window-open.https.html (3619B)
1 <!DOCTYPE html> 2 <meta charset="utf-8"/> 3 <meta name="timeout" content="long"> 4 <script src="/resources/testharness.js"></script> 5 <script src="/resources/testharnessreport.js"></script> 6 <script src="/cookies/resources/cookie-helper.sub.js"></script> 7 <script> 8 function create_test(origin, target, expectedStatus, title) { 9 promise_test(t => { 10 var value = "" + Math.random(); 11 return resetSameSiteCookies(origin, value) 12 .then(_ => { 13 return new Promise((resolve, reject) => { 14 var w = window.open(target + "/cookies/resources/postToParent.py"); 15 16 var msgHandler = e => { 17 window.removeEventListener("message", msgHandler); 18 w.close(); 19 try { 20 verifySameSiteCookieState(expectedStatus, value, e.data, DomSameSiteStatus.SAME_SITE); 21 resolve("Popup received the cookie."); 22 } catch (e) { 23 reject(e); 24 } 25 }; 26 window.addEventListener("message", msgHandler); 27 28 if (!w) 29 reject("Popup could not be opened (did you allow the test site in your popup blocker?)."); 30 }); 31 }); 32 }, title); 33 } 34 35 // No redirect: 36 create_test(SECURE_ORIGIN, SECURE_ORIGIN, SameSiteStatus.STRICT, "Same-host auxiliary navigations are strictly same-site"); 37 create_test(SECURE_SUBDOMAIN_ORIGIN, SECURE_SUBDOMAIN_ORIGIN, SameSiteStatus.STRICT, "Subdomain auxiliary navigations are strictly same-site"); 38 create_test(SECURE_CROSS_SITE_ORIGIN, SECURE_CROSS_SITE_ORIGIN, SameSiteStatus.LAX, "Cross-site auxiliary navigations are laxly same-site"); 39 40 // Redirect from {same-host,subdomain,cross-site} to same-host: 41 create_test(SECURE_ORIGIN, redirectTo(SECURE_ORIGIN, SECURE_ORIGIN), SameSiteStatus.STRICT, "Same-host redirecting to same-host auxiliary navigations are strictly same-site"); 42 create_test(SECURE_ORIGIN, redirectTo(SECURE_SUBDOMAIN_ORIGIN, SECURE_ORIGIN), SameSiteStatus.STRICT, "Subdomain redirecting to same-host auxiliary navigations are strictly same-site"); 43 create_test(SECURE_ORIGIN, redirectTo(SECURE_CROSS_SITE_ORIGIN, SECURE_ORIGIN), SameSiteStatus.LAX, "Cross-site redirecting to same-host auxiliary navigations are laxly same-site"); 44 45 // Redirect from {same-host,subdomain,cross-site} to same-host: 46 create_test(SECURE_SUBDOMAIN_ORIGIN, redirectTo(SECURE_ORIGIN, SECURE_SUBDOMAIN_ORIGIN), SameSiteStatus.STRICT, "Same-host redirecting to subdomain auxiliary navigations are strictly same-site"); 47 create_test(SECURE_SUBDOMAIN_ORIGIN, redirectTo(SECURE_SUBDOMAIN_ORIGIN, SECURE_SUBDOMAIN_ORIGIN), SameSiteStatus.STRICT, "Subdomain redirecting to subdomain auxiliary navigations are strictly same-site"); 48 create_test(SECURE_SUBDOMAIN_ORIGIN, redirectTo(SECURE_CROSS_SITE_ORIGIN, SECURE_SUBDOMAIN_ORIGIN), SameSiteStatus.LAX, "Cross-site redirecting to subdomain auxiliary navigations are laxly same-site"); 49 50 // Redirect from {same-host,subdomain,cross-site} to cross-site: 51 create_test(SECURE_CROSS_SITE_ORIGIN, redirectTo(SECURE_ORIGIN, SECURE_CROSS_SITE_ORIGIN), SameSiteStatus.LAX, "Same-host redirecting to cross-site auxiliary navigations are laxly same-site"); 52 create_test(SECURE_CROSS_SITE_ORIGIN, redirectTo(SECURE_SUBDOMAIN_ORIGIN, SECURE_CROSS_SITE_ORIGIN), SameSiteStatus.LAX, "Subdomain redirecting to cross-site auxiliary navigations are laxly same-site"); 53 create_test(SECURE_CROSS_SITE_ORIGIN, redirectTo(SECURE_CROSS_SITE_ORIGIN, SECURE_CROSS_SITE_ORIGIN), SameSiteStatus.LAX, "Cross-site redirecting to cross-site auxiliary navigations are laxly same-site"); 54 </script>