Index: content/browser/child_process_security_policy_unittest.cc |
diff --git a/content/browser/child_process_security_policy_unittest.cc b/content/browser/child_process_security_policy_unittest.cc |
index beb85b69cedc1ca2cc3443a37c99069dc8e0f709..87cde7bd4d11d4998a7a64e826191fb86d30ee4a 100644 |
--- a/content/browser/child_process_security_policy_unittest.cc |
+++ b/content/browser/child_process_security_policy_unittest.cc |
@@ -16,6 +16,7 @@ |
#include "storage/common/fileapi/file_system_types.h" |
#include "testing/gtest/include/gtest/gtest.h" |
#include "url/gurl.h" |
+#include "url/origin.h" |
namespace content { |
namespace { |
@@ -697,4 +698,35 @@ TEST_F(ChildProcessSecurityPolicyTest, RemoveRace) { |
EXPECT_FALSE(p->HasWebUIBindings(kRendererID)); |
} |
+// Test the granting of origin permissions, and their interactions with |
+// granting scheme permissions. |
+TEST_F(ChildProcessSecurityPolicyTest, OriginGranting) { |
+ ChildProcessSecurityPolicyImpl* p = |
+ ChildProcessSecurityPolicyImpl::GetInstance(); |
+ |
+ p->Add(kRendererID); |
+ |
+ GURL url_foo1("chrome://foo/resource1"); |
+ GURL url_foo2("chrome://foo/resource2"); |
+ GURL url_bar("chrome://bar/resource3"); |
+ |
+ EXPECT_FALSE(p->CanCommitURL(kRendererID, url_foo1)); |
Charlie Reis
2015/09/29 22:15:53
nit: Let's also include CanRequestURL calls, simil
paulmeyer
2015/09/30 14:21:31
Done.
|
+ EXPECT_FALSE(p->CanCommitURL(kRendererID, url_foo2)); |
+ EXPECT_FALSE(p->CanCommitURL(kRendererID, url_bar)); |
+ |
+ p->GrantOrigin(kRendererID, url::Origin(url_foo1)); |
+ |
+ EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo1)); |
+ EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo2)); |
+ EXPECT_FALSE(p->CanCommitURL(kRendererID, url_bar)); |
+ |
+ p->GrantScheme(kRendererID, kChromeUIScheme); |
+ |
+ EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo1)); |
+ EXPECT_TRUE(p->CanCommitURL(kRendererID, url_foo2)); |
+ EXPECT_TRUE(p->CanCommitURL(kRendererID, url_bar)); |
+ |
+ p->Remove(kRendererID); |
+} |
+ |
} // namespace content |