From 26a029d407be480d791972afb5975cf62c9360a6 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 19 Apr 2024 02:47:55 +0200 Subject: Adding upstream version 124.0.1. Signed-off-by: Daniel Baumann --- testing/web-platform/tests/cookies/META.yml | 2 + testing/web-platform/tests/cookies/README.md | 2 + testing/web-platform/tests/cookies/__init__.py | 0 .../cookies/attributes/attributes-ctl.sub.html | 99 +++++ .../tests/cookies/attributes/domain.sub.html | 24 ++ .../tests/cookies/attributes/expires.html | 56 +++ .../tests/cookies/attributes/invalid.html | 171 +++++++++ .../tests/cookies/attributes/max-age.html | 78 ++++ .../tests/cookies/attributes/path-redirect.html | 128 +++++++ .../tests/cookies/attributes/path.html | 144 ++++++++ .../attributes/resources/domain-child.sub.html | 401 +++++++++++++++++++++ .../attributes/resources/path-redirect-shared.js | 11 + .../tests/cookies/attributes/resources/path.html | 14 + .../cookies/attributes/resources/path.html.headers | 1 + .../cookies/attributes/resources/path/one.html | 14 + .../cookies/attributes/resources/path/three.html | 14 + .../cookies/attributes/resources/path/two.html | 14 + .../cookies/attributes/resources/pathfakeout.html | 14 + .../attributes/resources/pathfakeout/one.html | 14 + .../resources/secure-non-secure-child.html | 85 +++++ .../cookies/attributes/secure-non-secure.html | 23 ++ .../tests/cookies/attributes/secure.https.html | 65 ++++ .../cookies/cookie-enabled-noncookie-frame.html | 30 ++ ...-with-and-without-leading-period.sub.https.html | 40 ++ ...thout-leading-period.sub.https.html.sub.headers | 2 + ...tribute-host-with-leading-period.sub.https.html | 39 ++ ...-with-leading-period.sub.https.html.sub.headers | 1 + .../domain-attribute-idn-host.sub.https.html | 18 + .../domain-attribute-matches-host.sub.https.html | 39 ++ ...tribute-matches-host.sub.https.html.sub.headers | 1 + .../domain/domain-attribute-missing.sub.html | 39 ++ .../domain-attribute-missing.sub.html.headers | 1 + .../domain/support/idn-child.sub.https.html | 72 ++++ .../tests/cookies/domain/support/idn.py | 61 ++++ .../tests/cookies/encoding/charset.html | 55 +++ .../web-platform/tests/cookies/meta-blocked.html | 13 + .../web-platform/tests/cookies/name/name-ctl.html | 63 ++++ testing/web-platform/tests/cookies/name/name.html | 169 +++++++++ .../web-platform/tests/cookies/navigated-away.html | 39 ++ .../tests/cookies/ordering/ordering.sub.html | 25 ++ .../ordering/resources/ordering-child.sub.html | 76 ++++ .../partitioned-cookies.tentative.https.html | 72 ++++ .../partitioned-cookies-cross-site-embed.html | 26 ++ .../partitioned-cookies-cross-site-window.html | 43 +++ .../partitioned-cookies/resources/test-helpers.js | 64 ++++ .../web-platform/tests/cookies/path/default.html | 51 +++ testing/web-platform/tests/cookies/path/match.html | 113 ++++++ .../cookies/prefix/__host.document-cookie.html | 57 +++ .../prefix/__host.document-cookie.https.html | 74 ++++ .../tests/cookies/prefix/__host.header.html | 83 +++++ .../tests/cookies/prefix/__host.header.https.html | 83 +++++ .../cookies/prefix/__secure.document-cookie.html | 41 +++ .../prefix/__secure.document-cookie.https.html | 41 +++ .../tests/cookies/prefix/__secure.header.html | 41 +++ .../cookies/prefix/__secure.header.https.html | 79 ++++ .../cookies/prefix/document-cookie.non-secure.html | 42 +++ .../tests/cookies/resources/__init__.py | 0 .../tests/cookies/resources/cookie-helper.sub.js | 284 +++++++++++++++ .../tests/cookies/resources/cookie-test.js | 186 ++++++++++ .../web-platform/tests/cookies/resources/cookie.py | 42 +++ .../web-platform/tests/cookies/resources/drop.py | 14 + .../tests/cookies/resources/dropSameSite.py | 13 + .../resources/dropSameSiteMultiAttribute.py | 17 + .../tests/cookies/resources/dropSameSiteNone.py | 11 + .../tests/cookies/resources/dropSecure.py | 11 + .../tests/cookies/resources/echo-cookie.html | 31 ++ .../tests/cookies/resources/echo-json.py | 15 + .../tests/cookies/resources/helpers.py | 59 +++ .../tests/cookies/resources/imgIfMatch.py | 16 + .../cookies/resources/list-cookies-for-script.py | 12 + .../web-platform/tests/cookies/resources/list.py | 10 + .../tests/cookies/resources/navigate.html | 8 + .../tests/cookies/resources/postToParent.py | 39 ++ .../cookies/resources/redirectWithCORSHeaders.py | 22 ++ .../tests/cookies/resources/set-cookie.py | 45 +++ .../web-platform/tests/cookies/resources/set.py | 15 + .../tests/cookies/resources/setSameSite.py | 32 ++ .../tests/cookies/resources/setSameSiteDomain.py | 36 ++ .../cookies/resources/setSameSiteMultiAttribute.py | 60 +++ .../tests/cookies/resources/setSameSiteNone.py | 16 + .../tests/cookies/resources/setSecure.py | 14 + .../tests/cookies/resources/testharness-helpers.js | 49 +++ ...kies-without-samesite-must-be-secure.https.html | 20 + .../cookies/samesite/about-blank-nested.https.html | 29 ++ .../samesite/about-blank-subresource.https.html | 31 ++ .../samesite/about-blank-toplevel.https.html | 30 ++ .../tests/cookies/samesite/fetch.https.html | 40 ++ .../samesite/form-get-blank-reload.https.html | 66 ++++ .../cookies/samesite/form-get-blank.https.html | 68 ++++ .../samesite/form-post-blank-reload.https.html | 56 +++ .../cookies/samesite/form-post-blank.https.html | 57 +++ .../samesite/get_all_cookies-default-samesite.html | 20 + .../get_named_cookie-default-samesite.html | 18 + .../cookies/samesite/iframe-reload.https.html | 55 +++ .../cookies/samesite/iframe.document.https.html | 57 +++ .../tests/cookies/samesite/iframe.https.html | 79 ++++ .../tests/cookies/samesite/img.https.html | 75 ++++ .../multiple-samesite-attributes.https.html | 92 +++++ .../cookies/samesite/resources/echo-cookies.html | 8 + .../samesite/resources/iframe-navigate-report.html | 3 + .../resources/iframe-subresource-report.html | 14 + .../samesite/resources/iframe.document.html | 8 + .../samesite/resources/navigate-iframe.html | 26 ++ .../tests/cookies/samesite/resources/navigate.html | 25 ++ .../tests/cookies/samesite/resources/puppet.html | 32 ++ .../samesite/sandbox-iframe-nested.https.html | 28 ++ .../samesite/sandbox-iframe-subresource.https.html | 28 ++ .../cookies/samesite/setcookie-lax.https.html | 32 ++ .../samesite/setcookie-navigation.https.html | 81 +++++ .../cookies/samesite/window-open-reload.https.html | 52 +++ .../tests/cookies/samesite/window-open.https.html | 54 +++ .../resources/navigateToInsecurePostToParent.html | 6 + .../schemeful-iframe-subresource.tentative.html | 28 ++ .../schemeful-navigation.tentative.html | 41 +++ .../schemeful-subresource.tentative.html | 49 +++ .../schemeful-websockets.sub.tentative.html | 57 +++ .../cookies/secure/set-from-dom.https.sub.html | 47 +++ .../tests/cookies/secure/set-from-dom.sub.html | 47 +++ .../cookies/secure/set-from-http.https.sub.html | 36 ++ .../secure/set-from-http.https.sub.html.headers | 5 + .../tests/cookies/secure/set-from-http.sub.html | 36 ++ .../cookies/secure/set-from-http.sub.html.headers | 5 + .../tests/cookies/secure/set-from-ws.sub.html | 45 +++ .../cookies/secure/set-from-wss.https.sub.html | 44 +++ .../tests/cookies/size/attributes.www.sub.html | 121 +++++++ .../tests/cookies/size/name-and-value.html | 83 +++++ .../third-party-cookies/resources/test-helpers.js | 63 ++++ .../third-party-cookies-cross-site-embed.html | 57 +++ .../third-party-cookies-cross-site-window.html | 62 ++++ .../third-party-cookies.tentative.https.html | 72 ++++ .../tests/cookies/value/value-ctl.html | 64 ++++ .../web-platform/tests/cookies/value/value.html | 170 +++++++++ 132 files changed, 6446 insertions(+) create mode 100644 testing/web-platform/tests/cookies/META.yml create mode 100644 testing/web-platform/tests/cookies/README.md create mode 100644 testing/web-platform/tests/cookies/__init__.py create mode 100644 testing/web-platform/tests/cookies/attributes/attributes-ctl.sub.html create mode 100644 testing/web-platform/tests/cookies/attributes/domain.sub.html create mode 100644 testing/web-platform/tests/cookies/attributes/expires.html create mode 100644 testing/web-platform/tests/cookies/attributes/invalid.html create mode 100644 testing/web-platform/tests/cookies/attributes/max-age.html create mode 100644 testing/web-platform/tests/cookies/attributes/path-redirect.html create mode 100644 testing/web-platform/tests/cookies/attributes/path.html create mode 100644 testing/web-platform/tests/cookies/attributes/resources/domain-child.sub.html create mode 100644 testing/web-platform/tests/cookies/attributes/resources/path-redirect-shared.js create mode 100644 testing/web-platform/tests/cookies/attributes/resources/path.html create mode 100644 testing/web-platform/tests/cookies/attributes/resources/path.html.headers create mode 100644 testing/web-platform/tests/cookies/attributes/resources/path/one.html create mode 100644 testing/web-platform/tests/cookies/attributes/resources/path/three.html create mode 100644 testing/web-platform/tests/cookies/attributes/resources/path/two.html create mode 100644 testing/web-platform/tests/cookies/attributes/resources/pathfakeout.html create mode 100644 testing/web-platform/tests/cookies/attributes/resources/pathfakeout/one.html create mode 100644 testing/web-platform/tests/cookies/attributes/resources/secure-non-secure-child.html create mode 100644 testing/web-platform/tests/cookies/attributes/secure-non-secure.html create mode 100644 testing/web-platform/tests/cookies/attributes/secure.https.html create mode 100644 testing/web-platform/tests/cookies/cookie-enabled-noncookie-frame.html create mode 100644 testing/web-platform/tests/cookies/domain/domain-attribute-host-with-and-without-leading-period.sub.https.html create mode 100644 testing/web-platform/tests/cookies/domain/domain-attribute-host-with-and-without-leading-period.sub.https.html.sub.headers create mode 100644 testing/web-platform/tests/cookies/domain/domain-attribute-host-with-leading-period.sub.https.html create mode 100644 testing/web-platform/tests/cookies/domain/domain-attribute-host-with-leading-period.sub.https.html.sub.headers create mode 100644 testing/web-platform/tests/cookies/domain/domain-attribute-idn-host.sub.https.html create mode 100644 testing/web-platform/tests/cookies/domain/domain-attribute-matches-host.sub.https.html create mode 100644 testing/web-platform/tests/cookies/domain/domain-attribute-matches-host.sub.https.html.sub.headers create mode 100644 testing/web-platform/tests/cookies/domain/domain-attribute-missing.sub.html create mode 100644 testing/web-platform/tests/cookies/domain/domain-attribute-missing.sub.html.headers create mode 100644 testing/web-platform/tests/cookies/domain/support/idn-child.sub.https.html create mode 100644 testing/web-platform/tests/cookies/domain/support/idn.py create mode 100644 testing/web-platform/tests/cookies/encoding/charset.html create mode 100644 testing/web-platform/tests/cookies/meta-blocked.html create mode 100644 testing/web-platform/tests/cookies/name/name-ctl.html create mode 100644 testing/web-platform/tests/cookies/name/name.html create mode 100644 testing/web-platform/tests/cookies/navigated-away.html create mode 100644 testing/web-platform/tests/cookies/ordering/ordering.sub.html create mode 100644 testing/web-platform/tests/cookies/ordering/resources/ordering-child.sub.html create mode 100644 testing/web-platform/tests/cookies/partitioned-cookies/partitioned-cookies.tentative.https.html create mode 100644 testing/web-platform/tests/cookies/partitioned-cookies/resources/partitioned-cookies-cross-site-embed.html create mode 100644 testing/web-platform/tests/cookies/partitioned-cookies/resources/partitioned-cookies-cross-site-window.html create mode 100644 testing/web-platform/tests/cookies/partitioned-cookies/resources/test-helpers.js create mode 100644 testing/web-platform/tests/cookies/path/default.html create mode 100644 testing/web-platform/tests/cookies/path/match.html create mode 100644 testing/web-platform/tests/cookies/prefix/__host.document-cookie.html create mode 100644 testing/web-platform/tests/cookies/prefix/__host.document-cookie.https.html create mode 100644 testing/web-platform/tests/cookies/prefix/__host.header.html create mode 100644 testing/web-platform/tests/cookies/prefix/__host.header.https.html create mode 100644 testing/web-platform/tests/cookies/prefix/__secure.document-cookie.html create mode 100644 testing/web-platform/tests/cookies/prefix/__secure.document-cookie.https.html create mode 100644 testing/web-platform/tests/cookies/prefix/__secure.header.html create mode 100644 testing/web-platform/tests/cookies/prefix/__secure.header.https.html create mode 100644 testing/web-platform/tests/cookies/prefix/document-cookie.non-secure.html create mode 100644 testing/web-platform/tests/cookies/resources/__init__.py create mode 100644 testing/web-platform/tests/cookies/resources/cookie-helper.sub.js create mode 100644 testing/web-platform/tests/cookies/resources/cookie-test.js create mode 100644 testing/web-platform/tests/cookies/resources/cookie.py create mode 100644 testing/web-platform/tests/cookies/resources/drop.py create mode 100644 testing/web-platform/tests/cookies/resources/dropSameSite.py create mode 100644 testing/web-platform/tests/cookies/resources/dropSameSiteMultiAttribute.py create mode 100644 testing/web-platform/tests/cookies/resources/dropSameSiteNone.py create mode 100644 testing/web-platform/tests/cookies/resources/dropSecure.py create mode 100644 testing/web-platform/tests/cookies/resources/echo-cookie.html create mode 100644 testing/web-platform/tests/cookies/resources/echo-json.py create mode 100644 testing/web-platform/tests/cookies/resources/helpers.py create mode 100644 testing/web-platform/tests/cookies/resources/imgIfMatch.py create mode 100644 testing/web-platform/tests/cookies/resources/list-cookies-for-script.py create mode 100644 testing/web-platform/tests/cookies/resources/list.py create mode 100644 testing/web-platform/tests/cookies/resources/navigate.html create mode 100644 testing/web-platform/tests/cookies/resources/postToParent.py create mode 100644 testing/web-platform/tests/cookies/resources/redirectWithCORSHeaders.py create mode 100644 testing/web-platform/tests/cookies/resources/set-cookie.py