Prevent cross-site pages when --site-per-process is passed

content/browser/site_per_process_test.cc

Index: content/browser/site_per_process_test.cc
diff --git a/content/browser/site_per_process_test.cc b/content/browser/site_per_process_test.cc
new file mode 100644
index 0000000000000000000000000000000000000000..d69455c3fcdae59eb095d39e5d31133132f03e50
--- /dev/null
+++ b/content/browser/site_per_process_test.cc
@@ -0,0 +1,331 @@
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.

[Charlie Reis, 2012/12/05 02:02:58]

This file should be named site_per_process_browsertest.cc.

[irobert, 2012/12/05 19:00:03]

Done.

+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "base/command_line.h"
+#include "base/utf_string_conversions.h"
+#include "content/browser/web_contents/web_contents_impl.h"
+#include "content/public/browser/notification_types.h"
+#include "content/public/browser/web_contents_observer.h"
+#include "content/public/common/content_switches.h"
+#include "content/public/test/browser_test_utils.h"
+#include "content/public/test/test_utils.h"
+#include "content/shell/shell.h"
+#include "content/test/content_browser_test.h"
+#include "content/test/content_browser_test_utils.h"
+
+namespace content {
+class SitePerProcessTest : public ContentBrowserTest {
+ public:
+  SitePerProcessTest() {}
+
+  bool NavigateIframeToURL(Shell* window,
+                           const GURL& url,
+                           std::string iframe_id) {
+     std::string script = "var iframes = document.getElementById(\"" +

[Charlie Reis, 2012/12/05 02:02:58]

Please use base::StringPrintf.

[irobert, 2012/12/05 19:00:03]

Done.

+                          iframe_id +"\"); iframes.src=\"" +
+                          url.spec()+ "\";";
+     return content::ExecuteJavaScript(
+                window->web_contents()->GetRenderViewHost(),

[Charlie Reis, 2012/12/05 02:02:58]

nit: wrong indent.  (Should be 4 spaces in from previous line.)

[irobert, 2012/12/05 19:00:03]

Done.

+                L"", ASCIIToWide(script));
+  }
+
+  void EnableSitePerProces() {

[Charlie Reis, 2012/12/05 02:02:58]

If you put this in SetUpCommandLine, it will apply to all the tests in this file
without having to call it.  Here's an example:
https://code.google.com/searchframe#OAMlx_jo-ck/src/content/test/layout_brows...

[irobert, 2012/12/05 19:00:03]

Done.

+    /*switches::kSitePerProcess*/

[Charlie Reis, 2012/12/05 02:02:58]

Please use this constant in the line below.  (No need for this comment.)

[irobert, 2012/12/05 19:00:03]

Done.

+    CommandLine::ForCurrentProcess()->AppendSwitch("site-per-process");
+  }
+};
+
+class SitePerProcessTestWebContentsObserver : public WebContentsObserver {

[Charlie Reis, 2012/12/05 02:02:58]

nit: SitePerProcessWebContentsObserver would be a slightly shorter name.  Let's
use that instead.

[irobert, 2012/12/05 19:00:03]

Done.

+ public:
+  explicit SitePerProcessTestWebContentsObserver(WebContents* web_contents)
+      : WebContentsObserver(web_contents),
+        navigation_result_(true) {}
+  virtual ~SitePerProcessTestWebContentsObserver() {}
+
+  virtual void DidFailProvisionalLoad(
+      int64 frame_id,
+      bool is_main_frame,
+      const GURL& validated_url,
+      int error_code,
+      const string16& error_description,
+      RenderViewHost* render_view_host) OVERRIDE {
+    navigation_url_ = validated_url;
+    navigation_result_ = false;
+  }
+
+  virtual void DidCommitProvisionalLoadForFrame(
+      int64 frame_id,
+      bool is_main_frame,
+      const GURL& url,
+      PageTransition transition_type,
+      RenderViewHost* render_view_host) OVERRIDE{
+    navigation_url_ = url;
+    navigation_result_ = true;
+  }
+
+  GURL navigation_url() const {
+    return navigation_url_;
+  }
+
+  int navigation_result() const { return navigation_result_; }
+
+ private:
+  GURL navigation_url_;
+  bool navigation_result_;

[Charlie Reis, 2012/12/05 02:02:58]

navigation_succeeded_

[irobert, 2012/12/05 19:00:03]

Done.

