[SAA] Test Cache Storage Fetch w/ Cookies

Let's validate that the correct cookies are included in cache storage fetches, which is to say we use the cookies the current window has access to at the time the fetch is done. Bug: 40282415 Change-Id: If6de86f0781668e67f75e22c0c7812a31b7404cb Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5403529 Reviewed-by: Dylan Cutler <dylancutler@google.com> Auto-Submit: Ari Chivukula <arichiv@chromium.org> Commit-Queue: Ari Chivukula <arichiv@chromium.org> Cr-Commit-Position: refs/heads/main@{#1279781}
web-platform-tests · Mar 28, 2024 · a2c70cb · a2c70cb
1 parent 6ced607
commit a2c70cb
Show file tree

Hide file tree

Showing 2 changed files with 61 additions and 6 deletions.
diff --git a/storage-access-api/resources/storage-access-beyond-cookies-iframe-iframe.html b/storage-access-api/resources/storage-access-beyond-cookies-iframe-iframe.html
@@ -149,6 +149,53 @@
         if (local_has) {
           message = "Handle should not override window Cache Storage";
         }
+        document.cookie = "partitioned=test; SameSite=None; Secure; Partitioned;";
+        const cache = await handle.caches.open(id);
+        await cache.add("/storage-access-api/resources/get_cookies.py?2");
+        await test_driver.bless("fake user interaction", () => document.requestStorageAccess());
+        await cache.add("/storage-access-api/resources/get_cookies.py?3");
+        let req = await cache.match("/storage-access-api/resources/get_cookies.py?1");
+        let req_json = await req.json();
+        if (!req_json.hasOwnProperty("samesite_strict")) {
+          message = "Top-level cache fetch should have SameSite=Strict cookies.";
+        }
+        if (!req_json.hasOwnProperty("samesite_lax")) {
+          message = "Top-level cache fetch should have SameSite=Lax cookies.";
+        }
+        if (!req_json.hasOwnProperty("samesite_none")) {
+          message = "Top-level cache fetch should have SameSite=None cookies.";
+        }
+        if (req_json.hasOwnProperty("partitioned")) {
+          message = "Top-level cache fetch should not have partitioned cookies.";
+        }
+        req = await cache.match("/storage-access-api/resources/get_cookies.py?2");
+        req_json = await req.json();
+        if (req_json.hasOwnProperty("samesite_strict")) {
+          message = "SAA cache fetch should not have SameSite=Strict cookies.";
+        }
+        if (req_json.hasOwnProperty("samesite_lax")) {
+          message = "SAA cache fetch should not have SameSite=Lax cookies.";
+        }
+        if (req_json.hasOwnProperty("samesite_none")) {
+          message = "SAA cache fetch should not have SameSite=None cookies.";
+        }
+        if (!req_json.hasOwnProperty("partitioned")) {
+          message = "SAA cache fetch should have partitioned cookies.";
+        }
+        req = await cache.match("/storage-access-api/resources/get_cookies.py?3");
+        req_json = await req.json();
+        if (req_json.hasOwnProperty("samesite_strict")) {
+          message = "SAA cache + cookie fetch should not have SameSite=Strict cookies.";
+        }
+        if (req_json.hasOwnProperty("samesite_lax")) {
+          message = "SAA cache + cookie fetch should not have SameSite=Lax cookies.";
+        }
+        if (!req_json.hasOwnProperty("samesite_none")) {
+          message = "SAA cache + cookie fetch should have SameSite=None cookies.";
+        }
+        if (!req_json.hasOwnProperty("partitioned")) {
+          message = "SAA cache + cookie fetch should have partitioned cookies.";
+        }
         await handle.caches.delete(id);
         break;
       }

diff --git a/storage-access-api/storage-access-beyond-cookies.caches.tentative.sub.https.window.js b/storage-access-api/storage-access-beyond-cookies.caches.tentative.sub.https.window.js
@@ -21,15 +21,23 @@ async_test(t => {
     }
     // Step 8
     assert_equals(e.data.message, "HasAccess for caches", "Storage Access API should be accessible and return first-party data");
-    t.done();
+    test_driver.delete_all_cookies().then(t.step_func(() => {
+      t.done();
+    }));
   }));
 
   // Step 2
   const id = Date.now();
-  window.caches.open(id).then(() => {
-    // Step 3
-    let iframe = document.createElement("iframe");
-    iframe.src = "https://{{hosts[alt][]}}:{{ports[https][0]}}/storage-access-api/resources/storage-access-beyond-cookies-iframe.sub.html?type=caches&id="+id;
-    document.body.appendChild(iframe);
+  document.cookie = "samesite_strict=test; SameSite=Strict; Secure";
+  document.cookie = "samesite_lax=test; SameSite=Lax; Secure";
+  document.cookie = "samesite_none=test; SameSite=None; Secure";
+
+  window.caches.open(id).then((cache) => {
+    cache.add("https://{{hosts[][]}}:{{ports[https][0]}}/storage-access-api/resources/get_cookies.py?1").then(() => {
+      // Step 3
+      let iframe = document.createElement("iframe");
+      iframe.src = "https://{{hosts[alt][]}}:{{ports[https][0]}}/storage-access-api/resources/storage-access-beyond-cookies-iframe.sub.html?type=caches&id="+id;
+      document.body.appendChild(iframe);
+    });
   });
 }, "Verify StorageAccessAPIBeyondCookies for Cache Storage");