Prevent cross-site pages when --site-per-process is passed

content/browser/site_per_process_browsertest.cc

Index: content/browser/site_per_process_browsertest.cc
diff --git a/content/browser/site_per_process_browsertest.cc b/content/browser/site_per_process_browsertest.cc
new file mode 100644
index 0000000000000000000000000000000000000000..36d9d6f76c03e36e4c57b2786ee4cc54171b9fe3
--- /dev/null
+++ b/content/browser/site_per_process_browsertest.cc
@@ -0,0 +1,315 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "base/command_line.h"
+#include "base/stringprintf.h"
+#include "base/utf_string_conversions.h"
+#include "content/browser/web_contents/web_contents_impl.h"
+#include "content/public/browser/notification_types.h"
+#include "content/public/browser/web_contents_observer.h"
+#include "content/public/common/content_switches.h"
+#include "content/public/test/browser_test_utils.h"
+#include "content/public/test/test_utils.h"
+#include "content/shell/shell.h"
+#include "content/test/content_browser_test.h"
+#include "content/test/content_browser_test_utils.h"
+
+namespace content {
+
+class SitePerProcessWebContentsObserver: public WebContentsObserver {
+ public:
+  explicit SitePerProcessWebContentsObserver(WebContents* web_contents)
+      : WebContentsObserver(web_contents),
+        navigation_succeeded_(true) {}
+  virtual ~SitePerProcessWebContentsObserver() {}
+
+  virtual void DidFailProvisionalLoad(
+      int64 frame_id,
+      bool is_main_frame,
+      const GURL& validated_url,
+      int error_code,
+      const string16& error_description,
+      RenderViewHost* render_view_host) OVERRIDE {
+    navigation_url_ = validated_url;
+    navigation_succeeded_ = false;
+  }
+
+  virtual void DidCommitProvisionalLoadForFrame(
+      int64 frame_id,
+      bool is_main_frame,
+      const GURL& url,
+      PageTransition transition_type,
+      RenderViewHost* render_view_host) OVERRIDE{
+    navigation_url_ = url;
+    navigation_succeeded_ = true;
+  }
+
+  const GURL& navigation_url() const {
+    return navigation_url_;
+  }
+
+  int navigation_succeeded() const { return navigation_succeeded_; }
+
+ private:
+  GURL navigation_url_;
+  bool navigation_succeeded_;
+
+  DISALLOW_COPY_AND_ASSIGN(SitePerProcessWebContentsObserver);
+};
+
+class SitePerProcessBrowserTest : public ContentBrowserTest {
+ public:
+  SitePerProcessBrowserTest() {}
+
+  bool NavigateIframeToURL(Shell* window,
+                           const GURL& url,
+                           std::string iframe_id) {
+    std::string script = base::StringPrintf(
+        "var iframes = document.getElementById('%s');iframes.src='%s';",
+        iframe_id.c_str(), url.spec().c_str());
+    WindowedNotificationObserver load_observer(
+        NOTIFICATION_LOAD_STOP,
+        Source<NavigationController>(
+            &shell()->web_contents()->GetController()));
+     bool result = content::ExecuteJavaScript(
+         window->web_contents()->GetRenderViewHost(),
+         L"", ASCIIToWide(script));
+     load_observer.Wait();
+     return result;
+  }
+
+  void SetUpCommandLine(CommandLine* command_line) {
+    command_line->AppendSwitch(switches::kSitePerProcess);
+  }
+};
+
+IN_PROC_BROWSER_TEST_F(SitePerProcessBrowserTest, CrossSiteIframe) {
+  ASSERT_TRUE(test_server()->Start());
+  net::TestServer https_server(
+      net::TestServer::TYPE_HTTPS,
+      net::TestServer::kLocalhost,
+      FilePath(FILE_PATH_LITERAL("content/test/data")));
+  ASSERT_TRUE(https_server.Start());
+  GURL main_url(test_server()->GetURL("files/site_per_process_main.html"));
+
+  NavigateToURL(shell(), main_url);
+
+  SitePerProcessWebContentsObserver observer(shell()->web_contents());
+  {
+    // Load same-site page into Iframe.
+    GURL http_url(test_server()->GetURL("files/title1.html"));
+    EXPECT_TRUE(NavigateIframeToURL(shell(), http_url, "test"));
+    EXPECT_EQ(observer.navigation_url(), http_url);
+    EXPECT_TRUE(observer.navigation_succeeded());
+  }
+
+  {
+    // Load cross-site page into Iframe.
+    GURL https_url(https_server.GetURL("files/title1.html"));
+    EXPECT_TRUE(NavigateIframeToURL(shell(), https_url, "test"));
+    EXPECT_EQ(observer.navigation_url(), https_url);
+    EXPECT_FALSE(observer.navigation_succeeded());
+  }
+}
+
