Chromium Code Reviews Chromium Code Reviews
Issue 1914593002:
Limit requests for which link headers can install service workers to secure contexts. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: content/browser/service_worker/link_header_support_unittest.cc |
| diff --git a/content/browser/service_worker/link_header_support_unittest.cc b/content/browser/service_worker/link_header_support_unittest.cc |
| index 8bc5922664524d64d295d5488048def563a60a03..faccea9c3e9aa3ca509141e67a95ba1f7fe6966e 100644 |
| --- a/content/browser/service_worker/link_header_support_unittest.cc |
| +++ b/content/browser/service_worker/link_header_support_unittest.cc |
| @@ -7,22 +7,26 @@ |
| #include "base/command_line.h" |
| #include "base/logging.h" |
| #include "base/run_loop.h" |
| +#include "content/browser/loader/resource_request_info_impl.h" |
| #include "content/browser/service_worker/embedded_worker_test_helper.h" |
| #include "content/browser/service_worker/service_worker_context_wrapper.h" |
| #include "content/browser/service_worker/service_worker_registration.h" |
| -#include "content/public/browser/resource_request_info.h" |
| +#include "content/browser/service_worker/service_worker_request_handler.h" |
| #include "content/public/common/content_switches.h" |
| #include "content/public/test/mock_resource_context.h" |
| #include "content/public/test/test_browser_thread_bundle.h" |
| #include "net/http/http_response_headers.h" |
| #include "net/url_request/url_request_test_job.h" |
| #include "net/url_request/url_request_test_util.h" |
| +#include "storage/browser/blob/blob_storage_context.h" |
| #include "testing/gtest/include/gtest/gtest.h" |
| namespace content { |
| namespace { |
| +const int kMockProviderId = 1; |
| + |
| void SaveFoundRegistrationsCallback( |
| ServiceWorkerStatusCode expected_status, |
| bool* called, |
| @@ -56,24 +60,50 @@ class LinkHeaderServiceWorkerTest : public ::testing::Test { |
| void SetUp() override { |
| helper_.reset(new EmbeddedWorkerTestHelper(base::FilePath())); |
| + |
| + // An empty host. |
| + std::unique_ptr<ServiceWorkerProviderHost> host( |
| + new ServiceWorkerProviderHost( |
| + helper_->mock_render_process_id(), MSG_ROUTING_NONE, |
| + kMockProviderId, SERVICE_WORKER_PROVIDER_FOR_WINDOW, |
| + ServiceWorkerProviderHost::FrameSecurityLevel::UNINITIALIZED, |
| + context()->AsWeakPtr(), nullptr)); |
| + provider_host_ = host->AsWeakPtr(); |
| + context()->AddProviderHost(std::move(host)); |
| } |
| void TearDown() override { helper_.reset(); } |
| + ServiceWorkerContextCore* context() const { return helper_->context(); } |
|
kinuko
2016/06/23 14:42:27
nit: avoid returning non const ptr from const meth
Marijn Kruisselbrink
2016/06/23 18:02:01
removed the const. (fwiw, this particular const me
|
| ServiceWorkerContextWrapper* context_wrapper() { |
| return helper_->context_wrapper(); |
| } |
| + ServiceWorkerProviderHost* provider_host() const { |
|
kinuko
2016/06/23 14:42:27
ditto
Marijn Kruisselbrink
2016/06/23 18:02:01
Done
|
| + return provider_host_.get(); |
