Chromium Code Reviews Chromium Code Reviews
Issue 2046733003:
Replicate WebInsecureRequestPolicy instead of a bool for strict mixed content checks. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@securitycontext| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/browser/site_per_process_browsertest.h" | 5 #include "content/browser/site_per_process_browsertest.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 #include <stdint.h> | 8 #include <stdint.h> |
| 9 | 9 |
| 10 #include <algorithm> | 10 #include <algorithm> |
| (...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 50 #include "content/public/test/browser_test_utils.h" | 50 #include "content/public/test/browser_test_utils.h" |
| 51 #include "content/public/test/content_browser_test_utils.h" | 51 #include "content/public/test/content_browser_test_utils.h" |
| 52 #include "content/public/test/test_navigation_observer.h" | 52 #include "content/public/test/test_navigation_observer.h" |
| 53 #include "content/public/test/test_utils.h" | 53 #include "content/public/test/test_utils.h" |
| 54 #include "content/test/content_browser_test_utils_internal.h" | 54 #include "content/test/content_browser_test_utils_internal.h" |
| 55 #include "content/test/test_frame_navigation_observer.h" | 55 #include "content/test/test_frame_navigation_observer.h" |
| 56 #include "ipc/ipc_security_test_util.h" | 56 #include "ipc/ipc_security_test_util.h" |
| 57 #include "net/dns/mock_host_resolver.h" | 57 #include "net/dns/mock_host_resolver.h" |
| 58 #include "net/test/embedded_test_server/embedded_test_server.h" | 58 #include "net/test/embedded_test_server/embedded_test_server.h" |
| 59 #include "testing/gtest/include/gtest/gtest.h" | 59 #include "testing/gtest/include/gtest/gtest.h" |
| 60 #include "third_party/WebKit/public/platform/WebInsecureRequestPolicy.h" | |
| 60 #include "third_party/WebKit/public/web/WebInputEvent.h" | 61 #include "third_party/WebKit/public/web/WebInputEvent.h" |
| 61 #include "third_party/WebKit/public/web/WebSandboxFlags.h" | 62 #include "third_party/WebKit/public/web/WebSandboxFlags.h" |
| 62 #include "ui/display/display_switches.h" | 63 #include "ui/display/display_switches.h" |
| 63 #include "ui/events/event.h" | 64 #include "ui/events/event.h" |
| 64 #include "ui/events/event_utils.h" | 65 #include "ui/events/event_utils.h" |
| 65 #include "ui/gfx/geometry/point.h" | 66 #include "ui/gfx/geometry/point.h" |
| 66 | 67 |
| 67 #if defined(USE_AURA) | 68 #if defined(USE_AURA) |
| 68 #include "content/browser/renderer_host/render_widget_host_view_aura.h" | 69 #include "content/browser/renderer_host/render_widget_host_view_aura.h" |
| 69 #endif | 70 #endif |
| (...skipping 6043 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 6113 https_server.ServeFilesFromSourceDirectory("content/test/data"); | 6114 https_server.ServeFilesFromSourceDirectory("content/test/data"); |
| 6114 ASSERT_TRUE(https_server.Start()); | 6115 ASSERT_TRUE(https_server.Start()); |
| 6115 SetupCrossSiteRedirector(&https_server); | 6116 SetupCrossSiteRedirector(&https_server); |
| 6116 | 6117 |
| 6117 GURL iframe_url_with_strict_blocking(https_server.GetURL( | 6118 GURL iframe_url_with_strict_blocking(https_server.GetURL( |
| 6118 "/mixed-content/basic-passive-in-iframe-with-strict-blocking.html")); | 6119 "/mixed-content/basic-passive-in-iframe-with-strict-blocking.html")); |
