author | Lily Chen <chlily@chromium.org> |
Wed, 14 Aug 2019 10:57:26 +0000 | |
changeset 488123 | 605be81220d91399bfa53fca37537b409f7b9d74 |
parent 488122 | a2a802a992a07a69658c5e3daeab5ccdb1d40069 |
child 488124 | e4abe7c75be52ed20c1727eda0fdc6d0c7dd2676 |
push id | 36435 |
push user | cbrindusan@mozilla.com |
push date | Thu, 15 Aug 2019 09:46:49 +0000 |
treeherder | mozilla-central@0db07ff50ab5 [default view] [failures only] |
perfherder | [talos] [build metrics] [platform microbench] (compared to previous push) |
reviewers | testonly |
bugs | 1568104, 17989, 1691522, 1713670, 686071 |
milestone | 70.0a1 |
first release with | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
last release without | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
new file mode 100644 --- /dev/null +++ b/testing/web-platform/tests/websockets/cookies/support/websocket-cookies-helper.sub.js @@ -0,0 +1,57 @@ +// Set up global variables. +(_ => { + var HOST = '{{host}}'; + var CROSS_ORIGIN_HOST = '{{hosts[alt][]}}'; + var WSS_PORT = ':{{ports[wss][0]}}'; + var HTTPS_PORT = ':{{ports[https][0]}}'; + + window.WSS_ORIGIN = 'wss://' + HOST + WSS_PORT; + window.WSS_CROSS_SITE_ORIGIN = 'wss://' + CROSS_ORIGIN_HOST + WSS_PORT; + window.HTTPS_ORIGIN = 'https://' + HOST + HTTPS_PORT; + window.HTTPS_CROSS_SITE_ORIGIN = 'https://' + CROSS_ORIGIN_HOST + HTTPS_PORT; +})(); + +// Sets a cookie with each SameSite option. +function setSameSiteCookies(origin, value) { + return new Promise(resolve => { + const ws = new WebSocket(origin + '/set-cookies-samesite?value=' + value); + ws.onopen = () => { + ws.close(); + }; + ws.onclose = resolve; + }); +} + +// Clears cookies set by setSameSiteCookies(). +function clearSameSiteCookies(origin) { + return new Promise(resolve => { + const ws = new WebSocket(origin + '/set-cookies-samesite?clear'); + ws.onopen = () => ws.close(); + ws.onclose = resolve; + }); +} + +// Gets value of Cookie header sent in request. +function connectAndGetRequestCookiesFrom(origin) { + return new Promise((resolve, reject) => { + var ws = new WebSocket(origin + '/echo-cookie'); + ws.onmessage = evt => { + var cookies = evt.data + resolve(cookies); + ws.onerror = undefined; + ws.onclose = undefined; + }; + ws.onerror = () => reject('Unexpected error event'); + ws.onclose = evt => reject('Unexpected close event: ' + JSON.stringify(evt)); + }); +} + +// Assert that a given cookie is or is not present in the string |cookies|. +function assertCookie(cookies, name, value, present) { + var assertion = present ? assert_true : assert_false; + var description = name + '=' + value + ' cookie is' + + (present ? ' ' : ' not ') + 'present.'; + var re = new RegExp('(?:^|; )' + name + '=' + value + '(?:$|;)'); + assertion(re.test(cookies), description); +} +
new file mode 100644 --- /dev/null +++ b/testing/web-platform/tests/websockets/cookies/third-party-cookie-accepted.https.html @@ -0,0 +1,25 @@ +<!DOCTYPE html> +<meta charset="utf-8"/> +<script src="/resources/testharness.js"></script> +<script src="/resources/testharnessreport.js"></script> +<script src="support/websocket-cookies-helper.sub.js"></script> +<script> +promise_test(() => { + var value = '' + Math.random(); + var origin = WSS_CROSS_SITE_ORIGIN; + return setSameSiteCookies(origin, value).then( + () => { return connectAndGetRequestCookiesFrom(origin); } + ).then( + cookies => { + assert_not_equals(cookies, '(none)', 'request should contain cookies.'); + // SameSite cookies are blocked. + assertCookie(cookies, 'samesite-unspecified', value, false /* present */); + assertCookie(cookies, 'samesite-lax', value, false /* present */); + assertCookie(cookies, 'samesite-strict', value, false /* present */); + // SameSite=None third-party cookie is not blocked. + assertCookie(cookies, 'samesite-none', value, true /* present */); + return clearSameSiteCookies(origin); + } + ); +}, 'Test that third-party cookies are accepted for WebSockets.'); +</script>
new file mode 100644 --- /dev/null +++ b/testing/web-platform/tests/websockets/handlers/set-cookies-samesite_wsh.py @@ -0,0 +1,25 @@ +from six.moves import urllib + + +def web_socket_do_extra_handshake(request): + url_parts = urllib.parse.urlsplit(request.uri) + max_age = "" + if "clear" in url_parts.query: + max_age = "; Max-Age=0" + value = "1" + if "value" in url_parts.query: + value = urllib.parse.parse_qs(url_parts.query)["value"][0] + cookies = [ + "samesite-unspecified={}; Path=/".format(value) + max_age, + "samesite-lax={}; Path=/; SameSite=Lax".format(value) + max_age, + "samesite-strict={}; Path=/; SameSite=Strict".format(value) + max_age, + # SameSite=None cookies must be Secure. + "samesite-none={}; Path=/; SameSite=None; Secure".format(value) + max_age + ] + for cookie in cookies: + request.extra_headers.append(("Set-Cookie", cookie)) + + +def web_socket_transfer_data(request): + # Expect close() from user agent. + request.ws_stream.receive_message()