| + } |
| void ProcessLinkHeader(const GURL& request_url, |
| - const std::string& link_header) { |
| + const std::string& link_header, |
| + bool secure_context, |
| + ResourceType resource_type = RESOURCE_TYPE_SCRIPT) { |
|
kinuko
2016/06/23 14:42:27
Adding bool parameter makes the code harder to rea
Marijn Kruisselbrink
2016/06/23 18:02:01
Yeah, having default parameters and bool parameter
|
| std::unique_ptr<net::URLRequest> request = request_context_.CreateRequest( |
| request_url, net::DEFAULT_PRIORITY, &request_delegate_); |
| ResourceRequestInfo::AllocateForTesting( |
| - request.get(), RESOURCE_TYPE_SCRIPT, &resource_context_, |
| + request.get(), resource_type, &resource_context_, |
| -1 /* render_process_id */, -1 /* render_view_id */, |
| - -1 /* render_frame_id */, false /* is_main_frame */, |
| + -1 /* render_frame_id */, resource_type == RESOURCE_TYPE_MAIN_FRAME, |
| false /* parent_is_main_frame */, true /* allow_download */, |
| true /* is_async */, false /* is_using_lofi */); |
| + ResourceRequestInfoImpl::ForRequest(request.get()) |
| + ->set_initiated_in_secure_context_for_testing(secure_context); |
| + |
| + ServiceWorkerRequestHandler::InitializeHandler( |
| + request.get(), context_wrapper(), &blob_storage_context_, |
| + helper_->mock_render_process_id(), kMockProviderId, |
| + false /* skip_service_worker */, FETCH_REQUEST_MODE_NO_CORS, |
| + FETCH_CREDENTIALS_MODE_OMIT, FetchRedirectMode::FOLLOW_MODE, |
| + resource_type, REQUEST_CONTEXT_TYPE_HYPERLINK, |
| + REQUEST_CONTEXT_FRAME_TYPE_TOP_LEVEL, nullptr); |
| ProcessLinkHeaderForRequest(request.get(), link_header, context_wrapper()); |
| base::RunLoop().RunUntilIdle(); |
| @@ -95,11 +125,13 @@ class LinkHeaderServiceWorkerTest : public ::testing::Test { |
| net::TestURLRequestContext request_context_; |
| net::TestDelegate request_delegate_; |
| MockResourceContext resource_context_; |
| + base::WeakPtr<ServiceWorkerProviderHost> provider_host_; |
| + storage::BlobStorageContext blob_storage_context_; |
| }; |
| TEST_F(LinkHeaderServiceWorkerTest, InstallServiceWorker_Basic) { |
| ProcessLinkHeader(GURL("https://example.com/foo/bar/"), |
| - "<../foo.js>; rel=serviceworker"); |
| + "<../foo.js>; rel=serviceworker", true); |
| std::vector<ServiceWorkerRegistrationInfo> registrations = GetRegistrations(); |
| ASSERT_EQ(1u, registrations.size()); |
| @@ -110,7 +142,8 @@ TEST_F(LinkHeaderServiceWorkerTest, InstallServiceWorker_Basic) { |
| TEST_F(LinkHeaderServiceWorkerTest, InstallServiceWorker_ScopeWithFragment) { |
| ProcessLinkHeader(GURL("https://example.com/foo/bar/"), |
| - "<../bar.js>; rel=serviceworker; scope=\"scope#ref\""); |
| + "<../bar.js>; rel=serviceworker; scope=\"scope#ref\"", |
| + true); |
| std::vector<ServiceWorkerRegistrationInfo> registrations = GetRegistrations(); |
| ASSERT_EQ(1u, registrations.size()); |
| @@ -123,7 +156,8 @@ TEST_F(LinkHeaderServiceWorkerTest, InstallServiceWorker_ScopeWithFragment) { |
| TEST_F(LinkHeaderServiceWorkerTest, InstallServiceWorker_ScopeAbsoluteUrl) { |
