Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-09-08 14:08:22 +01:00
Code Issues Projects Releases Packages Wiki Activity

Update web-platform-tests to revision 138d2e938d493a5c8435025162759c2e34b3b1d1

Browse source
This commit is contained in:
WPT Sync Bot 2019-05-24 10:23:39 +00:00
parent ce37d5ebf2
commit 732399d5d9
1754 changed files with 6528 additions and 3662 deletions
Download patch file Download diff file Expand all files Collapse all files

6
tests/wpt/web-platform-tests/cookies/prefix/__secure.header.https.html
View file

@ -26,7 +26,8 @@
// Without 'secure'
set_prefixed_cookie_via_http_test({
prefix: "__Secure-",
params: "Path=/;domain=" + CROSS_SITE_HOST,
// SameSite=None is necessary because cross-site origins cannot set SameSite cookies via fetch.
params: "Path=/;SameSite=None;domain=" + CROSS_SITE_HOST,
origin: SECURE_CROSS_SITE_ORIGIN,
shouldExistViaHTTP: false,
title: "__Secure: secure origin: Should not set 'Path=/;domain=" + CROSS_SITE_HOST + "'"
@ -35,7 +36,8 @@
// With 'secure'
set_prefixed_cookie_via_http_test({
prefix: "__Secure-",
params: "Secure;Path=/;domain=" + CROSS_SITE_HOST,
// SameSite=None is necessary because cross-site origins cannot set SameSite cookies via fetch.
params: "Secure;SameSite=None;Path=/;domain=" + CROSS_SITE_HOST,
origin: SECURE_CROSS_SITE_ORIGIN,
shouldExistViaHTTP: true,
title: "__Secure: secure origin: Should set 'Secure;Path=/;domain=" + CROSS_SITE_HOST + "'"

