chrome/browser/extensions/api/webrtc_from_web_accessible_resource_browsertest.cc - Issue 1383483007: Add scheme exceptions for isSecureContext

Side by Side Diff: chrome/browser/extensions/api/webrtc_from_web_accessible_resource_browsertest.cc

Issue 1383483007: Add scheme exceptions for isSecureContext (Closed) Base URL: https://chromium.googlesource.com/chromium/src@master

Patch Set: Fixes Created 5 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
(Empty)
	1 // Copyright 2015 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include "base/command_line.h"

	6 #include "chrome/browser/extensions/extension_apitest.h"

	7 #include "chrome/browser/ui/tabs/tab_strip_model.h"

	8 #include "chrome/browser/ui/website_settings/permission_bubble_manager.h"

	9 #include "chrome/common/chrome_switches.h"
	Devlin 2015/10/14 15:24:45 Do you need all three of these switches.h files? Do you need all three of these switches.h files? jww 2015/10/15 18:19:41 Nope, removed chrome_switches.h and content_switch Show quoted text On 2015/10/14 15:24:45, Devlin wrote: > Do you need all three of these switches.h files? Nope, removed chrome_switches.h and content_switches.h.
	10 #include "chrome/test/base/ui_test_utils.h"

	11 #include "content/public/common/content_switches.h"

	12 #include "extensions/test/result_catcher.h"

	13 #include "media/base/media_switches.h"

	14 #include "net/dns/mock_host_resolver.h"

	15 #include "net/test/embedded_test_server/embedded_test_server.h"

	16

	17 namespace extensions {

	18

	19 namespace {

	20

	21 // Used to observe the creation of permission prompt without responding.

	22 class PermissionRequestObserver : public PermissionBubbleManager::Observer {

	23 public:

	24 explicit PermissionRequestObserver(content::WebContents* web_contents)

	25 : bubble_manager_(PermissionBubbleManager::FromWebContents(web_contents)),

	26 request_shown_(false),

	27 message_loop_runner_(new content::MessageLoopRunner) {
	Devlin 2015/10/14 15:24:45 nitty nit: though it doesn't matter for MessageLoo nitty nit: though it doesn't matter for MessageLoopRunner, prefer value-initialization for types (i.e., new MessageLoopRunner()) to avoid a random nasty pitfall. Though this is probably moot with below. jww 2015/10/15 18:19:41 Acknowledged. Show quoted text On 2015/10/14 15:24:45, Devlin wrote: > nitty nit: though it doesn't matter for MessageLoopRunner, prefer > value-initialization for types (i.e., new MessageLoopRunner()) to avoid a random > nasty pitfall. > > Though this is probably moot with below. Acknowledged.
	28 bubble_manager_->AddObserver(this);

	29 }

	30 ~PermissionRequestObserver() override {

	31 // Safe to remove twice if it happens.

	32 bubble_manager_->RemoveObserver(this);

	33 }

	34

	35 void Wait() { message_loop_runner_->Run(); }
	Devlin 2015/10/14 15:24:45 It's usually better to have a check that the reque It's usually better to have a check that the request hasn't been shown yet (if code executes synchronously in the future, it could be) before running the message loop, to avoid running endlessly. That said, I don't think this method is actually used? (Which means it and the message loop runner can be removed). jww 2015/10/15 18:19:41 Yup, I copied this from some WebRTC code and, appa Show quoted text On 2015/10/14 15:24:45, Devlin wrote: > It's usually better to have a check that the request hasn't been shown yet (if > code executes synchronously in the future, it could be) before running the > message loop, to avoid running endlessly. > > That said, I don't think this method is actually used? (Which means it and the > message loop runner can be removed). Yup, I copied this from some WebRTC code and, apparently, didn't go over it carefully enough :-P Sorry! Removing.
	36

	37 bool request_shown() const { return request_shown_; }

	38

	39 private:

	40 // PermissionBubbleManager::Observer

	41 void OnBubbleAdded() override {

	42 request_shown_ = true;

	43 bubble_manager_->RemoveObserver(this);

	44 message_loop_runner_->Quit();

	45 }

	46

	47 PermissionBubbleManager* bubble_manager_;

	48 bool request_shown_;

	49 scoped_refptr<content::MessageLoopRunner> message_loop_runner_;

