| import json |
| import importlib |
| session_manager = importlib.import_module('device-bound-session-credentials.session_manager') |
| |
| def main(request, response): |
| request_body = json.loads(request.body.decode('utf-8')) |
| |
| test_id = request_body.get("testId") |
| if test_id is None: |
| test_id = session_manager.initialize_test() |
| |
| # subdomain-registration.https.html does registration on a |
| # subdomain. Without the Domain attribute, the test_id cookie won't |
| # be available on the subdomain. |
| cookie_attributes = f"Domain={request.url_parts.hostname}" |
| |
| # Cross-site tests (e.g. allowed-refresh-initiators.https.html) require a |
| # SameSite=None cookie, which must also be Secure. But |
| # not-secure-connection.html cannot have a Secure cookie, so we need to make |
| # the attributes conditional on the test. |
| cross_site = request_body.get("crossSite") |
| if cross_site is not None and cross_site: |
| cookie_attributes += ";SameSite=None;Secure" |
| |
| headers = [("Set-Cookie", f"test_id={test_id};{cookie_attributes}")] |
| |
| return (200, headers, "") |
