diff options
Diffstat (limited to 'testing/web-platform/tests/cookies/secure')
8 files changed, 265 insertions, 0 deletions
diff --git a/testing/web-platform/tests/cookies/secure/set-from-dom.https.sub.html b/testing/web-platform/tests/cookies/secure/set-from-dom.https.sub.html new file mode 100644 index 0000000000..46997db18a --- /dev/null +++ b/testing/web-platform/tests/cookies/secure/set-from-dom.https.sub.html @@ -0,0 +1,47 @@ +<!doctype html> +<html> +<head> + <meta charset=utf-8> + <title>Set 'secure' cookie from `document.cookie` on a secure page</title> + <meta name=help href="https://tools.ietf.org/html/draft-west-leave-secure-cookies-alone"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/cookies/resources/testharness-helpers.js"></script> +</head> +<body> +<div id=log></div> +<script> + var tests = [ + [ + "'secure' cookie visible in `document.cookie`", + function () { + document.cookie = "secure_from_secure_dom=1; secure; path=/"; + assert_not_equals(document.cookie.match(/secure_from_secure_dom=1/), null); + this.done(); + } + ], + [ + "'secure' cookie visible in HTTP request", + function () { + document.cookie = "secure_from_secure_dom=1; secure; path=/"; + assert_not_equals(document.cookie.match(/secure_from_secure_dom=1/), null); + fetch("https://{{host}}:{{ports[https][0]}}/cookies/resources/echo-json.py", + { "credentials": "include" }) + .then(this.step_func(function (r) { + return r.json(); + })) + .then(this.step_func_done(function (j) { + assert_equals(j["secure_from_secure_dom"], "secure_from_secure_dom=1"); + })); + } + ] + ]; + + function clearKnownCookie() { + document.cookie = "secure_from_secure_dom=0; Secure; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/"; + } + + executeTestsSerially(tests, clearKnownCookie, clearKnownCookie); +</script> +</body> +</html> diff --git a/testing/web-platform/tests/cookies/secure/set-from-dom.sub.html b/testing/web-platform/tests/cookies/secure/set-from-dom.sub.html new file mode 100644 index 0000000000..91aa8fff3b --- /dev/null +++ b/testing/web-platform/tests/cookies/secure/set-from-dom.sub.html @@ -0,0 +1,47 @@ +<!doctype html> +<html> +<head> + <meta charset=utf-8> + <title>Set 'secure' cookie from `document.cookie` on a non-secure page</title> + <meta name=help href="https://tools.ietf.org/html/draft-west-leave-secure-cookies-alone"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/cookies/resources/testharness-helpers.js"></script> +</head> +<body> +<div id=log></div> +<script> + var tests = [ + [ + "'secure' cookie not set in `document.cookie`", + function () { + var originalCookie = document.cookie; + document.cookie = "secure_from_nonsecure_dom=1; secure; path=/"; + assert_equals(document.cookie, originalCookie); + this.done(); + } + ], + [ + "'secure' cookie not sent in HTTP request", + function () { + document.cookie = "secure_from_nonsecure_dom=1; secure; path=/"; + fetch("https://{{host}}:{{ports[https][0]}}/cookies/resources/echo-json.py", { "credentials": "include" }) + .then(this.step_func(function (r) { + return r.json(); + })) + .then(this.step_func_done(function (j) { + assert_equals(j["secure_from_nonsecure_dom"], undefined); + })); + } + ] + ]; + + function clearKnownCookie() { + document.cookie = "secure_from_nonsecure_dom=0; Secure; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/"; + } + + executeTestsSerially(tests, clearKnownCookie, clearKnownCookie); +</script> +</body> +</html> + diff --git a/testing/web-platform/tests/cookies/secure/set-from-http.https.sub.html b/testing/web-platform/tests/cookies/secure/set-from-http.https.sub.html new file mode 100644 index 0000000000..6024c5b7f6 --- /dev/null +++ b/testing/web-platform/tests/cookies/secure/set-from-http.https.sub.html @@ -0,0 +1,36 @@ +<!doctype html> +<html> +<head> + <meta charset=utf-8> + <title>Set 'secure' cookie from `Set-Cookie` HTTP header on a secure page</title> + <meta name=help href="https://tools.ietf.org/html/draft-west-leave-secure-cookies-alone"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/cookies/resources/testharness-helpers.js"></script> +</head> +<body> +<div id=log></div> +<script> + function clearKnownCookie() { + document.cookie = "secure_from_secure_http=0; Secure; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/"; + } + + test(function () { + assert_not_equals(document.cookie.match(/secure_from_secure_http=1/), null); + }, "'secure' cookie present in `document.cookie`"); + + promise_test(function (t) { + t.add_cleanup(clearKnownCookie); + return fetch("https://{{host}}:{{ports[https][0]}}/cookies/resources/echo-json.py", + { "credentials": "include" }) + .then(function (r) { + return r.json(); + }) + .then(function (j) { + assert_equals(j["secure_from_secure_http"], "secure_from_secure_http=1"); + }); + }, "'secure' cookie sent in HTTP request"); +</script> +</body> +</html> + diff --git a/testing/web-platform/tests/cookies/secure/set-from-http.https.sub.html.headers b/testing/web-platform/tests/cookies/secure/set-from-http.https.sub.html.headers new file mode 100644 index 0000000000..f4c9147fac --- /dev/null +++ b/testing/web-platform/tests/cookies/secure/set-from-http.https.sub.html.headers @@ -0,0 +1,5 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: secure_from_secure_http=1; Secure; Path=/ diff --git a/testing/web-platform/tests/cookies/secure/set-from-http.sub.html