summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/cookies/secure
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 09:22:09 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 09:22:09 +0000
commit43a97878ce14b72f0981164f87f2e35e14151312 (patch)
tree620249daf56c0258faa40cbdcf9cfba06de2a846 /testing/web-platform/tests/cookies/secure
parentInitial commit. (diff)
downloadfirefox-43a97878ce14b72f0981164f87f2e35e14151312.tar.xz
firefox-43a97878ce14b72f0981164f87f2e35e14151312.zip
Adding upstream version 110.0.1.upstream/110.0.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'testing/web-platform/tests/cookies/secure')
-rw-r--r--testing/web-platform/tests/cookies/secure/set-from-dom.https.sub.html47
-rw-r--r--testing/web-platform/tests/cookies/secure/set-from-dom.sub.html47
-rw-r--r--testing/web-platform/tests/cookies/secure/set-from-http.https.sub.html36
-rw-r--r--testing/web-platform/tests/cookies/secure/set-from-http.https.sub.html.headers5
-rw-r--r--testing/web-platform/tests/cookies/secure/set-from-http.sub.html36
-rw-r--r--testing/web-platform/tests/cookies/secure/set-from-http.sub.html.headers5
-rw-r--r--testing/web-platform/tests/cookies/secure/set-from-ws.sub.html45
-rw-r--r--testing/web-platform/tests/cookies/secure/set-from-wss.https.sub.html44
8 files changed, 265 insertions, 0 deletions
diff --git a/testing/web-platform/tests/cookies/secure/set-from-dom.https.sub.html b/testing/web-platform/tests/cookies/secure/set-from-dom.https.sub.html
new file mode 100644
index 0000000000..46997db18a
--- /dev/null
+++ b/testing/web-platform/tests/cookies/secure/set-from-dom.https.sub.html
@@ -0,0 +1,47 @@
+<!doctype html>
+<html>
+<head>
+ <meta charset=utf-8>
+ <title>Set 'secure' cookie from `document.cookie` on a secure page</title>
+ <meta name=help href="https://tools.ietf.org/html/draft-west-leave-secure-cookies-alone">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/cookies/resources/testharness-helpers.js"></script>
+</head>
+<body>
+<div id=log></div>
+<script>
+ var tests = [
+ [
+ "'secure' cookie visible in `document.cookie`",
+ function () {
+ document.cookie = "secure_from_secure_dom=1; secure; path=/";
+ assert_not_equals(document.cookie.match(/secure_from_secure_dom=1/), null);
+ this.done();
+ }
+ ],
+ [
+ "'secure' cookie visible in HTTP request",
+ function () {
+ document.cookie = "secure_from_secure_dom=1; secure; path=/";
+ assert_not_equals(document.cookie.match(/secure_from_secure_dom=1/), null);
+ fetch("https://{{host}}:{{ports[https][0]}}/cookies/resources/echo-json.py",
+ { "credentials": "include" })
+ .then(this.step_func(function (r) {
+ return r.json();
+ }))
+ .then(this.step_func_done(function (j) {
+ assert_equals(j["secure_from_secure_dom"], "secure_from_secure_dom=1");
+ }));
+ }
+ ]
+ ];
+
+ function clearKnownCookie() {
+ document.cookie = "secure_from_secure_dom=0; Secure; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/";
+ }
+
+ executeTestsSerially(tests, clearKnownCookie, clearKnownCookie);
+</script>
+</body>
+</html>
diff --git a/testing/web-platform/tests/cookies/secure/set-from-dom.sub.html b/testing/web-platform/tests/cookies/secure/set-from-dom.sub.html
new file mode 100644
index 0000000000..91aa8fff3b
--- /dev/null
+++ b/testing/web-platform/tests/cookies/secure/set-from-dom.sub.html
@@ -0,0 +1,47 @@
+<!doctype html>
+<html>
+<head>
+ <meta charset=utf-8>
+ <title>Set 'secure' cookie from `document.cookie` on a non-secure page</title>
+ <meta name=help href="https://tools.ietf.org/html/draft-west-leave-secure-cookies-alone">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/cookies/resources/testharness-helpers.js"></script>
+</head>
+<body>
+<div id=log></div>
+<script>
+ var tests = [
+ [
+ "'secure' cookie not set in `document.cookie`",
+ function () {
+ var originalCookie = document.cookie;
+ document.cookie = "secure_from_nonsecure_dom=1; secure; path=/";
+ assert_equals(document.cookie, originalCookie);
+ this.done();
+ }
+ ],
+ [
+ "'secure' cookie not sent in HTTP request",
+ function () {
