-
Notifications
You must be signed in to change notification settings - Fork 3.1k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add external wpt covering same-site subresources redirected to x-site
Bug: 370995015 Change-Id: I802c294b4e80501465b7f263fc055cb594290f20 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5905045 Reviewed-by: Steven Bingler <bingler@chromium.org> Auto-Submit: Aaron Selya <selya@google.com> Commit-Queue: Steven Bingler <bingler@chromium.org> Cr-Commit-Position: refs/heads/main@{#1364062}
- Loading branch information
1 parent
72b510a
commit bac7c69
Showing
2 changed files
with
80 additions
and
0 deletions.
There are no files selected for viewing
60 changes: 60 additions & 0 deletions
60
...ies/partitioned-cookies-same-site-subresource-to-cross-site-redirect.tentative.https.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
<!DOCTYPE html> | ||
<meta charset="utf-8"/> | ||
<meta name="timeout" content="long"> | ||
<meta name="help" href="https://github.com/WICG/CHIPS#chips-cookies-having-independent-partitioned-state"> | ||
<title>Test partitioned cookies same-site sub-resource redirect to cross-site</title> | ||
<script src="/resources/testharness.js"></script> | ||
<script src="/resources/testharnessreport.js"></script> | ||
<script src="/common/get-host-info.sub.js"></script> | ||
<script src="/cookies/resources/cookie-helper.sub.js"></script> | ||
<script src="/cookies/partitioned-cookies/resources/test-helpers.js"></script> | ||
|
||
<body> | ||
<script> | ||
promise_test(async () => { | ||
//Add partitioned cookie to top-level site. | ||
assert_equals(document.cookie, ""); | ||
const partitionedCookie = "ancestor=chain"; | ||
const partitionedCookieAttributes = | ||
"; Secure; Path=/; SameSite=None; Partitioned"; | ||
const partitionedCookieLine = | ||
partitionedCookie + partitionedCookieAttributes; | ||
|
||
document.cookie = partitionedCookieLine; | ||
|
||
assert_true(document.cookie.includes(partitionedCookie)); | ||
|
||
const resourceDir = "./resources/"; | ||
const embedUrl = new URL(resourceDir + | ||
"ancestor-chain-same-site-to-cross-site-embed.html", | ||
get_host_info().HTTPS_NOTSAMESITE_ORIGIN + self.location.pathname); | ||
const redirectUrl = new URL(resourceDir + | ||
"redirect-and-echo-cookie-header.py?location=" + embedUrl, | ||
get_host_info().HTTPS_NOTSAMESITE_ORIGIN + self.location.pathname); | ||
|
||
const iframe = document.createElement("iframe"); | ||
iframe.src = new URL(resourceDir + "ancestor-chain-empty-embed.html", | ||
get_host_info().ORIGIN + self.location.pathname); | ||
document.body.appendChild(iframe); | ||
await new Promise(r => iframe.onload = r); | ||
|
||
// Confirm that the iframe is same-site to the top-level site. | ||
let iframeUrl = new URL(iframe.src); | ||
let iframeHost = iframeUrl.hostname; | ||
assert_equals(window.location.hostname, iframeHost); | ||
|
||
iframe.src = redirectUrl; | ||
await new Promise(r => iframe.onload = r); | ||
|
||
await fetch_tests_from_window(iframe.contentWindow); | ||
|
||
// Confirm that the iframe is cross-site to the top-level site. | ||
iframeUrl = new URL(iframe.src); | ||
iframeHost = iframeUrl.hostname; | ||
assert_not_equals(window.location.hostname, iframeHost); | ||
|
||
}, "Partitioned cookies are not sent in embedded same-site to cross-site redirects"); | ||
</script> | ||
</body> | ||
|
||
|
20 changes: 20 additions & 0 deletions
20
cookies/partitioned-cookies/resources/ancestor-chain-same-site-to-cross-site-embed.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
<!doctype html> | ||
<head> | ||
<meta charset="utf-8"/> | ||
<meta name="timeout" content="long"> | ||
<script src="/resources/testharness.js"></script> | ||
<script src="/cookies/resources/testharness-helpers.js"></script> | ||
<title>Test partitioned cookies ancestor chain: cross-site embed</title> | ||
</head> | ||
<body> | ||
<script> | ||
|
||
promise_test(async t => { | ||
await new Promise(resolve => window.onload = () => t.step_timeout(resolve, 0)); | ||
const partitionedCookie = "ancestor=chain"; | ||
assert_false(window.location.href.includes(partitionedCookie)); | ||
assert_false(document.cookie.includes(partitionedCookie)); | ||
}, "Cross-site embed partitioned cookie access"); | ||
|
||
</script> | ||
</body> |