| 6119 EXPECT_TRUE(NavigateToURL(shell(), iframe_url_with_strict_blocking)); | 6120 EXPECT_TRUE(NavigateToURL(shell(), iframe_url_with_strict_blocking)); |
| 6120 EXPECT_FALSE(shell()->web_contents()->DisplayedInsecureContent()); | 6121 EXPECT_FALSE(shell()->web_contents()->DisplayedInsecureContent()); |
| 6121 | 6122 |
| 6122 FrameTreeNode* root = web_contents()->GetFrameTree()->root(); | 6123 FrameTreeNode* root = web_contents()->GetFrameTree()->root(); |
| 6123 EXPECT_TRUE(root->current_replication_state() | 6124 EXPECT_EQ(blink::kBlockAllMixedContent, |
| 6124 .should_enforce_strict_mixed_content_checking); | 6125 root->current_replication_state().insecure_request_policy); |
| 6125 EXPECT_TRUE(root->child_at(0) | 6126 EXPECT_EQ( |
| 6126 ->current_replication_state() | 6127 blink::kBlockAllMixedContent, |
| 6127 .should_enforce_strict_mixed_content_checking); | 6128 root->child_at(0)->current_replication_state().insecure_request_policy); |
| 6128 | 6129 |
| 6129 // When the subframe navigates, it should still be marked as enforcing | 6130 // When the subframe navigates, it should still be marked as enforcing |
| 6130 // strict mixed content. | 6131 // strict mixed content. |
| 6131 GURL navigate_url(https_server.GetURL("/title1.html")); | 6132 GURL navigate_url(https_server.GetURL("/title1.html")); |
| 6132 NavigateFrameToURL(root->child_at(0), navigate_url); | 6133 NavigateFrameToURL(root->child_at(0), navigate_url); |
| 6133 EXPECT_TRUE(root->current_replication_state() | 6134 EXPECT_EQ(blink::kBlockAllMixedContent, |
| 6134 .should_enforce_strict_mixed_content_checking); | 6135 root->current_replication_state().insecure_request_policy); |
| 6135 EXPECT_TRUE(root->child_at(0) | 6136 EXPECT_EQ( |
| 6136 ->current_replication_state() | 6137 blink::kBlockAllMixedContent, |
| 6137 .should_enforce_strict_mixed_content_checking); | 6138 root->child_at(0)->current_replication_state().insecure_request_policy); |
| 6138 | 6139 |
| 6139 // When the main frame navigates, it should no longer be marked as | 6140 // When the main frame navigates, it should no longer be marked as |
| 6140 // enforcing strict mixed content. | 6141 // enforcing strict mixed content. |
| 6141 EXPECT_TRUE( | 6142 EXPECT_TRUE( |
| 6142 NavigateToURL(shell(), https_server.GetURL("b.com", "/title1.html"))); | 6143 NavigateToURL(shell(), https_server.GetURL("b.com", "/title1.html"))); |
| 6143 EXPECT_FALSE(root->current_replication_state() | 6144 EXPECT_EQ(blink::kLeaveInsecureRequestsAlone, |
| 6144 .should_enforce_strict_mixed_content_checking); | 6145 root->current_replication_state().insecure_request_policy); |
| 6146 } | |
| 6147 | |
| 6148 // Tests that, when a parent frame is set to upgrade insecure requests | |
| 6149 // via Content Security Policy, child OOPIFs will upgrade as well. | |
| 6150 IN_PROC_BROWSER_TEST_F(SitePerProcessIgnoreCertErrorsBrowserTest, | |
| 6151 PassiveMixedContentInIframeWithUpgrade) { | |
| 6152 net::EmbeddedTestServer https_server(net::EmbeddedTestServer::TYPE_HTTPS); | |
| 6153 https_server.ServeFilesFromSourceDirectory("content/test/data"); | |
| 6154 ASSERT_TRUE(https_server.Start()); | |
| 6155 SetupCrossSiteRedirector(&https_server); | |
| 6156 | |
| 6157 GURL iframe_url_with_strict_blocking(https_server.GetURL( | |
|
alexmos
2016/06/07 19:00:06
s/iframe_url_with_strict_blocking/iframe_url_with_
Mike West
2016/06/08 07:21:12
Done.
