зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1678456
[wpt PR 26578] - Rewrite /wpt/cookies/http-state/attribute.html tests, a=testonly
Automatic update from web-platform-tests Rewrite /wpt/cookies/http-state/attribute.html tests This is the first of a handful of CLs rewriting the legacy tests in the ported wpt http-state tests. The plan is to continue to refine and refactor and eventually rewrite (or delete) them all. Bug: 1145300 Change-Id: I8a50939f4e2c95c1293ba5423577693ab2a10d9a Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2550362 Commit-Queue: Mike Taylor <miketaylr@chromium.org> Auto-Submit: Mike Taylor <miketaylr@chromium.org> Reviewed-by: Lily Chen <chlily@chromium.org> Cr-Commit-Position: refs/heads/master@{#830803} -- wpt-commits: 20b20fa3c84321b27afdc56890015ddb14f3ecd2 wpt-pr: 26578
This commit is contained in:
Родитель
c8c500b1ca
Коммит
10df516ee8
|
@ -0,0 +1,80 @@
|
|||
<!doctype html>
|
||||
<html>
|
||||
<head>
|
||||
<meta charset=utf-8>
|
||||
<title>Test invalid attribute parsing</title>
|
||||
<meta name=help href="https://tools.ietf.org/html/rfc6265#section-5.2">
|
||||
<meta name="timeout" content="long">
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
<script src="/cookies/resources/cookie-helper.sub.js"></script>
|
||||
</head>
|
||||
<body>
|
||||
<div id=log></div>
|
||||
<script>
|
||||
// These tests ensure that invalid attributes don't affect
|
||||
// cookie parsing. `Path` isn't important to the tests where it appears,
|
||||
// but it's used to be able to place the invalid attribute in different
|
||||
// locations.
|
||||
const invalidAttributeTests = [
|
||||
{
|
||||
cookie: "test=1; lol; Path=/",
|
||||
expected: "test=1",
|
||||
name: "Set cookie with invalid attribute"
|
||||
},
|
||||
{
|
||||
cookie: "test=2; Path=/; lol",
|
||||
expected: "test=2",
|
||||
name: "Set cookie ending with invalid attribute."
|
||||
},
|
||||
{
|
||||
cookie: "test=3; Path=/; 'lol'",
|
||||
expected: "test=3",
|
||||
name: "Set cookie ending with quoted invalid attribute."
|
||||
},
|
||||
{
|
||||
cookie: 'test=4; Path=/; "lol"',
|
||||
expected: "test=4",
|
||||
name: "Set cookie ending with double-quoted invalid attribute."
|
||||
},
|
||||
{
|
||||
cookie: "test=5; Path=/; lol=",
|
||||
expected: "test=5",
|
||||
name: "Set cookie ending with invalid attribute equals."
|
||||
},
|
||||
{
|
||||
cookie: 'test=6; lol="aaa;bbb"; Path=/',
|
||||
expected: "test=6",
|
||||
name: "Set cookie with two invalid attributes (lol=\"aaa and bbb)."
|
||||
},
|
||||
{
|
||||
cookie: 'test=7; Path=/; lol="aaa;bbb"',
|
||||
expected: "test=7",
|
||||
name: "Set cookie ending with two invalid attributes (lol=\"aaa and bbb)."
|
||||
},
|
||||
{
|
||||
cookie: 'test=8; "Secure"',
|
||||
expected: "test=8",
|
||||
// This gets parsed as an unrecognized \"Secure\" attribute, not a valid
|
||||
// Secure attribute. That's why it gets set on an non-secure origin.
|
||||
name: "Set cookie for quoted Secure attribute",
|
||||
defaultPath: true
|
||||
},
|
||||
{
|
||||
cookie: "test=9; Secure qux",
|
||||
expected: "test=9",
|
||||
// This should be parsed as an unrecognized "Secure qux" attribute
|
||||
// and ignored. That is, the cookie will not be Secure.
