tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

test_same_site_cookies_laxByDefault.html (2913B)

      1 <!DOCTYPE HTML>
      2 <html>
      3 <head>
      4  <title>Bug 1551798 - SameSite=lax by default</title>
      5  <script src="/tests/SimpleTest/SimpleTest.js"></script>
      6  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
      7 </head>
      8 <body>
      9 <script class="testbody" type="text/javascript">
     10 
     11 const CROSS_ORIGIN = "http://example.com/";
     12 const PATH = "tests/dom/security/test/general/closeWindow.sjs";
     13 
     14 async function realTest(noneRequiresSecure) {
     15  let types = ["unset", "lax", "none"];
     16  for (let i = 0; i < types.length; ++i) {
     17    info("Loading a new top-level page (" + types[i] + ")");
     18    await new Promise(resolve => {
     19      window.addEventListener("message", _ => {
     20        resolve();
     21      }, { once: true });
     22      window.open(CROSS_ORIGIN + PATH + "?" + types[i]);
     23    });
     24  }
     25 
     26  info("Check cookies");
     27  let chromeScript = SpecialPowers.loadChromeScript(() => {
     28    /* eslint-env mozilla/chrome-script */
     29    const {sendAsyncMessage} = this;
     30    let cookies = { test: null, test2: null, test3: null };
     31 
     32    function sameSiteToString(sameSite) {
     33      switch (sameSite) {
     34        case Ci.nsICookie.SAMESITE_NONE: return "none";
     35        case Ci.nsICookie.SAMESITE_LAX: return "lax";
     36        case Ci.nsICookie.SAMESITE_STRICT: return "strict";
     37        case Ci.nsICookie.SAMESITE_UNSET: return "unset";
     38        default: return "ERROR!";
     39      }
     40    }
     41 
     42    for (let cookie of Services.cookies.cookies) {
     43      if (cookie.host != "example.com") continue;
     44 
     45      if (cookie.name == "test" && cookie.value == "wow") {
     46        cookies.test = sameSiteToString(cookie.sameSite);
     47      }
     48 
     49      if (cookie.name == "test2" && cookie.value == "wow2") {
     50        cookies.test2 = sameSiteToString(cookie.sameSite);
     51      }
     52 
     53      if (cookie.name == "test3" && cookie.value == "wow3") {
     54        cookies.test3 = sameSiteToString(cookie.sameSite);
     55      }
     56    }
     57 
     58    Services.cookies.removeAll();
     59    sendAsyncMessage('result', cookies);
     60  });
     61 
     62  let cookies = await new Promise(resolve => {
     63    chromeScript.addMessageListener('result', cookies => {
     64      chromeScript.destroy();
     65      resolve(cookies);
     66    });
     67  });
     68 
     69  is(cookies.test, "unset", "Cookie set without samesite is unset");
     70  if (noneRequiresSecure) {
     71    is(cookies.test2, null, "Cookie set with samesite none, but not secure");
     72  } else {
     73    is(cookies.test2, "none", "Cookie set with samesite none");
     74  }
     75  is(cookies.test3, "lax", "Cookie set with samesite lax");
     76 }
     77 
     78 SpecialPowers.pushPrefEnv({"set": [
     79  ["network.cookie.sameSite.laxByDefault", true],
     80  ["network.cookie.sameSite.noneRequiresSecure", false],
     81 ]}).then(_ => {
     82  return realTest(false);
     83 }).then(_ => {
     84  return SpecialPowers.pushPrefEnv({"set": [
     85    ["network.cookie.sameSite.laxByDefault", true],
     86    ["network.cookie.sameSite.noneRequiresSecure", true]]});
     87 }).then(_ => {
     88  return realTest(true);
     89 }).then(SimpleTest.finish);
     90 
     91 SimpleTest.waitForExplicitFinish();
     92 
     93 </script>
     94 </body>
     95 </html>