summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/cookies/attributes
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 09:22:09 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 09:22:09 +0000
commit43a97878ce14b72f0981164f87f2e35e14151312 (patch)
tree620249daf56c0258faa40cbdcf9cfba06de2a846 /testing/web-platform/tests/cookies/attributes
parentInitial commit. (diff)
downloadfirefox-43a97878ce14b72f0981164f87f2e35e14151312.tar.xz
firefox-43a97878ce14b72f0981164f87f2e35e14151312.zip
Adding upstream version 110.0.1.upstream/110.0.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'testing/web-platform/tests/cookies/attributes')
-rw-r--r--testing/web-platform/tests/cookies/attributes/attributes-ctl.sub.html114
-rw-r--r--testing/web-platform/tests/cookies/attributes/domain.sub.html24
-rw-r--r--testing/web-platform/tests/cookies/attributes/expires.html56
-rw-r--r--testing/web-platform/tests/cookies/attributes/invalid.html171
-rw-r--r--testing/web-platform/tests/cookies/attributes/max-age.html78
-rw-r--r--testing/web-platform/tests/cookies/attributes/path-redirect.html128
-rw-r--r--testing/web-platform/tests/cookies/attributes/path.html144
-rw-r--r--testing/web-platform/tests/cookies/attributes/resources/domain-child.sub.html401
-rw-r--r--testing/web-platform/tests/cookies/attributes/resources/path-redirect-shared.js11
-rw-r--r--testing/web-platform/tests/cookies/attributes/resources/path.html14
-rw-r--r--testing/web-platform/tests/cookies/attributes/resources/path.html.headers1
-rw-r--r--testing/web-platform/tests/cookies/attributes/resources/path/one.html14
-rw-r--r--testing/web-platform/tests/cookies/attributes/resources/path/three.html14
-rw-r--r--testing/web-platform/tests/cookies/attributes/resources/path/two.html14
-rw-r--r--testing/web-platform/tests/cookies/attributes/resources/pathfakeout.html14
-rw-r--r--testing/web-platform/tests/cookies/attributes/resources/pathfakeout/one.html14
-rw-r--r--testing/web-platform/tests/cookies/attributes/resources/secure-non-secure-child.html85
-rw-r--r--testing/web-platform/tests/cookies/attributes/secure-non-secure.html23
-rw-r--r--testing/web-platform/tests/cookies/attributes/secure.https.html65
19 files changed, 1385 insertions, 0 deletions
diff --git a/testing/web-platform/tests/cookies/attributes/attributes-ctl.sub.html b/testing/web-platform/tests/cookies/attributes/attributes-ctl.sub.html
new file mode 100644
index 0000000000..7950751e27
--- /dev/null
+++ b/testing/web-platform/tests/cookies/attributes/attributes-ctl.sub.html
@@ -0,0 +1,114 @@
+<!doctype html>
+<html>
+ <head>
+ <meta charset=utf-8>
+ <title>Test cookie attribute parsing with control characters</title>
+ <meta name=help href="https://tools.ietf.org/html/rfc6265#section-5.2">
+ <meta name="timeout" content="long">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/resources/testdriver.js"></script>
+ <script src="/resources/testdriver-vendor.js"></script>
+ <script src="/cookies/resources/cookie-test.js"></script>
+ </head>
+ <body>
+ <div id=log></div>
+ <script>
+ const host = "{{host}}";
+ const path = "/cookies/attributes";
+
+ // Tests for control characters (CTLs) in a cookie's attribute values.
+ // CTLs are defined by RFC 5234 to be %x00-1F / %x7F.
+ const CTLS = getCtlCharacters();
+
+ // All CTLs, with the exception of %x09 (the tab character), should
+ // cause the cookie to be rejected.
+ // In these tests we rely on subsequent attributes with the same name
+ // overriding the earlier one. In the cases where the control character
+ // should cause the entire cookie line to be rejected, if the control
+ // character were not present the cookie line should be one that
+ // would not be rejected. That way, if the attribute value is ignored
+ // instead of the cookie line being rejected, the test will catch it.
+ for (const ctl of CTLS) {
+ // NOTE: 'expected' below is only expected in the case of the tab
+ // character. Otherwise, '' is expected.
+ const controlCharacterAttributeTests = [
+ {
+ cookie: `test${ctl.code}domain=t; Domain=test${ctl.chr}.co; Domain=${host};`,
+ expected: `test${ctl.code}domain=t`,
+ name: `Cookie with %x${ctl.code.toString(16)} in Domain attribute value is handled correctly.`,
+ },
+ {
+ cookie: `test${ctl.code}domain2=t; Domain=${host}${ctl.chr};`,
+ expected: `test${ctl.code}domain2=t`,
+ name: `Cookie with %x${ctl.code.toString(16)} after Domain attribute value is handled correctly.`,
+ },
+ {
+ cookie: `test${ctl.code}path=t; Path=/te${ctl.chr}st; Path=${path}`,
+ expected: `test${ctl.code}path=t`,
+ name: `Cookie with %x${ctl.code.toString(16)} in Path attribute value is handled correctly.`,
+ },
+ {
+ cookie: `test${ctl.code}path2=t; Path=${path}${ctl.chr};`,
+ expected: `test${ctl.code}path2=t`,
+ name: `Cookie with %x${ctl.code.toString(16)} after Path attribute value is handled correctly.`,
+ },
+ {
+ cookie: `test${ctl.code}maxage=t; Max-Age=10${ctl.chr}00; Max-Age=1000;`,
+ expected: `test${ctl.code}maxage=t`,
+ name: `Cookie with %x${ctl.code.toString(16)} in Max-Age attribute value is handled correctly.`,
+ },
+ {
+ cookie: `test${ctl.code}maxage2=t; Max-Age=1000${ctl.chr};`,
+ expected: `test${ctl.code}maxage2=t`,
+ name: `Cookie with %x${ctl.code.toString(16)} after Max-Age attribute value is handled correctly.`,
+ },
+ {
+ cookie: `test${ctl.code}expires=t; Expires=Fri, 01 Jan 20${ctl.chr}38 00:00:00 GMT; ` +
+ 'Expires=Fri, 01 Jan 2038 00:00:00 GMT;',
+ expected: `test${ctl.code}expires=t`,
+ name: `Cookie with %x${ctl.code.toString(16)} in Expires attribute value is handled correctly.`,
+ },
+ {
+ cookie: `test${ctl.code}expires2=t; Expires=Fri, 01 Jan 2038 00:00:00 GMT${ctl.chr};`,
+ expected: `test${ctl.code}expires2=t`,
+ name: `Cookie with %x${ctl.code.toString(16)} after Expires attribute value is handled correctly.`,
+ },
+ {
+ cookie: `test${ctl.code}secure=t; Sec${ctl.chr}ure;`,
+ expected: `test${ctl.code}secure=t`,
+ name: `Cookie with %x${ctl.code.toString(16)} in Secure attribute is handled correctly.`,
+ },
+ {
+ cookie: `test${ctl.code}secure2=t; Secure${ctl.chr};`,
+ expected: `test${ctl.code}secure2=t`,
+ name: `Cookie with %x${ctl.code.toString(16)} after Secure attribute is handled correctly.`,
+ },
+ {
+ cookie: `test${ctl.code}httponly=t; Http${ctl.chr}Only;`,
