debug-header.https.html (5618B)
1 <!DOCTYPE html> 2 <meta charset="utf-8"> 3 <script src="/resources/testharness.js"></script> 4 <script src="/resources/testharnessreport.js"></script> 5 <script src="/common/get-host-info.sub.js"></script> 6 <script src="helper.js" type="module"></script> 7 8 <script type="module"> 9 import { expireCookie, documentHasCookie, waitForCookie, addCookieAndSessionCleanup, configureServer, setupShardedServerState, postJson } from "./helper.js"; 10 11 promise_test(async t => { 12 await setupShardedServerState(); 13 const expectedCookieAndValue = "auth_cookie=abcdef0123"; 14 const expectedCookieAndAttributes = `${expectedCookieAndValue};Domain=${location.hostname};Path=/device-bound-session-credentials`; 15 addCookieAndSessionCleanup(t); 16 17 // Prompt starting a session, and wait until registration completes. 18 const loginResponse = await fetch('login.py'); 19 assert_equals(loginResponse.status, 200); 20 await waitForCookie(expectedCookieAndValue, /*expectCookie=*/true); 21 22 // Configure server to fail to refresh 23 await configureServer({ refreshEndpointUnavailable: true }); 24 25 // Expire the cookie. The server will attempt a refresh, but fail. 26 expireCookie(expectedCookieAndAttributes); 27 assert_false(documentHasCookie(expectedCookieAndValue)); 28 29 const response = await fetch('reflect_headers.py'); 30 assert_equals(response.status, 200); 31 assert_false(documentHasCookie(expectedCookieAndValue)); 32 const headers = new Headers(await response.json()); 33 assert_equals(headers.get("secure-session-skipped"), "server_error;session_identifier=\"0\""); 34 }, "A session that fails to reach the refresh endpoint sets debug header"); 35 36 // Create a session, then make the refresh endpoint unreachable and a 37 // refresh required. 38 async function setupRedirectTest(t) { 39 await setupShardedServerState(); 40 const expectedCookieAndValue = "auth_cookie=abcdef0123"; 41 const expectedCookieAndAttributes = `${expectedCookieAndValue};Domain=${location.hostname};Path=/device-bound-session-credentials`; 42 addCookieAndSessionCleanup(t); 43 44 // Prompt starting a session, and wait until registration completes. 45 const loginResponse = await fetch('login.py'); 46 assert_equals(loginResponse.status, 200); 47 await waitForCookie(expectedCookieAndValue, /*expectCookie=*/true); 48 49 // Configure server to fail to refresh 50 await configureServer({ refreshEndpointUnavailable: true }); 51 52 // Expire the cookie. The server will attempt a refresh, but fail. 53 expireCookie(expectedCookieAndAttributes); 54 assert_false(documentHasCookie(expectedCookieAndValue)); 55 } 56 57 promise_test(async t => { 58 const expectedCookieAndValue = "auth_cookie=abcdef0123"; 59 await setupRedirectTest(t); 60 61 const response = await fetch('redirect.py?reflect_headers.py'); 62 assert_equals(response.status, 200); 63 assert_false(documentHasCookie(expectedCookieAndValue)); 64 const headers = new Headers(await response.json()); 65 assert_equals(headers.get("secure-session-skipped"), "server_error;session_identifier=\"0\""); 66 }, "Same-site redirects continue to send debug header"); 67 68 promise_test(async t => { 69 const expectedCookieAndValue = "auth_cookie=abcdef0123"; 70 await setupRedirectTest(t); 71 72 const response = await fetch(`redirect.py?${get_host_info().HTTPS_NOTSAMESITE_ORIGIN}/device-bound-session-credentials/reflect_headers.py`); 73 assert_equals(response.status, 200); 74 assert_false(documentHasCookie(expectedCookieAndValue)); 75 const headers = new Headers(await response.json()); 76 assert_equals(headers.get("secure-session-skipped"), null); 77 }, "Cross-site redirects do not send debug header"); 78 79 promise_test(async t => { 80 await setupShardedServerState(); 81 const expectedCookieAndValue1 = "auth_cookie=abcdef0123"; 82 const expectedCookieAndAttributes1 = `${expectedCookieAndValue1};Domain=${location.hostname};Path=/device-bound-session-credentials`; 83 const expectedCookieAndValue2 = "other_cookie=ghijkl4567"; 84 const expectedCookieAndAttributes2 = `${expectedCookieAndValue2};Domain=${location.hostname};Path=/device-bound-session-credentials`; 85 addCookieAndSessionCleanup(t); 86 87 // Configure server to configure cookies for next two created sessions. 88 await configureServer({ 89 cookieDetailsForNextRegisteredSessions: [[{ nameAndValue: expectedCookieAndValue1 }], [{ nameAndValue: expectedCookieAndValue2 }]] 90 }); 91 92 // Prompt starting one session, and wait until registration completes. 93 const loginResponse = await postJson('login.py', { numSessions: 2 }); 94 assert_equals(loginResponse.status, 200); 95 await waitForCookie(expectedCookieAndValue1, /*expectCookie=*/true); 96 await waitForCookie(expectedCookieAndValue2, /*expectCookie=*/true); 97 98 // Configure server to fail to refresh 99 await configureServer({ refreshEndpointUnavailable: true }); 100 101 // Expire the cookie. The server will attempt a refresh, but fail. 102 expireCookie(expectedCookieAndAttributes1); 103 expireCookie(expectedCookieAndAttributes2); 104 assert_false(documentHasCookie(expectedCookieAndValue1)); 105 assert_false(documentHasCookie(expectedCookieAndValue2)); 106 107 const response = await fetch('reflect_headers.py'); 108 assert_equals(response.status, 200); 109 assert_false(documentHasCookie(expectedCookieAndValue1)); 110 assert_false(documentHasCookie(expectedCookieAndValue2)); 111 const headers = new Headers(await response.json()); 112 assert_equals(headers.get("secure-session-skipped"), "server_error;session_identifier=\"0\", server_error;session_identifier=\"1\""); 113 }, "Two failing sessions both set debug header"); 114 </script>