From 0ebf5bdf043a27fd3dfb7f92e0cb63d88954c44d Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 19 Apr 2024 03:47:29 +0200 Subject: Adding upstream version 115.8.0esr. Signed-off-by: Daniel Baumann --- .../tests/cookies/resources/__init__.py | 0 .../tests/cookies/resources/cookie-helper.sub.js | 284 +++++++++++++++++++++ .../tests/cookies/resources/cookie-test.js | 186 ++++++++++++++ .../web-platform/tests/cookies/resources/cookie.py | 42 +++ .../web-platform/tests/cookies/resources/drop.py | 14 + .../tests/cookies/resources/dropSameSite.py | 13 + .../resources/dropSameSiteMultiAttribute.py | 17 ++ .../tests/cookies/resources/dropSameSiteNone.py | 11 + .../tests/cookies/resources/dropSecure.py | 11 + .../tests/cookies/resources/echo-cookie.html | 31 +++ .../tests/cookies/resources/echo-json.py | 15 ++ .../tests/cookies/resources/helpers.py | 59 +++++ .../tests/cookies/resources/imgIfMatch.py | 16 ++ .../cookies/resources/list-cookies-for-script.py | 12 + .../web-platform/tests/cookies/resources/list.py | 10 + .../tests/cookies/resources/navigate.html | 8 + .../tests/cookies/resources/postToParent.py | 39 +++ .../cookies/resources/redirectWithCORSHeaders.py | 22 ++ .../tests/cookies/resources/set-cookie.py | 45 ++++ .../web-platform/tests/cookies/resources/set.py | 15 ++ .../tests/cookies/resources/setSameSite.py | 32 +++ .../tests/cookies/resources/setSameSiteDomain.py | 36 +++ .../cookies/resources/setSameSiteMultiAttribute.py | 60 +++++ .../tests/cookies/resources/setSameSiteNone.py | 16 ++ .../tests/cookies/resources/setSecure.py | 14 + .../tests/cookies/resources/testharness-helpers.js | 49 ++++ 26 files changed, 1057 insertions(+) create mode 100644 testing/web-platform/tests/cookies/resources/__init__.py create mode 100644 testing/web-platform/tests/cookies/resources/cookie-helper.sub.js create mode 100644 testing/web-platform/tests/cookies/resources/cookie-test.js create mode 100644 testing/web-platform/tests/cookies/resources/cookie.py create mode 100644 testing/web-platform/tests/cookies/resources/drop.py create mode 100644 testing/web-platform/tests/cookies/resources/dropSameSite.py create mode 100644 testing/web-platform/tests/cookies/resources/dropSameSiteMultiAttribute.py create mode 100644 testing/web-platform/tests/cookies/resources/dropSameSiteNone.py create mode 100644 testing/web-platform/tests/cookies/resources/dropSecure.py create mode 100644 testing/web-platform/tests/cookies/resources/echo-cookie.html create mode 100644 testing/web-platform/tests/cookies/resources/echo-json.py create mode 100644 testing/web-platform/tests/cookies/resources/helpers.py create mode 100644 testing/web-platform/tests/cookies/resources/imgIfMatch.py create mode 100644 testing/web-platform/tests/cookies/resources/list-cookies-for-script.py create mode 100644 testing/web-platform/tests/cookies/resources/list.py create mode 100644 testing/web-platform/tests/cookies/resources/navigate.html create mode 100644 testing/web-platform/tests/cookies/resources/postToParent.py create mode 100644 testing/web-platform/tests/cookies/resources/redirectWithCORSHeaders.py create mode 100644 testing/web-platform/tests/cookies/resources/set-cookie.py create mode 100644 testing/web-platform/tests/cookies/resources/set.py create mode 100644 testing/web-platform/tests/cookies/resources/setSameSite.py create mode 100644 testing/web-platform/tests/cookies/resources/setSameSiteDomain.py create mode 100644 testing/web-platform/tests/cookies/resources/setSameSiteMultiAttribute.py create mode 100644 testing/web-platform/tests/cookies/resources/setSameSiteNone.py create mode 100644 testing/web-platform/tests/cookies/resources/setSecure.py create mode 100644 testing/web-platform/tests/cookies/resources/testharness-helpers.js (limited to 'testing/web-platform/tests/cookies/resources') diff --git a/testing/web-platform/tests/cookies/resources/__init__.py b/testing/web-platform/tests/cookies/resources/__init__.py new file mode 100644 index 0000000000..e69de29bb2 diff --git a/testing/web-platform/tests/cookies/resources/cookie-helper.sub.js b/testing/web-platform/tests/cookies/resources/cookie-helper.sub.js new file mode 100644 index 0000000000..3338cf0e80 --- /dev/null +++ b/testing/web-platform/tests/cookies/resources/cookie-helper.sub.js @@ -0,0 +1,284 @@ +// Set up exciting global variables for cookie tests. +(_ => { + var HOST = "{{host}}"; + var INSECURE_PORT = ":{{ports[http][0]}}"; + var SECURE_PORT = ":{{ports[https][0]}}"; + var CROSS_ORIGIN_HOST = "{{hosts[alt][]}}"; + + window.INSECURE_ORIGIN = "http://" + HOST + INSECURE_PORT; + + //For secure cookie verification + window.SECURE_ORIGIN = "https://" + HOST + SECURE_PORT; + + //standard references + window.SECURE_SUBDOMAIN_ORIGIN = "https://{{domains[www1]}}" + SECURE_PORT; + window.SECURE_CROSS_SITE_ORIGIN = "https://" + CROSS_ORIGIN_HOST + SECURE_PORT; + window.CROSS_SITE_HOST = CROSS_ORIGIN_HOST; + + // Set the global cookie name. + window.HTTP_COOKIE = "cookie_via_http"; +})(); + +// A tiny helper which returns the result of fetching |url| with credentials. +function credFetch(url) { + return fetch(url, {"credentials": "include"}) + .then(response => { + if (response.status !== 200) { + throw new Error(response.statusText); + } + return response; + }); +} + +// Returns a URL on |origin| which redirects to a given absolute URL. +function redirectTo(origin, url) { + return origin + "/cookies/resources/redirectWithCORSHeaders.py?status=307&location=" + encodeURIComponent(url); +} + +// Returns a URL on |origin| which navigates the window to the given URL (by +// setting window.location). +function navigateTo(origin, url) { + return origin + "/cookies/resources/navigate.html?location=" + encodeURIComponent(url); +} + +// Returns whether a cookie with name `name` with value `value` is in the cookie +// string (presumably obtained via document.cookie). +function cookieStringHasCookie(name, value, cookieString) { + return new RegExp(`(?:^|; )${name}=${value}(?:$|;)`).test(cookieString); +} + +// Asserts that `document.cookie` contains or does not contain (according to +// the value of |present|) a cookie named |name| with a value of |value|. +function assert_dom_cookie(name, value, present) { + assert_equals(cookieStringHasCookie(name, value, document.cookie), present, "`" + name + "=" + value + "` in `document.cookie`"); +} + +function assert_cookie(origin, obj, name, value, present) { + assert_equals(obj[name], present ? value : undefined, "`" + name + "=" + value + "` in request to `" + origin + "`."); +} + +// Remove the cookie named |name| from |origin|, then set it on |origin| anew. +// If |origin| matches `self.origin`, also assert (via `document.cookie`) that +// the cookie was correctly removed and reset. +async function create_cookie(origin, name, value, extras) { + alert("Create_cookie: " + origin + "/cookies/resources/drop.py?name=" + name); + await credFetch(origin + "/cookies/resources/drop.py?name=" + name); + if (origin == self.origin) + assert_dom_cookie(name, value, false); + await credFetch(origin + "/cookies/resources/set.py?" + name + "=" + value + ";path=/;" + extras); + if (origin == self.origin) + assert_dom_cookie(name, value, true); +} + +// +// Prefix-specific test helpers +// +function set_prefixed_cookie_via_dom_test(options) { + promise_test(t => { + var name = options.prefix + "prefixtestcookie"; + erase_cookie_from_js(name, options.params); + t.add_cleanup(() => erase_cookie_from_js(name, options.params)); + var value = "" + Math.random(); + document.cookie = name + "=" + value + ";" + options.params; + + assert_dom_cookie(name, value, options.shouldExistInDOM); + + return credFetch("/cookies/resources/list.py") + .then(r => r.json()) + .then(cookies => assert_equals(cookies[name], options.shouldExistViaHTTP ? value : undefined)); + }, options.title); +} + +function set_prefixed_cookie_via_http_test(options) { + promise_test(t => { + var name = options.prefix + "prefixtestcookie"; + var value = "" + Math.random(); + + t.add_cleanup(() => { + var cookie = name + "=0;expires=" + new Date(0).toUTCString() + ";" + + options.params; + + return credFetch(options.origin + "/cookies/resources/set.py?" + cookie); + }); + + return credFetch(options.origin + "/cookies/resources/set.py?" + name + "=" + value + ";" + options.params) + .then(_ => credFetch(options.origin + "/cookies/resources/list.py")) + .then(r => r.json()) + .then(cookies => assert_equals(cookies[name], options.shouldExistViaHTTP ? value : undefined)); + }, options.title); +} + +// +// SameSite-specific test helpers: +// + +// status for "network" cookies. +window.SameSiteStatus = { + CROSS_SITE: "cross-site", + LAX: "lax", + STRICT: "strict" +}; +// status for "document.cookie". +window.DomSameSiteStatus = { + CROSS_SITE: "cross-site", + SAME_SITE: "same-site", +}; + +const wait_for_message = (type, origin) => { + return new Promise((resolve, reject) => { + window.addEventListener('message', e => { + if (origin && e.origin != origin) { + reject("Message from unexpected origin in wait_for_message:" + e.origin); + return; + } + + if (e.data.type && e.data.type === type) + resolve(e); + }, { once: true }); + }); +}; + +// Reset SameSite test cookies on |origin|. If |origin| matches `self.origin`, assert +// (via `document.cookie`) that they were properly removed and reset. +async function resetSameSiteCookies(origin, value) { + let w = window.open(origin + "/cookies/samesite/resources/puppet.html"); + try { + await wait_for_message("READY", origin); + w.postMessage({type: "drop", useOwnOrigin: true}, "*"); + await wait_for_message("drop-complete", origin); + if (origin == self.origin) { + assert_dom_cookie("samesite_strict", value, false); + assert_dom_cookie("samesite_lax", value, false); + assert_dom_cookie("samesite_none", value, false); + assert_dom_cookie("samesite_unspecified", value, false); + } + + w.postMessage({type: "set", value: value, useOwnOrigin: true}, "*"); + await wait_for_message("set-complete", origin); + if (origin == self.origin) { + assert_dom_cookie("samesite_strict", value, true); + assert_dom_cookie("samesite_lax", value, true); + assert_dom_cookie("samesite_none", value, true); + assert_dom_cookie("samesite_unspecified", value, true); + } + } finally { + w.close(); + } +} + +// Given an |expectedStatus| and |expectedValue|, assert the |cookies| contains +// the proper set of cookie names and values. Expects SameSite-Lax-by-default. +function verifySameSiteCookieState(expectedStatus, expectedValue, cookies, domCookieStatus) { + assert_equals(cookies["samesite_none"], expectedValue, "SameSite=None cookies are always sent."); + if (expectedStatus == SameSiteStatus.CROSS_SITE) { + assert_not_equals(cookies["samesite_strict"], expectedValue, "SameSite=Strict cookies are not sent with cross-site requests."); + assert_not_equals(cookies["samesite_lax"], expectedValue, "SameSite=Lax cookies are not sent with cross-site requests."); + assert_not_equals(cookies["samesite_unspecified"], expectedValue, "Unspecified-SameSite cookies are not sent with cross-site requests."); + } else if (expectedStatus == SameSiteStatus.LAX) { + assert_not_equals(cookies["samesite_strict"], expectedValue, "SameSite=Strict cookies are not sent with lax requests."); + assert_equals(cookies["samesite_lax"], expectedValue, "SameSite=Lax cookies are sent with lax requests."); + assert_equals(cookies["samesite_unspecified"], expectedValue, "Unspecified-SameSite cookies are are sent with lax requests.") + } else if (expectedStatus == SameSiteStatus.STRICT) { + assert_equals(cookies["samesite_strict"], expectedValue, "SameSite=Strict cookies are sent with strict requests."); + assert_equals(cookies["samesite_lax"], expectedValue, "SameSite=Lax cookies are sent with strict requests."); + assert_equals(cookies["samesite_unspecified"], expectedValue, "Unspecified-SameSite cookies are are sent with strict requests.") + } + + if (cookies["domcookies"]) { + verifyDocumentCookieSameSite(domCookieStatus, expectedValue, cookies['domcookies']); + } +} + +function verifyDocumentCookieSameSite(expectedStatus, expectedValue, domcookies) { + const cookies = domcookies.split(";") + .map(cookie => cookie.trim().split("=")) + .reduce((obj, cookie) => { + obj[cookie[0]] = cookie[1]; + return obj; + }, {}); + + if (expectedStatus == DomSameSiteStatus.SAME_SITE) { + assert_equals(cookies["samesite_none"], expectedValue, "SameSite=None cookies are always included in document.cookie."); + assert_equals(cookies["samesite_unspecified"], expectedValue, "Unspecified-SameSite cookies are always included in document.cookie."); + assert_equals(cookies["samesite_strict"], expectedValue, "SameSite=Strict