| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/url_request/url_request_http_job.h" | 5 #include "net/url_request/url_request_http_job.h" |
| 6 | 6 |
| 7 #include <stdint.h> | 7 #include <stdint.h> |
| 8 | 8 |
| 9 #include <cstddef> | 9 #include <cstddef> |
| 10 #include <memory> | 10 #include <memory> |
| (...skipping 733 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 744 EXPECT_EQ(1, d.received_redirect_count()); | 744 EXPECT_EQ(1, d.received_redirect_count()); |
| 745 EXPECT_EQ(2u, r->url_chain().size()); | 745 EXPECT_EQ(2u, r->url_chain().size()); |
| 746 } else { | 746 } else { |
| 747 EXPECT_EQ(0, d.received_redirect_count()); | 747 EXPECT_EQ(0, d.received_redirect_count()); |
| 748 EXPECT_EQ(1u, r->url_chain().size()); | 748 EXPECT_EQ(1u, r->url_chain().size()); |
| 749 } | 749 } |
| 750 EXPECT_EQ(GURL(test.url_expected), r->url()); | 750 EXPECT_EQ(GURL(test.url_expected), r->url()); |
| 751 } | 751 } |
| 752 } | 752 } |
| 753 | 753 |
| 754 TEST_F(URLRequestHttpJobTest, UpgradeInsecureRequestRewritesTest) { |
| 755 const char* kHttpOrigin1 = "http://origin1.test/"; |
| 756 const char* kHttpOrigin1WithPort = "http://origin1.test:999/"; |
| 757 const char* kHttpOrigin2 = "http://origin2.test/"; |
| 758 const char* kHttpsOrigin1 = "https://origin1.test/"; |
| 759 const char* kHttpsOrigin1WithPort = "https://origin1.test:999/"; |
| 760 const char* kHttpsOrigin2 = "https://origin2.test/"; |
| 761 const char* kWsOrigin1 = "ws://origin1.test/"; |
| 762 const char* kWsOrigin1WithPort = "ws://origin1.test:999/"; |
| 763 const char* kWsOrigin2 = "ws://origin2.test/"; |
| 764 const char* kWssOrigin1 = "wss://origin1.test/"; |
| 765 const char* kWssOrigin1WithPort = "wss://origin1.test:999/"; |
| 766 const char* kWssOrigin2 = "wss://origin2.test/"; |
| 767 const char* kWeirdOrigin1 = "weird://origin1.test/"; |
| 768 |
| 769 struct TestCase { |
| 770 const char* url; |
| 771 const char* initiator; |
| 772 URLRequest::InsecureRequestPolicy policy; |
| 773 bool upgrade_expected; |
| 774 const char* upgraded_url; |
| 775 } cases[] = { |
| 776 // HTTP Requests |
| 777 // Secure origins are not upgraded: |
| 778 {kHttpsOrigin1, kHttpOrigin1, |
| 779 URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS, false, ""}, |
| 780 {kHttpsOrigin1, kHttpOrigin1, |
| 781 URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, false, ""}, |
| 782 {kHttpsOrigin1, kHttpOrigin1, URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, |
| 783 false, ""}, |
| 784 {kHttpsOrigin1, kHttpOrigin2, |
| 785 URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS, false, ""}, |
| 786 {kHttpsOrigin1, kHttpOrigin2, |
| 787 URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, false, ""}, |
| 788 {kHttpsOrigin1, kHttpOrigin2, URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, |
| 789 false, ""}, |
| 790 |
| 791 // DO_NOT_UPGRADE_INSECURE_REQUESTS doesn't upgrade insecure requests. |
| 792 {kHttpOrigin1, kHttpOrigin1, URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS, |
| 793 false, ""}, |
| 794 {kHttpOrigin1, kHttpOrigin2, URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS, |
| 795 false, ""}, |
| 796 {kHttpOrigin1, kHttpsOrigin1, |
| 797 URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS, false, ""}, |
| 798 {kHttpOrigin1, kHttpsOrigin2, |
| 799 URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS, false, ""}, |
| 800 |
| 801 // UPGRADE_ALL_INSECURE_REQUESTS does upgrade insecure requests. |
| 802 {kHttpOrigin1, kHttpOrigin1, URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, |
| 803 true, kHttpsOrigin1}, |
| 804 {kHttpOrigin1, kHttpOrigin2, URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, |
