      const w = new BrowserWindow({ show: false, webPreferences: { nodeIntegration: true } });
      await w.loadFile(path.join(fixtures, 'api', 'localstorage.html'));
      await w.webContents.session.clearStorageData({
        origin: 'file://',
        storages: ['localstorage'],
        quotas: ['temporary']
      });
      while (await w.webContents.executeJavaScript('localStorage.length') !== 0) {
        // The storage clear isn't instantly visible to the renderer, so keep
        // trying until it is.
      }
    });
  });

  describe('will-download event', () => {
    afterEach(closeAllWindows);
    it('can cancel default download behavior', async () => {
      const w = new BrowserWindow({ show: false });
      const mockFile = Buffer.alloc(1024);
      const contentDisposition = 'inline; filename="mockFile.txt"';
      const downloadServer = http.createServer((req, res) => {
        res.writeHead(200, {
          'Content-Length': mockFile.length,
          'Content-Type': 'application/plain',
          'Content-Disposition': contentDisposition
        });
        res.end(mockFile);
        downloadServer.close();
      });
      const url = (await listen(downloadServer)).url;

      const downloadPrevented: Promise<{itemUrl: string, itemFilename: string, item: Electron.DownloadItem}> = new Promise(resolve => {
        w.webContents.session.once('will-download', function (e, item) {
          e.preventDefault();
          resolve({ itemUrl: item.getURL(), itemFilename: item.getFilename(), item });
        });
      });
      w.loadURL(url);
      const { item, itemUrl, itemFilename } = await downloadPrevented;
      expect(itemUrl).to.equal(url + '/');
      expect(itemFilename).to.equal('mockFile.txt');
      // Delay till the next tick.
      await new Promise(setImmediate);
      expect(() => item.getURL()).to.throw('DownloadItem used after being destroyed');
    });
  });

  describe('ses.protocol', () => {
    const partitionName = 'temp';
    const protocolName = 'sp';
    let customSession: Session;
    const protocol = session.defaultSession.protocol;
    const handler = (ignoredError: any, callback: Function) => {
      callback({ data: '<script>require(\'electron\').ipcRenderer.send(\'hello\')</script>', mimeType: 'text/html' });
    };

    beforeEach(async () => {
      customSession = session.fromPartition(partitionName);
      await customSession.protocol.registerStringProtocol(protocolName, handler);
    });

    afterEach(async () => {
      await customSession.protocol.unregisterProtocol(protocolName);
      customSession = null as any;
    });
    afterEach(closeAllWindows);

    it('does not affect defaultSession', () => {
      const result1 = protocol.isProtocolRegistered(protocolName);
      expect(result1).to.equal(false);

      const result2 = customSession.protocol.isProtocolRegistered(protocolName);
      expect(result2).to.equal(true);
    });

    it('handles requests from partition', async () => {
      const w = new BrowserWindow({
        show: false,
        webPreferences: {
          partition: partitionName,
          nodeIntegration: true,
          contextIsolation: false
        }
      });
      customSession = session.fromPartition(partitionName);
      await customSession.protocol.registerStringProtocol(protocolName, handler);
      w.loadURL(`${protocolName}://fake-host`);
      await once(ipcMain, 'hello');
    });
  });

  describe('ses.setProxy(options)', () => {
    let server: http.Server;
    let customSession: Electron.Session;
    let created = false;

    beforeEach(async () => {
      customSession = session.fromPartition('proxyconfig');
      if (!created) {
        // Work around for https://github.com/electron/electron/issues/26166 to
        // reduce flake
        await setTimeout(100);
        created = true;
      }
    });

    afterEach(() => {
      if (server) {
        server.close();
      }
      customSession = null as any;
    });

    it('allows configuring proxy settings', async () => {
      const config = { proxyRules: 'http=myproxy:80' };
      await customSession.setProxy(config);
      const proxy = await customSession.resolveProxy('http://example.com/');
      expect(proxy).to.equal('PROXY myproxy:80');
    });

    it('allows removing the implicit bypass rules for localhost', async () => {
      const config = {
        proxyRules: 'http=myproxy:80',
        proxyBypassRules: '<-loopback>'
      };

      await customSession.setProxy(config);
      const proxy = await customSession.resolveProxy('http://localhost');
      expect(proxy).to.equal('PROXY myproxy:80');
    });

    it('allows configuring proxy settings with pacScript', async () => {
      server = http.createServer((req, res) => {
        const pac = `
          function FindProxyForURL(url, host) {
            return "PROXY myproxy:8132";
          }
        `;
        res.writeHead(200, {
          'Content-Type': 'application/x-ns-proxy-autoconfig'
        });
        res.end(pac);
      });
      const { url } = await listen(server);
      {
        const config = { pacScript: url };
        await customSession.setProxy(config);
        const proxy = await customSession.resolveProxy('https://google.com');
        expect(proxy).to.equal('PROXY myproxy:8132');
      }
      {
        const config = { mode: 'pac_script' as any, pacScript: url };
        await customSession.setProxy(config);
        const proxy = await customSession.resolveProxy('https://google.com');
        expect(proxy).to.equal('PROXY myproxy:8132');
      }
    });

    it('allows bypassing proxy settings', async () => {
      const config = {
        proxyRules: 'http=myproxy:80',
        proxyBypassRules: '<local>'
      };
      await customSession.setProxy(config);
      const proxy = await customSession.resolveProxy('http://example/');
      expect(proxy).to.equal('DIRECT');
    });

    it('allows configuring proxy settings with mode `direct`', async () => {
      const config = { mode: 'direct' as const, proxyRules: 'http=myproxy:80' };
      await customSession.setProxy(config);
      const proxy = await customSession.resolveProxy('http://example.com/');
      expect(proxy).to.equal('DIRECT');
    });

    it('allows configuring proxy settings with mode `auto_detect`', async () => {
      const config = { mode: 'auto_detect' as const };
      await customSession.setProxy(config);
    });

    it('allows configuring proxy settings with mode `pac_script`', async () => {
      const config = { mode: 'pac_script' as const };
      await customSession.setProxy(config);
      const proxy = await customSession.resolveProxy('http://example.com/');
      expect(proxy).to.equal('DIRECT');
    });

    it('allows configuring proxy settings with mode `fixed_servers`', async () => {
      const config = { mode: 'fixed_servers' as const, proxyRules: 'http=myproxy:80' };
      await customSession.setProxy(config);
      const proxy = await customSession.resolveProxy('http://example.com/');
      expect(proxy).to.equal('PROXY myproxy:80');
    });

    it('allows configuring proxy settings with mode `system`', async () => {
      const config = { mode: 'system' as const };
      await customSession.setProxy(config);
    });

    it('disallows configuring proxy settings with mode `invalid`', async () => {
      const config = { mode: 'invalid' as any };
      await expect(customSession.setProxy(config)).to.eventually.be.rejectedWith(/Invalid mode/);
    });

    it('reload proxy configuration', async () => {
      let proxyPort = 8132;
      server = http.createServer((req, res) => {
        const pac = `
          function FindProxyForURL(url, host) {
            return "PROXY myproxy:${proxyPort}";
          }
        `;
        res.writeHead(200, {
          'Content-Type': 'application/x-ns-proxy-autoconfig'
        });
        res.end(pac);
      });
      const { url } = await listen(server);
      const config = { mode: 'pac_script' as const, pacScript: url };
      await customSession.setProxy(config);
      {
        const proxy = await customSession.resolveProxy('https://google.com');
        expect(proxy).to.equal(`PROXY myproxy:${proxyPort}`);
      }
      {
        proxyPort = 8133;
        await customSession.forceReloadProxyConfig();
        const proxy = await customSession.resolveProxy('https://google.com');
        expect(proxy).to.equal(`PROXY myproxy:${proxyPort}`);
      }
    });
  });

