subdomain-registration.https.html

Enable keyboard shortcuts

This test has a WPT meta file that expects 2 subtest issues.
This WPT test may be referenced by the following Test IDs:
- /device-bound-session-credentials/subdomain-registration.https.html - WPT Dashboard Interop Dashboard

<!DOCTYPE html>

<meta charset="utf-8">

<script src="/resources/testharness.js"></script>

<script src="/resources/testharnessreport.js"></script>

<script src="/device-bound-session-credentials/helper.js" type="module"></script>

<script type="module">

  import {

    addCookieAndSessionCleanup,

    configureServer,

    documentHasCookie,

    expireCookie,

    setupShardedServerState,

    waitForCookie

  } from "/device-bound-session-credentials/helper.js";

  async function waitForRefresh(cookieAndAttributes, cookieAndValue, expectRefreshed) {

    const startTime = Date.now();

    const refreshed = await new Promise(resolve => {

      async function tryRefresh() {

        expireCookie(cookieAndAttributes);

        assert_false(documentHasCookie(cookieAndValue));

        const authResponseAfterExpiry = await fetch('verify_authenticated.py');

        if (authResponseAfterExpiry.status == 200) {

          resolve(true);

          return;

        if (!expectRefreshed && Date.now() - startTime >= 1000) {

          resolve(false);

          return;

        step_timeout(tryRefresh, 100);

      tryRefresh();

});

    assert_equals(refreshed, expectRefreshed);

  async function runTest(t, subdomain, expectRegistration) {

    await setupShardedServerState();

    const expectedCookieAndValue = "auth_cookie=abcdef0123";

    const expectedCookieAttributes = `Domain=${location.hostname};Path=/device-bound-session-credentials`;

    const expectedCookieAndAttributes = `${expectedCookieAndValue};${expectedCookieAttributes}`;

    addCookieAndSessionCleanup(t);

    // Configure the server with the parent domain's origin + cookie

    // details instead of the subdomain's.

    await configureServer({

      "scopeOrigin": location.origin,

      "cookieDetails": [

          "nameAndValue": expectedCookieAndValue,

          "attributes": expectedCookieAttributes

});

    // .well-known/device-bound-sessions hardcodes www as allowed, but not www1.

    const loginUrl = new URL("/device-bound-session-credentials/login.py", location);

    loginUrl.hostname = `${subdomain}.${location.hostname}`;

    const loginResponse = await fetch(loginUrl.toString(), {credentials: "include"});

    assert_equals(loginResponse.status, 200);

    // Wait for the cookie returned by the server providing the session config to

    // the user agent.

    await waitForCookie(expectedCookieAndValue, /*expectCookie=*/true);

    // There is still well-known fetching after that, so we can't conclude yet that

    // registration is finished and has either succeeded or failed as expected.

    // Trigger repeated refresh attempts to confirm this instead.

    await waitForRefresh(expectedCookieAndAttributes, expectedCookieAndValue, /*expectRefresh=*/expectRegistration);

  promise_test(async t => {

    await runTest(t, /*subdomain=*/"www1", /*expectRegistration=*/false);

  }, "Registration fails without a .well-known");

  promise_test(async t => {

    await runTest(t, /*subdomain=*/"www", /*expectRegistration=*/true);

  }, "Registration succeeds with a .well-known");

</script>