tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

test_same_site_cookies_from_script.html (2760B)

      1 <!DOCTYPE HTML>
      2 <html>
      3 <head>
      4  <title>Bug 1452496 - Do not allow same-site cookies in cross site context</title>
      5  <script src="/tests/SimpleTest/SimpleTest.js"></script>
      6  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
      7 </head>
      8 <body>
      9 
     10 <iframe id="setCookieFrame"></iframe>
     11 <iframe id="getCookieFrame"></iframe>
     12 
     13 <script class="testbody" type="text/javascript">
     14 
     15 /*
     16 * Description of the test:
     17 * 1) We load an iframe which tries to set a same site cookie using an
     18 *    inline script in top-level context of http://mochi.test.
     19 * 2) We load an iframe from http://example.com and check if the cookie
     20 *    is available.
     21 * 3) We observe that:
     22 *    (a) same site cookie is available in same origin context.
     23 *    (a) same site cookie has been discarded in a cross origin context.
     24 */
     25 
     26 SimpleTest.waitForExplicitFinish();
     27 
     28 const SAME_ORIGIN = "http://mochi.test:8888/";
     29 const CROSS_ORIGIN = "http://example.com/";
     30 const PATH = "tests/dom/security/test/general/file_same_site_cookies_from_script.sjs";
     31 
     32 let curTest = 0;
     33 
     34 var tests = [
     35  {
     36    description: "same-site cookie inline script within same-site context",
     37    setCookieSrc: SAME_ORIGIN + PATH + "?setSameSiteCookieUsingInlineScript",
     38    getCookieSrc: SAME_ORIGIN + PATH + "?getCookieFrame",
     39    result: "myKey=sameSiteCookieInlineScript",
     40  },
     41  {
     42    description: "same-site cookie inline script within cross-site context",
     43    setCookieSrc: CROSS_ORIGIN + PATH + "?setSameSiteCookieUsingInlineScript",
     44    getCookieSrc: CROSS_ORIGIN + PATH + "?getCookieFrame",
     45    result: "", // same-site cookie should be discarded in cross site context
     46  },
     47 ];
     48 
     49 window.addEventListener("message", receiveMessage);
     50 function receiveMessage(event) {
     51  is(event.data.result, tests[curTest].result, tests[curTest].description);
     52  curTest += 1;
     53 
     54  // lets see if we ran all the tests
     55  if (curTest == tests.length) {
     56    window.removeEventListener("message", receiveMessage);
     57    SimpleTest.finish();
     58    return;
     59  }
     60  // otherwise it's time to run the next test
     61  setCookieAndInitTest();
     62 }
     63 
     64 function setupQueryResultAndRunTest() {
     65  let getCookieFrame = document.getElementById("getCookieFrame");
     66  getCookieFrame.src = tests[curTest].getCookieSrc + curTest;
     67 }
     68 
     69 function setCookieAndInitTest() {
     70  var setCookieFrame = document.getElementById("setCookieFrame");
     71  setCookieFrame.onload = function() {
     72    ok(true, "trying to set cookie for test (" + tests[curTest].description + ")");
     73    setupQueryResultAndRunTest();
     74  }
     75  setCookieFrame.onerror = function() {
     76    ok(false, "could not load image for test (" + tests[curTest].description + ")");
     77  }
     78  setCookieFrame.src =  tests[curTest].setCookieSrc + curTest;
     79 }
     80 
     81 // fire up the test
     82 setCookieAndInitTest();
     83 
     84 </script>
     85 </body>
     86 </html>