Add WPT for setting SameSite cookies on top-level navigations

This test verifies the behavior change landed in
https://crrev.com/c/1594115 (i.e. that all top-level navigations should
be allowed to set SameSite=* cookies).

This matches proposed spec update:

https://github.com/httpwg/http-extensions/commit/49bcb4fddb8a8c294749ec9d81a236cde4df94b0


Bug: 960375, 958331
Change-Id: Ief84f5a7dcfd8d7dae4a8ed5cdd70335fb164647
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1600341
Commit-Queue: Lily Chen <chlily@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Reviewed-by: Maks Orlovich <morlovich@chromium.org>
Cr-Commit-Position: refs/heads/master@{#662220}

third_party/blink/web_tests/external/wpt/cookies/resources/setSameSite.py

-from helpers import makeCookieHeader, readParameter, setNoCacheAndCORSHeaders
+from helpers import makeCookieHeader, setNoCacheAndCORSHeaders
 
 def main(request, response):
     """Respond to `/cookie/set/samesite?{value}` by setting three cookies:
     1. `samesite_strict={value};SameSite=Strict;path=/`
     2. `samesite_lax={value};SameSite=Lax;path=/`
-    3. `samesite_none={value};path=/`"""
+    3. `samesite_none={value};path=/`
+    Then navigate to a page that will post a message back to the opener with the set cookies"""
     headers = setNoCacheAndCORSHeaders(request, response)
     value = request.url_parts.query
 
+    headers.append(("Content-Type", "text/html; charset=utf-8"))
     headers.append(makeCookieHeader("samesite_strict", value, {"SameSite":"Strict","path":"/"}))
     headers.append(makeCookieHeader("samesite_lax", value, {"SameSite":"Lax","path":"/"}))
     headers.append(makeCookieHeader("samesite_none", value, {"path":"/"}))
-    return headers, '{"success": true}'
+
+    document = """
+<!DOCTYPE html>
+<script>
+  // A same-site navigation, which should attach all cookies including SameSite ones.
+  // This is necessary because this page may have been reached via a cross-site navigation, so
+  // we might not have access to some SameSite cookies from here.
+  window.location = "../samesite/resources/echo-cookies.html";
+</script>
+"""
+
+    return headers, document

third_party/blink/web_tests/external/wpt/cookies/samesite/resources/echo-cookies.html

+<!DOCTYPE html>
+<meta charset="utf-8">
+<script>
+  window.opener.postMessage({ type: 'COOKIES_SET', cookies: document.cookie }, '*');
+</script>

third_party/blink/web_tests/external/wpt/cookies/samesite/resources/navigate.html

+<!DOCTYPE html>
+<meta charset="utf-8">
+<script src="/cookies/resources/cookie-helper.sub.js"></script>
+<script>
+  window.addEventListener('load', function() {
+    window.opener.postMessage({ type: 'READY' }, '*');
+  });
+
+  window.addEventListener('message', function(e) {
+    if (ORIGIN !== window.location.origin)
+      return;
+    if (window.location.origin !== e.origin)
+      return;
+
+    if (e.data.type === "navigate") {
+      window.location = e.data.url;
+    }
+
+    if (e.data.type === "post-form") {
+      var f = document.createElement('form');
+      f.action = e.data.url;
+      f.method = "POST";
+      document.body.appendChild(f);
+      f.submit();
+    }
+  });
+</script>

third_party/blink/web_tests/external/wpt/cookies/samesite/setcookie-navigation.html

+<!DOCTYPE html>
+<meta charset="utf-8">
+<meta name="timeout" content="long">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/cookies/resources/cookie-helper.sub.js"></script>
+<script>
+  function assert_samesite_cookies_present(cookies, value) {
+    let samesite_cookie_names = ["samesite_strict", "samesite_lax", "samesite_none"];
+    for (name of samesite_cookie_names) {
+      let re = new RegExp("(?:^|; )" + name + "=" + value + "(?:$|;)");
+      assert_true(re.test(cookies), "`" + name + "=" + value + "` in cookies");
+    }
+  }
+
+  // Navigate from ORIGIN to |origin_to|, expecting the navigation to set SameSite
+  // cookies on |origin_to|.
+  function navigate_test(method, origin_to, title) {
+    promise_test(async function(t) {
+      // The cookies don't need to be cleared on each run because |value| is
+      // a new random value on each run, so on each run we are overwriting and
+      // checking for a cookie with a different random value.
+      let value = "" + Math.random();
+      let url_from = ORIGIN + "/cookies/samesite/resources/navigate.html";
+      let url_to = origin_to + "/cookies/resources/setSameSite.py?" + value;
+      var w = window.open(url_from);
+      await wait_for_message('READY', ORIGIN);
+      assert_equals(ORIGIN, window.origin);
+      assert_equals(ORIGIN, w.origin);
+      let command = (method === "POST") ? "post-form" : "navigate";
+      w.postMessage({ type: command, url: url_to }, "*");
+      let message = await wait_for_message('COOKIES_SET', origin_to);
+      assert_samesite_cookies_present(message.data.cookies, value);
+      w.close();
+    }, title);
+  }
+
+  navigate_test("GET", ORIGIN, "Same-site top-level navigation should be able to set SameSite=* cookies.");
+  navigate_test("GET", CROSS_SITE_ORIGIN, "Cross-site top-level navigation should be able to set SameSite=* cookies.");
+  navigate_test("POST", ORIGIN, "Same-site top-level POST should be able to set SameSite=* cookies.");
+  navigate_test("POST", CROSS_SITE_ORIGIN, "Cross-site top-level POST should be able to set SameSite=* cookies.");
+</script>