| // META: script=/common/get-host-info.sub.js |
| // META: script=/common/utils.js |
| // META: script=/common/dispatcher/dispatcher.js |
| // META: script=./resources/common.js |
| |
| const same_origin = get_host_info().HTTPS_ORIGIN; |
| const cross_origin = get_host_info().HTTPS_REMOTE_ORIGIN; |
| const cookie_key = "coep_credentialless_image"; |
| const cookie_same_origin = "same_origin"; |
| const cookie_cross_origin = "cross_origin"; |
| |
| promise_setup(async test => { |
| await Promise.all([ |
| setCookie(same_origin, cookie_key, cookie_same_origin + |
| cookie_same_site_none), |
| setCookie(cross_origin, cookie_key, cookie_cross_origin + |
| cookie_same_site_none), |
| ]); |
| }, "Setup cookies"); |
| |
| const videoTest = function(description, origin, mode, expected_cookie) { |
| promise_test(async test => { |
| const video_token = token(); |
| |
| let video = document.createElement("video"); |
| video.src = showRequestHeaders(origin, video_token); |
| video.autoplay = true; |
| if (mode) |
| video.crossOrigin = mode; |
| document.body.appendChild(video); |
| |
| const headers = JSON.parse(await receive(video_token)); |
| |
| assert_equals(parseCookies(headers)[cookie_key], expected_cookie); |
| }, `video ${description}`) |
| }; |
| |
| // Same-origin request always contains Cookies: |
| videoTest("same-origin + undefined", |
| same_origin, undefined, cookie_same_origin); |
| videoTest("same-origin + anonymous", |
| same_origin, 'anonymous', cookie_same_origin); |
| videoTest("same-origin + use-credentials", |
| same_origin, 'use-credentials', cookie_same_origin); |
| |
| // Cross-origin request contains cookies, only when sent in CORS mode, using |
| // crossOrigin = "use-credentials". |
| videoTest("cross-origin + undefined", |
| cross_origin, '', undefined); |
| videoTest("cross-origin + anonymous", |
| cross_origin, 'anonymous', undefined); |
| videoTest("cross-origin + use-credentials", |
| cross_origin, 'use-credentials', cookie_cross_origin); |