tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

third-party-cookies-cross-site-embedder-opener.html (2573B)

      1 <!DOCTYPE html>
      2 <meta charset="utf-8" />
      3 <meta name="timeout" content="long">
      4 <title>Test third-party cookies</title>
      5 <script src="/resources/testdriver.js"></script>
      6 <script src="/resources/testdriver-vendor.js"></script>
      7 <script src="/resources/testharness.js"></script>
      8 <script src="/resources/testharnessreport.js"></script>
      9 <script src="/common/get-host-info.sub.js"></script>
     10 <script src="/cookies/resources/cookie-helper.sub.js"></script>
     11 <script src="/cookies/third-party-cookies/resources/test-helpers.js"></script>
     12 
     13 <body>
     14  <script>
     15 
     16    document.body.onload = async () => {
     17      // Set SameSite=None cookie in a 1P context using HTTP.
     18      const attributes = "Secure;Path=/;SameSite=None";
     19      const httpCookieName = "1P_http";
     20      await credFetch(
     21        `${self.origin}/cookies/resources/set.py?${httpCookieName}=foobar;${attributes}`);
     22 
     23      // Set another cookie using document.cookie.
     24      const domCookieName = "1P_dom";
     25      document.cookie = `${domCookieName}=foobar;${attributes}`;
     26 
     27      const cookieNames = [httpCookieName, domCookieName];
     28 
     29      // Set another cookie using the CookieStore API, if supported.
     30      if (window.cookieStore) {
     31        const cookieStoreCookieName = "1P_cs";
     32        await cookieStore.set({
     33          name: cookieStoreCookieName,
     34          value: "foobar",
     35          path: "/",
     36          sameSite: "none",
     37        });
     38        cookieNames.push(cookieStoreCookieName);
     39      }
     40 
     41      // Test that the cookie is available in a first-party context via HTTP.
     42      testHttpCookies({
     43        desc: get_host_info().HTTPS_ORIGIN + " " + get_host_info().HTTPS_REMOTE_ORIGIN + " " + get_host_info().HTTPS_NOTSAMESITE_ORIGIN + " " + get_host_info().HTTPS_AUTHENTICATED_ORIGIN,
     44        origin: self.origin,
     45        cookieNames,
     46        expectsCookie: true,
     47      });
     48 
     49      // // Verify that the cookies are available to the DOM as well.
     50      testDomCookies({
     51        desc: "1P window",
     52        cookieNames,
     53        expectsCookie: true,
     54      });
     55      testCookieStoreCookies({
     56        desc: "1P window",
     57        cookieNames,
     58        expectsCookie: true,
     59      });
     60 
     61      // Open a cross-site window which will embed the current origin in a
     62      // third-party context.
     63      const crossSiteUrl = new URL(
     64        `/cookies/third-party-cookies/resources/third-party-cookies-cross-site-embedder.html?origin=${encodeURIComponent(self.origin)}`,
     65        get_host_info().HTTPS_ORIGIN + self.location.pathname);
     66      const popup = window.open(crossSiteUrl);
     67      fetch_tests_from_window(popup);
     68    };
     69 
     70  </script>
     71 </body>