create mode 100644 testing/web-platform/tests/cookies/resources/set.py create mode 100644 testing/web-platform/tests/cookies/resources/setSameSite.py create mode 100644 testing/web-platform/tests/cookies/resources/setSameSiteDomain.py create mode 100644 testing/web-platform/tests/cookies/resources/setSameSiteMultiAttribute.py create mode 100644 testing/web-platform/tests/cookies/resources/setSameSiteNone.py create mode 100644 testing/web-platform/tests/cookies/resources/setSecure.py create mode 100644 testing/web-platform/tests/cookies/resources/testharness-helpers.js create mode 100644 testing/web-platform/tests/cookies/samesite-none-secure/cookies-without-samesite-must-be-secure.https.html create mode 100644 testing/web-platform/tests/cookies/samesite/about-blank-nested.https.html create mode 100644 testing/web-platform/tests/cookies/samesite/about-blank-subresource.https.html create mode 100644 testing/web-platform/tests/cookies/samesite/about-blank-toplevel.https.html create mode 100644 testing/web-platform/tests/cookies/samesite/fetch.https.html create mode 100644 testing/web-platform/tests/cookies/samesite/form-get-blank-reload.https.html create mode 100644 testing/web-platform/tests/cookies/samesite/form-get-blank.https.html create mode 100644 testing/web-platform/tests/cookies/samesite/form-post-blank-reload.https.html create mode 100644 testing/web-platform/tests/cookies/samesite/form-post-blank.https.html create mode 100644 testing/web-platform/tests/cookies/samesite/get_all_cookies-default-samesite.html create mode 100644 testing/web-platform/tests/cookies/samesite/get_named_cookie-default-samesite.html create mode 100644 testing/web-platform/tests/cookies/samesite/iframe-reload.https.html create mode 100644 testing/web-platform/tests/cookies/samesite/iframe.document.https.html create mode 100644 testing/web-platform/tests/cookies/samesite/iframe.https.html create mode 100644 testing/web-platform/tests/cookies/samesite/img.https.html create mode 100644 testing/web-platform/tests/cookies/samesite/multiple-samesite-attributes.https.html create mode 100644 testing/web-platform/tests/cookies/samesite/resources/echo-cookies.html create mode 100644 testing/web-platform/tests/cookies/samesite/resources/iframe-navigate-report.html create mode 100644 testing/web-platform/tests/cookies/samesite/resources/iframe-subresource-report.html create mode 100644 testing/web-platform/tests/cookies/samesite/resources/iframe.document.html create mode 100644 testing/web-platform/tests/cookies/samesite/resources/navigate-iframe.html create mode 100644 testing/web-platform/tests/cookies/samesite/resources/navigate.html create mode 100644 testing/web-platform/tests/cookies/samesite/resources/puppet.html create mode 100644 testing/web-platform/tests/cookies/samesite/sandbox-iframe-nested.https.html create mode 100644 testing/web-platform/tests/cookies/samesite/sandbox-iframe-subresource.https.html create mode 100644 testing/web-platform/tests/cookies/samesite/setcookie-lax.https.html create mode 100644 testing/web-platform/tests/cookies/samesite/setcookie-navigation.https.html create mode 100644 testing/web-platform/tests/cookies/samesite/window-open-reload.https.html create mode 100644 testing/web-platform/tests/cookies/samesite/window-open.https.html create mode 100644 testing/web-platform/tests/cookies/schemeful-same-site/resources/navigateToInsecurePostToParent.html create mode 100644 testing/web-platform/tests/cookies/schemeful-same-site/schemeful-iframe-subresource.tentative.html create mode 100644 testing/web-platform/tests/cookies/schemeful-same-site/schemeful-navigation.tentative.html create mode 100644 testing/web-platform/tests/cookies/schemeful-same-site/schemeful-subresource.tentative.html create mode 100644 testing/web-platform/tests/cookies/schemeful-same-site/schemeful-websockets.sub.tentative.html create mode 100644 testing/web-platform/tests/cookies/secure/set-from-dom.https.sub.html create mode 100644 testing/web-platform/tests/cookies/secure/set-from-dom.sub.html create mode 100644 testing/web-platform/tests/cookies/secure/set-from-http.https.sub.html create mode 100644 testing/web-platform/tests/cookies/secure/set-from-http.https.sub.html.headers create mode 100644 testing/web-platform/tests/cookies/secure/set-from-http.sub.html create mode 100644 testing/web-platform/tests/cookies/secure/set-from-http.sub.html.headers create mode 100644 testing/web-platform/tests/cookies/secure/set-from-ws.sub.html create mode 100644 testing/web-platform/tests/cookies/secure/set-from-wss.https.sub.html create mode 100644 testing/web-platform/tests/cookies/size/attributes.www.sub.html create mode 100644 testing/web-platform/tests/cookies/size/name-and-value.html create mode 100644 testing/web-platform/tests/cookies/third-party-cookies/resources/test-helpers.js create mode 100644 testing/web-platform/tests/cookies/third-party-cookies/resources/third-party-cookies-cross-site-embed.html create mode 100644 testing/web-platform/tests/cookies/third-party-cookies/resources/third-party-cookies-cross-site-window.html create mode 100644 testing/web-platform/tests/cookies/third-party-cookies/third-party-cookies.tentative.https.html create mode 100644 testing/web-platform/tests/cookies/value/value-ctl.html create mode 100644 testing/web-platform/tests/cookies/value/value.html (limited to 'testing/web-platform/tests/cookies') diff --git a/testing/web-platform/tests/cookies/META.yml b/testing/web-platform/tests/cookies/META.yml new file mode 100644 index 0000000000..d0743949b6 --- /dev/null +++ b/testing/web-platform/tests/cookies/META.yml @@ -0,0 +1,2 @@ +suggested_reviewers: + - mikewest diff --git a/testing/web-platform/tests/cookies/README.md b/testing/web-platform/tests/cookies/README.md new file mode 100644 index 0000000000..ed86aebf18 --- /dev/null +++ b/testing/web-platform/tests/cookies/README.md @@ -0,0 +1,2 @@ +This directory contains tests for +[Leave Secure Cookies Alone](https://tools.ietf.org/html/draft-ietf-httpbis-cookie-alone-01). diff --git a/testing/web-platform/tests/cookies/__init__.py b/testing/web-platform/tests/cookies/__init__.py new file mode 100644 index 0000000000..e69de29bb2 diff --git a/testing/web-platform/tests/cookies/attributes/attributes-ctl.sub.html b/testing/web-platform/tests/cookies/attributes/attributes-ctl.sub.html new file mode 100644 index 0000000000..e741dfd9c2 --- /dev/null +++ b/testing/web-platform/tests/cookies/attributes/attributes-ctl.sub.html @@ -0,0 +1,99 @@ + + + + + Test cookie attribute parsing with control characters + + + + + + + + + +
+ + + diff --git a/testing/web-platform/tests/cookies/attributes/domain.sub.html b/testing/web-platform/tests/cookies/attributes/domain.sub.html new file mode 100644 index 0000000000..17bc3267c2 --- /dev/null +++ b/testing/web-platform/tests/cookies/attributes/domain.sub.html @@ -0,0 +1,24 @@ + + + + + Test cookie domain attribute parsing + + + + + + + + + + + diff --git a/testing/web-platform/tests/cookies/attributes/expires.html b/testing/web-platform/tests/cookies/attributes/expires.html new file mode 100644 index 0000000000..a6bacfd74e --- /dev/null +++ b/testing/web-platform/tests/cookies/attributes/expires.html @@ -0,0 +1,56 @@ + + + + + Test expires attribute parsing + + + + + + + + + +
+ + + \ No newline at end of file diff --git a/testing/web-platform/tests/cookies/attributes/invalid.html b/testing/web-platform/tests/cookies/attributes/invalid.html new file mode 100644 index 0000000000..6d4a53916d --- /dev/null +++ b/testing/web-platform/tests/cookies/attributes/invalid.html @@ -0,0 +1,171 @@ + + + + + Test invalid attribute parsing + + + + + + + + + +
+ + + \ No newline at end of file diff --git a/testing/web-platform/tests/cookies/attributes/max-age.html b/testing/web-platform/tests/cookies/attributes/max-age.html new file mode 100644 index 0000000000..7b7ff6ed4c --- /dev/null +++ b/testing/web-platform/tests/cookies/attributes/max-age.html @@ -0,0 +1,78 @@ + + + + + Test max-age attribute parsing + + + + + + + + + +
+ + + \ No newline at end of file diff --git a/testing/web-platform/tests/cookies/attributes/path-redirect.html b/testing/web-platform/tests/cookies/attributes/path-redirect.html new file mode 100644 index 0000000000..574879971f --- /dev/null +++ b/testing/web-platform/tests/cookies/attributes/path-redirect.html @@ -0,0 +1,128 @@ + + + + + Test cookie path attribute parsing + + + + + + + + + + + + diff --git a/testing/web-platform/tests/cookies/attributes/path.html b/testing/web-platform/tests/cookies/attributes/path.html new file mode 100644 index 0000000000..81adc08a19 --- /dev/null +++ b/testing/web-platform/tests/cookies/attributes/path.html @@ -0,0 +1,144 @@ + + + + + Test cookie path attribute parsing + + + + + + + + + + + + diff --git a/testing/web-platform/tests/cookies/attributes/resources/domain-child.sub.html b/testing/web-platform/tests/cookies/attributes/resources/domain-child.sub.html new file mode 100644 index 0000000000..515079b783 --- /dev/null +++ b/testing/web-platform/tests/cookies/attributes/resources/domain-child.sub.html @@ -0,0 +1,401 @@ + + + + + Test cookie domain attribute parsing + + + + + + + + + + + diff --git a/testing/web-platform/tests/cookies/attributes/resources/path-redirect-shared.js b/testing/web-platform/tests/cookies/attributes/resources/path-redirect-shared.js new file mode 100644 index 0000000000..777d0abd33 --- /dev/null +++ b/testing/web-platform/tests/cookies/attributes/resources/path-redirect-shared.js @@ -0,0 +1,11 @@ +// Note: this function has a dependency on testdriver.js. Any test files calling +// it should include testdriver.js and testdriver-vendor.js +window.addEventListener("message", (e) => { + setTestContextUsingRootWindow(); + if (e.data == "getAndExpireCookiesForRedirectTest") { + const cookies = document.cookie; + test_driver.delete_all_cookies().then(() => { + e.source.postMessage({"cookies": cookies}, '*'); + }); + } +}); \ No newline at end of file diff --git a/testing/web-platform/tests/cookies/attributes/resources/path.html b/testing/web-platform/tests/cookies/attributes/resources/path.html new file mode 100644 index 0000000000..5ff90b9f15 --- /dev/null +++ b/testing/web-platform/tests/cookies/attributes/resources/path.html @@ -0,0 +1,14 @@ + + + + + helper iframe for matching cookie path redirect tests + + + + + + + + + \ No newline at end of file diff --git a/testing/web-platform/tests/cookies/attributes/resources/path.html.headers b/testing/web-platform/tests/cookies/attributes/resources/path.html.headers new file mode 100644 index 0000000000..23de552c1a --- /dev/null +++ b/testing/web-platform/tests/cookies/attributes/resources/path.html.headers @@ -0,0 +1 @@ +Access-Control-Allow-Origin: * \ No newline at end of file diff --git a/testing/web-platform/tests/cookies/attributes/resources/path/one.html b/testing/web-platform/tests/cookies/attributes/resources/path/one.html new file mode 100644 index 0000000000..5ff90b9f15 --- /dev/null +++ b/testing/web-platform/tests/cookies/attributes/resources/path/one.html @@ -0,0 +1,14 @@ + + + + + helper iframe for matching cookie path redirect tests + + + + + + + + + \ No newline at end of file diff --git a/testing/web-platform/tests/cookies/attributes/resources/path/three.html b/testing/web-platform/tests/cookies/attributes/resources/path/three.html new file mode 100644 index 0000000000..5ff90b9f15 --- /dev/null +++ b/testing/web-platform/tests/cookies/attributes/resources/path/three.html @@ -0,0 +1,14 @@ + + + + + helper iframe for matching cookie path redirect tests + + + + + + + + + \ No newline at end of file diff --git a/testing/web-platform/tests/cookies/attributes/resources/path/two.html b/testing/web-platform/tests/cookies/attributes/resources/path/two.html new file mode 100644 index 0000000000..5ff90b9f15 --- /dev/null +++ b/testing/web-platform/tests/cookies/attributes/resources/path/two.html @@ -0,0 +1,14 @@ + + + + + helper iframe for matching cookie path redirect tests + + + + + + + + + \ No newline at end of file diff --git a/testing/web-platform/tests/cookies/attributes/resources/pathfakeout.html b/testing/web-platform/tests/cookies/attributes/resources/pathfakeout.html new file mode 100644 index 0000000000..5ff90b9f15 --- /dev/null +++ b/testing/web-platform/tests/cookies/attributes/resources/pathfakeout.html @@ -0,0 +1,14 @@ + + + + + helper iframe for matching cookie path redirect tests + + + + + + + + + \ No newline at end of file diff --git a/testing/web-platform/tests/cookies/attributes/resources/pathfakeout/one.html b/testing/web-platform/tests/cookies/attributes/resources/pathfakeout/one.html new file mode 100644 index 0000000000..5ff90b9f15 --- /dev/null +++ b/testing/web-platform/tests/cookies/attributes/resources/pathfakeout/one.html @@ -0,0 +1,14 @@ + + + + + helper iframe for matching cookie path redirect tests + + + + + + + + + \ No newline at end of file diff --git a/testing/web-platform/tests/cookies/attributes/resources/secure-non-secure-child.html b/testing/web-platform/tests/cookies/attributes/resources/secure-non-secure-child.html new file mode 100644 index 0000000000..e5d68b8d07 --- /dev/null +++ b/testing/web-platform/tests/cookies/attributes/resources/secure-non-secure-child.html @@ -0,0 +1,85 @@ + + + + + Test cookie secure attribute parsing (on non-secure page) + + + + + + + + + + + diff --git a/testing/web-platform/tests/cookies/attributes/secure-non-secure.html b/testing/web-platform/tests/cookies/attributes/secure-non-secure.html new file mode 100644 index 0000000000..578cdbc1f7 --- /dev/null +++ b/testing/web-platform/tests/cookies/attributes/secure-non-secure.html @@ -0,0 +1,23 @@ + + + + + Test cookie secure attribute parsing (non-secure origin) + + + + + + + + + +
+ + + diff --git a/testing/web-platform/tests/cookies/attributes/secure.https.html b/testing/web-platform/tests/cookies/attributes/secure.https.html new file mode 100644 index 0000000000..9308899694 --- /dev/null +++ b/testing/web-platform/tests/cookies/attributes/secure.https.html @@ -0,0 +1,65 @@ + + + + + Test cookie secure attribute parsing + + + + + + + + + +
