forked from bluesmoon/boomerang
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Boomerang: Added support for SameSite and Secure cookie attributes.
- Loading branch information
Showing
27 changed files
with
663 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
11 changes: 11 additions & 0 deletions
11
tests/page-templates/30-same-site-cookie/01-none-in-current-window.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
<%= header %> | ||
<%= boomerangScript %> | ||
<script src="01-none-in-current-window.js" type="text/javascript"></script> | ||
<script> | ||
BOOMR_test.init({ | ||
testAfterOnBeacon: 1, | ||
site_domain: document.domain, | ||
same_site_cookie: "None" | ||
}); | ||
</script> | ||
<%= footer %> |
28 changes: 28 additions & 0 deletions
28
tests/page-templates/30-same-site-cookie/01-none-in-current-window.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
/*eslint-env mocha*/ | ||
/*global BOOMR_test,assert*/ | ||
|
||
describe("e2e/30-same-site-cookie/01-none-in-current-window", function() { | ||
|
||
it("Created RT Cookie with SameSite=None", function() { | ||
/* Note: | ||
* Over NOT SECURE connection/HTTP a cookie will be created but: | ||
* 1. with SameSite=Lax because SameSite=None can't be created on NOT SECURE CONNECTION | ||
* 2. Secure flag will be absent because this flag is valid only on SECURE CONNECTION | ||
*/ | ||
var cookie = BOOMR.utils.getSubCookies(BOOMR.utils.getCookie("RT")); | ||
assert.isDefined(cookie.si, "Session id read"); | ||
}); | ||
|
||
it("Should have cookie attributes SameSite=None; Secure", function() { | ||
if (window.location.protocol !== "https:") { | ||
this.skip(); | ||
} | ||
|
||
var SameSiteAttributeParts = BOOMR.utils.getSameSiteAttributeParts(); | ||
|
||
assert.equal(SameSiteAttributeParts.length, 2); | ||
assert.equal(SameSiteAttributeParts[0], "SameSite=None"); | ||
assert.equal(SameSiteAttributeParts[1], "Secure"); | ||
}); | ||
|
||
}); |
11 changes: 11 additions & 0 deletions
11
tests/page-templates/30-same-site-cookie/02-lax-in-current-window.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
<%= header %> | ||
<%= boomerangScript %> | ||
<script src="02-lax-in-current-window.js" type="text/javascript"></script> | ||
<script> | ||
BOOMR_test.init({ | ||
testAfterOnBeacon: 1, | ||
site_domain: document.domain, | ||
same_site_cookie: "Lax" | ||
}); | ||
</script> | ||
<%= footer %> |
18 changes: 18 additions & 0 deletions
18
tests/page-templates/30-same-site-cookie/02-lax-in-current-window.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
/*eslint-env mocha*/ | ||
/*global BOOMR_test,assert*/ | ||
|
||
describe("e2e/30-same-site-cookie/02-lax-in-current-window", function() { | ||
|
||
it("Created RT Cookie with SameSite=Lax", function() { | ||
var cookie = BOOMR.utils.getSubCookies(BOOMR.utils.getCookie("RT")); | ||
assert.isDefined(cookie.si, "Session id read"); | ||
}); | ||
|
||
it("Should have cookie attributes SameSite=Lax", function() { | ||
var SameSiteAttributeParts = BOOMR.utils.getSameSiteAttributeParts(); | ||
|
||
assert.equal(SameSiteAttributeParts.length, 1); | ||
assert.equal(SameSiteAttributeParts[0], "SameSite=Lax"); | ||
}); | ||
|
||
}); |
11 changes: 11 additions & 0 deletions
11
tests/page-templates/30-same-site-cookie/03-strict-in-current-window.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
<%= header %> | ||
<%= boomerangScript %> | ||
<script src="03-strict-in-current-window.js" type="text/javascript"></script> | ||
<script> | ||
BOOMR_test.init({ | ||
testAfterOnBeacon: 1, | ||
site_domain: document.domain, | ||
same_site_cookie: "Strict" | ||
}); | ||
</script> | ||
<%= footer %> |
18 changes: 18 additions & 0 deletions
18
tests/page-templates/30-same-site-cookie/03-strict-in-current-window.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
/*eslint-env mocha*/ | ||
/*global BOOMR_test,assert*/ | ||
|
||
describe("e2e/30-same-site-cookie/03-strict-in-current-window", function() { | ||
|
||
it("Created RT Cookie with SameSite=Strict", function() { | ||
var cookie = BOOMR.utils.getSubCookies(BOOMR.utils.getCookie("RT")); | ||
assert.isDefined(cookie.si, "Session id read"); | ||
}); | ||
|
||
it("Should have cookie attributes SameSite=Strict", function() { | ||
var SameSiteAttributeParts = BOOMR.utils.getSameSiteAttributeParts(); | ||
|
||
assert.equal(SameSiteAttributeParts.length, 1); | ||
assert.equal(SameSiteAttributeParts[0], "SameSite=Strict"); | ||
}); | ||
|
||
}); |
10 changes: 10 additions & 0 deletions
10
tests/page-templates/30-same-site-cookie/04-omitted-in-current-window.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
<%= header %> | ||
<%= boomerangScript %> | ||
<script src="04-omitted-in-current-window.js" type="text/javascript"></script> | ||
<script> | ||
BOOMR_test.init({ | ||
testAfterOnBeacon: 1, | ||
site_domain: document.domain | ||
}); | ||
</script> | ||
<%= footer %> |
18 changes: 18 additions & 0 deletions
18
tests/page-templates/30-same-site-cookie/04-omitted-in-current-window.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,18 @@ | ||
/*eslint-env mocha*/ | ||
/*global BOOMR_test,assert*/ | ||
|
||
describe("e2e/30-same-site-cookie/04-omitted-in-current-window", function() { | ||
|
||
it("Created RT Cookie when SameSite config is omitted", function() { | ||
var cookie = BOOMR.utils.getSubCookies(BOOMR.utils.getCookie("RT")); | ||
assert.isDefined(cookie.si, "Session id read"); | ||
}); | ||
|
||
it("Should have cookie attributes SameSite=Lax", function() { | ||
var SameSiteAttributeParts = BOOMR.utils.getSameSiteAttributeParts(); | ||
|
||
assert.equal(SameSiteAttributeParts.length, 1); | ||
assert.equal(SameSiteAttributeParts[0], "SameSite=Lax"); | ||
}); | ||
|
||
}); |
Oops, something went wrong.