Chromium Code Reviews Chromium Code Reviews
Issue 11416121:
Prevent cross-site pages when --site-per-process is passed (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| (Empty) | |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "base/command_line.h" | |
| 6 #include "base/stringprintf.h" | |
| 7 #include "base/utf_string_conversions.h" | |
| 8 #include "content/browser/web_contents/web_contents_impl.h" | |
| 9 #include "content/public/browser/notification_types.h" | |
| 10 #include "content/public/browser/web_contents_observer.h" | |
| 11 #include "content/public/common/content_switches.h" | |
| 12 #include "content/public/test/browser_test_utils.h" | |
| 13 #include "content/public/test/test_utils.h" | |
| 14 #include "content/shell/shell.h" | |
| 15 #include "content/test/content_browser_test.h" | |
| 16 #include "content/test/content_browser_test_utils.h" | |
| 17 | |
| 18 namespace content { | |
| 19 | |
| 20 class SitePerProcessWebContentsObserver: public WebContentsObserver { | |
| 21 public: | |
| 22 explicit SitePerProcessWebContentsObserver(WebContents* web_contents) | |
| 23 : WebContentsObserver(web_contents), | |
| 24 navigation_succeeded_(true) {} | |
| 25 virtual ~SitePerProcessWebContentsObserver() {} | |
| 26 | |
| 27 virtual void DidFailProvisionalLoad( | |
| 28 int64 frame_id, | |
| 29 bool is_main_frame, | |
| 30 const GURL& validated_url, | |
| 31 int error_code, | |
| 32 const string16& error_description, | |
| 33 RenderViewHost* render_view_host) OVERRIDE { | |
| 34 navigation_url_ = validated_url; | |
| 35 navigation_succeeded_ = false; | |
| 36 } | |
| 37 | |
| 38 virtual void DidCommitProvisionalLoadForFrame( | |
| 39 int64 frame_id, | |
| 40 bool is_main_frame, | |
| 41 const GURL& url, | |
| 42 PageTransition transition_type, | |
| 43 RenderViewHost* render_view_host) OVERRIDE{ | |
| 44 navigation_url_ = url; | |
| 45 navigation_succeeded_ = true; | |
| 46 } | |
| 47 | |
| 48 const GURL& navigation_url() const { | |
| 49 return navigation_url_; | |
| 50 } | |
| 51 | |
| 52 int navigation_succeeded() const { return navigation_succeeded_; } | |
| 53 | |
| 54 private: | |
| 55 GURL navigation_url_; | |
| 56 bool navigation_succeeded_; | |
| 57 | |
| 58 DISALLOW_COPY_AND_ASSIGN(SitePerProcessWebContentsObserver); | |
| 59 }; | |
| 60 | |
| 61 class SitePerProcessBrowserTest : public ContentBrowserTest { | |
| 62 public: | |
| 63 SitePerProcessBrowserTest() {} | |
| 64 | |
| 65 bool NavigateIframeToURL(Shell* window, | |
| 66 const GURL& url, | |
| 67 std::string iframe_id) { | |
| 68 std::string script = base::StringPrintf( | |
| 69 "var iframes = document.getElementById('%s');iframes.src='%s';", | |
| 70 iframe_id.c_str(), url.spec().c_str()); | |
| 71 WindowedNotificationObserver load_observer( | |
| 72 NOTIFICATION_LOAD_STOP, | |
| 73 Source<NavigationController>( | |
| 74 &shell()->web_contents()->GetController())); | |
| 75 bool result = content::ExecuteJavaScript( | |
| 76 window->web_contents()->GetRenderViewHost(), | |
| 77 L"", ASCIIToWide(script)); | |
| 78 load_observer.Wait(); | |
| 79 return result; | |
| 80 } | |
| 81 | |
| 82 void SetUpCommandLine(CommandLine* command_line) { | |
| 83 command_line->AppendSwitch(switches::kSitePerProcess); | |
| 84 } | |
| 85 }; | |
| 86 | |
| 87 IN_PROC_BROWSER_TEST_F(SitePerProcessBrowserTest, CrossSiteIframe) { | |
| 88 ASSERT_TRUE(test_server()->Start()); | |
| 89 net::TestServer https_server( | |
