summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/cookies/schemeful-same-site/schemeful-websockets.sub.tentative.html
blob: 7095eee21e048e34334873605e7968f96fcdfd93 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
<!doctype html>
<html>
<head>
  <meta charset=utf-8>
  <script src="/resources/testharness.js"></script>
  <script src="/resources/testharnessreport.js"></script>
  <script src="/cookies/resources/testharness-helpers.js"></script>
  <script src="/cookies/resources/cookie-helper.sub.js"></script>
</head>
<body>
<div id=log></div>
<script>
  promise_test(async function (t) {
    var value = "" + Math.random();
    document.cookie = `schemeful_same_site_websockets_strict=${value}; sameSite=strict; path=/`;
    document.cookie = `schemeful_same_site_websockets_lax=${value}; sameSite=lax; path=/`;
    await credFetch(SECURE_ORIGIN + "/cookies/resources/setSameSiteNone.py?" + value)
    t.add_cleanup(async function() {
      await credFetch(origin + "/cookies/resources/drop.py?name=" + "schemeful_same_site_websockets_strict");
      await credFetch(origin + "/cookies/resources/drop.py?name=" + "schemeful_same_site_websockets_lax");
      await credFetch(SECURE_ORIGIN + "/cookies/resources/dropSameSiteNone.py");
    });

    var ws = new WebSocket("ws://{{host}}:{{ports[ws][0]}}/echo-cookie");
    return new Promise((resolve, reject) => {
      ws.onclose = t.step_func_done(function () {
        assert_unreached("'close' should not fire before 'open'.");
      });
      ws.onmessage = t.step_func(function (e) {
        ws.onclose = null;
        ws.close();
        // Same-scheme WebSockets should get Lax and Strict cookies.
        var strictRegex = new RegExp("schemeful_same_site_websockets_strict=" + value);
        var laxRegex = new RegExp("schemeful_same_site_websockets_lax=" + value);
        assert_regexp_match(e.data, strictRegex, "Same-scheme strict");
        assert_regexp_match(e.data, laxRegex, "Same-scheme strict");

        var ws2 = new WebSocket("wss://{{host}}:{{ports[wss][0]}}/echo-cookie");
        ws2.onclose = t.step_func_done(function () {
          assert_unreached("'close' should not fire before 'open'.");
        });
        ws2.onmessage = t.step_func(function (e2) {
          ws2.onclose = null;
          ws2.close();
          // Cross-scheme WebSockets should only get samesite_none.
          var noneRegex = new RegExp("samesite_none_secure=" + value);
          assert_regexp_match(e2.data, noneRegex, "Cross-scheme none");
          assert_false(strictRegex.test(e2.data), "Cross-scheme strict");
          assert_false(laxRegex.test(e2.data), "Cross-scheme lax");
          resolve();
        });
      });
    });
  }, "Cross-scheme WebSockets are cross-site");
</script>
</body>
</html>