Adding upstream version 1:115.7.0.upstream/1%115.7.0upstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 93 insertions, 0 deletions

diff --git a/dom/security/test/general/test_same_site_cookies_cross_origin_context.html b/dom/security/test/general/test_same_site_cookies_cross_origin_context.html
new file mode 100644
index 0000000000..9294a3d030
--- /dev/null
+++ b/dom/security/test/general/test_same_site_cookies_cross_origin_context.html
@@ -0,0 +1,93 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+  <title>Bug 1452496 - Do not allow same-site cookies in cross site context</title>
+  <script src="/tests/SimpleTest/SimpleTest.js"></script>
+  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
+</head>
+<body>
+<img id="cookieImage">
+<iframe id="testframe"></iframe>
+
+<script class="testbody" type="text/javascript">
+
+/*
+ * Description of the test:
+ * 1) We load an image from http://example.com which tries to 
+ *    a) a same site cookie
+ *    b) a regular cookie
+ *    in the context of http://mochi.test
+ * 2) We load an iframe from http://example.com and check if the cookie
+ *    is available.
+ * 3) We observe that:
+ *    (a) same site cookie has been discarded in a cross origin context.
+ *    (b) the regular cookie is available.
+ */
+
+SimpleTest.waitForExplicitFinish();
+
+const CROSS_ORIGIN = "http://example.com/";
+const PATH = "tests/dom/security/test/general/file_same_site_cookies_cross_origin_context.sjs";
+
+let curTest = 0;
+
+var tests = [
+  {
+    description: "regular cookie in cross origin context",
+    imgSRC: CROSS_ORIGIN + PATH + "?setRegularCookie",
+    frameSRC: CROSS_ORIGIN + PATH + "?loadFrame",
+    result: "myKey=regularCookie",
+  },
+  {
+    description: "same-site cookie in cross origin context",
+    imgSRC: CROSS_ORIGIN + PATH + "?setSameSiteCookie",
+    frameSRC: CROSS_ORIGIN + PATH + "?loadFrame",
+    result: "", // no cookie should be set
+  },
+];
+
+
+window.addEventListener("message", receiveMessage);
+function receiveMessage(event) {
+  is(event.data.result, tests[curTest].result, tests[curTest].description);
+  curTest += 1;
+
+  // lets see if we ran all the tests
+  if (curTest == tests.length) {
+    window.removeEventListener("message", receiveMessage);
+    SpecialPowers.clearUserPref("network.cookie.sameSite.laxByDefault");
+    SimpleTest.finish();
+    return;
+  }
+  // otherwise it's time to run the next test
+  setCookieAndInitTest();
+}
+
+function setupQueryResultAndRunTest() {
+  let testframe = document.getElementById("testframe");
+  testframe.src = tests[curTest].frameSRC + curTest;
+}
+
+function setCookieAndInitTest() {
+  var cookieImage = document.getElementById("cookieImage");
+  cookieImage.onload = function() {
+    ok(true, "trying to set cookie for test (" + tests[curTest].description + ")");
+    setupQueryResultAndRunTest();
+  }
+  cookieImage.onerror = function() {
+    ok(false, "could not load image for test (" + tests[curTest].description + ")");
+  }
+  cookieImage.src =  tests[curTest].imgSRC + curTest;
+}
+
+// fire up the test
+SpecialPowers.pushPrefEnv({
+  "set": [
+    // Bug 1617611: Fix all the tests broken by "cookies SameSite=lax by default"
+    ["network.cookie.sameSite.laxByDefault", false],
+  ]
+}, setCookieAndInitTest);
+
+</script>
+</body>
+</html>