+IN_PROC_BROWSER_TEST_F(SitePerProcessBrowserTest, CrossSiteIframeRedirectOnce) {
+  ASSERT_TRUE(test_server()->Start());
+  net::TestServer https_server(
+      net::TestServer::TYPE_HTTPS,
+      net::TestServer::kLocalhost,
+      FilePath(FILE_PATH_LITERAL("content/test/data")));
+  ASSERT_TRUE(https_server.Start());
+
+  GURL main_url(test_server()->GetURL("files/site_per_process_main.html"));
+  GURL http_url(test_server()->GetURL("files/title1.html"));
+  GURL https_url(https_server.GetURL("files/title1.html"));
+
+  NavigateToURL(shell(), main_url);
+
+  SitePerProcessWebContentsObserver observer(shell()->web_contents());
+  {
+    // Load cross-site client-redirect page into Iframe.
+    // Should be blocked.
+    GURL client_redirect_https_url(https_server.GetURL(
+        "client-redirect?files/title1.html"));
+    EXPECT_TRUE(NavigateIframeToURL(shell(),
+                                    client_redirect_https_url, "test"));
+    // DidFailProvisionalLoad when navigating to client_redirect_https_url.
+    EXPECT_EQ(observer.navigation_url(), client_redirect_https_url);
+    EXPECT_FALSE(observer.navigation_succeeded());
+  }
+
+  {
+    // Load cross-site server-redirect page into Iframe,
+    // which redirects to same-site page.
+    GURL server_redirect_http_url(https_server.GetURL(
+        "server-redirect?" + http_url.spec()));
+    EXPECT_TRUE(NavigateIframeToURL(shell(),
+                                    server_redirect_http_url, "test"));
+    EXPECT_EQ(observer.navigation_url(), http_url);
+    EXPECT_TRUE(observer.navigation_succeeded());
+  }
+
+  {
+    // Load cross-site server-redirect page into Iframe,
+    // which redirects to cross-site page.
+    GURL server_redirect_http_url(https_server.GetURL(
+        "server-redirect?files/title1.html"));
+    EXPECT_TRUE(NavigateIframeToURL(shell(),
+                                    server_redirect_http_url, "test"));
+    // DidFailProvisionalLoad when navigating to https_url.
+    EXPECT_EQ(observer.navigation_url(), https_url);
+    EXPECT_FALSE(observer.navigation_succeeded());
+  }
+
+  {
+    // Load same-site server-redirect page into Iframe,
+    // which redirects to cross-site page.
+    GURL server_redirect_http_url(test_server()->GetURL(
+        "server-redirect?" + https_url.spec()));
+    EXPECT_TRUE(NavigateIframeToURL(shell(),
+                                    server_redirect_http_url, "test"));
+
+    EXPECT_EQ(observer.navigation_url(), https_url);
+    EXPECT_FALSE(observer.navigation_succeeded());
+   }
+
+
+  {
+    // Load same-site client-redirect page into Iframe,
+    // which redirects to cross-site page.
+    GURL client_redirect_http_url(test_server()->GetURL(
+        "client-redirect?" + https_url.spec()));
+    EXPECT_TRUE(NavigateIframeToURL(shell(),
+                                    client_redirect_http_url, "test"));
+
+    WindowedNotificationObserver load_observer2(
+        NOTIFICATION_LOAD_STOP,
+        Source<NavigationController>(
+            &shell()->web_contents()->GetController()));
+    // Same-site Client-Redirect Page should be loaded successfully.
+    EXPECT_EQ(observer.navigation_url(), client_redirect_http_url);
+    EXPECT_TRUE(observer.navigation_succeeded());
+    load_observer2.Wait();
+
+    // Redirecting to Cross-site Page should be blocked.
+    EXPECT_EQ(observer.navigation_url(), https_url);
+    EXPECT_FALSE(observer.navigation_succeeded());
+  }
+
+  {
+    // Load same-site server-redirect page into Iframe,
+    // which redirects to same-site page.
+    GURL server_redirect_http_url(test_server()->GetURL(
+        "server-redirect?files/title1.html"));
+    EXPECT_TRUE(NavigateIframeToURL(shell(),
+                                    server_redirect_http_url, "test"));
+    EXPECT_EQ(observer.navigation_url(), http_url);
+    EXPECT_TRUE(observer.navigation_succeeded());
+   }
+
+  {
+    // Load same-site client-redirect page into Iframe,
+    // which redirects to same-site page.
+    GURL client_redirect_http_url(test_server()->GetURL(
+        "client-redirect?" + http_url.spec()));
+    EXPECT_TRUE(NavigateIframeToURL(shell(),
+                                    client_redirect_http_url, "test"));
+    WindowedNotificationObserver load_observer2(
+        NOTIFICATION_LOAD_STOP,