47
tests/wpt/web-platform-tests/cookies/resources/cookie-helper.sub.js
View file

@ -142,6 +142,7 @@ async function resetSameSiteCookies(origin, value) {
assert_dom_cookie("samesite_strict", value, false);
assert_dom_cookie("samesite_lax", value, false);
assert_dom_cookie("samesite_none", value, false);
assert_dom_cookie("samesite_unspecified", value, false);
}
w.postMessage({type: "set", value: value, useOwnOrigin: true}, "*");
@ -150,6 +151,7 @@ async function resetSameSiteCookies(origin, value) {
assert_dom_cookie("samesite_strict", value, true);
assert_dom_cookie("samesite_lax", value, true);
assert_dom_cookie("samesite_none", value, true);
assert_dom_cookie("samesite_unspecified", value, true);
}
} finally {
w.close();
@ -159,7 +161,8 @@ async function resetSameSiteCookies(origin, value) {
// Given an |expectedStatus| and |expectedValue|, assert the |cookies| contains the
// proper set of cookie names and values.
function verifySameSiteCookieState(expectedStatus, expectedValue, cookies) {
assert_equals(cookies["samesite_none"], expectedValue, "Non-SameSite cookies are always sent.");
assert_equals(cookies["samesite_none"], expectedValue, "SameSite=None cookies are always sent.");
assert_equals(cookies["samesite_unspecified"], expectedValue, "Unspecified-SameSite cookies are always sent.");
if (expectedStatus == SameSiteStatus.CROSS_SITE) {
assert_not_equals(cookies["samesite_strict"], expectedValue, "SameSite=Strict cookies are not sent with cross-site requests.");
assert_not_equals(cookies["samesite_lax"], expectedValue, "SameSite=Lax cookies are not sent with cross-site requests.");
@ -172,6 +175,32 @@ function verifySameSiteCookieState(expectedStatus, expectedValue, cookies) {
}
}
// Same as above except this expects samesite_unspecified to act the same as
// samesite_lax (which is the behavior expected when SameSiteByDefault is
// enabled).
function verifySameSiteCookieStateWithSameSiteByDefault(expectedStatus, expectedValue, cookies) {
assert_equals(cookies["samesite_none"], expectedValue, "SameSite=None cookies are always sent.");
if (expectedStatus == SameSiteStatus.CROSS_SITE) {
assert_not_equals(cookies["samesite_strict"], expectedValue, "SameSite=Strict cookies are not sent with cross-site requests.");
assert_not_equals(cookies["samesite_lax"], expectedValue, "SameSite=Lax cookies are not sent with cross-site requests.");
assert_not_equals(cookies["samesite_unspecified"], expectedValue, "Unspecified-SameSite cookies are not sent with cross-site requests.");
} else if (expectedStatus == SameSiteStatus.LAX) {
assert_not_equals(cookies["samesite_strict"], expectedValue, "SameSite=Strict cookies are not sent with lax requests.");
assert_equals(cookies["samesite_lax"], expectedValue, "SameSite=Lax cookies are sent with lax requests.");
assert_equals(cookies["samesite_unspecified"], expectedValue, "Unspecified-SameSite cookies are are sent with lax requests.")
} else if (expectedStatus == SameSiteStatus.STRICT) {
assert_equals(cookies["samesite_strict"], expectedValue, "SameSite=Strict cookies are sent with strict requests.");
assert_equals(cookies["samesite_lax"], expectedValue, "SameSite=Lax cookies are sent with strict requests.");
assert_equals(cookies["samesite_unspecified"], expectedValue, "Unspecified-SameSite cookies are are sent with strict requests.")
}
}
// Get the proper verifier based on the test's variant type.
function getSameSiteVerifier() {
return (location.search && location.search === "?samesite-by-default-cookies.tentative") ?
verifySameSiteCookieStateWithSameSiteByDefault : verifySameSiteCookieState;
}
//
// LeaveSecureCookiesAlone-specific test helpers:
//
@ -196,6 +225,22 @@ return credFetch(origin + "/cookies/resources/dropSecure.py")
})
}
// Reset SameSite=None test cookies on |origin|. If |origin| matches
// `self.origin`, assert (via `document.cookie`) that they were properly
// removed.
function resetSameSiteNoneCookies(origin, value) {
return credFetch(origin + "/cookies/resources/dropSameSiteNone.py")
.then(_ => {
if (origin == self.origin) {
assert_dom_cookie("samesite_none_insecure", value, false);
assert_dom_cookie("samesite_none_secure", value, false);
}
})
.then(_ => {
return credFetch(origin + "/cookies/resources/setSameSiteNone.py?" + value);
})
}
//
// DOM based cookie manipulation APIs
//

5
tests/wpt/web-platform-tests/cookies/resources/dropSameSite.py
View file

@ -1,12 +1,13 @@
from helpers import makeDropCookie, readParameter, setNoCacheAndCORSHeaders
from helpers import makeDropCookie, setNoCacheAndCORSHeaders
def main(request, response):
"""Respond to `/cookie/same-site/resources/dropSameSite.py by dropping the
three cookies set by setSameSiteCookies.py"""
four cookies set by setSameSiteCookies.py"""
headers = setNoCacheAndCORSHeaders(request, response)
# Expire the cookies, and return a JSON-encoded success code.
headers.append(makeDropCookie("samesite_strict", False))
headers.append(makeDropCookie("samesite_lax", False))
headers.append(makeDropCookie("samesite_none", False))
headers.append(makeDropCookie("samesite_unspecified", False))
return headers, '{"success": true}'

11
tests/wpt/web-platform-tests/cookies/resources/dropSameSiteNone.py Normal file
View file

@ -0,0 +1,11 @@
from helpers import makeDropCookie, setNoCacheAndCORSHeaders
def main(request, response):
"""Respond to `/cookies/resources/dropSameSiteNone.py by dropping the
two cookies set by setSameSiteNone.py"""
headers = setNoCacheAndCORSHeaders(request, response)
# Expire the cookies, and return a JSON-encoded success code.
headers.append(makeDropCookie("samesite_none_insecure", False))
headers.append(makeDropCookie("samesite_none_secure", True))
return headers, '{"success": true}'

