diff options
Diffstat (limited to 'testing/web-platform/tests/html/anonymous-iframe/cookie.tentative.https.window.js')
-rw-r--r-- | testing/web-platform/tests/html/anonymous-iframe/cookie.tentative.https.window.js | 128 |
1 files changed, 128 insertions, 0 deletions
diff --git a/testing/web-platform/tests/html/anonymous-iframe/cookie.tentative.https.window.js b/testing/web-platform/tests/html/anonymous-iframe/cookie.tentative.https.window.js new file mode 100644 index 0000000000..d6889ae52d --- /dev/null +++ b/testing/web-platform/tests/html/anonymous-iframe/cookie.tentative.https.window.js @@ -0,0 +1,128 @@ +// META: script=/common/get-host-info.sub.js +// META: script=/common/utils.js +// META: script=/common/dispatcher/dispatcher.js +// META: script=/html/cross-origin-embedder-policy/credentialless/resources/common.js +// META: script=./resources/common.js + +const same_origin = get_host_info().HTTPS_ORIGIN; +const cross_origin = get_host_info().HTTPS_REMOTE_ORIGIN; +const cookie_key = "credentialless_iframe_load_cookie"; +const cookie_same_origin = "same_origin"; +const cookie_cross_origin = "cross_origin"; + +const cookieFromResource = async resource_token => { + let headers = JSON.parse(await receive(resource_token)); + return parseCookies(headers)[cookie_key]; +}; + +// Load a credentialless iframe, return the HTTP request cookies. +const cookieFromCredentiallessIframeRequest = async (iframe_origin) => { + const resource_token = token(); + let iframe = document.createElement("iframe"); + iframe.src = `${showRequestHeaders(iframe_origin, resource_token)}`; + iframe.credentialless = true; + document.body.appendChild(iframe); + return await cookieFromResource(resource_token); +}; + +// Load a resource `type` from the iframe with `document_token`, +// return the HTTP request cookies. +const cookieFromResourceInIframe = + async (document_token, resource_origin, type = "img") => { + const resource_token = token(); + send(document_token, ` + let el = document.createElement("${type}"); + el.src = "${showRequestHeaders(resource_origin, resource_token)}"; + document.body.appendChild(el); + `); + return await cookieFromResource(resource_token); +}; + +promise_test_parallel(async test => { + await Promise.all([ + setCookie(same_origin, cookie_key, cookie_same_origin), + setCookie(cross_origin, cookie_key, cookie_cross_origin), + ]); + + promise_test_parallel(async test => { + assert_equals( + await cookieFromCredentiallessIframeRequest(same_origin), + undefined + ); + }, "Credentialless same-origin iframe is loaded without credentials"); + + promise_test_parallel(async test => { + assert_equals( + await cookieFromCredentiallessIframeRequest(cross_origin), + undefined + ); + }, "Credentialless cross-origin iframe is loaded without credentials"); + + const iframe_same_origin = newIframeCredentialless(same_origin); + const iframe_cross_origin = newIframeCredentialless(cross_origin); + + promise_test_parallel(async test => { + assert_equals( + await cookieFromResourceInIframe(iframe_same_origin, same_origin), + undefined + ); + }, "same_origin credentialless iframe can't send same_origin credentials"); + + promise_test_parallel(async test => { + assert_equals( + await cookieFromResourceInIframe(iframe_same_origin, cross_origin), + undefined + ); + }, "same_origin credentialless iframe can't send cross_origin credentials"); + + promise_test_parallel(async test => { + assert_equals( + await cookieFromResourceInIframe(iframe_cross_origin, cross_origin), + undefined + ); + }, "cross_origin credentialless iframe can't send cross_origin credentials"); + + promise_test_parallel(async test => { + assert_equals( + await cookieFromResourceInIframe(iframe_cross_origin, same_origin), + undefined + ); + }, "cross_origin credentialless iframe can't send same_origin credentials"); + + promise_test_parallel(async test => { + assert_equals( + await cookieFromResourceInIframe(iframe_same_origin, same_origin, + "iframe"), + undefined + ); + }, "same_origin credentialless iframe can't send same_origin credentials " + + "on child iframe"); + + promise_test_parallel(async test => { + assert_equals( + await cookieFromResourceInIframe(iframe_same_origin, cross_origin, + "iframe"), + undefined + ); + }, "same_origin credentialless iframe can't send cross_origin credentials " + + "on child iframe"); + + promise_test_parallel(async test => { + assert_equals( + await cookieFromResourceInIframe(iframe_cross_origin, cross_origin, + "iframe"), + undefined + ); + }, "cross_origin credentialless iframe can't send cross_origin credentials " + + "on child iframe"); + + promise_test_parallel(async test => { + assert_equals( + await cookieFromResourceInIframe(iframe_cross_origin, same_origin, + "iframe"), + undefined + ); + }, "cross_origin credentialless iframe can't send same_origin credentials " + + "on child iframe"); + +}, "Setup") |