Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(559)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/frame/csp/ContentSecurityPolicyTest.cpp

Issue 1326823003: CSP: 'frame-ancestors' should override 'x-frame-options'. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Created 5 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« LayoutTests/http/tests/security/contentSecurityPolicy/resources/frame-ancestors-and-x-frame-options.pl ('K') | « Source/core/frame/csp/ContentSecurityPolicy.cpp ('k') | Source/core/loader/DocumentLoader.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "config.h" 5 #include "config.h"
6 #include "core/frame/csp/ContentSecurityPolicy.h" 6 #include "core/frame/csp/ContentSecurityPolicy.h"
7 7
8 #include "core/dom/Document.h" 8 #include "core/dom/Document.h"
9 #include "core/loader/DocumentLoader.h" 9 #include "core/loader/DocumentLoader.h"
10 #include "platform/RuntimeEnabledFeatures.h" 10 #include "platform/RuntimeEnabledFeatures.h"
(...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after
85 85
86 RefPtrWillBeRawPtr<ContentSecurityPolicy> csp2 = ContentSecurityPolicy::crea te(); 86 RefPtrWillBeRawPtr<ContentSecurityPolicy> csp2 = ContentSecurityPolicy::crea te();
87 csp2->copyPluginTypesFrom(csp.get()); 87 csp2->copyPluginTypesFrom(csp.get());
88 EXPECT_TRUE(csp2->allowScriptFromSource(exampleUrl, ContentSecurityPolicy::D idNotRedirect, ContentSecurityPolicy::SuppressReport)); 88 EXPECT_TRUE(csp2->allowScriptFromSource(exampleUrl, ContentSecurityPolicy::D idNotRedirect, ContentSecurityPolicy::SuppressReport));
89 EXPECT_TRUE(csp2->allowPluginType("application/x-type-1", "application/x-typ e-1", exampleUrl, ContentSecurityPolicy::SuppressReport)); 89 EXPECT_TRUE(csp2->allowPluginType("application/x-type-1", "application/x-typ e-1", exampleUrl, ContentSecurityPolicy::SuppressReport));
90 EXPECT_TRUE(csp2->allowImageFromSource(exampleUrl, ContentSecurityPolicy::Di dNotRedirect, ContentSecurityPolicy::SuppressReport)); 90 EXPECT_TRUE(csp2->allowImageFromSource(exampleUrl, ContentSecurityPolicy::Di dNotRedirect, ContentSecurityPolicy::SuppressReport));
91 EXPECT_TRUE(csp2->allowImageFromSource(notExampleUrl, ContentSecurityPolicy: :DidNotRedirect, ContentSecurityPolicy::SuppressReport)); 91 EXPECT_TRUE(csp2->allowImageFromSource(notExampleUrl, ContentSecurityPolicy: :DidNotRedirect, ContentSecurityPolicy::SuppressReport));
92 EXPECT_FALSE(csp2->allowPluginType("application/x-type-2", "application/x-ty pe-2", exampleUrl, ContentSecurityPolicy::SuppressReport)); 92 EXPECT_FALSE(csp2->allowPluginType("application/x-type-2", "application/x-ty pe-2", exampleUrl, ContentSecurityPolicy::SuppressReport));
93 } 93 }
94 94
95 TEST_F(ContentSecurityPolicyTest, IsFrameAncestorsEnforced)
96 {
97 csp->didReceiveHeader("script-src 'none';", ContentSecurityPolicyHeaderTypeE nforce, ContentSecurityPolicyHeaderSourceHTTP);
98 EXPECT_FALSE(csp->isFrameAncestorsEnforced());
99
100 csp->didReceiveHeader("frame-ancestors 'self'", ContentSecurityPolicyHeaderT ypeReport, ContentSecurityPolicyHeaderSourceHTTP);
101 EXPECT_FALSE(csp->isFrameAncestorsEnforced());
102
103 csp->didReceiveHeader("frame-ancestors 'self'", ContentSecurityPolicyHeaderT ypeEnforce, ContentSecurityPolicyHeaderSourceHTTP);
104 EXPECT_TRUE(csp->isFrameAncestorsEnforced());
105 }
106
95 } // namespace 107 } // namespace
OLDNEW
« LayoutTests/http/tests/security/contentSecurityPolicy/resources/frame-ancestors-and-x-frame-options.pl ('K') | « Source/core/frame/csp/ContentSecurityPolicy.cpp ('k') | Source/core/loader/DocumentLoader.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698