service worker: Don't control a subframe of an insecure context

chrome/browser/extensions/service_worker_apitest.cc

Index: chrome/browser/extensions/service_worker_apitest.cc
diff --git a/chrome/browser/extensions/service_worker_apitest.cc b/chrome/browser/extensions/service_worker_apitest.cc
index 68c6e0a9789a47525be737054d08d074f4a80182..7e5632577bec844e3141a088d4b9cabce6446c31 100644
--- a/chrome/browser/extensions/service_worker_apitest.cc
+++ b/chrome/browser/extensions/service_worker_apitest.cc
@@ -31,6 +31,7 @@
 #include "extensions/browser/process_manager.h"
 #include "extensions/test/background_page_watcher.h"
 #include "extensions/test/extension_test_message_listener.h"
+#include "net/dns/mock_host_resolver.h"
 #include "net/test/embedded_test_server/embedded_test_server.h"
 
 namespace extensions {
@@ -674,6 +675,63 @@ IN_PROC_BROWSER_TEST_F(ServiceWorkerTest, WebAccessibleResourcesIframeSrc) {
   EXPECT_EQ("FROM_SW_RESOURCE", result);
 }
 
+// Tests that service worker serves resources even if they are embedded in an
+// insecure context.
+IN_PROC_BROWSER_TEST_F(ServiceWorkerTest,
+                       WebAccessibleResourcesInsecureIframe) {

[alexmos, 2016/06/02 23:54:47]

Can you run this through the linux_site_isolation trybot, just to make sure this
is working correctly with --site-per-process?

[falken, 2016/06/03 08:22:05]

That trybot is in the CQ_INCLUDE_TRYBOT so the CQ will run it (unfortunately,
git-cl try doesn't seem to know about it).

BTW can I do this locally with:
$ browser_tests --site-per-process
--gtest_filter="ServiceWorkerTest.WebAccessibleResourcesInsecureIframe"
?

+  const Extension* extension = LoadExtensionWithFlags(
+      test_data_dir_.AppendASCII(
+          "service_worker/web_accessible_resources/iframe_src"),
+      kFlagNone);
+  ASSERT_TRUE(extension);
+  ASSERT_TRUE(StartEmbeddedTestServer());
+  GURL page_url = embedded_test_server()->GetURL(
+      "/extensions/api_test/service_worker/web_accessible_resources/"
+      "webpage.html");
+  host_resolver()->AddRule("a.com", "127.0.0.1");
+  GURL::Replacements replace_host_and_scheme;
+  replace_host_and_scheme.SetHostStr("a.com");
+  replace_host_and_scheme.SetSchemeStr("http");
+  page_url = page_url.ReplaceComponents(replace_host_and_scheme);

[alexmos, 2016/06/02 23:54:47]

Why not just use embedded_test_server()->GetURL("a.com", "/rest/of/path")?

[falken, 2016/06/03 08:22:05]

Done. This is because I just copied jww's test in
https://codereview.chromium.org/1383483007

+
+  content::WebContents* web_contents = AddTab(browser(), page_url);
+  std::string result;
+  // webpage.html will create an iframe pointing to a resource from |extension|.
+  // Expect the resource to be served by the extension.
+  EXPECT_TRUE(content::ExecuteScriptAndExtractString(
+      web_contents, base::StringPrintf("window.testIframe('%s', 'iframe.html')",
+                                       extension->id().c_str()),
+      &result));
+  EXPECT_EQ("FROM_EXTENSION_RESOURCE", result);
+
+  ExtensionTestMessageListener service_worker_ready_listener("SW_READY", false);
+  EXPECT_TRUE(ExecuteScriptInBackgroundPageNoWait(
+      extension->id(), "window.registerServiceWorker()"));
+  EXPECT_TRUE(service_worker_ready_listener.WaitUntilSatisfied());
+
+  result.clear();
+  // webpage.html will create another iframe pointing to a resource from
+  // |extension| as before. But this time, the resource should be be served
+  // from the Service Worker.
+  EXPECT_TRUE(content::ExecuteScriptAndExtractString(
+      web_contents, base::StringPrintf("window.testIframe('%s', 'iframe.html')",
+                                       extension->id().c_str()),
+      &result));
+  EXPECT_EQ("FROM_SW_RESOURCE", result);
+
+  result.clear();
+  // webpage.html will create yet another iframe pointing to a resource that
+  // exists in the extension manifest's web_accessible_resources, but is not
+  // present in the extension directory. Expect the resources of the iframe to
+  // be served by the Service Worker.
+  EXPECT_TRUE(content::ExecuteScriptAndExtractString(
+      web_contents,
+      base::StringPrintf("window.testIframe('%s', 'iframe_non_existent.html')",
+                         extension->id().c_str()),
+      &result));
+  EXPECT_EQ("FROM_SW_RESOURCE", result);
+}
+
 IN_PROC_BROWSER_TEST_F(ServiceWorkerBackgroundSyncTest, Sync) {
   const Extension* extension = LoadExtensionWithFlags(
       test_data_dir_.AppendASCII("service_worker/sync"), kFlagNone);