| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <memory> | 5 #include <memory> |
| 6 #include <utility> | 6 #include <utility> |
| 7 | 7 |
| 8 #include "base/memory/ptr_util.h" | 8 #include "base/memory/ptr_util.h" |
| 9 #include "base/run_loop.h" | 9 #include "base/run_loop.h" |
| 10 #include "build/build_config.h" | 10 #include "build/build_config.h" |
| (...skipping 8431 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 8442 EXPECT_EQ(200, req->response_headers()->response_code()); | 8442 EXPECT_EQ(200, req->response_headers()->response_code()); |
| 8443 EXPECT_EQ("hello", d.data_received()); | 8443 EXPECT_EQ("hello", d.data_received()); |
| 8444 EXPECT_EQ(1, d.response_started_count()); | 8444 EXPECT_EQ(1, d.response_started_count()); |
| 8445 EXPECT_EQ(0, d.received_redirect_count()); | 8445 EXPECT_EQ(0, d.received_redirect_count()); |
| 8446 | 8446 |
| 8447 EXPECT_EQ(1, default_network_delegate()->created_requests()); | 8447 EXPECT_EQ(1, default_network_delegate()->created_requests()); |
| 8448 EXPECT_EQ(2, default_network_delegate()->before_start_transaction_count()); | 8448 EXPECT_EQ(2, default_network_delegate()->before_start_transaction_count()); |
| 8449 EXPECT_EQ(2, default_network_delegate()->headers_received_count()); | 8449 EXPECT_EQ(2, default_network_delegate()->headers_received_count()); |
| 8450 } | 8450 } |
| 8451 | 8451 |
| 8452 class URLRequestTestInsecureRequestPolicy : public URLRequestTest { |
| 8453 public: |
| 8454 URLRequestTestInsecureRequestPolicy() : context_(true) { |
| 8455 context_.set_host_resolver(&host_resolver_); |
| 8456 context_.set_network_delegate(&network_delegate_); |
| 8457 context_.set_net_log(&net_log_); |
| 8458 context_.Init(); |
| 8459 |
| 8460 http_server_.reset( |
| 8461 new EmbeddedTestServer(net::EmbeddedTestServer::TYPE_HTTP)); |
| 8462 http_server_->AddDefaultHandlers(base::FilePath(kTestFilePath)); |
| 8463 EXPECT_TRUE(http_server_->Start()); |
| 8464 https_server_.reset( |
| 8465 new EmbeddedTestServer(net::EmbeddedTestServer::TYPE_HTTPS)); |
| 8466 https_server_->AddDefaultHandlers( |
| 8467 base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))); |
| 8468 EXPECT_TRUE(https_server_->Start()); |
| 8469 } |
| 8470 |
| 8471 void VerifyUpgradeAfterRedirect(const GURL& target, |
| 8472 const GURL& initiator, |
| 8473 URLRequest::InsecureRequestPolicy policy, |
| 8474 const GURL& upgraded_url) { |
| 8475 GURL redirect_url = |
| 8476 https_server_->GetURL("/server-redirect?" + target.spec()); |
| 8477 |
| 8478 TestDelegate d; |
| 8479 std::unique_ptr<URLRequest> r( |
| 8480 context_.CreateRequest(redirect_url, DEFAULT_PRIORITY, &d)); |
| 8481 r->set_insecure_request_policy(policy); |
| 8482 r->set_initiator(url::Origin(initiator)); |
| 8483 net_log_.Clear(); |
| 8484 |
| 8485 r->Start(); |
| 8486 base::RunLoop().Run(); |
| 8487 |
| 8488 int rewrites = 0; |
| 8489 net::TestNetLogEntry::List entries; |
| 8490 net_log_.GetEntries(&entries); |
| 8491 for (const auto& entry : entries) { |
| 8492 if (entry.type == net::NetLogEventType::URL_REQUEST_REWRITTEN) { |
| 8493 rewrites++; |
| 8494 std::string value; |
| 8495 EXPECT_TRUE(entry.GetStringValue("reason", &value)); |
| 8496 EXPECT_EQ("Upgrade-Insecure-Requests", value); |
| 8497 } |
| 8498 } |
| 8499 |
| 8500 EXPECT_EQ(1, d.received_redirect_count()); |
| 8501 EXPECT_EQ(2u, r->url_chain().size()); |
| 8502 if (upgraded_url.is_empty()) { |
| 8503 EXPECT_EQ(target, r->url()); |
| 8504 EXPECT_EQ(0, rewrites); |
| 8505 } else { |
| 8506 EXPECT_EQ(upgraded_url, r->url()); |
