service worker: Don't control a subframe of an insecure context

chrome/browser/extensions/service_worker_apitest.cc

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <stdint.h>
 
 #include "base/bind_helpers.h"
 #include "base/macros.h"
 #include "base/strings/stringprintf.h"
 #include "base/strings/utf_string_conversions.h"
@@ skipping 13 matching lines @@
 #include "content/public/browser/web_contents.h"
 #include "content/public/common/content_switches.h"
 #include "content/public/common/page_type.h"
 #include "content/public/test/background_sync_test_util.h"
 #include "content/public/test/browser_test_utils.h"
 #include "extensions/browser/extension_host.h"
 #include "extensions/browser/extension_registry.h"
 #include "extensions/browser/process_manager.h"
 #include "extensions/test/background_page_watcher.h"
 #include "extensions/test/extension_test_message_listener.h"
+#include "net/dns/mock_host_resolver.h"
 #include "net/test/embedded_test_server/embedded_test_server.h"
 
 namespace extensions {
 
 namespace {
 
 // Pass into ServiceWorkerTest::StartTestFromBackgroundPage to indicate that
 // registration is expected to succeed.
 std::string* const kExpectSuccess = nullptr;
 
@@ skipping 623 matching lines @@
   // present in the extension directory. Expect the resources of the iframe to
   // be served by the Service Worker.
   EXPECT_TRUE(content::ExecuteScriptAndExtractString(
       web_contents,
       base::StringPrintf("window.testIframe('%s', 'iframe_non_existent.html')",
                          extension->id().c_str()),
       &result));
   EXPECT_EQ("FROM_SW_RESOURCE", result);
 }
 
+// Tests that service worker serves resources even if they are embedded in an
+// insecure context.
+IN_PROC_BROWSER_TEST_F(ServiceWorkerTest,
+                       WebAccessibleResourcesInsecureIframe) {

[alexmos, 2016/06/02 23:54:47]

Can you run this through the linux_site_isolation trybot, just to make sure this
is working correctly with --site-per-process?

[falken, 2016/06/03 08:22:05]

That trybot is in the CQ_INCLUDE_TRYBOT so the CQ will run it (unfortunately,
git-cl try doesn't seem to know about it).

BTW can I do this locally with:
$ browser_tests --site-per-process
--gtest_filter="ServiceWorkerTest.WebAccessibleResourcesInsecureIframe"
?

+  const Extension* extension = LoadExtensionWithFlags(
+      test_data_dir_.AppendASCII(
+          "service_worker/web_accessible_resources/iframe_src"),
+      kFlagNone);
+  ASSERT_TRUE(extension);
+  ASSERT_TRUE(StartEmbeddedTestServer());
+  GURL page_url = embedded_test_server()->GetURL(
+      "/extensions/api_test/service_worker/web_accessible_resources/"
+      "webpage.html");
+  host_resolver()->AddRule("a.com", "127.0.0.1");
+  GURL::Replacements replace_host_and_scheme;
+  replace_host_and_scheme.SetHostStr("a.com");
+  replace_host_and_scheme.SetSchemeStr("http");
+  page_url = page_url.ReplaceComponents(replace_host_and_scheme);

[alexmos, 2016/06/02 23:54:47]

Why not just use embedded_test_server()->GetURL("a.com", "/rest/of/path")?

[falken, 2016/06/03 08:22:05]

Done. This is because I just copied jww's test in
https://codereview.chromium.org/1383483007

+
+  content::WebContents* web_contents = AddTab(browser(), page_url);
+  std::string result;
+  // webpage.html will create an iframe pointing to a resource from |extension|.
+  // Expect the resource to be served by the extension.
+  EXPECT_TRUE(content::ExecuteScriptAndExtractString(
+      web_contents, base::StringPrintf("window.testIframe('%s', 'iframe.html')",
+                                       extension->id().c_str()),
+      &result));
+  EXPECT_EQ("FROM_EXTENSION_RESOURCE", result);
+
+  ExtensionTestMessageListener service_worker_ready_listener("SW_READY", false);
+  EXPECT_TRUE(ExecuteScriptInBackgroundPageNoWait(
+      extension->id(), "window.registerServiceWorker()"));
+  EXPECT_TRUE(service_worker_ready_listener.WaitUntilSatisfied());
+
+  result.clear();
+  // webpage.html will create another iframe pointing to a resource from
+  // |extension| as before. But this time, the resource should be be served
+  // from the Service Worker.
+  EXPECT_TRUE(content::ExecuteScriptAndExtractString(
+      web_contents, base::StringPrintf("window.testIframe('%s', 'iframe.html')",
+                                       extension->id().c_str()),
+      &result));
+  EXPECT_EQ("FROM_SW_RESOURCE", result);
+
+  result.clear();
+  // webpage.html will create yet another iframe pointing to a resource that
+  // exists in the extension manifest's web_accessible_resources, but is not
+  // present in the extension directory. Expect the resources of the iframe to
+  // be served by the Service Worker.
+  EXPECT_TRUE(content::ExecuteScriptAndExtractString(
+      web_contents,
+      base::StringPrintf("window.testIframe('%s', 'iframe_non_existent.html')",
+                         extension->id().c_str()),
+      &result));
+  EXPECT_EQ("FROM_SW_RESOURCE", result);
+}
+
 IN_PROC_BROWSER_TEST_F(ServiceWorkerBackgroundSyncTest, Sync) {
   const Extension* extension = LoadExtensionWithFlags(
       test_data_dir_.AppendASCII("service_worker/sync"), kFlagNone);
   ASSERT_TRUE(extension);
   ui_test_utils::NavigateToURL(browser(),
                                extension->GetResourceURL("page.html"));
   content::WebContents* web_contents =
       browser()->tab_strip_model()->GetActiveWebContents();
 
   // Prevent firing by going offline.
@@ skipping 67 matching lines @@
   message.sender_id = "1234567890";
   message.raw_data = "testdata";
   message.decrypted = true;
   push_service()->SetMessageCallbackForTesting(run_loop.QuitClosure());
   push_service()->OnMessage(app_identifier.app_id(), message);
   EXPECT_TRUE(push_message_listener.WaitUntilSatisfied());
   run_loop.Run();  // Wait until the message is handled by push service.
 }
 
 }  // namespace extensions