websockets.https.html

Enable keyboard shortcuts

This test has a WPT meta file that expects 1 subtest issues.
This WPT test may be referenced by the following Test IDs:
- /device-bound-session-credentials/websockets.https.html - WPT Dashboard Interop Dashboard

<!DOCTYPE html>

<meta charset="utf-8">

<script src="/resources/testharness.js"></script>

<script src="/resources/testharnessreport.js"></script>

<script src="helper.js" type="module"></script>

<script type="module">

  import { expireCookie, documentHasCookie, waitForCookie, addCookieAndSessionCleanup, setupShardedServerState, configureServer } from "./helper.js";

  function ws_connect(url) {

    return new Promise(function(resolve,reject) {

      const ws = new WebSocket(url);

      ws.onopen = function () { resolve(); };

      ws.onerror = function(error) { reject(error); };

});

  promise_test(async t => {

    await setupShardedServerState();

    const expectedCookieAndValue = "auth_cookie=abcdef0123";

    const expectedCookieAndAttributes = `${expectedCookieAndValue};Domain=${location.hostname};Path=/device-bound-session-credentials`;

    addCookieAndSessionCleanup(t);

    // In order to validate DBSC is applying to a WebSocket handshake,

    // we need an endpoint that can validate the cookie was refreshed

    // without triggering a refresh itself. Add an excluded endpoint to

    // do that.

    await configureServer({ scopeSpecificationItems: [

      "type": "exclude",

      "domain": location.hostname,

      "path": "/device-bound-session-credentials/excludeInScopeSpecification"

},

    ]});

    // Prompt starting a session, and wait until registration completes.

    const loginResponse = await fetch('login.py');

    assert_equals(loginResponse.status, 200);

    await waitForCookie(expectedCookieAndValue, /*expectCookie=*/true);

    // Confirm that a request has the cookie set.

    const authResponse = await fetch('verify_authenticated.py');

    assert_equals(authResponse.status, 200);

    // Confirm that expiring the cookie still leads to a request with the cookie set (refresh occurs).

    expireCookie(expectedCookieAndAttributes);

    assert_false(documentHasCookie(expectedCookieAndValue));

    // Start a WebSocket handshake. This will fail, but DBSC will still apply to the request.

    try {

      await ws_connect(`wss://${location.host}/device-bound-session-credentials/websocket`);

    } catch (error) {

    // Confirm we're logged in by checking the excluded endpoint.

    const authResponseAfterExpiry = await fetch('excludeInScopeSpecification/excluded_verify_authenticated.py');

    assert_equals(authResponseAfterExpiry.status, 200);

    assert_true(documentHasCookie(expectedCookieAndValue));

  }, "An established session applies to WebSocket handshakes");

</script>