| Index: net/url_request/url_request_http_job_unittest.cc
|
| diff --git a/net/url_request/url_request_http_job_unittest.cc b/net/url_request/url_request_http_job_unittest.cc
|
| index c44905536c529543a2a4cd4be1012b02f6924a53..24c424eeb2274243aab753f0fb738bbc337221b1 100644
|
| --- a/net/url_request/url_request_http_job_unittest.cc
|
| +++ b/net/url_request/url_request_http_job_unittest.cc
|
| @@ -751,6 +751,237 @@ TEST_F(URLRequestHttpJobTest, HSTSInternalRedirectTest) {
|
| }
|
| }
|
|
|
| +TEST_F(URLRequestHttpJobTest, UpgradeInsecureRequestRewritesTest) {
|
| + const char* kHttpOrigin1 = "http://origin1.test/";
|
| + const char* kHttpOrigin1WithPort = "http://origin1.test:999/";
|
| + const char* kHttpOrigin2 = "http://origin2.test/";
|
| + const char* kHttpsOrigin1 = "https://origin1.test/";
|
| + const char* kHttpsOrigin1WithPort = "https://origin1.test:999/";
|
| + const char* kHttpsOrigin2 = "https://origin2.test/";
|
| + const char* kWsOrigin1 = "ws://origin1.test/";
|
| + const char* kWsOrigin1WithPort = "ws://origin1.test:999/";
|
| + const char* kWsOrigin2 = "ws://origin2.test/";
|
| + const char* kWssOrigin1 = "wss://origin1.test/";
|
| + const char* kWssOrigin1WithPort = "wss://origin1.test:999/";
|
| + const char* kWssOrigin2 = "wss://origin2.test/";
|
| + const char* kWeirdOrigin1 = "weird://origin1.test/";
|
| +
|
| + struct TestCase {
|
| + const char* url;
|
| + const char* initiator;
|
| + URLRequest::InsecureRequestPolicy policy;
|
| + bool upgrade_expected;
|
| + const char* upgraded_url;
|
| + } cases[] = {
|
| + // HTTP Requests
|
| + // Secure origins are not upgraded:
|
| + {kHttpsOrigin1, kHttpOrigin1,
|
| + URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS, false, ""},
|
| + {kHttpsOrigin1, kHttpOrigin1,
|
| + URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, false, ""},
|
| + {kHttpsOrigin1, kHttpOrigin1, URLRequest::UPGRADE_ALL_INSECURE_REQUESTS,
|
| + false, ""},
|
| + {kHttpsOrigin1, kHttpOrigin2,
|
| + URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS, false, ""},
|
| + {kHttpsOrigin1, kHttpOrigin2,
|
| + URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, false, ""},
|
| + {kHttpsOrigin1, kHttpOrigin2, URLRequest::UPGRADE_ALL_INSECURE_REQUESTS,
|
| + false, ""},
|
| +
|
| + // DO_NOT_UPGRADE_INSECURE_REQUESTS doesn't upgrade insecure requests.
|
| + {kHttpOrigin1, kHttpOrigin1, URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS,
|
| + false, ""},
|
| + {kHttpOrigin1, kHttpOrigin2, URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS,
|
| + false, ""},
|
| + {kHttpOrigin1, kHttpsOrigin1,
|
| + URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS, false, ""},
|
| + {kHttpOrigin1, kHttpsOrigin2,
|
| + URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS, false, ""},
|
| +
|
| + // UPGRADE_ALL_INSECURE_REQUESTS does upgrade insecure requests.
|
| + {kHttpOrigin1, kHttpOrigin1, URLRequest::UPGRADE_ALL_INSECURE_REQUESTS,
|
| + true, kHttpsOrigin1},
|
| + {kHttpOrigin1, kHttpOrigin2, URLRequest::UPGRADE_ALL_INSECURE_REQUESTS,
|
| + true, kHttpsOrigin1},
|
| + {kHttpOrigin1, kHttpsOrigin1, URLRequest::UPGRADE_ALL_INSECURE_REQUESTS,
|
| + true, kHttpsOrigin1},
|
| + {kHttpOrigin1, kHttpsOrigin2, URLRequest::UPGRADE_ALL_INSECURE_REQUESTS,
|
| + true, kHttpsOrigin1},
|
| +
|
| + // UPGRADE_SAME_HOST_INSECURE_REQUESTS does upgrade insecure requests
|
| + // when the url's and initiator's hosts match.
