summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/cookies/third-party-cookies
diff options
context:
space:
mode:
Diffstat (limited to 'testing/web-platform/tests/cookies/third-party-cookies')
-rw-r--r--testing/web-platform/tests/cookies/third-party-cookies/resources/test-helpers.js63
-rw-r--r--testing/web-platform/tests/cookies/third-party-cookies/resources/third-party-cookies-cross-site-embed.html57
-rw-r--r--testing/web-platform/tests/cookies/third-party-cookies/resources/third-party-cookies-cross-site-window.html62
-rw-r--r--testing/web-platform/tests/cookies/third-party-cookies/third-party-cookies.tentative.https.html72
4 files changed, 254 insertions, 0 deletions
diff --git a/testing/web-platform/tests/cookies/third-party-cookies/resources/test-helpers.js b/testing/web-platform/tests/cookies/third-party-cookies/resources/test-helpers.js
new file mode 100644
index 0000000000..2ae2c46a37
--- /dev/null
+++ b/testing/web-platform/tests/cookies/third-party-cookies/resources/test-helpers.js
@@ -0,0 +1,63 @@
+function testHttpCookies({desc, origin, cookieNames, expectsCookie}) {
+ promise_test(async () => {
+ await assertOriginCanAccessCookies({origin, cookieNames, expectsCookie});
+ }, getCookieTestName(expectsCookie, desc, "HTTP"));
+}
+
+async function assertOriginCanAccessCookies({
+ origin,
+ cookieNames,
+ expectsCookie,
+}) {
+ const resp = await credFetch(`${origin}/cookies/resources/list.py`);
+ const cookies = await resp.json();
+ for (const cookieName of cookieNames) {
+ assert_equals(
+ cookies.hasOwnProperty(cookieName), expectsCookie,
+ getCookieAssertDesc(expectsCookie, cookieName));
+ }
+}
+
+function testDomCookies({desc, cookieNames, expectsCookie}) {
+ test(() => {
+ assertDomCanAccessCookie(cookieNames, expectsCookie);
+ }, getCookieTestName(expectsCookie, desc, "DOM"));
+}
+
+function assertDomCanAccessCookie(cookieNames, expectsCookie) {
+ for (const cookieName of cookieNames) {
+ assert_equals(
+ document.cookie.includes(cookieName + "="), expectsCookie,
+ getCookieAssertDesc(expectsCookie, cookieName));
+ }
+}
+
+function testCookieStoreCookies({desc, cookieNames, expectsCookie}) {
+ if (!window.cookieStore) return;
+ promise_test(async () => {
+ await assertCookieStoreCanAccessCookies(cookieNames, expectsCookie);
+ }, getCookieTestName(expectsCookie, desc, "CookieStore"));
+}
+
+async function assertCookieStoreCanAccessCookies(cookieNames, expectsCookie) {
+ const cookies = await cookieStore.getAll({sameSite: 'none'});
+ for (const cookieName of cookieNames) {
+ assert_equals(
+ !!cookies.find(c => c.name === cookieName), expectsCookie,
+ getCookieAssertDesc(expectsCookie, cookieName));
+ }
+}
+
+function getCookieTestName(expectsCookie, desc, cookieType) {
+ if (expectsCookie) {
+ return `${desc}: Cookies are accessible via ${cookieType}`;
+ }
+ return `${desc}: Cookies are not accessible via ${cookieType}`;
+}
+
+function getCookieAssertDesc(expectsCookie, cookieName) {
+ if (expectsCookie) {
+ return `Expected cookie ${cookieName} to be available`;
+ }
+ return `Expected cookie ${cookieName} to not be available`;
+}
diff --git a/testing/web-platform/tests/cookies/third-party-cookies/resources/third-party-cookies-cross-site-embed.html b/testing/web-platform/tests/cookies/third-party-cookies/resources/third-party-cookies-cross-site-embed.html
new file mode 100644
index 0000000000..2d579c91be
--- /dev/null
+++ b/testing/web-platform/tests/cookies/third-party-cookies/resources/third-party-cookies-cross-site-embed.html
@@ -0,0 +1,57 @@
+<!DOCTYPE html>
+<meta charset="utf-8"/>
+<meta name="timeout" content="long">
+<title>Test site embedded in a cross-site context</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/cookies/resources/cookie-helper.sub.js"></script>
+<script src="/cookies/third-party-cookies/resources/test-helpers.js"></script>
+<body>
+<script>
+
+// Cookies set by the parent window in a 1P context.
+const cookieNames = ["1P_http", "1P_dom"];
+if (window.cookieStore) {
+ cookieNames.push("1P_cs");
+}
+
+testDomCookies({
+ desc: "3P embed",
+ cookieNames,
+ expectsCookie: false,
+});
+
+testCookieStoreCookies({
+ desc: "3P embed",
+ cookieNames,
+ expectsCookie: false,
+});
+
+test(() => {
+ const thirdPartyDomCookieName = "3P_dom";
+ document.cookie =
+ `${thirdPartyDomCookieName}=foobar;Secure;Path=/;SameSite=None`;
+
+ assertDomCanAccessCookie([thirdPartyDomCookieName], false);
+}, "Cross site embed setting DOM cookies");
+
+if (window.cookieStore) {
+ promise_test(async () => {
+ const thirdPartyCsCookieName = "3P_cs";
+ await cookieStore.set({
+ name: thirdPartyCsCookieName,
+ value: "foobar",
+ path: "/",
+ sameSite: "none",
+ }).then(
+ // The promise should reject.
