diff options
Diffstat (limited to 'testing/web-platform/tests/cookies/secure/set-from-http.sub.html')
-rw-r--r-- | testing/web-platform/tests/cookies/secure/set-from-http.sub.html | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/testing/web-platform/tests/cookies/secure/set-from-http.sub.html b/testing/web-platform/tests/cookies/secure/set-from-http.sub.html new file mode 100644 index 000000000..c80cc3410 --- /dev/null +++ b/testing/web-platform/tests/cookies/secure/set-from-http.sub.html @@ -0,0 +1,36 @@ +<!doctype html> +<html> +<head> + <meta charset=utf-8> + <title>Set 'secure' cookie from `Set-Cookie` HTTP header on a non-secure page</title> + <meta name=help href="https://tools.ietf.org/html/draft-west-leave-secure-cookies-alone"> + <script src="/resources/testharness.js"></script> + <script src="/resources/testharnessreport.js"></script> + <script src="/cookies/resources/testharness-helpers.js"></script> +</head> +<body> +<div id=log></div> +<script> + function clearKnownCookie() { + document.cookie = "secure_from_nonsecure_http=0; Secure; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/"; + } + + test(function () { + assert_equals(document.cookie.match(/secure_from_nonsecure_http=1/), null); + }, "'secure' cookie not present in `document.cookie`"); + + promise_test(function (t) { + t.add_cleanup(clearKnownCookie); + return fetch("https://{{host}}:{{ports[https][0]}}/cookies/resources/echo-json.py", + { "credentials": "include" }) + .then(function (r) { + return r.json(); + }) + .then(function (j) { + assert_equals(j["secure_from_nonsecure_http"], undefined); + }); + }, "'secure' cookie not sent in HTTP request"); +</script> +</body> +</html> + |