Adding upstream version 124.0.1.upstream/124.0.1

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

11 files changed, 313 insertions, 0 deletions

diff --git a/testing/web-platform/tests/cookies/domain/domain-attribute-host-with-and-without-leading-period.sub.https.html b/testing/web-platform/tests/cookies/domain/domain-attribute-host-with-and-without-leading-period.sub.https.html
new file mode 100644
index 0000000000..b5f770b848
--- /dev/null
+++ b/testing/web-platform/tests/cookies/domain/domain-attribute-host-with-and-without-leading-period.sub.https.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<head>
+  <script src="/resources/testharness.js"></script>
+  <script src="/resources/testharnessreport.js"></script>
+  <script src="/cookies/resources/cookie-helper.sub.js"></script>
+</head>
+<body>
+  <script>
+    //
+    // Set-Cookie: domain-attribute-host-with-and-without-leading-period=b; Path=/; Domain=.{{host}}
+    // Set-Cookie: domain-attribute-host-with-and-without-leading-period=c; Path=/; Domain={{host}}
+    //
+    const cookieName = "domain-attribute-host-with-and-without-leading-period";
+    // Clean up cookie at the end to avoid interfering with subsequent tests.
+    add_completion_callback(tests => document.cookie =
+      `${cookieName}=0; Path=/; Domain={{host}}; expires=01-jan-1970 00:00:00 GMT`);
+
+    test(t => {
+      assert_dom_cookie(cookieName, "c", true);
+    }, "Domain=.{{host}} => Second value available via `document.cookie`");
+
+    async_test(t => {
+      fetch("/cookies/resources/list.py", { credentials: "include" })
+        .then(t.step_func(r => r.json()))
+        .then(t.step_func_done(r => {
+          assert_equals(r[cookieName], "c");
+        }))
+        .catch(_ => assert_unreached);
+    }, "Domain=.{{host}} => Second value sent with same-origin requests.");
+
+    async_test(t => {
+      fetch(`${SECURE_SUBDOMAIN_ORIGIN}/cookies/resources/list.py`, { credentials: "include" })
+        .then(t.step_func(r => r.json()))
+        .then(t.step_func_done(r => {
+          assert_equals(r[cookieName], "c");
+        }))
+        .catch(_ => assert_unreached);
+    }, "Domain=.{{host}} => Second value sent with subdomain requests.");
+  </script>
+</body>
diff --git a/testing/web-platform/tests/cookies/domain/domain-attribute-host-with-and-without-leading-period.sub.https.html.sub.headers b/testing/web-platform/tests/cookies/domain/domain-attribute-host-with-and-without-leading-period.sub.https.html.sub.headers
new file mode 100644
index 0000000000..77d3d8c0c4
--- /dev/null
+++ b/testing/web-platform/tests/cookies/domain/domain-attribute-host-with-and-without-leading-period.sub.https.html.sub.headers
@@ -0,0 +1,2 @@
+Set-Cookie: domain-attribute-host-with-and-without-leading-period=b; Path=/; Domain=.{{host}}
+Set-Cookie: domain-attribute-host-with-and-without-leading-period=c; Path=/; Domain={{host}}
diff --git a/testing/web-platform/tests/cookies/domain/domain-attribute-host-with-leading-period.sub.https.html b/testing/web-platform/tests/cookies/domain/domain-attribute-host-with-leading-period.sub.https.html
new file mode 100644
index 0000000000..3ec52fd40b
--- /dev/null
+++ b/testing/web-platform/tests/cookies/domain/domain-attribute-host-with-leading-period.sub.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<head>
+  <script src="/resources/testharness.js"></script>
+  <script src="/resources/testharnessreport.js"></script>
+  <script src="/cookies/resources/cookie-helper.sub.js"></script>
+</head>
+<body>
+  <script>
+    //
+    //  Set-Cookie: domain-attribute-host-with-leading-period=b; Path=/; Domain=.{{host}}
+    //
+    const cookieName = "domain-attribute-host-with-leading-period";
+    // Clean up cookie at the end to avoid interfering with subsequent tests.
