testing/web-platform/tests/cookies/prefix/document-cookie.non-secure.html


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42

<!DOCTYPE html>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/cookies/resources/cookie-helper.sub.js"></script>
<script>
  function create_test(prefix, params, shouldExistInDOM, shouldExistViaHTTP, title) {
    promise_test(t => {
      var name = prefix + "prefixtestcookie";
      erase_cookie_from_js(name, params);
      t.add_cleanup(() => erase_cookie_from_js(name, params));
      var value = "" + Math.random();
      document.cookie = name + "=" + value + ";" + params;

      assert_dom_cookie(name, value, shouldExistInDOM);

      return credFetch("/cookies/resources/list.py")
        .then(r => r.json())
        .then(cookies => assert_equals(cookies[name], shouldExistViaHTTP ? value : undefined));
    }, title);
  }

  // No prefix
  create_test("", "path=/", true, true, "No prefix, root path, no special behavior");
  create_test("", "path=/;domain=" + document.location.hostname, true, true, "No prefix, domain, no special behavior");

  // `__Secure-` Prefix
  ["", "domain="+document.location.hostname, "MaxAge=10", "HttpOnly"].forEach(params => {
    create_test("__Secure-", "Path=/;" + params, false, false, "__Secure: Non-secure origin: 'Path=/;" + params + "'");
    create_test("__SeCuRe-", "Path=/;" + params, false, false, "__SeCuRe: Non-secure origin: 'Path=/;" + params + "'");
    create_test("__Secure-", "Secure; Path=/;" + params, false, false, "__Secure: Non-secure origin: 'Secure; Path=/;" + params + "'");
    create_test("__SeCuRe-", "Secure; Path=/;" + params, false, false, "__SeCuRe: Non-secure origin: 'Secure; Path=/;" + params + "'");
  });

  // `__Host-` Prefix
  ["", "domain="+document.location.hostname, "MaxAge=10", "HttpOnly"].forEach(params => {
    create_test("__Host-", "Path=/;" + params, false, false, "__Host: Non-secure origin: 'Path=/; " + params + "'");
    create_test("__HoSt-", "Path=/;" + params, false, false, "__HoSt: Non-secure origin: 'Path=/; " + params + "'");
    create_test("__Host-", "Secure; Path=/;" + params, false, false, "__Host: Non-secure origin: 'Secure; Path=/; " + params + "'");
    create_test("__HoSt-", "Secure; Path=/;" + params, false, false, "__HoSt: Non-secure origin: 'Secure; Path=/; " + params + "'");
  });
  create_test("__Secure-", "Path=/cookies/resources/list.py;Secure", false, false, "__Host: Non-secure origin: 'Path=/cookies/resources/list.py;Secure'");
</script>