OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "config.h" | 5 #include "config.h" |
6 #include "core/frame/csp/ContentSecurityPolicy.h" | 6 #include "core/frame/csp/ContentSecurityPolicy.h" |
7 | 7 |
8 #include "core/dom/Document.h" | 8 #include "core/dom/Document.h" |
9 #include "core/loader/DocumentLoader.h" | 9 #include "core/loader/DocumentLoader.h" |
10 #include "platform/RuntimeEnabledFeatures.h" | 10 #include "platform/RuntimeEnabledFeatures.h" |
(...skipping 28 matching lines...) Expand all Loading... |
39 }; | 39 }; |
40 | 40 |
41 TEST_F(ContentSecurityPolicyTest, ParseUpgradeInsecureRequestsDisabled) | 41 TEST_F(ContentSecurityPolicyTest, ParseUpgradeInsecureRequestsDisabled) |
42 { | 42 { |
43 RuntimeEnabledFeatures::setExperimentalContentSecurityPolicyFeaturesEnabled(
false); | 43 RuntimeEnabledFeatures::setExperimentalContentSecurityPolicyFeaturesEnabled(
false); |
44 csp->didReceiveHeader("upgrade-insecure-requests", ContentSecurityPolicyHead
erTypeEnforce, ContentSecurityPolicyHeaderSourceHTTP); | 44 csp->didReceiveHeader("upgrade-insecure-requests", ContentSecurityPolicyHead
erTypeEnforce, ContentSecurityPolicyHeaderSourceHTTP); |
45 EXPECT_EQ(SecurityContext::InsecureRequestsDoNotUpgrade, csp->insecureReques
tsPolicy()); | 45 EXPECT_EQ(SecurityContext::InsecureRequestsDoNotUpgrade, csp->insecureReques
tsPolicy()); |
46 | 46 |
47 csp->bindToExecutionContext(document.get()); | 47 csp->bindToExecutionContext(document.get()); |
48 EXPECT_EQ(SecurityContext::InsecureRequestsDoNotUpgrade, document->insecureR
equestsPolicy()); | 48 EXPECT_EQ(SecurityContext::InsecureRequestsDoNotUpgrade, document->insecureR
equestsPolicy()); |
| 49 EXPECT_FALSE(document->insecureNavigationsToUpgrade()->contains(secureOrigin
->host().impl()->hash())); |
49 } | 50 } |
50 | 51 |
51 TEST_F(ContentSecurityPolicyTest, ParseUpgradeInsecureRequestsEnabled) | 52 TEST_F(ContentSecurityPolicyTest, ParseUpgradeInsecureRequestsEnabled) |
52 { | 53 { |
53 RuntimeEnabledFeatures::setExperimentalContentSecurityPolicyFeaturesEnabled(
true); | 54 RuntimeEnabledFeatures::setExperimentalContentSecurityPolicyFeaturesEnabled(
true); |
54 csp->didReceiveHeader("upgrade-insecure-requests", ContentSecurityPolicyHead
erTypeEnforce, ContentSecurityPolicyHeaderSourceHTTP); | 55 csp->didReceiveHeader("upgrade-insecure-requests", ContentSecurityPolicyHead
erTypeEnforce, ContentSecurityPolicyHeaderSourceHTTP); |
55 EXPECT_EQ(SecurityContext::InsecureRequestsUpgrade, csp->insecureRequestsPol
icy()); | 56 EXPECT_EQ(SecurityContext::InsecureRequestsUpgrade, csp->insecureRequestsPol
icy()); |
56 | 57 |
57 csp->bindToExecutionContext(document.get()); | 58 csp->bindToExecutionContext(document.get()); |
58 EXPECT_EQ(SecurityContext::InsecureRequestsUpgrade, document->insecureReques
tsPolicy()); | 59 EXPECT_EQ(SecurityContext::InsecureRequestsUpgrade, document->insecureReques
tsPolicy()); |
| 60 EXPECT_TRUE(document->insecureNavigationsToUpgrade()->contains(secureOrigin-
>host().impl()->hash())); |
59 } | 61 } |
60 | 62 |
61 TEST_F(ContentSecurityPolicyTest, ParseMonitorInsecureRequestsDisabled) | 63 TEST_F(ContentSecurityPolicyTest, ParseMonitorInsecureRequestsDisabled) |
62 { | 64 { |
63 RuntimeEnabledFeatures::setExperimentalContentSecurityPolicyFeaturesEnabled(
false); | 65 RuntimeEnabledFeatures::setExperimentalContentSecurityPolicyFeaturesEnabled(
false); |
64 csp->didReceiveHeader("upgrade-insecure-requests", ContentSecurityPolicyHead
erTypeReport, ContentSecurityPolicyHeaderSourceHTTP); | 66 csp->didReceiveHeader("upgrade-insecure-requests", ContentSecurityPolicyHead
erTypeReport, ContentSecurityPolicyHeaderSourceHTTP); |
65 EXPECT_EQ(SecurityContext::InsecureRequestsDoNotUpgrade, csp->insecureReques
tsPolicy()); | 67 EXPECT_EQ(SecurityContext::InsecureRequestsDoNotUpgrade, csp->insecureReques
tsPolicy()); |
66 | 68 |
67 csp->bindToExecutionContext(document.get()); | 69 csp->bindToExecutionContext(document.get()); |
68 EXPECT_EQ(SecurityContext::InsecureRequestsDoNotUpgrade, document->insecureR
equestsPolicy()); | 70 EXPECT_EQ(SecurityContext::InsecureRequestsDoNotUpgrade, document->insecureR
equestsPolicy()); |
