LayoutTests/ChangeLog

 12021-07-02 Chris Dumez <cdumez@apple.com>
 2
 3 Resync cookies web-platform-tests from upstream
 4 https://bugs.webkit.org/show_bug.cgi?id=227641
 5
 6 Reviewed by NOBODY (OOPS!).
 7
 8 * TestExpectations:
 9 * tests-options.json:
 10
1112021-07-02 Chris Dumez <cdumez@apple.com>
212
313 REGRESSION (r279427): [ Mac wk1 ] imported/w3c/web-platform-tests/html/rendering/replaced-elements/embedded-content/tall-cross-domain-iframe-in-scrolled.sub.html is timing out

LayoutTests/imported/w3c/ChangeLog

 12021-07-02 Chris Dumez <cdumez@apple.com>
 2
 3 Resync cookies web-platform-tests from upstream
 4 https://bugs.webkit.org/show_bug.cgi?id=227641
 5
 6 Reviewed by NOBODY (OOPS!).
 7
 8 Resync cookies web-platform-tests from upstream 2c19d6ee62676ac90146.
 9
 10 * resources/import-expectations.json:
 11 * web-platform-tests/cookies/*: Updated.
 12
1132021-07-02 Chris Dumez <cdumez@apple.com>
214
315 Resync WebCryptoAPI web-platform-tests from upstream

LayoutTests/TestExpectations

@@imported/w3c/web-platform-tests/clipboard-apis/feature-policy/clipboard-read/cli
438438imported/w3c/web-platform-tests/clipboard-apis/feature-policy/clipboard-read/clipboard-read-enabled-by-feature-policy-cross-origin-tentative.https.sub.html [ Skip ]
439439imported/w3c/web-platform-tests/clipboard-apis/feature-policy/clipboard-read/clipboard-read-enabled-by-feature-policy.tentative.https.sub.html [ Skip ]
440440imported/w3c/web-platform-tests/clipboard-apis/feature-policy/clipboard-read/clipboard-read-enabled-on-self-origin-by-feature-policy.tentative.https.sub.html [ Skip ]
 441imported/w3c/web-platform-tests/cookies/domain/domain-attribute-host-with-and-without-leading-period.sub.https.html [ Skip ]
 442imported/w3c/web-platform-tests/cookies/domain/domain-attribute-host-with-leading-period.sub.https.html [ Skip ]
 443imported/w3c/web-platform-tests/cookies/domain/domain-attribute-matches-host.sub.https.html [ Skip ]
 444imported/w3c/web-platform-tests/cookies/domain/domain-attribute-missing.sub.html [ Skip ]
 445imported/w3c/web-platform-tests/cookies/samesite/fetch.https.html [ Skip ]
 446imported/w3c/web-platform-tests/cookies/samesite/form-get-blank-reload.https.html [ Skip ]
 447imported/w3c/web-platform-tests/cookies/samesite/form-get-blank.https.html [ Skip ]
 448imported/w3c/web-platform-tests/cookies/samesite/form-post-blank-reload.https.html [ Skip ]
 449imported/w3c/web-platform-tests/cookies/samesite/form-post-blank.https.html [ Skip ]
 450imported/w3c/web-platform-tests/cookies/samesite/iframe-reload.https.html [ Skip ]
 451imported/w3c/web-platform-tests/cookies/samesite/iframe.https.html [ Skip ]
 452imported/w3c/web-platform-tests/cookies/samesite/img.https.html [ Skip ]
 453imported/w3c/web-platform-tests/cookies/samesite/window-open-reload.https.html [ Skip ]
 454imported/w3c/web-platform-tests/cookies/samesite/window-open.https.html [ Skip ]
441455imported/w3c/web-platform-tests/geolocation-API/non-secure-contexts.http.html [ Skip ]
442456imported/w3c/web-platform-tests/geolocation-API/getCurrentPosition_permission_allow.https.html [ Skip ]
443457imported/w3c/web-platform-tests/geolocation-API/getCurrentPosition_permission_deny.https.html [ Skip ]

@@imported/w3c/web-platform-tests/html/cross-origin-opener-policy [ Skip ]
644658imported/w3c/web-platform-tests/html/semantics/embedded-content/the-embed-element/embed-represent-nothing-04.html [ ImageOnlyFailure Crash ]
645659
646660# Newly imported WPT tests that are flaky.
 661imported/w3c/web-platform-tests/cookies/name/name.html [ Failure Pass ]
 662imported/w3c/web-platform-tests/cookies/prefix/__secure.header.https.html [ Failure Pass ]
 663imported/w3c/web-platform-tests/cookies/samesite-none-secure/cookies-without-samesite-must-be-secure.https.tentative.html [ Failure Pass ]
 664imported/w3c/web-platform-tests/cookies/samesite/about-blank-subresource.https.html [ Failure Pass ]
 665imported/w3c/web-platform-tests/cookies/samesite/about-blank-toplevel.https.html [ Failure Pass ]
 666imported/w3c/web-platform-tests/cookies/samesite/iframe.document.https.html [ Failure Pass ]
 667imported/w3c/web-platform-tests/cookies/samesite/multiple-samesite-attributes.https.html [ Failure Pass ]
 668imported/w3c/web-platform-tests/cookies/samesite/sandbox-iframe-nested.https.html [ Failure Pass ]
 669imported/w3c/web-platform-tests/cookies/samesite/sandbox-iframe-subresource.https.html [ Failure Pass ]
 670imported/w3c/web-platform-tests/cookies/samesite/setcookie-lax.https.html [ Failure Pass ]
 671imported/w3c/web-platform-tests/cookies/samesite/setcookie-navigation.https.html [ Failure Pass ]
 672imported/w3c/web-platform-tests/cookies/schemeful-same-site/schemeful-iframe-subresource.tentative.html [ Failure Pass ]
 673imported/w3c/web-platform-tests/cookies/schemeful-same-site/schemeful-navigation.tentative.html [ Failure Pass ]
 674imported/w3c/web-platform-tests/cookies/schemeful-same-site/schemeful-subresource.tentative.html [ Failure Pass ]
647675imported/w3c/web-platform-tests/html/semantics/scripting-1/the-script-element/microtasks/checkpoint-after-window-onerror-module.html [ Failure Pass ]
648676imported/w3c/web-platform-tests/html/browsers/windows/targeting-cross-origin-nested-browsing-contexts.html [ Failure Pass ]
649677imported/w3c/web-platform-tests/html/cross-origin-embedder-policy/credentialless/iframe-coep-credentialless.tentative.https.html [ Failure Pass ]

LayoutTests/imported/w3c/resources/import-expectations.json

7070 "web-platform-tests/compat": "import",
7171 "web-platform-tests/console": "import",
7272 "web-platform-tests/content-security-policy": "import",
73  "web-platform-tests/cookies": "skip",
 73 "web-platform-tests/cookies": "import",
7474 "web-platform-tests/cookies/resources": "import",
7575 "web-platform-tests/cookies/secure": "import",
7676 "web-platform-tests/core-aam": "skip",

LayoutTests/imported/w3c/web-platform-tests/cookies/META.yml

 1suggested_reviewers:
 2 - mikewest

LayoutTests/imported/w3c/web-platform-tests/cookies/README.md

 1This directory contains tests for
 2[Leave Secure Cookies Alone](https://tools.ietf.org/html/draft-ietf-httpbis-cookie-alone-01).

LayoutTests/imported/w3c/web-platform-tests/cookies/attributes/domain.sub-expected.txt

 1CONSOLE MESSAGE: Domain is malformed!
 2
 3Harness Error (FAIL), message = Domain is malformed!
 4
 5PASS Test cookie domain attribute parsing
 6

LayoutTests/imported/w3c/web-platform-tests/cookies/attributes/domain.sub.html

 1<!doctype html>
 2<html>
 3 <head>
 4 <meta charset=utf-8>
 5 <title>Test cookie domain attribute parsing</title>
 6 <meta name=help href="https://tools.ietf.org/html/rfc6265#section-5.2.3">
 7 <meta name="timeout" content="long">
 8 <script src="/resources/testharness.js"></script>
 9 <script src="/resources/testharnessreport.js"></script>
 10 <script src="/cookies/resources/cookie-test.js"></script>
 11 </head>
 12 <body>
 13 <script>
 14 const port = "{{ports[http][0]}}";
 15 const wwwHost = "{{hosts[alt][]}}";
 16
 17 test(t => {
 18 const win = window.open(`http://${wwwHost}:${port}/cookies/attributes/resources/domain-child.sub.html`);
 19 fetch_tests_from_window(win);
 20 });
 21 </script>
 22 </body>
 23</html>

LayoutTests/imported/w3c/web-platform-tests/cookies/attributes/expires-expected.txt

 1
 2PASS Set cookie with expires value containing a comma
 3PASS Set cookie with expires value followed by comma
 4PASS Set cookie with future expiration
 5PASS Set expired cookie along with valid cookie
 6PASS Don't set cookie with expires set to the past
 7

LayoutTests/imported/w3c/web-platform-tests/cookies/attributes/expires.html

 1<!doctype html>
 2<html>
 3 <head>
 4 <meta charset=utf-8>
 5 <title>Test expires attribute parsing</title>
 6 <meta name=help href="https://tools.ietf.org/html/rfc6265#section-5.1.1">
 7 <meta name="timeout" content="long">
 8 <script src="/resources/testharness.js"></script>
 9 <script src="/resources/testharnessreport.js"></script>
 10 <script src="/cookies/resources/cookie-test.js"></script>
 11 </head>
 12 <body>
 13 <div id=log></div>
 14 <script>
 15 // TODO: there is more to test here, these tests capture the old
 16 // ported http-state tests. Feel free to delete this comment when more
 17 // are added.
 18 const expiresTests = [
 19 {
 20 cookie: "test=1; Expires=Fri, 01 Jan 2038 00:00:00 GMT",
 21 expected: "test=1",
 22 name: "Set cookie with expires value containing a comma",
 23 },
 24 {
 25 cookie: "test=2; Expires=Fri 01 Jan 2038 00:00:00 GMT, baz=qux",
 26 expected: "test=2",
 27 name: "Set cookie with expires value followed by comma",
 28 },
 29 {
 30 cookie: "test=3; Expires=Fri, 01 Jan 2038 00:00:00 GMT",
 31 expected: "test=3",
 32 name: "Set cookie with future expiration",
 33 },
 34 {
 35 cookie: ["test=expired; Expires=Fri, 07 Aug 2007 08:04:19 GMT", "test=4; Expires=Fri, 07 Aug 2027 08:04:19 GMT"],
 36 expected: "test=4",
 37 name: "Set expired cookie along with valid cookie",
 38 },
 39 {
 40 cookie: "test=5; expires=Thu, 10 Apr 1980 16:33:12 GMT",
 41 expected: "",
 42 name: "Don't set cookie with expires set to the past",
 43 },
 44 ];
 45
 46 for (const test of expiresTests) {
 47 httpCookieTest(test.cookie, test.expected, test.name);
 48 }
 49 </script>
 50 </body>
 51</html>

LayoutTests/imported/w3c/web-platform-tests/cookies/attributes/invalid-expected.txt

 1
 2PASS Set cookie with invalid attribute
 3PASS Set cookie ending with invalid attribute.
 4PASS Set cookie ending with quoted invalid attribute.
 5PASS Set cookie ending with double-quoted invalid attribute.
 6PASS Set cookie ending with invalid attribute equals.
 7PASS Set cookie with two invalid attributes (lol="aaa and bbb).
 8PASS Set cookie ending with two invalid attributes (lol="aaa and bbb).
 9PASS Set cookie for quoted Secure attribute
 10PASS Set cookie for Secure qux
 11PASS Ignore invalid attribute name with comma
 12PASS Ignore invalid attribute value with comma
 13PASS Set cookie ignoring multiple invalid attributes, whitespace, and semicolons
 14FAIL Set cookie with multiple '='s in its value, ignoring multiple invalid attributes, whitespace, and semicolons assert_equals: The cookie was set as expected. expected "test=== 13" but got "test===13"
 15PASS Set cookie with (invalid) version=1 attribute
 16PASS Set cookie with (invalid) version=1000 attribute
 17PASS Set cookie ignoring anything after ; (which looks like an invalid attribute)
 18PASS Set cookie ignoring anything after ; (which looks like an invalid attribute, with no trailing semicolon)
 19PASS Ignore keys after semicolon
 20PASS Ignore attributes after semicolon
 21PASS Ignore `Set-Cookie: =`
 22PASS Ignore empty cookie string
 23FAIL Ignore `Set-Cookie: =` with other `Set-Cookie` headers assert_equals: The cookie was set as expected. expected "test22" but got ""
 24FAIL Ignore name- and value-less `Set-Cookie: ; bar` assert_equals: The cookie was set as expected. expected "testA23" but got ""
 25FAIL Ignore name- and value-less `Set-Cookie: ` assert_equals: The cookie was set as expected. expected "test24" but got ""
 26FAIL Ignore name- and value-less `Set-Cookie: \t` assert_equals: The cookie was set as expected. expected "test25" but got ""
 27PASS Ignore cookie with domain that won't domain match (along with other invalid noise)
 28

LayoutTests/imported/w3c/web-platform-tests/cookies/attributes/invalid.html

 1<!doctype html>
 2<html>
 3 <head>
 4 <meta charset=utf-8>
 5 <title>Test invalid attribute parsing</title>
 6 <meta name=help href="https://tools.ietf.org/html/rfc6265#section-5.2">
 7 <meta name="timeout" content="long">
 8 <script src="/resources/testharness.js"></script>
 9 <script src="/resources/testharnessreport.js"></script>
 10 <script src="/cookies/resources/cookie-test.js"></script>
 11 </head>
 12 <body>
 13 <div id=log></div>
 14 <script>
 15 // These tests ensure that invalid attributes don't affect
 16 // cookie parsing. `Path` isn't important to the tests where it appears,
 17 // but it's used to be able to place the invalid attribute in different
 18 // locations.
 19 const invalidAttributeTests = [
 20 {
 21 cookie: "test=1; lol; Path=/",
 22 expected: "test=1",
 23 name: "Set cookie with invalid attribute",
 24 defaultPath: false
 25 },
 26 {
 27 cookie: "test=2; Path=/; lol",
 28 expected: "test=2",
 29 name: "Set cookie ending with invalid attribute.",
 30 defaultPath: false
 31 },
 32 {
 33 cookie: "test=3; Path=/; 'lol'",
 34 expected: "test=3",
 35 name: "Set cookie ending with quoted invalid attribute.",
 36 defaultPath: false
 37 },
 38 {
 39 cookie: 'test=4; Path=/; "lol"',
 40 expected: "test=4",
 41 name: "Set cookie ending with double-quoted invalid attribute.",
 42 defaultPath: false
 43 },
 44 {
 45 cookie: "test=5; Path=/; lol=",
 46 expected: "test=5",
 47 name: "Set cookie ending with invalid attribute equals.",
 48 defaultPath: false
 49 },
 50 {
 51 cookie: 'test=6; lol="aaa;bbb"; Path=/',
 52 expected: "test=6",
 53 name: "Set cookie with two invalid attributes (lol=\"aaa and bbb).",
 54 defaultPath: false
 55 },
 56 {
 57 cookie: 'test=7; Path=/; lol="aaa;bbb"',
 58 expected: "test=7",
 59 name: "Set cookie ending with two invalid attributes (lol=\"aaa and bbb).",
 60 defaultPath: false
 61 },
 62 {
 63 cookie: 'test=8; "Secure"',
 64 expected: "test=8",
 65 // This gets parsed as an unrecognized \"Secure\" attribute, not a valid
 66 // Secure attribute. That's why it gets set on an non-secure origin.
 67 name: "Set cookie for quoted Secure attribute",
 68 },
 69 {
 70 cookie: "test=9; Secure qux",
 71 expected: "test=9",
 72 // This should be parsed as an unrecognized "Secure qux" attribute
 73 // and ignored. That is, the cookie will not be Secure.
 74 name: "Set cookie for Secure qux",
 75 },
 76 {
 77 cookie: "test=10; b,az=qux",
 78 expected: "test=10",
 79 name: "Ignore invalid attribute name with comma",
 80 },
 81 {
 82 cookie: "test=11; baz=q,ux",
 83 expected: "test=11",
 84 name: "Ignore invalid attribute value with comma",
 85 },
 86 {
 87 cookie: " test = 12 ;foo;;; bar",
 88 expected: "test=12",
 89 name: "Set cookie ignoring multiple invalid attributes, whitespace, and semicolons",
 90 },
 91 {
 92 cookie: " test=== 13 ;foo;;; bar",
 93 expected: "test=== 13",
 94 name: "Set cookie with multiple '='s in its value, ignoring multiple invalid attributes, whitespace, and semicolons",
 95 },
 96 {
 97 cookie: "test=14; version=1;",
 98 expected: "test=14",
 99 name: "Set cookie with (invalid) version=1 attribute",
 100 },
 101 {
 102 cookie: "test=15; version=1000;",
 103 expected: "test=15",
 104 name: "Set cookie with (invalid) version=1000 attribute",
 105 },
 106 {
 107 cookie: "test=16; customvalue='1000 or more';",
 108 expected: "test=16",
 109 name: "Set cookie ignoring anything after ; (which looks like an invalid attribute)",
 110 },
 111 {
 112 cookie: "test=17; customvalue='1000 or more'",
 113 expected: "test=17",
 114 name: "Set cookie ignoring anything after ; (which looks like an invalid attribute, with no trailing semicolon)",
 115 },
 116 {
 117 cookie: "test=18; foo=bar, a=b",
 118 expected: "test=18",
 119 name: "Ignore keys after semicolon",
 120 },
 121 {
 122 cookie: "test=19;max-age=3600, c=d;path=/",
 123 expected: "test=19",
 124 name: "Ignore attributes after semicolon",
 125 defaultPath: false,
 126 },
 127 {
 128 cookie: ["testA=20", "=", "testb=20"],
 129 expected: "testA=20; testb=20",
 130 name: "Ignore `Set-Cookie: =`",
 131 },
 132 {
 133 cookie: ["test=21", ""],
 134 expected: "test=21",
 135 name: "Ignore empty cookie string",
 136 },
 137 {
 138 cookie: ["test22", "="],
 139 expected: "test22",
 140 name: "Ignore `Set-Cookie: =` with other `Set-Cookie` headers",
 141 },
 142 {
 143 cookie: ["testA23", "; testB23"],
 144 expected: "testA23",
 145 name: "Ignore name- and value-less `Set-Cookie: ; bar`",
 146 },
 147 {
 148 cookie: ["test24", " "],
 149 expected: "test24",
 150 name: "Ignore name- and value-less `Set-Cookie: `",
 151 },
 152 {
 153 cookie: ["test25", "\t"],
 154 expected: "test25",
 155 name: "Ignore name- and value-less `Set-Cookie: \\t`",
 156 },
 157 {
 158 cookie: "test=26; domain=.parser.test; ;; ;=; ,,, ===,abc,=; abracadabra! max-age=20;=;;",
 159 expected: "",
 160 name: "Ignore cookie with domain that won't domain match (along with other invalid noise)",
 161 },
 162 ];
 163
 164 for (const test of invalidAttributeTests) {
 165 httpCookieTest(test.cookie, test.expected, test.name, test.defaultPath);
 166 }
 167 </script>
 168 </body>
 169</html>

LayoutTests/imported/w3c/web-platform-tests/cookies/attributes/max-age-expected.txt

 1
 2PASS Ignore max-age attribute with invalid non-zero-digit (containing a comma)
 3PASS Set cookie with age
 4PASS Set no cookie with max-age=0
 5PASS Set no cookie with max-age=-1
 6PASS Set no cookie with max-age=-20
 7PASS Set multiple cookies with max-age attribute
 8PASS Expire later cookie with same name and max-age=0
 9PASS Expire later cookie with same name and max-age=0, and don't set cookie with max-age=0
 10FAIL Set mulitiple cookies with valid max-age values assert_equals: The cookie was set as expected. expected "test=\"9! = foo; test9" but got "test=\"9! = foo;bar\""
 11PASS Don't set multiple cookies with max-age=0
 12

LayoutTests/imported/w3c/web-platform-tests/cookies/attributes/max-age.html

 1<!doctype html>
 2<html>
 3 <head>
 4 <meta charset=utf-8>
 5 <title>Test max-age attribute parsing</title>
 6 <meta name=help href="https://tools.ietf.org/html/rfc6265#section-5.3.2">
 7 <meta name="timeout" content="long">
 8 <script src="/resources/testharness.js"></script>
 9 <script src="/resources/testharnessreport.js"></script>
 10 <script src="/cookies/resources/cookie-test.js"></script>
 11 </head>
 12 <body>
 13 <div id=log></div>
 14 <script>
 15 // TODO: there is more to test here, these tests capture the old
 16 // ported http-state tests. Feel free to delete this comment when more
 17 // are added.
 18 const maxAgeTests = [
 19 {
 20 cookie: "test=1; Max-Age=50,399",
 21 expected: "test=1",
 22 name: "Ignore max-age attribute with invalid non-zero-digit (containing a comma)",
 23 },
 24 {
 25 cookie: "test=2; max-age=10000",
 26 expected: "test=2",
 27 name: "Set cookie with age",
 28 },
 29 {
 30 cookie: "test=3; max-age=0",
 31 expected: "",
 32 name: "Set no cookie with max-age=0",
 33 },
 34 {
 35 cookie: "test=4; max-age=-1",
 36 expected: "",
 37 name: "Set no cookie with max-age=-1",
 38 },
 39 {
 40 cookie: "test=5; max-age=-20",
 41 expected: "",
 42 name: "Set no cookie with max-age=-20",
 43 },
 44 {
 45 cookie: ["testA=6; max-age=60", "testB=6; max-age=60"],
 46 expected: "testA=6; testB=6",
 47 name: "Set multiple cookies with max-age attribute",
 48 },
 49 {
 50 cookie: ["testA=7; max-age=60", "testB=7; max-age=60", "testA=differentvalue; max-age=0"],
 51 expected: "testB=7",
 52 name: "Expire later cookie with same name and max-age=0",
 53 },
 54 {
 55 cookie: ["testA=8; max-age=60", "testB=8; max-age=60", "testA=differentvalue; max-age=0", "testC=8; max-age=0"],
 56 expected: "testB=8",
 57 name: "Expire later cookie with same name and max-age=0, and don't set cookie with max-age=0",
 58 },
 59 {
 60 cookie: ['test="9! = foo;bar\";" parser; max-age=6', "test9; max-age=2.63,"],
 61 expected: 'test="9! = foo; test9',
 62 name: "Set mulitiple cookies with valid max-age values",
 63 },
 64 {
 65 cookie: ["test=10; max-age=0", "test10; max-age=0"],
 66 expected: "",
 67 name: "Don't set multiple cookies with max-age=0",
 68 },
 69 ];
 70
 71 for (const test of maxAgeTests) {
 72 httpCookieTest(test.cookie, test.expected, test.name);
 73 }
 74 </script>
 75 </body>
 76</html>

LayoutTests/imported/w3c/web-platform-tests/cookies/attributes/path-expected.txt

 1
 2PASS Set cookie for bare Path
 3PASS Set cookie for Path=
 4PASS Set cookie for Path=/
 5PASS No cookie returned for mismatched path
 6PASS No cookie returned for path space equals mismatched path
 7PASS No cookie returned for path equals space mismatched path
 8PASS No cookie returned for mismatched path and attribute
 9PASS Set cookie for mismatched and root path
 10PASS No cookie returned for root and mismatched path
 11PASS No cookie returned for multiple mismatched paths
 12PASS Return 2 cookies sorted by matching path length (earlier name with shorter path set first)
 13PASS Return 2 cookies sorted by matching path length (later name with shorter path set first)
 14PASS Return 2 cookies sorted by matching path length (earlier name with longer path set first)
 15PASS Return 2 cookies sorted by matching path length (later name with longer path set first)
 16PASS No cookie returned for partial path match
 17PASS No cookie returned for partial path match, return cookie for default path
 18PASS Return cookie for path= / (whitespace after equals)
 19PASS No cookie returned for case mismatched path
 20PASS Return cookie A on path match, no cookie returned for path mismatch (plus whitespace)
 21PASS No cookie returned for mismatched path (after bare path=)
 22PASS Return cookie for bare path= (after mismatched path)
 23

LayoutTests/imported/w3c/web-platform-tests/cookies/attributes/path-redirect-expected.txt

 1
 2PASS Cookie sent for exact redirected path match
 3PASS Cookie sent for exact redirected path match, one level deeper
 4PASS Cookie sent for redirected path with trailing '/' and the redirected URL is one level deeper
 5PASS Cookie sent for redirected path with trailing '/' and a double '/' in the redirected URL
 6PASS Cookie sent for redirected path match with a trailing ';' after an unquoted Path
 7PASS No cookie sent for redirected path match with a trailing ';' inside a quoted Path
 8PASS No cookie sent for redirected path match with partially URL encoded path
 9PASS Multiple cookies sent for multiple redirected path matches, sorted by length
 10PASS No cookie sent for redirected path mismatch where path and redirected URL begin with same string
 11PASS No cookie sent for redirected path mismatch where final path directory component and redirected URL resource begin with same string
 12PASS No cookie sent for redirected path mismatch where final path directory component begins with same string as redirected URL final directory component
 13PASS No cookie sent for redirected path mismatch for different resources inside the same final directory component
 14PASS No cookie sent for redirected path mismatch where final path directory component ends in '/' and does not match redirected URL
 15PASS No cookie sent for redirected path mismatch with a similar start to the redirected URL
 16PASS No cookie sent for redirected path mismatch with trailing '?' after unquoted Path
 17PASS No cookie sent for redirected path mismatch with trailing '#' after unquoted Path
 18PASS No cookie sent for redirected path mismatch with trailing '/' after unquoted Path
 19

LayoutTests/imported/w3c/web-platform-tests/cookies/attributes/path-redirect.html

 1<!doctype html>
 2<html>
 3 <head>
 4 <meta charset=utf-8>
 5 <title>Test cookie path attribute parsing</title>
 6 <meta name=help href="https://tools.ietf.org/html/rfc6265#section-5.2.4">
 7 <meta name="timeout" content="long">
 8 <script src="/resources/testharness.js"></script>
 9 <script src="/resources/testharnessreport.js"></script>
 10 <script src="/cookies/resources/cookie-test.js"></script>
 11 </head>
 12 <body>
 13 <script>
 14 const pathRedirectTests = [
 15 {
 16 cookie: "test=1; path=/cookies/attributes/resources/path.html",
 17 expected: "test=1",
 18 name: "Cookie sent for exact redirected path match",
 19 location: "/cookies/attributes/resources/path.html",
 20 },
 21 {
 22 cookie: "test=2; path=/cookies/attributes/resources/path/one.html",
 23 expected: "test=2",
 24 name: "Cookie sent for exact redirected path match, one level deeper",
 25 location: "/cookies/attributes/resources/path/one.html",
 26 },
 27 {
 28 cookie: "test=3; path=/cookies/attributes/resources/path/",
 29 expected: "test=3",
 30 name: "Cookie sent for redirected path with trailing '/' and the redirected URL is one level deeper",
 31 location: "/cookies/attributes/resources/path/one.html",
 32 },
 33 {
 34 cookie: "test=4; path=/cookies/attributes/resources/path/",
 35 expected: "test=4",
 36 name: "Cookie sent for redirected path with trailing '/' and a double '/' in the redirected URL",
 37 location: "/cookies/attributes/resources/path//one.html",
 38 },
 39 {
 40 cookie: "test=5; path=/cookies/attributes/resources/path/one.html;",
 41 expected: "test=5",
 42 name: "Cookie sent for redirected path match with a trailing ';' after an unquoted Path",
 43 location: "/cookies/attributes/resources/path/one.html",
 44 },
 45 {
 46 cookie: 'test=6; path="/cookies/attributes/resources/path/one.html;"',
 47 expected: "",
 48 name: "No cookie sent for redirected path match with a trailing ';' inside a quoted Path",
 49 location: "/cookies/attributes/resources/path/one.html",
 50 },
 51 {
 52 cookie: "test=7a; path=/cookies/attributes/resources/p%61th/three.html",
 53 expected: "",
 54 name: "No cookie sent for redirected path match with partially URL encoded path",
 55 location: "/cookies/attributes/resources/path/three.html",
 56 },
 57 {
 58 cookie: ["test=8a; path=/cookies/attributes/resources",
 59 "test=8b; path=/cookies/attributes/resources/"],
 60 expected: "test=8b; test=8a",
 61 name: "Multiple cookies sent for multiple redirected path matches, sorted by length",
 62 location: "/cookies/attributes/resources/path.html",
 63 },
 64 {
 65 cookie: "test=9; path=/cookies/attributes/resources/path.html",
 66 expected: "",
 67 name: "No cookie sent for redirected path mismatch where path and redirected URL begin with same string",
 68 location: "/cookies/attributes/resources/pathfakeout.html",
 69 },
 70 {
 71 cookie: "test=10; path=/cookies/attributes/resources/path/one.html",
 72 expected: "",
 73 name: "No cookie sent for redirected path mismatch where final path directory component and redirected URL resource begin with same string",
 74 location: "/cookies/attributes/resources/path.html",
 75 },
 76 {
 77 cookie: "test=11; path=/cookies/attributes/resources/path/one.html",
 78 expected: "",
 79 name: "No cookie sent for redirected path mismatch where final path directory component begins with same string as redirected URL final directory component",
 80 location: "/cookies/attributes/resources/pathfakeout/one.html",
 81 },
 82 {
 83 cookie: "test=12; path=/cookies/attributes/resources/path/one.html",
 84 expected: "",
 85 name: "No cookie sent for redirected path mismatch for different resources inside the same final directory component",
 86 location: "/cookies/attributes/resources/path/two.html",
 87 },
 88 {
 89 cookie: "test=13; path=/cookies/attributes/resources/path/one.html/",
 90 expected: "",
 91 name: "No cookie sent for redirected path mismatch where final path directory component ends in '/' and does not match redirected URL",
 92 location: "/cookies/attributes/resources/path/two.html",
 93 },
 94 {
 95 cookie: "test=14; path=/cookies/attributes/resources/path/",
 96 expected: "",
 97 name: "No cookie sent for redirected path mismatch with a similar start to the redirected URL",
 98 location: "/cookies/attributes/resources/pathfakeout.html",
 99 },
 100 {
 101 cookie: "test=15; path=/cookies/attributes/resources/path/one.html?",
 102 expected: "",
 103 name: "No cookie sent for redirected path mismatch with trailing '?' after unquoted Path",
 104 location: "/cookies/attributes/resources/path/one.html",
 105 },
 106 {
 107 cookie: "test=16; path=/cookies/attributes/resources/path/one.html#",
 108 expected: "",
 109 name: "No cookie sent for redirected path mismatch with trailing '#' after unquoted Path",
 110 location: "/cookies/attributes/resources/path/one.html",
 111 },
 112 {
 113 cookie: "test=17; path=/cookies/attributes/resources/path/one.html/",
 114 expected: "",
 115 name: "No cookie sent for redirected path mismatch with trailing '/' after unquoted Path",
 116 location: "/cookies/attributes/resources/path/one.html",
 117 },
 118 ];
 119
 120 for (const test of pathRedirectTests) {
 121 httpRedirectCookieTest(test.cookie, test.expected, test.name,
 122 test.location);
 123 }
 124 </script>
 125 </body>
 126</html>

LayoutTests/imported/w3c/web-platform-tests/cookies/attributes/path.html

 1<!doctype html>
 2<html>
 3 <head>
 4 <meta charset=utf-8>
 5 <title>Test cookie path attribute parsing</title>
 6 <meta name=help href="https://tools.ietf.org/html/rfc6265#section-5.2.4">
 7 <meta name="timeout" content="long">
 8 <script src="/resources/testharness.js"></script>
 9 <script src="/resources/testharnessreport.js"></script>
 10 <script src="/cookies/resources/cookie-test.js"></script>
 11 </head>
 12 <body>
 13 <script>
 14 const pathTests = [
 15 {
 16 cookie: "test=1; Path",
 17 expected: "test=1",
 18 name: "Set cookie for bare Path",
 19 },
 20 {
 21 cookie: "test=2; Path=",
 22 expected: "test=2",
 23 name: "Set cookie for Path=",
 24 },
 25 {
 26 cookie: "test=3; Path=/",
 27 expected: "test=3",
 28 name: "Set cookie for Path=/",
 29 defaultPath: false,
 30 },
 31 {
 32 cookie: "test=4; Path=/qux",
 33 expected: "",
 34 name: "No cookie returned for mismatched path",
 35 defaultPath: false,
 36 },
 37 {
 38 cookie: "test=5; Path =/qux",
 39 expected: "",
 40 name: "No cookie returned for path space equals mismatched path",
 41 defaultPath: false,
 42 },
 43 {
 44 cookie: "test=6; Path= /qux",
 45 expected: "",
 46 name: "No cookie returned for path equals space mismatched path",
 47 defaultPath: false,
 48 },
 49 {
 50 cookie: "test=7; Path=/qux ; taz",
 51 expected: "",
 52 name: "No cookie returned for mismatched path and attribute",
 53 defaultPath: false,
 54 },
 55 {
 56 cookie: "test=8; Path=/qux; Path=/",
 57 expected: "test=8",
 58 name: "Set cookie for mismatched and root path",
 59 },
 60 {
 61 cookie: "test=9; Path=/; Path=/qux",
 62 expected: "",
 63 name: "No cookie returned for root and mismatched path",
 64 defaultPath: false,
 65 },
 66 {
 67 cookie: "test=10; Path=/lol; Path=/qux",
 68 expected: "",
 69 name: "No cookie returned for multiple mismatched paths",
 70 defaultPath: false,
 71 },
 72 {
 73 cookie: ["testA=11; path=/", "testB=11; path=/cookies/attributes"],
 74 expected: "testB=11; testA=11",
 75 name: "Return 2 cookies sorted by matching path length (earlier name with shorter path set first)",
 76 defaultPath: false,
 77 },
 78 {
 79 cookie: ["testB=12; path=/", "testA=12; path=/cookies/attributes"],
 80 expected: "testA=12; testB=12",
 81 name: "Return 2 cookies sorted by matching path length (later name with shorter path set first)",
 82 defaultPath: false,
 83 },
 84 {
 85 cookie: ["testA=13; path=/cookies/attributes", "testB=13; path=/"],
 86 expected: "testA=13; testB=13",
 87 name: "Return 2 cookies sorted by matching path length (earlier name with longer path set first)",
 88 defaultPath: false,
 89 },
 90 {
 91 cookie: ["testB=14; path=/cookies/attributes", "testA=14; path=/"],
 92 expected: "testB=14; testA=14",
 93 name: "Return 2 cookies sorted by matching path length (later name with longer path set first)",
 94 defaultPath: false,
 95 },
 96 {
 97 cookie: ["test=15; path=/cookies/attributes/foo"],
 98 expected: "",
 99 name: "No cookie returned for partial path match",
 100 defaultPath: false,
 101 },
 102 {
 103 cookie: ["test=16", "test=0; path=/cookies/attributes/foo"],
 104 expected: "test=16",
 105 name: "No cookie returned for partial path match, return cookie for default path",
 106 },
 107 {
 108 cookie: ["test=17; path= /"],
 109 expected: "test=17",
 110 name: "Return cookie for path= / (whitespace after equals)",
 111 },
 112 {
 113 cookie: ["test=18; path=/cookies/ATTRIBUTES"],
 114 expected: "",
 115 name: "No cookie returned for case mismatched path",
 116 defaultPath: false,
 117 },
 118 {
 119 cookie: ["testA=19; path = /cookies/attributes", "testB=19; path = /book"],
 120 expected: "testA=19",
 121 name: "Return cookie A on path match, no cookie returned for path mismatch (plus whitespace)",
 122 defaultPath: false,
 123 },
 124 {
 125 cookie: ["test=20; path=; path=/dog"],
 126 expected: "",
 127 name: "No cookie returned for mismatched path (after bare path=)",
 128 defaultPath: false,
 129 },
 130 {
 131 cookie: ["test=21; path=/dog; path="],
 132 expected: "test=21",
 133 name: "Return cookie for bare path= (after mismatched path)",
 134 },
 135 ];
 136
 137 for (const test of pathTests) {
 138 httpCookieTest(test.cookie, test.expected, test.name, test.defaultPath);
 139 }
 140 </script>
 141 </body>
 142</html>

LayoutTests/imported/w3c/web-platform-tests/cookies/attributes/resources/domain-child.sub.html

 1<!doctype html>
 2<html>
 3 <head>
 4 <meta charset=utf-8>
 5 <title>Test cookie domain attribute parsing</title>
 6 <meta name=help href="https://tools.ietf.org/html/rfc6265#section-5.2.3">
 7 <meta name="timeout" content="long">
 8 <script src="/resources/testharness.js"></script>
 9 <script src="/cookies/resources/cookie-test.js"></script>
 10 </head>
 11 <body>
 12 <script>
 13 const path = "path=/cookies/attributes"
 14 const port = "{{ports[http][0]}}";
 15 const host = "{{host}}"; // example.org
 16 const wwwHost = "{{hosts[alt][]}}"; // home.example.org
 17 const www1Host = "{{domains[www1]}}"; // sibling.example.org
 18 const www2wwwHost = "{{domains[www2.www]}}"; // subdomain.home.example.org
 19
 20 // naive helper method to return the TLD for a given domain
 21 const getTLD = domain => {
 22 let match = /\.[a-z]+$/.exec(domain);
 23 if (match) {
 24 return match[0];
 25 } else {
 26 throw 'Domain is malformed!';
 27 }
 28 }
 29
 30 // helper to take a domain like "www.example.org"
 31 // and return a string like "www.eXaMpLe.org"
 32 const makeBizarre = domain => {
 33 let bizarre = "";
 34 let domainArray = domain.split(".");
 35 let secondLevel = domainArray[domainArray.length - 2];
 36 for (let i in secondLevel) {
 37 if (i % 2 == 1) {
 38 bizarre += secondLevel[i].toUpperCase();
 39 } else {
 40 bizarre += secondLevel[i];
 41 }
 42 }
 43 domainArray[domainArray.length - 2] = bizarre;
 44 return domainArray.join(".");
 45 }
 46
 47 // helper to change the current TLD to a TLD that doesn't exist, and is
 48 // unlikely to exist in the future. (the main point is that the TLD
 49 // *changes*, so there is no domain match, but we cant' predict how WPT
 50 // servers may be set up in the wild so picking any valid TLD has the risk
 51 // of future (unintentional) domain matching.
 52 const changeTLD = domain => {
 53 let domainArray = domain.split(".");
 54 domainArray[domainArray.length - 1] += "zzz";
 55 return domainArray.join(".");
 56 }
 57
 58 const domainTests = [
 59 {
 60 cookie: `test=1; domain=${wwwHost}`,
 61 expected: "test=1",
 62 name: "Return cookie for a domain match",
 63 location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
 64 },
 65 {
 66 cookie: `test=2; domain=${wwwHost}`,
 67 expected: "",
 68 name: "No cookie returned for domain mismatch (subdomains differ post-redirect)",
 69 location: `http://${www1Host}:${port}/cookies/attributes/resources/path.html`,
 70 },
 71 {
 72 cookie: `test=3; domain=.${wwwHost}`,
 73 expected: "test=3",
 74 name: "Return cookie for a domain match with leading '.'",
 75 location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
 76 },
 77 {
 78 cookie: `test=4; domain=${wwwHost}`,
 79 expected: "test=4",
 80 name: "Return cookie for domain match (domain attribute is suffix of the host name and first level subdomain)",
 81 location: `http://${www2wwwHost}:${port}/cookies/attributes/resources/path.html`,
 82 },
 83 {
 84 cookie: `test=5; domain=.${wwwHost}`,
 85 expected: "test=5",
 86 name: "Return cookie for domain match (domain attribute is suffix of the host name and first level subdomain, with leading '.')",
 87 location: `http://${www2wwwHost}:${port}/cookies/attributes/resources/path.html`,
 88 },
 89 {
 90 cookie: `test=6; domain=.${wwwHost}`,
 91 expected: "",
 92 name: "No cookie returned for domain mismatch (subdomains differ, with leading '.')",
 93 location: `http://${www1Host}:${port}/cookies/attributes/resources/path.html`,
 94 },
 95 {
 96 cookie: `test=7; domain=${www1Host}`,
 97 expected: "",
 98 name: "No cookie returned for domain mismatch when cookie was created (which would match after the redirect, with one subdomain level)",
 99 location: `http://${www1Host}:${port}/cookies/attributes/resources/path.html`,
 100 },
 101 {
 102 cookie: `test=8; domain=.${host}`,
 103 expected: "test=8",
 104 name: "Return cookie for domain match (domain attribute is suffix of the host name, with leading '.')",
 105 location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
 106 },
 107 {
 108 cookie: `test=9; domain=${host}`,
 109 expected: "test=9",
 110 name: "Return cookie for domain match (domain attribute is suffix of the host name)",
 111 location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
 112 },
 113 {
 114 cookie: `test=10; domain=..${wwwHost}`,
 115 expected: "",
 116 name: "No cookie returned for domain attribute with double leading '.'",
 117 location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
 118 },
 119 {
 120 cookie: `test=11; domain=www..${host}`,
 121 expected: "",
 122 name: "No cookie returned for domain attribute with subdomain followed by ..",
 123 location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
 124 },
 125 {
 126 cookie: `test=12; domain= .${wwwHost}`,
 127 expected: "test=12",
 128 name: "Return cookie for a domain match with leading whitespace and '.'",
 129 location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
 130 },
 131 {
 132 cookie: `test=13; domain= . ${wwwHost}`,
 133 expected: "",
 134 name: "No cookie returned for domain attribute with whitespace that surrounds a leading '.'",
 135 location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
 136 },
 137 {
 138 cookie: `test=14; domain=${wwwHost}.`,
 139 expected: "",
 140 name: "No cookie returned for domain attribute with trailing '.'",
 141 location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
 142 },
 143 {
 144 cookie: `test=15; domain=${wwwHost}..`,
 145 expected: "",
 146 name: "No cookie returned for domain attribute with trailing '..'",
 147 location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
 148 },
 149 {
 150 cookie: `test=16; domain=${wwwHost} .`,
 151 expected: "",
 152 name: "No cookie returned for domain attribute with trailing whitespace and '.'",
 153 location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
 154 },
 155 {
 156 cookie: `test=17; domain=${getTLD(host)}`,
 157 expected: "",
 158 name: "No cookie returned for domain attribute with TLD as value",
 159 location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
 160 },
 161 {
 162 cookie: `test=18; domain=.${getTLD(host)}`,
 163 expected: "",
 164 name: "No cookie returned for domain attribute with TLD as value, with leading '.'",
 165 location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
 166 },
 167 {
 168 cookie: `test=18b; domain=.${getTLD(host)}.`,
 169 expected: "",
 170 name: "No cookie returned for domain attribute with TLD as value, with leading and trailing '.'",
 171 location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
 172 },
 173 {
 174 cookie: [`testA=19; domain=${wwwHost}`, `testB=19; domain=.${wwwHost}`],
 175 expected: "testA=19; testB=19",
 176 name: "Return multiple cookies that match on domain (without and with leading '.')",
 177 location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
 178 },
 179 {
 180 cookie: [`testB=20; domain=.${wwwHost}`, `testA=20; domain=${wwwHost}`],
 181 expected: "testB=20; testA=20",
 182 name: "Return multiple cookies that match on domain (with and without leading '.')",
 183 location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
 184 },
 185 {
 186 cookie: `test=21; domain="${wwwHost}"`,
 187 expected: "",
 188 name: "No cookie returned for domain attribute value between quotes",
 189 location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
 190 },
 191 {
 192 cookie: [`testA=22; domain=${wwwHost}`, `testB=22; domain=.${host}`],
 193 expected: "testA=22; testB=22",
 194 name: "Return multiple cookies that match on subdomain and domain (without and with leading '.')",
 195 location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
 196 },
 197 {
 198 cookie: [`testB=23; domain=.${host}`, `testA=23; domain=${wwwHost}`],
 199 expected: "testB=23; testA=23",
 200 name: "Return multiple cookies that match on domain and subdomain (with and without leading '.')",
 201 location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
 202 },
 203 {
 204 cookie: `test=24; domain=.${host}; domain=${wwwHost}`,
 205 expected: "",
 206 name: "No cookie returned when domain attribute does not domain-match (and first does)",
 207 location: `http://${www1Host}:${port}/cookies/attributes/resources/path.html`,
 208 },
 209 {
 210 cookie: `test=25; domain=${wwwHost}; domain=.${host}`,
 211 expected: "test=25",
 212 name: "Return cookie for domain attribute match (first does not, but second does)",
 213 location: `http://${www1Host}:${port}/cookies/attributes/resources/path.html`,
 214 },
 215 {
 216 cookie: `test=26; domain=${makeBizarre(wwwHost)}`,
 217 expected: "test=26",
 218 name: "Return cookie for domain match (with bizarre capitalization for domain attribute value)",
 219 location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
 220 },
 221 {
 222 cookie: `test=27; domain="${wwwHost}:${port}"`,
 223 expected: "",
 224 name: "No cookie returned for domain attribute value with port",
 225 location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
 226 },
 227 {
 228 cookie: `test=28; domain=${www2wwwHost}`,
 229 expected: "",
 230 name: "No cookie returned for domain mismatch when cookie was created (which would match after the redirect, with two subdomain levels)",
 231 location: `http://${www2wwwHost}:${port}/cookies/attributes/resources/path.html`,
 232 },
 233 {
 234 cookie: `test=29`,
 235 expected: "",
 236 name: "No cookie returned for cookie set on different domain (with no domain attribute)",
 237 location: `http://${www2wwwHost}:${port}/cookies/attributes/resources/path.html`,
 238 },
 239 {
 240 cookie: "test=30; domain=",
 241 expected: "test=30",
 242 name: "Return cookie set with bare domain= attribute",
 243 location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
 244 },
 245 {
 246 cookie: `test=31; domain=${wwwHost}`,
 247 expected: "test=31",
 248 name: "Return cookie that domain-matches with bizarre-cased URL",
 249 location: `http://${makeBizarre(wwwHost)}:${port}/cookies/attributes/resources/path.html`,
 250 },
 251 {
 252 cookie: `test=32; domain=${wwwHost}; domain=${changeTLD(wwwHost)}`,
 253 expected: "",
 254 name: "No cookie returned for domain attribute mismatch (first attribute matches, but second does not)",
 255 location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
 256 },
 257 {
 258 cookie: `test=33; domain=${changeTLD(wwwHost)}; domain=${wwwHost}`,
 259 expected: "test=33",
 260 name: "Return cookie for domain match (first attribute doesn't, but second does)",
 261 location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
 262 },
 263 {
 264 cookie: `test=34; domain=${wwwHost}; domain=${changeTLD(wwwHost)}; domain=${wwwHost}`,
 265 expected: "test=34",
 266 name: "Return cookie for domain match (first attribute matches, second doesn't, third does)",
 267 location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
 268 },
 269 {
 270 cookie: `test=35; domain=${changeTLD(wwwHost)}; domain=${wwwHost}; domain=${changeTLD(wwwHost)}`,
 271 expected: "",
 272 name: "No cookie returned for domain attribute mismatch (first attribute doesn't, second does, third doesn't)",
 273 location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
 274 },
 275 {
 276 cookie: `test=36; domain=${wwwHost}; domain=${wwwHost}`,
 277 expected: "test=36",
 278 name: "Return cookie for domain match (with two identical domain attributes)",
 279 location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
 280 },
 281 {
 282 cookie: `test=37; domain=${wwwHost}; domain=${host}`,
 283 expected: "test=37",
 284 name: "Return cookie for domain match (with first domain attribute a match for host name and second as suffix of host name)",
 285 location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
 286 },
 287 {
 288 cookie: `test=38; domain=${host}; domain=${wwwHost}`,
 289 expected: "test=38",
 290 name: "Return cookie for domain match (with first domain attribute as suffix of host name and second a match for host name)",
 291 location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
 292 },
 293 {
 294 cookie: `test=39; domain=.${www1Host}`,
 295 expected: "",
 296 name: "No cookie set on domain mismatch before a (domain matching) redirect",
 297 location: `http://${www1Host}:${port}/cookies/attributes/resources/path.html`,
 298 },
 299 {
 300 cookie: `test=40; domain=.${www2wwwHost}`,
 301 expected: "",
 302 name: "No cookie set on domain mismatch before a (domain matching) redirect (for second level subdomain)",
 303 location: `http://${www2wwwHost}:${port}/cookies/attributes/resources/path.html`,
 304 },
 305 {
 306 cookie: `test=41; domain=${host}; domain=`,
 307 expected: "test=41",
 308 name: "Return cookie for domain match (with first domain attribute as suffix of host name and second a bare attribute)",
 309 location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
 310 },
 311 {
 312 cookie: `test=42; domain=${www1Host}; domain=`,
 313 expected: "",
 314 name: "No cookie returned for domain mismatch (with domain mismatch as first domain attribute and second a bare attribute)",
 315 location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
 316 },
 317 {
 318 cookie: `test=43 domain=${www1Host}; domain=`,
 319 expected: "",
 320 name: "No cookie returned for domain mismatch (first attribute is a different subdomain and second is bare)",
 321 location: `http://${www2wwwHost}:${port}/cookies/attributes/resources/path.html`,
 322 },
 323 {
 324 cookie: [`test=not44; domain=${wwwHost}`, `test=44; domain=.${wwwHost}`],
 325 expected: "test=44",
 326 name: "Cookies with same name, path, and domain (differing only in leading '.') overwrite each other ('.' second)",
 327 location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
 328 },
 329 {
 330 cookie: [`test=not45; domain=.${wwwHost}`, `test=45; domain=${wwwHost}`],
 331 expected: "test=45",
 332 name: "Cookies with same name, path, and domain (differing only in leading '.') overwrite each other ('.' first)",
 333 location: `http://${wwwHost}:${port}/cookies/attributes/resources/path.html`,
 334 },
 335 ];
 336
 337 for (const test of domainTests) {
 338 if (Array.isArray(test.cookie)) {
 339 for (let i in test.cookie) {
 340 test.cookie[i] += `; ${path}`;
 341 }
 342 } else {
 343 test.cookie += `; ${path}`;
 344 }
 345
 346 httpRedirectCookieTest(test.cookie, test.expected, test.name,
 347 test.location);
 348 }
 349 </script>
 350 </body>
 351</html>