+ expected: `test${ctl.code}httponly=t`,
+ name: `Cookie with %x${ctl.code.toString(16)} in HttpOnly attribute is handled correctly.`,
+ },
+ {
+ cookie: `test${ctl.code}samesite=t; SameSite=La${ctl.chr}x; SameSite=Lax;`,
+ expected: `test${ctl.code}samesite=t`,
+ name: `Cookie with %x${ctl.code.toString(16)} in SameSite attribute value is handled correctly.`,
+ },
+ {
+ cookie: `test${ctl.code}samesite2=t; SameSite=Lax${ctl.chr};`,
+ expected: `test${ctl.code}samesite2=t`,
+ name: `Cookie with %x${ctl.code.toString(16)} after SameSite attribute value is handled correctly.`,
+ },
+ ];
+
+ for (const test of controlCharacterAttributeTests) {
+ if (ctl.code === 0x09) {
+ domCookieTest(test.cookie, test.expected, test.name);
+ } else {
+ domCookieTest(test.cookie, "", test.name);
+ }
+ }
+ }
+ </script>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/cookies/attributes/domain.sub.html b/testing/web-platform/tests/cookies/attributes/domain.sub.html
new file mode 100644
index 0000000000..17bc3267c2
--- /dev/null
+++ b/testing/web-platform/tests/cookies/attributes/domain.sub.html
@@ -0,0 +1,24 @@
+<!doctype html>
+<html>
+ <head>
+ <meta charset=utf-8>
+ <title>Test cookie domain attribute parsing</title>
+ <meta name=help href="https://tools.ietf.org/html/rfc6265#section-5.2.3">
+ <meta name="timeout" content="long">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/resources/testdriver.js"></script>
+ <script src="/resources/testdriver-vendor.js"></script>
+ </head>
+ <body>
+ <script>
+ const port = "{{ports[http][0]}}";
+ const wwwHost = "{{domains[www]}}";
+
+ test(t => {
+ const win = window.open(`http://${wwwHost}:${port}/cookies/attributes/resources/domain-child.sub.html`);
+ fetch_tests_from_window(win);
+ });
+ </script>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/cookies/attributes/expires.html b/testing/web-platform/tests/cookies/attributes/expires.html
new file mode 100644
index 0000000000..a6bacfd74e
--- /dev/null
+++ b/testing/web-platform/tests/cookies/attributes/expires.html
@@ -0,0 +1,56 @@
+<!doctype html>
+<html>
+ <head>
+ <meta charset=utf-8>
+ <title>Test expires attribute parsing</title>
+ <meta name=help href="https://tools.ietf.org/html/rfc6265#section-5.1.1">
+ <meta name="timeout" content="long">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/resources/testdriver.js"></script>
+ <script src="/resources/testdriver-vendor.js"></script>
+ <script src="/cookies/resources/cookie-test.js"></script>
+ </head>
+ <body>
+ <div id=log></div>
+ <script>
+ const expiresTests = [
+ {
+ cookie: "test=1; Expires=Fri, 01 Jan 2038 00:00:00 GMT",
+ expected: "test=1",
+ name: "Set cookie with expires value containing a comma",
+ },
+ {
+ cookie: "test=2; Expires=Fri 01 Jan 2038 00:00:00 GMT, baz=qux",
+ expected: "test=2",
+ name: "Set cookie with expires value followed by comma",
+ },
+ {
+ cookie: "test=3; Expires=Fri, 01 Jan 2038 00:00:00 GMT",
+ expected: "test=3",
+ name: "Set cookie with future expiration",
+ },
+ {
+ cookie: ["test=expired; Expires=Fri, 07 Aug 2007 08:04:19 GMT", "test=4; Expires=Fri, 07 Aug 2027 08:04:19 GMT"],
+ expected: "test=4",
+ name: "Set expired cookie along with valid cookie",
+ },
+ {
+ cookie: "test=5; expires=Thu, 10 Apr 1980 16:33:12 GMT",
+ expected: "",
+ name: "Don't set cookie with expires set to the past",
+ },
+ ];
+
+ // These tests evaluate setting cookies with expiration via HTTP headers.
+ for (const test of expiresTests) {
+ httpCookieTest(test.cookie, test.expected, test.name + " via HTTP headers");
+ }
+
+ // These tests evaluate setting cookies with expiration via document.cookie.
+ for (const test of expiresTests) {
+ domCookieTest(test.cookie, test.expected, test.name + " via document.cookie");
+ }
+ </script>
+ </body>
+</html> \ No newline at end of file
diff --git a/testing/web-platform/tests/cookies/attributes/invalid.html b/testing/web-platform/tests/cookies/attributes/invalid.html
new file mode 100644
index 0000000000..6d4a53916d
--- /dev/null
+++ b/testing/web-platform/tests/cookies/attributes/invalid.html
@@ -0,0 +1,171 @@
+<!doctype html>
+<html>
+ <head>
+ <meta charset=utf-8>
+ <title>Test invalid attribute parsing</title>
+ <meta name=help href="https://tools.ietf.org/html/rfc6265#section-5.2">
+ <meta name="timeout" content="long">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/resources/testdriver.js"></script>
+ <script src="/resources/testdriver-vendor.js"></script>
+ <script src="/cookies/resources/cookie-test.js"></script>
+ </head>
+ <body>
+ <div id=log></div>
+ <script>
+ // These tests ensure that invalid attributes don't affect
+ // cookie parsing. `Path` isn't important to the tests where it appears,
+ // but it's used to be able to place the invalid attribute in different
+ // locations.
+ const invalidAttributeTests = [
+ {
+ cookie: "test=1; lol; Path=/",
+ expected: "test=1",
+ name: "Set cookie with invalid attribute",
+ defaultPath: false
+ },
+ {
+ cookie: "test=2; Path=/; lol",
+ expected: "test=2",
+ name: "Set cookie ending with invalid attribute.",
+ defaultPath: false
+ },
+ {
+ cookie: "test=3; Path=/; 'lol'",
+ expected: "test=3",
+ name: "Set cookie ending with quoted invalid attribute.",
+ defaultPath: false
+ },
+ {
+ cookie: 'test=4; Path=/; "lol"',
+ expected: "test=4",
+ name: "Set cookie ending with double-quoted invalid attribute.",
+ defaultPath: false
+ },
+ {
+ cookie: "test=5; Path=/; lol=",
+ expected: "test=5",
+ name: "Set cookie ending with invalid attribute equals.",
+ defaultPath: false
+ },
+ {
+ cookie: 'test=6; lol="aaa;bbb"; Path=/',
+ expected: "test=6",
+ name: "Set cookie with two invalid attributes (lol=\"aaa and bbb).",
+ defaultPath: false
+ },
+ {
+ cookie: 'test=7; Path=/; lol="aaa;bbb"',
+ expected: "test=7",
+ name: "Set cookie ending with two invalid attributes (lol=\"aaa and bbb).",
+ defaultPath: false
+ },
+ {
+ cookie: 'test=8; "Secure"',
+ expected: "test=8",
+ // This gets parsed as an unrecognized \"Secure\" attribute, not a valid
+ // Secure attribute. That's why it gets set on an non-secure origin.
+ name: "Set cookie for quoted Secure attribute",
+ },
+ {
+ cookie: "test=9; Secure qux",
+ expected: "test=9",
+ // This should be parsed as an unrecognized "Secure qux" attribute
+ // and ignored. That is, the cookie will not be Secure.
