diff --git a/privacy-protections/storage-blocking/helpers/commonTests.js b/privacy-protections/storage-blocking/helpers/commonTests.js
index 1d06c4c..ddd12d4 100644
--- a/privacy-protections/storage-blocking/helpers/commonTests.js
+++ b/privacy-protections/storage-blocking/helpers/commonTests.js
@@ -1,7 +1,48 @@
/* exported commonTests */
-/* global cookieStore */
+/* global cookieStore, THIRD_PARTY_TRACKER_ORIGIN, THIRD_PARTY_ORIGIN */
+
+function generateCookieHeaderTest (namePrefix, origin, cookiename) {
+ return {
+ id: `${namePrefix} header cookie`,
+ store: (data) => {
+ return fetch(`${origin}/set-cookie?value=${data}&name=${cookiename}`, { credentials: 'include' }).then(r => {
+ if (!r.ok) {
+ throw new Error('Request failed.');
+ }
+ });
+ },
+ retrive: () => {
+ return fetch(`${origin}/reflect-headers`, { credentials: 'include' })
+ .then(r => r.json())
+ .then(data => {
+ const cookie = data.headers.cookie.split(';')
+ .map(s => s.trim())
+ .find(s => s.startsWith(`${cookiename}=`));
+ return cookie.split('=')[1];
+ });
+ }
+ };
+}
+
+let context = '';
+if (window.top === window.self) {
+ context = 'top';
+} else if (document.location.origin === THIRD_PARTY_ORIGIN) {
+ context = 'thirdparty';
+} else if (document.location.origin === THIRD_PARTY_TRACKER_ORIGIN) {
+ context = 'thirdpartytracker';
+}
+const cookieHeaderTests = [generateCookieHeaderTest('first party', '', `${context}_firstparty_headerdata`)];
+if (document.location.origin !== THIRD_PARTY_ORIGIN) {
+ cookieHeaderTests.push(generateCookieHeaderTest('safe third party', THIRD_PARTY_ORIGIN, `${context}_thirdparty_headerdata`));
+}
+if (document.location.origin !== THIRD_PARTY_TRACKER_ORIGIN) {
+ cookieHeaderTests.push(generateCookieHeaderTest('tracking third party', THIRD_PARTY_TRACKER_ORIGIN, `${context}_tracker_headerdata`));
+}
+
// tests that are common for both main frame and an iframe
const commonTests = [
+ ...cookieHeaderTests,
{
id: 'JS cookie',
store: (data) => {
diff --git a/privacy-protections/storage-blocking/helpers/globals.js b/privacy-protections/storage-blocking/helpers/globals.js
new file mode 100644
index 0000000..77e1e2c
--- /dev/null
+++ b/privacy-protections/storage-blocking/helpers/globals.js
@@ -0,0 +1,3 @@
+/* exported THIRD_PARTY_ORIGIN,THIRD_PARTY_TRACKER_ORIGIN */
+const THIRD_PARTY_ORIGIN = 'https://good.third-party.site';
+const THIRD_PARTY_TRACKER_ORIGIN = 'https://broken.third-party.site';
diff --git a/privacy-protections/storage-blocking/iframe.html b/privacy-protections/storage-blocking/iframe.html
index e28c271..e2b5d91 100644
--- a/privacy-protections/storage-blocking/iframe.html
+++ b/privacy-protections/storage-blocking/iframe.html
@@ -5,6 +5,7 @@
Storage blocking test page - iframe
+
diff --git a/privacy-protections/storage-blocking/index.html b/privacy-protections/storage-blocking/index.html
index 3934ae5..8bc677d 100644
--- a/privacy-protections/storage-blocking/index.html
+++ b/privacy-protections/storage-blocking/index.html
@@ -6,6 +6,7 @@
Storage blocking test page
+
diff --git a/privacy-protections/storage-blocking/main.js b/privacy-protections/storage-blocking/main.js
index 8991fb8..068a4ab 100644
--- a/privacy-protections/storage-blocking/main.js
+++ b/privacy-protections/storage-blocking/main.js
@@ -1,6 +1,4 @@
-/* globals commonTests */
-const THIRD_PARTY_ORIGIN = 'https://good.third-party.site';
-const THIRD_PARTY_TRACKER_ORIGIN = 'https://broken.third-party.site';
+/* globals commonTests,THIRD_PARTY_ORIGIN,THIRD_PARTY_TRACKER_ORIGIN */
const storeButton = document.querySelector('#store');
const retriveButton = document.querySelector('#retrive');
@@ -82,51 +80,6 @@ function create3pIframeTest (name, origin) {
}
const tests = [
- {
- id: 'first party header cookie',
- store: (data) => {
- return fetch(`/set-cookie?value=${data}`).then(r => {
- if (!r.ok) {
- throw new Error('Request failed.');
- }
- });
- },
- retrive: () => {
- return fetch('/reflect-headers')
- .then(r => r.json())
- .then(data => data.headers.cookie.match(/headerdata=([0-9]+)/)[1]);
- }
- },
- {
- id: 'safe third party header cookie',
- store: (data) => {
- return fetch(`${THIRD_PARTY_ORIGIN}/set-cookie?value=${data}`, { credentials: 'include' }).then(r => {
- if (!r.ok) {
- throw new Error('Request failed.');
- }
- });
- },
- retrive: () => {
- return fetch(`${THIRD_PARTY_ORIGIN}/reflect-headers`, { credentials: 'include' })
- .then(r => r.json())
- .then(data => data.headers.cookie.match(/headerdata=([0-9]+)/)[1]);
- }
- },
- {
- id: 'tracking third party header cookie',
- store: (data) => {
- return fetch(`${THIRD_PARTY_TRACKER_ORIGIN}/set-cookie?value=${data}`, { credentials: 'include' }).then(r => {
- if (!r.ok) {
- throw new Error('Request failed.');
- }
- });
- },
- retrive: () => {
- return fetch(`${THIRD_PARTY_TRACKER_ORIGIN}/reflect-headers`, { credentials: 'include' })
- .then(r => r.json())
- .then(data => data.headers.cookie.match(/headerdata=([0-9]+)/)[1]);
- }
- },
create3pIframeTest('safe', THIRD_PARTY_ORIGIN),
create3pIframeTest('tracking', THIRD_PARTY_TRACKER_ORIGIN),
{
@@ -278,7 +231,7 @@ function retrieveData () {
});
}
- tests.concat(commonTests).forEach(test => {
+ [...commonTests, ...tests].forEach(test => {
all++;
const li = document.createElement('li');
diff --git a/server.js b/server.js
index f61285d..dabdff7 100644
--- a/server.js
+++ b/server.js
@@ -200,7 +200,11 @@ app.get('/set-cookie', (req, res) => {
if (!req.query.value) {
return res.sendStatus(401);
}
- return res.cookie('headerdata', req.query.value, { expires, httpOnly: true, sameSite: 'none', secure: true }).sendStatus(200);
+ let cookieName = 'headerdata';
+ if (req.query.name) {
+ cookieName = req.query.name;
+ }
+ return res.cookie(cookieName, req.query.value, { expires, httpOnly: true, sameSite: 'none', secure: true }).sendStatus(200);
});
// returns a random number and sets caching for a year