LayoutTests/imported/w3c/web-platform-tests/cookies/attributes/resources/path-redirect-shared.js

 1function expireCookie(cookie) {
 2 const cookies = Array.isArray(cookie) ? cookie : [cookie];
 3 for (let c of cookies) {
 4 document.cookie = c += "; max-age=0";
 5 }
 6}
 7
 8function getCookies() {
 9 return document.cookie;
 10}
 11
 12window.addEventListener("message", (e) => {
 13 if (e.data == "getCookies") {
 14 const cookies = getCookies();
 15 e.source.postMessage({"cookies": cookies}, '*');
 16 }
 17
 18 if (typeof e.data == "object" && 'expireCookie' in e.data) {
 19 expireCookie(e.data.expireCookie);
 20 e.source.postMessage("expired", '*');
 21 }
 22});

LayoutTests/imported/w3c/web-platform-tests/cookies/attributes/resources/path.html

 1<!doctype html>
 2<html>
 3<head>
 4 <meta charset=utf-8>
 5 <title>helper iframe for matching cookie path redirect tests</title>
 6 <meta name=help href="http://tools.ietf.org/html/rfc6265#section-5.1.4">
 7</head>
 8<body>
 9 <script src="/cookies/attributes/resources/path-redirect-shared.js"></script>
 10</body>
 11</html>

LayoutTests/imported/w3c/web-platform-tests/cookies/attributes/resources/path.html.headers

 1Access-Control-Allow-Origin: *
02\ No newline at end of file

LayoutTests/imported/w3c/web-platform-tests/cookies/attributes/resources/path/one.html

 1<!doctype html>
 2<html>
 3<head>
 4 <meta charset=utf-8>
 5 <title>helper iframe for matching cookie path redirect tests</title>
 6 <meta name=help href="http://tools.ietf.org/html/rfc6265#section-5.1.4">
 7</head>
 8<body>
 9 <script src="/cookies/attributes/resources/path-redirect-shared.js"></script>
 10</body>
 11</html>

LayoutTests/imported/w3c/web-platform-tests/cookies/attributes/resources/path/three.html

 1<!doctype html>
 2<html>
 3<head>
 4 <meta charset=utf-8>
 5 <title>helper iframe for matching cookie path redirect tests</title>
 6 <meta name=help href="http://tools.ietf.org/html/rfc6265#section-5.1.4">
 7</head>
 8<body>
 9 <script src="/cookies/attributes/resources/path-redirect-shared.js"></script>
 10</body>
 11</html>

LayoutTests/imported/w3c/web-platform-tests/cookies/attributes/resources/path/two.html

 1<!doctype html>
 2<html>
 3<head>
 4 <meta charset=utf-8>
 5 <title>helper iframe for matching cookie path redirect tests</title>
 6 <meta name=help href="http://tools.ietf.org/html/rfc6265#section-5.1.4">
 7</head>
 8<body>
 9 <script src="/cookies/attributes/resources/path-redirect-shared.js"></script>
 10</body>
 11</html>

LayoutTests/imported/w3c/web-platform-tests/cookies/attributes/resources/path/w3c-import.log

 1The tests in this directory were imported from the W3C repository.
 2Do NOT modify these tests directly in WebKit.
 3Instead, create a pull request on the WPT github:
 4 https://github.com/web-platform-tests/wpt
 5
 6Then run the Tools/Scripts/import-w3c-tests in WebKit to reimport
 7
 8Do NOT modify or remove this file.
 9
 10------------------------------------------------------------------------
 11Properties requiring vendor prefixes:
 12None
 13Property values requiring vendor prefixes:
 14None
 15------------------------------------------------------------------------
 16List of files:
 17/LayoutTests/imported/w3c/web-platform-tests/cookies/attributes/resources/path/one.html
 18/LayoutTests/imported/w3c/web-platform-tests/cookies/attributes/resources/path/three.html
 19/LayoutTests/imported/w3c/web-platform-tests/cookies/attributes/resources/path/two.html

LayoutTests/imported/w3c/web-platform-tests/cookies/attributes/resources/pathfakeout.html

 1<!doctype html>
 2<html>
 3<head>
 4 <meta charset=utf-8>
 5 <title>helper iframe for matching cookie path redirect tests</title>
 6 <meta name=help href="http://tools.ietf.org/html/rfc6265#section-5.1.4">
 7</head>
 8<body>
 9 <script src="/cookies/attributes/resources/path-redirect-shared.js"></script>
 10</body>
 11</html>

LayoutTests/imported/w3c/web-platform-tests/cookies/attributes/resources/pathfakeout/one.html

 1<!doctype html>
 2<html>
 3<head>
 4 <meta charset=utf-8>
 5 <title>helper iframe for matching cookie path redirect tests</title>
 6 <meta name=help href="http://tools.ietf.org/html/rfc6265#section-5.1.4">
 7</head>
 8<body>
 9 <script src="/cookies/attributes/resources/path-redirect-shared.js"></script>
 10</body>
 11</html>

LayoutTests/imported/w3c/web-platform-tests/cookies/attributes/resources/pathfakeout/w3c-import.log

 1The tests in this directory were imported from the W3C repository.
 2Do NOT modify these tests directly in WebKit.
 3Instead, create a pull request on the WPT github:
 4 https://github.com/web-platform-tests/wpt
 5
 6Then run the Tools/Scripts/import-w3c-tests in WebKit to reimport
 7
 8Do NOT modify or remove this file.
 9
 10------------------------------------------------------------------------
 11Properties requiring vendor prefixes:
 12None
 13Property values requiring vendor prefixes:
 14None
 15------------------------------------------------------------------------
 16List of files:
 17/LayoutTests/imported/w3c/web-platform-tests/cookies/attributes/resources/pathfakeout/one.html

LayoutTests/imported/w3c/web-platform-tests/cookies/attributes/resources/secure-non-secure-child.html

 1<!doctype html>
 2<html>
 3 <head>
 4 <meta charset=utf-8>
 5 <title>Test cookie secure attribute parsing (on non-secure page)</title>
 6 <meta name=help href="https://tools.ietf.org/html/rfc6265#section-5.2.5">
 7 <meta name="timeout" content="long">
 8 <script src="/resources/testharness.js"></script>
 9 <script src="/cookies/resources/cookie-test.js"></script>
 10 </head>
 11 <body>
 12 <script>
 13 // These tests are the non-secure analog to secure.https.html.
 14 // They're not in the /cookies/attributes folder because they shouldn't
 15 // be run by themselves. Instead, /cookies/attributes/secure.https.html
 16 // opens this in a non-secure window.
 17 const secureNonSecureTests = [
 18 {
 19 cookie: "test=1; Secure",
 20 expected: "",
 21 name: "(non-secure) Ignore cookie for Secure attribute",
 22 },
 23 {
 24 cookie: "test=2; seCURe",
 25 expected: "",
 26 name: "(non-secure) Ignore cookie for seCURe attribute",
 27 },
 28 {
 29 cookie: "test=3; Secure=",
 30 expected: "",
 31 name: "(non-secure) Ignore cookie for for Secure= attribute",
 32 },
 33 {
 34 cookie: "test=4; Secure=aaaa",
 35 expected: "",
 36 name: "(non-secure) Ignore cookie for Secure=aaaa",
 37 },
 38 {
 39 cookie: "test=5; Secure =aaaaa",
 40 expected: "",
 41 name: "(non-secure) Ignore cookie for Secure space equals",
 42 },
 43 {
 44 cookie: "test=6; Secure= aaaaa",
 45 expected: "",
 46 name: "(non-secure) Ignore cookie for Secure equals space",
 47 },
 48 {
 49 cookie: "test=7; Secure",
 50 expected: "",
 51 name: "(non-secure) Ignore cookie for spaced Secure",
 52 },
 53 {
 54 cookie: "test=8; Secure ;",
 55 expected: "",
 56 name: "(non-secure) Ignore cookie for space Secure with ;",
 57 },
 58 {
 59 cookie: "__Secure-test=9; Secure",
 60 expected: "",
 61 name: "(non-secure) Ignore cookie with __Secure- prefix and Secure",
 62 },
 63 {
 64 cookie: "__Secure-test=10",
 65 expected: "",
 66 name: "(non-secure) Ignore cookie with __Secure- prefix and without Secure",
 67 },
 68 // This is really a test that the cookie name isn't URL-decoded, but this
 69 // is here to be next to the other __Secure- prefix tests.
 70 {
 71 cookie: "__%53ecure-test=11",
 72 expected: "__%53ecure-test=11",
 73 name: "(non-secure) Cookie returned with __%53ecure- prefix and without Secure",
 74 },
 75 ];
 76
 77 for (const test of secureNonSecureTests) {
 78 httpCookieTest(test.cookie, test.expected, test.name, test.defaultPath);
 79 }
 80 </script>
 81 </body>
 82</html>

LayoutTests/imported/w3c/web-platform-tests/cookies/attributes/resources/w3c-import.log

 1The tests in this directory were imported from the W3C repository.
 2Do NOT modify these tests directly in WebKit.
 3Instead, create a pull request on the WPT github:
 4 https://github.com/web-platform-tests/wpt
 5
 6Then run the Tools/Scripts/import-w3c-tests in WebKit to reimport
 7
 8Do NOT modify or remove this file.
 9
 10------------------------------------------------------------------------
 11Properties requiring vendor prefixes:
 12None
 13Property values requiring vendor prefixes:
 14None
 15------------------------------------------------------------------------
 16List of files:
 17/LayoutTests/imported/w3c/web-platform-tests/cookies/attributes/resources/domain-child.sub.html
 18/LayoutTests/imported/w3c/web-platform-tests/cookies/attributes/resources/path-redirect-shared.js
 19/LayoutTests/imported/w3c/web-platform-tests/cookies/attributes/resources/path.html
 20/LayoutTests/imported/w3c/web-platform-tests/cookies/attributes/resources/path.html.headers
 21/LayoutTests/imported/w3c/web-platform-tests/cookies/attributes/resources/pathfakeout.html
 22/LayoutTests/imported/w3c/web-platform-tests/cookies/attributes/resources/secure-non-secure-child.html

LayoutTests/imported/w3c/web-platform-tests/cookies/attributes/secure-non-secure-expected.txt

 1
 2PASS Test cookie secure attribute parsing (non-secure origin)
 3PASS (non-secure) Ignore cookie for Secure attribute
 4PASS (non-secure) Ignore cookie for seCURe attribute
 5PASS (non-secure) Ignore cookie for for Secure= attribute
 6PASS (non-secure) Ignore cookie for Secure=aaaa
 7PASS (non-secure) Ignore cookie for Secure space equals
 8PASS (non-secure) Ignore cookie for Secure equals space
 9PASS (non-secure) Ignore cookie for spaced Secure
 10PASS (non-secure) Ignore cookie for space Secure with ;
 11PASS (non-secure) Ignore cookie with __Secure- prefix and Secure
 12PASS (non-secure) Ignore cookie with __Secure- prefix and without Secure
 13PASS (non-secure) Cookie returned with __%53ecure- prefix and without Secure
 14

LayoutTests/imported/w3c/web-platform-tests/cookies/attributes/secure-non-secure.html

 1<!doctype html>
 2<html>
 3 <head>
 4 <meta charset=utf-8>
 5 <title>Test cookie secure attribute parsing (non-secure origin)</title>
 6 <meta name=help href="https://tools.ietf.org/html/rfc6265#section-5.2.5">
 7 <meta name="timeout" content="long">
 8 <script src="/resources/testharness.js"></script>
 9 <script src="/resources/testharnessreport.js"></script>
 10 <script src="/cookies/resources/cookie-helper.sub.js"></script>
 11 </head>
 12 <body>
 13 <div id=log></div>
 14 <script>
 15 test(t => {
 16 const win = window.open(`${INSECURE_ORIGIN}/cookies/attributes/resources/secure-non-secure-child.html`);
 17 fetch_tests_from_window(win);
 18 });
 19 </script>
 20 </body>
 21</html>

LayoutTests/imported/w3c/web-platform-tests/cookies/attributes/secure.https-expected.txt

 1
 2PASS Set cookie for Secure attribute
 3PASS Set cookie for seCURe attribute
 4PASS Set cookie for for Secure= attribute
 5PASS Set cookie for Secure=aaaa
 6PASS Set cookie for Secure space equals
 7PASS Set cookie for Secure equals space
 8PASS Set cookie for spaced Secure
 9PASS Set cookie for space Secure with ;
 10

LayoutTests/imported/w3c/web-platform-tests/cookies/attributes/secure.https.html

 1<!doctype html>
 2<html>
 3 <head>
 4 <meta charset=utf-8>
 5 <title>Test cookie secure attribute parsing</title>
 6 <meta name=help href="https://tools.ietf.org/html/rfc6265#section-5.2.5">
 7 <meta name="timeout" content="long">
 8 <script src="/resources/testharness.js"></script>
 9 <script src="/resources/testharnessreport.js"></script>
 10 <script src="/cookies/resources/cookie-test.js"></script>
 11 </head>
 12 <body>
 13 <div id=log></div>
 14 <script>
 15 const secureTests = [
 16 {
 17 cookie: "test=1; Secure",
 18 expected: "test=1",
 19 name: "Set cookie for Secure attribute",
 20 },
 21 {
 22 cookie: "test=2; seCURe",
 23 expected: "test=2",
 24 name: "Set cookie for seCURe attribute",
 25 },
 26 {
 27 cookie: "test=3; Secure=",
 28 expected: "test=3",
 29 name: "Set cookie for for Secure= attribute",
 30 },
 31 {
 32 cookie: "test=4; Secure=aaaa",
 33 expected: "test=4",
 34 name: "Set cookie for Secure=aaaa",
 35 },
 36 {
 37 cookie: "test=5; Secure =aaaaa",
 38 expected: "test=5",
 39 name: "Set cookie for Secure space equals",
 40 },
 41 {
 42 cookie: "test=6; Secure= aaaaa",
 43 expected: "test=6",
 44 name: "Set cookie for Secure equals space",
 45 },
 46 {
 47 cookie: "test=7; Secure",
 48 expected: "test=7",
 49 name: "Set cookie for spaced Secure",
 50 },
 51 {
 52 cookie: "test=8; Secure ;",
 53 expected: "test=8",
 54 name: "Set cookie for space Secure with ;",
 55 }
 56 ];
 57
 58 for (const test of secureTests) {
 59 httpCookieTest(test.cookie, test.expected, test.name, test.defaultPath);
 60 }
 61 </script>
 62 </body>
 63</html>

LayoutTests/imported/w3c/web-platform-tests/cookies/attributes/w3c-import.log

 1The tests in this directory were imported from the W3C repository.
 2Do NOT modify these tests directly in WebKit.
 3Instead, create a pull request on the WPT github:
 4 https://github.com/web-platform-tests/wpt
 5
 6Then run the Tools/Scripts/import-w3c-tests in WebKit to reimport
 7
 8Do NOT modify or remove this file.
 9
 10------------------------------------------------------------------------
 11Properties requiring vendor prefixes:
 12None
 13Property values requiring vendor prefixes:
 14None
 15------------------------------------------------------------------------
 16List of files:
 17/LayoutTests/imported/w3c/web-platform-tests/cookies/attributes/domain.sub.html
 18/LayoutTests/imported/w3c/web-platform-tests/cookies/attributes/expires.html
 19/LayoutTests/imported/w3c/web-platform-tests/cookies/attributes/invalid.html
 20/LayoutTests/imported/w3c/web-platform-tests/cookies/attributes/max-age.html
 21/LayoutTests/imported/w3c/web-platform-tests/cookies/attributes/path-redirect.html
 22/LayoutTests/imported/w3c/web-platform-tests/cookies/attributes/path.html
 23/LayoutTests/imported/w3c/web-platform-tests/cookies/attributes/secure-non-secure.html
 24/LayoutTests/imported/w3c/web-platform-tests/cookies/attributes/secure.https.html

LayoutTests/imported/w3c/web-platform-tests/cookies/cookie-enabled-noncookie-frame-expected.txt

 1
 2
 3PASS navigator.cookieEnabled behavior on frames without cookie access
 4

LayoutTests/imported/w3c/web-platform-tests/cookies/cookie-enabled-noncookie-frame.html

 1<!DOCTYPE html>
 2<head>
 3 <script src="/resources/testharness.js"></script>
 4 <script src="/resources/testharnessreport.js"></script>
 5</head>
 6<body>
 7 <script>
 8 var t = async_test("navigator.cookieEnabled behavior on frames without cookie access");
 9 window.onmessage = t.step_func_done(ev => {
 10 // Surprisingly, the legacy behavior here is to return true; this actually
 11 // does match the spec definition since false is supposed to be returned
 12 // when a document.cookie write is ignored --- and here it would throw
 13 // a security exception, not be ignored.
 14 assert_true(ev.data);
 15 });
 16
 17 t.step(() => {
 18 var iframe = document.createElement("iframe");
 19 iframe.sandbox = "allow-scripts";
 20 iframe.srcdoc = "<scr" + "ipt>" +
 21 "window.onmessage = function() {" +
 22 " parent.postMessage(navigator.cookieEnabled, '*'); " +
 23 "}</scr" + "ipt>";
 24 iframe.onload = function() {
 25 iframe.contentWindow.postMessage({}, "*");
 26 }
 27 document.body.appendChild(iframe);
 28 });
 29 </script>
 30</body>

LayoutTests/imported/w3c/web-platform-tests/cookies/domain/domain-attribute-host-with-and-without-leading-period.sub.https-expected.txt

 1Blocked access to external URL https://www1.localhost:9443/cookies/resources/list.py
 2CONSOLE MESSAGE: Fetch API cannot load https://www1.localhost:9443/cookies/resources/list.py due to access control checks.
 3
 4Harness Error (TIMEOUT), message = null
 5
 6PASS Domain=.localhost => Second value available via `document.cookie`
 7PASS Domain=.localhost => Second value sent with same-origin requests.
 8TIMEOUT Domain=.localhost => Second value sent with subdomain requests. Test timed out
 9

LayoutTests/imported/w3c/web-platform-tests/cookies/domain/domain-attribute-host-with-and-without-leading-period.sub.https.html

 1<!DOCTYPE html>
 2<head>
 3 <script src="/resources/testharness.js"></script>
 4 <script src="/resources/testharnessreport.js"></script>
 5 <script src="/cookies/resources/cookie-helper.sub.js"></script>
 6</head>
 7<body>
 8 <script>
 9 //
 10 // Set-Cookie: domain-attribute-host-with-and-without-leading-period=b; Path=/; Domain=.{{host}}
 11 // Set-Cookie: domain-attribute-host-with-and-without-leading-period=c; Path=/; Domain={{host}}
 12 //
 13 const cookieName = "domain-attribute-host-with-and-without-leading-period";
 14 // Clean up cookie at the end to avoid interfering with subsequent tests.
 15 add_completion_callback(tests => document.cookie =
 16 `${cookieName}=0; Path=/; Domain={{host}}; expires=01-jan-1970 00:00:00 GMT`);
 17
 18 test(t => {
 19 assert_dom_cookie(cookieName, "c", true);
 20 }, "Domain=.{{host}} => Second value available via `document.cookie`");
 21
 22 async_test(t => {
 23 fetch("/cookies/resources/list.py", { credentials: "include" })
 24 .then(t.step_func(r => r.json()))
 25 .then(t.step_func_done(r => {
 26 assert_equals(r[cookieName], "c");
 27 }))
 28 .catch(_ => assert_unreached);
 29 }, "Domain=.{{host}} => Second value sent with same-origin requests.");
 30
 31 async_test(t => {
 32 fetch(`${SECURE_SUBDOMAIN_ORIGIN}/cookies/resources/list.py`, { credentials: "include" })
 33 .then(t.step_func(r => r.json()))
 34 .then(t.step_func_done(r => {
 35 assert_equals(r[cookieName], "c");
 36 }))
 37 .catch(_ => assert_unreached);
 38 }, "Domain=.{{host}} => Second value sent with subdomain requests.");
 39 </script>
 40</body>

LayoutTests/imported/w3c/web-platform-tests/cookies/domain/domain-attribute-host-with-and-without-leading-period.sub.https.html.sub.headers

 1Set-Cookie: domain-attribute-host-with-and-without-leading-period=b; Path=/; Domain=.{{host}}
 2Set-Cookie: domain-attribute-host-with-and-without-leading-period=c; Path=/; Domain={{host}}

LayoutTests/imported/w3c/web-platform-tests/cookies/domain/domain-attribute-host-with-leading-period.sub.https-expected.txt

 1Blocked access to external URL https://www1.localhost:9443/cookies/resources/list.py
 2CONSOLE MESSAGE: Fetch API cannot load https://www1.localhost:9443/cookies/resources/list.py due to access control checks.
 3
 4Harness Error (TIMEOUT), message = null
 5
 6PASS Domain=.localhost => available via `document.cookie`
 7PASS Domain=.localhost => sent with same-origin requests.
 8TIMEOUT Domain=.localhost => sent with subdomain requests. Test timed out
 9

LayoutTests/imported/w3c/web-platform-tests/cookies/domain/domain-attribute-host-with-leading-period.sub.https.html

 1<!DOCTYPE html>
 2<head>
 3 <script src="/resources/testharness.js"></script>
 4 <script src="/resources/testharnessreport.js"></script>
 5 <script src="/cookies/resources/cookie-helper.sub.js"></script>
 6</head>
 7<body>
 8 <script>
 9 //
 10 // Set-Cookie: domain-attribute-host-with-leading-period=b; Path=/; Domain=.{{host}}
 11 //
 12 const cookieName = "domain-attribute-host-with-leading-period";
 13 // Clean up cookie at the end to avoid interfering with subsequent tests.
 14 add_completion_callback(tests => document.cookie =
 15 `${cookieName}=0; Path=/; Domain=.{{host}}; expires=01-jan-1970 00:00:00 GMT`);
 16
 17 test(t => {
 18 assert_dom_cookie(cookieName, "b", true);
 19 }, "Domain=.{{host}} => available via `document.cookie`");
 20
 21 async_test(t => {
 22 fetch("/cookies/resources/list.py", { credentials: "include" })
 23 .then(t.step_func(r => r.json()))
 24 .then(t.step_func_done(r => {
 25 assert_equals(r[cookieName], "b");
 26 }))
 27 .catch(_ => assert_unreached);
 28 }, "Domain=.{{host}} => sent with same-origin requests.");
 29
 30 async_test(t => {
 31 fetch(`${SECURE_SUBDOMAIN_ORIGIN}/cookies/resources/list.py`, { credentials: "include" })
 32 .then(t.step_func(r => r.json()))
 33 .then(t.step_func_done(r => {
 34 assert_equals(r[cookieName], "b");
 35 }))
 36 .catch(_ => assert_unreached);
 37 }, "Domain=.{{host}} => sent with subdomain requests.");
 38 </script>
 39</body>

LayoutTests/imported/w3c/web-platform-tests/cookies/domain/domain-attribute-host-with-leading-period.sub.https.html.sub.headers

 1Set-Cookie: domain-attribute-host-with-leading-period=b; Path=/; Domain=.{{host}}

LayoutTests/imported/w3c/web-platform-tests/cookies/domain/domain-attribute-matches-host.sub.https-expected.txt

 1Blocked access to external URL https://www1.localhost:9443/cookies/resources/list.py
 2CONSOLE MESSAGE: Fetch API cannot load https://www1.localhost:9443/cookies/resources/list.py due to access control checks.
 3
 4Harness Error (TIMEOUT), message = null
 5
 6PASS Domain=localhost => available via `document.cookie`
 7PASS Domain=localhost => sent with same-origin requests.
 8TIMEOUT Domain=localhost => sent with subdomain requests. Test timed out
 9

LayoutTests/imported/w3c/web-platform-tests/cookies/domain/domain-attribute-matches-host.sub.https.html

 1<!DOCTYPE html>
 2<head>
 3 <script src="/resources/testharness.js"></script>
 4 <script src="/resources/testharnessreport.js"></script>
 5 <script src="/cookies/resources/cookie-helper.sub.js"></script>
 6</head>
 7<body>
 8 <script>
 9 //
 10 // Set-Cookie: domain-attribute-matches-host=b; Path=/; Domain={{host}}
 11 //
 12 const cookieName = "domain-attribute-matches-host";
 13 // Clean up cookie at the end to avoid interfering with subsequent tests.
 14 add_completion_callback(tests => document.cookie =
 15 `${cookieName}=0; Path=/; Domain={{host}}; expires=01-jan-1970 00:00:00 GMT`);
 16
 17 test(t => {
 18 assert_dom_cookie(cookieName, "b", true);
 19 }, "Domain={{host}} => available via `document.cookie`");
 20
 21 async_test(t => {
 22 fetch("/cookies/resources/list.py", { credentials: "include" })
 23 .then(t.step_func(r => r.json()))
 24 .then(t.step_func_done(r => {
 25 assert_equals(r[cookieName], "b");
 26 }))
 27 .catch(_ => assert_unreached);
 28 }, "Domain={{host}} => sent with same-origin requests.");
 29
 30 async_test(t => {
 31 fetch(`${SECURE_SUBDOMAIN_ORIGIN}/cookies/resources/list.py`, { credentials: "include" })
 32 .then(t.step_func(r => r.json()))
 33 .then(t.step_func_done(r => {
 34 assert_equals(r[cookieName], "b");
 35 }))
 36 .catch(_ => assert_unreached);
 37 }, "Domain={{host}} => sent with subdomain requests.");
 38 </script>
 39</body>

LayoutTests/imported/w3c/web-platform-tests/cookies/domain/domain-attribute-matches-host.sub.https.html.sub.headers

 1Set-Cookie: domain-attribute-matches-host=b; Path=/; Domain={{host}}

LayoutTests/imported/w3c/web-platform-tests/cookies/domain/domain-attribute-missing.sub-expected.txt

 1Blocked access to external URL https://www1.localhost:9443/cookies/resources/list.py
 2CONSOLE MESSAGE: Fetch API cannot load https://www1.localhost:9443/cookies/resources/list.py due to access control checks.
 3
 4Harness Error (TIMEOUT), message = null
 5
 6PASS No domain attribute => available via `document.cookie`
 7PASS No domain attribute => sent with same-origin requests.
 8TIMEOUT No domain attribute => not sent with subdomain requests. Test timed out
 9

LayoutTests/imported/w3c/web-platform-tests/cookies/domain/domain-attribute-missing.sub.html

 1<!DOCTYPE html>
 2<head>
 3 <script src="/resources/testharness.js"></script>
 4 <script src="/resources/testharnessreport.js"></script>
 5 <script src="/cookies/resources/cookie-helper.sub.js"></script>
 6</head>
 7<body>
 8 <script>
 9 //
 10 // Set-Cookie: domain-attribute-missing=b; Path=/
 11 //
 12 const cookieName = "domain-attribute-missing";
 13 // Clean up cookie at the end to avoid interfering with subsequent tests.
 14 add_completion_callback(tests => document.cookie =
 15 `${cookieName}=0; Path=/; expires=01-jan-1970 00:00:00 GMT`);
 16
 17 test(t => {
 18 assert_dom_cookie(cookieName, "b", true);
 19 }, "No domain attribute => available via `document.cookie`");
 20
 21 async_test(t => {
 22 fetch("/cookies/resources/list.py", { credentials: "include" })
 23 .then(t.step_func(r => r.json()))
 24 .then(t.step_func_done(r => {
 25 assert_equals(r[cookieName], "b");
 26 }))
 27 .catch(_ => assert_unreached);
 28 }, "No domain attribute => sent with same-origin requests.");
 29
 30 async_test(t => {
 31 fetch(`${SECURE_SUBDOMAIN_ORIGIN}/cookies/resources/list.py`, { credentials: "include" })
 32 .then(t.step_func(r => r.json()))
 33 .then(t.step_func_done(r => {
 34 assert_equals(r[cookieName], undefined);
 35 }))
 36 .catch(_ => assert_unreached);
 37 }, "No domain attribute => not sent with subdomain requests.");
 38 </script>
 39</body>

LayoutTests/imported/w3c/web-platform-tests/cookies/domain/domain-attribute-missing.sub.html.headers

 1Set-Cookie: domain-attribute-missing=b; Path=/

LayoutTests/imported/w3c/web-platform-tests/cookies/domain/w3c-import.log

 1The tests in this directory were imported from the W3C repository.
 2Do NOT modify these tests directly in WebKit.
 3Instead, create a pull request on the WPT github:
 4 https://github.com/web-platform-tests/wpt
 5
 6Then run the Tools/Scripts/import-w3c-tests in WebKit to reimport
 7
 8Do NOT modify or remove this file.
 9
 10------------------------------------------------------------------------
 11Properties requiring vendor prefixes:
 12None
 13Property values requiring vendor prefixes:
 14None
 15------------------------------------------------------------------------
 16List of files:
 17/LayoutTests/imported/w3c/web-platform-tests/cookies/domain/domain-attribute-host-with-and-without-leading-period.sub.https.html
 18/LayoutTests/imported/w3c/web-platform-tests/cookies/domain/domain-attribute-host-with-and-without-leading-period.sub.https.html.sub.headers
 19/LayoutTests/imported/w3c/web-platform-tests/cookies/domain/domain-attribute-host-with-leading-period.sub.https.html
 20/LayoutTests/imported/w3c/web-platform-tests/cookies/domain/domain-attribute-host-with-leading-period.sub.https.html.sub.headers
 21/LayoutTests/imported/w3c/web-platform-tests/cookies/domain/domain-attribute-matches-host.sub.https.html
 22/LayoutTests/imported/w3c/web-platform-tests/cookies/domain/domain-attribute-matches-host.sub.https.html.sub.headers
 23/LayoutTests/imported/w3c/web-platform-tests/cookies/domain/domain-attribute-missing.sub.html
 24/LayoutTests/imported/w3c/web-platform-tests/cookies/domain/domain-attribute-missing.sub.html.headers

LayoutTests/imported/w3c/web-platform-tests/cookies/encoding/charset-expected.txt

 1
 2FAIL ASCII name and utf-8 value assert_equals: The cookie was set as expected. expected "test=1春节回家路·春运完全手册" but got "test=1"
 3FAIL utf-8 name and ASCII value assert_equals: The cookie was set as expected. expected "тест=2" but got ""
 4FAIL ASCII name and quoted utf-8 value assert_equals: The cookie was set as expected. expected "test=\"3春节回家路·春运完全手册\"" but got "test=\"3春节回家路·春运完全手册\""
 5FAIL utf-8 name and value assert_equals: The cookie was set as expected. expected "春节回=4家路·春运完全手册" but got ""
 6FAIL quoted utf-8 name and value assert_equals: The cookie was set as expected. expected "\"春节回=5家路·春运完全手册\"" but got ""
 7FAIL utf-8 name and value, with (invalid) utf-8 attribute assert_equals: The cookie was set as expected. expected "春节回=6家路·春运" but got ""
 8

LayoutTests/imported/w3c/web-platform-tests/cookies/encoding/charset.html

 1<!doctype html>
 2<html>
 3 <head>
 4 <meta charset=utf-8>
 5 <title>Test utf-8 and ASCII cookie parsing</title>
 6 <meta name=help href="https://tools.ietf.org/html/rfc6265#section-4.1.1">
 7 <meta name="timeout" content="long">
 8 <script src="/resources/testharness.js"></script>
 9 <script src="/resources/testharnessreport.js"></script>
 10 <script src="/cookies/resources/cookie-test.js"></script>
 11 </head>
 12 <body>
 13 <div id=log></div>
 14 <script>
 15 const charsetTests = [
 16 {
 17 cookie: "test=1春节回家路·春运完全手册",
 18 expected: "test=1春节回家路·春运完全手册",
 19 name: "ASCII name and utf-8 value",
 20 },
 21 {
 22 cookie: "тест=2",
 23 expected: "тест=2",
 24 name: "utf-8 name and ASCII value",
 25 },
 26 {
 27 cookie: 'test="3春节回家路·春运完全手册"',
 28 expected: 'test="3春节回家路·春运完全手册"',
 29 name: "ASCII name and quoted utf-8 value",
 30 },
 31 {
 32 cookie: "春节回=4家路·春运完全手册",
 33 expected: "春节回=4家路·春运完全手册",
 34 name: "utf-8 name and value",
 35 },
 36 {
 37 cookie: '"春节回=5家路·春运完全手册"',
 38 expected: '"春节回=5家路·春运完全手册"',
 39 name: "quoted utf-8 name and value",
 40 },
 41 {
 42 cookie: "春节回=6家路·春运; 完全手册",
 43 expected: "春节回=6家路·春运",
 44 name: "utf-8 name and value, with (invalid) utf-8 attribute",
 45 },
 46 ];
 47
 48 for (const test of charsetTests) {
 49 httpCookieTest(test.cookie, test.expected, test.name);
 50 }
 51 </script>
 52 </body>
 53</html>

LayoutTests/imported/w3c/web-platform-tests/cookies/encoding/w3c-import.log

 1The tests in this directory were imported from the W3C repository.
 2Do NOT modify these tests directly in WebKit.
 3Instead, create a pull request on the WPT github:
 4 https://github.com/web-platform-tests/wpt
 5
 6Then run the Tools/Scripts/import-w3c-tests in WebKit to reimport
 7
 8Do NOT modify or remove this file.
 9
 10------------------------------------------------------------------------
 11Properties requiring vendor prefixes:
 12None
 13Property values requiring vendor prefixes:
 14None
 15------------------------------------------------------------------------
 16List of files:
 17/LayoutTests/imported/w3c/web-platform-tests/cookies/encoding/charset.html

LayoutTests/imported/w3c/web-platform-tests/cookies/meta-blocked-expected.txt

 1CONSOLE MESSAGE: The Set-Cookie meta tag is obsolete and was ignored. Use the HTTP header Set-Cookie or document.cookie instead.
 2
 3PASS Cookie is not set from `<meta>`.
 4

LayoutTests/imported/w3c/web-platform-tests/cookies/meta-blocked.html

 1<!DOCTYPE html>
 2<head>
 3 <meta http-equiv="set-cookie" content="meta-set-cookie=1">
 4 <script src="/resources/testharness.js"></script>
 5 <script src="/resources/testharnessreport.js"></script>
 6</head>
 7<body>
 8 <script>
 9 test(t => {
 10 assert_equals(document.cookie.indexOf('meta-set-cookie'), -1);
 11 }, "Cookie is not set from `<meta>`.");
 12 </script>
 13</body>

