cookies/samesite/iframe.html - external/w3c/web-platform-tests - Git at Google

 <!DOCTYPE html>
 <meta charset="utf-8"/>
 <meta name="timeout" content="long">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
 <script src="/cookies/resources/cookie-helper.sub.js"></script>
 <!-- We're appending an <iframe> to the document's body, so execute tests after we have a body -->
 <body>
 <script>
   function create_test(origin, target, expectedStatus, title) {
     promise_test(t => {
       var value = "" + Math.random();
       return resetSameSiteCookies(origin, value)
         .then(_ => {
           return new Promise((resolve, reject) => {
             var iframe = document.createElement("iframe");
             iframe.onerror = _ => reject("IFrame could not be loaded.");

             var msgHandler = e => {
               if (e.source == iframe.contentWindow) {
                 // Cleanup, then verify cookie state:
                 document.body.removeChild(iframe);
                 window.removeEventListener("message", msgHandler);
                 try {
                   verifySameSiteCookieState(expectedStatus, value, e.data);
                   resolve();
                 } catch(e) {
                   reject(e);
                 }
               }
             };
             window.addEventListener("message", msgHandler);

             iframe.src = target + "/cookies/resources/postToParent.py";
             document.body.appendChild(iframe);
           });
         });
     }, title);
   }

   // No redirect:
   create_test(ORIGIN, ORIGIN, SameSiteStatus.STRICT, "Same-host fetches are strictly same-site");
   create_test(SUBDOMAIN_ORIGIN, SUBDOMAIN_ORIGIN, SameSiteStatus.STRICT, "Subdomain fetches are strictly same-site");
   create_test(CROSS_SITE_ORIGIN, CROSS_SITE_ORIGIN, SameSiteStatus.CROSS_SITE, "Cross-site fetches are cross-site");

   // Redirect from {same-host,subdomain,cross-site} to same-host:
   create_test(ORIGIN, redirectTo(ORIGIN, ORIGIN), SameSiteStatus.STRICT, "Same-host redirecting to same-host fetches are strictly same-site");
   create_test(ORIGIN, redirectTo(SUBDOMAIN_ORIGIN, ORIGIN), SameSiteStatus.STRICT, "Subdomain redirecting to same-host fetches are strictly same-site");
   create_test(ORIGIN, redirectTo(CROSS_SITE_ORIGIN, ORIGIN), SameSiteStatus.STRICT, "Cross-site redirecting to same-host fetches are strictly same-site");

   // Redirect from {same-host,subdomain,cross-site} to same-host:
   create_test(SUBDOMAIN_ORIGIN, redirectTo(ORIGIN, SUBDOMAIN_ORIGIN), SameSiteStatus.STRICT, "Same-host redirecting to subdomain fetches are strictly same-site");
   create_test(SUBDOMAIN_ORIGIN, redirectTo(SUBDOMAIN_ORIGIN, SUBDOMAIN_ORIGIN), SameSiteStatus.STRICT, "Subdomain redirecting to subdomain fetches are strictly same-site");
   create_test(SUBDOMAIN_ORIGIN, redirectTo(CROSS_SITE_ORIGIN, SUBDOMAIN_ORIGIN), SameSiteStatus.STRICT, "Cross-site redirecting to subdomain fetches are strictly same-site");

   // Redirect from {same-host,subdomain,cross-site} to cross-site:
   create_test(CROSS_SITE_ORIGIN, redirectTo(ORIGIN, CROSS_SITE_ORIGIN), SameSiteStatus.CROSS_SITE, "Same-host redirecting to cross-site fetches are cross-site");
   create_test(CROSS_SITE_ORIGIN, redirectTo(SUBDOMAIN_ORIGIN, CROSS_SITE_ORIGIN), SameSiteStatus.CROSS_SITE, "Subdomain redirecting to cross-site fetches are cross-site");
   create_test(CROSS_SITE_ORIGIN, redirectTo(CROSS_SITE_ORIGIN, CROSS_SITE_ORIGIN), SameSiteStatus.CROSS_SITE, "Cross-site redirecting to cross-site fetches are cross-site");
 </script>
	<!DOCTYPE html>
	<meta charset="utf-8"/>
	<meta name="timeout" content="long">
	<script src="/resources/testharness.js"></script>
	<script src="/resources/testharnessreport.js"></script>
	<script src="/cookies/resources/cookie-helper.sub.js"></script>
	<!-- We're appending an <iframe> to the document's body, so execute tests after we have a body -->
	<body>
	<script>
	function create_test(origin, target, expectedStatus, title) {
	promise_test(t => {
	var value = "" + Math.random();
	return resetSameSiteCookies(origin, value)
	.then(_ => {
	return new Promise((resolve, reject) => {
	var iframe = document.createElement("iframe");
	iframe.onerror = _ => reject("IFrame could not be loaded.");

