<!DOCTYPE html>
<meta charset="utf-8"/>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/cookies/resources/cookie-helper.sub.js"></script>
<script>
promise_test(async function(t) {
let w = window.open(SECURE_ORIGIN + "/cookies/samesite/resources/puppet.html");
await wait_for_message("READY", SECURE_ORIGIN);
let random = "" + Math.random();
w.postMessage({type: "set", value: random}, "*");
let e = await wait_for_message("set-complete", SECURE_ORIGIN)
assert_dom_cookie("samesite_strict", e.data.value, true);
assert_dom_cookie("samesite_lax", e.data.value, true);
assert_dom_cookie("samesite_none", e.data.value, true);
assert_dom_cookie("samesite_unspecified", e.data.value, true);
w.close();
}, "Same-site window should be able to set `SameSite=Lax` or `SameSite=Strict` cookies.");
promise_test(async function(t) {
let w = window.open(SECURE_CROSS_SITE_ORIGIN + "/cookies/samesite/resources/puppet.html");
await wait_for_message("READY", SECURE_CROSS_SITE_ORIGIN);
let random = "" + Math.random();
w.postMessage({type: "set", value: random}, "*");
let e = await wait_for_message("set-complete", SECURE_CROSS_SITE_ORIGIN);
assert_dom_cookie("samesite_strict", e.data.value, false);
assert_dom_cookie("samesite_lax", e.data.value, false);
assert_dom_cookie("samesite_none", e.data.value, true);
assert_dom_cookie("samesite_unspecified", e.data.value, false);
w.close();
}, "Cross-site window shouldn't be able to set `SameSite=Lax` or `SameSite=Strict` cookies.");
</script>
Codebase Browser
chromium