credentialless-video.https.tentative.window.js (1871B)
1 // META: script=/common/get-host-info.sub.js 2 // META: script=/common/utils.js 3 // META: script=/common/dispatcher/dispatcher.js 4 // META: script=./resources/common.js 5 6 const same_origin = get_host_info().HTTPS_ORIGIN; 7 const cross_origin = get_host_info().HTTPS_REMOTE_ORIGIN; 8 const cookie_key = "dip_credentialless_image"; 9 const cookie_same_origin = "same_origin"; 10 const cookie_cross_origin = "cross_origin"; 11 12 promise_setup(async test => { 13 await Promise.all([ 14 setCookie(same_origin, cookie_key, cookie_same_origin + 15 cookie_same_site_none), 16 setCookie(cross_origin, cookie_key, cookie_cross_origin + 17 cookie_same_site_none), 18 ]); 19 }, "Setup cookies"); 20 21 const videoTest = function(description, origin, mode, expected_cookie) { 22 promise_test(async test => { 23 const video_token = token(); 24 25 let video = document.createElement("video"); 26 video.src = showRequestHeaders(origin, video_token); 27 video.autoplay = true; 28 if (mode) 29 video.crossOrigin = mode; 30 document.body.appendChild(video); 31 32 const headers = JSON.parse(await receive(video_token)); 33 34 assert_equals(parseCookies(headers)[cookie_key], expected_cookie); 35 }, `video ${description}`) 36 }; 37 38 // Same-origin request always contains Cookies: 39 videoTest("same-origin + undefined", 40 same_origin, undefined, cookie_same_origin); 41 videoTest("same-origin + anonymous", 42 same_origin, 'anonymous', cookie_same_origin); 43 videoTest("same-origin + use-credentials", 44 same_origin, 'use-credentials', cookie_same_origin); 45 46 // Cross-origin request contains cookies, only when sent in CORS mode, using 47 // crossOrigin = "use-credentials". 48 videoTest("cross-origin + undefined", 49 cross_origin, '', undefined); 50 videoTest("cross-origin + anonymous", 51 cross_origin, 'anonymous', undefined); 52 videoTest("cross-origin + use-credentials", 53 cross_origin, 'use-credentials', cookie_cross_origin);