| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <stddef.h> | 5 #include <stddef.h> |
| 6 #include <stdint.h> | 6 #include <stdint.h> |
| 7 | 7 |
| 8 #include <memory> |
| 8 #include <set> | 9 #include <set> |
| 9 | 10 |
| 10 #include "base/command_line.h" | 11 #include "base/command_line.h" |
| 12 #include "base/files/file_util.h" |
| 13 #include "base/files/scoped_temp_dir.h" |
| 11 #include "base/json/json_reader.h" | 14 #include "base/json/json_reader.h" |
| 12 #include "base/location.h" | 15 #include "base/location.h" |
| 13 #include "base/memory/ref_counted.h" | 16 #include "base/memory/ref_counted.h" |
| 14 #include "base/path_service.h" | 17 #include "base/path_service.h" |
| 15 #include "base/single_thread_task_runner.h" | 18 #include "base/single_thread_task_runner.h" |
| 16 #include "base/strings/string_split.h" | 19 #include "base/strings/string_split.h" |
| 17 #include "base/strings/utf_string_conversions.h" | 20 #include "base/strings/utf_string_conversions.h" |
| 18 #include "base/threading/thread_task_runner_handle.h" | 21 #include "base/threading/thread_task_runner_handle.h" |
| 19 #include "base/values.h" | 22 #include "base/values.h" |
| 20 #include "build/build_config.h" | 23 #include "build/build_config.h" |
| (...skipping 2787 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2808 rfh_a->GetProcess(), RenderProcessHostWatcher::WATCH_FOR_PROCESS_EXIT); | 2811 rfh_a->GetProcess(), RenderProcessHostWatcher::WATCH_FOR_PROCESS_EXIT); |
| 2809 TestNavigationObserver commit_observer(web_contents); | 2812 TestNavigationObserver commit_observer(web_contents); |
| 2810 shell()->LoadURL(embedded_test_server()->GetURL("b.com", "/title1.html")); | 2813 shell()->LoadURL(embedded_test_server()->GetURL("b.com", "/title1.html")); |
| 2811 commit_observer.Wait(); | 2814 commit_observer.Wait(); |
| 2812 exit_observer.Wait(); | 2815 exit_observer.Wait(); |
| 2813 | 2816 |
| 2814 // Ensure the entry's title hasn't changed after the ignored commit. | 2817 // Ensure the entry's title hasn't changed after the ignored commit. |
| 2815 EXPECT_EQ(title, entry->GetTitle()); | 2818 EXPECT_EQ(title, entry->GetTitle()); |
| 2816 } | 2819 } |
| 2817 | 2820 |
| 2821 // Test that verifies that a cross-process transfer retains ability to read |
| 2822 // files encapsulated by HTTP POST body that is forwarded to the new renderer. |
| 2823 // Invalid handling of this scenario has been suspected as the cause of at least |
| 2824 // some of the renderer kills tracked in https://crbug.com/613260. |
| 2825 IN_PROC_BROWSER_TEST_F(RenderFrameHostManagerTest, PostWithFileData) { |
| 2826 // Navigate to the page with form that posts via 307 redirection to |
| 2827 // |redirect_target_url| (cross-site from |form_url|). |
| 2828 StartEmbeddedServer(); |
| 2829 GURL form_url(embedded_test_server()->GetURL( |
| 2830 "a.com", "/form_that_posts_cross_site.html")); |
| 2831 GURL redirect_target_url(embedded_test_server()->GetURL("x.com", "/echoall")); |
| 2832 EXPECT_TRUE(NavigateToURL(shell(), form_url)); |
| 2833 |
| 2834 // Prepare a file to upload. |
| 2835 base::ScopedTempDir temp_dir; |
| 2836 base::FilePath file_path; |
| 2837 std::string file_content("test-file-content"); |
| 2838 ASSERT_TRUE(temp_dir.CreateUniqueTempDir()); |
| 2839 ASSERT_TRUE(base::CreateTemporaryFileInDir(temp_dir.path(), &file_path)); |
| 2840 ASSERT_LT( |
| 2841 0, base::WriteFile(file_path, file_content.data(), file_content.size())); |
| 2842 |
| 2843 // Fill out the form to refer to the test file. |
| 2844 std::unique_ptr<FileChooserDelegate> delegate( |
| 2845 new FileChooserDelegate(file_path)); |
| 2846 shell()->web_contents()->SetDelegate(delegate.get()); |
| 2847 EXPECT_TRUE(ExecuteScript(shell()->web_contents(), |
| 2848 "document.getElementById('file').click();")); |
| 2849 EXPECT_TRUE(delegate->file_chosen()); |
| 2850 |
| 2851 // Remember the old process id for a sanity check below. |
| 2852 int old_process_id = shell()->web_contents()->GetRenderProcessHost()->GetID(); |
| 2853 |
| 2854 // Submit the form. |
| 2855 TestNavigationObserver form_post_observer(shell()->web_contents(), 1); |
| 2856 EXPECT_TRUE( |
| 2857 ExecuteScript(shell(), "document.getElementById('file-form').submit();")); |
| 2858 form_post_observer.Wait(); |
| 2859 |
| 2860 // Verify that we arrived at the expected, redirected location. |
| 2861 EXPECT_EQ(redirect_target_url, |
| 2862 shell()->web_contents()->GetLastCommittedURL()); |
| 2863 |
| 2864 // Verify that the test really verifies access of a *new* renderer process. |
| 2865 int new_process_id = shell()->web_contents()->GetRenderProcessHost()->GetID(); |
| 2866 if (SiteIsolationPolicy::UseDedicatedProcessesForAllSites()) |
| 2867 ASSERT_NE(new_process_id, old_process_id); |
| 2868 |
| 2869 // MAIN VERIFICATION: Check if the new renderer process is able to read the |
| 2870 // file. |
| 2871 EXPECT_TRUE(ChildProcessSecurityPolicyImpl::GetInstance()->CanReadFile( |
| 2872 new_process_id, file_path)); |
| 2873 |
| 2874 // Verify that POST body got preserved by 307 redirect. This expectation |
| 2875 // comes from: https://tools.ietf.org/html/rfc7231#section-6.4.7 |
| 2876 std::string actual_page_body; |
| 2877 EXPECT_TRUE(ExecuteScriptAndExtractString( |
| 2878 shell()->web_contents(), |
| 2879 "window.domAutomationController.send(" |
| 2880 "document.getElementsByTagName('pre')[0].innerText);", |
| 2881 &actual_page_body)); |
| 2882 EXPECT_THAT(actual_page_body, ::testing::HasSubstr(file_content)); |
| 2883 EXPECT_THAT(actual_page_body, |
| 2884 ::testing::HasSubstr(file_path.BaseName().value())); |
| 2885 EXPECT_THAT(actual_page_body, |
| 2886 ::testing::HasSubstr("form-data; name=\"file\"")); |
| 2887 } |
| 2888 |
| 2818 } // namespace content | 2889 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2062523002:
Fixing renderer's access to a file from HTTP POST (after a xsite transfer). (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master