| Index: content/browser/service_worker/service_worker_provider_host_unittest.cc
|
| diff --git a/content/browser/service_worker/service_worker_provider_host_unittest.cc b/content/browser/service_worker/service_worker_provider_host_unittest.cc
|
| index cd478f0af690ac1c068216af3d84c5752f8cf5ad..a9bec57a6651e1768ce17bf6f3fcf8d2c866e2d1 100644
|
| --- a/content/browser/service_worker/service_worker_provider_host_unittest.cc
|
| +++ b/content/browser/service_worker/service_worker_provider_host_unittest.cc
|
| @@ -13,39 +13,58 @@
|
| #include "content/browser/service_worker/service_worker_register_job.h"
|
| #include "content/browser/service_worker/service_worker_registration.h"
|
| #include "content/browser/service_worker/service_worker_version.h"
|
| +#include "content/public/common/origin_util.h"
|
| #include "content/public/test/test_browser_thread_bundle.h"
|
| +#include "content/test/test_content_browser_client.h"
|
| +#include "content/test/test_content_client.h"
|
| #include "testing/gtest/include/gtest/gtest.h"
|
|
|
| namespace content {
|
|
|
| +const char kServiceWorkerScheme[] = "i-can-use-service-worker";
|
| +
|
| +class ServiceWorkerTestContentClient : public TestContentClient {
|
| + public:
|
| + void AddServiceWorkerSchemes(std::set<std::string>* schemes) override {
|
| + schemes->insert(kServiceWorkerScheme);
|
| + }
|
| +};
|
| +
|
| class ServiceWorkerProviderHostTest : public testing::Test {
|
| protected:
|
| ServiceWorkerProviderHostTest()
|
| - : thread_bundle_(TestBrowserThreadBundle::IO_MAINLOOP) {}
|
| + : thread_bundle_(TestBrowserThreadBundle::IO_MAINLOOP) {
|
| + SetContentClient(&test_content_client_);
|
| + }
|
| ~ServiceWorkerProviderHostTest() override {}
|
|
|
| void SetUp() override {
|
| + old_content_browser_client_ =
|
| + SetBrowserClientForTesting(&test_content_browser_client_);
|
| +
|
| helper_.reset(new EmbeddedWorkerTestHelper(base::FilePath()));
|
| context_ = helper_->context();
|
| - script_url_ = GURL("http://www.example.com/service_worker.js");
|
| + script_url_ = GURL("https://www.example.com/service_worker.js");
|
| registration1_ = new ServiceWorkerRegistration(
|
| - GURL("http://www.example.com/"), 1L, context_->AsWeakPtr());
|
| + GURL("https://www.example.com/"), 1L, context_->AsWeakPtr());
|
| registration2_ = new ServiceWorkerRegistration(
|
| - GURL("http://www.example.com/example"), 2L, context_->AsWeakPtr());
|
| + GURL("https://www.example.com/example"), 2L, context_->AsWeakPtr());
|
|
|
| // Prepare provider hosts (for the same process).
|
| std::unique_ptr<ServiceWorkerProviderHost> host1(
|
| - new ServiceWorkerProviderHost(helper_->mock_render_process_id(),
|
| - MSG_ROUTING_NONE, 1 /* provider_id */,
|
| - SERVICE_WORKER_PROVIDER_FOR_WINDOW,
|
| - context_->AsWeakPtr(), NULL));
|
| - host1->SetDocumentUrl(GURL("http://www.example.com/example1.html"));
|
| + new ServiceWorkerProviderHost(
|
| + helper_->mock_render_process_id(), MSG_ROUTING_NONE,
|
| + 1 /* provider_id */, SERVICE_WORKER_PROVIDER_FOR_WINDOW,
|
| + ServiceWorkerProviderHost::FrameSecurityLevel::SECURE,
|
| + context_->AsWeakPtr(), NULL));
|
| + host1->SetDocumentUrl(GURL("https://www.example.com/example1.html"));
|
| std::unique_ptr<ServiceWorkerProviderHost> host2(
|
| - new ServiceWorkerProviderHost(helper_->mock_render_process_id(),
|
| - MSG_ROUTING_NONE, 2 /* provider_id */,
|
| - SERVICE_WORKER_PROVIDER_FOR_WINDOW,