+    add_completion_callback(tests => document.cookie =
+      `${cookieName}=0; Path=/; Domain=.{{host}}; expires=01-jan-1970 00:00:00 GMT`);
+
+    test(t => {
+      assert_dom_cookie(cookieName, "b", true);
+    }, "Domain=.{{host}} => available via `document.cookie`");
+
+    async_test(t => {
+      fetch("/cookies/resources/list.py", { credentials: "include" })
+        .then(t.step_func(r => r.json()))
+        .then(t.step_func_done(r => {
+          assert_equals(r[cookieName], "b");
+        }))
+        .catch(_ => assert_unreached);
+    }, "Domain=.{{host}} => sent with same-origin requests.");
+
+    async_test(t => {
+      fetch(`${SECURE_SUBDOMAIN_ORIGIN}/cookies/resources/list.py`, { credentials: "include" })
+        .then(t.step_func(r => r.json()))
+        .then(t.step_func_done(r => {
+          assert_equals(r[cookieName], "b");
+        }))
+        .catch(_ => assert_unreached);
+    }, "Domain=.{{host}} => sent with subdomain requests.");
+  </script>
+</body>
diff --git a/testing/web-platform/tests/cookies/domain/domain-attribute-host-with-leading-period.sub.https.html.sub.headers b/testing/web-platform/tests/cookies/domain/domain-attribute-host-with-leading-period.sub.https.html.sub.headers
new file mode 100644
index 0000000000..7de4ae2e6a
--- /dev/null
+++ b/testing/web-platform/tests/cookies/domain/domain-attribute-host-with-leading-period.sub.https.html.sub.headers
@@ -0,0 +1 @@
+Set-Cookie: domain-attribute-host-with-leading-period=b; Path=/; Domain=.{{host}}
diff --git a/testing/web-platform/tests/cookies/domain/domain-attribute-idn-host.sub.https.html b/testing/web-platform/tests/cookies/domain/domain-attribute-idn-host.sub.https.html
new file mode 100644
index 0000000000..ae4bf3cbb3
--- /dev/null
+++ b/testing/web-platform/tests/cookies/domain/domain-attribute-idn-host.sub.https.html
@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/resources/testdriver.js"></script>
+    <script src="/resources/testdriver-vendor.js"></script>
+  </head>
+  <body>
+    <script>
+      let url = new URL(document.location);
+      url.host = "{{hosts[][élève]}}";
+      let url2 = new URL("support/idn-child.sub.https.html", url);
+      let child_window = window.open(url2.href);
+      fetch_tests_from_window(child_window);
+    </script>
+  </body>
+</html>
diff --git a/testing/web-platform/tests/cookies/domain/domain-attribute-matches-host.sub.https.html b/testing/web-platform/tests/cookies/domain/domain-attribute-matches-host.sub.https.html
new file mode 100644
index 0000000000..ac786dd882
--- /dev/null
+++ b/testing/web-platform/tests/cookies/domain/domain-attribute-matches-host.sub.https.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<head>
+  <script src="/resources/testharness.js"></script>
+  <script src="/resources/testharnessreport.js"></script>
+  <script src="/cookies/resources/cookie-helper.sub.js"></script>
+</head>
+<body>
+  <script>
+    //
+    //  Set-Cookie: domain-attribute-matches-host=b; Path=/; Domain={{host}}
+    //
+    const cookieName = "domain-attribute-matches-host";
+    // Clean up cookie at the end to avoid interfering with subsequent tests.
+    add_completion_callback(tests => document.cookie =
+      `${cookieName}=0; Path=/; Domain={{host}}; expires=01-jan-1970 00:00:00 GMT`);
+
+    test(t => {
+      assert_dom_cookie(cookieName, "b", true);
+    }, "Domain={{host}} => available via `document.cookie`");
+
+    async_test(t => {
+      fetch("/cookies/resources/list.py", { credentials: "include" })
+        .then(t.step_func(r => r.json()))
+        .then(t.step_func_done(r => {
+          assert_equals(r[cookieName], "b");
+        }))
+        .catch(_ => assert_unreached);
+    }, "Domain={{host}} => sent with same-origin requests.");
+
+    async_test(t => {
+      fetch(`${SECURE_SUBDOMAIN_ORIGIN}/cookies/resources/list.py`, { credentials: "include" })
+        .then(t.step_func(r => r.json()))
+        .then(t.step_func_done(r => {
+          assert_equals(r[cookieName], "b");
+        }))
+        .catch(_ => assert_unreached);
+    }, "Domain={{host}} => sent with subdomain requests.");
+  </script>
+</body>
diff --git a/testing/web-platform/tests/cookies/domain/domain-attribute-matches-host.sub.https.html.sub.headers b/testing/web-platform/tests/cookies/domain/domain-attribute-matches-host.sub.https.html.sub.headers
new file mode 100644
index 0000000000..8a2329e8c2
--- /dev/null
+++ b/testing/web-platform/tests/cookies/domain/domain-attribute-matches-host.sub.https.html.sub.headers
@@ -0,0 +1 @@
+Set-Cookie: domain-attribute-matches-host=b; Path=/; Domain={{host}}
diff --git a/testing/web-platform/tests/cookies/domain/domain-attribute-missing.sub.html b/testing/web-platform/tests/cookies/domain/domain-attribute-missing.sub.html
new file mode 100644
index 0000000000..44776ca629
--- /dev/null
+++ b/testing/web-platform/tests/cookies/domain/domain-attribute-missing.sub.html
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<head>
+  <script src="/resources/testharness.js"></script>
+  <script src="/resources/testharnessreport.js"></script>
+  <script src="/cookies/resources/cookie-helper.sub.js"></script>
+</head>
+<body>
+  <script>
+    //
+    //  Set-Cookie: domain-attribute-missing=b; Path=/
+    //
+    const cookieName = "domain-attribute-missing";
+    // Clean up cookie at the end to avoid interfering with subsequent tests.