  describe('ses.resolveHost(host)', () => {
    let customSession: Electron.Session;

    beforeEach(async () => {
      customSession = session.fromPartition('resolvehost');
    });

    afterEach(() => {
      customSession = null as any;
    });

    it('resolves ipv4.localhost2', async () => {
      const { endpoints } = await customSession.resolveHost('ipv4.localhost2');
      expect(endpoints).to.be.a('array');
      expect(endpoints).to.have.lengthOf(1);
      expect(endpoints[0].family).to.equal('ipv4');
      expect(endpoints[0].address).to.equal('10.0.0.1');
    });

    it('fails to resolve AAAA record for ipv4.localhost2', async () => {
      await expect(customSession.resolveHost('ipv4.localhost2', {
        queryType: 'AAAA'
      }))
        .to.eventually.be.rejectedWith(/net::ERR_NAME_NOT_RESOLVED/);
    });

    it('resolves ipv6.localhost2', async () => {
      const { endpoints } = await customSession.resolveHost('ipv6.localhost2');
      expect(endpoints).to.be.a('array');
      expect(endpoints).to.have.lengthOf(1);
      expect(endpoints[0].family).to.equal('ipv6');
      expect(endpoints[0].address).to.equal('::1');
    });

    it('fails to resolve A record for ipv6.localhost2', async () => {
      await expect(customSession.resolveHost('notfound.localhost2', {
        queryType: 'A'
      }))
        .to.eventually.be.rejectedWith(/net::ERR_NAME_NOT_RESOLVED/);
    });

    it('fails to resolve notfound.localhost2', async () => {
      await expect(customSession.resolveHost('notfound.localhost2'))
        .to.eventually.be.rejectedWith(/net::ERR_NAME_NOT_RESOLVED/);
    });
  });

  describe('ses.getBlobData()', () => {
    const scheme = 'cors-blob';
    const protocol = session.defaultSession.protocol;
    const url = `${scheme}://host`;
    after(async () => {
      await protocol.unregisterProtocol(scheme);
    });
    afterEach(closeAllWindows);

    it('returns blob data for uuid', (done) => {
      const postData = JSON.stringify({
        type: 'blob',
        value: 'hello'
      });
      const content = `<html>
                       <script>
                       let fd = new FormData();
                       fd.append('file', new Blob(['${postData}'], {type:'application/json'}));
                       fetch('${url}', {method:'POST', body: fd });
                       </script>
                       </html>`;

      protocol.registerStringProtocol(scheme, (request, callback) => {
        try {
          if (request.method === 'GET') {
            callback({ data: content, mimeType: 'text/html' });
          } else if (request.method === 'POST') {
            const uuid = request.uploadData![1].blobUUID;
            expect(uuid).to.be.a('string');
            session.defaultSession.getBlobData(uuid!).then(result => {
              try {
                expect(result.toString()).to.equal(postData);
                done();
              } catch (e) {
                done(e);
              }
            });
          }
        } catch (e) {
          done(e);
        }
      });
      const w = new BrowserWindow({ show: false });
      w.loadURL(url);
    });
  });

  describe('ses.getBlobData2()', () => {
    const scheme = 'cors-blob';
    const protocol = session.defaultSession.protocol;
    const url = `${scheme}://host`;
    after(async () => {
      await protocol.unregisterProtocol(scheme);
    });
    afterEach(closeAllWindows);

    it('returns blob data for uuid', (done) => {
      const content = `<html>
                       <script>
                       let fd = new FormData();
                       fd.append("data", new Blob(new Array(65_537).fill('a')));
                       fetch('${url}', {method:'POST', body: fd });
                       </script>
                       </html>`;

      protocol.registerStringProtocol(scheme, (request, callback) => {
        try {
          if (request.method === 'GET') {
            callback({ data: content, mimeType: 'text/html' });
          } else if (request.method === 'POST') {
            const uuid = request.uploadData![1].blobUUID;
            expect(uuid).to.be.a('string');
            session.defaultSession.getBlobData(uuid!).then(result => {
              try {
                const data = new Array(65_537).fill('a');
                expect(result.toString()).to.equal(data.join(''));
                done();
              } catch (e) {
                done(e);
              }
            });
          }
        } catch (e) {
          done(e);
        }
      });
      const w = new BrowserWindow({ show: false });
      w.loadURL(url);
    });
  });

  describe('ses.setCertificateVerifyProc(callback)', () => {
    let server: http.Server;
    let serverUrl: string;

    beforeEach(async () => {
      const certPath = path.join(fixtures, 'certificates');
      const options = {
        key: fs.readFileSync(path.join(certPath, 'server.key')),
        cert: fs.readFileSync(path.join(certPath, 'server.pem')),
        ca: [
          fs.readFileSync(path.join(certPath, 'rootCA.pem')),
          fs.readFileSync(path.join(certPath, 'intermediateCA.pem'))
        ],
        rejectUnauthorized: false
      };

      server = https.createServer(options, (req, res) => {
        res.writeHead(200);
        res.end('<title>hello</title>');
      });
      serverUrl = (await listen(server)).url;
    });

    afterEach((done) => {
      server.close(done);
    });
    afterEach(closeAllWindows);

    it('accepts the request when the callback is called with 0', async () => {
      const ses = session.fromPartition(`${Math.random()}`);
      let validate: () => void;
      ses.setCertificateVerifyProc(({ hostname, verificationResult, errorCode }, callback) => {
        if (hostname !== '127.0.0.1') return callback(-3);
        validate = () => {
          expect(verificationResult).to.be.oneOf(['net::ERR_CERT_AUTHORITY_INVALID', 'net::ERR_CERT_COMMON_NAME_INVALID']);
          expect(errorCode).to.be.oneOf([-202, -200]);
        };
        callback(0);
      });

      const w = new BrowserWindow({ show: false, webPreferences: { session: ses } });
      await w.loadURL(serverUrl);
      expect(w.webContents.getTitle()).to.equal('hello');
      expect(validate!).not.to.be.undefined();
      validate!();
    });

    it('rejects the request when the callback is called with -2', async () => {
      const ses = session.fromPartition(`${Math.random()}`);
      let validate: () => void;
      ses.setCertificateVerifyProc(({ hostname, certificate, verificationResult, isIssuedByKnownRoot }, callback) => {
        if (hostname !== '127.0.0.1') return callback(-3);
        validate = () => {
          expect(certificate.issuerName).to.equal('Intermediate CA');
          expect(certificate.subjectName).to.equal('localhost');
          expect(certificate.issuer.commonName).to.equal('Intermediate CA');
          expect(certificate.subject.commonName).to.equal('localhost');
          expect(certificate.issuerCert.issuer.commonName).to.equal('Root CA');
          expect(certificate.issuerCert.subject.commonName).to.equal('Intermediate CA');
          expect(certificate.issuerCert.issuerCert.issuer.commonName).to.equal('Root CA');
          expect(certificate.issuerCert.issuerCert.subject.commonName).to.equal('Root CA');
          expect(certificate.issuerCert.issuerCert.issuerCert).to.equal(undefined);
          expect(verificationResult).to.be.oneOf(['net::ERR_CERT_AUTHORITY_INVALID', 'net::ERR_CERT_COMMON_NAME_INVALID']);
          expect(isIssuedByKnownRoot).to.be.false();
        };
        callback(-2);
      });

