Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1340)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/browser/frame_host/render_frame_host_manager_browsertest.cc

Issue 2062523002: Fixing renderer's access to a file from HTTP POST (after a xsite transfer). (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: One more test expectation. Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | content/browser/session_history_browsertest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/browser/frame_host/render_frame_host_manager_browsertest.cc
diff --git a/content/browser/frame_host/render_frame_host_manager_browsertest.cc b/content/browser/frame_host/render_frame_host_manager_browsertest.cc
index ae972e8f4b9030a85106be629abc2acbc67b7ba7..584758a583ca400297e8e6ec0951cc01251c3c01 100644
--- a/content/browser/frame_host/render_frame_host_manager_browsertest.cc
+++ b/content/browser/frame_host/render_frame_host_manager_browsertest.cc
@@ -5,9 +5,12 @@
#include <stddef.h>
#include <stdint.h>
+#include <memory>
#include <set>
#include "base/command_line.h"
+#include "base/files/file_util.h"
+#include "base/files/scoped_temp_dir.h"
#include "base/json/json_reader.h"
#include "base/location.h"
#include "base/memory/ref_counted.h"
@@ -2756,4 +2759,75 @@ IN_PROC_BROWSER_TEST_F(RenderFrameHostManagerTest,
EXPECT_EQ(title, entry->GetTitle());
}
+// Test that verifies that a cross-process transfer retains ability to read
+// files encapsulated by HTTP POST body that is forwarded to the new renderer.
+// Invalid handling of this scenario has been suspected as the cause of at least
+// some of the renderer kills tracked in https://crbug.com/613260.
+IN_PROC_BROWSER_TEST_F(RenderFrameHostManagerTest, PostWithFileData) {
+ // Navigate to the page with form that posts via 307 redirection to
+ // |redirect_target_url| (cross-site from |form_url|).
+ StartEmbeddedServer();
+ GURL form_url(embedded_test_server()->GetURL(
+ "a.com", "/form_that_posts_cross_site.html"));
+ GURL redirect_target_url(embedded_test_server()->GetURL("x.com", "/echoall"));
+ EXPECT_TRUE(NavigateToURL(shell(), form_url));
+
+ // Prepare a file to upload.
+ base::ScopedTempDir temp_dir;
+ base::FilePath file_path;
+ std::string file_content("test-file-content");
+ ASSERT_TRUE(temp_dir.CreateUniqueTempDir());
+ ASSERT_TRUE(base::CreateTemporaryFileInDir(temp_dir.path(), &file_path));
+ LOG(ERROR) << "Temporary file = " << file_path.value();
+ ASSERT_LT(
+ 0, base::WriteFile(file_path, file_content.data(), file_content.size()));
+
+ // Fill out the form to refer to the test file.
+ std::unique_ptr<FileChooserDelegate> delegate(
+ new FileChooserDelegate(file_path));
+ shell()->web_contents()->SetDelegate(delegate.get());
+ EXPECT_TRUE(ExecuteScript(shell()->web_contents(),
+ "document.getElementById('file').click();"));
+ EXPECT_TRUE(delegate->file_chosen());
+
+ // Check if the original renderer process is able to read the file
+ // (it shouldn't - it doesn't need to read the file; only the new
+ // renderer process reads the file [for XSSAuditor purposes]).
+ int old_process_id = shell()->web_contents()->GetRenderProcessHost()->GetID();
+ EXPECT_FALSE(ChildProcessSecurityPolicyImpl::GetInstance()->CanReadFile(
+ old_process_id, file_path));
Łukasz Anforowicz 2016/06/10 23:07:04 This test expectation fails today - sounds like an
+
+ // Submit the form.
+ TestNavigationObserver form_post_observer(shell()->web_contents(), 1);
+ EXPECT_TRUE(ExecuteScript(shell()->web_contents(),
+ "document.getElementById('file-form').submit();"));
+ form_post_observer.Wait();
+
+ // Verify that we arrived at the expected, redirected location.
+ EXPECT_EQ(redirect_target_url,
+ shell()->web_contents()->GetLastCommittedURL());
+
+ // Check if the new renderer process is able to read the file.
+ int new_process_id = shell()->web_contents()->GetRenderProcessHost()->GetID();
+ EXPECT_TRUE(ChildProcessSecurityPolicyImpl::GetInstance()->CanReadFile(
+ new_process_id, file_path));
+ // Check that the old renderer cannot read the file.
+ EXPECT_FALSE(ChildProcessSecurityPolicyImpl::GetInstance()->CanReadFile(
+ old_process_id, file_path));
Łukasz Anforowicz 2016/06/10 23:07:04 This test expectation also fails today - it seems
+
+ // Verify that POST body got preserved by 307 redirect. This expectation
+ // comes from: https://tools.ietf.org/html/rfc7231#section-6.4.7
+ std::string actual_page_body;
+ EXPECT_TRUE(ExecuteScriptAndExtractString(
+ shell()->web_contents(),
+ "window.domAutomationController.send("
+ "document.getElementsByTagName('pre')[0].innerText);",
+ &actual_page_body));
+ EXPECT_THAT(actual_page_body, ::testing::HasSubstr(file_content));
+ EXPECT_THAT(actual_page_body,
+ ::testing::HasSubstr(file_path.BaseName().value()));
+ EXPECT_THAT(actual_page_body,
+ ::testing::HasSubstr("form-data; name=\"file\""));
+}
+
} // namespace content
« no previous file with comments | « no previous file | content/browser/session_history_browsertest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698