| 71 EXPECT_FALSE(document->insecureNavigationsToUpgrade()->contains(secureOrigin
->host().impl()->hash())); |
69 } | 72 } |
70 | 73 |
71 TEST_F(ContentSecurityPolicyTest, ParseMonitorInsecureRequestsEnabled) | 74 TEST_F(ContentSecurityPolicyTest, ParseMonitorInsecureRequestsEnabled) |
72 { | 75 { |
73 RuntimeEnabledFeatures::setExperimentalContentSecurityPolicyFeaturesEnabled(
true); | 76 RuntimeEnabledFeatures::setExperimentalContentSecurityPolicyFeaturesEnabled(
true); |
74 csp->didReceiveHeader("upgrade-insecure-requests", ContentSecurityPolicyHead
erTypeReport, ContentSecurityPolicyHeaderSourceHTTP); | 77 csp->didReceiveHeader("upgrade-insecure-requests", ContentSecurityPolicyHead
erTypeReport, ContentSecurityPolicyHeaderSourceHTTP); |
75 EXPECT_EQ(SecurityContext::InsecureRequestsDoNotUpgrade, csp->insecureReques
tsPolicy()); | 78 EXPECT_EQ(SecurityContext::InsecureRequestsDoNotUpgrade, csp->insecureReques
tsPolicy()); |
76 | 79 |
77 csp->bindToExecutionContext(document.get()); | 80 csp->bindToExecutionContext(document.get()); |
78 EXPECT_EQ(SecurityContext::InsecureRequestsDoNotUpgrade, document->insecureR
equestsPolicy()); | 81 EXPECT_EQ(SecurityContext::InsecureRequestsDoNotUpgrade, document->insecureR
equestsPolicy()); |
| 82 EXPECT_FALSE(document->insecureNavigationsToUpgrade()->contains(secureOrigin
->host().impl()->hash())); |
79 } | 83 } |
80 | 84 |
81 TEST_F(ContentSecurityPolicyTest, CopyStateFrom) | 85 TEST_F(ContentSecurityPolicyTest, CopyStateFrom) |
82 { | 86 { |
83 csp->didReceiveHeader("script-src 'none'; plugin-types application/x-type-1"
, ContentSecurityPolicyHeaderTypeEnforce, ContentSecurityPolicyHeaderSourceHTTP)
; | 87 csp->didReceiveHeader("script-src 'none'; plugin-types application/x-type-1"
, ContentSecurityPolicyHeaderTypeEnforce, ContentSecurityPolicyHeaderSourceHTTP)
; |
84 csp->didReceiveHeader("img-src http://example.com", ContentSecurityPolicyHea
derTypeEnforce, ContentSecurityPolicyHeaderSourceHTTP); | 88 csp->didReceiveHeader("img-src http://example.com", ContentSecurityPolicyHea
derTypeEnforce, ContentSecurityPolicyHeaderSourceHTTP); |
85 | 89 |
86 KURL exampleUrl(KURL(), "http://example.com"); | 90 KURL exampleUrl(KURL(), "http://example.com"); |
87 KURL notExampleUrl(KURL(), "http://not-example.com"); | 91 KURL notExampleUrl(KURL(), "http://not-example.com"); |
88 | 92 |
(...skipping 17 matching lines...) Expand all Loading... |
106 RefPtr<ContentSecurityPolicy> csp2 = ContentSecurityPolicy::create(); | 110 RefPtr<ContentSecurityPolicy> csp2 = ContentSecurityPolicy::create(); |
107 csp2->copyPluginTypesFrom(csp.get()); | 111 csp2->copyPluginTypesFrom(csp.get()); |
108 EXPECT_TRUE(csp2->allowScriptFromSource(exampleUrl, ContentSecurityPolicy::D
idNotRedirect, ContentSecurityPolicy::SuppressReport)); | 112 EXPECT_TRUE(csp2->allowScriptFromSource(exampleUrl, ContentSecurityPolicy::D
idNotRedirect, ContentSecurityPolicy::SuppressReport)); |
109 EXPECT_TRUE(csp2->allowPluginType("application/x-type-1", "application/x-typ
e-1", exampleUrl, ContentSecurityPolicy::SuppressReport)); | 113 EXPECT_TRUE(csp2->allowPluginType("application/x-type-1", "application/x-typ
e-1", exampleUrl, ContentSecurityPolicy::SuppressReport)); |
110 EXPECT_TRUE(csp2->allowImageFromSource(exampleUrl, ContentSecurityPolicy::Di
dNotRedirect, ContentSecurityPolicy::SuppressReport)); | 114 EXPECT_TRUE(csp2->allowImageFromSource(exampleUrl, ContentSecurityPolicy::Di
dNotRedirect, ContentSecurityPolicy::SuppressReport)); |
111 EXPECT_TRUE(csp2->allowImageFromSource(notExampleUrl, ContentSecurityPolicy:
:DidNotRedirect, ContentSecurityPolicy::SuppressReport)); | 115 EXPECT_TRUE(csp2->allowImageFromSource(notExampleUrl, ContentSecurityPolicy:
:DidNotRedirect, ContentSecurityPolicy::SuppressReport)); |
112 EXPECT_FALSE(csp2->allowPluginType("application/x-type-2", "application/x-ty
pe-2", exampleUrl, ContentSecurityPolicy::SuppressReport)); | 116 EXPECT_FALSE(csp2->allowPluginType("application/x-type-2", "application/x-ty
pe-2", exampleUrl, ContentSecurityPolicy::SuppressReport)); |
113 } | 117 } |
114 | 118 |
115 } // namespace | 119 } // namespace |
OLD | NEW |