+ name: "Set cookie for Secure qux",
+ },
+ {
+ cookie: "test=10; b,az=qux",
+ expected: "test=10",
+ name: "Ignore invalid attribute name with comma",
+ },
+ {
+ cookie: "test=11; baz=q,ux",
+ expected: "test=11",
+ name: "Ignore invalid attribute value with comma",
+ },
+ {
+ cookie: " test = 12 ;foo;;; bar",
+ expected: "test=12",
+ name: "Set cookie ignoring multiple invalid attributes, whitespace, and semicolons",
+ },
+ {
+ cookie: " test=== 13 ;foo;;; bar",
+ expected: "test=== 13",
+ name: "Set cookie with multiple '='s in its value, ignoring multiple invalid attributes, whitespace, and semicolons",
+ },
+ {
+ cookie: "test=14; version=1;",
+ expected: "test=14",
+ name: "Set cookie with (invalid) version=1 attribute",
+ },
+ {
+ cookie: "test=15; version=1000;",
+ expected: "test=15",
+ name: "Set cookie with (invalid) version=1000 attribute",
+ },
+ {
+ cookie: "test=16; customvalue='1000 or more';",
+ expected: "test=16",
+ name: "Set cookie ignoring anything after ; (which looks like an invalid attribute)",
+ },
+ {
+ cookie: "test=17; customvalue='1000 or more'",
+ expected: "test=17",
+ name: "Set cookie ignoring anything after ; (which looks like an invalid attribute, with no trailing semicolon)",
+ },
+ {
+ cookie: "test=18; foo=bar, a=b",
+ expected: "test=18",
+ name: "Ignore keys after semicolon",
+ },
+ {
+ cookie: "test=19;max-age=3600, c=d;path=/",
+ expected: "test=19",
+ name: "Ignore attributes after semicolon",
+ defaultPath: false,
+ },
+ {
+ cookie: ["testA=20", "=", "testb=20"],
+ expected: "testA=20; testb=20",
+ name: "Ignore `Set-Cookie: =`",
+ },
+ {
+ cookie: ["test=21", ""],
+ expected: "test=21",
+ name: "Ignore empty cookie string",
+ },
+ {
+ cookie: ["test22", "="],
+ expected: "test22",
+ name: "Ignore `Set-Cookie: =` with other `Set-Cookie` headers",
+ },
+ {
+ cookie: ["testA23", "; testB23"],
+ expected: "testA23",
+ name: "Ignore name- and value-less `Set-Cookie: ; bar`",
+ },
+ {
+ cookie: ["test24", " "],
+ expected: "test24",
+ name: "Ignore name- and value-less `Set-Cookie: `",
+ },
+ {
+ cookie: ["test25", "\t"],
+ expected: "test25",
+ name: "Ignore name- and value-less `Set-Cookie: \\t`",
+ },
+ {
+ cookie: "test=26; domain=.parser.test; ;; ;=; ,,, ===,abc,=; abracadabra! max-age=20;=;;",
+ expected: "",
+ name: "Ignore cookie with domain that won't domain match (along with other invalid noise)",
+ },
+ ];
+
+ for (const test of invalidAttributeTests) {
+ httpCookieTest(test.cookie, test.expected, test.name, test.defaultPath);
+ }
+ </script>
+ </body>
+</html> \ No newline at end of file
diff --git a/testing/web-platform/tests/cookies/attributes/max-age.html b/testing/web-platform/tests/cookies/attributes/max-age.html
new file mode 100644
index 0000000000..7b7ff6ed4c
--- /dev/null
+++ b/testing/web-platform/tests/cookies/attributes/max-age.html
@@ -0,0 +1,78 @@
+<!doctype html>
+<html>
+ <head>
+ <meta charset=utf-8>
+ <title>Test max-age attribute parsing</title>
+ <meta name=help href="https://tools.ietf.org/html/rfc6265#section-5.3.2">
+ <meta name="timeout" content="long">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/resources/testdriver.js"></script>
+ <script src="/resources/testdriver-vendor.js"></script>
+ <script src="/cookies/resources/cookie-test.js"></script>
+ </head>
+ <body>
+ <div id=log></div>
+ <script>
+ // TODO: there is more to test here, these tests capture the old
+ // ported http-state tests. Feel free to delete this comment when more
+ // are added.
+ const maxAgeTests = [
+ {
+ cookie: "test=1; Max-Age=50,399",
+ expected: "test=1",
+ name: "Ignore max-age attribute with invalid non-zero-digit (containing a comma)",
+ },
+ {
+ cookie: "test=2; max-age=10000",
+ expected: "test=2",
+ name: "Set cookie with age",
+ },
+ {
+ cookie: "test=3; max-age=0",
+ expected: "",
+ name: "Set no cookie with max-age=0",
+ },
+ {
+ cookie: "test=4; max-age=-1",
+ expected: "",
+ name: "Set no cookie with max-age=-1",
+ },
+ {
+ cookie: "test=5; max-age=-20",
+ expected: "",
+ name: "Set no cookie with max-age=-20",
+ },
+ {
+ cookie: ["testA=6; max-age=60", "testB=6; max-age=60"],
+ expected: "testA=6; testB=6",
+ name: "Set multiple cookies with max-age attribute",
+ },
+ {
+ cookie: ["testA=7; max-age=60", "testB=7; max-age=60", "testA=differentvalue; max-age=0"],
+ expected: "testB=7",
+ name: "Expire later cookie with same name and max-age=0",
+ },
+ {
+ cookie: ["testA=8; max-age=60", "testB=8; max-age=60", "testA=differentvalue; max-age=0", "testC=8; max-age=0"],
+ expected: "testB=8",
+ name: "Expire later cookie with same name and max-age=0, and don't set cookie with max-age=0",
+ },
+ {
+ cookie: ['test="9! = foo;bar\";" parser; max-age=6', "test9; max-age=2.63,"],
+ expected: 'test="9! = foo; test9',
+ name: "Set mulitiple cookies with valid max-age values",
+ },
+ {
+ cookie: ["test=10; max-age=0", "test10; max-age=0"],
+ expected: "",
+ name: "Don't set multiple cookies with max-age=0",
+ },
+ ];
+
+ for (const test of maxAgeTests) {
+ httpCookieTest(test.cookie, test.expected, test.name);
+ }
+ </script>
+ </body>
+</html> \ No newline at end of file
diff --git a/testing/web-platform/tests/cookies/attributes/path-redirect.html b/testing/web-platform/tests/cookies/attributes/path-redirect.html
new file mode 100644
index 0000000000..574879971f
--- /dev/null
+++ b/testing/web-platform/tests/cookies/attributes/path-redirect.html
@@ -0,0 +1,128 @@
+<!doctype html>
+<html>
+ <head>
+ <meta charset=utf-8>
+ <title>Test cookie path attribute parsing</title>
+ <meta name=help href="https://tools.ietf.org/html/rfc6265#section-5.2.4">
+ <meta name="timeout" content="long">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/resources/testdriver.js"></script>
+ <script src="/resources/testdriver-vendor.js"></script>
+ <script src="/cookies/resources/cookie-test.js"></script>
+ </head>
+ <body>
+ <script>
+ const pathRedirectTests = [
+ {
+ cookie: "test=1; path=/cookies/attributes/resources/path.html",
+ expected: "test=1",
+ name: "Cookie sent for exact redirected path match",
+ location: "/cookies/attributes/resources/path.html",
+ },
+ {
+ cookie: "test=2; path=/cookies/attributes/resources/path/one.html",
+ expected: "test=2",
+ name: "Cookie sent for exact redirected path match, one level deeper",
+ location: "/cookies/attributes/resources/path/one.html",
+ },
+ {
+ cookie: "test=3; path=/cookies/attributes/resources/path/",
+ expected: "test=3",
+ name: "Cookie sent for redirected path with trailing '/' and the redirected URL is one level deeper",
+ location: "/cookies/attributes/resources/path/one.html",
+ },
+ {
+ cookie: "test=4; path=/cookies/attributes/resources/path/",
+ expected: "test=4",
+ name: "Cookie sent for redirected path with trailing '/' and a double '/' in the redirected URL",
+ location: "/cookies/attributes/resources/path//one.html",
+ },
+ {
+ cookie: "test=5; path=/cookies/attributes/resources/path/one.html;",
+ expected: "test=5",
+ name: "Cookie sent for redirected path match with a trailing ';' after an unquoted Path",
+ location: "/cookies/attributes/resources/path/one.html",
+ },
+ {
+ cookie: 'test=6; path="/cookies/attributes/resources/path/one.html;"',
+ expected: "",
+ name: "No cookie sent for redirected path match with a trailing ';' inside a quoted Path",
+ location: "/cookies/attributes/resources/path/one.html",
+ },
+ {
+ cookie: "test=7a; path=/cookies/attributes/resources/p%61th/three.html",
+ expected: "",
+ name: "No cookie sent for redirected path match with partially URL encoded path",
