diff options
Diffstat (limited to '')
11 files changed, 313 insertions, 0 deletions
diff --git a/testing/web-platform/tests/cookies/domain/domain-attribute-host-with-and-without-leading-period.sub.https.html b/testing/web-platform/tests/cookies/domain/domain-attribute-host-with-and-without-leading-period.sub.https.html new file mode 100644 index 0000000000..b5f770b848 --- /dev/null +++ b/testing/web-platform/tests/cookies/domain/domain-attribute-host-with-and-without-leading-period.sub.https.html @@ -0,0 +1,40 @@ +<!DOCTYPE html> +<head> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/cookies/resources/cookie-helper.sub.js"></script> +</head> +<body> + <script> + // + // Set-Cookie: domain-attribute-host-with-and-without-leading-period=b; Path=/; Domain=.{{host}} + // Set-Cookie: domain-attribute-host-with-and-without-leading-period=c; Path=/; Domain={{host}} + // + const cookieName = "domain-attribute-host-with-and-without-leading-period"; + // Clean up cookie at the end to avoid interfering with subsequent tests. + add_completion_callback(tests => document.cookie = + `${cookieName}=0; Path=/; Domain={{host}}; expires=01-jan-1970 00:00:00 GMT`); + + test(t => { + assert_dom_cookie(cookieName, "c", true); + }, "Domain=.{{host}} => Second value available via `document.cookie`"); + + async_test(t => { + fetch("/cookies/resources/list.py", { credentials: "include" }) + .then(t.step_func(r => r.json())) + .then(t.step_func_done(r => { + assert_equals(r[cookieName], "c"); + })) + .catch(_ => assert_unreached); + }, "Domain=.{{host}} => Second value sent with same-origin requests."); + + async_test(t => { + fetch(`${SECURE_SUBDOMAIN_ORIGIN}/cookies/resources/list.py`, { credentials: "include" }) + .then(t.step_func(r => r.json())) + .then(t.step_func_done(r => { + assert_equals(r[cookieName], "c"); + })) + .catch(_ => assert_unreached); + }, "Domain=.{{host}} => Second value sent with subdomain requests."); + </script> +</body> diff --git a/testing/web-platform/tests/cookies/domain/domain-attribute-host-with-and-without-leading-period.sub.https.html.sub.headers b/testing/web-platform/tests/cookies/domain/domain-attribute-host-with-and-without-leading-period.sub.https.html.sub.headers new file mode 100644 index 0000000000..77d3d8c0c4 --- /dev/null +++ b/testing/web-platform/tests/cookies/domain/domain-attribute-host-with-and-without-leading-period.sub.https.html.sub.headers @@ -0,0 +1,2 @@ +Set-Cookie: domain-attribute-host-with-and-without-leading-period=b; Path=/; Domain=.{{host}} +Set-Cookie: domain-attribute-host-with-and-without-leading-period=c; Path=/; Domain={{host}} diff --git a/testing/web-platform/tests/cookies/domain/domain-attribute-host-with-leading-period.sub.https.html b/testing/web-platform/tests/cookies/domain/domain-attribute-host-with-leading-period.sub.https.html new file mode 100644 index 0000000000..3ec52fd40b --- /dev/null +++ b/testing/web-platform/tests/cookies/domain/domain-attribute-host-with-leading-period.sub.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<head> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/cookies/resources/cookie-helper.sub.js"></script> +</head> +<body> + <script> + // + // Set-Cookie: domain-attribute-host-with-leading-period=b; Path=/; Domain=.{{host}} + // + const cookieName = "domain-attribute-host-with-leading-period"; + // Clean up cookie at the end to avoid interfering with subsequent tests. + add_completion_callback(tests => document.cookie = + `${cookieName}=0; Path=/; Domain=.{{host}}; expires=01-jan-1970 00:00:00 GMT`); + + test(t => { + assert_dom_cookie(cookieName, "b", true); + }, "Domain=.{{host}} => available via `document.cookie`"); + + async_test(t => { + fetch("/cookies/resources/list.py", { credentials: "include" }) + .then(t.step_func(r => r.json())) + .then(t.step_func_done(r => { + assert_equals(r[cookieName], "b"); + })) + .catch(_ => assert_unreached); + }, "Domain=.