+
+  DISALLOW_COPY_AND_ASSIGN(SitePerProcessTestWebContentsObserver);
+};
+
+
+IN_PROC_BROWSER_TEST_F(SitePerProcessTest, CrossSiteIframe) {
+  EnableSitePerProces();
+  ASSERT_TRUE(test_server()->Start());
+  net::TestServer https_server(
+      net::TestServer::TYPE_HTTPS,
+      net::TestServer::kLocalhost,
+      FilePath(FILE_PATH_LITERAL("content/test/data")));
+  ASSERT_TRUE(https_server.Start());
+  GURL main_url(test_server()->GetURL("files/site_per_process_main.html"));
+
+  content::TitleWatcher title_watcher(shell()->web_contents(),
+                                      ASCIIToUTF16("site_per_process_main"));
+  NavigateToURL(shell(), main_url);
+  string16 actual_title = title_watcher.WaitAndGetTitle();

[Charlie Reis, 2012/12/05 02:02:58]

Do we need this TitleWatcher?  I think the NavigateToURL call should be
sufficient.

[irobert, 2012/12/05 19:00:03]

The purpose of this is to make sure the main frame navigation complete before
the redirection. I think this has been done in the NavigateToURL API.

On 2012/12/05 02:02:58, creis wrote:

+
+  {
+    // Load same-site page into Iframe.
+    GURL http_url(test_server()->GetURL("files/title1.html"));
+    SitePerProcessTestWebContentsObserver observer(shell()->web_contents());
+    WindowedNotificationObserver load_observer(

[Charlie Reis, 2012/12/05 02:02:58]

Perhaps the load_observer should be inside NavigateIframeToURL?  That's more
consistent with NavigateToURL.

[irobert, 2012/12/05 19:00:03]

Done.

+        NOTIFICATION_LOAD_STOP,
+        Source<NavigationController>(
+              &shell()->web_contents()->GetController()));

[Charlie Reis, 2012/12/05 02:02:58]

nit: Wrong indent.  (Will this fit on the previous line?)

[irobert, 2012/12/05 19:00:03]

Cannot fit on the previous line. 82 chars.

On 2012/12/05 02:02:58, creis wrote:

