Bug 1452496: Test for discarding same-site cookie in cross site context. r=mgoodwin

This commit is contained in:
Christoph Kerschbaumer 2018-04-12 12:53:33 +02:00
Родитель a6f01f147d
Коммит 3117bd6483
3 изменённых файлов: 139 добавлений и 0 удалений

Просмотреть файл

@ -0,0 +1,50 @@
// Custom *.sjs file specifically for the needs of Bug 1452496
// small red image
const IMG_BYTES = atob(
"iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAYAAACNbyblAAAAHElEQVQI12" +
"P4//8/w38GIAXDIBKE0DHxgljNBAAO9TXL0Y4OHwAAAABJRU5ErkJggg==");
const FRAME = `
<!DOCTYPE html>
<html>
<head>
<title>Bug 1452496 - Do not allow same-site cookies in cross site context</title>
</head>
<body>
<script type="application/javascript">
let cookie = document.cookie;
// now reset the cookie for the next test
document.cookie = "myKey=;" + "expires=Thu, 01 Jan 1970 00:00:00 GMT";
window.parent.postMessage({result: cookie}, 'http://mochi.test:8888');
</script>
</body>
</html>`;
function handleRequest(request, response)
{
// avoid confusing cache behaviors
response.setHeader("Cache-Control", "no-cache", false);
if (request.queryString === "setSameSiteCookie") {
response.setHeader("Set-Cookie", "myKey=strictSameSiteCookie; samesite=strict", true);
response.setHeader("Content-Type", "image/png");
response.write(IMG_BYTES);
return;
}
if (request.queryString === "setRegularCookie") {
response.setHeader("Set-Cookie", "myKey=regularCookie;", true);
response.setHeader("Content-Type", "image/png");
response.write(IMG_BYTES);
return;
}
if (request.queryString === "loadFrame") {
response.write(FRAME);
return;
}
// we should never get here, but just in case return something unexpected
response.write("D'oh");
}

Просмотреть файл

@ -10,6 +10,7 @@ support-files =
file_block_subresource_redir_to_data.sjs
file_same_site_cookies_subrequest.sjs
file_same_site_cookies_toplevel_nav.sjs
file_same_site_cookies_cross_origin_context.sjs
[test_contentpolicytype_targeted_link_iframe.html]
[test_nosniff.html]
@ -25,3 +26,4 @@ skip-if = toolkit == 'android'
[test_block_subresource_redir_to_data.html]
[test_same_site_cookies_subrequest.html]
[test_same_site_cookies_toplevel_nav.html]
[test_same_site_cookies_cross_origin_context.html]

Просмотреть файл

@ -0,0 +1,87 @@
<!DOCTYPE HTML>
<html>
<head>
<title>Bug 1452496 - Do not allow same-site cookies in cross site context</title>
<script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body>
<img id="cookieImage">
<iframe id="testframe"></iframe>
<script class="testbody" type="text/javascript">
/*
* Description of the test:
* 1) We load an image from http://example.com which tries to
* a) a same site cookie
* b) a regular cookie
* in the context of http://mochi.test
* 2) We load an iframe from http://example.com and check if the cookie
* is available.
* 3) We observe that:
* (a) same site cookie has been discarded in a cross origin context.
* (b) the regular cookie is available.
*/
SimpleTest.waitForExplicitFinish();
const CROSS_ORIGIN = "http://example.com/";
const PATH = "tests/dom/security/test/general/file_same_site_cookies_cross_origin_context.sjs";
let curTest = 0;
var tests = [
{
description: "regular cookie in cross origin context",
imgSRC: CROSS_ORIGIN + PATH + "?setRegularCookie",
frameSRC: CROSS_ORIGIN + PATH + "?loadFrame",
result: "myKey=regularCookie",
},
{
description: "same-site cookie in cross origin context",
imgSRC: CROSS_ORIGIN + PATH + "?setSameSiteCookie",
frameSRC: CROSS_ORIGIN + PATH + "?loadFrame",
result: "", // no cookie should be set
},
];
window.addEventListener("message", receiveMessage);
function receiveMessage(event) {
is(event.data.result, tests[curTest].result, tests[curTest].description);
curTest += 1;
// // lets see if we ran all the tests
if (curTest == tests.length) {
window.removeEventListener("message", receiveMessage);
SimpleTest.finish();
return;
}
// otherwise it's time to run the next test
setCookieAndInitTest();
}
function setupQueryResultAndRunTest() {
let testframe = document.getElementById("testframe");
testframe.src = tests[curTest].frameSRC;
}
function setCookieAndInitTest() {
var cookieImage = document.getElementById("cookieImage");
cookieImage.onload = function() {
ok(true, "trying to set cookie for test (" + tests[curTest].description + ")");
setupQueryResultAndRunTest();
}
cookieImage.onerror = function() {
ok(false, "could not load image for test (" + tests[curTest].description + ")");
}
cookieImage.src = tests[curTest].imgSRC;
}
// fire up the test
setCookieAndInitTest();
</script>
</body>
</html>