tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

window-open-reload.https.html (2577B)

      1 <!DOCTYPE html>
      2 <meta charset="utf-8"/>
      3 <script src="/resources/testharness.js"></script>
      4 <script src="/resources/testharnessreport.js"></script>
      5 <script src="/cookies/resources/cookie-helper.sub.js"></script>
      6 <script>
      7  // This test opens a popup window to postToParent.py (on the specified
      8  // origin). The popup sends a postMessage event back to its opener
      9  // (i.e., here) with the cookies it received, which we verify against
     10  // expectedStatus. Then, the test sends a message to the popup, telling it to
     11  // reload itself via window.location.reload(). Again, the popup posts a
     12  // message back here with the cookies it received. These cookies are verified
     13  // against expectedStatusReload.
     14  function create_test(origin, target, expectedStatus, expectedStatusReload, title) {
     15    promise_test(t => {
     16      var value = "" + Math.random();
     17      return resetSameSiteCookies(origin, value)
     18        .then(_ => {
     19          return new Promise((resolve, reject) => {
     20            var w = window.open(target + "/cookies/resources/postToParent.py");
     21 
     22            var reloaded = false;
     23            var msgHandler = e => {
     24              try {
     25                verifySameSiteCookieState(reloaded ? expectedStatusReload : expectedStatus, value, e.data, DomSameSiteStatus.SAME_SITE);
     26              } catch (e) {
     27                reject(e);
     28              }
     29 
     30              if (reloaded) {
     31                window.removeEventListener("message", msgHandler);
     32                w.close();
     33                resolve("Popup received the cookie.");
     34              } else {
     35                reloaded = true;
     36                w.postMessage("reload", "*");
     37              }
     38            };
     39            window.addEventListener("message", msgHandler);
     40 
     41            if (!w)
     42              reject("Popup could not be opened (did you allow the test site in your popup blocker?).");
     43          });
     44        });
     45    }, title);
     46  }
     47 
     48  // The reload status is always strictly same-site because this is a site-initiated reload, as opposed to a reload triggered by a user interface element.
     49  create_test(SECURE_ORIGIN, SECURE_ORIGIN, SameSiteStatus.STRICT, SameSiteStatus.STRICT, "Reloaded same-host auxiliary navigations are strictly same-site.");
     50  create_test(SECURE_SUBDOMAIN_ORIGIN, SECURE_SUBDOMAIN_ORIGIN, SameSiteStatus.STRICT, SameSiteStatus.STRICT, "Reloaded subdomain auxiliary navigations are strictly same-site.");
     51  create_test(SECURE_CROSS_SITE_ORIGIN, SECURE_CROSS_SITE_ORIGIN, SameSiteStatus.LAX, SameSiteStatus.STRICT, "Reloaded cross-site auxiliary navigations are strictly same-site");
     52 </script>