empty-response.https.html

Enable keyboard shortcuts

This test has a WPT meta file that expects 2 subtest issues.
This WPT test may be referenced by the following Test IDs:
- /device-bound-session-credentials/empty-response.https.html - WPT Dashboard Interop Dashboard

<!DOCTYPE html>

<meta charset="utf-8">

<script src="/resources/testharness.js"></script>

<script src="/resources/testharnessreport.js"></script>

<script src="helper.js" type="module"></script>

<script type="module">

  import {

    expireCookie,

    documentHasCookie,

    waitForCookie,

    addCookieAndSessionCleanup,

    setupShardedServerState,

    configureServer

  } from "./helper.js";

  promise_test(async t => {

    await setupShardedServerState();

    const expectedCookieAndValue = "auth_cookie=abcdef0123";

    const expectedCookieAndAttributes = `${expectedCookieAndValue};Domain=${location.hostname};Path=/device-bound-session-credentials`;

    addCookieAndSessionCleanup(t);

    // Configure the server to omit session instructions going forward

    configureServer({

      useEmptyResponse: true

});

    // Prompt starting a session, and wait until registration completes.

    const loginResponse = await fetch('login.py');

    assert_equals(loginResponse.status, 200);

    await waitForCookie(expectedCookieAndValue, /*expectCookie=*/true);

    // Since the session instructions were empty at registration, refresh should fail.

    expireCookie(expectedCookieAndAttributes);

    assert_false(documentHasCookie(expectedCookieAndValue));

    const authResponseAfterExpiry = await fetch('verify_authenticated.py');

    assert_equals(authResponseAfterExpiry.status, 403);

    assert_false(documentHasCookie(expectedCookieAndValue));

  }, "An empty response fails on registration");

  promise_test(async t => {

    await setupShardedServerState();

    const expectedCookieAndValue = "auth_cookie=abcdef0123";

    const expectedCookieAndAttributes = `${expectedCookieAndValue};Domain=${location.hostname};Path=/device-bound-session-credentials`;

    addCookieAndSessionCleanup(t);

    // Prompt starting a session, and wait until registration completes.

    const loginResponse = await fetch('login.py');

    assert_equals(loginResponse.status, 200);

    await waitForCookie(expectedCookieAndValue, /*expectCookie=*/true);

    // Configure the server to omit session instructions going forward

    configureServer({

      useEmptyResponse: true

});

    // Confirm that expiring the cookie still leads to a request with the cookie set (refresh occurs).

    expireCookie(expectedCookieAndAttributes);

    assert_false(documentHasCookie(expectedCookieAndValue));

    const authResponseAfterExpiry = await fetch('verify_authenticated.py');

    assert_equals(authResponseAfterExpiry.status, 200);

    assert_true(documentHasCookie(expectedCookieAndValue));

    // If returning an empty response terminated the session, a second refresh would fail.

    expireCookie(expectedCookieAndAttributes);

    assert_false(documentHasCookie(expectedCookieAndValue));

    const authResponseAfterExpiry2 = await fetch('verify_authenticated.py');

    assert_equals(authResponseAfterExpiry2.status, 200);

    assert_true(documentHasCookie(expectedCookieAndValue));

  }, "An empty response is allowed on refresh");

</script>