OLD | NEW |
---|---|
(Empty) | |
1 <!doctype html> | |
2 <script src="/resources/testharness.js"></script> | |
3 <script src="/resources/testharnessreport.js"></script> | |
4 <script src="/cookies/resources/testharness-helpers.js"></script> | |
5 <script> | |
6 // Set cookies on ORIGINAL_HOST, then move ourselves to TEST_ROOT so | |
7 // we can verify registrable domain and cross-origin behavior. | |
8 if (window.location.hostname == ORIGINAL_HOST) { | |
9 clearKnownCookies(); | |
10 document.cookie = STRICT_DOM + "=1; SameSite=Strict; Max-Age=100; path=/"; | |
11 document.cookie = LAX_DOM + "=1; SameSite=Lax; Max-Age=100; path=/"; | |
12 document.cookie = NORMAL_DOM + "=1; Max-Age=100; path=/"; | |
13 console.log(document.cookie); | |
philipj_slow
2016/03/21 09:18:23
Leftover from debugging, or nice to have if the te
Mike West
2016/03/21 11:03:13
Leftover, dropped, thanks.
| |
14 window.location.hostname = TEST_HOST; | |
15 } else { | |
16 test(t => { | |
philipj_slow
2016/03/21 09:18:23
s/t/_/ since it's not used
Mike West
2016/03/21 11:03:13
Done.
| |
17 clearKnownCookies(); | |
18 assert_equals(document.cookie, ""); | |
19 | |
20 document.cookie = STRICT_DOM + "=1; SameSite=Strict; domain=" + TEST_HOS T + "; path=/"; | |
philipj_slow
2016/03/21 09:18:23
Why is the cookie set both on ORIGINAL_HOST and no
Mike West
2016/03/21 11:03:13
Because we need to do cross-registrable domain req
philipj_slow
2016/03/21 11:17:47
Oh, OK. Using "2" would make it obvious which valu
| |
21 document.cookie = LAX_DOM + "=1; SameSite=Lax; domain=" + TEST_HOST + "; path=/"; | |
22 document.cookie = NORMAL_DOM + "=1; domain=" + TEST_HOST + "; path=/"; | |
23 assert_equals(document.cookie, STRICT_DOM + "=1; " + LAX_DOM + "=1; " + NORMAL_DOM + "=1"); | |
24 }, "Cookies can be set from DOM."); | |
25 | |
26 promise_test(_ => { | |
27 return fetch("/cookies/resources/echo-json.php", {"credentials": "includ e"}) | |
28 .then(r => r.json()) | |
29 .then(j => { | |
30 assert_equals(j[STRICT_DOM], "1", "strict"); | |
philipj_slow
2016/03/21 09:18:23
Nice how t.step_func wrapping is no longer needed
Mike West
2016/03/21 11:03:13
Indeed!
| |
31 assert_equals(j[LAX_DOM], "1", "lax"); | |
32 assert_equals(j[NORMAL_DOM], "1", "normal"); | |
33 }); | |
34 }, "SameSite set from DOM are sent via HTTP."); | |
35 | |
36 promise_test(_ => { | |
37 return fetch("https://" + TEST_HOST + ":8443/cookies/resources/echo-json .php", {"credentials": "include"}) | |
38 .then(r => r.json()) | |
39 .then(j => { | |
40 assert_equals(j[STRICT_DOM], "1", "strict"); | |
41 assert_equals(j[LAX_DOM], "1", "lax"); | |
42 assert_equals(j[NORMAL_DOM], "1", "normal"); | |
43 }); | |
44 }, "HTTPS is same-site with HTTP."); | |
45 | |
46 promise_test(_ => { | |
47 return fetch("http://subdomain." + TEST_HOST + ":8000/cookies/resources/ echo-json.php", {"credentials": "include"}) | |
48 .then(r => r.json()) | |
49 .then(j => { | |
50 assert_equals(j[STRICT_DOM], "1", "strict"); | |
51 assert_equals(j[LAX_DOM], "1", "lax"); | |
52 assert_equals(j[NORMAL_DOM], "1", "normal"); | |
53 }); | |
54 }, "Subdomains are same-site."); | |
55 | |
56 promise_test(_ => { | |
57 return fetch("http://" + TEST_ROOT + ":8000/cookies/resources/echo-json. php", {"credentials": "include"}) | |
58 .then(r => r.json()) | |
59 .then(j => { | |
60 assert_equals(j[STRICT_DOM], undefined, "strict"); | |
61 assert_equals(j[LAX_DOM], undefined, "lax"); | |
62 assert_equals(j[NORMAL_DOM], undefined, "normal"); | |
63 }); | |
64 }, "`" + TEST_ROOT + "` is 'same-site' but the cookies don't match it: 'same site' doesn't override matching rules."); | |
65 | |
66 promise_test(_ => { | |
67 return fetch("http://" + ORIGINAL_HOST + ":8000/cookies/resources/echo-j son.php", {"credentials": "include"}) | |
68 .then(r => r.json()) | |
69 .then(j => { | |
70 assert_equals(j[STRICT_DOM], undefined, "strict"); | |
71 assert_equals(j[LAX_DOM], undefined, "lax"); | |
72 assert_equals(j[NORMAL_DOM], "1", "normal"); | |
73 }); | |
74 }, "'" + ORIGINAL_HOST + "' is not same-site with '" + TEST_HOST + "', so sa mesite cookies are not sent."); | |
75 } | |
76 </script> | |
OLD | NEW |