window-open-reload.https.html

mozilla-central/testing/web-platform/tests/cookies/samesite/window-open-reload.https.html

Enable keyboard shortcuts

Source code

File a bug in Core :: Networking: Cookies

Revision control

Copy as Markdown

Other Tools

Test Info: Warnings

This test has a WPT meta file that expects 1 subtest issues.
This WPT test may be referenced by the following Test IDs:
- /cookies/samesite/window-open-reload.https.html - WPT Dashboard Interop Dashboard

<!DOCTYPE html>

<meta charset="utf-8"/>

<script src="/resources/testharness.js"></script>

<script src="/resources/testharnessreport.js"></script>

<script src="/cookies/resources/cookie-helper.sub.js"></script>

<script>

  // This test opens a popup window to postToParent.py (on the specified

  // origin). The popup sends a postMessage event back to its opener

  // (i.e., here) with the cookies it received, which we verify against

  // expectedStatus. Then, the test sends a message to the popup, telling it to

  // reload itself via window.location.reload(). Again, the popup posts a

  // message back here with the cookies it received. These cookies are verified

  // against expectedStatusReload.

  function create_test(origin, target, expectedStatus, expectedStatusReload, title) {

    promise_test(t => {

      var value = "" + Math.random();

      return resetSameSiteCookies(origin, value)

        .then(_ => {

          return new Promise((resolve, reject) => {

            var w = window.open(target + "/cookies/resources/postToParent.py");

            var reloaded = false;

            var msgHandler = e => {

              try {

                verifySameSiteCookieState(reloaded ? expectedStatusReload : expectedStatus, value, e.data, DomSameSiteStatus.SAME_SITE);

              } catch (e) {

                reject(e);

              if (reloaded) {

                window.removeEventListener("message", msgHandler);

                w.close();

                resolve("Popup received the cookie.");

              } else {

                reloaded = true;

                w.postMessage("reload", "*");

};

            window.addEventListener("message", msgHandler);

            if (!w)

              reject("Popup could not be opened (did you allow the test site in your popup blocker?).");

});

});

    }, title);

  // The reload status is always strictly same-site because this is a site-initiated reload, as opposed to a reload triggered by a user interface element.

  create_test(SECURE_ORIGIN, SECURE_ORIGIN, SameSiteStatus.STRICT, SameSiteStatus.STRICT, "Reloaded same-host auxiliary navigations are strictly same-site.");

  create_test(SECURE_SUBDOMAIN_ORIGIN, SECURE_SUBDOMAIN_ORIGIN, SameSiteStatus.STRICT, SameSiteStatus.STRICT, "Reloaded subdomain auxiliary navigations are strictly same-site.");

  create_test(SECURE_CROSS_SITE_ORIGIN, SECURE_CROSS_SITE_ORIGIN, SameSiteStatus.LAX, SameSiteStatus.STRICT, "Reloaded cross-site auxiliary navigations are strictly same-site");

</script>