scheme-bound-cookies.https.html (1499B)
1 <!DOCTYPE html> 2 <meta charset="utf-8"/> 3 <title>Scheme-bound Cookies</title> 4 <script src="/resources/testharness.js"></script> 5 <script src="/resources/testharnessreport.js"></script> 6 <script src="/common/get-host-info.sub.js"></script> 7 <script src="/cookies/resources/cookie-helper.sub.js"></script> 8 9 <body> 10 <script> 11 async function getCookie(origin, name) { 12 const url = `${origin}/cookies/resources/list.py`; 13 const response = await credFetch(url); 14 const cookies = await response.json(); 15 return cookies[name] || null; 16 } 17 18 const cookieName = "scheme-bound-cookie"; 19 const cookieValue = "1"; 20 const httpOrigin = get_host_info().HTTP_ORIGIN; 21 const httpsOrigin = get_host_info().HTTPS_ORIGIN; 22 23 promise_test(async t => { 24 // Set a cookie on the secure origin. 25 await credFetch( 26 `${httpsOrigin}/cookies/resources/set.py?${cookieName}=${cookieValue};Path=/`); 27 28 // Verify the cookie was set. 29 assert_equals(await getCookie(httpsOrigin, cookieName), cookieValue, "Cookie should be set on the secure origin"); 30 31 // Open a window to the insecure version of this origin and run tests there. 32 // We cannot just use an insecure subresource due to mixed content rules. 33 const url = new URL("/cookies/origin-bound-cookies/resources/scheme-bound-cookies-window.html", httpOrigin); 34 const popup = window.open(url); 35 await fetch_tests_from_window(popup); 36 }, "Set a cookie on a secure origin and test it's not sent to an insecure origin."); 37 </script> 38 </body>