| 90 net::TestServer::TYPE_HTTPS, | |
| 91 net::TestServer::kLocalhost, | |
| 92 FilePath(FILE_PATH_LITERAL("content/test/data"))); | |
| 93 ASSERT_TRUE(https_server.Start()); | |
| 94 GURL main_url(test_server()->GetURL("files/site_per_process_main.html")); | |
| 95 | |
| 96 NavigateToURL(shell(), main_url); | |
| 97 | |
| 98 SitePerProcessWebContentsObserver observer(shell()->web_contents()); | |
| 99 { | |
| 100 // Load same-site page into Iframe. | |
| 101 GURL http_url(test_server()->GetURL("files/title1.html")); | |
| 102 EXPECT_TRUE(NavigateIframeToURL(shell(), http_url, "test")); | |
| 103 EXPECT_EQ(observer.navigation_url(), http_url); | |
| 104 EXPECT_TRUE(observer.navigation_succeeded()); | |
| 105 } | |
| 106 | |
| 107 { | |
| 108 // Load cross-site page into Iframe. | |
| 109 GURL https_url(https_server.GetURL("files/title1.html")); | |
| 110 EXPECT_TRUE(NavigateIframeToURL(shell(), https_url, "test")); | |
| 111 EXPECT_EQ(observer.navigation_url(), https_url); | |
| 112 EXPECT_FALSE(observer.navigation_succeeded()); | |
| 113 } | |
| 114 } | |
| 115 | |
| 116 IN_PROC_BROWSER_TEST_F(SitePerProcessBrowserTest, CrossSiteIframeRedirectOnce) { | |
| 117 ASSERT_TRUE(test_server()->Start()); | |
| 118 net::TestServer https_server( | |
| 119 net::TestServer::TYPE_HTTPS, | |
| 120 net::TestServer::kLocalhost, | |
| 121 FilePath(FILE_PATH_LITERAL("content/test/data"))); | |
| 122 ASSERT_TRUE(https_server.Start()); | |
| 123 | |
| 124 GURL main_url(test_server()->GetURL("files/site_per_process_main.html")); | |
| 125 GURL http_url(test_server()->GetURL("files/title1.html")); | |
| 126 GURL https_url(https_server.GetURL("files/title1.html")); | |
| 127 | |
| 128 NavigateToURL(shell(), main_url); | |
| 129 | |
| 130 SitePerProcessWebContentsObserver observer(shell()->web_contents()); | |
| 131 { | |
| 132 // Load cross-site client-redirect page into Iframe. | |
| 133 // Should be blocked. | |
| 134 GURL client_redirect_https_url(https_server.GetURL( | |
| 135 "client-redirect?files/title1.html")); | |
| 136 EXPECT_TRUE(NavigateIframeToURL(shell(), | |
| 137 client_redirect_https_url, "test")); | |
| 138 // DidFailProvisionalLoad when navigating to client_redirect_https_url. | |
| 139 EXPECT_EQ(observer.navigation_url(), client_redirect_https_url); | |
| 140 EXPECT_FALSE(observer.navigation_succeeded()); | |
| 141 } | |
| 142 | |
| 143 { | |
| 144 // Load cross-site server-redirect page into Iframe, | |
| 145 // which redirects to same-site page. | |
| 146 GURL server_redirect_http_url(https_server.GetURL( | |
| 147 "server-redirect?" + http_url.spec())); | |
| 148 EXPECT_TRUE(NavigateIframeToURL(shell(), | |
| 149 server_redirect_http_url, "test")); | |
| 150 EXPECT_EQ(observer.navigation_url(), http_url); | |
| 151 EXPECT_TRUE(observer.navigation_succeeded()); | |
| 152 } | |
| 153 | |
| 154 { | |
| 155 // Load cross-site server-redirect page into Iframe, | |
| 156 // which redirects to cross-site page. | |
| 157 GURL server_redirect_http_url(https_server.GetURL( | |
| 158 "server-redirect?files/title1.html")); | |
| 159 EXPECT_TRUE(NavigateIframeToURL(shell(), | |
| 160 server_redirect_http_url, "test")); | |
| 161 // DidFailProvisionalLoad when navigating to https_url. | |
| 162 EXPECT_EQ(observer.navigation_url(), https_url); | |
| 163 EXPECT_FALSE(observer.navigation_succeeded()); | |
| 164 } | |
| 165 | |
| 166 { | |
| 167 // Load same-site server-redirect page into Iframe, | |