| 805 true, kHttpsOrigin1}, |
| 806 {kHttpOrigin1, kHttpsOrigin1, URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, |
| 807 true, kHttpsOrigin1}, |
| 808 {kHttpOrigin1, kHttpsOrigin2, URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, |
| 809 true, kHttpsOrigin1}, |
| 810 |
| 811 // UPGRADE_SAME_HOST_INSECURE_REQUESTS does upgrade insecure requests |
| 812 // when the url's and initiator's hosts match. |
| 813 {kHttpOrigin1, kHttpOrigin1, |
| 814 URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, true, kHttpsOrigin1}, |
| 815 {kHttpOrigin1, kHttpOrigin2, |
| 816 URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, false, ""}, |
| 817 {kHttpOrigin1, kHttpsOrigin1, |
| 818 URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, true, kHttpsOrigin1}, |
| 819 {kHttpOrigin1, kHttpsOrigin2, |
| 820 URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, false, ""}, |
| 821 |
| 822 // Upgrades do not affect ports: |
| 823 {kHttpOrigin1WithPort, kHttpOrigin1, |
| 824 URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, true, kHttpsOrigin1WithPort}, |
| 825 {kHttpOrigin1WithPort, kHttpOrigin2, |
| 826 URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, true, kHttpsOrigin1WithPort}, |
| 827 {kHttpOrigin1WithPort, kHttpOrigin1WithPort, |
| 828 URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, true, kHttpsOrigin1WithPort}, |
| 829 {kHttpOrigin1WithPort, kHttpsOrigin1, |
| 830 URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, true, kHttpsOrigin1WithPort}, |
| 831 {kHttpOrigin1WithPort, kHttpsOrigin2, |
| 832 URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, true, kHttpsOrigin1WithPort}, |
| 833 {kHttpOrigin1WithPort, kHttpsOrigin1WithPort, |
| 834 URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, true, kHttpsOrigin1WithPort}, |
| 835 |
| 836 // Ports do not affect same-hostness: |
| 837 {kHttpOrigin1WithPort, kHttpOrigin1, |
| 838 URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, true, |
| 839 kHttpsOrigin1WithPort}, |
| 840 {kHttpOrigin1WithPort, kHttpOrigin2, |
| 841 URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, false, ""}, |
| 842 {kHttpOrigin1WithPort, kHttpsOrigin1, |
| 843 URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, true, |
| 844 kHttpsOrigin1WithPort}, |
| 845 {kHttpOrigin1WithPort, kHttpsOrigin2, |
| 846 URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, false, ""}, |
| 847 |
| 848 // WebSocket Requests |
| 849 // Secure origins are not upgraded: |
| 850 {kWssOrigin1, kWsOrigin1, URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS, |
| 851 false, ""}, |
| 852 {kWssOrigin1, kWsOrigin1, URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, |
| 853 false, ""}, |
| 854 {kWssOrigin1, kWsOrigin1, URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, |
| 855 false, ""}, |
| 856 {kWssOrigin1, kWsOrigin2, URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS, |
| 857 false, ""}, |
| 858 {kWssOrigin1, kWsOrigin2, URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, |
| 859 false, ""}, |
| 860 {kWssOrigin1, kWsOrigin2, URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, |
| 861 false, ""}, |
| 862 |
| 863 // DO_NOT_UPGRADE_INSECURE_REQUESTS doesn't upgrade insecure requests. |
| 864 {kWsOrigin1, kWsOrigin1, URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS, |
| 865 false, ""}, |
| 866 {kWsOrigin1, kWsOrigin2, URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS, |
| 867 false, ""}, |
| 868 {kWsOrigin1, kWssOrigin1, URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS, |
| 869 false, ""}, |
| 870 {kWsOrigin1, kWssOrigin2, URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS, |
| 871 false, ""}, |
