Add m-esr52 at 52.6.0

10 files changed, 329 insertions, 0 deletions

diff --git a/testing/web-platform/tests/cookies/resources/echo-json.py b/testing/web-platform/tests/cookies/resources/echo-json.py
new file mode 100644
index 000000000..8f82aa1e9
--- /dev/null
+++ b/testing/web-platform/tests/cookies/resources/echo-json.py
@@ -0,0 +1,15 @@
+import json
+
+def main(request, response):
+    headers = [("Content-Type", "application/json"),
+               ("Access-Control-Allow-Credentials", "true")]
+
+    if "origin" in request.headers:
+        headers.append(("Access-Control-Allow-Origin", request.headers["origin"]))
+
+    values = []
+    for key in request.cookies:
+        for value in request.cookies.get_list(key):
+            values.append("\"%s\": \"%s\"" % (key, value))
+    body = "{ %s }" % ",".join(values)
+    return headers, body
diff --git a/testing/web-platform/tests/cookies/resources/testharness-helpers.js b/testing/web-platform/tests/cookies/resources/testharness-helpers.js
new file mode 100644
index 000000000..84368d6d9
--- /dev/null
+++ b/testing/web-platform/tests/cookies/resources/testharness-helpers.js
@@ -0,0 +1,49 @@
+// Given an array of potentially asynchronous tests, this function will execute
+// each in serial, ensuring that one and only one test is executing at a time.
+//
+// The test array should look like this:
+//
+//
+//     var tests = [
+//       [
+//         "Test description goes here.",
+//         function () {
+//           // Test code goes here. `this` is bound to the test object.
+//         }
+//       ],
+//       ...
+//     ];
+//
+// The |setup| and |teardown| arguments are functions which are executed before
+// and after each test, respectively.
+function executeTestsSerially(testList, setup, teardown) {
+  var tests = testList.map(function (t) {
+    return {
+      test: async_test(t[0]),
+      code: t[1]
+    };
+  });
+
+  var executeNextTest = function () {
+    var current = tests.shift();
+    if (current === undefined) {
+      return;
+    }
+
+    // Setup the test fixtures.
+    if (setup) {
+      setup();
+    }
+
+    // Bind a callback to tear down the test fixtures.
+    if (teardown) {
+      current.test.add_cleanup(teardown);
+    }
+
+    // Execute the test.
+    current.test.step(current.code);
+  };
+
+  add_result_callback(function () { setTimeout(executeNextTest, 0) });
+  executeNextTest();
+}
diff --git a/testing/web-platform/tests/cookies/secure/set-from-dom.https.sub.html b/testing/web-platform/tests/cookies/secure/set-from-dom.https.sub.html
new file mode 100644
index 000000000..46997db18
--- /dev/null
+++ b/testing/web-platform/tests/cookies/secure/set-from-dom.https.sub.html
@@ -0,0 +1,47 @@
+<!doctype html>
+<html>
+<head>
+  <meta charset=utf-8>
+  <title>Set 'secure' cookie from `document.cookie` on a secure page</title>
+  <meta name=help href="https://tools.ietf.org/html/draft-west-leave-secure-cookies-alone">
+  <script src="/resources/testharness.js"></script>
+  <script src="/resources/testharnessreport.js"></script>
+  <script src="/cookies/resources/testharness-helpers.js"></script>
+</head>
+<body>
+<div id=log></div>
+<script>
+  var tests = [
+    [
+      "'secure' cookie visible in `document.cookie`",
+      function () {
+        document.cookie = "secure_from_secure_dom=1; secure; path=/";
+        assert_not_equals(document.cookie.match(/secure_from_secure_dom=1/), null);
+        this.done();
+      }
+    ],
+    [
+      "'secure' cookie visible in HTTP request",
+      function () {
+        document.cookie = "secure_from_secure_dom=1; secure; path=/";
