window-open.https.html

mozilla-central/testing/web-platform/tests/cookies/samesite/window-open.https.html

Enable keyboard shortcuts

Source code

File a bug in Core :: Networking: Cookies

Revision control

Copy as Markdown

Other Tools

Test Info:

This WPT test may be referenced by the following Test IDs:
- /cookies/samesite/window-open.https.html - WPT Dashboard Interop Dashboard

<!DOCTYPE html>

<meta charset="utf-8"/>

<meta name="timeout" content="long">

<script src="/resources/testharness.js"></script>

<script src="/resources/testharnessreport.js"></script>

<script src="/cookies/resources/cookie-helper.sub.js"></script>

<script>

  function create_test(origin, target, expectedStatus, title) {

    promise_test(t => {

      var value = "" + Math.random();

      return resetSameSiteCookies(origin, value)

        .then(_ => {

          return new Promise((resolve, reject) => {

            var w = window.open(target + "/cookies/resources/postToParent.py");

            var msgHandler = e => {

              window.removeEventListener("message", msgHandler);

              w.close();

              try {

                verifySameSiteCookieState(expectedStatus, value, e.data, DomSameSiteStatus.SAME_SITE);

                resolve("Popup received the cookie.");

              } catch (e) {

                reject(e);

};

            window.addEventListener("message", msgHandler);

            if (!w)

              reject("Popup could not be opened (did you allow the test site in your popup blocker?).");

});

});

    }, title);

  // No redirect:

  create_test(SECURE_ORIGIN, SECURE_ORIGIN, SameSiteStatus.STRICT, "Same-host auxiliary navigations are strictly same-site");

  create_test(SECURE_SUBDOMAIN_ORIGIN, SECURE_SUBDOMAIN_ORIGIN, SameSiteStatus.STRICT, "Subdomain auxiliary navigations are strictly same-site");

  create_test(SECURE_CROSS_SITE_ORIGIN, SECURE_CROSS_SITE_ORIGIN, SameSiteStatus.LAX, "Cross-site auxiliary navigations are laxly same-site");

  // Redirect from {same-host,subdomain,cross-site} to same-host:

  create_test(SECURE_ORIGIN, redirectTo(SECURE_ORIGIN, SECURE_ORIGIN), SameSiteStatus.STRICT, "Same-host redirecting to same-host auxiliary navigations are strictly same-site");

  create_test(SECURE_ORIGIN, redirectTo(SECURE_SUBDOMAIN_ORIGIN, SECURE_ORIGIN), SameSiteStatus.STRICT, "Subdomain redirecting to same-host auxiliary navigations are strictly same-site");

  create_test(SECURE_ORIGIN, redirectTo(SECURE_CROSS_SITE_ORIGIN, SECURE_ORIGIN), SameSiteStatus.LAX, "Cross-site redirecting to same-host auxiliary navigations are laxly same-site");

  // Redirect from {same-host,subdomain,cross-site} to same-host:

  create_test(SECURE_SUBDOMAIN_ORIGIN, redirectTo(SECURE_ORIGIN, SECURE_SUBDOMAIN_ORIGIN), SameSiteStatus.STRICT, "Same-host redirecting to subdomain auxiliary navigations are strictly same-site");

  create_test(SECURE_SUBDOMAIN_ORIGIN, redirectTo(SECURE_SUBDOMAIN_ORIGIN, SECURE_SUBDOMAIN_ORIGIN), SameSiteStatus.STRICT, "Subdomain redirecting to subdomain auxiliary navigations are strictly same-site");

  create_test(SECURE_SUBDOMAIN_ORIGIN, redirectTo(SECURE_CROSS_SITE_ORIGIN, SECURE_SUBDOMAIN_ORIGIN), SameSiteStatus.LAX, "Cross-site redirecting to subdomain auxiliary navigations are laxly same-site");

  // Redirect from {same-host,subdomain,cross-site} to cross-site:

  create_test(SECURE_CROSS_SITE_ORIGIN, redirectTo(SECURE_ORIGIN, SECURE_CROSS_SITE_ORIGIN), SameSiteStatus.LAX, "Same-host redirecting to cross-site auxiliary navigations are laxly same-site");

  create_test(SECURE_CROSS_SITE_ORIGIN, redirectTo(SECURE_SUBDOMAIN_ORIGIN, SECURE_CROSS_SITE_ORIGIN), SameSiteStatus.LAX, "Subdomain redirecting to cross-site auxiliary navigations are laxly same-site");

  create_test(SECURE_CROSS_SITE_ORIGIN, redirectTo(SECURE_CROSS_SITE_ORIGIN, SECURE_CROSS_SITE_ORIGIN), SameSiteStatus.LAX, "Cross-site redirecting to cross-site auxiliary navigations are laxly same-site");

</script>