+    add_completion_callback(tests => document.cookie =
+      `${cookieName}=0; Path=/; expires=01-jan-1970 00:00:00 GMT`);
+
+    test(t => {
+      assert_dom_cookie(cookieName, "b", true);
+    }, "No domain attribute => available via `document.cookie`");
+
+    async_test(t => {
+      fetch("/cookies/resources/list.py", { credentials: "include" })
+        .then(t.step_func(r => r.json()))
+        .then(t.step_func_done(r => {
+          assert_equals(r[cookieName], "b");
+        }))
+        .catch(_ => assert_unreached);
+    }, "No domain attribute => sent with same-origin requests.");
+
+    async_test(t => {
+      fetch(`${SECURE_SUBDOMAIN_ORIGIN}/cookies/resources/list.py`, { credentials: "include" })
+        .then(t.step_func(r => r.json()))
+        .then(t.step_func_done(r => {
+          assert_equals(r[cookieName], undefined);
+        }))
+        .catch(_ => assert_unreached);
+    }, "No domain attribute => not sent with subdomain requests.");
+  </script>
+</body>
diff --git a/testing/web-platform/tests/cookies/domain/domain-attribute-missing.sub.html.headers b/testing/web-platform/tests/cookies/domain/domain-attribute-missing.sub.html.headers
new file mode 100644
index 0000000000..3ee2833a45
--- /dev/null
+++ b/testing/web-platform/tests/cookies/domain/domain-attribute-missing.sub.html.headers
@@ -0,0 +1 @@
+Set-Cookie: domain-attribute-missing=b; Path=/
diff --git a/testing/web-platform/tests/cookies/domain/support/idn-child.sub.https.html b/testing/web-platform/tests/cookies/domain/support/idn-child.sub.https.html
new file mode 100644
index 0000000000..d3510959fb
--- /dev/null
+++ b/testing/web-platform/tests/cookies/domain/support/idn-child.sub.https.html
@@ -0,0 +1,72 @@
+<!DOCTYPE html>
+<html>
+<head>
+  <script src="/resources/testharness.js"></script>
+  <script src="/resources/testdriver.js"></script>
+  <script src="/resources/testdriver-vendor.js"></script>
+  <script src="/cookies/resources/cookie-test.js"></script>
+</head>
+<body>
+  <script>
+    async function assert_cookie(response, cookie) {
+      const get = await response.text();
+      assert_equals(get, cookie);
+      assert_equals(document.cookie, cookie);
+    }
+
+    async function assert_no_cookie(response) {
+      const get = await response.text();
+      assert_equals(get, "no cookies");
+      assert_equals(document.cookie, "");
+    }
+
+    promise_test(async t => {
+      t.add_cleanup(async () => { await fetch("idn.py?delete-utf8&host={{host}}") });
+      let response = await fetch("idn.py?set-utf8&host={{host}}");
+      assert_equals(await response.text(), "set");
+      response = await fetch("idn.py?get&host={{host}}");
+      await assert_no_cookie(response);
+    }, "UTF8-encoded IDN in domain attribute");
+
+    promise_test(async t => {
+      t.add_cleanup(async () => { await fetch("idn.py?delete-utf8-dot&host={{host}}") });
+      let response = await fetch("idn.py?set-utf8-dot&host={{host}}");
+      assert_equals(await response.text(), "set");
+      response = await fetch("idn.py?get&host={{host}}");
+      await assert_no_cookie(response);
+    }, "UTF8-encoded IDN with non-ASCII dot in domain attribute");
+
+    promise_test(async t => {
+      t.add_cleanup(async () => { await fetch("idn.py?delete-wrong-utf8&host={{host}}") });
+      let response = await fetch("idn.py?set-wrong-utf8&host={{host}}");
+      assert_equals(await response.text(), "set");
+      response = await fetch("idn.py?get&host={{host}}");
+      await assert_no_cookie(response);
+    }, "wrong UTF8-encoded IDN in domain attribute");
+
+    promise_test(async t => {
+      t.add_cleanup(async () => { await fetch("idn.py?delete-punycode&host={{host}}") });
+      let response = await fetch("idn.py?set-punycode&host={{host}}");
+      assert_equals(await response.text(), "set");
+      response = await fetch("idn.py?get&host={{host}}");
+      await assert_cookie(response, "punycode=set");
+    }, "punycode IDN in domain attribute");
+
+    promise_test(async t => {
+      t.add_cleanup(async () => { await fetch("idn.py?delete-wrong-punycode&host={{host}}") });
+      let response = await fetch("idn.py?set-wrong-punycode&host={{host}}");
+      assert_equals(await response.text(), "set");
+      response = await fetch("idn.py?get&host={{host}}");
+      await assert_no_cookie(response);
+    }, "wrong punycode IDN in domain attribute");
+
+    promise_test(async t => {
+      t.add_cleanup(async () => { await fetch("idn.py?delete-invalid-byte&host={{host}}") });
+      let response = await fetch("idn.py?set-invalid-byte&host={{host}}");
+      assert_equals(await response.text(), "set");
+      response = await fetch("idn.py?get&host={{host}}");
+      await assert_no_cookie(response);
+    }, "IDN with invalid UTF-8 bytes in domain attribute");
+  </script>
+</body>
+</html>
diff --git a/testing/web-platform/tests/cookies/domain/support/idn.py b/testing/web-platform/tests/cookies/domain/support/idn.py
new file mode 100644
index 0000000000..d75ed056f5
--- /dev/null
+++ b/testing/web-platform/tests/cookies/domain/support/idn.py
@@ -0,0 +1,61 @@
+# élève.
