diff options
Diffstat (limited to 'testing/web-platform/tests/websockets/cookies')
10 files changed, 314 insertions, 0 deletions
diff --git a/testing/web-platform/tests/websockets/cookies/001.html b/testing/web-platform/tests/websockets/cookies/001.html new file mode 100644 index 0000000000..c43947fa87 --- /dev/null +++ b/testing/web-platform/tests/websockets/cookies/001.html @@ -0,0 +1,28 @@ +<!doctype html> +<title>WebSockets: Cookie in request</title> +<script src=/resources/testharness.js></script> +<script src=/resources/testharnessreport.js></script> +<script src=../constants.sub.js></script> +<meta name="variant" content=""> +<meta name="variant" content="?wss&wpt_flags=https"> +<meta name="variant" content="?wpt_flags=h2"> +<div id=log></div> +<script> +var cookie_id = ((new Date())-0) + '.' + Math.random(); +async_test(function(t) { + if (window.WebSocket) { + document.cookie = 'ws_test_'+cookie_id+'=test; Path=/'; + } + t.add_cleanup(function() { + // remove cookie + document.cookie = 'ws_test_'+cookie_id+'=; Path=/; Expires=Sun, 06 Nov 1994 08:49:37 GMT'; + }); + var ws = new WebSocket(SCHEME_DOMAIN_PORT+'/echo-cookie'); + ws.onmessage = t.step_func(function(e) { + assert_regexp_match(e.data, new RegExp('ws_test_'+cookie_id+'=test')); + ws.close(); + t.done(); + }); + ws.onerror = ws.onclose = t.step_func(function(e) {assert_unreached(e.type)}); +}); +</script> diff --git a/testing/web-platform/tests/websockets/cookies/002.html b/testing/web-platform/tests/websockets/cookies/002.html new file mode 100644 index 0000000000..1a5e03e335 --- /dev/null +++ b/testing/web-platform/tests/websockets/cookies/002.html @@ -0,0 +1,26 @@ +<!doctype html> +<title>WebSockets: Set-Cookie in response</title> +<script src=/resources/testharness.js></script> +<script src=/resources/testharnessreport.js></script> +<script src=../constants.sub.js></script> +<meta name="variant" content=""> +<meta name="variant" content="?wss&wpt_flags=https"> +<meta name="variant" content="?wpt_flags=h2"> +<div id=log></div> +<script> +var cookie_id = ((new Date())-0) + '.' + Math.random(); +async_test(function(t) { + t.add_cleanup(function() { + // remove cookie + document.cookie = 'ws_test_'+cookie_id+'=; Path=/; Expires=Sun, 06 Nov 1994 08:49:37 GMT'; + }); + var ws = new WebSocket(SCHEME_DOMAIN_PORT+'/set-cookie?'+cookie_id); + ws.onopen = t.step_func(function(e) { + assert_regexp_match(document.cookie, new RegExp('ws_test_'+cookie_id+'=test')); + ws.close(); + ws.onclose = null; + t.done(); + }); + ws.onerror = ws.onclose = t.step_func(function(e) {assert_unreached(e.type)}); +}); +</script> diff --git a/testing/web-platform/tests/websockets/cookies/003.html b/testing/web-platform/tests/websockets/cookies/003.html new file mode 100644 index 0000000000..2af4735402 --- /dev/null +++ b/testing/web-platform/tests/websockets/cookies/003.html @@ -0,0 +1,34 @@ +<!doctype html> +<title>WebSockets: sending HttpOnly cookies in ws request</title> +<script src=/resources/testharness.js></script> +<script src=/resources/testharnessreport.js></script> +<script src=../constants.sub.js></script> +<meta name="variant" content=""> +<meta name="variant" content="?wss&wpt_flags=https"> +<meta name="variant" content="?wpt_flags=h2"> +<div id=log></div> +<script> +setup({explicit_done:true}) +var cookie_id = ((new Date())-0) + '.' + Math.random(); + +var t = async_test(function(t) { + var iframe = document.createElement('iframe'); + t.add_cleanup(function() { + // remove cookie + iframe.src = 'support/set-cookie.py?'