LayoutTests/imported/w3c/web-platform-tests/cookies/name/name-ctl-expected.txt

 1
 2FAIL Cookie with %x0 in name is truncated. assert_equals: The cookie was set as expected. expected "test0" but got ""
 3FAIL Cookie with %xa in name is truncated. assert_equals: The cookie was set as expected. expected "test10" but got ""
 4FAIL Cookie with %xd in name is truncated. assert_equals: The cookie was set as expected. expected "test13" but got ""
 5PASS Cookie with %x1 in name is rejected.
 6PASS Cookie with %x2 in name is rejected.
 7PASS Cookie with %x3 in name is rejected.
 8PASS Cookie with %x4 in name is rejected.
 9PASS Cookie with %x5 in name is rejected.
 10PASS Cookie with %x6 in name is rejected.
 11PASS Cookie with %x7 in name is rejected.
 12PASS Cookie with %x8 in name is rejected.
 13FAIL Cookie with %x9 in name is rejected. assert_equals: The cookie was rejected. expected "" but got "test9\tname=9"
 14PASS Cookie with %xb in name is rejected.
 15PASS Cookie with %xc in name is rejected.
 16PASS Cookie with %xe in name is rejected.
 17PASS Cookie with %xf in name is rejected.
 18PASS Cookie with %x10 in name is rejected.
 19PASS Cookie with %x11 in name is rejected.
 20PASS Cookie with %x12 in name is rejected.
 21PASS Cookie with %x13 in name is rejected.
 22PASS Cookie with %x14 in name is rejected.
 23PASS Cookie with %x15 in name is rejected.
 24PASS Cookie with %x16 in name is rejected.
 25PASS Cookie with %x17 in name is rejected.
 26PASS Cookie with %x18 in name is rejected.
 27PASS Cookie with %x19 in name is rejected.
 28PASS Cookie with %x1a in name is rejected.
 29PASS Cookie with %x1b in name is rejected.
 30PASS Cookie with %x1c in name is rejected.
 31PASS Cookie with %x1d in name is rejected.
 32PASS Cookie with %x1e in name is rejected.
 33PASS Cookie with %x1f in name is rejected.
 34PASS Cookie with %x7f in name is rejected.
 35FAIL Cookie with %x1 after %x0 in name is truncated. assert_equals: The cookie was set as expected. expected "test1term" but got ""
 36FAIL Cookie with %x2 after %x0 in name is truncated. assert_equals: The cookie was set as expected. expected "test2term" but got ""
 37FAIL Cookie with %x3 after %x0 in name is truncated. assert_equals: The cookie was set as expected. expected "test3term" but got ""
 38FAIL Cookie with %x4 after %x0 in name is truncated. assert_equals: The cookie was set as expected. expected "test4term" but got ""
 39FAIL Cookie with %x5 after %x0 in name is truncated. assert_equals: The cookie was set as expected. expected "test5term" but got ""
 40FAIL Cookie with %x6 after %x0 in name is truncated. assert_equals: The cookie was set as expected. expected "test6term" but got ""
 41FAIL Cookie with %x7 after %x0 in name is truncated. assert_equals: The cookie was set as expected. expected "test7term" but got ""
 42FAIL Cookie with %x8 after %x0 in name is truncated. assert_equals: The cookie was set as expected. expected "test8term" but got ""
 43FAIL Cookie with %x9 after %x0 in name is truncated. assert_equals: The cookie was set as expected. expected "test9term" but got ""
 44FAIL Cookie with %xb after %x0 in name is truncated. assert_equals: The cookie was set as expected. expected "test11term" but got ""
 45FAIL Cookie with %xc after %x0 in name is truncated. assert_equals: The cookie was set as expected. expected "test12term" but got ""
 46FAIL Cookie with %xe after %x0 in name is truncated. assert_equals: The cookie was set as expected. expected "test14term" but got ""
 47FAIL Cookie with %xf after %x0 in name is truncated. assert_equals: The cookie was set as expected. expected "test15term" but got ""
 48FAIL Cookie with %x10 after %x0 in name is truncated. assert_equals: The cookie was set as expected. expected "test16term" but got ""
 49FAIL Cookie with %x11 after %x0 in name is truncated. assert_equals: The cookie was set as expected. expected "test17term" but got ""
 50FAIL Cookie with %x12 after %x0 in name is truncated. assert_equals: The cookie was set as expected. expected "test18term" but got ""
 51FAIL Cookie with %x13 after %x0 in name is truncated. assert_equals: The cookie was set as expected. expected "test19term" but got ""
 52FAIL Cookie with %x14 after %x0 in name is truncated. assert_equals: The cookie was set as expected. expected "test20term" but got ""
 53FAIL Cookie with %x15 after %x0 in name is truncated. assert_equals: The cookie was set as expected. expected "test21term" but got ""
 54FAIL Cookie with %x16 after %x0 in name is truncated. assert_equals: The cookie was set as expected. expected "test22term" but got ""
 55FAIL Cookie with %x17 after %x0 in name is truncated. assert_equals: The cookie was set as expected. expected "test23term" but got ""
 56FAIL Cookie with %x18 after %x0 in name is truncated. assert_equals: The cookie was set as expected. expected "test24term" but got ""
 57FAIL Cookie with %x19 after %x0 in name is truncated. assert_equals: The cookie was set as expected. expected "test25term" but got ""
 58FAIL Cookie with %x1a after %x0 in name is truncated. assert_equals: The cookie was set as expected. expected "test26term" but got ""
 59FAIL Cookie with %x1b after %x0 in name is truncated. assert_equals: The cookie was set as expected. expected "test27term" but got ""
 60FAIL Cookie with %x1c after %x0 in name is truncated. assert_equals: The cookie was set as expected. expected "test28term" but got ""
 61FAIL Cookie with %x1d after %x0 in name is truncated. assert_equals: The cookie was set as expected. expected "test29term" but got ""
 62FAIL Cookie with %x1e after %x0 in name is truncated. assert_equals: The cookie was set as expected. expected "test30term" but got ""
 63FAIL Cookie with %x1f after %x0 in name is truncated. assert_equals: The cookie was set as expected. expected "test31term" but got ""
 64FAIL Cookie with %x7f after %x0 in name is truncated. assert_equals: The cookie was set as expected. expected "test127term" but got ""
 65FAIL Cookie with %x1 after %xa in name is truncated. assert_equals: The cookie was set as expected. expected "test1term" but got ""
 66FAIL Cookie with %x2 after %xa in name is truncated. assert_equals: The cookie was set as expected. expected "test2term" but got ""
 67FAIL Cookie with %x3 after %xa in name is truncated. assert_equals: The cookie was set as expected. expected "test3term" but got ""
 68FAIL Cookie with %x4 after %xa in name is truncated. assert_equals: The cookie was set as expected. expected "test4term" but got ""
 69FAIL Cookie with %x5 after %xa in name is truncated. assert_equals: The cookie was set as expected. expected "test5term" but got ""
 70FAIL Cookie with %x6 after %xa in name is truncated. assert_equals: The cookie was set as expected. expected "test6term" but got ""
 71FAIL Cookie with %x7 after %xa in name is truncated. assert_equals: The cookie was set as expected. expected "test7term" but got ""
 72FAIL Cookie with %x8 after %xa in name is truncated. assert_equals: The cookie was set as expected. expected "test8term" but got ""
 73FAIL Cookie with %x9 after %xa in name is truncated. assert_equals: The cookie was set as expected. expected "test9term" but got ""
 74FAIL Cookie with %xb after %xa in name is truncated. assert_equals: The cookie was set as expected. expected "test11term" but got ""
 75FAIL Cookie with %xc after %xa in name is truncated. assert_equals: The cookie was set as expected. expected "test12term" but got ""
 76FAIL Cookie with %xe after %xa in name is truncated. assert_equals: The cookie was set as expected. expected "test14term" but got ""
 77FAIL Cookie with %xf after %xa in name is truncated. assert_equals: The cookie was set as expected. expected "test15term" but got ""
 78FAIL Cookie with %x10 after %xa in name is truncated. assert_equals: The cookie was set as expected. expected "test16term" but got ""
 79FAIL Cookie with %x11 after %xa in name is truncated. assert_equals: The cookie was set as expected. expected "test17term" but got ""
 80FAIL Cookie with %x12 after %xa in name is truncated. assert_equals: The cookie was set as expected. expected "test18term" but got ""
 81FAIL Cookie with %x13 after %xa in name is truncated. assert_equals: The cookie was set as expected. expected "test19term" but got ""
 82FAIL Cookie with %x14 after %xa in name is truncated. assert_equals: The cookie was set as expected. expected "test20term" but got ""
 83FAIL Cookie with %x15 after %xa in name is truncated. assert_equals: The cookie was set as expected. expected "test21term" but got ""
 84FAIL Cookie with %x16 after %xa in name is truncated. assert_equals: The cookie was set as expected. expected "test22term" but got ""
 85FAIL Cookie with %x17 after %xa in name is truncated. assert_equals: The cookie was set as expected. expected "test23term" but got ""
 86FAIL Cookie with %x18 after %xa in name is truncated. assert_equals: The cookie was set as expected. expected "test24term" but got ""
 87FAIL Cookie with %x19 after %xa in name is truncated. assert_equals: The cookie was set as expected. expected "test25term" but got ""
 88FAIL Cookie with %x1a after %xa in name is truncated. assert_equals: The cookie was set as expected. expected "test26term" but got ""
 89FAIL Cookie with %x1b after %xa in name is truncated. assert_equals: The cookie was set as expected. expected "test27term" but got ""
 90FAIL Cookie with %x1c after %xa in name is truncated. assert_equals: The cookie was set as expected. expected "test28term" but got ""
 91FAIL Cookie with %x1d after %xa in name is truncated. assert_equals: The cookie was set as expected. expected "test29term" but got ""
 92FAIL Cookie with %x1e after %xa in name is truncated. assert_equals: The cookie was set as expected. expected "test30term" but got ""
 93FAIL Cookie with %x1f after %xa in name is truncated. assert_equals: The cookie was set as expected. expected "test31term" but got ""
 94FAIL Cookie with %x7f after %xa in name is truncated. assert_equals: The cookie was set as expected. expected "test127term" but got ""
 95FAIL Cookie with %x1 after %xd in name is truncated. assert_equals: The cookie was set as expected. expected "test1term" but got ""
 96FAIL Cookie with %x2 after %xd in name is truncated. assert_equals: The cookie was set as expected. expected "test2term" but got ""
 97FAIL Cookie with %x3 after %xd in name is truncated. assert_equals: The cookie was set as expected. expected "test3term" but got ""
 98FAIL Cookie with %x4 after %xd in name is truncated. assert_equals: The cookie was set as expected. expected "test4term" but got ""
 99FAIL Cookie with %x5 after %xd in name is truncated. assert_equals: The cookie was set as expected. expected "test5term" but got ""
 100FAIL Cookie with %x6 after %xd in name is truncated. assert_equals: The cookie was set as expected. expected "test6term" but got ""
 101FAIL Cookie with %x7 after %xd in name is truncated. assert_equals: The cookie was set as expected. expected "test7term" but got ""
 102FAIL Cookie with %x8 after %xd in name is truncated. assert_equals: The cookie was set as expected. expected "test8term" but got ""
 103FAIL Cookie with %x9 after %xd in name is truncated. assert_equals: The cookie was set as expected. expected "test9term" but got ""
 104FAIL Cookie with %xb after %xd in name is truncated. assert_equals: The cookie was set as expected. expected "test11term" but got ""
 105FAIL Cookie with %xc after %xd in name is truncated. assert_equals: The cookie was set as expected. expected "test12term" but got ""
 106FAIL Cookie with %xe after %xd in name is truncated. assert_equals: The cookie was set as expected. expected "test14term" but got ""
 107FAIL Cookie with %xf after %xd in name is truncated. assert_equals: The cookie was set as expected. expected "test15term" but got ""
 108FAIL Cookie with %x10 after %xd in name is truncated. assert_equals: The cookie was set as expected. expected "test16term" but got ""
 109FAIL Cookie with %x11 after %xd in name is truncated. assert_equals: The cookie was set as expected. expected "test17term" but got ""
 110FAIL Cookie with %x12 after %xd in name is truncated. assert_equals: The cookie was set as expected. expected "test18term" but got ""
 111FAIL Cookie with %x13 after %xd in name is truncated. assert_equals: The cookie was set as expected. expected "test19term" but got ""
 112FAIL Cookie with %x14 after %xd in name is truncated. assert_equals: The cookie was set as expected. expected "test20term" but got ""
 113FAIL Cookie with %x15 after %xd in name is truncated. assert_equals: The cookie was set as expected. expected "test21term" but got ""
 114FAIL Cookie with %x16 after %xd in name is truncated. assert_equals: The cookie was set as expected. expected "test22term" but got ""
 115FAIL Cookie with %x17 after %xd in name is truncated. assert_equals: The cookie was set as expected. expected "test23term" but got ""
 116FAIL Cookie with %x18 after %xd in name is truncated. assert_equals: The cookie was set as expected. expected "test24term" but got ""
 117FAIL Cookie with %x19 after %xd in name is truncated. assert_equals: The cookie was set as expected. expected "test25term" but got ""
 118FAIL Cookie with %x1a after %xd in name is truncated. assert_equals: The cookie was set as expected. expected "test26term" but got ""
 119FAIL Cookie with %x1b after %xd in name is truncated. assert_equals: The cookie was set as expected. expected "test27term" but got ""
 120FAIL Cookie with %x1c after %xd in name is truncated. assert_equals: The cookie was set as expected. expected "test28term" but got ""
 121FAIL Cookie with %x1d after %xd in name is truncated. assert_equals: The cookie was set as expected. expected "test29term" but got ""
 122FAIL Cookie with %x1e after %xd in name is truncated. assert_equals: The cookie was set as expected. expected "test30term" but got ""
 123FAIL Cookie with %x1f after %xd in name is truncated. assert_equals: The cookie was set as expected. expected "test31term" but got ""
 124FAIL Cookie with %x7f after %xd in name is truncated. assert_equals: The cookie was set as expected. expected "test127term" but got ""
 125

LayoutTests/imported/w3c/web-platform-tests/cookies/name/name-ctl.html

 1<!doctype html>
 2<html>
 3 <head>
 4 <meta charset=utf-8>
 5 <title>Test cookie name parsing with control characters</title>
 6 <meta name=help href="https://tools.ietf.org/html/rfc6265#section-5.2">
 7 <meta name="timeout" content="long">
 8 <script src="/resources/testharness.js"></script>
 9 <script src="/resources/testharnessreport.js"></script>
 10 <script src="/cookies/resources/cookie-test.js"></script>
 11 </head>
 12 <body>
 13 <div id=log></div>
 14 <script>
 15 // Tests for control characters (CTLs) in a cookie's name.
 16 // CTLs are defined by RFC 5234 to be %x00-1F / %x7F.
 17 const {TERMINATING_CTLS, CTLS} = getCtlCharacters();
 18
 19 // Start with a clean slate.
 20 dropAllDomCookies();
 21
 22 // Test that terminating CTLs truncate the cookie string.
 23 for (const ctl of TERMINATING_CTLS) {
 24 domCookieTest(
 25 `test${ctl.code}${ctl.chr}name=${ctl.code}`,
 26 `test${ctl.code}`,
 27 `Cookie with %x${ctl.code.toString(16)} in name is truncated.`);
 28 }
 29
 30 // Test that other CTLs result in cookie rejection.
 31 for (const ctl of CTLS) {
 32 domCookieTest(
 33 `test${ctl.code}${ctl.chr}name=${ctl.code}`,
 34 '',
 35 `Cookie with %x${ctl.code.toString(16)} in name is rejected.`);
 36 }
 37
 38 // Test that truncation due to terminating CTLs occurs first.
 39 for (const termCtl of TERMINATING_CTLS) {
 40 for (const ctl of CTLS) {
 41 domCookieTest(
 42 `test${ctl.code}term${termCtl.chr}na${ctl.chr}me=${ctl.code}`,
 43 `test${ctl.code}term`,
 44 `Cookie with %x${ctl.code.toString(16)} after ` +
 45 `%x${termCtl.code.toString(16)} in name is truncated.`);
 46 }
 47 }
 48 </script>
 49 </body>
 50</html>

LayoutTests/imported/w3c/web-platform-tests/cookies/name/name-expected.txt

 1
 2PASS Set valueless cookie to its name with empty value
 3FAIL Set a nameless cookie (that has an = in its value) assert_equals: The cookie was set as expected. expected "test=2" but got ""
 4FAIL Set a nameless cookie (that has multiple ='s in its value) assert_equals: The cookie was set as expected. expected "==test=2b" but got ""
 5FAIL Set a nameless cookie assert_equals: The cookie was set as expected. expected "test2c" but got ""
 6PASS Remove trailing WSP characters from the name string
 7PASS Remove leading WSP characters from the name string
 8PASS Only return the new cookie (with the same name)
 9FAIL Ignore invalid attributes after nameless cookie assert_equals: The cookie was set as expected. expected "test6" but got ""
 10PASS Ignore invalid attributes after valid name (that looks like Cookie2 Version attribute)
 11PASS Set a cookie that has whitespace in its name
 12FAIL Set a nameless cookie ignoring characters after first ; assert_equals: The cookie was set as expected. expected "\"test9" but got ""
 13FAIL Set a nameless cookie ignoring characters after first ; (2) assert_equals: The cookie was set as expected. expected "\"test\"10" but got ""
 14FAIL Return the most recent nameless cookie assert_equals: The cookie was set as expected. expected "test11" but got ""
 15FAIL Return the most recent nameless cookie, without leading = assert_equals: The cookie was set as expected. expected "test11a" but got ""
 16FAIL Return the most recent nameless cookie, even if preceded by = assert_equals: The cookie was set as expected. expected "test11b" but got ""
 17FAIL Return the most recent nameless cookie, even if preceded by =, in addition to other valid cookie assert_equals: The cookie was set as expected. expected "test11b; test=11c" but got "test=11c"
 18PASS Use last value for cookies with identical names
 19PASS Keep first-in, first-out name order
 20PASS Keep first-in, first-out single-char name order
 21FAIL Keep non-alphabetic first-in, first-out name order assert_equals: The cookie was set as expected. expected "z=test15; a=test15" but got "a=test15; z=test15"
 22FAIL Keep first-in, first-out order if comma-separated assert_equals: The cookie was set as expected. expected "z=test16, a=test16" but got "a=test15; z=test16,a=test16"
 23FAIL Set nameless cookie, given `Set-Cookie: =test16` assert_equals: The cookie was set as expected. expected "testA=16; test16; testB=16" but got "a=test15; testA=16; testB=16; z=test16,a=test16"
 24FAIL Overwrite nameless cookie assert_equals: The cookie was set as expected. expected "test17b" but got "a=test15; testA=16; testB=16; z=test16,a=test16"
 25FAIL Ignore cookie with empty name and empty value assert_equals: The cookie was rejected. expected "" but got "a=test15; testA=16; testB=16; z=test16,a=test16"
 26FAIL Ignore cookie with no name or value assert_equals: The cookie was rejected. expected "" but got "a=test15; testA=16; testB=16; z=test16,a=test16"
 27FAIL URL-encoded cookie name is not decoded assert_equals: The cookie was set as expected. expected "%74%65%73%74=20" but got "%74%65%73%74=20; a=test15; testA=16; testB=16; z=test16,a=test16"
 28FAIL Name is set as expected for a=test assert_equals: The cookie was set as expected. expected "a=test" but got "%74%65%73%74=20; a=test; testA=16; testB=16; z=test16,a=test16"
 29FAIL Name is set as expected for 1=test assert_equals: The cookie was set as expected. expected "1=test" but got "1=test; %74%65%73%74=20; a=test; testA=16; testB=16; z=test16,a=test16"
 30FAIL Name is set as expected for $=test assert_equals: The cookie was set as expected. expected "$=test" but got "$=test; 1=test; %74%65%73%74=20; a=test; testA=16; testB=16; z=test16,a=test16"
 31FAIL Name is set as expected for !a=test assert_equals: The cookie was set as expected. expected "!a=test" but got "!a=test; $=test; 1=test; %74%65%73%74=20; a=test; testA=16; testB=16; z=test16,a=test16"
 32FAIL Name is set as expected for @a=test assert_equals: The cookie was set as expected. expected "@a=test" but got "!a=test; $=test; 1=test; @a=test; %74%65%73%74=20; a=test; testA=16; testB=16; z=test16,a=test16"
 33FAIL Name is set as expected for #a=test assert_equals: The cookie was set as expected. expected "#a=test" but got "!a=test; #a=test; $=test; 1=test; @a=test; %74%65%73%74=20; a=test; testA=16; testB=16; z=test16,a=test16"
 34FAIL Name is set as expected for $a=test assert_equals: The cookie was set as expected. expected "$a=test" but got "!a=test; #a=test; $=test; $a=test; 1=test; @a=test; %74%65%73%74=20; a=test; testA=16; testB=16; z=test16,a=test16"
 35FAIL Name is set as expected for %a=test assert_equals: The cookie was set as expected. expected "%a=test" but got "!a=test; #a=test; $=test; $a=test; %a=test; 1=test; @a=test; %74%65%73%74=20; a=test; testA=16; testB=16; z=test16,a=test16"
 36FAIL Name is set as expected for ^a=test assert_equals: The cookie was set as expected. expected "^a=test" but got "!a=test; #a=test; $=test; $a=test; %a=test; 1=test; @a=test; ^a=test; %74%65%73%74=20; a=test; testA=16; testB=16; z=test16,a=test16"
 37FAIL Name is set as expected for &a=test assert_equals: The cookie was set as expected. expected "&a=test" but got "!a=test; #a=test; $=test; $a=test; %a=test; &a=test; 1=test; @a=test; ^a=test; %74%65%73%74=20; a=test; testA=16; testB=16; z=test16,a=test16"
 38FAIL Name is set as expected for *a=test assert_equals: The cookie was set as expected. expected "*a=test" but got "!a=test; #a=test; $=test; $a=test; %a=test; &a=test; *a=test; 1=test; @a=test; ^a=test; %74%65%73%74=20; a=test; testA=16; testB=16; z=test16,a=test16"
 39FAIL Name is set as expected for (a=test assert_equals: The cookie was set as expected. expected "(a=test" but got "!a=test; #a=test; $=test; $a=test; %a=test; &a=test; (a=test; *a=test; 1=test; @a=test; ^a=test; %74%65%73%74=20; a=test; testA=16; testB=16; z=test16,a=test16"
 40FAIL Name is set as expected for )a=test assert_equals: The cookie was set as expected. expected ")a=test" but got "!a=test; #a=test; $=test; $a=test; %a=test; &a=test; (a=test; )a=test; *a=test; 1=test; @a=test; ^a=test; %74%65%73%74=20; a=test; testA=16; testB=16; z=test16,a=test16"
 41FAIL Name is set as expected for -a=test assert_equals: The cookie was set as expected. expected "-a=test" but got "!a=test; #a=test; $=test; $a=test; %a=test; &a=test; (a=test; )a=test; *a=test; -a=test; 1=test; @a=test; ^a=test; %74%65%73%74=20; a=test; testA=16; testB=16; z=test16,a=test16"
 42FAIL Name is set as expected for _a=test assert_equals: The cookie was set as expected. expected "_a=test" but got "!a=test; #a=test; $=test; $a=test; %a=test; &a=test; (a=test; )a=test; *a=test; -a=test; 1=test; @a=test; ^a=test; _a=test; %74%65%73%74=20; a=test; testA=16; testB=16; z=test16,a=test16"
 43FAIL Name is set as expected for +=test assert_equals: The cookie was set as expected. expected "+=test" but got "!a=test; #a=test; $=test; $a=test; %a=test; &a=test; (a=test; )a=test; *a=test; +=test; -a=test; 1=test; @a=test; ^a=test; _a=test; %74%65%73%74=20; a=test; testA=16; testB=16; z=test16,a=test16"
 44FAIL Name is set as expected for "a=test assert_equals: The cookie was set as expected. expected "\"a=test" but got "!a=test; \"a=test; #a=test; $=test; $a=test; %a=test; &a=test; (a=test; )a=test; *a=test; +=test; -a=test; 1=test; @a=test; ^a=test; _a=test; %74%65%73%74=20; a=test; testA=16; testB=16; z=test16,a=test16"
 45FAIL Name is set as expected for "a=b"=test assert_equals: The cookie was set as expected. expected "\"a=b\"=test" but got "!a=test; \"a=test; #a=test; $=test; $a=test; %a=test; &a=test; (a=test; )a=test; *a=test; +=test; -a=test; 1=test; @a=test; ^a=test; _a=test; %74%65%73%74=20; a=test; testA=16; testB=16; z=test16,a=test16"
 46

LayoutTests/imported/w3c/web-platform-tests/cookies/name/name.html

 1<!doctype html>
 2<html>
 3 <head>
 4 <meta charset=utf-8>
 5 <title>Test cookie name parsing</title>
 6 <meta name=help href="https://tools.ietf.org/html/rfc6265#section-5.2">
 7 <meta name="timeout" content="long">
 8 <script src="/resources/testharness.js"></script>
 9 <script src="/resources/testharnessreport.js"></script>
 10 <script src="/cookies/resources/cookie-test.js"></script>
 11 </head>
 12 <body>
 13 <div id=log></div>
 14 <script>
 15 const nameTests = [
 16 {
 17 cookie: "test1=; path = /",
 18 expected: "test1=",
 19 name: "Set valueless cookie to its name with empty value",
 20 defaultPath: false,
 21 },
 22 {
 23 cookie: "=test=2",
 24 expected: "test=2",
 25 name: "Set a nameless cookie (that has an = in its value)",
 26 },
 27 {
 28 cookie: "===test=2b",
 29 expected: "==test=2b",
 30 name: "Set a nameless cookie (that has multiple ='s in its value)",
 31 },
 32 {
 33 cookie: "=test2c",
 34 expected: "test2c",
 35 name: "Set a nameless cookie",
 36 },
 37 {
 38 cookie: "test =3",
 39 expected: "test=3",
 40 name: "Remove trailing WSP characters from the name string",
 41 },
 42 {
 43 cookie: " test=4",
 44 expected: "test=4",
 45 name: "Remove leading WSP characters from the name string",
 46 },
 47 {
 48 cookie: ['"test=5"=test', '"test=5'],
 49 expected: '"test=5',
 50 name: "Only return the new cookie (with the same name)",
 51 },
 52 {
 53 cookie: "test6;cool=dude",
 54 expected: "test6",
 55 name: "Ignore invalid attributes after nameless cookie",
 56 },
 57 {
 58 cookie: "$Version=1; test=7",
 59 expected: "$Version=1",
 60 name: "Ignore invalid attributes after valid name (that looks like Cookie2 Version attribute)",
 61 },
 62 {
 63 cookie: "test test=8",
 64 expected: "test test=8",
 65 name: "Set a cookie that has whitespace in its name",
 66 },
 67 {
 68 cookie: '"test9;test"=9',
 69 expected: '"test9',
 70 name: "Set a nameless cookie ignoring characters after first ;",
 71 },
 72 {
 73 cookie: '"test\"10;baz"=qux',
 74 expected: '"test\"10',
 75 name: "Set a nameless cookie ignoring characters after first ; (2)",
 76 },
 77 {
 78 cookie: ["=test=11", "test11"],
 79 expected: "test11",
 80 name: "Return the most recent nameless cookie",
 81 },
 82 {
 83 cookie: ["test11", "test11a"],
 84 expected: "test11a",
 85 name: "Return the most recent nameless cookie, without leading =",
 86 },
 87 {
 88 cookie: ["test11", "test11a", "=test11b"],
 89 expected: "test11b",
 90 name: "Return the most recent nameless cookie, even if preceded by =",
 91 },
 92 {
 93 cookie: ["test11", "test11a", "=test11b", "test=11c"],
 94 expected: "test11b; test=11c",
 95 name: "Return the most recent nameless cookie, even if preceded by =, in addition to other valid cookie",
 96 },
 97 {
 98 cookie: ["test12=11", "test12=12"],
 99 expected: "test12=12",
 100 name: "Use last value for cookies with identical names",
 101 },
 102 {
 103 cookie: ["testA=13", "testB=13"],
 104 expected: "testA=13; testB=13",
 105 name: "Keep first-in, first-out name order",
 106 },
 107 {
 108 cookie: ["a=test14", "z=test14"],
 109 expected: "a=test14; z=test14",
 110 name: "Keep first-in, first-out single-char name order",
 111 },
 112 {
 113 cookie: ["z=test15", "a=test15"],
 114 expected: "z=test15; a=test15",
 115 name: "Keep non-alphabetic first-in, first-out name order",
 116 },
 117 {
 118 cookie: "z=test16, a=test16",
 119 expected: "z=test16, a=test16",
 120 name: "Keep first-in, first-out order if comma-separated",
 121 },
 122 {
 123 cookie: ["testA=16", "=test16", "testB=16"],
 124 expected: "testA=16; test16; testB=16",
 125 name: "Set nameless cookie, given `Set-Cookie: =test16`",
 126 },
 127 {
 128 cookie: ["test17a", "test17b"],
 129 expected: "test17b",
 130 name: "Overwrite nameless cookie",
 131 },
 132 {
 133 cookie: "=",
 134 expected: "",
 135 name: "Ignore cookie with empty name and empty value",
 136 },
 137 {
 138 cookie: "",
 139 expected: "",
 140 name: "Ignore cookie with no name or value",
 141 },
 142 {
 143 cookie: "%74%65%73%74=20",
 144 expected: "%74%65%73%74=20",
 145 name: "URL-encoded cookie name is not decoded",
 146 },
 147 ];
 148
 149 for (const test of nameTests) {
 150 httpCookieTest(test.cookie, test.expected, test.name);
 151 }
 152
 153 for (const name of ["a", "1", "$", "!a", "@a", "#a", "$a", "%a",
 154 "^a", "&a", "*a", "(a", ")a", "-a", "_a", "+",
 155 '"a', '"a=b"'
 156 ]) {
 157 const cookie = `${name}=test`;
 158 httpCookieTest(cookie, cookie, `Name is set as expected for ${name}=test`);
 159 }
 160 </script>
 161 </body>
 162</html>

LayoutTests/imported/w3c/web-platform-tests/cookies/name/w3c-import.log

 1The tests in this directory were imported from the W3C repository.
 2Do NOT modify these tests directly in WebKit.
 3Instead, create a pull request on the WPT github:
 4 https://github.com/web-platform-tests/wpt
 5
 6Then run the Tools/Scripts/import-w3c-tests in WebKit to reimport
 7
 8Do NOT modify or remove this file.
 9
 10------------------------------------------------------------------------
 11Properties requiring vendor prefixes:
 12None
 13Property values requiring vendor prefixes:
 14None
 15------------------------------------------------------------------------
 16List of files:
 17/LayoutTests/imported/w3c/web-platform-tests/cookies/name/name-ctl.html
 18/LayoutTests/imported/w3c/web-platform-tests/cookies/name/name.html

LayoutTests/imported/w3c/web-platform-tests/cookies/navigated-away-expected.txt

 1
 2
 3PASS document.cookie behavior on documents without browser context
 4

LayoutTests/imported/w3c/web-platform-tests/cookies/navigated-away.html

 1<!DOCTYPE html>
 2<head>
 3 <script src="/resources/testharness.js"></script>
 4 <script src="/resources/testharnessreport.js"></script>
 5</head>
 6<body>
 7 <iframe id="if" src="about:blank"></iframe>
 8 <script>
 9 var t = async_test("document.cookie behavior on documents without browser context");
 10 t.add_cleanup(function() {
 11 document.cookie = "nav_away_test=yes;max-age=0";
 12 });
 13
 14 function step2() {
 15 t.step(function() {
 16 // Get from saved doc should fail.
 17 assert_equals(window.iframeDoc.cookie, "");
 18
 19 // Try set from saved doc, should do nothing.
 20 window.iframeDoc.cookie = "nav_away_test=second";
 21 assert_equals(window.iframeDoc.cookie, "");
 22 assert_not_equals(document.cookie.indexOf("nav_away_test=yes"), -1);
 23 });
 24 t.done();
 25 }
 26
 27 t.step(function() {
 28 document.cookie = "nav_away_test=yes";
 29 var iframe = document.getElementById("if");
 30 // Save original document.
 31 window.iframeDoc = iframe.contentDocument;
 32 assert_not_equals(window.iframeDoc.cookie.indexOf("nav_away_test=yes"), -1);
 33
 34 // Navigate away.
 35 iframe.onload = step2;
 36 iframe.contentWindow.location = "/common/blank.html";
 37 })
 38 </script>
 39</body>

LayoutTests/imported/w3c/web-platform-tests/cookies/ordering/ordering.sub-expected.txt

 1
 2PASS Test cookie ordering
 3FAIL Cookies with longer path attribute values are ordered before shorter ones assert_equals: The cookie was set as expected. expected "testF=1; testB=1; testC=1; testE=1" but got "testB=1; testC=1"
 4FAIL Cookies with longer path attribute values are ordered before shorter ones (2) assert_equals: The cookie was set as expected. expected "testG=2; testB=2; testF=2; testH=2; testC=2" but got "testB=2; testH=2; testC=2"
 5PASS Cookies with longer paths are listed before cookies with shorter paths
 6FAIL For equal length paths, list the cookie with an earlier creation time first assert_equals: The cookie was set as expected. expected "testB=4; testZ=4; testA=4" but got "testB=4; testA=4; testZ=4"
 7

LayoutTests/imported/w3c/web-platform-tests/cookies/ordering/ordering.sub.html

 1<!doctype html>
 2<html>
 3 <head>
 4 <meta charset=utf-8>
 5 <title>Test cookie ordering</title>
 6 <meta name=help href="https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-07#section-5.5">
 7 <meta name="timeout" content="long">
 8 <script src="/resources/testharness.js"></script>
 9 <script src="/resources/testharnessreport.js"></script>
 10 <script src="/cookies/resources/cookie-test.js"></script>
 11 </head>
 12 </head>
 13 <body>
 14 <script>
 15 const port = "{{ports[http][0]}}";
 16 const wwwHost = "{{hosts[alt][]}}";
 17
 18 test(t => {
 19 const win = window.open(`http://${wwwHost}:${port}/cookies/ordering/resources/ordering-child.sub.html`);
 20 fetch_tests_from_window(win);
 21 });
 22 </script>
 23 </body>
 24</html>

LayoutTests/imported/w3c/web-platform-tests/cookies/ordering/resources/ordering-child.sub.html

 1<!doctype html>
 2<html>
 3 <head>
 4 <meta charset=utf-8>
 5 <title>Test cookie ordering</title>
 6 <meta name=help href="https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-07#section-5.5">
 7 <meta name="timeout" content="long">
 8 <script src="/resources/testharness.js"></script>
 9 <script src="/cookies/resources/cookie-test.js"></script>
 10 </head>
 11 <body>
 12 <div id=log></div>
 13 <script>
 14 const host = "{{host}}";
 15 const wwwHost = "{{hosts[alt][]}}";
 16
 17 const orderingTests = [
 18 {
 19 cookie: [
 20 "testA=1",
 21 "testB=1; path=/cookies",
 22 "testC=1; path=/",
 23 "testD=1; path=/cooking",
 24 `testE=1; domain=.${host}; path=/`,
 25 `testF=1; domain=.${host}; path=/cookies/attributes`,
 26 ],
 27 expected: "testF=1; testB=1; testC=1; testE=1",
 28 name: "Cookies with longer path attribute values are ordered before shorter ones",
 29 location: "/cookies/attributes/resources/path/one.html",
 30 },
 31 {
 32 cookie: [
 33 "testA=2",
 34 "testB=2; path=/cookies/attributes/resources",
 35 "testC=2; path=/",
 36 "testD=2; path=/cooking",
 37 `testE=2; domain=.${host}`,
 38 `testF=2; domain=.${host}; path=/cookies/attributes`,
 39 `testG=2; domain=.${host}; path=/cookies/attributes/resources/path`,
 40 "testH=2; path=/cookies",
 41 ],
 42 expected: "testG=2; testB=2; testF=2; testH=2; testC=2",
 43 name: "Cookies with longer path attribute values are ordered before shorter ones (2)",
 44 location: "/cookies/attributes/resources/path/one.html",
 45 },
 46 {
 47 cookie: [
 48 "testA=3; path=/cookies/attributes/resources/path",
 49 "testB=3; path=/cookies/attributes/resources/path/one.html",
 50 "testC=3; path=/cookies/attributes",
 51 ],
 52 expected: "testB=3; testA=3; testC=3",
 53 name: "Cookies with longer paths are listed before cookies with shorter paths",
 54 location: "/cookies/attributes/resources/path/one.html",
 55 },
 56 {
 57 cookie: [
 58 "testZ=4; path=/cookies",
 59 "testB=4; path=/cookies/attributes/resources/path",
 60 "testA=4; path=/cookies",
 61 ],
 62 expected: "testB=4; testZ=4; testA=4",
 63 name: "For equal length paths, list the cookie with an earlier creation time first",
 64 location: "/cookies/attributes/resources/path/one.html",
 65 },
 66 ];
 67
 68 for (const test of orderingTests) {
 69 httpRedirectCookieTest(test.cookie, test.expected, test.name,
 70 test.location);
 71 }
 72 </script>
 73 </body>
 74</html>

LayoutTests/imported/w3c/web-platform-tests/cookies/ordering/resources/w3c-import.log

 1The tests in this directory were imported from the W3C repository.
 2Do NOT modify these tests directly in WebKit.
 3Instead, create a pull request on the WPT github:
 4 https://github.com/web-platform-tests/wpt
 5
 6Then run the Tools/Scripts/import-w3c-tests in WebKit to reimport
 7
 8Do NOT modify or remove this file.
 9
 10------------------------------------------------------------------------
 11Properties requiring vendor prefixes:
 12None
 13Property values requiring vendor prefixes:
 14None
 15------------------------------------------------------------------------
 16List of files:
 17/LayoutTests/imported/w3c/web-platform-tests/cookies/ordering/resources/ordering-child.sub.html

LayoutTests/imported/w3c/web-platform-tests/cookies/ordering/w3c-import.log

 1The tests in this directory were imported from the W3C repository.
 2Do NOT modify these tests directly in WebKit.
 3Instead, create a pull request on the WPT github:
 4 https://github.com/web-platform-tests/wpt
 5
 6Then run the Tools/Scripts/import-w3c-tests in WebKit to reimport
 7
 8Do NOT modify or remove this file.
 9
 10------------------------------------------------------------------------
 11Properties requiring vendor prefixes:
 12None
 13Property values requiring vendor prefixes:
 14None
 15------------------------------------------------------------------------
 16List of files:
 17/LayoutTests/imported/w3c/web-platform-tests/cookies/ordering/ordering.sub.html

LayoutTests/imported/w3c/web-platform-tests/cookies/path/default-expected.txt

 1
 2PASS Test for default cookie path
 3

LayoutTests/imported/w3c/web-platform-tests/cookies/path/default.html

 1<!doctype html>
 2<html>
 3<head>
 4 <meta charset=utf-8>
 5 <title>Test for default cookie path</title>
 6 <meta name=help href="http://tools.ietf.org/html/rfc6265#section-5.1.4">
 7
 8 <script src="/resources/testharness.js"></script>
 9 <script src="/resources/testharnessreport.js"></script>
 10</head>
 11<body>
 12<div id=log></div>
 13
 14<script>
 15var body = document.getElementsByTagName('body')[0];
 16var createIframe = function (src, done) {
 17 var iframe = document.createElement('iframe');
 18 iframe.src = src;
 19 body.appendChild(iframe);
 20 iframe.onload = function () {
 21 done(iframe);
 22 };
 23};
 24
 25async_test(function (t) {
 26 var iframe;
 27 var verify = t.step_func(function () {
 28 assert_true(
 29 !!iframe.contentWindow.isCookieSet('cookies-path-default'),
 30 'cookie can be retrieved from expected path'
 31 );
 32
 33 // The default-path of this cookie must contain, "the characters of the
 34 // uri-path from the first character up to, but not including, the
 35 // right-most %x2F ("/")."
 36 iframe.contentWindow.expireCookie(
 37 'cookies-path-default', '/cookies/resources'
 38 );
 39
 40 // As of 2018-11-21, some UAs were observed to include the right-most %x2F
 41 // character in violation of RFC6265.
 42 t.add_cleanup(function () {
 43 iframe.contentWindow.expireCookie(
 44 'cookies-path-default', '/cookies/resources/'
 45 );
 46 });
 47
 48 assert_false(
 49 !!iframe.contentWindow.isCookieSet('cookies-path-default'),
 50 'cookie can be referenced using the expected path'
 51 );
 52
 53 t.done();
 54 });
 55
 56 createIframe('/cookies/resources/echo-cookie.html', t.step_func(function (_iframe) {
 57 iframe = _iframe;
 58
 59 createIframe('/cookies/resources/set.py?cookies-path-default=1', verify);
 60 }));
 61});
 62</script>
 63</body>
 64</html>

LayoutTests/imported/w3c/web-platform-tests/cookies/path/match-expected.txt

 1
 2PASS `document.cookie` on /cookies/resources/echo-cookie.html sets cookie with path: /
 3FAIL `document.cookie` on /cookies/resources/echo-cookie.html sets cookie with path: match.html assert_not_equals: Cookie path from DOM should not be `null` got disallowed value null
 4FAIL `document.cookie` on /cookies/resources/echo-cookie.html sets cookie with path: cookies assert_not_equals: Cookie path from DOM should not be `null` got disallowed value null
 5PASS `document.cookie` on /cookies/resources/echo-cookie.html sets cookie with path: /cookies
 6PASS `document.cookie` on /cookies/resources/echo-cookie.html sets cookie with path: /cookies/
 7PASS `document.cookie` on /cookies/resources/echo-cookie.html sets cookie with path: /cookies/resources/echo-cookie.html
 8PASS `document.cookie` on /cookies/resources/echo-cookie.html DOES NOT set cookie for path: /cook
 9PASS `document.cookie` on /cookies/resources/echo-cookie.html DOES NOT set cookie for path: /w/
 10PASS `Set-Cookie` on /cookies/resources/echo-cookie.html sets cookie with path: /
 11FAIL `Set-Cookie` on /cookies/resources/echo-cookie.html sets cookie with path: match.html assert_not_equals: Cookie path from header should not be `null` got disallowed value null
 12FAIL `Set-Cookie` on /cookies/resources/echo-cookie.html sets cookie with path: cookies assert_not_equals: Cookie path from header should not be `null` got disallowed value null
 13PASS `Set-Cookie` on /cookies/resources/echo-cookie.html sets cookie with path: /cookies
 14PASS `Set-Cookie` on /cookies/resources/echo-cookie.html sets cookie with path: /cookies/
 15PASS `Set-Cookie` on /cookies/resources/echo-cookie.html sets cookie with path: /cookies/resources/echo-cookie.html
 16PASS `Set-Cookie` on /cookies/resources/echo-cookie.html DOES NOT set cookie for path: /cook
 17PASS `Set-Cookie` on /cookies/resources/echo-cookie.html DOES NOT set cookie for path: /w/
 18

LayoutTests/imported/w3c/web-platform-tests/cookies/path/match.html

 1<!doctype html>
 2<html>
 3<head>
 4 <meta charset=utf-8>
 5 <title>tests for matching cookie paths</title>
 6 <meta name="timeout" content="long">
 7 <meta name=help href="http://tools.ietf.org/html/rfc6265#section-5.1.4">
 8
 9 <script src="/resources/testharness.js"></script>
 10 <script src="/resources/testharnessreport.js"></script>
 11 <script src="/cookies/resources/testharness-helpers.js"></script>
 12</head>
 13<body>
 14<div id=log></div>
 15
 16<script>
 17var body = document.getElementsByTagName('body')[0];
 18var createIframeThen = function (callback) {
 19 var iframe = document.createElement('iframe');
 20 iframe.src = "/cookies/resources/echo-cookie.html";
 21 body.appendChild(iframe);
 22 iframe.onload = callback;
 23 return iframe;
 24};
 25var testCookiePathFromDOM = function (testCase, test) {
 26 var iframe = createIframeThen(test.step_func(function () {
 27 iframe.contentWindow.setCookie('dom-' + testCase.name, testCase.path);
 28 var cookieSet = iframe.contentWindow.isCookieSet('dom-' + testCase.name, testCase.path);
 29 if (testCase.match === false) {
 30 assert_equals(cookieSet, null);
 31 } else {
 32 assert_not_equals(cookieSet, null, "Cookie path from DOM should not be `null`");
 33 }
 34
 35 iframe.contentWindow.expireCookie('dom-' + testCase.name, testCase.path);
 36 test.done();
 37 }));
 38};
 39var testCookiePathFromHeader = function (testCase, test) {
 40 var iframe = createIframeThen(test.step_func(function () {
 41 iframe.contentWindow.fetchCookieThen('header-' + testCase.name, testCase.path).then(test.step_func(function (response) {
 42 assert_true(response.ok);
 43
 44 var cookieSet = iframe.contentWindow.isCookieSet('header-' + testCase.name, testCase.path);
 45 iframe.contentWindow.expireCookie('header-' + testCase.name, testCase.path);
 46 if (testCase.match === false) {
 47 assert_equals(cookieSet, null);
 48 } else {
 49 assert_not_equals(cookieSet, null, "Cookie path from header should not be `null`");
 50 }
 51
 52 test.done();
 53 })).catch(test.unreached_func());
 54 }));
 55};
 56
 57var tests = [{
 58 "name": "match-slash",
 59 "path": "/",
 60}, {
 61 "name": "match-page",
 62 "path": "match.html",
 63}, {
 64 "name": "match-prefix",
 65 "path": "cookies",
 66}, {
 67 "name": "match-slash-prefix",
 68 "path": "/cookies",
 69}, {
 70 "name": "match-slash-prefix-slash",
 71 "path": "/cookies/",
 72}, {
 73 "name": "match-exact-page",
 74 "path": "/cookies/resources/echo-cookie.html",
 75}, {
 76 "name": "no-match",
 77 "path": "/cook",
 78 "match": false
 79}, {
 80 "name": "no-match-subpath",
 81 "path": "/w/",
 82 "match": false
 83}];
 84
 85var domTests = tests.map(function (testCase) {
 86 var testName = "`document.cookie` on /cookies/resources/echo-cookie.html sets cookie with path: " + testCase.path;
 87 if (testCase.match === false) {
 88 testName = "`document.cookie` on /cookies/resources/echo-cookie.html DOES NOT set cookie for path: " + testCase.path;
 89 }
 90 return [
 91 testName,
 92 function () {
 93 testCookiePathFromDOM(testCase, this);
 94 }
 95 ];
 96});
 97
 98var headerTests = tests.map(function (testCase) {
 99 var testName = "`Set-Cookie` on /cookies/resources/echo-cookie.html sets cookie with path: " + testCase.path;
 100 if (testCase.match === false) {
 101 testName = "`Set-Cookie` on /cookies/resources/echo-cookie.html DOES NOT set cookie for path: " + testCase.path;
 102 }
 103 return [
 104 testName,
 105 function () {
 106 testCookiePathFromHeader(testCase, this);
 107 }
 108 ];
 109});
 110
 111executeTestsSerially(domTests.concat(headerTests));
 112</script>
 113</body>
 114</html>

