1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
|
function testHttpCookies({desc, origin, cookieNames, expectsCookie}) {
promise_test(async () => {
await assertHttpOriginCanAccessCookies({ origin, cookieNames, expectsCookie });
}, getCookieTestName(expectsCookie, desc, "HTTP"));
}
async function assertHttpOriginCanAccessCookies({
origin,
cookieNames,
expectsCookie,
}) {
const resp = await credFetch(`${origin}/cookies/resources/list.py`);
const cookies = await resp.json();
for (const cookieName of cookieNames) {
assert_equals(
cookies.hasOwnProperty(cookieName), expectsCookie,
getCookieAssertDesc(expectsCookie, cookieName));
}
}
async function assertThirdPartyHttpCookies({ desc, origin, cookieNames, expectsCookie }) {
// Test that these cookies are not available on cross-site subresource requests to the
// origin that set them.
testHttpCookies({
desc,
origin,
cookieNames,
expectsCookie,
});
promise_test(async () => {
const thirdPartyHttpCookie = "3P_http"
await credFetch(
`${origin}/cookies/resources/set.py?${thirdPartyHttpCookie}=foobar;` +
"Secure;Path=/;SameSite=None");
await assertHttpOriginCanAccessCookies({
origin,
cookieNames: [thirdPartyHttpCookie],
expectsCookie,
});
}, desc + ": Cross site window setting HTTP cookies");
}
function testDomCookies({desc, cookieNames, expectsCookie}) {
test(() => {
assertDomCanAccessCookie(cookieNames, expectsCookie);
}, getCookieTestName(expectsCookie, desc, "DOM"));
}
function assertDomCanAccessCookie(cookieNames, expectsCookie) {
for (const cookieName of cookieNames) {
assert_equals(
document.cookie.includes(cookieName + "="), expectsCookie,
getCookieAssertDesc(expectsCookie, cookieName));
}
}
function testCookieStoreCookies({desc, cookieNames, expectsCookie}) {
if (!window.cookieStore) return;
promise_test(async () => {
await assertCookieStoreCanAccessCookies(cookieNames, expectsCookie);
}, getCookieTestName(expectsCookie, desc, "CookieStore"));
}
async function assertCookieStoreCanAccessCookies(cookieNames, expectsCookie) {
const cookies = await cookieStore.getAll({sameSite: 'none'});
for (const cookieName of cookieNames) {
assert_equals(
!!cookies.find(c => c.name === cookieName), expectsCookie,
getCookieAssertDesc(expectsCookie, cookieName));
}
}
function getCookieTestName(expectsCookie, desc, cookieType) {
if (expectsCookie) {
return `${desc}: Cookies are accessible via ${cookieType}`;
}
return `${desc}: Cookies are not accessible via ${cookieType}`;
}
function getCookieAssertDesc(expectsCookie, cookieName) {
if (expectsCookie) {
return `Expected cookie ${cookieName} to be available`;
}
return `Expected cookie ${cookieName} to not be available`;
}
|