      const w = new BrowserWindow({ show: false, webPreferences: { session: ses } });
      await expect(w.loadURL(serverUrl)).to.eventually.be.rejectedWith(/ERR_FAILED/);
      expect(validate!).not.to.be.undefined();
      validate!();
    });

    it('saves cached results', async () => {
      const ses = session.fromPartition(`${Math.random()}`);
      let numVerificationRequests = 0;
      ses.setCertificateVerifyProc((e, callback) => {
        if (e.hostname !== '127.0.0.1') return callback(-3);
        numVerificationRequests++;
        callback(-2);
      });

      const w = new BrowserWindow({ show: false, webPreferences: { session: ses } });
      await expect(w.loadURL(serverUrl), 'first load').to.eventually.be.rejectedWith(/ERR_FAILED/);
      await once(w.webContents, 'did-stop-loading');
      await expect(w.loadURL(serverUrl + '/test'), 'second load').to.eventually.be.rejectedWith(/ERR_FAILED/);
      expect(numVerificationRequests).to.equal(1);
    });

    it('does not cancel requests in other sessions', async () => {
      const ses1 = session.fromPartition(`${Math.random()}`);
      ses1.setCertificateVerifyProc((opts, cb) => cb(0));
      const ses2 = session.fromPartition(`${Math.random()}`);

      const req = net.request({ url: serverUrl, session: ses1, credentials: 'include' });
      req.end();
      setTimeout().then(() => {
        ses2.setCertificateVerifyProc((opts, callback) => callback(0));
      });
      await expect(new Promise<void>((resolve, reject) => {
        req.on('error', (err) => {
          reject(err);
        });
        req.on('response', () => {
          resolve();
        });
      })).to.eventually.be.fulfilled();
    });
  });

  describe('ses.clearAuthCache()', () => {
    it('can clear http auth info from cache', async () => {
      const ses = session.fromPartition('auth-cache');
      const server = http.createServer((req, res) => {
        const credentials = auth(req);
        if (!credentials || credentials.name !== 'test' || credentials.pass !== 'test') {
          res.statusCode = 401;
          res.setHeader('WWW-Authenticate', 'Basic realm="Restricted"');
          res.end();
        } else {
          res.end('authenticated');
        }
      });
      const { port } = await listen(server);
      const fetch = (url: string) => new Promise((resolve, reject) => {
        const request = net.request({ url, session: ses });
        request.on('response', (response) => {
          let data: string | null = null;
          response.on('data', (chunk) => {
            if (!data) {
              data = '';
            }
            data += chunk;
          });
          response.on('end', () => {
            if (!data) {
              reject(new Error('Empty response'));
            } else {
              resolve(data);
            }
          });
          response.on('error', (error: any) => { reject(new Error(error)); });
        });
        request.on('error', (error: any) => { reject(new Error(error)); });
        request.end();
      });
      // the first time should throw due to unauthenticated
      await expect(fetch(`http://127.0.0.1:${port}`)).to.eventually.be.rejected();
      // passing the password should let us in
      expect(await fetch(`http://test:[email protected]:${port}`)).to.equal('authenticated');
      // subsequently, the credentials are cached
      expect(await fetch(`http://127.0.0.1:${port}`)).to.equal('authenticated');
      await ses.clearAuthCache();
      // once the cache is cleared, we should get an error again
      await expect(fetch(`http://127.0.0.1:${port}`)).to.eventually.be.rejected();
    });
  });

  describe('DownloadItem', () => {
    const mockPDF = Buffer.alloc(1024 * 1024 * 5);
    const downloadFilePath = path.join(__dirname, '..', 'fixtures', 'mock.pdf');
    const protocolName = 'custom-dl';
    const contentDisposition = 'inline; filename="mock.pdf"';
    let port: number;
    let downloadServer: http.Server;

    before(async () => {
      downloadServer = http.createServer((req, res) => {
        res.writeHead(200, {
          'Content-Length': mockPDF.length,
          'Content-Type': 'application/pdf',
          'Content-Disposition': req.url === '/?testFilename' ? 'inline' : contentDisposition
        });
        res.end(mockPDF);
      });
      port = (await listen(downloadServer)).port;
    });

    after(async () => {
      await new Promise(resolve => downloadServer.close(resolve));
    });

    afterEach(closeAllWindows);

    const isPathEqual = (path1: string, path2: string) => {
      return path.relative(path1, path2) === '';
    };
    const assertDownload = (state: string, item: Electron.DownloadItem, isCustom = false) => {
      expect(state).to.equal('completed');
      expect(item.getFilename()).to.equal('mock.pdf');
      expect(path.isAbsolute(item.savePath)).to.equal(true);
      expect(isPathEqual(item.savePath, downloadFilePath)).to.equal(true);
      if (isCustom) {
        expect(item.getURL()).to.equal(`${protocolName}://item`);
      } else {
        expect(item.getURL()).to.be.equal(`${url}:${port}/`);
      }
      expect(item.getMimeType()).to.equal('application/pdf');
      expect(item.getReceivedBytes()).to.equal(mockPDF.length);
      expect(item.getTotalBytes()).to.equal(mockPDF.length);
      expect(item.getContentDisposition()).to.equal(contentDisposition);
      expect(fs.existsSync(downloadFilePath)).to.equal(true);
      fs.unlinkSync(downloadFilePath);
    };

    describe('session.downloadURL', () => {
      it('can perform a download', (done) => {
        session.defaultSession.once('will-download', function (e, item) {
          item.savePath = downloadFilePath;
          item.on('done', function (e, state) {
            try {
              assertDownload(state, item);
              done();
            } catch (e) {
              done(e);
            }
          });
        });
        session.defaultSession.downloadURL(`${url}:${port}`);
      });

      it('can perform a download with a valid auth header', async () => {
        const server = http.createServer((req, res) => {
          const { authorization } = req.headers;
          if (!authorization || authorization !== 'Basic i-am-an-auth-header') {
            res.statusCode = 401;
            res.setHeader('WWW-Authenticate', 'Basic realm="Restricted"');
            res.end();
          } else {
            res.writeHead(200, {
              'Content-Length': mockPDF.length,
              'Content-Type': 'application/pdf',
              'Content-Disposition': req.url === '/?testFilename' ? 'inline' : contentDisposition
            });
            res.end(mockPDF);
          }
        });

        const { port } = await listen(server);

        const downloadDone: Promise<Electron.DownloadItem> = new Promise((resolve) => {
          session.defaultSession.once('will-download', (e, item) => {
            item.savePath = downloadFilePath;
            item.on('done', () => {
              try {
                resolve(item);
              } catch { }
            });
          });
        });

        session.defaultSession.downloadURL(`${url}:${port}`, {
          headers: {
            Authorization: 'Basic i-am-an-auth-header'
          }
        });

        const today = Math.floor(Date.now() / 1000);
        const item = await downloadDone;
        expect(item.getState()).to.equal('completed');
        expect(item.getFilename()).to.equal('mock.pdf');
        expect(item.getMimeType()).to.equal('application/pdf');
        expect(item.getReceivedBytes()).to.equal(mockPDF.length);
        expect(item.getTotalBytes()).to.equal(mockPDF.length);
        expect(item.getPercentComplete()).to.equal(100);
        expect(item.getCurrentBytesPerSecond()).to.equal(0);
        expect(item.getContentDisposition()).to.equal(contentDisposition);

