Adding upstream version 115.7.0esr.upstream/115.7.0esr

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 127 insertions, 0 deletions

diff --git a/testing/web-platform/tests/html/cross-origin-embedder-policy/credentialless/fetch.https.window.js b/testing/web-platform/tests/html/cross-origin-embedder-policy/credentialless/fetch.https.window.js
new file mode 100644
index 0000000000..6ea94d0a19
--- /dev/null
+++ b/testing/web-platform/tests/html/cross-origin-embedder-policy/credentialless/fetch.https.window.js
@@ -0,0 +1,127 @@
+// META: script=/common/get-host-info.sub.js
+// META: script=/common/utils.js
+// META: script=/common/dispatcher/dispatcher.js
+// META: script=./resources/common.js
+
+promise_test(async test => {
+  const same_origin = get_host_info().HTTPS_ORIGIN;
+  const cross_origin = get_host_info().HTTPS_REMOTE_ORIGIN;
+  const cookie_key = "coep_credentialless_fetch";
+  const cookie_same_origin = "same_origin";
+  const cookie_cross_origin = "cross_origin";
+
+  await Promise.all([
+    setCookie(same_origin, cookie_key, cookie_same_origin +
+      cookie_same_site_none),
+    setCookie(cross_origin, cookie_key, cookie_cross_origin +
+      cookie_same_site_none),
+  ]);
+
+  // One window with COEP:none. (control)
+  const w_control_token = token();
+  const w_control_url = same_origin + executor_path +
+    coep_none + `&uuid=${w_control_token}`
+  const w_control = window.open(w_control_url);
+  add_completion_callback(() => w_control.close());
+
+  // One window with COEP:credentialless. (experiment)
+  const w_credentialless_token = token();
+  const w_credentialless_url = same_origin + executor_path +
+    coep_credentialless + `&uuid=${w_credentialless_token}`;
+  const w_credentialless = window.open(w_credentialless_url);
+  add_completion_callback(() => w_credentialless.close());
+
+  const fetchTest = function(
+    description, origin, mode, credentials,
+    expected_cookies_control,
+    expected_cookies_credentialless)
+  {
+    promise_test_parallel(async test => {
+      const token_1 = token();
+      const token_2 = token();
+
+      send(w_control_token, `
+        fetch("${showRequestHeaders(origin, token_1)}", {
+          mode:"${mode}",
+          credentials: "${credentials}",
+        });
+      `);
+      send(w_credentialless_token, `
+        fetch("${showRequestHeaders(origin, token_2)}", {
+          mode:"${mode}",
+          credentials: "${credentials}",
+        });
+      `);
+
+      const headers_control = JSON.parse(await receive(token_1));
+      const headers_credentialless = JSON.parse(await receive(token_2));
+
+      assert_equals(parseCookies(headers_control)[cookie_key],
+        expected_cookies_control,
+        "coep:none => ");
+      assert_equals(parseCookies(headers_credentialless)[cookie_key],
+        expected_cookies_credentialless,
+        "coep:credentialless => ");
+    }, `fetch ${description}`)
+  };
+
+  // Cookies are never sent with credentials='omit'
+  fetchTest("same-origin + no-cors + credentials:omit",
+    same_origin, 'no-cors', 'omit',
+    undefined,
+    undefined);
+  fetchTest("same-origin + cors + credentials:omit",
+    same_origin, 'cors', 'omit',
+    undefined,
+    undefined);
+  fetchTest("cross-origin + no-cors + credentials:omit",
+    cross_origin, 'no-cors', 'omit',
+    undefined,
+    undefined);
+  fetchTest("cross-origin + cors + credentials:omit",
+    cross_origin, 'cors', 'omit',
+    undefined,
+    undefined);
+
+  // Same-origin request contains Cookies.
+  fetchTest("same-origin + no-cors + credentials:include",
+    same_origin, 'no-cors', 'include',
+    cookie_same_origin,
+    cookie_same_origin);
+  fetchTest("same-origin + cors + credentials:include",
+    same_origin, 'cors', 'include',
+    cookie_same_origin,
+    cookie_same_origin);
+  fetchTest("same-origin + no-cors + credentials:same-origin",
+    same_origin, 'no-cors', 'same-origin',
+    cookie_same_origin,
+    cookie_same_origin);
+  fetchTest("same-origin + cors + credentials:same-origin",
+    same_origin, 'cors', 'same-origin',
+    cookie_same_origin,
+    cookie_same_origin);
+
+  // Cross-origin CORS requests contains Cookies, if credentials mode is set to
+  // 'include'. This does not depends on COEP.
+  fetchTest("cross-origin + cors + credentials:include",
+    cross_origin, 'cors', 'include',
+    cookie_cross_origin,
+    cookie_cross_origin);
+  fetchTest("cross-origin + cors + same-origin-credentials",
+    cross_origin, 'cors', 'same-origin',
+    undefined,
+    undefined);
+
+  // Cross-origin no-CORS requests includes Cookies when:
+  // 1. credentials mode is 'include'
+  // 2. COEP: is not credentialless.
+  fetchTest("cross-origin + no-cors + credentials:include",
+    cross_origin, 'no-cors', 'include',
+    cookie_cross_origin,
+    undefined);
+
+  fetchTest("cross-origin + no-cors + credentials:same-origin",
+    cross_origin, 'no-cors', 'same-origin',
+    undefined,
+    undefined);
+}, "");