+ location: "/cookies/attributes/resources/path/three.html",
+ },
+ {
+ cookie: ["test=8a; path=/cookies/attributes/resources",
+ "test=8b; path=/cookies/attributes/resources/"],
+ expected: "test=8b; test=8a",
+ name: "Multiple cookies sent for multiple redirected path matches, sorted by length",
+ location: "/cookies/attributes/resources/path.html",
+ },
+ {
+ cookie: "test=9; path=/cookies/attributes/resources/path.html",
+ expected: "",
+ name: "No cookie sent for redirected path mismatch where path and redirected URL begin with same string",
+ location: "/cookies/attributes/resources/pathfakeout.html",
+ },
+ {
+ cookie: "test=10; path=/cookies/attributes/resources/path/one.html",
+ expected: "",
+ name: "No cookie sent for redirected path mismatch where final path directory component and redirected URL resource begin with same string",
+ location: "/cookies/attributes/resources/path.html",
+ },
+ {
+ cookie: "test=11; path=/cookies/attributes/resources/path/one.html",
+ expected: "",
+ name: "No cookie sent for redirected path mismatch where final path directory component begins with same string as redirected URL final directory component",
+ location: "/cookies/attributes/resources/pathfakeout/one.html",
+ },
+ {
+ cookie: "test=12; path=/cookies/attributes/resources/path/one.html",
+ expected: "",
+ name: "No cookie sent for redirected path mismatch for different resources inside the same final directory component",
+ location: "/cookies/attributes/resources/path/two.html",
+ },
+ {
+ cookie: "test=13; path=/cookies/attributes/resources/path/one.html/",
+ expected: "",
+ name: "No cookie sent for redirected path mismatch where final path directory component ends in '/' and does not match redirected URL",
+ location: "/cookies/attributes/resources/path/two.html",
+ },
+ {
+ cookie: "test=14; path=/cookies/attributes/resources/path/",
+ expected: "",
+ name: "No cookie sent for redirected path mismatch with a similar start to the redirected URL",
+ location: "/cookies/attributes/resources/pathfakeout.html",
+ },
+ {
+ cookie: "test=15; path=/cookies/attributes/resources/path/one.html?",
+ expected: "",
+ name: "No cookie sent for redirected path mismatch with trailing '?' after unquoted Path",
+ location: "/cookies/attributes/resources/path/one.html",
+ },
+ {
+ cookie: "test=16; path=/cookies/attributes/resources/path/one.html#",
+ expected: "",
+ name: "No cookie sent for redirected path mismatch with trailing '#' after unquoted Path",
+ location: "/cookies/attributes/resources/path/one.html",
+ },
+ {
+ cookie: "test=17; path=/cookies/attributes/resources/path/one.html/",
+ expected: "",
+ name: "No cookie sent for redirected path mismatch with trailing '/' after unquoted Path",
+ location: "/cookies/attributes/resources/path/one.html",
+ },
+ ];
+
+ for (const test of pathRedirectTests) {
+ httpRedirectCookieTest(test.cookie, test.expected, test.name,
+ test.location);
+ }
+ </script>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/cookies/attributes/path.html b/testing/web-platform/tests/cookies/attributes/path.html
new file mode 100644
index 0000000000..81adc08a19
--- /dev/null
+++ b/testing/web-platform/tests/cookies/attributes/path.html
@@ -0,0 +1,144 @@
+<!doctype html>
+<html>
+ <head>
+ <meta charset=utf-8>
+ <title>Test cookie path attribute parsing</title>
+ <meta name=help href="https://tools.ietf.org/html/rfc6265#section-5.2.4">
+ <meta name="timeout" content="long">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/resources/testdriver.js"></script>
+ <script src="/resources/testdriver-vendor.js"></script>
+ <script src="/cookies/resources/cookie-test.js"></script>
+ </head>
+ <body>
+ <script>
+ const pathTests = [
+ {
+ cookie: "test=1; Path",
+ expected: "test=1",
+ name: "Set cookie for bare Path",
+ },
+ {
+ cookie: "test=2; Path=",
+ expected: "test=2",
+ name: "Set cookie for Path=",
+ },
+ {
+ cookie: "test=3; Path=/",
+ expected: "test=3",
+ name: "Set cookie for Path=/",
+ defaultPath: false,
+ },
+ {
+ cookie: "test=4; Path=/qux",
+ expected: "",
+ name: "No cookie returned for mismatched path",
+ defaultPath: false,
+ },
+ {
+ cookie: "test=5; Path =/qux",
+ expected: "",
+ name: "No cookie returned for path space equals mismatched path",
+ defaultPath: false,
+ },
+ {
+ cookie: "test=6; Path= /qux",
+ expected: "",
+ name: "No cookie returned for path equals space mismatched path",
+ defaultPath: false,
+ },
+ {
+ cookie: "test=7; Path=/qux ; taz",
+ expected: "",
+ name: "No cookie returned for mismatched path and attribute",
+ defaultPath: false,
+ },
+ {
+ cookie: "test=8; Path=/qux; Path=/",
+ expected: "test=8",
+ name: "Set cookie for mismatched and root path",
+ },
+ {
+ cookie: "test=9; Path=/; Path=/qux",
+ expected: "",
+ name: "No cookie returned for root and mismatched path",
+ defaultPath: false,
+ },
+ {
+ cookie: "test=10; Path=/lol; Path=/qux",
+ expected: "",
+ name: "No cookie returned for multiple mismatched paths",
+ defaultPath: false,
+ },
+ {
+ cookie: ["testA=11; path=/", "testB=11; path=/cookies/attributes"],
+ expected: "testB=11; testA=11",
+ name: "Return 2 cookies sorted by matching path length (earlier name with shorter path set first)",
+ defaultPath: false,
+ },
+ {
+ cookie: ["testB=12; path=/", "testA=12; path=/cookies/attributes"],
+ expected: "testA=12; testB=12",
+ name: "Return 2 cookies sorted by matching path length (later name with shorter path set first)",
+ defaultPath: false,
+ },
+ {
+ cookie: ["testA=13; path=/cookies/attributes", "testB=13; path=/"],
+ expected: "testA=13; testB=13",
+ name: "Return 2 cookies sorted by matching path length (earlier name with longer path set first)",
+ defaultPath: false,
+ },
+ {
+ cookie: ["testB=14; path=/cookies/attributes", "testA=14; path=/"],
+ expected: "testB=14; testA=14",
+ name: "Return 2 cookies sorted by matching path length (later name with longer path set first)",
+ defaultPath: false,
+ },
+ {
+ cookie: ["test=15; path=/cookies/attributes/foo"],
+ expected: "",
+ name: "No cookie returned for partial path match",
+ defaultPath: false,
+ },
+ {
+ cookie: ["test=16", "test=0; path=/cookies/attributes/foo"],
+ expected: "test=16",
+ name: "No cookie returned for partial path match, return cookie for default path",
+ },
+ {
+ cookie: ["test=17; path= /"],
+ expected: "test=17",
+ name: "Return cookie for path= / (whitespace after equals)",
+ },
+ {
+ cookie: ["test=18; path=/cookies/ATTRIBUTES"],
+ expected: "",
+ name: "No cookie returned for case mismatched path",
+ defaultPath: false,
+ },
+ {
+ cookie: ["testA=19; path = /cookies/attributes", "testB=19; path = /book"],
+ expected: "testA=19",
+ name: "Return cookie A on path match, no cookie returned for path mismatch (plus whitespace)",
+ defaultPath: false,
+ },
+ {
+ cookie: ["test=20; path=; path=/dog"],
+ expected: "",
+ name: "No cookie returned for mismatched path (after bare path=)",
+ defaultPath: false,
+ },
+ {
+ cookie: ["test=21; path=/dog; path="],
+ expected: "test=21",
+ name: "Return cookie for bare path= (after mismatched path)",
+ },
+ ];
+
+ for (const test of pathTests) {
+ httpCookieTest(test.cookie, test.expected, test.name, test.defaultPath);
+ }
+ </script>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/cookies/attributes/resources/domain-child.sub.html b/testing/web-platform/tests/cookies/attributes/resources/domain-child.sub.html
new file mode 100644
index 0000000000..515079b783
--- /dev/null
+++ b/testing/web-platform/tests/cookies/attributes/resources/domain-child.sub.html
