Source/core/frame/csp/ContentSecurityPolicyTest.cpp - Issue 1010893003: Upgrade insecure requests: Pipe navigational hosts down into nested documents.

Side by Side Diff: Source/core/frame/csp/ContentSecurityPolicyTest.cpp

Issue 1010893003: Upgrade insecure requests: Pipe navigational hosts down into nested documents. (Closed) Base URL: svn://svn.chromium.org/blink/trunk

Patch Set: MOARASSERT Created 5 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

« no previous file with comments | « Source/core/frame/csp/ContentSecurityPolicy.cpp ('k') | Source/core/loader/FrameFetchContext.cpp » ('j') | no next file with comments »

OLD	NEW
1 // Copyright 2014 The Chromium Authors. All rights reserved.	1 // Copyright 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "config.h"	5 #include "config.h"

6 #include "core/frame/csp/ContentSecurityPolicy.h"	6 #include "core/frame/csp/ContentSecurityPolicy.h"

7	7

8 #include "core/dom/Document.h"	8 #include "core/dom/Document.h"

9 #include "core/loader/DocumentLoader.h"	9 #include "core/loader/DocumentLoader.h"

10 #include "platform/RuntimeEnabledFeatures.h"	10 #include "platform/RuntimeEnabledFeatures.h"

(...skipping 28 matching lines...) Expand all Loading...
39 };	39 };

40	40

41 TEST_F(ContentSecurityPolicyTest, ParseUpgradeInsecureRequestsDisabled)	41 TEST_F(ContentSecurityPolicyTest, ParseUpgradeInsecureRequestsDisabled)

42 {	42 {

43 RuntimeEnabledFeatures::setExperimentalContentSecurityPolicyFeaturesEnabled( false);	43 RuntimeEnabledFeatures::setExperimentalContentSecurityPolicyFeaturesEnabled( false);

44 csp->didReceiveHeader("upgrade-insecure-requests", ContentSecurityPolicyHead erTypeEnforce, ContentSecurityPolicyHeaderSourceHTTP);	44 csp->didReceiveHeader("upgrade-insecure-requests", ContentSecurityPolicyHead erTypeEnforce, ContentSecurityPolicyHeaderSourceHTTP);

45 EXPECT_EQ(SecurityContext::InsecureRequestsDoNotUpgrade, csp->insecureReques tsPolicy());	45 EXPECT_EQ(SecurityContext::InsecureRequestsDoNotUpgrade, csp->insecureReques tsPolicy());

46	46

47 csp->bindToExecutionContext(document.get());	47 csp->bindToExecutionContext(document.get());

48 EXPECT_EQ(SecurityContext::InsecureRequestsDoNotUpgrade, document->insecureR equestsPolicy());	48 EXPECT_EQ(SecurityContext::InsecureRequestsDoNotUpgrade, document->insecureR equestsPolicy());

	49 EXPECT_FALSE(document->insecureNavigationsToUpgrade()->contains(secureOrigin ->host().impl()->hash()));

49 }	50 }

50	51

51 TEST_F(ContentSecurityPolicyTest, ParseUpgradeInsecureRequestsEnabled)	52 TEST_F(ContentSecurityPolicyTest, ParseUpgradeInsecureRequestsEnabled)

52 {	53 {

53 RuntimeEnabledFeatures::setExperimentalContentSecurityPolicyFeaturesEnabled( true);	54 RuntimeEnabledFeatures::setExperimentalContentSecurityPolicyFeaturesEnabled( true);

54 csp->didReceiveHeader("upgrade-insecure-requests", ContentSecurityPolicyHead erTypeEnforce, ContentSecurityPolicyHeaderSourceHTTP);	55 csp->didReceiveHeader("upgrade-insecure-requests", ContentSecurityPolicyHead erTypeEnforce, ContentSecurityPolicyHeaderSourceHTTP);

55 EXPECT_EQ(SecurityContext::InsecureRequestsUpgrade, csp->insecureRequestsPol icy());	56 EXPECT_EQ(SecurityContext::InsecureRequestsUpgrade, csp->insecureRequestsPol icy());

56	57

57 csp->bindToExecutionContext(document.get());	58 csp->bindToExecutionContext(document.get());

58 EXPECT_EQ(SecurityContext::InsecureRequestsUpgrade, document->insecureReques tsPolicy());	59 EXPECT_EQ(SecurityContext::InsecureRequestsUpgrade, document->insecureReques tsPolicy());

	60 EXPECT_TRUE(document->insecureNavigationsToUpgrade()->contains(secureOrigin- >host().impl()->hash()));

59 }	61 }

60	62

61 TEST_F(ContentSecurityPolicyTest, ParseMonitorInsecureRequestsDisabled)	63 TEST_F(ContentSecurityPolicyTest, ParseMonitorInsecureRequestsDisabled)

62 {	64 {

63 RuntimeEnabledFeatures::setExperimentalContentSecurityPolicyFeaturesEnabled( false);	65 RuntimeEnabledFeatures::setExperimentalContentSecurityPolicyFeaturesEnabled( false);

64 csp->didReceiveHeader("upgrade-insecure-requests", ContentSecurityPolicyHead erTypeReport, ContentSecurityPolicyHeaderSourceHTTP);	66 csp->didReceiveHeader("upgrade-insecure-requests", ContentSecurityPolicyHead erTypeReport, ContentSecurityPolicyHeaderSourceHTTP);

65 EXPECT_EQ(SecurityContext::InsecureRequestsDoNotUpgrade, csp->insecureReques tsPolicy());	67 EXPECT_EQ(SecurityContext::InsecureRequestsDoNotUpgrade, csp->insecureReques tsPolicy());

