Update web-platform-tests to revision 81962ac8802223d038b188b6f9cb88a0a9c5beee

tests/wpt/web-platform-tests/cookies/resources/cookie-helper.sub.js

@@ -0,0 +1,206 @@
+// Set up exciting global variables for cookie tests.
+(_ => {
+  var HOST = "{{host}}";
+  var SECURE_PORT = ":{{ports[https][0]}}";
+  var PORT = ":{{ports[http][0]}}";
+  var CROSS_ORIGIN_HOST = "{{hosts[alt][]}}";
+  var SECURE_CROSS_ORIGIN_HOST = "{{hosts[alt][]}}";
+
+  //For secure cookie verification
+  window.SECURE_ORIGIN = "https://" + HOST + SECURE_PORT;
+  window.INSECURE_ORIGIN = "http://" + HOST + PORT;
+
+  //standard references
+  window.ORIGIN = "http://" + HOST + PORT;
+  window.WWW_ORIGIN = "http://{{domains[www]}}" + PORT;
+  window.SUBDOMAIN_ORIGIN = "http://{{domains[www1]}}" + PORT;
+  window.CROSS_SITE_ORIGIN = "http://" + CROSS_ORIGIN_HOST + PORT;
+  window.SECURE_CROSS_SITE_ORIGIN = "https://" + SECURE_CROSS_ORIGIN_HOST + SECURE_PORT;
+  window.CROSS_SITE_HOST = SECURE_CROSS_ORIGIN_HOST;
+
+  // Set the global cookie name.
+  window.HTTP_COOKIE = "cookie_via_http";
+
+  // If we're not on |HOST|, move ourselves there:
+  if (window.location.hostname != HOST)
+    window.location.hostname = HOST;
+})();
+
+// A tiny helper which returns the result of fetching |url| with credentials.
+function credFetch(url) {
+  return fetch(url, {"credentials": "include"});
+}
+
+// Returns a URL on |origin| which redirects to a given absolute URL.
+function redirectTo(origin, url) {
+  return origin + "/cookies/resources/redirectWithCORSHeaders.py?status=307&location=" + encodeURIComponent(url);
+}
+
+// Asserts that `document.cookie` contains or does not contain (according to
+// the value of |present|) a cookie named |name| with a value of |value|.
+function assert_dom_cookie(name, value, present) {
+  var re = new RegExp("(?:^|; )" + name + "=" + value + "(?:$|;)");
+  assert_equals(re.test(document.cookie), present, "`" + name + "=" + value + "` in `document.cookie`");
+}
+
+function assert_cookie(origin, obj, name, value, present) {
+  assert_equals(obj[name], present ? value : undefined, "`" + name + "=" + value + "` in request to `" + origin + "`.");
+}
+
+// Remove the cookie named |name| from |origin|, then set it on |origin| anew.
+// If |origin| matches `document.origin`, also assert (via `document.cookie`) that
+// the cookie was correctly removed and reset.
+function create_cookie(origin, name, value, extras) {
+  alert("Create_cookie: " + origin + "/cookies/resources/drop.py?name=" + name);
+  return credFetch(origin + "/cookies/resources/drop.py?name=" + name)
+    .then(_ => {
+      if (origin == document.origin)
+        assert_dom_cookie(name, value, false);
+    })
+    .then(_ => {
+      return credFetch(origin + "/cookies/resources/set.py?" + name + "=" + value + ";path=/;" + extras)
+        .then(_ => {
+          if (origin == document.origin)
+            assert_dom_cookie(name, value, true);
+        });
+    });
+}
+
+//
+// Prefix-specific test helpers
+//
+function set_prefixed_cookie_via_dom_test(options) {
+  promise_test(t => {
+    var name = options.prefix + "prefixtestcookie";
+    erase_cookie_from_js(name);
+    var value = "" + Math.random();
+    document.cookie = name + "=" + value + ";" + options.params;
+
+    assert_dom_cookie(name, value, options.shouldExistInDOM);
+
+    return credFetch("/cookies/resources/list.py")
+      .then(r => r.json())
+      .then(cookies => assert_equals(cookies[name], options.shouldExistViaHTTP ? value : undefined));
+  }, options.title);
+}
+
+function set_prefixed_cookie_via_http_test(options) {
+  promise_test(t => {
+    var postDelete = _ => {
+      var value = "" + Math.random();
+      return credFetch(options.origin + "/cookies/resources/set.py?" + name + "=" + value + ";" + options.params)
+        .then(_ => credFetch(options.origin + "/cookies/resources/list.py"))
+        .then(r => r.json())
+        .then(cookies => assert_equals(cookies[name], options.shouldExistViaHTTP ? value : undefined));