| 8507 EXPECT_EQ(1, rewrites); |
| 8508 } |
| 8509 } |
| 8510 |
| 8511 protected: |
| 8512 std::unique_ptr<EmbeddedTestServer> http_server_; |
| 8513 std::unique_ptr<EmbeddedTestServer> https_server_; |
| 8514 MockHostResolver host_resolver_; |
| 8515 TestNetworkDelegate network_delegate_; |
| 8516 TestURLRequestContext context_; |
| 8517 TestNetLog net_log_; |
| 8518 }; |
| 8519 |
| 8520 TEST_F(URLRequestTestInsecureRequestPolicy, UpgradeAfterRedirect) { |
| 8521 const GURL kHttpOrigin1 = http_server_->GetURL("origin1.test", "/"); |
| 8522 const GURL kHttpOrigin2 = http_server_->GetURL("origin2.test", "/"); |
| 8523 const GURL kHttpsOrigin1 = https_server_->GetURL("origin1.test", "/"); |
| 8524 const GURL kHttpsOrigin2 = https_server_->GetURL("origin2.test", "/"); |
| 8525 |
| 8526 // The servers don't run on the default port, and Upgrade-Insecure-Requests |
| 8527 // leaves non-standard ports alone. So. To hack around this behavior, build an |
| 8528 // HTTP URL with the HTTPS server's port. If the upgrade fails, the request |
| 8529 // will timeout. |
| 8530 GURL::Replacements replacements; |
| 8531 replacements.SetSchemeStr(url::kHttpScheme); |
| 8532 const GURL kHttpOrigin1WithHttpsPort = |
| 8533 kHttpsOrigin1.ReplaceComponents(replacements); |
| 8534 |
| 8535 struct TestCase { |
| 8536 const GURL& target; |
| 8537 const GURL& initiator; |
| 8538 URLRequest::InsecureRequestPolicy policy; |
| 8539 const GURL& upgraded_url; |
| 8540 } cases[] = { |
| 8541 // HTTP Requests |
| 8542 // Secure origins are not upgraded, regardless of policy or initiator: |
| 8543 {kHttpsOrigin1, kHttpOrigin1, |
| 8544 URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS, GURL::EmptyGURL()}, |
| 8545 {kHttpsOrigin1, kHttpOrigin1, |
| 8546 URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, GURL::EmptyGURL()}, |
| 8547 {kHttpsOrigin1, kHttpOrigin1, URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, |
| 8548 GURL::EmptyGURL()}, |
| 8549 {kHttpsOrigin1, kHttpOrigin2, |
| 8550 URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS, GURL::EmptyGURL()}, |
| 8551 {kHttpsOrigin1, kHttpOrigin2, |
| 8552 URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, GURL::EmptyGURL()}, |
| 8553 {kHttpsOrigin1, kHttpOrigin2, URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, |
| 8554 GURL::EmptyGURL()}, |
| 8555 {kHttpsOrigin1, kHttpsOrigin1, |
| 8556 URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS, GURL::EmptyGURL()}, |
| 8557 {kHttpsOrigin1, kHttpsOrigin1, |
| 8558 URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, GURL::EmptyGURL()}, |
| 8559 {kHttpsOrigin1, kHttpsOrigin1, URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, |
| 8560 GURL::EmptyGURL()}, |
| 8561 {kHttpsOrigin1, kHttpsOrigin2, |
| 8562 URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS, GURL::EmptyGURL()}, |
| 8563 {kHttpsOrigin1, kHttpsOrigin2, |
| 8564 URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, GURL::EmptyGURL()}, |
| 8565 {kHttpsOrigin1, kHttpsOrigin2, URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, |
| 8566 GURL::EmptyGURL()}, |
| 8567 |
| 8568 // DO_NOT_UPGRADE_INSECURE_REQUESTS doesn't. |
| 8569 {kHttpOrigin1, kHttpOrigin1, URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS, |
| 8570 GURL::EmptyGURL()}, |
| 8571 {kHttpOrigin1, kHttpOrigin2, URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS, |
| 8572 GURL::EmptyGURL()}, |
| 8573 {kHttpOrigin1, kHttpsOrigin1, |
| 8574 URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS, GURL::EmptyGURL()}, |