cookies are always included in document.cookie."); + assert_equals(cookies["samesite_lax"], expectedValue, "SameSite=Lax cookies are always included in document.cookie."); + } else if (expectedStatus == DomSameSiteStatus.CROSS_SITE) { + assert_equals(cookies["samesite_none"], expectedValue, "SameSite=None cookies are always included in document.cookie."); + assert_not_equals(cookies["samesite_unspecified"], expectedValue, "Unspecified-SameSite cookies are not included in document.cookie when cross-site."); + assert_not_equals(cookies["samesite_strict"], expectedValue, "SameSite=Strict cookies are not included in document.cookie when cross-site."); + assert_not_equals(cookies["samesite_lax"], expectedValue, "SameSite=Lax cookies are not included in document.cookie when cross-site."); + } +} + +// +// LeaveSecureCookiesAlone-specific test helpers: +// + +window.SecureStatus = { + INSECURE_COOKIE_ONLY: "1", + BOTH_COOKIES: "2", +}; + +//Reset SameSite test cookies on |origin|. If |origin| matches `self.origin`, assert +//(via `document.cookie`) that they were properly removed and reset. +function resetSecureCookies(origin, value) { +return credFetch(origin + "/cookies/resources/dropSecure.py") + .then(_ => { + if (origin == self.origin) { + assert_dom_cookie("alone_secure", value, false); + assert_dom_cookie("alone_insecure", value, false); + } + }) + .then(_ => { + return credFetch(origin + "/cookie/resources/setSecure.py?" + value) + }) +} + +// Reset SameSite=None test cookies on |origin|. If |origin| matches +// `self.origin`, assert (via `document.cookie`) that they were properly +// removed. +function resetSameSiteNoneCookies(origin, value) { + return credFetch(origin + "/cookies/resources/dropSameSiteNone.py") + .then(_ => { + if (origin == self.origin) { + assert_dom_cookie("samesite_none_insecure", value, false); + assert_dom_cookie("samesite_none_secure", value, false); + } + }) + .then(_ => { + return credFetch(origin + "/cookies/resources/setSameSiteNone.py?" + value); + }) +} + +// Reset test cookies with multiple SameSite attributes on |origin|. +// If |origin| matches `self.origin`, assert (via `document.cookie`) +// that they were properly removed. +function resetSameSiteMultiAttributeCookies(origin, value) { + return credFetch(origin + "/cookies/resources/dropSameSiteMultiAttribute.py") + .then(_ => { + if (origin == self.origin) { + assert_dom_cookie("samesite_unsupported", value, false); + assert_dom_cookie("samesite_unsupported_none", value, false); + assert_dom_cookie("samesite_unsupported_lax", value, false); + assert_dom_cookie("samesite_unsupported_strict", value, false); + assert_dom_cookie("samesite_none_unsupported", value, false); + assert_dom_cookie("samesite_lax_unsupported", value, false); + assert_dom_cookie("samesite_strict_unsupported", value, false); + assert_dom_cookie("samesite_lax_none", value, false); + } + }) + .then(_ => { + return credFetch(origin + "/cookies/resources/setSameSiteMultiAttribute.py?" + value); + }) +} + +// +// DOM based cookie manipulation APIs +// + +// erase cookie value and set for expiration +function erase_cookie_from_js(name, params) { + document.cookie = `${name}=0; expires=${new Date(0).toUTCString()}; ${params};`; + var re = new RegExp("(?:^|; )" + name); + assert_equals(re.test(document.cookie), false, "Sanity check: " + name + " has been deleted."); +} diff --git a/testing/web-platform/tests/cookies/resources/cookie-test.js b/testing/web-platform/tests/cookies/resources/cookie-test.js new file mode 100644 index 0000000000..a909e4d72f --- /dev/null +++ b/testing/web-platform/tests/cookies/resources/cookie-test.js @@ -0,0 +1,186 @@ +// getAndExpireCookiesForDefaultPathTest is a helper method to get and delete +// cookies using echo-cookie.html. +async function getAndExpireCookiesForDefaultPathTest() { + return new Promise((resolve, reject) => { + try { + const iframe = document.createElement('iframe'); + iframe.style = 'display: none'; + iframe.src = '/cookies/resources/echo-cookie.html'; + iframe.addEventListener('load', (e) => { + const win = e.target.contentWindow; + const iframeCookies = win.getCookies(); + win.expireCookies().then(() => { + document.documentElement.removeChild(iframe); + resolve(iframeCookies); + }); + }, {once: true}); + document.documentElement.appendChild(iframe); + } catch (e) { + reject(e); + } + }); +} + +// getAndExpireCookiesForRedirectTest is a helper method to get and delete +// cookies that were set from a Location header redirect. +async function getAndExpireCookiesForRedirectTest(location) { + return new Promise((resolve, reject) => { + try { + const iframe = document.createElement('iframe'); + iframe.style = 'display: none'; + iframe.src = location; + const listener = (e) => { + if (typeof e.data == 'object' && 'cookies' in e.data) { + window.removeEventListener('message', listener); + document.documentElement.removeChild(iframe); + resolve(e.data.cookies); + } + }; + window.addEventListener('message', listener); + iframe.addEventListener('load', (e) => { + e.target.contentWindow.postMessage('getAndExpireCookiesForRedirectTest', '*'); + }, {once: true}); + document.documentElement.appendChild(iframe); + } catch (e) { + reject(e); + } + }); +} + +// httpCookieTest sets a `cookie` (via HTTP), then asserts it was or was not set +// via `expectedValue` (via the DOM). Then cleans it up (via test driver). Most +// tests do not set a Path attribute, so `defaultPath` defaults to true. If the +// cookie values are expected to cause the HTTP request or response to fail, the +// test can be made to pass when this happens via `allowFetchFailure`, which +// defaults to false. +// +// `cookie` may be a single cookie string, or an array of cookie strings, where +// the order of the array items represents the order of the Set-Cookie headers +// sent by the server. +// +// Note: this function has a dependency on testdriver.js. Any test files calling +// it should include testdriver.js and testdriver-vendor.js +function httpCookieTest(cookie, expectedValue, name, defaultPath = true, + allowFetchFailure = false) { + return promise_test((t) => { + var skipAssertions = false; + return new Promise(async (resolve, reject) => { + // The result is ignored as we're expiring cookies for cleaning here. + await