Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(671)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/url_request/url_request_unittest.cc

Issue 2053693002: WIP: Move 'Upgrade-Insecure-Requests' to the browser process. Base URL: https://chromium.googlesource.com/chromium/src.git@replicate
Patch Set: Just redirects. Created 4 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/url_request/url_request.cc ('K') | « net/url_request/url_request_job.h ('k') | third_party/WebKit/LayoutTests/http/tests/security/upgrade-insecure-requests/basic-upgrade.https.html » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/url_request/url_request_unittest.cc
diff --git a/net/url_request/url_request_unittest.cc b/net/url_request/url_request_unittest.cc
index 60920ef3de116317c49efeddd53b1a18670379a7..020e62c4126fca3da1e75161d511bff22e5f08d9 100644
--- a/net/url_request/url_request_unittest.cc
+++ b/net/url_request/url_request_unittest.cc
@@ -8314,6 +8314,163 @@ TEST_F(URLRequestInterceptorTestHTTP,
EXPECT_EQ(2, default_network_delegate()->headers_received_count());
}
+class URLRequestTestInsecureRequestPolicy : public URLRequestTest {
+ public:
+ URLRequestTestInsecureRequestPolicy() : context_(true) {
+ context_.set_host_resolver(&host_resolver_);
+ context_.set_network_delegate(&network_delegate_);
+ context_.set_net_log(&net_log_);
+ context_.Init();
+
+ http_server_.reset(
+ new EmbeddedTestServer(net::EmbeddedTestServer::TYPE_HTTP));
+ http_server_->AddDefaultHandlers(base::FilePath(kTestFilePath));
+ EXPECT_TRUE(http_server_->Start());
+ https_server_.reset(
+ new EmbeddedTestServer(net::EmbeddedTestServer::TYPE_HTTPS));
+ https_server_->AddDefaultHandlers(
+ base::FilePath(FILE_PATH_LITERAL("net/data/ssl")));
+ EXPECT_TRUE(https_server_->Start());
+ }
+
+ void VerifyUpgradeAfterRedirect(const GURL& target,
+ const GURL& initiator,
+ URLRequest::InsecureRequestPolicy policy,
+ const GURL& upgraded_url) {
+ GURL redirect_url =
+ https_server_->GetURL("/server-redirect?" + target.spec());
+
+ TestDelegate d;
+ std::unique_ptr<URLRequest> r(
+ context_.CreateRequest(redirect_url, DEFAULT_PRIORITY, &d));
+ r->set_insecure_request_policy(policy);
+ r->set_initiator(url::Origin(initiator));
+ net_log_.Clear();
+
+ r->Start();
+ base::RunLoop().Run();
+
+ int rewrites = 0;
+ net::TestNetLogEntry::List entries;
+ net_log_.GetEntries(&entries);
+ for (const auto& entry : entries) {
+ if (entry.type == net::NetLogEventType::URL_REQUEST_REWRITTEN) {
+ rewrites++;
+ std::string value;
+ EXPECT_TRUE(entry.GetStringValue("reason", &value));
+ EXPECT_EQ("Upgrade-Insecure-Requests", value);
+ }
+ }
+
+ EXPECT_EQ(1, d.received_redirect_count());
+ EXPECT_EQ(2u, r->url_chain().size());
+ if (upgraded_url.is_empty()) {
+ EXPECT_EQ(target, r->url());
+ EXPECT_EQ(0, rewrites);
+ } else {
+ EXPECT_EQ(upgraded_url, r->url());
+ EXPECT_EQ(1, rewrites);
+ }
+ }
+
+ protected:
+ std::unique_ptr<EmbeddedTestServer> http_server_;
+ std::unique_ptr<EmbeddedTestServer> https_server_;
+ MockHostResolver host_resolver_;
+ TestNetworkDelegate network_delegate_;
+ TestURLRequestContext context_;
+ TestNetLog net_log_;
+};
+
+TEST_F(URLRequestTestInsecureRequestPolicy, UpgradeAfterRedirect) {
+ const GURL kHttpOrigin1 = http_server_->GetURL("origin1.test", "/");
+ const GURL kHttpOrigin2 = http_server_->GetURL("origin2.test", "/");
+ const GURL kHttpsOrigin1 = https_server_->GetURL("origin1.test", "/");
+ const GURL kHttpsOrigin2 = https_server_->GetURL("origin2.test", "/");
+
+ // The servers don't run on the default port, and Upgrade-Insecure-Requests
+ // leaves non-standard ports alone. So. To hack around this behavior, build an
+ // HTTP URL with the HTTPS server's port. If the upgrade fails, the request
+ // will timeout.