LayoutTests/imported/w3c/web-platform-tests/cookies/path/w3c-import.log

 1The tests in this directory were imported from the W3C repository.
 2Do NOT modify these tests directly in WebKit.
 3Instead, create a pull request on the WPT github:
 4 https://github.com/web-platform-tests/wpt
 5
 6Then run the Tools/Scripts/import-w3c-tests in WebKit to reimport
 7
 8Do NOT modify or remove this file.
 9
 10------------------------------------------------------------------------
 11Properties requiring vendor prefixes:
 12None
 13Property values requiring vendor prefixes:
 14None
 15------------------------------------------------------------------------
 16List of files:
 17/LayoutTests/imported/w3c/web-platform-tests/cookies/path/default.html
 18/LayoutTests/imported/w3c/web-platform-tests/cookies/path/match.html

LayoutTests/imported/w3c/web-platform-tests/cookies/prefix/__host.document-cookie-expected.txt

 1
 2PASS __Host: Non-secure origin: 'Path=/;'
 3PASS __Host: Non-secure origin: 'Secure; Path=/;'
 4PASS __Host: Non-secure origin: 'Path=/;domain=localhost'
 5PASS __Host: Non-secure origin: 'Secure; Path=/;domain=localhost'
 6PASS __Host: Non-secure origin: 'Path=/;MaxAge=10'
 7PASS __Host: Non-secure origin: 'Secure; Path=/;MaxAge=10'
 8PASS __Host: Non-secure origin: 'Path=/;HttpOnly'
 9PASS __Host: Non-secure origin: 'Secure; Path=/;HttpOnly'
 10PASS __Host: Non-secure origin: 'Secure; Path=/cookies/resources/list.py'
 11

LayoutTests/imported/w3c/web-platform-tests/cookies/prefix/__host.document-cookie.html

 1<!DOCTYPE html>
 2<script src="/resources/testharness.js"></script>
 3<script src="/resources/testharnessreport.js"></script>
 4<script src="/cookies/resources/cookie-helper.sub.js"></script>
 5<script>
 6 ["", "domain="+document.location.hostname, "MaxAge=10", "HttpOnly"].forEach(extraParams => {
 7 // Without 'secure'
 8 set_prefixed_cookie_via_dom_test({
 9 prefix: "__Host-",
 10 params: "Path=/;" + extraParams,
 11 shouldExistInDOM: false,
 12 shouldExistViaHTTP: false,
 13 title: "__Host: Non-secure origin: 'Path=/;" + extraParams + "'"
 14 });
 15
 16 // With 'secure'
 17 set_prefixed_cookie_via_dom_test({
 18 prefix: "__Host-",
 19 params: "Secure; Path=/;" + extraParams,
 20 shouldExistInDOM: false,
 21 shouldExistViaHTTP: false,
 22 title: "__Host: Non-secure origin: 'Secure; Path=/;" + extraParams + "'"
 23 });
 24 });
 25
 26 set_prefixed_cookie_via_dom_test({
 27 prefix: "__Host-",
 28 params: "Secure; Path=/cookies/resources/list.py",
 29 shouldExistInDOM: false,
 30 shouldExistViaHTTP: false,
 31 title: "__Host: Non-secure origin: 'Secure; Path=/cookies/resources/list.py'"
 32 });
 33</script>

LayoutTests/imported/w3c/web-platform-tests/cookies/prefix/__host.document-cookie.https-expected.txt

 1
 2PASS __Host: Secure origin: Does not set 'Path=/;'
 3PASS __Host: Secure origin: Does set 'Secure; Path=/;'
 4PASS __Host: Secure origin: Does not set 'Secure; Path=/; Domain=localhost; '
 5PASS __Host: Secure origin: Does not set 'Path=/;MaxAge=10'
 6PASS __Host: Secure origin: Does set 'Secure; Path=/;MaxAge=10'
 7PASS __Host: Secure origin: Does not set 'Secure; Path=/; Domain=localhost; MaxAge=10'
 8PASS __Host: Secure origin: Does not set 'Secure; Path=/cookies/resources/list.py'
 9

LayoutTests/imported/w3c/web-platform-tests/cookies/prefix/__host.document-cookie.https.html

 1<!DOCTYPE html>
 2<script src="/resources/testharness.js"></script>
 3<script src="/resources/testharnessreport.js"></script>
 4<script src="/cookies/resources/cookie-helper.sub.js"></script>
 5<script>
 6 ["", "MaxAge=10"].forEach(extraParams => {
 7 // Without 'secure'
 8 set_prefixed_cookie_via_dom_test({
 9 prefix: "__Host-",
 10 params: "Path=/;" + extraParams,
 11 shouldExistInDOM: false,
 12 shouldExistViaHTTP: false,
 13 title: "__Host: Secure origin: Does not set 'Path=/;" + extraParams + "'"
 14 });
 15
 16 // With 'secure'
 17 set_prefixed_cookie_via_dom_test({
 18 prefix: "__Host-",
 19 params: "Secure; Path=/;" + extraParams,
 20 shouldExistInDOM: true,
 21 shouldExistViaHTTP: true,
 22 title: "__Host: Secure origin: Does set 'Secure; Path=/;" + extraParams + "'"
 23 });
 24
 25 // With 'domain'
 26 set_prefixed_cookie_via_dom_test({
 27 prefix: "__Host-",
 28 params: "Secure; Path=/; Domain=" + document.location.hostname + "; " + extraParams,
 29 shouldExistInDOM: false,
 30 shouldExistViaHTTP: false,
 31 title: "__Host: Secure origin: Does not set 'Secure; Path=/; Domain=" + document.location.hostname + "; " + extraParams + "'"
 32 });
 33 });
 34
 35 set_prefixed_cookie_via_dom_test({
 36 prefix: "__Host-",
 37 params: "Secure; Path=/cookies/resources/list.py",
 38 shouldExistInDOM: false,
 39 shouldExistViaHTTP: false,
 40 title: "__Host: Secure origin: Does not set 'Secure; Path=/cookies/resources/list.py'"
 41 });
 42</script>

LayoutTests/imported/w3c/web-platform-tests/cookies/prefix/__host.header-expected.txt

 1
 2PASS __Host: Non-secure origin: Does not set 'Path=/;'
 3PASS __Host: Non-secure origin: Does not set 'Secure; Path=/;'
 4PASS __Host: Secure origin: Does not set 'Secure; Path=/; Domain=localhost; '
 5PASS __Host: Non-secure origin: Does not set 'Path=/;domain=localhost'
 6PASS __Host: Non-secure origin: Does not set 'Secure; Path=/;domain=localhost'
 7PASS __Host: Secure origin: Does not set 'Secure; Path=/; Domain=localhost; domain=localhost'
 8PASS __Host: Non-secure origin: Does not set 'Path=/;MaxAge=10'
 9PASS __Host: Non-secure origin: Does not set 'Secure; Path=/;MaxAge=10'
 10PASS __Host: Secure origin: Does not set 'Secure; Path=/; Domain=localhost; MaxAge=10'
 11PASS __Host: Non-secure origin: Does not set 'Path=/;HttpOnly'
 12PASS __Host: Non-secure origin: Does not set 'Secure; Path=/;HttpOnly'
 13PASS __Host: Secure origin: Does not set 'Secure; Path=/; Domain=localhost; HttpOnly'
 14PASS __Host: Non-secure origin: Does not set 'Secure; Path=/cookies/resources/list.py'
 15

LayoutTests/imported/w3c/web-platform-tests/cookies/prefix/__host.header.html

 1<!DOCTYPE html>
 2<script src="/resources/testharness.js"></script>
 3<script src="/resources/testharnessreport.js"></script>
 4<script src="/cookies/resources/cookie-helper.sub.js"></script>
 5<script>
 6 ["", "domain="+document.location.hostname, "MaxAge=10", "HttpOnly"].forEach(extraParams => {
 7 // Without 'secure'
 8 set_prefixed_cookie_via_http_test({
 9 prefix: "__Host-",
 10 params: "Path=/;" + extraParams,
 11 origin: self.origin,
 12 shouldExistInDOM: false,
 13 shouldExistViaHTTP: false,
 14 title: "__Host: Non-secure origin: Does not set 'Path=/;" + extraParams + "'"
 15 });
 16
 17 // With 'secure'
 18 set_prefixed_cookie_via_http_test({
 19 prefix: "__Host-",
 20 params: "Secure; Path=/;" + extraParams,
 21 origin: self.origin,
 22 shouldExistInDOM: false,
 23 shouldExistViaHTTP: false,
 24 title: "__Host: Non-secure origin: Does not set 'Secure; Path=/;" + extraParams + "'"
 25 });
 26
 27 // With 'domain'
 28 set_prefixed_cookie_via_http_test({
 29 prefix: "__Host-",
 30 params: "Secure; Path=/; Domain=" + document.location.hostname + "; " + extraParams,
 31 origin: self.origin,
 32 shouldExistInDOM: false,
 33 shouldExistViaHTTP: false,
 34 title: "__Host: Secure origin: Does not set 'Secure; Path=/; Domain=" + document.location.hostname + "; " + extraParams + "'"
 35 });
 36 });
 37
 38 set_prefixed_cookie_via_http_test({
 39 prefix: "__Host-",
 40 params: "Secure; Path=/cookies/resources/list.py",
 41 origin: self.origin,
 42 shouldExistInDOM: false,
 43 shouldExistViaHTTP: false,
 44 title: "__Host: Non-secure origin: Does not set 'Secure; Path=/cookies/resources/list.py'"
 45 });
 46</script>
 47

LayoutTests/imported/w3c/web-platform-tests/cookies/prefix/__host.header.https-expected.txt

 1
 2PASS __Host: Secure origin: Does not set 'Path=/;'
 3PASS __Host: Secure origin: Does set 'Secure; Path=/;'
 4PASS __Host: Secure origin: Does not set 'Secure; Path=/; Domain=localhost; '
 5PASS __Host: Secure origin: Does not set 'Path=/;MaxAge=10'
 6PASS __Host: Secure origin: Does set 'Secure; Path=/;MaxAge=10'
 7PASS __Host: Secure origin: Does not set 'Secure; Path=/; Domain=localhost; MaxAge=10'
 8PASS __Host: Secure origin: Does not set 'Path=/;HttpOnly'
 9PASS __Host: Secure origin: Does set 'Secure; Path=/;HttpOnly'
 10PASS __Host: Secure origin: Does not set 'Secure; Path=/; Domain=localhost; HttpOnly'
 11PASS __Host: Secure origin: Does not set 'Secure; Path=/cookies/resources/list.py'
 12

LayoutTests/imported/w3c/web-platform-tests/cookies/prefix/__host.header.https.html

 1<!DOCTYPE html>
 2<script src="/resources/testharness.js"></script>
 3<script src="/resources/testharnessreport.js"></script>
 4<script src="/cookies/resources/cookie-helper.sub.js"></script>
 5<script>
 6 ["", "MaxAge=10", "HttpOnly"].forEach(extraParams => {
 7 // Without 'secure'
 8 set_prefixed_cookie_via_http_test({
 9 prefix: "__Host-",
 10 params: "Path=/;" + extraParams,
 11 origin: self.origin,
 12 shouldExistInDOM: false,
 13 shouldExistViaHTTP: false,
 14 title: "__Host: Secure origin: Does not set 'Path=/;" + extraParams + "'"
 15 });
 16
 17 // With 'secure'
 18 set_prefixed_cookie_via_http_test({
 19 prefix: "__Host-",
 20 params: "Secure; Path=/;" + extraParams,
 21 origin: self.origin,
 22 shouldExistInDOM: true,
 23 shouldExistViaHTTP: true,
 24 title: "__Host: Secure origin: Does set 'Secure; Path=/;" + extraParams + "'"
 25 });
 26
 27 // With 'domain'
 28 set_prefixed_cookie_via_http_test({
 29 prefix: "__Host-",
 30 params: "Secure; Path=/; Domain=" + document.location.hostname + "; " + extraParams,
 31 origin: self.origin,
 32 shouldExistInDOM: false,
 33 shouldExistViaHTTP: false,
 34 title: "__Host: Secure origin: Does not set 'Secure; Path=/; Domain=" + document.location.hostname + "; " + extraParams + "'"
 35 });
 36 });
 37
 38 set_prefixed_cookie_via_http_test({
 39 prefix: "__Host-",
 40 params: "Secure; Path=/cookies/resources/list.py",
 41 origin: self.origin,
 42 shouldExistInDOM: false,
 43 shouldExistViaHTTP: false,
 44 title: "__Host: Secure origin: Does not set 'Secure; Path=/cookies/resources/list.py'"
 45 });
 46</script>
 47

LayoutTests/imported/w3c/web-platform-tests/cookies/prefix/__secure.document-cookie-expected.txt

 1
 2PASS __Secure: Non-secure origin: Should not set 'Path=/;'
 3PASS __Secure: Non-secure origin: Should not set 'Secure; Path=/;'
 4PASS __Secure: Non-secure origin: Should not set 'Path=/;MaxAge=10'
 5PASS __Secure: Non-secure origin: Should not set 'Secure; Path=/;MaxAge=10'
 6PASS __Secure: Non-secure origin: Should not set 'Path=/;domain=localhost'
 7PASS __Secure: Non-secure origin: Should not set 'Secure; Path=/;domain=localhost'
 8

LayoutTests/imported/w3c/web-platform-tests/cookies/prefix/__secure.document-cookie.html

 1<!DOCTYPE html>
 2<script src="/resources/testharness.js"></script>
 3<script src="/resources/testharnessreport.js"></script>
 4<script src="/cookies/resources/cookie-helper.sub.js"></script>
 5<script>
 6 ["", "MaxAge=10", "domain="+document.location.hostname].forEach(extraParams => {
 7 // Without 'secure'
 8 set_prefixed_cookie_via_dom_test({
 9 prefix: "__Secure-",
 10 params: "Path=/;" + extraParams,
 11 shouldExistInDOM: false,
 12 shouldExistViaHTTP: false,
 13 title: "__Secure: Non-secure origin: Should not set 'Path=/;" + extraParams + "'"
 14 });
 15
 16 // With 'secure'
 17 set_prefixed_cookie_via_dom_test({
 18 prefix: "__Secure-",
 19 params: "Secure; Path=/;" + extraParams,
 20 shouldExistInDOM: false,
 21 shouldExistViaHTTP: false,
 22 title: "__Secure: Non-secure origin: Should not set 'Secure; Path=/;" + extraParams + "'"
 23 });
 24 });
 25</script>

LayoutTests/imported/w3c/web-platform-tests/cookies/prefix/__secure.document-cookie.https-expected.txt

 1
 2PASS __Secure: Secure origin: Should not set 'Path=/;'
 3PASS __Secure: Secure origin: Should set 'Secure; Path=/;'
 4PASS __Secure: Secure origin: Should not set 'Path=/;MaxAge=10'
 5PASS __Secure: Secure origin: Should set 'Secure; Path=/;MaxAge=10'
 6PASS __Secure: Secure origin: Should not set 'Path=/;domain=localhost'
 7PASS __Secure: Secure origin: Should set 'Secure; Path=/;domain=localhost'
 8

LayoutTests/imported/w3c/web-platform-tests/cookies/prefix/__secure.document-cookie.https.html

 1<!DOCTYPE html>
 2<script src="/resources/testharness.js"></script>
 3<script src="/resources/testharnessreport.js"></script>
 4<script src="/cookies/resources/cookie-helper.sub.js"></script>
 5<script>
 6 ["", "MaxAge=10", "domain="+document.location.hostname].forEach(extraParams => {
 7 // Without 'secure'
 8 set_prefixed_cookie_via_dom_test({
 9 prefix: "__Secure-",
 10 params: "Path=/;" + extraParams,
 11 shouldExistInDOM: false,
 12 shouldExistViaHTTP: false,
 13 title: "__Secure: Secure origin: Should not set 'Path=/;" + extraParams + "'"
 14 });
 15
 16 // With 'secure'
 17 set_prefixed_cookie_via_dom_test({
 18 prefix: "__Secure-",
 19 params: "Secure; Path=/;" + extraParams,
 20 shouldExistInDOM: true,
 21 shouldExistViaHTTP: true,
 22 title: "__Secure: Secure origin: Should set 'Secure; Path=/;" + extraParams + "'"
 23 });
 24 });
 25</script>

LayoutTests/imported/w3c/web-platform-tests/cookies/prefix/__secure.header-expected.txt

 1
 2PASS __Secure: Non-secure origin: Should not set 'Path=/;'
 3PASS __Secure: Non-secure origin: Should not set 'Secure; Path=/;'
 4PASS __Secure: Non-secure origin: Should not set 'Path=/;domain=localhost'
 5PASS __Secure: Non-secure origin: Should not set 'Secure; Path=/;domain=localhost'
 6PASS __Secure: Non-secure origin: Should not set 'Path=/;MaxAge=10'
 7PASS __Secure: Non-secure origin: Should not set 'Secure; Path=/;MaxAge=10'
 8PASS __Secure: Non-secure origin: Should not set 'Path=/;HttpOnly'
 9PASS __Secure: Non-secure origin: Should not set 'Secure; Path=/;HttpOnly'
 10

LayoutTests/imported/w3c/web-platform-tests/cookies/prefix/__secure.header.html

 1<!DOCTYPE html>
 2<script src="/resources/testharness.js"></script>
 3<script src="/resources/testharnessreport.js"></script>
 4<script src="/cookies/resources/cookie-helper.sub.js"></script>
 5<script>
 6 ["", "domain="+document.location.hostname, "MaxAge=10", "HttpOnly"].forEach(extraParams => {
 7 // Without 'secure'
 8 set_prefixed_cookie_via_http_test({
 9 prefix: "__Secure-",
 10 params: "Path=/;" + extraParams,
 11 origin: self.origin,
 12 shouldExistViaHTTP: false,
 13 title: "__Secure: Non-secure origin: Should not set 'Path=/;" + extraParams + "'"
 14 });
 15
 16 // With 'secure'
 17 set_prefixed_cookie_via_http_test({
 18 prefix: "__Secure-",
 19 params: "Secure; Path=/;" + extraParams,
 20 origin: self.origin,
 21 shouldExistViaHTTP: false,
 22 title: "__Secure: Non-secure origin: Should not set 'Secure; Path=/;" + extraParams + "'"
 23 });
 24 });
 25</script>

LayoutTests/imported/w3c/web-platform-tests/cookies/prefix/__secure.header.https-expected.txt

 1
 2PASS __Secure: secure origin: Should not set 'Path=/;'
 3PASS __Secure: secure origin: Should set 'Secure;Path=/;'
 4PASS __Secure: secure origin: Should not set 'Path=/;MaxAge=10'
 5PASS __Secure: secure origin: Should set 'Secure;Path=/;MaxAge=10'
 6PASS __Secure: secure origin: Should not set 'Path=/;HttpOnly'
 7PASS __Secure: secure origin: Should set 'Secure;Path=/;HttpOnly'
 8PASS __Secure: secure origin: Should not set 'Path=/;domain=127.0.0.1'
 9FAIL __Secure: secure origin: Should set 'Secure;Path=/;domain=127.0.0.1' assert_equals: expected (string) "0.26261606557964934" but got (undefined) undefined
 10

LayoutTests/imported/w3c/web-platform-tests/cookies/prefix/__secure.header.https.html

 1<!DOCTYPE html>
 2<script src="/resources/testharness.js"></script>
 3<script src="/resources/testharnessreport.js"></script>
 4<script src="/cookies/resources/cookie-helper.sub.js"></script>
 5<script>
 6 ["", "MaxAge=10", "HttpOnly"].forEach(extraParams => {
 7 // Without 'secure'
 8 set_prefixed_cookie_via_http_test({
 9 prefix: "__Secure-",
 10 params: "Path=/;" + extraParams,
 11 origin: self.origin,
 12 shouldExistViaHTTP: false,
 13 title: "__Secure: secure origin: Should not set 'Path=/;" + extraParams + "'"
 14 });
 15
 16 // With 'secure'
 17 set_prefixed_cookie_via_http_test({
 18 prefix: "__Secure-",
 19 params: "Secure;Path=/;" + extraParams,
 20 origin: self.origin,
 21 shouldExistViaHTTP: true,
 22 title: "__Secure: secure origin: Should set 'Secure;Path=/;" + extraParams + "'"
 23 });
 24 });
 25
 26 // Without 'secure'
 27 set_prefixed_cookie_via_http_test({
 28 prefix: "__Secure-",
 29 // SameSite=None is necessary because cross-site origins cannot set SameSite cookies via fetch.
 30 params: "Path=/;SameSite=None;domain=" + CROSS_SITE_HOST,
 31 origin: SECURE_CROSS_SITE_ORIGIN,
 32 shouldExistViaHTTP: false,
 33 title: "__Secure: secure origin: Should not set 'Path=/;domain=" + CROSS_SITE_HOST + "'"
 34 });
 35
 36 // With 'secure'
 37 set_prefixed_cookie_via_http_test({
 38 prefix: "__Secure-",
 39 // SameSite=None is necessary because cross-site origins cannot set SameSite cookies via fetch.
 40 params: "Secure;SameSite=None;Path=/;domain=" + CROSS_SITE_HOST,
 41 origin: SECURE_CROSS_SITE_ORIGIN,
 42 shouldExistViaHTTP: true,
 43 title: "__Secure: secure origin: Should set 'Secure;Path=/;domain=" + CROSS_SITE_HOST + "'"
 44 });
 45</script>

LayoutTests/imported/w3c/web-platform-tests/cookies/prefix/document-cookie.non-secure-expected.txt

 1
 2PASS No prefix, root path, no special behavior
 3PASS No prefix, domain, no special behavior
 4PASS __Secure: Non-secure origin: 'Path=/;'
 5PASS __Secure: Non-secure origin: 'Secure; Path=/;'
 6PASS __Secure: Non-secure origin: 'Path=/;domain=localhost'
 7PASS __Secure: Non-secure origin: 'Secure; Path=/;domain=localhost'
 8PASS __Secure: Non-secure origin: 'Path=/;MaxAge=10'
 9PASS __Secure: Non-secure origin: 'Secure; Path=/;MaxAge=10'
 10PASS __Secure: Non-secure origin: 'Path=/;HttpOnly'
 11PASS __Secure: Non-secure origin: 'Secure; Path=/;HttpOnly'
 12PASS __Host: Non-secure origin: 'Path=/; '
 13PASS __Host: Non-secure origin: 'Secure; Path=/; '
 14PASS __Host: Non-secure origin: 'Path=/; domain=localhost'
 15PASS __Host: Non-secure origin: 'Secure; Path=/; domain=localhost'
 16PASS __Host: Non-secure origin: 'Path=/; MaxAge=10'
 17PASS __Host: Non-secure origin: 'Secure; Path=/; MaxAge=10'
 18PASS __Host: Non-secure origin: 'Path=/; HttpOnly'
 19PASS __Host: Non-secure origin: 'Secure; Path=/; HttpOnly'
 20PASS __Host: Non-secure origin: 'Path=/cookies/resources/list.py;Secure'
 21

LayoutTests/imported/w3c/web-platform-tests/cookies/prefix/document-cookie.non-secure.html

 1<!DOCTYPE html>
 2<script src="/resources/testharness.js"></script>
 3<script src="/resources/testharnessreport.js"></script>
 4<script src="/cookies/resources/cookie-helper.sub.js"></script>
 5<script>
 6 function create_test(prefix, params, shouldExistInDOM, shouldExistViaHTTP, title) {
 7 promise_test(t => {
 8 var name = prefix + "prefixtestcookie";
 9 erase_cookie_from_js(name, params);
 10 t.add_cleanup(() => erase_cookie_from_js(name, params));
 11 var value = "" + Math.random();
 12 document.cookie = name + "=" + value + ";" + params;
 13
 14 assert_dom_cookie(name, value, shouldExistInDOM);
 15
 16 return credFetch("/cookies/resources/list.py")
 17 .then(r => r.json())
 18 .then(cookies => assert_equals(cookies[name], shouldExistViaHTTP ? value : undefined));
 19 }, title);
 20 }
 21
 22 // No prefix
 23 create_test("", "path=/", true, true, "No prefix, root path, no special behavior");
 24 create_test("", "path=/;domain=" + document.location.hostname, true, true, "No prefix, domain, no special behavior");
 25
 26 // `__Secure-` Prefix
 27 ["", "domain="+document.location.hostname, "MaxAge=10", "HttpOnly"].forEach(params => {
 28 create_test("__Secure-", "Path=/;" + params, false, false, "__Secure: Non-secure origin: 'Path=/;" + params + "'");
 29 create_test("__Secure-", "Secure; Path=/;" + params, false, false, "__Secure: Non-secure origin: 'Secure; Path=/;" + params + "'");
 30 });
 31
 32 // `__Host-` Prefix
 33 ["", "domain="+document.location.hostname, "MaxAge=10", "HttpOnly"].forEach(params => {
 34 create_test("__Secure-", "Path=/;" + params, false, false, "__Host: Non-secure origin: 'Path=/; " + params + "'");
 35 create_test("__Secure-", "Secure; Path=/;" + params, false, false, "__Host: Non-secure origin: 'Secure; Path=/; " + params + "'");
 36 });
 37 create_test("__Secure-", "Path=/cookies/resources/list.py;Secure", false, false, "__Host: Non-secure origin: 'Path=/cookies/resources/list.py;Secure'");
 38</script>

LayoutTests/imported/w3c/web-platform-tests/cookies/prefix/w3c-import.log

 1The tests in this directory were imported from the W3C repository.
 2Do NOT modify these tests directly in WebKit.
 3Instead, create a pull request on the WPT github:
 4 https://github.com/web-platform-tests/wpt
 5
 6Then run the Tools/Scripts/import-w3c-tests in WebKit to reimport
 7
 8Do NOT modify or remove this file.
 9
 10------------------------------------------------------------------------
 11Properties requiring vendor prefixes:
 12None
 13Property values requiring vendor prefixes:
 14None
 15------------------------------------------------------------------------
 16List of files:
 17/LayoutTests/imported/w3c/web-platform-tests/cookies/prefix/__host.document-cookie.html
 18/LayoutTests/imported/w3c/web-platform-tests/cookies/prefix/__host.document-cookie.https.html
 19/LayoutTests/imported/w3c/web-platform-tests/cookies/prefix/__host.header.html
 20/LayoutTests/imported/w3c/web-platform-tests/cookies/prefix/__host.header.https.html
 21/LayoutTests/imported/w3c/web-platform-tests/cookies/prefix/__secure.document-cookie.html
 22/LayoutTests/imported/w3c/web-platform-tests/cookies/prefix/__secure.document-cookie.https.html
 23/LayoutTests/imported/w3c/web-platform-tests/cookies/prefix/__secure.header.html
 24/LayoutTests/imported/w3c/web-platform-tests/cookies/prefix/__secure.header.https.html
 25/LayoutTests/imported/w3c/web-platform-tests/cookies/prefix/document-cookie.non-secure.html

LayoutTests/imported/w3c/web-platform-tests/cookies/resources/cookie-helper.sub.js

11// Set up exciting global variables for cookie tests.
22(_ => {
33 var HOST = "{{host}}";
 4 var INSECURE_PORT = ":{{ports[http][0]}}";
45 var SECURE_PORT = ":{{ports[https][0]}}";
5  var PORT = ":{{ports[http][0]}}";
66 var CROSS_ORIGIN_HOST = "{{hosts[alt][]}}";
7  var SECURE_CROSS_ORIGIN_HOST = "{{hosts[alt][]}}";
 7
 8 window.INSECURE_ORIGIN = "http://" + HOST + INSECURE_PORT;
89
910 //For secure cookie verification
1011 window.SECURE_ORIGIN = "https://" + HOST + SECURE_PORT;
11  window.INSECURE_ORIGIN = "http://" + HOST + PORT;
1212
1313 //standard references
14  window.ORIGIN = "http://" + HOST + PORT;
15  window.WWW_ORIGIN = "http://{{domains[www]}}" + PORT;
16  window.SUBDOMAIN_ORIGIN = "http://{{domains[www1]}}" + PORT;
17  window.CROSS_SITE_ORIGIN = "http://" + CROSS_ORIGIN_HOST + PORT;
18  window.SECURE_CROSS_SITE_ORIGIN = "https://" + SECURE_CROSS_ORIGIN_HOST + SECURE_PORT;
19  window.CROSS_SITE_HOST = SECURE_CROSS_ORIGIN_HOST;
 14 window.SECURE_SUBDOMAIN_ORIGIN = "https://{{domains[www1]}}" + SECURE_PORT;
 15 window.SECURE_CROSS_SITE_ORIGIN = "https://" + CROSS_ORIGIN_HOST + SECURE_PORT;
 16 window.CROSS_SITE_HOST = CROSS_ORIGIN_HOST;
2017
2118 // Set the global cookie name.
2219 window.HTTP_COOKIE = "cookie_via_http";
23 
24  // If we're not on |HOST|, move ourselves there:
25  if (window.location.hostname != HOST)
26  window.location.hostname = HOST;
2720})();
2821
2922// A tiny helper which returns the result of fetching |url| with credentials.
3023function credFetch(url) {
31  return fetch(url, {"credentials": "include"});
 24 return fetch(url, {"credentials": "include"})
 25 .then(response => {
 26 if (response.status !== 200) {
 27 throw new Error(response.statusText);
 28 }
 29 return response;
 30 });
3231}
3332
3433// Returns a URL on |origin| which redirects to a given absolute URL.

@@function redirectTo(origin, url) {
3635 return origin + "/cookies/resources/redirectWithCORSHeaders.py?status=307&location=" + encodeURIComponent(url);
3736}
3837
 38// Returns a URL on |origin| which navigates the window to the given URL (by
 39// setting window.location).
 40function navigateTo(origin, url) {
 41 return origin + "/cookies/resources/navigate.html?location=" + encodeURIComponent(url);
 42}
 43
3944// Asserts that `document.cookie` contains or does not contain (according to
4045// the value of |present|) a cookie named |name| with a value of |value|.
4146function assert_dom_cookie(name, value, present) {

@@function create_cookie(origin, name, value, extras) {
7277function set_prefixed_cookie_via_dom_test(options) {
7378 promise_test(t => {
7479 var name = options.prefix + "prefixtestcookie";
75  erase_cookie_from_js(name);
 80 erase_cookie_from_js(name, options.params);
 81 t.add_cleanup(() => erase_cookie_from_js(name, options.params));
7682 var value = "" + Math.random();
7783 document.cookie = name + "=" + value + ";" + options.params;
7884

@@function set_prefixed_cookie_via_dom_test(options) {
8692
8793function set_prefixed_cookie_via_http_test(options) {
8894 promise_test(t => {
89  var postDelete = _ => {
90  var value = "" + Math.random();
91  return credFetch(options.origin + "/cookies/resources/set.py?" + name + "=" + value + ";" + options.params)
92  .then(_ => credFetch(options.origin + "/cookies/resources/list.py"))
93  .then(r => r.json())
94  .then(cookies => assert_equals(cookies[name], options.shouldExistViaHTTP ? value : undefined));
95  };
96 
9795 var name = options.prefix + "prefixtestcookie";
98  if (!options.origin) {
99  options.origin = self.origin;
100  erase_cookie_from_js(name);
101  return postDelete;
102  } else {
103  return credFetch(options.origin + "/cookies/resources/drop.py?name=" + name)
104  .then(_ => postDelete());
105  }
 96 var value = "" + Math.random();
 97
 98 t.add_cleanup(() => {
 99 var cookie = name + "=0;expires=" + new Date(0).toUTCString() + ";" +
 100 options.params;
 101
 102 return credFetch(options.origin + "/cookies/resources/set.py?" + cookie);
 103 });
 104
 105 return credFetch(options.origin + "/cookies/resources/set.py?" + name + "=" + value + ";" + options.params)
 106 .then(_ => credFetch(options.origin + "/cookies/resources/list.py"))
 107 .then(r => r.json())
 108 .then(cookies => assert_equals(cookies[name], options.shouldExistViaHTTP ? value : undefined));
106109 }, options.title);
107110}
108111

@@function set_prefixed_cookie_via_http_test(options) {
110113// SameSite-specific test helpers:
111114//
112115
 116// status for "network" cookies.
113117window.SameSiteStatus = {
114118 CROSS_SITE: "cross-site",
115119 LAX: "lax",
116120 STRICT: "strict"
117121};
 122// status for "document.cookie".
 123window.DomSameSiteStatus = {
 124 CROSS_SITE: "cross-site",
 125 SAME_SITE: "same-site",
 126};
 127
 128const wait_for_message = (type, origin) => {
 129 return new Promise((resolve, reject) => {
 130 window.addEventListener('message', e => {
 131 if (origin && e.origin != origin) {
 132 reject("Message from unexpected origin in wait_for_message:" + e.origin);
 133 return;
 134 }
 135
 136 if (e.data.type && e.data.type === type)
 137 resolve(e);
 138 }, { once: true });
 139 });
 140};
118141
119142// Reset SameSite test cookies on |origin|. If |origin| matches `self.origin`, assert
120143// (via `document.cookie`) that they were properly removed and reset.
121 function resetSameSiteCookies(origin, value) {
122  return credFetch(origin + "/cookies/resources/dropSameSite.py")
123  .then(_ => {
124  if (origin == self.origin) {
125  assert_dom_cookie("samesite_strict", value, false);
126  assert_dom_cookie("samesite_lax", value, false);
127  assert_dom_cookie("samesite_none", value, false);
128  }
129  })
130  .then(_ => {
131  return credFetch(origin + "/cookies/resources/setSameSite.py?" + value)
132  .then(_ => {
133  if (origin == self.origin) {
134  assert_dom_cookie("samesite_strict", value, true);
135  assert_dom_cookie("samesite_lax", value, true);
136  assert_dom_cookie("samesite_none", value, true);
137  }
138  })
139  })
 144async function resetSameSiteCookies(origin, value) {
 145 let w = window.open(origin + "/cookies/samesite/resources/puppet.html");
 146 try {
 147 await wait_for_message("READY", origin);
 148 w.postMessage({type: "drop", useOwnOrigin: true}, "*");
 149 await wait_for_message("drop-complete", origin);
 150 if (origin == self.origin) {
 151 assert_dom_cookie("samesite_strict", value, false);
 152 assert_dom_cookie("samesite_lax", value, false);
 153 assert_dom_cookie("samesite_none", value, false);
 154 assert_dom_cookie("samesite_unspecified", value, false);
 155 }
 156
 157 w.postMessage({type: "set", value: value, useOwnOrigin: true}, "*");
 158 await wait_for_message("set-complete", origin);
 159 if (origin == self.origin) {
 160 assert_dom_cookie("samesite_strict", value, true);
 161 assert_dom_cookie("samesite_lax", value, true);
 162 assert_dom_cookie("samesite_none", value, true);
 163 assert_dom_cookie("samesite_unspecified", value, true);
 164 }
 165 } finally {
 166 w.close();
 167 }
140168}
141169
142170// Given an |expectedStatus| and |expectedValue|, assert the |cookies| contains the
143 // proper set of cookie names and values.
144 function verifySameSiteCookieState(expectedStatus, expectedValue, cookies) {
145  assert_equals(cookies["samesite_none"], expectedValue, "Non-SameSite cookies are always sent.");
 171// proper set of cookie names and values, according to the legacy behavior where
 172// unspecified SameSite attribute defaults to SameSite=None behavior.
 173function verifySameSiteCookieStateLegacy(expectedStatus, expectedValue, cookies, domCookieStatus) {
 174 assert_equals(cookies["samesite_none"], expectedValue, "SameSite=None cookies are always sent.");
 175 assert_equals(cookies["samesite_unspecified"], expectedValue, "Unspecified-SameSite cookies are always sent.");
146176 if (expectedStatus == SameSiteStatus.CROSS_SITE) {
147177 assert_not_equals(cookies["samesite_strict"], expectedValue, "SameSite=Strict cookies are not sent with cross-site requests.");
148178 assert_not_equals(cookies["samesite_lax"], expectedValue, "SameSite=Lax cookies are not sent with cross-site requests.");

@@function verifySameSiteCookieState(expectedStatus, expectedValue, cookies) {
153183 assert_equals(cookies["samesite_strict"], expectedValue, "SameSite=Strict cookies are sent with strict requests.");
154184 assert_equals(cookies["samesite_lax"], expectedValue, "SameSite=Lax cookies are sent with strict requests.");
155185 }
 186
 187 if (cookies["domcookies"]) {
 188 verifyDocumentCookieLegacy(domCookieStatus, expectedValue, cookies["domcookies"]);
 189 }
 190}
 191
 192// Same as above except this expects samesite_unspecified to act the same as
 193// samesite_lax (which is the behavior expected when SameSiteByDefault is
 194// enabled).
 195function verifySameSiteCookieStateWithSameSiteByDefault(expectedStatus, expectedValue, cookies, domCookieStatus) {
 196 assert_equals(cookies["samesite_none"], expectedValue, "SameSite=None cookies are always sent.");
 197 if (expectedStatus == SameSiteStatus.CROSS_SITE) {
 198 assert_not_equals(cookies["samesite_strict"], expectedValue, "SameSite=Strict cookies are not sent with cross-site requests.");
 199 assert_not_equals(cookies["samesite_lax"], expectedValue, "SameSite=Lax cookies are not sent with cross-site requests.");
 200 assert_not_equals(cookies["samesite_unspecified"], expectedValue, "Unspecified-SameSite cookies are not sent with cross-site requests.");
 201 } else if (expectedStatus == SameSiteStatus.LAX) {
 202 assert_not_equals(cookies["samesite_strict"], expectedValue, "SameSite=Strict cookies are not sent with lax requests.");
 203 assert_equals(cookies["samesite_lax"], expectedValue, "SameSite=Lax cookies are sent with lax requests.");
 204 assert_equals(cookies["samesite_unspecified"], expectedValue, "Unspecified-SameSite cookies are are sent with lax requests.")
 205 } else if (expectedStatus == SameSiteStatus.STRICT) {
 206 assert_equals(cookies["samesite_strict"], expectedValue, "SameSite=Strict cookies are sent with strict requests.");
 207 assert_equals(cookies["samesite_lax"], expectedValue, "SameSite=Lax cookies are sent with strict requests.");
 208 assert_equals(cookies["samesite_unspecified"], expectedValue, "Unspecified-SameSite cookies are are sent with strict requests.")
 209 }
 210
 211 if (cookies["domcookies"]) {
 212 verifyDocumentCookieWithSameSiteByDefault(domCookieStatus, expectedValue, cookies["domcookies"]);
 213 }
 214}
 215
 216function verifyDocumentCookieLegacy(expectedStatus, expectedValue, domcookies) {
 217 const cookies = domcookies.split(";")
 218 .map(cookie => cookie.trim().split("="))
 219 .reduce((obj, cookie) => {
 220 obj[cookie[0]] = cookie[1];
 221 return obj;
 222 }, {});
 223
 224 if (expectedStatus == DomSameSiteStatus.SAME_SITE) {
 225 assert_equals(cookies["samesite_none"], expectedValue, "SameSite=None cookies are always included in document.cookie.");
 226 assert_equals(cookies["samesite_unspecified"], expectedValue, "Unspecified-SameSite cookies are always included in document.cookie.");
 227 assert_equals(cookies["samesite_strict"], expectedValue, "SameSite=Strict cookies are always included in document.cookie.");
 228 assert_equals(cookies["samesite_lax"], expectedValue, "SameSite=Lax cookies are always included in document.cookie.");
 229 } else if (expectedStatus == DomSameSiteStatus.CROSS_SITE) {
 230 assert_equals(cookies["samesite_none"], expectedValue, "SameSite=None cookies are always included in document.cookie.");
 231 assert_equals(cookies["samesite_unspecified"], expectedValue, "Unspecified-SameSite cookies are always included in document.cookie.");
 232 assert_not_equals(cookies["samesite_strict"], expectedValue, "SameSite=Strict cookies are not included in document.cookie when cross-site.");
 233 assert_not_equals(cookies["samesite_lax"], expectedValue, "SameSite=Lax cookies are not included in document.cookie when cross-site.");
 234 }
 235}
 236
 237function verifyDocumentCookieWithSameSiteByDefault(expectedStatus, expectedValue, domcookies) {
 238 const cookies = domcookies.split(";")
 239 .map(cookie => cookie.trim().split("="))
 240 .reduce((obj, cookie) => {
 241 obj[cookie[0]] = cookie[1];
 242 return obj;
 243 }, {});
 244
 245 if (expectedStatus == DomSameSiteStatus.SAME_SITE) {
 246 assert_equals(cookies["samesite_none"], expectedValue, "SameSite=None cookies are always included in document.cookie.");
 247 assert_equals(cookies["samesite_unspecified"], expectedValue, "Unspecified-SameSite cookies are always included in document.cookie.");
 248 assert_equals(cookies["samesite_strict"], expectedValue, "SameSite=Strict cookies are always included in document.cookie.");
 249 assert_equals(cookies["samesite_lax"], expectedValue, "SameSite=Lax cookies are always included in document.cookie.");
 250 } else if (expectedStatus == DomSameSiteStatus.CROSS_SITE) {
 251 assert_equals(cookies["samesite_none"], expectedValue, "SameSite=None cookies are always included in document.cookie.");
 252 assert_not_equals(cookies["samesite_unspecified"], expectedValue, "Unspecified-SameSite cookies are not included in document.cookie when cross-site.");
 253 assert_not_equals(cookies["samesite_strict"], expectedValue, "SameSite=Strict cookies are not included in document.cookie when cross-site.");
 254 assert_not_equals(cookies["samesite_lax"], expectedValue, "SameSite=Lax cookies are not included in document.cookie when cross-site.");
 255 }
 256}
 257
 258function isLegacySameSite() {
 259 return location.search === "?legacy-samesite";
 260}
 261
 262// Get the proper verifier based on the test's variant type.
 263function getSameSiteVerifier() {
 264 return isLegacySameSite() ?
 265 verifySameSiteCookieStateLegacy : verifySameSiteCookieStateWithSameSiteByDefault;
156266}
157267
158268//

@@return credFetch(origin + "/cookies/resources/dropSecure.py")
179289 })
180290}
181291
 292// Reset SameSite=None test cookies on |origin|. If |origin| matches
 293// `self.origin`, assert (via `document.cookie`) that they were properly
 294// removed.
 295function resetSameSiteNoneCookies(origin, value) {
 296 return credFetch(origin + "/cookies/resources/dropSameSiteNone.py")
 297 .then(_ => {
 298 if (origin == self.origin) {
 299 assert_dom_cookie("samesite_none_insecure", value, false);
 300 assert_dom_cookie("samesite_none_secure", value, false);
 301 }
 302 })
 303 .then(_ => {
 304 return credFetch(origin + "/cookies/resources/setSameSiteNone.py?" + value);
 305 })
 306}
 307
 308// Reset test cookies with multiple SameSite attributes on |origin|.
 309// If |origin| matches `self.origin`, assert (via `document.cookie`)
 310// that they were properly removed.
 311function resetSameSiteMultiAttributeCookies(origin, value) {
 312 return credFetch(origin + "/cookies/resources/dropSameSiteMultiAttribute.py")
 313 .then(_ => {
 314 if (origin == self.origin) {
 315 assert_dom_cookie("samesite_unsupported", value, false);
 316 assert_dom_cookie("samesite_unsupported_none", value, false);
 317 assert_dom_cookie("samesite_unsupported_lax", value, false);
 318 assert_dom_cookie("samesite_unsupported_strict", value, false);
 319 assert_dom_cookie("samesite_none_unsupported", value, false);
 320 assert_dom_cookie("samesite_lax_unsupported", value, false);
 321 assert_dom_cookie("samesite_strict_unsupported", value, false);
 322 assert_dom_cookie("samesite_lax_none", value, false);
 323 }
 324 })
 325 .then(_ => {
 326 return credFetch(origin + "/cookies/resources/setSameSiteMultiAttribute.py?" + value);
 327 })
 328}
 329
182330//
183331// DOM based cookie manipulation APIs
184332//
185333
186334// erase cookie value and set for expiration
187 function erase_cookie_from_js(name) {
188  let secure = self.location.protocol == "https:" ? "Secure" : "";
189  document.cookie = `${name}=0; path=/; expires=${new Date(0).toUTCString()}; ${secure}`;
 335function erase_cookie_from_js(name, params) {
 336 document.cookie = `${name}=0; expires=${new Date(0).toUTCString()}; ${params};`;
190337 var re = new RegExp("(?:^|; )" + name);
191338 assert_equals(re.test(document.cookie), false, "Sanity check: " + name + " has been deleted.");
192339}