| ProcessLinkHeader(GURL("https://example.com/foo/bar/"), |
| "<bar.js>; rel=serviceworker; " |
| - "scope=\"https://example.com:443/foo/bar/scope\""); |
| + "scope=\"https://example.com:443/foo/bar/scope\"", |
| + true); |
| std::vector<ServiceWorkerRegistrationInfo> registrations = GetRegistrations(); |
| ASSERT_EQ(1u, registrations.size()); |
| @@ -136,7 +170,7 @@ TEST_F(LinkHeaderServiceWorkerTest, InstallServiceWorker_ScopeAbsoluteUrl) { |
| TEST_F(LinkHeaderServiceWorkerTest, InstallServiceWorker_ScopeDifferentOrigin) { |
| ProcessLinkHeader( |
| GURL("https://example.com/foobar/"), |
| - "<bar.js>; rel=serviceworker; scope=\"https://google.com/scope\""); |
| + "<bar.js>; rel=serviceworker; scope=\"https://google.com/scope\"", true); |
| std::vector<ServiceWorkerRegistrationInfo> registrations = GetRegistrations(); |
| ASSERT_EQ(0u, registrations.size()); |
| @@ -144,7 +178,7 @@ TEST_F(LinkHeaderServiceWorkerTest, InstallServiceWorker_ScopeDifferentOrigin) { |
| TEST_F(LinkHeaderServiceWorkerTest, InstallServiceWorker_ScopeUrlEncodedSlash) { |
| ProcessLinkHeader(GURL("https://example.com/foobar/"), |
| - "<bar.js>; rel=serviceworker; scope=\"./foo%2Fbar\""); |
| + "<bar.js>; rel=serviceworker; scope=\"./foo%2Fbar\"", true); |
| std::vector<ServiceWorkerRegistrationInfo> registrations = GetRegistrations(); |
| ASSERT_EQ(0u, registrations.size()); |
| @@ -153,7 +187,7 @@ TEST_F(LinkHeaderServiceWorkerTest, InstallServiceWorker_ScopeUrlEncodedSlash) { |
| TEST_F(LinkHeaderServiceWorkerTest, |
| InstallServiceWorker_ScriptUrlEncodedSlash) { |
| ProcessLinkHeader(GURL("https://example.com/foobar/"), |
| - "<foo%2Fbar.js>; rel=serviceworker"); |
| + "<foo%2Fbar.js>; rel=serviceworker", true); |
| std::vector<ServiceWorkerRegistrationInfo> registrations = GetRegistrations(); |
| ASSERT_EQ(0u, registrations.size()); |
| @@ -162,7 +196,7 @@ TEST_F(LinkHeaderServiceWorkerTest, |
| TEST_F(LinkHeaderServiceWorkerTest, InstallServiceWorker_ScriptAbsoluteUrl) { |
| ProcessLinkHeader( |
| GURL("https://example.com/foobar/"), |
| - "<https://example.com/bar.js>; rel=serviceworker; scope=foo"); |
| + "<https://example.com/bar.js>; rel=serviceworker; scope=foo", true); |
| std::vector<ServiceWorkerRegistrationInfo> registrations = GetRegistrations(); |
| ASSERT_EQ(1u, registrations.size()); |
| @@ -173,9 +207,9 @@ TEST_F(LinkHeaderServiceWorkerTest, InstallServiceWorker_ScriptAbsoluteUrl) { |
| TEST_F(LinkHeaderServiceWorkerTest, |
| InstallServiceWorker_ScriptDifferentOrigin) { |
| - ProcessLinkHeader( |
| - GURL("https://example.com/foobar/"), |
| - "<https://google.com/bar.js>; rel=serviceworker; scope=foo"); |
| + ProcessLinkHeader(GURL("https://example.com/foobar/"), |
| + "<https://google.com/bar.js>; rel=serviceworker; scope=foo", |
| + true); |
| std::vector<ServiceWorkerRegistrationInfo> registrations = GetRegistrations(); |
| ASSERT_EQ(0u, registrations.size()); |
| @@ -184,7 +218,8 @@ TEST_F(LinkHeaderServiceWorkerTest, |
| TEST_F(LinkHeaderServiceWorkerTest, InstallServiceWorker_MultipleWorkers) { |