|
| + {kHttpOrigin1, kHttpOrigin1,
|
| + URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, true, kHttpsOrigin1},
|
| + {kHttpOrigin1, kHttpOrigin2,
|
| + URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, false, ""},
|
| + {kHttpOrigin1, kHttpsOrigin1,
|
| + URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, true, kHttpsOrigin1},
|
| + {kHttpOrigin1, kHttpsOrigin2,
|
| + URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, false, ""},
|
| +
|
| + // Upgrades do not affect ports:
|
| + {kHttpOrigin1WithPort, kHttpOrigin1,
|
| + URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, true, kHttpsOrigin1WithPort},
|
| + {kHttpOrigin1WithPort, kHttpOrigin2,
|
| + URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, true, kHttpsOrigin1WithPort},
|
| + {kHttpOrigin1WithPort, kHttpOrigin1WithPort,
|
| + URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, true, kHttpsOrigin1WithPort},
|
| + {kHttpOrigin1WithPort, kHttpsOrigin1,
|
| + URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, true, kHttpsOrigin1WithPort},
|
| + {kHttpOrigin1WithPort, kHttpsOrigin2,
|
| + URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, true, kHttpsOrigin1WithPort},
|
| + {kHttpOrigin1WithPort, kHttpsOrigin1WithPort,
|
| + URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, true, kHttpsOrigin1WithPort},
|
| +
|
| + // Ports do not affect same-hostness:
|
| + {kHttpOrigin1WithPort, kHttpOrigin1,
|
| + URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, true,
|
| + kHttpsOrigin1WithPort},
|
| + {kHttpOrigin1WithPort, kHttpOrigin2,
|
| + URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, false, ""},
|
| + {kHttpOrigin1WithPort, kHttpsOrigin1,
|
| + URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, true,
|
| + kHttpsOrigin1WithPort},
|
| + {kHttpOrigin1WithPort, kHttpsOrigin2,
|
| + URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, false, ""},
|
| +
|
| + // WebSocket Requests
|
| + // Secure origins are not upgraded:
|
| + {kWssOrigin1, kWsOrigin1, URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS,
|
| + false, ""},
|
| + {kWssOrigin1, kWsOrigin1, URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS,
|
| + false, ""},
|
| + {kWssOrigin1, kWsOrigin1, URLRequest::UPGRADE_ALL_INSECURE_REQUESTS,
|
| + false, ""},
|
| + {kWssOrigin1, kWsOrigin2, URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS,
|
| + false, ""},
|
| + {kWssOrigin1, kWsOrigin2, URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS,
|
| + false, ""},
|
| + {kWssOrigin1, kWsOrigin2, URLRequest::UPGRADE_ALL_INSECURE_REQUESTS,
|
| + false, ""},
|
| +
|
| + // DO_NOT_UPGRADE_INSECURE_REQUESTS doesn't upgrade insecure requests.
|
| + {kWsOrigin1, kWsOrigin1, URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS,
|
| + false, ""},
|
| + {kWsOrigin1, kWsOrigin2, URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS,
|
| + false, ""},
|
| + {kWsOrigin1, kWssOrigin1, URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS,
|
| + false, ""},
|
| + {kWsOrigin1, kWssOrigin2, URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS,
|
| + false, ""},
|
| +
|
| + // UPGRADE_ALL_INSECURE_REQUESTS does upgrade insecure requests.
|
| + {kWsOrigin1, kWsOrigin1, URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, true,
|
| + kWssOrigin1},
|
| + {kWsOrigin1, kWsOrigin2, URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, true,
|
| + kWssOrigin1},
|
| + {kWsOrigin1, kWssOrigin1, URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, true,
|
| + kWssOrigin1},
|
| + {kWsOrigin1, kWssOrigin2, URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, true,
|
| + kWssOrigin1},
|
| +
|
| + // UPGRADE_SAME_HOST_INSECURE_REQUESTS does upgrade insecure requests
|
| + // when the url's and initiator's hosts match.
