set-from-dom.sub.html (1506B)
1 <!doctype html> 2 <html> 3 <head> 4 <meta charset=utf-8> 5 <title>Set 'secure' cookie from `document.cookie` on a non-secure page</title> 6 <meta name=help href="https://tools.ietf.org/html/draft-west-leave-secure-cookies-alone"> 7 <script src="/resources/testharness.js"></script> 8 <script src="/resources/testharnessreport.js"></script> 9 <script src="/cookies/resources/testharness-helpers.js"></script> 10 </head> 11 <body> 12 <div id=log></div> 13 <script> 14 var tests = [ 15 [ 16 "'secure' cookie not set in `document.cookie`", 17 function () { 18 var originalCookie = document.cookie; 19 document.cookie = "secure_from_nonsecure_dom=1; secure; path=/"; 20 assert_equals(document.cookie, originalCookie); 21 this.done(); 22 } 23 ], 24 [ 25 "'secure' cookie not sent in HTTP request", 26 function () { 27 document.cookie = "secure_from_nonsecure_dom=1; secure; path=/"; 28 fetch("https://{{host}}:{{ports[https][0]}}/cookies/resources/echo-json.py", { "credentials": "include" }) 29 .then(this.step_func(function (r) { 30 return r.json(); 31 })) 32 .then(this.step_func_done(function (j) { 33 assert_equals(j["secure_from_nonsecure_dom"], undefined); 34 })); 35 } 36 ] 37 ]; 38 39 function clearKnownCookie() { 40 document.cookie = "secure_from_nonsecure_dom=0; Secure; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/"; 41 } 42 43 executeTestsSerially(tests, clearKnownCookie, clearKnownCookie); 44 </script> 45 </body> 46 </html>