        const start = item.getStartTime();
        const end = item.getEndTime();
        expect(start).to.be.greaterThan(today);
        expect(end).to.be.greaterThan(start);
      });

      it('throws when called with invalid headers', () => {
        expect(() => {
          session.defaultSession.downloadURL(`${url}:${port}`, {
            // @ts-ignore this line is intentionally incorrect
            headers: 'i-am-a-bad-header'
          });
        }).to.throw(/Invalid value for headers - must be an object/);
      });

      it('correctly handles a download with an invalid auth header', async () => {
        const server = http.createServer((req, res) => {
          const { authorization } = req.headers;
          if (!authorization || authorization !== 'Basic i-am-an-auth-header') {
            res.statusCode = 401;
            res.setHeader('WWW-Authenticate', 'Basic realm="Restricted"');
            res.end();
          } else {
            res.writeHead(200, {
              'Content-Length': mockPDF.length,
              'Content-Type': 'application/pdf',
              'Content-Disposition': req.url === '/?testFilename' ? 'inline' : contentDisposition
            });
            res.end(mockPDF);
          }
        });

        const { port } = await listen(server);

        const downloadFailed: Promise<Electron.DownloadItem> = new Promise((resolve) => {
          session.defaultSession.once('will-download', (_, item) => {
            item.savePath = downloadFilePath;
            item.on('done', (e, state) => {
              console.log(state);
              try {
                resolve(item);
              } catch { }
            });
          });
        });

        session.defaultSession.downloadURL(`${url}:${port}`, {
          headers: {
            Authorization: 'wtf-is-this'
          }
        });

        const item = await downloadFailed;
        expect(item.getState()).to.equal('interrupted');
        expect(item.getReceivedBytes()).to.equal(0);
        expect(item.getTotalBytes()).to.equal(0);
      });
    });

    describe('webContents.downloadURL', () => {
      it('can perform a download', (done) => {
        const w = new BrowserWindow({ show: false });
        w.webContents.session.once('will-download', function (e, item) {
          item.savePath = downloadFilePath;
          item.on('done', function (e, state) {
            try {
              assertDownload(state, item);
              done();
            } catch (e) {
              done(e);
            }
          });
        });
        w.webContents.downloadURL(`${url}:${port}`);
      });

      it('can perform a download with a valid auth header', async () => {
        const server = http.createServer((req, res) => {
          const { authorization } = req.headers;
          if (!authorization || authorization !== 'Basic i-am-an-auth-header') {
            res.statusCode = 401;
            res.setHeader('WWW-Authenticate', 'Basic realm="Restricted"');
            res.end();
          } else {
            res.writeHead(200, {
              'Content-Length': mockPDF.length,
              'Content-Type': 'application/pdf',
              'Content-Disposition': req.url === '/?testFilename' ? 'inline' : contentDisposition
            });
            res.end(mockPDF);
          }
        });

        const { port } = await listen(server);

        const w = new BrowserWindow({ show: false });
        const downloadDone: Promise<Electron.DownloadItem> = new Promise((resolve) => {
          w.webContents.session.once('will-download', (e, item) => {
            item.savePath = downloadFilePath;
            item.on('done', () => {
              try {
                resolve(item);
              } catch { }
            });
          });
        });

        w.webContents.downloadURL(`${url}:${port}`, {
          headers: {
            Authorization: 'Basic i-am-an-auth-header'
          }
        });

        const item = await downloadDone;
        expect(item.getState()).to.equal('completed');
        expect(item.getFilename()).to.equal('mock.pdf');
        expect(item.getMimeType()).to.equal('application/pdf');
        expect(item.getReceivedBytes()).to.equal(mockPDF.length);
        expect(item.getTotalBytes()).to.equal(mockPDF.length);
        expect(item.getContentDisposition()).to.equal(contentDisposition);
      });

      it('throws when called with invalid headers', () => {
        const w = new BrowserWindow({ show: false });
        expect(() => {
          w.webContents.downloadURL(`${url}:${port}`, {
            // @ts-ignore this line is intentionally incorrect
            headers: 'i-am-a-bad-header'
          });
        }).to.throw(/Invalid value for headers - must be an object/);
      });

      it('correctly handles a download and an invalid auth header', async () => {
        const server = http.createServer((req, res) => {
          const { authorization } = req.headers;
          if (!authorization || authorization !== 'Basic i-am-an-auth-header') {
            res.statusCode = 401;
            res.setHeader('WWW-Authenticate', 'Basic realm="Restricted"');
            res.end();
          } else {
            res.writeHead(200, {
              'Content-Length': mockPDF.length,
              'Content-Type': 'application/pdf',
              'Content-Disposition': req.url === '/?testFilename' ? 'inline' : contentDisposition
            });
            res.end(mockPDF);
          }
        });

        const { port } = await listen(server);

        const w = new BrowserWindow({ show: false });
        const downloadFailed: Promise<Electron.DownloadItem> = new Promise((resolve) => {
          w.webContents.session.once('will-download', (_, item) => {
            item.savePath = downloadFilePath;
            item.on('done', (e, state) => {
              console.log(state);
              try {
                resolve(item);
              } catch { }
            });
          });
        });

        w.webContents.downloadURL(`${url}:${port}`, {
          headers: {
            Authorization: 'wtf-is-this'
          }
        });

        const item = await downloadFailed;
        expect(item.getState()).to.equal('interrupted');
        expect(item.getReceivedBytes()).to.equal(0);
        expect(item.getTotalBytes()).to.equal(0);
      });

      it('can download from custom protocols', (done) => {
        const protocol = session.defaultSession.protocol;
        const handler = (ignoredError: any, callback: Function) => {
          callback({ url: `${url}:${port}` });
        };
        protocol.registerHttpProtocol(protocolName, handler);
        const w = new BrowserWindow({ show: false });
        w.webContents.session.once('will-download', function (e, item) {
          item.savePath = downloadFilePath;
          item.on('done', function (e, state) {
            try {
              assertDownload(state, item, true);
              done();
            } catch (e) {
              done(e);
            }
          });
        });
        w.webContents.downloadURL(`${protocolName}://item`);
      });

      it('can cancel download', (done) => {
        const w = new BrowserWindow({ show: false });
        w.webContents.session.once('will-download', function (e, item) {
          item.savePath = downloadFilePath;
          item.on('done', function (e, state) {
            try {
              expect(state).to.equal('cancelled');
              expect(item.getFilename()).to.equal('mock.pdf');
              expect(item.getMimeType()).to.equal('application/pdf');
              expect(item.getReceivedBytes()).to.equal(0);
              expect(item.getTotalBytes()).to.equal(mockPDF.length);
              expect(item.getContentDisposition()).to.equal(contentDisposition);
              done();
            } catch (e) {
              done(e);
            }
          });
          item.cancel();
        });
        w.webContents.downloadURL(`${url}:${port}/`);
      });

      it('can generate a default filename', function (done) {
        if (process.env.APPVEYOR === 'True') {
          // FIXME(alexeykuzmin): Skip the test.
          // this.skip()
          return done();
        }

        const w = new BrowserWindow({ show: false });
        w.webContents.session.once('will-download', function (e, item) {
          item.savePath = downloadFilePath;
          item.on('done', function () {
            try {
              expect(item.getFilename()).to.equal('download.pdf');
              done();
            } catch (e) {
              done(e);
            }
          });
          item.cancel();
        });
        w.webContents.downloadURL(`${url}:${port}/?testFilename`);
      });

