include-site.https.html (1913B)
1 <!DOCTYPE html> 2 <meta charset="utf-8"> 3 <script src="/resources/testharness.js"></script> 4 <script src="/resources/testharnessreport.js"></script> 5 <script src="helper.js" type="module"></script> 6 7 <script type="module"> 8 import { expireCookie, documentHasCookie, waitForCookie, addCookieAndSessionCleanup, setupShardedServerState, configureServer } from "./helper.js"; 9 10 async function runTest(t, includeSite) { 11 await setupShardedServerState(); 12 const expectedCookieAndValue = "auth_cookie=abcdef0123"; 13 const expectedCookieAndAttributes = `${expectedCookieAndValue};Domain=${location.hostname};Path=/device-bound-session-credentials`; 14 addCookieAndSessionCleanup(t); 15 16 await configureServer({ includeSite }); 17 18 // Prompt starting a session, and wait until registration completes. 19 const loginResponse = await fetch('login.py'); 20 assert_equals(loginResponse.status, 200); 21 await waitForCookie(expectedCookieAndValue, /*expectCookie=*/true); 22 23 // Expire the cookie, and check whether a refresh has occurred. 24 expireCookie(expectedCookieAndAttributes); 25 assert_false(documentHasCookie(expectedCookieAndValue)); 26 const url = `${location.protocol}//www1.${location.host}/device-bound-session-credentials/verify_authenticated.py`; 27 const authResponseAfterExpiry = await fetch(url, {credentials: "include"}); 28 // The cookie should only be refreshed if the session includes the whole site. 29 assert_equals(authResponseAfterExpiry.status, includeSite ? 200 : 403); 30 assert_equals(documentHasCookie(expectedCookieAndValue), includeSite); 31 } 32 33 promise_test(async t => { 34 await runTest(t, /*includeSite=*/true); 35 }, "An established session refreshes across origins if the site is included"); 36 37 promise_test(async t => { 38 await runTest(t, /*includeSite=*/false); 39 }, "An established session does not refresh across origins if the site is not included"); 40 </script>