From 26a029d407be480d791972afb5975cf62c9360a6 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Fri, 19 Apr 2024 02:47:55 +0200
Subject: Adding upstream version 124.0.1.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 .../browser_same_site_cookies_bug1748693.js        | 61 ++++++++++++++++++++++
 1 file changed, 61 insertions(+)
 create mode 100644 dom/security/test/general/browser_same_site_cookies_bug1748693.js

(limited to 'dom/security/test/general/browser_same_site_cookies_bug1748693.js')

diff --git a/dom/security/test/general/browser_same_site_cookies_bug1748693.js b/dom/security/test/general/browser_same_site_cookies_bug1748693.js
new file mode 100644
index 0000000000..66a7927889
--- /dev/null
+++ b/dom/security/test/general/browser_same_site_cookies_bug1748693.js
@@ -0,0 +1,61 @@
+"use strict";
+
+const HTTPS_PATH = getRootDirectory(gTestPath).replace(
+  "chrome://mochitests/content",
+  "https://example.com"
+);
+const HTTP_PATH = getRootDirectory(gTestPath).replace(
+  "chrome://mochitests/content",
+  // Disable eslint, since we explicitly need a insecure URL here for this test.
+  // eslint-disable-next-line @microsoft/sdl/no-insecure-url
+  "http://example.com"
+);
+
+function checkCookies(expectedCookies = {}) {
+  info(JSON.stringify(expectedCookies));
+  return SpecialPowers.spawn(
+    gBrowser.selectedBrowser,
+    [expectedCookies],
+    async function (expectedCookies) {
+      let cookies = content.document.getElementById("msg").innerHTML;
+      info(cookies);
+      for (const [cookie, expected] of Object.entries(expectedCookies)) {
+        if (expected) {
+          ok(cookies.includes(cookie), `${cookie} should be sent`);
+        } else {
+          ok(!cookies.includes(cookie), `${cookie} should not be sent`);
+        }
+      }
+    }
+  );
+}
+
+add_task(async function bug1748693() {
+  waitForExplicitFinish();
+
+  // HTTPS-First would interfere with this test. We want to check wether
+  // cookies orignally set on a secure site without a "Secure" attribute
+  // get loaded on a insecure site. For that, we need to visit a
+  // insecure site, which would otherwise be upgraded by HTTPS-First.
+  await SpecialPowers.pushPrefEnv({
+    set: [["dom.security.https_first", false]],
+  });
+
+  let loaded = BrowserTestUtils.browserLoaded(gBrowser.selectedBrowser);
+  BrowserTestUtils.startLoadingURIString(
+    gBrowser,
+    `${HTTPS_PATH}file_same_site_cookies_bug1748693.sjs?setcookies`
+  );
+  await loaded;
+
+  loaded = BrowserTestUtils.browserLoaded(gBrowser.selectedBrowser);
+  BrowserTestUtils.startLoadingURIString(
+    gBrowser,
+    `${HTTP_PATH}file_same_site_cookies_bug1748693.sjs`
+  );
+  await loaded;
+
+  await checkCookies({ auth: true, auth_secure: false });
+
+  finish();
+});
-- 
cgit v1.2.3