From 8dd16259287f58f9273002717ec4d27e97127719 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Wed, 12 Jun 2024 07:43:14 +0200 Subject: Merging upstream version 127.0. Signed-off-by: Daniel Baumann --- .../digital-identity.https.html | 58 ---------------------- .../credential-management/fedcm-context.https.html | 19 +++---- .../fedcm-disconnect.sub.https.html | 29 +++++------ .../fedcm-endpoint-redirects.https.html | 5 +- .../fedcm-error-basic.https.html | 6 +-- ...bort-multiple-gets-through-first-idp.https.html | 35 ------------- ...ort-multiple-gets-through-second-idp.https.html | 35 ------------- .../fedcm-multi-idp-abort.https.html | 22 ++++++++ .../fedcm-multi-idp-basic.https.html | 34 +++++++++++++ .../fedcm-multi-idp-context.https.html | 34 +++++++++++++ .../fedcm-multi-idp-mediation-optional.https.html | 39 +++++++++++++++ .../fedcm-multi-idp-mediation-silent.https.html | 41 +++++++++++++++ .../get-before-and-after-onload.https.html | 47 ------------------ .../get-before-and-during-onload.https.html | 42 ---------------- ...onload-and-during-dom-content-loaded.https.html | 42 ---------------- .../multiple-gets-after-abort.https.html | 49 ------------------ .../multiple-gets-after-onload.https.html | 38 -------------- .../multiple-gets-before-onload.https.html | 37 -------------- .../multiple-gets-during-onload.https.html | 36 -------------- .../single-get-after-onload.https.html | 29 ----------- .../single-get-before-onload.https.html | 37 -------------- .../single-get-during-onload.https.html | 30 ----------- .../fedcm-no-registered-idps.https.html | 25 ++++++++++ .../fedcm-same-site-none.https.html | 2 +- ...fedcm-token-returned-with-http-error.https.html | 12 ++++- .../support/fedcm-helper.sub.js | 20 ++++++++ .../fedcm/accounts_check_same_site_strict.py | 2 + .../support/fedcm/continue_on.py | 2 + .../support/fedcm/request-params-check.py | 11 ++-- .../support/fedcm/token_check_same_site_strict.py | 2 + .../support/fedcm/token_with_account_id.py | 2 + .../support/fedcm/token_with_auto_selected_flag.py | 2 + .../support/fedcm/token_with_http_error.py | 2 + .../support/fedcm/token_with_rp_mode.py | 2 + .../support/set_cookie.headers | 5 +- 35 files changed, 284 insertions(+), 549 deletions(-) delete mode 100644 testing/web-platform/tests/credential-management/fedcm-multi-idp/abort-multiple-gets-through-first-idp.https.html delete mode 100644 testing/web-platform/tests/credential-management/fedcm-multi-idp/abort-multiple-gets-through-second-idp.https.html create mode 100644 testing/web-platform/tests/credential-management/fedcm-multi-idp/fedcm-multi-idp-abort.https.html create mode 100644 testing/web-platform/tests/credential-management/fedcm-multi-idp/fedcm-multi-idp-basic.https.html create mode 100644 testing/web-platform/tests/credential-management/fedcm-multi-idp/fedcm-multi-idp-context.https.html create mode 100644 testing/web-platform/tests/credential-management/fedcm-multi-idp/fedcm-multi-idp-mediation-optional.https.html create mode 100644 testing/web-platform/tests/credential-management/fedcm-multi-idp/fedcm-multi-idp-mediation-silent.https.html delete mode 100644 testing/web-platform/tests/credential-management/fedcm-multi-idp/get-before-and-after-onload.https.html delete mode 100644 testing/web-platform/tests/credential-management/fedcm-multi-idp/get-before-and-during-onload.https.html delete mode 100644 testing/web-platform/tests/credential-management/fedcm-multi-idp/get-before-onload-and-during-dom-content-loaded.https.html delete mode 100644 testing/web-platform/tests/credential-management/fedcm-multi-idp/multiple-gets-after-abort.https.html delete mode 100644 testing/web-platform/tests/credential-management/fedcm-multi-idp/multiple-gets-after-onload.https.html