Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(902)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome_frame/test/html_util_unittests.cc

Issue 523040: Some Chrome Frame cleanup:... (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: '' Created 10 years, 12 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome_frame/test/chrome_frame_unittests.cc ('k') | chrome_frame/test/perf/chrome_frame_perftest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome_frame/test/html_util_unittests.cc
===================================================================
--- chrome_frame/test/html_util_unittests.cc (revision 35533)
+++ chrome_frame/test/html_util_unittests.cc (working copy)
@@ -309,3 +309,55 @@
std::string ua(call1);
EXPECT_EQ("chromeframe/0.0", ua);
}
+
+TEST(HttpUtils, HasFrameBustingHeader) {
+ // Simple negative cases.
+ EXPECT_FALSE(http_utils::HasFrameBustingHeader(""));
+ EXPECT_FALSE(http_utils::HasFrameBustingHeader("Content-Type: text/plain"));
+ // Explicit negative cases, test that we ignore case.
+ EXPECT_FALSE(http_utils::HasFrameBustingHeader("X-Frame-Options: ALLOWALL"));
+ EXPECT_FALSE(http_utils::HasFrameBustingHeader("X-Frame-Options: allowall"));
+ EXPECT_FALSE(http_utils::HasFrameBustingHeader("X-Frame-Options: ALLowalL"));
+ // Added space, ensure stripped out
+ EXPECT_FALSE(http_utils::HasFrameBustingHeader(
+ "X-Frame-Options: ALLOWALL "));
+ // Added space with linefeed, ensure still stripped out
+ EXPECT_FALSE(http_utils::HasFrameBustingHeader(
+ "X-Frame-Options: ALLOWALL \r\n"));
+ // Multiple identical headers, all of them allowing framing.
+ EXPECT_FALSE(http_utils::HasFrameBustingHeader(
+ "X-Frame-Options: ALLOWALL\r\n"
+ "X-Frame-Options: ALLOWALL\r\n"
+ "X-Frame-Options: ALLOWALL"));
+ // Interleave with other headers.
+ EXPECT_FALSE(http_utils::HasFrameBustingHeader(
+ "Content-Type: text/plain\r\n"
+ "X-Frame-Options: ALLOWALL\r\n"
+ "Content-Length: 42"));
+
+ // Simple positive cases.
+ EXPECT_TRUE(http_utils::HasFrameBustingHeader("X-Frame-Options: deny"));
+ EXPECT_TRUE(http_utils::HasFrameBustingHeader(
+ "X-Frame-Options: SAMEorigin"));
+
+ // Allowall entries do not override the denying entries, are
+ // order-independent, and the deny entries can interleave with
+ // other headers.
+ EXPECT_TRUE(http_utils::HasFrameBustingHeader(
+ "Content-Length: 42\r\n"
+ "X-Frame-Options: ALLOWall\r\n"
+ "X-Frame-Options: deny\r\n"));
+ EXPECT_TRUE(http_utils::HasFrameBustingHeader(
+ "X-Frame-Options: ALLOWall\r\n"
+ "Content-Length: 42\r\n"
+ "X-Frame-Options: SAMEORIGIN\r\n"));
+ EXPECT_TRUE(http_utils::HasFrameBustingHeader(
+ "X-Frame-Options: deny\r\n"
+ "X-Frame-Options: ALLOWall\r\n"
+ "Content-Length: 42\r\n"));
+ EXPECT_TRUE(http_utils::HasFrameBustingHeader(
+ "X-Frame-Options: SAMEORIGIN\r\n"
+ "X-Frame-Options: ALLOWall\r\n"));
+}
+
+
« no previous file with comments | « chrome_frame/test/chrome_frame_unittests.cc ('k') | chrome_frame/test/perf/chrome_frame_perftest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698