set-from-ws.sub.html (1665B)
1 <!doctype html> 2 <html> 3 <head> 4 <meta charset=utf-8> 5 <title>Set 'secure' cookie from `Set-Cookie` HTTP header on a non-secure WebSocket</title> 6 <meta name=help href="https://tools.ietf.org/html/draft-west-leave-secure-cookies-alone"> 7 <script src="/resources/testharness.js"></script> 8 <script src="/resources/testharnessreport.js"></script> 9 <script src="/cookies/resources/testharness-helpers.js"></script> 10 </head> 11 <body> 12 <div id=log></div> 13 <script> 14 function clearKnownCookie() { 15 document.cookie = "ws_test_secure_from_nonsecure=0; Secure; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/"; 16 } 17 18 async_test(function (t) { 19 t.add_cleanup(clearKnownCookie); 20 assert_equals(document.cookie.match(/ws_test_secure_from_nonsecure=/), null); 21 22 clearKnownCookie(); 23 var ws = new WebSocket("ws://{{host}}:{{ports[ws][0]}}/set-cookie-secure?secure_from_nonsecure"); 24 ws.onclose = t.step_func_done(function () { 25 assert_unreached("'close' should not fire before 'open'."); 26 }); 27 ws.onopen = t.step_func(function (e) { 28 ws.onclose = null; 29 ws.close(); 30 assert_false(/ws_test_secure_from_nonsecure=test/.test(document.cookie)); 31 32 var ws2 = new WebSocket("wss://{{host}}:{{ports[wss][0]}}/echo-cookie"); 33 ws2.onclose = t.step_func_done(function () { 34 assert_unreached("'close' should not fire before 'open'."); 35 }); 36 ws2.onmessage = t.step_func_done(function (e) { 37 ws2.onclose = null; 38 ws2.close(); 39 assert_false(/ws_test_secure_from_nonsecure=test/.test(e.data)); 40 }); 41 }); 42 }, "'secure' cookie not sent in WSS request when set from WS"); 43 </script> 44 </body> 45 </html>