OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <string> | 5 #include <string> |
6 | 6 |
7 #include "base/command_line.h" | 7 #include "base/command_line.h" |
8 #include "base/files/file_path.h" | 8 #include "base/files/file_path.h" |
9 #include "base/test/histogram_tester.h" | 9 #include "base/test/histogram_tester.h" |
10 #include "content/browser/bad_message.h" | 10 #include "content/browser/bad_message.h" |
(...skipping 21 matching lines...) Expand all Loading... |
32 | 32 |
33 std::string GetCookieFromJS(RenderFrameHost* frame) { | 33 std::string GetCookieFromJS(RenderFrameHost* frame) { |
34 std::string cookie; | 34 std::string cookie; |
35 EXPECT_TRUE(ExecuteScriptAndExtractString( | 35 EXPECT_TRUE(ExecuteScriptAndExtractString( |
36 frame, "window.domAutomationController.send(document.cookie);", &cookie)); | 36 frame, "window.domAutomationController.send(document.cookie);", &cookie)); |
37 return cookie; | 37 return cookie; |
38 } | 38 } |
39 | 39 |
40 } // namespace | 40 } // namespace |
41 | 41 |
42 using RenderFrameMessageFilterBrowserTest = ContentBrowserTest; | 42 class RenderFrameMessageFilterBrowserTest : public ContentBrowserTest { |
| 43 protected: |
| 44 void SetUp() override { |
| 45 base::CommandLine::ForCurrentProcess()->AppendSwitch( |
| 46 switches::kEnableExperimentalWebPlatformFeatures); |
| 47 ContentBrowserTest::SetUp(); |
| 48 } |
| 49 }; |
43 | 50 |
44 // Exercises basic cookie operations via javascript, including an http page | 51 // Exercises basic cookie operations via javascript, including an http page |
45 // interacting with secure cookies. | 52 // interacting with secure cookies. |
46 IN_PROC_BROWSER_TEST_F(RenderFrameMessageFilterBrowserTest, Cookies) { | 53 IN_PROC_BROWSER_TEST_F(RenderFrameMessageFilterBrowserTest, Cookies) { |
47 host_resolver()->AddRule("*", "127.0.0.1"); | 54 host_resolver()->AddRule("*", "127.0.0.1"); |
48 ASSERT_TRUE(embedded_test_server()->Start()); | 55 ASSERT_TRUE(embedded_test_server()->Start()); |
49 SetupCrossSiteRedirector(embedded_test_server()); | 56 SetupCrossSiteRedirector(embedded_test_server()); |
50 | 57 |
51 net::EmbeddedTestServer https_server(net::EmbeddedTestServer::TYPE_HTTPS); | 58 net::EmbeddedTestServer https_server(net::EmbeddedTestServer::TYPE_HTTPS); |
52 https_server.AddDefaultHandlers( | 59 https_server.AddDefaultHandlers( |
(...skipping 20 matching lines...) Expand all Loading... |
73 | 80 |
74 EXPECT_NE(web_contents_http->GetSiteInstance()->GetProcess(), | 81 EXPECT_NE(web_contents_http->GetSiteInstance()->GetProcess(), |
75 web_contents_https->GetSiteInstance()->GetProcess()); | 82 web_contents_https->GetSiteInstance()->GetProcess()); |
76 | 83 |
77 EXPECT_EQ("", GetCookieFromJS(web_contents_https->GetMainFrame())); | 84 EXPECT_EQ("", GetCookieFromJS(web_contents_https->GetMainFrame())); |
78 EXPECT_EQ("", GetCookieFromJS(web_contents_http->GetMainFrame())); | 85 EXPECT_EQ("", GetCookieFromJS(web_contents_http->GetMainFrame())); |
79 | 86 |
80 // Non-TLS page writes secure cookie. | 87 // Non-TLS page writes secure cookie. |
81 EXPECT_TRUE(ExecuteScript(web_contents_http->GetMainFrame(), | 88 EXPECT_TRUE(ExecuteScript(web_contents_http->GetMainFrame(), |
82 "document.cookie = 'A=1; secure;';")); | 89 "document.cookie = 'A=1; secure;';")); |
83 EXPECT_EQ("A=1", GetCookieFromJS(web_contents_https->GetMainFrame())); | 90 EXPECT_EQ("", GetCookieFromJS(web_contents_https->GetMainFrame())); |
