tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

__secure.header.https.html (3001B)

      1 <!DOCTYPE html>
      2 <script src="/resources/testharness.js"></script>
      3 <script src="/resources/testharnessreport.js"></script>
      4 <script src="/cookies/resources/cookie-helper.sub.js"></script>
      5 <script>
      6  ["", "MaxAge=10", "HttpOnly"].forEach(extraParams => {
      7    // Without 'secure'
      8    set_prefixed_cookie_via_http_test({
      9      prefix: "__Secure-",
     10      params: "Path=/;" + extraParams,
     11      origin: self.origin,
     12      shouldExistViaHTTP: false,
     13      title: "__Secure: secure origin: Should not set 'Path=/;" + extraParams + "'"
     14    });
     15 
     16    set_prefixed_cookie_via_http_test({
     17      prefix: "__SeCuRe-",
     18      params: "Path=/;" + extraParams,
     19      origin: self.origin,
     20      shouldExistViaHTTP: false,
     21      title: "__SeCuRe: secure origin: Should not set 'Path=/;" + extraParams + "'"
     22    });
     23 
     24    // With 'secure'
     25    set_prefixed_cookie_via_http_test({
     26      prefix: "__Secure-",
     27      params: "Secure;Path=/;" + extraParams,
     28      origin: self.origin,
     29      shouldExistViaHTTP: true,
     30      title: "__Secure: secure origin: Should set 'Secure;Path=/;" + extraParams + "'"
     31    });
     32 
     33    set_prefixed_cookie_via_http_test({
     34      prefix: "__SeCuRe-",
     35      params: "Secure;Path=/;" + extraParams,
     36      origin: self.origin,
     37      shouldExistViaHTTP: true,
     38      title: "__SeCuRe: secure origin: Should set 'Secure;Path=/;" + extraParams + "'"
     39    });
     40  });
     41 
     42  // Without 'secure'
     43  set_prefixed_cookie_via_http_test({
     44    prefix: "__Secure-",
     45    // SameSite=None is necessary because cross-site origins cannot set SameSite cookies via fetch.
     46    params: "Path=/;SameSite=None;domain=" + CROSS_SITE_HOST,
     47    origin: SECURE_CROSS_SITE_ORIGIN,
     48    shouldExistViaHTTP: false,
     49    title: "__Secure: secure origin: Should not set 'Path=/;domain=" + CROSS_SITE_HOST + "'"
     50  });
     51 
     52  set_prefixed_cookie_via_http_test({
     53    prefix: "__SeCuRe-",
     54    // SameSite=None is necessary because cross-site origins cannot set SameSite cookies via fetch.
     55    params: "Path=/;SameSite=None;domain=" + CROSS_SITE_HOST,
     56    origin: SECURE_CROSS_SITE_ORIGIN,
     57    shouldExistViaHTTP: false,
     58    title: "__SeCuRe: secure origin: Should not set 'Path=/;domain=" + CROSS_SITE_HOST + "'"
     59  });
     60 
     61  // With 'secure'
     62  set_prefixed_cookie_via_http_test({
     63    prefix: "__Secure-",
     64    // SameSite=None is necessary because cross-site origins cannot set SameSite cookies via fetch.
     65    params: "Secure;SameSite=None;Path=/;domain=" + CROSS_SITE_HOST,
     66    origin: SECURE_CROSS_SITE_ORIGIN,
     67    shouldExistViaHTTP: true,
     68    title: "__Secure: secure origin: Should set 'Secure;Path=/;domain=" + CROSS_SITE_HOST + "'"
     69  });
     70 
     71  set_prefixed_cookie_via_http_test({
     72    prefix: "__SeCuRe-",
     73    // SameSite=None is necessary because cross-site origins cannot set SameSite cookies via fetch.
     74    params: "Secure;SameSite=None;Path=/;domain=" + CROSS_SITE_HOST,
     75    origin: SECURE_CROSS_SITE_ORIGIN,
     76    shouldExistViaHTTP: true,
     77    title: "__SeCuRe: secure origin: Should set 'Secure;Path=/;domain=" + CROSS_SITE_HOST + "'"
     78  });
     79 </script>