| Index: third_party/WebKit/Source/web/tests/WebFrameTest.cpp
|
| diff --git a/third_party/WebKit/Source/web/tests/WebFrameTest.cpp b/third_party/WebKit/Source/web/tests/WebFrameTest.cpp
|
| index 42bad3f9cf90c9f4b80effcc02a12ff65fcbd6a3..b2d4ad274c57325a801197399a9ac6e4980b9bcb 100644
|
| --- a/third_party/WebKit/Source/web/tests/WebFrameTest.cpp
|
| +++ b/third_party/WebKit/Source/web/tests/WebFrameTest.cpp
|
| @@ -8690,62 +8690,4 @@
|
| EXPECT_EQ("world", toCoreString(result->ToString(mainFrame->mainWorldScriptContext()).ToLocalChecked()));
|
| }
|
|
|
| -static void setSecurityOrigin(WebFrame* frame, PassRefPtr<SecurityOrigin> securityOrigin)
|
| -{
|
| - Document* document = frame->document();
|
| - document->setSecurityOrigin(securityOrigin);
|
| -}
|
| -
|
| -TEST_F(WebFrameTest, CanHaveSecureChild)
|
| -{
|
| - FrameTestHelpers::WebViewHelper helper;
|
| - FrameTestHelpers::TestWebFrameClient client;
|
| - helper.initialize(true, &client, nullptr, nullptr);
|
| - WebFrame* mainFrame = helper.webView()->mainFrame();
|
| - RefPtr<SecurityOrigin> secureOrigin = SecurityOrigin::createFromString("https://example.com");
|
| - RefPtr<SecurityOrigin> insecureOrigin = SecurityOrigin::createFromString("http://example.com");
|
| -
|
| - // Secure frame.
|
| - setSecurityOrigin(mainFrame, secureOrigin);
|
| - ASSERT_TRUE(mainFrame->canHaveSecureChild());
|
| -
|
| - // Insecure frame.
|
| - setSecurityOrigin(mainFrame, insecureOrigin);
|
| - ASSERT_FALSE(mainFrame->canHaveSecureChild());
|
| -
|
| - // Create a chain of frames.
|
| - FrameTestHelpers::loadFrame(mainFrame, "data:text/html,<iframe></iframe>");
|
| - WebFrame* childFrame = mainFrame->firstChild();
|
| - FrameTestHelpers::loadFrame(childFrame, "data:text/html,<iframe></iframe>");
|
| - WebFrame* grandchildFrame = childFrame->firstChild();
|
| -
|
| - // Secure -> insecure -> secure frame.
|
| - setSecurityOrigin(mainFrame, secureOrigin);
|
| - setSecurityOrigin(childFrame, insecureOrigin);
|
| - setSecurityOrigin(grandchildFrame, secureOrigin);
|
| - ASSERT_TRUE(mainFrame->canHaveSecureChild());
|
| - ASSERT_FALSE(childFrame->canHaveSecureChild());
|
| - ASSERT_FALSE(grandchildFrame->canHaveSecureChild());
|
| -
|
| - // A document in an insecure context can be considered secure if it has a
|
| - // scheme that bypasses the secure context check. But the exception doesn't
|
| - // apply to children of that document's frame.
|
| - SchemeRegistry::registerURLSchemeBypassingSecureContextCheck("very-special-scheme");
|
| - SchemeRegistry::registerURLSchemeAsSecure("very-special-scheme");
|
| - RefPtr<SecurityOrigin> specialOrigin = SecurityOrigin::createFromString("very-special-scheme://example.com");
|
| -
|
| - setSecurityOrigin(mainFrame, insecureOrigin);
|
| - setSecurityOrigin(childFrame, specialOrigin);
|
| - setSecurityOrigin(grandchildFrame, secureOrigin);
|
| - ASSERT_FALSE(mainFrame->canHaveSecureChild());
|
| - ASSERT_FALSE(childFrame->canHaveSecureChild());
|
| - ASSERT_FALSE(grandchildFrame->canHaveSecureChild());
|
| - Document* mainDocument = mainFrame->document();
|
| - Document* childDocument = childFrame->document();
|
| - Document* grandchildDocument = grandchildFrame->document();
|
| - ASSERT_FALSE(mainDocument->isSecureContext());
|
| - ASSERT_TRUE(childDocument->isSecureContext());
|
| - ASSERT_FALSE(grandchildDocument->isSecureContext());
|
| -}
|
| -
|
| } // namespace blink
|
|
|
Chromium Code Reviews
Issue 2055433002:
Revert of service worker: Don't control a subframe of an insecure context (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master