delete mode 100644 testing/web-platform/tests/credential-management/fedcm-multi-idp/multiple-gets-before-onload.https.html delete mode 100644 testing/web-platform/tests/credential-management/fedcm-multi-idp/multiple-gets-during-onload.https.html delete mode 100644 testing/web-platform/tests/credential-management/fedcm-multi-idp/single-get-after-onload.https.html delete mode 100644 testing/web-platform/tests/credential-management/fedcm-multi-idp/single-get-before-onload.https.html delete mode 100644 testing/web-platform/tests/credential-management/fedcm-multi-idp/single-get-during-onload.https.html create mode 100644 testing/web-platform/tests/credential-management/fedcm-register/fedcm-no-registered-idps.https.html (limited to 'testing/web-platform/tests/credential-management') diff --git a/testing/web-platform/tests/credential-management/digital-identity.https.html b/testing/web-platform/tests/credential-management/digital-identity.https.html index b2f36d21ee..8ae9caa002 100644 --- a/testing/web-platform/tests/credential-management/digital-identity.https.html +++ b/testing/web-platform/tests/credential-management/digital-identity.https.html @@ -17,31 +17,6 @@ const host = get_host_info(); const basePath = window.location.pathname.replace(/\/[^\/]*$/, '/'); const remoteBaseURL = host.HTTPS_REMOTE_ORIGIN + basePath; -// Builds valid digital identity request for navigator.credentials.get() API. -function buildValidNavigatorCredentialsRequest() { - return { - identity: { - providers: [{ - holder: { - selector: { - format: ['mdoc'], - doctype: 'org.iso.18013.5.1.mDL', - fields: [ - 'org.iso.18013.5.1.family_name', - 'org.iso.18013.5.1.portrait', - ] - }, - params: { - nonce: '1234', - readerPublicKey: 'test_reader_public_key', - extraParamAsNeededByDigitalCredentials: true, - }, - }, - }], - }, - }; -} - async function createIframeAndWaitForMessage(test, iframeUrl) { const messageWatcher = new EventWatcher(test, window, "message"); var iframe = document.createElement("iframe"); @@ -53,39 +28,6 @@ async function createIframeAndWaitForMessage(test, iframeUrl) { // Requires browser to have mode where OS-presented digital-identity-prompt is // bypassed in favour of returning "fake_test_token" directly. -promise_test(async t => { - const {token} = await navigator.credentials.get(buildValidNavigatorCredentialsRequest()); - assert_equals("fake_test_token", token); -}, "navigator.credentials.get() API works in toplevel frame."); - -promise_test(async t => { - let request = buildValidNavigatorCredentialsRequest(); - request.identity.providers = undefined; - - await promise_rejects_js(t, TypeError, navigator.credentials.get(request)); -}, "navigator.credentials.get() API fails if IdentityCredentialRequestOptions::providers is not specified."); - -promise_test(async t => { - let request = buildValidNavigatorCredentialsRequest(); - request.identity.providers = []; - - await promise_rejects_js(t, TypeError, navigator.credentials.get(request)); -}, "navigator.credentials.get() API fails if there are no providers."); - -promise_test(async t => { - let request = buildValidNavigatorCredentialsRequest(); - let providerCopy = structuredClone(request.identity.providers[0]); - request.identity.providers.push(providerCopy); - await promise_rejects_js(t, TypeError, navigator.credentials.get(request)); -}, "navigator.credentials.get() API fails if there is more than one provider."); - -promise_test(async t => { - let request = buildValidNavigatorCredentialsRequest(); - request.identity.providers[0].holder = undefined; - - await promise_rejects_js(t, TypeError, navigator.credentials.get(request)); -}, "navigator.credentials.get() API fails if IdentityProviderConfig::holder