OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <string> | 5 #include <string> |
6 | 6 |
7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
8 #include "base/files/file_path.h" | 8 #include "base/files/file_path.h" |
9 #include "base/test/histogram_tester.h" | 9 #include "base/test/histogram_tester.h" |
10 #include "content/browser/bad_message.h" | 10 #include "content/browser/bad_message.h" |
(...skipping 93 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
104 EXPECT_EQ("B=2; D=4", GetCookieFromJS(web_contents_http->GetMainFrame())); | 104 EXPECT_EQ("B=2; D=4", GetCookieFromJS(web_contents_http->GetMainFrame())); |
105 } | 105 } |
106 | 106 |
107 // SameSite cookies (that aren't marked as http-only) should be available to | 107 // SameSite cookies (that aren't marked as http-only) should be available to |
108 // JavaScript. | 108 // JavaScript. |
109 IN_PROC_BROWSER_TEST_F(RenderFrameMessageFilterBrowserTest, SameSiteCookies) { | 109 IN_PROC_BROWSER_TEST_F(RenderFrameMessageFilterBrowserTest, SameSiteCookies) { |
110 host_resolver()->AddRule("*", "127.0.0.1"); | 110 host_resolver()->AddRule("*", "127.0.0.1"); |
111 ASSERT_TRUE(embedded_test_server()->Start()); | 111 ASSERT_TRUE(embedded_test_server()->Start()); |
112 SetupCrossSiteRedirector(embedded_test_server()); | 112 SetupCrossSiteRedirector(embedded_test_server()); |
113 | 113 |
114 // The server sends a SameSite cookie. The RenderFrameMessageFilter should | 114 // The server sets five cookies on '127.0.0.1' and on 'baz.com', then loads a |
115 // allow this to be sent to the renderer. | 115 // page that frames 'baz.com' inside '127.0.0.1'. |
116 GURL url = embedded_test_server()->GetURL("/set-cookie?samesite=1;SameSite"); | 116 std::string cookies_to_set = |
| 117 "/set-cookie?normal=1" |
| 118 "&strict=1;SameSite=Strict" |
| 119 "&lax=1;SameSite=Lax" |
| 120 "&strict-http=1;SameSite=Strict;httponly" |
| 121 "&lax-http=1;SameSite=Lax;httponly"; |
| 122 |
| 123 GURL url = embedded_test_server()->GetURL("127.0.0.1", cookies_to_set); |
| 124 NavigateToURL(shell(), url); |
| 125 url = embedded_test_server()->GetURL("baz.com", cookies_to_set); |
| 126 NavigateToURL(shell(), url); |
| 127 url = embedded_test_server()->GetURL("127.0.0.1", |
| 128 "/frame_with_load_event.html"); |
117 NavigateToURL(shell(), url); | 129 NavigateToURL(shell(), url); |
118 | 130 |
119 WebContentsImpl* web_contents = | 131 WebContentsImpl* web_contents = |
120 static_cast<WebContentsImpl*>(shell()->web_contents()); | 132 static_cast<WebContentsImpl*>(shell()->web_contents()); |
121 EXPECT_EQ("http://127.0.0.1/", | 133 RenderFrameHost* main_frame = web_contents->GetMainFrame(); |
122 web_contents->GetSiteInstance()->GetSiteURL().spec()); | 134 RenderFrameHost* iframe = |
| 135 web_contents->GetFrameTree()->root()->child_at(0)->current_frame_host(); |
123 | 136 |
124 EXPECT_EQ("samesite=1", GetCookieFromJS(web_contents->GetMainFrame())); | 137 // The top-level frame should get both kinds of same-site cookies. |
| 138 EXPECT_EQ("normal=1; strict=1; lax=1", GetCookieFromJS(main_frame)); |
| 139 |
| 140 // Same-site cookies should not be delievered to the frame, as it isn't |
| 141 // same-site with its ancestors. |
| 142 EXPECT_EQ("normal=1", GetCookieFromJS(iframe)); |
125 } | 143 } |
126 | 144 |
127 // The RenderFrameMessageFilter will kill processes when they access the cookies | 145 // The RenderFrameMessageFilter will kill processes when they access the cookies |
128 // of sites other than the site the process is dedicated to, under site | 146 // of sites other than the site the process is dedicated to, under site |
129 // isolation. | 147 // isolation. |
130 IN_PROC_BROWSER_TEST_F(RenderFrameMessageFilterBrowserTest, | 148 IN_PROC_BROWSER_TEST_F(RenderFrameMessageFilterBrowserTest, |
131 CrossSiteCookieSecurityEnforcement) { | 149 CrossSiteCookieSecurityEnforcement) { |
132 // The code under test is only active under site isolation. | 150 // The code under test is only active under site isolation. |
133 if (!AreAllSitesIsolatedForTesting()) { | 151 if (!AreAllSitesIsolatedForTesting()) { |
134 return; | 152 return; |
(...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
224 // If the message had gone through, we'd have marked the RFH as dead but | 242 // If the message had gone through, we'd have marked the RFH as dead but |
225 // left the RPH and its connection alive, and the Wait below would hang. | 243 // left the RPH and its connection alive, and the Wait below would hang. |
226 web_process_killed.Wait(); | 244 web_process_killed.Wait(); |
227 | 245 |
228 ASSERT_FALSE(web_rfh->GetProcess()->HasConnection()); | 246 ASSERT_FALSE(web_rfh->GetProcess()->HasConnection()); |
229 ASSERT_FALSE(web_rfh->IsRenderFrameLive()); | 247 ASSERT_FALSE(web_rfh->IsRenderFrameLive()); |
230 ASSERT_FALSE(web_process_killed.did_exit_normally()); | 248 ASSERT_FALSE(web_process_killed.did_exit_normally()); |
231 } | 249 } |
232 | 250 |
233 } // namespace content | 251 } // namespace content |
OLD | NEW |