| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "core/loader/MixedContentChecker.h" | 5 #include "core/loader/MixedContentChecker.h" |
| 6 | 6 |
| 7 #include "core/frame/Settings.h" | 7 #include "core/frame/Settings.h" |
| 8 #include "core/loader/EmptyClients.h" | 8 #include "core/loader/EmptyClients.h" |
| 9 #include "core/testing/DummyPageHolder.h" | 9 #include "core/testing/DummyPageHolder.h" |
| 10 #include "platform/network/ResourceResponse.h" | 10 #include "platform/network/ResourceResponse.h" |
| 11 #include "platform/weborigin/KURL.h" | 11 #include "platform/weborigin/KURL.h" |
| 12 #include "platform/weborigin/SecurityOrigin.h" | 12 #include "platform/weborigin/SecurityOrigin.h" |
| 13 #include "public/platform/WebMixedContent.h" |
| 14 #include "public/platform/WebMixedContentContextType.h" |
| 13 #include "testing/gmock/include/gmock/gmock-generated-function-mockers.h" | 15 #include "testing/gmock/include/gmock/gmock-generated-function-mockers.h" |
| 14 #include "testing/gtest/include/gtest/gtest.h" | 16 #include "testing/gtest/include/gtest/gtest.h" |
| 15 #include "wtf/RefPtr.h" | 17 #include "wtf/RefPtr.h" |
| 16 #include <base/macros.h> | 18 #include <base/macros.h> |
| 17 #include <memory> | 19 #include <memory> |
| 18 | 20 |
| 19 namespace blink { | 21 namespace blink { |
| 20 | 22 |
| 23 // Tests that MixedContentChecker::isMixedContent correctly detects or ignores |
| 24 // many cases where there is or there is not mixed content, respectively. |
| 25 // Note: Renderer side version of |
| 26 // MixedContentNavigationThrottleTest.IsMixedContent. Must be kept in sync |
| 27 // manually! |
| 21 TEST(MixedContentCheckerTest, IsMixedContent) { | 28 TEST(MixedContentCheckerTest, IsMixedContent) { |
| 22 struct TestCase { | 29 struct TestCase { |
| 23 const char* origin; | 30 const char* origin; |
| 24 const char* target; | 31 const char* target; |
| 25 bool expectation; | 32 bool expectation; |
| 26 } cases[] = { | 33 } cases[] = { |
| 27 {"http://example.com/foo", "http://example.com/foo", false}, | 34 {"http://example.com/foo", "http://example.com/foo", false}, |
| 28 {"http://example.com/foo", "https://example.com/foo", false}, | 35 {"http://example.com/foo", "https://example.com/foo", false}, |
| 29 {"http://example.com/foo", "data:text/html,<p>Hi!</p>", false}, | 36 {"http://example.com/foo", "data:text/html,<p>Hi!</p>", false}, |
| 30 {"http://example.com/foo", "about:blank", false}, | 37 {"http://example.com/foo", "about:blank", false}, |
| (...skipping 30 matching lines...) Expand all Loading... |
| 61 | 68 |
| 62 TEST(MixedContentCheckerTest, ContextTypeForInspector) { | 69 TEST(MixedContentCheckerTest, ContextTypeForInspector) { |
| 63 std::unique_ptr<DummyPageHolder> dummyPageHolder = | 70 std::unique_ptr<DummyPageHolder> dummyPageHolder = |
| 64 DummyPageHolder::create(IntSize(1, 1)); | 71 DummyPageHolder::create(IntSize(1, 1)); |
| 65 dummyPageHolder->frame().document()->setSecurityOrigin( | 72 dummyPageHolder->frame().document()->setSecurityOrigin( |
| 66 SecurityOrigin::createFromString("http://example.test")); | 73 SecurityOrigin::createFromString("http://example.test")); |
| 67 | 74 |
| 68 ResourceRequest notMixedContent("https://example.test/foo.jpg"); | 75 ResourceRequest notMixedContent("https://example.test/foo.jpg"); |
| 69 notMixedContent.setFrameType(WebURLRequest::FrameTypeAuxiliary); | 76 notMixedContent.setFrameType(WebURLRequest::FrameTypeAuxiliary); |
| 70 notMixedContent.setRequestContext(WebURLRequest::RequestContextScript); | 77 notMixedContent.setRequestContext(WebURLRequest::RequestContextScript); |
| 71 EXPECT_EQ(WebMixedContent::ContextType::NotMixedContent, | 78 EXPECT_EQ(WebMixedContentContextType::NotMixedContent, |
| 72 MixedContentChecker::contextTypeForInspector( | 79 MixedContentChecker::contextTypeForInspector( |
| 73 &dummyPageHolder->frame(), notMixedContent)); | 80 &dummyPageHolder->frame(), notMixedContent)); |
| 74 | 81 |
| 75 dummyPageHolder->frame().document()->setSecurityOrigin( | 82 dummyPageHolder->frame().document()->setSecurityOrigin( |
| 76 SecurityOrigin::createFromString("https://example.test")); | 83 SecurityOrigin::createFromString("https://example.test")); |
| 77 EXPECT_EQ(WebMixedContent::ContextType::NotMixedContent, | 84 EXPECT_EQ(WebMixedContentContextType::NotMixedContent, |
| 78 MixedContentChecker::contextTypeForInspector( | 85 MixedContentChecker::contextTypeForInspector( |