| 8575 {kHttpOrigin1, kHttpsOrigin2, |
| 8576 URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS, GURL::EmptyGURL()}, |
| 8577 |
| 8578 // UPGRADE_ALL_INSECURE_REQUESTS does. |
| 8579 {kHttpOrigin1WithHttpsPort, kHttpOrigin1, |
| 8580 URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, kHttpsOrigin1}, |
| 8581 {kHttpOrigin1WithHttpsPort, kHttpOrigin2, |
| 8582 URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, kHttpsOrigin1}, |
| 8583 {kHttpOrigin1WithHttpsPort, kHttpsOrigin1, |
| 8584 URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, kHttpsOrigin1}, |
| 8585 {kHttpOrigin1WithHttpsPort, kHttpsOrigin2, |
| 8586 URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, kHttpsOrigin1}, |
| 8587 |
| 8588 // UPGRADE_SAME_HOST_INSECURE_REQUESTS upgrades insecure requests when the |
| 8589 // url's and initiator's hosts match. |
| 8590 {kHttpOrigin1WithHttpsPort, kHttpOrigin1, |
| 8591 URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, kHttpsOrigin1}, |
| 8592 {kHttpOrigin1, kHttpOrigin2, |
| 8593 URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, GURL::EmptyGURL()}, |
| 8594 {kHttpOrigin1WithHttpsPort, kHttpsOrigin1, |
| 8595 URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, kHttpsOrigin1}, |
| 8596 {kHttpOrigin1, kHttpsOrigin2, |
| 8597 URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, GURL::EmptyGURL()}, |
| 8598 }; |
| 8599 |
| 8600 for (const auto& test : cases) { |
| 8601 SCOPED_TRACE(testing::Message() << "Target: " << test.target |
| 8602 << " Initiator: " << test.initiator |
| 8603 << " Policy: " << test.policy); |
| 8604 VerifyUpgradeAfterRedirect(test.target, test.initiator, test.policy, |
| 8605 test.upgraded_url); |
| 8606 } |
| 8607 } |
| 8608 |
| 8452 class URLRequestTestReferrerPolicy : public URLRequestTest { | 8609 class URLRequestTestReferrerPolicy : public URLRequestTest { |
| 8453 public: | 8610 public: |
| 8454 URLRequestTestReferrerPolicy() {} | 8611 URLRequestTestReferrerPolicy() {} |
| 8455 | 8612 |
| 8456 void InstantiateSameOriginServers(net::EmbeddedTestServer::Type type) { | 8613 void InstantiateSameOriginServers(net::EmbeddedTestServer::Type type) { |
| 8457 origin_server_.reset(new EmbeddedTestServer(type)); | 8614 origin_server_.reset(new EmbeddedTestServer(type)); |
| 8458 if (type == net::EmbeddedTestServer::TYPE_HTTPS) { | 8615 if (type == net::EmbeddedTestServer::TYPE_HTTPS) { |
| 8459 origin_server_->AddDefaultHandlers( | 8616 origin_server_->AddDefaultHandlers( |
| 8460 base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))); | 8617 base::FilePath(FILE_PATH_LITERAL("net/data/ssl"))); |
| 8461 } else { | 8618 } else { |
| (...skipping 2409 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 10871 AddTestInterceptor()->set_main_intercept_job(std::move(job)); | 11028 AddTestInterceptor()->set_main_intercept_job(std::move(job)); |
| 10872 | 11029 |
| 10873 req->Start(); | 11030 req->Start(); |
| 10874 req->Cancel(); | 11031 req->Cancel(); |
| 10875 base::RunLoop().RunUntilIdle(); | 11032 base::RunLoop().RunUntilIdle(); |
| 10876 EXPECT_EQ(ERR_ABORTED, d.request_status()); | 11033 EXPECT_EQ(ERR_ABORTED, d.request_status()); |
| 10877 EXPECT_EQ(0, d.received_redirect_count()); | 11034 EXPECT_EQ(0, d.received_redirect_count()); |
| 10878 } | 11035 } |
| 10879 | 11036 |
| 10880 } // namespace net | 11037 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2053693002:
WIP: Move 'Upgrade-Insecure-Requests' to the browser process.
Base URL: https://chromium.googlesource.com/chromium/src.git@replicate