summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/cookies
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 01:14:29 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-19 01:14:29 +0000
commitfbaf0bb26397aa498eb9156f06d5a6fe34dd7dd8 (patch)
tree4c1ccaf5486d4f2009f9a338a98a83e886e29c97 /testing/web-platform/tests/cookies
parentReleasing progress-linux version 124.0.1-1~progress7.99u1. (diff)
downloadfirefox-fbaf0bb26397aa498eb9156f06d5a6fe34dd7dd8.tar.xz
firefox-fbaf0bb26397aa498eb9156f06d5a6fe34dd7dd8.zip
Merging upstream version 125.0.1.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'testing/web-platform/tests/cookies')
-rw-r--r--testing/web-platform/tests/cookies/third-party-cookies/resources/test-helpers.js27
-rw-r--r--testing/web-platform/tests/cookies/third-party-cookies/resources/third-party-cookies-cross-site-embedder.html (renamed from testing/web-platform/tests/cookies/third-party-cookies/resources/third-party-cookies-cross-site-window.html)19
-rw-r--r--testing/web-platform/tests/cookies/third-party-cookies/resources/third-party-cookies-cross-site-popup-opener.html53
-rw-r--r--testing/web-platform/tests/cookies/third-party-cookies/resources/third-party-cookies-cross-site-popup-verify.html40
-rw-r--r--testing/web-platform/tests/cookies/third-party-cookies/resources/third-party-cookies-cross-site-popup.html32
-rw-r--r--testing/web-platform/tests/cookies/third-party-cookies/third-party-cookie-heuristics.tentative.https.html49
-rw-r--r--testing/web-platform/tests/cookies/third-party-cookies/third-party-cookies.tentative.https.html2
7 files changed, 203 insertions, 19 deletions
diff --git a/testing/web-platform/tests/cookies/third-party-cookies/resources/test-helpers.js b/testing/web-platform/tests/cookies/third-party-cookies/resources/test-helpers.js
index 2ae2c46a37..c76ac71616 100644
--- a/testing/web-platform/tests/cookies/third-party-cookies/resources/test-helpers.js
+++ b/testing/web-platform/tests/cookies/third-party-cookies/resources/test-helpers.js
@@ -1,10 +1,10 @@
function testHttpCookies({desc, origin, cookieNames, expectsCookie}) {
promise_test(async () => {
- await assertOriginCanAccessCookies({origin, cookieNames, expectsCookie});
+ await assertHttpOriginCanAccessCookies({ origin, cookieNames, expectsCookie });
}, getCookieTestName(expectsCookie, desc, "HTTP"));
}
-async function assertOriginCanAccessCookies({
+async function assertHttpOriginCanAccessCookies({
origin,
cookieNames,
expectsCookie,
@@ -18,6 +18,29 @@ async function assertOriginCanAccessCookies({
}
}
+async function assertThirdPartyHttpCookies({ desc, origin, cookieNames, expectsCookie }) {
+ // Test that these cookies are not available on cross-site subresource requests to the
+ // origin that set them.
+ testHttpCookies({
+ desc,
+ origin,
+ cookieNames,
+ expectsCookie,
+ });
+
+ promise_test(async () => {
+ const thirdPartyHttpCookie = "3P_http"
+ await credFetch(
+ `${origin}/cookies/resources/set.py?${thirdPartyHttpCookie}=foobar;` +
+ "Secure;Path=/;SameSite=None");
+ await assertHttpOriginCanAccessCookies({
+ origin,
+ cookieNames: [thirdPartyHttpCookie],
+ expectsCookie,
+ });
+ }, desc + ": Cross site window setting HTTP cookies");
+}
+
function testDomCookies({desc, cookieNames, expectsCookie}) {
test(() => {
assertDomCanAccessCookie(cookieNames, expectsCookie);
diff --git a/testing/web-platform/tests/cookies/third-party-cookies/resources/third-party-cookies-cross-site-window.html b/testing/web-platform/tests/cookies/third-party-cookies/resources/third-party-cookies-cross-site-embedder.html
index 99418a6749..ec25902a91 100644
--- a/testing/web-platform/tests/cookies/third-party-cookies/resources/third-party-cookies-cross-site-window.html
+++ b/testing/web-platform/tests/cookies/third-party-cookies/resources/third-party-cookies-cross-site-embedder.html
@@ -1,7 +1,7 @@
<!DOCTYPE html>
<meta charset="utf-8"/>
<meta name="timeout" content="long">
-<title>Cross-site window</title>
+<title>Window embedding a cross-site embed</title>
<script src="/resources/testharness.js"></script>
<script src="/common/get-host-info.sub.js"></script>
<script src="/cookies/resources/cookie-helper.sub.js"></script>
@@ -25,27 +25,14 @@ if (window.cookieStore) {
cookieNames.push("1P_cs");
}
-// Test theses cookies are not available on cross-site subresource requests
-// to the origin that set them.
-testHttpCookies({
+// Third-party cookies are blocked by default.