b/testing/web-platform/tests/cookies/secure/set-from-http.sub.html new file mode 100644 index 0000000000..c80cc34101 --- /dev/null +++ b/testing/web-platform/tests/cookies/secure/set-from-http.sub.html @@ -0,0 +1,36 @@ +<!doctype html> +<html> +<head> + <meta charset=utf-8> + <title>Set 'secure' cookie from `Set-Cookie` HTTP header on a non-secure page</title> + <meta name=help href="https://tools.ietf.org/html/draft-west-leave-secure-cookies-alone"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/cookies/resources/testharness-helpers.js"></script> +</head> +<body> +<div id=log></div> +<script> + function clearKnownCookie() { + document.cookie = "secure_from_nonsecure_http=0; Secure; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/"; + } + + test(function () { + assert_equals(document.cookie.match(/secure_from_nonsecure_http=1/), null); + }, "'secure' cookie not present in `document.cookie`"); + + promise_test(function (t) { + t.add_cleanup(clearKnownCookie); + return fetch("https://{{host}}:{{ports[https][0]}}/cookies/resources/echo-json.py", + { "credentials": "include" }) + .then(function (r) { + return r.json(); + }) + .then(function (j) { + assert_equals(j["secure_from_nonsecure_http"], undefined); + }); + }, "'secure' cookie not sent in HTTP request"); +</script> +</body> +</html> + diff --git a/testing/web-platform/tests/cookies/secure/set-from-http.sub.html.headers b/testing/web-platform/tests/cookies/secure/set-from-http.sub.html.headers new file mode 100644 index 0000000000..57a45167f0 --- /dev/null +++ b/testing/web-platform/tests/cookies/secure/set-from-http.sub.html.headers @@ -0,0 +1,5 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: secure_from_nonsecure_http=1; Secure; Path=/ diff --git a/testing/web-platform/tests/cookies/secure/set-from-ws.sub.html b/testing/web-platform/tests/cookies/secure/set-from-ws.sub.html new file mode 100644 index 0000000000..b12504450e --- /dev/null +++ b/testing/web-platform/tests/cookies/secure/set-from-ws.sub.html @@ -0,0 +1,45 @@ +<!doctype html> +<html> +<head> + <meta charset=utf-8> + <title>Set 'secure' cookie from `Set-Cookie` HTTP header on a non-secure WebSocket</title> + <meta name=help href="https://tools.ietf.org/html/draft-west-leave-secure-cookies-alone"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/cookies/resources/testharness-helpers.js"></script> +</head> +<body> +<div id=log></div> +<script> + function clearKnownCookie() { + document.cookie = "ws_test_secure_from_nonsecure=0; Secure; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/"; + } + + async_test(function (t) { + t.add_cleanup(clearKnownCookie); + assert_equals(document.cookie.match(/ws_test_secure_from_nonsecure=/), null); + + clearKnownCookie(); + var ws = new WebSocket("ws://{{host}}:{{ports[ws][0]}}/set-cookie-secure?secure_from_nonsecure"); + ws.onclose = t.step_func_done(function () { + assert_unreached("'close' should not fire before 'open'."); + }); + ws.onopen = t.step_func(function (e) { + ws.onclose = null; + ws.close(); + assert_false(/ws_test_secure_from_nonsecure=test/.test(document.cookie)); + + var ws2 = new WebSocket("wss://{{host}}:{{ports[wss][0]}}/echo-cookie"); + ws2.onclose = t.step_func_done(function () { + assert_unreached("'close' should not fire before 'open'."); + }); + ws2.onmessage = t.step_func_done(function (e) { + ws2.onclose = null; + ws2.close(); + assert_false(/ws_test_secure_from_nonsecure=test/.test(e.data)); + }); + }); + }, "'secure' cookie not sent in WSS request when set from WS"); +</script> +</body> +</html> diff --git a/testing/web-platform/tests/cookies/secure/set-from-wss.https.sub.html b/testing/web-platform/tests/cookies/secure/set-from-wss.https.sub.html new file mode 100644 index 0000000000..c5e8b385d0 --- /dev/null +++ b/testing/web-platform/tests/cookies/secure/set-from-wss.https.sub.html @@ -0,0 +1,44 @@ +<!doctype html> +<html> +<head> + <meta charset=utf-8> + <title>Set 'secure' cookie from `Set-Cookie` HTTP header on a secure WebSocket</title> + <meta name=help href="https://tools.ietf.org/html/draft-west-leave-secure-cookies-alone"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/cookies/resources/testharness-helpers.js"></script> +</head> +<body> +<div id=log></div> +<script> + function clearKnownCookie() { + document.cookie = "ws_test_secure_from_secure=0; Secure; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/"; + } + + async_test(function (t) { + t.add_cleanup(clearKnownCookie); + assert_equals(document.cookie.match(/ws_test_secure_from_secure=/), null); + + clearKnownCookie(); + var ws = new WebSocket("wss://{{host}}:{{ports[wss][0]}}/set-cookie-secure?secure_from_secure"); + ws.onclose = t.step_func_done(function () { + assert_unreached("'close' should not fire before 'open'."); + }); + ws.onopen = t.step_func(function (e) { + ws.onclose = null; + ws.close(); + assert_regexp_match(document.cookie, /ws_test_secure_from_secure=test/); + var ws2 = new WebSocket("wss://{{host}}:{{ports[wss][0]}}/echo-cookie"); + ws2.onclose = t.step_func_done(function () { + assert_unreached("'close' should not fire before 'open'."); + }); + ws2.onmessage = t.step_func_done(function (e) { + ws2.onclose = null; + ws2.close(); + assert_regexp_match(e.data, /ws_test_secure_from_secure=test/); + }); + }); + }, "'secure' cookie not sent in HTTP request"); +</script> +</body> +</html> |