| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <memory> | 5 #include <memory> |
| 6 #include <utility> | 6 #include <utility> |
| 7 | 7 |
| 8 #include "base/memory/ptr_util.h" | 8 #include "base/memory/ptr_util.h" |
| 9 #include "base/run_loop.h" | 9 #include "base/run_loop.h" |
| 10 #include "build/build_config.h" | 10 #include "build/build_config.h" |
| (...skipping 8296 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 8307 EXPECT_EQ(200, req->response_headers()->response_code()); | 8307 EXPECT_EQ(200, req->response_headers()->response_code()); |
| 8308 EXPECT_EQ("hello", d.data_received()); | 8308 EXPECT_EQ("hello", d.data_received()); |
| 8309 EXPECT_EQ(1, d.response_started_count()); | 8309 EXPECT_EQ(1, d.response_started_count()); |
| 8310 EXPECT_EQ(0, d.received_redirect_count()); | 8310 EXPECT_EQ(0, d.received_redirect_count()); |
| 8311 | 8311 |
| 8312 EXPECT_EQ(1, default_network_delegate()->created_requests()); | 8312 EXPECT_EQ(1, default_network_delegate()->created_requests()); |
| 8313 EXPECT_EQ(2, default_network_delegate()->before_start_transaction_count()); | 8313 EXPECT_EQ(2, default_network_delegate()->before_start_transaction_count()); |
| 8314 EXPECT_EQ(2, default_network_delegate()->headers_received_count()); | 8314 EXPECT_EQ(2, default_network_delegate()->headers_received_count()); |
| 8315 } | 8315 } |
| 8316 | 8316 |
| 8317 class URLRequestTestInsecureRequestPolicy : public URLRequestTest { |
| 8318 public: |
| 8319 URLRequestTestInsecureRequestPolicy() : context_(true) { |
| 8320 context_.set_host_resolver(&host_resolver_); |
| 8321 context_.set_network_delegate(&network_delegate_); |
| 8322 context_.set_net_log(&net_log_); |
| 8323 context_.Init(); |
| 8324 |
| 8325 http_server_.reset( |
| 8326 new EmbeddedTestServer(net::EmbeddedTestServer::TYPE_HTTP)); |
| 8327 http_server_->AddDefaultHandlers(base::FilePath(kTestFilePath)); |
| 8328 EXPECT_TRUE(http_server_->Start()); |
| 8329 https_server_.reset( |
| 8330 new EmbeddedTestServer(net::EmbeddedTestServer::TYPE_HTTPS)); |
| 8331 https_server_->AddDefaultHandlers( |
| 8332 base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))); |
| 8333 EXPECT_TRUE(https_server_->Start()); |
| 8334 } |
| 8335 |
| 8336 void VerifyUpgradeAfterRedirect(const GURL& target, |
| 8337 const GURL& initiator, |
| 8338 URLRequest::InsecureRequestPolicy policy, |
| 8339 const GURL& upgraded_url) { |
| 8340 GURL redirect_url = |
| 8341 https_server_->GetURL("/server-redirect?" + target.spec()); |
| 8342 |
| 8343 TestDelegate d; |
| 8344 std::unique_ptr<URLRequest> r( |
| 8345 context_.CreateRequest(redirect_url, DEFAULT_PRIORITY, &d)); |
| 8346 r->set_insecure_request_policy(policy); |
| 8347 r->set_initiator(url::Origin(initiator)); |
| 8348 net_log_.Clear(); |
| 8349 |
| 8350 r->Start(); |
| 8351 base::RunLoop().Run(); |
| 8352 |
| 8353 int rewrites = 0; |
| 8354 net::TestNetLogEntry::List entries; |
| 8355 net_log_.GetEntries(&entries); |
| 8356 for (const auto& entry : entries) { |
| 8357 if (entry.type == net::NetLogEventType::URL_REQUEST_REWRITTEN) { |
| 8358 rewrites++; |
| 8359 std::string value; |
| 8360 EXPECT_TRUE(entry.GetStringValue("reason", &value)); |
| 8361 EXPECT_EQ("Upgrade-Insecure-Requests", value); |
| 8362 } |
| 8363 } |
| 8364 |
| 8365 EXPECT_EQ(1, d.received_redirect_count()); |
| 8366 EXPECT_EQ(2u, r->url_chain().size()); |
| 8367 if (upgraded_url.is_empty()) { |
| 8368 EXPECT_EQ(target, r->url()); |
| 8369 EXPECT_EQ(0, rewrites); |
| 8370 } else { |
| 8371 EXPECT_EQ(upgraded_url, r->url()); |
