blob: 99418a67491e896bcc4caf6f73d0465390ecef4a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
<!DOCTYPE html>
<meta charset="utf-8"/>
<meta name="timeout" content="long">
<title>Cross-site window</title>
<script src="/resources/testharness.js"></script>
<script src="/common/get-host-info.sub.js"></script>
<script src="/cookies/resources/cookie-helper.sub.js"></script>
<script src="/cookies/third-party-cookies/resources/test-helpers.js"></script>
<body>
<script>
let origin;
// Test that parent window passed its origin in the URL parameters correctly.
test(() => {
assert_true(window.location.search.startsWith("?origin="));
origin = decodeURIComponent(window.location.search.slice(
window.location.search.indexOf("?origin=") + 8));
}, "Cross-site window opened correctly");
// Cookies set by the parent window in a 1P context.
const cookieNames = ["1P_http", "1P_dom"];
if (window.cookieStore) {
cookieNames.push("1P_cs");
}
// Test theses cookies are not available on cross-site subresource requests
// to the origin that set them.
testHttpCookies({
desc: "3P fetch",
origin,
cookieNames,
expectsCookie: false,
});
promise_test(async () => {
const thirdPartyHttpCookie = "3P_http"
await credFetch(
`${origin}/cookies/resources/set.py?${thirdPartyHttpCookie}=foobar;` +
"Secure;Path=/;SameSite=None");
await assertOriginCanAccessCookies({
origin,
cookieNames: ["3P_http"],
expectsCookie: false,
});
}, "Cross site window setting HTTP cookies");
// Create a cross-site <iframe> which embeds the cookies' origin into this
// page.
const iframe = document.createElement("iframe");
const url = new URL(
"/cookies/third-party-cookies/resources/" +
"third-party-cookies-cross-site-embed.html",
origin);
iframe.src = String(url);
document.body.appendChild(iframe);
fetch_tests_from_window(iframe.contentWindow);
</script>
</body>
|