+assertThirdPartyHttpCookies({
desc: "3P fetch",
origin,
cookieNames,
expectsCookie: false,
});
-promise_test(async () => {
- const thirdPartyHttpCookie = "3P_http"
- await credFetch(
- `${origin}/cookies/resources/set.py?${thirdPartyHttpCookie}=foobar;` +
- "Secure;Path=/;SameSite=None");
- await assertOriginCanAccessCookies({
- origin,
- cookieNames: ["3P_http"],
- expectsCookie: false,
- });
-}, "Cross site window setting HTTP cookies");
-
// Create a cross-site <iframe> which embeds the cookies' origin into this
// page.
const iframe = document.createElement("iframe");
diff --git a/testing/web-platform/tests/cookies/third-party-cookies/resources/third-party-cookies-cross-site-popup-opener.html b/testing/web-platform/tests/cookies/third-party-cookies/resources/third-party-cookies-cross-site-popup-opener.html
new file mode 100644
index 0000000000..a09b07e5b7
--- /dev/null
+++ b/testing/web-platform/tests/cookies/third-party-cookies/resources/third-party-cookies-cross-site-popup-opener.html
@@ -0,0 +1,53 @@
+<!DOCTYPE html>
+<meta charset="utf-8" />
+<meta name="timeout" content="long">
+<title>Window that opens a popup in a cross-site context</title>
+<script src="/resources/testdriver.js"></script>
+<script src="/resources/testdriver-vendor.js"></script>
+<script src="/resources/testharness.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/cookies/resources/cookie-helper.sub.js"></script>
+<script src="/cookies/third-party-cookies/resources/test-helpers.js"></script>
+
+<body>
+ <script>
+
+ let origin;
+
+ // Test that parent window passed its origin in the URL parameters correctly.
+ test(() => {
+ assert_true(window.location.search.startsWith("?origin="));
+ origin = decodeURIComponent(window.location.search.slice(
+ window.location.search.indexOf("?origin=") + 8));
+ }, "Cross-site window opened correctly");
+
+ // Cookies set by the parent window in a 1P context.
+ const cookieNames = ["1P_http", "1P_dom"];
+ if (window.cookieStore) {
+ cookieNames.push("1P_cs");
+ }
+
+ // Verify whether third-party cookies are blocked by default.
+ if (navigator.userAgent.toLowerCase().indexOf('firefox') == -1) {
+ assertThirdPartyHttpCookies({
+ desc: "3P fetch",
+ origin,
+ cookieNames,
+ expectsCookie: false,
+ });
+ } else {
+ // Default behavior for third-party cookie blocking is flaky in Firefox.
+ throw new AssertionError("Testing default third-party cookie blocking is not implemented in Firefox.");
+ }
+
+ // Open the cookies' origin in a popup to activate the heuristic.
+ const popupUrl = new URL(
+ "/cookies/third-party-cookies/resources/" +
+ "third-party-cookies-cross-site-popup.html",
+ origin);
+ const popup = window.open(popupUrl);
+
+ fetch_tests_from_window(popup);
+
+ </script>
+</body>
diff --git a/testing/web-platform/tests/cookies/third-party-cookies/resources/third-party-cookies-cross-site-popup-verify.html b/testing/web-platform/tests/cookies/third-party-cookies/resources/third-party-cookies-cross-site-popup-verify.html
new file mode 100644
index 0000000000..6deb88b5d0
--- /dev/null
+++ b/testing/web-platform/tests/cookies/third-party-cookies/resources/third-party-cookies-cross-site-popup-verify.html
@@ -0,0 +1,40 @@
+<!DOCTYPE html>
+<meta charset="utf-8" />
+<meta name="timeout" content="long">
+<title>Verifies heuristics enabled by popup</title>
+<script src="/resources/testharness.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/cookies/resources/cookie-helper.sub.js"></script>
+<script src="/cookies/third-party-cookies/resources/test-helpers.js"></script>
+
+<body>
+ <script>
+
+ // Test that parent window passed its parameters in the URL correctly.
+ test(() => {
+ assert_true(window.location.search.includes("?desc="));
+ assert_true(window.location.search.includes("&origin="));
+
+ desc = decodeURIComponent(window.location.search.slice(
+ window.location.search.indexOf("?desc=") + 6,
+ window.location.search.indexOf("&origin=")));
+ origin = decodeURIComponent(window.location.search.slice(
+ window.location.search.indexOf("&origin=") + 8));
+ }, "Cross-site verify opened correctly");
+
+ // Cookies set by the parent window in a 1P context.
+ const cookieNames = ["1P_http", "1P_dom"];
+ if (window.cookieStore) {
+ cookieNames.push("1P_cs");
+ }
+
+ // Third-party cookies are allowed after the popup heuristic grant.
