refresh-does-not-send-challenge.https.html (1642B)
1 <!DOCTYPE html> 2 <meta charset="utf-8"> 3 <script src="/resources/testharness.js"></script> 4 <script src="/resources/testharnessreport.js"></script> 5 <script src="helper.js" type="module"></script> 6 7 <script type="module"> 8 import { expireCookie, waitForCookie, addCookieAndSessionCleanup, configureServer, setupShardedServerState, documentHasCookie } from "./helper.js"; 9 10 promise_test(async t => { 11 await setupShardedServerState(); 12 const expectedCookieAndValue = "auth_cookie=abcdef0123"; 13 const expectedCookieAndAttributes = `${expectedCookieAndValue};Domain=${location.hostname};Path=/device-bound-session-credentials`; 14 addCookieAndSessionCleanup(t); 15 16 // Configure server to avoid sending back a challenge during refresh. 17 await configureServer({ refreshSendsChallenge: false }); 18 19 // Prompt starting a session, and wait until registration completes. 20 const loginResponse = await fetch('login.py'); 21 assert_equals(loginResponse.status, 200); 22 await waitForCookie(expectedCookieAndValue, /*expectCookie=*/true); 23 24 // Confirm that a request has the cookie set. 25 const authResponse = await fetch('verify_authenticated.py'); 26 assert_equals(authResponse.status, 200); 27 28 // Trigger refresh and confirm that the cookie gets set again. 29 expireCookie(expectedCookieAndAttributes); 30 assert_false(documentHasCookie(expectedCookieAndValue)); 31 const authResponseAfterExpiry = await fetch('verify_authenticated.py'); 32 assert_equals(authResponseAfterExpiry.status, 200); 33 assert_true(documentHasCookie(expectedCookieAndValue)); 34 }, "Refresh does not send back Secure-Session-Challenge"); 35 </script>