|
||||
name: "Set cookie for Secure qux",
|
||||
defaultPath: true
|
||||
},
|
||||
];
|
||||
|
||||
for (const test of invalidAttributeTests) {
|
||||
promise_test(async testCase => {
|
||||
await runCookieTest(test.cookie, test.expected, test.defaultPath);
|
||||
}, test.name);
|
||||
}
|
||||
</script>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,76 @@
|
|||
<!doctype html>
|
||||
<html>
|
||||
<head>
|
||||
<meta charset=utf-8>
|
||||
<title>Test cookie path attribute parsing</title>
|
||||
<meta name=help href="https://tools.ietf.org/html/rfc6265#section-5.2.4">
|
||||
<meta name="timeout" content="long">
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
<script src="/cookies/resources/cookie-helper.sub.js"></script>
|
||||
</head>
|
||||
<body>
|
||||
<script>
|
||||
const pathTests = [
|
||||
{
|
||||
cookie: "test=1; Path",
|
||||
expected: "test=1",
|
||||
name: "Set cookie for bare Path",
|
||||
defaultPath: true
|
||||
},
|
||||
{
|
||||
cookie: "test=2; Path=",
|
||||
expected: "test=2",
|
||||
name: "Set cookie for Path=",
|
||||
defaultPath: true
|
||||
},
|
||||
{
|
||||
cookie: "test=3; Path=/",
|
||||
expected: "test=3",
|
||||
name: "Set cookie for Path=/"
|
||||
},
|
||||
{
|
||||
cookie: "test=4; Path=/qux",
|
||||
expected: "",
|
||||
name: "No cookie returned for mismatched path"
|
||||
},
|
||||
{
|
||||
cookie: "test=5; Path =/qux",
|
||||
expected: "",
|
||||
name: "No cookie returned for path space equals mismatched path"
|
||||
},
|
||||
{
|
||||
cookie: "test=6; Path= /qux",
|
||||
expected: "",
|
||||
name: "No cookie returned for path equals space mismatched path"
|
||||
},
|
||||
{
|
||||
cookie: "test=7; Path=/qux ; taz",
|
||||
expected: "",
|
||||
name: "No cookie returned for mismatched path and attribute"
|
||||
},
|
||||
{
|
||||
cookie: "test=8; Path=/qux; Path=/",
|
||||
expected: "test=8",
|
||||
name: "Set cookie for mismatched and root path"
|
||||
},
|
||||
{
|
||||
cookie: "test=9; Path=/; Path=/qux",
|
||||
expected: "",
|
||||
name: "No cookie returned for root and mismatched path"
|
||||
},
|
||||
{
|
||||
cookie: "test=10; Path=/lol; Path=/qux",
|
||||
expected: "",
|
||||
name: "No cookie returned for multiple mismatched paths"
|
||||
},
|
||||
];
|
||||
|
||||
for (const test of pathTests) {
|
||||
promise_test(async testCase => {
|
||||
await runCookieTest(test.cookie, test.expected, test.defaultPath);
|
||||
}, test.name);
|
||||
}
|
||||
</script>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,75 @@
|
|||
<!doctype html>
|
||||
<html>
|
||||
<head>
|
||||
<meta charset=utf-8>
|
||||
<title>Test cookie secure attribute parsing (on non-secure page)</title>
|
||||
<meta name=help href="https://tools.ietf.org/html/rfc6265#section-5.2.5">
|
||||
<meta name="timeout" content="long">
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/cookies/resources/cookie-helper.sub.js"></script>
|
||||
</head>
|
||||
<body>
|
||||
<script>
|
||||
// These tests are the non-secure analog to secure.https.html.
|
||||
// They're not in the /cookies/attributes folder because they shouldn't
|
||||
// be run by themselves. Instead, /cookies/attributes/secure.https.html
|
||||
// opens this in a non-secure window.
