| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "base/bind.h" |
| 6 #include "base/bind_helpers.h" |
| 7 #include "base/memory/scoped_ptr.h" |
| 8 #include "content/browser/frame_host/ancestor_throttle.h" |
| 9 #include "content/public/browser/navigation_handle.h" |
| 10 #include "content/public/browser/navigation_throttle.h" |
| 11 #include "content/public/browser/web_contents.h" |
| 12 #include "content/public/test/test_renderer_host.h" |
| 13 #include "net/http/http_response_headers.h" |
| 14 #include "testing/gmock/include/gmock/gmock.h" |
| 15 #include "testing/gtest/include/gtest/gtest.h" |
| 16 |
| 17 namespace content { |
| 18 |
| 19 namespace { |
| 20 |
| 21 net::HttpResponseHeaders* GetAncestorHeaders(const char* xfo, const char* csp) { |
| 22 std::string header_string("HTTP/1.1 200 OK\nX-Frame-Options: "); |
| 23 header_string += xfo; |
| 24 if (csp != nullptr) { |
| 25 header_string += "\nContent-Security-Policy: "; |
| 26 header_string += csp; |
| 27 } |
| 28 header_string += "\n\n"; |
| 29 std::replace(header_string.begin(), header_string.end(), '\n', '\0'); |
| 30 net::HttpResponseHeaders* headers = |
| 31 new net::HttpResponseHeaders(header_string); |
| 32 EXPECT_TRUE(headers->HasHeader("X-Frame-Options")); |
| 33 if (csp != nullptr) |
| 34 EXPECT_TRUE(headers->HasHeader("Content-Security-Policy")); |
| 35 return headers; |
| 36 } |
| 37 |
| 38 } // namespace |
| 39 |
| 40 // AncestorThrottleTest |
| 41 // ------------------------------------------------------------- |
| 42 |
| 43 class AncestorThrottleTest : public testing::Test {}; |
| 44 |
| 45 TEST_F(AncestorThrottleTest, ParsingXFrameOptions) { |
| 46 struct TestCase { |
| 47 const char* header; |
| 48 AncestorThrottle::HeaderDisposition expected; |
| 49 const char* value; |
| 50 } cases[] = { |
| 51 // Basic keywords |
| 52 {"DENY", AncestorThrottle::DENY, "DENY"}, |
| 53 {"SAMEORIGIN", AncestorThrottle::SAMEORIGIN, "SAMEORIGIN"}, |
| 54 {"ALLOWALL", AncestorThrottle::ALLOWALL, "ALLOWALL"}, |
| 55 |
| 56 // Repeated keywords |
| 57 {"DENY,DENY", AncestorThrottle::DENY, "DENY, DENY"}, |
| 58 {"SAMEORIGIN,SAMEORIGIN", AncestorThrottle::SAMEORIGIN, |
| 59 "SAMEORIGIN, SAMEORIGIN"}, |
| 60 {"ALLOWALL,ALLOWALL", AncestorThrottle::ALLOWALL, "ALLOWALL, ALLOWALL"}, |
| 61 |
| 62 // Case-insensitive |
| 63 {"deNy", AncestorThrottle::DENY, "deNy"}, |
| 64 {"sAmEorIgIn", AncestorThrottle::SAMEORIGIN, "sAmEorIgIn"}, |
| 65 {"AlLOWaLL", AncestorThrottle::ALLOWALL, "AlLOWaLL"}, |
| 66 |
| 67 // Trim whitespace |
| 68 {" DENY", AncestorThrottle::DENY, "DENY"}, |
| 69 {"SAMEORIGIN ", AncestorThrottle::SAMEORIGIN, "SAMEORIGIN"}, |
| 70 {" ALLOWALL ", AncestorThrottle::ALLOWALL, "ALLOWALL"}, |
| 71 {" DENY", AncestorThrottle::DENY, "DENY"}, |
| 72 {"SAMEORIGIN ", AncestorThrottle::SAMEORIGIN, "SAMEORIGIN"}, |
| 73 {" ALLOWALL ", AncestorThrottle::ALLOWALL, "ALLOWALL"}, |
| 74 {" DENY , DENY ", AncestorThrottle::DENY, "DENY, DENY"}, |
| 75 {"SAMEORIGIN, SAMEORIGIN", AncestorThrottle::SAMEORIGIN, |
| 76 "SAMEORIGIN, SAMEORIGIN"}, |
| 77 {"ALLOWALL ,ALLOWALL", AncestorThrottle::ALLOWALL, "ALLOWALL, ALLOWALL"}, |
| 78 }; |
| 79 |
| 80 AncestorThrottle throttle(nullptr); |
| 81 for (const auto& test : cases) { |
| 82 SCOPED_TRACE(test.header); |
| 83 scoped_refptr<net::HttpResponseHeaders> headers = |
| 84 GetAncestorHeaders(test.header, nullptr); |
| 85 std::string header_value; |
| 86 EXPECT_EQ(test.expected, |
| 87 throttle.ParseHeader(headers.get(), &header_value)); |
| 88 EXPECT_EQ(test.value, header_value); |
| 89 } |
| 90 } |
| 91 |
| 92 TEST_F(AncestorThrottleTest, ErrorsParsingXFrameOptions) { |
| 93 struct TestCase { |
| 94 const char* header; |
| 95 AncestorThrottle::HeaderDisposition expected; |
| 96 const char* failure; |
| 97 } cases[] = { |
| 98 // Empty == Invalid. |
| 99 {"", AncestorThrottle::INVALID, ""}, |
| 100 |
| 101 // Invalid |
| 102 {"INVALID", AncestorThrottle::INVALID, "INVALID"}, |
| 103 {"INVALID DENY", AncestorThrottle::INVALID, "INVALID DENY"}, |