+ + + diff --git a/testing/web-platform/tests/cookies/cookie-enabled-noncookie-frame.html b/testing/web-platform/tests/cookies/cookie-enabled-noncookie-frame.html new file mode 100644 index 0000000000..2dbbc0bbdc --- /dev/null +++ b/testing/web-platform/tests/cookies/cookie-enabled-noncookie-frame.html @@ -0,0 +1,30 @@ + + + + + + + + diff --git a/testing/web-platform/tests/cookies/domain/domain-attribute-host-with-and-without-leading-period.sub.https.html b/testing/web-platform/tests/cookies/domain/domain-attribute-host-with-and-without-leading-period.sub.https.html new file mode 100644 index 0000000000..b5f770b848 --- /dev/null +++ b/testing/web-platform/tests/cookies/domain/domain-attribute-host-with-and-without-leading-period.sub.https.html @@ -0,0 +1,40 @@ + + + + + + + + + diff --git a/testing/web-platform/tests/cookies/domain/domain-attribute-host-with-and-without-leading-period.sub.https.html.sub.headers b/testing/web-platform/tests/cookies/domain/domain-attribute-host-with-and-without-leading-period.sub.https.html.sub.headers new file mode 100644 index 0000000000..77d3d8c0c4 --- /dev/null +++ b/testing/web-platform/tests/cookies/domain/domain-attribute-host-with-and-without-leading-period.sub.https.html.sub.headers @@ -0,0 +1,2 @@ +Set-Cookie: domain-attribute-host-with-and-without-leading-period=b; Path=/; Domain=.{{host}} +Set-Cookie: domain-attribute-host-with-and-without-leading-period=c; Path=/; Domain={{host}} diff --git a/testing/web-platform/tests/cookies/domain/domain-attribute-host-with-leading-period.sub.https.html b/testing/web-platform/tests/cookies/domain/domain-attribute-host-with-leading-period.sub.https.html new file mode 100644 index 0000000000..3ec52fd40b --- /dev/null +++ b/testing/web-platform/tests/cookies/domain/domain-attribute-host-with-leading-period.sub.https.html @@ -0,0 +1,39 @@ + + + + + + + + + diff --git a/testing/web-platform/tests/cookies/domain/domain-attribute-host-with-leading-period.sub.https.html.sub.headers b/testing/web-platform/tests/cookies/domain/domain-attribute-host-with-leading-period.sub.https.html.sub.headers new file mode 100644 index 0000000000..7de4ae2e6a --- /dev/null +++ b/testing/web-platform/tests/cookies/domain/domain-attribute-host-with-leading-period.sub.https.html.sub.headers @@ -0,0 +1 @@ +Set-Cookie: domain-attribute-host-with-leading-period=b; Path=/; Domain=.{{host}} diff --git a/testing/web-platform/tests/cookies/domain/domain-attribute-idn-host.sub.https.html b/testing/web-platform/tests/cookies/domain/domain-attribute-idn-host.sub.https.html new file mode 100644 index 0000000000..ae4bf3cbb3 --- /dev/null +++ b/testing/web-platform/tests/cookies/domain/domain-attribute-idn-host.sub.https.html @@ -0,0 +1,18 @@ + + + + + + + + + + + + diff --git a/testing/web-platform/tests/cookies/domain/domain-attribute-matches-host.sub.https.html b/testing/web-platform/tests/cookies/domain/domain-attribute-matches-host.sub.https.html new file mode 100644 index 0000000000..ac786dd882 --- /dev/null +++ b/testing/web-platform/tests/cookies/domain/domain-attribute-matches-host.sub.https.html @@ -0,0 +1,39 @@ + + + + + + + + + diff --git a/testing/web-platform/tests/cookies/domain/domain-attribute-matches-host.sub.https.html.sub.headers b/testing/web-platform/tests/cookies/domain/domain-attribute-matches-host.sub.https.html.sub.headers new file mode 100644 index 0000000000..8a2329e8c2 --- /dev/null +++ b/testing/web-platform/tests/cookies/domain/domain-attribute-matches-host.sub.https.html.sub.headers @@ -0,0 +1 @@ +Set-Cookie: domain-attribute-matches-host=b; Path=/; Domain={{host}} diff --git a/testing/web-platform/tests/cookies/domain/domain-attribute-missing.sub.html b/testing/web-platform/tests/cookies/domain/domain-attribute-missing.sub.html new file mode 100644 index 0000000000..44776ca629 --- /dev/null +++ b/testing/web-platform/tests/cookies/domain/domain-attribute-missing.sub.html @@ -0,0 +1,39 @@ + + + + + + + + + diff --git a/testing/web-platform/tests/cookies/domain/domain-attribute-missing.sub.html.headers b/testing/web-platform/tests/cookies/domain/domain-attribute-missing.sub.html.headers new file mode 100644 index 0000000000..3ee2833a45 --- /dev/null +++ b/testing/web-platform/tests/cookies/domain/domain-attribute-missing.sub.html.headers @@ -0,0 +1 @@ +Set-Cookie: domain-attribute-missing=b; Path=/ diff --git a/testing/web-platform/tests/cookies/domain/support/idn-child.sub.https.html b/testing/web-platform/tests/cookies/domain/support/idn-child.sub.https.html new file mode 100644 index 0000000000..d3510959fb --- /dev/null +++ b/testing/web-platform/tests/cookies/domain/support/idn-child.sub.https.html @@ -0,0 +1,72 @@ + + + + + + + + + + + + diff --git a/testing/web-platform/tests/cookies/domain/support/idn.py b/testing/web-platform/tests/cookies/domain/support/idn.py new file mode 100644 index 0000000000..d75ed056f5 --- /dev/null +++ b/testing/web-platform/tests/cookies/domain/support/idn.py @@ -0,0 +1,61 @@ +# élève. +utf8_subdomain = b"Domain=\xC3\xA9\x6C\xC3\xA8\x76\x65." +# élève。 +utf8_dot_subdomain = b"Domain=\xC3\xA9\x6C\xC3\xA8\x76\x65\xE3\x80\x82" +# élève. +punycode_subdomain = b"Domain=xn--lve-6lad." +# ÿlève. +wrong_utf8_subdomain = b"Domain=\xC3\xBF\x6C\xC3\xA8\x76\x65." +# ÿlève. +wrong_punycode_subdomain = b"Domain=xn--lve-6la7i." +# élève with invalid FF byte at the end +invalid_byte_subdomain = b"Domain=\xC3\xA9\x6C\xC3\xA8\x76\x65\xFF." + +def main(request, response): + host = request.GET.get(b"host") + + if b"set-utf8" in request.GET: + response.headers.append(b"Set-Cookie", b"utf8=set;" + utf8_subdomain + host) + response.content = "set" + if b"set-utf8-dot" in request.GET: + response.headers.append(b"Set-Cookie", b"utf8-dot=set;" + utf8_dot_subdomain + host) + response.content = "set" + elif b"set-wrong-utf8" in request.GET: + response.headers.append(b"Set-Cookie", b"wrong-utf8=set;" + wrong_utf8_subdomain + host) + response.content = "set" + elif b"set-punycode" in request.GET: + response.headers.append(b"Set-Cookie", b"punycode=set;" + punycode_subdomain + host) + response.content = "set" + elif b"set-wrong-punycode" in request.GET: + response.headers.append(b"Set-Cookie", b"wrong-punycode=set;" + wrong_punycode_subdomain + host) + response.content = "set" + elif b"set-invalid-byte" in request.GET: + response.headers.append(b"Set-Cookie", b"invalid-byte=set;" + invalid_byte_subdomain + host) + response.content = "set" + + elif b"get" in request.GET: + if b"Cookie" in request.headers: + response.content = request.headers[b"Cookie"] + else: + response.content = "no cookies" + + elif b"delete-utf8" in request.GET: + response.headers.append(b"Set-Cookie", b"utf8=unset;Max-Age=0;" + utf8_subdomain + host) + response.content = "delete" + elif b"delete-utf8-dot" in request.GET: + response.headers.append(b"Set-Cookie", b"utf8-dot=unset;Max-Age=0;" + utf8_dot_subdomain + host) + response.content = "delete" + elif b"delete-wrong-utf8" in request.GET: + response.headers.append(b"Set-Cookie", b"wrong-utf8=unset;Max-Age=0;" + wrong_utf8_subdomain + host) + response.content = "delete" + elif b"delete-punycode" in request.GET: + response.headers.append(b"Set-Cookie", b"punycode=unset;Max-Age=0;" + punycode_subdomain + host) + response.content = "delete" + elif b"delete-wrong-punycode" in request.GET: + response.headers.append(b"Set-Cookie", b"wrong-punycode=unset;Max-Age=0;" + wrong_punycode_subdomain + host) + response.content = "delete" + elif b"delete-invalid-byte" in request.GET: + response.headers.append(b"Set-Cookie", b"invalid-byte=unset;Max-Age=0;" + invalid_byte_subdomain + host) + response.content = "delete" + + response.headers.append(b"Content-Type", b"text/plain") diff --git a/testing/web-platform/tests/cookies/encoding/charset.html b/testing/web-platform/tests/cookies/encoding/charset.html new file mode 100644 index 0000000000..55fcc58aea --- /dev/null +++ b/testing/web-platform/tests/cookies/encoding/charset.html @@ -0,0 +1,55 @@ + + + + + Test utf-8 and ASCII cookie parsing + + + + + + + + + +
+ + + \ No newline at end of file diff --git a/testing/web-platform/tests/cookies/meta-blocked.html b/testing/web-platform/tests/cookies/meta-blocked.html new file mode 100644 index 0000000000..1b86e65c87 --- /dev/null +++ b/testing/web-platform/tests/cookies/meta-blocked.html @@ -0,0 +1,13 @@ + + + + + + + + + diff --git a/testing/web-platform/tests/cookies/name/name-ctl.html b/testing/web-platform/tests/cookies/name/name-ctl.html new file mode 100644 index 0000000000..6ff2305b3a --- /dev/null +++ b/testing/web-platform/tests/cookies/name/name-ctl.html @@ -0,0 +1,63 @@ + + + + + Test cookie name parsing with control characters + + + + + + + + + +
+ + + diff --git a/testing/web-platform/tests/cookies/name/name.html b/testing/web-platform/tests/cookies/name/name.html new file mode 100644 index 0000000000..d7fe05560e --- /dev/null +++ b/testing/web-platform/tests/cookies/name/name.html @@ -0,0 +1,169 @@ + + + + + Test cookie name parsing + + + + + + + + + +
+ + + diff --git a/testing/web-platform/tests/cookies/navigated-away.html b/testing/web-platform/tests/cookies/navigated-away.html new file mode 100644 index 0000000000..bd89142d32 --- /dev/null +++ b/testing/web-platform/tests/cookies/navigated-away.html @@ -0,0 +1,39 @@ + + + + + + + + + diff --git a/testing/web-platform/tests/cookies/ordering/ordering.sub.html b/testing/web-platform/tests/cookies/ordering/ordering.sub.html new file mode 100644 index 0000000000..2c4db4e20f --- /dev/null +++ b/testing/web-platform/tests/cookies/ordering/ordering.sub.html @@ -0,0 +1,25 @@ + + + + + Test cookie ordering + + + + + + + + + + + + diff --git a/testing/web-platform/tests/cookies/ordering/resources/ordering-child.sub.html b/testing/web-platform/tests/cookies/ordering/resources/ordering-child.sub.html new file mode 100644 index 0000000000..b40ec64814 --- /dev/null +++ b/testing/web-platform/tests/cookies/ordering/resources/ordering-child.sub.html @@ -0,0 +1,76 @@ + + + + + Test cookie ordering + + + + + + + + +
+ + + \ No newline at end of file diff --git a/testing/web-platform/tests/cookies/partitioned-cookies/partitioned-cookies.tentative.https.html b/testing/web-platform/tests/cookies/partitioned-cookies/partitioned-cookies.tentative.https.html new file mode 100644 index 0000000000..deab669101 --- /dev/null +++ b/testing/web-platform/tests/cookies/partitioned-cookies/partitioned-cookies.tentative.https.html @@ -0,0 +1,72 @@ + + + + +Test partitioned cookies + + + + + + + + + diff --git a/testing/web-platform/tests/cookies/partitioned-cookies/resources/partitioned-cookies-cross-site-embed.html b/testing/web-platform/tests/cookies/partitioned-cookies/resources/partitioned-cookies-cross-site-embed.html new file mode 100644 index 0000000000..05a99626dc --- /dev/null +++ b/testing/web-platform/tests/cookies/partitioned-cookies/resources/partitioned-cookies-cross-site-embed.html @@ -0,0 +1,26 @@ + + + +Test site embedded in a cross-site context + + + + + + + + diff --git a/testing/web-platform/tests/cookies/partitioned-cookies/resources/partitioned-cookies-cross-site-window.html b/testing/web-platform/tests/cookies/partitioned-cookies/resources/partitioned-cookies-cross-site-window.html new file mode 100644 index 0000000000..ca1a27c8a0 --- /dev/null +++ b/testing/web-platform/tests/cookies/partitioned-cookies/resources/partitioned-cookies-cross-site-window.html @@ -0,0 +1,43 @@ + + + +Cross-site window + + + + + + + + diff --git a/testing/web-platform/tests/cookies/partitioned-cookies/resources/test-helpers.js b/testing/web-platform/tests/cookies/partitioned-cookies/resources/test-helpers.js new file mode 100644 index 0000000000..0ecaa63c39 --- /dev/null +++ b/testing/web-platform/tests/cookies/partitioned-cookies/resources/test-helpers.js @@ -0,0 +1,64 @@ +// Test that a partitioned cookie set by |origin| with name |cookieName| is +// or is not sent in a request to |origin|. +// +// If |expectsCookie| is true, then the test cookie should be present in the +// request. +function testHttpPartitionedCookies({origin, cookieNames, expectsCookie}) { + promise_test(async () => { + const resp = await credFetch(`${origin}/cookies/resources/list.py`); + const cookies = await resp.json(); + for (const cookieName of cookieNames) { + assert_equals( + cookies.hasOwnProperty(cookieName), expectsCookie, + getPartitionedCookieAssertDesc(expectsCookie, cookieName)); + } + }, getPartitionedCookieTestName(expectsCookie, "HTTP")); +} + +function getPartitionedCookieTestName(expectsCookie, cookieType) { + if (expectsCookie) { + return "Partitioned cookies accessible on the top-level site they are " + + `created in via ${cookieType}`; + } + return "Partitioned cookies are not accessible on a different top-level " + + `site via ${cookieType}`; +} + +function getPartitionedCookieAssertDesc(expectsCookie, cookieName) { + if (expectsCookie) { + return `Expected ${cookieName} to be available on the top-level site it ` + + "was created in"; + } + return `Expected ${cookieName} to not be available on a different ` + + "top-level site"; +} + +function testDomPartitionedCookies({cookieNames, expectsCookie}) { + test(() => { + for (const cookieName of cookieNames) { + assert_equals( + document.cookie.includes(cookieName), expectsCookie, + getPartitionedCookieAssertDesc(expectsCookie, cookieName)); + } + }, getPartitionedCookieTestName(expectsCookie, "DOM")); +} + +function testCookieStorePartitionedCookies({cookieNames, expectsCookie}) { + if (!window.cookieStore) return; + promise_test(async () => { + const cookies = await cookieStore.getAll({partitioned: true}); + for (const cookieName of cookieNames) { + assert_equals( + !!cookies.find(c => c.name === cookieName), expectsCookie, + getPartitionedCookieAssertDesc(expectsCookie, cookieName)); + } + }, getPartitionedCookieTestName(expectsCookie, "CookieStore")); +} + +function getCookieNames() { + const cookieNames = ["__Host-pchttp", "__Host-pcdom"]; + if (window.cookieStore) { + cookieNames.push("__Host-pccookiestore"); + } + return cookieNames; +} diff --git a/testing/web-platform/tests/cookies/path/default.html b/testing/web-platform/tests/cookies/path/default.html new file mode 100644 index 0000000000..dbe99a7ee5 --- /dev/null +++ b/testing/web-platform/tests/cookies/path/default.html @@ -0,0 +1,51 @@ + + + + + Test for default cookie path + + + + + + + + +