getAndExpireCookiesForDefaultPathTest(); + await test_driver.delete_all_cookies(); + t.add_cleanup(test_driver.delete_all_cookies); + + let encodedCookie = encodeURIComponent(JSON.stringify(cookie)); + try { + await fetch(`/cookies/resources/cookie.py?set=${encodedCookie}`); + } catch { + if (allowFetchFailure) { + skipAssertions = true; + resolve(); + } else { + reject('Failed to fetch /cookies/resources/cookie.py'); + } + } + let cookies = document.cookie; + if (defaultPath) { + // for the tests where a Path is set from the request-uri + // path, we need to go look for cookies in an iframe at that + // default path. + cookies = await getAndExpireCookiesForDefaultPathTest(); + } + resolve(cookies); + }).then((cookies) => { + if (skipAssertions) { + return; + } + if (Boolean(expectedValue)) { + assert_equals(cookies, expectedValue, 'The cookie was set as expected.'); + } else { + assert_equals(cookies, expectedValue, 'The cookie was rejected.'); + } + }); + }, name); +} + +// This is a variation on httpCookieTest, where a redirect happens via +// the Location header and we check to see if cookies are sent via +// getRedirectedCookies +// +// Note: the locations targeted by this function have a dependency on +// path-redirect-shared.js and should be sure to include it. +function httpRedirectCookieTest(cookie, expectedValue, name, location) { + return promise_test(async (t) => { + // The result is ignored as we're expiring cookies for cleaning here. + await getAndExpireCookiesForRedirectTest(location); + + const encodedCookie = encodeURIComponent(JSON.stringify(cookie)); + const encodedLocation = encodeURIComponent(location); + const setParams = `?set=${encodedCookie}&location=${encodedLocation}`; + await fetch(`/cookies/resources/cookie.py${setParams}`); + // for the tests where a redirect happens, we need to head + // to that URI to get the cookies (and then delete them there) + const cookies = await getAndExpireCookiesForRedirectTest(location); + if (Boolean(expectedValue)) { + assert_equals(cookies, expectedValue, 'The cookie was set as expected.'); + } else { + assert_equals(cookies, expectedValue, 'The cookie was rejected.'); + } + }, name); +} + +// Sets a `cookie` via the DOM, checks it against `expectedValue` via the DOM, +// then cleans it up via the DOM. This is needed in cases where going through +// HTTP headers may modify the cookie line (e.g. by stripping control +// characters). +// +// Note: this function has a dependency on testdriver.js. Any test files calling +// it should include testdriver.js and testdriver-vendor.js +function domCookieTest(cookie, expectedValue, name) { + return promise_test(async (t) => { + await test_driver.delete_all_cookies(); + t.add_cleanup(test_driver.delete_all_cookies); + + if (typeof cookie === "string") { + document.cookie = cookie; + } else if (Array.isArray(cookie)) { + for (const singlecookie of cookie) { + document.cookie = singlecookie; + } + } else { + throw new Error('Unexpected type passed into domCookieTest as cookie: ' + typeof cookie); + } + let cookies = document.cookie; + assert_equals(cookies, expectedValue, Boolean(expectedValue) ? + 'The cookie was set as expected.' : + 'The cookie was rejected.'); + }, name); +} + +// Returns an array of control characters along with their ASCII codes. Control +// characters are defined by RFC 5234 to be %x00-1F / %x7F. +function getCtlCharacters() { + const ctlCodes = [...Array(0x20).keys()] + .concat([0x7F]); + return ctlCodes.map(i => ({ code: i, chr: String.fromCharCode(i) })) +} + +// Returns a cookie string with name set to "t" * nameLength and value +// set to "1" * valueLength. Passing in 0 for either allows for creating +// a name- or value-less cookie. +// +// Note: Cookie length checking should ignore the "=". +function cookieStringWithNameAndValueLengths(nameLength, valueLength) { + return `${"t".repeat(nameLength)}=${"1".repeat(valueLength)}`; +} + +// Finds the root window.top.opener and directs test_driver commands to it. +// +// If you see a message like: "Error: Tried to run in a non-testharness window +// without a call to set_test_context." then you probably need to call this. +function setTestContextUsingRootWindow() { + let test_window = window.top; + while (test_window.opener && !test_window.opener.closed) { + test_window = test_window.opener.top; + } + test_driver.set_test_context(test_window); +} diff --git a/testing/web-platform/tests/cookies/resources/cookie.py b/testing/web-platform/tests/cookies/resources/cookie.py new file mode 100644 index 0000000000..936679bc9f --- /dev/null +++ b/testing/web-platform/tests/cookies/resources/cookie.py @@ -0,0 +1,42 @@ +import json + +from cookies.resources.helpers import setNoCacheAndCORSHeaders +from wptserve.utils import isomorphic_decode +from wptserve.utils import isomorphic_encode + +def set_cookie(headers, cookie_string): + """Helper method to add a Set-Cookie header""" + headers.append((b'Set-Cookie', isomorphic_encode(cookie_string))) + +def main(request, response): + """Set a cookie via GET params. + + Usage: `/cookie.py?set={cookie}` + + The passed-in cookie string should be stringified via JSON.stringify() (in + the case of multiple cookie headers sent in an array) and encoded via + encodeURIComponent, otherwise `parse_qsl` will split on any semicolons + (used by the Request.GET property getter). Note that values returned by + Request.GET will decode any percent-encoded sequences sent in a GET param + (which may or may not be surprising depending on what you're doing). + + Note: here we don't use Response.delete_cookie() or similar other methods + in this resources directory because there are edge cases that are impossible + to express via those APIs, namely a bare (`Path`) or empty Path (`Path=`) + attribute. Instead, we pipe through the entire cookie and append `max-age=0` + to it. + """ + headers = setNoCacheAndCORSHeaders(request, response) + + if b'set' in request.GET: + cookie = isomorphic_decode(request.GET[b'set']) + cookie = json.loads(cookie) + cookies = cookie if isinstance(cookie, list) else [cookie] + for c in cookies: + set_cookie(headers, c) + + if b'location' in request.GET: + headers.append((b'Location', request.GET[b'location'])) + return 302, headers, b'{"redirect": true}' + + return headers, b'{"success": true}' diff --git a/testing/web-platform/tests/cookies/resources/drop.py b/testing/web-platform/tests/cookies/resources/drop.py new file mode 100644 index 0000000000..612add2169 --- /dev/null +++ b/testing/web-platform/tests/cookies/resources/drop.py @@ -0,0 +1,14 @@ +from cookies.resources.helpers import makeDropCookie, readParameter, setNoCacheAndCORSHeaders + +def main(request, response): + """Respond to `/cookie/drop?name={name}` by expiring the cookie named `{name}`.""" + headers = setNoCacheAndCORSHeaders(request, response) + try: + # Expire the named cookie, and return a JSON-encoded success code. + name = readParameter(request, paramName=u"name", requireValue=True) + scheme = request.url_parts.scheme + headers.append(makeDropCookie(name, u"https" == scheme)) + return headers, b'{"success": true}' + except: + return 500, headers, b'{"error" : "Empty or missing name parameter."