OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "config.h" | 5 #include "config.h" |
6 #include "core/frame/csp/ContentSecurityPolicy.h" | 6 #include "core/frame/csp/ContentSecurityPolicy.h" |
7 | 7 |
8 #include "core/dom/Document.h" | 8 #include "core/dom/Document.h" |
9 #include "core/loader/DocumentLoader.h" | 9 #include "core/loader/DocumentLoader.h" |
10 #include "platform/RuntimeEnabledFeatures.h" | 10 #include "platform/RuntimeEnabledFeatures.h" |
(...skipping 20 matching lines...) Expand all Loading... |
31 document = Document::create(); | 31 document = Document::create(); |
32 document->setSecurityOrigin(secureOrigin); | 32 document->setSecurityOrigin(secureOrigin); |
33 } | 33 } |
34 | 34 |
35 RefPtr<ContentSecurityPolicy> csp; | 35 RefPtr<ContentSecurityPolicy> csp; |
36 KURL secureURL; | 36 KURL secureURL; |
37 RefPtr<SecurityOrigin> secureOrigin; | 37 RefPtr<SecurityOrigin> secureOrigin; |
38 RefPtrWillBePersistent<Document> document; | 38 RefPtrWillBePersistent<Document> document; |
39 }; | 39 }; |
40 | 40 |
41 TEST_F(ContentSecurityPolicyTest, ParseUpgradeInsecureRequestsDisabled) | |
42 { | |
43 RuntimeEnabledFeatures::setExperimentalContentSecurityPolicyFeaturesEnabled(
false); | |
44 csp->didReceiveHeader("upgrade-insecure-requests", ContentSecurityPolicyHead
erTypeEnforce, ContentSecurityPolicyHeaderSourceHTTP); | |
45 EXPECT_EQ(SecurityContext::InsecureRequestsDoNotUpgrade, csp->insecureReques
tsPolicy()); | |
46 | |
47 csp->bindToExecutionContext(document.get()); | |
48 EXPECT_EQ(SecurityContext::InsecureRequestsDoNotUpgrade, document->insecureR
equestsPolicy()); | |
49 EXPECT_FALSE(document->insecureNavigationsToUpgrade()->contains(secureOrigin
->host().impl()->hash())); | |
50 } | |
51 | |
52 TEST_F(ContentSecurityPolicyTest, ParseUpgradeInsecureRequestsEnabled) | 41 TEST_F(ContentSecurityPolicyTest, ParseUpgradeInsecureRequestsEnabled) |
53 { | 42 { |
54 RuntimeEnabledFeatures::setExperimentalContentSecurityPolicyFeaturesEnabled(
true); | |
55 csp->didReceiveHeader("upgrade-insecure-requests", ContentSecurityPolicyHead
erTypeEnforce, ContentSecurityPolicyHeaderSourceHTTP); | 43 csp->didReceiveHeader("upgrade-insecure-requests", ContentSecurityPolicyHead
erTypeEnforce, ContentSecurityPolicyHeaderSourceHTTP); |
56 EXPECT_EQ(SecurityContext::InsecureRequestsUpgrade, csp->insecureRequestsPol
icy()); | 44 EXPECT_EQ(SecurityContext::InsecureRequestsUpgrade, csp->insecureRequestsPol
icy()); |
57 | 45 |
58 csp->bindToExecutionContext(document.get()); | 46 csp->bindToExecutionContext(document.get()); |
59 EXPECT_EQ(SecurityContext::InsecureRequestsUpgrade, document->insecureReques
tsPolicy()); | 47 EXPECT_EQ(SecurityContext::InsecureRequestsUpgrade, document->insecureReques
tsPolicy()); |
60 EXPECT_TRUE(document->insecureNavigationsToUpgrade()->contains(secureOrigin-
>host().impl()->hash())); | 48 EXPECT_TRUE(document->insecureNavigationsToUpgrade()->contains(secureOrigin-
>host().impl()->hash())); |
61 } | 49 } |
62 | 50 |
63 TEST_F(ContentSecurityPolicyTest, ParseMonitorInsecureRequestsDisabled) | |
64 { | |
65 RuntimeEnabledFeatures::setExperimentalContentSecurityPolicyFeaturesEnabled(
false); | |
66 csp->didReceiveHeader("upgrade-insecure-requests", ContentSecurityPolicyHead
erTypeReport, ContentSecurityPolicyHeaderSourceHTTP); | |
67 EXPECT_EQ(SecurityContext::InsecureRequestsDoNotUpgrade, csp->insecureReques
tsPolicy()); | |
68 | |