|
||||
const secureNonSecureTests = [
|
||||
{
|
||||
cookie: "test=1; Secure",
|
||||
expected: "",
|
||||
name: "(non-secure) Ignore cookie for Secure attribute",
|
||||
defaultPath: true
|
||||
},
|
||||
{
|
||||
cookie: "test=2; seCURe",
|
||||
expected: "",
|
||||
name: "(non-secure) Ignore cookie for seCURe attribute",
|
||||
defaultPath: true
|
||||
},
|
||||
{
|
||||
cookie: "test=3; Secure=",
|
||||
expected: "",
|
||||
name: "(non-secure) Ignore cookie for for Secure= attribute",
|
||||
defaultPath: true
|
||||
},
|
||||
{
|
||||
cookie: "test=4; Secure=aaaa",
|
||||
expected: "",
|
||||
name: "(non-secure) Ignore cookie for Secure=aaaa",
|
||||
defaultPath: true
|
||||
},
|
||||
{
|
||||
cookie: "test=5; Secure =aaaaa",
|
||||
expected: "",
|
||||
name: "(non-secure) Ignore cookie for Secure space equals",
|
||||
defaultPath: true
|
||||
},
|
||||
{
|
||||
cookie: "test=6; Secure= aaaaa",
|
||||
expected: "",
|
||||
name: "(non-secure) Ignore cookie for Secure equals space",
|
||||
defaultPath: true
|
||||
},
|
||||
{
|
||||
cookie: "test=7; Secure",
|
||||
expected: "",
|
||||
name: "(non-secure) Ignore cookie for spaced Secure",
|
||||
defaultPath: true
|
||||
},
|
||||
{
|
||||
cookie: "test=8; Secure ;",
|
||||
expected: "",
|
||||
name: "(non-secure) Ignore cookie for space Secure with ;",
|
||||
defaultPath: true
|
||||
}
|
||||
];
|
||||
|
||||
for (const test of secureNonSecureTests) {
|
||||
promise_test(async testCase => {
|
||||
await runCookieTest(test.cookie, test.expected, test.defaultPath);
|
||||
}, test.name);
|
||||
}
|
||||
</script>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,21 @@
|
|||
<!doctype html>
|
||||
<html>
|
||||
<head>
|
||||
<meta charset=utf-8>
|
||||
<title>Test cookie secure attribute parsing (non-secure origin)</title>
|
||||
<meta name=help href="https://tools.ietf.org/html/rfc6265#section-5.2.5">
|
||||
<meta name="timeout" content="long">
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
<script src="/cookies/resources/cookie-helper.sub.js"></script>
|
||||
</head>
|
||||
<body>
|
||||
<div id=log></div>
|
||||
<script>
|
||||
test(t => {
|
||||
const win = window.open(`${INSECURE_ORIGIN}/cookies/attributes/resources/secure-non-secure-child.html`);
|
||||
fetch_tests_from_window(win);
|
||||
});
|
||||
</script>
|
||||
</body>
|
||||
</html>
|
|
@ -0,0 +1,73 @@
|
|||
<!doctype html>
|
||||
<html>
|
||||
<head>
|
||||
<meta charset=utf-8>
|
||||
<title>Test cookie secure attribute parsing</title>
|
||||
<meta name=help href="https://tools.ietf.org/html/rfc6265#section-5.2.5">
|
||||
<meta name="timeout" content="long">
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
<script src="/cookies/resources/cookie-helper.sub.js"></script>
|
||||
</head>
|
||||
<body>
|
||||
<div id=log></div>
|
||||
<script>
|
||||
const secureTests = [
|
||||
{
|
||||
cookie: "test=1; Secure",
|
||||
expected: "test=1",
|
||||
name: "Set cookie for Secure attribute",
|
||||
defaultPath: true
|
||||
},
|
||||
{
|
||||
cookie: "test=2; seCURe",
|
||||
expected: "test=2",
|
||||
name: "Set cookie for seCURe attribute",
|
||||
defaultPath: true