@@ -0,0 +1,401 @@
+<!doctype html>
+<html>
+ <head>
+ <meta charset=utf-8>
+ <title>Test cookie domain attribute parsing</title>
+ <meta name=help href="https://tools.ietf.org/html/rfc6265#section-5.2.3">
+ <meta name="timeout" content="long">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testdriver.js"></script>
+ <script src="/resources/testdriver-vendor.js"></script>
+ <script src="/cookies/resources/cookie-test.js"></script>
+ </head>
+ <body>
+ <script>
+ const path = "path=/cookies/attributes"
+ const port = "{{ports[http][0]}}";
+ const host = "{{host}}"; // example.org
+ const wwwHost = "{{domains[www]}}"; // home.example.org
+ const www1Host = "{{domains[www1]}}"; // sibling.example.org
+ const www2wwwHost = "{{domains[www2.www]}}"; // subdomain.home.example.org
+
+ // naive helper method to return the TLD for a given domain
+ const getTLD = domain => {
+ let match = /\.[a-z]+$/.exec(domain);
+ if (match) {
+ return match[0];
+ } else {
+ throw 'Domain is malformed!';
+ }
+ }
+
+ // helper to take a domain like "www.example.org"
+ // and return a string like "www.eXaMpLe.org"
+ const makeBizarre = domain => {
+ let bizarre = "";
+ let domainArray = domain.split(".");
+ let secondLevel = domainArray[domainArray.length - 2];
+ for (let i in secondLevel) {
+ if (i % 2 == 1) {
+ bizarre += secondLevel[i].toUpperCase();
+ } else {
+ bizarre += secondLevel[i];
+ }
+ }
+ domainArray[domainArray.length - 2] = bizarre;
+ return domainArray.join(".");
+ }
+
+ // helper to change the current TLD to a TLD that doesn't exist, and is
+ // unlikely to exist in the future. (the main point is that the TLD
+ // *changes*, so there is no domain match, but we cant' predict how WPT
+ // servers may be set up in the wild so picking any valid TLD has the risk
+ // of future (unintentional) domain matching.
+ const changeTLD = domain => {
+ let domainArray = domain.split(".");
+ domainArray[domainArray.length - 1] += "zzz";
+ return domainArray.join(".");
+ }
+
+ const domainTests = [
+ {
+ cookie: `test=1; domain=${wwwHost}`,
+ expected: "test=1",
+ name: "Return cookie for a domain match",
+ location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
+ },
+ {
+ cookie: `test=2; domain=${wwwHost}`,
+ expected: "",
+ name: "No cookie returned for domain mismatch (subdomains differ post-redirect)",
+ location: `http://${www1Host}:${port}/cookies/attributes/resources/path.html`,
+ },
+ {
+ cookie: `test=3; domain=.${wwwHost}`,
+ expected: "test=3",
+ name: "Return cookie for a domain match with leading '.'",
+ location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
+ },
+ {
+ cookie: `test=4; domain=${wwwHost}`,
+ expected: "test=4",
+ name: "Return cookie for domain match (domain attribute is suffix of the host name and first level subdomain)",
+ location: `http://${www2wwwHost}:${port}/cookies/attributes/resources/path.html`,
+ },
+ {
+ cookie: `test=5; domain=.${wwwHost}`,
+ expected: "test=5",
+ name: "Return cookie for domain match (domain attribute is suffix of the host name and first level subdomain, with leading '.')",
+ location: `http://${www2wwwHost}:${port}/cookies/attributes/resources/path.html`,
+ },
+ {
+ cookie: `test=6; domain=.${wwwHost}`,
+ expected: "",
+ name: "No cookie returned for domain mismatch (subdomains differ, with leading '.')",
+ location: `http://${www1Host}:${port}/cookies/attributes/resources/path.html`,
+ },
+ {
+ cookie: `test=7; domain=${www1Host}`,
+ expected: "",
+ name: "No cookie returned for domain mismatch when cookie was created (which would match after the redirect, with one subdomain level)",
+ location: `http://${www1Host}:${port}/cookies/attributes/resources/path.html`,
+ },
+ {
+ cookie: `test=8; domain=.${host}`,
+ expected: "test=8",
+ name: "Return cookie for domain match (domain attribute is suffix of the host name, with leading '.')",
+ location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
+ },
+ {
+ cookie: `test=9; domain=${host}`,
+ expected: "test=9",
+ name: "Return cookie for domain match (domain attribute is suffix of the host name)",
+ location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
+ },
+ {
+ cookie: `test=10; domain=..${wwwHost}`,
+ expected: "",
+ name: "No cookie returned for domain attribute with double leading '.'",
+ location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
+ },
+ {
+ cookie: `test=11; domain=www..${host}`,
+ expected: "",
+ name: "No cookie returned for domain attribute with subdomain followed by ..",
+ location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
+ },
+ {
+ cookie: `test=12; domain= .${wwwHost}`,
+ expected: "test=12",
+ name: "Return cookie for a domain match with leading whitespace and '.'",
+ location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
+ },
+ {
+ cookie: `test=13; domain= . ${wwwHost}`,
+ expected: "",
+ name: "No cookie returned for domain attribute with whitespace that surrounds a leading '.'",
+ location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
+ },
+ {
+ cookie: `test=14; domain=${wwwHost}.`,
+ expected: "",
+ name: "No cookie returned for domain attribute with trailing '.'",
+ location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
+ },
+ {
+ cookie: `test=15; domain=${wwwHost}..`,
+ expected: "",
+ name: "No cookie returned for domain attribute with trailing '..'",
+ location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
+ },
+ {
+ cookie: `test=16; domain=${wwwHost} .`,
+ expected: "",
+ name: "No cookie returned for domain attribute with trailing whitespace and '.'",
+ location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
+ },
+ {
+ cookie: `test=17; domain=${getTLD(host)}`,
+ expected: "",
+ name: "No cookie returned for domain attribute with TLD as value",
+ location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
+ },
+ {
+ cookie: `test=18; domain=.${getTLD(host)}`,
+ expected: "",
+ name: "No cookie returned for domain attribute with TLD as value, with leading '.'",
+ location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
+ },
+ {
+ cookie: `test=18b; domain=.${getTLD(host)}.`,
+ expected: "",
+ name: "No cookie returned for domain attribute with TLD as value, with leading and trailing '.'",
+ location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
+ },
+ {
+ cookie: [`testA=19; domain=${wwwHost}`, `testB=19; domain=.${wwwHost}`],
+ expected: "testA=19; testB=19",
+ name: "Return multiple cookies that match on domain (without and with leading '.')",
+ location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
+ },
+ {
+ cookie: [`testB=20; domain=.${wwwHost}`, `testA=20; domain=${wwwHost}`],
+ expected: "testB=20; testA=20",
+ name: "Return multiple cookies that match on domain (with and without leading '.')",
+ location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
+ },
+ {
+ cookie: `test=21; domain="${wwwHost}"`,
+ expected: "",
+ name: "No cookie returned for domain attribute value between quotes",
+ location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
+ },
+ {
+ cookie: [`testA=22; domain=${wwwHost}`, `testB=22; domain=.${host}`],
+ expected: "testA=22; testB=22",
+ name: "Return multiple cookies that match on subdomain and domain (without and with leading '.')",
+ location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
+ },
+ {
+ cookie: [`testB=23; domain=.${host}`, `testA=23; domain=${wwwHost}`],
+ expected: "testB=23; testA=23",
+ name: "Return multiple cookies that match on domain and subdomain (with and without leading '.')",
