test_same_site_cookies_toplevel_nav.html (3678B)
1 <!DOCTYPE HTML> 2 <html> 3 <head> 4 <title>Bug 1286861 - Test same site cookies on top-level navigations</title> 5 <script src="/tests/SimpleTest/SimpleTest.js"></script> 6 <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> 7 </head> 8 <body> 9 <img id="cookieImage"> 10 11 <script class="testbody" type="text/javascript"> 12 13 /* 14 * Description of the test: 15 * 1) We load an image from http://mochi.test which sets a same site cookie 16 * 2) We open a new window to 17 * * a same origin location 18 * * a cross origin location 19 * 3) We observe that the same site cookie is sent in the same origin case, 20 * but not in the cross origin case, unless the policy = 'lax', which should 21 * send the cookie in a top-level navigation case. 22 * 23 * In detail: 24 * We perform an XHR request to the *.sjs file which is processed async on 25 * the server and waits till the image request has been processed by the server. 26 * Once the image requets was processed, the server responds to the initial 27 * XHR request with the expecuted result (the cookie value). 28 */ 29 30 SimpleTest.waitForExplicitFinish(); 31 32 const SAME_ORIGIN = "http://mochi.test:8888/"; 33 const CROSS_ORIGIN = "http://example.com/"; 34 const PATH = "tests/dom/security/test/general/file_same_site_cookies_toplevel_nav.sjs"; 35 36 let curTest = 0; 37 38 let currentWindow; 39 var tests = [ 40 { 41 description: "same origin navigation using cookie policy 'samesite=strict'", 42 imgSRC: SAME_ORIGIN + PATH + "?setStrictSameSiteCookie", 43 frameSRC: SAME_ORIGIN + PATH + "?loadFrame", 44 result: "myKey=strictSameSiteCookie", 45 }, 46 { 47 description: "cross origin navigation using cookie policy 'samesite=strict'", 48 imgSRC: SAME_ORIGIN + PATH + "?setStrictSameSiteCookie", 49 frameSRC: CROSS_ORIGIN + PATH + "?loadFrame", 50 result: "myKey=noCookie", 51 }, 52 { 53 description: "same origin navigation using cookie policy 'samesite=lax'", 54 imgSRC: SAME_ORIGIN + PATH + "?setLaxSameSiteCookie", 55 frameSRC: SAME_ORIGIN + PATH + "?loadFrame", 56 result: "myKey=laxSameSiteCookie", 57 }, 58 { 59 description: "cross origin navigation using cookie policy 'samesite=lax'", 60 imgSRC: SAME_ORIGIN + PATH + "?setLaxSameSiteCookie", 61 frameSRC: CROSS_ORIGIN + PATH + "?loadFrame", 62 result: "myKey=laxSameSiteCookie", 63 }, 64 ]; 65 66 function checkResult(aCookieVal) { 67 if(currentWindow){ 68 currentWindow.close(); 69 currentWindow= null; 70 } 71 is(aCookieVal, tests[curTest].result, tests[curTest].description); 72 curTest += 1; 73 74 // lets see if we ran all the tests 75 if (curTest == tests.length) { 76 SimpleTest.finish(); 77 return; 78 } 79 // otherwise it's time to run the next test 80 setCookieAndInitTest(); 81 } 82 83 function setupQueryResultAndRunTest() { 84 var myXHR = new XMLHttpRequest(); 85 myXHR.open("GET", "file_same_site_cookies_toplevel_nav.sjs?queryresult" + curTest); 86 myXHR.onload = function() { 87 checkResult( myXHR.responseText); 88 } 89 myXHR.onerror = function(e) { 90 ok(false, "could not query results from server (" + e.message + ")"); 91 } 92 myXHR.send(); 93 94 // give it some time and load the test window 95 SimpleTest.executeSoon(function() { 96 currentWindow = window.open(tests[curTest].frameSRC + curTest); 97 }); 98 } 99 100 function setCookieAndInitTest() { 101 var cookieImage = document.getElementById("cookieImage"); 102 cookieImage.onload = function() { 103 ok(true, "set cookie for test (" + tests[curTest].description + ")"); 104 setupQueryResultAndRunTest(); 105 } 106 cookieImage.onerror = function() { 107 ok(false, "could not set cookie for test (" + tests[curTest].description + ")"); 108 } 109 cookieImage.src = tests[curTest].imgSRC + curTest; 110 } 111 112 // fire up the test 113 setCookieAndInitTest(); 114 115 </script> 116 </body> 117 </html>