+ assertThirdPartyHttpCookies({
+ desc,
+ origin,
+ cookieNames,
+ expectsCookie: true,
+ });
+
+ </script>
+</body>
diff --git a/testing/web-platform/tests/cookies/third-party-cookies/resources/third-party-cookies-cross-site-popup.html b/testing/web-platform/tests/cookies/third-party-cookies/resources/third-party-cookies-cross-site-popup.html
new file mode 100644
index 0000000000..7addc7943c
--- /dev/null
+++ b/testing/web-platform/tests/cookies/third-party-cookies/resources/third-party-cookies-cross-site-popup.html
@@ -0,0 +1,32 @@
+<!DOCTYPE html>
+<meta charset="utf-8" />
+<meta name="timeout" content="long">
+<title>Cross-site popup</title>
+<script src="/resources/testdriver.js"></script>
+<script src="/resources/testdriver-vendor.js"></script>
+<script src="/resources/testharness.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/cookies/resources/cookie-helper.sub.js"></script>
+<script src="/cookies/third-party-cookies/resources/test-helpers.js"></script>
+
+<body>
+ <button id="button" onclick="userInteractionCallback()">Click for user interaction</button>
+
+ <script>
+ const origin = window.origin;
+ const crossSiteOrigin = get_host_info().HTTPS_NOTSAMESITE_ORIGIN + self.location.pathname;
+
+ function userInteractionCallback() {
+ // Third-party cookies are now allowed.
+ const verify3pAllowedUrl = new URL(
+ `./third-party-cookies-cross-site-popup-verify.html?desc=3P_fetch_with_heuristics&origin=${encodeURIComponent(origin)}`,
+ crossSiteOrigin);
+ const verify3pAllowedPopup = window.open(verify3pAllowedUrl);
+ fetch_tests_from_window(verify3pAllowedPopup);
+ };
+
+ test_driver.set_test_context(window.opener.opener);
+ test_driver.click(document.getElementById("button"));
+
+ </script>
+</body>
diff --git a/testing/web-platform/tests/cookies/third-party-cookies/third-party-cookie-heuristics.tentative.https.html b/testing/web-platform/tests/cookies/third-party-cookies/third-party-cookie-heuristics.tentative.https.html
new file mode 100644
index 0000000000..32e7ab6d9a
--- /dev/null
+++ b/testing/web-platform/tests/cookies/third-party-cookies/third-party-cookie-heuristics.tentative.https.html
@@ -0,0 +1,49 @@
+<!DOCTYPE html>
+<meta charset="utf-8" />
+<meta name="timeout" content="long">
+<title>Test third-party cookie heuristics</title>
+<script src="/resources/testdriver.js"></script>
+<script src="/resources/testdriver-vendor.js"></script>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/cookies/resources/cookie-helper.sub.js"></script>
+<script src="/cookies/third-party-cookies/resources/test-helpers.js"></script>
+
+<body>
+ <script>
+ document.body.onload = async () => {
+ // Set SameSite=None cookie in a 1P context using HTTP.
+ const attributes = "Secure;Path=/;SameSite=None";
+ const httpCookieName = "1P_http";
+ await credFetch(
+ `${self.origin}/cookies/resources/set.py?${httpCookieName}=foobar;${attributes}`);
+
+ // Set another cookie using document.cookie.
+ const domCookieName = "1P_dom";
+ document.cookie = `${domCookieName}=foobar;${attributes}`;
+
+ const cookieNames = [httpCookieName, domCookieName];
+
+ // Set another cookie using the CookieStore API, if supported.
+ if (window.cookieStore) {
+ const cookieStoreCookieName = "1P_cs";
+ await cookieStore.set({
+ name: cookieStoreCookieName,
+ value: "foobar",
+ path: "/",
+ sameSite: "none",
+ });
+ cookieNames.push(cookieStoreCookieName);
+ }
+
+ // Open a cross-site window which will open a popup with the current origin.
+ const crossSiteUrl = new URL(
+ `./resources/third-party-cookies-cross-site-popup-opener.html?origin=${encodeURIComponent(self.origin)}`,
+ get_host_info().HTTPS_NOTSAMESITE_ORIGIN + self.location.pathname);
+ const popup = window.open(crossSiteUrl);
+ fetch_tests_from_window(popup);
+ };
+
+ </script>
+</body>
diff --git a/testing/web-platform/tests/cookies/third-party-cookies/third-party-cookies.tentative.https.html b/testing/web-platform/tests/cookies/third-party-cookies/third-party-cookies.tentative.https.html
index 184649ff5b..018849c827 100644
--- a/testing/web-platform/tests/cookies/third-party-cookies/third-party-cookies.tentative.https.html
+++ b/testing/web-platform/tests/cookies/third-party-cookies/third-party-cookies.tentative.https.html
@@ -61,7 +61,7 @@ document.body.onload = async () => {
// Open a cross-site window which will embed the current origin in a
// third-party context.
const crossSiteUrl = new URL(
- `./resources/third-party-cookies-cross-site-window.html?origin=${
+ `./resources/third-party-cookies-cross-site-embedder.html?origin=${
encodeURIComponent(self.origin)}`,
get_host_info().HTTPS_NOTSAMESITE_ORIGIN + self.location.pathname);
const popup = window.open(crossSiteUrl);