Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(511)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/browser/frame_host/render_frame_host_manager_unittest.cc

Issue 1775543002: Validate params.origin in the browser process at commit time. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Addressing another round of comments. Created 4 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « content/browser/frame_host/render_frame_host_impl.cc ('k') | content/browser/security_exploit_browsertest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/browser/frame_host/render_frame_host_manager_unittest.cc
diff --git a/content/browser/frame_host/render_frame_host_manager_unittest.cc b/content/browser/frame_host/render_frame_host_manager_unittest.cc
index 0cea53190f852a49788f6fb82474127f0d0e6ec6..b09d94569f9a4d9fc6f93997f4552b1493e891d4 100644
--- a/content/browser/frame_host/render_frame_host_manager_unittest.cc
+++ b/content/browser/frame_host/render_frame_host_manager_unittest.cc
@@ -2972,6 +2972,67 @@ TEST_F(RenderFrameHostManagerTest, SimultaneousNavigationWithTwoWebUIs2) {
BaseSimultaneousNavigationWithTwoWebUIs(commit_new_frame_host);
}
+TEST_F(RenderFrameHostManagerTest, CanCommitOrigin) {
+ const GURL kUrl("http://a.com/");
+ const GURL kUrlBar("http://a.com/bar");
+
+ NavigateActiveAndCommit(kUrl);
+
+ controller().LoadURL(
+ kUrlBar, Referrer(), ui::PAGE_TRANSITION_TYPED, std::string());
+ main_test_rfh()->PrepareForCommit();
+
+ FrameHostMsg_DidCommitProvisionalLoad_Params params;
+ params.page_id = 0;
+ params.nav_entry_id = 0;
+ params.did_create_new_entry = false;
+ params.transition = ui::PAGE_TRANSITION_LINK;
+ params.should_update_history = false;
+ params.gesture = NavigationGestureAuto;
+ params.was_within_same_page = false;
+ params.is_post = false;
+ params.page_state = PageState::CreateFromURL(kUrlBar);
+
+ struct TestCase {
+ const char* const url;
+ const char* const origin;
+ bool mismatch;
+ } cases[] = {
+ // Positive case where the two match.
+ { "http://a.com/foo.html", "http://a.com", false },
+
+ // Host mismatches.
+ { "http://a.com/", "http://b.com", true },
+ { "http://b.com/", "http://a.com", true },
+
+ // Scheme mismatches.
+ { "file://", "http://a.com", true },
+ { "https://a.com/", "http://a.com", true },
+
+ // about:blank URLs inherit the origin of the context that navigated them.
+ { "about:blank", "http://a.com", false },
+
+ // Unique origin.
+ { "http://a.com", "null", false },
+ };
+
+ for (const auto& test_case : cases) {
+ params.url = GURL(test_case.url);
+ params.origin = url::Origin(GURL(test_case.origin));
+
+ int expected_bad_msg_count = process()->bad_msg_count();
+ if (test_case.mismatch)
+ expected_bad_msg_count++;
+
+ main_test_rfh()->SendNavigateWithParams(&params);
+
+ EXPECT_EQ(expected_bad_msg_count, process()->bad_msg_count())
+ << " url:" << test_case.url
+ << " origin:" << test_case.origin
+ << " mismatch:" << test_case.mismatch;
+ }
+}
+
// RenderFrameHostManagerTest extension for PlzNavigate enabled tests.
class RenderFrameHostManagerTestWithBrowserSideNavigation
: public RenderFrameHostManagerTest {
« no previous file with comments | « content/browser/frame_host/render_frame_host_impl.cc ('k') | content/browser/security_exploit_browsertest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698