}' + diff --git a/testing/web-platform/tests/cookies/resources/dropSameSite.py b/testing/web-platform/tests/cookies/resources/dropSameSite.py new file mode 100644 index 0000000000..a0aa83558d --- /dev/null +++ b/testing/web-platform/tests/cookies/resources/dropSameSite.py @@ -0,0 +1,13 @@ +from cookies.resources.helpers import makeDropCookie, setNoCacheAndCORSHeaders + +def main(request, response): + """Respond to `/cookie/same-site/resources/dropSameSite.py by dropping the + four cookies set by setSameSiteCookies.py""" + headers = setNoCacheAndCORSHeaders(request, response) + + # Expire the cookies, and return a JSON-encoded success code. + headers.append(makeDropCookie(b"samesite_strict", False)) + headers.append(makeDropCookie(b"samesite_lax", False)) + headers.append(makeDropCookie(b"samesite_none", False)) + headers.append(makeDropCookie(b"samesite_unspecified", False)) + return headers, b'{"success": true}' diff --git a/testing/web-platform/tests/cookies/resources/dropSameSiteMultiAttribute.py b/testing/web-platform/tests/cookies/resources/dropSameSiteMultiAttribute.py new file mode 100644 index 0000000000..af4fbeeca4 --- /dev/null +++ b/testing/web-platform/tests/cookies/resources/dropSameSiteMultiAttribute.py @@ -0,0 +1,17 @@ +from cookies.resources.helpers import makeDropCookie, setNoCacheAndCORSHeaders + +def main(request, response): + """Respond to `/cookies/resources/dropSameSiteMultiAttribute.py by dropping + the cookies set by setSameSiteMultiAttribute.py""" + headers = setNoCacheAndCORSHeaders(request, response) + + # Expire the cookies, and return a JSON-encoded success code. + headers.append(makeDropCookie(b"samesite_unsupported", True)) + headers.append(makeDropCookie(b"samesite_unsupported_none", True)) + headers.append(makeDropCookie(b"samesite_unsupported_lax", False)) + headers.append(makeDropCookie(b"samesite_unsupported_strict", False)) + headers.append(makeDropCookie(b"samesite_none_unsupported", True)) + headers.append(makeDropCookie(b"samesite_lax_unsupported", True)) + headers.append(makeDropCookie(b"samesite_strict_unsupported", True)) + headers.append(makeDropCookie(b"samesite_lax_none", True)) + return headers, b'{"success": true}' diff --git a/testing/web-platform/tests/cookies/resources/dropSameSiteNone.py b/testing/web-platform/tests/cookies/resources/dropSameSiteNone.py new file mode 100644 index 0000000000..2d0a837b5d --- /dev/null +++ b/testing/web-platform/tests/cookies/resources/dropSameSiteNone.py @@ -0,0 +1,11 @@ +from cookies.resources.helpers import makeDropCookie, setNoCacheAndCORSHeaders + +def main(request, response): + """Respond to `/cookies/resources/dropSameSiteNone.py by dropping the + two cookies set by setSameSiteNone.py""" + headers = setNoCacheAndCORSHeaders(request, response) + + # Expire the cookies, and return a JSON-encoded success code. + headers.append(makeDropCookie(b"samesite_none_insecure", False)) + headers.append(makeDropCookie(b"samesite_none_secure", True)) + return headers, b'{"success": true}' diff --git a/testing/web-platform/tests/cookies/resources/dropSecure.py b/testing/web-platform/tests/cookies/resources/dropSecure.py new file mode 100644 index 0000000000..af71148cd6 --- /dev/null +++ b/testing/web-platform/tests/cookies/resources/dropSecure.py @@ -0,0 +1,11 @@ +from cookies.resources.helpers import makeDropCookie, setNoCacheAndCORSHeaders + +def main(request, response): + """Respond to `/cookie/drop/secure` by dropping the two cookie set by + `setSecureTestCookies()`""" + headers = setNoCacheAndCORSHeaders(request, response) + + # Expire the cookies, and return a JSON-encoded success code. + headers.append(makeDropCookie(b"alone_secure", False)) + headers.append(makeDropCookie(b"alone_insecure", False)) + return headers, b'{"success": true}' diff --git a/testing/web-platform/tests/cookies/resources/echo-cookie.html b/testing/web-platform/tests/cookies/resources/echo-cookie.html new file mode 100644 index 0000000000..ab78af8325 --- /dev/null +++ b/testing/web-platform/tests/cookies/resources/echo-cookie.html @@ -0,0 +1,31 @@ + + + + + helper iframe for matching cookie path tests + + + + + + + + + diff --git a/testing/web-platform/tests/cookies/resources/echo-json.py b/testing/web-platform/tests/cookies/resources/echo-json.py new file mode 100644 index 0000000000..9f1568e816 --- /dev/null +++ b/testing/web-platform/tests/cookies/resources/echo-json.py @@ -0,0 +1,15 @@ +from wptserve.utils import isomorphic_decode + +def main(request, response): + headers = [(b"Content-Type", b"application/json"), + (b"Access-Control-Allow-Credentials", b"true")] + + if b"origin" in request.headers: + headers.append((b"Access-Control-Allow-Origin", request.headers[b"origin"])) + + values = [] + for key in request.cookies: + for value in request.cookies.get_list(key): + values.append(u"\"%s\": \"%s\"" % (isomorphic_decode(key), value)) + body = u"{ %s }" % u",".join(values) + return headers, body diff --git a/testing/web-platform/tests/cookies/resources/helpers.py b/testing/web-platform/tests/cookies/resources/helpers.py new file mode 100644 index 0000000000..5fee5a9a91 --- /dev/null +++ b/testing/web-platform/tests/cookies/resources/helpers.py @@ -0,0 +1,59 @@ +from urllib.parse import parse_qs + +from wptserve.utils import isomorphic_encode + +def setNoCacheAndCORSHeaders(request, response): + """Set Cache-Control, CORS and Content-Type headers appropriate for the cookie tests.""" + headers = [(b"Content-Type", b"application/json"), + (b"Access-Control-Allow-Credentials", b"true")] + + origin = b"*" + if b"origin" in request.headers: + origin = request.headers[b"origin"] + + headers.append((b"Access-Control-Allow-Origin", origin)) + #headers.append(("Access-Control-Allow-Credentials", "true")) + headers.append((b"Cache-Control", b"no-cache")) + headers.append((b"Expires", b"Fri, 01 Jan 1990 00:00:00 GMT")) + + return headers + +def makeCookieHeader(name, value, otherAttrs): + """Make a Set-Cookie header for a cookie with the name, value and attributes provided.""" + def makeAV(a, v): + if None == v or b"" == v: + return a + if isinstance(v, int): + return b"%s=%i" % (a, v) + else: + return b"%s=%s" % (a, v) + + # ensure cookie name is always first + attrs = [b"%s=%s" % (name, value)] + attrs.extend(makeAV(a, v) for (a, v) in otherAttrs.items()) + return (b"Set-Cookie", b"; ".join((attrs))) + +def makeDropCookie(name, secure): + attrs = {b"max-age": 0, b"path": b"/"} + if secure: + attrs[b"secure"] = b"" + return makeCookieHeader(name, b"", attrs) + +def readParameter(request, paramName, requireValue): + """Read a parameter from the request. Raise if requireValue is set and the + parameter has an empty value or is not present.""" + params = parse_qs(request.url_parts.query) + param = params[paramName][0].strip() + if len(param) == 0: + raise Exception(u"Empty or missing name parameter.") + return isomorphic_encode(param) + +def readCookies(request): + """Read the cookies from the client present in the request.""" + cookies = {} + for key in request.cookies: + for cookie in request.cookies.get_list(key): + # do we care we'll clobber cookies here? If so, do we + # need to modify the test to take cookie names and value lists? + cookies[key] = cookie.value + return cookies diff --git a/testing/web-platform/tests/cookies/resources/imgIfMatch.py b/testing/web-platform/tests/cookies/resources/imgIfMatch.py new file mode 100644 index 0000000000..72fa50e66e --- /dev/null +++ b/testing/web-platform/tests/cookies/resources/imgIfMatch.py @@ -0,0 +1,16 @@ +from cookies.resources import helpers + +def main(request, response): + """Respond to `/cookie/imgIfMatch?name={name}&value={value}` with a 404 if + the cookie isn't present, and a transparent GIF otherwise.""" + headers = helpers.setNoCacheAndCORSHeaders(request, response) + name = helpers.readParameter(request, paramName=u"name", requireValue=True) + value = helpers.readParameter(request, paramName=u"value", requireValue=True) + cookiesWithMatchingNames = request.cookies.get_list(name) + for cookie in cookiesWithMatchingNames: + if cookie.value == value: + # From https://github.com/mathiasbynens/small/blob/master/gif-transparent.gif + headers.append((b"Content-Type", b"image/gif")) + gif = b"\x47\x49\x46\x38\x39\x61\x01\x00\x01\x00\x80\x00\x00\xFF\xFF\xFF\x00\x00\x00\x21\xF9\x04\x01\x00\x00\x00\x00\x2C\x00\x00\x00\x00\x01\x00\x01\x00\x00\x02\x02\x44\x01\x00\x3B" + return headers, gif + return 500, headers, b'{"error": {"message": "The cookie\'s value did not match the given value."}}' diff --git a/testing/web-platform/tests/cookies/resources/list-cookies-for-script.py b/testing/web-platform/tests/cookies/resources/list-cookies-for-script.py new file mode 100644 index 0000000000..b325d1f745 --- /dev/null +++ b/testing/web-platform/tests/cookies/resources/list-cookies-for-script.py @@ -0,0 +1,12 @@ +import json +from cookies.resources import helpers + +from wptserve.utils import isomorphic_decode + +def main(request, response): + headers = helpers.setNoCacheAndCORSHeaders(request, response) + headers[0] = (b"Content-Type", b"text/javascript") + cookies = helpers.readCookies(request) + decoded_cookies = {isomorphic_decode(key): isomorphic_decode(val) for key, val in cookies.items()} + return headers, 'self._cookies = [{}];\n'.format( + ', '.join(['"{}"'.format(name) for name in decoded_cookies.keys()])) diff --git a/testing/web-platform/tests/cookies/resources/list.py b/testing/web-platform/tests/cookies/resources/list.py new file mode 100644 index 0000000000..4cb6639659 --- /dev/null +++ b/testing/web-platform/tests/cookies/resources/list.py @@ -0,0 +1,10 @@ +import json +from cookies.resources import helpers + +from wptserve.utils import isomorphic_decode + +def main(request, response): + headers = helpers.setNoCacheAndCORSHeaders(request, response) + cookies = helpers.readCookies(request) + decoded_cookies = {isomorphic_decode(key): isomorphic_decode(val) for key, val in cookies.items()} + return headers, json.dumps(decoded_cookies) diff --git a/testing/web-platform/tests/cookies/resources/navigate.html b/testing/web-platform/tests/cookies/resources/navigate.html new file mode 100644 index 0000000000..077efba569 --- /dev/null +++ b/testing/web-platform/tests/cookies/resources/navigate.html @@ -0,0 +1,8 @@ + + + diff --git a/testing/web-platform/tests/cookies/resources/postToParent.py b/testing/web-platform/tests/cookies/resources/postToParent.py new file mode 100644 index 0000000000..43f7d679fb --- /dev/null +++ b/testing/web-platform/tests/cookies/resources/postToParent.py @@ -0,0 +1,39 @@ +import json +from cookies.resources import helpers + +from wptserve.utils import isomorphic_decode + +def main(request, response): + headers = helpers.setNoCacheAndCORSHeaders(request, response) + cookies = helpers.readCookies(request) + headers.append((b"Content-Type", b"text/html; charset=utf-8")) + + tmpl = u""" + + +""" + decoded_cookies = {isomorphic_decode(key): isomorphic_decode(val) for key, val in cookies.items()} + return headers, tmpl % json.dumps(decoded_cookies) diff --git a/testing/web-platform/tests/cookies/resources/redirectWithCORSHeaders.py b/testing/web-platform/tests/cookies/resources/redirectWithCORSHeaders.py new file mode 100644 index 0000000000..0af14da3e9 --- /dev/null +++ b/testing/web-platform/tests/cookies/resources/redirectWithCORSHeaders.py @@ -0,0 +1,22 @@ +from cookies.resources.helpers import setNoCacheAndCORSHeaders + +def main(request, response): + """Simple handler that causes redirection. + + The request should typically have two query parameters: + status - The status to use for the redirection. Defaults to 302. + location - The resource to redirect to. + """ + status = 302 + if b"status" in request.GET: + try: + status = int(request.GET.first(b"status")) + except