| <!doctype html> |
| <html> |
| <head> |
| <meta charset=utf-8> |
| <title>Set 'secure' cookie from `Set-Cookie` HTTP header on a non-secure page</title> |
| <meta name=help href="https://tools.ietf.org/html/draft-west-leave-secure-cookies-alone"> |
| <script src="/resources/testharness.js"></script> |
| <script src="/resources/testharnessreport.js"></script> |
| <script src="/cookies/resources/testharness-helpers.js"></script> |
| </head> |
| <body> |
| <div id=log></div> |
| <script> |
| function clearKnownCookie() { |
| document.cookie = "secure_from_nonsecure_http=0; Secure; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/"; |
| } |
| |
| test(function () { |
| assert_equals(document.cookie.match(/secure_from_nonsecure_http=1/), null); |
| }, "'secure' cookie not present in `document.cookie`"); |
| |
| promise_test(function (t) { |
| t.add_cleanup(clearKnownCookie); |
| return fetch("https://{{host}}:{{ports[https][0]}}/cookies/resources/echo-json.py", |
| { "credentials": "include" }) |
| .then(function (r) { |
| return r.json(); |
| }) |
| .then(function (j) { |
| assert_equals(j["secure_from_nonsecure_http"], undefined); |
| }); |
| }, "'secure' cookie not sent in HTTP request"); |
| </script> |
| </body> |
| </html> |
| |
