mirror of
https://github.com/mozilla/gecko-dev.git
synced 2025-11-11 05:39:41 +02:00
240b20ed30
Automatic update from web-platform-testsCookie Store API: Remove `httpOnly` option The option would seemingly allow the creation of HttpOnly cookies, which is not permitted with the document.cookie API and we don't want to introduce that capability here. This didn't work anyway as the API would fail the cookie creation as coming from a non-HTTP source and reject the script call, so just remove the option. Spec issue: https://github.com/WICG/cookie-store/issues/41 Spec PR: https://github.com/WICG/cookie-store/pull/87 Bug: 729800 Change-Id: Id1115db5fbb432a3dd7647b565c5e7e8f45d4e14 Reviewed-on: https://chromium-review.googlesource.com/1160927 Commit-Queue: Victor Costan <pwnall@chromium.org> Reviewed-by: Victor Costan <pwnall@chromium.org> Cr-Commit-Position: refs/heads/master@{#580271} -- wpt-commits: ca6120560c151d9dac81afa6a834a217db6e5ed6 wpt-pr: 12280
69 lines
2.5 KiB
JavaScript
69 lines
2.5 KiB
JavaScript
// META: script=resources/cookie-test-helpers.js
|
|
|
|
'use strict';
|
|
|
|
cookie_test(async t => {
|
|
let eventPromise = observeNextCookieChangeEvent();
|
|
await setCookieStringHttp('HTTPONLY-cookie=value; path=/; httponly');
|
|
assert_equals(
|
|
await getCookieString(),
|
|
undefined,
|
|
'HttpOnly cookie we wrote using HTTP in cookie jar' +
|
|
' is invisible to script');
|
|
assert_equals(
|
|
await getCookieStringHttp(),
|
|
'HTTPONLY-cookie=value',
|
|
'HttpOnly cookie we wrote using HTTP in HTTP cookie jar');
|
|
|
|
await setCookieStringHttp('HTTPONLY-cookie=new-value; path=/; httponly');
|
|
assert_equals(
|
|
await getCookieString(),
|
|
undefined,
|
|
'HttpOnly cookie we overwrote using HTTP in cookie jar' +
|
|
' is invisible to script');
|
|
assert_equals(
|
|
await getCookieStringHttp(),
|
|
'HTTPONLY-cookie=new-value',
|
|
'HttpOnly cookie we overwrote using HTTP in HTTP cookie jar');
|
|
|
|
eventPromise = observeNextCookieChangeEvent();
|
|
await setCookieStringHttp(
|
|
'HTTPONLY-cookie=DELETED; path=/; max-age=0; httponly');
|
|
assert_equals(
|
|
await getCookieString(),
|
|
undefined,
|
|
'Empty cookie jar after HTTP cookie-clearing using max-age=0');
|
|
assert_equals(
|
|
await getCookieStringHttp(),
|
|
undefined,
|
|
'Empty HTTP cookie jar after HTTP cookie-clearing using max-age=0');
|
|
|
|
// HTTPONLY cookie changes should not have been observed; perform
|
|
// a dummy change to verify that nothing else was queued up.
|
|
await cookieStore.set('TEST', 'dummy');
|
|
await verifyCookieChangeEvent(
|
|
eventPromise, {changed: [{name: 'TEST', value: 'dummy'}]},
|
|
'HttpOnly cookie deletion was not observed');
|
|
}, 'HttpOnly cookies are not observed');
|
|
|
|
|
|
cookie_test(async t => {
|
|
document.cookie = 'cookie1=value1; path=/';
|
|
document.cookie = 'cookie2=value2; path=/; httponly';
|
|
document.cookie = 'cookie3=value3; path=/';
|
|
assert_equals(
|
|
await getCookieStringHttp(), 'cookie1=value1; cookie3=value3',
|
|
'Trying to store an HttpOnly cookie with document.cookie fails');
|
|
}, 'HttpOnly cookies can not be set by document.cookie');
|
|
|
|
|
|
// Historical: Early iterations of the proposal included an httpOnly option.
|
|
cookie_test(async t => {
|
|
await cookieStore.set('cookie1', 'value1');
|
|
await cookieStore.set('cookie2', 'value2', {httpOnly: true});
|
|
await cookieStore.set('cookie3', 'value3');
|
|
assert_equals(
|
|
await getCookieStringHttp(),
|
|
'cookie1=value1; cookie2=value2; cookie3=value3',
|
|
'httpOnly is not an option for CookieStore.set()');
|
|
}, 'HttpOnly cookies can not be set by CookieStore');
|