| 168 // which redirects to cross-site page. | |
| 169 GURL server_redirect_http_url(test_server()->GetURL( | |
| 170 "server-redirect?" + https_url.spec())); | |
| 171 EXPECT_TRUE(NavigateIframeToURL(shell(), | |
| 172 server_redirect_http_url, "test")); | |
| 173 | |
| 174 EXPECT_EQ(observer.navigation_url(), https_url); | |
| 175 EXPECT_FALSE(observer.navigation_succeeded()); | |
| 176 } | |
| 177 | |
| 178 | |
| 179 { | |
| 180 // Load same-site client-redirect page into Iframe, | |
| 181 // which redirects to cross-site page. | |
| 182 GURL client_redirect_http_url(test_server()->GetURL( | |
| 183 "client-redirect?" + https_url.spec())); | |
| 184 EXPECT_TRUE(NavigateIframeToURL(shell(), | |
| 185 client_redirect_http_url, "test")); | |
| 186 | |
| 187 WindowedNotificationObserver load_observer2( | |
| 188 NOTIFICATION_LOAD_STOP, | |
| 189 Source<NavigationController>( | |
| 190 &shell()->web_contents()->GetController())); | |
| 191 // Same-site Client-Redirect Page should be loaded successfully. | |
| 192 EXPECT_EQ(observer.navigation_url(), client_redirect_http_url); | |
| 193 EXPECT_TRUE(observer.navigation_succeeded()); | |
| 194 load_observer2.Wait(); | |
| 195 | |
| 196 // Redirecting to Cross-site Page should be blocked. | |
| 197 EXPECT_EQ(observer.navigation_url(), https_url); | |
| 198 EXPECT_FALSE(observer.navigation_succeeded()); | |
| 199 } | |
| 200 | |
| 201 { | |
| 202 // Load same-site server-redirect page into Iframe, | |
| 203 // which redirects to same-site page. | |
| 204 GURL server_redirect_http_url(test_server()->GetURL( | |
| 205 "server-redirect?files/title1.html")); | |
| 206 EXPECT_TRUE(NavigateIframeToURL(shell(), | |
| 207 server_redirect_http_url, "test")); | |
| 208 EXPECT_EQ(observer.navigation_url(), http_url); | |
| 209 EXPECT_TRUE(observer.navigation_succeeded()); | |
| 210 } | |
| 211 | |
| 212 { | |
| 213 // Load same-site client-redirect page into Iframe, | |
| 214 // which redirects to same-site page. | |
| 215 GURL client_redirect_http_url(test_server()->GetURL( | |
| 216 "client-redirect?" + http_url.spec())); | |
| 217 EXPECT_TRUE(NavigateIframeToURL(shell(), | |
| 218 client_redirect_http_url, "test")); | |
| 219 WindowedNotificationObserver load_observer2( | |
| 220 NOTIFICATION_LOAD_STOP, | |
| 221 Source<NavigationController>( | |
| 222 &shell()->web_contents()->GetController())); | |
| 223 | |
| 224 // Same-site Client-Redirect Page should be loaded successfully. | |
| 225 EXPECT_EQ(observer.navigation_url(), client_redirect_http_url); | |
| 226 EXPECT_TRUE(observer.navigation_succeeded()); | |
| 227 load_observer2.Wait(); | |
| 228 | |
| 229 // Redirecting to Same-site Page should be loaded successfully. | |
| 230 EXPECT_EQ(observer.navigation_url(), http_url); | |
| 231 EXPECT_TRUE(observer.navigation_succeeded()); | |
| 232 } | |
| 233 } | |
| 234 | |
| 235 IN_PROC_BROWSER_TEST_F(SitePerProcessBrowserTest, | |
| 236 CrossSiteIframeRedirectTwice) { | |
| 237 ASSERT_TRUE(test_server()->Start()); | |
| 238 net::TestServer https_server( | |
| 239 net::TestServer::TYPE_HTTPS, | |
| 240 net::TestServer::kLocalhost, | |
| 241 FilePath(FILE_PATH_LITERAL("content/test/data"))); | |
| 242 ASSERT_TRUE(https_server.Start()); | |
| 243 | |
| 244 GURL main_url(test_server()->GetURL("files/site_per_process_main.html")); | |
| 245 GURL http_url(test_server()->GetURL("files/title1.html")); | |
| 246 GURL https_url(https_server.GetURL("files/title1.html")); | |
| 247 | |