+ GURL::Replacements replacements;
+ replacements.SetSchemeStr(url::kHttpScheme);
+ const GURL kHttpOrigin1WithHttpsPort =
+ kHttpsOrigin1.ReplaceComponents(replacements);
+
+ struct TestCase {
+ const GURL& target;
+ const GURL& initiator;
+ URLRequest::InsecureRequestPolicy policy;
+ const GURL& upgraded_url;
+ } cases[] = {
+ // HTTP Requests
+ // Secure origins are not upgraded, regardless of policy or initiator:
+ {kHttpsOrigin1, kHttpOrigin1,
+ URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS, GURL::EmptyGURL()},
+ {kHttpsOrigin1, kHttpOrigin1,
+ URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, GURL::EmptyGURL()},
+ {kHttpsOrigin1, kHttpOrigin1, URLRequest::UPGRADE_ALL_INSECURE_REQUESTS,
+ GURL::EmptyGURL()},
+ {kHttpsOrigin1, kHttpOrigin2,
+ URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS, GURL::EmptyGURL()},
+ {kHttpsOrigin1, kHttpOrigin2,
+ URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, GURL::EmptyGURL()},
+ {kHttpsOrigin1, kHttpOrigin2, URLRequest::UPGRADE_ALL_INSECURE_REQUESTS,
+ GURL::EmptyGURL()},
+ {kHttpsOrigin1, kHttpsOrigin1,
+ URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS, GURL::EmptyGURL()},
+ {kHttpsOrigin1, kHttpsOrigin1,
+ URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, GURL::EmptyGURL()},
+ {kHttpsOrigin1, kHttpsOrigin1, URLRequest::UPGRADE_ALL_INSECURE_REQUESTS,
+ GURL::EmptyGURL()},
+ {kHttpsOrigin1, kHttpsOrigin2,
+ URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS, GURL::EmptyGURL()},
+ {kHttpsOrigin1, kHttpsOrigin2,
+ URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, GURL::EmptyGURL()},
+ {kHttpsOrigin1, kHttpsOrigin2, URLRequest::UPGRADE_ALL_INSECURE_REQUESTS,
+ GURL::EmptyGURL()},
+
+ // DO_NOT_UPGRADE_INSECURE_REQUESTS doesn't.
+ {kHttpOrigin1, kHttpOrigin1, URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS,
+ GURL::EmptyGURL()},
+ {kHttpOrigin1, kHttpOrigin2, URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS,
+ GURL::EmptyGURL()},
+ {kHttpOrigin1, kHttpsOrigin1,
+ URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS, GURL::EmptyGURL()},
+ {kHttpOrigin1, kHttpsOrigin2,
+ URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS, GURL::EmptyGURL()},
+
+ // UPGRADE_ALL_INSECURE_REQUESTS does.
+ {kHttpOrigin1WithHttpsPort, kHttpOrigin1,
+ URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, kHttpsOrigin1},
+ {kHttpOrigin1WithHttpsPort, kHttpOrigin2,
+ URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, kHttpsOrigin1},
+ {kHttpOrigin1WithHttpsPort, kHttpsOrigin1,
+ URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, kHttpsOrigin1},
+ {kHttpOrigin1WithHttpsPort, kHttpsOrigin2,
+ URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, kHttpsOrigin1},
+
+ // UPGRADE_SAME_HOST_INSECURE_REQUESTS upgrades insecure requests when the
+ // url's and initiator's hosts match.
+ {kHttpOrigin1WithHttpsPort, kHttpOrigin1,
+ URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, kHttpsOrigin1},
+ {kHttpOrigin1, kHttpOrigin2,
+ URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, GURL::EmptyGURL()},
+ {kHttpOrigin1WithHttpsPort, kHttpsOrigin1,
+ URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, kHttpsOrigin1},
+ {kHttpOrigin1, kHttpsOrigin2,
+ URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, GURL::EmptyGURL()},
+ };
+
+ for (const auto& test : cases) {
+ SCOPED_TRACE(testing::Message() << "Target: " << test.target
+ << " Initiator: " << test.initiator
+ << " Policy: " << test.policy);
+ VerifyUpgradeAfterRedirect(test.target, test.initiator, test.policy,
+ test.upgraded_url);
+ }
+}
+
class URLRequestTestReferrerPolicy : public URLRequestTest {
public:
URLRequestTestReferrerPolicy() {}
« net/url_request/url_request.cc ('K') | « net/url_request/url_request_job.h ('k') | third_party/WebKit/LayoutTests/http/tests/security/upgrade-insecure-requests/basic-upgrade.https.html » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698