	var msgHandler = e => {
	if (e.source == iframe.contentWindow) {
	// Cleanup, then verify cookie state:
	document.body.removeChild(iframe);
	window.removeEventListener("message", msgHandler);
	try {
	verifySameSiteCookieState(expectedStatus, value, e.data);
	resolve();
	} catch(e) {
	reject(e);
	}
	}
	};
	window.addEventListener("message", msgHandler);

	iframe.src = target + "/cookies/resources/postToParent.py";
	document.body.appendChild(iframe);
	});
	});
	}, title);
	}

	// No redirect:
	create_test(ORIGIN, ORIGIN, SameSiteStatus.STRICT, "Same-host fetches are strictly same-site");
	create_test(SUBDOMAIN_ORIGIN, SUBDOMAIN_ORIGIN, SameSiteStatus.STRICT, "Subdomain fetches are strictly same-site");
	create_test(CROSS_SITE_ORIGIN, CROSS_SITE_ORIGIN, SameSiteStatus.CROSS_SITE, "Cross-site fetches are cross-site");

	// Redirect from {same-host,subdomain,cross-site} to same-host:
	create_test(ORIGIN, redirectTo(ORIGIN, ORIGIN), SameSiteStatus.STRICT, "Same-host redirecting to same-host fetches are strictly same-site");
	create_test(ORIGIN, redirectTo(SUBDOMAIN_ORIGIN, ORIGIN), SameSiteStatus.STRICT, "Subdomain redirecting to same-host fetches are strictly same-site");
	create_test(ORIGIN, redirectTo(CROSS_SITE_ORIGIN, ORIGIN), SameSiteStatus.STRICT, "Cross-site redirecting to same-host fetches are strictly same-site");

	// Redirect from {same-host,subdomain,cross-site} to same-host:
	create_test(SUBDOMAIN_ORIGIN, redirectTo(ORIGIN, SUBDOMAIN_ORIGIN), SameSiteStatus.STRICT, "Same-host redirecting to subdomain fetches are strictly same-site");
	create_test(SUBDOMAIN_ORIGIN, redirectTo(SUBDOMAIN_ORIGIN, SUBDOMAIN_ORIGIN), SameSiteStatus.STRICT, "Subdomain redirecting to subdomain fetches are strictly same-site");
	create_test(SUBDOMAIN_ORIGIN, redirectTo(CROSS_SITE_ORIGIN, SUBDOMAIN_ORIGIN), SameSiteStatus.STRICT, "Cross-site redirecting to subdomain fetches are strictly same-site");

	// Redirect from {same-host,subdomain,cross-site} to cross-site:
	create_test(CROSS_SITE_ORIGIN, redirectTo(ORIGIN, CROSS_SITE_ORIGIN), SameSiteStatus.CROSS_SITE, "Same-host redirecting to cross-site fetches are cross-site");
	create_test(CROSS_SITE_ORIGIN, redirectTo(SUBDOMAIN_ORIGIN, CROSS_SITE_ORIGIN), SameSiteStatus.CROSS_SITE, "Subdomain redirecting to cross-site fetches are cross-site");
	create_test(CROSS_SITE_ORIGIN, redirectTo(CROSS_SITE_ORIGIN, CROSS_SITE_ORIGIN), SameSiteStatus.CROSS_SITE, "Cross-site redirecting to cross-site fetches are cross-site");
	</script>