LayoutTests/imported/w3c/web-platform-tests/cookies/resources/cookie-test.js

 1// getDefaultPathCookies is a helper method to get and delete cookies on the
 2// "default path" (which for these tests will be at `/cookies/resources`),
 3// determined by the path portion of the request-uri.
 4async function getDefaultPathCookies(path = '/cookies/resources') {
 5 return new Promise((resolve, reject) => {
 6 try {
 7 const iframe = document.createElement('iframe');
 8 iframe.style = 'display: none';
 9 iframe.src = `${path}/echo-cookie.html`;
 10
 11 iframe.addEventListener('load', (e) => {
 12 const win = e.target.contentWindow;
 13 const iframeCookies = win.getCookies();
 14 win.expireCookie('test', path);
 15 resolve(iframeCookies);
 16 }, {once: true});
 17
 18 document.documentElement.appendChild(iframe);
 19 } catch (e) {
 20 reject(e);
 21 }
 22 });
 23}
 24
 25// getRedirectedCookies is a helper method to get and delete cookies that
 26// were set from a Location header redirect.
 27async function getRedirectedCookies(location, cookie) {
 28 return new Promise((resolve, reject) => {
 29 try {
 30 const iframe = document.createElement('iframe');
 31 iframe.style = 'display: none';
 32 iframe.src = location;
 33
 34 iframe.addEventListener('load', (e) => {
 35 const win = e.target.contentWindow;
 36 let iframeCookie;
 37 // go ask for the cookie
 38 win.postMessage('getCookies', '*');
 39
 40 // once we get it, send a message to delete on the other
 41 // side, then resolve the cookie back to httpRedirectCookieTest
 42 window.addEventListener('message', (e) => {
 43 if (typeof e.data == 'object' && 'cookies' in e.data) {
 44 iframeCookie = e.data.cookies;
 45 e.source.postMessage({'expireCookie': cookie}, '*');
 46 }
 47
 48 // wait on the iframe to tell us it deleted the cookies before
 49 // resolving, to avoid any state race conditions.
 50 if (e.data == 'expired') {
 51 resolve(iframeCookie);
 52 }
 53 });
 54 }, {once: true});
 55
 56 document.documentElement.appendChild(iframe);
 57 } catch (e) {
 58 reject(e);
 59 }
 60 });
 61}
 62
 63// httpCookieTest sets a |cookie| (via HTTP), then asserts it was or was not set
 64// via |expectedValue| (via the DOM). Then cleans it up (via HTTP). Most tests
 65// do not set a Path attribute, so |defaultPath| defaults to true.
 66//
 67// |cookie| may be a single cookie string, or an array of cookie strings, where
 68// the order of the array items represents the order of the Set-Cookie headers
 69// sent by the server.
 70function httpCookieTest(cookie, expectedValue, name, defaultPath = true) {
 71 let encodedCookie = encodeURIComponent(JSON.stringify(cookie));
 72 return promise_test(
 73 async t => {
 74 return fetch(`/cookies/resources/cookie.py?set=${encodedCookie}`)
 75 .then(async () => {
 76 let cookies = document.cookie;
 77 if (defaultPath) {
 78 // for the tests where a Path is set from the request-uri
 79 // path, we need to go look for cookies in an iframe at that
 80 // default path.
 81 cookies = await getDefaultPathCookies();
 82 }
 83 if (Boolean(expectedValue)) {
 84 assert_equals(
 85 cookies, expectedValue,
 86 'The cookie was set as expected.');
 87 } else {
 88 assert_equals(
 89 cookies, expectedValue, 'The cookie was rejected.');
 90 }
 91 })
 92 .then(() => {
 93 return fetch(
 94 `/cookies/resources/cookie.py?drop=${encodedCookie}`);
 95 })},
 96 name);
 97}
 98
 99// This is a variation on httpCookieTest, where a redirect happens via
 100// the Location header and we check to see if cookies are sent via
 101// getRedirectedCookies
 102function httpRedirectCookieTest(cookie, expectedValue, name, location) {
 103 const encodedCookie = encodeURIComponent(JSON.stringify(cookie));
 104 const encodedLocation = encodeURIComponent(location);
 105 const setParams = `?set=${encodedCookie}&location=${encodedLocation}`;
 106 return promise_test(
 107 async t => {
 108 return fetch(`/cookies/resources/cookie.py${setParams}`)
 109 .then(async () => {
 110 // for the tests where a redirect happens, we need to head
 111 // to that URI to get the cookies (and then delete them there)
 112 const cookies = await getRedirectedCookies(location, cookie);
 113 if (Boolean(expectedValue)) {
 114 assert_equals(cookies, expectedValue,
 115 'The cookie was set as expected.');
 116 } else {
 117 assert_equals(cookies, expectedValue, 'The cookie was rejected.');
 118 }
 119 }).then(() => {
 120 return fetch(`/cookies/resources/cookie.py?drop=${encodedCookie}`);
 121 })
 122 },
 123 name);
 124}
 125
 126// Cleans up all cookies accessible via document.cookie. This will not clean up
 127// any HttpOnly cookies.
 128function dropAllDomCookies() {
 129 let cookies = document.cookie.split('; ');
 130 for (const cookie of cookies) {
 131 if (!Boolean(cookie))
 132 continue;
 133 document.cookie = `${cookie}; expires=01 Jan 1970 00:00:00 GMT`;
 134 }
 135 assert_equals(document.cookie, '', 'All DOM cookies were dropped.');
 136}
 137
 138// Sets a `cookie` via the DOM, checks it against `expectedValue` via the DOM,
 139// then cleans it up via the DOM. This is needed in cases where going through
 140// HTTP headers may modify the cookie line (e.g. by stripping control
 141// characters).
 142function domCookieTest(cookie, expectedValue, name) {
 143 return test(function() {
 144 document.cookie = cookie;
 145 let cookies = document.cookie;
 146 this.add_cleanup(dropAllDomCookies);
 147 assert_equals(
 148 cookies, expectedValue,
 149 Boolean(expectedValue) ? 'The cookie was set as expected.' :
 150 'The cookie was rejected.');
 151 }, name);
 152}
 153
 154// Returns two arrays of control characters along with their ASCII codes. The
 155// TERMINATING_CTLS should result in termination of the cookie string. The
 156// remaining CTLS should result in rejection of the cookie. Control characters
 157// are defined by RFC 5234 to be %x00-1F / %x7F.
 158function getCtlCharacters() {
 159 const termCtlCodes = [0x00 /* NUL */, 0x0A /* LF */, 0x0D /* CR */];
 160 const ctlCodes = [...Array(0x20).keys()]
 161 .filter(i => termCtlCodes.indexOf(i) === -1)
 162 .concat([0x7F]);
 163 return {
 164 TERMINATING_CTLS:
 165 termCtlCodes.map(i => ({code: i, chr: String.fromCharCode(i)})),
 166 CTLS: ctlCodes.map(i => ({code: i, chr: String.fromCharCode(i)}))
 167 };
 168}

LayoutTests/imported/w3c/web-platform-tests/cookies/resources/cookie.py

 1import json
 2
 3from cookies.resources.helpers import setNoCacheAndCORSHeaders
 4from wptserve.utils import isomorphic_decode
 5from wptserve.utils import isomorphic_encode
 6
 7def set_cookie(headers, cookie_string, drop=False):
 8 """Helper method to add a Set-Cookie header"""
 9 if drop:
 10 cookie_string = cookie_string.encode('utf-8') + b'; max-age=0'
 11 headers.append((b'Set-Cookie', isomorphic_encode(cookie_string)))
 12
 13def main(request, response):
 14 """Set or drop a cookie via GET params.
 15
 16 Usage: `/cookie.py?set={cookie}` or `/cookie.py?drop={cookie}`
 17
 18 The passed-in cookie string should be stringified via JSON.stringify() (in
 19 the case of multiple cookie headers sent in an array) and encoded via
 20 encodeURIComponent, otherwise `parse_qsl` will split on any semicolons
 21 (used by the Request.GET property getter). Note that values returned by
 22 Request.GET will decode any percent-encoded sequences sent in a GET param
 23 (which may or may not be surprising depending on what you're doing).
 24
 25 Note: here we don't use Response.delete_cookie() or similar other methods
 26 in this resources directory because there are edge cases that are impossible
 27 to express via those APIs, namely a bare (`Path`) or empty Path (`Path=`)
 28 attribute. Instead, we pipe through the entire cookie and append `max-age=0`
 29 to it.
 30 """
 31 headers = setNoCacheAndCORSHeaders(request, response)
 32
 33 if b'drop' in request.GET:
 34 cookie = request.GET[b'drop']
 35 cookie = json.loads(cookie)
 36 cookies = cookie if isinstance(cookie, list) else [cookie]
 37 for c in cookies:
 38 set_cookie(headers, c, drop=True)
 39
 40 if b'set' in request.GET:
 41 cookie = isomorphic_decode(request.GET[b'set'])
 42 cookie = json.loads(cookie)
 43 cookies = cookie if isinstance(cookie, list) else [cookie]
 44 for c in cookies:
 45 set_cookie(headers, c)
 46
 47 if b'location' in request.GET:
 48 headers.append((b'Location', request.GET[b'location']))
 49 return 302, headers, b'{"redirect": true}'
 50
 51 return headers, b'{"success": true}'

LayoutTests/imported/w3c/web-platform-tests/cookies/resources/drop.py

1 from helpers import makeDropCookie, readParameter, setNoCacheAndCORSHeaders
 1from cookies.resources.helpers import makeDropCookie, readParameter, setNoCacheAndCORSHeaders
22
33def main(request, response):
44 """Respond to `/cookie/drop?name={name}` by expiring the cookie named `{name}`."""
55 headers = setNoCacheAndCORSHeaders(request, response)
66 try:
77 # Expire the named cookie, and return a JSON-encoded success code.
8  name = readParameter(request, paramName="name", requireValue=True)
 8 name = readParameter(request, paramName=u"name", requireValue=True)
99 scheme = request.url_parts.scheme
10  headers.append(makeDropCookie(name, "https" == scheme))
11  return headers, '{"success": true}'
 10 headers.append(makeDropCookie(name, u"https" == scheme))
 11 return headers, b'{"success": true}'
1212 except:
13  return 500, headers, '{"error" : "Empty or missing name parameter."}'
14 
 13 return 500, headers, b'{"error" : "Empty or missing name parameter."}'
1514

LayoutTests/imported/w3c/web-platform-tests/cookies/resources/dropSameSite.py

1 from helpers import makeDropCookie, readParameter, setNoCacheAndCORSHeaders
 1from cookies.resources.helpers import makeDropCookie, setNoCacheAndCORSHeaders
22
33def main(request, response):
44 """Respond to `/cookie/same-site/resources/dropSameSite.py by dropping the
5  three cookies set by setSameSiteCookies.py"""
 5 four cookies set by setSameSiteCookies.py"""
66 headers = setNoCacheAndCORSHeaders(request, response)
77
88 # Expire the cookies, and return a JSON-encoded success code.
9  headers.append(makeDropCookie("samesite_strict", False))
10  headers.append(makeDropCookie("samesite_lax", False))
11  headers.append(makeDropCookie("samesite_none", False))
12  return headers, '{"success": true}'
 9 headers.append(makeDropCookie(b"samesite_strict", False))
 10 headers.append(makeDropCookie(b"samesite_lax", False))
 11 headers.append(makeDropCookie(b"samesite_none", False))
 12 headers.append(makeDropCookie(b"samesite_unspecified", False))
 13 return headers, b'{"success": true}'

LayoutTests/imported/w3c/web-platform-tests/cookies/resources/dropSameSiteMultiAttribute.py

 1from cookies.resources.helpers import makeDropCookie, setNoCacheAndCORSHeaders
 2
 3def main(request, response):
 4 """Respond to `/cookies/resources/dropSameSiteMultiAttribute.py by dropping
 5 the cookies set by setSameSiteMultiAttribute.py"""
 6 headers = setNoCacheAndCORSHeaders(request, response)
 7
 8 # Expire the cookies, and return a JSON-encoded success code.
 9 headers.append(makeDropCookie(b"samesite_unsupported", True))
 10 headers.append(makeDropCookie(b"samesite_unsupported_none", True))
 11 headers.append(makeDropCookie(b"samesite_unsupported_lax", False))
 12 headers.append(makeDropCookie(b"samesite_unsupported_strict", False))
 13 headers.append(makeDropCookie(b"samesite_none_unsupported", True))
 14 headers.append(makeDropCookie(b"samesite_lax_unsupported", True))
 15 headers.append(makeDropCookie(b"samesite_strict_unsupported", True))
 16 headers.append(makeDropCookie(b"samesite_lax_none", True))
 17 return headers, b'{"success": true}'

LayoutTests/imported/w3c/web-platform-tests/cookies/resources/dropSameSiteNone.py

 1from cookies.resources.helpers import makeDropCookie, setNoCacheAndCORSHeaders
 2
 3def main(request, response):
 4 """Respond to `/cookies/resources/dropSameSiteNone.py by dropping the
 5 two cookies set by setSameSiteNone.py"""
 6 headers = setNoCacheAndCORSHeaders(request, response)
 7
 8 # Expire the cookies, and return a JSON-encoded success code.
 9 headers.append(makeDropCookie(b"samesite_none_insecure", False))
 10 headers.append(makeDropCookie(b"samesite_none_secure", True))
 11 return headers, b'{"success": true}'

LayoutTests/imported/w3c/web-platform-tests/cookies/resources/dropSecure.py

1 from helpers import makeDropCookie, readParameter, setNoCacheAndCORSHeaders
 1from cookies.resources.helpers import makeDropCookie, setNoCacheAndCORSHeaders
22
33def main(request, response):
44 """Respond to `/cookie/drop/secure` by dropping the two cookie set by

@@def main(request, response):
66 headers = setNoCacheAndCORSHeaders(request, response)
77
88 # Expire the cookies, and return a JSON-encoded success code.
9  headers.append(makeDropCookie("alone_secure", False))
10  headers.append(makeDropCookie("alone_insecure", False))
11  return headers, '{"success": true}'
 9 headers.append(makeDropCookie(b"alone_secure", False))
 10 headers.append(makeDropCookie(b"alone_insecure", False))
 11 return headers, b'{"success": true}'

LayoutTests/imported/w3c/web-platform-tests/cookies/resources/echo-cookie.html

@@window.isCookieSet = function (name, path) {
1919window.expireCookie = function (name, path) {
2020 document.cookie = name + '=0; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=' + path + ';';
2121};
 22window.getCookies = () => document.cookie;
2223</script>
2324</body>
2425</html>

LayoutTests/imported/w3c/web-platform-tests/cookies/resources/helpers.py

1 import urlparse
 1from urllib.parse import parse_qs
 2
 3from wptserve.utils import isomorphic_encode
24
35def setNoCacheAndCORSHeaders(request, response):
46 """Set Cache-Control, CORS and Content-Type headers appropriate for the cookie tests."""
5  headers = [("Content-Type", "application/json"),
6  ("Access-Control-Allow-Credentials", "true")]
 7 headers = [(b"Content-Type", b"application/json"),
 8 (b"Access-Control-Allow-Credentials", b"true")]
79
8  origin = "*"
9  if "origin" in request.headers:
10  origin = request.headers["origin"]
 10 origin = b"*"
 11 if b"origin" in request.headers:
 12 origin = request.headers[b"origin"]
1113
12  headers.append(("Access-Control-Allow-Origin", origin))
 14 headers.append((b"Access-Control-Allow-Origin", origin))
1315 #headers.append(("Access-Control-Allow-Credentials", "true"))
14  headers.append(("Cache-Control", "no-cache"))
15  headers.append(("Expires", "Fri, 01 Jan 1990 00:00:00 GMT"))
 16 headers.append((b"Cache-Control", b"no-cache"))
 17 headers.append((b"Expires", b"Fri, 01 Jan 1990 00:00:00 GMT"))
1618
1719 return headers
1820
1921def makeCookieHeader(name, value, otherAttrs):
2022 """Make a Set-Cookie header for a cookie with the name, value and attributes provided."""
2123 def makeAV(a, v):
22  if None == v or "" == v:
 24 if None == v or b"" == v:
2325 return a
24  return "%s=%s" % (a, v)
 26 if isinstance(v, int):
 27 return b"%s=%i" % (a, v)
 28 else:
 29 return b"%s=%s" % (a, v)
2530
2631 # ensure cookie name is always first
27  attrs = ["%s=%s" % (name, value)]
28  attrs.extend(makeAV(a, v) for (a,v) in otherAttrs.iteritems())
29  return ("Set-Cookie", "; ".join(attrs))
 32 attrs = [b"%s=%s" % (name, value)]
 33 attrs.extend(makeAV(a, v) for (a, v) in otherAttrs.items())
 34 return (b"Set-Cookie", b"; ".join((attrs)))
3035
3136def makeDropCookie(name, secure):
32  attrs = {"MaxAge": 0, "path": "/"}
 37 attrs = {b"max-age": 0, b"path": b"/"}
3338 if secure:
34  attrs["secure"] = ""
35  return makeCookieHeader(name, "", attrs)
 39 attrs[b"secure"] = b""
 40 return makeCookieHeader(name, b"", attrs)
3641
3742def readParameter(request, paramName, requireValue):
3843 """Read a parameter from the request. Raise if requireValue is set and the
3944 parameter has an empty value or is not present."""
40  params = urlparse.parse_qs(request.url_parts.query)
 45 params = parse_qs(request.url_parts.query)
4146 param = params[paramName][0].strip()
4247 if len(param) == 0:
43  raise Exception("Empty or missing name parameter.")
44  return param
 48 raise Exception(u"Empty or missing name parameter.")
 49 return isomorphic_encode(param)
4550
4651def readCookies(request):
4752 """Read the cookies from the client present in the request."""

@@def readCookies(request):
5257 # need to modify the test to take cookie names and value lists?
5358 cookies[key] = cookie.value
5459 return cookies
55 

LayoutTests/imported/w3c/web-platform-tests/cookies/resources/imgIfMatch.py

1 import helpers
 1from cookies.resources import helpers
22
33def main(request, response):
44 """Respond to `/cookie/imgIfMatch?name={name}&value={value}` with a 404 if
55 the cookie isn't present, and a transparent GIF otherwise."""
66 headers = helpers.setNoCacheAndCORSHeaders(request, response)
7  name = helpers.readParameter(request, paramName="name", requireValue=True)
8  value = helpers.readParameter(request, paramName="value", requireValue=True)
 7 name = helpers.readParameter(request, paramName=u"name", requireValue=True)
 8 value = helpers.readParameter(request, paramName=u"value", requireValue=True)
99 cookiesWithMatchingNames = request.cookies.get_list(name)
1010 for cookie in cookiesWithMatchingNames:
1111 if cookie.value == value:
1212 # From https://github.com/mathiasbynens/small/blob/master/gif-transparent.gif
13  headers.append(("Content-Type","image/gif"))
14  gif = "\x47\x49\x46\x38\x39\x61\x01\x00\x01\x00\x80\x00\x00\xFF\xFF\xFF\x00\x00\x00\x21\xF9\x04\x01\x00\x00\x00\x00\x2C\x00\x00\x00\x00\x01\x00\x01\x00\x00\x02\x02\x44\x01\x00\x3B"
 13 headers.append((b"Content-Type", b"image/gif"))
 14 gif = b"\x47\x49\x46\x38\x39\x61\x01\x00\x01\x00\x80\x00\x00\xFF\xFF\xFF\x00\x00\x00\x21\xF9\x04\x01\x00\x00\x00\x00\x2C\x00\x00\x00\x00\x01\x00\x01\x00\x00\x02\x02\x44\x01\x00\x3B"
1515 return headers, gif
16  return 500, headers, '{"error": {"message": "The cookie\'s value did not match the given value."}}'
 16 return 500, headers, b'{"error": {"message": "The cookie\'s value did not match the given value."}}'

LayoutTests/imported/w3c/web-platform-tests/cookies/resources/list.py

11import json
2 import helpers
 2from cookies.resources import helpers
 3
 4from wptserve.utils import isomorphic_decode
35
46def main(request, response):
57 headers = helpers.setNoCacheAndCORSHeaders(request, response)
68 cookies = helpers.readCookies(request)
7  return headers, json.dumps(cookies)
 9 decoded_cookies = {isomorphic_decode(key): isomorphic_decode(val) for key, val in cookies.items()}
 10 return headers, json.dumps(decoded_cookies)

LayoutTests/imported/w3c/web-platform-tests/cookies/resources/navigate.html

 1<!DOCTYPE html>
 2<meta charset="utf-8">
 3<script>
 4 // Navigates the window to a location specified via URL query param.
 5 const params = new URLSearchParams(window.location.search);
 6 const loc = params.get('location');
 7 window.location = loc;
 8</script>

LayoutTests/imported/w3c/web-platform-tests/cookies/resources/postToParent.py

11import json
2 import helpers
 2from cookies.resources import helpers
 3
 4from wptserve.utils import isomorphic_decode
35
46def main(request, response):
57 headers = helpers.setNoCacheAndCORSHeaders(request, response)
68 cookies = helpers.readCookies(request)
7  headers.append(("Content-Type", "text/html; charset=utf-8"))
 9 headers.append((b"Content-Type", b"text/html; charset=utf-8"))
810
9  tmpl = """
 11 tmpl = u"""
1012<!DOCTYPE html>
1113<script>
1214 var data = %s;
 15 data.type = "COOKIES";
 16
 17 try {
 18 data.domcookies = document.cookie;
 19 } catch (e) {}
1320
14  if (window.parent != window)
 21 if (window.parent != window) {
1522 window.parent.postMessage(data, "*");
 23 if (window.top != window.parent)
 24 window.top.postMessage(data, "*");
 25 }
 26
1627
1728 if (window.opener)
1829 window.opener.postMessage(data, "*");

@@def main(request, response):
2435 });
2536</script>
2637"""
27  return headers, tmpl % json.dumps(cookies)
 38 decoded_cookies = {isomorphic_decode(key): isomorphic_decode(val) for key, val in cookies.items()}
 39 return headers, tmpl % json.dumps(decoded_cookies)

LayoutTests/imported/w3c/web-platform-tests/cookies/resources/redirectWithCORSHeaders.py

1 from helpers import setNoCacheAndCORSHeaders
 1from cookies.resources.helpers import setNoCacheAndCORSHeaders
22
33def main(request, response):
44 """Simple handler that causes redirection.

@@def main(request, response):
88 location - The resource to redirect to.
99 """
1010 status = 302
11  if "status" in request.GET:
 11 if b"status" in request.GET:
1212 try:
13  status = int(request.GET.first("status"))
 13 status = int(request.GET.first(b"status"))
1414 except ValueError:
1515 pass
1616 headers = setNoCacheAndCORSHeaders(request, response)
1717
18  location = request.GET.first("location")
 18 location = request.GET.first(b"location")
1919
20  headers.append(("Location", location))
 20 headers.append((b"Location", location))
2121
22  return status, headers, ""
 22 return status, headers, b""

LayoutTests/imported/w3c/web-platform-tests/cookies/resources/set.py

1 import helpers
 1from cookies.resources import helpers
 2from urllib.parse import unquote
 3
 4from wptserve.utils import isomorphic_encode
25
36def main(request, response):
47 """Respond to `/cookie/set?{cookie}` by echoing `{cookie}` as a `Set-Cookie` header."""
58 headers = helpers.setNoCacheAndCORSHeaders(request, response)
6  headers.append(("Set-Cookie", request.url_parts.query))
7  return headers, '{"success": true}'
 9
 10 # Cookies may require whitespace (e.g. in the `Expires` attribute), so the
 11 # query string should be decoded.
 12 cookie = unquote(request.url_parts.query)
 13 headers.append((b"Set-Cookie", isomorphic_encode(cookie)))
 14
 15 return headers, b'{"success": true}'

LayoutTests/imported/w3c/web-platform-tests/cookies/resources/setSameSite.py

1 from helpers import makeCookieHeader, readParameter, setNoCacheAndCORSHeaders
 1from cookies.resources.helpers import makeCookieHeader, setNoCacheAndCORSHeaders
 2
 3from wptserve.utils import isomorphic_encode
24
35def main(request, response):
4  """Respond to `/cookie/set/samesite?{value}` by setting three cookies:
 6 """Respond to `/cookie/set/samesite?{value}` by setting four cookies:
57 1. `samesite_strict={value};SameSite=Strict;path=/`
68 2. `samesite_lax={value};SameSite=Lax;path=/`
7  3. `samesite_none={value};path=/`"""
 9 3. `samesite_none={value};SameSite=None;path=/`
 10 4. `samesite_unspecified={value};path=/`
 11 Then navigate to a page that will post a message back to the opener with the set cookies"""
812 headers = setNoCacheAndCORSHeaders(request, response)
9  value = request.url_parts.query
 13 value = isomorphic_encode(request.url_parts.query)
 14
 15 headers.append((b"Content-Type", b"text/html; charset=utf-8"))
 16 headers.append(makeCookieHeader(b"samesite_strict", value, {b"SameSite":b"Strict", b"path":b"/"}))
 17 headers.append(makeCookieHeader(b"samesite_lax", value, {b"SameSite":b"Lax", b"path":b"/"}))
 18 # SameSite=None cookies must be Secure.
 19 headers.append(makeCookieHeader(b"samesite_none", value, {b"SameSite":b"None", b"path":b"/", b"Secure": b""}))
 20 headers.append(makeCookieHeader(b"samesite_unspecified", value, {b"path":b"/"}))
 21
 22 document = b"""
 23<!DOCTYPE html>
 24<script>
 25 // A same-site navigation, which should attach all cookies including SameSite ones.
 26 // This is necessary because this page may have been reached via a cross-site navigation, so
 27 // we might not have access to some SameSite cookies from here.
 28 window.location = "../samesite/resources/echo-cookies.html";
 29</script>
 30"""
1031
11  headers.append(makeCookieHeader("samesite_strict", value, {"SameSite":"Strict","path":"/"}))
12  headers.append(makeCookieHeader("samesite_lax", value, {"SameSite":"Lax","path":"/"}))
13  headers.append(makeCookieHeader("samesite_none", value, {"path":"/"}))
14  return headers, '{"success": true}'
 32 return headers, document

LayoutTests/imported/w3c/web-platform-tests/cookies/resources/setSameSiteMultiAttribute.py

 1from cookies.resources.helpers import makeCookieHeader, setNoCacheAndCORSHeaders
 2
 3from wptserve.utils import isomorphic_encode
 4
 5def main(request, response):
 6 """Respond to `/cookie/set/samesite?{value}` by setting the following combination of cookies:
 7 1. `samesite_unsupported={value};SameSite=Unsupported;path=/;Secure`
 8 2. `samesite_unsupported_none={value};SameSite=Unsupported;SameSite=None;path=/;Secure`
 9 3. `samesite_unsupported_lax={value};SameSite=Unsupported;SameSite=Lax;path=/`
 10 4. `samesite_unsupported_strict={value};SameSite=Unsupported;SameSite=Strict;path=/`
 11 5. `samesite_none_unsupported={value};SameSite=None;SameSite=Unsupported;path=/;Secure`
 12 6. `samesite_lax_unsupported={value};SameSite=Lax;SameSite=Unsupported;path=/;Secure`
 13 7. `samesite_strict_unsupported={value};SameSite=Strict;SameSite=Unsupported;path=/;Secure`
 14 8. `samesite_lax_none={value};SameSite=Lax;SameSite=None;path=/;Secure`
 15 9. `samesite_lax_strict={value};SameSite=Lax;SameSite=Strict;path=/`
 16 10. `samesite_strict_lax={value};SameSite=Strict;SameSite=Lax;path=/`
 17 Then navigate to a page that will post a message back to the opener with the set cookies"""
 18 headers = setNoCacheAndCORSHeaders(request, response)
 19 value = isomorphic_encode(request.url_parts.query)
 20
 21 headers.append((b"Content-Type", b"text/html; charset=utf-8"))
 22 # Unknown value; single attribute
 23 headers.append(makeCookieHeader(
 24 b"samesite_unsupported", value, {b"SameSite":b"Unsupported", b"path":b"/", b"Secure":b""}))
 25
 26 # Multiple attributes; first attribute unknown
 27 headers.append(makeCookieHeader(
 28 b"samesite_unsupported_none", value, {b"SameSite":b"Unsupported", b"SameSite":b"None", b"path":b"/", b"Secure":b""}))
 29 headers.append(makeCookieHeader(
 30 b"samesite_unsupported_lax", value, {b"SameSite":b"Unsupported", b"SameSite":b"Lax", b"path":b"/"}))
 31 headers.append(makeCookieHeader(
 32 b"samesite_unsupported_strict", value, {b"SameSite":b"Unsupported", b"SameSite":b"Strict", b"path":b"/"}))
 33
 34 # Multiple attributes; second attribute unknown
 35 headers.append(makeCookieHeader(
 36 b"samesite_none_unsupported", value, {b"SameSite":b"None", b"SameSite":b"Unsupported", b"path":b"/", b"Secure":b""}))
 37 headers.append(makeCookieHeader(
 38 b"samesite_lax_unsupported", value, {b"SameSite":b"Lax", b"SameSite":b"Unsupported", b"path":b"/", b"Secure":b""}))
 39 headers.append(makeCookieHeader(
 40 b"samesite_strict_unsupported", value, {b"SameSite":b"Strict", b"SameSite":b"Unsupported", b"path":b"/", b"Secure":b""}))
 41
 42 # Multiple attributes; both known
 43 headers.append(makeCookieHeader(
 44 b"samesite_lax_none", value, {b"SameSite":b"Lax", b"SameSite":b"None", b"path":b"/", b"Secure":b""}))
 45 headers.append(makeCookieHeader(
 46 b"samesite_lax_strict", value, {b"SameSite":b"Lax", b"SameSite":b"Strict", b"path":b"/"}))
 47 headers.append(makeCookieHeader(
 48 b"samesite_strict_lax", value, {b"SameSite":b"Strict", b"SameSite":b"Lax", b"path":b"/"}))
 49
 50 document = b"""
 51<!DOCTYPE html>
 52<script>
 53 // A same-site navigation, which should attach all cookies including SameSite ones.
 54 // This is necessary because this page may have been reached via a cross-site navigation, so
 55 // we might not have access to some SameSite cookies from here.
 56 window.location = "../samesite/resources/echo-cookies.html";
 57</script>
 58"""
 59
 60 return headers, document

LayoutTests/imported/w3c/web-platform-tests/cookies/resources/setSameSiteNone.py

 1from cookies.resources.helpers import makeCookieHeader, setNoCacheAndCORSHeaders
 2
 3from wptserve.utils import isomorphic_encode
 4
 5def main(request, response):
 6 """Respond to `/cookies/resources/setSameSiteNone.py?{value}` by setting two cookies:
 7 1. `samesite_none_insecure={value};SameSite=None;path=/`
 8 2. `samesite_none_secure={value};SameSite=None;Secure;path=/`
 9 """
 10 headers = setNoCacheAndCORSHeaders(request, response)
 11 value = isomorphic_encode(request.url_parts.query)
 12
 13 headers.append(makeCookieHeader(b"samesite_none_insecure", value, {b"SameSite":b"None", b"path":b"/"}))
 14 headers.append(makeCookieHeader(b"samesite_none_secure", value, {b"SameSite":b"None", b"Secure":b"", b"path":b"/"}))
 15
 16 return headers, b'{"success": true}'

LayoutTests/imported/w3c/web-platform-tests/cookies/resources/setSecure.py

1 from helpers import makeCookieHeader, readParameter, setNoCacheAndCORSHeaders
 1from cookies.resources.helpers import makeCookieHeader, readParameter, setNoCacheAndCORSHeaders
 2
 3from wptserve.utils import isomorphic_encode
24
35def main(request, response):
46 """Respond to `/cookie/set/secure?{value}` by setting two cookies:
57 alone_secure={value};secure;path=/`
68 alone_insecure={value};path=/"""
79 headers = setNoCacheAndCORSHeaders(request, response)
8  value = request.url_parts.query
 10 value = isomorphic_encode(request.url_parts.query)
911
10  headers.append(makeCookieHeader("alone_secure", value, {"secure": "","path": "/"}))
11  headers.append(makeCookieHeader("alone_insecure", value, {"path": "/"}))
12  return headers, '{"success": true}'
 12 headers.append(makeCookieHeader(b"alone_secure", value, {b"secure": b"", b"path": b"/"}))
 13 headers.append(makeCookieHeader(b"alone_insecure", value, {b"path": b"/"}))
 14 return headers, b'{"success": true}'

LayoutTests/imported/w3c/web-platform-tests/cookies/resources/w3c-import.log

 1The tests in this directory were imported from the W3C repository.
 2Do NOT modify these tests directly in WebKit.
 3Instead, create a pull request on the WPT github:
 4 https://github.com/web-platform-tests/wpt
 5
 6Then run the Tools/Scripts/import-w3c-tests in WebKit to reimport
 7
 8Do NOT modify or remove this file.
 9
 10------------------------------------------------------------------------
 11Properties requiring vendor prefixes:
 12None
 13Property values requiring vendor prefixes:
 14None
 15------------------------------------------------------------------------
 16List of files:
 17/LayoutTests/imported/w3c/web-platform-tests/cookies/resources/cookie-helper.sub.js
 18/LayoutTests/imported/w3c/web-platform-tests/cookies/resources/cookie-test.js
 19/LayoutTests/imported/w3c/web-platform-tests/cookies/resources/cookie.py
 20/LayoutTests/imported/w3c/web-platform-tests/cookies/resources/drop.py
 21/LayoutTests/imported/w3c/web-platform-tests/cookies/resources/dropSameSite.py
 22/LayoutTests/imported/w3c/web-platform-tests/cookies/resources/dropSameSiteMultiAttribute.py
 23/LayoutTests/imported/w3c/web-platform-tests/cookies/resources/dropSameSiteNone.py
 24/LayoutTests/imported/w3c/web-platform-tests/cookies/resources/dropSecure.py
 25/LayoutTests/imported/w3c/web-platform-tests/cookies/resources/echo-cookie.html
 26/LayoutTests/imported/w3c/web-platform-tests/cookies/resources/echo-json.py
 27/LayoutTests/imported/w3c/web-platform-tests/cookies/resources/helpers.py
 28/LayoutTests/imported/w3c/web-platform-tests/cookies/resources/imgIfMatch.py
 29/LayoutTests/imported/w3c/web-platform-tests/cookies/resources/list.py
 30/LayoutTests/imported/w3c/web-platform-tests/cookies/resources/navigate.html
 31/LayoutTests/imported/w3c/web-platform-tests/cookies/resources/postToParent.py
 32/LayoutTests/imported/w3c/web-platform-tests/cookies/resources/redirectWithCORSHeaders.py
 33/LayoutTests/imported/w3c/web-platform-tests/cookies/resources/set-cookie.py
 34/LayoutTests/imported/w3c/web-platform-tests/cookies/resources/set.py
 35/LayoutTests/imported/w3c/web-platform-tests/cookies/resources/setSameSite.py
 36/LayoutTests/imported/w3c/web-platform-tests/cookies/resources/setSameSiteMultiAttribute.py
 37/LayoutTests/imported/w3c/web-platform-tests/cookies/resources/setSameSiteNone.py
 38/LayoutTests/imported/w3c/web-platform-tests/cookies/resources/setSecure.py
 39/LayoutTests/imported/w3c/web-platform-tests/cookies/resources/testharness-helpers.js

LayoutTests/imported/w3c/web-platform-tests/cookies/samesite-none-secure/cookies-without-samesite-must-be-secure.https.tentative-expected.txt

 1
 2FAIL SameSite=None cookies are rejected unless the Secure attribute is set. assert_not_equals: Non-Secure SameSite=None cookie is rejected. got disallowed value "0.040925510214925964"
 3

LayoutTests/imported/w3c/web-platform-tests/cookies/samesite-none-secure/cookies-without-samesite-must-be-secure.https.tentative.html

 1<!DOCTYPE html>
 2<meta charset="utf-8">
 3<meta name="timeout" content="long">
 4<script src="/resources/testharness.js"></script>
 5<script src="/resources/testharnessreport.js"></script>
 6<script src="/cookies/resources/cookie-helper.sub.js"></script>
 7<script>
 8promise_test(t => {
 9 var value = "" + Math.random();
 10 return resetSameSiteNoneCookies(SECURE_ORIGIN, value)
 11 .then(_ => {
 12 return credFetch(SECURE_ORIGIN + "/cookies/resources/list.py")
 13 .then(r => r.json())
 14 .then(cookies => {
 15 assert_not_equals(cookies["samesite_none_insecure"], value, "Non-Secure SameSite=None cookie is rejected.");
 16 assert_equals(cookies["samesite_none_secure"], value, "Secure SameSite=None cookie is set.");
 17 })
 18 });
 19}, "SameSite=None cookies are rejected unless the Secure attribute is set.");
 20</script>

LayoutTests/imported/w3c/web-platform-tests/cookies/samesite-none-secure/w3c-import.log

 1The tests in this directory were imported from the W3C repository.
 2Do NOT modify these tests directly in WebKit.
 3Instead, create a pull request on the WPT github:
 4 https://github.com/web-platform-tests/wpt
 5
 6Then run the Tools/Scripts/import-w3c-tests in WebKit to reimport
 7
 8Do NOT modify or remove this file.
 9
 10------------------------------------------------------------------------
 11Properties requiring vendor prefixes:
 12None
 13Property values requiring vendor prefixes:
 14None
 15------------------------------------------------------------------------
 16List of files:
 17/LayoutTests/imported/w3c/web-platform-tests/cookies/samesite-none-secure/cookies-without-samesite-must-be-secure.https.tentative.html

LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/about-blank-nested.https-expected.txt

 1
 2
 3PASS SameSite cookies with intervening about:blank iframes and navigation
 4

LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/about-blank-nested.https.html

 1<!DOCTYPE html>
 2<head>
 3 <script src="/resources/testharness.js"></script>
 4 <script src="/resources/testharnessreport.js"></script>
 5 <script src="/cookies/resources/cookie-helper.sub.js"></script>
 6</head>
 7<body onload="doTests()">
 8 <iframe src="about:blank" id="if">
 9 </iframe>
 10 <script>
 11 function doTests() {
 12 promise_test(async function(t) {
 13 var child = document.getElementById("if");
 14 var grandKid = child.contentDocument.createElement("iframe");
 15 child.contentDocument.body.appendChild(grandKid);
 16 var value = "" + Math.random();
 17 await resetSameSiteCookies(SECURE_ORIGIN, value);
 18
 19 // Using postToParent.py here to see cookies used when navigating the page.
 20 grandKid.src = SECURE_ORIGIN + "/cookies/resources/postToParent.py"
 21 var e = await wait_for_message("COOKIES", SECURE_ORIGIN);
 22 assert_cookie(SECURE_ORIGIN, e.data, "samesite_unspecified", value, true);
 23 assert_cookie(SECURE_ORIGIN, e.data, "samesite_lax", value, true);
 24 assert_cookie(SECURE_ORIGIN, e.data, "samesite_strict", value, true);
 25 assert_cookie(SECURE_ORIGIN, e.data, "samesite_none", value, true);
 26 }, "SameSite cookies with intervening about:blank iframes and navigation");
 27 }
 28 </script>
 29</body>

LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/about-blank-subresource.https-expected.txt

 1
 2FAIL SameSite cookies on subresource of top-level about:blank window assert_equals: `samesite_lax=0.05247175901404755` in request to `https://localhost:9443`. expected (string) "0.05247175901404755" but got (undefined) undefined
 3

LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/about-blank-subresource.https.html

 1<!DOCTYPE html>
 2<head>
 3 <script src="/resources/testharness.js"></script>
 4 <script src="/resources/testharnessreport.js"></script>
 5 <script src="/cookies/resources/cookie-helper.sub.js"></script>
 6</head>
 7<body onload="doTests()">
 8 <script>
 9 function doTests() {
 10 promise_test(async function(t) {
 11 var child = window.open("");
 12 child.onmessage = (ev) => {
 13 child.opener.postMessage(ev.data, '*');
 14 };
 15 var grandKid = child.document.createElement("iframe");
 16 child.document.body.appendChild(grandKid);
 17 var value = "" + Math.random();
 18 await resetSameSiteCookies(SECURE_ORIGIN, value);
 19
 20 // Load at what cookies a subresource below an about:blank iframe
 21 // inheritting this origin gets.
 22 grandKid.src = SECURE_ORIGIN + "/cookies/samesite/resources/iframe-subresource-report.html"
 23 var e = await wait_for_message("COOKIES", SECURE_ORIGIN);
 24 assert_cookie(SECURE_ORIGIN, e.data, "samesite_unspecified", value, true);
 25 assert_cookie(SECURE_ORIGIN, e.data, "samesite_lax", value, true);
 26 assert_cookie(SECURE_ORIGIN, e.data, "samesite_strict", value, true);
 27 assert_cookie(SECURE_ORIGIN, e.data, "samesite_none", value, true);
 28 }, "SameSite cookies on subresource of top-level about:blank window");
 29 }
 30 </script>
 31</body>

LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/about-blank-toplevel.https-expected.txt

 1
 2FAIL SameSite cookies with top-level about:blank window assert_equals: `samesite_lax=0.1899422532190136` in request to `https://localhost:9443`. expected (string) "0.1899422532190136" but got (undefined) undefined
 3

LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/about-blank-toplevel.https.html

 1<!DOCTYPE html>
 2<head>
 3 <script src="/resources/testharness.js"></script>
 4 <script src="/resources/testharnessreport.js"></script>
 5 <script src="/cookies/resources/cookie-helper.sub.js"></script>
 6</head>
 7<body onload="doTests()">
 8 <script>
 9 function doTests() {
 10 promise_test(async function(t) {
 11 var child = window.open("");
 12 child.onmessage = (ev) => {
 13 child.opener.postMessage(ev.data, '*');
 14 };
 15 var grandKid = child.document.createElement("iframe");
 16 child.document.body.appendChild(grandKid);
 17 var value = "" + Math.random();
 18 await resetSameSiteCookies(SECURE_ORIGIN, value);
 19
 20 // Using postToParent.py here to see cookies used when navigating the page.
 21 grandKid.src = SECURE_ORIGIN + "/cookies/resources/postToParent.py"
 22 var e = await wait_for_message("COOKIES", SECURE_ORIGIN);
 23 assert_cookie(SECURE_ORIGIN, e.data, "samesite_unspecified", value, true);
 24 assert_cookie(SECURE_ORIGIN, e.data, "samesite_lax", value, true);
 25 assert_cookie(SECURE_ORIGIN, e.data, "samesite_strict", value, true);
 26 assert_cookie(SECURE_ORIGIN, e.data, "samesite_none", value, true);
 27 }, "SameSite cookies with top-level about:blank window");
 28 }
 29 </script>
 30</body>

LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/fetch.https-expected.txt

 1Blocked access to external URL https://www1.localhost:9443/cookies/samesite/resources/puppet.html
 2
 3Harness Error (TIMEOUT), message = null
 4
 5PASS Same-host fetches are strictly same-site
 6TIMEOUT Subdomain fetches are strictly same-site Test timed out
 7NOTRUN Cross-site fetches are cross-site
 8NOTRUN Same-host redirecting to same-host fetches are strictly same-site
 9NOTRUN Subdomain redirecting to same-host fetches are strictly same-site
 10NOTRUN Cross-site redirecting to same-host fetches are cross-site
 11NOTRUN Same-host redirecting to subdomain fetches are strictly same-site
 12NOTRUN Subdomain redirecting to subdomain fetches are strictly same-site
 13NOTRUN Cross-site redirecting to subdomain fetches are cross-site
 14NOTRUN Same-host redirecting to cross-site fetches are cross-site
 15NOTRUN Subdomain redirecting to cross-site fetches are cross-site
 16NOTRUN Cross-site redirecting to cross-site fetches are cross-site
 17

LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/fetch.https.html

 1<!DOCTYPE html>
 2<meta charset="utf-8"/>
 3<meta name="timeout" content="long">
 4<meta name="variant" content="">
 5<meta name="variant" content="?legacy-samesite">
 6<script src="/resources/testharness.js"></script>
 7<script src="/resources/testharnessreport.js"></script>
 8<script src="/cookies/resources/cookie-helper.sub.js"></script>
 9<script>
 10 function create_test(origin, target, expectedStatus, title) {
 11 promise_test(t => {
 12 var value = "" + Math.random();
 13 return resetSameSiteCookies(origin, value)
 14 .then(_ => {
 15 return credFetch(target + "/cookies/resources/list.py")
 16
 17 .then(r => r.json())
 18 .then(cookies => getSameSiteVerifier()(expectedStatus, value, cookies, DomSameSiteStatus.SAME_SITE));
 19 });
 20 }, title);
 21 }
 22
 23 // No redirect:
 24 create_test(SECURE_ORIGIN, SECURE_ORIGIN, SameSiteStatus.STRICT, "Same-host fetches are strictly same-site");
 25 create_test(SECURE_SUBDOMAIN_ORIGIN, SECURE_SUBDOMAIN_ORIGIN, SameSiteStatus.STRICT, "Subdomain fetches are strictly same-site");
 26 create_test(SECURE_CROSS_SITE_ORIGIN, SECURE_CROSS_SITE_ORIGIN, SameSiteStatus.CROSS_SITE, "Cross-site fetches are cross-site");
 27
 28 // Redirect from {same-host,subdomain,cross-site} to same-host:
 29 create_test(SECURE_ORIGIN, redirectTo(SECURE_ORIGIN, SECURE_ORIGIN), SameSiteStatus.STRICT, "Same-host redirecting to same-host fetches are strictly same-site");
 30 create_test(SECURE_ORIGIN, redirectTo(SECURE_SUBDOMAIN_ORIGIN, SECURE_ORIGIN), SameSiteStatus.STRICT, "Subdomain redirecting to same-host fetches are strictly same-site");
 31 create_test(SECURE_ORIGIN, redirectTo(SECURE_CROSS_SITE_ORIGIN, SECURE_ORIGIN), SameSiteStatus.CROSS_SITE, "Cross-site redirecting to same-host fetches are cross-site");
 32
 33 // Redirect from {same-host,subdomain,cross-site} to same-host:
 34 create_test(SECURE_SUBDOMAIN_ORIGIN, redirectTo(SECURE_ORIGIN, SECURE_SUBDOMAIN_ORIGIN), SameSiteStatus.STRICT, "Same-host redirecting to subdomain fetches are strictly same-site");
 35 create_test(SECURE_SUBDOMAIN_ORIGIN, redirectTo(SECURE_SUBDOMAIN_ORIGIN, SECURE_SUBDOMAIN_ORIGIN), SameSiteStatus.STRICT, "Subdomain redirecting to subdomain fetches are strictly same-site");
 36 create_test(SECURE_SUBDOMAIN_ORIGIN, redirectTo(SECURE_CROSS_SITE_ORIGIN, SECURE_SUBDOMAIN_ORIGIN), SameSiteStatus.CROSS_SITE, "Cross-site redirecting to subdomain fetches are cross-site");
 37
 38 // Redirect from {same-host,subdomain,cross-site} to cross-site:
 39 create_test(SECURE_CROSS_SITE_ORIGIN, redirectTo(SECURE_ORIGIN, SECURE_CROSS_SITE_ORIGIN), SameSiteStatus.CROSS_SITE, "Same-host redirecting to cross-site fetches are cross-site");
 40 create_test(SECURE_CROSS_SITE_ORIGIN, redirectTo(SECURE_SUBDOMAIN_ORIGIN, SECURE_CROSS_SITE_ORIGIN), SameSiteStatus.CROSS_SITE, "Subdomain redirecting to cross-site fetches are cross-site");
 41 create_test(SECURE_CROSS_SITE_ORIGIN, redirectTo(SECURE_CROSS_SITE_ORIGIN, SECURE_CROSS_SITE_ORIGIN), SameSiteStatus.CROSS_SITE, "Cross-site redirecting to cross-site fetches are cross-site");
 42</script>

LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/form-get-blank-reload.https-expected.txt

 1CONSOLE MESSAGE: [object MessageEvent]
 2Blocked access to external URL https://www1.localhost:9443/cookies/samesite/resources/puppet.html
 3
 4Harness Error (TIMEOUT), message = null
 5
 6PASS Reloaded same-host top-level form GETs are strictly same-site
 7TIMEOUT Reloaded subdomain top-level form GETs are strictly same-site Test timed out
 8NOTRUN Reloaded cross-site top-level form GETs are laxly same-site
 9

LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/form-get-blank-reload.https.html

 1<!DOCTYPE html>
 2<meta charset="utf-8"/>
 3<meta name="variant" content="">
 4<meta name="variant" content="?legacy-samesite">
 5<script src="/resources/testharness.js"></script>
 6<script src="/resources/testharnessreport.js"></script>
 7<script src="/cookies/resources/cookie-helper.sub.js"></script>
 8<script>
 9 function create_test(origin, target, expectedStatus, title) {
 10 promise_test(t => {
 11 var value = "" + Math.random();
 12 return resetSameSiteCookies(origin, value)
 13 .then(_ => {
 14 return new Promise((resolve, reject) => {
 15 var f = document.createElement('form');
 16 f.action = target + "/cookies/resources/postToParent.py";
 17 f.target = "_blank";
 18 f.method = "GET";
 19
 20 // If |target| contains a `redir` parameter, extract it, and add it
 21 // to the form so it doesn't get dropped in the submission.
 22 var url = new URL(f.action);
 23 if (url.pathname = "/cookies/rfc6265/resources/redirectWithCORSHeaders.py") {
 24 var i = document.createElement("input");
 25 i.name = "location";
 26 i.value = url.searchParams.get("location");
 27 i.type = "hidden";
 28 f.appendChild(i);
 29 }
 30 var reloaded = false;
 31 var msgHandler = e => {
 32 try {
 33 getSameSiteVerifier()(expectedStatus, value, e.data, DomSameSiteStatus.SAME_SITE);
 34 } catch (e) {
 35 reject(e);
 36 }
 37
 38 if (reloaded) {
 39 window.removeEventListener("message", msgHandler);
 40 e.source.close();
 41 resolve("Popup received the cookie.");
 42 } else {
 43 reloaded = true;
 44 e.source.postMessage("reload", "*");
 45 }
 46 };
 47 window.addEventListener("message", msgHandler);
 48 document.body.appendChild(f);
 49
 50 f.submit();
 51 });
 52 });
 53 }, title);
 54 }
 55
 56 create_test(SECURE_ORIGIN, SECURE_ORIGIN, SameSiteStatus.STRICT, "Reloaded same-host top-level form GETs are strictly same-site");
 57 create_test(SECURE_SUBDOMAIN_ORIGIN, SECURE_SUBDOMAIN_ORIGIN, SameSiteStatus.STRICT, "Reloaded subdomain top-level form GETs are strictly same-site");
 58 create_test(SECURE_CROSS_SITE_ORIGIN, SECURE_CROSS_SITE_ORIGIN, SameSiteStatus.LAX, "Reloaded cross-site top-level form GETs are laxly same-site");
 59</script>

LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/form-get-blank.https-expected.txt

 1Blocked access to external URL https://www1.localhost:9443/cookies/samesite/resources/puppet.html
 2
 3Harness Error (TIMEOUT), message = null
 4
 5PASS Same-host top-level form GETs are strictly same-site
 6TIMEOUT Subdomain top-level form GETs are strictly same-site Test timed out
 7NOTRUN Cross-site top-level form GETs are laxly same-site
 8NOTRUN Same-host redirecting to same-host top-level form GETs are strictly same-site
 9NOTRUN Subdomain redirecting to same-host top-level form GETs are strictly same-site
 10NOTRUN Cross-site redirecting to same-host top-level form GETs are laxly same-site
 11NOTRUN Same-host redirecting to subdomain top-level form GETs are strictly same-site
 12NOTRUN Subdomain redirecting to subdomain top-level form GETs are strictly same-site
 13NOTRUN Cross-site redirecting to subdomain top-level form GETs are laxly same-site
 14NOTRUN Same-host redirecting to cross-site top-level form GETs are laxly same-site
 15NOTRUN Subdomain redirecting to cross-site top-level form GETs are laxly same-site
 16NOTRUN Cross-site redirecting to cross-site top-level form GETs are laxly same-site
 17

LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/form-get-blank.https.html

 1<!DOCTYPE html>
 2<meta charset="utf-8"/>
 3<meta name="timeout" content="long">
 4<meta name="variant" content="">
 5<meta name="variant" content="?legacy-samesite">
 6<script src="/resources/testharness.js"></script>
 7<script src="/resources/testharnessreport.js"></script>
 8<script src="/cookies/resources/cookie-helper.sub.js"></script>
 9<script>
 10 function create_test(origin, target, expectedStatus, title) {
 11 promise_test(t => {
 12 var value = "" + Math.random();
 13 return resetSameSiteCookies(origin, value)
 14 .then(_ => {
 15 return new Promise((resolve, reject) => {
 16 var f = document.createElement('form');
 17 f.action = target + "/cookies/resources/postToParent.py";
 18 f.target = "_blank";
 19 f.method = "GET";
 20
 21 // If |target| contains a `redir` parameter, extract it, and add it
 22 // to the form so it doesn't get dropped in the submission.
 23 var url = new URL(f.action);
 24 if (url.pathname == "/cookies/resources/redirectWithCORSHeaders.py") {
 25 var i = document.createElement("input");
 26 i.name = "location";
 27 i.type="hidden";
 28 i.value = url.searchParams.get("location");
 29 f.appendChild(i);
 30 }
 31
 32 var msgHandler = e => {
 33 window.removeEventListener("message", msgHandler);
 34 e.source.close();
 35 try {
 36 getSameSiteVerifier()(expectedStatus, value, e.data, DomSameSiteStatus.SAME_SITE);
 37 resolve("Popup received the cookie.");
 38 } catch (e) {
 39 reject(e);
 40 }
 41 };
 42 window.addEventListener("message", msgHandler);
 43 document.body.appendChild(f);
 44 f.submit();
 45 });
 46 });
 47 }, title);
 48 }
 49
 50 // No redirect:
 51 create_test(SECURE_ORIGIN, SECURE_ORIGIN, SameSiteStatus.STRICT, "Same-host top-level form GETs are strictly same-site");
 52 create_test(SECURE_SUBDOMAIN_ORIGIN, SECURE_SUBDOMAIN_ORIGIN, SameSiteStatus.STRICT, "Subdomain top-level form GETs are strictly same-site");
 53 create_test(SECURE_CROSS_SITE_ORIGIN, SECURE_CROSS_SITE_ORIGIN, SameSiteStatus.LAX, "Cross-site top-level form GETs are laxly same-site");
 54
 55 // Redirect from {same-host,subdomain,cross-site} to same-host:
 56 create_test(SECURE_ORIGIN, redirectTo(SECURE_ORIGIN, SECURE_ORIGIN), SameSiteStatus.STRICT, "Same-host redirecting to same-host top-level form GETs are strictly same-site");
 57 create_test(SECURE_ORIGIN, redirectTo(SECURE_SUBDOMAIN_ORIGIN, SECURE_ORIGIN), SameSiteStatus.STRICT, "Subdomain redirecting to same-host top-level form GETs are strictly same-site");
 58 create_test(SECURE_ORIGIN, redirectTo(SECURE_CROSS_SITE_ORIGIN, SECURE_ORIGIN), SameSiteStatus.LAX, "Cross-site redirecting to same-host top-level form GETs are laxly same-site");
 59
 60 // Redirect from {same-host,subdomain,cross-site} to same-host:
 61 create_test(SECURE_SUBDOMAIN_ORIGIN, redirectTo(SECURE_ORIGIN, SECURE_SUBDOMAIN_ORIGIN), SameSiteStatus.STRICT, "Same-host redirecting to subdomain top-level form GETs are strictly same-site");
 62 create_test(SECURE_SUBDOMAIN_ORIGIN, redirectTo(SECURE_SUBDOMAIN_ORIGIN, SECURE_SUBDOMAIN_ORIGIN), SameSiteStatus.STRICT, "Subdomain redirecting to subdomain top-level form GETs are strictly same-site");
 63 create_test(SECURE_SUBDOMAIN_ORIGIN, redirectTo(SECURE_CROSS_SITE_ORIGIN, SECURE_SUBDOMAIN_ORIGIN), SameSiteStatus.LAX, "Cross-site redirecting to subdomain top-level form GETs are laxly same-site");
 64
 65 // Redirect from {same-host,subdomain,cross-site} to cross-site:
 66 create_test(SECURE_CROSS_SITE_ORIGIN, redirectTo(SECURE_ORIGIN, SECURE_CROSS_SITE_ORIGIN), SameSiteStatus.LAX, "Same-host redirecting to cross-site top-level form GETs are laxly same-site");
 67 create_test(SECURE_CROSS_SITE_ORIGIN, redirectTo(SECURE_SUBDOMAIN_ORIGIN, SECURE_CROSS_SITE_ORIGIN), SameSiteStatus.LAX, "Subdomain redirecting to cross-site top-level form GETs are laxly same-site");
 68 create_test(SECURE_CROSS_SITE_ORIGIN, redirectTo(SECURE_CROSS_SITE_ORIGIN, SECURE_CROSS_SITE_ORIGIN), SameSiteStatus.LAX, "Cross-site redirecting to cross-site top-level form GETs are laxly same-site");
 69</script>

LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/form-post-blank-reload.https-expected.txt

 1CONSOLE MESSAGE: [object MessageEvent]
 2Blocked access to external URL https://www1.localhost:9443/cookies/samesite/resources/puppet.html
 3
 4Harness Error (TIMEOUT), message = null
 5
 6PASS Reloaded same-host top-level form POSTs are strictly same-site
 7TIMEOUT Reloaded subdomain top-level form POSTs are strictly same-site Test timed out
 8NOTRUN Reloaded cross-site top-level form POSTs are not same-site
 9

LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/form-post-blank-reload.https.html

 1<!DOCTYPE html>
 2<meta charset="utf-8"/>
 3<meta name="variant" content="">
 4<meta name="variant" content="?legacy-samesite">
 5<script src="/resources/testharness.js"></script>
 6<script src="/resources/testharnessreport.js"></script>
 7<script src="/cookies/resources/cookie-helper.sub.js"></script>
 8<script>
 9 function create_test(origin, target, expectedStatus, title) {
 10 promise_test(t => {
 11 var value = "" + Math.random();
 12 return resetSameSiteCookies(origin, value)
 13 .then(_ => {
 14 return new Promise((resolve, reject) => {
 15 var f = document.createElement('form');
 16 f.action = target + "/cookies/resources/postToParent.py";
 17 f.target = "_blank";
 18 f.method = "POST";
 19
 20 var reloaded = false;
 21 var msgHandler = e => {
 22 try {
 23 getSameSiteVerifier()(expectedStatus, value, e.data, DomSameSiteStatus.SAME_SITE);
 24 } catch (e) {
 25 reject(e);
 26 }
 27
 28 if (reloaded) {
 29 window.removeEventListener("message", msgHandler);
 30 e.source.close();
 31 resolve("Popup received the cookie.");
 32 } else {
 33 reloaded = true;
 34 e.source.postMessage("reload", "*");
 35 }
 36 };
 37 window.addEventListener("message", msgHandler);
 38
 39 document.body.appendChild(f);
 40 f.submit();
 41 });
 42 });
 43 }, title);
 44 }
 45
 46 create_test(SECURE_ORIGIN, SECURE_ORIGIN, SameSiteStatus.STRICT, "Reloaded same-host top-level form POSTs are strictly same-site");
 47 create_test(SECURE_SUBDOMAIN_ORIGIN, SECURE_SUBDOMAIN_ORIGIN, SameSiteStatus.STRICT, "Reloaded subdomain top-level form POSTs are strictly same-site");
 48 create_test(SECURE_CROSS_SITE_ORIGIN, SECURE_CROSS_SITE_ORIGIN, SameSiteStatus.CROSS_SITE, "Reloaded cross-site top-level form POSTs are not same-site");
 49</script>

LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/form-post-blank.https-expected.txt

 1Blocked access to external URL https://www1.localhost:9443/cookies/samesite/resources/puppet.html
 2
 3Harness Error (TIMEOUT), message = null
 4
 5PASS Same-host top-level form POSTs are strictly same-site
 6TIMEOUT Subdomain top-level form POSTs are strictly same-site Test timed out
 7NOTRUN Cross-site top-level form POSTs are cross-site
 8NOTRUN Same-host redirecting to same-host top-level form POSTs are strictly same-site
 9NOTRUN Subdomain redirecting to same-host top-level form POSTs are strictly same-site
 10NOTRUN Cross-site redirecting to same-host top-level form POSTs are cross-site
 11NOTRUN Same-host redirecting to subdomain top-level form POSTs are strictly same-site
 12NOTRUN Subdomain redirecting to subdomain top-level form POSTs are strictly same-site
 13NOTRUN Cross-site redirecting to subdomain top-level form POSTs are cross-site
 14NOTRUN Same-host redirecting to cross-site top-level form POSTs are cross-site
 15NOTRUN Subdomain redirecting to cross-site top-level form POSTs are cross-site
 16NOTRUN Cross-site redirecting to cross-site top-level form POSTs are cross-site
 17

LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/form-post-blank.https.html

 1<!DOCTYPE html>
 2<meta charset="utf-8"/>
 3<meta name="timeout" content="long">
 4<meta name="variant" content="">
 5<meta name="variant" content="?legacy-samesite">
 6<script src="/resources/testharness.js"></script>
 7<script src="/resources/testharnessreport.js"></script>
 8<script src="/cookies/resources/cookie-helper.sub.js"></script>
 9<script>
 10 function create_test(origin, target, expectedStatus, title) {
 11 promise_test(t => {
 12 var value = "" + Math.random();
 13 return resetSameSiteCookies(origin, value)
 14 .then(_ => {
 15 return new Promise((resolve, reject) => {
 16 var f = document.createElement('form');
 17 f.action = target + "/cookies/resources/postToParent.py";
 18 f.target = "_blank";
 19 f.method = "POST";
 20
 21 var msgHandler = e => {
 22 window.removeEventListener("message", msgHandler);
 23 e.source.close();
 24 try {
 25 getSameSiteVerifier()(expectedStatus, value, e.data, DomSameSiteStatus.SAME_SITE);
 26 resolve("Popup received the cookie.");
 27 } catch (e) {
 28 reject(e);
 29 }
 30 };
 31 window.addEventListener("message", msgHandler);
 32 document.body.appendChild(f);
 33 f.submit();
 34 });
 35 });
 36 }, title);
 37 }
 38
 39 // No redirect:
 40 create_test(SECURE_ORIGIN, SECURE_ORIGIN, SameSiteStatus.STRICT, "Same-host top-level form POSTs are strictly same-site");
 41 create_test(SECURE_SUBDOMAIN_ORIGIN, SECURE_SUBDOMAIN_ORIGIN, SameSiteStatus.STRICT, "Subdomain top-level form POSTs are strictly same-site");
 42 create_test(SECURE_CROSS_SITE_ORIGIN, SECURE_CROSS_SITE_ORIGIN, SameSiteStatus.CROSS_SITE, "Cross-site top-level form POSTs are cross-site");
 43
 44 // Redirect from {same-host,subdomain,cross-site} to same-host:
 45 create_test(SECURE_ORIGIN, redirectTo(SECURE_ORIGIN, SECURE_ORIGIN), SameSiteStatus.STRICT, "Same-host redirecting to same-host top-level form POSTs are strictly same-site");
 46 create_test(SECURE_ORIGIN, redirectTo(SECURE_SUBDOMAIN_ORIGIN, SECURE_ORIGIN), SameSiteStatus.STRICT, "Subdomain redirecting to same-host top-level form POSTs are strictly same-site");
 47 create_test(SECURE_ORIGIN, redirectTo(SECURE_CROSS_SITE_ORIGIN, SECURE_ORIGIN), SameSiteStatus.CROSS_SITE, "Cross-site redirecting to same-host top-level form POSTs are cross-site");
 48
 49 // Redirect from {same-host,subdomain,cross-site} to same-host:
 50 create_test(SECURE_SUBDOMAIN_ORIGIN, redirectTo(SECURE_ORIGIN, SECURE_SUBDOMAIN_ORIGIN), SameSiteStatus.STRICT, "Same-host redirecting to subdomain top-level form POSTs are strictly same-site");
 51 create_test(SECURE_SUBDOMAIN_ORIGIN, redirectTo(SECURE_SUBDOMAIN_ORIGIN, SECURE_SUBDOMAIN_ORIGIN), SameSiteStatus.STRICT, "Subdomain redirecting to subdomain top-level form POSTs are strictly same-site");
 52 create_test(SECURE_SUBDOMAIN_ORIGIN, redirectTo(SECURE_CROSS_SITE_ORIGIN, SECURE_SUBDOMAIN_ORIGIN), SameSiteStatus.CROSS_SITE, "Cross-site redirecting to subdomain top-level form POSTs are cross-site");
 53
 54 // Redirect from {same-host,subdomain,cross-site} to cross-site:
 55 create_test(SECURE_CROSS_SITE_ORIGIN, redirectTo(SECURE_ORIGIN, SECURE_CROSS_SITE_ORIGIN), SameSiteStatus.CROSS_SITE, "Same-host redirecting to cross-site top-level form POSTs are cross-site");
 56 create_test(SECURE_CROSS_SITE_ORIGIN, redirectTo(SECURE_SUBDOMAIN_ORIGIN, SECURE_CROSS_SITE_ORIGIN), SameSiteStatus.CROSS_SITE, "Subdomain redirecting to cross-site top-level form POSTs are cross-site");
 57 create_test(SECURE_CROSS_SITE_ORIGIN, redirectTo(SECURE_CROSS_SITE_ORIGIN, SECURE_CROSS_SITE_ORIGIN), SameSiteStatus.CROSS_SITE, "Cross-site redirecting to cross-site top-level form POSTs are cross-site");
 58</script>

LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/iframe-reload.https-expected.txt

 1CONSOLE MESSAGE: [object MessageEvent]
 2Blocked access to external URL https://www1.localhost:9443/cookies/samesite/resources/puppet.html
 3
 4Harness Error (TIMEOUT), message = null
 5
 6PASS Reloaded same-host fetches are strictly same-site
 7TIMEOUT Reloaded subdomain fetches are strictly same-site Test timed out
 8NOTRUN Reloaded cross-site fetches are cross-site
 9

LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/iframe-reload.https.html

 1<!DOCTYPE html>
 2<meta charset="utf-8"/>
 3<meta name="timeout" content="long">
 4<meta name="variant" content="">
 5<meta name="variant" content="?legacy-samesite">
 6<script src="/resources/testharness.js"></script>
 7<script src="/resources/testharnessreport.js"></script>
 8<script src="/cookies/resources/cookie-helper.sub.js"></script>
 9<!-- We're appending an <iframe> to the document's body, so execute tests after we have a body -->
 10<body>
 11<script>
 12 function create_test(origin, target, expectedStatus, expectedDomStatus, title) {
 13 promise_test(t => {
 14 var value = "" + Math.random();
 15 return resetSameSiteCookies(origin, value)
 16 .then(_ => {
 17 return new Promise((resolve, reject) => {
 18 var iframe = document.createElement("iframe");
 19 iframe.onerror = _ => reject("IFrame could not be loaded.");
 20
 21 var reloaded = false;
 22 var msgHandler = e => {
 23 try {
 24 getSameSiteVerifier()(expectedStatus, value, e.data, expectedDomStatus);
 25 } catch (e) {
 26 reject(e);
 27 }
 28
 29 if (reloaded) {
 30 window.removeEventListener("message", msgHandler);
 31 document.body.removeChild(iframe);
 32 resolve("IFrame received the cookie.");
 33 } else {
 34 reloaded = true;
 35 e.source.postMessage("reload", "*");
 36 }
 37 };
 38 window.addEventListener("message", msgHandler);
 39
 40 iframe.src = target + "/cookies/resources/postToParent.py";
 41 document.body.appendChild(iframe);
 42 });
 43 });
 44 }, title);
 45 }
 46
 47 create_test(SECURE_ORIGIN, SECURE_ORIGIN, SameSiteStatus.STRICT, DomSameSiteStatus.SAME_SITE, "Reloaded same-host fetches are strictly same-site");
 48 create_test(SECURE_SUBDOMAIN_ORIGIN, SECURE_SUBDOMAIN_ORIGIN, SameSiteStatus.STRICT, DomSameSiteStatus.SAME_SITE, "Reloaded subdomain fetches are strictly same-site");
 49 create_test(SECURE_CROSS_SITE_ORIGIN, SECURE_CROSS_SITE_ORIGIN, SameSiteStatus.CROSS_SITE, DomSameSiteStatus.CROSS_SITE, "Reloaded cross-site fetches are cross-site");
 50</script>

LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/iframe.document.https-expected.txt

 1
 2PASS Same-site iframes can set lax/strict cookies via document.cookie
 3FAIL Cross-site iframe cannot set lax/strict cookies via document.cookie assert_equals: SameSite=none cookies can be set via document.cookies even by cross-origin documents expected (string) "0.88885874537134" but got (undefined) undefined
 4

LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/iframe.document.https.html

 1<!DOCTYPE html>
 2<meta charset="utf-8"/>
 3<meta name="timeout" content="long">
 4<script src="/resources/testharness.js"></script>
 5<script src="/resources/testharnessreport.js"></script>
 6<script src="/cookies/resources/cookie-helper.sub.js"></script>
 7<!-- We're appending an <iframe> to the document's body, so execute tests after we have a body -->
 8<body>
 9<script>
 10 function create_test(target, expectedDomStatus, title) {
 11 promise_test(async t => {
 12 let cookieValue = await new Promise((resolve, reject) => {
 13 var iframe = document.createElement("iframe");
 14
 15 window.onmessage = t.step_func(e => {
 16 if (e.source == iframe.contentWindow) {
 17 document.body.removeChild(iframe);
 18 resolve(e.data.value);
 19 }
 20 });
 21
 22 iframe.src = target + "/cookies/samesite/resources/iframe.document.html";
 23 document.body.appendChild(iframe);
 24 });
 25
 26 await new Promise((resolve, reject) => {
 27 var iframe = document.createElement("iframe");
 28
 29 window.onmessage = t.step_func(e => {
 30 if (e.source == iframe.contentWindow) {
 31 // Cleanup, then verify cookie state:
 32 document.body.removeChild(iframe);
 33
 34 const cookies = e.data;
 35 assert_equals(cookies["dc_samesite_none"], cookieValue, "SameSite=none cookies can be set via document.cookies even by cross-origin documents");
 36
 37 if (expectedDomStatus === DomSameSiteStatus.SAME_SITE) {
 38 assert_equals(cookies["dc_samesite_lax"], cookieValue, "SameSite=lax cookies can be set via document.cookies by same-site documents");
 39 assert_equals(cookies["dc_samesite_strict"], cookieValue, "SameSite=strict cookies can be set via document.cookies by same-site documents");
 40 } else if (expectedDomStatus === DomSameSiteStatus.CROSS_SITE) {
 41 assert_not_equals(cookies["dc_samesite_lax"], cookieValue, "SameSite=lax cookies can be set via document.cookies by same-site documents");
 42 assert_not_equals(cookies["dc_samesite_strict"], cookieValue, "SameSite=strict cookies can be set via document.cookies by same-site documents");
 43 }
 44
 45 resolve();
 46 }
 47 });
 48
 49 iframe.src = target + "/cookies/resources/postToParent.py";
 50 document.body.appendChild(iframe);
 51 });
 52 }, title);
 53 }
 54
 55 create_test(SECURE_ORIGIN, DomSameSiteStatus.SAME_SITE, "Same-site iframes can set lax/strict cookies via document.cookie");
 56 create_test(SECURE_CROSS_SITE_ORIGIN, DomSameSiteStatus.CROSS_SITE, "Cross-site iframe cannot set lax/strict cookies via document.cookie");
 57</script>

LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/iframe.https-expected.txt

 1Blocked access to external URL https://www1.localhost:9443/cookies/samesite/resources/puppet.html
 2
 3Harness Error (TIMEOUT), message = null
 4
 5PASS Same-host fetches are strictly same-site
 6TIMEOUT Subdomain fetches are strictly same-site Test timed out
 7NOTRUN Cross-site fetches are cross-site
 8NOTRUN Same-host redirecting to same-host fetches are strictly same-site
 9NOTRUN Subdomain redirecting to same-host fetches are strictly same-site
 10NOTRUN Cross-site redirecting to same-host fetches are strictly same-site
 11NOTRUN Same-host redirecting to subdomain fetches are strictly same-site
 12NOTRUN Subdomain redirecting to subdomain fetches are strictly same-site
 13NOTRUN Cross-site redirecting to subdomain fetches are strictly same-site
 14NOTRUN Same-host redirecting to cross-site fetches are cross-site
 15NOTRUN Subdomain redirecting to cross-site fetches are cross-site
 16NOTRUN Cross-site redirecting to cross-site fetches are cross-site
 17NOTRUN Same-host navigating to same-host fetches are strictly same-site
 18NOTRUN Subdomain navigating to same-host fetches are strictly same-site
 19NOTRUN Cross-site navigating to same-host fetches are cross-site
 20NOTRUN Same-host navigating to subdomain fetches are strictly same-site
 21NOTRUN Subdomain navigating to subdomain fetches are strictly same-site
 22NOTRUN Cross-site navigating to subdomain fetches are cross-site-site
 23NOTRUN Same-host navigating to cross-site fetches are cross-site
 24NOTRUN Subdomain navigating to cross-site fetches are cross-site
 25NOTRUN Cross-site navigating to cross-site fetches are cross-site
 26

LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/iframe.https.html

 1<!DOCTYPE html>
 2<meta charset="utf-8"/>
 3<meta name="timeout" content="long">
 4<meta name="variant" content="">
 5<meta name="variant" content="?legacy-samesite">
 6<script src="/resources/testharness.js"></script>
 7<script src="/resources/testharnessreport.js"></script>
 8<script src="/cookies/resources/cookie-helper.sub.js"></script>
 9<!-- We're appending an <iframe> to the document's body, so execute tests after we have a body -->
 10<body>
 11<script>
 12 function create_test(origin, target, expectedStatus, expectedDomStatus, title) {
 13 promise_test(t => {
 14 var value = "" + Math.random();
 15 return resetSameSiteCookies(origin, value)
 16 .then(_ => {
 17 return new Promise((resolve, reject) => {
 18 var iframe = document.createElement("iframe");
 19 iframe.onerror = _ => reject("IFrame could not be loaded.");
 20
 21 var msgHandler = e => {
 22 if (e.source == iframe.contentWindow) {
 23 // Cleanup, then verify cookie state:
 24 document.body.removeChild(iframe);
 25 window.removeEventListener("message", msgHandler);
 26 try {
 27 getSameSiteVerifier()(expectedStatus, value, e.data, expectedDomStatus);
 28 resolve();
 29 } catch(e) {
 30 reject(e);
 31 }
 32 }
 33 };
 34 window.addEventListener("message", msgHandler);
 35
 36 iframe.src = target + "/cookies/resources/postToParent.py";
 37 document.body.appendChild(iframe);
 38 });
 39 });
 40 }, title);
 41 }
 42
 43 // No redirect:
 44 create_test(SECURE_ORIGIN, SECURE_ORIGIN, SameSiteStatus.STRICT, DomSameSiteStatus.SAME_SITE, "Same-host fetches are strictly same-site");
 45 create_test(SECURE_SUBDOMAIN_ORIGIN, SECURE_SUBDOMAIN_ORIGIN, SameSiteStatus.STRICT, DomSameSiteStatus.SAME_SITE, "Subdomain fetches are strictly same-site");
 46 create_test(SECURE_CROSS_SITE_ORIGIN, SECURE_CROSS_SITE_ORIGIN, SameSiteStatus.CROSS_SITE, DomSameSiteStatus.CROSS_SITE, "Cross-site fetches are cross-site");
 47
 48 // Redirect from {same-host,subdomain,cross-site} to same-host:
 49 create_test(SECURE_ORIGIN, redirectTo(SECURE_ORIGIN, SECURE_ORIGIN), SameSiteStatus.STRICT, DomSameSiteStatus.SAME_SITE, "Same-host redirecting to same-host fetches are strictly same-site");
 50 create_test(SECURE_ORIGIN, redirectTo(SECURE_SUBDOMAIN_ORIGIN, SECURE_ORIGIN), SameSiteStatus.STRICT, DomSameSiteStatus.SAME_SITE, "Subdomain redirecting to same-host fetches are strictly same-site");
 51 create_test(SECURE_ORIGIN, redirectTo(SECURE_CROSS_SITE_ORIGIN, SECURE_ORIGIN), SameSiteStatus.STRICT, DomSameSiteStatus.SAME_SITE, "Cross-site redirecting to same-host fetches are strictly same-site");
 52
 53 // Redirect from {same-host,subdomain,cross-site} to subdomain:
 54 create_test(SECURE_SUBDOMAIN_ORIGIN, redirectTo(SECURE_ORIGIN, SECURE_SUBDOMAIN_ORIGIN), SameSiteStatus.STRICT, DomSameSiteStatus.SAME_SITE, "Same-host redirecting to subdomain fetches are strictly same-site");
 55 create_test(SECURE_SUBDOMAIN_ORIGIN, redirectTo(SECURE_SUBDOMAIN_ORIGIN, SECURE_SUBDOMAIN_ORIGIN), SameSiteStatus.STRICT, DomSameSiteStatus.SAME_SITE, "Subdomain redirecting to subdomain fetches are strictly same-site");
 56 create_test(SECURE_SUBDOMAIN_ORIGIN, redirectTo(SECURE_CROSS_SITE_ORIGIN, SECURE_SUBDOMAIN_ORIGIN), SameSiteStatus.STRICT, DomSameSiteStatus.SAME_SITE, "Cross-site redirecting to subdomain fetches are strictly same-site");
 57
 58 // Redirect from {same-host,subdomain,cross-site} to cross-site:
 59 create_test(SECURE_CROSS_SITE_ORIGIN, redirectTo(SECURE_ORIGIN, SECURE_CROSS_SITE_ORIGIN), SameSiteStatus.CROSS_SITE, DomSameSiteStatus.CROSS_SITE, "Same-host redirecting to cross-site fetches are cross-site");
 60 create_test(SECURE_CROSS_SITE_ORIGIN, redirectTo(SECURE_SUBDOMAIN_ORIGIN, SECURE_CROSS_SITE_ORIGIN), SameSiteStatus.CROSS_SITE, DomSameSiteStatus.CROSS_SITE, "Subdomain redirecting to cross-site fetches are cross-site");
 61 create_test(SECURE_CROSS_SITE_ORIGIN, redirectTo(SECURE_CROSS_SITE_ORIGIN, SECURE_CROSS_SITE_ORIGIN), SameSiteStatus.CROSS_SITE, DomSameSiteStatus.CROSS_SITE, "Cross-site redirecting to cross-site fetches are cross-site");
 62
 63 // Navigate from {same-host,subdomain,cross-site} to same-host:
 64 create_test(SECURE_ORIGIN, navigateTo(SECURE_ORIGIN, SECURE_ORIGIN), SameSiteStatus.STRICT, DomSameSiteStatus.SAME_SITE, "Same-host navigating to same-host fetches are strictly same-site");
 65 create_test(SECURE_ORIGIN, navigateTo(SECURE_SUBDOMAIN_ORIGIN, SECURE_ORIGIN), SameSiteStatus.STRICT, DomSameSiteStatus.SAME_SITE, "Subdomain navigating to same-host fetches are strictly same-site");
 66 create_test(SECURE_ORIGIN, navigateTo(SECURE_CROSS_SITE_ORIGIN, SECURE_ORIGIN), SameSiteStatus.CROSS_SITE, DomSameSiteStatus.SAME_SITE, "Cross-site navigating to same-host fetches are cross-site");
 67
 68 // Navigate from {same-host,subdomain,cross-site} to subdomain:
 69 create_test(SECURE_SUBDOMAIN_ORIGIN, navigateTo(SECURE_ORIGIN, SECURE_SUBDOMAIN_ORIGIN), SameSiteStatus.STRICT, DomSameSiteStatus.SAME_SITE, "Same-host navigating to subdomain fetches are strictly same-site");
 70 create_test(SECURE_SUBDOMAIN_ORIGIN, navigateTo(SECURE_SUBDOMAIN_ORIGIN, SECURE_SUBDOMAIN_ORIGIN), SameSiteStatus.STRICT, DomSameSiteStatus.SAME_SITE, "Subdomain navigating to subdomain fetches are strictly same-site");
 71 create_test(SECURE_SUBDOMAIN_ORIGIN, navigateTo(SECURE_CROSS_SITE_ORIGIN, SECURE_SUBDOMAIN_ORIGIN), SameSiteStatus.CROSS_SITE, DomSameSiteStatus.SAME_SITE, "Cross-site navigating to subdomain fetches are cross-site-site");
 72
 73 // Navigate from {same-host,subdomain,cross-site} to cross-site:
 74 create_test(SECURE_CROSS_SITE_ORIGIN, navigateTo(SECURE_ORIGIN, SECURE_CROSS_SITE_ORIGIN), SameSiteStatus.CROSS_SITE, DomSameSiteStatus.CROSS_SITE, "Same-host navigating to cross-site fetches are cross-site");
 75 create_test(SECURE_CROSS_SITE_ORIGIN, navigateTo(SECURE_SUBDOMAIN_ORIGIN, SECURE_CROSS_SITE_ORIGIN), SameSiteStatus.CROSS_SITE, DomSameSiteStatus.CROSS_SITE, "Subdomain navigating to cross-site fetches are cross-site");
 76 create_test(SECURE_CROSS_SITE_ORIGIN, navigateTo(SECURE_CROSS_SITE_ORIGIN, SECURE_CROSS_SITE_ORIGIN), SameSiteStatus.CROSS_SITE, DomSameSiteStatus.CROSS_SITE, "Cross-site navigating to cross-site fetches are cross-site");
 77</script>

LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/img.https-expected.txt

 1Blocked access to external URL https://www1.localhost:9443/cookies/samesite/resources/puppet.html
 2
 3Harness Error (TIMEOUT), message = null
 4
 5PASS Same-host images are strictly same-site
 6TIMEOUT Subdomain images are strictly same-site Test timed out
 7NOTRUN Cross-site images are cross-site
 8NOTRUN Same-host redirecting to same-host images are strictly same-site
 9NOTRUN Subdomain redirecting to same-host images are strictly same-site
 10NOTRUN Cross-site redirecting to same-host images are cross-site
 11NOTRUN Same-host redirecting to subdomain images are strictly same-site
 12NOTRUN Subdomain redirecting to subdomain images are strictly same-site
 13NOTRUN Cross-site redirecting to subdomain images are cross-site
 14NOTRUN Same-host redirecting to cross-site images are cross-site
 15NOTRUN Subdomain redirecting to cross-site images are cross-site
 16NOTRUN Cross-site redirecting to cross-site images are cross-site
 17

LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/img.https.html

 1<!DOCTYPE html>
 2<meta charset="utf-8"/>
 3<meta name="timeout" content="long">
 4<meta name="variant" content="">
 5<meta name="variant" content="?legacy-samesite">
 6<script src="/resources/testharness.js"></script>
 7<script src="/resources/testharnessreport.js"></script>
 8<script src="/cookies/resources/cookie-helper.sub.js"></script>
 9<script>
 10 function assert_cookie_present(origin, name, value) {
 11 return new Promise((resolve, reject) => {
 12 var img = document.createElement("img");
 13 img.onload = _ => resolve("'" + name + "=" + value + "' present on " + origin);
 14 img.onerror = _ => reject("'" + name + "=" + value + "' not present on " + origin);
 15
 16 // We need to URL encode the destination path/query if we're redirecting:
 17 if (origin.match(/\/redir/))
 18 img.src = origin + encodeURIComponent("/cookies/resources/imgIfMatch.py?name=" + name + "&value=" + value);
 19 else
 20 img.src = origin + "/cookies/resources/imgIfMatch.py?name=" + name + "&value=" + value;
 21 });
 22 }
 23
 24 function assert_cookie_absent(origin, name, value) {
 25 return new Promise((resolve, reject) => {
 26 var img = document.createElement("img");
 27 img.onload = _ => reject("'" + name + "=" + value + "' present on " + origin);
 28 img.onerror = _ => resolve("'" + name + "=" + value + "' not present on " + origin);
 29
 30 // We need to URL encode the destination path/query if we're redirecting:
 31 if (origin.match(/\/redir/))
 32 img.src = origin + encodeURIComponent("/cookies/resources/imgIfMatch.py?name=" + name + "&value=" + value);
 33 else
 34 img.src = origin + "/cookies/resources/imgIfMatch.py?name=" + name + "&value=" + value;
 35 });
 36 }
 37
 38 function create_test(origin, target, expectedStatus, title) {
 39 promise_test(t => {
 40 var value = "" + Math.random();
 41 return resetSameSiteCookies(origin, value)
 42 .then(_ => {
 43 var asserts = [assert_cookie_present(target, "samesite_none", value),
 44 expectedStatus == SameSiteStatus.STRICT ?
 45 assert_cookie_present(target, "samesite_strict", value) :
 46 assert_cookie_absent(target, "samesite_strict", value),
 47 expectedStatus == SameSiteStatus.CROSS_SITE ?
 48 assert_cookie_absent(target, "samesite_lax", value) :
 49 assert_cookie_present(target, "samesite_lax", value)];
 50 if (isLegacySameSite()) {
 51 // Legacy behavior: unspecified SameSite acts like SameSite=None.
 52 asserts.push(assert_cookie_present(target, "samesite_unspecified", value));
 53 } else {
 54 asserts.push(expectedStatus == SameSiteStatus.CROSS_SITE ?
 55 assert_cookie_absent(target, "samesite_unspecified", value) :
 56 assert_cookie_present(target, "samesite_unspecified", value));
 57 }
 58 return Promise.all(asserts);
 59 });
 60 }, title);
 61 }
 62
 63 // No redirect:
 64 create_test(SECURE_ORIGIN, SECURE_ORIGIN, SameSiteStatus.STRICT, "Same-host images are strictly same-site");
 65 create_test(SECURE_SUBDOMAIN_ORIGIN, SECURE_SUBDOMAIN_ORIGIN, SameSiteStatus.STRICT, "Subdomain images are strictly same-site");
 66 create_test(SECURE_CROSS_SITE_ORIGIN, SECURE_CROSS_SITE_ORIGIN, SameSiteStatus.CROSS_SITE, "Cross-site images are cross-site");
 67
 68 // Redirect from {same-host,subdomain,cross-site} to same-host:
 69 create_test(SECURE_ORIGIN, redirectTo(SECURE_ORIGIN, SECURE_ORIGIN), SameSiteStatus.STRICT, "Same-host redirecting to same-host images are strictly same-site");
 70 create_test(SECURE_ORIGIN, redirectTo(SECURE_SUBDOMAIN_ORIGIN, SECURE_ORIGIN), SameSiteStatus.STRICT, "Subdomain redirecting to same-host images are strictly same-site");
 71 create_test(SECURE_ORIGIN, redirectTo(SECURE_CROSS_SITE_ORIGIN, SECURE_ORIGIN), SameSiteStatus.CROSS_SITE, "Cross-site redirecting to same-host images are cross-site");
 72
 73 // Redirect from {same-host,subdomain,cross-site} to same-host:
 74 create_test(SECURE_SUBDOMAIN_ORIGIN, redirectTo(SECURE_ORIGIN, SECURE_SUBDOMAIN_ORIGIN), SameSiteStatus.STRICT, "Same-host redirecting to subdomain images are strictly same-site");
 75 create_test(SECURE_SUBDOMAIN_ORIGIN, redirectTo(SECURE_SUBDOMAIN_ORIGIN, SECURE_SUBDOMAIN_ORIGIN), SameSiteStatus.STRICT, "Subdomain redirecting to subdomain images are strictly same-site");
 76 create_test(SECURE_SUBDOMAIN_ORIGIN, redirectTo(SECURE_CROSS_SITE_ORIGIN, SECURE_SUBDOMAIN_ORIGIN), SameSiteStatus.CROSS_SITE, "Cross-site redirecting to subdomain images are cross-site");
 77
 78 // Redirect from {same-host,subdomain,cross-site} to cross-site:
 79 create_test(SECURE_CROSS_SITE_ORIGIN, redirectTo(SECURE_ORIGIN, SECURE_CROSS_SITE_ORIGIN), SameSiteStatus.CROSS_SITE, "Same-host redirecting to cross-site images are cross-site");
 80 create_test(SECURE_CROSS_SITE_ORIGIN, redirectTo(SECURE_SUBDOMAIN_ORIGIN, SECURE_CROSS_SITE_ORIGIN), SameSiteStatus.CROSS_SITE, "Subdomain redirecting to cross-site images are cross-site");
 81 create_test(SECURE_CROSS_SITE_ORIGIN, redirectTo(SECURE_CROSS_SITE_ORIGIN, SECURE_CROSS_SITE_ORIGIN), SameSiteStatus.CROSS_SITE, "Cross-site redirecting to cross-site images are cross-site");
 82</script>

LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/multiple-samesite-attributes.https-expected.txt

 1Blocked access to external URL https://www1.localhost:9443/cookies/resources/dropSameSiteMultiAttribute.py
 2CONSOLE MESSAGE: Fetch API cannot load https://www1.localhost:9443/cookies/resources/dropSameSiteMultiAttribute.py due to access control checks.
 3Blocked access to external URL https://www1.localhost:9443/cookies/resources/redirectWithCORSHeaders.py?status=307&location=https%3A%2F%2Flocalhost%3A9443%2Fcookies%2Fresources%2FimgIfMatch.py%3Fname%3Dsamesite_unsupported_none%26value%3D0.5925441149438584
 4Blocked access to external URL https://www1.localhost:9443/cookies/resources/redirectWithCORSHeaders.py?status=307&location=https%3A%2F%2Flocalhost%3A9443%2Fcookies%2Fresources%2FimgIfMatch.py%3Fname%3Dsamesite_lax_none%26value%3D0.5925441149438584
 5Blocked access to external URL https://www1.localhost:9443/cookies/resources/redirectWithCORSHeaders.py?status=307&location=https%3A%2F%2Flocalhost%3A9443%2Fcookies%2Fresources%2FimgIfMatch.py%3Fname%3Dsamesite_unsupported_strict%26value%3D0.5925441149438584
 6Blocked access to external URL https://www1.localhost:9443/cookies/resources/redirectWithCORSHeaders.py?status=307&location=https%3A%2F%2Flocalhost%3A9443%2Fcookies%2Fresources%2FimgIfMatch.py%3Fname%3Dsamesite_lax_strict%26value%3D0.5925441149438584
 7Blocked access to external URL https://www1.localhost:9443/cookies/resources/redirectWithCORSHeaders.py?status=307&location=https%3A%2F%2Flocalhost%3A9443%2Fcookies%2Fresources%2FimgIfMatch.py%3Fname%3Dsamesite_unsupported_lax%26value%3D0.5925441149438584
 8Blocked access to external URL https://www1.localhost:9443/cookies/resources/redirectWithCORSHeaders.py?status=307&location=https%3A%2F%2Flocalhost%3A9443%2Fcookies%2Fresources%2FimgIfMatch.py%3Fname%3Dsamesite_strict_lax%26value%3D0.5925441149438584
 9Blocked access to external URL https://www1.localhost:9443/cookies/resources/redirectWithCORSHeaders.py?status=307&location=https%3A%2F%2Flocalhost%3A9443%2Fcookies%2Fresources%2FimgIfMatch.py%3Fname%3Dsamesite_none_unsupported%26value%3D0.5925441149438584
 10Blocked access to external URL https://www1.localhost:9443/cookies/resources/redirectWithCORSHeaders.py?status=307&location=https%3A%2F%2Flocalhost%3A9443%2Fcookies%2Fresources%2FimgIfMatch.py%3Fname%3Dsamesite_lax_unsupported%26value%3D0.5925441149438584
 11Blocked access to external URL https://www1.localhost:9443/cookies/resources/redirectWithCORSHeaders.py?status=307&location=https%3A%2F%2Flocalhost%3A9443%2Fcookies%2Fresources%2FimgIfMatch.py%3Fname%3Dsamesite_strict_unsupported%26value%3D0.5925441149438584
 12Blocked access to external URL https://www1.localhost:9443/cookies/resources/redirectWithCORSHeaders.py?status=307&location=https%3A%2F%2Flocalhost%3A9443%2Fcookies%2Fresources%2FimgIfMatch.py%3Fname%3Dsamesite_unsupported%26value%3D0.5925441149438584
 13Blocked access to external URL https://www1.localhost:9443/cookies/resources/dropSameSiteMultiAttribute.py
 14CONSOLE MESSAGE: Fetch API cannot load https://www1.localhost:9443/cookies/resources/dropSameSiteMultiAttribute.py due to access control checks.
 15Blocked access to external URL https://www1.localhost:9443/cookies/resources/dropSameSiteMultiAttribute.py
 16CONSOLE MESSAGE: Fetch API cannot load https://www1.localhost:9443/cookies/resources/dropSameSiteMultiAttribute.py due to access control checks.
 17Blocked access to external URL https://www1.localhost:9443/cookies/resources/dropSameSiteMultiAttribute.py
 18CONSOLE MESSAGE: Fetch API cannot load https://www1.localhost:9443/cookies/resources/dropSameSiteMultiAttribute.py due to access control checks.
 19Blocked access to external URL https://www1.localhost:9443/cookies/resources/redirectWithCORSHeaders.py?status=307&location=https%3A%2F%2F127.0.0.1%3A9443%2Fcookies%2Fresources%2FimgIfMatch.py%3Fname%3Dsamesite_unsupported_none%26value%3D0.10277761549984665
 20Blocked access to external URL https://www1.localhost:9443/cookies/resources/redirectWithCORSHeaders.py?status=307&location=https%3A%2F%2F127.0.0.1%3A9443%2Fcookies%2Fresources%2FimgIfMatch.py%3Fname%3Dsamesite_lax_none%26value%3D0.10277761549984665
 21Blocked access to external URL https://www1.localhost:9443/cookies/resources/redirectWithCORSHeaders.py?status=307&location=https%3A%2F%2F127.0.0.1%3A9443%2Fcookies%2Fresources%2FimgIfMatch.py%3Fname%3Dsamesite_unsupported_strict%26value%3D0.10277761549984665
 22Blocked access to external URL https://www1.localhost:9443/cookies/resources/redirectWithCORSHeaders.py?status=307&location=https%3A%2F%2F127.0.0.1%3A9443%2Fcookies%2Fresources%2FimgIfMatch.py%3Fname%3Dsamesite_lax_strict%26value%3D0.10277761549984665
 23Blocked access to external URL https://www1.localhost:9443/cookies/resources/redirectWithCORSHeaders.py?status=307&location=https%3A%2F%2F127.0.0.1%3A9443%2Fcookies%2Fresources%2FimgIfMatch.py%3Fname%3Dsamesite_unsupported_lax%26value%3D0.10277761549984665
 24Blocked access to external URL https://www1.localhost:9443/cookies/resources/redirectWithCORSHeaders.py?status=307&location=https%3A%2F%2F127.0.0.1%3A9443%2Fcookies%2Fresources%2FimgIfMatch.py%3Fname%3Dsamesite_strict_lax%26value%3D0.10277761549984665
 25Blocked access to external URL https://www1.localhost:9443/cookies/resources/redirectWithCORSHeaders.py?status=307&location=https%3A%2F%2F127.0.0.1%3A9443%2Fcookies%2Fresources%2FimgIfMatch.py%3Fname%3Dsamesite_none_unsupported%26value%3D0.10277761549984665
 26Blocked access to external URL https://www1.localhost:9443/cookies/resources/redirectWithCORSHeaders.py?status=307&location=https%3A%2F%2F127.0.0.1%3A9443%2Fcookies%2Fresources%2FimgIfMatch.py%3Fname%3Dsamesite_lax_unsupported%26value%3D0.10277761549984665
 27Blocked access to external URL https://www1.localhost:9443/cookies/resources/redirectWithCORSHeaders.py?status=307&location=https%3A%2F%2F127.0.0.1%3A9443%2Fcookies%2Fresources%2FimgIfMatch.py%3Fname%3Dsamesite_strict_unsupported%26value%3D0.10277761549984665
 28Blocked access to external URL https://www1.localhost:9443/cookies/resources/redirectWithCORSHeaders.py?status=307&location=https%3A%2F%2F127.0.0.1%3A9443%2Fcookies%2Fresources%2FimgIfMatch.py%3Fname%3Dsamesite_unsupported%26value%3D0.10277761549984665
 29
 30PASS Same-host images are strictly same-site
 31FAIL Subdomain images are strictly same-site promise_test: Unhandled rejection with value: object "TypeError: Type error"
 32FAIL Cross-site images are cross-site promise_test: Unhandled rejection with value: "'samesite_unsupported_none=0.4251158568179104' not present on https://127.0.0.1:9443"
 33PASS Same-host redirecting to same-host images are strictly same-site
 34FAIL Subdomain redirecting to same-host images are strictly same-site promise_test: Unhandled rejection with value: "'samesite_unsupported_none=0.5925441149438584' not present on https://www1.localhost:9443/cookies/resources/redirectWithCORSHeaders.py?status=307&location=https%3A%2F%2Flocalhost%3A9443"
 35FAIL Cross-site redirecting to same-host images are cross-site promise_test: Unhandled rejection with value: "'samesite_unsupported=0.7557209747347237' present on https://127.0.0.1:9443/cookies/resources/redirectWithCORSHeaders.py?status=307&location=https%3A%2F%2Flocalhost%3A9443"
 36FAIL Same-host redirecting to subdomain images are strictly same-site promise_test: Unhandled rejection with value: object "TypeError: Type error"
 37FAIL Subdomain redirecting to subdomain images are strictly same-site promise_test: Unhandled rejection with value: object "TypeError: Type error"
 38FAIL Cross-site redirecting to subdomain images are cross-site promise_test: Unhandled rejection with value: object "TypeError: Type error"
 39FAIL Same-host redirecting to cross-site images are cross-site promise_test: Unhandled rejection with value: "'samesite_unsupported_none=0.7620305670628387' not present on https://localhost:9443/cookies/resources/redirectWithCORSHeaders.py?status=307&location=https%3A%2F%2F127.0.0.1%3A9443"
 40FAIL Subdomain redirecting to cross-site images are cross-site promise_test: Unhandled rejection with value: "'samesite_unsupported_none=0.10277761549984665' not present on https://www1.localhost:9443/cookies/resources/redirectWithCORSHeaders.py?status=307&location=https%3A%2F%2F127.0.0.1%3A9443"
 41FAIL Cross-site redirecting to cross-site images are cross-site promise_test: Unhandled rejection with value: "'samesite_lax_none=0.11262820002415386' not present on https://127.0.0.1:9443/cookies/resources/redirectWithCORSHeaders.py?status=307&location=https%3A%2F%2F127.0.0.1%3A9443"
 42

LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/multiple-samesite-attributes.https.html

 1<!DOCTYPE html>
 2<meta charset="utf-8"/>
 3<meta name="timeout" content="long">
 4<meta name="variant" content="">
 5<meta name="variant" content="?legacy-samesite">
 6<script src="/resources/testharness.js"></script>
 7<script src="/resources/testharnessreport.js"></script>
 8<script src="/cookies/resources/cookie-helper.sub.js"></script>
 9<script>
 10 function assert_cookie_present(origin, name, value) {
 11 return new Promise((resolve, reject) => {
 12 var img = document.createElement("img");
 13 img.onload = _ => resolve("'" + name + "=" + value + "' present on " + origin);
 14 img.onerror = _ => reject("'" + name + "=" + value + "' not present on " + origin);
 15
 16 // We need to URL encode the destination path/query if we're redirecting:
 17 if (origin.match(/\/redir/))
 18 img.src = origin + encodeURIComponent("/cookies/resources/imgIfMatch.py?name=" + name + "&value=" + value);
 19 else
 20 img.src = origin + "/cookies/resources/imgIfMatch.py?name=" + name + "&value=" + value;
 21 });
 22 }
 23
 24 function assert_cookie_absent(origin, name, value) {
 25 return new Promise((resolve, reject) => {
 26 var img = document.createElement("img");
 27 img.onload = _ => reject("'" + name + "=" + value + "' present on " + origin);
 28 img.onerror = _ => resolve("'" + name + "=" + value + "' not present on " + origin);
 29
 30 // We need to URL encode the destination path/query if we're redirecting:
 31 if (origin.match(/\/redir/))
 32 img.src = origin + encodeURIComponent("/cookies/resources/imgIfMatch.py?name=" + name + "&value=" + value);
 33 else
 34 img.src = origin + "/cookies/resources/imgIfMatch.py?name=" + name + "&value=" + value;
 35 });
 36 }
 37
 38 function create_test(origin, target, expectedStatus, title) {
 39 promise_test(t => {
 40 var value = "" + Math.random();
 41 return resetSameSiteMultiAttributeCookies(origin, value)
 42 .then(_ => {
 43 var asserts = [
 44 assert_cookie_present(target, "samesite_unsupported_none", value),
 45 assert_cookie_present(target, "samesite_lax_none", value),
 46 expectedStatus == SameSiteStatus.STRICT ?
 47 assert_cookie_present(target, "samesite_unsupported_strict", value) :
 48 assert_cookie_absent(target, "samesite_unsupported_strict", value),
 49 expectedStatus == SameSiteStatus.STRICT ?
 50 assert_cookie_present(target, "samesite_lax_strict", value) :
 51 assert_cookie_absent(target, "samesite_lax_strict", value),
 52 expectedStatus == SameSiteStatus.CROSS_SITE ?
 53 assert_cookie_absent(target, "samesite_unsupported_lax", value) :
 54 assert_cookie_present(target, "samesite_unsupported_lax", value),
 55 expectedStatus == SameSiteStatus.CROSS_SITE ?
 56 assert_cookie_absent(target, "samesite_strict_lax", value) :
 57 assert_cookie_present(target, "samesite_strict_lax", value)
 58 ];
 59 if (isLegacySameSite()) {
 60 // Legacy behavior: unsupported SameSite value acts like SameSite=None.
 61 asserts.push(assert_cookie_present(target, "samesite_none_unsupported", value));
 62 asserts.push(assert_cookie_present(target, "samesite_lax_unsupported", value));
 63 asserts.push(assert_cookie_present(target, "samesite_strict_unsupported", value));
 64 asserts.push(assert_cookie_present(target, "samesite_unsupported", value));
 65 } else {
 66 asserts.push(expectedStatus == SameSiteStatus.CROSS_SITE ?
 67 assert_cookie_absent(target, "samesite_none_unsupported", value) :
 68 assert_cookie_present(target, "samesite_none_unsupported", value));
 69 asserts.push(expectedStatus == SameSiteStatus.CROSS_SITE ?
 70 assert_cookie_absent(target, "samesite_lax_unsupported", value) :
 71 assert_cookie_present(target, "samesite_lax_unsupported", value));
 72 asserts.push(expectedStatus == SameSiteStatus.CROSS_SITE ?
 73 assert_cookie_absent(target, "samesite_strict_unsupported", value) :
 74 assert_cookie_present(target, "samesite_strict_unsupported", value));
 75 asserts.push(expectedStatus == SameSiteStatus.CROSS_SITE ?
 76 assert_cookie_absent(target, "samesite_unsupported", value) :
 77 assert_cookie_present(target, "samesite_unsupported", value));
 78 }
 79 return Promise.all(asserts);
 80 });
 81 }, title);
 82 }
 83
 84 // No redirect:
 85 create_test(SECURE_ORIGIN, SECURE_ORIGIN, SameSiteStatus.STRICT, "Same-host images are strictly same-site");
 86 create_test(SECURE_SUBDOMAIN_ORIGIN, SECURE_SUBDOMAIN_ORIGIN, SameSiteStatus.STRICT, "Subdomain images are strictly same-site");
 87 create_test(SECURE_CROSS_SITE_ORIGIN, SECURE_CROSS_SITE_ORIGIN, SameSiteStatus.CROSS_SITE, "Cross-site images are cross-site");
 88
 89 // Redirect from {same-host,subdomain,cross-site} to same-host:
 90 create_test(SECURE_ORIGIN, redirectTo(SECURE_ORIGIN, SECURE_ORIGIN), SameSiteStatus.STRICT, "Same-host redirecting to same-host images are strictly same-site");
 91 create_test(SECURE_ORIGIN, redirectTo(SECURE_SUBDOMAIN_ORIGIN, SECURE_ORIGIN), SameSiteStatus.STRICT, "Subdomain redirecting to same-host images are strictly same-site");
 92 create_test(SECURE_ORIGIN, redirectTo(SECURE_CROSS_SITE_ORIGIN, SECURE_ORIGIN), SameSiteStatus.CROSS_SITE, "Cross-site redirecting to same-host images are cross-site");
 93
 94 // Redirect from {same-host,subdomain,cross-site} to same-host:
 95 create_test(SECURE_SUBDOMAIN_ORIGIN, redirectTo(SECURE_ORIGIN, SECURE_SUBDOMAIN_ORIGIN), SameSiteStatus.STRICT, "Same-host redirecting to subdomain images are strictly same-site");
 96 create_test(SECURE_SUBDOMAIN_ORIGIN, redirectTo(SECURE_SUBDOMAIN_ORIGIN, SECURE_SUBDOMAIN_ORIGIN), SameSiteStatus.STRICT, "Subdomain redirecting to subdomain images are strictly same-site");
 97 create_test(SECURE_SUBDOMAIN_ORIGIN, redirectTo(SECURE_CROSS_SITE_ORIGIN, SECURE_SUBDOMAIN_ORIGIN), SameSiteStatus.CROSS_SITE, "Cross-site redirecting to subdomain images are cross-site");
 98
 99 // Redirect from {same-host,subdomain,cross-site} to cross-site:
 100 create_test(SECURE_CROSS_SITE_ORIGIN, redirectTo(SECURE_ORIGIN, SECURE_CROSS_SITE_ORIGIN), SameSiteStatus.CROSS_SITE, "Same-host redirecting to cross-site images are cross-site");
 101 create_test(SECURE_CROSS_SITE_ORIGIN, redirectTo(SECURE_SUBDOMAIN_ORIGIN, SECURE_CROSS_SITE_ORIGIN), SameSiteStatus.CROSS_SITE, "Subdomain redirecting to cross-site images are cross-site");
 102 create_test(SECURE_CROSS_SITE_ORIGIN, redirectTo(SECURE_CROSS_SITE_ORIGIN, SECURE_CROSS_SITE_ORIGIN), SameSiteStatus.CROSS_SITE, "Cross-site redirecting to cross-site images are cross-site");
 103</script>

LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/resources/echo-cookies.html

 1<!DOCTYPE html>
 2<meta charset="utf-8">
 3<script>
 4 if (window.opener)
 5 window.opener.postMessage({ type: 'COOKIES_SET', cookies: document.cookie }, '*');
 6 if (window.parent !== window)
 7 window.parent.postMessage({ type: 'FRAME_COOKIES_SET', cookies: document.cookie }, '*');
 8</script>

LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/resources/iframe-navigate-report.html

 1<!DOCTYPE html>
 2<iframe src="/cookies/resources/postToParent.py">
 3</iframe>

LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/resources/iframe-subresource-report.html

 1<!DOCTYPE html>
 2<head>
 3<script src="/cookies/resources/cookie-helper.sub.js"></script>
 4<script>
 5function reportSubresourceCookies() {
 6 credFetch(SECURE_ORIGIN + "/cookies/resources/list.py")
 7 .then(r => r.json())
 8 .then(cookies => { cookies.type = "COOKIES";
 9 target = window.opener ? window.opener : window.parent;
 10 target.postMessage(cookies, "*");});
 11}
 12</script>
 13</head>
 14<body onload="reportSubresourceCookies()">

LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/resources/iframe.document.html

 1<!DOCTYPE html>
 2<script>
 3 var value = "" + Math.random();
 4 document.cookie = `dc_samesite_strict=${value}; secure; sameSite=strict; path=/`;
 5 document.cookie = `dc_samesite_lax=${value}; secure; sameSite=lax; path=/`;
 6 document.cookie = `dc_samesite_none=${value}; secure; sameSite=none; path=/`;
 7 parent.postMessage({value}, "*");
 8</script>

LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/resources/navigate-iframe.html

 1<!DOCTYPE html>
 2<meta charset="utf-8">
 3<script src="/cookies/resources/cookie-helper.sub.js"></script>
 4<script>
 5 window.addEventListener('load', function() {
 6 window.opener.postMessage({ type: 'LOADED' }, '*');
 7 });
 8
 9 window.addEventListener('message', function(e) {
 10 if (SECURE_ORIGIN !== window.location.origin)
 11 return;
 12
 13 if (e.data.type === "initialize-iframe")
 14 window.frames[0].location = e.data.url;
 15 if (e.data.type === "navigate-iframe")
 16 window.frames[0].postMessage({ type: 'navigate', url: e.data.url }, '*');
 17
 18 // Relay messages sent by the subframe to the opener.
 19 if (e.data.type === 'FRAME_READY')
 20 window.opener.postMessage({ type: 'FRAME_READY' }, '*');
 21
 22 if (e.data.type === 'FRAME_COOKIES_SET')
 23 window.opener.postMessage({ type: 'FRAME_COOKIES_SET', cookies: e.data.cookies }, '*');
 24 });
 25</script>
 26<iframe></iframe>

LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/resources/navigate.html

 1<!DOCTYPE html>
 2<meta charset="utf-8">
 3<script src="/cookies/resources/cookie-helper.sub.js"></script>
 4<script>
 5 window.addEventListener('load', function() {
 6 if (window.opener)
 7 window.opener.postMessage({ type: 'READY' }, '*');
 8 if (window.parent !== window)
 9 window.parent.postMessage({ type: 'FRAME_READY' }, '*');
 10 });
 11
 12 window.addEventListener('message', function(e) {
 13 if (e.data.type === "navigate") {
 14 window.location = e.data.url;
 15 }
 16
 17 if (e.data.type === "post-form") {
 18 var f = document.createElement('form');
 19 f.action = e.data.url;
 20 f.method = "POST";
 21 document.body.appendChild(f);
 22 f.submit();
 23 }
 24 });
 25</script>

LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/resources/puppet.html

 1<!DOCTYPE html>
 2<script src="/cookies/resources/cookie-helper.sub.js"></script>
 3<script>
 4 // Helper to either set or clear some cookies on its own origin, or
 5 // (potentially) cross-site on SECURE_ORIGIN.
 6 window.onmessage = e => {
 7 var originToUse = SECURE_ORIGIN;
 8 if (e.data.useOwnOrigin)
 9 originToUse = self.origin;
 10
 11 if (e.data.type === "set") {
 12 credFetch(originToUse + "/cookies/resources/setSameSite.py?" + e.data.value)
 13 .then(_ => {
 14 e.source.postMessage({
 15 type: "set-complete",
 16 value: e.data.value
 17 }, "*");
 18 });
 19 }
 20
 21 if (e.data.type === "drop") {
 22 credFetch(originToUse + "/cookies/resources/dropSameSite.py")
 23 .then(_ => {
 24 e.source.postMessage({type: "drop-complete"}, "*");
 25 });
 26 }
 27 };
 28
 29 window.opener.postMessage({
 30 type: "READY"
 31 }, "*");
 32</script>

LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/resources/w3c-import.log

 1The tests in this directory were imported from the W3C repository.
 2Do NOT modify these tests directly in WebKit.
 3Instead, create a pull request on the WPT github:
 4 https://github.com/web-platform-tests/wpt
 5
 6Then run the Tools/Scripts/import-w3c-tests in WebKit to reimport
 7
 8Do NOT modify or remove this file.
 9
 10------------------------------------------------------------------------
 11Properties requiring vendor prefixes:
 12None
 13Property values requiring vendor prefixes:
 14None
 15------------------------------------------------------------------------
 16List of files:
 17/LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/resources/echo-cookies.html
 18/LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/resources/iframe-navigate-report.html
 19/LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/resources/iframe-subresource-report.html
 20/LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/resources/iframe.document.html
 21/LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/resources/navigate-iframe.html
 22/LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/resources/navigate.html
 23/LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/resources/puppet.html

LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/sandbox-iframe-nested.https-expected.txt

 1
 2
 3FAIL SameSite cookies with intervening sandboxed iframe and navigation assert_equals: `samesite_lax=0.07283376622792892` in request to `https://localhost:9443`. expected (undefined) undefined but got (string) "0.07283376622792892"
 4

LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/sandbox-iframe-nested.https.html

 1<!DOCTYPE html>
 2<head>
 3 <script src="/resources/testharness.js"></script>
 4 <script src="/resources/testharnessreport.js"></script>
 5 <script src="/cookies/resources/cookie-helper.sub.js"></script>
 6</head>
 7<body onload="doTests()">
 8 <iframe id="if" sandbox="allow-scripts">
 9 </iframe>
 10 <script>
 11 function doTests() {
 12 promise_test(async function(t) {
 13 var value = "" + Math.random();
 14 await resetSameSiteCookies(SECURE_ORIGIN, value);
 15 var child = document.getElementById("if");
 16 child.src = SECURE_ORIGIN + "/cookies/samesite/resources/iframe-navigate-report.html";
 17
 18 // the iframe nested inside if should post COOKIES to here.
 19 var e = await wait_for_message("COOKIES");
 20 // Not testing unspecified here as to not depend on the presence or
 21 // absence of upcoming change of behavior.
 22 assert_cookie(SECURE_ORIGIN, e.data, "samesite_lax", value, false);
 23 assert_cookie(SECURE_ORIGIN, e.data, "samesite_strict", value, false);
 24 assert_cookie(SECURE_ORIGIN, e.data, "samesite_none", value, true);
 25 }, "SameSite cookies with intervening sandboxed iframe and navigation");
 26 }
 27 </script>
 28</body>

LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/sandbox-iframe-subresource.https-expected.txt

 1
 2
 3FAIL SameSite cookies with intervening sandboxed iframe and subresources assert_equals: `samesite_lax=0.959107380167203` in request to `https://localhost:9443`. expected (undefined) undefined but got (string) "0.959107380167203"
 4

LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/sandbox-iframe-subresource.https.html

 1<!DOCTYPE html>
 2<head>
 3 <script src="/resources/testharness.js"></script>
 4 <script src="/resources/testharnessreport.js"></script>
 5 <script src="/cookies/resources/cookie-helper.sub.js"></script>
 6</head>
 7<body onload="doTests()">
 8 <iframe id="if" sandbox="allow-scripts">
 9 </iframe>
 10 <script>
 11 function doTests() {
 12 promise_test(async function(t) {
 13 var value = "" + Math.random();
 14 await resetSameSiteCookies(SECURE_ORIGIN, value);
 15 var child = document.getElementById("if");
 16 child.src = SECURE_ORIGIN + "/cookies/samesite/resources/iframe-subresource-report.html";
 17
 18 // the iframe nested inside if should post COOKIES to here.
 19 var e = await wait_for_message("COOKIES");
 20 // Not testing unspecified here as to not depend on the presence or
 21 // absence of upcoming change of behavior.
 22 assert_cookie(SECURE_ORIGIN, e.data, "samesite_lax", value, false);
 23 assert_cookie(SECURE_ORIGIN, e.data, "samesite_strict", value, false);
 24 assert_cookie(SECURE_ORIGIN, e.data, "samesite_none", value, true);
 25 }, "SameSite cookies with intervening sandboxed iframe and subresources");
 26 }
 27 </script>
 28</body>

LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/setcookie-lax.https-expected.txt

 1
 2PASS Same-site window should be able to set `SameSite=Lax` or `SameSite=Strict` cookies.
 3FAIL Cross-site window shouldn't be able to set `SameSite=Lax` or `SameSite=Strict` cookies. assert_equals: `samesite_strict=0.8996410966959045` in `document.cookie` expected false but got true
 4

LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/setcookie-lax.https.html

 1<!DOCTYPE html>
 2<meta charset="utf-8"/>
 3<meta name="variant" content="">
 4<meta name="variant" content="?legacy-samesite">
 5<script src="/resources/testharness.js"></script>
 6<script src="/resources/testharnessreport.js"></script>
 7<script src="/cookies/resources/cookie-helper.sub.js"></script>
 8<script>
 9 promise_test(async function(t) {
 10 let w = window.open(SECURE_ORIGIN + "/cookies/samesite/resources/puppet.html");
 11 await wait_for_message("READY", SECURE_ORIGIN);
 12 let random = "" + Math.random();
 13 w.postMessage({type: "set", value: random}, "*");
 14 let e = await wait_for_message("set-complete", SECURE_ORIGIN)
 15 assert_dom_cookie("samesite_strict", e.data.value, true);
 16 assert_dom_cookie("samesite_lax", e.data.value, true);
 17 assert_dom_cookie("samesite_none", e.data.value, true);
 18 assert_dom_cookie("samesite_unspecified", e.data.value, true);
 19 w.close();
 20 }, "Same-site window should be able to set `SameSite=Lax` or `SameSite=Strict` cookies.");
 21
 22 promise_test(async function(t) {
 23 let w = window.open(SECURE_CROSS_SITE_ORIGIN + "/cookies/samesite/resources/puppet.html");
 24 await wait_for_message("READY", SECURE_CROSS_SITE_ORIGIN);
 25 let random = "" + Math.random();
 26 w.postMessage({type: "set", value: random}, "*");
 27 let e = await wait_for_message("set-complete", SECURE_CROSS_SITE_ORIGIN);
 28 assert_dom_cookie("samesite_strict", e.data.value, false);
 29 assert_dom_cookie("samesite_lax", e.data.value, false);
 30 assert_dom_cookie("samesite_none", e.data.value, true);
 31 assert_dom_cookie("samesite_unspecified", e.data.value, isLegacySameSite());
 32 w.close();
 33 }, "Cross-site window shouldn't be able to set `SameSite=Lax` or `SameSite=Strict` cookies.");
 34</script>

LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/setcookie-navigation.https-expected.txt

 1
 2PASS Same-site top-level navigation should be able to set SameSite=* cookies.
 3PASS Cross-site top-level navigation should be able to set SameSite=* cookies.
 4PASS Same-site top-level POST should be able to set SameSite=* cookies.
 5PASS Cross-site top-level POST should be able to set SameSite=* cookies.
 6PASS Same-site to same-site iframe navigation should be able to set SameSite=* cookies.
 7FAIL Cross-site to same-site iframe navigation should only be able to set SameSite=None cookies. assert_false: `samesite_strict=0.21151226660250522` in cookies expected false got true
 8FAIL Same-site to cross-site-site iframe navigation should only be able to set SameSite=None cookies. assert_false: `samesite_unspecified=0.5588253465393292` in cookies expected false got true
 9FAIL Cross-site to cross-site iframe navigation should only be able to set SameSite=None cookies. assert_false: `samesite_unspecified=0.8549968017632548` in cookies expected false got true
 10

LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/setcookie-navigation.https.html

 1<!DOCTYPE html>
 2<meta charset="utf-8">
 3<meta name="timeout" content="long">
 4<meta name="variant" content="">
 5<meta name="variant" content="?legacy-samesite">
 6<script src="/resources/testharness.js"></script>
 7<script src="/resources/testharnessreport.js"></script>
 8<script src="/cookies/resources/cookie-helper.sub.js"></script>
 9<script>
 10 // Asserts that cookies are present or not present (according to `expectation`)
 11 // in the cookie string `cookies` with the correct names and value.
 12 function assert_cookies_present(cookies, value, expected_cookie_names, expectation) {
 13 for (name of expected_cookie_names) {
 14 let re = new RegExp("(?:^|; )" + name + "=" + value + "(?:$|;)");
 15 let assertion = expectation ? assert_true : assert_false;
 16 assertion(re.test(cookies), "`" + name + "=" + value + "` in cookies");
 17 }
 18 }
 19
 20 // Navigate from ORIGIN to |origin_to|, expecting the navigation to set SameSite
 21 // cookies on |origin_to|.
 22 function navigate_test(method, origin_to, title) {
 23 promise_test(async function(t) {
 24 // The cookies don't need to be cleared on each run because |value| is
 25 // a new random value on each run, so on each run we are overwriting and
 26 // checking for a cookie with a different random value.
 27 let value = "" + Math.random();
 28 let url_from = SECURE_ORIGIN + "/cookies/samesite/resources/navigate.html";
 29 let url_to = origin_to + "/cookies/resources/setSameSite.py?" + value;
 30 var w = window.open(url_from);
 31 await wait_for_message('READY', SECURE_ORIGIN);
 32 assert_equals(SECURE_ORIGIN, window.origin);
 33 assert_equals(SECURE_ORIGIN, w.origin);
 34 let command = (method === "POST") ? "post-form" : "navigate";
 35 w.postMessage({ type: command, url: url_to }, "*");
 36 let message = await wait_for_message('COOKIES_SET', origin_to);
 37 let samesite_cookie_names = ['samesite_strict', 'samesite_lax', 'samesite_none', 'samesite_unspecified'];
 38 assert_cookies_present(message.data.cookies, value, samesite_cookie_names, true);
 39 w.close();
 40 }, title);
 41 }
 42
 43 // Opens a page on origin SECURE_ORIGIN containing an iframe on `iframe_origin_from`,
 44 // then navigates that iframe to `iframe_origin_to`. Expects that navigation to set
 45 // some subset of SameSite cookies.
 46 function navigate_iframe_test(iframe_origin_from, iframe_origin_to, cross_site, title) {
 47 promise_test(async function(t) {
 48 // The cookies don't need to be cleared on each run because |value| is
 49 // a new random value on each run, so on each run we are overwriting and
 50 // checking for a cookie with a different random value.
 51 let value = "" + Math.random();
 52 let parent_url = SECURE_ORIGIN + "/cookies/samesite/resources/navigate-iframe.html";
 53 let iframe_url_from = iframe_origin_from + "/cookies/samesite/resources/navigate.html";
 54 let iframe_url_to = iframe_origin_to + "/cookies/resources/setSameSite.py?" + value;
 55 var w = window.open(parent_url);
 56 await wait_for_message('LOADED', SECURE_ORIGIN);
 57 assert_equals(SECURE_ORIGIN, window.origin);
 58 assert_equals(SECURE_ORIGIN, w.origin);
 59 // Navigate the frame to its starting location.
 60 w.postMessage({ type: 'initialize-iframe', url: iframe_url_from }, '*');
 61 await wait_for_message('FRAME_READY', SECURE_ORIGIN);
 62 // Have the frame navigate itself, possibly cross-site.
 63 w.postMessage({ type: 'navigate-iframe', url: iframe_url_to }, '*');
 64 let message = await wait_for_message('FRAME_COOKIES_SET', SECURE_ORIGIN);
 65 // Check for the proper cookies.
 66 let samesite_none_cookies = ['samesite_none'];
 67 let samesite_cookies = ['samesite_strict', 'samesite_lax'];
 68 (isLegacySameSite() ? samesite_none_cookies : samesite_cookies).push('samesite_unspecified');
 69 assert_cookies_present(message.data.cookies, value, samesite_none_cookies, true);
 70 assert_cookies_present(message.data.cookies, value, samesite_cookies, !cross_site);
 71 w.close();
 72 }, title);
 73 }
 74
 75 navigate_test("GET", SECURE_ORIGIN, "Same-site top-level navigation should be able to set SameSite=* cookies.");
 76 navigate_test("GET", SECURE_CROSS_SITE_ORIGIN, "Cross-site top-level navigation should be able to set SameSite=* cookies.");
 77 navigate_test("POST", SECURE_ORIGIN, "Same-site top-level POST should be able to set SameSite=* cookies.");
 78 navigate_test("POST", SECURE_CROSS_SITE_ORIGIN, "Cross-site top-level POST should be able to set SameSite=* cookies.");
 79
 80 navigate_iframe_test(SECURE_ORIGIN, SECURE_ORIGIN, false, "Same-site to same-site iframe navigation should be able to set SameSite=* cookies.");
 81 navigate_iframe_test(SECURE_CROSS_SITE_ORIGIN, SECURE_ORIGIN, true, "Cross-site to same-site iframe navigation should only be able to set SameSite=None cookies.");
 82 navigate_iframe_test(SECURE_ORIGIN, SECURE_CROSS_SITE_ORIGIN, true, "Same-site to cross-site-site iframe navigation should only be able to set SameSite=None cookies.");
 83 navigate_iframe_test(SECURE_CROSS_SITE_ORIGIN, SECURE_CROSS_SITE_ORIGIN, true, "Cross-site to cross-site iframe navigation should only be able to set SameSite=None cookies.");
 84</script>

LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/w3c-import.log

 1The tests in this directory were imported from the W3C repository.
 2Do NOT modify these tests directly in WebKit.
 3Instead, create a pull request on the WPT github:
 4 https://github.com/web-platform-tests/wpt
 5
 6Then run the Tools/Scripts/import-w3c-tests in WebKit to reimport
 7
 8Do NOT modify or remove this file.
 9
 10------------------------------------------------------------------------
 11Properties requiring vendor prefixes:
 12None
 13Property values requiring vendor prefixes:
 14None
 15------------------------------------------------------------------------
 16List of files:
 17/LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/about-blank-nested.https.html
 18/LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/about-blank-subresource.https.html
 19/LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/about-blank-toplevel.https.html
 20/LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/fetch.https.html
 21/LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/form-get-blank-reload.https.html
 22/LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/form-get-blank.https.html
 23/LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/form-post-blank-reload.https.html
 24/LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/form-post-blank.https.html
 25/LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/iframe-reload.https.html
 26/LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/iframe.document.https.html
 27/LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/iframe.https.html
 28/LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/img.https.html
 29/LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/multiple-samesite-attributes.https.html
 30/LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/sandbox-iframe-nested.https.html
 31/LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/sandbox-iframe-subresource.https.html
 32/LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/setcookie-lax.https.html
 33/LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/setcookie-navigation.https.html
 34/LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/window-open-reload.https.html
 35/LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/window-open.https.html

LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/window-open-reload.https-expected.txt

 1CONSOLE MESSAGE: [object MessageEvent]
 2Blocked access to external URL https://www1.localhost:9443/cookies/samesite/resources/puppet.html
 3
 4Harness Error (TIMEOUT), message = null
 5
 6PASS Reloaded same-host auxiliary navigations are strictly same-site.
 7TIMEOUT Reloaded subdomain auxiliary navigations are strictly same-site. Test timed out
 8NOTRUN Reloaded cross-site auxiliary navigations are laxly same-site
 9

LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/window-open-reload.https.html

 1<!DOCTYPE html>
 2<meta charset="utf-8"/>
 3<meta name="variant" content="">
 4<meta name="variant" content="?legacy-samesite">
 5<script src="/resources/testharness.js"></script>
 6<script src="/resources/testharnessreport.js"></script>
 7<script src="/cookies/resources/cookie-helper.sub.js"></script>
 8<script>
 9 function create_test(origin, target, expectedStatus, title) {
 10 promise_test(t => {
 11 var value = "" + Math.random();
 12 return resetSameSiteCookies(origin, value)
 13 .then(_ => {
 14 return new Promise((resolve, reject) => {
 15 var w = window.open(origin + "/cookies/resources/postToParent.py");
 16
 17 var reloaded = false;
 18 var msgHandler = e => {
 19 try {
 20 getSameSiteVerifier()(expectedStatus, value, e.data, DomSameSiteStatus.SAME_SITE);
 21 } catch (e) {
 22 reject(e);
 23 }
 24
 25 if (reloaded) {
 26 window.removeEventListener("message", msgHandler);
 27 w.close();
 28 resolve("Popup received the cookie.");
 29 } else {
 30 reloaded = true;
 31 w.postMessage("reload", "*");
 32 }
 33 };
 34 window.addEventListener("message", msgHandler);
 35
 36 if (!w)
 37 reject("Popup could not be opened (did you allow the test site in your popup blocker?).");
 38 });
 39 });
 40 }, title);
 41 }
 42
 43 create_test(SECURE_ORIGIN, SECURE_ORIGIN, SameSiteStatus.STRICT, "Reloaded same-host auxiliary navigations are strictly same-site.");
 44 create_test(SECURE_SUBDOMAIN_ORIGIN, SECURE_SUBDOMAIN_ORIGIN, SameSiteStatus.STRICT, "Reloaded subdomain auxiliary navigations are strictly same-site.");
 45 create_test(SECURE_CROSS_SITE_ORIGIN, SECURE_CROSS_SITE_ORIGIN, SameSiteStatus.LAX, "Reloaded cross-site auxiliary navigations are laxly same-site");
 46</script>

LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/window-open.https-expected.txt

 1Blocked access to external URL https://www1.localhost:9443/cookies/samesite/resources/puppet.html
 2
 3Harness Error (TIMEOUT), message = null
 4
 5PASS Same-host auxiliary navigations are strictly same-site
 6TIMEOUT Subdomain auxiliary navigations are strictly same-site Test timed out
 7NOTRUN Cross-site auxiliary navigations are laxly same-site
 8NOTRUN Same-host redirecting to same-host auxiliary navigations are strictly same-site
 9NOTRUN Subdomain redirecting to same-host auxiliary navigations are strictly same-site
 10NOTRUN Cross-site redirecting to same-host auxiliary navigations are strictly same-site
 11NOTRUN Same-host redirecting to subdomain auxiliary navigations are strictly same-site
 12NOTRUN Subdomain redirecting to subdomain auxiliary navigations are strictly same-site
 13NOTRUN Cross-site redirecting to subdomain auxiliary navigations are strictly same-site
 14NOTRUN Same-host redirecting to cross-site auxiliary navigations are laxly same-site
 15NOTRUN Subdomain redirecting to cross-site auxiliary navigations are laxly same-site
 16NOTRUN Cross-site redirecting to cross-site auxiliary navigations are laxly same-site
 17

LayoutTests/imported/w3c/web-platform-tests/cookies/samesite/window-open.https.html

