file_same_site_cookies_from_script.sjs (1360B)
1 // Custom *.sjs file specifically for the needs of Bug 1452496 2 3 const SET_COOKIE_FRAME = ` 4 <!DOCTYPE html> 5 <html> 6 <head> 7 <title>Bug 1452496 - Do not allow same-site cookies in cross site context</title> 8 </head> 9 <body> 10 <script type="application/javascript"> 11 document.cookie = "myKey=sameSiteCookieInlineScript;SameSite=strict"; 12 </script> 13 </body> 14 </html>`; 15 16 const GET_COOKIE_FRAME = ` 17 <!DOCTYPE html> 18 <html> 19 <head> 20 <title>Bug 1452496 - Do not allow same-site cookies in cross site context</title> 21 </head> 22 <body> 23 <script type="application/javascript"> 24 let cookie = document.cookie; 25 // now reset the cookie for the next test 26 document.cookie = "myKey=;" + "expires=Thu, 01 Jan 1970 00:00:00 GMT"; 27 window.parent.postMessage({result: cookie}, 'http://mochi.test:8888'); 28 </script> 29 </body> 30 </html>`; 31 32 function handleRequest(request, response) { 33 // avoid confusing cache behaviors 34 response.setHeader("Cache-Control", "no-cache", false); 35 36 if (request.queryString.includes("setSameSiteCookieUsingInlineScript")) { 37 response.write(SET_COOKIE_FRAME); 38 return; 39 } 40 41 if (request.queryString.includes("getCookieFrame")) { 42 response.write(GET_COOKIE_FRAME); 43 return; 44 } 45 46 // we should never get here, but just in case return something unexpected 47 response.write("D'oh"); 48 }