diff options
Diffstat (limited to 'testing/web-platform/tests/html/cross-origin-embedder-policy/credentialless/video.https.window.js')
| -rw-r--r-- | testing/web-platform/tests/html/cross-origin-embedder-policy/credentialless/video.https.window.js | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/testing/web-platform/tests/html/cross-origin-embedder-policy/credentialless/video.https.window.js b/testing/web-platform/tests/html/cross-origin-embedder-policy/credentialless/video.https.window.js new file mode 100644 index 0000000000..0410b48564 --- /dev/null +++ b/testing/web-platform/tests/html/cross-origin-embedder-policy/credentialless/video.https.window.js @@ -0,0 +1,53 @@ +// META: script=/common/get-host-info.sub.js +// META: script=/common/utils.js +// META: script=/common/dispatcher/dispatcher.js +// META: script=./resources/common.js + +const same_origin = get_host_info().HTTPS_ORIGIN; +const cross_origin = get_host_info().HTTPS_REMOTE_ORIGIN; +const cookie_key = "coep_credentialless_image"; +const cookie_same_origin = "same_origin"; +const cookie_cross_origin = "cross_origin"; + +promise_setup(async test => { + await Promise.all([ + setCookie(same_origin, cookie_key, cookie_same_origin + + cookie_same_site_none), + setCookie(cross_origin, cookie_key, cookie_cross_origin + + cookie_same_site_none), + ]); +}, "Setup cookies"); + +const videoTest = function(description, origin, mode, expected_cookie) { + promise_test(async test => { + const video_token = token(); + + let video = document.createElement("video"); + video.src = showRequestHeaders(origin, video_token); + video.autoplay = true; + if (mode) + video.crossOrigin = mode; + document.body.appendChild(video); + + const headers = JSON.parse(await receive(video_token)); + + assert_equals(parseCookies(headers)[cookie_key], expected_cookie); + }, `video ${description}`) +}; + +// Same-origin request always contains Cookies: +videoTest("same-origin + undefined", + same_origin, undefined, cookie_same_origin); +videoTest("same-origin + anonymous", + same_origin, 'anonymous', cookie_same_origin); +videoTest("same-origin + use-credentials", + same_origin, 'use-credentials', cookie_same_origin); + +// Cross-origin request contains cookies, only when sent in CORS mode, using +// crossOrigin = "use-credentials". +videoTest("cross-origin + undefined", + cross_origin, '', undefined); +videoTest("cross-origin + anonymous", + cross_origin, 'anonymous', undefined); +videoTest("cross-origin + use-credentials", + cross_origin, 'use-credentials', cookie_cross_origin); |