+ location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
+ },
+ {
+ cookie: `test=24; domain=.${host}; domain=${wwwHost}`,
+ expected: "",
+ name: "No cookie returned when domain attribute does not domain-match (and first does)",
+ location: `http://${www1Host}:${port}/cookies/attributes/resources/path.html`,
+ },
+ {
+ cookie: `test=25; domain=${wwwHost}; domain=.${host}`,
+ expected: "test=25",
+ name: "Return cookie for domain attribute match (first does not, but second does)",
+ location: `http://${www1Host}:${port}/cookies/attributes/resources/path.html`,
+ },
+ {
+ cookie: `test=26; domain=${makeBizarre(wwwHost)}`,
+ expected: "test=26",
+ name: "Return cookie for domain match (with bizarre capitalization for domain attribute value)",
+ location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
+ },
+ {
+ cookie: `test=27; domain="${wwwHost}:${port}"`,
+ expected: "",
+ name: "No cookie returned for domain attribute value with port",
+ location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
+ },
+ {
+ cookie: `test=28; domain=${www2wwwHost}`,
+ expected: "",
+ name: "No cookie returned for domain mismatch when cookie was created (which would match after the redirect, with two subdomain levels)",
+ location: `http://${www2wwwHost}:${port}/cookies/attributes/resources/path.html`,
+ },
+ {
+ cookie: `test=29`,
+ expected: "",
+ name: "No cookie returned for cookie set on different domain (with no domain attribute)",
+ location: `http://${www2wwwHost}:${port}/cookies/attributes/resources/path.html`,
+ },
+ {
+ cookie: "test=30; domain=",
+ expected: "test=30",
+ name: "Return cookie set with bare domain= attribute",
+ location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
+ },
+ {
+ cookie: `test=31; domain=${wwwHost}`,
+ expected: "test=31",
+ name: "Return cookie that domain-matches with bizarre-cased URL",
+ location: `http://${makeBizarre(wwwHost)}:${port}/cookies/attributes/resources/path.html`,
+ },
+ {
+ cookie: `test=32; domain=${wwwHost}; domain=${changeTLD(wwwHost)}`,
+ expected: "",
+ name: "No cookie returned for domain attribute mismatch (first attribute matches, but second does not)",
+ location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
+ },
+ {
+ cookie: `test=33; domain=${changeTLD(wwwHost)}; domain=${wwwHost}`,
+ expected: "test=33",
+ name: "Return cookie for domain match (first attribute doesn't, but second does)",
+ location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
+ },
+ {
+ cookie: `test=34; domain=${wwwHost}; domain=${changeTLD(wwwHost)}; domain=${wwwHost}`,
+ expected: "test=34",
+ name: "Return cookie for domain match (first attribute matches, second doesn't, third does)",
+ location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
+ },
+ {
+ cookie: `test=35; domain=${changeTLD(wwwHost)}; domain=${wwwHost}; domain=${changeTLD(wwwHost)}`,
+ expected: "",
+ name: "No cookie returned for domain attribute mismatch (first attribute doesn't, second does, third doesn't)",
+ location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
+ },
+ {
+ cookie: `test=36; domain=${wwwHost}; domain=${wwwHost}`,
+ expected: "test=36",
+ name: "Return cookie for domain match (with two identical domain attributes)",
+ location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
+ },
+ {
+ cookie: `test=37; domain=${wwwHost}; domain=${host}`,
+ expected: "test=37",
+ name: "Return cookie for domain match (with first domain attribute a match for host name and second as suffix of host name)",
+ location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
+ },
+ {
+ cookie: `test=38; domain=${host}; domain=${wwwHost}`,
+ expected: "test=38",
+ name: "Return cookie for domain match (with first domain attribute as suffix of host name and second a match for host name)",
+ location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
+ },
+ {
+ cookie: `test=39; domain=.${www1Host}`,
+ expected: "",
+ name: "No cookie set on domain mismatch before a (domain matching) redirect",
+ location: `http://${www1Host}:${port}/cookies/attributes/resources/path.html`,
+ },
+ {
+ cookie: `test=40; domain=.${www2wwwHost}`,
+ expected: "",
+ name: "No cookie set on domain mismatch before a (domain matching) redirect (for second level subdomain)",
+ location: `http://${www2wwwHost}:${port}/cookies/attributes/resources/path.html`,
+ },
+ {
+ cookie: `test=41; domain=${host}; domain=`,
+ expected: "test=41",
+ name: "Return cookie for domain match (with first domain attribute as suffix of host name and second a bare attribute)",
+ location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
+ },
+ {
+ cookie: `test=42; domain=${www1Host}; domain=`,
+ expected: "test=42",
+ name: "Cookie returned for bare domain attribute following mismatched domain attribute (after redirect to same-origin page).",
+ location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
+ },
+ {
+ cookie: `test=43; domain=${www1Host}; domain=`,
+ expected: "",
+ name: "No cookie returned for domain mismatch (first attribute is a different subdomain and second is bare)",
+ location: `http://${www2wwwHost}:${port}/cookies/attributes/resources/path.html`,
+ },
+ {
+ cookie: [`test=not44; domain=${wwwHost}`, `test=44; domain=.${wwwHost}`],
+ expected: "test=44",
+ name: "Cookies with same name, path, and domain (differing only in leading '.') overwrite each other ('.' second)",
+ location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
+ },
+ {
+ cookie: [`test=not45; domain=.${wwwHost}`, `test=45; domain=${wwwHost}`],
+ expected: "test=45",
+ name: "Cookies with same name, path, and domain (differing only in leading '.') overwrite each other ('.' first)",
+ location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
+ },
+ {
+ cookie: `test=46; domain=.`,
+ expected: "",
+ name: "No cookie returned for domain with single dot ('.') value.",
+ location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
+ },
+ {
+ cookie: `test=46b; domain=.; domain=${host}`,
+ expected: "test=46b",
+ name: "Return cookie with valid domain after domain with single dot ('.') value.",
+ location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
+ },
+ {
+ cookie: ["test=47", `test=47b; domain=${host}`,`test=47b; domain=${www1Host}; domain=`],
+ expected: "test=47b; test=47b",
+ name: "Empty domain treated as host cookie 1",
+ location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
+ },
+ {
+ cookie: ["test=48", `test=48b; domain=${host}`,`test=48b; domain=${host}; domain=`],
+ expected: "test=48b; test=48b",
+ name: "Empty domain treated as host cookie 2",
+ location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
+ },
+ {
+ cookie: ["test=49", `test=49b; domain=${host}`,`test=49b; domain=`],
+ expected: "test=49b; test=49b",
+ name: "Empty domain treated as host cookie 3",
+ location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
+ },
+ {
+ cookie: ["test=50", `test=50b; domain=${host}`,`test=50b; domain=${www1Host}; domain=`],
+ expected: "test=50b",
+ name: "No host cookies returned for host cookies after non-host redirect 1",
+ location: `http://${www2wwwHost}:${port}/cookies/attributes/resources/path.html`,
+ },
+ {
+ cookie: ["test=51", `test=51b; domain=${host}`,`test=51b; domain=${host}; domain=`],
+ expected: "test=51b",
+ name: "No host cookies returned for host cookies after non-host redirect 2",
+ location: `http://${www2wwwHost}:${port}/cookies/attributes/resources/path.html`,
+ },
+ {
+ cookie: ["test=52", `test=52b; domain=${host}`,`test=52b; domain=`],
+ expected: "test=52b",