+    EXPECT_TRUE(NavigateIframeToURL(shell(), http_url, "test"));
+    load_observer.Wait();
+    EXPECT_EQ(observer.navigation_url(), http_url);
+    EXPECT_TRUE(observer.navigation_result());
+  }
+
+  {
+    // Load cross-site page into Iframe.
+    GURL https_url(https_server.GetURL("files/title1.html"));
+    SitePerProcessTestWebContentsObserver observer(shell()->web_contents());
+    WindowedNotificationObserver load_observer(
+        NOTIFICATION_LOAD_STOP,
+        Source<NavigationController>(
+            &shell()->web_contents()->GetController()));
+    EXPECT_TRUE(NavigateIframeToURL(shell(), https_url, "test"));
+    load_observer.Wait();
+    EXPECT_EQ(observer.navigation_url(), https_url);
+    EXPECT_FALSE(observer.navigation_result());
+  }
+}
+
+IN_PROC_BROWSER_TEST_F(SitePerProcessTest, CrossSiteIframeRedirectOnce) {
+  EnableSitePerProces();
+
+  ASSERT_TRUE(test_server()->Start());
+  net::TestServer https_server(
+      net::TestServer::TYPE_HTTPS,
+      net::TestServer::kLocalhost,
+      FilePath(FILE_PATH_LITERAL("content/test/data")));
+  ASSERT_TRUE(https_server.Start());
+
+  GURL main_url(test_server()->GetURL("files/site_per_process_main.html"));
+  GURL http_url(test_server()->GetURL("files/title1.html"));
+  GURL https_url(https_server.GetURL("files/title1.html"));
+
+  content::TitleWatcher title_watcher(shell()->web_contents(),
+                                      ASCIIToUTF16("site_per_process_main"));
+  NavigateToURL(shell(), main_url);
+  string16 actual_title = title_watcher.WaitAndGetTitle();
+
+  SitePerProcessTestWebContentsObserver observer(shell()->web_contents());
+  {
+    // Load cross-site client-redirect page into Iframe.
+    // Should be blocked.
+    GURL client_redirect_https_url(https_server.GetURL(
+        "client-redirect?files/title1.html"));
+    WindowedNotificationObserver load_observer(
+        NOTIFICATION_LOAD_STOP,
+        Source<NavigationController>(
+            &shell()->web_contents()->GetController()));
+    EXPECT_TRUE(NavigateIframeToURL(shell(),
+                                    client_redirect_https_url, "test"));
+    load_observer.Wait();
+    // DidFailProvisionalLoad when navigating to client_redirect_https_url.
+    EXPECT_EQ(observer.navigation_url(), client_redirect_https_url);
+    EXPECT_FALSE(observer.navigation_result());
+  }
+
+  {
+    // Load cross-site server-redirect page into Iframe,
+    // which redirects to same-site page.
+    GURL server_redirect_http_url(https_server.GetURL(
+        "server-redirect?" + http_url.spec()));
+    WindowedNotificationObserver load_observer(
+        NOTIFICATION_LOAD_STOP,
+        Source<NavigationController>(
+            &shell()->web_contents()->GetController()));
+    EXPECT_TRUE(NavigateIframeToURL(shell(),
+                                    server_redirect_http_url, "test"));
+    load_observer.Wait();
+    EXPECT_EQ(observer.navigation_url(), http_url);
+    EXPECT_TRUE(observer.navigation_result());
+  }
+
+  {
+    // Load cross-site server-redirect page into Iframe,
+    // which redirects to cross-site page.
+    GURL server_redirect_http_url(https_server.GetURL(
+        "server-redirect?files/title1.html"));
+    WindowedNotificationObserver load_observer(
+        NOTIFICATION_LOAD_STOP,
+        Source<NavigationController>(
+            &shell()->web_contents()->GetController()));
+    EXPECT_TRUE(NavigateIframeToURL(shell(),
+                                    server_redirect_http_url, "test"));
+    load_observer.Wait();
+
+    // DidFailProvisionalLoad when navigating to https_url.
+    EXPECT_EQ(observer.navigation_url(), https_url);
+    EXPECT_FALSE(observer.navigation_result());
+  }
+
+  {
+    // Load same-site server-redirect page into Iframe.
+    // which redirects to same-site page.
+    GURL server_redirect_http_url(test_server()->GetURL(
+        "server-redirect?files/title1.html"));
+    WindowedNotificationObserver load_observer(
+        NOTIFICATION_LOAD_STOP,
+        Source<NavigationController>(
+              &shell()->web_contents()->GetController()));
+    EXPECT_TRUE(NavigateIframeToURL(shell(),
+                                    server_redirect_http_url, "test"));
+    load_observer.Wait();
+    EXPECT_EQ(observer.navigation_url(), http_url);
+    EXPECT_TRUE(observer.navigation_result());
+   }
+
+  {
+    // Load same-site client-redirect page into Iframe,
+    // which redirects to same-site page.
+    GURL client_redirect_http_url(test_server()->GetURL(
+        "client-redirect?files/title1.html"));
+    WindowedNotificationObserver load_observer(
+        NOTIFICATION_LOAD_STOP,
+        Source<NavigationController>(
+            &shell()->web_contents()->GetController()));
