Chromium Code Reviews Chromium Code Reviews
Issue 1754383002:
OOPIF: Add a test for cross-site frames blocked by X-Frame-Options and CSP. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/site_per_process_browsertest.h" | 5 #include "content/browser/site_per_process_browsertest.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 #include <stdint.h> | 8 #include <stdint.h> |
| 9 | 9 |
| 10 #include <algorithm> | 10 #include <algorithm> |
| (...skipping 5428 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 5439 observer->Wait(); | 5439 observer->Wait(); |
| 5440 | 5440 |
| 5441 // Force the renderer to generate a new frame. | 5441 // Force the renderer to generate a new frame. |
| 5442 EXPECT_TRUE(ExecuteScript(shell()->web_contents(), | 5442 EXPECT_TRUE(ExecuteScript(shell()->web_contents(), |
| 5443 "document.body.style.background = 'black'")); | 5443 "document.body.style.background = 'black'")); |
| 5444 | 5444 |
| 5445 // Waits for the next frame. | 5445 // Waits for the next frame. |
| 5446 observer->Wait(); | 5446 observer->Wait(); |
| 5447 } | 5447 } |
| 5448 | 5448 |
| 5449 // Test that a cross-origin iframe can be blocked by X-Frame-Options and CSP | |
| 5450 // frame-ancestors. | |
| 5451 IN_PROC_BROWSER_TEST_F(SitePerProcessBrowserTest, | |
| 5452 CrossSiteIframeBlockedByXFrameOptionsOrCSP) { | |
| 5453 GURL main_url(embedded_test_server()->GetURL( | |
| 5454 "a.com", "/cross_site_iframe_factory.html?a(a)")); | |
| 5455 NavigateToURL(shell(), main_url); | |
| 5456 | |
| 5457 FrameTreeNode* root = static_cast<WebContentsImpl*>(shell()->web_contents()) | |
| 5458 ->GetFrameTree() | |
| 5459 ->root(); | |
| 5460 | |
| 5461 // Add a load event handler for the iframe element. | |
| 5462 EXPECT_TRUE(ExecuteScript(shell()->web_contents(), | |
| 5463 "document.querySelector('iframe').onload = " | |
| 5464 " function() { document.title = 'loaded'; };")); | |
| 5465 | |
| 5466 GURL blocked_urls[] = { | |
| 5467 embedded_test_server()->GetURL("b.com", "/frame-ancestors-none.html"), | |
| 5468 embedded_test_server()->GetURL("b.com", "/x-frame-options-deny.html") | |
| 5469 }; | |
| 5470 | |
| 5471 for (size_t i = 0; i < arraysize(blocked_urls); ++i) { | |
| 5472 EXPECT_TRUE(ExecuteScript(shell()->web_contents(), | |
| 5473 "document.title = 'not loaded';")); | |
| 5474 base::string16 expected_title(base::UTF8ToUTF16("loaded")); | |
| 5475 TitleWatcher title_watcher(shell()->web_contents(), expected_title); | |
| 5476 | |
| 5477 // Navigate the subframe to a blocked URL. | |
| 5478 TestNavigationObserver load_observer(shell()->web_contents()); | |
| 5479 EXPECT_TRUE(ExecuteScript( | |
| 5480 shell()->web_contents(), | |
| 5481 "frames[0].location.href = '" + blocked_urls[i].spec() + "';")); | |
| 5482 load_observer.Wait(); | |
| 5483 | |
| 5484 // The blocked frame's origin should become unique. | |
| 5485 EXPECT_EQ("null", root->child_at(0)->current_origin().Serialize()); | |
| 5486 | |
| 5487 // The blocked frame should still fire a load event in its parent's process. | |
| 5488 EXPECT_EQ(expected_title, title_watcher.WaitAndGetTitle()); | |
| 5489 | |
| 5490 // Check that the current RenderFrameHost has stopped loading. | |
| 5491 EXPECT_FALSE(root->child_at(0)->current_frame_host()->is_loading()); | |
| 5492 | |
| 5493 // The blocked navigation should behave like an empty 200 response. Make | |
| 5494 // sure that the frame's document.title is empty: this double-checks both | |
| 5495 // that the blocked URL's contents wasn't loaded, and that the old page | |
| 5496 // isn't active anymore (both of these pages have non-empty titles). | |
| 5497 std::string frame_title; | |
| 5498 EXPECT_TRUE(ExecuteScriptAndExtractString( | |
| 5499 root->child_at(0)->current_frame_host(), | |
| 5500 "domAutomationController.send(document.title)", | |
| 5501 &frame_title)); | |
| 5502 EXPECT_EQ("", frame_title); | |
| 5503 | |
| 5504 // Navigate the subframe to another cross-origin page and ensure that this | |
| 5505 // navigation succeeds. | |
| 5506 GURL c_url(embedded_test_server()->GetURL("c.com", "/title1.html")); | |
| 5507 EXPECT_TRUE(NavigateIframeToURL(shell()->web_contents(), "child-0", c_url)); | |
|
nasko
2016/03/03 18:35:31
Is there any specific reason to use NavigateIframe
alexmos
2016/03/03 18:44:49
Yes, this was intentional to test the transfer pat
alexmos
2016/03/03 19:40:17
Added a comment about this.
| |
| 5508 EXPECT_EQ(c_url, root->child_at(0)->current_url()); | |
| 5509 | |
| 5510 // When a page gets blocked due to XFO or CSP, it is sandboxed with the | |
| 5511 // SandboxOrigin flag (i.e., its origin is set to be unique) to ensure that | |
| 5512 // the blocked page is seen as cross-origin. However, those flags shouldn't | |
| 5513 // affect future navigations for a frame. Verify this for the above | |
| 5514 // navigation. | |
| 5515 EXPECT_EQ(c_url.GetOrigin().spec(), | |
| 5516 root->child_at(0)->current_origin().Serialize() + "/"); | |
| 5517 EXPECT_EQ(blink::WebSandboxFlags::None, | |
| 5518 root->child_at(0)->effective_sandbox_flags()); | |
| 5519 } | |
| 5520 } | |
| 5521 | |
| 5449 } // namespace content | 5522 } // namespace content |
| OLD | NEW |