+        assert_not_equals(document.cookie.match(/secure_from_secure_dom=1/), null);
+        fetch("https://{{host}}:{{ports[https][0]}}/cookies/resources/echo-json.py",
+              { "credentials": "include" })
+          .then(this.step_func(function (r) {
+            return r.json();
+          }))
+          .then(this.step_func_done(function (j) {
+            assert_equals(j["secure_from_secure_dom"], "secure_from_secure_dom=1");
+          }));
+      }
+    ]
+  ];
+
+  function clearKnownCookie() {
+    document.cookie = "secure_from_secure_dom=0; Secure; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/";
+  }
+
+  executeTestsSerially(tests, clearKnownCookie, clearKnownCookie);
+</script>
+</body>
+</html>
diff --git a/testing/web-platform/tests/cookies/secure/set-from-dom.sub.html b/testing/web-platform/tests/cookies/secure/set-from-dom.sub.html
new file mode 100644
index 000000000..91aa8fff3
--- /dev/null
+++ b/testing/web-platform/tests/cookies/secure/set-from-dom.sub.html
@@ -0,0 +1,47 @@
+<!doctype html>
+<html>
+<head>
+  <meta charset=utf-8>
+  <title>Set 'secure' cookie from `document.cookie` on a non-secure page</title>
+  <meta name=help href="https://tools.ietf.org/html/draft-west-leave-secure-cookies-alone">
+  <script src="/resources/testharness.js"></script>
+  <script src="/resources/testharnessreport.js"></script>
+  <script src="/cookies/resources/testharness-helpers.js"></script>
+</head>
+<body>
+<div id=log></div>
+<script>
+  var tests = [
+    [
+      "'secure' cookie not set in `document.cookie`",
+      function () {
+        var originalCookie = document.cookie;
+        document.cookie = "secure_from_nonsecure_dom=1; secure; path=/";
+        assert_equals(document.cookie, originalCookie);
+        this.done();
+      }
+    ],
+    [
+      "'secure' cookie not sent in HTTP request",
+      function () {
+        document.cookie = "secure_from_nonsecure_dom=1; secure; path=/";
+        fetch("https://{{host}}:{{ports[https][0]}}/cookies/resources/echo-json.py", { "credentials": "include" })
+          .then(this.step_func(function (r) {
+              return r.json();
+          }))
+          .then(this.step_func_done(function (j) {
+              assert_equals(j["secure_from_nonsecure_dom"], undefined);
+          }));
+      }
+    ]
+  ];
+
+  function clearKnownCookie() {
+    document.cookie = "secure_from_nonsecure_dom=0; Secure; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/";
+  }
+
+  executeTestsSerially(tests, clearKnownCookie, clearKnownCookie);
+</script>
+</body>
+</html>
+
diff --git a/testing/web-platform/tests/cookies/secure/set-from-http.https.sub.html b/testing/web-platform/tests/cookies/secure/set-from-http.https.sub.html
new file mode 100644
index 000000000..6024c5b7f
--- /dev/null
+++ b/testing/web-platform/tests/cookies/secure/set-from-http.https.sub.html
@@ -0,0 +1,36 @@
+<!doctype html>
+<html>
+<head>
+  <meta charset=utf-8>
+  <title>Set 'secure' cookie from `Set-Cookie` HTTP header on a secure page</title>
+  <meta name=help href="https://tools.ietf.org/html/draft-west-leave-secure-cookies-alone">
+  <script src="/resources/testharness.js"></script>
+  <script src="/resources/testharnessreport.js"></script>
+  <script src="/cookies/resources/testharness-helpers.js"></script>
+</head>
+<body>
+<div id=log></div>
+<script>
+  function clearKnownCookie() {
+    document.cookie = "secure_from_secure_http=0; Secure; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/";
+  }
+
+  test(function () {