+ + + + diff --git a/testing/web-platform/tests/cookies/path/match.html b/testing/web-platform/tests/cookies/path/match.html new file mode 100644 index 0000000000..d517836e4d --- /dev/null +++ b/testing/web-platform/tests/cookies/path/match.html @@ -0,0 +1,113 @@ + + + + + tests for matching cookie paths + + + + + + + + + + +
+ + + + diff --git a/testing/web-platform/tests/cookies/prefix/__host.document-cookie.html b/testing/web-platform/tests/cookies/prefix/__host.document-cookie.html new file mode 100644 index 0000000000..2aeb0901f6 --- /dev/null +++ b/testing/web-platform/tests/cookies/prefix/__host.document-cookie.html @@ -0,0 +1,57 @@ + + + + + diff --git a/testing/web-platform/tests/cookies/prefix/__host.document-cookie.https.html b/testing/web-platform/tests/cookies/prefix/__host.document-cookie.https.html new file mode 100644 index 0000000000..cc0cb34ecb --- /dev/null +++ b/testing/web-platform/tests/cookies/prefix/__host.document-cookie.https.html @@ -0,0 +1,74 @@ + + + + + diff --git a/testing/web-platform/tests/cookies/prefix/__host.header.html b/testing/web-platform/tests/cookies/prefix/__host.header.html new file mode 100644 index 0000000000..7ad6782584 --- /dev/null +++ b/testing/web-platform/tests/cookies/prefix/__host.header.html @@ -0,0 +1,83 @@ + + + + + + diff --git a/testing/web-platform/tests/cookies/prefix/__host.header.https.html b/testing/web-platform/tests/cookies/prefix/__host.header.https.html new file mode 100644 index 0000000000..b7f1365276 --- /dev/null +++ b/testing/web-platform/tests/cookies/prefix/__host.header.https.html @@ -0,0 +1,83 @@ + + + + + + diff --git a/testing/web-platform/tests/cookies/prefix/__secure.document-cookie.html b/testing/web-platform/tests/cookies/prefix/__secure.document-cookie.html new file mode 100644 index 0000000000..2246ffff4c --- /dev/null +++ b/testing/web-platform/tests/cookies/prefix/__secure.document-cookie.html @@ -0,0 +1,41 @@ + + + + + diff --git a/testing/web-platform/tests/cookies/prefix/__secure.document-cookie.https.html b/testing/web-platform/tests/cookies/prefix/__secure.document-cookie.https.html new file mode 100644 index 0000000000..4b600032a8 --- /dev/null +++ b/testing/web-platform/tests/cookies/prefix/__secure.document-cookie.https.html @@ -0,0 +1,41 @@ + + + + + diff --git a/testing/web-platform/tests/cookies/prefix/__secure.header.html b/testing/web-platform/tests/cookies/prefix/__secure.header.html new file mode 100644 index 0000000000..85665afefd --- /dev/null +++ b/testing/web-platform/tests/cookies/prefix/__secure.header.html @@ -0,0 +1,41 @@ + + + + + diff --git a/testing/web-platform/tests/cookies/prefix/__secure.header.https.html b/testing/web-platform/tests/cookies/prefix/__secure.header.https.html new file mode 100644 index 0000000000..a6fee03b0c --- /dev/null +++ b/testing/web-platform/tests/cookies/prefix/__secure.header.https.html @@ -0,0 +1,79 @@ + + + + + diff --git a/testing/web-platform/tests/cookies/prefix/document-cookie.non-secure.html b/testing/web-platform/tests/cookies/prefix/document-cookie.non-secure.html new file mode 100644 index 0000000000..efa16a8c5e --- /dev/null +++ b/testing/web-platform/tests/cookies/prefix/document-cookie.non-secure.html @@ -0,0 +1,42 @@ + + + + + diff --git a/testing/web-platform/tests/cookies/resources/__init__.py b/testing/web-platform/tests/cookies/resources/__init__.py new file mode 100644 index 0000000000..e69de29bb2 diff --git a/testing/web-platform/tests/cookies/resources/cookie-helper.sub.js b/testing/web-platform/tests/cookies/resources/cookie-helper.sub.js new file mode 100644 index 0000000000..3338cf0e80 --- /dev/null +++ b/testing/web-platform/tests/cookies/resources/cookie-helper.sub.js @@ -0,0 +1,284 @@ +// Set up exciting global variables for cookie tests. +(_ => { + var HOST = "{{host}}"; + var INSECURE_PORT = ":{{ports[http][0]}}"; + var SECURE_PORT = ":{{ports[https][0]}}"; + var CROSS_ORIGIN_HOST = "{{hosts[alt][]}}"; + + window.INSECURE_ORIGIN = "http://" + HOST + INSECURE_PORT; + + //For secure cookie verification + window.SECURE_ORIGIN = "https://" + HOST + SECURE_PORT; + + //standard references + window.SECURE_SUBDOMAIN_ORIGIN = "https://{{domains[www1]}}" + SECURE_PORT; + window.SECURE_CROSS_SITE_ORIGIN = "https://" + CROSS_ORIGIN_HOST + SECURE_PORT; + window.CROSS_SITE_HOST = CROSS_ORIGIN_HOST; + + // Set the global cookie name. + window.HTTP_COOKIE = "cookie_via_http"; +})(); + +// A tiny helper which returns the result of fetching |url| with credentials. +function credFetch(url) { + return fetch(url, {"credentials": "include"}) + .then(response => { + if (response.status !== 200) { + throw new Error(response.statusText); + } + return response; + }); +} + +// Returns a URL on |origin| which redirects to a given absolute URL. +function redirectTo(origin, url) { + return origin + "/cookies/resources/redirectWithCORSHeaders.py?status=307&location=" + encodeURIComponent(url); +} + +// Returns a URL on |origin| which navigates the window to the given URL (by +// setting window.location). +function navigateTo(origin, url) { + return origin + "/cookies/resources/navigate.html?location=" + encodeURIComponent(url); +} + +// Returns whether a cookie with name `name` with value `value` is in the cookie +// string (presumably obtained via document.cookie). +function cookieStringHasCookie(name, value, cookieString) { + return new RegExp(`(?:^|; )${name}=${value}(?:$|;)`).test(cookieString); +} + +// Asserts that `document.cookie` contains or does not contain (according to +// the value of |present|) a cookie named |name| with a value of |value|. +function assert_dom_cookie(name, value, present) { + assert_equals(cookieStringHasCookie(name, value, document.cookie), present, "`" + name + "=" + value + "` in `document.cookie`"); +} + +function assert_cookie(origin, obj, name, value, present) { + assert_equals(obj[name], present ? value : undefined, "`" + name + "=" + value + "` in request to `" + origin + "`."); +} + +// Remove the cookie named |name| from |origin|, then set it on |origin| anew. +// If |origin| matches `self.origin`, also assert (via `document.cookie`) that +// the cookie was correctly removed and reset. +async function create_cookie(origin, name, value, extras) { + alert("Create_cookie: " + origin + "/cookies/resources/drop.py?name=" + name); + await credFetch(origin + "/cookies/resources/drop.py?name=" + name); + if (origin == self.origin) + assert_dom_cookie(name, value, false); + await credFetch(origin + "/cookies/resources/set.py?" + name + "=" + value + ";path=/;" + extras); + if (origin == self.origin) + assert_dom_cookie(name, value, true); +} + +// +// Prefix-specific test helpers +// +function set_prefixed_cookie_via_dom_test(options) { + promise_test(t => { + var name = options.prefix + "prefixtestcookie"; + erase_cookie_from_js(name, options.params); + t.add_cleanup(() => erase_cookie_from_js(name, options.params)); + var value = "" + Math.random(); + document.cookie = name + "=" + value + ";" + options.params; + + assert_dom_cookie(name, value, options.shouldExistInDOM); + + return credFetch("/cookies/resources/list.py") + .then(r => r.json()) + .then(cookies => assert_equals(cookies[name], options.shouldExistViaHTTP ? value : undefined)); + }, options.title); +} + +function set_prefixed_cookie_via_http_test(options) { + promise_test(t => { + var name = options.prefix + "prefixtestcookie"; + var value = "" + Math.random(); + + t.add_cleanup(() => { + var cookie = name + "=0;expires=" + new Date(0).toUTCString() + ";" + + options.params; + + return credFetch(options.origin + "/cookies/resources/set.py?" + cookie); + }); + + return credFetch(options.origin + "/cookies/resources/set.py?" + name + "=" + value + ";" + options.params) + .then(_ => credFetch(options.origin + "/cookies/resources/list.py")) + .then(r => r.json()) + .then(cookies => assert_equals(cookies[name], options.shouldExistViaHTTP ? value : undefined)); + }, options.title); +} + +// +// SameSite-specific test helpers: +// + +// status for "network" cookies. +window.SameSiteStatus = { + CROSS_SITE: "cross-site", + LAX: "lax", + STRICT: "strict" +}; +// status for "document.cookie". +window.DomSameSiteStatus = { + CROSS_SITE: "cross-site", + SAME_SITE: "same-site", +}; + +const wait_for_message = (type, origin) => { + return new Promise((resolve, reject) => { + window.addEventListener('message', e => { + if (origin && e.origin != origin) { + reject("Message from unexpected origin in wait_for_message:" + e.origin); + return; + } + + if (e.data.type && e.data.type === type) + resolve(e); + }, { once: true }); + }); +}; + +// Reset SameSite test cookies on |origin|. If |origin| matches `self.origin`, assert +// (via `document.cookie`) that they were properly removed and reset. +async function resetSameSiteCookies(origin, value) { + let w = window.open(origin + "/cookies/samesite/resources/puppet.html"); + try { + await wait_for_message("READY", origin); + w.postMessage({type: "drop", useOwnOrigin: true}, "*"); + await wait_for_message("drop-complete", origin); + if (origin == self.origin) { + assert_dom_cookie("samesite_strict", value, false); + assert_dom_cookie("samesite_lax", value, false); + assert_dom_cookie("samesite_none", value, false); + assert_dom_cookie("samesite_unspecified", value, false); + } + + w.postMessage({type: "set", value: value, useOwnOrigin: true}, "*"); + await wait_for_message("set-complete", origin); + if (origin == self.origin) { + assert_dom_cookie("samesite_strict", value, true); + assert_dom_cookie("samesite_lax", value, true); + assert_dom_cookie("samesite_none", value, true); + assert_dom_cookie("samesite_unspecified", value, true); + } + } finally { + w.close(); + } +} + +// Given an |expectedStatus| and |expectedValue|, assert the |cookies| contains +// the proper set of cookie names and values. Expects SameSite-Lax-by-default. +function verifySameSiteCookieState(expectedStatus, expectedValue, cookies, domCookieStatus) { + assert_equals(cookies["samesite_none"], expectedValue, "SameSite=None cookies are always sent."); + if (expectedStatus == SameSiteStatus.CROSS_SITE) { + assert_not_equals(cookies["samesite_strict"], expectedValue, "SameSite=Strict cookies are not sent with cross-site requests."); + assert_not_equals(cookies["samesite_lax"], expectedValue, "SameSite=Lax cookies are not sent with cross-site requests."); + assert_not_equals(cookies["samesite_unspecified"], expectedValue, "Unspecified-SameSite cookies are not sent with cross-site requests."); + } else if (expectedStatus == SameSiteStatus.LAX) { + assert_not_equals(cookies["samesite_strict"], expectedValue, "SameSite=Strict cookies are not sent with lax requests."); + assert_equals(cookies["samesite_lax"], expectedValue, "SameSite=Lax cookies are sent with lax requests."); + assert_equals(cookies["samesite_unspecified"], expectedValue, "Unspecified-SameSite cookies are are sent with lax requests.") + } else if (expectedStatus == SameSiteStatus.STRICT) { + assert_equals(cookies["samesite_strict"], expectedValue, "SameSite=Strict cookies are sent with strict requests."); + assert_equals(cookies["samesite_lax"], expectedValue, "SameSite=Lax cookies are sent with strict requests."); + assert_equals(cookies["samesite_unspecified"], expectedValue, "Unspecified-SameSite cookies are are sent with strict requests.") + } + + if (cookies["domcookies"]) { + verifyDocumentCookieSameSite(domCookieStatus, expectedValue, cookies['domcookies']); + } +} + +function verifyDocumentCookieSameSite(expectedStatus, expectedValue, domcookies) { + const cookies = domcookies.split(";") + .map(cookie => cookie.trim().split("=")) + .reduce((obj, cookie) => { + obj[cookie[0]] = cookie[1]; + return obj; + }, {}); + + if (expectedStatus == DomSameSiteStatus.SAME_SITE) { + assert_equals(cookies["samesite_none"], expectedValue, "SameSite=None cookies are always included in document.cookie."); + assert_equals(cookies["samesite_unspecified"], expectedValue, "Unspecified-SameSite cookies are always included in document.cookie."); + assert_equals(cookies["samesite_strict"], expectedValue, "SameSite=Strict cookies are always included in document.cookie."); + assert_equals(cookies["samesite_lax"], expectedValue, "SameSite=Lax cookies are always included in document.cookie."); + } else if (expectedStatus == DomSameSiteStatus.CROSS_SITE) { + assert_equals(cookies["samesite_none"], expectedValue, "SameSite=None cookies are always included in document.cookie."); + assert_not_equals(cookies["samesite_unspecified"], expectedValue, "Unspecified-SameSite cookies are not included in document.cookie when cross-site."); + assert_not_equals(cookies["samesite_strict"], expectedValue, "SameSite=Strict cookies are not included in document.cookie when cross-site."); + assert_not_equals(cookies["samesite_lax"], expectedValue, "SameSite=Lax cookies are not included in document.cookie when cross-site."); + } +} + +// +// LeaveSecureCookiesAlone-specific test helpers: +// + +window.SecureStatus = { + INSECURE_COOKIE_ONLY: "1", + BOTH_COOKIES: "2", +}; + +//Reset SameSite test cookies on |origin|. If |origin| matches `self.origin`, assert +//(via `document.cookie`) that they were properly removed and reset. +function resetSecureCookies(origin, value) { +return credFetch(origin + "/cookies/resources/dropSecure.py") + .then(_ => { + if (origin == self.origin) { + assert_dom_cookie("alone_secure", value, false); + assert_dom_cookie("alone_insecure", value, false); + } + }) + .then(_ => { + return credFetch(origin + "/cookie/resources/setSecure.py?" + value) + }) +} + +// Reset SameSite=None test cookies on |origin|. If |origin| matches +// `self.origin`, assert (via `document.cookie`) that they were properly +// removed. +function resetSameSiteNoneCookies(origin, value) { + return credFetch(origin + "/cookies/resources/dropSameSiteNone.py") + .then(_ => { + if (origin == self.origin) { + assert_dom_cookie("samesite_none_insecure", value, false); + assert_dom_cookie("samesite_none_secure", value, false); + } + }) + .then(_ => { + return credFetch(origin + "/cookies/resources/setSameSiteNone.py?" + value); + }) +} + +// Reset test cookies with multiple SameSite attributes on |origin|. +// If |origin| matches `self.origin`, assert (via `document.cookie`) +// that they were properly removed. +function resetSameSiteMultiAttributeCookies(origin, value) { + return credFetch(origin + "/cookies/resources/dropSameSiteMultiAttribute.py") + .then(_ => { + if (origin == self.origin) { + assert_dom_cookie("samesite_unsupported", value, false); + assert_dom_cookie("samesite_unsupported_none", value, false); + assert_dom_cookie("samesite_unsupported_lax", value, false); + assert_dom_cookie("samesite_unsupported_strict", value, false); + assert_dom_cookie("samesite_none_unsupported", value, false); + assert_dom_cookie("samesite_lax_unsupported", value, false); + assert_dom_cookie("samesite_strict_unsupported", value, false); + assert_dom_cookie("samesite_lax_none", value, false); + } + }) + .then(_ => { + return credFetch(origin + "/cookies/resources/setSameSiteMultiAttribute.py?" + value); + }) +} + +// +// DOM based cookie manipulation APIs +// + +// erase cookie value and set for expiration +function erase_cookie_from_js(name, params) { + document.cookie = `${name}=0; expires=${new Date(0).toUTCString()}; ${params};`; + var re = new RegExp("(?:^|; )" + name); + assert_equals(re.test(document.cookie), false, "Sanity check: " + name + " has been deleted."); +} diff --git a/testing/web-platform/tests/cookies/resources/cookie-test.js b/testing/web-platform/tests/cookies/resources/cookie-test.js new file mode 100644 index 0000000000..a909e4d72f --- /dev/null +++ b/testing/web-platform/tests/cookies/resources/cookie-test.js @@ -0,0 +1,186 @@ +// getAndExpireCookiesForDefaultPathTest is a helper method to get and delete +// cookies using echo-cookie.html. +async function getAndExpireCookiesForDefaultPathTest() { + return new Promise((resolve, reject) => { + try { + const iframe = document.createElement('iframe'); + iframe.style = 'display: none'; + iframe.src = '/cookies/resources/echo-cookie.html'; + iframe.addEventListener('load', (e) => { + const win = e.target.contentWindow; + const iframeCookies = win.getCookies(); + win.expireCookies().then(() => { + document.documentElement.removeChild(iframe); + resolve(iframeCookies); + }); + }, {once: true}); + document.documentElement.appendChild(iframe); + } catch (e) { + reject(e); + } + }); +} + +// getAndExpireCookiesForRedirectTest is a helper method to get and delete +// cookies that were set from a Location header redirect. +async function getAndExpireCookiesForRedirectTest(location) { + return new Promise((resolve, reject) => { + try { + const iframe = document.createElement('iframe'); + iframe.style = 'display: none'; + iframe.src = location; + const listener = (e) => { + if (typeof e.data == 'object' && 'cookies' in e.data) { + window.removeEventListener('message', listener); + document.documentElement.removeChild(iframe); + resolve(e.data.cookies); + } + }; + window.addEventListener('message', listener); + iframe.addEventListener('load', (e) => { + e.target.contentWindow.postMessage('getAndExpireCookiesForRedirectTest', '*'); + }, {once: true}); + document.documentElement.appendChild(iframe); + } catch (e) { + reject(e); + } + }); +} + +// httpCookieTest sets a `cookie` (via HTTP), then asserts it was or was not set +// via `expectedValue` (via the DOM). Then cleans it up (via test driver). Most +// tests do not set a Path attribute, so `defaultPath` defaults to true. If the +// cookie values are expected to cause the HTTP request or response to fail, the +// test can be made to pass when this happens via `allowFetchFailure`, which +// defaults to false. +// +// `cookie` may be a single cookie string, or an array of cookie strings, where +// the order of the array items represents the order of the Set-Cookie headers +// sent by the server. +// +// Note: this function has a dependency on testdriver.js. Any test files calling +// it should include testdriver.js and testdriver-vendor.js +function httpCookieTest(cookie, expectedValue, name, defaultPath = true, + allowFetchFailure = false) { + return promise_test((t) => { + var skipAssertions = false; + return new Promise(async (resolve, reject) => { + // The result is ignored as we're expiring cookies for cleaning here. + await getAndExpireCookiesForDefaultPathTest(); + await test_driver.delete_all_cookies(); + t.add_cleanup(test_driver.delete_all_cookies); + + let encodedCookie = encodeURIComponent(JSON.stringify(cookie)); + try { + await fetch(`/cookies/resources/cookie.py?set=${encodedCookie}`); + } catch { + if (allowFetchFailure) { + skipAssertions = true; + resolve(); + } else { + reject('Failed to fetch /cookies/resources/cookie.py'); + } + } + let cookies = document.cookie; + if (defaultPath) { + // for the tests where a Path is set from the request-uri + // path, we need to go look for cookies in an iframe at that + // default path. + cookies = await getAndExpireCookiesForDefaultPathTest(); + } + resolve(cookies); + }).then((cookies) => { + if (skipAssertions) { + return; + } + if (Boolean(expectedValue)) { + assert_equals(cookies, expectedValue, 'The cookie was set as expected.'); + } else { + assert_equals(cookies, expectedValue, 'The cookie was rejected.'); + } + }); + }, name); +} + +// This is a variation on httpCookieTest, where a redirect happens via +// the Location header and we check to see if cookies are sent via +// getRedirectedCookies +// +// Note: the locations targeted by this function have a dependency on +// path-redirect-shared.js and should be sure to include it. +function httpRedirectCookieTest(cookie, expectedValue, name, location) { + return promise_test(async (t) => { + // The result is ignored as we're expiring cookies for cleaning here. + await getAndExpireCookiesForRedirectTest(location); + + const encodedCookie = encodeURIComponent(JSON.stringify(cookie)); + const encodedLocation = encodeURIComponent(location); + const setParams = `?set=${encodedCookie}&location=${encodedLocation}`; + await fetch(`/cookies/resources/cookie.py${setParams}`); + // for the tests where a redirect happens, we need to head + // to that URI to get the cookies (and then delete them there) + const cookies = await getAndExpireCookiesForRedirectTest(location); + if (Boolean(expectedValue)) { + assert_equals(cookies, expectedValue, 'The cookie was set as expected.'); + } else { + assert_equals(cookies, expectedValue, 'The cookie was rejected.'); + } + }, name); +} + +// Sets a `cookie` via the DOM, checks it against `expectedValue` via the DOM, +// then cleans it up via the DOM. This is needed in cases where going through +// HTTP headers may modify the cookie line (e.g. by stripping control +// characters). +// +// Note: this function has a dependency on testdriver.js. Any test files calling +// it should include testdriver.js and testdriver-vendor.js +function domCookieTest(cookie, expectedValue, name) { + return promise_test(async (t) => { + await test_driver.delete_all_cookies(); + t.add_cleanup(test_driver.delete_all_cookies); + + if (typeof cookie === "string") { + document.cookie = cookie; + } else if (Array.isArray(cookie)) { + for (const singlecookie of cookie) { + document.cookie = singlecookie; + } + } else { + throw new Error('Unexpected type passed into domCookieTest as cookie: ' + typeof cookie); + } + let cookies = document.cookie; + assert_equals(cookies, expectedValue, Boolean(expectedValue) ? + 'The cookie was set as expected.' : + 'The cookie was rejected.'); + }, name); +} + +// Returns an array of control characters along with their ASCII codes. Control +// characters are defined by RFC 5234 to be %x00-1F / %x7F. +function getCtlCharacters() { + const ctlCodes = [...Array(0x20).keys()] + .concat([0x7F]); + return ctlCodes.map(i => ({ code: i, chr: String.fromCharCode(i) })) +} + +// Returns a cookie string with name set to "t" * nameLength and value +// set to "1" * valueLength. Passing in 0 for either allows for creating +// a name- or value-less cookie. +// +// Note: Cookie length checking should ignore the "=". +function cookieStringWithNameAndValueLengths(nameLength, valueLength) { + return `${"t".repeat(nameLength)}=${"1".repeat(valueLength)}`; +} + +// Finds the root window.top.opener and directs test_driver commands to it. +// +// If you see a message like: "Error: Tried to run in a non-testharness window +// without a call to set_test_context." then you probably need to call this. +function setTestContextUsingRootWindow() { + let test_window = window.top; + while (test_window.opener && !test_window.opener.closed) { + test_window = test_window.opener.top; + } + test_driver.set_test_context(test_window); +} diff --git a/testing/web-platform/tests/cookies/resources/cookie.py b/testing/web-platform/tests/cookies/resources/cookie.py new file mode 100644 index 0000000000..936679bc9f --- /dev/null +++ b/testing/web-platform/tests/cookies/resources/cookie.py @@ -0,0 +1,42 @@ +import json + +from cookies.resources.helpers import setNoCacheAndCORSHeaders +from wptserve.utils import isomorphic_decode +from wptserve.utils import isomorphic_encode + +def set_cookie(headers, cookie_string): + """Helper method to add a Set-Cookie header""" + headers.append((b'Set-Cookie', isomorphic_encode(cookie_string))) + +def main(request, response): + """Set a cookie via GET params. + + Usage: `/cookie.py?set={cookie}` + + The passed-in cookie string should be stringified via JSON.stringify() (in + the case of multiple cookie headers sent in an array) and encoded via + encodeURIComponent, otherwise `parse_qsl` will split on any semicolons + (used by the Request.GET property getter). Note that values returned by + Request.GET will decode any percent-encoded sequences sent in a GET param + (which may or may not be surprising depending on what you're doing). + + Note: here we don't use Response.delete_cookie() or similar other methods + in this resources directory because there are edge cases that are impossible + to express via those APIs, namely a bare (`Path`) or empty Path (`Path=`) + attribute. Instead, we pipe through the entire cookie and append `max-age=0` + to it. + """ + headers = setNoCacheAndCORSHeaders(request, response) + + if b'set' in request.GET: + cookie = isomorphic_decode(request.GET[b'set']) + cookie = json.loads(cookie) + cookies = cookie if isinstance(cookie, list) else [cookie] + for c in cookies: + set_cookie(headers, c) + + if b'location' in request.GET: + headers.append((b'Location', request.GET[b'location'])) + return 302, headers, b'{"redirect": true}' + + return headers, b'{"success": true}' diff --git a/testing/web-platform/tests/cookies/resources/drop.py b/testing/web-platform/tests/cookies/resources/drop.py new file mode 100644 index 0000000000..612add2169 --- /dev/null +++ b/testing/web-platform/tests/cookies/resources/drop.py @@ -0,0 +1,14 @@ +from cookies.resources.helpers import makeDropCookie, readParameter, setNoCacheAndCORSHeaders + +def main(request, response): + """Respond to `/cookie/drop?name={name}` by expiring the cookie named `{name}`.""" + headers = setNoCacheAndCORSHeaders(request, response) + try: + # Expire the named cookie, and return a JSON-encoded success code. + name = readParameter(request, paramName=u"name", requireValue=True) + scheme = request.url_parts.scheme + headers.append(makeDropCookie(name, u"https" == scheme)) + return headers, b'{"success": true}' + except: + return 500, headers, b'{"error" : "Empty or missing name parameter."}' + diff --git a/testing/web-platform/tests/cookies/resources/dropSameSite.py b/testing/web-platform/tests/cookies/resources/dropSameSite.py new file mode 100644 index 0000000000..a0aa83558d --- /dev/null +++ b/testing/web-platform/tests/cookies/resources/dropSameSite.py @@ -0,0 +1,13 @@ +from cookies.resources.helpers import makeDropCookie, setNoCacheAndCORSHeaders + +def main(request, response): + """Respond to `/cookie/same-site/resources/dropSameSite.py by dropping the + four cookies set by setSameSiteCookies.py""" + headers = setNoCacheAndCORSHeaders(request, response) + + # Expire the cookies, and return a JSON-encoded success code. + headers.append(makeDropCookie(b"samesite_strict", False)) + headers.append(makeDropCookie(b"samesite_lax", False)) + headers.append(makeDropCookie(b"samesite_none", False)) + headers.append(makeDropCookie(b"samesite_unspecified", False)) + return headers, b'{"success": true}' diff --git a/testing/web-platform/tests/cookies/resources/dropSameSiteMultiAttribute.py b/testing/web-platform/tests/cookies/resources/dropSameSiteMultiAttribute.py new file mode 100644 index 0000000000..af4fbeeca4 --- /dev/null +++ b/testing/web-platform/tests/cookies/resources/dropSameSiteMultiAttribute.py @@ -0,0 +1,17 @@ +from cookies.resources.helpers import makeDropCookie, setNoCacheAndCORSHeaders + +def main(request, response): + """Respond to `/cookies/resources/dropSameSiteMultiAttribute.py by dropping + the cookies set by setSameSiteMultiAttribute.py""" + headers = setNoCacheAndCORSHeaders(request, response) + + # Expire the cookies, and return a JSON-encoded success code. + headers.append(makeDropCookie(b"samesite_unsupported", True)) + headers.append(makeDropCookie(b"samesite_unsupported_none", True)) + headers.append(makeDropCookie(b"samesite_unsupported_lax", False)) + headers.append(makeDropCookie(b"samesite_unsupported_strict", False)) + headers.append(makeDropCookie(b"samesite_none_unsupported", True)) + headers.append(makeDropCookie(b"samesite_lax_unsupported", True)) + headers.append(makeDropCookie(b"samesite_strict_unsupported", True)) + headers.append(makeDropCookie(b"samesite_lax_none", True)) + return headers, b'{"success": true}' diff --git a/testing/web-platform/tests/cookies/resources/dropSameSiteNone.py b/testing/web-platform/tests/cookies/resources/dropSameSiteNone.py new file mode 100644 index 0000000000..2d0a837b5d --- /dev/null +++ b/testing/web-platform/tests/cookies/resources/dropSameSiteNone.py @@ -0,0 +1,11 @@ +from cookies.resources.helpers import makeDropCookie, setNoCacheAndCORSHeaders + +def main(request, response): + """Respond to `/cookies/resources/dropSameSiteNone.py by dropping the + two cookies set by setSameSiteNone.py""" + headers = setNoCacheAndCORSHeaders(request, response) + + # Expire the cookies, and return a JSON-encoded success code. + headers.append(makeDropCookie(b"samesite_none_insecure", False)) + headers.append(makeDropCookie(b"samesite_none_secure", True)) + return headers, b'{"success": true}' diff --git a/testing/web-platform/tests/cookies/resources/dropSecure.py b/testing/web-platform/tests/cookies/resources/dropSecure.py new file mode 100644 index 0000000000..af71148cd6 --- /dev/null +++ b/testing/web-platform/tests/cookies/resources/dropSecure.py @@ -0,0 +1,11 @@ +from cookies.resources.helpers import makeDropCookie, setNoCacheAndCORSHeaders + +def main(request, response): + """Respond to `/cookie/drop/secure` by dropping the two cookie set by + `setSecureTestCookies()`""" + headers = setNoCacheAndCORSHeaders(request, response) + + # Expire the cookies, and return a JSON-encoded success code. + headers.append(makeDropCookie(b"alone_secure", False)) + headers.append(makeDropCookie(b"alone_insecure", False)) + return headers, b'{"success": true}' diff --git a/testing/web-platform/tests/cookies/resources/echo-cookie.html b/testing/web-platform/tests/cookies/resources/echo-cookie.html new file mode 100644 index 0000000000..ab78af8325 --- /dev/null +++ b/testing/web-platform/tests/cookies/resources/echo-cookie.html @@ -0,0 +1,31 @@ + + + + + helper iframe for matching cookie path tests + + + + + + + + + diff --git a/testing/web-platform/tests/cookies/resources/echo-json.py b/testing/web-platform/tests/cookies/resources/echo-json.py new file mode 100644 index 0000000000..9f1568e816 --- /dev/null +++ b/testing/web-platform/tests/cookies/resources/echo-json.py @@ -0,0 +1,15 @@ +from wptserve.utils import isomorphic_decode + +def main(request, response): + headers = [(b"Content-Type", b"application/json"), + (b"Access-Control-Allow-Credentials", b"true")] + + if b"origin" in request.headers: + headers.append((b"Access-Control-Allow-Origin", request.headers[b"origin"])) + + values = [] + for key in request.cookies: + for value in request.cookies.get_list(key): + values.append(u"\"%s\": \"%s\"" % (isomorphic_decode(key), value)) + body = u"{ %s }" % u",".join(values) + return headers, body diff --git a/testing/web-platform/tests/cookies/resources/helpers.py b/testing/web-platform/tests/cookies/resources/helpers.py new file mode 100644 index 0000000000..5fee5a9a91 --- /dev/null +++ b/testing/web-platform/tests/cookies/resources/helpers.py @@ -0,0 +1,59 @@ +from urllib.parse import parse_qs + +from wptserve.utils import isomorphic_encode + +def setNoCacheAndCORSHeaders(request, response): + """Set Cache-Control, CORS and Content-Type headers appropriate for the cookie tests.""" + headers = [(b"Content-Type", b"application/json"), + (b"Access-Control-Allow-Credentials", b"true")] + + origin = b"*" + if b"origin" in request.headers: + origin = request.headers[b"origin"] + + headers.append((b"Access-Control-Allow-Origin", origin)) + #headers.append(("Access-Control-Allow-Credentials", "true")) + headers.append((b"Cache-Control", b"no-cache")) + headers.append((b"Expires", b"Fri, 01 Jan 1990 00:00:00 GMT")) + + return headers + +def makeCookieHeader(name, value, otherAttrs): + """Make a Set-Cookie header for a cookie with the name, value and attributes provided.""" + def makeAV(a, v): + if None == v or b"" == v: + return a + if isinstance(v, int): + return b"%s=%i" % (a, v) + else: + return b"%s=%s" % (a, v) + + # ensure cookie name is always first + attrs = [b"%s=%s" % (name, value)] + attrs.extend(makeAV(a, v) for (a, v) in otherAttrs.items()) + return (b"Set-Cookie", b"; ".join((attrs))) + +def makeDropCookie(name, secure): + attrs = {b"max-age": 0, b"path": b"/"} + if secure: + attrs[b"secure"] = b"" + return makeCookieHeader(name, b"", attrs) + +def readParameter(request, paramName, requireValue): + """Read a parameter from the request. Raise if requireValue is set and the + parameter has an empty value or is not present.""" + params = parse_qs(request.url_parts.query) + param = params[paramName][0].strip() + if len(param) == 0: + raise Exception(u"Empty or missing name parameter.") + return isomorphic_encode(param) + +def readCookies(request): + """Read the cookies from the client present in the request.""" + cookies = {} + for key in request.cookies: + for cookie in request.cookies.get_list(key): + # do we care we'll clobber cookies here? If so, do we + # need to modify the test to take cookie names and value lists? + cookies[key] = cookie.value + return cookies diff --git a/testing/web-platform/tests/cookies/resources/imgIfMatch.py b/testing/web-platform/tests/cookies/resources/imgIfMatch.py new file mode 100644 index 0000000000..72fa50e66e --- /dev/null +++ b/testing/web-platform/tests/cookies/resources/imgIfMatch.py @@ -0,0 +1,16 @@ +from cookies.resources import helpers + +def main(request, response): + """Respond to `/cookie/imgIfMatch?name={name}&value={value}` with a 404 if + the cookie isn't present, and a transparent GIF otherwise.""" + headers = helpers.setNoCacheAndCORSHeaders(request, response) + name = helpers.readParameter(request, paramName=u"name", requireValue=True) + value = helpers.readParameter(request, paramName=u"value", requireValue=True) + cookiesWithMatchingNames = request.cookies.get_list(name) + for cookie in cookiesWithMatchingNames: + if cookie.value == value: + # From https://github.com/mathiasbynens/small/blob/master/gif-transparent.gif + headers.append((b"Content-Type", b"image/gif")) + gif = b"\x47\x49\x46\x38\x39\x61\x01\x00\x01\x00\x80\x00\x00\xFF\xFF\xFF\x00\x00\x00\x21\xF9\x04\x01\x00\x00\x00\x00\x2C\x00\x00\x00\x00\x01\x00\x01\x00\x00\x02\x02\x44\x01\x00\x3B" + return headers, gif + return 500, headers, b'{"error": {"message": "The cookie\'s value did not match the given value."}}' diff --git a/testing/web-platform/tests/cookies/resources/list-cookies-for-script.py b/testing/web-platform/tests/cookies/resources/list-cookies-for-script.py new file mode 100644 index 0000000000..b325d1f745 --- /dev/null +++ b/testing/web-platform/tests/cookies/resources/list-cookies-for-script.py @@ -0,0 +1,12 @@ +import json +from cookies.resources import helpers + +from wptserve.utils import isomorphic_decode + +def main(request, response): + headers = helpers.setNoCacheAndCORSHeaders(request, response) + headers[0] = (b"Content-Type", b"text/javascript") + cookies = helpers.readCookies(request) + decoded_cookies = {isomorphic_decode(key): isomorphic_decode(val) for key, val in cookies.items()} + return headers, 'self._cookies = [{}];\n'.format( + ', '.join(['"{}"'.format(name) for name in decoded_cookies.keys()])) diff --git a/testing/web-platform/tests/cookies/resources/list.py b/testing/web-platform/tests/cookies/resources/list.py new file mode 100644 index 0000000000..4cb6639659 --- /dev/null +++ b/testing/web-platform/tests/cookies/resources/list.py @@ -0,0 +1,10 @@ +import json +from cookies.resources import helpers + +from wptserve.utils import isomorphic_decode + +def main(request, response): + headers = helpers.setNoCacheAndCORSHeaders(request, response) + cookies = helpers.readCookies(request) + decoded_cookies = {isomorphic_decode(key): isomorphic_decode(val) for key, val in cookies.items()} + return headers, json.dumps(decoded_cookies) diff --git a/testing/web-platform/tests/cookies/resources/navigate.html b/testing/web-platform/tests/cookies/resources/navigate.html new file mode 100644 index 0000000000..077efba569 --- /dev/null +++ b/testing/web-platform/tests/cookies/resources/navigate.html @@ -0,0 +1,8 @@ + + + diff --git a/testing/web-platform/tests/cookies/resources/postToParent.py b/testing/web-platform/tests/cookies/resources/postToParent.py new file mode 100644 index 0000000000..43f7d679fb --- /dev/null +++ b/testing/web-platform/tests/cookies/resources/postToParent.py @@ -0,0 +1,39 @@ +import json +from cookies.resources import helpers + +from wptserve.utils import isomorphic_decode + +def main(request, response): + headers = helpers.setNoCacheAndCORSHeaders(request, response) + cookies = helpers.readCookies(request) + headers.append((b"Content-Type", b"text/html; charset=utf-8")) + + tmpl = u""" + + +""" + decoded_cookies = {isomorphic_decode(key): isomorphic_decode(val) for key, val in cookies.items()} + return headers, tmpl % json.dumps(decoded_cookies) diff --git a/testing/web-platform/tests/cookies/resources/redirectWithCORSHeaders.py b/testing/web-platform/tests/cookies/resources/redirectWithCORSHeaders.py new file mode 100644 index 0000000000..0af14da3e9 --- /dev/null +++ b/testing/web-platform/tests/cookies/resources/redirectWithCORSHeaders.py @@ -0,0 +1,22 @@ +from cookies.resources.helpers import setNoCacheAndCORSHeaders + +def main(request, response): + """Simple handler that causes redirection. + + The request should typically have two query parameters: + status - The status to use for the redirection. Defaults to 302. + location - The resource to redirect to. + """ + status = 302 + if b"status" in request.GET: + try: + status = int(request.GET.first(b"status")) + except ValueError: + pass + headers = setNoCacheAndCORSHeaders(request, response) + + location = request.GET.first(b"location") + + headers.append((b"Location", location)) + + return status, headers, b"" diff --git a/testing/web-platform/tests/cookies/resources/set-cookie.py b/testing/web-platform/tests/cookies/resources/set-cookie.py new file mode 100644 index 0000000000..59b5b8006a --- /dev/null +++ b/testing/web-platform/tests/cookies/resources/set-cookie.py @@ -0,0 +1,45 @@ +from datetime import date + +def main(request, response): + """ + Returns cookie name and path from query params in a Set-Cookie header. + + e.g. + + > GET /cookies/resources/set-cookie.py?name=match-slash&path=%2F HTTP/1.1 + > Host: localhost:8000 + > User-Agent: curl/7.43.0 + > Accept: */* + > + < HTTP/1.1 200 OK + < Content-Type: application/json + < Set-Cookie: match-slash=1; Path=/; Expires=09 Jun 2021 10:18:14 GMT + < Server: BaseHTTP/0.3 Python/2.7.12 + < Date: Tue, 04 Oct 2016 18:16:06 GMT + < Content-Length: 80 + """ + + name = request.GET[b'name'] + path = request.GET[b'path'] + samesite = request.GET.get(b'samesite') + secure = b'secure' in request.GET + expiry_year = date.today().year + 1 + cookie = b"%s=1; Path=%s; Expires=09 Jun %d 10:18:14 GMT" % (name, path, expiry_year) + if samesite: + cookie += b";SameSite=%s" % samesite + if secure: + cookie += b";Secure" + + headers = [ + (b"Content-Type", b"application/json"), + (b"Set-Cookie", cookie) + ] + + # Set the cors enabled headers. + origin = request.headers.get(b"Origin") + if origin is not None and origin != b"null": + headers.append((b"Access-Control-Allow-Origin", origin)) + headers.append((b"Access-Control-Allow-Credentials", 'true')) + + body = b"var dummy='value';" + return headers, body diff --git a/testing/web-platform/tests/cookies/resources/set.py b/testing/web-platform/tests/cookies/resources/set.py new file mode 100644 index 0000000000..eda9338c92 --- /dev/null +++ b/testing/web-platform/tests/cookies/resources/set.py @@ -0,0 +1,15 @@ +from cookies.resources import helpers +from urllib.parse import unquote + +from wptserve.utils import isomorphic_encode + +def main(request, response): + """Respond to `/cookie/set?{cookie}` by echoing `{cookie}` as a `Set-Cookie` header.""" + headers = helpers.setNoCacheAndCORSHeaders(request, response) + + # Cookies may require whitespace (e.g. in the `Expires` attribute), so the + # query string should be decoded. + cookie = unquote(request.url_parts.query) + headers.append((b"Set-Cookie", isomorphic_encode(cookie))) + + return headers, b'{"success": true}' diff --git a/testing/web-platform/tests/cookies/resources/setSameSite.py b/testing/web-platform/tests/cookies/resources/setSameSite.py new file mode 100644 index 0000000000..05f0967088 --- /dev/null +++ b/testing/web-platform/tests/cookies/resources/setSameSite.py @@ -0,0 +1,32 @@ +from cookies.resources.helpers import makeCookieHeader, setNoCacheAndCORSHeaders + +from wptserve.utils import isomorphic_encode + +def main(request, response): + """Respond to `/cookie/set/samesite?{value}` by setting four cookies: + 1. `samesite_strict={value};SameSite=Strict;path=/` + 2. `samesite_lax={value};SameSite=Lax;path=/` + 3. `samesite_none={value};SameSite=None;path=/` + 4. `samesite_unspecified={value};path=/` + Then navigate to a page that will post a message back to the opener with the set cookies""" + headers = setNoCacheAndCORSHeaders(request, response) + value = isomorphic_encode(request.url_parts.query) + + headers.append((b"Content-Type", b"text/html; charset=utf-8")) + headers.append(makeCookieHeader(b"samesite_strict", value, {b"SameSite":b"Strict", b"path":b"/"})) + headers.append(makeCookieHeader(b"samesite_lax", value, {b"SameSite":b"Lax", b"path":b"/"})) + # SameSite=None cookies must be Secure. + headers.append(makeCookieHeader(b"samesite_none", value, {b"SameSite":b"None", b"path":b"/", b"Secure": b""})) + headers.append(makeCookieHeader(b"samesite_unspecified", value, {b"path":b"/"})) + + document = b""" + + +""" + + return headers, document diff --git a/testing/web-platform/tests/cookies/resources/setSameSiteDomain.py b/testing/web-platform/tests/cookies/resources/setSameSiteDomain.py new file mode 100644 index 0000000000..c8b7a71981 --- /dev/null +++ b/testing/web-platform/tests/cookies/resources/setSameSiteDomain.py @@ -0,0 +1,36 @@ +from cookies.resources.helpers import makeCookieHeader, setNoCacheAndCORSHeaders + +from wptserve.utils import isomorphic_encode + +def main(request, response): + """Respond to `/cookie/set/samesite?