{{host}} => sent with same-origin requests."); + + async_test(t => { + fetch(`${SECURE_SUBDOMAIN_ORIGIN}/cookies/resources/list.py`, { credentials: "include" }) + .then(t.step_func(r => r.json())) + .then(t.step_func_done(r => { + assert_equals(r[cookieName], "b"); + })) + .catch(_ => assert_unreached); + }, "Domain=.{{host}} => sent with subdomain requests."); + </script> +</body> diff --git a/testing/web-platform/tests/cookies/domain/domain-attribute-host-with-leading-period.sub.https.html.sub.headers b/testing/web-platform/tests/cookies/domain/domain-attribute-host-with-leading-period.sub.https.html.sub.headers new file mode 100644 index 0000000000..7de4ae2e6a --- /dev/null +++ b/testing/web-platform/tests/cookies/domain/domain-attribute-host-with-leading-period.sub.https.html.sub.headers @@ -0,0 +1 @@ +Set-Cookie: domain-attribute-host-with-leading-period=b; Path=/; Domain=.{{host}} diff --git a/testing/web-platform/tests/cookies/domain/domain-attribute-idn-host.sub.https.html b/testing/web-platform/tests/cookies/domain/domain-attribute-idn-host.sub.https.html new file mode 100644 index 0000000000..ae4bf3cbb3 --- /dev/null +++ b/testing/web-platform/tests/cookies/domain/domain-attribute-idn-host.sub.https.html @@ -0,0 +1,18 @@ +<!DOCTYPE html> +<html> + <head> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/resources/testdriver.js"></script> + <script src="/resources/testdriver-vendor.js"></script> + </head> + <body> + <script> + let url = new URL(document.location); + url.host = "{{hosts[][élève]}}"; + let url2 = new URL("support/idn-child.sub.https.html", url); + let child_window = window.open(url2.href); + fetch_tests_from_window(child_window); + </script> + </body> +</html> diff --git a/testing/web-platform/tests/cookies/domain/domain-attribute-matches-host.sub.https.html b/testing/web-platform/tests/cookies/domain/domain-attribute-matches-host.sub.https.html new file mode 100644 index 0000000000..ac786dd882 --- /dev/null +++ b/testing/web-platform/tests/cookies/domain/domain-attribute-matches-host.sub.https.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<head> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/cookies/resources/cookie-helper.sub.js"></script> +</head> +<body> + <script> + // + // Set-Cookie: domain-attribute-matches-host=b; Path=/; Domain={{host}} + // + const cookieName = "domain-attribute-matches-host"; + // Clean up cookie at the end to avoid interfering with subsequent tests. + add_completion_callback(tests => document.cookie = + `${cookieName}=0; Path=/; Domain={{host}}; expires=01-jan-1970 00:00:00 GMT`); + + test(t => { + assert_dom_cookie(cookieName, "b", true); + }, "Domain={{host}} => available via `document.cookie`"); + + async_test(t => { + fetch("/cookies/resources/list.py", { credentials: "include" }) + .then(t.step_func(r => r.json())) + .then(t.step_func_done(r => { + assert_equals(r[cookieName], "b"); + })) + .catch(_ => assert_unreached); + }, "Domain={{host}} => sent with same-origin requests."); + + async_test(t => { + fetch(`${SECURE_SUBDOMAIN_ORIGIN}/cookies/resources/list.py`, { credentials: "include" }) + .then(t.step_func(r => r.json())) + .then(t.step_func_done(r => { + assert_equals(r[cookieName], "b"); + })) + .catch(_ => assert_unreached); + }, "Domain={{host}} => sent with subdomain requests."); + </script> +</body> diff --git a/testing/web-platform/tests/cookies/domain/domain-attribute-matches-host.sub.https.html.sub.headers b/testing/web-platform/tests/cookies/domain/domain-attribute-matches-host.sub.https.html.sub.headers new file mode 100644 index 0000000000..8a2329e8c2 --- /dev/null +++ b/testing/web-platform/tests/cookies/domain/domain-attribute-matches-host.sub.https.html.sub.headers @@ -0,0 +1 @@ +Set-Cookie: domain-attribute-matches-host=b; Path=/; Domain={{host}} diff --git a/testing/web-platform/tests/cookies/domain/domain-attribute-missing.sub.html b/testing/web-platform/tests/cookies/domain/domain-attribute-missing.sub.html new file mode 100644 index 0000000000..44776ca629 --- /dev/null +++ b/testing/web-platform/tests/cookies/domain/domain-attribute-missing.sub.html @@ -0,0 +1,39 @@ +<!DOCTYPE html> +<head> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/cookies/resources/cookie-helper.sub.js"></script> +</head> +<body> + <script> + // + // Set-Cookie: domain-attribute-missing=b; Path=/ + // + const cookieName = "domain-attribute-missing"; + // Clean up cookie at the end to avoid interfering with subsequent tests. + add_completion_callback(tests => document.cookie = + `${cookieName}=0; Path=/; expires=01-jan-1970 00:00:00 GMT`); + + test(t => { + assert_dom_cookie(cookieName, "b", true); + }, "No domain attribute => available via `document.cookie`"); + + async_test(t => { + fetch("/cookies/resources/list.py", { credentials: "include" }) + .then(t.step_func(r => r.json())) + .then(t.step_func_done(r => { + assert_equals(r[cookieName], "b"); + })) + .catch(_ => assert_unreached); + }, "No domain attribute => sent with same-origin requests."); + + async_test(t => { + fetch(`${SECURE_SUBDOMAIN_ORIGIN}/cookies/resources/list.py`, { credentials: "include" }) + .then(t.step_func(r => r.json())) + .then(t.step_func_done(r => { + assert_equals(r[cookieName], undefined); + })) + .catch(_ => assert_unreached); + }, "No domain attribute => not sent with subdomain requests."); + </script> +</body> diff --git a/testing/web-platform/tests/cookies/domain/domain-attribute-missing.sub.html.headers b/testing/web-platform/tests/cookies/domain/domain-attribute-missing.sub.html.headers new file mode 100644 index 0000000000..3ee2833a45 --- /dev/null +++ b/testing/web-platform/tests/cookies/domain/domain-attribute-missing.sub.html.headers @@ -0,0 +1 @@ +Set-Cookie: domain-attribute-missing=b; Path=/ diff --git a/testing/web-platform/tests/cookies/domain/support/idn-child.sub.https.html b/testing/web-platform/tests/cookies/domain/support/idn-child.sub.https.html new file mode 100644 index 0000000000..d3510959fb --- /dev/null +++ b/testing/web-platform/tests/cookies/domain/support/idn-child.sub.https.html @@ -0,0 +1,72 @@ +<!DOCTYPE html> +<html> +<head> + <script src="/resources/testharness.js"></script> + <script src="/resources/testdriver.js"></script> + <script src="/resources/testdriver-vendor.js"></script> + <script src="/cookies/resources/cookie-test.js"></script> +</head> +<body> + <script> + async function assert_cookie(response, cookie) { + const get = await response.text(); + assert_equals(get, cookie); + assert_equals(document.cookie, cookie); + } + + async function assert_no_cookie(response) { + const get = await response.text(); + assert_equals(get, "no cookies"); + assert_equals(document.cookie, ""); + } + + promise_test(async t => { + t.add_cleanup(async () => { await fetch("idn.py?delete-utf8&host={{host}}") }); + let response = await fetch("idn.py?set-utf8&host={{host}}"); + assert_equals(await response.text(), "set"); + response = await fetch("idn.py?get&host={{host}}"); + await assert_no_cookie(response); + }, "UTF8-encoded IDN in domain attribute"); + + promise_test(async t => { + t.add_cleanup(async () => { await fetch("idn.py?delete-utf8-dot&host={{host}}") }); + let response = await fetch("idn.py?set-utf8-dot&host={{host}}"); + assert_equals(await response.text(), "set"); + response = await fetch("idn.py?get&host={{host}}"); + await assert_no_cookie(response); + }, "UTF8-encoded IDN with non-ASCII dot in domain attribute"); + + promise_test(async t => { + t.add_cleanup(async () => { await fetch("idn.py?delete-wrong-utf8&host={{host}}") }); + let response = await fetch("idn.py?set-wrong-utf8&host={{host}}"); + assert_equals(await response.text(), "set"); + response = await fetch("idn.py?get&host={{host}}"); + await assert_no_cookie(response); + }, "wrong UTF8-encoded IDN in domain attribute"); + + promise_test(async t => { + t.add_cleanup(async () => { await fetch("idn.py?delete-punycode&host={{host}}") }); + let response = await fetch("idn.py?set-punycode&host={{host}}"); + assert_equals(await