      it('can set options for the save dialog', (done) => {
        const filePath = path.join(__dirname, 'fixtures', 'mock.pdf');
        const options = {
          window: null,
          title: 'title',
          message: 'message',
          buttonLabel: 'buttonLabel',
          nameFieldLabel: 'nameFieldLabel',
          defaultPath: '/',
          filters: [{
            name: '1', extensions: ['.1', '.2']
          }, {
            name: '2', extensions: ['.3', '.4', '.5']
          }],
          showsTagField: true,
          securityScopedBookmarks: true
        };

        const w = new BrowserWindow({ show: false });
        w.webContents.session.once('will-download', function (e, item) {
          item.setSavePath(filePath);
          item.setSaveDialogOptions(options);
          item.on('done', function () {
            try {
              expect(item.getSaveDialogOptions()).to.deep.equal(options);
              done();
            } catch (e) {
              done(e);
            }
          });
          item.cancel();
        });
        w.webContents.downloadURL(`${url}:${port}`);
      });

      describe('when a save path is specified and the URL is unavailable', () => {
        it('does not display a save dialog and reports the done state as interrupted', (done) => {
          const w = new BrowserWindow({ show: false });
          w.webContents.session.once('will-download', function (e, item) {
            item.savePath = downloadFilePath;
            if (item.getState() === 'interrupted') {
              item.resume();
            }
            item.on('done', function (e, state) {
              try {
                expect(state).to.equal('interrupted');
                done();
              } catch (e) {
                done(e);
              }
            });
          });
          w.webContents.downloadURL(`file://${path.join(__dirname, 'does-not-exist.txt')}`);
        });
      });
    });

    describe('WebView.downloadURL', () => {
      it('can perform a download', async () => {
        const w = new BrowserWindow({ show: false, webPreferences: { webviewTag: true } });
        await w.loadURL('about:blank');
        function webviewDownload ({ fixtures, url, port }: { fixtures: string, url: string, port: string }) {
          const webview = new (window as any).WebView();
          webview.addEventListener('did-finish-load', () => {
            webview.downloadURL(`${url}:${port}/`);
          });
          webview.src = `file://${fixtures}/api/blank.html`;
          document.body.appendChild(webview);
        }
        const done: Promise<[string, Electron.DownloadItem]> = new Promise(resolve => {
          w.webContents.session.once('will-download', function (e, item) {
            item.savePath = downloadFilePath;
            item.on('done', function (e, state) {
              resolve([state, item]);
            });
          });
        });
        await w.webContents.executeJavaScript(`(${webviewDownload})(${JSON.stringify({ fixtures, url, port })})`);
        const [state, item] = await done;
        assertDownload(state, item);
      });
    });
  });

  describe('ses.createInterruptedDownload(options)', () => {
    afterEach(closeAllWindows);
    it('can create an interrupted download item', async () => {
      const downloadFilePath = path.join(__dirname, '..', 'fixtures', 'mock.pdf');
      const options = {
        path: downloadFilePath,
        urlChain: ['http://127.0.0.1/'],
        mimeType: 'application/pdf',
        offset: 0,
        length: 5242880
      };
      const w = new BrowserWindow({ show: false });
      const p = once(w.webContents.session, 'will-download');
      w.webContents.session.createInterruptedDownload(options);
      const [, item] = await p;
      expect(item.getState()).to.equal('interrupted');
      item.cancel();
      expect(item.getURLChain()).to.deep.equal(options.urlChain);
      expect(item.getMimeType()).to.equal(options.mimeType);
      expect(item.getReceivedBytes()).to.equal(options.offset);
      expect(item.getTotalBytes()).to.equal(options.length);
      expect(item.savePath).to.equal(downloadFilePath);
    });

    it('can be resumed', async () => {
      const downloadFilePath = path.join(fixtures, 'logo.png');
      const rangeServer = http.createServer((req, res) => {
        const options = { root: fixtures };
        send(req, req.url!, options)
          .on('error', (error: any) => { throw error; }).pipe(res);
      });
      try {
        const { url } = await listen(rangeServer);
        const w = new BrowserWindow({ show: false });
        const downloadCancelled: Promise<Electron.DownloadItem> = new Promise((resolve) => {
          w.webContents.session.once('will-download', function (e, item) {
            item.setSavePath(downloadFilePath);
            item.on('done', function () {
              resolve(item);
            });
            item.cancel();
          });
        });
        const downloadUrl = `${url}/assets/logo.png`;
        w.webContents.downloadURL(downloadUrl);
        const item = await downloadCancelled;
        expect(item.getState()).to.equal('cancelled');

        const options = {
          path: item.savePath,
          urlChain: item.getURLChain(),
          mimeType: item.getMimeType(),
          offset: item.getReceivedBytes(),
          length: item.getTotalBytes(),
          lastModified: item.getLastModifiedTime(),
          eTag: item.getETag()
        };
        const downloadResumed: Promise<Electron.DownloadItem> = new Promise((resolve) => {
          w.webContents.session.once('will-download', function (e, item) {
            expect(item.getState()).to.equal('interrupted');
            item.setSavePath(downloadFilePath);
            item.resume();
            item.on('done', function () {
              resolve(item);
            });
          });
        });
        w.webContents.session.createInterruptedDownload(options);
        const completedItem = await downloadResumed;
        expect(completedItem.getState()).to.equal('completed');
        expect(completedItem.getFilename()).to.equal('logo.png');
        expect(completedItem.savePath).to.equal(downloadFilePath);
        expect(completedItem.getURL()).to.equal(downloadUrl);
        expect(completedItem.getMimeType()).to.equal('image/png');
        expect(completedItem.getReceivedBytes()).to.equal(14022);
        expect(completedItem.getTotalBytes()).to.equal(14022);
        expect(fs.existsSync(downloadFilePath)).to.equal(true);
      } finally {
        rangeServer.close();
      }
    });
  });

  describe('ses.setPermissionHandlers(handlers)', () => {
    describe('onRequest', () => {
      afterEach(closeAllWindows);
      // These tests are done on an http server because navigator.userAgentData
      // requires a secure context.
      let server: http.Server;
      let serverUrl: string;
      before(async () => {
        server = http.createServer((req, res) => {
          res.setHeader('Content-Type', 'text/html');
          res.end('');
        });
        serverUrl = (await listen(server)).url;
      });
      after(() => {
        server.close();
      });

      it('cancels any pending requests when cleared', async () => {
        const w = new BrowserWindow({
          show: false,
          webPreferences: {
            partition: 'very-temp-permission-handler',
            nodeIntegration: true,
            contextIsolation: false
          }
        });

        const ses = w.webContents.session;
        ses.setPermissionHandlers({
          onRequest: () => ses.setPermissionHandlers(null) as any,
          isGranted: () => ({ status: 'ask' })
        });

        ses.protocol.interceptStringProtocol('https', (req, cb) => {
          cb(`<html><script>(${remote})()</script></html>`);
        });

        const result = once(require('electron').ipcMain, 'message');

        function remote () {
          (navigator as any).requestMIDIAccess({ sysex: true }).then(() => {}, (err: any) => {
            require('electron').ipcRenderer.send('message', err.name);
          });
        }

        w.loadURL('https://myfakesite');

        const [, name] = await result;
        expect(name).to.deep.equal('SecurityError');
      });

