Source code
Revision control
Copy as Markdown
Other Tools
<!DOCTYPE HTML>
<html>
<!--
-->
<head>
<title>Cookie changes from XHR requests are observed in content processes.</title>
<script src="/tests/SimpleTest/SimpleTest.js"></script>
<link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
<script type="text/javascript">
SimpleTest.waitForExplicitFinish();
function createXHR(url) {
return new Promise(function (resolve, reject) {
var xhr = new XMLHttpRequest();
xhr.open("GET", url, true); // async request
xhr.onload = function () {
if (this.status >= 200 && this.status < 300) {
resolve(xhr.response);
} else {
reject({
status: this.status,
statusText: xhr.statusText
});
}
};
xhr.onerror = function () {
reject({
status: this.status,
statusText: xhr.statusText
});
};
xhr.send();
});
}
SpecialPowers.pushPrefEnv({
set: [["network.cookie.sameSite.laxByDefault", false]],
})
// 1. Create one XHR to set a non-http-only cookie (testXHR1)
.then(_ => createXHR('reset_cookie_xhr.sjs?set_cookie'))
// 2. Check the visibility of that cookie
.then(_ => is(document.cookie, "testXHR1=xhr_val1", "Confirm the cookie"))
// 3. Create a second cookie via document.cookie (testXHR2) and check the
// visibility of those 2 cookies
.then(_ => {
document.cookie = "testXHR2=xhr_val2; path=/";
is(document.cookie, "testXHR1=xhr_val1; testXHR2=xhr_val2", "Confirm the two cookies");
})
// 4. Create one XHR to modify the first cookie and make it http-only
.then(_ => createXHR('reset_cookie_xhr.sjs?modify_cookie'))
// 5. Child process only can get the testXHR1 cookie.
.then(_ => {
is(document.cookie, "testXHR2=xhr_val2", "Confirm the first cookie is gone");
})
// 6. Try to override the first cookie.
.then(_ => {
document.cookie = "testXHR1=xhr_val3; path=/";
is(document.cookie, "testXHR2=xhr_val2", "Still one cookie");
})
// 7. Cleanup && Shutdown
.finally(_ => {
document.cookie = "testXHR2=; path=/; expires=Thu, 01-Jan-1970 00:00:01 GMT";
SimpleTest.finish();
});
</script>
</head>
<body>
</body>
</html>