+ document.cookie = "secure_from_nonsecure_dom=1; secure; path=/";
+ fetch("https://{{host}}:{{ports[https][0]}}/cookies/resources/echo-json.py", { "credentials": "include" })
+ .then(this.step_func(function (r) {
+ return r.json();
+ }))
+ .then(this.step_func_done(function (j) {
+ assert_equals(j["secure_from_nonsecure_dom"], undefined);
+ }));
+ }
+ ]
+ ];
+
+ function clearKnownCookie() {
+ document.cookie = "secure_from_nonsecure_dom=0; Secure; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/";
+ }
+
+ executeTestsSerially(tests, clearKnownCookie, clearKnownCookie);
+</script>
+</body>
+</html>
+
diff --git a/testing/web-platform/tests/cookies/secure/set-from-http.https.sub.html b/testing/web-platform/tests/cookies/secure/set-from-http.https.sub.html
new file mode 100644
index 0000000000..6024c5b7f6
--- /dev/null
+++ b/testing/web-platform/tests/cookies/secure/set-from-http.https.sub.html
@@ -0,0 +1,36 @@
+<!doctype html>
+<html>
+<head>
+ <meta charset=utf-8>
+ <title>Set 'secure' cookie from `Set-Cookie` HTTP header on a secure page</title>
+ <meta name=help href="https://tools.ietf.org/html/draft-west-leave-secure-cookies-alone">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/cookies/resources/testharness-helpers.js"></script>
+</head>
+<body>
+<div id=log></div>
+<script>
+ function clearKnownCookie() {
+ document.cookie = "secure_from_secure_http=0; Secure; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/";
+ }
+
+ test(function () {
+ assert_not_equals(document.cookie.match(/secure_from_secure_http=1/), null);
+ }, "'secure' cookie present in `document.cookie`");
+
+ promise_test(function (t) {
+ t.add_cleanup(clearKnownCookie);
+ return fetch("https://{{host}}:{{ports[https][0]}}/cookies/resources/echo-json.py",
+ { "credentials": "include" })
+ .then(function (r) {
+ return r.json();
+ })
+ .then(function (j) {
+ assert_equals(j["secure_from_secure_http"], "secure_from_secure_http=1");
+ });
+ }, "'secure' cookie sent in HTTP request");
+</script>
+</body>
+</html>
+
diff --git a/testing/web-platform/tests/cookies/secure/set-from-http.https.sub.html.headers b/testing/web-platform/tests/cookies/secure/set-from-http.https.sub.html.headers
new file mode 100644
index 0000000000..f4c9147fac
--- /dev/null
+++ b/testing/web-platform/tests/cookies/secure/set-from-http.https.sub.html.headers
@@ -0,0 +1,5 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Cache-Control: post-check=0, pre-check=0, false
+Pragma: no-cache
+Set-Cookie: secure_from_secure_http=1; Secure; Path=/
diff --git a/testing/web-platform/tests/cookies/secure/set-from-http.sub.html b/testing/web-platform/tests/cookies/secure/set-from-http.sub.html
new file mode 100644
index 0000000000..c80cc34101
--- /dev/null
+++ b/testing/web-platform/tests/cookies/secure/set-from-http.sub.html
@@ -0,0 +1,36 @@
+<!doctype html>
+<html>
+<head>
+ <meta charset=utf-8>
+ <title>Set 'secure' cookie from `Set-Cookie` HTTP header on a non-secure page</title>
+ <meta name=help href="https://tools.ietf.org/html/draft-west-leave-secure-cookies-alone">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/cookies/resources/testharness-helpers.js"></script>
+</head>
+<body>
+<div id=log></div>
+<script>
+ function clearKnownCookie() {
+ document.cookie = "secure_from_nonsecure_http=0; Secure; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/";
+ }
+
+ test(function () {
+ assert_equals(document.cookie.match(/secure_from_nonsecure_http=1/), null);
+ }, "'secure' cookie not present in `document.cookie`");
+
+ promise_test(function (t) {
+ t.add_cleanup(clearKnownCookie);
+ return fetch("https://{{host}}:{{ports[https][0]}}/cookies/resources/echo-json.py",
+ { "credentials": "include" })
+ .then(function (r) {
+ return r.json();
+ })
+ .then(function (j) {
+ assert_equals(j["secure_from_nonsecure_http"], undefined);
+ });
+ }, "'secure' cookie not sent in HTTP request");
+</script>
+</body>
+</html>
+
diff --git a/testing/web-platform/tests/cookies/secure/set-from-http.sub.html.headers b/testing/web-platform/tests/cookies/secure/set-from-http.sub.html.headers