      it('cancels any requests when resolved with invalid status', async () => {
        const w = new BrowserWindow({
          show: false,
          webPreferences: {
            partition: 'very-temp-permission-handler',
            nodeIntegration: true,
            contextIsolation: false
          }
        });

        const ses = w.webContents.session;
        ses.setPermissionHandlers({
          onRequest: async () => ({ status: 'nope?' as any }),
          isGranted: () => ({ status: 'ask' })
        });

        ses.protocol.interceptStringProtocol('https', (req, cb) => {
          cb(`<html><script>(${remote})()</script></html>`);
        });

        const result = once(require('electron').ipcMain, 'message');

        function remote () {
          (navigator as any).requestMIDIAccess({ sysex: true }).then(() => {}, (err: any) => {
            require('electron').ipcRenderer.send('message', err.name);
          });
        }

        w.loadURL('https://myfakesite');

        const [, name] = await result;
        expect(name).to.deep.equal('SecurityError');
      });

      it('successfully resolves when calling legacy getUserMedia', async () => {
        const ses = session.fromPartition('' + Math.random());
        ses.setPermissionHandlers(
          {
            onRequest: async () => ({ status: 'granted' }),
            isGranted: () => ({ status: 'ask' })
          }
        );

        const w = new BrowserWindow({ show: false, webPreferences: { session: ses } });
        await w.loadURL(serverUrl);
        const { ok, message } = await w.webContents.executeJavaScript(`
          new Promise((resolve, reject) => navigator.getUserMedia({
            video: true,
            audio: true,
          }, x => resolve({ok: x instanceof MediaStream}), e => reject({ok: false, message: e.message})))
        `);
        expect(ok).to.be.true(message);
      });

      it('successfully rejects when calling legacy getUserMedia', async () => {
        const ses = session.fromPartition('' + Math.random());
        ses.setPermissionHandlers(
          {
            onRequest: async () => ({ status: 'denied' }),
            isGranted: () => ({ status: 'ask' })
          }
        );

        const w = new BrowserWindow({ show: false, webPreferences: { session: ses } });
        await w.loadURL(serverUrl);
        await expect(w.webContents.executeJavaScript(`
          new Promise((resolve, reject) => navigator.getUserMedia({
            video: true,
            audio: true,
          }, x => resolve({ok: x instanceof MediaStream}), e => reject({ok: false, message: e.message})))
        `)).to.eventually.be.rejectedWith('Permission denied');
      });
    });

    describe('isGranted', () => {
      afterEach(closeAllWindows);
      it('provides valid effectiveOrigin for main frame requests', async () => {
        const w = new BrowserWindow({
          show: false,
          webPreferences: {
            partition: 'very-temp-permission-handler'
          }
        });
        const ses = w.webContents.session;
        const loadUrl = 'https://myfakesite/oh-hi';
        let effectiveOrigin: string = '';

        ses.protocol.interceptStringProtocol('https', (req, cb) => {
          cb('<html><script>console.log(\'test\');</script></html>');
        });

        ses.setPermissionHandlers(
          {
            onRequest: async () => ({ status: 'denied' }),
            isGranted: (permission, origin) => {
              effectiveOrigin = origin;
              return { status: 'granted' };
            }
          }
        );

        const readClipboardPermission: any = () => {
          return w.webContents.executeJavaScript(`
            navigator.permissions.query({name: 'clipboard-read'})
                .then(permission => permission.state).catch(err => err.message);
          `, true);
        };

        await w.loadURL(loadUrl);
        const state = await readClipboardPermission();
        expect(state).to.equal('granted');
        expect(effectiveOrigin).to.equal('https://myfakesite');
      });

      it('provides valid effectiveOrigin for cross origin subframes', async () => {
        const w = new BrowserWindow({
          show: false,
          webPreferences: {
            partition: 'very-temp-permission-handler'
          }
        });
        const ses = w.webContents.session;
        const loadUrl = 'https://myfakesite/foo';
        let effectiveOrigin: string = '';
        let handlerDetails: Electron.PermissionCheckDetails;

        ses.protocol.interceptStringProtocol('https', (req, cb) => {
          cb('<html><script>console.log(\'test\');</script></html>');
        });

        ses.setPermissionHandlers(
          {
            onRequest: async () => ({ status: 'denied' }),
            isGranted: (permission, origin, details) => {
              effectiveOrigin = origin;
              handlerDetails = details;
              return { status: 'granted' };
            }
          }
        );

        const readClipboardPermission: any = (frame: WebFrameMain) => {
          return frame.executeJavaScript(`
            navigator.permissions.query({name: 'clipboard-read'})
                .then(permission => permission.state).catch(err => err.message);
          `, true);
        };

        await w.loadFile(path.join(fixtures, 'api', 'blank.html'));
        w.webContents.executeJavaScript(`
          var iframe = document.createElement('iframe');
          iframe.src = '${loadUrl}';
          iframe.allow = 'clipboard-read';
          document.body.appendChild(iframe);
          null;
        `);
        const [,, frameProcessId, frameRoutingId] = await once(w.webContents, 'did-frame-finish-load');
        const state = await readClipboardPermission(webFrameMain.fromId(frameProcessId, frameRoutingId));
        expect(state).to.equal('granted');
        expect(effectiveOrigin).to.equal('https://myfakesite');
        expect(handlerDetails!.isMainFrame).to.be.false();
        expect(handlerDetails!.embeddingOrigin).to.equal('file:///');
      });

      it('allows providing "default" / "ask" value', async () => {
        const w = new BrowserWindow({
          show: false,
          webPreferences: {
            partition: 'very-temp-permission-handler'
          }
        });
        const ses = w.webContents.session;
        const loadUrl = 'https://myfakesite/oh-hi';

        ses.protocol.interceptStringProtocol('https', (req, cb) => {
          cb('<html><script>console.log(\'test\');</script></html>');
        });

        ses.setPermissionHandlers(
          {
            onRequest: async () => ({ status: 'denied' }),
            isGranted: () => ({ status: 'ask' })
          }
        );

        const readNotificationPermission = () => {
          return w.webContents.executeJavaScript(`
            Notification.permission
          `, true);
        };

        await w.loadURL(loadUrl);
        const state = await readNotificationPermission();
        expect(state).to.equal('default');
      });

      it('allows providing "granted" value', async () => {
        const w = new BrowserWindow({
          show: false,
          webPreferences: {
            partition: 'very-temp-permission-handler'
          }
        });
        const ses = w.webContents.session;
        const loadUrl = 'https://myfakesite/oh-hi';

        ses.protocol.interceptStringProtocol('https', (req, cb) => {
          cb('<html><script>console.log(\'test\');</script></html>');
        });

        ses.setPermissionHandlers(
          {
            onRequest: async () => ({ status: 'denied' }),
            isGranted: () => ({ status: 'granted' })
          }
        );

        const readNotificationPermission = () => {
          return w.webContents.executeJavaScript(`
            Notification.permission
          `, true);
        };

        await w.loadURL(loadUrl);
        const state = await readNotificationPermission();
        expect(state).to.equal('granted');
      });

      it('allows providing "denied" value', async () => {
        const w = new BrowserWindow({
          show: false,
          webPreferences: {
            partition: 'very-temp-permission-handler'
          }
        });
        const ses = w.webContents.session;
        const loadUrl = 'https://myfakesite/oh-hi';

        ses.protocol.interceptStringProtocol('https', (req, cb) => {
          cb('<html><script>console.log(\'test\');</script></html>');
        });

