Source code

Revision control

Copy as Markdown

Other Tools

Test Info:

<!DOCTYPE html>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/cookies/resources/cookie-helper.sub.js"></script>
<script>
["", "MaxAge=10", "HttpOnly"].forEach(extraParams => {
// Without 'secure'
set_prefixed_cookie_via_http_test({
prefix: "__Secure-",
params: "Path=/;" + extraParams,
origin: self.origin,
shouldExistViaHTTP: false,
title: "__Secure: secure origin: Should not set 'Path=/;" + extraParams + "'"
});
set_prefixed_cookie_via_http_test({
prefix: "__SeCuRe-",
params: "Path=/;" + extraParams,
origin: self.origin,
shouldExistViaHTTP: false,
title: "__SeCuRe: secure origin: Should not set 'Path=/;" + extraParams + "'"
});
// With 'secure'
set_prefixed_cookie_via_http_test({
prefix: "__Secure-",
params: "Secure;Path=/;" + extraParams,
origin: self.origin,
shouldExistViaHTTP: true,
title: "__Secure: secure origin: Should set 'Secure;Path=/;" + extraParams + "'"
});
set_prefixed_cookie_via_http_test({
prefix: "__SeCuRe-",
params: "Secure;Path=/;" + extraParams,
origin: self.origin,
shouldExistViaHTTP: true,
title: "__SeCuRe: secure origin: Should set 'Secure;Path=/;" + extraParams + "'"
});
});
// Without 'secure'
set_prefixed_cookie_via_http_test({
prefix: "__Secure-",
// SameSite=None is necessary because cross-site origins cannot set SameSite cookies via fetch.
params: "Path=/;SameSite=None;domain=" + CROSS_SITE_HOST,
origin: SECURE_CROSS_SITE_ORIGIN,
shouldExistViaHTTP: false,
title: "__Secure: secure origin: Should not set 'Path=/;domain=" + CROSS_SITE_HOST + "'"
});
set_prefixed_cookie_via_http_test({
prefix: "__SeCuRe-",
// SameSite=None is necessary because cross-site origins cannot set SameSite cookies via fetch.
params: "Path=/;SameSite=None;domain=" + CROSS_SITE_HOST,
origin: SECURE_CROSS_SITE_ORIGIN,
shouldExistViaHTTP: false,
title: "__SeCuRe: secure origin: Should not set 'Path=/;domain=" + CROSS_SITE_HOST + "'"
});
// With 'secure'
set_prefixed_cookie_via_http_test({
prefix: "__Secure-",
// SameSite=None is necessary because cross-site origins cannot set SameSite cookies via fetch.
params: "Secure;SameSite=None;Path=/;domain=" + CROSS_SITE_HOST,
origin: SECURE_CROSS_SITE_ORIGIN,
shouldExistViaHTTP: true,
title: "__Secure: secure origin: Should set 'Secure;Path=/;domain=" + CROSS_SITE_HOST + "'"
});
set_prefixed_cookie_via_http_test({
prefix: "__SeCuRe-",
// SameSite=None is necessary because cross-site origins cannot set SameSite cookies via fetch.
params: "Secure;SameSite=None;Path=/;domain=" + CROSS_SITE_HOST,
origin: SECURE_CROSS_SITE_ORIGIN,
shouldExistViaHTTP: true,
title: "__SeCuRe: secure origin: Should set 'Secure;Path=/;domain=" + CROSS_SITE_HOST + "'"
});
</script>