	50

	51 DISALLOW_COPY_AND_ASSIGN(PermissionRequestObserver);

	52 };

	53

	54 } // namespace

	55

	56 class WebRtcFromWebAccessibleResourceTest : public ExtensionApiTest {

	57 public:

	58 WebRtcFromWebAccessibleResourceTest() {}

	59 ~WebRtcFromWebAccessibleResourceTest() override {}

	60

	61 // InProcessBrowserTest:

	62 void SetUpCommandLine(base::CommandLine* command_line) override {

	63 ExtensionApiTest::SetUpCommandLine(command_line);

	64

	65 // This test expects to run with fake devices.
	Devlin 2015/10/14 15:24:45 nitty nit: this comment tells us nothing that the nitty nit: this comment tells us nothing that the code doesn't. :) It should either be expanded, or removed (I'd probably just remove it). jww 2015/10/15 18:19:41 Done. Show quoted text On 2015/10/14 15:24:45, Devlin wrote: > nitty nit: this comment tells us nothing that the code doesn't. :) It should > either be expanded, or removed (I'd probably just remove it). Done.
	66 command_line->AppendSwitch(switches::kUseFakeDeviceForMediaStream);

	67 }

	68

	69 protected:

	70 GURL GetTestServerInsecureUrl(const std::string& path) {

	71 GURL url = embedded_test_server()->GetURL(path);

	72

	73 GURL::Replacements replace_host_and_scheme;

	74 replace_host_and_scheme.SetHostStr("a.com");

	75 replace_host_and_scheme.SetSchemeStr("http");

	76 url = url.ReplaceComponents(replace_host_and_scheme);

	77

	78 return url;

	79 }

	80

	81 private:

	82 DISALLOW_COPY_AND_ASSIGN(WebRtcFromWebAccessibleResourceTest);

	83 };

	84

	85 // Verify that a chrome-extension:// web accessible URL can successfully access

	86 // getUserMedia(), even if it is embedded in an insecure context.

	87 IN_PROC_BROWSER_TEST_F(WebRtcFromWebAccessibleResourceTest,

	88 GetUserMediaInWebAccessibleResourceSuccess) {
	robwu 2015/10/14 09:05:35 Could you also add a test for <iframe sandbox src= Could you also add a test for <iframe sandbox src=chrome-extension: ...>? jww 2015/10/15 18:19:41 Unfortunately, I can't, but that's not a change fr Show quoted text On 2015/10/14 09:05:35, robwu wrote: > Could you also add a test for <iframe sandbox src=chrome-extension: ...>? Unfortunately, I can't, but that's not a change from the status quo. You can't use getUserMedia in a sandbox because MediaStreamDispatchHost::IsURLAllowed returns false for sandboxed iframes (unless 'allow-same-origin' is given): https://code.google.com/p/chromium/codesearch#chromium/src/content/browser/re...
	89 host_resolver()->AddRule("a.com", "127.0.0.1");

	90 ASSERT_TRUE(StartEmbeddedTestServer());

	91

	92 ASSERT_TRUE(RunExtensionTest("webrtc_from_web_accessible_resource"))

	93 << message_;

