Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(819)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/browser/site_per_process_browsertest.cc

Issue 2046733003: Replicate WebInsecureRequestPolicy instead of a bool for strict mixed content checks. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@securitycontext
Patch Set: Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« content/browser/frame_host/render_frame_host_manager_unittest.cc ('K') | « content/browser/frame_host/render_frame_host_manager_unittest.cc ('k') | content/common/DEPS » ('j') | content/common/frame_replication_state.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/browser/site_per_process_browsertest.cc
diff --git a/content/browser/site_per_process_browsertest.cc b/content/browser/site_per_process_browsertest.cc
index b4f99d79f2d774d1f42ab4084900273d4207f416..43a311715222d3baecda3101de43ed1ce027d508 100644
--- a/content/browser/site_per_process_browsertest.cc
+++ b/content/browser/site_per_process_browsertest.cc
@@ -57,6 +57,7 @@
#include "net/dns/mock_host_resolver.h"
#include "net/test/embedded_test_server/embedded_test_server.h"
#include "testing/gtest/include/gtest/gtest.h"
+#include "third_party/WebKit/public/platform/WebInsecureRequestPolicy.h"
#include "third_party/WebKit/public/web/WebInputEvent.h"
#include "third_party/WebKit/public/web/WebSandboxFlags.h"
#include "ui/display/display_switches.h"
@@ -6120,28 +6121,67 @@ IN_PROC_BROWSER_TEST_F(SitePerProcessIgnoreCertErrorsBrowserTest,
EXPECT_FALSE(shell()->web_contents()->DisplayedInsecureContent());
FrameTreeNode* root = web_contents()->GetFrameTree()->root();
- EXPECT_TRUE(root->current_replication_state()
- .should_enforce_strict_mixed_content_checking);
- EXPECT_TRUE(root->child_at(0)
- ->current_replication_state()
- .should_enforce_strict_mixed_content_checking);
+ EXPECT_EQ(blink::kBlockAllMixedContent,
+ root->current_replication_state().insecure_request_policy);
+ EXPECT_EQ(
+ blink::kBlockAllMixedContent,
+ root->child_at(0)->current_replication_state().insecure_request_policy);
// When the subframe navigates, it should still be marked as enforcing
// strict mixed content.
GURL navigate_url(https_server.GetURL("/title1.html"));
NavigateFrameToURL(root->child_at(0), navigate_url);
- EXPECT_TRUE(root->current_replication_state()
- .should_enforce_strict_mixed_content_checking);
- EXPECT_TRUE(root->child_at(0)
- ->current_replication_state()
- .should_enforce_strict_mixed_content_checking);
+ EXPECT_EQ(blink::kBlockAllMixedContent,
+ root->current_replication_state().insecure_request_policy);
+ EXPECT_EQ(
+ blink::kBlockAllMixedContent,
+ root->child_at(0)->current_replication_state().insecure_request_policy);
// When the main frame navigates, it should no longer be marked as
// enforcing strict mixed content.
EXPECT_TRUE(
NavigateToURL(shell(), https_server.GetURL("b.com", "/title1.html")));
- EXPECT_FALSE(root->current_replication_state()
- .should_enforce_strict_mixed_content_checking);
+ EXPECT_EQ(blink::kLeaveInsecureRequestsAlone,
+ root->current_replication_state().insecure_request_policy);
+}
+
+// Tests that, when a parent frame is set to upgrade insecure requests
+// via Content Security Policy, child OOPIFs will upgrade as well.
+IN_PROC_BROWSER_TEST_F(SitePerProcessIgnoreCertErrorsBrowserTest,
+ PassiveMixedContentInIframeWithUpgrade) {
+ net::EmbeddedTestServer https_server(net::EmbeddedTestServer::TYPE_HTTPS);
+ https_server.ServeFilesFromSourceDirectory("content/test/data");
+ ASSERT_TRUE(https_server.Start());
+ SetupCrossSiteRedirector(&https_server);
+
+ GURL iframe_url_with_strict_blocking(https_server.GetURL(
alexmos 2016/06/07 19:00:06 s/iframe_url_with_strict_blocking/iframe_url_with_
Mike West 2016/06/08 07:21:12 Done.
+ "/mixed-content/basic-passive-in-iframe-with-upgrade.html"));
+ EXPECT_TRUE(NavigateToURL(shell(), iframe_url_with_strict_blocking));
+ EXPECT_FALSE(shell()->web_contents()->DisplayedInsecureContent());
+
+ FrameTreeNode* root = web_contents()->GetFrameTree()->root();
+ EXPECT_EQ(blink::kUpgradeInsecureRequests,
+ root->current_replication_state().insecure_request_policy);
+ EXPECT_EQ(
+ blink::kUpgradeInsecureRequests,
+ root->child_at(0)->current_replication_state().insecure_request_policy);
+
+ // When the subframe navigates, it should still be marked as upgrading
+ // insecure requests.
+ GURL navigate_url(https_server.GetURL("/title1.html"));
+ NavigateFrameToURL(root->child_at(0), navigate_url);
+ EXPECT_EQ(blink::kUpgradeInsecureRequests,
+ root->current_replication_state().insecure_request_policy);
+ EXPECT_EQ(
+ blink::kUpgradeInsecureRequests,
+ root->child_at(0)->current_replication_state().insecure_request_policy);
+
+ // When the main frame navigates, it should no longer be marked as
+ // upgrading insecure requests.
+ EXPECT_TRUE(
+ NavigateToURL(shell(), https_server.GetURL("b.com", "/title1.html")));
+ EXPECT_EQ(blink::kLeaveInsecureRequestsAlone,
+ root->current_replication_state().insecure_request_policy);
}
// Tests that active mixed content is blocked in an OOPIF. The test
« content/browser/frame_host/render_frame_host_manager_unittest.cc ('K') | « content/browser/frame_host/render_frame_host_manager_unittest.cc ('k') | content/common/DEPS » ('j') | content/common/frame_replication_state.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698