credentialless-websocket.https.tentative.window.js (2637B)
1 // META: timeout=long 2 // META: script=/common/get-host-info.sub.js 3 // META: script=/common/utils.js 4 // META: script=/common/dispatcher/dispatcher.js 5 // META: script=./resources/common.js 6 7 promise_test_parallel(async test => { 8 const same_origin = get_host_info().HTTPS_ORIGIN; 9 const cross_origin = get_host_info().HTTPS_REMOTE_ORIGIN; 10 const cookie_key = "dip_credentialless_websocket"; 11 const cookie_same_origin = "same_origin"; 12 const cookie_cross_origin = "cross_origin"; 13 14 await Promise.all([ 15 setCookie(same_origin, cookie_key, cookie_same_origin + 16 cookie_same_site_none), 17 setCookie(cross_origin, cookie_key, cookie_cross_origin + 18 cookie_same_site_none), 19 ]); 20 21 // One window with DIP:none. (control) 22 const w_control_token = token(); 23 const w_control_url = same_origin + executor_path + 24 dip_none + `&uuid=${w_control_token}` 25 const w_control = window.open(w_control_url); 26 add_completion_callback(() => w_control.close()); 27 28 // One window with DIP:credentialless. (experiment) 29 const w_credentialless_token = token(); 30 const w_credentialless_url = same_origin + executor_path + 31 dip_credentialless + `&uuid=${w_credentialless_token}`; 32 const w_credentialless = window.open(w_credentialless_url); 33 add_completion_callback(() => w_credentialless.close()); 34 35 let WebSocketTest = function( 36 description, origin, 37 expected_cookies_control, 38 expected_cookies_credentialless) 39 { 40 promise_test_parallel(async test => { 41 const token_1 = token(); 42 const token_2 = token(); 43 44 const origin_for_websocket = origin.replace("https", "wss"); 45 46 send(w_control_token, ` 47 var ws = new WebSocket("${showRequestHeaders(origin_for_websocket, token_1)}"); 48 `); 49 50 send(w_credentialless_token, ` 51 var ws = new WebSocket("${showRequestHeaders(origin_for_websocket, token_2)}"); 52 `); 53 54 const headers_control = JSON.parse(await receive(token_1)); 55 const headers_credentialless = JSON.parse(await receive(token_2)); 56 57 assert_equals(parseCookies(headers_control)[cookie_key], 58 expected_cookies_control, 59 "dip:none => "); 60 assert_equals(parseCookies(headers_credentialless)[cookie_key], 61 expected_cookies_credentialless, 62 "dip:credentialless => "); 63 }, `WebSocket ${description}`) 64 }; 65 66 // Same-origin request always contains Cookies: 67 WebSocketTest("same-origin", 68 same_origin, 69 cookie_same_origin, 70 cookie_same_origin); 71 72 // Cross-origin request also always contains Cookies: 73 WebSocketTest("cross-origin", 74 cross_origin, 75 cookie_cross_origin, 76 cookie_cross_origin); 77 }, "Main");