| ProcessLinkHeader(GURL("https://example.com/foobar/"), |
| "<bar.js>; rel=serviceworker; scope=foo, <baz.js>; " |
| - "rel=serviceworker; scope=scope"); |
| + "rel=serviceworker; scope=scope", |
| + true); |
| std::vector<ServiceWorkerRegistrationInfo> registrations = GetRegistrations(); |
| ASSERT_EQ(2u, registrations.size()); |
| @@ -201,7 +236,8 @@ TEST_F(LinkHeaderServiceWorkerTest, |
| ProcessLinkHeader( |
| GURL("https://example.com/foobar/"), |
| "<https://google.com/bar.js>; rel=serviceworker; scope=foo, <baz.js>; " |
| - "rel=serviceworker; scope=scope"); |
| + "rel=serviceworker; scope=scope", |
| + true); |
| std::vector<ServiceWorkerRegistrationInfo> registrations = GetRegistrations(); |
| ASSERT_EQ(1u, registrations.size()); |
| @@ -210,6 +246,53 @@ TEST_F(LinkHeaderServiceWorkerTest, |
| registrations[0].active_version.script_url); |
| } |
| +TEST_F(LinkHeaderServiceWorkerTest, InstallServiceWorker_InsecureContext) { |
| + ProcessLinkHeader(GURL("https://example.com/foo/bar/"), |
| + "<../foo.js>; rel=serviceworker", false); |
| + |
| + std::vector<ServiceWorkerRegistrationInfo> registrations = GetRegistrations(); |
| + ASSERT_EQ(0u, registrations.size()); |
| +} |
| + |
| +TEST_F(LinkHeaderServiceWorkerTest, |
| + InstallServiceWorker_NavigationFromInsecureContextToSecureContext) { |
| + provider_host()->SetDocumentUrl(GURL("https://example.com/foo/bar/")); |
| + provider_host()->set_parent_frame_secure(true); |
| + ProcessLinkHeader(GURL("https://example.com/foo/bar/"), |
| + "<../foo.js>; rel=serviceworker", false, |
| + RESOURCE_TYPE_MAIN_FRAME); |
| + |
| + std::vector<ServiceWorkerRegistrationInfo> registrations = GetRegistrations(); |
| + ASSERT_EQ(1u, registrations.size()); |
| + EXPECT_EQ(GURL("https://example.com/foo/"), registrations[0].pattern); |
| + EXPECT_EQ(GURL("https://example.com/foo/foo.js"), |
| + registrations[0].active_version.script_url); |
| +} |
| + |
| +TEST_F(LinkHeaderServiceWorkerTest, |
| + InstallServiceWorker_NavigationToInsecureContext) { |
| + provider_host()->SetDocumentUrl(GURL("http://example.com/foo/bar/")); |
| + provider_host()->set_parent_frame_secure(true); |
| + ProcessLinkHeader(GURL("http://example.com/foo/bar/"), |
| + "<../foo.js>; rel=serviceworker", true, |
| + RESOURCE_TYPE_MAIN_FRAME); |
| + |
| + std::vector<ServiceWorkerRegistrationInfo> registrations = GetRegistrations(); |
| + ASSERT_EQ(0u, registrations.size()); |
| +} |
| + |
| +TEST_F(LinkHeaderServiceWorkerTest, |
| + InstallServiceWorker_NavigationToInsecureHttpsContext) { |
| + provider_host()->SetDocumentUrl(GURL("https://example.com/foo/bar/")); |
| + provider_host()->set_parent_frame_secure(false); |
| + ProcessLinkHeader(GURL("http://example.com/foo/bar/"), |
| + "<../foo.js>; rel=serviceworker", true, |
| + RESOURCE_TYPE_MAIN_FRAME); |
| + |
| + std::vector<ServiceWorkerRegistrationInfo> registrations = GetRegistrations(); |
| + ASSERT_EQ(0u, registrations.size()); |
| +} |
| + |
| } // namespace |
| } // namespace content |