{value}` by setting four cookies: + 1. `samesite_strict={value};SameSite=Strict;path=/;domain={host}` + 2. `samesite_lax={value};SameSite=Lax;path=/;domain={host}` + 3. `samesite_none={value};SameSite=None;path=/;Secure;domain={host}` + 4. `samesite_unspecified={value};path=/;domain={host}` + Where {host} is the hostname from which this page is served. (Requesting this resource + without a Host header will result in a 500 server error.) + Then navigate to a page that will post a message back to the opener with the set cookies""" + headers = setNoCacheAndCORSHeaders(request, response) + value = isomorphic_encode(request.url_parts.query) + host_header = request.headers['host'] + hostname = host_header.split(b":")[0] + host = isomorphic_encode(hostname) + headers.append((b"Content-Type", b"text/html; charset=utf-8")) + headers.append(makeCookieHeader(b"samesite_strict", value, {b"SameSite":b"Strict", b"path":b"/", b"domain":host})) + headers.append(makeCookieHeader(b"samesite_lax", value, {b"SameSite":b"Lax", b"path":b"/", b"domain":host})) + # SameSite=None cookies must be Secure. + headers.append(makeCookieHeader(b"samesite_none", value, {b"SameSite":b"None", b"path":b"/", b"Secure": b"", b"domain":host})) + headers.append(makeCookieHeader(b"samesite_unspecified", value, {b"path":b"/", b"domain":host})) + + document = b""" + + +""" + + return headers, document diff --git a/testing/web-platform/tests/cookies/resources/setSameSiteMultiAttribute.py b/testing/web-platform/tests/cookies/resources/setSameSiteMultiAttribute.py new file mode 100644 index 0000000000..988f67f0b0 --- /dev/null +++ b/testing/web-platform/tests/cookies/resources/setSameSiteMultiAttribute.py @@ -0,0 +1,60 @@ +from cookies.resources.helpers import makeCookieHeader, setNoCacheAndCORSHeaders + +from wptserve.utils import isomorphic_encode + +def main(request, response): + """Respond to `/cookie/set/samesite?{value}` by setting the following combination of cookies: + 1. `samesite_unsupported={value};SameSite=Unsupported;path=/;Secure` + 2. `samesite_unsupported_none={value};SameSite=Unsupported;SameSite=None;path=/;Secure` + 3. `samesite_unsupported_lax={value};SameSite=Unsupported;SameSite=Lax;path=/` + 4. `samesite_unsupported_strict={value};SameSite=Unsupported;SameSite=Strict;path=/` + 5. `samesite_none_unsupported={value};SameSite=None;SameSite=Unsupported;path=/;Secure` + 6. `samesite_lax_unsupported={value};SameSite=Lax;SameSite=Unsupported;path=/;Secure` + 7. `samesite_strict_unsupported={value};SameSite=Strict;SameSite=Unsupported;path=/;Secure` + 8. `samesite_lax_none={value};SameSite=Lax;SameSite=None;path=/;Secure` + 9. `samesite_lax_strict={value};SameSite=Lax;SameSite=Strict;path=/` + 10. `samesite_strict_lax={value};SameSite=Strict;SameSite=Lax;path=/` + Then navigate to a page that will post a message back to the opener with the set cookies""" + headers = setNoCacheAndCORSHeaders(request, response) + value = isomorphic_encode(request.url_parts.query) + + headers.append((b"Content-Type", b"text/html; charset=utf-8")) + # Unknown value; single attribute + headers.append(makeCookieHeader( + b"samesite_unsupported", value, {b"SameSite":b"Unsupported", b"path":b"/", b"Secure":b""})) + + # Multiple attributes; first attribute unknown + headers.append(makeCookieHeader( + b"samesite_unsupported_none", value, {b"SameSite":b"Unsupported", b"SameSite":b"None", b"path":b"/", b"Secure":b""})) + headers.append(makeCookieHeader( + b"samesite_unsupported_lax", value, {b"SameSite":b"Unsupported", b"SameSite":b"Lax", b"path":b"/"})) + headers.append(makeCookieHeader( + b"samesite_unsupported_strict", value, {b"SameSite":b"Unsupported", b"SameSite":b"Strict", b"path":b"/"})) + + # Multiple attributes; second attribute unknown + headers.append(makeCookieHeader( + b"samesite_none_unsupported", value, {b"SameSite":b"None", b"SameSite":b"Unsupported", b"path":b"/", b"Secure":b""})) + headers.append(makeCookieHeader( + b"samesite_lax_unsupported", value, {b"SameSite":b"Lax", b"SameSite":b"Unsupported", b"path":b"/", b"Secure":b""})) + headers.append(makeCookieHeader( + b"samesite_strict_unsupported", value, {b"SameSite":b"Strict", b"SameSite":b"Unsupported", b"path":b"/", b"Secure":b""})) + + # Multiple attributes; both known + headers.append(makeCookieHeader( + b"samesite_lax_none", value, {b"SameSite":b"Lax", b"SameSite":b"None", b"path":b"/", b"Secure":b""})) + headers.append(makeCookieHeader( + b"samesite_lax_strict", value, {b"SameSite":b"Lax", b"SameSite":b"Strict", b"path":b"/"})) + headers.append(makeCookieHeader( + b"samesite_strict_lax", value, {b"SameSite":b"Strict", b"SameSite":b"Lax", b"path":b"/"})) + + document = b""" + + +""" + + return headers, document diff --git a/testing/web-platform/tests/cookies/resources/setSameSiteNone.py b/testing/web-platform/tests/cookies/resources/setSameSiteNone.py new file mode 100644 index 0000000000..446c75eb44 --- /dev/null +++ b/testing/web-platform/tests/cookies/resources/setSameSiteNone.py @@ -0,0 +1,16 @@ +from cookies.resources.helpers import makeCookieHeader, setNoCacheAndCORSHeaders + +from wptserve.utils import isomorphic_encode + +def main(request, response): + """Respond to `/cookies/resources/setSameSiteNone.py?{value}` by setting two cookies: + 1. `samesite_none_insecure={value};SameSite=None;path=/` + 2. `samesite_none_secure={value};SameSite=None;Secure;path=/` + """ + headers = setNoCacheAndCORSHeaders(request, response) + value = isomorphic_encode(request.url_parts.query) + + headers.append(makeCookieHeader(b"samesite_none_insecure", value, {b"SameSite":b"None", b"path":b"/"})) + headers.append(makeCookieHeader(b"samesite_none_secure", value, {b"SameSite":b"None", b"Secure":b"", b"path":b"/"})) + + return headers, b'{"success": true}' diff --git a/testing/web-platform/tests/cookies/resources/setSecure.py b/testing/web-platform/tests/cookies/resources/setSecure.py new file mode 100644 index 0000000000..dd0dd1622b --- /dev/null +++ b/testing/web-platform/tests/cookies/resources/setSecure.py @@ -0,0 +1,14 @@ +from cookies.resources.helpers import makeCookieHeader, readParameter, setNoCacheAndCORSHeaders + +from wptserve.utils import isomorphic_encode + +def main(request, response): + """Respond to `/cookie/set/secure?{value}` by setting two cookies: + alone_secure={value};secure;path=/` + alone_insecure={value};path=/""" + headers = setNoCacheAndCORSHeaders(request, response) + value = isomorphic_encode(request.url_parts.query) + + headers.append(makeCookieHeader(b"alone_secure", value, {b"secure": b"", b"path": b"/"})) + headers.append(makeCookieHeader(b"alone_insecure", value, {b"path": b"/"})) + return headers, b'{"success": true}' diff --git a/testing/web-platform/tests/cookies/resources/testharness-helpers.js b/testing/web-platform/tests/cookies/resources/testharness-helpers.js new file mode 100644 index 0000000000..84368d6d99 --- /dev/null +++ b/testing/web-platform/tests/cookies/resources/testharness-helpers.js @@ -0,0 +1,49 @@ +// Given an array of potentially asynchronous tests, this function will execute +// each in serial, ensuring that one and only one test is executing at a time. +// +// The test array should look like this: +// +// +// var tests = [ +// [ +// "Test description goes here.", +// function () { +// // Test code goes here. `this` is bound to the test object. +// } +// ], +// ... +// ]; +// +// The |setup| and |teardown| arguments are functions which are executed before +// and after each test, respectively. +function executeTestsSerially(testList, setup, teardown) { + var tests = testList.map(function (t) { + return { + test: async_test(t[0]), + code: t[1] + }; + }); + + var executeNextTest = function () { + var current = tests.shift(); + if (current === undefined) { + return; + } + + // Setup the test fixtures. + if (setup) { + setup(); + } + + // Bind a callback to tear down the test fixtures. + if (teardown) { + current.test.add_cleanup(teardown); + } + + // Execute the test. + current.test.step(current.code); + }; + + add_result_callback(function () { setTimeout(executeNextTest, 0) }); + executeNextTest(); +} diff --git a/testing/web-platform/tests/cookies/samesite-none-secure/cookies-without-samesite-must-be-secure.https.html b/testing/web-platform/tests/cookies/samesite-none-secure/cookies-without-samesite-must-be-secure.https.html new file mode 100644 index 0000000000..18cf0516e6 --- /dev/null +++ b/testing/web-platform/tests/cookies/samesite-none-secure/cookies-without-samesite-must-be-secure.https.html @@ -0,0 +1,20 @@ + + + + + + + diff --git a/testing/web-platform/tests/cookies/samesite/about-blank-nested.https.html b/testing/web-platform/tests/cookies/samesite/about-blank-nested.https.html new file mode 100644 index 0000000000..d5c9b8ada3 --- /dev/null +++ b/testing/web-platform/tests/cookies/samesite/about-blank-nested.https.html @@ -0,0 +1,29 @@ + + + + + + + + + + diff --git a/testing/web-platform/tests/cookies/samesite/about-blank-subresource.https.html b/testing/web-platform/tests/cookies/samesite/about-blank-subresource.https.html new file mode 100644 index 0000000000..0a19f30d34 --- /dev/null +++ b/testing/web-platform/tests/cookies/samesite/about-blank-subresource.https.html @@ -0,0 +1,31 @@ + + + + + + + + + diff --git a/testing/web-platform/tests/cookies/samesite/about-blank-toplevel.https.html b/testing/web-platform/tests/cookies/samesite/about-blank-toplevel.https.html new file mode 100644 index 0000000000..3a4dde7673 --- /dev/null +++ b/testing/web-platform/tests/cookies/samesite/about-blank-toplevel.https.html @@ -0,0 +1,30 @@ + + + + + + + + + diff --git a/testing/web-platform/tests/cookies/samesite/fetch.https.html b/testing/web-platform/tests/cookies/samesite/fetch.https.html new file mode 100644 index 0000000000..79e49009fb --- /dev/null +++ b/testing/web-platform/tests/cookies/samesite/fetch.https.html @@ -0,0 +1,40 @@ + + + + + + + diff --git a/testing/web-platform/tests/cookies/samesite/form-get-blank-reload.https.html b/testing/web-platform/tests/cookies/samesite/form-get-blank-reload.https.html new file mode 100644 index 0000000000..b5ab8ade91 --- /dev/null +++ b/testing/web-platform/tests/cookies/samesite/form-get-blank-reload.https.html @@ -0,0 +1,66 @@ + + + + + + diff --git a/testing/web-platform/tests/cookies/samesite/form-get-blank.https.html b/testing/web-platform/tests/cookies/samesite/form-get-blank.https.html new file mode 100644 index 0000000000..2fe81b2b56 --- /dev/null +++ b/testing/web-platform/tests/cookies/samesite/form-get-blank.https.html @@ -0,0 +1,68 @@ + + + + + + + diff --git a/testing/web-platform/tests/cookies/samesite/form-post-blank-reload.https.html b/testing/web-platform/tests/cookies/samesite/form-post-blank-reload.https.html new file mode 100644 index 0000000000..cdbb89ace5 --- /dev/null +++ b/testing/web-platform/tests/cookies/samesite/form-post-blank-reload.https.html @@ -0,0 +1,56 @@ + + + + + + diff --git a/testing/web-platform/tests/cookies/samesite/form-post-blank.https.html b/testing/web-platform/tests/cookies/samesite/form-post-blank.https.html new file mode 100644 index 0000000000..947853893d --- /dev/null +++ b/testing/web-platform/tests/cookies/samesite/form-post-blank.https.html @@ -0,0 +1,57 @@ + + + + + + + diff --git a/testing/web-platform/tests/cookies/samesite/get_all_cookies-default-samesite.html b/testing/web-platform/tests/cookies/samesite/get_all_cookies-default-samesite.html new file mode 100644 index 0000000000..3b1606b7f8 --- /dev/null +++ b/testing/web-platform/tests/cookies/samesite/get_all_cookies-default-samesite.html @@ -0,0 +1,20 @@ + + +TestDriver get_all_cookies method w/ default SameSite + + + + + diff --git a/testing/web-platform/tests/cookies/samesite/get_named_cookie-default-samesite.html b/testing/web-platform/tests/cookies/samesite/get_named_cookie-default-samesite.html new file mode 100644 index 0000000000..2ee5d0f29c --- /dev/null +++ b/testing/web-platform/tests/cookies/samesite/get_named_cookie-default-samesite.html @@ -0,0 +1,18 @@ + + +TestDriver get_named_cookie method w/ default SameSite + + + + + diff --git a/testing/web-platform/tests/cookies/samesite/iframe-reload.https.html b/testing/web-platform/tests/cookies/samesite/iframe-reload.https.html new file mode 100644 index 0000000000..d1916a805c --- /dev/null +++ b/testing/web-platform/tests/cookies/samesite/iframe-reload.https.html @@ -0,0 +1,55 @@ + + + + + + + + + diff --git a/testing/web-platform/tests/cookies/samesite/iframe.document.https.html b/testing/web-platform/tests/cookies/samesite/iframe.document.https.html new file mode 100644 index 0000000000..2d276dbcaa --- /dev/null +++ b/testing/web-platform/tests/cookies/samesite/iframe.document.https.html @@ -0,0 +1,57 @@ + + + + + + + + + diff --git a/testing/web-platform/tests/cookies/samesite/iframe.https.html b/testing/web-platform/tests/cookies/samesite/iframe.https.html new file mode 100644 index 0000000000..31b34ccf55 --- /dev/null +++ b/testing/web-platform/tests/cookies/samesite/iframe.https.html @@ -0,0 +1,79 @@ + + + + + + + + + diff --git a/testing/web-platform/tests/cookies/samesite/img.https.html b/testing/web-platform/tests/cookies/samesite/img.https.html new file mode 100644 index 0000000000..1ddc8d99ad --- /dev/null +++ b/testing/web-platform/tests/cookies/samesite/img.https.html @@ -0,0 +1,75 @@ + + + + + + + diff --git a/testing/web-platform/tests/cookies/samesite/multiple-samesite-attributes.https.html b/testing/web-platform/tests/cookies/samesite/multiple-samesite-attributes.https.html new file mode 100644 index 0000000000..d32a39639d --- /dev/null +++ b/testing/web-platform/tests/cookies/samesite/multiple-samesite-attributes.https.html @@ -0,0 +1,92 @@ + + + + + + + diff --git a/testing/web-platform/tests/cookies/samesite/resources/echo-cookies.html b/testing/web-platform/tests/cookies/samesite/resources/echo-cookies.html new file mode 100644 index 0000000000..a1b29b9b03 --- /dev/null +++ b/testing/web-platform/tests/cookies/samesite/resources/echo-cookies.html @@ -0,0 +1,8 @@ + + + diff --git a/testing/web-platform/tests/cookies/samesite/resources/iframe-navigate-report.html b/testing/web-platform/tests/cookies/samesite/resources/iframe-navigate-report.html new file mode 100644 index 0000000000..98ea469fda --- /dev/null +++ b/testing/web-platform/tests/cookies/samesite/resources/iframe-navigate-report.html @@ -0,0 +1,3 @@ + + diff --git a/testing/web-platform/tests/cookies/samesite/resources/iframe-subresource-report.html b/testing/web-platform/tests/cookies/samesite/resources/iframe-subresource-report.html new file