new file mode 100644
index 0000000000..57a45167f0
--- /dev/null
+++ b/testing/web-platform/tests/cookies/secure/set-from-http.sub.html.headers
@@ -0,0 +1,5 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Cache-Control: post-check=0, pre-check=0, false
+Pragma: no-cache
+Set-Cookie: secure_from_nonsecure_http=1; Secure; Path=/
diff --git a/testing/web-platform/tests/cookies/secure/set-from-ws.sub.html b/testing/web-platform/tests/cookies/secure/set-from-ws.sub.html
new file mode 100644
index 0000000000..b12504450e
--- /dev/null
+++ b/testing/web-platform/tests/cookies/secure/set-from-ws.sub.html
@@ -0,0 +1,45 @@
+<!doctype html>
+<html>
+<head>
+ <meta charset=utf-8>
+ <title>Set 'secure' cookie from `Set-Cookie` HTTP header on a non-secure WebSocket</title>
+ <meta name=help href="https://tools.ietf.org/html/draft-west-leave-secure-cookies-alone">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/cookies/resources/testharness-helpers.js"></script>
+</head>
+<body>
+<div id=log></div>
+<script>
+ function clearKnownCookie() {
+ document.cookie = "ws_test_secure_from_nonsecure=0; Secure; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/";
+ }
+
+ async_test(function (t) {
+ t.add_cleanup(clearKnownCookie);
+ assert_equals(document.cookie.match(/ws_test_secure_from_nonsecure=/), null);
+
+ clearKnownCookie();
+ var ws = new WebSocket("ws://{{host}}:{{ports[ws][0]}}/set-cookie-secure?secure_from_nonsecure");
+ ws.onclose = t.step_func_done(function () {
+ assert_unreached("'close' should not fire before 'open'.");
+ });
+ ws.onopen = t.step_func(function (e) {
+ ws.onclose = null;
+ ws.close();
+ assert_false(/ws_test_secure_from_nonsecure=test/.test(document.cookie));
+
+ var ws2 = new WebSocket("wss://{{host}}:{{ports[wss][0]}}/echo-cookie");
+ ws2.onclose = t.step_func_done(function () {
+ assert_unreached("'close' should not fire before 'open'.");
+ });
+ ws2.onmessage = t.step_func_done(function (e) {
+ ws2.onclose = null;
+ ws2.close();
+ assert_false(/ws_test_secure_from_nonsecure=test/.test(e.data));
+ });
+ });
+ }, "'secure' cookie not sent in WSS request when set from WS");
+</script>
+</body>
+</html>
diff --git a/testing/web-platform/tests/cookies/secure/set-from-wss.https.sub.html b/testing/web-platform/tests/cookies/secure/set-from-wss.https.sub.html
new file mode 100644
index 0000000000..c5e8b385d0
--- /dev/null
+++ b/testing/web-platform/tests/cookies/secure/set-from-wss.https.sub.html
@@ -0,0 +1,44 @@
+<!doctype html>
+<html>
+<head>
+ <meta charset=utf-8>
+ <title>Set 'secure' cookie from `Set-Cookie` HTTP header on a secure WebSocket</title>
+ <meta name=help href="https://tools.ietf.org/html/draft-west-leave-secure-cookies-alone">
+ <script src="/resources/testharness.js"></script>
+ <script src="/resources/testharnessreport.js"></script>
+ <script src="/cookies/resources/testharness-helpers.js"></script>
+</head>
+<body>
+<div id=log></div>
+<script>
+ function clearKnownCookie() {
+ document.cookie = "ws_test_secure_from_secure=0; Secure; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/";
+ }
+
+ async_test(function (t) {
+ t.add_cleanup(clearKnownCookie);
+ assert_equals(document.cookie.match(/ws_test_secure_from_secure=/), null);
+
+ clearKnownCookie();
+ var ws = new WebSocket("wss://{{host}}:{{ports[wss][0]}}/set-cookie-secure?secure_from_secure");
+ ws.onclose = t.step_func_done(function () {
+ assert_unreached("'close' should not fire before 'open'.");
+ });
+ ws.onopen = t.step_func(function (e) {
+ ws.onclose = null;
+ ws.close();
+ assert_regexp_match(document.cookie, /ws_test_secure_from_secure=test/);
+ var ws2 = new WebSocket("wss://{{host}}:{{ports[wss][0]}}/echo-cookie");
+ ws2.onclose = t.step_func_done(function () {
+ assert_unreached("'close' should not fire before 'open'.");
+ });
+ ws2.onmessage = t.step_func_done(function (e) {
+ ws2.onclose = null;
+ ws2.close();
+ assert_regexp_match(e.data, /ws_test_secure_from_secure=test/);
+ });
+ });
+ }, "'secure' cookie not sent in HTTP request");
+</script>
+</body>
+</html>