+    assert_not_equals(document.cookie.match(/secure_from_secure_http=1/), null);
+  }, "'secure' cookie present in `document.cookie`");
+
+  promise_test(function (t) {
+    t.add_cleanup(clearKnownCookie);
+    return fetch("https://{{host}}:{{ports[https][0]}}/cookies/resources/echo-json.py",
+                 { "credentials": "include" })
+      .then(function (r) {
+        return r.json();
+      })
+      .then(function (j) {
+        assert_equals(j["secure_from_secure_http"], "secure_from_secure_http=1");
+      });
+  }, "'secure' cookie sent in HTTP request");
+</script>
+</body>
+</html>
+
diff --git a/testing/web-platform/tests/cookies/secure/set-from-http.https.sub.html.headers b/testing/web-platform/tests/cookies/secure/set-from-http.https.sub.html.headers
new file mode 100644
index 000000000..f4c9147fa
--- /dev/null
+++ b/testing/web-platform/tests/cookies/secure/set-from-http.https.sub.html.headers
@@ -0,0 +1,5 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Cache-Control: post-check=0, pre-check=0, false
+Pragma: no-cache
+Set-Cookie: secure_from_secure_http=1; Secure; Path=/
diff --git a/testing/web-platform/tests/cookies/secure/set-from-http.sub.html b/testing/web-platform/tests/cookies/secure/set-from-http.sub.html
new file mode 100644
index 000000000..c80cc3410
--- /dev/null
+++ b/testing/web-platform/tests/cookies/secure/set-from-http.sub.html
@@ -0,0 +1,36 @@
+<!doctype html>
+<html>
+<head>
+  <meta charset=utf-8>
+  <title>Set 'secure' cookie from `Set-Cookie` HTTP header on a non-secure page</title>
+  <meta name=help href="https://tools.ietf.org/html/draft-west-leave-secure-cookies-alone">
+  <script src="/resources/testharness.js"></script>
+  <script src="/resources/testharnessreport.js"></script>
+  <script src="/cookies/resources/testharness-helpers.js"></script>
+</head>
+<body>
+<div id=log></div>
+<script>
+  function clearKnownCookie() {
+    document.cookie = "secure_from_nonsecure_http=0; Secure; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/";
+  }
+
+  test(function () {
+    assert_equals(document.cookie.match(/secure_from_nonsecure_http=1/), null);
+  }, "'secure' cookie not present in `document.cookie`");
+
+  promise_test(function (t) {
+    t.add_cleanup(clearKnownCookie);
+    return fetch("https://{{host}}:{{ports[https][0]}}/cookies/resources/echo-json.py",
+                 { "credentials": "include" })
+      .then(function (r) {
+        return r.json();
+      })
+      .then(function (j) {
+        assert_equals(j["secure_from_nonsecure_http"], undefined);
+      });
+  }, "'secure' cookie not sent in HTTP request");
+</script>
+</body>
+</html>
+
diff --git a/testing/web-platform/tests/cookies/secure/set-from-http.sub.html.headers b/testing/web-platform/tests/cookies/secure/set-from-http.sub.html.headers
new file mode 100644
index 000000000..57a45167f
--- /dev/null
+++ b/testing/web-platform/tests/cookies/secure/set-from-http.sub.html.headers
@@ -0,0 +1,5 @@
+Expires: Mon, 26 Jul 1997 05:00:00 GMT
+Cache-Control: no-store, no-cache, must-revalidate
+Cache-Control: post-check=0, pre-check=0, false
+Pragma: no-cache
+Set-Cookie: secure_from_nonsecure_http=1; Secure; Path=/
diff --git a/testing/web-platform/tests/cookies/secure/set-from-ws.https.sub.html b/testing/web-platform/tests/cookies/secure/set-from-ws.https.sub.html
new file mode 100644
index 000000000..b12504450
--- /dev/null
+++ b/testing/web-platform/tests/cookies/secure/set-from-ws.https.sub.html
@@ -0,0 +1,45 @@
+<!doctype html>
+<html>
+<head>
+  <meta charset=utf-8>
+  <title>Set 'secure' cookie from `Set-Cookie` HTTP header on a non-secure WebSocket</title>
