LayoutTests/http/tests/appcache/document-cookie-http-only.py - WebKit - Git at Google

 #!/usr/bin/env python3

 import sys

 sys.stdout.write(
     'Set-Cookie: scope=manifest; path=/appcache/resources/scope1; HttpOnly\r\n'
     'Set-Cookie: scope=script; path=/appcache/resources/scope2; HttpOnly\r\n'
     'Set-Cookie: foo=bar\r\n'
     'Content-Type: text/html\r\n\r\n'
 )

 print('''<html manifest="resources/scope1/cookie-protected-manifest.py">

 <div>This tests that HttpOnly cookies set on the main document are used when accessing resources in the manifest.</div>
 <div>This also tests that cookies used by appcache resource loading are scoped properly.</div>
 <div id="log">Not checked cookie yet</div>
 <div id="result1">Not run yet</div>
 <div id="result">Not run yet</div>
 <script>
 if (window.testRunner) {
     testRunner.dumpAsText()
     testRunner.waitUntilDone();
 }

 var cookieTest = document.cookie === "foo=bar" ? "PASSED" : "FAILED";
 log.innerHTML = cookieTest + ": Some cookies should not be visible from JavaScript.";

 function dynamicScriptLoad() {
     var script = document.createElement("script");
     script.type = "text/javascript";
     script.src = "./resources/scope2/cookie-protected-script.py";
     document.getElementsByTagName("head")[0].appendChild(script);

     setTimeout(() => {
         script = document.createElement("script");
         script.type = "text/javascript";
         script.src = "./resources/cookie-protected-script.py";
         document.getElementsByTagName("head")[0].appendChild(script);
     }, 0);
 }

 function cached()
 {
     setTimeout("dynamicScriptLoad();", 0);
 }

 applicationCache.addEventListener('cached', cached, false);
 </script>
 </html>''')
	#!/usr/bin/env python3

	import sys

	sys.stdout.write(
	'Set-Cookie: scope=manifest; path=/appcache/resources/scope1; HttpOnly\r\n'
	'Set-Cookie: scope=script; path=/appcache/resources/scope2; HttpOnly\r\n'
	'Set-Cookie: foo=bar\r\n'
	'Content-Type: text/html\r\n\r\n'
	)

	print('''<html manifest="resources/scope1/cookie-protected-manifest.py">

	<div>This tests that HttpOnly cookies set on the main document are used when accessing resources in the manifest.</div>
	<div>This also tests that cookies used by appcache resource loading are scoped properly.</div>
	<div id="log">Not checked cookie yet</div>
	<div id="result1">Not run yet</div>
	<div id="result">Not run yet</div>
	<script>
	if (window.testRunner) {
	testRunner.dumpAsText()
	testRunner.waitUntilDone();
	}

	var cookieTest = document.cookie === "foo=bar" ? "PASSED" : "FAILED";
	log.innerHTML = cookieTest + ": Some cookies should not be visible from JavaScript.";

	function dynamicScriptLoad() {
	var script = document.createElement("script");
	script.type = "text/javascript";
	script.src = "./resources/scope2/cookie-protected-script.py";
	document.getElementsByTagName("head")[0].appendChild(script);

	setTimeout(() => {
	script = document.createElement("script");
	script.type = "text/javascript";
	script.src = "./resources/cookie-protected-script.py";
	document.getElementsByTagName("head")[0].appendChild(script);
	}, 0);
	}

	function cached()
	{
	setTimeout("dynamicScriptLoad();", 0);
	}

	applicationCache.addEventListener('cached', cached, false);
	</script>
	</html>''')