|
||||
},
|
||||
{
|
||||
cookie: "test=3; Secure=",
|
||||
expected: "test=3",
|
||||
name: "Set cookie for for Secure= attribute",
|
||||
defaultPath: true
|
||||
},
|
||||
{
|
||||
cookie: "test=4; Secure=aaaa",
|
||||
expected: "test=4",
|
||||
name: "Set cookie for Secure=aaaa",
|
||||
defaultPath: true
|
||||
},
|
||||
{
|
||||
cookie: "test=5; Secure =aaaaa",
|
||||
expected: "test=5",
|
||||
name: "Set cookie for Secure space equals",
|
||||
defaultPath: true
|
||||
},
|
||||
{
|
||||
cookie: "test=6; Secure= aaaaa",
|
||||
expected: "test=6",
|
||||
name: "Set cookie for Secure equals space",
|
||||
defaultPath: true
|
||||
},
|
||||
{
|
||||
cookie: "test=7; Secure",
|
||||
expected: "test=7",
|
||||
name: "Set cookie for spaced Secure",
|
||||
defaultPath: true
|
||||
},
|
||||
{
|
||||
cookie: "test=8; Secure ;",
|
||||
expected: "test=8",
|
||||
name: "Set cookie for space Secure with ;",
|
||||
defaultPath: true
|
||||
}
|
||||
];
|
||||
|
||||
for (const test of secureTests) {
|
||||
promise_test(async testCase => {
|
||||
await runCookieTest(test.cookie, test.expected, test.defaultPath);
|
||||
}, test.name);
|
||||
}
|
||||
</script>
|
||||
</body>
|
||||
</html>
|
|
@ -1,56 +0,0 @@
|
|||
<!doctype html>
|
||||
<html>
|
||||
<head>
|
||||
<meta charset=utf-8>
|
||||
<title>Tests cookie attribute functionality</title>
|
||||
<meta name=help href="https://tools.ietf.org/html/rfc6265#page-8">
|
||||
<meta name="timeout" content="long">
|
||||
|
||||
<script src="/resources/testharness.js"></script>
|
||||
<script src="/resources/testharnessreport.js"></script>
|
||||
<script src="resources/cookie-http-state-template.js"></script>
|
||||
</head>
|
||||
<body>
|
||||
<div id="log"></div>
|
||||
<div id="iframes"></div>
|
||||
<script>
|
||||
setup({ explicit_timeout: true });
|
||||
|
||||
const TEST_CASES = [
|
||||
{file: "attribute0001", name: "Ignore cookie for Secure attribute."},
|
||||
{file: "attribute0002", name: "Ignore cookie for seCURe attribute."},
|
||||
{file: "attribute0003", name: "Set cookie for \"Secure\" attribute."},
|
||||
{file: "attribute0004", name: "Ignore cookie for for Secure= attribute."},
|
||||
{file: "attribute0005", name: "Ignore cookie for Secure=aaaa"},
|
||||
{file: "attribute0006", name: "Set cookie for Secure qux"},
|
||||
{file: "attribute0007", name: "Ignore cookie for Secure space equals."},
|
||||
{file: "attribute0008", name: "Ignore cookie for Secure equals space"},
|
||||
{file: "attribute0009", name: "Ignore cookie for Secure separated."},
|
||||
{file: "attribute0010", name: "Ignore cookie for Secure separated v2."},
|
||||
{file: "attribute0011", name: "Ignore cookie for Secure separated v2."},
|
||||
{file: "attribute0012", name: "Ignore cookie for spaced Secure"},
|
||||
{file: "attribute0013", name: "Ignore cookie for space Secure with ;."},
|
||||
{file: "attribute0014", name: "Set cookie for Path."},
|
||||
{file: "attribute0015", name: "Set cookie for Path=."},
|
||||
{file: "attribute0016", name: "Set cookie for Path=/."},
|
||||
{file: "attribute0017", name: "Ignore cookie for invalid path."},
|
||||