        ses.setPermissionHandlers(
          {
            onRequest: async () => ({ status: 'denied' }),
            isGranted: () => ({ status: 'denied' })
          }
        );

        const readNotificationPermission = () => {
          return w.webContents.executeJavaScript(`
            Notification.permission
          `, true);
        };

        await w.loadURL(loadUrl);
        const state = await readNotificationPermission();
        expect(state).to.equal('denied');
      });
    });
  });

  describe('ses.setPermissionRequestHandler(handler)', () => {
    afterEach(closeAllWindows);
    // These tests are done on an http server because navigator.userAgentData
    // requires a secure context.
    let server: http.Server;
    let serverUrl: string;
    before(async () => {
      server = http.createServer((req, res) => {
        res.setHeader('Content-Type', 'text/html');
        res.end('');
      });
      serverUrl = (await listen(server)).url;
    });
    after(() => {
      server.close();
    });

    it('cancels any pending requests when cleared', async () => {
      const w = new BrowserWindow({
        show: false,
        webPreferences: {
          partition: 'very-temp-permission-handler',
          nodeIntegration: true,
          contextIsolation: false
        }
      });

      const ses = w.webContents.session;
      ses.setPermissionRequestHandler(() => {
        ses.setPermissionRequestHandler(null);
      });

      ses.protocol.interceptStringProtocol('https', (req, cb) => {
        cb(`<html><script>(${remote})()</script></html>`);
      });

      const result = once(require('electron').ipcMain, 'message');

      function remote () {
        (navigator as any).requestMIDIAccess({ sysex: true }).then(() => {}, (err: any) => {
          require('electron').ipcRenderer.send('message', err.name);
        });
      }

      await w.loadURL('https://myfakesite');

      const [, name] = await result;
      expect(name).to.deep.equal('SecurityError');
    });

    it('successfully resolves when calling legacy getUserMedia', async () => {
      const ses = session.fromPartition('' + Math.random());
      ses.setPermissionRequestHandler(
        (_webContents, _permission, callback) => {
          callback(true);
        }
      );

      const w = new BrowserWindow({ show: false, webPreferences: { session: ses } });
      await w.loadURL(serverUrl);
      const { ok, message } = await w.webContents.executeJavaScript(`
        new Promise((resolve, reject) => navigator.getUserMedia({
          video: true,
          audio: true,
        }, x => resolve({ok: x instanceof MediaStream}), e => reject({ok: false, message: e.message})))
      `);
      expect(ok).to.be.true(message);
    });

    it('successfully rejects when calling legacy getUserMedia', async () => {
      const ses = session.fromPartition('' + Math.random());
      ses.setPermissionRequestHandler(
        (_webContents, _permission, callback) => {
          callback(false);
        }
      );

      const w = new BrowserWindow({ show: false, webPreferences: { session: ses } });
      await w.loadURL(serverUrl);
      await expect(w.webContents.executeJavaScript(`
        new Promise((resolve, reject) => navigator.getUserMedia({
          video: true,
          audio: true,
        }, x => resolve({ok: x instanceof MediaStream}), e => reject({ok: false, message: e.message})))
      `)).to.eventually.be.rejectedWith('Permission denied');
    });
  });

  describe('ses.setPermissionCheckHandler(handler)', () => {
    afterEach(closeAllWindows);
    it.skip('details provides requestingURL for mainFrame', async () => {
      const w = new BrowserWindow({
        show: false,
        webPreferences: {
          partition: 'very-temp-permission-handler'
        }
      });
      const ses = w.webContents.session;
      const loadUrl = 'https://myfakesite/';
      let handlerDetails : Electron.PermissionCheckHandlerHandlerDetails;

      ses.protocol.interceptStringProtocol('https', (req, cb) => {
        cb('<html><script>console.log(\'test\');</script></html>');
      });

      ses.setPermissionCheckHandler((wc, permission, requestingOrigin, details) => {
        if (permission === 'clipboard-read') {
          handlerDetails = details;
          return true;
        }
        return false;
      });

      const readClipboardPermission: any = () => {
        return w.webContents.executeJavaScript(`
          navigator.permissions.query({name: 'clipboard-read'})
              .then(permission => permission.state).catch(err => err.message);
        `, true);
      };

      await w.loadURL(loadUrl);
      const state = await readClipboardPermission();
      expect(state).to.equal('granted');
      expect(handlerDetails!.requestingUrl).to.equal(loadUrl);
    });

    it.skip('details provides requestingURL for cross origin subFrame', async () => {
      const w = new BrowserWindow({
        show: false,
        webPreferences: {
          partition: 'very-temp-permission-handler'
        }
      });
      const ses = w.webContents.session;
      const loadUrl = 'https://myfakesite/';
      let handlerDetails : Electron.PermissionCheckHandlerHandlerDetails;

      ses.protocol.interceptStringProtocol('https', (req, cb) => {
        cb('<html><script>console.log(\'test\');</script></html>');
      });

      ses.setPermissionCheckHandler((wc, permission, requestingOrigin, details) => {
        if (permission === 'clipboard-read') {
          handlerDetails = details;
          return true;
        }
        return false;
      });

      const readClipboardPermission: any = (frame: WebFrameMain) => {
        return frame.executeJavaScript(`
          navigator.permissions.query({name: 'clipboard-read'})
              .then(permission => permission.state).catch(err => err.message);
        `, true);
      };

      await w.loadFile(path.join(fixtures, 'api', 'blank.html'));
      w.webContents.executeJavaScript(`
        var iframe = document.createElement('iframe');
        iframe.src = '${loadUrl}';
        iframe.allow = 'clipboard-read';
        document.body.appendChild(iframe);
        null;
      `);
      const [,, frameProcessId, frameRoutingId] = await once(w.webContents, 'did-frame-finish-load');
      const state = await readClipboardPermission(webFrameMain.fromId(frameProcessId, frameRoutingId));
      expect(state).to.equal('granted');
      expect(handlerDetails!.requestingUrl).to.equal(loadUrl);
      expect(handlerDetails!.isMainFrame).to.be.false();
      expect(handlerDetails!.embeddingOrigin).to.equal('file:///');
    });
  });

  describe('ses.isPersistent()', () => {
    afterEach(closeAllWindows);

    it('returns default session as persistent', () => {
      const w = new BrowserWindow({
        show: false
      });

      const ses = w.webContents.session;

      expect(ses.isPersistent()).to.be.true();
    });

    it('returns persist: session as persistent', () => {
      const ses = session.fromPartition(`persist:${Math.random()}`);
      expect(ses.isPersistent()).to.be.true();
    });

    it('returns temporary session as not persistent', () => {
      const ses = session.fromPartition(`${Math.random()}`);
      expect(ses.isPersistent()).to.be.false();
    });
  });

  describe('ses.setUserAgent()', () => {
    afterEach(closeAllWindows);

    it('can be retrieved with getUserAgent()', () => {
      const userAgent = 'test-agent';
      const ses = session.fromPartition('' + Math.random());
      ses.setUserAgent(userAgent);
      expect(ses.getUserAgent()).to.equal(userAgent);
    });

