| <!DOCTYPE html> |
| <html> |
| <title>Third-party cookie blocking tests for Worker</title> |
| <script src="/resources/testharness.js"></script> |
| <script src="/resources/testharnessreport.js"></script> |
| <script src="/resources/get-host-info.js"></script> |
| <script> |
| // This test cannot be a WPT test because it tests Chromium's third-party cookie |
| // blocking flag via testRunner. |
| var host_info = get_host_info(); |
| |
| var REMOTE_SET_COOKIES_URL = |
| host_info['HTTP_REMOTE_ORIGIN'] + |
| '/security/cookies/resources/cross-origin-set-cookies.php'; |
| var REMOTE_ECHO_JSON_URL = |
| host_info['HTTP_REMOTE_ORIGIN'] + '/cookies/resources/echo-json.php'; |
| var REMOTE_IFRAME_URL = |
| host_info['HTTP_REMOTE_ORIGIN'] + |
| '/security/cookies/resources/third-party-cookie-blocking-worker-iframe.php'; |
| |
| promise_test(t => { |
| if (window.testRunner) { |
| testRunner.setBlockThirdPartyCookies(false); |
| } |
| return fetch(new Request( |
| REMOTE_SET_COOKIES_URL + |
| '?SetCookie=' + encodeURIComponent('hello=world;path=/'), |
| {mode: 'cors', credentials: 'include'})) |
| .then(_ => fetch(REMOTE_ECHO_JSON_URL, {credentials: 'include'})) |
| .then(response => response.json()) |
| .then(json => { |
| assert_equals( |
| json['hello'], 'world', |
| 'fetch must send cookies if third-party cookies are allowed'); |
| var promise = new Promise(resolve => { |
| window.addEventListener('message', resolve); |
| }); |
| var frame = document.createElement('iframe'); |
| frame.src = REMOTE_IFRAME_URL; |
| document.body.appendChild(frame); |
| add_result_callback(_ => frame.remove()); |
| return promise; |
| }) |
| .then(msg => { |
| assert_equals( |
| msg.data.iframe_request_cookie['hello'], 'world', |
| 'Cookies must be sent while requesting a third-party iframe ' + |
| 'resource if third-party cookies are allowed.'); |
| assert_equals( |
| msg.data.fetch_in_iframe_cookie['hello'], 'world', |
| 'Cookies must be set in the fetch request from a third-party ' + |
| 'iframe if third-party cookies are allowed.'); |
| assert_equals( |
| msg.data.worker_request_cookie['hello'], 'world', |
| 'Cookies must be sent while requesting worker resource from a ' + |
| 'third-party iframe if third-party cookies are allowed.'); |
| assert_equals( |
| msg.data.fetch_in_worker_cookie['hello'], 'world', |
| 'Cookies must be set in the fetch request from a worker ' + |
| 'started from a third-party iframe if third-party cookies are ' + |
| 'allowed.'); |
| |
| // We're now re-running the test with third-party cookies blocked. |
| if (window.testRunner) { |
| testRunner.setBlockThirdPartyCookies(true); |
| } |
| return fetch(REMOTE_ECHO_JSON_URL, {credentials: 'include'}); |
| }) |
| .then(response => response.json()) |
| .then(json => { |
| assert_equals( |
| json['hello'], undefined, |
| 'fetch must not send cookies if third-party cookies are ' + |
| 'blocked.'); |
| var promise = new Promise(resolve => { |
| window.addEventListener('message', resolve); |
| }); |
| var frame = document.createElement('iframe'); |
| frame.src = REMOTE_IFRAME_URL; |
| document.body.appendChild(frame); |
| add_result_callback(_ => frame.remove()); |
| return promise; |
| }) |
| .then(msg => { |
| assert_equals( |
| msg.data.iframe_request_cookie['hello'], undefined, |
| 'Cookies must not be sent while requesting a third-party ' + |
| 'iframe resource if third-party cookies are blocked.'); |
| assert_equals( |
| msg.data.fetch_in_iframe_cookie['hello'], undefined, |
| 'Cookies must not be set in the fetch request from a ' + |
| 'third-party iframe if third-party cookies are blocked.'); |
| assert_equals( |
| msg.data.worker_request_cookie['hello'], undefined, |
| 'Cookies must not be sent while requesting worker resource ' + |
| 'from a third-party iframe if third-party cookies are blocked.'); |
| assert_equals( |
| msg.data.fetch_in_worker_cookie['hello'], undefined, |
| 'Cookies must not be set in the fetch request from a worker ' + |
| 'started from a third-party iframe if third-party cookies are ' + |
| 'blocked.'); |
| }); |
| }, 'Third-party cookie blocking tests for Worker'); |
| </script> |