summaryrefslogtreecommitdiffstats
path: root/dom/security/test/https-first/file_toplevel_cookies.sjs
diff options
context:
space:
mode:
Diffstat (limited to 'dom/security/test/https-first/file_toplevel_cookies.sjs')
-rw-r--r--dom/security/test/https-first/file_toplevel_cookies.sjs233
1 files changed, 233 insertions, 0 deletions
diff --git a/dom/security/test/https-first/file_toplevel_cookies.sjs b/dom/security/test/https-first/file_toplevel_cookies.sjs
new file mode 100644
index 0000000000..dd9f7c0909
--- /dev/null
+++ b/dom/security/test/https-first/file_toplevel_cookies.sjs
@@ -0,0 +1,233 @@
+// Custom *.sjs file specifically for the needs of Bug 1711453
+"use strict";
+
+// small red image
+const IMG_BYTES = atob(
+ "iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12" +
+ "P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg=="
+);
+
+const IFRAME_INC = `<iframe id="testframeinc"></iframe>`;
+
+// Sets an image sends cookie and location after loading
+const SET_COOKIE_IMG = `
+<html>
+<body>
+<img id="cookieImage">
+<script class="testbody" type="text/javascript">
+ var cookieImage = document.getElementById("cookieImage");
+ cookieImage.onload = function() {
+ let myLocation = window.location.href;
+ let myCookie = document.cookie;
+ window.opener.postMessage({result: 'upgraded', loc: myLocation, cookie: myCookie}, '*');
+ }
+ cookieImage.onerror = function() {
+ window.opener.postMessage({result: 'error'}, '*');
+ }
+ // Add the last number of the old query to the new query to set cookie properly
+ cookieImage.src = window.location.origin + "/tests/dom/security/test/https-first/file_toplevel_cookies.sjs?setSameSiteCookie"
+ + window.location.href.charAt(window.location.href.length -1);
+</script>
+</body>
+</html>
+`;
+
+// Load blank frame navigation sends cookie and location after loading
+const LOAD_BLANK_FRAME_NAV = `
+<html>
+<body>
+<iframe id="testframe"></iframe>
+<script>
+ let testframe = document.getElementById("testframe");
+ testframe.onload = function() {
+ let myLocation = window.location.href;
+ let myCookie = document.cookie;
+ window.opener.postMessage({result: 'upgraded', loc: myLocation, cookie: myCookie}, '*');
+ }
+ testframe.onerror = function() {
+ window.opener.postMessage({result: 'error', loc: 'error', cookie: ''}, '*');
+ }
+ testframe.src = window.location.origin + "/tests/dom/security/test/https-first/file_toplevel_cookies.sjs?loadblankframeNav";
+</script>
+</body>
+</html>
+`;
+
+// Load frame navigation sends cookie and location after loading
+const LOAD_FRAME_NAV = `
+<html>
+<body>
+<iframe id="testframe"></iframe>
+<script>
+ let testframe = document.getElementById("testframe");
+ testframe.onload = function() {
+ let myLocation = window.location.href;
+ let myCookie = document.cookie;
+ window.opener.postMessage({result: 'upgraded', loc: myLocation, cookie: myCookie}, '*');
+ }
+ testframe.onerror = function() {
+ window.opener.postMessage({result: 'error', loc: 'error', cookie: ''}, '*');
+ }
+ testframe.src = window.location.origin + "/tests/dom/security/test/https-first/file_toplevel_cookies.sjs?loadsrcdocframeNav";
+</script>
+</body>
+</html>
+
+`;
+// blank frame sends cookie and location after loading
+const LOAD_BLANK_FRAME = `
+<html>
+<body>
+<iframe id="testframe"></iframe>
+<script>
+ let testframe = document.getElementById("testframe");
+ testframe.onload = function() {
+ let myLocation = window.location.href;
+ let myCookie = document.cookie;
+ window.opener.postMessage({result: 'upgraded', loc: myLocation, cookie: myCookie}, '*');
+ }
+ testframe.onerror = function() {
+ window.opener.postMessage({result: 'error', loc: 'error', cookie: ''}, '*');
+ }