+encodeURIComponent('ws_test_'+cookie_id+'=; Path=/; HttpOnly; Expires=Sun, 06 Nov 1994 08:49:37 GMT'); + iframe.onload = done; + }); + iframe.src = 'support/set-cookie.py?'+encodeURIComponent('ws_test_'+cookie_id+'=test; Path=/; HttpOnly'); + iframe.onload = t.step_func(function() { + var ws = new WebSocket(SCHEME_DOMAIN_PORT+'/echo-cookie'); + ws.onmessage = t.step_func(function(e) { + ws.close(); + ws.onclose = null; + assert_regexp_match(e.data, new RegExp('ws_test_'+cookie_id+'=test')); + t.done(); + }); + ws.onerror = ws.onclose = t.step_func(function(e) {assert_unreached(e.type)}); + }); + document.body.appendChild(iframe); +}); +</script> diff --git a/testing/web-platform/tests/websockets/cookies/004.html b/testing/web-platform/tests/websockets/cookies/004.html new file mode 100644 index 0000000000..efc3a9f84d --- /dev/null +++ b/testing/web-platform/tests/websockets/cookies/004.html @@ -0,0 +1,31 @@ +<!doctype html> +<title>WebSockets: setting HttpOnly cookies in ws response, checking document.cookie</title> +<script src=/resources/testharness.js></script> +<script src=/resources/testharnessreport.js></script> +<script src=../constants.sub.js></script> +<meta name="variant" content=""> +<meta name="variant" content="?wss&wpt_flags=https"> +<div id=log></div> +<script> +setup({explicit_done:true}) +var cookie_id = ((new Date())-0) + '.' + Math.random(); + +var t = async_test(function(t) { + var iframe = document.createElement('iframe'); + t.add_cleanup(function() { + // remove cookie + iframe.src = 'support/set-cookie.py?'+encodeURIComponent('ws_test_'+cookie_id+'=; Path=/; HttpOnly; Expires=Sun, 06 Nov 1994 08:49:37 GMT'); + iframe.onload = done; + }); + var url = SCHEME_DOMAIN_PORT+'/set-cookie_http?'+cookie_id; + var ws = new WebSocket(url); + ws.onopen = t.step_func(function(e) { + ws.close(); + ws.onclose = null; + assert_false(new RegExp('ws_test_'+cookie_id+'=test').test(document.cookie)); + t.done(); + }); + ws.onerror = ws.onclose = t.step_func(function(e) {assert_unreached(e.type)}); + document.body.appendChild(iframe); +}); +</script> diff --git a/testing/web-platform/tests/websockets/cookies/005.html b/testing/web-platform/tests/websockets/cookies/005.html new file mode 100644 index 0000000000..8940d95127 --- /dev/null +++ b/testing/web-platform/tests/websockets/cookies/005.html @@ -0,0 +1,35 @@ +<!doctype html> +<title>WebSockets: setting HttpOnly cookies in ws response, checking ws request</title> +<meta name=timeout content=long> +<script src=/resources/testharness.js></script> +<script src=/resources/testharnessreport.js></script> +<script src=../constants.sub.js></script> +<meta name="variant" content=""> +<meta name="variant" content="?wss&wpt_flags=https"> +<div id=log></div> +<script> +setup({explicit_done:true}) +var cookie_id = ((new Date())-0) + '.' + Math.random(); + +var t = async_test(function(t) { + var iframe = document.createElement('iframe'); + t.add_cleanup(function() { + // remove cookie + iframe.src = 'support/set-cookie.py?'+encodeURIComponent('ws_test_'+cookie_id+'=; Path=/; HttpOnly; Expires=Sun, 06 Nov 1994 08:49:37 GMT'); + iframe.onload = done; + }); + var ws = new WebSocket(SCHEME_DOMAIN_PORT+'/set-cookie_http?'