| |
| 6158 "/mixed-content/basic-passive-in-iframe-with-upgrade.html")); | |
| 6159 EXPECT_TRUE(NavigateToURL(shell(), iframe_url_with_strict_blocking)); | |
| 6160 EXPECT_FALSE(shell()->web_contents()->DisplayedInsecureContent()); | |
| 6161 | |
| 6162 FrameTreeNode* root = web_contents()->GetFrameTree()->root(); | |
| 6163 EXPECT_EQ(blink::kUpgradeInsecureRequests, | |
| 6164 root->current_replication_state().insecure_request_policy); | |
| 6165 EXPECT_EQ( | |
| 6166 blink::kUpgradeInsecureRequests, | |
| 6167 root->child_at(0)->current_replication_state().insecure_request_policy); | |
| 6168 | |
| 6169 // When the subframe navigates, it should still be marked as upgrading | |
| 6170 // insecure requests. | |
| 6171 GURL navigate_url(https_server.GetURL("/title1.html")); | |
| 6172 NavigateFrameToURL(root->child_at(0), navigate_url); | |
| 6173 EXPECT_EQ(blink::kUpgradeInsecureRequests, | |
| 6174 root->current_replication_state().insecure_request_policy); | |
| 6175 EXPECT_EQ( | |
| 6176 blink::kUpgradeInsecureRequests, | |
| 6177 root->child_at(0)->current_replication_state().insecure_request_policy); | |
| 6178 | |
| 6179 // When the main frame navigates, it should no longer be marked as | |
| 6180 // upgrading insecure requests. | |
| 6181 EXPECT_TRUE( | |
| 6182 NavigateToURL(shell(), https_server.GetURL("b.com", "/title1.html"))); | |
| 6183 EXPECT_EQ(blink::kLeaveInsecureRequestsAlone, | |
| 6184 root->current_replication_state().insecure_request_policy); | |
| 6145 } | 6185 } |
| 6146 | 6186 |
| 6147 // Tests that active mixed content is blocked in an OOPIF. The test | 6187 // Tests that active mixed content is blocked in an OOPIF. The test |
| 6148 // ignores cert errors so that an HTTPS iframe can be loaded from a site | 6188 // ignores cert errors so that an HTTPS iframe can be loaded from a site |
| 6149 // other than localhost (the EmbeddedTestServer serves a certificate | 6189 // other than localhost (the EmbeddedTestServer serves a certificate |
| 6150 // that is valid for localhost). | 6190 // that is valid for localhost). |
| 6151 IN_PROC_BROWSER_TEST_F(SitePerProcessIgnoreCertErrorsBrowserTest, | 6191 IN_PROC_BROWSER_TEST_F(SitePerProcessIgnoreCertErrorsBrowserTest, |
| 6152 ActiveMixedContentInIframe) { | 6192 ActiveMixedContentInIframe) { |
| 6153 net::EmbeddedTestServer https_server(net::EmbeddedTestServer::TYPE_HTTPS); | 6193 net::EmbeddedTestServer https_server(net::EmbeddedTestServer::TYPE_HTTPS); |
| 6154 https_server.ServeFilesFromSourceDirectory("content/test/data"); | 6194 https_server.ServeFilesFromSourceDirectory("content/test/data"); |
| (...skipping 1054 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 7209 EXPECT_TRUE(is_fullscreen_allowed(root->child_at(0))); | 7249 EXPECT_TRUE(is_fullscreen_allowed(root->child_at(0))); |
| 7210 EXPECT_TRUE(is_fullscreen_allowed(root->child_at(0)->child_at(0))); | 7250 EXPECT_TRUE(is_fullscreen_allowed(root->child_at(0)->child_at(0))); |
| 7211 | 7251 |
| 7212 // Cross-site navigation should preserve the fullscreen flags. | 7252 // Cross-site navigation should preserve the fullscreen flags. |
| 7213 NavigateFrameToURL(root->child_at(0)->child_at(0), | 7253 NavigateFrameToURL(root->child_at(0)->child_at(0), |
| 7214 embedded_test_server()->GetURL("d.com", "/title1.html")); | 7254 embedded_test_server()->GetURL("d.com", "/title1.html")); |
| 7215 EXPECT_TRUE(is_fullscreen_allowed(root->child_at(0)->child_at(0))); | 7255 EXPECT_TRUE(is_fullscreen_allowed(root->child_at(0)->child_at(0))); |
| 7216 } | 7256 } |
| 7217 | 7257 |
| 7218 } // namespace content | 7258 } // namespace content |
| OLD | NEW |
