| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (c) 2015, Google Inc. All rights reserved. | 2 * Copyright (c) 2015, Google Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
| 6 * met: | 6 * met: |
| 7 * | 7 * |
| 8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
| (...skipping 562 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 573 ResourceRequest resourceRequest(url); | 573 ResourceRequest resourceRequest(url); |
| 574 ResourceResponse response; | 574 ResourceResponse response; |
| 575 response.setURL(url); | 575 response.setURL(url); |
| 576 response.setSecurityInfo(securityInfo); | 576 response.setSecurityInfo(securityInfo); |
| 577 response.setHasMajorCertificateErrors(true); | 577 response.setHasMajorCertificateErrors(true); |
| 578 RefPtrWillBeRawPtr<Resource> resource = Resource::create(resourceRequest, Re
source::Image); | 578 RefPtrWillBeRawPtr<Resource> resource = Resource::create(resourceRequest, Re
source::Image); |
| 579 resource->setResponse(response); | 579 resource->setResponse(response); |
| 580 fetchContext->dispatchDidLoadResourceFromMemoryCache(resource.get(), WebURLR
equest::FrameTypeNone, WebURLRequest::RequestContextImage); | 580 fetchContext->dispatchDidLoadResourceFromMemoryCache(resource.get(), WebURLR
equest::FrameTypeNone, WebURLRequest::RequestContextImage); |
| 581 } | 581 } |
| 582 | 582 |
| 583 TEST_F(FrameFetchContextTest, SetIsExternalRequestForPublicDocument) |
| 584 { |
| 585 EXPECT_EQ(WebURLRequest::AddressSpacePublic, document->addressSpace()); |
| 586 |
| 587 struct TestCase { |
| 588 const char* url; |
| 589 bool isExternalExpectation; |
| 590 } cases[] = { |
| 591 { "data:text/html,whatever", false }, |
| 592 { "file:///etc/passwd", false }, |
| 593 { "blob:http://example.com/", false }, |
| 594 |
| 595 { "http://example.com/", false }, |
| 596 { "https://example.com/", false }, |
| 597 |
| 598 { "http://192.168.1.1:8000/", true }, |
| 599 { "http://10.1.1.1:8000/", true }, |
| 600 |
| 601 { "http://localhost/", true }, |
| 602 { "http://127.0.0.1/", true }, |
| 603 { "http://127.0.0.1:8000/", true } |
| 604 }; |
| 605 RuntimeEnabledFeatures::setCorsRFC1918Enabled(false); |
| 606 for (const auto& test : cases) { |
| 607 SCOPED_TRACE(test.url); |
| 608 ResourceRequest mainRequest(test.url); |
| 609 fetchContext->addAdditionalRequestHeaders(mainRequest, FetchMainResource
); |
| 610 EXPECT_FALSE(mainRequest.isExternalRequest()); |
| 611 |
| 612 ResourceRequest subRequest(test.url); |
| 613 fetchContext->addAdditionalRequestHeaders(subRequest, FetchSubresource); |
| 614 EXPECT_FALSE(subRequest.isExternalRequest()); |
| 615 } |
| 616 |
| 617 RuntimeEnabledFeatures::setCorsRFC1918Enabled(true); |
| 618 for (const auto& test : cases) { |
| 619 SCOPED_TRACE(test.url); |
| 620 ResourceRequest mainRequest(test.url); |
| 621 fetchContext->addAdditionalRequestHeaders(mainRequest, FetchMainResource
); |
| 622 EXPECT_EQ(mainRequest.isExternalRequest(), test.isExternalExpectation); |
| 623 |
| 624 ResourceRequest subRequest(test.url); |
| 625 fetchContext->addAdditionalRequestHeaders(subRequest, FetchSubresource); |
| 626 EXPECT_EQ(subRequest.isExternalRequest(), test.isExternalExpectation); |
| 627 } |
| 628 } |
| 629 |
| 630 TEST_F(FrameFetchContextTest, SetIsExternalRequestForPrivateDocument) |
| 631 { |
| 632 document->setHostedInReservedIPRange(true); |
| 633 EXPECT_EQ(WebURLRequest::AddressSpacePrivate, document->addressSpace()); |
| 634 |
| 635 struct TestCase { |
| 636 const char* url; |
| 637 bool isExternalExpectation; |
| 638 } cases[] = { |
| 639 { "data:text/html,whatever", false }, |
| 640 { "file:///etc/passwd", false }, |