    it('sets the User-Agent header for web requests made from renderers', async () => {
      const userAgent = 'test-agent';
      const ses = session.fromPartition('' + Math.random());
      ses.setUserAgent(userAgent, 'en-US,fr,de');
      const w = new BrowserWindow({ show: false, webPreferences: { session: ses } });
      let headers: http.IncomingHttpHeaders | null = null;
      const server = http.createServer((req, res) => {
        headers = req.headers;
        res.end();
        server.close();
      });
      const { url } = await listen(server);
      await w.loadURL(url);
      expect(headers!['user-agent']).to.equal(userAgent);
      expect(headers!['accept-language']).to.equal('en-US,fr;q=0.9,de;q=0.8');
    });
  });

  describe('session-created event', () => {
    it('is emitted when a session is created', async () => {
      const sessionCreated = once(app, 'session-created') as Promise<[any, Session]>;
      const session1 = session.fromPartition('' + Math.random());
      const [session2] = await sessionCreated;
      expect(session1).to.equal(session2);
    });
  });

  describe('session.storagePage', () => {
    it('returns a string', () => {
      expect(session.defaultSession.storagePath).to.be.a('string');
    });

    it('returns null for in memory sessions', () => {
      expect(session.fromPartition('in-memory').storagePath).to.equal(null);
    });

    it('returns different paths for partitions and the default session', () => {
      expect(session.defaultSession.storagePath).to.not.equal(session.fromPartition('persist:two').storagePath);
    });

    it('returns different paths for different partitions', () => {
      expect(session.fromPartition('persist:one').storagePath).to.not.equal(session.fromPartition('persist:two').storagePath);
    });
  });

  describe('session.setCodeCachePath()', () => {
    it('throws when relative or empty path is provided', () => {
      expect(() => {
        session.defaultSession.setCodeCachePath('../fixtures');
      }).to.throw('Absolute path must be provided to store code cache.');
      expect(() => {
        session.defaultSession.setCodeCachePath('');
      }).to.throw('Absolute path must be provided to store code cache.');
      expect(() => {
        session.defaultSession.setCodeCachePath(path.join(app.getPath('userData'), 'electron-test-code-cache'));
      }).to.not.throw();
    });
  });

  describe('ses.setSSLConfig()', () => {
    it('can disable cipher suites', async () => {
      const ses = session.fromPartition('' + Math.random());
      const fixturesPath = path.resolve(__dirname, 'fixtures');
      const certPath = path.join(fixturesPath, 'certificates');
      const server = https.createServer({
        key: fs.readFileSync(path.join(certPath, 'server.key')),
        cert: fs.readFileSync(path.join(certPath, 'server.pem')),
        ca: [
          fs.readFileSync(path.join(certPath, 'rootCA.pem')),
          fs.readFileSync(path.join(certPath, 'intermediateCA.pem'))
        ],
        minVersion: 'TLSv1.2',
        maxVersion: 'TLSv1.2',
        ciphers: 'AES128-GCM-SHA256'
      }, (req, res) => {
        res.end('hi');
      });
      const { port } = await listen(server);
      defer(() => server.close());

      function request () {
        return new Promise((resolve, reject) => {
          const r = net.request({
            url: `https://127.0.0.1:${port}`,
            session: ses
          });
          r.on('response', (res) => {
            let data = '';
            res.on('data', (chunk) => {
              data += chunk.toString('utf8');
            });
            res.on('end', () => {
              resolve(data);
            });
          });
          r.on('error', (err) => {
            reject(err);
          });
          r.end();
        });
      }

      await expect(request()).to.be.rejectedWith(/ERR_CERT_AUTHORITY_INVALID/);
      ses.setSSLConfig({
        disabledCipherSuites: [0x009C]
      });
      await expect(request()).to.be.rejectedWith(/ERR_SSL_VERSION_OR_CIPHER_MISMATCH/);
    });
  });

  describe('ses.clearData()', () => {
    afterEach(closeAllWindows);

    // NOTE: This API clears more than localStorage, but localStorage is a
    // convenient test target for this API
    it('clears all data when no options supplied', async () => {
      const w = new BrowserWindow({ show: false, webPreferences: { nodeIntegration: true } });
      await w.loadFile(path.join(fixtures, 'api', 'localstorage.html'));

      expect(await w.webContents.executeJavaScript('localStorage.length')).to.be.greaterThan(0);

      await w.webContents.session.clearData();

      expect(await w.webContents.executeJavaScript('localStorage.length')).to.equal(0);
    });

    it('clears all data when no options supplied, called twice in parallel', async () => {
      const w = new BrowserWindow({ show: false, webPreferences: { nodeIntegration: true } });
      await w.loadFile(path.join(fixtures, 'api', 'localstorage.html'));

      expect(await w.webContents.executeJavaScript('localStorage.length')).to.be.greaterThan(0);

      // This first call is not awaited immediately
      const clearDataPromise = w.webContents.session.clearData();
      await w.webContents.session.clearData();

      expect(await w.webContents.executeJavaScript('localStorage.length')).to.equal(0);

      // Await the first promise so it doesn't creep into another test
      await clearDataPromise;
    });

    it('only clears specified data categories', async () => {
      const w = new BrowserWindow({
        show: false,
        webPreferences: { nodeIntegration: true, contextIsolation: false }
      });
      await w.loadFile(
        path.join(fixtures, 'api', 'localstorage-and-indexeddb.html')
      );

      const { webContents } = w;
      const { session } = webContents;

      await once(ipcMain, 'indexeddb-ready');

      async function queryData (channel: string): Promise<string> {
        const event = once(ipcMain, `result-${channel}`);
        webContents.send(`get-${channel}`);
        return (await event)[1];
      }

      // Data is in localStorage
      await expect(queryData('localstorage')).to.eventually.equal('hello localstorage');
      // Data is in indexedDB
      await expect(queryData('indexeddb')).to.eventually.equal('hello indexeddb');

      // Clear only indexedDB, not localStorage
      await session.clearData({ dataTypes: ['indexedDB'] });

      // The localStorage data should still be there
      await expect(queryData('localstorage')).to.eventually.equal('hello localstorage');

      // The indexedDB data should be gone
      await expect(queryData('indexeddb')).to.eventually.be.undefined();
    });

    it('only clears the specified origins', async () => {
      const w = new BrowserWindow({ show: false });
      await w.loadURL('about:blank');

      const { session } = w.webContents;
      const { cookies } = session;

      await Promise.all([
        cookies.set({
          url: 'https://example.com/',
          name: 'testdotcom',
          value: 'testdotcom'
        }),
        cookies.set({
          url: 'https://example.org/',
          name: 'testdotorg',
          value: 'testdotorg'
        })
      ]);

      await session.clearData({ origins: ['https://example.com'] });

      expect((await cookies.get({ url: 'https://example.com/', name: 'testdotcom' })).length).to.equal(0);
      expect((await cookies.get({ url: 'https://example.org/', name: 'testdotorg' })).length).to.be.greaterThan(0);
    });

    it('clears all except the specified origins', async () => {
      const w = new BrowserWindow({ show: false });
      await w.loadURL('about:blank');

      const { session } = w.webContents;
      const { cookies } = session;

      await Promise.all([
        cookies.set({
          url: 'https://example.com/',
          name: 'testdotcom',
          value: 'testdotcom'
        }),
        cookies.set({
          url: 'https://example.org/',
          name: 'testdotorg',
          value: 'testdotorg'
        })
      ]);

      await session.clearData({ excludeOrigins: ['https://example.com'] });

      expect((await cookies.get({ url: 'https://example.com/', name: 'testdotcom' })).length).to.be.greaterThan(0);
      expect((await cookies.get({ url: 'https://example.org/', name: 'testdotorg' })).length).to.equal(0);
    });
  });
});