| Index: third_party/WebKit/LayoutTests/http/tests/cookies/same-site/basics.html
|
| diff --git a/third_party/WebKit/LayoutTests/http/tests/cookies/same-site/basics.html b/third_party/WebKit/LayoutTests/http/tests/cookies/same-site/basics.html
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..e2b072782c7fb55e143ccc3b6b36358877870e8d
|
| --- /dev/null
|
| +++ b/third_party/WebKit/LayoutTests/http/tests/cookies/same-site/basics.html
|
| @@ -0,0 +1,75 @@
|
| +<!doctype html>
|
| +<script src="/resources/testharness.js"></script>
|
| +<script src="/resources/testharnessreport.js"></script>
|
| +<script src="/cookies/resources/testharness-helpers.js"></script>
|
| +<script>
|
| +// Set cookies on ORIGINAL_HOST, then move ourselves to TEST_ROOT so
|
| +// we can verify registrable domain and cross-origin behavior.
|
| +if (window.location.hostname == ORIGINAL_HOST) {
|
| + clearKnownCookies();
|
| + document.cookie = STRICT_DOM + "=1; SameSite=Strict; Max-Age=100; path=/";
|
| + document.cookie = LAX_DOM + "=1; SameSite=Lax; Max-Age=100; path=/";
|
| + document.cookie = NORMAL_DOM + "=1; Max-Age=100; path=/";
|
| + window.location.hostname = TEST_HOST;
|
| +} else {
|
| + test(_ => {
|
| + clearKnownCookies();
|
| + assert_equals(document.cookie, "");
|
| +
|
| + document.cookie = STRICT_DOM + "=2; SameSite=Strict; domain=" + TEST_HOST + "; path=/";
|
| + document.cookie = LAX_DOM + "=2; SameSite=Lax; domain=" + TEST_HOST + "; path=/";
|
| + document.cookie = NORMAL_DOM + "=2; domain=" + TEST_HOST + "; path=/";
|
| + assert_equals(document.cookie, STRICT_DOM + "=2; " + LAX_DOM + "=2; " + NORMAL_DOM + "=2");
|
| + }, "Cookies can be set from DOM.");
|
| +
|
| + promise_test(_ => {
|
| + return fetch("/cookies/resources/echo-json.php", {"credentials": "include"})
|
| + .then(r => r.json())
|
| + .then(j => {
|
| + assert_equals(j[STRICT_DOM], "2", "strict");
|
| + assert_equals(j[LAX_DOM], "2", "lax");
|
| + assert_equals(j[NORMAL_DOM], "2", "normal");
|
| + });
|
| + }, "SameSite set from DOM are sent via HTTP.");
|
| +
|
| + promise_test(_ => {
|
| + return fetch("https://" + TEST_HOST + ":8443/cookies/resources/echo-json.php", {"credentials": "include"})
|
| + .then(r => r.json())
|
| + .then(j => {
|
| + assert_equals(j[STRICT_DOM], "2", "strict");
|
| + assert_equals(j[LAX_DOM], "2", "lax");
|
| + assert_equals(j[NORMAL_DOM], "2", "normal");
|
| + });
|
| + }, "HTTPS is same-site with HTTP.");
|
| +
|
| + promise_test(_ => {
|
| + return fetch("http://subdomain." + TEST_HOST + ":8000/cookies/resources/echo-json.php", {"credentials": "include"})
|
| + .then(r => r.json())
|
| + .then(j => {
|
| + assert_equals(j[STRICT_DOM], "2", "strict");
|
| + assert_equals(j[LAX_DOM], "2", "lax");
|
| + assert_equals(j[NORMAL_DOM], "2", "normal");
|
| + });
|
| + }, "Subdomains are same-site.");
|
| +
|
| + promise_test(_ => {
|
| + return fetch("http://" + TEST_ROOT + ":8000/cookies/resources/echo-json.php", {"credentials": "include"})
|
| + .then(r => r.json())
|
| + .then(j => {
|
| + assert_equals(j[STRICT_DOM], undefined, "strict");
|
| + assert_equals(j[LAX_DOM], undefined, "lax");
|
| + assert_equals(j[NORMAL_DOM], undefined, "normal");
|
| + });
|
| + }, "`" + TEST_ROOT + "` is same-site but the cookies don't match it: 'samesite' doesn't override matching rules.");
|
| +
|
| + promise_test(_ => {
|
| + return fetch("http://" + ORIGINAL_HOST + ":8000/cookies/resources/echo-json.php", {"credentials": "include"})
|
| + .then(r => r.json())
|
| + .then(j => {
|
| + assert_equals(j[STRICT_DOM], undefined, "strict");
|
| + assert_equals(j[LAX_DOM], undefined, "lax");
|
| + assert_equals(j[NORMAL_DOM], "1", "normal");
|
| + });
|
| + }, "'" + ORIGINAL_HOST + "' is not same-site with '" + TEST_HOST + "', so samesite cookies are not sent.");
|
| +}
|
| +</script>
|
|
|
Chromium Code Reviews
Issue 1783813002:
SameSite: Strict/Lax behavior. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@strict-lax