+        Source<NavigationController>(
+            &shell()->web_contents()->GetController()));
+
+    // Same-site Client-Redirect Page should be loaded successfully.
+    EXPECT_EQ(observer.navigation_url(), client_redirect_http_url);
+    EXPECT_TRUE(observer.navigation_succeeded());
+    load_observer2.Wait();
+
+    // Redirecting to Same-site Page should be loaded successfully.
+    EXPECT_EQ(observer.navigation_url(), http_url);
+    EXPECT_TRUE(observer.navigation_succeeded());
+  }
+}
+
+IN_PROC_BROWSER_TEST_F(SitePerProcessBrowserTest,
+                       CrossSiteIframeRedirectTwice) {
+  ASSERT_TRUE(test_server()->Start());
+  net::TestServer https_server(
+      net::TestServer::TYPE_HTTPS,
+      net::TestServer::kLocalhost,
+      FilePath(FILE_PATH_LITERAL("content/test/data")));
+  ASSERT_TRUE(https_server.Start());
+
+  GURL main_url(test_server()->GetURL("files/site_per_process_main.html"));
+  GURL http_url(test_server()->GetURL("files/title1.html"));
+  GURL https_url(https_server.GetURL("files/title1.html"));
+
+  NavigateToURL(shell(), main_url);
+
+  SitePerProcessWebContentsObserver observer(shell()->web_contents());
+  {
+    // Load client-redirect page pointing to a cross-site client-redirect page,
+    // which eventually redirects back to same-site page.
+    GURL client_redirect_https_url(https_server.GetURL(
+        "client-redirect?" + http_url.spec()));
+    GURL client_redirect_http_url(test_server()->GetURL(
+        "client-redirect?" + client_redirect_https_url.spec()));
+
+    EXPECT_TRUE(NavigateIframeToURL(shell(), client_redirect_http_url, "test"));
+
+    // We should wait until second client redirect get cancelled.
+    WindowedNotificationObserver load_observer2(
+        NOTIFICATION_LOAD_STOP,
+        Source<NavigationController>(
+            &shell()->web_contents()->GetController()));
+    load_observer2.Wait();
+
+    // DidFailProvisionalLoad when navigating to client_redirect_https_url.
+    EXPECT_EQ(observer.navigation_url(), client_redirect_https_url);
+    EXPECT_FALSE(observer.navigation_succeeded());
+  }
+
+  {
+    // Load server-redirect page pointing to a cross-site server-redirect page,
+    // which eventually redirect back to same-site page.
+    GURL server_redirect_https_url(https_server.GetURL(
+        "server-redirect?" + http_url.spec()));
+    GURL server_redirect_http_url(test_server()->GetURL(
+        "server-redirect?" + server_redirect_https_url.spec()));
+    EXPECT_TRUE(NavigateIframeToURL(shell(),
+                                    server_redirect_http_url, "test"));
+    EXPECT_EQ(observer.navigation_url(), http_url);
+    EXPECT_TRUE(observer.navigation_succeeded());
+  }
+
+  {
+    // Load server-redirect page pointing to a cross-site server-redirect page,
+    // which eventually redirects back to cross-site page.
+    GURL server_redirect_https_url(https_server.GetURL(
+        "server-redirect?" + https_url.spec()));
+    GURL server_redirect_http_url(test_server()->GetURL(
+        "server-redirect?" + server_redirect_https_url.spec()));
+    EXPECT_TRUE(NavigateIframeToURL(shell(), server_redirect_http_url, "test"));
+
+    // DidFailProvisionalLoad when navigating to https_url.
+    EXPECT_EQ(observer.navigation_url(), https_url);
+    EXPECT_FALSE(observer.navigation_succeeded());
+  }
+
+  {
+    // Load client-redirect page pointing to a cross-site server-redirect page,

[Charlie Reis, 2012/12/06 20:20:22]

This is backwards, isn't it?  It should be:
Load server-redirect page pointing to a cross-site client-redirect page, ...

[irobert, 2012/12/06 22:37:02]

You are right. I confused myself. :)

On 2012/12/06 20:20:22, creis wrote:
Done.

+    // which eventually redirects back to same-site page.
+    GURL client_redirect_http_url(https_server.GetURL(
+        "client-redirect?" + http_url.spec()));
+    GURL server_redirect_http_url(test_server()->GetURL(
+        "server-redirect?" + client_redirect_http_url.spec()));
+    EXPECT_TRUE(NavigateIframeToURL(shell(), server_redirect_http_url, "test"));
+
+    // DidFailProvisionalLoad when navigating to client_redirect_http_url.
+    EXPECT_EQ(observer.navigation_url(), client_redirect_http_url);
+    EXPECT_FALSE(observer.navigation_succeeded());
+  }
+}
+
+}