 1<!DOCTYPE html>
 2<meta charset="utf-8"/>
 3<meta name="timeout" content="long">
 4<meta name="variant" content="">
 5<meta name="variant" content="?legacy-samesite">
 6<script src="/resources/testharness.js"></script>
 7<script src="/resources/testharnessreport.js"></script>
 8<script src="/cookies/resources/cookie-helper.sub.js"></script>
 9<script>
 10 function create_test(origin, target, expectedStatus, title) {
 11 promise_test(t => {
 12 var value = "" + Math.random();
 13 return resetSameSiteCookies(origin, value)
 14 .then(_ => {
 15 return new Promise((resolve, reject) => {
 16 var w = window.open(origin + "/cookies/resources/postToParent.py");
 17
 18 var msgHandler = e => {
 19 window.removeEventListener("message", msgHandler);
 20 w.close();
 21 try {
 22 getSameSiteVerifier()(expectedStatus, value, e.data, DomSameSiteStatus.SAME_SITE);
 23 resolve("Popup received the cookie.");
 24 } catch (e) {
 25 reject(e);
 26 }
 27 };
 28 window.addEventListener("message", msgHandler);
 29
 30 if (!w)
 31 reject("Popup could not be opened (did you allow the test site in your popup blocker?).");
 32 });
 33 });
 34 }, title);
 35 }
 36
 37 // No redirect:
 38 create_test(SECURE_ORIGIN, SECURE_ORIGIN, SameSiteStatus.STRICT, "Same-host auxiliary navigations are strictly same-site");
 39 create_test(SECURE_SUBDOMAIN_ORIGIN, SECURE_SUBDOMAIN_ORIGIN, SameSiteStatus.STRICT, "Subdomain auxiliary navigations are strictly same-site");
 40 create_test(SECURE_CROSS_SITE_ORIGIN, SECURE_CROSS_SITE_ORIGIN, SameSiteStatus.LAX, "Cross-site auxiliary navigations are laxly same-site");
 41
 42 // Redirect from {same-host,subdomain,cross-site} to same-host:
 43 create_test(SECURE_ORIGIN, redirectTo(SECURE_ORIGIN, SECURE_ORIGIN), SameSiteStatus.STRICT, "Same-host redirecting to same-host auxiliary navigations are strictly same-site");
 44 create_test(SECURE_ORIGIN, redirectTo(SECURE_SUBDOMAIN_ORIGIN, SECURE_ORIGIN), SameSiteStatus.STRICT, "Subdomain redirecting to same-host auxiliary navigations are strictly same-site");
 45 create_test(SECURE_ORIGIN, redirectTo(SECURE_CROSS_SITE_ORIGIN, SECURE_ORIGIN), SameSiteStatus.STRICT, "Cross-site redirecting to same-host auxiliary navigations are strictly same-site");
 46
 47 // Redirect from {same-host,subdomain,cross-site} to same-host:
 48 create_test(SECURE_SUBDOMAIN_ORIGIN, redirectTo(SECURE_ORIGIN, SECURE_SUBDOMAIN_ORIGIN), SameSiteStatus.STRICT, "Same-host redirecting to subdomain auxiliary navigations are strictly same-site");
 49 create_test(SECURE_SUBDOMAIN_ORIGIN, redirectTo(SECURE_SUBDOMAIN_ORIGIN, SECURE_SUBDOMAIN_ORIGIN), SameSiteStatus.STRICT, "Subdomain redirecting to subdomain auxiliary navigations are strictly same-site");
 50 create_test(SECURE_SUBDOMAIN_ORIGIN, redirectTo(SECURE_CROSS_SITE_ORIGIN, SECURE_SUBDOMAIN_ORIGIN), SameSiteStatus.STRICT, "Cross-site redirecting to subdomain auxiliary navigations are strictly same-site");
 51
 52 // Redirect from {same-host,subdomain,cross-site} to cross-site:
 53 create_test(SECURE_CROSS_SITE_ORIGIN, redirectTo(SECURE_ORIGIN, SECURE_CROSS_SITE_ORIGIN), SameSiteStatus.LAX, "Same-host redirecting to cross-site auxiliary navigations are laxly same-site");
 54 create_test(SECURE_CROSS_SITE_ORIGIN, redirectTo(SECURE_SUBDOMAIN_ORIGIN, SECURE_CROSS_SITE_ORIGIN), SameSiteStatus.LAX, "Subdomain redirecting to cross-site auxiliary navigations are laxly same-site");
 55 create_test(SECURE_CROSS_SITE_ORIGIN, redirectTo(SECURE_CROSS_SITE_ORIGIN, SECURE_CROSS_SITE_ORIGIN), SameSiteStatus.LAX, "Cross-site redirecting to cross-site auxiliary navigations are laxly same-site");
 56</script>

LayoutTests/imported/w3c/web-platform-tests/cookies/schemeful-same-site/resources/navigateToInsecurePostToParent.html

 1<!DOCTYPE html>
 2<meta charset="utf-8">
 3<script src="/cookies/resources/cookie-helper.sub.js"></script>
 4<script>
 5 window.location = INSECURE_ORIGIN + "/cookies/resources/postToParent.py";
 6</script>

LayoutTests/imported/w3c/web-platform-tests/cookies/schemeful-same-site/resources/w3c-import.log

 1The tests in this directory were imported from the W3C repository.
 2Do NOT modify these tests directly in WebKit.
 3Instead, create a pull request on the WPT github:
 4 https://github.com/web-platform-tests/wpt
 5
 6Then run the Tools/Scripts/import-w3c-tests in WebKit to reimport
 7
 8Do NOT modify or remove this file.
 9
 10------------------------------------------------------------------------
 11Properties requiring vendor prefixes:
 12None
 13Property values requiring vendor prefixes:
 14None
 15------------------------------------------------------------------------
 16List of files:
 17/LayoutTests/imported/w3c/web-platform-tests/cookies/schemeful-same-site/resources/navigateToInsecurePostToParent.html

LayoutTests/imported/w3c/web-platform-tests/cookies/schemeful-same-site/schemeful-iframe-subresource.tentative-expected.txt

 1
 2
 3FAIL SameSite cookies with intervening cross-scheme iframe and subresources assert_equals: `samesite_lax=0.2409240815385103` in request to `https://localhost:9443`. expected (undefined) undefined but got (string) "0.2409240815385103"
 4

LayoutTests/imported/w3c/web-platform-tests/cookies/schemeful-same-site/schemeful-iframe-subresource.tentative.html

 1<!DOCTYPE html>
 2<head>
 3 <script src="/resources/testharness.js"></script>
 4 <script src="/resources/testharnessreport.js"></script>
 5 <script src="/cookies/resources/cookie-helper.sub.js"></script>
 6</head>
 7<body onload="doTests()">
 8 <iframe id="if">
 9 </iframe>
 10 <script>
 11 function doTests() {
 12 promise_test(async function(t) {
 13 var value = "" + Math.random();
 14 await resetSameSiteCookies(SECURE_ORIGIN, value);
 15 var child = document.getElementById("if");
 16 child.src = SECURE_ORIGIN + "/cookies/samesite/resources/iframe-subresource-report.html";
 17
 18 // the iframe nested inside if should post COOKIES to here.
 19 var e = await wait_for_message("COOKIES");
 20 // Cross-scheme iframes should be cross-site and thus the subresources
 21 // shouldn't get Lax or Strict cookies.
 22 assert_cookie(SECURE_ORIGIN, e.data, "samesite_lax", value, false);
 23 assert_cookie(SECURE_ORIGIN, e.data, "samesite_strict", value, false);
 24 assert_cookie(SECURE_ORIGIN, e.data, "samesite_none", value, true);
 25 }, "SameSite cookies with intervening cross-scheme iframe and subresources");
 26 }
 27 </script>
 28</body>

LayoutTests/imported/w3c/web-platform-tests/cookies/schemeful-same-site/schemeful-navigation.tentative-expected.txt

 1
 2PASS Navigate same-scheme
 3FAIL Navigate cross-scheme assert_not_equals: SameSite=strict cookies cannot be sent to cross-scheme navigations got disallowed value "0.887286713799624"
 4

LayoutTests/imported/w3c/web-platform-tests/cookies/schemeful-same-site/schemeful-navigation.tentative.html

 1<!DOCTYPE html>
 2<meta charset="utf-8">
 3<meta name="timeout" content="long">
 4<meta name="variant" content="">
 5<script src="/resources/testharness.js"></script>
 6<script src="/resources/testharnessreport.js"></script>
 7<script src="/cookies/resources/cookie-helper.sub.js"></script>
 8<script>
 9 function schemeful_navigation_test(target, expectedSameSiteStatus, title) {
 10 promise_test(async function(t) {
 11 let value = "" + Math.random();
 12 document.cookie = `samesite_strict=${value}; sameSite=strict; path=/`;
 13 document.cookie = `samesite_lax=${value}; sameSite=lax; path=/`;
 14
 15 let url = target + "/cookies/schemeful-same-site/resources/navigateToInsecurePostToParent.html";
 16
 17 await new Promise((resolve, reject) => {
 18 window.onmessage = t.step_func(e => {
 19 if (e.source == window.open("", "testwindow" + value)) {
 20 e.source.close();
 21 const cookies = e.data;
 22
 23 assert_equals(cookies["samesite_lax"], value, "SameSite=lax cookies can be sent in both cases");
 24 if (expectedSameSiteStatus === SameSiteStatus.STRICT) {
 25 assert_equals(cookies["samesite_strict"], value, "SameSite=strict cookies can be sent to same-scheme navigations");
 26 } else if (expectedSameSiteStatus === SameSiteStatus.LAX) {
 27 assert_not_equals(cookies["samesite_strict"], value, "SameSite=strict cookies cannot be sent to cross-scheme navigations");
 28 }
 29
 30 resolve();
 31 }
 32 else {reject();}
 33 });
 34
 35 var w = window.open(url, "testwindow" + value);
 36 });
 37
 38 },title);}
 39
 40 schemeful_navigation_test(INSECURE_ORIGIN, SameSiteStatus.STRICT, "Navigate same-scheme");
 41 schemeful_navigation_test(SECURE_ORIGIN, SameSiteStatus.LAX, "Navigate cross-scheme");
 42</script>

LayoutTests/imported/w3c/web-platform-tests/cookies/schemeful-same-site/schemeful-subresource.tentative-expected.txt

 1
 2PASS Same-scheme subresources can send lax/strict cookies
 3FAIL Cross-scheme subresources cannot sent lax/strict cookies assert_not_equals: SameSite=lax cookies cannot be sent to cross-scheme subresources got disallowed value "0.29625763157884466"
 4

LayoutTests/imported/w3c/web-platform-tests/cookies/schemeful-same-site/schemeful-subresource.tentative.html

 1<!DOCTYPE html>
 2<meta charset="utf-8"/>
 3<meta name="timeout" content="long">
 4<script src="/resources/testharness.js"></script>
 5<script src="/resources/testharnessreport.js"></script>
 6<script src="/cookies/resources/cookie-helper.sub.js"></script>
 7<!-- We're appending an <iframe> to the document's body, so execute tests after we have a body -->
 8<body>
 9<script>
 10 function create_test(target, expectedDomStatus, title) {
 11 promise_test(async t => {
 12 var cookieValue = "" + Math.random();
 13 document.cookie = `dc_samesite_strict=${cookieValue}; sameSite=strict; path=/`;
 14 document.cookie = `dc_samesite_lax=${cookieValue}; sameSite=lax; path=/`;
 15 // SameSite=None requires `Secure` which complicates the test and we don't
 16 // need it, so don't add it.
 17
 18 await new Promise((resolve, reject) => {
 19 var iframe = document.createElement("iframe");
 20
 21 window.onmessage = t.step_func(e => {
 22 if (e.source == iframe.contentWindow) {
 23 // Cleanup, then verify cookie state:
 24 document.body.removeChild(iframe);
 25
 26 const cookies = e.data;
 27
 28 if (expectedDomStatus === DomSameSiteStatus.SAME_SITE) {
 29 assert_equals(cookies["dc_samesite_lax"], cookieValue, "SameSite=lax cookies can be sent to same-scheme subresources");
 30 assert_equals(cookies["dc_samesite_strict"], cookieValue, "SameSite=strict cookies can be sent to same-scheme subresources");
 31 } else if (expectedDomStatus === DomSameSiteStatus.CROSS_SITE) {
 32 assert_not_equals(cookies["dc_samesite_lax"], cookieValue, "SameSite=lax cookies cannot be sent to cross-scheme subresources");
 33 assert_not_equals(cookies["dc_samesite_strict"], cookieValue, "SameSite=strict cookies cannot be sent to cross-scheme subresources");
 34 }
 35
 36 resolve();
 37 }
 38 });
 39
 40 iframe.src = target + "/cookies/resources/postToParent.py";
 41 document.body.appendChild(iframe);
 42 });
 43 }, title);
 44 }
 45
 46 // Test that cross-scheme subresources (iframes in this case) are cross-site.
 47 create_test(INSECURE_ORIGIN, DomSameSiteStatus.SAME_SITE, "Same-scheme subresources can send lax/strict cookies");
 48 create_test(SECURE_ORIGIN, DomSameSiteStatus.CROSS_SITE, "Cross-scheme subresources cannot sent lax/strict cookies");
 49</script>

LayoutTests/imported/w3c/web-platform-tests/cookies/schemeful-same-site/schemeful-websockets.sub.tentative-expected.txt

 1
 2FAIL Cross-scheme WebSockets are cross-site assert_false: Cross-scheme strict expected false got true
 3

LayoutTests/imported/w3c/web-platform-tests/cookies/schemeful-same-site/schemeful-websockets.sub.tentative.html

 1<!doctype html>
 2<html>
 3<head>
 4 <meta charset=utf-8>
 5 <script src="/resources/testharness.js"></script>
 6 <script src="/resources/testharnessreport.js"></script>
 7 <script src="/cookies/resources/testharness-helpers.js"></script>
 8 <script src="/cookies/resources/cookie-helper.sub.js"></script>
 9</head>
 10<body>
 11<div id=log></div>
 12<script>
 13 promise_test(async function (t) {
 14 var value = "" + Math.random();
 15 document.cookie = `schemeful_same_site_websockets_strict=${value}; sameSite=strict; path=/`;
 16 document.cookie = `schemeful_same_site_websockets_lax=${value}; sameSite=lax; path=/`;
 17 await credFetch(SECURE_ORIGIN + "/cookies/resources/setSameSiteNone.py?" + value)
 18 t.add_cleanup(async function() {
 19 await credFetch(origin + "/cookies/resources/drop.py?name=" + "schemeful_same_site_websockets_strict");
 20 await credFetch(origin + "/cookies/resources/drop.py?name=" + "schemeful_same_site_websockets_lax");
 21 await credFetch(SECURE_ORIGIN + "/cookies/resources/dropSameSiteNone.py");
 22 });
 23
 24 var ws = new WebSocket("ws://{{host}}:{{ports[ws][0]}}/echo-cookie");
 25 return new Promise((resolve, reject) => {
 26 ws.onclose = t.step_func_done(function () {
 27 assert_unreached("'close' should not fire before 'open'.");
 28 });
 29 ws.onmessage = t.step_func(function (e) {
 30 ws.onclose = null;
 31 ws.close();
 32 // Same-scheme WebSockets should get Lax and Strict cookies.
 33 var strictRegex = new RegExp("schemeful_same_site_websockets_strict=" + value);
 34 var laxRegex = new RegExp("schemeful_same_site_websockets_lax=" + value);
 35 assert_regexp_match(e.data, strictRegex, "Same-scheme strict");
 36 assert_regexp_match(e.data, laxRegex, "Same-scheme strict");
 37
 38 var ws2 = new WebSocket("wss://{{host}}:{{ports[wss][0]}}/echo-cookie");
 39 ws2.onclose = t.step_func_done(function () {
 40 assert_unreached("'close' should not fire before 'open'.");
 41 });
 42 ws2.onmessage = t.step_func(function (e2) {
 43 ws2.onclose = null;
 44 ws2.close();
 45 // Cross-scheme WebSockets should only get samesite_none.
 46 var noneRegex = new RegExp("samesite_none_secure=" + value);
 47 assert_regexp_match(e2.data, noneRegex, "Cross-scheme none");
 48 assert_false(strictRegex.test(e2.data), "Cross-scheme strict");
 49 assert_false(laxRegex.test(e2.data), "Cross-scheme lax");
 50 resolve();
 51 });
 52 });
 53 });
 54 }, "Cross-scheme WebSockets are cross-site");
 55</script>
 56</body>
 57</html>

LayoutTests/imported/w3c/web-platform-tests/cookies/schemeful-same-site/w3c-import.log

 1The tests in this directory were imported from the W3C repository.
 2Do NOT modify these tests directly in WebKit.
 3Instead, create a pull request on the WPT github:
 4 https://github.com/web-platform-tests/wpt
 5
 6Then run the Tools/Scripts/import-w3c-tests in WebKit to reimport
 7
 8Do NOT modify or remove this file.
 9
 10------------------------------------------------------------------------
 11Properties requiring vendor prefixes:
 12None
 13Property values requiring vendor prefixes:
 14None
 15------------------------------------------------------------------------
 16List of files:
 17/LayoutTests/imported/w3c/web-platform-tests/cookies/schemeful-same-site/schemeful-iframe-subresource.tentative.html
 18/LayoutTests/imported/w3c/web-platform-tests/cookies/schemeful-same-site/schemeful-navigation.tentative.html
 19/LayoutTests/imported/w3c/web-platform-tests/cookies/schemeful-same-site/schemeful-subresource.tentative.html
 20/LayoutTests/imported/w3c/web-platform-tests/cookies/schemeful-same-site/schemeful-websockets.sub.tentative.html

LayoutTests/imported/w3c/web-platform-tests/cookies/secure/w3c-import.log

 1The tests in this directory were imported from the W3C repository.
 2Do NOT modify these tests directly in WebKit.
 3Instead, create a pull request on the WPT github:
 4 https://github.com/web-platform-tests/wpt
 5
 6Then run the Tools/Scripts/import-w3c-tests in WebKit to reimport
 7
 8Do NOT modify or remove this file.
 9
 10------------------------------------------------------------------------
 11Properties requiring vendor prefixes:
 12None
 13Property values requiring vendor prefixes:
 14None
 15------------------------------------------------------------------------
 16List of files:
 17/LayoutTests/imported/w3c/web-platform-tests/cookies/secure/set-from-dom.https.sub.html
 18/LayoutTests/imported/w3c/web-platform-tests/cookies/secure/set-from-dom.sub.html
 19/LayoutTests/imported/w3c/web-platform-tests/cookies/secure/set-from-http.https.sub.html
 20/LayoutTests/imported/w3c/web-platform-tests/cookies/secure/set-from-http.https.sub.html.headers
 21/LayoutTests/imported/w3c/web-platform-tests/cookies/secure/set-from-http.sub.html
 22/LayoutTests/imported/w3c/web-platform-tests/cookies/secure/set-from-http.sub.html.headers
 23/LayoutTests/imported/w3c/web-platform-tests/cookies/secure/set-from-ws.sub.html
 24/LayoutTests/imported/w3c/web-platform-tests/cookies/secure/set-from-wss.https.sub.html

LayoutTests/imported/w3c/web-platform-tests/cookies/value/value-ctl-expected.txt

 1
 2PASS Cookie with %x0 in value is truncated.
 3PASS Cookie with %xa in value is truncated.
 4PASS Cookie with %xd in value is truncated.
 5FAIL Cookie with %x1 in value is rejected. assert_equals: The cookie was rejected. expected "" but got "test=1"
 6FAIL Cookie with %x2 in value is rejected. assert_equals: The cookie was rejected. expected "" but got "test=2"
 7FAIL Cookie with %x3 in value is rejected. assert_equals: The cookie was rejected. expected "" but got "test=3"
 8FAIL Cookie with %x4 in value is rejected. assert_equals: The cookie was rejected. expected "" but got "test=4"
 9FAIL Cookie with %x5 in value is rejected. assert_equals: The cookie was rejected. expected "" but got "test=5"
 10FAIL Cookie with %x6 in value is rejected. assert_equals: The cookie was rejected. expected "" but got "test=6"
 11FAIL Cookie with %x7 in value is rejected. assert_equals: The cookie was rejected. expected "" but got "test=7"
 12FAIL Cookie with %x8 in value is rejected. assert_equals: The cookie was rejected. expected "" but got "test=8"
 13FAIL Cookie with %x9 in value is rejected. assert_equals: The cookie was rejected. expected "" but got "test=9\tvalue"
 14FAIL Cookie with %xb in value is rejected. assert_equals: The cookie was rejected. expected "" but got "test=11"
 15FAIL Cookie with %xc in value is rejected. assert_equals: The cookie was rejected. expected "" but got "test=12"
 16FAIL Cookie with %xe in value is rejected. assert_equals: The cookie was rejected. expected "" but got "test=14"
 17FAIL Cookie with %xf in value is rejected. assert_equals: The cookie was rejected. expected "" but got "test=15"
 18FAIL Cookie with %x10 in value is rejected. assert_equals: The cookie was rejected. expected "" but got "test=16"
 19FAIL Cookie with %x11 in value is rejected. assert_equals: The cookie was rejected. expected "" but got "test=17"
 20FAIL Cookie with %x12 in value is rejected. assert_equals: The cookie was rejected. expected "" but got "test=18"
 21FAIL Cookie with %x13 in value is rejected. assert_equals: The cookie was rejected. expected "" but got "test=19"
 22FAIL Cookie with %x14 in value is rejected. assert_equals: The cookie was rejected. expected "" but got "test=20"
 23FAIL Cookie with %x15 in value is rejected. assert_equals: The cookie was rejected. expected "" but got "test=21"
 24FAIL Cookie with %x16 in value is rejected. assert_equals: The cookie was rejected. expected "" but got "test=22"
 25FAIL Cookie with %x17 in value is rejected. assert_equals: The cookie was rejected. expected "" but got "test=23"
 26FAIL Cookie with %x18 in value is rejected. assert_equals: The cookie was rejected. expected "" but got "test=24"
 27FAIL Cookie with %x19 in value is rejected. assert_equals: The cookie was rejected. expected "" but got "test=25"
 28FAIL Cookie with %x1a in value is rejected. assert_equals: The cookie was rejected. expected "" but got "test=26"
 29FAIL Cookie with %x1b in value is rejected. assert_equals: The cookie was rejected. expected "" but got "test=27"
 30FAIL Cookie with %x1c in value is rejected. assert_equals: The cookie was rejected. expected "" but got "test=28"
 31FAIL Cookie with %x1d in value is rejected. assert_equals: The cookie was rejected. expected "" but got "test=29"
 32FAIL Cookie with %x1e in value is rejected. assert_equals: The cookie was rejected. expected "" but got "test=30"
 33FAIL Cookie with %x1f in value is rejected. assert_equals: The cookie was rejected. expected "" but got "test=31"
 34FAIL Cookie with %x7f in value is rejected. assert_equals: The cookie was rejected. expected "" but got "test=127"
 35PASS Cookie with %x1 after %x0 in value is truncated.
 36PASS Cookie with %x2 after %x0 in value is truncated.
 37PASS Cookie with %x3 after %x0 in value is truncated.
 38PASS Cookie with %x4 after %x0 in value is truncated.
 39PASS Cookie with %x5 after %x0 in value is truncated.
 40PASS Cookie with %x6 after %x0 in value is truncated.
 41PASS Cookie with %x7 after %x0 in value is truncated.
 42PASS Cookie with %x8 after %x0 in value is truncated.
 43PASS Cookie with %x9 after %x0 in value is truncated.
 44PASS Cookie with %xb after %x0 in value is truncated.
 45PASS Cookie with %xc after %x0 in value is truncated.
 46PASS Cookie with %xe after %x0 in value is truncated.
 47PASS Cookie with %xf after %x0 in value is truncated.
 48PASS Cookie with %x10 after %x0 in value is truncated.
 49PASS Cookie with %x11 after %x0 in value is truncated.
 50PASS Cookie with %x12 after %x0 in value is truncated.
 51PASS Cookie with %x13 after %x0 in value is truncated.
 52PASS Cookie with %x14 after %x0 in value is truncated.
 53PASS Cookie with %x15 after %x0 in value is truncated.
 54PASS Cookie with %x16 after %x0 in value is truncated.
 55PASS Cookie with %x17 after %x0 in value is truncated.
 56PASS Cookie with %x18 after %x0 in value is truncated.
 57PASS Cookie with %x19 after %x0 in value is truncated.
 58PASS Cookie with %x1a after %x0 in value is truncated.
 59PASS Cookie with %x1b after %x0 in value is truncated.
 60PASS Cookie with %x1c after %x0 in value is truncated.
 61PASS Cookie with %x1d after %x0 in value is truncated.
 62PASS Cookie with %x1e after %x0 in value is truncated.
 63PASS Cookie with %x1f after %x0 in value is truncated.
 64PASS Cookie with %x7f after %x0 in value is truncated.
 65PASS Cookie with %x1 after %xa in value is truncated.
 66PASS Cookie with %x2 after %xa in value is truncated.
 67PASS Cookie with %x3 after %xa in value is truncated.
 68PASS Cookie with %x4 after %xa in value is truncated.
 69PASS Cookie with %x5 after %xa in value is truncated.
 70PASS Cookie with %x6 after %xa in value is truncated.
 71PASS Cookie with %x7 after %xa in value is truncated.
 72PASS Cookie with %x8 after %xa in value is truncated.
 73PASS Cookie with %x9 after %xa in value is truncated.
 74PASS Cookie with %xb after %xa in value is truncated.
 75PASS Cookie with %xc after %xa in value is truncated.
 76PASS Cookie with %xe after %xa in value is truncated.
 77PASS Cookie with %xf after %xa in value is truncated.
 78PASS Cookie with %x10 after %xa in value is truncated.
 79PASS Cookie with %x11 after %xa in value is truncated.
 80PASS Cookie with %x12 after %xa in value is truncated.
 81PASS Cookie with %x13 after %xa in value is truncated.
 82PASS Cookie with %x14 after %xa in value is truncated.
 83PASS Cookie with %x15 after %xa in value is truncated.
 84PASS Cookie with %x16 after %xa in value is truncated.
 85PASS Cookie with %x17 after %xa in value is truncated.
 86PASS Cookie with %x18 after %xa in value is truncated.
 87PASS Cookie with %x19 after %xa in value is truncated.
 88PASS Cookie with %x1a after %xa in value is truncated.
 89PASS Cookie with %x1b after %xa in value is truncated.
 90PASS Cookie with %x1c after %xa in value is truncated.
 91PASS Cookie with %x1d after %xa in value is truncated.
 92PASS Cookie with %x1e after %xa in value is truncated.
 93PASS Cookie with %x1f after %xa in value is truncated.
 94PASS Cookie with %x7f after %xa in value is truncated.
 95PASS Cookie with %x1 after %xd in value is truncated.
 96PASS Cookie with %x2 after %xd in value is truncated.
 97PASS Cookie with %x3 after %xd in value is truncated.
 98PASS Cookie with %x4 after %xd in value is truncated.
 99PASS Cookie with %x5 after %xd in value is truncated.
 100PASS Cookie with %x6 after %xd in value is truncated.
 101PASS Cookie with %x7 after %xd in value is truncated.
 102PASS Cookie with %x8 after %xd in value is truncated.
 103PASS Cookie with %x9 after %xd in value is truncated.
 104PASS Cookie with %xb after %xd in value is truncated.
 105PASS Cookie with %xc after %xd in value is truncated.
 106PASS Cookie with %xe after %xd in value is truncated.
 107PASS Cookie with %xf after %xd in value is truncated.
 108PASS Cookie with %x10 after %xd in value is truncated.
 109PASS Cookie with %x11 after %xd in value is truncated.
 110PASS Cookie with %x12 after %xd in value is truncated.
 111PASS Cookie with %x13 after %xd in value is truncated.
 112PASS Cookie with %x14 after %xd in value is truncated.
 113PASS Cookie with %x15 after %xd in value is truncated.
 114PASS Cookie with %x16 after %xd in value is truncated.
 115PASS Cookie with %x17 after %xd in value is truncated.
 116PASS Cookie with %x18 after %xd in value is truncated.
 117PASS Cookie with %x19 after %xd in value is truncated.
 118PASS Cookie with %x1a after %xd in value is truncated.
 119PASS Cookie with %x1b after %xd in value is truncated.
 120PASS Cookie with %x1c after %xd in value is truncated.
 121PASS Cookie with %x1d after %xd in value is truncated.
 122PASS Cookie with %x1e after %xd in value is truncated.
 123PASS Cookie with %x1f after %xd in value is truncated.
 124PASS Cookie with %x7f after %xd in value is truncated.
 125

LayoutTests/imported/w3c/web-platform-tests/cookies/value/value-ctl.html

 1<!doctype html>
 2<html>
 3 <head>
 4 <meta charset=utf-8>
 5 <title>Test cookie value parsing with control characters</title>
 6 <meta name=help href="https://tools.ietf.org/html/rfc6265#section-5.2">
 7 <meta name="timeout" content="long">
 8 <script src="/resources/testharness.js"></script>
 9 <script src="/resources/testharnessreport.js"></script>
 10 <script src="/cookies/resources/cookie-test.js"></script>
 11 </head>
 12 <body>
 13 <div id=log></div>
 14 <script>
 15 // Tests for control characters (CTLs) in a cookie's value.
 16 // CTLs are defined by RFC 5234 to be %x00-1F / %x7F.
 17 const {TERMINATING_CTLS, CTLS} = getCtlCharacters();
 18
 19 // Start with a clean slate.
 20 dropAllDomCookies();
 21
 22 // Test that terminating CTLs truncate the cookie string.
 23 for (const ctl of TERMINATING_CTLS) {
 24 domCookieTest(
 25 `test=${ctl.code}${ctl.chr}value`,
 26 `test=${ctl.code}`,
 27 `Cookie with %x${ctl.code.toString(16)} in value is truncated.`);
 28 }
 29
 30 // Test that other CTLs result in cookie rejection.
 31 for (const ctl of CTLS) {
 32 domCookieTest(
 33 `test=${ctl.code}${ctl.chr}value`,
 34 '',
 35 `Cookie with %x${ctl.code.toString(16)} in value is rejected.`);
 36 }
 37
 38 // Test that truncation due to terminating CTLs occurs first.
 39 for (const termCtl of TERMINATING_CTLS) {
 40 for (const ctl of CTLS) {
 41 domCookieTest(
 42 `test=${ctl.code}term${termCtl.chr}va${ctl.chr}lue`,
 43 `test=${ctl.code}term`,
 44 `Cookie with %x${ctl.code.toString(16)} after ` +
 45 `%x${termCtl.code.toString(16)} in value is truncated.`);
 46 }
 47 }
 48 </script>
 49 </body>
 50</html>

LayoutTests/imported/w3c/web-platform-tests/cookies/value/value-expected.txt

 1
 2FAIL Set value containing a comma assert_equals: The cookie was set as expected. expected "test=1, baz=qux" but got "test=1,baz=qux"
 3PASS Set quoted value containing a comma
 4FAIL Ignore values after semicolon assert_equals: The cookie was set as expected. expected "test=\"3zz" but got "test=\"3zz;pp\""
 5PASS Ingore whitespace at the end of value
 6PASS Set value including quotes and whitespace up until semicolon
 7PASS Set value with a single quote excluding whitespace
 8FAIL Set nameless cookie to its value assert_equals: The cookie was set as expected. expected "test7" but got ""
 9FAIL Set nameless cookie to its value with an escaped quote assert_equals: The cookie was set as expected. expected "\"test8\"HHH\"" but got ""
 10PASS Set value with unbalanced leading quote
 11FAIL Set nameless cookie followed by '=' to its value assert_equals: The cookie was set as expected. expected "test10" but got ""
 12PASS Set cookie with large value ( = 4kb)
 13PASS Ignore cookie with large value ( > 4kb)
 14PASS Set cookie but ignore value after LF
 15PASS Set cookie ignoring whitespace after value endquote
 16PASS Ignore whitespace and ; after value
 17PASS Ignore whitespace preceding value
 18PASS Set cookie with quotes in value
 19PASS Set cookie keeping whitespace inside quoted value
 20FAIL Set cookie value ignoring characters after semicolon assert_equals: The cookie was set as expected. expected "test=\"19" but got "test=\"19;wow\""
 21PASS Set cookie with another = inside quoted value
 22PASS Set cookie ignoring whitespace surrounding value and characters after first semicolon
 23FAIL Set valueless cookie, given `Set-Cookie: test22=` assert_equals: The cookie was set as expected. expected "testA=22; test22=; testB=22" but got "test22=; testA=22; testB=22"
 24FAIL URL-encoded cookie value is not decoded assert_equals: The cookie was set as expected. expected "test=%32%33" but got "test=%32%33; test22=; testA=22; testB=22"
 25

LayoutTests/imported/w3c/web-platform-tests/cookies/value/value.html

 1<!doctype html>
 2<html>
 3 <head>
 4 <meta charset=utf-8>
 5 <title>Test cookie value parsing</title>
 6 <meta name=help href="https://tools.ietf.org/html/rfc6265#section-5.2">
 7 <meta name="timeout" content="long">
 8 <script src="/resources/testharness.js"></script>
 9 <script src="/resources/testharnessreport.js"></script>
 10 <script src="/cookies/resources/cookie-test.js"></script>
 11 </head>
 12 <body>
 13 <div id=log></div>
 14 <script>
 15 // TODO: there is more to test here, these tests capture the old
 16 // ported http-state tests. Feel free to delete this comment when more
 17 // are added, or these are split up into logical groups.
 18 const valueTests = [
 19 {
 20 cookie: "test=1, baz=qux",
 21 expected: "test=1, baz=qux",
 22 name: "Set value containing a comma",
 23 },
 24 {
 25 cookie: 'test="2, baz=qux"',
 26 expected: 'test="2, baz=qux"',
 27 name: "Set quoted value containing a comma",
 28 },
 29 {
 30 cookie: 'test="3zz;pp" ; ;',
 31 expected: 'test="3zz',
 32 name: "Ignore values after semicolon",
 33 },
 34 {
 35 cookie: 'test="4zz ;',
 36 expected: 'test="4zz',
 37 name: "Ingore whitespace at the end of value",
 38 },
 39 {
 40 cookie: 'test="5zzz " "ppp" ;',
 41 expected: 'test="5zzz " "ppp"',
 42 name: "Set value including quotes and whitespace up until semicolon",
 43 },
 44 {
 45 cookie: 'test=6A"B ;',
 46 expected: 'test=6A"B',
 47 name: "Set value with a single quote excluding whitespace"
 48 },
 49 {
 50 cookie: "test7",
 51 expected: "test7",
 52 name: "Set nameless cookie to its value",
 53 },
 54 {
 55 cookie: '"test8\"HHH"',
 56 expected: '"test8\"HHH"',
 57 name: "Set nameless cookie to its value with an escaped quote",
 58 },
 59 {
 60 cookie: 'test="9',
 61 expected: 'test="9',
 62 name: "Set value with unbalanced leading quote",
 63 },
 64 {
 65 cookie: "=test10",
 66 expected: "test10",
 67 name: "Set nameless cookie followed by '=' to its value",
 68 },
 69 {
 70 // 7 + 4089 = 4096
 71 cookie: `test=11${"a".repeat(4089)}`,
 72 expected: `test=11${"a".repeat(4089)}`,
 73 name: "Set cookie with large value ( = 4kb)",
 74 },
 75 {
 76 // 7 + 4091 = 4098
 77 // Note: Chrome includes = in its length, Firefox does not
 78 // For now, make this 4098 until the spec clarifies:
 79 // https://github.com/httpwg/http-extensions/issues/1340
 80 cookie: `test=12${"a".repeat(4091)}`,
 81 expected: "",
 82 name: "Ignore cookie with large value ( > 4kb)",
 83 },
 84 {
 85 cookie: `test=13\nZYX`,
 86 expected: "test=13",
 87 name: "Set cookie but ignore value after LF",
 88 },
 89 {
 90 cookie: 'test="14 " ;',
 91 expected: 'test="14 "',
 92 name: "Set cookie ignoring whitespace after value endquote",
 93 },
 94 {
 95 cookie: "test=15 ;",
 96 expected: "test=15",
 97 name: "Ignore whitespace and ; after value",
 98 },
 99 {
 100 cookie: "test= 16",
 101 expected: "test=16",
 102 name: "Ignore whitespace preceding value",
 103 },
 104 {
 105 cookie: 'test="17"',
 106 expected: 'test="17"',
 107 name: "Set cookie with quotes in value",
 108 },
 109 {
 110 cookie: 'test=" 18 "',
 111 expected: 'test=" 18 "',
 112 name: "Set cookie keeping whitespace inside quoted value",
 113 },
 114 {
 115 cookie: 'test="19;wow"',
 116 expected: 'test="19',
 117 name: "Set cookie value ignoring characters after semicolon",
 118 },
 119 {
 120 cookie: 'test="20=20"',
 121 expected: 'test="20=20"',
 122 name: "Set cookie with another = inside quoted value",
 123 },
 124 {
 125 cookie: "test = 21 ; ttt",
 126 expected: "test=21",
 127 name: "Set cookie ignoring whitespace surrounding value and characters after first semicolon",
 128 },
 129 {
 130 cookie: ["testA=22", "test22=", "testB=22"],
 131 expected: "testA=22; test22=; testB=22",
 132 name: "Set valueless cookie, given `Set-Cookie: test22=`",
 133 },
 134 {
 135 cookie: "test=%32%33",
 136 expected: "test=%32%33",
 137 name: "URL-encoded cookie value is not decoded",
 138 },
 139 ];
 140
 141 for (const test of valueTests) {
 142 httpCookieTest(test.cookie, test.expected, test.name, test.defaultPath);
 143 }
 144 </script>
 145 </body>
 146</html>

LayoutTests/imported/w3c/web-platform-tests/cookies/value/w3c-import.log

 1The tests in this directory were imported from the W3C repository.
 2Do NOT modify these tests directly in WebKit.
 3Instead, create a pull request on the WPT github:
 4 https://github.com/web-platform-tests/wpt
 5
 6Then run the Tools/Scripts/import-w3c-tests in WebKit to reimport
 7
 8Do NOT modify or remove this file.
 9
 10------------------------------------------------------------------------
 11Properties requiring vendor prefixes:
 12None
 13Property values requiring vendor prefixes:
 14None
 15------------------------------------------------------------------------
 16List of files:
 17/LayoutTests/imported/w3c/web-platform-tests/cookies/value/value-ctl.html
 18/LayoutTests/imported/w3c/web-platform-tests/cookies/value/value.html

LayoutTests/imported/w3c/web-platform-tests/cookies/w3c-import.log

 1The tests in this directory were imported from the W3C repository.
 2Do NOT modify these tests directly in WebKit.
 3Instead, create a pull request on the WPT github:
 4 https://github.com/web-platform-tests/wpt
 5
 6Then run the Tools/Scripts/import-w3c-tests in WebKit to reimport
 7
 8Do NOT modify or remove this file.
 9
 10------------------------------------------------------------------------
 11Properties requiring vendor prefixes:
 12None
 13Property values requiring vendor prefixes:
 14None
 15------------------------------------------------------------------------
 16List of files:
 17/LayoutTests/imported/w3c/web-platform-tests/cookies/META.yml
 18/LayoutTests/imported/w3c/web-platform-tests/cookies/README.md
 19/LayoutTests/imported/w3c/web-platform-tests/cookies/cookie-enabled-noncookie-frame.html
 20/LayoutTests/imported/w3c/web-platform-tests/cookies/meta-blocked.html
 21/LayoutTests/imported/w3c/web-platform-tests/cookies/navigated-away.html

LayoutTests/tests-options.json

614614 "imported/w3c/web-platform-tests/content-security-policy/style-src/style-src-multiple-policies-multiple-hashing-algorithms.html": [
615615 "slow"
616616 ],
 617 "imported/w3c/web-platform-tests/cookies/attributes/domain.sub.html": [
 618 "slow"
 619 ],
 620 "imported/w3c/web-platform-tests/cookies/attributes/expires.html": [
 621 "slow"
 622 ],
 623 "imported/w3c/web-platform-tests/cookies/attributes/invalid.html": [
 624 "slow"
 625 ],
 626 "imported/w3c/web-platform-tests/cookies/attributes/max-age.html": [
 627 "slow"
 628 ],
 629 "imported/w3c/web-platform-tests/cookies/attributes/path-redirect.html": [
 630 "slow"
 631 ],
 632 "imported/w3c/web-platform-tests/cookies/attributes/path.html": [
 633 "slow"
 634 ],
 635 "imported/w3c/web-platform-tests/cookies/attributes/resources/domain-child.sub.html": [
 636 "slow"
 637 ],
 638 "imported/w3c/web-platform-tests/cookies/attributes/resources/secure-non-secure-child.html": [
 639 "slow"
 640 ],
 641 "imported/w3c/web-platform-tests/cookies/attributes/secure-non-secure.html": [
 642 "slow"
 643 ],
 644 "imported/w3c/web-platform-tests/cookies/attributes/secure.https.html": [
 645 "slow"
 646 ],
 647 "imported/w3c/web-platform-tests/cookies/encoding/charset.html": [
 648 "slow"
 649 ],
 650 "imported/w3c/web-platform-tests/cookies/name/name-ctl.html": [
 651 "slow"
 652 ],
 653 "imported/w3c/web-platform-tests/cookies/name/name.html": [
 654 "slow"
 655 ],
 656 "imported/w3c/web-platform-tests/cookies/ordering/ordering.sub.html": [
 657 "slow"
 658 ],
 659 "imported/w3c/web-platform-tests/cookies/ordering/resources/ordering-child.sub.html": [
 660 "slow"
 661 ],
 662 "imported/w3c/web-platform-tests/cookies/path/match.html": [
 663 "slow"
 664 ],
 665 "imported/w3c/web-platform-tests/cookies/samesite-none-secure/cookies-without-samesite-must-be-secure.https.tentative.html": [
 666 "slow"
 667 ],
 668 "imported/w3c/web-platform-tests/cookies/samesite/fetch.https.html": [
 669 "slow"
 670 ],
 671 "imported/w3c/web-platform-tests/cookies/samesite/form-get-blank.https.html": [
 672 "slow"
 673 ],
 674 "imported/w3c/web-platform-tests/cookies/samesite/form-post-blank.https.html": [
 675 "slow"
 676 ],
 677 "imported/w3c/web-platform-tests/cookies/samesite/iframe-reload.https.html": [
 678 "slow"
 679 ],
 680 "imported/w3c/web-platform-tests/cookies/samesite/iframe.document.https.html": [
 681 "slow"
 682 ],
 683 "imported/w3c/web-platform-tests/cookies/samesite/iframe.https.html": [
 684 "slow"
 685 ],
 686 "imported/w3c/web-platform-tests/cookies/samesite/img.https.html": [
 687 "slow"
 688 ],
 689 "imported/w3c/web-platform-tests/cookies/samesite/multiple-samesite-attributes.https.html": [
 690 "slow"
 691 ],
 692 "imported/w3c/web-platform-tests/cookies/samesite/setcookie-navigation.https.html": [
 693 "slow"
 694 ],
 695 "imported/w3c/web-platform-tests/cookies/samesite/window-open.https.html": [
 696 "slow"
 697 ],
 698 "imported/w3c/web-platform-tests/cookies/schemeful-same-site/schemeful-navigation.tentative.html": [
 699 "slow"
 700 ],
 701 "imported/w3c/web-platform-tests/cookies/schemeful-same-site/schemeful-subresource.tentative.html": [
 702 "slow"
 703 ],
 704 "imported/w3c/web-platform-tests/cookies/value/value-ctl.html": [
 705 "slow"
 706 ],
 707 "imported/w3c/web-platform-tests/cookies/value/value.html": [
 708 "slow"
 709 ],
617710 "imported/w3c/web-platform-tests/cors/304.htm": [
618711 "slow"
619712 ],