From 182f5829655b19ffbb3e0ed20ee42d0de1e642ef Mon Sep 17 00:00:00 2001 From: Dylan Cutler Date: Tue, 16 May 2023 15:21:24 -0700 Subject: [PATCH] Add unpartitioned cookie to partitioned service worker/cookies WPT This tests that partitioned workers in unnonced partitions can still access unpartitioned SameSite=None cookies. It also tests that workers in nonced partitions cannot. Bug: 1427879 Change-Id: I9863c90706e007f1e7249b5f0aeada13830310f4 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4540460 Reviewed-by: Steven Bingler Commit-Queue: Dylan Cutler Cr-Commit-Position: refs/heads/main@{#1144907} --- .../partitioned-cookies.tentative.https.html | 7 ++++- ...ioned-cookies-3p-credentialless-frame.html | 30 +++++++++++++++++-- .../partitioned-cookies-3p-frame.html | 13 ++++++-- 3 files changed, 44 insertions(+), 6 deletions(-) diff --git a/service-workers/service-worker/partitioned-cookies.tentative.https.html b/service-workers/service-worker/partitioned-cookies.tentative.https.html index ab667013a2b7f5..f1ef8729226383 100644 --- a/service-workers/service-worker/partitioned-cookies.tentative.https.html +++ b/service-workers/service-worker/partitioned-cookies.tentative.https.html @@ -59,6 +59,10 @@ document.cookie = '__Host-partitioned=123; Secure; Path=/; SameSite=None; Partitioned;'; assert_true(document.cookie.includes('__Host-partitioned=123')); + // Set an unpartitioned cookie. + document.cookie = 'unpartitioned=456; Secure; Path=/; SameSite=None;'; + assert_true(document.cookie.includes('unpartitioned=456')); + // Test that the partitioned cookie is available to this worker via HTTP. wait_promise = new Promise(resolve => { resolve_wait_promise = resolve; @@ -71,6 +75,7 @@ await wait_promise; assert_true(got.ok, 'Get cookies'); assert_true(got.cookies.includes('__Host-partitioned'), 'Can access partitioned cookie via HTTP'); + assert_true(got.cookies.includes('unpartitioned'), 'Can access unpartitioned cookie via HTTP'); // Test that the partitioned cookie is available to this worker via CookieStore API. wait_promise = new Promise(resolve => { @@ -95,4 +100,4 @@ - \ No newline at end of file + diff --git a/service-workers/service-worker/resources/partitioned-cookies-3p-credentialless-frame.html b/service-workers/service-worker/resources/partitioned-cookies-3p-credentialless-frame.html index 3fdf937ae1a7f6..72043378562e8d 100644 --- a/service-workers/service-worker/resources/partitioned-cookies-3p-credentialless-frame.html +++ b/service-workers/service-worker/resources/partitioned-cookies-3p-credentialless-frame.html @@ -21,6 +21,9 @@ document.cookie = '__Host-partitioned=123; Secure; Path=/; SameSite=None; Partitioned;'; assert_true(document.cookie.includes('__Host-partitioned=123')); + // Make sure DOM cannot access the unpartitioned cookie. + assert_false(document.cookie.includes('unpartitioned=456')); + const reg = await service_worker_unregister_and_register(t, script, scope); await wait_for_state(t, reg.installing, 'activated'); @@ -61,9 +64,32 @@ filtered_registrations[0].active.postMessage({type: 'echo_cookies_js'}); await wait_promise; assert_true(got.ok, 'Get cookies'); - assert_true(got.cookies.includes('__Host-partitioned'), 'Can access partitioned cookie');; + assert_true( + got.cookies.includes('__Host-partitioned'), + 'Credentialless frame worker can access partitioned cookie via JS'); + assert_false( + got.cookies.includes('unpartitioned'), + 'Credentialless frame worker cannot access unpartitioned cookie via JS'); + + // Test that the partitioned cookie is available to this worker via HTTP. + wait_promise = new Promise(resolve => { + resolve_wait_promise = resolve; + }); + on_message = ev => { + got = ev.data; + resolve_wait_promise(); + }; + filtered_registrations[0].active.postMessage({ type: 'echo_cookies_http' }); + await wait_promise; + assert_true(got.ok, 'Get cookies'); + assert_true( + got.cookies.includes('__Host-partitioned'), + 'Credentialless frame worker can access partitioned cookie via HTTP'); + assert_false( + got.cookies.includes('unpartitioned'), + 'Credentialless frame worker cannot access unpartitioned cookie via HTTP'); }); - \ No newline at end of file + diff --git a/service-workers/service-worker/resources/partitioned-cookies-3p-frame.html b/service-workers/service-worker/resources/partitioned-cookies-3p-frame.html index 6a8ed6ca989f1e..dab694f685aa22 100644 --- a/service-workers/service-worker/resources/partitioned-cookies-3p-frame.html +++ b/service-workers/service-worker/resources/partitioned-cookies-3p-frame.html @@ -16,6 +16,7 @@ const absolute_scope = new URL(scope, window.location).href; assert_false(document.cookie.includes('__Host-partitioned=123'), 'DOM cannot access partitioned cookie'); + assert_true(document.cookie.includes('unpartitioned=456'), 'DOM can access unpartitioned cookie'); const reg = await service_worker_unregister_and_register(t, script, scope); await wait_for_state(t, reg.installing, 'activated'); @@ -59,7 +60,10 @@ assert_true(got.ok, 'Get cookies'); assert_false( got.cookies.includes('__Host-partitioned'), - 'Worker cannot access partitioned cookie'); + 'Worker cannot access partitioned cookie via HTTP'); + assert_true( + got.cookies.includes('unpartitioned'), + 'Worker can access unpartitioned cookie via HTTP'); // Test that the partitioned cookie is not available to this worker via CookieStore API. wait_promise = new Promise(resolve => { @@ -74,9 +78,12 @@ assert_true(got.ok, 'Get cookies'); assert_false( got.cookies.includes('__Host-partitioned'), - 'Worker cannot access partitioned cookie'); + 'Worker cannot access partitioned cookie via JS'); + assert_true( + got.cookies.includes('unpartitioned'), + 'Worker can access unpartitioned cookie via JS'); }); - \ No newline at end of file +