mode 100644 index 0000000000..1dceb4e436 --- /dev/null +++ b/testing/web-platform/tests/cookies/samesite/resources/iframe-subresource-report.html @@ -0,0 +1,14 @@ + + + + + + diff --git a/testing/web-platform/tests/cookies/samesite/resources/iframe.document.html b/testing/web-platform/tests/cookies/samesite/resources/iframe.document.html new file mode 100644 index 0000000000..7026beb7e8 --- /dev/null +++ b/testing/web-platform/tests/cookies/samesite/resources/iframe.document.html @@ -0,0 +1,8 @@ + + diff --git a/testing/web-platform/tests/cookies/samesite/resources/navigate-iframe.html b/testing/web-platform/tests/cookies/samesite/resources/navigate-iframe.html new file mode 100644 index 0000000000..98ad6264fa --- /dev/null +++ b/testing/web-platform/tests/cookies/samesite/resources/navigate-iframe.html @@ -0,0 +1,26 @@ + + + + + diff --git a/testing/web-platform/tests/cookies/samesite/resources/navigate.html b/testing/web-platform/tests/cookies/samesite/resources/navigate.html new file mode 100644 index 0000000000..88de6dff92 --- /dev/null +++ b/testing/web-platform/tests/cookies/samesite/resources/navigate.html @@ -0,0 +1,25 @@ + + + + diff --git a/testing/web-platform/tests/cookies/samesite/resources/puppet.html b/testing/web-platform/tests/cookies/samesite/resources/puppet.html new file mode 100644 index 0000000000..6d36132d3a --- /dev/null +++ b/testing/web-platform/tests/cookies/samesite/resources/puppet.html @@ -0,0 +1,32 @@ + + + diff --git a/testing/web-platform/tests/cookies/samesite/sandbox-iframe-nested.https.html b/testing/web-platform/tests/cookies/samesite/sandbox-iframe-nested.https.html new file mode 100644 index 0000000000..310f86a446 --- /dev/null +++ b/testing/web-platform/tests/cookies/samesite/sandbox-iframe-nested.https.html @@ -0,0 +1,28 @@ + + + + + + + + + + diff --git a/testing/web-platform/tests/cookies/samesite/sandbox-iframe-subresource.https.html b/testing/web-platform/tests/cookies/samesite/sandbox-iframe-subresource.https.html new file mode 100644 index 0000000000..417089ef57 --- /dev/null +++ b/testing/web-platform/tests/cookies/samesite/sandbox-iframe-subresource.https.html @@ -0,0 +1,28 @@ + + + + + + + + + + diff --git a/testing/web-platform/tests/cookies/samesite/setcookie-lax.https.html b/testing/web-platform/tests/cookies/samesite/setcookie-lax.https.html new file mode 100644 index 0000000000..f2094af693 --- /dev/null +++ b/testing/web-platform/tests/cookies/samesite/setcookie-lax.https.html @@ -0,0 +1,32 @@ + + + + + + diff --git a/testing/web-platform/tests/cookies/samesite/setcookie-navigation.https.html b/testing/web-platform/tests/cookies/samesite/setcookie-navigation.https.html new file mode 100644 index 0000000000..2dbc5526bc --- /dev/null +++ b/testing/web-platform/tests/cookies/samesite/setcookie-navigation.https.html @@ -0,0 +1,81 @@ + + + + + + + diff --git a/testing/web-platform/tests/cookies/samesite/window-open-reload.https.html b/testing/web-platform/tests/cookies/samesite/window-open-reload.https.html new file mode 100644 index 0000000000..32076c7c97 --- /dev/null +++ b/testing/web-platform/tests/cookies/samesite/window-open-reload.https.html @@ -0,0 +1,52 @@ + + + + + + diff --git a/testing/web-platform/tests/cookies/samesite/window-open.https.html b/testing/web-platform/tests/cookies/samesite/window-open.https.html new file mode 100644 index 0000000000..be4225046a --- /dev/null +++ b/testing/web-platform/tests/cookies/samesite/window-open.https.html @@ -0,0 +1,54 @@ + + + + + + + diff --git a/testing/web-platform/tests/cookies/schemeful-same-site/resources/navigateToInsecurePostToParent.html b/testing/web-platform/tests/cookies/schemeful-same-site/resources/navigateToInsecurePostToParent.html new file mode 100644 index 0000000000..b81b722bf6 --- /dev/null +++ b/testing/web-platform/tests/cookies/schemeful-same-site/resources/navigateToInsecurePostToParent.html @@ -0,0 +1,6 @@ + + + + diff --git a/testing/web-platform/tests/cookies/schemeful-same-site/schemeful-iframe-subresource.tentative.html b/testing/web-platform/tests/cookies/schemeful-same-site/schemeful-iframe-subresource.tentative.html new file mode 100644 index 0000000000..13397d241a --- /dev/null +++ b/testing/web-platform/tests/cookies/schemeful-same-site/schemeful-iframe-subresource.tentative.html @@ -0,0 +1,28 @@ + + + + + + + + + + diff --git a/testing/web-platform/tests/cookies/schemeful-same-site/schemeful-navigation.tentative.html b/testing/web-platform/tests/cookies/schemeful-same-site/schemeful-navigation.tentative.html new file mode 100644 index 0000000000..c1a86690dc --- /dev/null +++ b/testing/web-platform/tests/cookies/schemeful-same-site/schemeful-navigation.tentative.html @@ -0,0 +1,41 @@ + + + + + + + diff --git a/testing/web-platform/tests/cookies/schemeful-same-site/schemeful-subresource.tentative.html b/testing/web-platform/tests/cookies/schemeful-same-site/schemeful-subresource.tentative.html new file mode 100644 index 0000000000..4ba9286c25 --- /dev/null +++ b/testing/web-platform/tests/cookies/schemeful-same-site/schemeful-subresource.tentative.html @@ -0,0 +1,49 @@ + + + + + + + + + diff --git a/testing/web-platform/tests/cookies/schemeful-same-site/schemeful-websockets.sub.tentative.html b/testing/web-platform/tests/cookies/schemeful-same-site/schemeful-websockets.sub.tentative.html new file mode 100644 index 0000000000..7095eee21e --- /dev/null +++ b/testing/web-platform/tests/cookies/schemeful-same-site/schemeful-websockets.sub.tentative.html @@ -0,0 +1,57 @@ + + + + + + + + + + +
+ + + diff --git a/testing/web-platform/tests/cookies/secure/set-from-dom.https.sub.html b/testing/web-platform/tests/cookies/secure/set-from-dom.https.sub.html new file mode 100644 index 0000000000..46997db18a --- /dev/null +++ b/testing/web-platform/tests/cookies/secure/set-from-dom.https.sub.html @@ -0,0 +1,47 @@ + + + + + Set 'secure' cookie from `document.cookie` on a secure page + + + + + + +
+ + + diff --git a/testing/web-platform/tests/cookies/secure/set-from-dom.sub.html b/testing/web-platform/tests/cookies/secure/set-from-dom.sub.html new file mode 100644 index 0000000000..91aa8fff3b --- /dev/null +++ b/testing/web-platform/tests/cookies/secure/set-from-dom.sub.html @@ -0,0 +1,47 @@ + + + + + Set 'secure' cookie from `document.cookie` on a non-secure page + + + + + + +
+ + + + diff --git a/testing/web-platform/tests/cookies/secure/set-from-http.https.sub.html b/testing/web-platform/tests/cookies/secure/set-from-http.https.sub.html new file mode 100644 index 0000000000..6024c5b7f6 --- /dev/null +++ b/testing/web-platform/tests/cookies/secure/set-from-http.https.sub.html @@ -0,0 +1,36 @@ + + + + + Set 'secure' cookie from `Set-Cookie` HTTP header on a secure page + + + + + + +
+ + + + diff --git a/testing/web-platform/tests/cookies/secure/set-from-http.https.sub.html.headers b/testing/web-platform/tests/cookies/secure/set-from-http.https.sub.html.headers new file mode 100644 index 0000000000..f4c9147fac --- /dev/null +++ b/testing/web-platform/tests/cookies/secure/set-from-http.https.sub.html.headers @@ -0,0 +1,5 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: secure_from_secure_http=1; Secure; Path=/ diff --git a/testing/web-platform/tests/cookies/secure/set-from-http.sub.html b/testing/web-platform/tests/cookies/secure/set-from-http.sub.html new file mode 100644 index 0000000000..c80cc34101 --- /dev/null +++ b/testing/web-platform/tests/cookies/secure/set-from-http.sub.html @@ -0,0 +1,36 @@ + + + + + Set 'secure' cookie from `Set-Cookie` HTTP header on a non-secure page + + + + + + +
+ + + + diff --git a/testing/web-platform/tests/cookies/secure/set-from-http.sub.html.headers b/testing/web-platform/tests/cookies/secure/set-from-http.sub.html.headers new file mode 100644 index 0000000000..57a45167f0 --- /dev/null +++ b/testing/web-platform/tests/cookies/secure/set-from-http.sub.html.headers @@ -0,0 +1,5 @@ +Expires: Mon, 26 Jul 1997 05:00:00 GMT +Cache-Control: no-store, no-cache, must-revalidate +Cache-Control: post-check=0, pre-check=0, false +Pragma: no-cache +Set-Cookie: secure_from_nonsecure_http=1; Secure; Path=/ diff --git a/testing/web-platform/tests/cookies/secure/set-from-ws.sub.html b/testing/web-platform/tests/cookies/secure/set-from-ws.sub.html new file mode 100644 index 0000000000..b12504450e --- /dev/null +++ b/testing/web-platform/tests/cookies/secure/set-from-ws.sub.html @@ -0,0 +1,45 @@ + + + + + Set 'secure' cookie from `Set-Cookie` HTTP header on a non-secure WebSocket + + + + + + +
+ + + diff --git a/testing/web-platform/tests/cookies/secure/set-from-wss.https.sub.html b/testing/web-platform/tests/cookies/secure/set-from-wss.https.sub.html new file mode 100644 index 0000000000..c5e8b385d0 --- /dev/null +++ b/testing/web-platform/tests/cookies/secure/set-from-wss.https.sub.html @@ -0,0 +1,44 @@ + + + + + Set 'secure' cookie from `Set-Cookie` HTTP header on a secure WebSocket + + + + + + +
+ + + diff --git a/testing/web-platform/tests/cookies/size/attributes.www.sub.html b/testing/web-platform/tests/cookies/size/attributes.www.sub.html new file mode 100644 index 0000000000..2500daef96 --- /dev/null +++ b/testing/web-platform/tests/cookies/size/attributes.www.sub.html @@ -0,0 +1,121 @@ + + + + + + Test cookie attribute size restrictions + + + + + + + + + + +
+ + + + diff --git a/testing/web-platform/tests/cookies/size/name-and-value.html b/testing/web-platform/tests/cookies/size/name-and-value.html new file mode 100644 index 0000000000..b387bd2d54 --- /dev/null +++ b/testing/web-platform/tests/cookies/size/name-and-value.html @@ -0,0 +1,83 @@ + + + + + + Test cookie name size restrictions + + + + + + + + + + +
+ + + + diff --git a/testing/web-platform/tests/cookies/third-party-cookies/resources/test-helpers.js b/testing/web-platform/tests/cookies/third-party-cookies/resources/test-helpers.js new file mode 100644 index 0000000000..2ae2c46a37 --- /dev/null +++ b/testing/web-platform/tests/cookies/third-party-cookies/resources/test-helpers.js @@ -0,0 +1,63 @@ +function testHttpCookies({desc, origin, cookieNames, expectsCookie}) { + promise_test(async () => { + await assertOriginCanAccessCookies({origin, cookieNames, expectsCookie}); + }, getCookieTestName(expectsCookie, desc, "HTTP")); +} + +async function assertOriginCanAccessCookies({ + origin, + cookieNames, + expectsCookie, +}) { + const resp = await credFetch(`${origin}/cookies/resources/list.py`); + const cookies = await resp.json(); + for (const cookieName of cookieNames) { + assert_equals( + cookies.hasOwnProperty(cookieName), expectsCookie, + getCookieAssertDesc(expectsCookie, cookieName)); + } +} + +function testDomCookies({desc, cookieNames, expectsCookie}) { + test(() => { + assertDomCanAccessCookie(cookieNames, expectsCookie); + }, getCookieTestName(expectsCookie, desc, "DOM")); +} + +function assertDomCanAccessCookie(cookieNames, expectsCookie) { + for (const cookieName of cookieNames) { + assert_equals( + document.cookie.includes(cookieName + "="), expectsCookie, + getCookieAssertDesc(expectsCookie, cookieName)); + } +} + +function testCookieStoreCookies({desc, cookieNames, expectsCookie}) { + if (!window.cookieStore) return; + promise_test(async () => { + await assertCookieStoreCanAccessCookies(cookieNames, expectsCookie); + }, getCookieTestName(expectsCookie, desc, "CookieStore")); +} + +async function assertCookieStoreCanAccessCookies(cookieNames, expectsCookie) { + const cookies = await cookieStore.getAll({sameSite: 'none'}); + for (const cookieName of cookieNames) { + assert_equals( + !!cookies.find(c => c.name === cookieName), expectsCookie, + getCookieAssertDesc(expectsCookie, cookieName)); + } +} + +function getCookieTestName(expectsCookie, desc, cookieType) { + if (expectsCookie) { + return `${desc}: Cookies are accessible via ${cookieType}`; + } + return `${desc}: Cookies are not accessible via ${cookieType}`; +} + +function getCookieAssertDesc(expectsCookie, cookieName) { + if (expectsCookie) { + return `Expected cookie ${cookieName} to be available`; + } + return `Expected cookie ${cookieName} to not be available`; +} diff --git a/testing/web-platform/tests/cookies/third-party-cookies/resources/third-party-cookies-cross-site-embed.html b/testing/web-platform/tests/cookies/third-party-cookies/resources/third-party-cookies-cross-site-embed.html new file mode 100644 index 0000000000..2d579c91be --- /dev/null +++ b/testing/web-platform/tests/cookies/third-party-cookies/resources/third-party-cookies-cross-site-embed.html @@ -0,0 +1,57 @@ + + + +Test site embedded in a cross-site context + + + + + + + + diff --git a/testing/web-platform/tests/cookies/third-party-cookies/resources/third-party-cookies-cross-site-window.html b/testing/web-platform/tests/cookies/third-party-cookies/resources/third-party-cookies-cross-site-window.html new file mode 100644 index 0000000000..99418a6749 --- /dev/null +++ b/testing/web-platform/tests/cookies/third-party-cookies/resources/third-party-cookies-cross-site-window.html @@ -0,0 +1,62 @@ + + + +Cross-site window + + + + + + + + diff --git a/testing/web-platform/tests/cookies/third-party-cookies/third-party-cookies.tentative.https.html b/testing/web-platform/tests/cookies/third-party-cookies/third-party-cookies.tentative.https.html new file mode 100644 index 0000000000..184649ff5b --- /dev/null +++ b/testing/web-platform/tests/cookies/third-party-cookies/third-party-cookies.tentative.https.html @@ -0,0 +1,72 @@ + + + +Test third-party cookies +Test partitioned cookies + + + + + + + + + diff --git a/testing/web-platform/tests/cookies/value/value-ctl.html b/testing/web-platform/tests/cookies/value/value-ctl.html new file mode 100644 index 0000000000..5a24064f43 --- /dev/null +++ b/testing/web-platform/tests/cookies/value/value-ctl.html @@ -0,0 +1,64 @@ + + + + + Test cookie value parsing with control characters + + + + + + + + + +
+ + + diff --git a/testing/web-platform/tests/cookies/value/value.html b/testing/web-platform/tests/cookies/value/value.html new file mode 100644 index 0000000000..14292cece9 --- /dev/null +++ b/testing/web-platform/tests/cookies/value/value.html @@ -0,0 +1,170 @@ + + + + + Test cookie value parsing + + + + + + + + + +
+ + + -- cgit v1.2.3