testing/web-platform/tests/fetch/api/cors/cors-cookies-redirect.any.js


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49

// META: script=/common/utils.js
// META: script=../resources/utils.js
// META: script=/common/get-host-info.sub.js

var redirectUrl = get_host_info().HTTP_REMOTE_ORIGIN + dirname(location.pathname) + RESOURCES_DIR + "redirect.py";
var urlSetCookies1 = get_host_info().HTTP_REMOTE_ORIGIN + dirname(location.pathname) + RESOURCES_DIR + "top.txt";
var urlSetCookies2 = get_host_info().HTTP_ORIGIN_WITH_DIFFERENT_PORT + dirname(location.pathname) + RESOURCES_DIR + "top.txt";
var urlCheckCookies = get_host_info().HTTP_ORIGIN_WITH_DIFFERENT_PORT + dirname(location.pathname) + RESOURCES_DIR + "inspect-headers.py?cors&headers=cookie";

var urlSetCookiesParameters = "?pipe=header(Access-Control-Allow-Origin," + location.origin + ")";
urlSetCookiesParameters += "|header(Access-Control-Allow-Credentials,true)";

urlSetCookiesParameters1 = urlSetCookiesParameters + "|header(Set-Cookie,a=1)";
urlSetCookiesParameters2 = urlSetCookiesParameters + "|header(Set-Cookie,a=2)";

urlClearCookiesParameters1 = urlSetCookiesParameters + "|header(Set-Cookie,a=1%3B%20max-age=0)";
urlClearCookiesParameters2 = urlSetCookiesParameters + "|header(Set-Cookie,a=2%3B%20max-age=0)";

promise_test(async (test) => {
    await fetch(urlSetCookies1 + urlSetCookiesParameters1, {"credentials": "include", "mode": "cors"});
    await fetch(urlSetCookies2 + urlSetCookiesParameters2, {"credentials": "include", "mode": "cors"});
}, "Set cookies");

function doTest(usePreflight) {
    promise_test(async (test) => {
        var url = redirectUrl;
        var uuid_token = token();
        var urlParameters = "?token=" + uuid_token + "&max_age=0";
        urlParameters += "&redirect_status=301";
        urlParameters += "&location=" + encodeURIComponent(urlCheckCookies);
        urlParameters += "&allow_headers=a&headers=Cookie";
        headers = [];
        if (usePreflight)
            headers.push(["a", "b"]);

        var requestInit = {"credentials": "include", "mode": "cors", "headers": headers};
        var response = await fetch(url + urlParameters, requestInit);

        assert_equals(response.headers.get("x-request-cookie") , "a=2", "Request includes cookie(s)");
    }, "Testing credentials after cross-origin redirection with CORS and " + (usePreflight ? "" : "no ") + "preflight");
}

doTest(false);
doTest(true);

promise_test(async (test) => {
    await fetch(urlSetCookies1 + urlClearCookiesParameters1, {"credentials": "include", "mode": "cors"});
    await fetch(urlSetCookies2 + urlClearCookiesParameters2, {"credentials": "include", "mode": "cors"});
}, "Clean cookies");