+ testframe.src = window.location.origin + "/tests/dom/security/test/https-first/file_toplevel_cookies.sjs?loadblankframeInc";
+</script>
+</body>
+</html>
+`;
+// frame sends cookie and location after loading
+const LOAD_FRAME = `
+<html>
+<body>
+<iframe id="testframe"></iframe>
+<script>
+ let testframe = document.getElementById("testframe");
+ testframe.onload = function() {
+ let myLocation = window.location.href;
+ let myCookie = document.cookie;
+ window.opener.postMessage({result: 'upgraded', loc: myLocation, cookie: myCookie}, '*');
+ }
+ testframe.onerror = function() {
+ window.opener.postMessage({result: 'error', loc: 'error', cookie: ''}, '*');
+ }
+ testframe.src = window.location.origin + "/tests/dom/security/test/https-first/file_toplevel_cookies.sjs?loadsrcdocframeInc";
+</script>
+</body>
+</html>
+`;
+
+const RESPONSE_UNEXPECTED = `
+ <html>
+ <body>
+ send message, error
+ <script type="application/javascript">
+ let myLocation = document.location.href;
+ window.opener.postMessage({result: 'error', loc: myLocation}, '*');
+ </script>
+ </body>
+ </html>`;
+
+function setCookie(name, query) {
+ let cookie = name + "=";
+ if (query.includes("0")) {
+ cookie += "0;Domain=.example.com;sameSite=none";
+ return cookie;
+ }
+ if (query.includes("1")) {
+ cookie += "1;Domain=.example.com;sameSite=strict";
+ return cookie;
+ }
+ if (query.includes("2")) {
+ cookie += "2;Domain=.example.com;sameSite=none;secure";
+ return cookie;
+ }
+ if (query.includes("3")) {
+ cookie += "3;Domain=.example.com;sameSite=strict;secure";
+ return cookie;
+ }
+ return cookie + "error";
+}
+
+function handleRequest(request, response) {
+ // avoid confusing cache behaviors
+ response.setHeader("Cache-Control", "no-cache", false);
+ let query = request.queryString;
+ if (query.includes("setImage")) {
+ response.write(SET_COOKIE_IMG);
+ return;
+ }
+ // using startsWith and discard the math random
+ if (query.includes("setSameSiteCookie")) {
+ response.setHeader("Set-Cookie", setCookie("setImage", query), true);
+ response.setHeader("Content-Type", "image/png");
+ response.write(IMG_BYTES);
+ return;
+ }
+
+ // navigation tests
+ if (query.includes("loadNavBlank")) {
+ response.setHeader("Set-Cookie", setCookie("loadNavBlank", query), true);
+ response.write(LOAD_BLANK_FRAME_NAV);
+ return;
+ }
+
+ if (request.queryString === "loadblankframeNav") {
+ let FRAME = `
+ <iframe src="about:blank"
+ // nothing happens here
+ </iframe>`;
+ response.write(FRAME);
+ return;
+ }
+
+ if (query.includes("loadNav")) {
+ response.setHeader("Set-Cookie", setCookie("loadNav", query), true);
+ response.write(LOAD_FRAME_NAV);
+ return;
+ }
+
+ if (query === "loadsrcdocframeNav") {
+ let FRAME = `
+ <iframe srcdoc="foo"
+ // nothing happens here
+ </iframe>`;
+ response.write(FRAME);
+ return;
+ }
+
+ // inclusion tests
+ if (query.includes("loadframeIncBlank")) {
+ response.setHeader(
+ "Set-Cookie",
+ setCookie("loadframeIncBlank", query),
+ true
+ );
+ response.write(LOAD_BLANK_FRAME);
+ return;
+ }
+
+ if (request.queryString === "loadblankframeInc") {
+ let FRAME =
+ ` <iframe id="blankframe" src="about:blank"></iframe>
+ <script>
+ document.getElementById("blankframe").contentDocument.write("` +
+ IFRAME_INC +
+ `");
+ <\script>`;
+ response.write(FRAME);
+ return;
+ }
+
+ if (query.includes("loadframeInc")) {
+ response.setHeader("Set-Cookie", setCookie("loadframeInc", query), true);
+ response.write(LOAD_FRAME);
+ return;
+ }
+
+ if (request.queryString === "loadsrcdocframeInc") {
+ response.write('<iframe srcdoc="' + IFRAME_INC + '"></iframe>');
+ return;
+ }
+
+ // We should never arrive here, just in case send 'error'
+ response.write(RESPONSE_UNEXPECTED);
+}
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-22 01:00:22 +0000