| 641 { "blob:http://example.com/", false }, |
| 642 |
| 643 { "http://example.com/", false }, |
| 644 { "https://example.com/", false }, |
| 645 |
| 646 { "http://192.168.1.1:8000/", false }, |
| 647 { "http://10.1.1.1:8000/", false }, |
| 648 |
| 649 { "http://localhost/", true }, |
| 650 { "http://127.0.0.1/", true }, |
| 651 { "http://127.0.0.1:8000/", true } |
| 652 }; |
| 653 RuntimeEnabledFeatures::setCorsRFC1918Enabled(false); |
| 654 for (const auto& test : cases) { |
| 655 SCOPED_TRACE(test.url); |
| 656 ResourceRequest mainRequest(test.url); |
| 657 fetchContext->addAdditionalRequestHeaders(mainRequest, FetchMainResource
); |
| 658 EXPECT_FALSE(mainRequest.isExternalRequest()); |
| 659 |
| 660 ResourceRequest subRequest(test.url); |
| 661 fetchContext->addAdditionalRequestHeaders(subRequest, FetchSubresource); |
| 662 EXPECT_FALSE(subRequest.isExternalRequest()); |
| 663 } |
| 664 |
| 665 RuntimeEnabledFeatures::setCorsRFC1918Enabled(true); |
| 666 for (const auto& test : cases) { |
| 667 SCOPED_TRACE(test.url); |
| 668 ResourceRequest mainRequest(test.url); |
| 669 fetchContext->addAdditionalRequestHeaders(mainRequest, FetchMainResource
); |
| 670 EXPECT_EQ(mainRequest.isExternalRequest(), test.isExternalExpectation); |
| 671 |
| 672 ResourceRequest subRequest(test.url); |
| 673 fetchContext->addAdditionalRequestHeaders(subRequest, FetchSubresource); |
| 674 EXPECT_EQ(subRequest.isExternalRequest(), test.isExternalExpectation); |
| 675 } |
| 676 } |
| 677 |
| 678 TEST_F(FrameFetchContextTest, SetIsExternalRequestForLocalDocument) |
| 679 { |
| 680 document->setSecurityOrigin(SecurityOrigin::create(KURL(KURL(), "http://loca
lhost/"))); |
| 681 document->setHostedInReservedIPRange(true); |
| 682 EXPECT_EQ(WebURLRequest::AddressSpaceLocal, document->addressSpace()); |
| 683 |
| 684 struct TestCase { |
| 685 const char* url; |
| 686 bool isExternalExpectation; |
| 687 } cases[] = { |
| 688 { "data:text/html,whatever", false }, |
| 689 { "file:///etc/passwd", false }, |
| 690 { "blob:http://example.com/", false }, |
| 691 |
| 692 { "http://example.com/", false }, |
| 693 { "https://example.com/", false }, |
| 694 |
| 695 { "http://192.168.1.1:8000/", false }, |
| 696 { "http://10.1.1.1:8000/", false }, |
| 697 |
| 698 { "http://localhost/", false }, |
| 699 { "http://127.0.0.1/", false }, |
| 700 { "http://127.0.0.1:8000/", false } |
| 701 }; |
| 702 |
| 703 RuntimeEnabledFeatures::setCorsRFC1918Enabled(false); |
| 704 for (const auto& test : cases) { |
| 705 ResourceRequest mainRequest(test.url); |
| 706 fetchContext->addAdditionalRequestHeaders(mainRequest, FetchMainResource
); |
| 707 EXPECT_FALSE(mainRequest.isExternalRequest()); |
| 708 |
| 709 ResourceRequest subRequest(test.url); |
| 710 fetchContext->addAdditionalRequestHeaders(subRequest, FetchSubresource); |
| 711 EXPECT_FALSE(subRequest.isExternalRequest()); |
| 712 } |
| 713 |
| 714 RuntimeEnabledFeatures::setCorsRFC1918Enabled(true); |
| 715 for (const auto& test : cases) { |
| 716 ResourceRequest mainRequest(test.url); |
| 717 fetchContext->addAdditionalRequestHeaders(mainRequest, FetchMainResource
); |
| 718 EXPECT_EQ(mainRequest.isExternalRequest(), test.isExternalExpectation); |
| 719 |
| 720 ResourceRequest subRequest(test.url); |
| 721 fetchContext->addAdditionalRequestHeaders(subRequest, FetchSubresource); |
| 722 EXPECT_EQ(subRequest.isExternalRequest(), test.isExternalExpectation); |
| 723 } |
| 724 } |
| 725 |
| 583 } // namespace blink | 726 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1749153002:
CORS-RFC1918: Teach ResourceRequest about "external" requests (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master