browser_origin_trial_coep_credentialless_fetch_1.js (3898B)
1 const TOP_LEVEL_URL = 2 getRootDirectory(gTestPath).replace( 3 "chrome://mochitests/content", 4 "https://example.com" 5 ) + "open_credentialless_document.sjs"; 6 7 const SAME_ORIGIN = "https://example.com"; 8 const CROSS_ORIGIN = "https://test1.example.com"; 9 10 const GET_STATE_URL = 11 getRootDirectory(gTestPath).replace( 12 "chrome://mochitests/content", 13 "https://example.com" 14 ) + "store_header.sjs?getstate"; 15 16 async function addCookieToOrigin(origin) { 17 const fetchRequestURL = 18 getRootDirectory(gTestPath).replace("chrome://mochitests/content", origin) + 19 "store_header.sjs?addcookie"; 20 21 const addcookieTab = await BrowserTestUtils.openNewForegroundTab( 22 gBrowser, 23 fetchRequestURL 24 ); 25 26 await SpecialPowers.spawn(addcookieTab.linkedBrowser, [], async function () { 27 content.document.cookie = "coep=credentialless; SameSite=None; Secure"; 28 }); 29 await BrowserTestUtils.removeTab(addcookieTab); 30 } 31 32 async function testOrigin( 33 fetchOrigin, 34 isCredentialless, 35 useMetaTag, 36 fetchRequestMode, 37 fetchRequestCrendentials, 38 expectedCookieResult 39 ) { 40 let params = []; 41 if (isCredentialless) { 42 params.push("credentialless"); 43 } 44 if (useMetaTag) { 45 params.push("meta"); 46 } 47 48 let topLevelUrl = TOP_LEVEL_URL; 49 if (params.length) { 50 topLevelUrl += "?" + params.join("&"); 51 } 52 53 const noCredentiallessTab = await BrowserTestUtils.openNewForegroundTab( 54 gBrowser, 55 topLevelUrl 56 ); 57 58 const fetchRequestURL = 59 getRootDirectory(gTestPath).replace( 60 "chrome://mochitests/content", 61 fetchOrigin 62 ) + "store_header.sjs?checkheader"; 63 64 await SpecialPowers.spawn( 65 noCredentiallessTab.linkedBrowser, 66 [ 67 !useMetaTag && isCredentialless, 68 fetchRequestURL, 69 fetchRequestMode, 70 fetchRequestCrendentials, 71 GET_STATE_URL, 72 expectedCookieResult, 73 ], 74 async function ( 75 sharedArrayBufferEnabled, 76 fetchRequestURL, 77 fetchRequestMode, 78 fetchRequestCrendentials, 79 getStateURL, 80 expectedCookieResult 81 ) { 82 if (sharedArrayBufferEnabled) { 83 ok(content.crossOriginIsolated); 84 } 85 // When store_header.sjs receives this request, it will store 86 // whether it has received the cookie as a shared state. 87 await content.fetch(fetchRequestURL, { 88 mode: fetchRequestMode, 89 credentials: fetchRequestCrendentials, 90 }); 91 92 // This request is used to get the saved state from the 93 // previous fetch request. 94 const response = await content.fetch(getStateURL, { 95 mode: "cors", 96 }); 97 const text = await response.text(); 98 is(text, expectedCookieResult); 99 } 100 ); 101 102 await BrowserTestUtils.removeTab(noCredentiallessTab); 103 } 104 105 async function doTest( 106 origin, 107 fetchRequestMode, 108 fetchRequestCrendentials, 109 expectedCookieResultForNoCredentialless, 110 expectedCookieResultForCredentialless 111 ) { 112 for (let credentialless of [true, false]) { 113 for (let meta of [true, false]) { 114 await testOrigin( 115 origin, 116 credentialless, 117 meta, 118 fetchRequestMode, 119 fetchRequestCrendentials, 120 credentialless 121 ? expectedCookieResultForCredentialless 122 : expectedCookieResultForNoCredentialless 123 ); 124 } 125 } 126 } 127 128 add_task(async function () { 129 await SpecialPowers.pushPrefEnv({ 130 set: [ 131 ["browser.tabs.remote.coep.credentialless", false], 132 ["dom.origin-trials.enabled", true], 133 ["dom.origin-trials.test-key.enabled", true], 134 ], 135 }); 136 137 await addCookieToOrigin(SAME_ORIGIN); 138 await addCookieToOrigin(CROSS_ORIGIN); 139 140 // Cookies never sent with omit 141 await doTest(SAME_ORIGIN, "no-cors", "omit", "noCookie", "noCookie"); 142 await doTest(SAME_ORIGIN, "cors", "omit", "noCookie", "noCookie"); 143 await doTest(CROSS_ORIGIN, "no-cors", "omit", "noCookie", "noCookie"); 144 await doTest(CROSS_ORIGIN, "cors", "omit", "noCookie", "noCookie"); 145 });