is not specified."); - promise_test(async t => { let request = buildValidNavigatorIdentityRequest(); let credential = await navigator.identity.get(request); diff --git a/testing/web-platform/tests/credential-management/fedcm-context.https.html b/testing/web-platform/tests/credential-management/fedcm-context.https.html index 7b3e1032af..f235437b78 100644 --- a/testing/web-platform/tests/credential-management/fedcm-context.https.html +++ b/testing/web-platform/tests/credential-management/fedcm-context.https.html @@ -12,37 +12,38 @@ import {request_options_with_mediation_required, request_options_with_context, fedcm_get_title_promise, - fedcm_test} from './support/fedcm-helper.sub.js'; + fedcm_test, + fedcm_select_account_promise} from './support/fedcm-helper.sub.js'; fedcm_test(async t => { - let p = navigator.credentials.get(request_options_with_mediation_required()); + const p = navigator.credentials.get(request_options_with_mediation_required()); const result = await fedcm_get_title_promise(t); assert_true(result.title.toLowerCase().includes('sign in')); - window.test_driver.select_fedcm_account(0); + fedcm_select_account_promise(t, 0); return p; }, "FedCM call defaults to 'signin' context."); fedcm_test(async t => { - let p = navigator.credentials.get(request_options_with_context("manifest.py", "signup")); + const p = navigator.credentials.get(request_options_with_context("manifest.py", "signup")); const result = await fedcm_get_title_promise(t); assert_true(result.title.toLowerCase().includes('sign up')); - window.test_driver.select_fedcm_account(0); + fedcm_select_account_promise(t, 0); return p; }, "FedCM with 'signup' context."); fedcm_test(async t => { - let p = navigator.credentials.get(request_options_with_context("manifest.py", "use")); + const p = navigator.credentials.get(request_options_with_context("manifest.py", "use")); const result = await fedcm_get_title_promise(t); assert_true(result.title.toLowerCase().includes('use')); - window.test_driver.select_fedcm_account(0); + fedcm_select_account_promise(t, 0); return p; }, "FedCM with 'use' context."); fedcm_test(async t => { - let p = navigator.credentials.get(request_options_with_context("manifest.py", "continue")); + const p = navigator.credentials.get(request_options_with_context("manifest.py", "continue")); const result = await fedcm_get_title_promise(t); assert_true(result.title.toLowerCase().includes('continue')); - window.test_driver.select_fedcm_account(0); + fedcm_select_account_promise(t, 0); return p; }, "FedCM with 'continue' context."); diff --git a/testing/web-platform/tests/credential-management/fedcm-disconnect.sub.https.html b/testing/web-platform/tests/credential-management/fedcm-disconnect.sub.https.html index 300144fa72..2ea2d4a259 100644 --- a/testing/web-platform/tests/credential-management/fedcm-disconnect.sub.https.html +++ b/testing/web-platform/tests/credential-management/fedcm-disconnect.sub.https.html @@ -11,7 +11,6 @@ - - - diff --git a/testing/web-platform/tests/credential-management/fedcm-multi-idp/abort-multiple-gets-through-second-idp.https.html b/testing/web-platform/tests/credential-management/fedcm-multi-idp/abort-multiple-gets-through-second-idp.https.html deleted file mode 100644 index dfe8969932..0000000000 --- a/testing/web-platform/tests/credential-management/fedcm-multi-idp/abort-multiple-gets-through-second-idp.https.html +++ /dev/null @@ -1,35 +0,0 @@ - -Federated Credential Management API multi IDP abort second IDP test. - - - - - diff --git a/testing/web-platform/tests/credential-management/fedcm-multi-idp/fedcm-multi-idp-abort.https.html b/testing/web-platform/tests/credential-management/fedcm-multi-idp/fedcm-multi-idp-abort.https.html new file