| 8372 EXPECT_EQ(1, rewrites); |
| 8373 } |
| 8374 } |
| 8375 |
| 8376 protected: |
| 8377 std::unique_ptr<EmbeddedTestServer> http_server_; |
| 8378 std::unique_ptr<EmbeddedTestServer> https_server_; |
| 8379 MockHostResolver host_resolver_; |
| 8380 TestNetworkDelegate network_delegate_; |
| 8381 TestURLRequestContext context_; |
| 8382 TestNetLog net_log_; |
| 8383 }; |
| 8384 |
| 8385 TEST_F(URLRequestTestInsecureRequestPolicy, UpgradeAfterRedirect) { |
| 8386 const GURL kHttpOrigin1 = http_server_->GetURL("origin1.test", "/"); |
| 8387 const GURL kHttpOrigin2 = http_server_->GetURL("origin2.test", "/"); |
| 8388 const GURL kHttpsOrigin1 = https_server_->GetURL("origin1.test", "/"); |
| 8389 const GURL kHttpsOrigin2 = https_server_->GetURL("origin2.test", "/"); |
| 8390 |
| 8391 // The servers don't run on the default port, and Upgrade-Insecure-Requests |
| 8392 // leaves non-standard ports alone. So. To hack around this behavior, build an |
| 8393 // HTTP URL with the HTTPS server's port. If the upgrade fails, the request |
| 8394 // will timeout. |
| 8395 GURL::Replacements replacements; |
| 8396 replacements.SetSchemeStr(url::kHttpScheme); |
| 8397 const GURL kHttpOrigin1WithHttpsPort = |
| 8398 kHttpsOrigin1.ReplaceComponents(replacements); |
| 8399 |
| 8400 struct TestCase { |
| 8401 const GURL& target; |
| 8402 const GURL& initiator; |
| 8403 URLRequest::InsecureRequestPolicy policy; |
| 8404 const GURL& upgraded_url; |
| 8405 } cases[] = { |
| 8406 // HTTP Requests |
| 8407 // Secure origins are not upgraded, regardless of policy or initiator: |
| 8408 {kHttpsOrigin1, kHttpOrigin1, |
| 8409 URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS, GURL::EmptyGURL()}, |
| 8410 {kHttpsOrigin1, kHttpOrigin1, |
| 8411 URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, GURL::EmptyGURL()}, |
| 8412 {kHttpsOrigin1, kHttpOrigin1, URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, |
| 8413 GURL::EmptyGURL()}, |
| 8414 {kHttpsOrigin1, kHttpOrigin2, |
| 8415 URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS, GURL::EmptyGURL()}, |
| 8416 {kHttpsOrigin1, kHttpOrigin2, |
| 8417 URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, GURL::EmptyGURL()}, |
| 8418 {kHttpsOrigin1, kHttpOrigin2, URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, |
| 8419 GURL::EmptyGURL()}, |
| 8420 {kHttpsOrigin1, kHttpsOrigin1, |
| 8421 URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS, GURL::EmptyGURL()}, |
| 8422 {kHttpsOrigin1, kHttpsOrigin1, |
| 8423 URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, GURL::EmptyGURL()}, |
| 8424 {kHttpsOrigin1, kHttpsOrigin1, URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, |
| 8425 GURL::EmptyGURL()}, |
| 8426 {kHttpsOrigin1, kHttpsOrigin2, |
| 8427 URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS, GURL::EmptyGURL()}, |
| 8428 {kHttpsOrigin1, kHttpsOrigin2, |
| 8429 URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, GURL::EmptyGURL()}, |
| 8430 {kHttpsOrigin1, kHttpsOrigin2, URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, |
| 8431 GURL::EmptyGURL()}, |
| 8432 |
| 8433 // DO_NOT_UPGRADE_INSECURE_REQUESTS doesn't. |
| 8434 {kHttpOrigin1, kHttpOrigin1, URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS, |
| 8435 GURL::EmptyGURL()}, |
| 8436 {kHttpOrigin1, kHttpOrigin2, URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS, |
| 8437 GURL::EmptyGURL()}, |
| 8438 {kHttpOrigin1, kHttpsOrigin1, |
| 8439 URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS, GURL::EmptyGURL()}, |
