Source code
Revision control
Copy as Markdown
Other Tools
Test Info: Warnings
- This test has a WPT meta file that expects 1 subtest issues.
- This WPT test may be referenced by the following Test IDs:
- /cookies/samesite/window-open-reload.https.html - WPT Dashboard Interop Dashboard
<!DOCTYPE html>
<meta charset="utf-8"/>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/cookies/resources/cookie-helper.sub.js"></script>
<script>
// This test opens a popup window to postToParent.py (on the specified
// origin). The popup sends a postMessage event back to its opener
// (i.e., here) with the cookies it received, which we verify against
// expectedStatus. Then, the test sends a message to the popup, telling it to
// reload itself via window.location.reload(). Again, the popup posts a
// message back here with the cookies it received. These cookies are verified
// against expectedStatusReload.
function create_test(origin, target, expectedStatus, expectedStatusReload, title) {
promise_test(t => {
var value = "" + Math.random();
return resetSameSiteCookies(origin, value)
.then(_ => {
return new Promise((resolve, reject) => {
var w = window.open(target + "/cookies/resources/postToParent.py");
var reloaded = false;
var msgHandler = e => {
try {
verifySameSiteCookieState(reloaded ? expectedStatusReload : expectedStatus, value, e.data, DomSameSiteStatus.SAME_SITE);
} catch (e) {
reject(e);
}
if (reloaded) {
window.removeEventListener("message", msgHandler);
w.close();
resolve("Popup received the cookie.");
} else {
reloaded = true;
w.postMessage("reload", "*");
}
};
window.addEventListener("message", msgHandler);
if (!w)
reject("Popup could not be opened (did you allow the test site in your popup blocker?).");
});
});
}, title);
}
// The reload status is always strictly same-site because this is a site-initiated reload, as opposed to a reload triggered by a user interface element.
create_test(SECURE_ORIGIN, SECURE_ORIGIN, SameSiteStatus.STRICT, SameSiteStatus.STRICT, "Reloaded same-host auxiliary navigations are strictly same-site.");
create_test(SECURE_SUBDOMAIN_ORIGIN, SECURE_SUBDOMAIN_ORIGIN, SameSiteStatus.STRICT, SameSiteStatus.STRICT, "Reloaded subdomain auxiliary navigations are strictly same-site.");
create_test(SECURE_CROSS_SITE_ORIGIN, SECURE_CROSS_SITE_ORIGIN, SameSiteStatus.LAX, SameSiteStatus.STRICT, "Reloaded cross-site auxiliary navigations are strictly same-site");
</script>