diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 00:47:55 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 00:47:55 +0000 |
commit | 26a029d407be480d791972afb5975cf62c9360a6 (patch) | |
tree | f435a8308119effd964b339f76abb83a57c29483 /testing/web-platform/tests/cookies/third-party-cookies/resources | |
parent | Initial commit. (diff) | |
download | firefox-26a029d407be480d791972afb5975cf62c9360a6.tar.xz firefox-26a029d407be480d791972afb5975cf62c9360a6.zip |
Adding upstream version 124.0.1.upstream/124.0.1
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'testing/web-platform/tests/cookies/third-party-cookies/resources')
3 files changed, 182 insertions, 0 deletions
diff --git a/testing/web-platform/tests/cookies/third-party-cookies/resources/test-helpers.js b/testing/web-platform/tests/cookies/third-party-cookies/resources/test-helpers.js new file mode 100644 index 0000000000..2ae2c46a37 --- /dev/null +++ b/testing/web-platform/tests/cookies/third-party-cookies/resources/test-helpers.js @@ -0,0 +1,63 @@ +function testHttpCookies({desc, origin, cookieNames, expectsCookie}) { + promise_test(async () => { + await assertOriginCanAccessCookies({origin, cookieNames, expectsCookie}); + }, getCookieTestName(expectsCookie, desc, "HTTP")); +} + +async function assertOriginCanAccessCookies({ + origin, + cookieNames, + expectsCookie, +}) { + const resp = await credFetch(`${origin}/cookies/resources/list.py`); + const cookies = await resp.json(); + for (const cookieName of cookieNames) { + assert_equals( + cookies.hasOwnProperty(cookieName), expectsCookie, + getCookieAssertDesc(expectsCookie, cookieName)); + } +} + +function testDomCookies({desc, cookieNames, expectsCookie}) { + test(() => { + assertDomCanAccessCookie(cookieNames, expectsCookie); + }, getCookieTestName(expectsCookie, desc, "DOM")); +} + +function assertDomCanAccessCookie(cookieNames, expectsCookie) { + for (const cookieName of cookieNames) { + assert_equals( + document.cookie.includes(cookieName + "="), expectsCookie, + getCookieAssertDesc(expectsCookie, cookieName)); + } +} + +function testCookieStoreCookies({desc, cookieNames, expectsCookie}) { + if (!window.cookieStore) return; + promise_test(async () => { + await assertCookieStoreCanAccessCookies(cookieNames, expectsCookie); + }, getCookieTestName(expectsCookie, desc, "CookieStore")); +} + +async function assertCookieStoreCanAccessCookies(cookieNames, expectsCookie) { + const cookies = await cookieStore.getAll({sameSite: 'none'}); + for (const cookieName of cookieNames) { + assert_equals( + !!cookies.find(c => c.name === cookieName), expectsCookie, + getCookieAssertDesc(expectsCookie, cookieName)); + } +} + +function getCookieTestName(expectsCookie, desc, cookieType) { + if (expectsCookie) { + return `${desc}: Cookies are accessible via ${cookieType}`; + } + return `${desc}: Cookies are not accessible via ${cookieType}`; +} + +function getCookieAssertDesc(expectsCookie, cookieName) { + if (expectsCookie) { + return `Expected cookie ${cookieName} to be available`; + } + return `Expected cookie ${cookieName} to not be available`; +} diff --git a/testing/web-platform/tests/cookies/third-party-cookies/resources/third-party-cookies-cross-site-embed.html b/testing/web-platform/tests/cookies/third-party-cookies/resources/third-party-cookies-cross-site-embed.html new file mode 100644 index 0000000000..2d579c91be --- /dev/null +++ b/testing/web-platform/tests/cookies/third-party-cookies/resources/third-party-cookies-cross-site-embed.html @@ -0,0 +1,57 @@ +<!DOCTYPE html> +<meta charset="utf-8"/> +<meta name="timeout" content="long"> +<title>Test site embedded in a cross-site context</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/cookies/resources/cookie-helper.sub.js"></script> +<script src="/cookies/third-party-cookies/resources/test-helpers.js"></script> +<body> +<script> + +// Cookies set by the parent window in a 1P context. +const cookieNames = ["1P_http", "1P_dom"]; +if (window.cookieStore) { + cookieNames.push("1P_cs"); +} + +testDomCookies({ + desc: "3P embed", + cookieNames, + expectsCookie: false, +}); + +testCookieStoreCookies({ + desc: "3P embed", + cookieNames, + expectsCookie: false, +}); + +test(() => { + const thirdPartyDomCookieName = "3P_dom"; + document.cookie = + `${thirdPartyDomCookieName}=foobar;Secure;Path=/;SameSite=None`; + + assertDomCanAccessCookie([thirdPartyDomCookieName], false); +}, "Cross site embed setting DOM cookies"); + +if (window.cookieStore) { + promise_test(async () => { + const thirdPartyCsCookieName = "3P_cs"; + await cookieStore.set({ + name: thirdPartyCsCookieName, + value: "foobar", + path: "/", + sameSite: "none", + }).then( + // The promise should reject. + () => { assert_unreached(); }, + () => {}); + + await assertCookieStoreCanAccessCookies([thirdPartyCsCookieName], false); + }, "Cross site embed setting CookieStore cookies"); +} + +</script> +</body> diff --git a/testing/web-platform/tests/cookies/third-party-cookies/resources/third-party-cookies-cross-site-window.html b/testing/web-platform/tests/cookies/third-party-cookies/resources/third-party-cookies-cross-site-window.html new file mode 100644 index 0000000000..99418a6749 --- /dev/null +++ b/testing/web-platform/tests/cookies/third-party-cookies/resources/third-party-cookies-cross-site-window.html @@ -0,0 +1,62 @@ +<!DOCTYPE html> +<meta charset="utf-8"/> +<meta name="timeout" content="long"> +<title>Cross-site window</title> +<script src="/resources/testharness.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/cookies/resources/cookie-helper.sub.js"></script> +<script src="/cookies/third-party-cookies/resources/test-helpers.js"></script> + +<body> +<script> + +let origin; + +// Test that parent window passed its origin in the URL parameters correctly. +test(() => { + assert_true(window.location.search.startsWith("?origin=")); + origin = decodeURIComponent(window.location.search.slice( + window.location.search.indexOf("?origin=") + 8)); +}, "Cross-site window opened correctly"); + +// Cookies set by the parent window in a 1P context. +const cookieNames = ["1P_http", "1P_dom"]; +if (window.cookieStore) { + cookieNames.push("1P_cs"); +} + +// Test theses cookies are not available on cross-site subresource requests +// to the origin that set them. +testHttpCookies({ + desc: "3P fetch", + origin, + cookieNames, + expectsCookie: false, +}); + +promise_test(async () => { + const thirdPartyHttpCookie = "3P_http" + await credFetch( + `${origin}/cookies/resources/set.py?${thirdPartyHttpCookie}=foobar;` + + "Secure;Path=/;SameSite=None"); + await assertOriginCanAccessCookies({ + origin, + cookieNames: ["3P_http"], + expectsCookie: false, + }); +}, "Cross site window setting HTTP cookies"); + +// Create a cross-site <iframe> which embeds the cookies' origin into this +// page. +const iframe = document.createElement("iframe"); +const url = new URL( + "/cookies/third-party-cookies/resources/" + + "third-party-cookies-cross-site-embed.html", + origin); +iframe.src = String(url); +document.body.appendChild(iframe); + +fetch_tests_from_window(iframe.contentWindow); + +</script> +</body> |