ValueError: + pass + headers = setNoCacheAndCORSHeaders(request, response) + + location = request.GET.first(b"location") + + headers.append((b"Location", location)) + + return status, headers, b"" diff --git a/testing/web-platform/tests/cookies/resources/set-cookie.py b/testing/web-platform/tests/cookies/resources/set-cookie.py new file mode 100644 index 0000000000..59b5b8006a --- /dev/null +++ b/testing/web-platform/tests/cookies/resources/set-cookie.py @@ -0,0 +1,45 @@ +from datetime import date + +def main(request, response): + """ + Returns cookie name and path from query params in a Set-Cookie header. + + e.g. + + > GET /cookies/resources/set-cookie.py?name=match-slash&path=%2F HTTP/1.1 + > Host: localhost:8000 + > User-Agent: curl/7.43.0 + > Accept: */* + > + < HTTP/1.1 200 OK + < Content-Type: application/json + < Set-Cookie: match-slash=1; Path=/; Expires=09 Jun 2021 10:18:14 GMT + < Server: BaseHTTP/0.3 Python/2.7.12 + < Date: Tue, 04 Oct 2016 18:16:06 GMT + < Content-Length: 80 + """ + + name = request.GET[b'name'] + path = request.GET[b'path'] + samesite = request.GET.get(b'samesite') + secure = b'secure' in request.GET + expiry_year = date.today().year + 1 + cookie = b"%s=1; Path=%s; Expires=09 Jun %d 10:18:14 GMT" % (name, path, expiry_year) + if samesite: + cookie += b";SameSite=%s" % samesite + if secure: + cookie += b";Secure" + + headers = [ + (b"Content-Type", b"application/json"), + (b"Set-Cookie", cookie) + ] + + # Set the cors enabled headers. + origin = request.headers.get(b"Origin") + if origin is not None and origin != b"null": + headers.append((b"Access-Control-Allow-Origin", origin)) + headers.append((b"Access-Control-Allow-Credentials", 'true')) + + body = b"var dummy='value';" + return headers, body diff --git a/testing/web-platform/tests/cookies/resources/set.py b/testing/web-platform/tests/cookies/resources/set.py new file mode 100644 index 0000000000..eda9338c92 --- /dev/null +++ b/testing/web-platform/tests/cookies/resources/set.py @@ -0,0 +1,15 @@ +from cookies.resources import helpers +from urllib.parse import unquote + +from wptserve.utils import isomorphic_encode + +def main(request, response): + """Respond to `/cookie/set?{cookie}` by echoing `{cookie}` as a `Set-Cookie` header.""" + headers = helpers.setNoCacheAndCORSHeaders(request, response) + + # Cookies may require whitespace (e.g. in the `Expires` attribute), so the + # query string should be decoded. + cookie = unquote(request.url_parts.query) + headers.append((b"Set-Cookie", isomorphic_encode(cookie))) + + return headers, b'{"success": true}' diff --git a/testing/web-platform/tests/cookies/resources/setSameSite.py b/testing/web-platform/tests/cookies/resources/setSameSite.py new file mode 100644 index 0000000000..05f0967088 --- /dev/null +++ b/testing/web-platform/tests/cookies/resources/setSameSite.py @@ -0,0 +1,32 @@ +from cookies.resources.helpers import makeCookieHeader, setNoCacheAndCORSHeaders + +from wptserve.utils import isomorphic_encode + +def main(request, response): + """Respond to `/cookie/set/samesite?{value}` by setting four cookies: + 1. `samesite_strict={value};SameSite=Strict;path=/` + 2. `samesite_lax={value};SameSite=Lax;path=/` + 3. `samesite_none={value};SameSite=None;path=/` + 4. `samesite_unspecified={value};path=/` + Then navigate to a page that will post a message back to the opener with the set cookies""" + headers = setNoCacheAndCORSHeaders(request, response) + value = isomorphic_encode(request.url_parts.query) + + headers.append((b"Content-Type", b"text/html; charset=utf-8")) + headers.append(makeCookieHeader(b"samesite_strict", value, {b"SameSite":b"Strict", b"path":b"/"})) + headers.append(makeCookieHeader(b"samesite_lax", value, {b"SameSite":b"Lax", b"path":b"/"})) + # SameSite=None cookies must be Secure. + headers.append(makeCookieHeader(b"samesite_none", value, {b"SameSite":b"None", b"path":b"/", b"Secure": b""})) + headers.append(makeCookieHeader(b"samesite_unspecified", value, {b"path":b"/"})) + + document = b""" + + +""" + + return headers, document diff --git a/testing/web-platform/tests/cookies/resources/setSameSiteDomain.py b/testing/web-platform/tests/cookies/resources/setSameSiteDomain.py new file mode 100644 index 0000000000..c8b7a71981 --- /dev/null +++ b/testing/web-platform/tests/cookies/resources/setSameSiteDomain.py @@ -0,0 +1,36 @@ +from cookies.resources.helpers import makeCookieHeader, setNoCacheAndCORSHeaders + +from wptserve.utils import isomorphic_encode + +def main(request, response): + """Respond to `/cookie/set/samesite?{value}` by setting four cookies: + 1. `samesite_strict={value};SameSite=Strict;path=/;domain={host}` + 2. `samesite_lax={value};SameSite=Lax;path=/;domain={host}` + 3. `samesite_none={value};SameSite=None;path=/;Secure;domain={host}` + 4. `samesite_unspecified={value};path=/;domain={host}` + Where {host} is the hostname from which this page is served. (Requesting this resource + without a Host header will result in a 500 server error.) + Then navigate to a page that will post a message back to the opener with the set cookies""" + headers = setNoCacheAndCORSHeaders(request, response) + value = isomorphic_encode(request.url_parts.query) + host_header = request.headers['host'] + hostname = host_header.split(b":")[0] + host = isomorphic_encode(hostname) + headers.append((b"Content-Type", b"text/html; charset=utf-8")) + headers.append(makeCookieHeader(b"samesite_strict", value, {b"SameSite":b"Strict", b"path":b"/", b"domain":host})) + headers.append(makeCookieHeader(b"samesite_lax", value, {b"SameSite":b"Lax", b"path":b"/", b"domain":host})) + # SameSite=None cookies must be Secure. + headers.append(makeCookieHeader(b"samesite_none", value, {b"SameSite":b"None", b"path":b"/", b"Secure": b"", b"domain":host})) + headers.append(makeCookieHeader(b"samesite_unspecified", value, {b"path":b"/", b"domain":host})) + + document = b""" + + +""" + + return headers, document diff --git a/testing/web-platform/tests/cookies/resources/setSameSiteMultiAttribute.py b/testing/web-platform/tests/cookies/resources/setSameSiteMultiAttribute.py new file mode 100644 index 0000000000..988f67f0b0 --- /dev/null +++ b/testing/web-platform/tests/cookies/resources/setSameSiteMultiAttribute.py @@ -0,0 +1,60 @@ +from cookies.resources.helpers import makeCookieHeader, setNoCacheAndCORSHeaders + +from wptserve.utils import isomorphic_encode + +def main(request, response): + """Respond to `/cookie/set/samesite?