+ name: "No host cookies returned for host cookies after non-host redirect 3",
+ location: `http://${www2wwwHost}:${port}/cookies/attributes/resources/path.html`,
+ },
+ ];
+
+ for (const test of domainTests) {
+ if (Array.isArray(test.cookie)) {
+ for (let i in test.cookie) {
+ test.cookie[i] += `; ${path}`;
+ }
+ } else {
+ test.cookie += `; ${path}`;
+ }
+
+ httpRedirectCookieTest(test.cookie, test.expected, test.name,
+ test.location);
+ }
+ </script>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/cookies/attributes/resources/path-redirect-shared.js b/testing/web-platform/tests/cookies/attributes/resources/path-redirect-shared.js
new file mode 100644
index 0000000000..777d0abd33
--- /dev/null
+++ b/testing/web-platform/tests/cookies/attributes/resources/path-redirect-shared.js
@@ -0,0 +1,11 @@
+// Note: this function has a dependency on testdriver.js. Any test files calling
+// it should include testdriver.js and testdriver-vendor.js
+window.addEventListener("message", (e) => {
+ setTestContextUsingRootWindow();
+ if (e.data == "getAndExpireCookiesForRedirectTest") {
+ const cookies = document.cookie;
+ test_driver.delete_all_cookies().then(() => {
+ e.source.postMessage({"cookies": cookies}, '*');
+ });
+ }
+}); \ No newline at end of file
diff --git a/testing/web-platform/tests/cookies/attributes/resources/path.html b/testing/web-platform/tests/cookies/attributes/resources/path.html
new file mode 100644
index 0000000000..5ff90b9f15
--- /dev/null
+++ b/testing/web-platform/tests/cookies/attributes/resources/path.html
@@ -0,0 +1,14 @@
+<!doctype html>
+<html>
+<head>
+ <meta charset=utf-8>
+ <title>helper iframe for matching cookie path redirect tests</title>
+ <meta name=help href="http://tools.ietf.org/html/rfc6265#section-5.1.4">
+</head>
+<body>
+ <script src="/resources/testdriver.js"></script>
+ <script src="/resources/testdriver-vendor.js"></script>
+ <script src="/cookies/resources/cookie-test.js"></script>
+ <script src="/cookies/attributes/resources/path-redirect-shared.js"></script>
+</body>
+</html> \ No newline at end of file
diff --git a/testing/web-platform/tests/cookies/attributes/resources/path.html.headers b/testing/web-platform/tests/cookies/attributes/resources/path.html.headers
new file mode 100644
index 0000000000..23de552c1a
--- /dev/null
+++ b/testing/web-platform/tests/cookies/attributes/resources/path.html.headers
@@ -0,0 +1 @@
+Access-Control-Allow-Origin: * \ No newline at end of file
diff --git a/testing/web-platform/tests/cookies/attributes/resources/path/one.html b/testing/web-platform/tests/cookies/attributes/resources/path/one.html
new file mode 100644
index 0000000000..5ff90b9f15
--- /dev/null
+++ b/testing/web-platform/tests/cookies/attributes/resources/path/one.html
@@ -0,0 +1,14 @@
+<!doctype html>
+<html>
+<head>
+ <meta charset=utf-8>
+ <title>helper iframe for matching cookie path redirect tests</title>
+ <meta name=help href="http://tools.ietf.org/html/rfc6265#section-5.1.4">
+</head>
+<body>
+ <script src="/resources/testdriver.js"></script>
+ <script src="/resources/testdriver-vendor.js"></script>
+ <script src="/cookies/resources/cookie-test.js"></script>
+ <script src="/cookies/attributes/resources/path-redirect-shared.js"></script>
+</body>
+</html> \ No newline at end of file
diff --git a/testing/web-platform/tests/cookies/attributes/resources/path/three.html b/testing/web-platform/tests/cookies/attributes/resources/path/three.html
new file mode 100644
index 0000000000..5ff90b9f15
--- /dev/null
+++ b/testing/web-platform/tests/cookies/attributes/resources/path/three.html
@@ -0,0 +1,14 @@
+<!doctype html>
+<html>
+<head>
+ <meta charset=utf-8>
+ <title>helper iframe for matching cookie path redirect tests</title>
+ <meta name=help href="http://tools.ietf.org/html/rfc6265#section-5.1.4">
+</head>
+<body>
+ <script src="/resources/testdriver.js"></script>
+ <script src="/resources/testdriver-vendor.js"></script>
+ <script src="/cookies/resources/cookie-test.js"></script>
+ <script src="/cookies/attributes/resources/path-redirect-shared.js"></script>
+</body>
+</html> \ No newline at end of file
diff --git a/testing/web-platform/tests/cookies/attributes/resources/path/two.html b/testing/web-platform/tests/cookies/attributes/resources/path/two.html
new file mode 100644
index 0000000000..5ff90b9f15
--- /dev/null
+++ b/testing/web-platform/tests/cookies/attributes/resources/path/two.html
@@ -0,0 +1,14 @@
+<!doctype html>
+<html>
+<head>
+ <meta charset=utf-8>
+ <title>helper iframe for matching cookie path redirect tests</title>
+ <meta name=help href="http://tools.ietf.org/html/rfc6265#section-5.1.4">
+</head>
+<body>
+ <script src="/resources/testdriver.js"></script>
+ <script src="/resources/testdriver-vendor.js"></script>
+ <script src="/cookies/resources/cookie-test.js"></script>
+ <script src="/cookies/attributes/resources/path-redirect-shared.js"></script>
+</body>
+</html> \ No newline at end of file
diff --git a/testing/web-platform/tests/cookies/attributes/resources/pathfakeout.html b/testing/web-platform/tests/cookies/attributes/resources/pathfakeout.html
new file mode 100644
index 0000000000..5ff90b9f15
--- /dev/null
+++ b/testing/web-platform/tests/cookies/attributes/resources/pathfakeout.html
@@ -0,0 +1,14 @@
+<!doctype html>
+<html>
+<head>
+ <meta charset=utf-8>
+ <title>helper iframe for matching cookie path redirect tests</title>
+ <meta name=help href="http://tools.ietf.org/html/rfc6265#section-5.1.4">
+</head>
+<body>
+ <script src="/resources/testdriver.js"></script>
+ <script src="/resources/testdriver-vendor.js"></script>
+ <script src="/cookies/resources/cookie-test.js"></script>
+ <script src="/cookies/attributes/resources/path-redirect-shared.js"></script>
+</body>
+</html> \ No newline at end of file
diff --git a/testing/web-platform/tests/cookies/attributes/resources/pathfakeout/one.html b/testing/web-platform/tests/cookies/attributes/resources/pathfakeout/one.html
new file mode 100644
index 0000000000..5ff90b9f15
--- /dev/null
+++ b/testing/web-platform/tests/cookies/attributes/resources/pathfakeout/one.html
@@ -0,0 +1,14 @@
+<!doctype html>
+<html>
+<head>
+ <meta charset=utf-8>
+ <title>helper iframe for matching cookie path redirect tests</title>
+ <meta name=help href="http://tools.ietf.org/html/rfc6265#section-5.1.4">
+</head>
+<body>
+ <script src="/resources/testdriver.js"></script>
+ <script src="/resources/testdriver-vendor.js"></script>
+ <script src="/cookies/resources/cookie-test.js"></script>
+ <script src="/cookies/attributes/resources/path-redirect-shared.js"></script>
+</body>
+</html> \ No newline at end of file
diff --git a/testing/web-platform/tests/cookies/attributes/resources/secure-non-secure-child.html b/testing/web-platform/tests/cookies/attributes/resources/secure-non-secure-child.html
new file mode 100644
index 0000000000..e5d68b8d07
--- /dev/null
+++ b/testing/web-platform/tests/cookies/attributes/resources/secure-non-secure-child.html
@@ -0,0 +1,85 @@
+<!doctype html>
+<html>
+ <head>
+ <meta charset=utf-8>
+ <title>Test cookie secure attribute parsing (on non-secure page)</title>
+ <meta name=help href="https://tools.ietf.org/html/rfc6265#section-5.2.5">
+ <meta name="timeout" content="long">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testdriver.js"></script>
+ <script src="/resources/testdriver-vendor.js"></script>
+ <script src="/cookies/resources/cookie-test.js"></script>
+ </head>
+ <body>
+ <script>
+ setTestContextUsingRootWindow();
+ // These tests are the non-secure analog to secure.https.html.
