Bug 1568104 [wpt PR 17989] - Port WebSocket 3p-cookie-blocking web tests to wpt_internal, a=testonly
authorLily Chen <chlily@chromium.org>
Wed, 14 Aug 2019 10:57:26 +0000
changeset 488123 605be81220d91399bfa53fca37537b409f7b9d74
parent 488122 a2a802a992a07a69658c5e3daeab5ccdb1d40069
child 488124 e4abe7c75be52ed20c1727eda0fdc6d0c7dd2676
push id36435
push usercbrindusan@mozilla.com
push dateThu, 15 Aug 2019 09:46:49 +0000
treeherdermozilla-central@0db07ff50ab5 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerstestonly
bugs1568104, 17989, 1691522, 1713670, 686071
milestone70.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1568104 [wpt PR 17989] - Port WebSocket 3p-cookie-blocking web tests to wpt_internal, a=testonly Automatic update from web-platform-tests Port WebSocket 3p-cookie-blocking web tests to wpt_internal (For context, see https://crrev.com/c/1691522.) The new requirement that SameSite=None cookies must be Secure made it impossible to properly test third party cookies on WebSocket because the web_test runner does not have a wss server. This CL ports those tests, formerly in web_tests/http/tests/security/cookies/websocket/, to web_tests/wpt_internal/websocket-cookies/. Bug: none Change-Id: Ifc6d2d78a84aa6c93e297dc71b3595108a18f179 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1713670 Commit-Queue: Lily Chen <chlily@chromium.org> Reviewed-by: Robert Ma <robertma@chromium.org> Reviewed-by: Adam Rice <ricea@chromium.org> Cr-Commit-Position: refs/heads/master@{#686071} -- wpt-commits: 990925e0c2bd9100806e7fee202911444a71a7c7 wpt-pr: 17989
testing/web-platform/tests/websockets/cookies/support/websocket-cookies-helper.sub.js
testing/web-platform/tests/websockets/cookies/third-party-cookie-accepted.https.html
testing/web-platform/tests/websockets/handlers/set-cookies-samesite_wsh.py
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/websockets/cookies/support/websocket-cookies-helper.sub.js
@@ -0,0 +1,57 @@
+// Set up global variables.
+(_ => {
+  var HOST = '{{host}}';
+  var CROSS_ORIGIN_HOST = '{{hosts[alt][]}}';
+  var WSS_PORT = ':{{ports[wss][0]}}';
+  var HTTPS_PORT = ':{{ports[https][0]}}';
+
+  window.WSS_ORIGIN = 'wss://' + HOST + WSS_PORT;
+  window.WSS_CROSS_SITE_ORIGIN = 'wss://' + CROSS_ORIGIN_HOST + WSS_PORT;
+  window.HTTPS_ORIGIN = 'https://' + HOST + HTTPS_PORT;
+  window.HTTPS_CROSS_SITE_ORIGIN = 'https://' + CROSS_ORIGIN_HOST + HTTPS_PORT;
+})();
+
+// Sets a cookie with each SameSite option.
+function setSameSiteCookies(origin, value) {
+  return new Promise(resolve => {
+    const ws = new WebSocket(origin + '/set-cookies-samesite?value=' + value);
+    ws.onopen = () => {
+      ws.close();
+    };
+    ws.onclose = resolve;
+  });
+}
+
+// Clears cookies set by setSameSiteCookies().
+function clearSameSiteCookies(origin) {
+  return new Promise(resolve => {
+    const ws = new WebSocket(origin + '/set-cookies-samesite?clear');
+    ws.onopen = () => ws.close();
+    ws.onclose = resolve;
+  });
+}
+
+// Gets value of Cookie header sent in request.
+function connectAndGetRequestCookiesFrom(origin) {
+  return new Promise((resolve, reject) => {
+      var ws = new WebSocket(origin + '/echo-cookie');
+      ws.onmessage = evt => {
+          var cookies = evt.data
+          resolve(cookies);
+          ws.onerror = undefined;
+          ws.onclose = undefined;
+      };
+      ws.onerror = () => reject('Unexpected error event');
+      ws.onclose = evt => reject('Unexpected close event: ' + JSON.stringify(evt));
+  });
+}
+
+// Assert that a given cookie is or is not present in the string |cookies|.
+function assertCookie(cookies, name, value, present) {
+  var assertion = present ? assert_true : assert_false;
+  var description = name + '=' + value + ' cookie is' +
+                    (present ? ' ' : ' not ') + 'present.';
+  var re = new RegExp('(?:^|; )' + name + '=' + value + '(?:$|;)');
+  assertion(re.test(cookies), description);
+}
+
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/websockets/cookies/third-party-cookie-accepted.https.html
@@ -0,0 +1,25 @@
+<!DOCTYPE html>
+<meta charset="utf-8"/>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="support/websocket-cookies-helper.sub.js"></script>
+<script>
+promise_test(() => {
+  var value = '' + Math.random();
+  var origin = WSS_CROSS_SITE_ORIGIN;
+  return setSameSiteCookies(origin, value).then(
+    () => { return connectAndGetRequestCookiesFrom(origin); }
+  ).then(
+    cookies => {
+      assert_not_equals(cookies, '(none)', 'request should contain cookies.');
+      // SameSite cookies are blocked.
+      assertCookie(cookies, 'samesite-unspecified', value, false /* present */);
+      assertCookie(cookies, 'samesite-lax', value, false /* present */);
+      assertCookie(cookies, 'samesite-strict', value, false /* present */);
+      // SameSite=None third-party cookie is not blocked.
+      assertCookie(cookies, 'samesite-none', value, true /* present */);
+      return clearSameSiteCookies(origin);
+    }
+  );
+}, 'Test that third-party cookies are accepted for WebSockets.');
+</script>
new file mode 100644
--- /dev/null
+++ b/testing/web-platform/tests/websockets/handlers/set-cookies-samesite_wsh.py
@@ -0,0 +1,25 @@
+from six.moves import urllib
+
+
+def web_socket_do_extra_handshake(request):
+    url_parts = urllib.parse.urlsplit(request.uri)
+    max_age = ""
+    if "clear" in url_parts.query:
+        max_age = "; Max-Age=0"
+    value = "1"
+    if "value" in url_parts.query:
+        value = urllib.parse.parse_qs(url_parts.query)["value"][0]
+    cookies = [
+        "samesite-unspecified={}; Path=/".format(value) + max_age,
+        "samesite-lax={}; Path=/; SameSite=Lax".format(value) + max_age,
+        "samesite-strict={}; Path=/; SameSite=Strict".format(value) + max_age,
+        # SameSite=None cookies must be Secure.
+        "samesite-none={}; Path=/; SameSite=None; Secure".format(value) + max_age
+    ]
+    for cookie in cookies:
+        request.extra_headers.append(("Set-Cookie", cookie))
+
+
+def web_socket_transfer_data(request):
+    # Expect close() from user agent.
+    request.ws_stream.receive_message()