mode 100644 index 0000000000..712a7b6a34 --- /dev/null +++ b/testing/web-platform/tests/credential-management/fedcm-multi-idp/fedcm-multi-idp-abort.https.html @@ -0,0 +1,22 @@ + +Federated Credential Management API multi IDP abort. + + + + + + + diff --git a/testing/web-platform/tests/credential-management/fedcm-multi-idp/fedcm-multi-idp-basic.https.html b/testing/web-platform/tests/credential-management/fedcm-multi-idp/fedcm-multi-idp-basic.https.html new file mode 100644 index 0000000000..d855e0ad8d --- /dev/null +++ b/testing/web-platform/tests/credential-management/fedcm-multi-idp/fedcm-multi-idp-basic.https.html @@ -0,0 +1,34 @@ + +Federated Credential Management API multi IDP basic success tests. + + + + + + + + + diff --git a/testing/web-platform/tests/credential-management/fedcm-multi-idp/fedcm-multi-idp-context.https.html b/testing/web-platform/tests/credential-management/fedcm-multi-idp/fedcm-multi-idp-context.https.html new file mode 100644 index 0000000000..1bc3eb1f56 --- /dev/null +++ b/testing/web-platform/tests/credential-management/fedcm-multi-idp/fedcm-multi-idp-context.https.html @@ -0,0 +1,34 @@ + +Federated Credential Management API multi IDP context tests. + + + + + + + + + diff --git a/testing/web-platform/tests/credential-management/fedcm-multi-idp/fedcm-multi-idp-mediation-optional.https.html b/testing/web-platform/tests/credential-management/fedcm-multi-idp/fedcm-multi-idp-mediation-optional.https.html new file mode 100644 index 0000000000..1a819efb31 --- /dev/null +++ b/testing/web-platform/tests/credential-management/fedcm-multi-idp/fedcm-multi-idp-mediation-optional.https.html @@ -0,0 +1,39 @@ + +Federated Credential Management API multi IDP optional mediation tests. + + + + + + + diff --git a/testing/web-platform/tests/credential-management/fedcm-multi-idp/fedcm-multi-idp-mediation-silent.https.html b/testing/web-platform/tests/credential-management/fedcm-multi-idp/fedcm-multi-idp-mediation-silent.https.html new file mode 100644 index 0000000000..d47d4898c7 --- /dev/null +++ b/testing/web-platform/tests/credential-management/fedcm-multi-idp/fedcm-multi-idp-mediation-silent.https.html @@ -0,0 +1,41 @@ + +Federated Credential Management API multi IDP silent mediation tests. + + + + + + + diff --git a/testing/web-platform/tests/credential-management/fedcm-multi-idp/get-before-and-after-onload.https.html b/testing/web-platform/tests/credential-management/fedcm-multi-idp/get-before-and-after-onload.https.html deleted file mode 100644 index 12e0eb4d81..0000000000 --- a/testing/web-platform/tests/credential-management/fedcm-multi-idp/get-before-and-after-onload.https.html +++ /dev/null @@ -1,47 +0,0 @@ - -Federated Credential Management API multi IDP get before and after onload test. - - - - - - - - - diff --git a/testing/web-platform/tests/credential-management/fedcm-multi-idp/get-before-and-during-onload.https.html b/testing/web-platform/tests/credential-management/fedcm-multi-idp/get-before-and-during-onload.https.html deleted file mode 100644 index 3e2f134f20..0000000000 --- a/testing/web-platform/tests/credential-management/fedcm-multi-idp/get-before-and-during-onload.https.html +++ /dev/null @@ -1,42 +0,0 @@ - -Federated Credential Management API multi IDP get before and during onload test. - - - - - - - - - diff --git a/testing/web-platform/tests/credential-management/fedcm-multi-idp/get-before-onload-and-during-dom-content-loaded.https.html b/testing/web-platform/tests/credential-management/fedcm-multi-idp/get-before-onload-and-during-dom-content-loaded.https.html deleted file mode 100644 index 95495948b7..0000000000 --- a/testing/web-platform/tests/credential-management/fedcm-multi-idp/get-before-onload-and-during-dom-content-loaded.https.html +++ /dev/null @@ -1,42 +0,0 @@ - -Federated Credential Management API multi IDP get before onload and during DOMContentLoaded test. - - - - - - - - - diff --git a/testing/web-platform/tests/credential-management/fedcm-multi-idp/multiple-gets-after-abort.https.html b/testing/web-platform/tests/credential-management/fedcm-multi-idp/multiple-gets-after-abort.https.html deleted file mode 100644 index 899302fb22..0000000000 --- a/testing/web-platform/tests/credential-management/fedcm-multi-idp/multiple-gets-after-abort.https.html +++ /dev/null @@ -1,49 +0,0 @@ - -Federated Credential Management API multi IDP get after abort test. - - - - - - - diff --git a/testing/web-platform/tests/credential-management/fedcm-multi-idp/multiple-gets-after-onload.https.html b/testing/web-platform/tests/credential-management/fedcm-multi-idp/multiple-gets-after-onload.https.html deleted file mode 100644 index 1b5d744e8f..0000000000 --- a/testing/web-platform/tests/credential-management/fedcm-multi-idp/multiple-gets-after-onload.https.html +++ /dev/null @@ -1,38 +0,0 @@ - -Federated Credential Management API multi IDP multiple gets after onload test. - - - - - - - - - diff --git a/testing/web-platform/tests/credential-management/fedcm-multi-idp/multiple-gets-before-onload.https.html b/testing/web-platform/tests/credential-management/fedcm-multi-idp/multiple-gets-before-onload.https.html deleted file mode 100644 index 8c98bf53b0..0000000000 --- a/testing/web-platform/tests/credential-management/fedcm-multi-idp/multiple-gets-before-onload.https.html +++ /dev/null @@ -1,37 +0,0 @@ - -Federated Credential Management API multi IDP multiple gets before onload test. - - - - - - - - - diff --git a/testing/web-platform/tests/credential-management/fedcm-multi-idp/multiple-gets-during-onload.https.html b/testing/web-platform/tests/credential-management/fedcm-multi-idp/multiple-gets-during-onload.https.html deleted file mode 100644 index bcf70a31c7..0000000000 --- a/testing/web-platform/tests/credential-management/fedcm-multi-idp/multiple-gets-during-onload.https.html +++ /dev/null @@ -1,36 +0,0 @@ - -Federated Credential Management API multi IDP multiple gets during onload test. - - - - - - - - - diff --git a/testing/web-platform/tests/credential-management/fedcm-multi-idp/single-get-after-onload.https.html b/testing/web-platform/tests/credential-management/fedcm-multi-idp/single-get-after-onload.https.html deleted file mode 100644 index de6a7c5371..0000000000 --- a/testing/web-platform/tests/credential-management/fedcm-multi-idp/single-get-after-onload.https.html +++ /dev/null @@ -1,29 +0,0 @@ - -Federated Credential Management API multi IDP single get after onload test. - - - - - - - - - diff --git a/testing/web-platform/tests/credential-management/fedcm-multi-idp/single-get-before-onload.https.html b/testing/web-platform/tests/credential-management/fedcm-multi-idp/single-get-before-onload.https.html deleted file mode 100644 index 0ac9b0e920..0000000000 --- a/testing/web-platform/tests/credential-management/fedcm-multi-idp/single-get-before-onload.https.html +++ /dev/null @@ -1,37 +0,0 @@ - -Federated Credential Management API multi IDP single get before onload test. - - - - - - - - - diff --git a/testing/web-platform/tests/credential-management/fedcm-multi-idp/single-get-during-onload.https.html b/testing/web-platform/tests/credential-management/fedcm-multi-idp/single-get-during-onload.https.html deleted file mode 100644 index 832565744d..0000000000 --- a/testing/web-platform/tests/credential-management/fedcm-multi-idp/single-get-during-onload.https.html +++ /dev/null @@ -1,30 +0,0 @@ - -Federated Credential Management API multi IDP single get during onload test. - - - - - - - - - diff --git a/testing/web-platform/tests/credential-management/fedcm-register/fedcm-no-registered-idps.https.html b/testing/web-platform/tests/credential-management/fedcm-register/fedcm-no-registered-idps.https.html new file mode 100644 index 0000000000..7be2d397e6 --- /dev/null +++ b/testing/web-platform/tests/credential-management/fedcm-register/fedcm-no-registered-idps.https.html @@ -0,0 +1,25 @@ + +Federated Credential Management API network request tests. + + + + + + + + + diff --git a/testing/web-platform/tests/credential-management/fedcm-same-site-none/fedcm-same-site-none.https.html b/testing/web-platform/tests/credential-management/fedcm-same-site-none/fedcm-same-site-none.https.html index 77ecdaff9f..d3d20ea9df 100644 --- a/testing/web-platform/tests/credential-management/fedcm-same-site-none/fedcm-same-site-none.https.html +++ b/testing/web-platform/tests/credential-management/fedcm-same-site-none/fedcm-same-site-none.https.html @@ -20,6 +20,6 @@ fedcm_test(async t => { const cred = await fedcm_get_and_select_first_account(t, options); assert_equals(cred.token, "token"); assert_equals(cred.isAutoSelected, false); -}, "FedCM requests should be considered cross-origin and therefore not send SameSite=Strict cookies."); +}, "FedCM requests should be considered cross-origin and therefore not send SameSite=Strict or Lax cookies."); diff --git a/testing/web-platform/tests/credential-management/fedcm-token-returned-with-http-error.https.html b/testing/web-platform/tests/credential-management/fedcm-token-returned-with-http-error.https.html index 2337829add..7c7687f00f 100644 --- a/testing/web-platform/tests/credential-management/fedcm-token-returned-with-http-error.https.html +++ b/testing/web-platform/tests/credential-management/fedcm-token-returned-with-http-error.https.html @@ -8,6 +8,7 @@ diff --git a/testing/web-platform/tests/credential-management/support/fedcm-helper.sub.js b/testing/web-platform/tests/credential-management/support/fedcm-helper.sub.js index f0031fa531..308950e1e2 100644 --- a/testing/web-platform/tests/credential-management/support/fedcm-helper.sub.js +++ b/testing/web-platform/tests/credential-management/support/fedcm-helper.sub.js @@ -1,6 +1,7 @@ export const manifest_origin = "https://{{host}}:{{ports[https][0]}}"; export const alt_manifest_origin = 'https://{{hosts[alt][]}}:{{ports[https][0]}}'; export const same_site_manifest_origin = 'https://{{hosts[][www1]}}:{{ports[https][0]}}'; +export const default_manifest_path = '/credential-management/support/fedcm/manifest.py'; export function open_and_wait_for_popup(origin, path) { return new Promise(resolve => { @@ -100,6 +101,25 @@ credential-management/support/fedcm/${manifest_filename}`; }; } +export function request_options_with_two_idps(mediation = 'required') { + const first_config = `${manifest_origin}${default_manifest_path}`; + const second_config = `${alt_manifest_origin}${default_manifest_path}`; + return { + identity: { + providers: [{ + configURL: first_config, + clientId: '123', + nonce: 'N1' + }, + { + configURL: second_config, + clientId: '456', + nonce: 'N2' + }], + }, + mediation: mediation + }; +} // Test wrapper which does FedCM-specific setup. export function fedcm_test(test_func, test_name) { diff --git a/testing/web-platform/tests/credential-management/support/fedcm/accounts_check_same_site_strict.py b/testing/web-platform/tests/credential-management/support/fedcm/accounts_check_same_site_strict.py index a6f385feac..796ac003cb 100644 --- a/testing/web-platform/tests/credential-management/support/fedcm/accounts_check_same_site_strict.py +++ b/testing/web-platform/tests/credential-management/support/fedcm/accounts_check_same_site_strict.py @@ -7,6 +7,8 @@ def