1 files changed, 25 insertions, 2 deletions

diff --git a/testing/web-platform/tests/cookies/third-party-cookies/resources/test-helpers.js b/testing/web-platform/tests/cookies/third-party-cookies/resources/test-helpers.js
index 2ae2c46a37..c76ac71616 100644
--- a/testing/web-platform/tests/cookies/third-party-cookies/resources/test-helpers.js
+++ b/testing/web-platform/tests/cookies/third-party-cookies/resources/test-helpers.js
@@ -1,10 +1,10 @@
 function testHttpCookies({desc, origin, cookieNames, expectsCookie}) {
   promise_test(async () => {
-    await assertOriginCanAccessCookies({origin, cookieNames, expectsCookie});
+    await assertHttpOriginCanAccessCookies({ origin, cookieNames, expectsCookie });
   }, getCookieTestName(expectsCookie, desc, "HTTP"));
 }
 
-async function assertOriginCanAccessCookies({
+async function assertHttpOriginCanAccessCookies({
   origin,
   cookieNames,
   expectsCookie,
@@ -18,6 +18,29 @@ async function assertOriginCanAccessCookies({
   }
 }
 
+async function assertThirdPartyHttpCookies({ desc, origin, cookieNames, expectsCookie }) {
+  // Test that these cookies are not available on cross-site subresource requests to the
+  // origin that set them.
+  testHttpCookies({
+    desc,
+    origin,
+    cookieNames,
+    expectsCookie,
+  });
+
+  promise_test(async () => {
+    const thirdPartyHttpCookie = "3P_http"
+    await credFetch(
+      `${origin}/cookies/resources/set.py?${thirdPartyHttpCookie}=foobar;` +
+      "Secure;Path=/;SameSite=None");
+    await assertHttpOriginCanAccessCookies({
+      origin,
+      cookieNames: [thirdPartyHttpCookie],
+      expectsCookie,
+    });
+  }, desc + ": Cross site window setting HTTP cookies");
+}
+
 function testDomCookies({desc, cookieNames, expectsCookie}) {
   test(() => {
     assertDomCanAccessCookie(cookieNames, expectsCookie);