<!DOCTYPE html>
<html>
<title>Third-party cookie blocking tests for Worker</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/resources/get-host-info.js"></script>
<script>
// This test cannot be a WPT test because it tests Chromium's third-party cookie
// blocking flag via testRunner.
var host_info = get_host_info();
var REMOTE_SET_COOKIES_URL =
host_info['HTTP_REMOTE_ORIGIN'] +
'/security/cookies/resources/cross-origin-set-cookies.php';
var REMOTE_ECHO_JSON_URL =
host_info['HTTP_REMOTE_ORIGIN'] + '/cookies/resources/echo-json.php';
var REMOTE_IFRAME_URL =
host_info['HTTP_REMOTE_ORIGIN'] +
'/security/cookies/resources/third-party-cookie-blocking-worker-iframe.php';
promise_test(t => {
if (window.testRunner) {
testRunner.setBlockThirdPartyCookies(false);
}
return fetch(new Request(
REMOTE_SET_COOKIES_URL +
'?SetCookie=' + encodeURIComponent('hello=world;path=/'),
{mode: 'cors', credentials: 'include'}))
.then(_ => fetch(REMOTE_ECHO_JSON_URL, {credentials: 'include'}))
.then(response => response.json())
.then(json => {
assert_equals(
json['hello'], 'world',
'fetch must send cookies if third-party cookies are allowed');
var promise = new Promise(resolve => {
window.addEventListener('message', resolve);
});
var frame = document.createElement('iframe');
frame.src = REMOTE_IFRAME_URL;
document.body.appendChild(frame);
add_result_callback(_ => frame.remove());
return promise;
})
.then(msg => {
assert_equals(
msg.data.iframe_request_cookie['hello'], 'world',
'Cookies must be sent while requesting a third-party iframe ' +
'resource if third-party cookies are allowed.');
assert_equals(
msg.data.fetch_in_iframe_cookie['hello'], 'world',
'Cookies must be set in the fetch request from a third-party ' +
'iframe if third-party cookies are allowed.');
assert_equals(
msg.data.worker_request_cookie['hello'], 'world',
'Cookies must be sent while requesting worker resource from a ' +
'third-party iframe if third-party cookies are allowed.');
assert_equals(
msg.data.fetch_in_worker_cookie['hello'], 'world',
'Cookies must be set in the fetch request from a worker ' +
'started from a third-party iframe if third-party cookies are ' +
'allowed.');
// We're now re-running the test with third-party cookies blocked.
if (window.testRunner) {
testRunner.setBlockThirdPartyCookies(true);
}
return fetch(REMOTE_ECHO_JSON_URL, {credentials: 'include'});
})
.then(response => response.json())
.then(json => {
assert_equals(
json['hello'], undefined,
'fetch must not send cookies if third-party cookies are ' +
'blocked.');
var promise = new Promise(resolve => {
window.addEventListener('message', resolve);
});
var frame = document.createElement('iframe');
frame.src = REMOTE_IFRAME_URL;
document.body.appendChild(frame);
add_result_callback(_ => frame.remove());
return promise;
})
.then(msg => {
assert_equals(
msg.data.iframe_request_cookie['hello'], undefined,
'Cookies must not be sent while requesting a third-party ' +
'iframe resource if third-party cookies are blocked.');
assert_equals(
msg.data.fetch_in_iframe_cookie['hello'], undefined,
'Cookies must not be set in the fetch request from a ' +
'third-party iframe if third-party cookies are blocked.');
assert_equals(
msg.data.worker_request_cookie['hello'], undefined,
'Cookies must not be sent while requesting worker resource ' +
'from a third-party iframe if third-party cookies are blocked.');
assert_equals(
msg.data.fetch_in_worker_cookie['hello'], undefined,
'Cookies must not be set in the fetch request from a worker ' +
'started from a third-party iframe if third-party cookies are ' +
'blocked.');
});
}, 'Third-party cookie blocking tests for Worker');
</script>
Codebase Browser
chromium