device-bound-session-credentials/websockets.https.html - external/github.com/web-platform-tests/wpt - Git at Google

 <!DOCTYPE html>
 <meta charset="utf-8">
 <script src="/resources/testharness.js"></script>
 <script src="/resources/testharnessreport.js"></script>
 <script src="helper.js" type="module"></script>

 <script type="module">
   import { expireCookie, documentHasCookie, waitForCookie, addCookieAndSessionCleanup, setupShardedServerState, configureServer } from "./helper.js";

   function ws_connect(url) {
     return new Promise(function(resolve,reject) {
       const ws = new WebSocket(url);
       ws.onopen = function () { resolve(); };
       ws.onerror = function(error) { reject(error); };
     });
   }

   promise_test(async t => {
     await setupShardedServerState();
     const expectedCookieAndValue = "auth_cookie=abcdef0123";
     const expectedCookieAndAttributes = `${expectedCookieAndValue};Domain=${location.hostname};Path=/device-bound-session-credentials`;
     addCookieAndSessionCleanup(t);

     // In order to validate DBSC is applying to a WebSocket handshake,
     // we need an endpoint that can validate the cookie was refreshed
     // without triggering a refresh itself. Add an excluded endpoint to
     // do that.
     await configureServer({ scopeSpecificationItems: [
       {
       "type": "exclude",
       "domain": location.hostname,
       "path": "/device-bound-session-credentials/excludeInScopeSpecification"
       },
     ]});

     // Prompt starting a session, and wait until registration completes.
     const loginResponse = await fetch('login.py');
     assert_equals(loginResponse.status, 200);
     await waitForCookie(expectedCookieAndValue, /*expectCookie=*/true);

     // Confirm that a request has the cookie set.
     const authResponse = await fetch('verify_authenticated.py');
     assert_equals(authResponse.status, 200);

     // Confirm that expiring the cookie still leads to a request with the cookie set (refresh occurs).
     expireCookie(expectedCookieAndAttributes);
     assert_false(documentHasCookie(expectedCookieAndValue));

     // Start a WebSocket handshake. This will fail, but DBSC will still apply to the request.
     try {
       await ws_connect(`wss://${location.host}/device-bound-session-credentials/websocket`);
     } catch (error) {
     }

     // Confirm we're logged in by checking the excluded endpoint.
     const authResponseAfterExpiry = await fetch('excludeInScopeSpecification/excluded_verify_authenticated.py');
     assert_equals(authResponseAfterExpiry.status, 200);
     assert_true(documentHasCookie(expectedCookieAndValue));
   }, "An established session applies to WebSocket handshakes");
 </script>
	<!DOCTYPE html>
	<meta charset="utf-8">
	<script src="/resources/testharness.js"></script>
	<script src="/resources/testharnessreport.js"></script>
	<script src="helper.js" type="module"></script>

	<script type="module">
	import { expireCookie, documentHasCookie, waitForCookie, addCookieAndSessionCleanup, setupShardedServerState, configureServer } from "./helper.js";

	function ws_connect(url) {
	return new Promise(function(resolve,reject) {
	const ws = new WebSocket(url);
	ws.onopen = function () { resolve(); };
	ws.onerror = function(error) { reject(error); };
	});
	}

	promise_test(async t => {
	await setupShardedServerState();
	const expectedCookieAndValue = "auth_cookie=abcdef0123";
	const expectedCookieAndAttributes = `${expectedCookieAndValue};Domain=${location.hostname};Path=/device-bound-session-credentials`;
	addCookieAndSessionCleanup(t);

	// In order to validate DBSC is applying to a WebSocket handshake,
	// we need an endpoint that can validate the cookie was refreshed
	// without triggering a refresh itself. Add an excluded endpoint to
	// do that.
	await configureServer({ scopeSpecificationItems: [
	{
	"type": "exclude",
	"domain": location.hostname,
	"path": "/device-bound-session-credentials/excludeInScopeSpecification"
	},
	]});

	// Prompt starting a session, and wait until registration completes.
	const loginResponse = await fetch('login.py');
	assert_equals(loginResponse.status, 200);
	await waitForCookie(expectedCookieAndValue, /expectCookie=/true);

	// Confirm that a request has the cookie set.
	const authResponse = await fetch('verify_authenticated.py');
	assert_equals(authResponse.status, 200);

	// Confirm that expiring the cookie still leads to a request with the cookie set (refresh occurs).
	expireCookie(expectedCookieAndAttributes);
	assert_false(documentHasCookie(expectedCookieAndValue));

	// Start a WebSocket handshake. This will fail, but DBSC will still apply to the request.
	try {
	await ws_connect(`wss://${location.host}/device-bound-session-credentials/websocket`);
	} catch (error) {
	}

	// Confirm we're logged in by checking the excluded endpoint.
	const authResponseAfterExpiry = await fetch('excludeInScopeSpecification/excluded_verify_authenticated.py');
	assert_equals(authResponseAfterExpiry.status, 200);
	assert_true(documentHasCookie(expectedCookieAndValue));
	}, "An established session applies to WebSocket handshakes");
	</script>