browser_same_site_cookies_bug1748693.js (1912B)
1 "use strict"; 2 3 const HTTPS_PATH = getRootDirectory(gTestPath).replace( 4 "chrome://mochitests/content", 5 "https://example.com" 6 ); 7 const HTTP_PATH = getRootDirectory(gTestPath).replace( 8 "chrome://mochitests/content", 9 // Disable eslint, since we explicitly need a insecure URL here for this test. 10 // eslint-disable-next-line @microsoft/sdl/no-insecure-url 11 "http://example.com" 12 ); 13 14 function checkCookies(expectedCookies = {}) { 15 info(JSON.stringify(expectedCookies)); 16 return SpecialPowers.spawn( 17 gBrowser.selectedBrowser, 18 [expectedCookies], 19 async function (expectedCookies) { 20 let cookies = content.document.getElementById("msg").innerHTML; 21 info(cookies); 22 for (const [cookie, expected] of Object.entries(expectedCookies)) { 23 if (expected) { 24 ok(cookies.includes(cookie), `${cookie} should be sent`); 25 } else { 26 ok(!cookies.includes(cookie), `${cookie} should not be sent`); 27 } 28 } 29 } 30 ); 31 } 32 33 add_task(async function bug1748693() { 34 waitForExplicitFinish(); 35 36 // HTTPS-First would interfere with this test. We want to check wether 37 // cookies orignally set on a secure site without a "Secure" attribute 38 // get loaded on a insecure site. For that, we need to visit a 39 // insecure site, which would otherwise be upgraded by HTTPS-First. 40 await SpecialPowers.pushPrefEnv({ 41 set: [["dom.security.https_first", false]], 42 }); 43 44 let loaded = BrowserTestUtils.browserLoaded(gBrowser.selectedBrowser); 45 BrowserTestUtils.startLoadingURIString( 46 gBrowser, 47 `${HTTPS_PATH}file_same_site_cookies_bug1748693.sjs?setcookies` 48 ); 49 await loaded; 50 51 loaded = BrowserTestUtils.browserLoaded(gBrowser.selectedBrowser); 52 BrowserTestUtils.startLoadingURIString( 53 gBrowser, 54 `${HTTP_PATH}file_same_site_cookies_bug1748693.sjs` 55 ); 56 await loaded; 57 58 await checkCookies({ auth: true, auth_secure: false }); 59 60 finish(); 61 });