|
| + {kWsOrigin1, kWsOrigin1, URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS,
|
| + true, kWssOrigin1},
|
| + {kWsOrigin1, kWsOrigin2, URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS,
|
| + false, ""},
|
| + {kWsOrigin1, kWssOrigin1, URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS,
|
| + true, kWssOrigin1},
|
| + {kWsOrigin1, kWssOrigin2, URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS,
|
| + false, ""},
|
| +
|
| + // Upgrades do not affect ports:
|
| + {kWsOrigin1WithPort, kWsOrigin1,
|
| + URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, true, kWssOrigin1WithPort},
|
| + {kWsOrigin1WithPort, kWsOrigin2,
|
| + URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, true, kWssOrigin1WithPort},
|
| + {kWsOrigin1WithPort, kWsOrigin1WithPort,
|
| + URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, true, kWssOrigin1WithPort},
|
| + {kWsOrigin1WithPort, kWssOrigin1,
|
| + URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, true, kWssOrigin1WithPort},
|
| + {kWsOrigin1WithPort, kWssOrigin2,
|
| + URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, true, kWssOrigin1WithPort},
|
| + {kWsOrigin1WithPort, kWssOrigin1WithPort,
|
| + URLRequest::UPGRADE_ALL_INSECURE_REQUESTS, true, kWssOrigin1WithPort},
|
| +
|
| + // Ports do not affect same-hostness:
|
| + {kWsOrigin1WithPort, kWsOrigin1,
|
| + URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, true,
|
| + kWssOrigin1WithPort},
|
| + {kWsOrigin1WithPort, kWsOrigin2,
|
| + URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, false, ""},
|
| + {kWsOrigin1WithPort, kWssOrigin1,
|
| + URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, true,
|
| + kWssOrigin1WithPort},
|
| + {kWsOrigin1WithPort, kWssOrigin2,
|
| + URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, false, ""},
|
| +
|
| + // Weird Origins are not upgraded:
|
| + {kWeirdOrigin1, kWeirdOrigin1,
|
| + URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS, false, ""},
|
| + {kWeirdOrigin1, kWeirdOrigin1,
|
| + URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, false, ""},
|
| + {kWeirdOrigin1, kWeirdOrigin1, URLRequest::UPGRADE_ALL_INSECURE_REQUESTS,
|
| + false, ""},
|
| + {kWeirdOrigin1, kHttpOrigin1,
|
| + URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS, false, ""},
|
| + {kWeirdOrigin1, kHttpOrigin1,
|
| + URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, false, ""},
|
| + {kWeirdOrigin1, kHttpOrigin1, URLRequest::UPGRADE_ALL_INSECURE_REQUESTS,
|
| + false, ""},
|
| + {kWeirdOrigin1, kHttpsOrigin1,
|
| + URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS, false, ""},
|
| + {kWeirdOrigin1, kHttpsOrigin1,
|
| + URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, false, ""},
|
| + {kWeirdOrigin1, kHttpsOrigin1, URLRequest::UPGRADE_ALL_INSECURE_REQUESTS,
|
| + false, ""},
|
| + {kWeirdOrigin1, kWssOrigin1, URLRequest::DO_NOT_UPGRADE_INSECURE_REQUESTS,
|
| + false, ""},
|
| + {kWeirdOrigin1, kWssOrigin1,
|
| + URLRequest::UPGRADE_SAME_HOST_INSECURE_REQUESTS, false, ""},
|
| + {kWeirdOrigin1, kWssOrigin1, URLRequest::UPGRADE_ALL_INSECURE_REQUESTS,
|
| + false, ""},
|
| + };
|
| +
|
| + for (const auto& test : cases) {
|
| + SCOPED_TRACE(testing::Message() << "URL: " << test.url
|
| + << " Initiator: " << test.initiator
|
| + << " Policy: " << test.policy);
|
| + TestDelegate d;
|
| + TestNetworkDelegate network_delegate;
|
| + std::unique_ptr<URLRequest> r(
|
| + context_.CreateRequest(GURL(test.url), DEFAULT_PRIORITY, &d));
|
| + r->set_insecure_request_policy(test.policy);
|
| + r->set_initiator(url::Origin(GURL(test.initiator)));
|
| +
|
| + net_log_.Clear();
|
| + r->Start();
|
| + base::RunLoop().Run();
|
| +
|
| + if (test.upgrade_expected) {
|
| + net::TestNetLogEntry::List entries;
|
| + net_log_.GetEntries(&entries);
|
| + int rewrites = 0;
|
| + for (const auto& entry : entries) {
|
| + if (entry.type == net::NetLogEventType::URL_REQUEST_REWRITTEN) {
|
| + rewrites++;
|
| + std::string value;
|
| + EXPECT_TRUE(entry.GetStringValue("reason", &value));
|
| + EXPECT_EQ("Upgrade-Insecure-Requests", value);
|
| + }
|
| + }
|
| + EXPECT_EQ(0, d.received_redirect_count());
|
| + EXPECT_EQ(2u, r->url_chain().size());
|
| + EXPECT_EQ(GURL(test.upgraded_url), r->url());
|
| + } else {
|
| + EXPECT_EQ(0, d.received_redirect_count());
|
| + EXPECT_EQ(1u, r->url_chain().size());
|
| + EXPECT_EQ(GURL(test.url), r->url());
|
| + }
|
| + }
|
| +}
|
| +
|
| class MockSdchObserver : public SdchObserver {
|
| public:
|
| MockSdchObserver() {}
|
|
|
Chromium Code Reviews
Issue 2053693002:
WIP: Move 'Upgrade-Insecure-Requests' to the browser process.
Base URL: https://chromium.googlesource.com/chromium/src.git@replicate