| 104 {"DENY DENY", AncestorThrottle::INVALID, "DENY DENY"}, |
| 105 {"DE NY", AncestorThrottle::INVALID, "DE NY"}, |
| 106 |
| 107 // Conflicts |
| 108 {"INVALID,DENY", AncestorThrottle::CONFLICT, "INVALID, DENY"}, |
| 109 {"DENY,ALLOWALL", AncestorThrottle::CONFLICT, "DENY, ALLOWALL"}, |
| 110 {"SAMEORIGIN,DENY", AncestorThrottle::CONFLICT, "SAMEORIGIN, DENY"}, |
| 111 {"ALLOWALL,SAMEORIGIN", AncestorThrottle::CONFLICT, |
| 112 "ALLOWALL, SAMEORIGIN"}, |
| 113 {"DENY, SAMEORIGIN", AncestorThrottle::CONFLICT, "DENY, SAMEORIGIN"}}; |
| 114 |
| 115 AncestorThrottle throttle(nullptr); |
| 116 for (const auto& test : cases) { |
| 117 SCOPED_TRACE(test.header); |
| 118 scoped_refptr<net::HttpResponseHeaders> headers = |
| 119 GetAncestorHeaders(test.header, nullptr); |
| 120 std::string header_value; |
| 121 EXPECT_EQ(test.expected, |
| 122 throttle.ParseHeader(headers.get(), &header_value)); |
| 123 EXPECT_EQ(test.failure, header_value); |
| 124 } |
| 125 } |
| 126 |
| 127 TEST_F(AncestorThrottleTest, IgnoreWhenFrameAncestorsPresent) { |
| 128 struct TestCase { |
| 129 const char* csp; |
| 130 AncestorThrottle::HeaderDisposition expected; |
| 131 } cases[] = { |
| 132 {"", AncestorThrottle::DENY}, |
| 133 {"frame-ancestors 'none'", AncestorThrottle::IGNORE}, |
| 134 {"frame-ancestors *", AncestorThrottle::IGNORE}, |
| 135 {"frame-ancestors 'self'", AncestorThrottle::IGNORE}, |
| 136 {"frame-ancestors https://example.com", AncestorThrottle::IGNORE}, |
| 137 {"fRaMe-AnCeStOrS *", AncestorThrottle::IGNORE}, |
| 138 {"directive1; frame-ancestors 'none'", AncestorThrottle::IGNORE}, |
| 139 {"directive1; frame-ancestors *", AncestorThrottle::IGNORE}, |
| 140 {"directive1; frame-ancestors 'self'", AncestorThrottle::IGNORE}, |
| 141 {"directive1; frame-ancestors https://example.com", |
| 142 AncestorThrottle::IGNORE}, |
| 143 {"directive1; fRaMe-AnCeStOrS *", AncestorThrottle::IGNORE}, |
| 144 {"policy1, frame-ancestors 'none'", AncestorThrottle::IGNORE}, |
| 145 {"policy1, frame-ancestors *", AncestorThrottle::IGNORE}, |
| 146 {"policy1, frame-ancestors 'self'", AncestorThrottle::IGNORE}, |
| 147 {"policy1, frame-ancestors https://example.com", |
| 148 AncestorThrottle::IGNORE}, |
| 149 {"policy1, frame-ancestors 'none'", AncestorThrottle::IGNORE}, |
| 150 {"policy1, directive1; frame-ancestors *", AncestorThrottle::IGNORE}, |
| 151 {"policy1, directive1; frame-ancestors 'self'", AncestorThrottle::IGNORE}, |
| 152 {"policy1, directive1; frame-ancestors https://example.com", |
| 153 AncestorThrottle::IGNORE}, |
| 154 {"policy1, directive1; fRaMe-AnCeStOrS *", AncestorThrottle::IGNORE}, |
| 155 {"policy1, directive1; fRaMe-AnCeStOrS *", AncestorThrottle::IGNORE}, |
| 156 |
| 157 {"not-frame-ancestors *", AncestorThrottle::DENY}, |
| 158 {"frame-ancestors-are-lovely", AncestorThrottle::DENY}, |
| 159 {"directive1; not-frame-ancestors *", AncestorThrottle::DENY}, |
| 160 {"directive1; frame-ancestors-are-lovely", AncestorThrottle::DENY}, |
| 161 {"policy1, not-frame-ancestors *", AncestorThrottle::DENY}, |
| 162 {"policy1, frame-ancestors-are-lovely", AncestorThrottle::DENY}, |
| 163 {"policy1, directive1; not-frame-ancestors *", AncestorThrottle::DENY}, |
| 164 {"policy1, directive1; frame-ancestors-are-lovely", |
| 165 AncestorThrottle::DENY}, |
| 166 }; |
| 167 |
| 168 AncestorThrottle throttle(nullptr); |
| 169 for (const auto& test : cases) { |
| 170 SCOPED_TRACE(test.csp); |
| 171 scoped_refptr<net::HttpResponseHeaders> headers = |
| 172 GetAncestorHeaders("DENY", test.csp); |
| 173 std::string header_value; |
| 174 EXPECT_EQ(test.expected, |
| 175 throttle.ParseHeader(headers.get(), &header_value)); |
| 176 EXPECT_EQ("DENY", header_value); |
| 177 } |
| 178 } |
| 179 |
| 180 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1617043002:
Introduce AncestorThrottle, which will process 'X-Frame-Options' headers. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@block-response