<!DOCTYPE html> <head> <script src="/resources/testharness.js"></script> <script src="/resources/testharnessreport.js"></script> <script src="/cookies/resources/cookie-helper.sub.js"></script> </head> <body onload="doTests()"> <iframe id="if"> </iframe> <script> function doTests() { promise_test(async function(t) { var value = "" + Math.random(); await resetSameSiteCookies(SECURE_ORIGIN, value); var child = document.getElementById("if"); child.src = SECURE_ORIGIN + "/cookies/samesite/resources/iframe-subresource-report.html"; // the iframe nested inside if should post COOKIES to here. var e = await wait_for_message("COOKIES"); // Cross-scheme iframes should be cross-site and thus the subresources // shouldn't get Lax or Strict cookies. assert_cookie(SECURE_ORIGIN, e.data, "samesite_lax", value, false); assert_cookie(SECURE_ORIGIN, e.data, "samesite_strict", value, false); assert_cookie(SECURE_ORIGIN, e.data, "samesite_none", value, true); }, "SameSite cookies with intervening cross-scheme iframe and subresources"); } </script> </body>