setcookie-lax.https.html (1639B)
1 <!DOCTYPE html> 2 <meta charset="utf-8"/> 3 <script src="/resources/testharness.js"></script> 4 <script src="/resources/testharnessreport.js"></script> 5 <script src="/cookies/resources/cookie-helper.sub.js"></script> 6 <script> 7 promise_test(async function(t) { 8 let w = window.open(SECURE_ORIGIN + "/cookies/samesite/resources/puppet.html"); 9 await wait_for_message("READY", SECURE_ORIGIN); 10 let random = "" + Math.random(); 11 w.postMessage({type: "set", value: random}, "*"); 12 let e = await wait_for_message("set-complete", SECURE_ORIGIN) 13 assert_dom_cookie("samesite_strict", e.data.value, true); 14 assert_dom_cookie("samesite_lax", e.data.value, true); 15 assert_dom_cookie("samesite_none", e.data.value, true); 16 assert_dom_cookie("samesite_unspecified", e.data.value, true); 17 w.close(); 18 }, "Same-site window should be able to set `SameSite=Lax` or `SameSite=Strict` cookies."); 19 20 promise_test(async function(t) { 21 let w = window.open(SECURE_CROSS_SITE_ORIGIN + "/cookies/samesite/resources/puppet.html"); 22 await wait_for_message("READY", SECURE_CROSS_SITE_ORIGIN); 23 let random = "" + Math.random(); 24 w.postMessage({type: "set", value: random}, "*"); 25 let e = await wait_for_message("set-complete", SECURE_CROSS_SITE_ORIGIN); 26 assert_dom_cookie("samesite_strict", e.data.value, false); 27 assert_dom_cookie("samesite_lax", e.data.value, false); 28 assert_dom_cookie("samesite_none", e.data.value, true); 29 assert_dom_cookie("samesite_unspecified", e.data.value, false); 30 w.close(); 31 }, "Cross-site window shouldn't be able to set `SameSite=Lax` or `SameSite=Strict` cookies."); 32 </script>