response.text(), "set"); + response = await fetch("idn.py?get&host={{host}}"); + await assert_cookie(response, "punycode=set"); + }, "punycode IDN in domain attribute"); + + promise_test(async t => { + t.add_cleanup(async () => { await fetch("idn.py?delete-wrong-punycode&host={{host}}") }); + let response = await fetch("idn.py?set-wrong-punycode&host={{host}}"); + assert_equals(await response.text(), "set"); + response = await fetch("idn.py?get&host={{host}}"); + await assert_no_cookie(response); + }, "wrong punycode IDN in domain attribute"); + + promise_test(async t => { + t.add_cleanup(async () => { await fetch("idn.py?delete-invalid-byte&host={{host}}") }); + let response = await fetch("idn.py?set-invalid-byte&host={{host}}"); + assert_equals(await response.text(), "set"); + response = await fetch("idn.py?get&host={{host}}"); + await assert_no_cookie(response); + }, "IDN with invalid UTF-8 bytes in domain attribute"); + </script> +</body> +</html> diff --git a/testing/web-platform/tests/cookies/domain/support/idn.py b/testing/web-platform/tests/cookies/domain/support/idn.py new file mode 100644 index 0000000000..d75ed056f5 --- /dev/null +++ b/testing/web-platform/tests/cookies/domain/support/idn.py @@ -0,0 +1,61 @@ +# élève. +utf8_subdomain = b"Domain=\xC3\xA9\x6C\xC3\xA8\x76\x65." +# élève。 +utf8_dot_subdomain = b"Domain=\xC3\xA9\x6C\xC3\xA8\x76\x65\xE3\x80\x82" +# élève. +punycode_subdomain = b"Domain=xn--lve-6lad." +# ÿlève. +wrong_utf8_subdomain = b"Domain=\xC3\xBF\x6C\xC3\xA8\x76\x65." +# ÿlève. +wrong_punycode_subdomain = b"Domain=xn--lve-6la7i." +# élève with invalid FF byte at the end +invalid_byte_subdomain = b"Domain=\xC3\xA9\x6C\xC3\xA8\x76\x65\xFF." + +def main(request, response): + host = request.GET.get(b"host") + + if b"set-utf8" in request.GET: + response.headers.append(b"Set-Cookie", b"utf8=set;" + utf8_subdomain + host) + response.content = "set" + if b"set-utf8-dot" in request.GET: + response.headers.append(b"Set-Cookie", b"utf8-dot=set;" + utf8_dot_subdomain + host) + response.content = "set" + elif b"set-wrong-utf8" in request.GET: + response.headers.append(b"Set-Cookie", b"wrong-utf8=set;" + wrong_utf8_subdomain + host) + response.content = "set" + elif b"set-punycode" in request.GET: + response.headers.append(b"Set-Cookie", b"punycode=set;" + punycode_subdomain + host) + response.content = "set" + elif b"set-wrong-punycode" in request.GET: + response.headers.append(b"Set-Cookie", b"wrong-punycode=set;" + wrong_punycode_subdomain + host) + response.content = "set" + elif b"set-invalid-byte" in request.GET: + response.headers.append(b"Set-Cookie", b"invalid-byte=set;" + invalid_byte_subdomain + host) + response.content = "set" + + elif b"get" in request.GET: + if b"Cookie" in request.headers: + response.content = request.headers[b"Cookie"] + else: + response.content = "no cookies" + + elif b"delete-utf8" in request.GET: + response.headers.append(b"Set-Cookie", b"utf8=unset;Max-Age=0;" + utf8_subdomain + host) + response.content = "delete" + elif b"delete-utf8-dot" in request.GET: + response.headers.append(b"Set-Cookie", b"utf8-dot=unset;Max-Age=0;" + utf8_dot_subdomain + host) + response.content = "delete" + elif b"delete-wrong-utf8" in request.GET: + response.headers.append(b"Set-Cookie", b"wrong-utf8=unset;Max-Age=0;" + wrong_utf8_subdomain + host) + response.content = "delete" + elif b"delete-punycode" in request.GET: + response.headers.append(b"Set-Cookie", b"punycode=unset;Max-Age=0;" + punycode_subdomain + host) + response.content = "delete" + elif b"delete-wrong-punycode" in request.GET: + response.headers.append(b"Set-Cookie", b"wrong-punycode=unset;Max-Age=0;" + wrong_punycode_subdomain + host) + response.content = "delete" + elif b"delete-invalid-byte" in request.GET: + response.headers.append(b"Set-Cookie", b"invalid-byte=unset;Max-Age=0;" + invalid_byte_subdomain + host) + response.content = "delete" + + response.headers.append(b"Content-Type", b"text/plain") |