{value}` by setting the following combination of cookies: + 1. `samesite_unsupported={value};SameSite=Unsupported;path=/;Secure` + 2. `samesite_unsupported_none={value};SameSite=Unsupported;SameSite=None;path=/;Secure` + 3. `samesite_unsupported_lax={value};SameSite=Unsupported;SameSite=Lax;path=/` + 4. `samesite_unsupported_strict={value};SameSite=Unsupported;SameSite=Strict;path=/` + 5. `samesite_none_unsupported={value};SameSite=None;SameSite=Unsupported;path=/;Secure` + 6. `samesite_lax_unsupported={value};SameSite=Lax;SameSite=Unsupported;path=/;Secure` + 7. `samesite_strict_unsupported={value};SameSite=Strict;SameSite=Unsupported;path=/;Secure` + 8. `samesite_lax_none={value};SameSite=Lax;SameSite=None;path=/;Secure` + 9. `samesite_lax_strict={value};SameSite=Lax;SameSite=Strict;path=/` + 10. `samesite_strict_lax={value};SameSite=Strict;SameSite=Lax;path=/` + Then navigate to a page that will post a message back to the opener with the set cookies""" + headers = setNoCacheAndCORSHeaders(request, response) + value = isomorphic_encode(request.url_parts.query) + + headers.append((b"Content-Type", b"text/html; charset=utf-8")) + # Unknown value; single attribute + headers.append(makeCookieHeader( + b"samesite_unsupported", value, {b"SameSite":b"Unsupported", b"path":b"/", b"Secure":b""})) + + # Multiple attributes; first attribute unknown + headers.append(makeCookieHeader( + b"samesite_unsupported_none", value, {b"SameSite":b"Unsupported", b"SameSite":b"None", b"path":b"/", b"Secure":b""})) + headers.append(makeCookieHeader( + b"samesite_unsupported_lax", value, {b"SameSite":b"Unsupported", b"SameSite":b"Lax", b"path":b"/"})) + headers.append(makeCookieHeader( + b"samesite_unsupported_strict", value, {b"SameSite":b"Unsupported", b"SameSite":b"Strict", b"path":b"/"})) + + # Multiple attributes; second attribute unknown + headers.append(makeCookieHeader( + b"samesite_none_unsupported", value, {b"SameSite":b"None", b"SameSite":b"Unsupported", b"path":b"/", b"Secure":b""})) + headers.append(makeCookieHeader( + b"samesite_lax_unsupported", value, {b"SameSite":b"Lax", b"SameSite":b"Unsupported", b"path":b"/", b"Secure":b""})) + headers.append(makeCookieHeader( + b"samesite_strict_unsupported", value, {b"SameSite":b"Strict", b"SameSite":b"Unsupported", b"path":b"/", b"Secure":b""})) + + # Multiple attributes; both known + headers.append(makeCookieHeader( + b"samesite_lax_none", value, {b"SameSite":b"Lax", b"SameSite":b"None", b"path":b"/", b"Secure":b""})) + headers.append(makeCookieHeader( + b"samesite_lax_strict", value, {b"SameSite":b"Lax", b"SameSite":b"Strict", b"path":b"/"})) + headers.append(makeCookieHeader( + b"samesite_strict_lax", value, {b"SameSite":b"Strict", b"SameSite":b"Lax", b"path":b"/"})) + + document = b""" + + +""" + + return headers, document diff --git a/testing/web-platform/tests/cookies/resources/setSameSiteNone.py b/testing/web-platform/tests/cookies/resources/setSameSiteNone.py new file mode 100644 index 0000000000..446c75eb44 --- /dev/null +++ b/testing/web-platform/tests/cookies/resources/setSameSiteNone.py @@ -0,0 +1,16 @@ +from cookies.resources.helpers import makeCookieHeader, setNoCacheAndCORSHeaders + +from wptserve.utils import isomorphic_encode + +def main(request, response): + """Respond to `/cookies/resources/setSameSiteNone.py?{value}` by setting two cookies: + 1. `samesite_none_insecure={value};SameSite=None;path=/` + 2. `samesite_none_secure={value};SameSite=None;Secure;path=/` + """ + headers = setNoCacheAndCORSHeaders(request, response) + value = isomorphic_encode(request.url_parts.query) + + headers.append(makeCookieHeader(b"samesite_none_insecure", value, {b"SameSite":b"None", b"path":b"/"})) + headers.append(makeCookieHeader(b"samesite_none_secure", value, {b"SameSite":b"None", b"Secure":b"", b"path":b"/"})) + + return headers, b'{"success": true}' diff --git a/testing/web-platform/tests/cookies/resources/setSecure.py b/testing/web-platform/tests/cookies/resources/setSecure.py new file mode 100644 index 0000000000..dd0dd1622b --- /dev/null +++ b/testing/web-platform/tests/cookies/resources/setSecure.py @@ -0,0 +1,14 @@ +from cookies.resources.helpers import makeCookieHeader, readParameter, setNoCacheAndCORSHeaders + +from wptserve.utils import isomorphic_encode + +def main(request, response): + """Respond to `/cookie/set/secure?{value}` by setting two cookies: + alone_secure={value};secure;path=/` + alone_insecure={value};path=/""" + headers = setNoCacheAndCORSHeaders(request, response) + value = isomorphic_encode(request.url_parts.query) + + headers.append(makeCookieHeader(b"alone_secure", value, {b"secure": b"", b"path": b"/"})) + headers.append(makeCookieHeader(b"alone_insecure", value, {b"path": b"/"})) + return headers, b'{"success": true}' diff --git a/testing/web-platform/tests/cookies/resources/testharness-helpers.js b/testing/web-platform/tests/cookies/resources/testharness-helpers.js new file mode 100644 index 0000000000..84368d6d99 --- /dev/null +++ b/testing/web-platform/tests/cookies/resources/testharness-helpers.js @@ -0,0 +1,49 @@ +// Given an array of potentially asynchronous tests, this function will execute +// each in serial, ensuring that one and only one test is executing at a time. +// +// The test array should look like this: +// +// +// var tests = [ +// [ +// "Test description goes here.", +// function () { +// // Test code goes here. `this` is bound to the test object. +// } +// ], +// ... +// ]; +// +// The |setup| and |teardown| arguments are functions which are executed before +// and after each test, respectively. +function executeTestsSerially(testList, setup, teardown) { + var tests = testList.map(function (t) { + return { + test: async_test(t[0]), + code: t[1] + }; + }); + + var executeNextTest = function () { + var current = tests.shift(); + if (current === undefined) { + return; + } + + // Setup the test fixtures. + if (setup) { + setup(); + } + + // Bind a callback to tear down the test fixtures. + if (teardown) { + current.test.add_cleanup(teardown); + } + + // Execute the test. + current.test.step(current.code); + }; + + add_result_callback(function () { setTimeout(executeNextTest, 0) }); + executeNextTest(); +} -- cgit v1.2.3