69 csp->bindToExecutionContext(document.get()); | |
70 EXPECT_EQ(SecurityContext::InsecureRequestsDoNotUpgrade, document->insecureR
equestsPolicy()); | |
71 EXPECT_FALSE(document->insecureNavigationsToUpgrade()->contains(secureOrigin
->host().impl()->hash())); | |
72 } | |
73 | |
74 TEST_F(ContentSecurityPolicyTest, ParseMonitorInsecureRequestsEnabled) | 51 TEST_F(ContentSecurityPolicyTest, ParseMonitorInsecureRequestsEnabled) |
75 { | 52 { |
76 RuntimeEnabledFeatures::setExperimentalContentSecurityPolicyFeaturesEnabled(
true); | |
77 csp->didReceiveHeader("upgrade-insecure-requests", ContentSecurityPolicyHead
erTypeReport, ContentSecurityPolicyHeaderSourceHTTP); | 53 csp->didReceiveHeader("upgrade-insecure-requests", ContentSecurityPolicyHead
erTypeReport, ContentSecurityPolicyHeaderSourceHTTP); |
78 EXPECT_EQ(SecurityContext::InsecureRequestsDoNotUpgrade, csp->insecureReques
tsPolicy()); | 54 EXPECT_EQ(SecurityContext::InsecureRequestsDoNotUpgrade, csp->insecureReques
tsPolicy()); |
79 | 55 |
80 csp->bindToExecutionContext(document.get()); | 56 csp->bindToExecutionContext(document.get()); |
81 EXPECT_EQ(SecurityContext::InsecureRequestsDoNotUpgrade, document->insecureR
equestsPolicy()); | 57 EXPECT_EQ(SecurityContext::InsecureRequestsDoNotUpgrade, document->insecureR
equestsPolicy()); |
82 EXPECT_FALSE(document->insecureNavigationsToUpgrade()->contains(secureOrigin
->host().impl()->hash())); | 58 EXPECT_FALSE(document->insecureNavigationsToUpgrade()->contains(secureOrigin
->host().impl()->hash())); |
83 } | 59 } |
84 | 60 |
85 TEST_F(ContentSecurityPolicyTest, CopyStateFrom) | 61 TEST_F(ContentSecurityPolicyTest, CopyStateFrom) |
86 { | 62 { |
(...skipping 23 matching lines...) Expand all Loading... |
110 RefPtr<ContentSecurityPolicy> csp2 = ContentSecurityPolicy::create(); | 86 RefPtr<ContentSecurityPolicy> csp2 = ContentSecurityPolicy::create(); |
111 csp2->copyPluginTypesFrom(csp.get()); | 87 csp2->copyPluginTypesFrom(csp.get()); |
112 EXPECT_TRUE(csp2->allowScriptFromSource(exampleUrl, ContentSecurityPolicy::D
idNotRedirect, ContentSecurityPolicy::SuppressReport)); | 88 EXPECT_TRUE(csp2->allowScriptFromSource(exampleUrl, ContentSecurityPolicy::D
idNotRedirect, ContentSecurityPolicy::SuppressReport)); |
113 EXPECT_TRUE(csp2->allowPluginType("application/x-type-1", "application/x-typ
e-1", exampleUrl, ContentSecurityPolicy::SuppressReport)); | 89 EXPECT_TRUE(csp2->allowPluginType("application/x-type-1", "application/x-typ
e-1", exampleUrl, ContentSecurityPolicy::SuppressReport)); |
114 EXPECT_TRUE(csp2->allowImageFromSource(exampleUrl, ContentSecurityPolicy::Di
dNotRedirect, ContentSecurityPolicy::SuppressReport)); | 90 EXPECT_TRUE(csp2->allowImageFromSource(exampleUrl, ContentSecurityPolicy::Di
dNotRedirect, ContentSecurityPolicy::SuppressReport)); |
115 EXPECT_TRUE(csp2->allowImageFromSource(notExampleUrl, ContentSecurityPolicy:
:DidNotRedirect, ContentSecurityPolicy::SuppressReport)); | 91 EXPECT_TRUE(csp2->allowImageFromSource(notExampleUrl, ContentSecurityPolicy:
:DidNotRedirect, ContentSecurityPolicy::SuppressReport)); |
116 EXPECT_FALSE(csp2->allowPluginType("application/x-type-2", "application/x-ty
pe-2", exampleUrl, ContentSecurityPolicy::SuppressReport)); | 92 EXPECT_FALSE(csp2->allowPluginType("application/x-type-2", "application/x-ty
pe-2", exampleUrl, ContentSecurityPolicy::SuppressReport)); |
117 } | 93 } |
118 | 94 |
119 } // namespace | 95 } // namespace |
OLD | NEW |