| 872 |
| 873 // UPGRADE_ALL_INSECURE_REQUESTS does upgrade insecure requests. |
| 874 {kWsOrigin1, kWsOrigin1, URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, true, |
| 875 kWssOrigin1}, |
| 876 {kWsOrigin1, kWsOrigin2, URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, true, |
| 877 kWssOrigin1}, |
| 878 {kWsOrigin1, kWssOrigin1, URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, true, |
| 879 kWssOrigin1}, |
| 880 {kWsOrigin1, kWssOrigin2, URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, true, |
| 881 kWssOrigin1}, |
| 882 |
| 883 // UPGRADE_SAME_HOST_INSECURE_REQUESTS does upgrade insecure requests |
| 884 // when the url's and initiator's hosts match. |
| 885 {kWsOrigin1, kWsOrigin1, URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, |
| 886 true, kWssOrigin1}, |
| 887 {kWsOrigin1, kWsOrigin2, URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, |
| 888 false, ""}, |
| 889 {kWsOrigin1, kWssOrigin1, URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, |
| 890 true, kWssOrigin1}, |
| 891 {kWsOrigin1, kWssOrigin2, URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, |
| 892 false, ""}, |
| 893 |
| 894 // Upgrades do not affect ports: |
| 895 {kWsOrigin1WithPort, kWsOrigin1, |
| 896 URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, true, kWssOrigin1WithPort}, |
| 897 {kWsOrigin1WithPort, kWsOrigin2, |
| 898 URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, true, kWssOrigin1WithPort}, |
| 899 {kWsOrigin1WithPort, kWsOrigin1WithPort, |
| 900 URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, true, kWssOrigin1WithPort}, |
| 901 {kWsOrigin1WithPort, kWssOrigin1, |
| 902 URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, true, kWssOrigin1WithPort}, |
| 903 {kWsOrigin1WithPort, kWssOrigin2, |
| 904 URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, true, kWssOrigin1WithPort}, |
| 905 {kWsOrigin1WithPort, kWssOrigin1WithPort, |
| 906 URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, true, kWssOrigin1WithPort}, |
| 907 |
| 908 // Ports do not affect same-hostness: |
| 909 {kWsOrigin1WithPort, kWsOrigin1, |
| 910 URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, true, |
| 911 kWssOrigin1WithPort}, |
| 912 {kWsOrigin1WithPort, kWsOrigin2, |
| 913 URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, false, ""}, |
| 914 {kWsOrigin1WithPort, kWssOrigin1, |
| 915 URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, true, |
| 916 kWssOrigin1WithPort}, |
| 917 {kWsOrigin1WithPort, kWssOrigin2, |
| 918 URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, false, ""}, |
| 919 |
| 920 // Weird Origins are not upgraded: |
| 921 {kWeirdOrigin1, kWeirdOrigin1, |
| 922 URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS, false, ""}, |
| 923 {kWeirdOrigin1, kWeirdOrigin1, |
| 924 URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, false, ""}, |
| 925 {kWeirdOrigin1, kWeirdOrigin1, URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, |
| 926 false, ""}, |
| 927 {kWeirdOrigin1, kHttpOrigin1, |
| 928 URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS, false, ""}, |
| 929 {kWeirdOrigin1, kHttpOrigin1, |
| 930 URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, false, ""}, |
| 931 {kWeirdOrigin1, kHttpOrigin1, URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, |
| 932 false, ""}, |
| 933 {kWeirdOrigin1, kHttpsOrigin1, |
| 934 URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS, false, ""}, |
| 935 {kWeirdOrigin1, kHttpsOrigin1, |
| 936 URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, false, ""}, |
| 937 {kWeirdOrigin1, kHttpsOrigin1, URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, |