main(request, response): return request_error if request.cookies.get(b"same_site_strict") == b"1": return (546, [], "Should not send SameSite=Strict cookies") + if request.cookies.get(b"same_site_lax") == b"1": + return (547, [], "Should not send SameSite=Lax cookies") if request.headers.get(b"Sec-Fetch-Site") != b"cross-site": return (538, [], "Wrong Sec-Fetch-Site header") diff --git a/testing/web-platform/tests/credential-management/support/fedcm/continue_on.py b/testing/web-platform/tests/credential-management/support/fedcm/continue_on.py index 1b4831b51d..2a580e0f3f 100644 --- a/testing/web-platform/tests/credential-management/support/fedcm/continue_on.py +++ b/testing/web-platform/tests/credential-management/support/fedcm/continue_on.py @@ -7,6 +7,8 @@ def main(request, response): return request_error response.headers.set(b"Content-Type", b"application/json") + response.headers.set(b"Access-Control-Allow-Origin", request.headers.get(b"Origin")) + response.headers.set(b"Access-Control-Allow-Credentials", "true") account = request.POST.get(b"account_id").decode("utf-8") nonce = request.POST.get(b"nonce").decode("utf-8") diff --git a/testing/web-platform/tests/credential-management/support/fedcm/request-params-check.py b/testing/web-platform/tests/credential-management/support/fedcm/request-params-check.py index 6c610e6e20..08c28e32b7 100644 --- a/testing/web-platform/tests/credential-management/support/fedcm/request-params-check.py +++ b/testing/web-platform/tests/credential-management/support/fedcm/request-params-check.py @@ -63,12 +63,16 @@ def accountsCheck(request): return (539, [], "Should not have Origin") def tokenCheck(request): - common_error = commonCheck(request) + common_error = commonCheck(request, b"cors") if (common_error): return common_error common_credentialed_error = commonCredentialedRequestCheck(request) if (common_credentialed_error): return common_credentialed_error + # The value of the Sec-Fetch-Site header can vary depending on the IdP origin + # but it should not be 'none'. + if request.headers.get(b"Sec-Fetch-Site") == b"none": + return (538, [], "Wrong Sec-Fetch-Site header") post_error = commonPostCheck(request) if (post_error): @@ -86,8 +90,9 @@ def revokeCheck(request): if (common_error): return common_error - if request.cookies.get(b"cookie") != b"1": - return (537, [], "Missing cookie") + common_credentialed_error = commonCredentialedRequestCheck(request) + if (common_credentialed_error): + return common_credentialed_error # The value of the Sec-Fetch-Site header can vary depending on the IdP origin # but it should not be 'none'. if request.headers.get(b"Sec-Fetch-Site") == b"none": diff --git a/testing/web-platform/tests/credential-management/support/fedcm/token_check_same_site_strict.py b/testing/web-platform/tests/credential-management/support/fedcm/token_check_same_site_strict.py index 8a4b3a234b..4e55bf27f6 100644 --- a/testing/web-platform/tests/credential-management/support/fedcm/token_check_same_site_strict.py +++ b/testing/web-platform/tests/credential-management/support/fedcm/token_check_same_site_strict.py @@ -7,6 +7,8 @@ def main(request, response): return request_error if request.cookies.get(b"same_site_strict") == b"1": return (546, [], "Should not send SameSite=Strict cookies") + if request.cookies.get(b"same_site_lax") == b"1": + return (547, [], "Should not send SameSite=Lax cookies") response.headers.set(b"Content-Type", b"application/json") response.headers.set(b"Access-Control-Allow-Origin", request.headers.get(b"Origin")) diff --git a/testing/web-platform/tests/credential-management/support/fedcm/token_with_account_id.py b/testing/web-platform/tests/credential-management/support/fedcm/token_with_account_id.py index 