{file: "attribute0018", name: "Ignore cookie for spaced invalid path."},
|
||||
{file: "attribute0019", name: "Ignore cookie for spaced invalid path v2."},
|
||||
{file: "attribute0020", name: "Ignore cookie for invalid path and attribute."},
|
||||
{file: "attribute0021", name: "Ignore cookie for invalid and root path."},
|
||||
{file: "attribute0022", name: "Set cookie for root and invalid path."},
|
||||
{file: "attribute0023", name: "Set cookie for invalid and sane path."},
|
||||
{file: "attribute0024", name: "Ignore cookie for sane and invalid path."},
|
||||
{file: "attribute0025", name: "Ignore cookie for invalid + Secure."},
|
||||
{file: "attribute0026", name: "Ignore cookie for quoted invalid attribute."},
|
||||
];
|
||||
|
||||
for (const i in TEST_CASES) {
|
||||
const t = TEST_CASES[i];
|
||||
promise_test(createCookieTest(t.file),
|
||||
t.file + " - " + t.name);
|
||||
}
|
||||
|
||||
</script>
|
||||
</body>
|
||||
</html>
|
|
@ -1 +0,0 @@
|
|||
Set-Cookie: foo=bar; Secure
|
|
@ -1 +0,0 @@
|
|||
Set-Cookie: foo=bar; seCURe
|
|
@ -1 +0,0 @@
|
|||
Cookie: foo=bar
|
|
@ -1 +0,0 @@
|
|||
Set-Cookie: foo=bar; "Secure"
|
|
@ -1 +0,0 @@
|
|||
Set-Cookie: foo=bar; Secure=
|
|
@ -1 +0,0 @@
|
|||
Set-Cookie: foo=bar; Secure=aaaa
|
|
@ -1 +0,0 @@
|
|||
Cookie: foo=bar
|
|
@ -1 +0,0 @@
|
|||
Set-Cookie: foo=bar; Secure qux
|
|
@ -1 +0,0 @@
|
|||
Set-Cookie: foo=bar; Secure =aaaaa
|
|
@ -1 +0,0 @@
|
|||
Set-Cookie: foo=bar; Secure= aaaaa
|
|
@ -1 +0,0 @@
|
|||
Set-Cookie: foo=bar; Secure; qux
|
|
@ -1 +0,0 @@
|
|||
Set-Cookie: foo=bar; Secure;qux
|
|
@ -1 +0,0 @@
|
|||
Set-Cookie: foo=bar; Secure ; qux
|
|
@ -1 +0,0 @@
|
|||
Set-Cookie: foo=bar; Secure
|
|
@ -1 +0,0 @@
|
|||
Set-Cookie: foo=bar; Secure ;
|
|
@ -1 +0,0 @@
|
|||
Cookie: foo=bar
|
|
@ -1 +0,0 @@
|
|||
Set-Cookie: foo=bar; Path
|
|
@ -1 +0,0 @@
|
|||
Cookie: foo=bar
|
|
@ -1 +0,0 @@
|
|||
Set-Cookie: foo=bar; Path=
|
|
@ -1 +0,0 @@
|
|||
Cookie: foo=bar
|
|
@ -1 +0,0 @@
|
|||
Set-Cookie: foo=bar; Path=/
|
|
@ -1 +0,0 @@
|
|||
Set-Cookie: foo=bar; Path=/qux
|
|
@ -1 +0,0 @@
|
|||
Set-Cookie: foo=bar; Path =/qux
|
|
@ -1 +0,0 @@
|
|||
Set-Cookie: foo=bar; Path= /qux
|
|
@ -1 +0,0 @@
|
|||
Set-Cookie: foo=bar; Path=/qux ; taz
|
|
@ -1 +0,0 @@
|
|||
Cookie: foo=bar
|
|
@ -1 +0,0 @@
|
|||
Set-Cookie: foo=bar; Path=/qux; Path=/
|
|
@ -1 +0,0 @@
|
|||
Set-Cookie: foo=bar; Path=/; Path=/qux
|
|
@ -1 +0,0 @@
|
|||
Set-Cookie: foo=bar; Path=/qux; Path=/cookie-parser-result
|
|
@ -1 +0,0 @@
|
|||
Set-Cookie: foo=bar; Path=/cookie-parser-result; Path=/qux
|
|
@ -1 +0,0 @@
|
|||
Set-Cookie: foo=bar; qux; Secure
|
|
@ -1 +0,0 @@
|
|||
Set-Cookie: foo=bar; qux="aaa;bbb"; Secure
|
|
@ -309,3 +309,52 @@ function erase_cookie_from_js(name, params) {
|
|||
var re = new RegExp("(?:^|; )" + name);
|
||||
assert_equals(re.test(document.cookie), false, "Sanity check: " + name + " has been deleted.");
|
||||
}
|
||||
|
||||
// getDefaultPathCookies is a helper method to get and delete cookies on the
|
||||
// "default path" (which for these tests will be at `/cookies/resources`),
|
||||
// determined by the path portion of the request-uri.
