blob: 7095eee21e048e34334873605e7968f96fcdfd93 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
|
<!doctype html>
<html>
<head>
<meta charset=utf-8>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/cookies/resources/testharness-helpers.js"></script>
<script src="/cookies/resources/cookie-helper.sub.js"></script>
</head>
<body>
<div id=log></div>
<script>
promise_test(async function (t) {
var value = "" + Math.random();
document.cookie = `schemeful_same_site_websockets_strict=${value}; sameSite=strict; path=/`;
document.cookie = `schemeful_same_site_websockets_lax=${value}; sameSite=lax; path=/`;
await credFetch(SECURE_ORIGIN + "/cookies/resources/setSameSiteNone.py?" + value)
t.add_cleanup(async function() {
await credFetch(origin + "/cookies/resources/drop.py?name=" + "schemeful_same_site_websockets_strict");
await credFetch(origin + "/cookies/resources/drop.py?name=" + "schemeful_same_site_websockets_lax");
await credFetch(SECURE_ORIGIN + "/cookies/resources/dropSameSiteNone.py");
});
var ws = new WebSocket("ws://{{host}}:{{ports[ws][0]}}/echo-cookie");
return new Promise((resolve, reject) => {
ws.onclose = t.step_func_done(function () {
assert_unreached("'close' should not fire before 'open'.");
});
ws.onmessage = t.step_func(function (e) {
ws.onclose = null;
ws.close();
// Same-scheme WebSockets should get Lax and Strict cookies.
var strictRegex = new RegExp("schemeful_same_site_websockets_strict=" + value);
var laxRegex = new RegExp("schemeful_same_site_websockets_lax=" + value);
assert_regexp_match(e.data, strictRegex, "Same-scheme strict");
assert_regexp_match(e.data, laxRegex, "Same-scheme strict");
var ws2 = new WebSocket("wss://{{host}}:{{ports[wss][0]}}/echo-cookie");
ws2.onclose = t.step_func_done(function () {
assert_unreached("'close' should not fire before 'open'.");
});
ws2.onmessage = t.step_func(function (e2) {
ws2.onclose = null;
ws2.close();
// Cross-scheme WebSockets should only get samesite_none.
var noneRegex = new RegExp("samesite_none_secure=" + value);
assert_regexp_match(e2.data, noneRegex, "Cross-scheme none");
assert_false(strictRegex.test(e2.data), "Cross-scheme strict");
assert_false(laxRegex.test(e2.data), "Cross-scheme lax");
resolve();
});
});
});
}, "Cross-scheme WebSockets are cross-site");
</script>
</body>
</html>
|