+    };
+
+    var name = options.prefix + "prefixtestcookie";
+    if (!options.origin) {
+      options.origin = document.origin;
+      erase_cookie_from_js(name);
+      return postDelete;
+    } else {
+      return credFetch(options.origin + "/cookies/resources/drop.py?name=" + name)
+        .then(_ => postDelete());
+    }
+  }, options.title);
+}
+
+//
+// SameSite-specific test helpers:
+//
+
+window.SameSiteStatus = {
+  CROSS_SITE: "cross-site",
+  LAX: "lax",
+  STRICT: "strict"
+};
+
+// Reset SameSite test cookies on |origin|. If |origin| matches `document.origin`, assert
+// (via `document.cookie`) that they were properly removed and reset.
+function resetSameSiteCookies(origin, value) {
+  return credFetch(origin + "/cookies/resources/dropSameSite.py")
+    .then(_ => {
+      if (origin == document.origin) {
+        assert_dom_cookie("samesite_strict", value, false);
+        assert_dom_cookie("samesite_lax", value, false);
+        assert_dom_cookie("samesite_none", value, false);
+      }
+    })
+    .then(_ => {
+      return credFetch(origin + "/cookies/resources/setSameSite.py?" + value)
+        .then(_ => {
+          if (origin == document.origin) {
+            assert_dom_cookie("samesite_strict", value, true);
+            assert_dom_cookie("samesite_lax", value, true);
+            assert_dom_cookie("samesite_none", value, true);
+          }
+        })
+    })
+}
+
+// Given an |expectedStatus| and |expectedValue|, assert the |cookies| contains the
+// proper set of cookie names and values.
+function verifySameSiteCookieState(expectedStatus, expectedValue, cookies) {
+    assert_equals(cookies["samesite_none"], expectedValue, "Non-SameSite cookies are always sent.");
+    if (expectedStatus == SameSiteStatus.CROSS_SITE) {
+      assert_not_equals(cookies["samesite_strict"], expectedValue, "SameSite=Strict cookies are not sent with cross-site requests.");
+      assert_not_equals(cookies["samesite_lax"], expectedValue, "SameSite=Lax cookies are not sent with cross-site requests.");
+    } else if (expectedStatus == SameSiteStatus.LAX) {
+      assert_not_equals(cookies["samesite_strict"], expectedValue, "SameSite=Strict cookies are not sent with lax requests.");
+      assert_equals(cookies["samesite_lax"], expectedValue, "SameSite=Lax cookies are sent with lax requests.");
+    } else if (expectedStatus == SameSiteStatus.STRICT) {
+      assert_equals(cookies["samesite_strict"], expectedValue, "SameSite=Strict cookies are sent with strict requests.");
+      assert_equals(cookies["samesite_lax"], expectedValue, "SameSite=Lax cookies are sent with strict requests.");
+    }
+}
+
+//
+// LeaveSecureCookiesAlone-specific test helpers:
+//
+
+window.SecureStatus = {
+  INSECURE_COOKIE_ONLY: "1",
+  BOTH_COOKIES: "2",
+};
+
+//Reset SameSite test cookies on |origin|. If |origin| matches `document.origin`, assert
+//(via `document.cookie`) that they were properly removed and reset.
+function resetSecureCookies(origin, value) {
+return credFetch(origin + "/cookies/resources/dropSecure.py")
+ .then(_ => {
+   if (origin == document.origin) {
+     assert_dom_cookie("alone_secure", value, false);
+     assert_dom_cookie("alone_insecure", value, false);
+   }
+ })
+ .then(_ => {
+     return credFetch(origin + "/cookie/resources/setSecure.py?" + value)
+ })
+}
+
+//
+// DOM based cookie manipulation API's
+//
+
+// borrowed from http://www.quirksmode.org/js/cookies.html
+function create_cookie_from_js(name, value, days, secure_flag) {
+  if (days) {
+    var date = new Date();
+    date.setTime(date.getTime()+(days*24*60*60*1000));
+    var expires = "; expires="+date.toGMTString();
+  }
+  else var expires = "";
+
+  var secure = "";
+  if (secure_flag == true) {
+    secure = "secure; ";
+  }
+  document.cookie = name+"="+value+expires+"; "+secure+"path=/";
+}
+
+// erase cookie value and set for expiration
+function erase_cookie_from_js(name) {
+  create_cookie_from_js(name,"",-1);
+  assert_dom_cookie(name, "", false);
+}