	94

	95 GURL url = GetTestServerInsecureUrl("/extensions/test_file.html?succeed");

	96 ui_test_utils::NavigateToURL(browser(), url);
	Devlin 2015/10/14 15:24:45 Is there a race condition in these steps? If we n Is there a race condition in these steps? If we navigate to the url and the content script executes, then isn't there a chance gUM will be called before we set the auto response and set up the result catcher? Or am I missing something? (The fix would just be to set the auto response and initialize the result catcher above the navigation.) jww 2015/10/15 18:19:41 I believe that's not a problem because it will sit Show quoted text On 2015/10/14 15:24:45, Devlin wrote: > Is there a race condition in these steps? If we navigate to the url and the > content script executes, then isn't there a chance gUM will be called before we > set the auto response and set up the result catcher? Or am I missing something? > > (The fix would just be to set the auto response and initialize the result > catcher above the navigation.) I believe that's not a problem because it will sit and wait for a PermissionBubbleManager response, which we give below. Devlin 2015/10/15 18:34:11 It will sit and wait, but set_auto_response_for_te Show quoted text On 2015/10/15 18:19:41, jww (traveling- slow) wrote: > On 2015/10/14 15:24:45, Devlin wrote: > > Is there a race condition in these steps? If we navigate to the url and the > > content script executes, then isn't there a chance gUM will be called before > we > > set the auto response and set up the result catcher? Or am I missing > something? > > > > (The fix would just be to set the auto response and initialize the result > > catcher above the navigation.) > > I believe that's not a problem because it will sit and wait for a > PermissionBubbleManager response, which we give below. It will sit and wait, but set_auto_response_for_test() doesn't seem to do anything for existing requests. So my worry is that if we actually get to the point of asking for permission before we set the auto response, then the prompt will just sit there indefinitely. Is this incorrect? robwu 2015/10/15 20:56:11 Devlin's comment seems to be right. To avoid any Show quoted text On 2015/10/15 18:34:11, Devlin wrote: > On 2015/10/15 18:19:41, jww (traveling- slow) wrote: > > On 2015/10/14 15:24:45, Devlin wrote: > > > Is there a race condition in these steps? If we navigate to the url and the > > > content script executes, then isn't there a chance gUM will be called before > > we > > > set the auto response and set up the result catcher? Or am I missing > > something? > > > > > > (The fix would just be to set the auto response and initialize the result > > > catcher above the navigation.) > > > > I believe that's not a problem because it will sit and wait for a > > PermissionBubbleManager response, which we give below. > > It will sit and wait, but set_auto_response_for_test() doesn't seem to do > anything for existing requests. So my worry is that if we actually get to the > point of asking for permission before we set the auto response, then the prompt > will just sit there indefinitely. > > Is this incorrect? Devlin's comment seems to be right. To avoid any races, the content script should not call gUM until the autoresponder has been set up. This can be achieved as follows: // contentscript.js chrome.test.sendMessage('onReady', function() { // Start gUM test here }); // webrtc_from_web_accessible_resource_browsertest.cc ExtensionTestMessageListener listener("onReady", false); ... RunExtensionTest, Navigate, set up autoresponder, etc... // Now allow the content script to proceed. EXPECT_TRUE(listener.WaitUntilSatisfied()); listener.Reply(""); ... Wait until completion + run assertions... Devlin 2015/10/15 21:21:02 A simpler solution might be to just set the auto r Show quoted text On 2015/10/15 20:56:11, robwu wrote: > On 2015/10/15 18:34:11, Devlin wrote: > > On 2015/10/15 18:19:41, jww (traveling- slow) wrote: > > > On 2015/10/14 15:24:45, Devlin wrote: > > > > Is there a race condition in these steps? If we navigate to the url and > the > > > > content script executes, then isn't there a chance gUM will be called > before > > > we > > > > set the auto response and set up the result catcher? Or am I missing > > > something? > > > > > > > > (The fix would just be to set the auto response and initialize the result > > > > catcher above the navigation.) > > > > > > I believe that's not a problem because it will sit and wait for a > > > PermissionBubbleManager response, which we give below. > > > > It will sit and wait, but set_auto_response_for_test() doesn't seem to do > > anything for existing requests. So my worry is that if we actually get to the > > point of asking for permission before we set the auto response, then the > prompt > > will just sit there indefinitely. > > > > Is this incorrect? > > Devlin's comment seems to be right. > > To avoid any races, the content script should not call gUM until the > autoresponder has been set up. This can be achieved as follows: > > > // contentscript.js > chrome.test.sendMessage('onReady', function() { > // Start gUM test here > }); > > > // webrtc_from_web_accessible_resource_browsertest.cc > ExtensionTestMessageListener listener("onReady", false); > ... RunExtensionTest, Navigate, set up autoresponder, etc... > // Now allow the content script to proceed. > EXPECT_TRUE(listener.WaitUntilSatisfied()); > listener.Reply(""); > ... Wait until completion + run assertions... A simpler solution might be to just set the auto response (and initialize the result catcher) before navigating (assuming autoresponses aren't cleared on navigation - I don't think they are). But either one works - whatever's easiest. jww 2015/10/15 22:38:06 Yup, I took Devlin's suggested approach. Show quoted text On 2015/10/15 21:21:02, Devlin wrote: > On 2015/10/15 20:56:11, robwu wrote: > > On 2015/10/15 18:34:11, Devlin wrote: > > > On 2015/10/15 18:19:41, jww (traveling- slow) wrote: > > > > On 2015/10/14 15:24:45, Devlin wrote: > > > > > Is there a race condition in these steps? If we navigate to the url and > > the > > > > > content script executes, then isn't there a chance gUM will be called > > before > > > > we > > > > > set the auto response and set up the result catcher? Or am I missing > > > > something? > > > > > > > > > > (The fix would just be to set the auto response and initialize the > result > > > > > catcher above the navigation.) > > > > > > > > I believe that's not a problem because it will sit and wait for a > > > > PermissionBubbleManager response, which we give below. > > > > > > It will sit and wait, but set_auto_response_for_test() doesn't seem to do > > > anything for existing requests. So my worry is that if we actually get to > the > > > point of asking for permission before we set the auto response, then the > > prompt > > > will just sit there indefinitely. > > > > > > Is this incorrect? > > > > Devlin's comment seems to be right. > > > > To avoid any races, the content script should not call gUM until the > > autoresponder has been set up. This can be achieved as follows: > > > > > > // contentscript.js > > chrome.test.sendMessage('onReady', function() { > > // Start gUM test here > > }); > > > > > > // webrtc_from_web_accessible_resource_browsertest.cc > > ExtensionTestMessageListener listener("onReady", false); > > ... RunExtensionTest, Navigate, set up autoresponder, etc... > > // Now allow the content script to proceed. > > EXPECT_TRUE(listener.WaitUntilSatisfied()); > > listener.Reply(""); > > ... Wait until completion + run assertions... > > A simpler solution might be to just set the auto response (and initialize the > result catcher) before navigating (assuming autoresponses aren't cleared on > navigation - I don't think they are). But either one works - whatever's > easiest. Yup, I took Devlin's suggested approach.
	97 content::WebContents* web_contents =