25
tests/wpt/web-platform-tests/cookies/resources/setSameSite.py
View file

@ -1,14 +1,29 @@
from helpers import makeCookieHeader, readParameter, setNoCacheAndCORSHeaders
from helpers import makeCookieHeader, setNoCacheAndCORSHeaders
def main(request, response):
"""Respond to `/cookie/set/samesite?{value}` by setting three cookies:
"""Respond to `/cookie/set/samesite?{value}` by setting four cookies:
1. `samesite_strict={value};SameSite=Strict;path=/`
2. `samesite_lax={value};SameSite=Lax;path=/`
3. `samesite_none={value};path=/`"""
3. `samesite_none={value};SameSite=None;path=/`
4. `samesite_unspecified={value};path=/`
Then navigate to a page that will post a message back to the opener with the set cookies"""
headers = setNoCacheAndCORSHeaders(request, response)
value = request.url_parts.query
headers.append(("Content-Type", "text/html; charset=utf-8"))
headers.append(makeCookieHeader("samesite_strict", value, {"SameSite":"Strict","path":"/"}))
headers.append(makeCookieHeader("samesite_lax", value, {"SameSite":"Lax","path":"/"}))
headers.append(makeCookieHeader("samesite_none", value, {"path":"/"}))
return headers, '{"success": true}'
headers.append(makeCookieHeader("samesite_none", value, {"SameSite":"None", "path":"/"}))
headers.append(makeCookieHeader("samesite_unspecified", value, {"path":"/"}))
document = """
<!DOCTYPE html>
<script>
// A same-site navigation, which should attach all cookies including SameSite ones.
// This is necessary because this page may have been reached via a cross-site navigation, so
// we might not have access to some SameSite cookies from here.
window.location = "../samesite/resources/echo-cookies.html";
</script>
"""
return headers, document

14
tests/wpt/web-platform-tests/cookies/resources/setSameSiteNone.py Normal file
View file

@ -0,0 +1,14 @@
from helpers import makeCookieHeader, setNoCacheAndCORSHeaders
def main(request, response):
"""Respond to `/cookies/resources/setSameSiteNone.py?{value}` by setting two cookies:
1. `samesite_none_insecure={value};SameSite=None;path=/`
2. `samesite_none_secure={value};SameSite=None;Secure;path=/`
"""
headers = setNoCacheAndCORSHeaders(request, response)
value = request.url_parts.query
headers.append(makeCookieHeader("samesite_none_insecure", value, {"SameSite":"None", "path":"/"}))
headers.append(makeCookieHeader("samesite_none_secure", value, {"SameSite":"None", "Secure":"", "path":"/"}))
return headers, '{"success": true}'

20
tests/wpt/web-platform-tests/cookies/samesite-none-secure/cookies-without-samesite-must-be-secure.https.tentative.html Normal file
View file

@ -0,0 +1,20 @@
<!DOCTYPE html>
<meta charset="utf-8">
<meta name="timeout" content="long">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/cookies/resources/cookie-helper.sub.js"></script>
<script>
promise_test(t => {
var value = "" + Math.random();
return resetSameSiteNoneCookies(SECURE_ORIGIN, value)
.then(_ => {
return credFetch(SECURE_ORIGIN + "/cookies/resources/list.py")
.then(r => r.json())
.then(cookies => {
assert_not_equals(cookies["samesite_none_insecure"], value, "Non-Secure SameSite=None cookie is rejected.");
assert_equals(cookies["samesite_none_secure"], value, "Secure SameSite=None cookie is set.");
})
});
}, "SameSite=None cookies are rejected unless the Secure attribute is set.");
</script>

4
tests/wpt/web-platform-tests/cookies/samesite/fetch.html
View file

@ -1,6 +1,8 @@
<!DOCTYPE html>
<meta charset="utf-8"/>
<meta name="timeout" content="long">
<meta name="variant" content="">
<meta name="variant" content="?samesite-by-default-cookies.tentative">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/cookies/resources/cookie-helper.sub.js"></script>
@ -13,7 +15,7 @@
return credFetch(target + "/cookies/resources/list.py")
.then(r => r.json())
.then(cookies => verifySameSiteCookieState(expectedStatus, value, cookies));
.then(cookies => getSameSiteVerifier()(expectedStatus, value, cookies));
});
}, title);
}

