tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

iframe-reload.https.html (2577B)

      1 <!DOCTYPE html>
      2 <meta charset="utf-8"/>
      3 <meta name="timeout" content="long">
      4 <script src="/resources/testharness.js"></script>
      5 <script src="/resources/testharnessreport.js"></script>
      6 <script src="/cookies/resources/cookie-helper.sub.js"></script>
      7 <!-- We're appending an <iframe> to the document's body, so execute tests after we have a body -->
      8 <body>
      9 <script>
     10  // This test creates an iframe with postToParent.py on the specified origin,
     11  // which sends a postMessage event with the cookies it received back to the
     12  // parent (i.e., here). Upon receiving the message, the test verifies that the
     13  // correct cookies were sent to the iframe, and posts a message back to the
     14  // iframe telling it to reload itself. Upon reload, the iframe sends a
     15  // postMessage event back to the test with the cookies it received, which are
     16  // again verified.
     17  function create_test(origin, target, expectedStatus, expectedDomStatus, title) {
     18    promise_test(t => {
     19      var value = "" + Math.random();
     20      return resetSameSiteCookies(origin, value)
     21        .then(_ => {
     22          return new Promise((resolve, reject) => {
     23            var iframe = document.createElement("iframe");
     24            iframe.onerror = _ => reject("IFrame could not be loaded.");
     25 
     26            var reloaded = false;
     27            var msgHandler = e => {
     28              try {
     29                verifySameSiteCookieState(expectedStatus, value, e.data, expectedDomStatus);
     30              } catch (e) {
     31                reject(e);
     32              }
     33 
     34              if (reloaded) {
     35                window.removeEventListener("message", msgHandler);
     36                document.body.removeChild(iframe);
     37                resolve("IFrame received the cookie.");
     38              } else {
     39                reloaded = true;
     40                e.source.postMessage("reload", "*");
     41              }
     42            };
     43            window.addEventListener("message", msgHandler);
     44 
     45            iframe.src = target + "/cookies/resources/postToParent.py";
     46            document.body.appendChild(iframe);
     47          });
     48        });
     49    }, title);
     50  }
     51 
     52  create_test(SECURE_ORIGIN, SECURE_ORIGIN, SameSiteStatus.STRICT, DomSameSiteStatus.SAME_SITE, "Reloaded same-host fetches are strictly same-site");
     53  create_test(SECURE_SUBDOMAIN_ORIGIN, SECURE_SUBDOMAIN_ORIGIN, SameSiteStatus.STRICT, DomSameSiteStatus.SAME_SITE, "Reloaded subdomain fetches are strictly same-site");
     54  create_test(SECURE_CROSS_SITE_ORIGIN, SECURE_CROSS_SITE_ORIGIN, SameSiteStatus.CROSS_SITE, DomSameSiteStatus.CROSS_SITE, "Reloaded cross-site fetches are cross-site");
     55 </script>