| 938 false, ""}, |
| 939 {kWeirdOrigin1, kWssOrigin1, URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS, |
| 940 false, ""}, |
| 941 {kWeirdOrigin1, kWssOrigin1, |
| 942 URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, false, ""}, |
| 943 {kWeirdOrigin1, kWssOrigin1, URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, |
| 944 false, ""}, |
| 945 }; |
| 946 |
| 947 for (const auto& test : cases) { |
| 948 SCOPED_TRACE(testing::Message() << "URL: " << test.url |
| 949 << " Initiator: " << test.initiator |
| 950 << " Policy: " << test.policy); |
| 951 TestDelegate d; |
| 952 TestNetworkDelegate network_delegate; |
| 953 std::unique_ptr<URLRequest> r( |
| 954 context_.CreateRequest(GURL(test.url), DEFAULT_PRIORITY, &d)); |
| 955 r->set_insecure_request_policy(test.policy); |
| 956 r->set_initiator(url::Origin(GURL(test.initiator))); |
| 957 |
| 958 net_log_.Clear(); |
| 959 r->Start(); |
| 960 base::RunLoop().Run(); |
| 961 |
| 962 if (test.upgrade_expected) { |
| 963 net::TestNetLogEntry::List entries; |
| 964 net_log_.GetEntries(&entries); |
| 965 int rewrites = 0; |
| 966 for (const auto& entry : entries) { |
| 967 if (entry.type == net::NetLogEventType::URL_REQUEST_REWRITTEN) { |
| 968 rewrites++; |
| 969 std::string value; |
| 970 EXPECT_TRUE(entry.GetStringValue("reason", &value)); |
| 971 EXPECT_EQ("Upgrade-Insecure-Requests", value); |
| 972 } |
| 973 } |
| 974 EXPECT_EQ(0, d.received_redirect_count()); |
| 975 EXPECT_EQ(2u, r->url_chain().size()); |
| 976 EXPECT_EQ(GURL(test.upgraded_url), r->url()); |
| 977 } else { |
| 978 EXPECT_EQ(0, d.received_redirect_count()); |
| 979 EXPECT_EQ(1u, r->url_chain().size()); |
| 980 EXPECT_EQ(GURL(test.url), r->url()); |
| 981 } |
| 982 } |
| 983 } |
| 984 |
| 754 class MockSdchObserver : public SdchObserver { | 985 class MockSdchObserver : public SdchObserver { |
| 755 public: | 986 public: |
| 756 MockSdchObserver() {} | 987 MockSdchObserver() {} |
| 757 MOCK_METHOD2(OnDictionaryAdded, | 988 MOCK_METHOD2(OnDictionaryAdded, |
| 758 void(const GURL& request_url, const std::string& server_hash)); | 989 void(const GURL& request_url, const std::string& server_hash)); |
| 759 MOCK_METHOD1(OnDictionaryRemoved, void(const std::string& server_hash)); | 990 MOCK_METHOD1(OnDictionaryRemoved, void(const std::string& server_hash)); |
| 760 MOCK_METHOD1(OnDictionaryUsed, void(const std::string& server_hash)); | 991 MOCK_METHOD1(OnDictionaryUsed, void(const std::string& server_hash)); |
| 761 MOCK_METHOD2(OnGetDictionary, | 992 MOCK_METHOD2(OnGetDictionary, |
| 762 void(const GURL& request_url, const GURL& dictionary_url)); | 993 void(const GURL& request_url, const GURL& dictionary_url)); |
| 763 MOCK_METHOD0(OnClearDictionaries, void()); | 994 MOCK_METHOD0(OnClearDictionaries, void()); |
| (...skipping 332 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1096 base::RunLoop().RunUntilIdle(); | 1327 base::RunLoop().RunUntilIdle(); |
| 1097 EXPECT_THAT(delegate_.request_status(), IsError(ERR_IO_PENDING)); | 1328 EXPECT_THAT(delegate_.request_status(), IsError(ERR_IO_PENDING)); |
| 1098 EXPECT_TRUE(fake_handshake_stream->initialize_stream_was_called()); | 1329 EXPECT_TRUE(fake_handshake_stream->initialize_stream_was_called()); |
| 1099 } | 1330 } |
| 1100 | 1331 |
| 1101 #endif // BUILDFLAG(ENABLE_WEBSOCKETS) | 1332 #endif // BUILDFLAG(ENABLE_WEBSOCKETS) |
| 1102 | 1333 |
| 1103 } // namespace | 1334 } // namespace |
| 1104 | 1335 |
| 1105 } // namespace net | 1336 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2053693002:
WIP: Move 'Upgrade-Insecure-Requests' to the browser process.
Base URL: https://chromium.googlesource.com/chromium/src.git@replicate