// META: script=/common/utils.js
// META: script=../resources/utils.js
// META: script=/common/get-host-info.sub.js

var redirectUrl = get_host_info().HTTP_REMOTE_ORIGIN + dirname(location.pathname) + RESOURCES_DIR + "redirect.py";
var urlSetCookies1 = get_host_info().HTTP_REMOTE_ORIGIN + dirname(location.pathname) + RESOURCES_DIR + "top.txt";
var urlSetCookies2 = get_host_info().HTTP_ORIGIN_WITH_DIFFERENT_PORT + dirname(location.pathname) + RESOURCES_DIR + "top.txt";
var urlCheckCookies = get_host_info().HTTP_ORIGIN_WITH_DIFFERENT_PORT + dirname(location.pathname) + RESOURCES_DIR + "inspect-headers.py?cors&headers=cookie";

var urlSetCookiesParameters = "?pipe=header(Access-Control-Allow-Origin," + location.origin + ")";
urlSetCookiesParameters += "|header(Access-Control-Allow-Credentials,true)";

urlSetCookiesParameters1 = urlSetCookiesParameters + "|header(Set-Cookie,a=1)";
urlSetCookiesParameters2 = urlSetCookiesParameters + "|header(Set-Cookie,a=2)";

urlClearCookiesParameters1 = urlSetCookiesParameters + "|header(Set-Cookie,a=1%3B%20max-age=0)";
urlClearCookiesParameters2 = urlSetCookiesParameters + "|header(Set-Cookie,a=2%3B%20max-age=0)";

promise_test(async (test) => {
    await fetch(urlSetCookies1 + urlSetCookiesParameters1, {"credentials": "include", "mode": "cors"});
    await fetch(urlSetCookies2 + urlSetCookiesParameters2, {"credentials": "include", "mode": "cors"});
}, "Set cookies");

function doTest(usePreflight) {
    promise_test(async (test) => {
        var url = redirectUrl;
        var uuid_token = token();
        var urlParameters = "?token=" + uuid_token + "&max_age=0";
        urlParameters += "&redirect_status=301";
        urlParameters += "&location=" + encodeURIComponent(urlCheckCookies);
        urlParameters += "&allow_headers=a&headers=Cookie";
        headers = [];
        if (usePreflight)
            headers.push(["a", "b"]);

        var requestInit = {"credentials": "include", "mode": "cors", "headers": headers};
        var response = await fetch(url + urlParameters, requestInit);

        assert_equals(response.headers.get("x-request-cookie") , "a=2", "Request includes cookie(s)");
    }, "Testing credentials after cross-origin redirection with CORS and " + (usePreflight ? "" : "no ") + "preflight");
}

doTest(false);
doTest(true);

promise_test(async (test) => {
    await fetch(urlSetCookies1 + urlClearCookiesParameters1, {"credentials": "include", "mode": "cors"});
    await fetch(urlSetCookies2 + urlClearCookiesParameters2, {"credentials": "include", "mode": "cors"});
}, "Clean cookies");