4
tests/wpt/web-platform-tests/cookies/samesite/form-get-blank-reload.html
View file

@ -1,5 +1,7 @@
<!DOCTYPE html>
<meta charset="utf-8"/>
<meta name="variant" content="">
<meta name="variant" content="?samesite-by-default-cookies.tentative">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/cookies/resources/cookie-helper.sub.js"></script>
@ -28,7 +30,7 @@
var reloaded = false;
var msgHandler = e => {
try {
verifySameSiteCookieState(expectedStatus, value, e.data);
getSameSiteVerifier()(expectedStatus, value, e.data);
} catch (e) {
reject(e);
}

4
tests/wpt/web-platform-tests/cookies/samesite/form-get-blank.html
View file

@ -1,6 +1,8 @@
<!DOCTYPE html>
<meta charset="utf-8"/>
<meta name="timeout" content="long">
<meta name="variant" content="">
<meta name="variant" content="?samesite-by-default-cookies.tentative">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/cookies/resources/cookie-helper.sub.js"></script>
@ -31,7 +33,7 @@
window.removeEventListener("message", msgHandler);
e.source.close();
try {
verifySameSiteCookieState(expectedStatus, value, e.data);
getSameSiteVerifier()(expectedStatus, value, e.data);
resolve("Popup received the cookie.");
} catch (e) {
reject(e);

4
tests/wpt/web-platform-tests/cookies/samesite/form-post-blank-reload.html
View file

@ -1,5 +1,7 @@
<!DOCTYPE html>
<meta charset="utf-8"/>
<meta name="variant" content="">
<meta name="variant" content="?samesite-by-default-cookies.tentative">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/cookies/resources/cookie-helper.sub.js"></script>
@ -18,7 +20,7 @@
var reloaded = false;
var msgHandler = e => {
try {
verifySameSiteCookieState(expectedStatus, value, e.data);
getSameSiteVerifier()(expectedStatus, value, e.data);
} catch (e) {
reject(e);
}

4
tests/wpt/web-platform-tests/cookies/samesite/form-post-blank.html
View file

@ -1,6 +1,8 @@
<!DOCTYPE html>
<meta charset="utf-8"/>
<meta name="timeout" content="long">
<meta name="variant" content="">
<meta name="variant" content="?samesite-by-default-cookies.tentative">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/cookies/resources/cookie-helper.sub.js"></script>
@ -20,7 +22,7 @@
window.removeEventListener("message", msgHandler);
e.source.close();
try {
verifySameSiteCookieState(expectedStatus, value, e.data);
getSameSiteVerifier()(expectedStatus, value, e.data);
resolve("Popup received the cookie.");
} catch (e) {
reject(e);

4
tests/wpt/web-platform-tests/cookies/samesite/iframe-reload.html
View file

@ -1,6 +1,8 @@
<!DOCTYPE html>
<meta charset="utf-8"/>
<meta name="timeout" content="long">
<meta name="variant" content="">
<meta name="variant" content="?samesite-by-default-cookies.tentative">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/cookies/resources/cookie-helper.sub.js"></script>
@ -19,7 +21,7 @@
var reloaded = false;
var msgHandler = e => {
try {
verifySameSiteCookieState(expectedStatus, value, e.data);
getSameSiteVerifier()(expectedStatus, value, e.data);
} catch (e) {
reject(e);
}

4
tests/wpt/web-platform-tests/cookies/samesite/iframe.html
View file

@ -1,6 +1,8 @@
<!DOCTYPE html>
<meta charset="utf-8"/>
<meta name="timeout" content="long">
<meta name="variant" content="">
<meta name="variant" content="?samesite-by-default-cookies.tentative">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/cookies/resources/cookie-helper.sub.js"></script>
@ -22,7 +24,7 @@
document.body.removeChild(iframe);
window.removeEventListener("message", msgHandler);
try {
verifySameSiteCookieState(expectedStatus, value, e.data);
getSameSiteVerifier()(expectedStatus, value, e.data);
resolve();
} catch(e) {
reject(e);

