[credentialless] Use SameSite=None in WPT. (#30359)

SameSite=None is the laxest option for cookies. This change ensures
omitting credentials is caused by COEP:credentialless and not because of
the cookie policy.

Bug: 1175099
Change-Id: I4ae4a4a4389d1d958fa54aef55e8070c07b1be57
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3141445
Commit-Queue: Arthur Sonzogni <[email protected]>
Reviewed-by: Antonio Sartori <[email protected]>
Cr-Commit-Position: refs/heads/main@{#918610}

Co-authored-by: Arthur Sonzogni <[email protected]>

Author: chromium-wpt-export-bot

html/cross-origin-embedder-policy/credentialless/cache.tentative.html

@@ -53,7 +53,7 @@
   `?uuid=${request_token}`;
 
 promise_setup(async test => {
-  await setCookie(cross_origin, cookie_key, cookie_value);
+  await setCookie(cross_origin, cookie_key, cookie_value + cookie_same_site_none);
 }, "Set cookie");
 
 // The "same-origin" COEP:unsafe-none document fetchs a "cross-origin"

html/cross-origin-embedder-policy/credentialless/dedicated-worker.tentative.https.html

@@ -17,8 +17,10 @@
 promise_test(async test => {
 
   await Promise.all([
-    setCookie(same_origin, cookie_key, cookie_same_origin),
-    setCookie(cross_origin, cookie_key, cookie_cross_origin),
+    setCookie(same_origin, cookie_key, cookie_same_origin +
+      cookie_same_site_none),
+    setCookie(cross_origin, cookie_key, cookie_cross_origin +
+      cookie_same_site_none),
   ]);
 
   // One window with COEP:none. (control)

html/cross-origin-embedder-policy/credentialless/fetch.tentative.https.html

@@ -14,8 +14,10 @@
   const cookie_cross_origin = "cross_origin";
 
   await Promise.all([
-    setCookie(same_origin, cookie_key, cookie_same_origin),
-    setCookie(cross_origin, cookie_key, cookie_cross_origin),
+    setCookie(same_origin, cookie_key, cookie_same_origin +
+      cookie_same_site_none),
+    setCookie(cross_origin, cookie_key, cookie_cross_origin +
+      cookie_same_site_none),
   ]);
 
   // One window with COEP:none. (control)

html/cross-origin-embedder-policy/credentialless/iframe.tentative.html

@@ -40,8 +40,10 @@
 
 promise_test_parallel(async test => {
   await Promise.all([
-    setCookie(same_origin, cookie_key, cookie_same_origin),
-    setCookie(cross_origin, cookie_key, cookie_cross_origin),
+    setCookie(same_origin, cookie_key, cookie_same_origin +
+      cookie_same_site_none),
+    setCookie(cross_origin, cookie_key, cookie_cross_origin +
+      cookie_same_site_none),
   ]);
 
   iframeTest("same-origin", same_origin, cookie_same_origin);

html/cross-origin-embedder-policy/credentialless/image.tentative.https.html

@@ -15,8 +15,10 @@
   const cookie_cross_origin = "cross_origin";
 
   await Promise.all([
-    setCookie(same_origin, cookie_key, cookie_same_origin),
-    setCookie(cross_origin, cookie_key, cookie_cross_origin),
+    setCookie(same_origin, cookie_key, cookie_same_origin +
+      cookie_same_site_none),
+    setCookie(cross_origin, cookie_key, cookie_cross_origin +
+      cookie_same_site_none),
   ]);
 
   // One window with COEP:none. (control)

html/cross-origin-embedder-policy/credentialless/link.tentative.https.html

@@ -15,8 +15,10 @@
   const cookie_cross_origin = "cross_origin";
 
   await Promise.all([
-    setCookie(same_origin, cookie_key, cookie_same_origin),
-    setCookie(cross_origin, cookie_key, cookie_cross_origin),
+    setCookie(same_origin, cookie_key, cookie_same_origin +
+      cookie_same_site_none),
+    setCookie(cross_origin, cookie_key, cookie_cross_origin +
+      cookie_same_site_none),
   ]);
 
   // One window with COEP:none. (control)

html/cross-origin-embedder-policy/credentialless/redirect.tentative.html

@@ -42,8 +42,10 @@
 
 promise_test_parallel(async test => {
   await Promise.all([
-    setCookie(same_origin, cookie_key, cookie_same_origin),
-    setCookie(cross_origin, cookie_key, cookie_cross_origin),
+    setCookie(same_origin, cookie_key, cookie_same_origin +
+      cookie_same_site_none),
+    setCookie(cross_origin, cookie_key, cookie_cross_origin +
+      cookie_same_site_none),
   ]);
 
   redirectTest("same-origin -> same-origin",

html/cross-origin-embedder-policy/credentialless/resources/common.js

@@ -23,6 +23,8 @@ const coop_same_origin =
 const corp_cross_origin =
     '|header(Cross-Origin-Resource-Policy,cross-origin)';
 
+const cookie_same_site_none = ';SameSite=None;Secure';
+
 // Test using the modern async/await primitives are easier to read/write.
 // However they run sequentially, contrary to async_test. This is the parallel
 // version, to avoid timing out.

html/cross-origin-embedder-policy/credentialless/script.tentative.https.html

@@ -15,8 +15,10 @@
   const cookie_cross_origin = "cross_origin";
 
   await Promise.all([
-    setCookie(same_origin, cookie_key, cookie_same_origin),
-    setCookie(cross_origin, cookie_key, cookie_cross_origin),
+    setCookie(same_origin, cookie_key, cookie_same_origin +
+      cookie_same_site_none),
+    setCookie(cross_origin, cookie_key, cookie_cross_origin +
+      cookie_same_site_none),
   ]);
 
   // One window with COEP:none. (control)

html/cross-origin-embedder-policy/credentialless/service-worker.tentative.https.html

@@ -17,8 +17,10 @@
 
 promise_test(async t => {
   await Promise.all([
-    setCookie(same_origin, cookie_key, cookie_same_origin),
-    setCookie(cross_origin, cookie_key, cookie_cross_origin),
+    setCookie(same_origin, cookie_key, cookie_same_origin +
+      cookie_same_site_none),
+    setCookie(cross_origin, cookie_key, cookie_cross_origin +
+      cookie_same_site_none),
   ]);
 
   // One iframe with COEP:none. (control)