+cookie_id); + ws.onopen = t.step_func(function(e) { + var ws2 = new WebSocket(SCHEME_DOMAIN_PORT+'/echo-cookie'); + ws2.onmessage = t.step_func(function(e) { + ws.close(); + ws.onclose = null; + ws2.close(); + assert_regexp_match(e.data, new RegExp('ws_test_'+cookie_id+'=test')); + t.done(); + }); + }); + ws.onerror = ws.onclose = t.step_func(function(e) {assert_unreached(e.type)}); + document.body.appendChild(iframe); +}) +</script> diff --git a/testing/web-platform/tests/websockets/cookies/006.html b/testing/web-platform/tests/websockets/cookies/006.html new file mode 100644 index 0000000000..3c74363a43 --- /dev/null +++ b/testing/web-platform/tests/websockets/cookies/006.html @@ -0,0 +1,35 @@ +<!doctype html> +<title>WebSockets: setting Secure cookie with document.cookie, checking ws request</title> +<script src=/resources/testharness.js></script> +<script src=/resources/testharnessreport.js></script> +<script src=../constants.sub.js></script> +<meta name="variant" content=""> +<meta name="variant" content="?wss&wpt_flags=https"> +<meta name="variant" content="?wpt_flags=h2"> +<div id=log></div> +<script> +var cookie_id = ((new Date())-0) + '.' + Math.random(); +async_test(function(t) { + if (window.WebSocket) { + document.cookie = 'ws_test_'+cookie_id+'=test; Path=/; Secure'; + } + t.add_cleanup(function() { + // remove cookie + document.cookie = 'ws_test_'+cookie_id+'=; Path=/; Secure; Expires=Sun, 06 Nov 1994 08:49:37 GMT'; + }); + var ws = new WebSocket(SCHEME_DOMAIN_PORT+'/echo-cookie'); + ws.onmessage = t.step_func(function(e) { + ws.close(); + var cookie_was_seen = e.data.indexOf('ws_test_'+cookie_id+'=test') != -1; + if (SCHEME_DOMAIN_PORT.substr(0,3) == 'wss') { + assert_true(cookie_was_seen, + 'cookie should have been visible to wss'); + } else { + assert_false(cookie_was_seen, + 'cookie should not have been visible to ws'); + } + t.done(); + }) + ws.onerror = ws.onclose = t.step_func(function(e) {assert_unreached(e.type)}); +}); +</script> diff --git a/testing/web-platform/tests/websockets/cookies/007.html b/testing/web-platform/tests/websockets/cookies/007.html new file mode 100644 index 0000000000..2c214a1dbb --- /dev/null +++ b/testing/web-platform/tests/websockets/cookies/007.html @@ -0,0 +1,36 @@ +<!doctype html> +<title>WebSockets: when to process set-cookie fields in ws response</title> +<meta name=timeout content=long> +<script src=/resources/testharness.js></script> +<script src=/resources/testharnessreport.js></script> +<script src=../constants.sub.js></script> +<meta name="variant" content=""> +<meta name="variant" content="?wss&wpt_flags=https"> +<meta name="variant" content="?wpt_flags=h2"> +<div id=log></div> +<script> +var cookie_id = ((new Date())-0) + '.' + Math.random(); +async_test(function(t) { + t.add_cleanup(function() { + // remove cookie + document.cookie = 'ws_test_'+cookie_id+'; Path=/; Expires=Sun, 06 Nov 1994 08:49:37 GMT'; + }); + var ws = new WebSocket(SCHEME_DOMAIN_PORT+'/set-cookie?'+cookie_id); + ws.onopen = t.step_func(function(e) { + ws.close(); + ws.onclose = null; + assert_regexp_match(document.cookie, new RegExp('ws_test_'+cookie_id+'=test')); + t.done(); + }); + ws.onerror = ws.onclose = t.step_func(function() {assert_unreached()}); + + // sleep for 2 seconds with sync xhr + var sleep = new XMLHttpRequest(); + sleep.open('GET', '/common/blank.html?pipe=trickle(d2)', false); + sleep.send(null); + + if (new RegExp('ws_test_'+cookie_id+'=test').test(document.cookie)) { + assert_unreached('cookie was set during script execution'); + } +}); +</script> diff --git a/testing/web-platform/tests/websockets/cookies/support/set-cookie.py b/testing/web-platform/tests/websockets/cookies/support/set-cookie.py new file mode 100644 index 0000000000..71cd8bca60 --- /dev/null +++ b/testing/web-platform/tests/websockets/cookies/support/set-cookie.py @@ -0,0 +1,7 @@ +from urllib.parse import unquote + +from wptserve.utils import isomorphic_encode + +def main(request, response): + response.headers.set(b'Set-Cookie', isomorphic_encode(unquote(request.url_parts.query))) + return [(b"Content-Type", b"text/plain")], b"" diff --git a/testing/web-platform/tests/websockets/cookies/support/websocket-cookies-helper.sub.js b/testing/web-platform/tests/websockets/cookies/support/websocket-cookies-helper.sub.js new file mode 100644 index 0000000000..a7fae2551e --- /dev/null +++ b/testing/web-platform/tests/websockets/cookies/support/websocket-cookies-helper.sub.js @@ -0,0 +1,57 @@ +// Set up global variables. +(_ => { + var HOST = '{{host}}'; + var CROSS_ORIGIN_HOST = '{{hosts[alt][]}}'; + var WSS_PORT = ':{{ports[wss][0]}}'; + var HTTPS_PORT = ':{{ports[https][0]}}'; + + window.WSS_ORIGIN = 'wss://' + HOST + WSS_PORT; + window.WSS_CROSS_SITE_ORIGIN = 'wss://' + CROSS_ORIGIN_HOST + WSS_PORT; + window.HTTPS_ORIGIN = 'https://' + HOST + HTTPS_PORT; + window.HTTPS_CROSS_SITE_ORIGIN = 'https://' + CROSS_ORIGIN_HOST + HTTPS_PORT; +})(); + +// Sets a cookie with each SameSite option. +function setSameSiteCookies(origin, value) { + return new Promise(resolve => { + const ws = new WebSocket(origin + '/set-cookies-samesite?value=' + value); + ws.onopen = () => { + ws.close(); + }; + ws.onclose = resolve; + }); +} + +// Clears cookies set by setSameSiteCookies(). +function clearSameSiteCookies(origin) { + return new Promise(resolve => { + const ws = new WebSocket(origin + '/set-cookies-samesite?clear'); + ws.onopen = () => ws.close(); + ws.onclose = resolve; + }); +} + +// Gets value of Cookie header sent in request. +function connectAndGetRequestCookiesFrom(origin) { + return new Promise((resolve, reject) => { + var ws = new WebSocket(origin + '/echo-cookie'); + ws.onmessage = evt => { + var cookies = evt.data + resolve(cookies); + ws.onerror = undefined; + ws.onclose = undefined; + }; + ws.onerror = () => reject('Unexpected error event'); + ws.onclose = evt => reject('Unexpected close event: ' + JSON.stringify(evt)); + }); +} + +// Assert that a given cookie is or is not present in the string |cookies|. +function assertCookie(cookies, name, value, present) { + var assertion = present ? assert_true : assert_false; + var description = name + '=' + value + ' cookie is' + + (present ? ' ' : ' not ') + 'present.'; + var re = new RegExp('(?:^|; )' + name + '=' + value + '(?:$|;)'); + assertion(re.test(cookies), description); +} + diff --git a/testing/web-platform/tests/websockets/cookies/third-party-cookie-accepted.https.html b/testing/web-platform/tests/websockets/cookies/third-party-cookie-accepted.https.html new file mode 100644 index 0000000000..208d297016 --- /dev/null +++ b/testing/web-platform/tests/websockets/cookies/third-party-cookie-accepted.https.html @@ -0,0 +1,25 @@ +<!DOCTYPE html> +<meta charset="utf-8"/> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="support/websocket-cookies-helper.sub.js"></script> +<script> +promise_test(() => { + var value = '' + Math.random(); + var origin = WSS_CROSS_SITE_ORIGIN; + return setSameSiteCookies(origin, value).then( + () => { return connectAndGetRequestCookiesFrom(origin); } + ).then( + cookies => { + assert_not_equals(cookies, '(none)', 'request should contain cookies.'); + // SameSite cookies are blocked. + assertCookie(cookies, 'samesite-unspecified', value, false /* present */); + assertCookie(cookies, 'samesite-lax', value, false /* present */); + assertCookie(cookies, 'samesite-strict', value, false /* present */); + // SameSite=None third-party cookie is not blocked. + assertCookie(cookies, 'samesite-none', value, true /* present */); + return clearSameSiteCookies(origin); + } + ); +}, 'Test that third-party cookies are accepted for WebSockets.'); +</script> |