84 EXPECT_EQ("", GetCookieFromJS(web_contents_http->GetMainFrame())); | 91 EXPECT_EQ("", GetCookieFromJS(web_contents_http->GetMainFrame())); |
85 | 92 |
86 // TLS page writes not-secure cookie. | 93 // TLS page writes not-secure cookie. |
87 EXPECT_TRUE(ExecuteScript(web_contents_http->GetMainFrame(), | 94 EXPECT_TRUE(ExecuteScript(web_contents_http->GetMainFrame(), |
88 "document.cookie = 'B=2';")); | 95 "document.cookie = 'B=2';")); |
89 EXPECT_EQ("A=1; B=2", GetCookieFromJS(web_contents_https->GetMainFrame())); | 96 EXPECT_EQ("B=2", GetCookieFromJS(web_contents_https->GetMainFrame())); |
90 EXPECT_EQ("B=2", GetCookieFromJS(web_contents_http->GetMainFrame())); | 97 EXPECT_EQ("B=2", GetCookieFromJS(web_contents_http->GetMainFrame())); |
91 | 98 |
92 // Non-TLS page writes secure cookie. | 99 // TLS page writes secure cookie. |
93 EXPECT_TRUE(ExecuteScript(web_contents_https->GetMainFrame(), | 100 EXPECT_TRUE(ExecuteScript(web_contents_https->GetMainFrame(), |
94 "document.cookie = 'C=3;secure;';")); | 101 "document.cookie = 'C=3;secure;';")); |
95 EXPECT_EQ("A=1; B=2; C=3", | 102 EXPECT_EQ("B=2; C=3", |
96 GetCookieFromJS(web_contents_https->GetMainFrame())); | 103 GetCookieFromJS(web_contents_https->GetMainFrame())); |
97 EXPECT_EQ("B=2", GetCookieFromJS(web_contents_http->GetMainFrame())); | 104 EXPECT_EQ("B=2", GetCookieFromJS(web_contents_http->GetMainFrame())); |
98 | 105 |
99 // TLS page writes not-secure cookie. | 106 // TLS page writes not-secure cookie. |
100 EXPECT_TRUE(ExecuteScript(web_contents_https->GetMainFrame(), | 107 EXPECT_TRUE(ExecuteScript(web_contents_https->GetMainFrame(), |
101 "document.cookie = 'D=4';")); | 108 "document.cookie = 'D=4';")); |
102 EXPECT_EQ("A=1; B=2; C=3; D=4", | 109 EXPECT_EQ("B=2; C=3; D=4", |
103 GetCookieFromJS(web_contents_https->GetMainFrame())); | 110 GetCookieFromJS(web_contents_https->GetMainFrame())); |
104 EXPECT_EQ("B=2; D=4", GetCookieFromJS(web_contents_http->GetMainFrame())); | 111 EXPECT_EQ("B=2; D=4", GetCookieFromJS(web_contents_http->GetMainFrame())); |
105 } | 112 } |
106 | 113 |
107 // SameSite cookies (that aren't marked as http-only) should be available to | 114 // SameSite cookies (that aren't marked as http-only) should be available to |
108 // JavaScript. | 115 // JavaScript. |
109 IN_PROC_BROWSER_TEST_F(RenderFrameMessageFilterBrowserTest, SameSiteCookies) { | 116 IN_PROC_BROWSER_TEST_F(RenderFrameMessageFilterBrowserTest, SameSiteCookies) { |
110 host_resolver()->AddRule("*", "127.0.0.1"); | 117 host_resolver()->AddRule("*", "127.0.0.1"); |
111 ASSERT_TRUE(embedded_test_server()->Start()); | 118 ASSERT_TRUE(embedded_test_server()->Start()); |
112 SetupCrossSiteRedirector(embedded_test_server()); | 119 SetupCrossSiteRedirector(embedded_test_server()); |
113 | 120 |
114 // The server sends a SameSite cookie. The RenderFrameMessageFilter should | 121 // The server sets five cookies on 'a.com' and on 'b.com', then loads a |
115 // allow this to be sent to the renderer. | 122 // page that frames both 'a.com' and 'b.com' under 'a.com'. |
116 GURL url = embedded_test_server()->GetURL("/set-cookie?samesite=1;SameSite"); | 123 std::string cookies_to_set = |
| 124 "/set-cookie?normal=1" |
| 125 "&strict=1;SameSite=Strict" |
| 126 "&lax=1;SameSite=Lax" |
| 127 "&strict-http=1;SameSite=Strict;httponly" |
| 128 "&lax-http=1;SameSite=Lax;httponly"; |
| 129 |