| 79 &dummyPageHolder->frame(), notMixedContent)); | 86 &dummyPageHolder->frame(), notMixedContent)); |
| 80 | 87 |
| 81 ResourceRequest blockableMixedContent("http://example.test/foo.jpg"); | 88 ResourceRequest blockableMixedContent("http://example.test/foo.jpg"); |
| 82 blockableMixedContent.setFrameType(WebURLRequest::FrameTypeAuxiliary); | 89 blockableMixedContent.setFrameType(WebURLRequest::FrameTypeAuxiliary); |
| 83 blockableMixedContent.setRequestContext(WebURLRequest::RequestContextScript); | 90 blockableMixedContent.setRequestContext(WebURLRequest::RequestContextScript); |
| 84 EXPECT_EQ(WebMixedContent::ContextType::Blockable, | 91 EXPECT_EQ(WebMixedContentContextType::Blockable, |
| 85 MixedContentChecker::contextTypeForInspector( | 92 MixedContentChecker::contextTypeForInspector( |
| 86 &dummyPageHolder->frame(), blockableMixedContent)); | 93 &dummyPageHolder->frame(), blockableMixedContent)); |
| 87 | 94 |
| 88 ResourceRequest optionallyBlockableMixedContent( | 95 ResourceRequest optionallyBlockableMixedContent( |
| 89 "http://example.test/foo.jpg"); | 96 "http://example.test/foo.jpg"); |
| 90 blockableMixedContent.setFrameType(WebURLRequest::FrameTypeAuxiliary); | 97 blockableMixedContent.setFrameType(WebURLRequest::FrameTypeAuxiliary); |
| 91 blockableMixedContent.setRequestContext(WebURLRequest::RequestContextImage); | 98 blockableMixedContent.setRequestContext(WebURLRequest::RequestContextImage); |
| 92 EXPECT_EQ(WebMixedContent::ContextType::OptionallyBlockable, | 99 EXPECT_EQ(WebMixedContentContextType::OptionallyBlockable, |
| 93 MixedContentChecker::contextTypeForInspector( | 100 MixedContentChecker::contextTypeForInspector( |
| 94 &dummyPageHolder->frame(), blockableMixedContent)); | 101 &dummyPageHolder->frame(), blockableMixedContent)); |
| 95 } | 102 } |
| 96 | 103 |
| 97 namespace { | 104 namespace { |
| 98 | 105 |
| 99 class MockFrameLoaderClient : public EmptyFrameLoaderClient { | 106 class MockFrameLoaderClient : public EmptyFrameLoaderClient { |
| 100 public: | 107 public: |
| 101 MockFrameLoaderClient() : EmptyFrameLoaderClient() {} | 108 MockFrameLoaderClient() : EmptyFrameLoaderClient() {} |
| 102 MOCK_METHOD1(didDisplayContentWithCertificateErrors, void(const KURL&)); | 109 MOCK_METHOD1(didDisplayContentWithCertificateErrors, void(const KURL&)); |
| (...skipping 16 matching lines...) Expand all Loading... |
| 119 response1.setURL(ranUrl); | 126 response1.setURL(ranUrl); |
| 120 EXPECT_CALL(*client, didRunContentWithCertificateErrors(ranUrl)); | 127 EXPECT_CALL(*client, didRunContentWithCertificateErrors(ranUrl)); |
| 121 MixedContentChecker::handleCertificateError( | 128 MixedContentChecker::handleCertificateError( |
| 122 &dummyPageHolder->frame(), response1, WebURLRequest::FrameTypeNone, | 129 &dummyPageHolder->frame(), response1, WebURLRequest::FrameTypeNone, |
| 123 WebURLRequest::RequestContextScript); | 130 WebURLRequest::RequestContextScript); |
| 124 | 131 |
| 125 ResourceResponse response2; | 132 ResourceResponse response2; |
| 126 WebURLRequest::RequestContext requestContext = | 133 WebURLRequest::RequestContext requestContext = |
| 127 WebURLRequest::RequestContextImage; | 134 WebURLRequest::RequestContextImage; |
| 128 ASSERT_EQ( | 135 ASSERT_EQ( |
| 129 WebMixedContent::ContextType::OptionallyBlockable, | 136 WebMixedContentContextType::OptionallyBlockable, |
| 130 WebMixedContent::contextTypeFromRequestContext( | 137 WebMixedContent::contextTypeFromRequestContext( |
| 131 requestContext, dummyPageHolder->frame() | 138 requestContext, dummyPageHolder->frame() |
| 132 .settings() | 139 .settings() |
| 133 ->getStrictMixedContentCheckingForPlugin())); | 140 ->getStrictMixedContentCheckingForPlugin())); |
| 134 response2.setURL(displayedUrl); | 141 response2.setURL(displayedUrl); |
| 135 EXPECT_CALL(*client, didDisplayContentWithCertificateErrors(displayedUrl)); | 142 EXPECT_CALL(*client, didDisplayContentWithCertificateErrors(displayedUrl)); |
| 136 MixedContentChecker::handleCertificateError( | 143 MixedContentChecker::handleCertificateError( |
| 137 &dummyPageHolder->frame(), response2, WebURLRequest::FrameTypeNone, | 144 &dummyPageHolder->frame(), response2, WebURLRequest::FrameTypeNone, |
| 138 requestContext); | 145 requestContext); |
| 139 } | 146 } |
| 140 | 147 |
| 141 } // namespace blink | 148 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1905033002:
PlzNavigate: Move navigation-level mixed content checks to the browser. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@console-security-message