+    EXPECT_TRUE(NavigateIframeToURL(shell(),
+                                    client_redirect_http_url, "test"));
+    load_observer.Wait();
+    EXPECT_EQ(observer.navigation_url(), client_redirect_http_url);
+    EXPECT_TRUE(observer.navigation_result());
+  }
+}
+
+IN_PROC_BROWSER_TEST_F(SitePerProcessTest, CrossSiteIframeRedirectTwice) {
+  EnableSitePerProces();
+
+  ASSERT_TRUE(test_server()->Start());
+  net::TestServer https_server(
+      net::TestServer::TYPE_HTTPS,
+      net::TestServer::kLocalhost,
+      FilePath(FILE_PATH_LITERAL("content/test/data")));
+  ASSERT_TRUE(https_server.Start());
+
+  GURL main_url(test_server()->GetURL("files/site_per_process_main.html"));
+  GURL http_url(test_server()->GetURL("files/title1.html"));
+  GURL https_url(https_server.GetURL("files/title1.html"));
+
+  content::TitleWatcher title_watcher(shell()->web_contents(),
+                                      ASCIIToUTF16("site_per_process_main"));
+  NavigateToURL(shell(), main_url);
+  string16 actual_title = title_watcher.WaitAndGetTitle();
+
+  SitePerProcessTestWebContentsObserver observer(shell()->web_contents());
+  {
+    // Load client-redirect page pointed to a cross-site client-redirect page,
+    // which eventually redirects back to same-site page.
+    GURL client_redirect_https_url(https_server.GetURL(
+        "client-redirect?" + http_url.spec()));
+    GURL client_redirect_http_url(test_server()->GetURL(
+        "client-redirect?" + client_redirect_https_url.spec()));
+    WindowedNotificationObserver load_observer(
+        NOTIFICATION_LOAD_STOP,
+        Source<NavigationController>(
+            &shell()->web_contents()->GetController()));
+    EXPECT_TRUE(NavigateIframeToURL(shell(), client_redirect_http_url, "test"));
+    load_observer.Wait();
+    // We should check until second client redirect get cancelled.
+    WindowedNotificationObserver load_observer2(
+        NOTIFICATION_LOAD_STOP,
+        Source<NavigationController>(
+            &shell()->web_contents()->GetController()));
+    load_observer2.Wait();
+
+    // DidFailProvisionalLoad when navigating to client_redirect_https_url.
+    EXPECT_EQ(observer.navigation_url(), client_redirect_https_url);
+    EXPECT_FALSE(observer.navigation_result());
+  }
+
+  {
+    // Load server-redirect page pointed to a cross-site server-redirect page,
+    // which eventually redirect back to same-site page.
+    GURL server_redirect_https_url(https_server.GetURL(
+        "server-redirect?" + http_url.spec()));
+    GURL server_redirect_http_url(test_server()->GetURL(
+        "server-redirect?" + server_redirect_https_url.spec()));
+    WindowedNotificationObserver load_observer(
+        NOTIFICATION_LOAD_STOP,
+        Source<NavigationController>(
+            &shell()->web_contents()->GetController()));
+    EXPECT_TRUE(NavigateIframeToURL(shell(),
+                                    server_redirect_http_url, "test"));
+    load_observer.Wait();
+    EXPECT_EQ(observer.navigation_url(), http_url);
+    EXPECT_TRUE(observer.navigation_result());
+  }
+
+  {
+    // Load server-redirect page pointed to a cross-site server-redirect page,
+    // which eventually redirects back to cross-site page.
+    GURL server_redirect_https_url(https_server.GetURL(
+        "server-redirect?" + https_url.spec()));
+    GURL server_redirect_http_url(test_server()->GetURL(
+        "server-redirect?" + server_redirect_https_url.spec()));
+    WindowedNotificationObserver load_observer(
+        NOTIFICATION_LOAD_STOP,
+        Source<NavigationController>(
+            &shell()->web_contents()->GetController()));
+    EXPECT_TRUE(NavigateIframeToURL(shell(), server_redirect_http_url, "test"));
+    load_observer.Wait();
+
+    // DidFailProvisionalLoad when navigating to https_url.
+    EXPECT_EQ(observer.navigation_url(), https_url);
+    EXPECT_FALSE(observer.navigation_result());
+  }
+
+  {
+    // Load server-redirect page pointed to a cross-site server-redirect page,
+    // which eventually redirects back to same-site page.
+    GURL client_redirect_http_url(https_server.GetURL(
+        "client-redirect?" + http_url.spec()));
+    GURL server_redirect_http_url(test_server()->GetURL(
+        "server-redirect?" + client_redirect_http_url.spec()));
+    WindowedNotificationObserver load_observer(
+        NOTIFICATION_LOAD_STOP,
+        Source<NavigationController>(
+            &shell()->web_contents()->GetController()));
+    EXPECT_TRUE(NavigateIframeToURL(shell(), server_redirect_http_url, "test"));
+    load_observer.Wait();
+
+    // DidFailProvisionalLoad when navigating to client_redirect_http_url.
+    EXPECT_EQ(observer.navigation_url(), client_redirect_http_url);
+    EXPECT_FALSE(observer.navigation_result());
+  }
+}
+
+}