|
||||
async function getDefaultPathCookies(path = '/cookies/resources') {
|
||||
return new Promise((resolve, reject) => {
|
||||
try {
|
||||
const iframe = document.createElement('iframe');
|
||||
iframe.style = 'display: none';
|
||||
iframe.src = `${path}/echo-cookie.html`;
|
||||
|
||||
iframe.addEventListener('load', (e) => {
|
||||
const win = e.target.contentWindow;
|
||||
const iframeCookies = win.getCookies();
|
||||
win.expireCookie('test', path);
|
||||
resolve(iframeCookies);
|
||||
}, {once: true});
|
||||
|
||||
document.documentElement.appendChild(iframe);
|
||||
} catch (e) {
|
||||
reject(e);
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
// runCookieTest sets a |cookie|, then asserts it was or was not set
|
||||
// via |expectedValue|. Then cleans it up.
|
||||
async function runCookieTest(cookie, expectedValue, defaultPath) {
|
||||
return fetch(`/cookies/resources/cookie.py?set=${encodeURIComponent(cookie)}`)
|
||||
.then(async _ => {
|
||||
let cookies = document.cookie;
|
||||
// for the tests where a Path is set from the request-uri path, we need
|
||||
// to go look for cookies in an iframe at that default path.
|
||||
if (defaultPath) {
|
||||
cookies = await getDefaultPathCookies();
|
||||
}
|
||||
|
||||
if (Boolean(expectedValue)) {
|
||||
assert_equals(
|
||||
cookies, expectedValue, 'The cookie was set as expected.');
|
||||
} else {
|
||||
assert_equals(cookies, expectedValue, 'The cookie was rejected.');
|
||||
}
|
||||
})
|
||||
.then(_ => {
|
||||
return fetch(
|
||||
`/cookies/resources/cookie.py?drop=${encodeURIComponent(cookie)}`);
|
||||
});
|
||||
}
|
||||
|
|
|
@ -0,0 +1,33 @@
|
|||
from cookies.resources.helpers import setNoCacheAndCORSHeaders
|
||||
from wptserve.utils import isomorphic_encode
|
||||
|
||||
def main(request, response):
|
||||
"""Set or drop a cookie via GET params.
|
||||
|
||||
Usage: `/cookie.py?set={cookie}` or `/cookie.py?drop={cookie}`
|
||||
|
||||
The passed-in cookie string should be encoded via encodeURIComponent,
|
||||
otherwise `parse_qsl` will split on any semicolons (used by the Request.GET
|
||||
property getter).
|
||||
|
||||
Note: here we don't use Response.delete_cookie() or similar other methods
|
||||
in this resources directory because there are edge cases that are impossible
|
||||
to express via those APIs, namely a bare (`Path`) or empty Path (`Path=`)
|
||||
attribute. Instead, we pipe through the entire cookie and append `max-age=0`
|
||||
to it.
|
||||
"""
|
||||
headers = setNoCacheAndCORSHeaders(request, response)
|
||||
|
||||
try:
|
||||
if b'drop' in request.GET:
|
||||
cookie = request.GET[b'drop']
|
||||
cookie += "; max-age=0"
|
||||
|
||||
if b'set' in request.GET:
|
||||
cookie = request.GET[b'set']
|
||||
|
||||
headers.append((b'Set-Cookie', isomorphic_encode(cookie)))
|
||||
return headers, b'{"success": true}'
|
||||
except Exception as e:
|
||||
return 500, headers, bytes({'error': '{}'.format(e)})
|
||||
|
|
@ -19,6 +19,7 @@ window.isCookieSet = function (name, path) {
|
|||
window.expireCookie = function (name, path) {
|
||||
document.cookie = name + '=0; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=' + path + ';';
|
||||
};
|
||||
window.getCookies = () => document.cookie;
|
||||
</script>
|
||||
</body>
|
||||
</html>
|
||||
|
|
Загрузка…
Ссылка в новой задаче