+  <meta name=help href="https://tools.ietf.org/html/draft-west-leave-secure-cookies-alone">
+  <script src="/resources/testharness.js"></script>
+  <script src="/resources/testharnessreport.js"></script>
+  <script src="/cookies/resources/testharness-helpers.js"></script>
+</head>
+<body>
+<div id=log></div>
+<script>
+  function clearKnownCookie() {
+    document.cookie = "ws_test_secure_from_nonsecure=0; Secure; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/";
+  }
+
+  async_test(function (t) {
+    t.add_cleanup(clearKnownCookie);
+    assert_equals(document.cookie.match(/ws_test_secure_from_nonsecure=/), null);
+
+    clearKnownCookie();
+    var ws = new WebSocket("ws://{{host}}:{{ports[ws][0]}}/set-cookie-secure?secure_from_nonsecure");
+    ws.onclose = t.step_func_done(function () {
+      assert_unreached("'close' should not fire before 'open'.");
+    });
+    ws.onopen = t.step_func(function (e) {
+      ws.onclose = null;
+      ws.close();
+      assert_false(/ws_test_secure_from_nonsecure=test/.test(document.cookie));
+
+      var ws2 = new WebSocket("wss://{{host}}:{{ports[wss][0]}}/echo-cookie");
+      ws2.onclose = t.step_func_done(function () {
+        assert_unreached("'close' should not fire before 'open'.");
+      });
+      ws2.onmessage = t.step_func_done(function (e) {
+        ws2.onclose = null;
+        ws2.close();
+        assert_false(/ws_test_secure_from_nonsecure=test/.test(e.data));
+      });
+    });
+  }, "'secure' cookie not sent in WSS request when set from WS");
+</script>
+</body>
+</html>
diff --git a/testing/web-platform/tests/cookies/secure/set-from-wss.https.sub.html b/testing/web-platform/tests/cookies/secure/set-from-wss.https.sub.html
new file mode 100644
index 000000000..c5e8b385d
--- /dev/null
+++ b/testing/web-platform/tests/cookies/secure/set-from-wss.https.sub.html
@@ -0,0 +1,44 @@
+<!doctype html>
+<html>
+<head>
+  <meta charset=utf-8>
+  <title>Set 'secure' cookie from `Set-Cookie` HTTP header on a secure WebSocket</title>
+  <meta name=help href="https://tools.ietf.org/html/draft-west-leave-secure-cookies-alone">
+  <script src="/resources/testharness.js"></script>
+  <script src="/resources/testharnessreport.js"></script>
+  <script src="/cookies/resources/testharness-helpers.js"></script>
+</head>
+<body>
+<div id=log></div>
+<script>
+  function clearKnownCookie() {
+    document.cookie = "ws_test_secure_from_secure=0; Secure; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/";
+  }
+
+  async_test(function (t) {
+    t.add_cleanup(clearKnownCookie);
+    assert_equals(document.cookie.match(/ws_test_secure_from_secure=/), null);
+
+    clearKnownCookie();
+    var ws = new WebSocket("wss://{{host}}:{{ports[wss][0]}}/set-cookie-secure?secure_from_secure");
+    ws.onclose = t.step_func_done(function () {
+      assert_unreached("'close' should not fire before 'open'.");
+    });
+    ws.onopen = t.step_func(function (e) {
+      ws.onclose = null;
+      ws.close();
+      assert_regexp_match(document.cookie, /ws_test_secure_from_secure=test/);
+      var ws2 = new WebSocket("wss://{{host}}:{{ports[wss][0]}}/echo-cookie");
+      ws2.onclose = t.step_func_done(function () {
+        assert_unreached("'close' should not fire before 'open'.");
+      });
+      ws2.onmessage = t.step_func_done(function (e) {
+        ws2.onclose = null;
+        ws2.close();
+        assert_regexp_match(e.data, /ws_test_secure_from_secure=test/);
+      });
+    });
+  }, "'secure' cookie not sent in HTTP request");
+</script>
+</body>
+</html>