summaryrefslogtreecommitdiffstats
path: root/testing/web-platform/tests/html/anonymous-iframe/cookie.tentative.https.window.js
diff options
context:
space:
mode:
Diffstat (limited to 'testing/web-platform/tests/html/anonymous-iframe/cookie.tentative.https.window.js')
-rw-r--r--testing/web-platform/tests/html/anonymous-iframe/cookie.tentative.https.window.js128
1 files changed, 128 insertions, 0 deletions
diff --git a/testing/web-platform/tests/html/anonymous-iframe/cookie.tentative.https.window.js b/testing/web-platform/tests/html/anonymous-iframe/cookie.tentative.https.window.js
new file mode 100644
index 0000000000..d6889ae52d
--- /dev/null
+++ b/testing/web-platform/tests/html/anonymous-iframe/cookie.tentative.https.window.js
@@ -0,0 +1,128 @@
+// META: script=/common/get-host-info.sub.js
+// META: script=/common/utils.js
+// META: script=/common/dispatcher/dispatcher.js
+// META: script=/html/cross-origin-embedder-policy/credentialless/resources/common.js
+// META: script=./resources/common.js
+
+const same_origin = get_host_info().HTTPS_ORIGIN;
+const cross_origin = get_host_info().HTTPS_REMOTE_ORIGIN;
+const cookie_key = "credentialless_iframe_load_cookie";
+const cookie_same_origin = "same_origin";
+const cookie_cross_origin = "cross_origin";
+
+const cookieFromResource = async resource_token => {
+ let headers = JSON.parse(await receive(resource_token));
+ return parseCookies(headers)[cookie_key];
+};
+
+// Load a credentialless iframe, return the HTTP request cookies.
+const cookieFromCredentiallessIframeRequest = async (iframe_origin) => {
+ const resource_token = token();
+ let iframe = document.createElement("iframe");
+ iframe.src = `${showRequestHeaders(iframe_origin, resource_token)}`;
+ iframe.credentialless = true;
+ document.body.appendChild(iframe);
+ return await cookieFromResource(resource_token);
+};
+
+// Load a resource `type` from the iframe with `document_token`,
+// return the HTTP request cookies.
+const cookieFromResourceInIframe =
+ async (document_token, resource_origin, type = "img") => {
+ const resource_token = token();
+ send(document_token, `
+ let el = document.createElement("${type}");
+ el.src = "${showRequestHeaders(resource_origin, resource_token)}";
+ document.body.appendChild(el);
+ `);
+ return await cookieFromResource(resource_token);
+};
+
+promise_test_parallel(async test => {
+ await Promise.all([
+ setCookie(same_origin, cookie_key, cookie_same_origin),
+ setCookie(cross_origin, cookie_key, cookie_cross_origin),
+ ]);
+
+ promise_test_parallel(async test => {
+ assert_equals(
+ await cookieFromCredentiallessIframeRequest(same_origin),
+ undefined
+ );
+ }, "Credentialless same-origin iframe is loaded without credentials");
+
+ promise_test_parallel(async test => {
+ assert_equals(
+ await cookieFromCredentiallessIframeRequest(cross_origin),
+ undefined
+ );
+ }, "Credentialless cross-origin iframe is loaded without credentials");
+
+ const iframe_same_origin = newIframeCredentialless(same_origin);
+ const iframe_cross_origin = newIframeCredentialless(cross_origin);
+
+ promise_test_parallel(async test => {
+ assert_equals(
+ await cookieFromResourceInIframe(iframe_same_origin, same_origin),
+ undefined
+ );
+ }, "same_origin credentialless iframe can't send same_origin credentials");
+
+ promise_test_parallel(async test => {
+ assert_equals(
+ await cookieFromResourceInIframe(iframe_same_origin, cross_origin),
+ undefined
+ );
+ }, "same_origin credentialless iframe can't send cross_origin credentials");
+
+ promise_test_parallel(async test => {
+ assert_equals(
+ await cookieFromResourceInIframe(iframe_cross_origin, cross_origin),
+ undefined
+ );
+ }, "cross_origin credentialless iframe can't send cross_origin credentials");
+
+ promise_test_parallel(async test => {
+ assert_equals(
+ await cookieFromResourceInIframe(iframe_cross_origin, same_origin),
+ undefined
+ );
+ }, "cross_origin credentialless iframe can't send same_origin credentials");
+
+ promise_test_parallel(async test => {
+ assert_equals(
+ await cookieFromResourceInIframe(iframe_same_origin, same_origin,
+ "iframe"),
+ undefined
+ );
+ }, "same_origin credentialless iframe can't send same_origin credentials "
+ + "on child iframe");
+
+ promise_test_parallel(async test => {
+ assert_equals(
+ await cookieFromResourceInIframe(iframe_same_origin, cross_origin,
+ "iframe"),
+ undefined
+ );
+ }, "same_origin credentialless iframe can't send cross_origin credentials "
+ + "on child iframe");
+
+ promise_test_parallel(async test => {
+ assert_equals(
+ await cookieFromResourceInIframe(iframe_cross_origin, cross_origin,
+ "iframe"),
+ undefined
+ );
+ }, "cross_origin credentialless iframe can't send cross_origin credentials "
+ + "on child iframe");
+
+ promise_test_parallel(async test => {
+ assert_equals(
+ await cookieFromResourceInIframe(iframe_cross_origin, same_origin,
+ "iframe"),
+ undefined
+ );
+ }, "cross_origin credentialless iframe can't send same_origin credentials "
+ + "on child iframe");
+
+}, "Setup")