Index: third_party/WebKit/LayoutTests/http/tests/cookies/same-site/basics.html |
diff --git a/third_party/WebKit/LayoutTests/http/tests/cookies/same-site/basics.html b/third_party/WebKit/LayoutTests/http/tests/cookies/same-site/basics.html |
new file mode 100644 |
index 0000000000000000000000000000000000000000..f747b40a5220b9441e96c9fb018757c053035f8e |
--- /dev/null |
+++ b/third_party/WebKit/LayoutTests/http/tests/cookies/same-site/basics.html |
@@ -0,0 +1,76 @@ |
+<!doctype html> |
+<script src="/resources/testharness.js"></script> |
+<script src="/resources/testharnessreport.js"></script> |
+<script src="/cookies/resources/testharness-helpers.js"></script> |
+<script> |
+// Set cookies on ORIGINAL_HOST, then move ourselves to TEST_ROOT so |
+// we can verify registrable domain and cross-origin behavior. |
+if (window.location.hostname == ORIGINAL_HOST) { |
+ clearKnownCookies(); |
+ document.cookie = STRICT_DOM + "=1; SameSite=Strict; Max-Age=100; path=/"; |
+ document.cookie = LAX_DOM + "=1; SameSite=Lax; Max-Age=100; path=/"; |
+ document.cookie = NORMAL_DOM + "=1; Max-Age=100; path=/"; |
+ console.log(document.cookie); |
philipj_slow
2016/03/21 09:18:23
Leftover from debugging, or nice to have if the te
Mike West
2016/03/21 11:03:13
Leftover, dropped, thanks.
|
+ window.location.hostname = TEST_HOST; |
+} else { |
+ test(t => { |
philipj_slow
2016/03/21 09:18:23
s/t/_/ since it's not used
Mike West
2016/03/21 11:03:13
Done.
|
+ clearKnownCookies(); |
+ assert_equals(document.cookie, ""); |
+ |
+ document.cookie = STRICT_DOM + "=1; SameSite=Strict; domain=" + TEST_HOST + "; path=/"; |
philipj_slow
2016/03/21 09:18:23
Why is the cookie set both on ORIGINAL_HOST and no
Mike West
2016/03/21 11:03:13
Because we need to do cross-registrable domain req
philipj_slow
2016/03/21 11:17:47
Oh, OK. Using "2" would make it obvious which valu
|
+ document.cookie = LAX_DOM + "=1; SameSite=Lax; domain=" + TEST_HOST + "; path=/"; |
+ document.cookie = NORMAL_DOM + "=1; domain=" + TEST_HOST + "; path=/"; |
+ assert_equals(document.cookie, STRICT_DOM + "=1; " + LAX_DOM + "=1; " + NORMAL_DOM + "=1"); |
+ }, "Cookies can be set from DOM."); |
+ |
+ promise_test(_ => { |
+ return fetch("/cookies/resources/echo-json.php", {"credentials": "include"}) |
+ .then(r => r.json()) |
+ .then(j => { |
+ assert_equals(j[STRICT_DOM], "1", "strict"); |
philipj_slow
2016/03/21 09:18:23
Nice how t.step_func wrapping is no longer needed
Mike West
2016/03/21 11:03:13
Indeed!
|
+ assert_equals(j[LAX_DOM], "1", "lax"); |
+ assert_equals(j[NORMAL_DOM], "1", "normal"); |
+ }); |
+ }, "SameSite set from DOM are sent via HTTP."); |
+ |
+ promise_test(_ => { |
+ return fetch("https://" + TEST_HOST + ":8443/cookies/resources/echo-json.php", {"credentials": "include"}) |
+ .then(r => r.json()) |
+ .then(j => { |
+ assert_equals(j[STRICT_DOM], "1", "strict"); |
+ assert_equals(j[LAX_DOM], "1", "lax"); |
+ assert_equals(j[NORMAL_DOM], "1", "normal"); |
+ }); |
+ }, "HTTPS is same-site with HTTP."); |
+ |
+ promise_test(_ => { |
+ return fetch("http://subdomain." + TEST_HOST + ":8000/cookies/resources/echo-json.php", {"credentials": "include"}) |
+ .then(r => r.json()) |
+ .then(j => { |
+ assert_equals(j[STRICT_DOM], "1", "strict"); |
+ assert_equals(j[LAX_DOM], "1", "lax"); |
+ assert_equals(j[NORMAL_DOM], "1", "normal"); |
+ }); |
+ }, "Subdomains are same-site."); |
+ |
+ promise_test(_ => { |
+ return fetch("http://" + TEST_ROOT + ":8000/cookies/resources/echo-json.php", {"credentials": "include"}) |
+ .then(r => r.json()) |
+ .then(j => { |
+ assert_equals(j[STRICT_DOM], undefined, "strict"); |
+ assert_equals(j[LAX_DOM], undefined, "lax"); |
+ assert_equals(j[NORMAL_DOM], undefined, "normal"); |
+ }); |
+ }, "`" + TEST_ROOT + "` is 'same-site' but the cookies don't match it: 'samesite' doesn't override matching rules."); |
+ |
+ promise_test(_ => { |
+ return fetch("http://" + ORIGINAL_HOST + ":8000/cookies/resources/echo-json.php", {"credentials": "include"}) |
+ .then(r => r.json()) |
+ .then(j => { |
+ assert_equals(j[STRICT_DOM], undefined, "strict"); |
+ assert_equals(j[LAX_DOM], undefined, "lax"); |
+ assert_equals(j[NORMAL_DOM], "1", "normal"); |
+ }); |
+ }, "'" + ORIGINAL_HOST + "' is not same-site with '" + TEST_HOST + "', so samesite cookies are not sent."); |
+} |
+</script> |