tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

partitioned-cookies-3p-credentialless-frame.html (4029B)

      1 <!DOCTYPE html>
      2 <head>
      3 <meta charset="utf-8"/>
      4 <meta name="timeout" content="long">
      5 <title>Service Worker: Partitioned Cookies 3P Credentialless Iframe</title>
      6 <script src="/resources/testharness.js"></script>
      7 <script src="test-helpers.sub.js"></script>
      8 <script src="/common/get-host-info.sub.js"></script>
      9 </head>
     10 
     11 <body>
     12 <script>
     13 
     14 // Check workers registered by a credentialless frame can access cookies set in that frame.
     15 promise_test(async t => {
     16  const script = './partitioned-cookies-3p-sw.js';
     17  const scope = './partitioned-cookies-3p-';
     18  const absolute_scope = new URL(scope, window.location).href;
     19 
     20  // Set a Partitioned cookie.
     21  document.cookie = '__Host-partitioned=123; Secure; Path=/; SameSite=None; Partitioned;';
     22  assert_true(document.cookie.includes('__Host-partitioned=123'));
     23 
     24  // Make sure DOM cannot access the unpartitioned cookie.
     25  assert_false(document.cookie.includes('unpartitioned=456'));
     26 
     27  const reg = await service_worker_unregister_and_register(t, script, scope);
     28  await wait_for_state(t, reg.installing, 'activated');
     29 
     30  let retrieved_registrations =
     31        await navigator.serviceWorker.getRegistrations();
     32  let filtered_registrations =
     33      retrieved_registrations.filter(reg => reg.scope == absolute_scope);
     34 
     35  // on_message will be reassigned below based on the expected reply from the service worker.
     36  let on_message;
     37  self.addEventListener('message', ev => on_message(ev));
     38  navigator.serviceWorker.addEventListener('message', evt => {
     39    self.postMessage(evt.data, '*');
     40  });
     41 
     42  // First test that the worker script started correctly and message passing is enabled.
     43  let resolve_wait_promise;
     44  let wait_promise = new Promise(resolve => {
     45    resolve_wait_promise = resolve;
     46  });
     47  let got;
     48  on_message = ev => {
     49    got = ev.data;
     50    resolve_wait_promise();
     51  };
     52  filtered_registrations[0].active.postMessage({type: 'test_message'});
     53  await wait_promise;
     54  assert_true(got.ok, 'Message passing');
     55 
     56  // Test that the partitioned cookie is available to this worker via CookieStore API.
     57  wait_promise = new Promise(resolve => {
     58    resolve_wait_promise = resolve;
     59  });
     60  on_message = ev => {
     61    got = ev.data;
     62    resolve_wait_promise();
     63  };
     64  filtered_registrations[0].active.postMessage({type: 'echo_cookies_js'});
     65  await wait_promise;
     66  assert_true(got.ok, 'Get cookies');
     67  assert_true(
     68      got.cookies.includes('__Host-partitioned'),
     69      'Credentialless frame worker can access partitioned cookie via JS');
     70  assert_false(
     71      got.cookies.includes('unpartitioned'),
     72      'Credentialless frame worker cannot access unpartitioned cookie via JS');
     73 
     74  // Test that the partitioned cookie is available to this worker via HTTP.
     75  wait_promise = new Promise(resolve => {
     76    resolve_wait_promise = resolve;
     77  });
     78  on_message = ev => {
     79    got = ev.data;
     80    resolve_wait_promise();
     81  };
     82  filtered_registrations[0].active.postMessage({ type: 'echo_cookies_http' });
     83  await wait_promise;
     84  assert_true(got.ok, 'Get cookies');
     85  assert_true(
     86      got.cookies.includes('__Host-partitioned'),
     87      'Credentialless frame worker can access partitioned cookie via HTTP');
     88  assert_false(
     89      got.cookies.includes('unpartitioned'),
     90      'Credentialless frame worker cannot access unpartitioned cookie via HTTP');
     91 
     92  // Test that the partitioned cookie is not available to this worker in HTTP
     93  // requests from importScripts.
     94  wait_promise = new Promise(resolve => {
     95    resolve_wait_promise = resolve;
     96  });
     97  on_message = ev => {
     98    got = ev.data;
     99    resolve_wait_promise();
    100  };
    101  filtered_registrations[0].active.postMessage({ type: 'echo_cookies_import' });
    102  await wait_promise;
    103  assert_true(got.ok, 'Get cookies');
    104  assert_true(
    105      got.cookies.includes('__Host-partitioned'),
    106      'Credentialless frame worker can access partitioned cookie via importScripts');
    107  assert_false(
    108      got.cookies.includes('unpartitioned'),
    109      'Credentialless frame worker cannot access unpartitioned cookie via importScripts');
    110 });
    111 
    112 </script>
    113 </body>
    114 </html>