Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(78)

Unified Diff: third_party/WebKit/LayoutTests/http/tests/security/cookies/strict-secure-cookies.html

Issue 2623423002: Add console warning and tests for strict secure cookies.
Patch Set: Update comment Created 3 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: third_party/WebKit/LayoutTests/http/tests/security/cookies/strict-secure-cookies.html
diff --git a/third_party/WebKit/LayoutTests/http/tests/security/cookies/strict-secure-cookies.html b/third_party/WebKit/LayoutTests/http/tests/security/cookies/strict-secure-cookies.html
new file mode 100644
index 0000000000000000000000000000000000000000..4973950c70b5888403b1335573e98e1a9154e5d3
--- /dev/null
+++ b/third_party/WebKit/LayoutTests/http/tests/security/cookies/strict-secure-cookies.html
@@ -0,0 +1,30 @@
+<html>
+<head>
+<meta charset="utf-8">
+<title>Verify that strict secure cookies are enforced</title>
+<script src="/resources/get-host-info.js"></script>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+</head>
+<body>
+<script>
+var t = async_test("Verify that strict secure cookies are enforced");
+window.onmessage = t.step_func(function(event) {
+ assert_false(event.data, "cookie should not have been set by an insecure URL");
+ t.done();
+});
+
+function insecureLoaded() {
+ var iframe = document.createElement("iframe");
+ iframe.src = get_host_info().HTTPS_ORIGIN +
+ "/security/cookies/resources/get-cookie.html";
+ document.body.appendChild(iframe);
+}
+var insecure_frame = document.createElement("iframe");
+insecure_frame.onload = insecureLoaded;
+insecure_frame.src = get_host_info().HTTP_ORIGIN +
+ "/security/cookies/resources/set-a-cookie.php?secure=true&resetcookie=false&notifydone=false";
+document.body.appendChild(insecure_frame);
+</script>
+</body>
+</html>

Powered by Google App Engine
This is Rietveld 408576698