Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-10-16 08:20:22 +01:00
Code Issues Projects Releases Packages Wiki Activity
servo/tests/wpt/web-platform-tests/cookies/samesite/setcookie-navigation.https.html

44 lines
2.2 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<meta charset="utf-8">
<meta name="timeout" content="long">
<meta name="variant" content="">
<meta name="variant" content="?legacy-samesite">
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/cookies/resources/cookie-helper.sub.js"></script>
<script>
function assert_samesite_cookies_present(cookies, value) {
let samesite_cookie_names = ["samesite_strict", "samesite_lax", "samesite_none", "samesite_unspecified"];
for (name of samesite_cookie_names) {
let re = new RegExp("(?:^|; )" + name + "=" + value + "(?:$|;)");
assert_true(re.test(cookies), "`" + name + "=" + value + "` in cookies");
}
}
// Navigate from ORIGIN to |origin_to|, expecting the navigation to set SameSite
// cookies on |origin_to|.
function navigate_test(method, origin_to, title) {
promise_test(async function(t) {
// The cookies don't need to be cleared on each run because |value| is
// a new random value on each run, so on each run we are overwriting and
// checking for a cookie with a different random value.
let value = "" + Math.random();
let url_from = SECURE_ORIGIN + "/cookies/samesite/resources/navigate.html";
let url_to = origin_to + "/cookies/resources/setSameSite.py?" + value;
var w = window.open(url_from);
await wait_for_message('READY', SECURE_ORIGIN);
assert_equals(SECURE_ORIGIN, window.origin);
assert_equals(SECURE_ORIGIN, w.origin);
let command = (method === "POST") ? "post-form" : "navigate";
w.postMessage({ type: command, url: url_to }, "*");
let message = await wait_for_message('COOKIES_SET', origin_to);
assert_samesite_cookies_present(message.data.cookies, value);
w.close();
}, title);
}
navigate_test("GET", SECURE_ORIGIN, "Same-site top-level navigation should be able to set SameSite=* cookies.");
navigate_test("GET", SECURE_CROSS_SITE_ORIGIN, "Cross-site top-level navigation should be able to set SameSite=* cookies.");
navigate_test("POST", SECURE_ORIGIN, "Same-site top-level POST should be able to set SameSite=* cookies.");
navigate_test("POST", SECURE_CROSS_SITE_ORIGIN, "Cross-site top-level POST should be able to set SameSite=* cookies.");
</script>
Reference in a new issue View git blame Copy permalink