test_same_site_cookies_subrequest.html (3604B)
1 <!DOCTYPE HTML> 2 <html> 3 <head> 4 <title>Bug 1286861 - Test same site cookies on subrequests</title> 5 <script src="/tests/SimpleTest/SimpleTest.js"></script> 6 <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> 7 </head> 8 <body> 9 <img id="cookieImage"> 10 <iframe id="testframe"></iframe> 11 12 <script class="testbody" type="text/javascript"> 13 14 /* 15 * Description of the test: 16 * 1) We load an image from http://mochi.test which sets a same site cookie 17 * 2) We load an iframe from: 18 * * http://mochi.test which loads another image from http://mochi.test 19 * * http://example.com which loads another image from http://mochi.test 20 * 3) We observe that the same site cookie is sent in the same origin case, 21 * but not in the cross origin case. 22 * 23 * In detail: 24 * We perform an XHR request to the *.sjs file which is processed async on 25 * the server and waits till the image request has been processed by the server. 26 * Once the image requets was processed, the server responds to the initial 27 * XHR request with the expecuted result (the cookie value). 28 */ 29 30 SimpleTest.waitForExplicitFinish(); 31 32 const SAME_ORIGIN = "http://mochi.test:8888/"; 33 const CROSS_ORIGIN = "http://example.com/"; 34 const PATH = "tests/dom/security/test/general/file_same_site_cookies_subrequest.sjs"; 35 36 let curTest = 0; 37 38 var tests = [ 39 { 40 description: "same origin site using cookie policy 'samesite=strict'", 41 imgSRC: SAME_ORIGIN + PATH + "?setStrictSameSiteCookie", 42 frameSRC: SAME_ORIGIN + PATH + "?loadFrame", 43 result: "myKey=strictSameSiteCookie", 44 }, 45 { 46 description: "cross origin site using cookie policy 'samesite=strict'", 47 imgSRC: SAME_ORIGIN + PATH + "?setStrictSameSiteCookie", 48 frameSRC: CROSS_ORIGIN + PATH + "?loadFrame", 49 result: "myKey=noCookie", 50 }, 51 { 52 description: "same origin site using cookie policy 'samesite=lax'", 53 imgSRC: SAME_ORIGIN + PATH + "?setLaxSameSiteCookie", 54 frameSRC: SAME_ORIGIN + PATH + "?loadFrame", 55 result: "myKey=laxSameSiteCookie", 56 }, 57 { 58 description: "cross origin site using cookie policy 'samesite=lax'", 59 imgSRC: SAME_ORIGIN + PATH + "?setLaxSameSiteCookie", 60 frameSRC: CROSS_ORIGIN + PATH + "?loadFrame", 61 result: "myKey=noCookie", 62 }, 63 ]; 64 65 function checkResult(aCookieVal) { 66 is(aCookieVal, tests[curTest].result, tests[curTest].description); 67 curTest += 1; 68 69 // lets see if we ran all the tests 70 if (curTest == tests.length) { 71 SimpleTest.finish(); 72 return; 73 } 74 // otherwise it's time to run the next test 75 setCookieAndInitTest(); 76 } 77 78 function setupQueryResultAndRunTest() { 79 var myXHR = new XMLHttpRequest(); 80 myXHR.open("GET", "file_same_site_cookies_subrequest.sjs?queryresult" + curTest); 81 myXHR.onload = function() { 82 checkResult(myXHR.responseText); 83 } 84 myXHR.onerror = function(e) { 85 ok(false, "could not query results from server (" + e.message + ")"); 86 } 87 myXHR.send(); 88 89 // give it some time and load the test frame 90 SimpleTest.executeSoon(function() { 91 let testframe = document.getElementById("testframe"); 92 testframe.src = tests[curTest].frameSRC + curTest; 93 }); 94 } 95 96 function setCookieAndInitTest() { 97 var cookieImage = document.getElementById("cookieImage"); 98 cookieImage.onload = function() { 99 ok(true, "set cookie for test (" + tests[curTest].description + ")"); 100 setupQueryResultAndRunTest(); 101 } 102 cookieImage.onerror = function() { 103 ok(false, "could not set cookie for test (" + tests[curTest].description + ")"); 104 } 105 cookieImage.src = tests[curTest].imgSRC + curTest; 106 } 107 108 // fire up the test 109 setCookieAndInitTest(); 110 111 </script> 112 </body> 113 </html>