scheme-bound-cookies-window.html (1470B)
1 <!DOCTYPE html> 2 <meta charset="utf-8"/> 3 <title>Scheme-bound Cookies Window</title> 4 <script src="/resources/testharness.js"></script> 5 <script src="/resources/testharnessreport.js"></script> 6 <script src="/common/get-host-info.sub.js"></script> 7 <script src="/cookies/resources/cookie-helper.sub.js"></script> 8 9 <body> 10 <script> 11 async function getCookie(origin, name) { 12 const url = `${origin}/cookies/resources/list.py`; 13 const response = await credFetch(url); 14 const cookies = await response.json(); 15 return cookies[name] || null; 16 } 17 18 const cookieName = "scheme-bound-cookie"; 19 const cookieValue1 = "1"; 20 const cookieValue2 = "2"; 21 const httpsOrigin = get_host_info().HTTPS_ORIGIN; 22 23 promise_test(async () => { 24 assert_equals(await getCookie(self.origin, cookieName), null, "Cookie should not be sent to an insecure origin"); 25 // Set a cookie on the insecure origin. 26 await credFetch( 27 `${self.origin}/cookies/resources/set.py?${cookieName}=${cookieValue2};Path=/`); 28 // Verify the cookie was set. 29 assert_equals(await getCookie(self.origin, cookieName), cookieValue2, "Cookie should be set on the insecure origin"); 30 // Ensure the original secure cookie is still intact, this is due to scheme bounding being enabled, we will not overwrite. 31 assert_equals(await getCookie(httpsOrigin, cookieName), cookieValue1, "Cookie should be set on the secure origin"); 32 }, "Check scheme bounding behavior is working."); 33 </script> 34 </body>