tests/wpt/web-platform-tests/cookies/resources/drop.py

@@ -0,0 +1,15 @@
+from helpers import makeDropCookie, readParameter, setNoCacheAndCORSHeaders
+
+def main(request, response):
+    """Respond to `/cookie/drop?name={name}` by expiring the cookie named `{name}`."""
+    headers = setNoCacheAndCORSHeaders(request, response)
+    try:
+        # Expire the named cookie, and return a JSON-encoded success code.
+        name = readParameter(request, paramName="name", requireValue=True)
+        scheme = request.url_parts.scheme
+        headers.append(makeDropCookie(name,  "https" == scheme))
+        return headers, '{"success": true}'
+    except:
+        return 500, headers, '{"error" : "Empty or missing name parameter."}'
+
+

tests/wpt/web-platform-tests/cookies/resources/dropSameSite.py

@@ -0,0 +1,12 @@
+from helpers import makeDropCookie, readParameter, setNoCacheAndCORSHeaders
+
+def main(request, response):
+    """Respond to `/cookie/same-site/resources/dropSameSite.py by dropping the
+    three cookies set by setSameSiteCookies.py"""
+    headers = setNoCacheAndCORSHeaders(request, response)
+
+    # Expire the cookies, and return a JSON-encoded success code.
+    headers.append(makeDropCookie("samesite_strict", False))
+    headers.append(makeDropCookie("samesite_lax", False))
+    headers.append(makeDropCookie("samesite_none", False))
+    return headers, '{"success": true}'

tests/wpt/web-platform-tests/cookies/resources/dropSecure.py

@@ -0,0 +1,11 @@
+from helpers import makeDropCookie, readParameter, setNoCacheAndCORSHeaders
+
+def main(request, response):
+    """Respond to `/cookie/drop/secure` by dropping the two cookie set by
+    `setSecureTestCookies()`"""
+    headers = setNoCacheAndCORSHeaders(request, response)
+
+    # Expire the cookies, and return a JSON-encoded success code.
+    headers.append(makeDropCookie("alone_secure", False))
+    headers.append(makeDropCookie("alone_insecure", False))
+    return headers, '{"success": true}'

tests/wpt/web-platform-tests/cookies/resources/helpers.py

@@ -0,0 +1,55 @@
+import urlparse
+
+def setNoCacheAndCORSHeaders(request, response):
+    """Set Cache-Control, CORS and Content-Type headers appropriate for the cookie tests."""
+    headers = [("Content-Type", "application/json"),
+               ("Access-Control-Allow-Credentials", "true")]
+
+    origin = "*"
+    if "origin" in request.headers:
+        origin = request.headers["origin"]
+
+    headers.append(("Access-Control-Allow-Origin", origin))
+    #headers.append(("Access-Control-Allow-Credentials", "true"))
+    headers.append(("Cache-Control", "no-cache"))
+    headers.append(("Expires", "Fri, 01 Jan 1990 00:00:00 GMT"))
+
+    return headers
+
+def makeCookieHeader(name, value, otherAttrs):
+    """Make a Set-Cookie header for a cookie with the name, value and attributes provided."""
+    def makeAV(a, v):
+        if None == v or "" == v:
+            return a
+        return "%s=%s" % (a, v)
+
+    # ensure cookie name is always first
+    attrs = ["%s=%s" % (name, value)]
+    attrs.extend(makeAV(a, v) for (a,v) in otherAttrs.iteritems())
+    return ("Set-Cookie", "; ".join(attrs))
+
+def makeDropCookie(name, secure):
+    attrs = {"MaxAge": 0, "path": "/"}
+    if secure:
+        attrs["secure"] = ""
+    return makeCookieHeader(name, "", attrs)
+
+def readParameter(request, paramName, requireValue):
+    """Read a parameter from the request. Raise if requireValue is set and the
+    parameter has an empty value or is not present."""
+    params = urlparse.parse_qs(request.url_parts.query)
+    param = params[paramName][0].strip()
+    if len(param) == 0:
+        raise Exception("Empty or missing name parameter.")
+    return param
+
+def readCookies(request):
+    """Read the cookies from the client present in the request."""
+    cookies = {}
+    for key in request.cookies:
+        for cookie in request.cookies.get_list(key):
+            # do we care we'll clobber cookies here? If so, do we
+            # need to modify the test to take cookie names and value lists?
+            cookies[key] = cookie.value
+    return cookies
+

