diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 09:22:09 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 09:22:09 +0000 |
commit | 43a97878ce14b72f0981164f87f2e35e14151312 (patch) | |
tree | 620249daf56c0258faa40cbdcf9cfba06de2a846 /testing/web-platform/tests/cookies/partitioned-cookies | |
parent | Initial commit. (diff) | |
download | firefox-43a97878ce14b72f0981164f87f2e35e14151312.tar.xz firefox-43a97878ce14b72f0981164f87f2e35e14151312.zip |
Adding upstream version 110.0.1.upstream/110.0.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'testing/web-platform/tests/cookies/partitioned-cookies')
4 files changed, 205 insertions, 0 deletions
diff --git a/testing/web-platform/tests/cookies/partitioned-cookies/partitioned-cookies.tentative.https.html b/testing/web-platform/tests/cookies/partitioned-cookies/partitioned-cookies.tentative.https.html new file mode 100644 index 0000000000..deab669101 --- /dev/null +++ b/testing/web-platform/tests/cookies/partitioned-cookies/partitioned-cookies.tentative.https.html @@ -0,0 +1,72 @@ +<!DOCTYPE html> +<meta charset="utf-8"/> +<meta name="timeout" content="long"> +<meta name="help" href="https://github.com/WICG/CHIPS#chips-cookies-having-independent-partitioned-state"> +<title>Test partitioned cookies</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/cookies/resources/cookie-helper.sub.js"></script> +<script src="/cookies/partitioned-cookies/resources/test-helpers.js"></script> + +<body> +<script> + +document.body.onload = async () => { + // First, the test sets a SameSite=None;Partitioned; cookie. + const attributes = "Secure;Path=/;SameSite=None;Partitioned"; + const httpCookieName = "__Host-pchttp"; + await credFetch( + `${self.origin}/cookies/resources/set.py?${httpCookieName}=foobar;${ + attributes}`); + + // Set another partitioned cookie using document.cookie. + const domCookieName = "__Host-pcdom"; + document.cookie = `${domCookieName}=foobar;${attributes}`; + + // Set another partitioned cookie using the CookieStore API, if supported. + if (window.cookieStore) { + const cookieStoreCookieName = "__Host-pccookiestore"; + await cookieStore.set({ + name: cookieStoreCookieName, + value: "foobar", + path: "/", + sameSite: "none", + partitioned: true, + }); + } + + const cookieNames = getCookieNames(); + + // Verify that the cookies are sent in requests from this top-level site. + testHttpPartitionedCookies({ + origin: self.origin, + cookieNames, + expectsCookie: true, + }); + + // Verify that the cookies are exposed to the DOM on this top-level site. + testDomPartitionedCookies({ + cookieNames, + expectsCookie: true, + }); + testCookieStorePartitionedCookies({ + cookieNames, + expectsCookie: true, + }); + + // Open a cross-site window which will make a request to this window's origin. + // If partitioned cookies are disabled, then the cookies set above will still + // be accessible. + // If partitioned cookies are enabled, then the cookies should not be + // accessible to their origin in a window with a different top-level site. + const crossSiteUrl = new URL( + `./resources/partitioned-cookies-cross-site-window.html?origin=${ + encodeURIComponent(self.origin)}`, + get_host_info().HTTPS_NOTSAMESITE_ORIGIN + self.location.pathname); + const popup = window.open(crossSiteUrl); + fetch_tests_from_window(popup); +}; + +</script> +</body> diff --git a/testing/web-platform/tests/cookies/partitioned-cookies/resources/partitioned-cookies-cross-site-embed.html b/testing/web-platform/tests/cookies/partitioned-cookies/resources/partitioned-cookies-cross-site-embed.html new file mode 100644 index 0000000000..05a99626dc --- /dev/null +++ b/testing/web-platform/tests/cookies/partitioned-cookies/resources/partitioned-cookies-cross-site-embed.html @@ -0,0 +1,26 @@ +<!DOCTYPE html> +<meta charset="utf-8"/> +<meta name="timeout" content="long"> +<title>Test site embedded in a cross-site context</title> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/cookies/resources/cookie-helper.sub.js"></script> +<script src="/cookies/partitioned-cookies/resources/test-helpers.js"></script> +<body> +<script> + +const cookieNames = getCookieNames(); + +testDomPartitionedCookies({ + cookieNames, + expectsCookie: false, +}); + +testCookieStorePartitionedCookies({ + cookieNames, + expectsCookie: false, +}); + +</script> +</body> diff --git a/testing/web-platform/tests/cookies/partitioned-cookies/resources/partitioned-cookies-cross-site-window.html b/testing/web-platform/tests/cookies/partitioned-cookies/resources/partitioned-cookies-cross-site-window.html new file mode 100644 index 0000000000..ca1a27c8a0 --- /dev/null +++ b/testing/web-platform/tests/cookies/partitioned-cookies/resources/partitioned-cookies-cross-site-window.html @@ -0,0 +1,43 @@ +<!DOCTYPE html> +<meta charset="utf-8"/> +<meta name="timeout" content="long"> +<title>Cross-site window</title> +<script src="/resources/testharness.js"></script> +<script src="/common/get-host-info.sub.js"></script> +<script src="/cookies/resources/cookie-helper.sub.js"></script> +<script src="/cookies/partitioned-cookies/resources/test-helpers.js"></script> + +<body> +<script> + +let origin; + +// Test that parent window passed its origin in the URL parameters correctly. +test(() => { + assert_true(window.location.search.startsWith("?origin=")); + origin = decodeURIComponent(window.location.search.slice( + window.location.search.indexOf("?origin=") + 8)); +}, "Cross-site window opened correctly"); + +// Test that the request to the parent window's origin does not contain the +// partitioned cookie. +testHttpPartitionedCookies({ + origin, + cookieNames: getCookieNames(), + expectsCookie: false, +}); + +// Create a cross-site <iframe> which embeds the cookies' origin into this +// page. +const iframe = document.createElement("iframe"); +const url = new URL( + "/cookies/partitioned-cookies/resources/" + + "partitioned-cookies-cross-site-embed.html", + origin); +iframe.src = String(url); +document.body.appendChild(iframe); + +fetch_tests_from_window(iframe.contentWindow); + +</script> +</body> diff --git a/testing/web-platform/tests/cookies/partitioned-cookies/resources/test-helpers.js b/testing/web-platform/tests/cookies/partitioned-cookies/resources/test-helpers.js new file mode 100644 index 0000000000..0ecaa63c39 --- /dev/null +++ b/testing/web-platform/tests/cookies/partitioned-cookies/resources/test-helpers.js @@ -0,0 +1,64 @@ +// Test that a partitioned cookie set by |origin| with name |cookieName| is +// or is not sent in a request to |origin|. +// +// If |expectsCookie| is true, then the test cookie should be present in the +// request. +function testHttpPartitionedCookies({origin, cookieNames, expectsCookie}) { + promise_test(async () => { + const resp = await credFetch(`${origin}/cookies/resources/list.py`); + const cookies = await resp.json(); + for (const cookieName of cookieNames) { + assert_equals( + cookies.hasOwnProperty(cookieName), expectsCookie, + getPartitionedCookieAssertDesc(expectsCookie, cookieName)); + } + }, getPartitionedCookieTestName(expectsCookie, "HTTP")); +} + +function getPartitionedCookieTestName(expectsCookie, cookieType) { + if (expectsCookie) { + return "Partitioned cookies accessible on the top-level site they are " + + `created in via ${cookieType}`; + } + return "Partitioned cookies are not accessible on a different top-level " + + `site via ${cookieType}`; +} + +function getPartitionedCookieAssertDesc(expectsCookie, cookieName) { + if (expectsCookie) { + return `Expected ${cookieName} to be available on the top-level site it ` + + "was created in"; + } + return `Expected ${cookieName} to not be available on a different ` + + "top-level site"; +} + +function testDomPartitionedCookies({cookieNames, expectsCookie}) { + test(() => { + for (const cookieName of cookieNames) { + assert_equals( + document.cookie.includes(cookieName), expectsCookie, + getPartitionedCookieAssertDesc(expectsCookie, cookieName)); + } + }, getPartitionedCookieTestName(expectsCookie, "DOM")); +} + +function testCookieStorePartitionedCookies({cookieNames, expectsCookie}) { + if (!window.cookieStore) return; + promise_test(async () => { + const cookies = await cookieStore.getAll({partitioned: true}); + for (const cookieName of cookieNames) { + assert_equals( + !!cookies.find(c => c.name === cookieName), expectsCookie, + getPartitionedCookieAssertDesc(expectsCookie, cookieName)); + } + }, getPartitionedCookieTestName(expectsCookie, "CookieStore")); +} + +function getCookieNames() { + const cookieNames = ["__Host-pchttp", "__Host-pcdom"]; + if (window.cookieStore) { + cookieNames.push("__Host-pccookiestore"); + } + return cookieNames; +} |