52fb20184b..04e7b5b56b 100644 --- a/testing/web-platform/tests/credential-management/support/fedcm/token_with_account_id.py +++ b/testing/web-platform/tests/credential-management/support/fedcm/token_with_account_id.py @@ -7,6 +7,8 @@ def main(request, response): return request_error response.headers.set(b"Content-Type", b"application/json") + response.headers.set(b"Access-Control-Allow-Origin", request.headers.get(b"Origin")) + response.headers.set(b"Access-Control-Allow-Credentials", "true") account_id = request.POST.get(b"account_id") return "{\"token\": \"account_id=" + account_id.decode("utf-8") + "\"}" diff --git a/testing/web-platform/tests/credential-management/support/fedcm/token_with_auto_selected_flag.py b/testing/web-platform/tests/credential-management/support/fedcm/token_with_auto_selected_flag.py index 93ccf3ee7e..3e011ce788 100644 --- a/testing/web-platform/tests/credential-management/support/fedcm/token_with_auto_selected_flag.py +++ b/testing/web-platform/tests/credential-management/support/fedcm/token_with_auto_selected_flag.py @@ -7,6 +7,8 @@ def main(request, response): return request_error response.headers.set(b"Content-Type", b"application/json") + response.headers.set(b"Access-Control-Allow-Origin", request.headers.get(b"Origin")) + response.headers.set(b"Access-Control-Allow-Credentials", "true") is_auto_selected = request.POST.get(b"is_auto_selected") return "{\"token\": \"is_auto_selected=" + is_auto_selected.decode("utf-8") + "\"}" diff --git a/testing/web-platform/tests/credential-management/support/fedcm/token_with_http_error.py b/testing/web-platform/tests/credential-management/support/fedcm/token_with_http_error.py index c8d95ab63d..05b9945ba8 100644 --- a/testing/web-platform/tests/credential-management/support/fedcm/token_with_http_error.py +++ b/testing/web-platform/tests/credential-management/support/fedcm/token_with_http_error.py @@ -7,6 +7,8 @@ def main(request, response): return request_error response.headers.set(b"Content-Type", b"application/json") + response.headers.set(b"Access-Control-Allow-Origin", request.headers.get(b"Origin")) + response.headers.set(b"Access-Control-Allow-Credentials", "true") response.status = (403, b"Forbidden") return "{\"token\": \"token\"}" diff --git a/testing/web-platform/tests/credential-management/support/fedcm/token_with_rp_mode.py b/testing/web-platform/tests/credential-management/support/fedcm/token_with_rp_mode.py index 515736416f..add634c99b 100644 --- a/testing/web-platform/tests/credential-management/support/fedcm/token_with_rp_mode.py +++ b/testing/web-platform/tests/credential-management/support/fedcm/token_with_rp_mode.py @@ -7,6 +7,8 @@ def main(request, response): return request_error response.headers.set(b"Content-Type", b"application/json") + response.headers.set(b"Access-Control-Allow-Origin", request.headers.get(b"Origin")) + response.headers.set(b"Access-Control-Allow-Credentials", "true") rp_mode = request.POST.get(b"mode") return "{\"token\": \"mode=" + rp_mode.decode("utf-8") + "\"}" diff --git a/testing/web-platform/tests/credential-management/support/set_cookie.headers b/testing/web-platform/tests/credential-management/support/set_cookie.headers index 4226ff4c99..df223115a7 100644 --- a/testing/web-platform/tests/credential-management/support/set_cookie.headers +++ b/testing/web-platform/tests/credential-management/support/set_cookie.headers @@ -1,3 +1,4 @@ Content-Type: text/html -Set-Cookie: cookie=1; SameSite=None; Secure -Set-Cookie: same_site_strict=1; SameSite=Strict; Secure +Set-Cookie: cookie=1; SameSite=None; Secure; Path=/ +Set-Cookie: same_site_strict=1; SameSite=Strict; Secure; Path=/ +Set-Cookie: same_site_lax=1; SameSite=Lax; Secure; Path=/ -- cgit v1.2.3