66	68

67 csp->bindToExecutionContext(document.get());	69 csp->bindToExecutionContext(document.get());

68 EXPECT_EQ(SecurityContext::InsecureRequestsDoNotUpgrade, document->insecureR equestsPolicy());	70 EXPECT_EQ(SecurityContext::InsecureRequestsDoNotUpgrade, document->insecureR equestsPolicy());

	71 EXPECT_FALSE(document->insecureNavigationsToUpgrade()->contains(secureOrigin ->host().impl()->hash()));

69 }	72 }

70	73

71 TEST_F(ContentSecurityPolicyTest, ParseMonitorInsecureRequestsEnabled)	74 TEST_F(ContentSecurityPolicyTest, ParseMonitorInsecureRequestsEnabled)

72 {	75 {

73 RuntimeEnabledFeatures::setExperimentalContentSecurityPolicyFeaturesEnabled( true);	76 RuntimeEnabledFeatures::setExperimentalContentSecurityPolicyFeaturesEnabled( true);

74 csp->didReceiveHeader("upgrade-insecure-requests", ContentSecurityPolicyHead erTypeReport, ContentSecurityPolicyHeaderSourceHTTP);	77 csp->didReceiveHeader("upgrade-insecure-requests", ContentSecurityPolicyHead erTypeReport, ContentSecurityPolicyHeaderSourceHTTP);

75 EXPECT_EQ(SecurityContext::InsecureRequestsDoNotUpgrade, csp->insecureReques tsPolicy());	78 EXPECT_EQ(SecurityContext::InsecureRequestsDoNotUpgrade, csp->insecureReques tsPolicy());

76	79

77 csp->bindToExecutionContext(document.get());	80 csp->bindToExecutionContext(document.get());

78 EXPECT_EQ(SecurityContext::InsecureRequestsDoNotUpgrade, document->insecureR equestsPolicy());	81 EXPECT_EQ(SecurityContext::InsecureRequestsDoNotUpgrade, document->insecureR equestsPolicy());

	82 EXPECT_FALSE(document->insecureNavigationsToUpgrade()->contains(secureOrigin ->host().impl()->hash()));

79 }	83 }

80	84

81 TEST_F(ContentSecurityPolicyTest, CopyStateFrom)	85 TEST_F(ContentSecurityPolicyTest, CopyStateFrom)

82 {	86 {

83 csp->didReceiveHeader("script-src 'none'; plugin-types application/x-type-1" , ContentSecurityPolicyHeaderTypeEnforce, ContentSecurityPolicyHeaderSourceHTTP) ;	87 csp->didReceiveHeader("script-src 'none'; plugin-types application/x-type-1" , ContentSecurityPolicyHeaderTypeEnforce, ContentSecurityPolicyHeaderSourceHTTP) ;

84 csp->didReceiveHeader("img-src http://example.com", ContentSecurityPolicyHea derTypeEnforce, ContentSecurityPolicyHeaderSourceHTTP);	88 csp->didReceiveHeader("img-src http://example.com", ContentSecurityPolicyHea derTypeEnforce, ContentSecurityPolicyHeaderSourceHTTP);

85	89

86 KURL exampleUrl(KURL(), "http://example.com");	90 KURL exampleUrl(KURL(), "http://example.com");

87 KURL notExampleUrl(KURL(), "http://not-example.com");	91 KURL notExampleUrl(KURL(), "http://not-example.com");

88	92

(...skipping 17 matching lines...) Expand all Loading...
106 RefPtr<ContentSecurityPolicy> csp2 = ContentSecurityPolicy::create();	110 RefPtr<ContentSecurityPolicy> csp2 = ContentSecurityPolicy::create();

107 csp2->copyPluginTypesFrom(csp.get());	111 csp2->copyPluginTypesFrom(csp.get());

108 EXPECT_TRUE(csp2->allowScriptFromSource(exampleUrl, ContentSecurityPolicy::D idNotRedirect, ContentSecurityPolicy::SuppressReport));	112 EXPECT_TRUE(csp2->allowScriptFromSource(exampleUrl, ContentSecurityPolicy::D idNotRedirect, ContentSecurityPolicy::SuppressReport));

109 EXPECT_TRUE(csp2->allowPluginType("application/x-type-1", "application/x-typ e-1", exampleUrl, ContentSecurityPolicy::SuppressReport));	113 EXPECT_TRUE(csp2->allowPluginType("application/x-type-1", "application/x-typ e-1", exampleUrl, ContentSecurityPolicy::SuppressReport));

110 EXPECT_TRUE(csp2->allowImageFromSource(exampleUrl, ContentSecurityPolicy::Di dNotRedirect, ContentSecurityPolicy::SuppressReport));	114 EXPECT_TRUE(csp2->allowImageFromSource(exampleUrl, ContentSecurityPolicy::Di dNotRedirect, ContentSecurityPolicy::SuppressReport));

111 EXPECT_TRUE(csp2->allowImageFromSource(notExampleUrl, ContentSecurityPolicy: :DidNotRedirect, ContentSecurityPolicy::SuppressReport));	115 EXPECT_TRUE(csp2->allowImageFromSource(notExampleUrl, ContentSecurityPolicy: :DidNotRedirect, ContentSecurityPolicy::SuppressReport));

112 EXPECT_FALSE(csp2->allowPluginType("application/x-type-2", "application/x-ty pe-2", exampleUrl, ContentSecurityPolicy::SuppressReport));	116 EXPECT_FALSE(csp2->allowPluginType("application/x-type-2", "application/x-ty pe-2", exampleUrl, ContentSecurityPolicy::SuppressReport));

113 }	117 }

114	118

115 } // namespace	119 } // namespace

OLD	NEW