	98 browser()->tab_strip_model()->GetActiveWebContents();

	99 PermissionBubbleManager* bubble_manager =

	100 PermissionBubbleManager::FromWebContents(web_contents);

	101 bubble_manager->set_auto_response_for_test(

	102 PermissionBubbleManager::ACCEPT_ALL);

	103 PermissionRequestObserver permissionRequestObserver(web_contents);
	Devlin 2015/10/15 18:34:11 as I was responding to the comment above, I realiz as I was responding to the comment above, I realized this is camelcase. Prefer unix_hacker_style for variables. jww 2015/10/15 22:38:06 Done. Show quoted text On 2015/10/15 18:34:11, Devlin wrote: > as I was responding to the comment above, I realized this is camelcase. Prefer > unix_hacker_style for variables. Done.
	104

	105 extensions::ResultCatcher catcher;

	106 ASSERT_TRUE(catcher.GetNextResult());

	107 EXPECT_TRUE(permissionRequestObserver.request_shown());

	108 }

	109

	110 // Verify that a chrome-extension:// web accessible URL will fail to access

	111 // getUserMedia() if it is denied by the permission bubble, even if it is

	112 // embedded in an insecure context.

	113 IN_PROC_BROWSER_TEST_F(WebRtcFromWebAccessibleResourceTest,

	114 GetUserMediaInWebAccessibleResourceFail) {

	115 host_resolver()->AddRule("a.com", "127.0.0.1");

	116 ASSERT_TRUE(StartEmbeddedTestServer());

	117

	118 ASSERT_TRUE(RunExtensionTest("webrtc_from_web_accessible_resource"))

	119 << message_;

	120

	121 GURL url = GetTestServerInsecureUrl("/extensions/test_file.html?fail");

	122 ui_test_utils::NavigateToURL(browser(), url);

	123 content::WebContents* web_contents =

	124 browser()->tab_strip_model()->GetActiveWebContents();

	125 PermissionBubbleManager* bubble_manager =

	126 PermissionBubbleManager::FromWebContents(web_contents);

	127 bubble_manager->set_auto_response_for_test(PermissionBubbleManager::DENY_ALL);

	128 PermissionRequestObserver permissionRequestObserver(web_contents);

	129

	130 extensions::ResultCatcher catcher;

	131 ASSERT_TRUE(catcher.GetNextResult());

	132 EXPECT_TRUE(permissionRequestObserver.request_shown());

	133 }

	134

	135 } // namespace extensions

OLD	NEW

« no previous file with comments | « no previous file | chrome/chrome_tests.gypi » ('j') | chrome/test/data/extensions/api_test/webrtc_from_web_accessible_resource/content-script.js » ('J')