32 lines
1.6 KiB
HTML
32 lines
1.6 KiB
HTML
<!DOCTYPE html>
|
|
<meta charset="utf-8"/>
|
|
<script src="/resources/testharness.js"></script>
|
|
<script src="/resources/testharnessreport.js"></script>
|
|
<script src="/cookies/resources/cookie-helper.sub.js"></script>
|
|
<script>
|
|
promise_test(async function(t) {
|
|
let w = window.open(SECURE_ORIGIN + "/cookies/samesite/resources/puppet.html");
|
|
await wait_for_message("READY", SECURE_ORIGIN);
|
|
let random = "" + Math.random();
|
|
w.postMessage({type: "set", value: random}, "*");
|
|
let e = await wait_for_message("set-complete", SECURE_ORIGIN)
|
|
assert_dom_cookie("samesite_strict", e.data.value, true);
|
|
assert_dom_cookie("samesite_lax", e.data.value, true);
|
|
assert_dom_cookie("samesite_none", e.data.value, true);
|
|
assert_dom_cookie("samesite_unspecified", e.data.value, true);
|
|
w.close();
|
|
}, "Same-site window should be able to set `SameSite=Lax` or `SameSite=Strict` cookies.");
|
|
|
|
promise_test(async function(t) {
|
|
let w = window.open(SECURE_CROSS_SITE_ORIGIN + "/cookies/samesite/resources/puppet.html");
|
|
await wait_for_message("READY", SECURE_CROSS_SITE_ORIGIN);
|
|
let random = "" + Math.random();
|
|
w.postMessage({type: "set", value: random}, "*");
|
|
let e = await wait_for_message("set-complete", SECURE_CROSS_SITE_ORIGIN);
|
|
assert_dom_cookie("samesite_strict", e.data.value, false);
|
|
assert_dom_cookie("samesite_lax", e.data.value, false);
|
|
assert_dom_cookie("samesite_none", e.data.value, true);
|
|
assert_dom_cookie("samesite_unspecified", e.data.value, false);
|
|
w.close();
|
|
}, "Cross-site window shouldn't be able to set `SameSite=Lax` or `SameSite=Strict` cookies.");
|
|
</script>
|