| 8440 {kHttpOrigin1, kHttpsOrigin2, |
| 8441 URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS, GURL::EmptyGURL()}, |
| 8442 |
| 8443 // UPGRADE_ALL_INSECURE_REQUESTS does. |
| 8444 {kHttpOrigin1WithHttpsPort, kHttpOrigin1, |
| 8445 URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, kHttpsOrigin1}, |
| 8446 {kHttpOrigin1WithHttpsPort, kHttpOrigin2, |
| 8447 URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, kHttpsOrigin1}, |
| 8448 {kHttpOrigin1WithHttpsPort, kHttpsOrigin1, |
| 8449 URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, kHttpsOrigin1}, |
| 8450 {kHttpOrigin1WithHttpsPort, kHttpsOrigin2, |
| 8451 URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, kHttpsOrigin1}, |
| 8452 |
| 8453 // UPGRADE_SAME_HOST_INSECURE_REQUESTS upgrades insecure requests when the |
| 8454 // url's and initiator's hosts match. |
| 8455 {kHttpOrigin1WithHttpsPort, kHttpOrigin1, |
| 8456 URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, kHttpsOrigin1}, |
| 8457 {kHttpOrigin1, kHttpOrigin2, |
| 8458 URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, GURL::EmptyGURL()}, |
| 8459 {kHttpOrigin1WithHttpsPort, kHttpsOrigin1, |
| 8460 URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, kHttpsOrigin1}, |
| 8461 {kHttpOrigin1, kHttpsOrigin2, |
| 8462 URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, GURL::EmptyGURL()}, |
| 8463 }; |
| 8464 |
| 8465 for (const auto& test : cases) { |
| 8466 SCOPED_TRACE(testing::Message() << "Target: " << test.target |
| 8467 << " Initiator: " << test.initiator |
| 8468 << " Policy: " << test.policy); |
| 8469 VerifyUpgradeAfterRedirect(test.target, test.initiator, test.policy, |
| 8470 test.upgraded_url); |
| 8471 } |
| 8472 } |
| 8473 |
| 8317 class URLRequestTestReferrerPolicy : public URLRequestTest { | 8474 class URLRequestTestReferrerPolicy : public URLRequestTest { |
| 8318 public: | 8475 public: |
| 8319 URLRequestTestReferrerPolicy() {} | 8476 URLRequestTestReferrerPolicy() {} |
| 8320 | 8477 |
| 8321 void InstantiateSameOriginServers(net::EmbeddedTestServer::Type type) { | 8478 void InstantiateSameOriginServers(net::EmbeddedTestServer::Type type) { |
| 8322 origin_server_.reset(new EmbeddedTestServer(type)); | 8479 origin_server_.reset(new EmbeddedTestServer(type)); |
| 8323 if (type == net::EmbeddedTestServer::TYPE_HTTPS) { | 8480 if (type == net::EmbeddedTestServer::TYPE_HTTPS) { |
| 8324 origin_server_->AddDefaultHandlers( | 8481 origin_server_->AddDefaultHandlers( |
| 8325 base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))); | 8482 base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))); |
| 8326 } else { | 8483 } else { |
| (...skipping 2307 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 10634 AddTestInterceptor()->set_main_intercept_job(std::move(job)); | 10791 AddTestInterceptor()->set_main_intercept_job(std::move(job)); |
| 10635 | 10792 |
| 10636 req->Start(); | 10793 req->Start(); |
| 10637 req->Cancel(); | 10794 req->Cancel(); |
| 10638 base::RunLoop().RunUntilIdle(); | 10795 base::RunLoop().RunUntilIdle(); |
| 10639 EXPECT_EQ(ERR_ABORTED, d.request_status()); | 10796 EXPECT_EQ(ERR_ABORTED, d.request_status()); |
| 10640 EXPECT_EQ(0, d.received_redirect_count()); | 10797 EXPECT_EQ(0, d.received_redirect_count()); |
| 10641 } | 10798 } |
| 10642 | 10799 |
| 10643 } // namespace net | 10800 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2053693002:
WIP: Move 'Upgrade-Insecure-Requests' to the browser process.
Base URL: https://chromium.googlesource.com/chromium/src.git@replicate