tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

resolving-urls.https.html (2698B)

      1 <!DOCTYPE html>
      2 <meta charset="utf-8">
      3 <script src="/resources/testharness.js"></script>
      4 <script src="/resources/testharnessreport.js"></script>
      5 <script src="helper.js" type="module"></script>
      6 
      7 <script type="module">
      8  import { expireCookie, waitForCookie, addCookieAndSessionCleanup, configureServer, setupShardedServerState, documentHasCookie, postJson } from "./helper.js";
      9 
     10  async function runTest(t, registrationUrl, refreshUrl) {
     11    await setupShardedServerState();
     12    const expectedCookieAndValue = "auth_cookie=abcdef0123";
     13    const expectedCookieAndAttributes = `${expectedCookieAndValue};Domain=${location.hostname};Path=/device-bound-session-credentials`;
     14    addCookieAndSessionCleanup(t);
     15 
     16    // Configure server to use the absolute URL for refresh instead of a relative URL.
     17    await configureServer({ refreshUrl });
     18 
     19    // Configure registration to use absolute URL instead of relative.
     20    // Prompt starting a session, and wait until registration completes.
     21    const loginResponse = await postJson('login.py', { registrationUrl });
     22    assert_equals(loginResponse.status, 200);
     23    await waitForCookie(expectedCookieAndValue, /*expectCookie=*/true);
     24 
     25    // Confirm that a request has the cookie set.
     26    const authResponse = await fetch('verify_authenticated.py');
     27    assert_equals(authResponse.status, 200);
     28 
     29    // Trigger refresh and confirm that the cookie gets set again.
     30    expireCookie(expectedCookieAndAttributes);
     31    assert_false(documentHasCookie(expectedCookieAndValue));
     32    const authResponseAfterExpiry = await fetch('verify_authenticated.py');
     33    assert_equals(authResponseAfterExpiry.status, 200);
     34    assert_true(documentHasCookie(expectedCookieAndValue));
     35  }
     36 
     37  promise_test(async t => {
     38    const registrationUrl = `${location.origin}/device-bound-session-credentials/start_session.py`;
     39    const refreshUrl = `${location.origin}/device-bound-session-credentials/refresh_session.py`;
     40    await runTest(t, registrationUrl, refreshUrl);
     41  }, "The registration and refresh endpoints can be configured as absolute URLs");
     42 
     43  promise_test(async t => {
     44    const registrationUrl = `/device-bound-session-credentials/start_session.py`;
     45    const refreshUrl = `/device-bound-session-credentials/refresh_session.py`;
     46    await runTest(t, registrationUrl, refreshUrl);
     47  }, "The registration and refresh endpoints can be configured as relative URLs with leading slash");
     48 
     49  promise_test(async t => {
     50    const registrationUrl = `start_session.py`;
     51    const refreshUrl = `refresh_session.py`;
     52    await runTest(t, registrationUrl, refreshUrl);
     53  }, "The registration and refresh endpoints can be configured as relative URLs without leading slash");
     54 </script>