26
tests/wpt/web-platform-tests/cookies/samesite/img.html
View file

@ -1,6 +1,8 @@
<!DOCTYPE html>
<meta charset="utf-8"/>
<meta name="timeout" content="long">
<meta name="variant" content="">
<meta name="variant" content="?samesite-by-default-cookies.tentative">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/cookies/resources/cookie-helper.sub.js"></script>
@ -38,15 +40,21 @@
var value = "" + Math.random();
return resetSameSiteCookies(origin, value)
.then(_ => {
return Promise.all([
assert_cookie_present(target, "samesite_none", value),
expectedStatus == SameSiteStatus.STRICT ?
assert_cookie_present(target, "samesite_strict", value) :
assert_cookie_absent(target, "samesite_strict", value),
expectedStatus == SameSiteStatus.CROSS_SITE ?
assert_cookie_absent(target, "samesite_lax", value) :
assert_cookie_present(target, "samesite_lax", value)
]);
var asserts = [assert_cookie_present(target, "samesite_none", value),
expectedStatus == SameSiteStatus.STRICT ?
assert_cookie_present(target, "samesite_strict", value) :
assert_cookie_absent(target, "samesite_strict", value),
expectedStatus == SameSiteStatus.CROSS_SITE ?
assert_cookie_absent(target, "samesite_lax", value) :
assert_cookie_present(target, "samesite_lax", value)];
if (location.search && location.search === "?samesite-by-default-cookies.tentative") {
asserts.push(expectedStatus == SameSiteStatus.CROSS_SITE ?
assert_cookie_absent(target, "samesite_unspecified", value) :
assert_cookie_present(target, "samesite_unspecified", value));
} else {
asserts.push(assert_cookie_present(target, "samesite_unspecified", value));
}
return Promise.all(asserts);
});
}, title);
}

5
tests/wpt/web-platform-tests/cookies/samesite/resources/echo-cookies.html Normal file
View file

@ -0,0 +1,5 @@
<!DOCTYPE html>
<meta charset="utf-8">
<script>
window.opener.postMessage({ type: 'COOKIES_SET', cookies: document.cookie }, '*');
</script>

27
tests/wpt/web-platform-tests/cookies/samesite/resources/navigate.html Normal file
View file

@ -0,0 +1,27 @@
<!DOCTYPE html>
<meta charset="utf-8">
<script src="/cookies/resources/cookie-helper.sub.js"></script>
<script>
window.addEventListener('load', function() {
window.opener.postMessage({ type: 'READY' }, '*');
});
window.addEventListener('message', function(e) {
if (ORIGIN !== window.location.origin)
return;
if (window.location.origin !== e.origin)
return;
if (e.data.type === "navigate") {
window.location = e.data.url;
}
if (e.data.type === "post-form") {
var f = document.createElement('form');
f.action = e.data.url;
f.method = "POST";
document.body.appendChild(f);
f.submit();
}
});
</script>

5
tests/wpt/web-platform-tests/cookies/samesite/setcookie-lax.html
View file

@ -1,5 +1,7 @@
<!DOCTYPE html>
<meta charset="utf-8"/>
<meta name="variant" content="">
<meta name="variant" content="?samesite-by-default-cookies.tentative">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/cookies/resources/cookie-helper.sub.js"></script>
@ -13,6 +15,7 @@
assert_dom_cookie("samesite_strict", e.data.value, true);
assert_dom_cookie("samesite_lax", e.data.value, true);
assert_dom_cookie("samesite_none", e.data.value, true);
assert_dom_cookie("samesite_unspecified", e.data.value, true);
w.close();
}, "Same-site window should be able to set `SameSite=Lax` or `SameSite=Strict` cookies.");
@ -25,6 +28,8 @@
assert_dom_cookie("samesite_strict", e.data.value, false);
assert_dom_cookie("samesite_lax", e.data.value, false);
assert_dom_cookie("samesite_none", e.data.value, true);
assert_dom_cookie("samesite_unspecified", e.data.value,
location.search !== "?samesite-by-default-cookies.tentative");
w.close();
}, "Cross-site window shouldn't be able to set `SameSite=Lax` or `SameSite=Strict` cookies.");
</script>

