tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE
commit ce20d037000c0fbc6ffb558c7bf0e14c15ec9164
parent 4e043dc7acfe19244b78bf9e3e3b88d6dbb1d94b
Author: Daniel Rubery <drubery@chromium.org>
Date:   Thu,  6 Nov 2025 21:38:18 +0000

Bug 1998060 [wpt PR 55841] - Refresh should be able to update session config, a=testonly

Automatic update from web-platform-tests
Refresh should be able to update session config

`emplace` does not insert into the map if it already exists. Instead,
use operator[] to replace the old config with the new.

Bug: 457478022
Change-Id: I5099958b7a823588a754f81a026ece6d99df80f3
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/7114742
Commit-Queue: Daniel Rubery <drubery@chromium.org>
Commit-Queue: thefrog <thefrog@chromium.org>
Reviewed-by: thefrog <thefrog@chromium.org>
Auto-Submit: Daniel Rubery <drubery@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1539723}

--

wpt-commits: 68196c13fb6ec3a25f24b919724d6866e93bc1be
wpt-pr: 55841

Diffstat:

Mtesting/web-platform/tests/device-bound-session-credentials/refresh-replaces-config.https.html | 12+++++++++++-


1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/testing/web-platform/tests/device-bound-session-credentials/refresh-replaces-config.https.html b/testing/web-platform/tests/device-bound-session-credentials/refresh-replaces-config.https.html
@@ -40,7 +40,13 @@
     assert_equals(authResponseAfterExpiry1.status, 403);
     assert_false(documentHasCookie(expectedCookieAndValue1));
 
-    // Confirm the alternate cookie is set and included in requests.
+    // Confirm the alternate cookie is set and included in requests. This should
+    // not trigger refresh. Note that because a session can only refresh a
+    // request once, if the refresh endpoint is correctly setting cookies for
+    // the new config, but the browser rejects the config, it won't be visible
+    // from the cookie state. Terminating the session if it refreshes when it
+    // shouldn't creates a state change we can see.
+    await configureServer({ shouldRefreshEndSession: true });
     assert_true(documentHasCookie(expectedCookieAndValue2));
     const alternateAuthResponseAfterExpiry1 = await fetch('verify_authenticated.py', {
       method: 'POST',
@@ -48,6 +54,10 @@
     });
     assert_equals(alternateAuthResponseAfterExpiry1.status, 200);
 
+    // Restore the server configuration so we can test that the new config does
+    // refresh when expected.
+    await configureServer({ shouldRefreshEndSession: false });
+
     // Expire the second cookie. Confirm the second cookie is refreshed, and not the first.
     expireCookie(expectedCookieAndAttributes2);
     assert_false(documentHasCookie(expectedCookieAndValue2));