+utf8_subdomain = b"Domain=\xC3\xA9\x6C\xC3\xA8\x76\x65."
+# élève。
+utf8_dot_subdomain = b"Domain=\xC3\xA9\x6C\xC3\xA8\x76\x65\xE3\x80\x82"
+# élève.
+punycode_subdomain = b"Domain=xn--lve-6lad."
+# ÿlève.
+wrong_utf8_subdomain = b"Domain=\xC3\xBF\x6C\xC3\xA8\x76\x65."
+# ÿlève.
+wrong_punycode_subdomain = b"Domain=xn--lve-6la7i."
+# élève with invalid FF byte at the end
+invalid_byte_subdomain = b"Domain=\xC3\xA9\x6C\xC3\xA8\x76\x65\xFF."
+
+def main(request, response):
+  host = request.GET.get(b"host")
+
+  if b"set-utf8" in request.GET:
+    response.headers.append(b"Set-Cookie", b"utf8=set;" + utf8_subdomain + host)
+    response.content = "set"
+  if b"set-utf8-dot" in request.GET:
+    response.headers.append(b"Set-Cookie", b"utf8-dot=set;" + utf8_dot_subdomain + host)
+    response.content = "set"
+  elif b"set-wrong-utf8" in request.GET:
+    response.headers.append(b"Set-Cookie", b"wrong-utf8=set;" + wrong_utf8_subdomain + host)
+    response.content = "set"
+  elif b"set-punycode" in request.GET:
+    response.headers.append(b"Set-Cookie", b"punycode=set;" + punycode_subdomain + host)
+    response.content = "set"
+  elif b"set-wrong-punycode" in request.GET:
+    response.headers.append(b"Set-Cookie", b"wrong-punycode=set;" + wrong_punycode_subdomain + host)
+    response.content = "set"
+  elif b"set-invalid-byte" in request.GET:
+    response.headers.append(b"Set-Cookie", b"invalid-byte=set;" + invalid_byte_subdomain + host)
+    response.content = "set"
+
+  elif b"get" in request.GET:
+    if b"Cookie" in request.headers:
+      response.content = request.headers[b"Cookie"]
+    else:
+      response.content = "no cookies"
+
+  elif b"delete-utf8" in request.GET:
+    response.headers.append(b"Set-Cookie", b"utf8=unset;Max-Age=0;" + utf8_subdomain + host)
+    response.content = "delete"
+  elif b"delete-utf8-dot" in request.GET:
+    response.headers.append(b"Set-Cookie", b"utf8-dot=unset;Max-Age=0;" + utf8_dot_subdomain + host)
+    response.content = "delete"
+  elif b"delete-wrong-utf8" in request.GET:
+    response.headers.append(b"Set-Cookie", b"wrong-utf8=unset;Max-Age=0;" + wrong_utf8_subdomain + host)
+    response.content = "delete"
+  elif b"delete-punycode" in request.GET:
+    response.headers.append(b"Set-Cookie", b"punycode=unset;Max-Age=0;" + punycode_subdomain + host)
+    response.content = "delete"
+  elif b"delete-wrong-punycode" in request.GET:
+    response.headers.append(b"Set-Cookie", b"wrong-punycode=unset;Max-Age=0;" + wrong_punycode_subdomain + host)
+    response.content = "delete"
+  elif b"delete-invalid-byte" in request.GET:
+    response.headers.append(b"Set-Cookie", b"invalid-byte=unset;Max-Age=0;" + invalid_byte_subdomain + host)
+    response.content = "delete"
+
+  response.headers.append(b"Content-Type", b"text/plain")