44
tests/wpt/web-platform-tests/cookies/samesite/setcookie-navigation.html Normal file
View file

@ -0,0 +1,44 @@
<!DOCTYPE html>
<meta charset="utf-8">
<meta name="timeout" content="long">
<meta name="variant" content="">
<meta name="variant" content="?samesite-by-default-cookies.tentative">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/cookies/resources/cookie-helper.sub.js"></script>
<script>
function assert_samesite_cookies_present(cookies, value) {
let samesite_cookie_names = ["samesite_strict", "samesite_lax", "samesite_none", "samesite_unspecified"];
for (name of samesite_cookie_names) {
let re = new RegExp("(?:^|; )" + name + "=" + value + "(?:$|;)");
assert_true(re.test(cookies), "`" + name + "=" + value + "` in cookies");
}
}
// Navigate from ORIGIN to |origin_to|, expecting the navigation to set SameSite
// cookies on |origin_to|.
function navigate_test(method, origin_to, title) {
promise_test(async function(t) {
// The cookies don't need to be cleared on each run because |value| is
// a new random value on each run, so on each run we are overwriting and
// checking for a cookie with a different random value.
let value = "" + Math.random();
let url_from = ORIGIN + "/cookies/samesite/resources/navigate.html";
let url_to = origin_to + "/cookies/resources/setSameSite.py?" + value;
var w = window.open(url_from);
await wait_for_message('READY', ORIGIN);
assert_equals(ORIGIN, window.origin);
assert_equals(ORIGIN, w.origin);
let command = (method === "POST") ? "post-form" : "navigate";
w.postMessage({ type: command, url: url_to }, "*");
let message = await wait_for_message('COOKIES_SET', origin_to);
assert_samesite_cookies_present(message.data.cookies, value);
w.close();
}, title);
}
navigate_test("GET", ORIGIN, "Same-site top-level navigation should be able to set SameSite=* cookies.");
navigate_test("GET", CROSS_SITE_ORIGIN, "Cross-site top-level navigation should be able to set SameSite=* cookies.");
navigate_test("POST", ORIGIN, "Same-site top-level POST should be able to set SameSite=* cookies.");
navigate_test("POST", CROSS_SITE_ORIGIN, "Cross-site top-level POST should be able to set SameSite=* cookies.");
</script>

4
tests/wpt/web-platform-tests/cookies/samesite/window-open-reload.html
View file

@ -1,5 +1,7 @@
<!DOCTYPE html>
<meta charset="utf-8"/>
<meta name="variant" content="">
<meta name="variant" content="?samesite-by-default-cookies.tentative">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/cookies/resources/cookie-helper.sub.js"></script>
@ -15,7 +17,7 @@
var reloaded = false;
var msgHandler = e => {
try {
verifySameSiteCookieState(expectedStatus, value, e.data);
getSameSiteVerifier()(expectedStatus, value, e.data);
} catch (e) {
reject(e);
}

5
tests/wpt/web-platform-tests/cookies/samesite/window-open.html
View file

@ -1,5 +1,8 @@
<!DOCTYPE html>
<meta charset="utf-8"/>
<meta name="timeout" content="long">
<meta name="variant" content="">
<meta name="variant" content="?samesite-by-default-cookies.tentative">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/cookies/resources/cookie-helper.sub.js"></script>
@ -16,7 +19,7 @@
window.removeEventListener("message", msgHandler);
w.close();
try {
verifySameSiteCookieState(expectedStatus, value, e.data);
getSameSiteVerifier()(expectedStatus, value, e.data);
resolve("Popup received the cookie.");
} catch (e) {
reject(e);