1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
|
// META: script=resources/cookie-test-helpers.js
'use strict';
cookie_test(async t => {
let eventPromise = observeNextCookieChangeEvent();
await setCookieStringHttp('HTTPONLY-cookie=value; path=/; httponly');
assert_equals(
await getCookieString(),
undefined,
'HttpOnly cookie we wrote using HTTP in cookie jar' +
' is invisible to script');
assert_equals(
await getCookieStringHttp(),
'HTTPONLY-cookie=value',
'HttpOnly cookie we wrote using HTTP in HTTP cookie jar');
await setCookieStringHttp('HTTPONLY-cookie=new-value; path=/; httponly');
assert_equals(
await getCookieString(),
undefined,
'HttpOnly cookie we overwrote using HTTP in cookie jar' +
' is invisible to script');
assert_equals(
await getCookieStringHttp(),
'HTTPONLY-cookie=new-value',
'HttpOnly cookie we overwrote using HTTP in HTTP cookie jar');
eventPromise = observeNextCookieChangeEvent();
await setCookieStringHttp(
'HTTPONLY-cookie=DELETED; path=/; max-age=0; httponly');
assert_equals(
await getCookieString(),
undefined,
'Empty cookie jar after HTTP cookie-clearing using max-age=0');
assert_equals(
await getCookieStringHttp(),
undefined,
'Empty HTTP cookie jar after HTTP cookie-clearing using max-age=0');
// HTTPONLY cookie changes should not have been observed; perform
// a dummy change to verify that nothing else was queued up.
await cookieStore.set('TEST', 'dummy');
await verifyCookieChangeEvent(
eventPromise, {changed: [{name: 'TEST', value: 'dummy'}]},
'HttpOnly cookie deletion was not observed');
}, 'HttpOnly cookies are not observed');
cookie_test(async t => {
document.cookie = 'cookie1=value1; path=/';
document.cookie = 'cookie2=value2; path=/; httponly';
document.cookie = 'cookie3=value3; path=/';
assert_equals(
await getCookieStringHttp(), 'cookie1=value1; cookie3=value3',
'Trying to store an HttpOnly cookie with document.cookie fails');
}, 'HttpOnly cookies can not be set by document.cookie');
// Historical: Early iterations of the proposal included an httpOnly option.
cookie_test(async t => {
await cookieStore.set('cookie1', 'value1');
await cookieStore.set('cookie2', 'value2', {httpOnly: true});
await cookieStore.set('cookie3', 'value3');
assert_equals(
await getCookieStringHttp(),
'cookie1=value1; cookie2=value2; cookie3=value3',
'httpOnly is not an option for CookieStore.set()');
}, 'HttpOnly cookies can not be set by CookieStore');
|
