port-bound-cookies.html (3235B)
1 <!DOCTYPE html> 2 <title>Port-Bound Cookies Test</title> 3 <script src="/resources/testharness.js"></script> 4 <script src="/resources/testharnessreport.js"></script> 5 <script src="/common/get-host-info.sub.js"></script> 6 <script src="/cookies/resources/cookie-helper.sub.js"></script> 7 8 <body> 9 <script> 10 if (location.protocol === 'https:') { 11 // This test needs to run from an insecure origin to be able to set 12 // cookies on an insecure origin. 13 location.href.replace("https://", "http://"); 14 } else { 15 const httpOriginUrl = new URL(get_host_info().HTTP_ORIGIN); 16 const httpOriginUrlDifferentPort = new URL(get_host_info().HTTP_ORIGIN_WITH_DIFFERENT_PORT); 17 18 const httpOrigin = httpOriginUrl.origin; 19 // A second HTTP origin on the same host but with a different port. 20 const httpOriginDifferentPort = httpOriginUrlDifferentPort.origin; 21 22 const cookieName = "pbc-test-cookie"; 23 const cookieValue = "1"; 24 const cookieValueDifferentPort = "2"; 25 26 async function setCookie(origin, name, value) { 27 const cookieString = `${name}=${value};path=/`; 28 const url = `${origin}/cookies/resources/set.py?${cookieString}`; 29 await credFetch(url); 30 } 31 32 async function getCookie(origin, name) { 33 const url = `${origin}/cookies/resources/list.py`; 34 const response = await credFetch(url); 35 const cookies = await response.json(); 36 return cookies[name] || null; 37 } 38 39 async function deleteCookie(origin, name) { 40 // To delete a cookie, we set it with an expiry date in the past. 41 const cookieString = `${name}=;path=/;Max-Age=0`; 42 const url = `${origin}/cookies/resources/set.py?${cookieString}`; 43 await credFetch(url); 44 } 45 46 promise_test(async t => { 47 // Clean up any existing cookies on both origins to ensure a clean slate. 48 await deleteCookie(httpOrigin, cookieName); 49 await deleteCookie(httpOriginDifferentPort, cookieName); 50 51 // Add a cleanup function to run after the test finishes. 52 t.add_cleanup(async () => { 53 await deleteCookie(httpOrigin, cookieName); 54 await deleteCookie(httpOriginDifferentPort, cookieName); 55 }); 56 57 // Set a cookie on the first HTTP origin. 58 await setCookie(httpOrigin, cookieName, cookieValue); 59 assert_equals(await getCookie(httpOrigin, cookieName), cookieValue, "Cookie must be set on the first HTTP origin successfully."); 60 61 // Verify the cookie is not present on the second HTTP origin. 62 assert_equals(await getCookie(httpOriginDifferentPort, cookieName), null, "Cookie set on first port should not be visible to second port."); 63 64 // Attempt to set a cookie on the second HTTP origin. 65 await setCookie(httpOriginDifferentPort, cookieName, cookieValueDifferentPort); 66 67 // Since port-bound behavior is active the cookie will be set in a seperate jar on this other port, it will not overwrite the original cookie. 68 assert_equals(await getCookie(httpOriginDifferentPort, cookieName), cookieValueDifferentPort, "The cookie on the second port should have been created."); 69 70 // Verify that the original cookie on the HTTP origin is unchanged. 71 assert_equals(await getCookie(httpOrigin, cookieName), cookieValue, "Cookie 1 should remain unchanged."); 72 73 }, "Cookies should be bound to their origin's port."); 74 } 75 </script> 76 </body>