+ // They're not in the /cookies/attributes folder because they shouldn't
+ // be run by themselves. Instead, /cookies/attributes/secure.https.html
+ // opens this in a non-secure window.
+ const secureNonSecureTests = [
+ {
+ cookie: "test=1; Secure",
+ expected: "",
+ name: "(non-secure) Ignore cookie for Secure attribute",
+ },
+ {
+ cookie: "test=2; seCURe",
+ expected: "",
+ name: "(non-secure) Ignore cookie for seCURe attribute",
+ },
+ {
+ cookie: "test=3; Secure=",
+ expected: "",
+ name: "(non-secure) Ignore cookie for for Secure= attribute",
+ },
+ {
+ cookie: "test=4; Secure=aaaa",
+ expected: "",
+ name: "(non-secure) Ignore cookie for Secure=aaaa",
+ },
+ {
+ cookie: "test=5; Secure =aaaaa",
+ expected: "",
+ name: "(non-secure) Ignore cookie for Secure space equals",
+ },
+ {
+ cookie: "test=6; Secure= aaaaa",
+ expected: "",
+ name: "(non-secure) Ignore cookie for Secure equals space",
+ },
+ {
+ cookie: "test=7; Secure",
+ expected: "",
+ name: "(non-secure) Ignore cookie for spaced Secure",
+ },
+ {
+ cookie: "test=8; Secure ;",
+ expected: "",
+ name: "(non-secure) Ignore cookie for space Secure with ;",
+ },
+ {
+ cookie: "__Secure-test=9; Secure",
+ expected: "",
+ name: "(non-secure) Ignore cookie with __Secure- prefix and Secure",
+ },
+ {
+ cookie: "__Secure-test=10",
+ expected: "",
+ name: "(non-secure) Ignore cookie with __Secure- prefix and without Secure",
+ },
+ // This is really a test that the cookie name isn't URL-decoded, but this
+ // is here to be next to the other __Secure- prefix tests.
+ {
+ cookie: "__%53ecure-test=11",
+ expected: "__%53ecure-test=11",
+ name: "(non-secure) Cookie returned with __%53ecure- prefix and without Secure",
+ },
+ ];
+
+ for (const test of secureNonSecureTests) {
+ httpCookieTest(test.cookie, test.expected, test.name, test.defaultPath);
+ }
+ </script>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/cookies/attributes/secure-non-secure.html b/testing/web-platform/tests/cookies/attributes/secure-non-secure.html
new file mode 100644
index 0000000000..578cdbc1f7
--- /dev/null
+++ b/testing/web-platform/tests/cookies/attributes/secure-non-secure.html
@@ -0,0 +1,23 @@
+<!doctype html>
+<html>
+ <head>
+ <meta charset=utf-8>
+ <title>Test cookie secure attribute parsing (non-secure origin)</title>
+ <meta name=help href="https://tools.ietf.org/html/rfc6265#section-5.2.5">
+ <meta name="timeout" content="long">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/resources/testdriver.js"></script>
+ <script src="/resources/testdriver-vendor.js"></script>
+ <script src="/cookies/resources/cookie-helper.sub.js"></script>
+ </head>
+ <body>
+ <div id=log></div>
+ <script>
+ test(t => {
+ const win = window.open(`${INSECURE_ORIGIN}/cookies/attributes/resources/secure-non-secure-child.html`);
+ fetch_tests_from_window(win);
+ });
+ </script>
+ </body>
+</html>
diff --git a/testing/web-platform/tests/cookies/attributes/secure.https.html b/testing/web-platform/tests/cookies/attributes/secure.https.html
new file mode 100644
index 0000000000..9308899694
--- /dev/null
+++ b/testing/web-platform/tests/cookies/attributes/secure.https.html
@@ -0,0 +1,65 @@
+<!doctype html>
+<html>
+ <head>
+ <meta charset=utf-8>
+ <title>Test cookie secure attribute parsing</title>
+ <meta name=help href="https://tools.ietf.org/html/rfc6265#section-5.2.5">
+ <meta name="timeout" content="long">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/resources/testdriver.js"></script>
+ <script src="/resources/testdriver-vendor.js"></script>
+ <script src="/cookies/resources/cookie-test.js"></script>
+ </head>
+ <body>
+ <div id=log></div>
+ <script>
+ const secureTests = [
+ {
+ cookie: "test=1; Secure",
+ expected: "test=1",
+ name: "Set cookie for Secure attribute",
+ },
+ {
+ cookie: "test=2; seCURe",
+ expected: "test=2",
+ name: "Set cookie for seCURe attribute",
+ },
+ {
+ cookie: "test=3; Secure=",
+ expected: "test=3",
+ name: "Set cookie for for Secure= attribute",
+ },
+ {
+ cookie: "test=4; Secure=aaaa",
+ expected: "test=4",
+ name: "Set cookie for Secure=aaaa",
+ },
+ {
+ cookie: "test=5; Secure =aaaaa",
+ expected: "test=5",
+ name: "Set cookie for Secure space equals",
+ },
+ {
+ cookie: "test=6; Secure= aaaaa",
+ expected: "test=6",
+ name: "Set cookie for Secure equals space",
+ },
+ {
+ cookie: "test=7; Secure",
+ expected: "test=7",
+ name: "Set cookie for spaced Secure",
+ },
+ {
+ cookie: "test=8; Secure ;",
+ expected: "test=8",
+ name: "Set cookie for space Secure with ;",
+ }
+ ];
+
+ for (const test of secureTests) {
+ httpCookieTest(test.cookie, test.expected, test.name, test.defaultPath);
+ }
+ </script>
+ </body>
+</html>