tests/wpt/web-platform-tests/cookies/resources/imgIfMatch.py

@@ -0,0 +1,16 @@
+import helpers
+
+def main(request, response):
+    """Respond to `/cookie/imgIfMatch?name={name}&value={value}` with a 404 if
+       the cookie isn't present, and a transparent GIF otherwise."""
+    headers = helpers.setNoCacheAndCORSHeaders(request, response)
+    name = helpers.readParameter(request, paramName="name", requireValue=True)
+    value = helpers.readParameter(request, paramName="value", requireValue=True)
+    cookiesWithMatchingNames = request.cookies.get_list(name)
+    for cookie in cookiesWithMatchingNames:
+        if cookie.value == value:
+            # From https://github.com/mathiasbynens/small/blob/master/gif-transparent.gif
+            headers.append(("Content-Type","image/gif"))
+            gif = "\x47\x49\x46\x38\x39\x61\x01\x00\x01\x00\x80\x00\x00\xFF\xFF\xFF\x00\x00\x00\x21\xF9\x04\x01\x00\x00\x00\x00\x2C\x00\x00\x00\x00\x01\x00\x01\x00\x00\x02\x02\x44\x01\x00\x3B"
+            return headers, gif
+    return 500, headers, '{"error": {"message": "The cookie\'s value did not match the given value."}}'

tests/wpt/web-platform-tests/cookies/resources/list.py

@@ -0,0 +1,7 @@
+import json
+import helpers
+
+def main(request, response):
+    headers = helpers.setNoCacheAndCORSHeaders(request, response)
+    cookies = helpers.readCookies(request)
+    return headers, json.dumps(cookies)

tests/wpt/web-platform-tests/cookies/resources/postToParent.py

@@ -0,0 +1,27 @@
+import json
+import helpers
+
+def main(request, response):
+    headers = helpers.setNoCacheAndCORSHeaders(request, response)
+    cookies = helpers.readCookies(request)
+    headers.append(("Content-Type", "text/html; charset=utf-8"))
+
+    tmpl = """
+<!DOCTYPE html>
+<script>
+  var data = %s;
+
+  if (window.parent != window)
+    window.parent.postMessage(data, "*");
+
+  if (window.opener)
+    window.opener.postMessage(data, "*");
+
+  window.addEventListener("message", e => {
+    console.log(e);
+    if (e.data == "reload")
+      window.location.reload();
+  });
+</script>
+"""
+    return headers, tmpl % json.dumps(cookies)

tests/wpt/web-platform-tests/cookies/resources/redirectWithCORSHeaders.py

@@ -0,0 +1,22 @@
+from helpers import setNoCacheAndCORSHeaders
+
+def main(request, response):
+    """Simple handler that causes redirection.
+
+    The request should typically have two query parameters:
+    status - The status to use for the redirection. Defaults to 302.
+    location - The resource to redirect to.
+    """
+    status = 302
+    if "status" in request.GET:
+        try:
+            status = int(request.GET.first("status"))
+        except ValueError:
+            pass
+    headers = setNoCacheAndCORSHeaders(request, response)
+
+    location = request.GET.first("location")
+
+    headers.append(("Location", location))
+
+    return status, headers, ""

tests/wpt/web-platform-tests/cookies/resources/set.py

@@ -0,0 +1,7 @@
+import helpers
+
+def main(request, response):
+    """Respond to `/cookie/set?{cookie}` by echoing `{cookie}` as a `Set-Cookie` header."""
+    headers = helpers.setNoCacheAndCORSHeaders(request, response)
+    headers.append(("Set-Cookie", request.url_parts.query))
+    return headers, '{"success": true}'

tests/wpt/web-platform-tests/cookies/resources/setSameSite.py

@@ -0,0 +1,14 @@
+from helpers import makeCookieHeader, readParameter, setNoCacheAndCORSHeaders
+
+def main(request, response):
+    """Respond to `/cookie/set/samesite?{value}` by setting three cookies:
+    1. `samesite_strict={value};SameSite=Strict;path=/`
+    2. `samesite_lax={value};SameSite=Lax;path=/`
+    3. `samesite_none={value};path=/`"""
+    headers = setNoCacheAndCORSHeaders(request, response)
+    value = request.url_parts.query
+
+    headers.append(makeCookieHeader("samesite_strict", value, {"SameSite":"Strict","path":"/"}))
+    headers.append(makeCookieHeader("samesite_lax", value, {"SameSite":"Lax","path":"/"}))
+    headers.append(makeCookieHeader("samesite_none", value, {"path":"/"}))
+    return headers, '{"success": true}'

tests/wpt/web-platform-tests/cookies/resources/setSecure.py

@@ -0,0 +1,12 @@
+from helpers import makeCookieHeader, readParameter, setNoCacheAndCORSHeaders
+
+def main(request, response):
+    """Respond to `/cookie/set/secure?{value}` by setting two cookies:
+    alone_secure={value};secure;path=/`
+    alone_insecure={value};path=/"""
+    headers = setNoCacheAndCORSHeaders(request, response)
+    value = request.url_parts.query
+
+    headers.append(makeCookieHeader("alone_secure", value, {"secure": "","path": "/"}))
+    headers.append(makeCookieHeader("alone_insecure", value, {"path": "/"}))
+    return headers, '{"success": true}'