diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 19:33:14 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 19:33:14 +0000 |
commit | 36d22d82aa202bb199967e9512281e9a53db42c9 (patch) | |
tree | 105e8c98ddea1c1e4784a60a5a6410fa416be2de /dom/security/test/general/file_same_site_cookies_from_script.sjs | |
parent | Initial commit. (diff) | |
download | firefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.tar.xz firefox-esr-36d22d82aa202bb199967e9512281e9a53db42c9.zip |
Adding upstream version 115.7.0esr.upstream/115.7.0esrupstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'dom/security/test/general/file_same_site_cookies_from_script.sjs')
-rw-r--r-- | dom/security/test/general/file_same_site_cookies_from_script.sjs | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/dom/security/test/general/file_same_site_cookies_from_script.sjs b/dom/security/test/general/file_same_site_cookies_from_script.sjs new file mode 100644 index 0000000000..0df217cf45 --- /dev/null +++ b/dom/security/test/general/file_same_site_cookies_from_script.sjs @@ -0,0 +1,48 @@ +// Custom *.sjs file specifically for the needs of Bug 1452496 + +const SET_COOKIE_FRAME = ` + <!DOCTYPE html> + <html> + <head> + <title>Bug 1452496 - Do not allow same-site cookies in cross site context</title> + </head> + <body> + <script type="application/javascript"> + document.cookie = "myKey=sameSiteCookieInlineScript;SameSite=strict"; + </script> + </body> + </html>`; + +const GET_COOKIE_FRAME = ` + <!DOCTYPE html> + <html> + <head> + <title>Bug 1452496 - Do not allow same-site cookies in cross site context</title> + </head> + <body> + <script type="application/javascript"> + let cookie = document.cookie; + // now reset the cookie for the next test + document.cookie = "myKey=;" + "expires=Thu, 01 Jan 1970 00:00:00 GMT"; + window.parent.postMessage({result: cookie}, 'http://mochi.test:8888'); + </script> + </body> + </html>`; + +function handleRequest(request, response) { + // avoid confusing cache behaviors + response.setHeader("Cache-Control", "no-cache", false); + + if (request.queryString.includes("setSameSiteCookieUsingInlineScript")) { + response.write(SET_COOKIE_FRAME); + return; + } + + if (request.queryString.includes("getCookieFrame")) { + response.write(GET_COOKIE_FRAME); + return; + } + + // we should never get here, but just in case return something unexpected + response.write("D'oh"); +} |