1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
|
<!DOCTYPE html>
<title>Port-Bound Cookies Test</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/common/get-host-info.sub.js"></script>
<script src="/cookies/resources/cookie-helper.sub.js"></script>
<body>
<script>
if (location.protocol === 'https:') {
// This test needs to run from an insecure origin to be able to set
// cookies on an insecure origin.
location.href.replace("https://", "http://");
} else {
const httpOriginUrl = new URL(get_host_info().HTTP_ORIGIN);
const httpOriginUrlDifferentPort = new URL(get_host_info().HTTP_ORIGIN_WITH_DIFFERENT_PORT);
const httpOrigin = httpOriginUrl.origin;
// A second HTTP origin on the same host but with a different port.
const httpOriginDifferentPort = httpOriginUrlDifferentPort.origin;
const cookieName = "pbc-test-cookie";
const cookieValue = "1";
const cookieValueDifferentPort = "2";
async function setCookie(origin, name, value) {
const cookieString = `${name}=${value};path=/`;
const url = `${origin}/cookies/resources/set.py?${cookieString}`;
await credFetch(url);
}
async function getCookie(origin, name) {
const url = `${origin}/cookies/resources/list.py`;
const response = await credFetch(url);
const cookies = await response.json();
return cookies[name] || null;
}
async function deleteCookie(origin, name) {
// To delete a cookie, we set it with an expiry date in the past.
const cookieString = `${name}=;path=/;Max-Age=0`;
const url = `${origin}/cookies/resources/set.py?${cookieString}`;
await credFetch(url);
}
promise_test(async t => {
// Clean up any existing cookies on both origins to ensure a clean slate.
await deleteCookie(httpOrigin, cookieName);
await deleteCookie(httpOriginDifferentPort, cookieName);
// Add a cleanup function to run after the test finishes.
t.add_cleanup(async () => {
await deleteCookie(httpOrigin, cookieName);
await deleteCookie(httpOriginDifferentPort, cookieName);
});
// Set a cookie on the first HTTP origin.
await setCookie(httpOrigin, cookieName, cookieValue);
assert_equals(await getCookie(httpOrigin, cookieName), cookieValue, "Cookie must be set on the first HTTP origin successfully.");
// Verify the cookie is not present on the second HTTP origin.
assert_equals(await getCookie(httpOriginDifferentPort, cookieName), null, "Cookie set on first port should not be visible to second port.");
// Attempt to set a cookie on the second HTTP origin.
await setCookie(httpOriginDifferentPort, cookieName, cookieValueDifferentPort);
// Since port-bound behavior is active the cookie will be set in a seperate jar on this other port, it will not overwrite the original cookie.
assert_equals(await getCookie(httpOriginDifferentPort, cookieName), cookieValueDifferentPort, "The cookie on the second port should have been created.");
// Verify that the original cookie on the HTTP origin is unchanged.
assert_equals(await getCookie(httpOrigin, cookieName), cookieValue, "Cookie 1 should remain unchanged.");
}, "Cookies should be bound to their origin's port.");
}
</script>
</body>
|