+ () => { assert_unreached(); },
+ () => {});
+
+ await assertCookieStoreCanAccessCookies([thirdPartyCsCookieName], false);
+ }, "Cross site embed setting CookieStore cookies");
+}
+
+</script>
+</body>
diff --git a/testing/web-platform/tests/cookies/third-party-cookies/resources/third-party-cookies-cross-site-window.html b/testing/web-platform/tests/cookies/third-party-cookies/resources/third-party-cookies-cross-site-window.html
new file mode 100644
index 0000000000..99418a6749
--- /dev/null
+++ b/testing/web-platform/tests/cookies/third-party-cookies/resources/third-party-cookies-cross-site-window.html
@@ -0,0 +1,62 @@
+<!DOCTYPE html>
+<meta charset="utf-8"/>
+<meta name="timeout" content="long">
+<title>Cross-site window</title>
+<script src="/resources/testharness.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/cookies/resources/cookie-helper.sub.js"></script>
+<script src="/cookies/third-party-cookies/resources/test-helpers.js"></script>
+
+<body>
+<script>
+
+let origin;
+
+// Test that parent window passed its origin in the URL parameters correctly.
+test(() => {
+ assert_true(window.location.search.startsWith("?origin="));
+ origin = decodeURIComponent(window.location.search.slice(
+ window.location.search.indexOf("?origin=") + 8));
+}, "Cross-site window opened correctly");
+
+// Cookies set by the parent window in a 1P context.
+const cookieNames = ["1P_http", "1P_dom"];
+if (window.cookieStore) {
+ cookieNames.push("1P_cs");
+}
+
+// Test theses cookies are not available on cross-site subresource requests
+// to the origin that set them.
+testHttpCookies({
+ desc: "3P fetch",
+ origin,
+ cookieNames,
+ expectsCookie: false,
+});
+
+promise_test(async () => {
+ const thirdPartyHttpCookie = "3P_http"
+ await credFetch(
+ `${origin}/cookies/resources/set.py?${thirdPartyHttpCookie}=foobar;` +
+ "Secure;Path=/;SameSite=None");
+ await assertOriginCanAccessCookies({
+ origin,
+ cookieNames: ["3P_http"],
+ expectsCookie: false,
+ });
+}, "Cross site window setting HTTP cookies");
+
+// Create a cross-site <iframe> which embeds the cookies' origin into this
+// page.
+const iframe = document.createElement("iframe");
+const url = new URL(
+ "/cookies/third-party-cookies/resources/" +
+ "third-party-cookies-cross-site-embed.html",
+ origin);
+iframe.src = String(url);
+document.body.appendChild(iframe);
+
+fetch_tests_from_window(iframe.contentWindow);
+
+</script>
+</body>
diff --git a/testing/web-platform/tests/cookies/third-party-cookies/third-party-cookies.tentative.https.html b/testing/web-platform/tests/cookies/third-party-cookies/third-party-cookies.tentative.https.html
new file mode 100644
index 0000000000..184649ff5b
--- /dev/null
+++ b/testing/web-platform/tests/cookies/third-party-cookies/third-party-cookies.tentative.https.html
@@ -0,0 +1,72 @@
+<!DOCTYPE html>
+<meta charset="utf-8"/>
+<meta name="timeout" content="long">
+<title>Test third-party cookies</title>
+<title>Test partitioned cookies</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/cookies/resources/cookie-helper.sub.js"></script>
+<script src="/cookies/third-party-cookies/resources/test-helpers.js"></script>
+
+<body>
+<script>
+
+document.body.onload = async () => {
+ // Set SameSite=None cookie in a 1P context using HTTP.
+ const attributes = "Secure;Path=/;SameSite=None";
+ const httpCookieName = "1P_http";
+ await credFetch(
+ `${self.origin}/cookies/resources/set.py?${httpCookieName}=foobar;${
+ attributes}`);
+
+ // Set another cookie using document.cookie.
+ const domCookieName = "1P_dom";
+ document.cookie = `${domCookieName}=foobar;${attributes}`;
+
+ const cookieNames = [httpCookieName, domCookieName];
+
+ // Set another cookie using the CookieStore API, if supported.
+ if (window.cookieStore) {
+ const cookieStoreCookieName = "1P_cs";
+ await cookieStore.set({
+ name: cookieStoreCookieName,
+ value: "foobar",
+ path: "/",
+ sameSite: "none",
+ });
+ cookieNames.push(cookieStoreCookieName);
+ }
+
+ // Test that the cookie is available in a first-party context via HTTP.
+ testHttpCookies({
+ desc: "1P window",
+ origin: self.origin,
+ cookieNames,
+ expectsCookie: true,
+ });
+
+ // // Verify that the cookies are available to the DOM as well.
+ testDomCookies({
+ desc: "1P window",
+ cookieNames,
+ expectsCookie: true,
+ });
+ testCookieStoreCookies({
+ desc: "1P window",
+ cookieNames,
+ expectsCookie: true,
+ });
+
+ // Open a cross-site window which will embed the current origin in a
+ // third-party context.
+ const crossSiteUrl = new URL(
+ `./resources/third-party-cookies-cross-site-window.html?origin=${
+ encodeURIComponent(self.origin)}`,
+ get_host_info().HTTPS_NOTSAMESITE_ORIGIN + self.location.pathname);
+ const popup = window.open(crossSiteUrl);
+ fetch_tests_from_window(popup);
+};
+
+</script>
+</body>
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-02 07:53:40 +0000