| 130 GURL url = embedded_test_server()->GetURL("a.com", cookies_to_set); |
| 131 NavigateToURL(shell(), url); |
| 132 url = embedded_test_server()->GetURL("b.com", cookies_to_set); |
| 133 NavigateToURL(shell(), url); |
| 134 url = embedded_test_server()->GetURL( |
| 135 "a.com", "/cross_site_iframe_factory.html?a(a(),b())"); |
117 NavigateToURL(shell(), url); | 136 NavigateToURL(shell(), url); |
118 | 137 |
119 WebContentsImpl* web_contents = | 138 WebContentsImpl* web_contents = |
120 static_cast<WebContentsImpl*>(shell()->web_contents()); | 139 static_cast<WebContentsImpl*>(shell()->web_contents()); |
121 EXPECT_EQ("http://127.0.0.1/", | 140 RenderFrameHost* main_frame = web_contents->GetMainFrame(); |
122 web_contents->GetSiteInstance()->GetSiteURL().spec()); | 141 RenderFrameHost* a_iframe = |
| 142 web_contents->GetFrameTree()->root()->child_at(0)->current_frame_host(); |
| 143 RenderFrameHost* b_iframe = |
| 144 web_contents->GetFrameTree()->root()->child_at(1)->current_frame_host(); |
123 | 145 |
124 EXPECT_EQ("samesite=1", GetCookieFromJS(web_contents->GetMainFrame())); | 146 // The top-level frame should get both kinds of same-site cookies. |
| 147 EXPECT_EQ("normal=1; strict=1; lax=1", GetCookieFromJS(main_frame)); |
| 148 |
| 149 // Same-site cookies will be delievered to the 'a.com' frame, as it is same- |
| 150 // site with its ancestors. |
| 151 EXPECT_EQ("normal=1; strict=1; lax=1", GetCookieFromJS(a_iframe)); |
| 152 |
| 153 // Same-site cookies should not be delievered to the 'b.com' frame, as it |
| 154 // isn't same-site with its ancestors. |
| 155 EXPECT_EQ("normal=1", GetCookieFromJS(b_iframe)); |
125 } | 156 } |
126 | 157 |
127 // The RenderFrameMessageFilter will kill processes when they access the cookies | 158 // The RenderFrameMessageFilter will kill processes when they access the cookies |
128 // of sites other than the site the process is dedicated to, under site | 159 // of sites other than the site the process is dedicated to, under site |
129 // isolation. | 160 // isolation. |
130 IN_PROC_BROWSER_TEST_F(RenderFrameMessageFilterBrowserTest, | 161 IN_PROC_BROWSER_TEST_F(RenderFrameMessageFilterBrowserTest, |
131 CrossSiteCookieSecurityEnforcement) { | 162 CrossSiteCookieSecurityEnforcement) { |
132 // The code under test is only active under site isolation. | 163 // The code under test is only active under site isolation. |
133 if (!AreAllSitesIsolatedForTesting()) { | 164 if (!AreAllSitesIsolatedForTesting()) { |
134 return; | 165 return; |
(...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
224 // If the message had gone through, we'd have marked the RFH as dead but | 255 // If the message had gone through, we'd have marked the RFH as dead but |
225 // left the RPH and its connection alive, and the Wait below would hang. | 256 // left the RPH and its connection alive, and the Wait below would hang. |
226 web_process_killed.Wait(); | 257 web_process_killed.Wait(); |
227 | 258 |
228 ASSERT_FALSE(web_rfh->GetProcess()->HasConnection()); | 259 ASSERT_FALSE(web_rfh->GetProcess()->HasConnection()); |
229 ASSERT_FALSE(web_rfh->IsRenderFrameLive()); | 260 ASSERT_FALSE(web_rfh->IsRenderFrameLive()); |
230 ASSERT_FALSE(web_process_killed.did_exit_normally()); | 261 ASSERT_FALSE(web_process_killed.did_exit_normally()); |
231 } | 262 } |
232 | 263 |
233 } // namespace content | 264 } // namespace content |
OLD | NEW |