зеркало из https://github.com/mozilla/gecko-dev.git
5ebe2f5c98
Automatic update from web-platform-tests[cookies] Correct utility function and tests (#12835) * [cookies] Fail on exceptional circumstance Some tests which use the `credFetch` utility include assertions only for the absence of cookies. Because `fetch` does not reject the returned promise for valid HTTP responses outside of the 2XX range, these tests could be satisfied by querying non-existent URLs. This is not an issue in any existing tests, but it has the potential to hide problems in future patches. Update the `credFetch` function to report unsuccessful requests as failures. * [cookies] Correct utility function and tests The `cookie-helper.sub.js` utility script includes `set_prefixed_cookie_via_http_test`, a function that defines sub-tests using the `promise_test` API. Previously, it included the following code: promise_test(t => { var postDelete = _ => { // (elided) }; if (!options.origin) { return postDelete; } else { // (elided) } }); The `promise_test` function does not recognize return values which are functions, so returning the `postDelete` method had no effect, and as a result, the generated tests performed zero assertions. Because none of the consumers of `set_prefixed_cookie_via_http_test` specified a value for the `origin` option, all invocations were effected by this bug. Correcting the problem surfaced a number of errors in the tests. In the interest of atomicity, this patch attempts to address them all: - The logic intended to defensively remove cookies prior to testing was implemented using `document.cookie`. Because some tests create cookies which include the `HttpOnly` attribute, the DOM API cannot remove cookies in all cases. This patch refactors the solution to remove such cookies via an HTTP request. It also assumes the environment is initially clean and instead expresses the concern via an asynchronous "cleanup" function. (This change necessitated an extension to the `set.py` script so that it could be used to expire cookies.) - The test name `__secure.header.html` incorrectly asserted that a cookie set with the `Secure` attribute could be observed in a non-secure context. This patch corrects the expectation. - The test named `__secure.header.https.html` incorrectly asserted that a cookie set with a foreign `Origin` attribute could be observed from the current origin. This patch corrects the expectation. -- wpt-commits: 88d4f4cc118320c4e02003ffc1ba2c5ee81b1753 wpt-pr: 12835 |
||
|---|---|---|
| .. | ||
| http-state | ||
| path | ||
| prefix | ||
| resources | ||
| samesite | ||
| secure | ||
| META.yml | ||
| README.md | ||
| meta-blocked.html | ||
README.md
This directory contains tests for Leave Secure Cookies Alone.