|
| - context_->AsWeakPtr(), NULL));
|
| - host2->SetDocumentUrl(GURL("http://www.example.com/example2.html"));
|
| + new ServiceWorkerProviderHost(
|
| + helper_->mock_render_process_id(), MSG_ROUTING_NONE,
|
| + 2 /* provider_id */, SERVICE_WORKER_PROVIDER_FOR_WINDOW,
|
| + ServiceWorkerProviderHost::FrameSecurityLevel::SECURE,
|
| + context_->AsWeakPtr(), NULL));
|
| + host2->SetDocumentUrl(GURL("https://www.example.com/example2.html"));
|
| provider_host1_ = host1->AsWeakPtr();
|
| provider_host2_ = host2->AsWeakPtr();
|
| context_->AddProviderHost(base::WrapUnique(host1.release()));
|
| @@ -56,6 +75,7 @@ class ServiceWorkerProviderHostTest : public testing::Test {
|
| registration1_ = 0;
|
| registration2_ = 0;
|
| helper_.reset();
|
| + SetBrowserClientForTesting(old_content_browser_client_);
|
| }
|
|
|
| bool PatternHasProcessToRun(const GURL& pattern) const {
|
| @@ -70,6 +90,9 @@ class ServiceWorkerProviderHostTest : public testing::Test {
|
| base::WeakPtr<ServiceWorkerProviderHost> provider_host1_;
|
| base::WeakPtr<ServiceWorkerProviderHost> provider_host2_;
|
| GURL script_url_;
|
| + ServiceWorkerTestContentClient test_content_client_;
|
| + TestContentBrowserClient test_content_browser_client_;
|
| + ContentBrowserClient* old_content_browser_client_;
|
|
|
| private:
|
| DISALLOW_COPY_AND_ASSIGN(ServiceWorkerProviderHostTest);
|
| @@ -128,4 +151,37 @@ TEST_F(ServiceWorkerProviderHostTest, MatchRegistration) {
|
| ASSERT_EQ(provider_host1_->MatchRegistration(), nullptr);
|
| }
|
|
|
| +TEST_F(ServiceWorkerProviderHostTest, ContextSecurity) {
|
| + using FrameSecurityLevel = ServiceWorkerProviderHost::FrameSecurityLevel;
|
| + content::ResetSchemesAndOriginsWhitelistForTesting();
|
| +
|
| + // Insecure document URL.
|
| + provider_host1_->SetDocumentUrl(GURL("http://host"));
|
| + provider_host1_->parent_frame_security_level_ = FrameSecurityLevel::SECURE;
|
| + EXPECT_FALSE(provider_host1_->IsContextSecureForServiceWorker());
|
| +
|
| + // Insecure parent frame.
|
| + provider_host1_->SetDocumentUrl(GURL("https://host"));
|
| + provider_host1_->parent_frame_security_level_ = FrameSecurityLevel::INSECURE;
|
| + EXPECT_FALSE(provider_host1_->IsContextSecureForServiceWorker());
|
| +
|
| + // Secure URL and parent frame.
|
| + provider_host1_->SetDocumentUrl(GURL("https://host"));
|
| + provider_host1_->parent_frame_security_level_ = FrameSecurityLevel::SECURE;
|
| + EXPECT_TRUE(provider_host1_->IsContextSecureForServiceWorker());
|
| +
|
| + // Exceptional service worker scheme.
|
| + GURL url(std::string(kServiceWorkerScheme) + "://host");
|
| + EXPECT_TRUE(url.is_valid());
|
| + provider_host1_->SetDocumentUrl(url);
|
| + provider_host1_->parent_frame_security_level_ = FrameSecurityLevel::SECURE;
|
| + EXPECT_FALSE(IsOriginSecure(url));
|
| + EXPECT_TRUE(OriginCanAccessServiceWorkers(url));
|
| + EXPECT_TRUE(provider_host1_->IsContextSecureForServiceWorker());
|
| +
|
| + // Exceptional service worker scheme with insecure parent frame.
|
| + provider_host1_->parent_frame_security_level_ = FrameSecurityLevel::INSECURE;
|
| + EXPECT_FALSE(provider_host1_->IsContextSecureForServiceWorker());
|
| +}
|
| +
|
| } // namespace content
|
|
|
Chromium Code Reviews
Issue 2061203002:
WIP Reland: service worker: Don't control a subframe of an insecure context
Base URL: https://chromium.googlesource.com/chromium/src.git@master