| 248 NavigateToURL(shell(), main_url); | |
| 249 | |
| 250 SitePerProcessWebContentsObserver observer(shell()->web_contents()); | |
| 251 { | |
| 252 // Load client-redirect page pointing to a cross-site client-redirect page, | |
| 253 // which eventually redirects back to same-site page. | |
| 254 GURL client_redirect_https_url(https_server.GetURL( | |
| 255 "client-redirect?" + http_url.spec())); | |
| 256 GURL client_redirect_http_url(test_server()->GetURL( | |
| 257 "client-redirect?" + client_redirect_https_url.spec())); | |
| 258 | |
| 259 EXPECT_TRUE(NavigateIframeToURL(shell(), client_redirect_http_url, "test")); | |
| 260 | |
| 261 // We should wait until second client redirect get cancelled. | |
| 262 WindowedNotificationObserver load_observer2( | |
| 263 NOTIFICATION_LOAD_STOP, | |
| 264 Source<NavigationController>( | |
| 265 &shell()->web_contents()->GetController())); | |
| 266 load_observer2.Wait(); | |
| 267 | |
| 268 // DidFailProvisionalLoad when navigating to client_redirect_https_url. | |
| 269 EXPECT_EQ(observer.navigation_url(), client_redirect_https_url); | |
| 270 EXPECT_FALSE(observer.navigation_succeeded()); | |
| 271 } | |
| 272 | |
| 273 { | |
| 274 // Load server-redirect page pointing to a cross-site server-redirect page, | |
| 275 // which eventually redirect back to same-site page. | |
| 276 GURL server_redirect_https_url(https_server.GetURL( | |
| 277 "server-redirect?" + http_url.spec())); | |
| 278 GURL server_redirect_http_url(test_server()->GetURL( | |
| 279 "server-redirect?" + server_redirect_https_url.spec())); | |
| 280 EXPECT_TRUE(NavigateIframeToURL(shell(), | |
| 281 server_redirect_http_url, "test")); | |
| 282 EXPECT_EQ(observer.navigation_url(), http_url); | |
| 283 EXPECT_TRUE(observer.navigation_succeeded()); | |
| 284 } | |
| 285 | |
| 286 { | |
| 287 // Load server-redirect page pointing to a cross-site server-redirect page, | |
| 288 // which eventually redirects back to cross-site page. | |
| 289 GURL server_redirect_https_url(https_server.GetURL( | |
| 290 "server-redirect?" + https_url.spec())); | |
| 291 GURL server_redirect_http_url(test_server()->GetURL( | |
| 292 "server-redirect?" + server_redirect_https_url.spec())); | |
| 293 EXPECT_TRUE(NavigateIframeToURL(shell(), server_redirect_http_url, "test")); | |
| 294 | |
| 295 // DidFailProvisionalLoad when navigating to https_url. | |
| 296 EXPECT_EQ(observer.navigation_url(), https_url); | |
| 297 EXPECT_FALSE(observer.navigation_succeeded()); | |
| 298 } | |
| 299 | |
| 300 { | |
| 301 // Load client-redirect page pointing to a cross-site server-redirect page, | |
|
Charlie Reis
2012/12/06 20:20:22
This is backwards, isn't it? It should be:
Load s
irobert
2012/12/06 22:37:02
You are right. I confused myself. :)
On 2012/12/0
| |
| 302 // which eventually redirects back to same-site page. | |
| 303 GURL client_redirect_http_url(https_server.GetURL( | |
| 304 "client-redirect?" + http_url.spec())); | |
| 305 GURL server_redirect_http_url(test_server()->GetURL( | |
| 306 "server-redirect?" + client_redirect_http_url.spec())); | |
| 307 EXPECT_TRUE(NavigateIframeToURL(shell(), server_redirect_http_url, "test")); | |
| 308 | |
| 309 // DidFailProvisionalLoad when navigating to client_redirect_http_url. | |
| 310 EXPECT_EQ(observer.navigation_url(), client_redirect_http_url); | |
| 311 EXPECT_FALSE(observer.navigation_succeeded()); | |
| 312 } | |
| 313 } | |
| 314 | |
| 315 } | |
| OLD | NEW |
