Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(794)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/browser/extensions/service_worker_apitest.cc

Issue 2071433003: Reland: service worker: Don't control a subframe of an insecure context (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: revised Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chrome/browser/chrome_content_browser_client.cc ('k') | content/browser/service_worker/service_worker_browsertest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <stdint.h> 5 #include <stdint.h>
6 6
7 #include "base/bind_helpers.h" 7 #include "base/bind_helpers.h"
8 #include "base/macros.h" 8 #include "base/macros.h"
9 #include "base/strings/stringprintf.h" 9 #include "base/strings/stringprintf.h"
10 #include "base/strings/utf_string_conversions.h" 10 #include "base/strings/utf_string_conversions.h"
11 #include "chrome/browser/extensions/extension_apitest.h" 11 #include "chrome/browser/extensions/extension_apitest.h"
12 #include "chrome/browser/extensions/extension_service.h" 12 #include "chrome/browser/extensions/extension_service.h"
13 #include "chrome/browser/notifications/desktop_notification_profile_util.h" 13 #include "chrome/browser/notifications/desktop_notification_profile_util.h"
14 #include "chrome/browser/permissions/permission_manager.h" 14 #include "chrome/browser/permissions/permission_manager.h"
15 #include "chrome/browser/push_messaging/push_messaging_app_identifier.h" 15 #include "chrome/browser/push_messaging/push_messaging_app_identifier.h"
16 #include "chrome/browser/push_messaging/push_messaging_service_factory.h" 16 #include "chrome/browser/push_messaging/push_messaging_service_factory.h"
17 #include "chrome/browser/push_messaging/push_messaging_service_impl.h" 17 #include "chrome/browser/push_messaging/push_messaging_service_impl.h"
18 #include "chrome/browser/services/gcm/fake_gcm_profile_service.h" 18 #include "chrome/browser/services/gcm/fake_gcm_profile_service.h"
19 #include "chrome/browser/services/gcm/gcm_profile_service_factory.h" 19 #include "chrome/browser/services/gcm/gcm_profile_service_factory.h"
20 #include "chrome/browser/ui/tabs/tab_strip_model.h" 20 #include "chrome/browser/ui/tabs/tab_strip_model.h"
21 #include "chrome/test/base/ui_test_utils.h" 21 #include "chrome/test/base/ui_test_utils.h"
22 #include "components/version_info/version_info.h" 22 #include "components/version_info/version_info.h"
23 #include "content/public/browser/navigation_controller.h" 23 #include "content/public/browser/navigation_controller.h"
24 #include "content/public/browser/navigation_entry.h" 24 #include "content/public/browser/navigation_entry.h"
25 #include "content/public/browser/permission_type.h" 25 #include "content/public/browser/permission_type.h"
26 #include "content/public/browser/web_contents.h" 26 #include "content/public/browser/web_contents.h"
27 #include "content/public/common/content_switches.h" 27 #include "content/public/common/content_switches.h"
28 #include "content/public/common/origin_util.h"
28 #include "content/public/common/page_type.h" 29 #include "content/public/common/page_type.h"
29 #include "content/public/test/background_sync_test_util.h" 30 #include "content/public/test/background_sync_test_util.h"
30 #include "content/public/test/browser_test_utils.h" 31 #include "content/public/test/browser_test_utils.h"
31 #include "extensions/browser/extension_host.h" 32 #include "extensions/browser/extension_host.h"
32 #include "extensions/browser/extension_registry.h" 33 #include "extensions/browser/extension_registry.h"
33 #include "extensions/browser/process_manager.h" 34 #include "extensions/browser/process_manager.h"
34 #include "extensions/test/background_page_watcher.h" 35 #include "extensions/test/background_page_watcher.h"
35 #include "extensions/test/extension_test_message_listener.h" 36 #include "extensions/test/extension_test_message_listener.h"
37 #include "net/dns/mock_host_resolver.h"
36 #include "net/test/embedded_test_server/embedded_test_server.h" 38 #include "net/test/embedded_test_server/embedded_test_server.h"
37 39
38 namespace extensions { 40 namespace extensions {
39 41
40 namespace { 42 namespace {
41 43
42 // Pass into ServiceWorkerTest::StartTestFromBackgroundPage to indicate that 44 // Pass into ServiceWorkerTest::StartTestFromBackgroundPage to indicate that
43 // registration is expected to succeed. 45 // registration is expected to succeed.
44 std::string* const kExpectSuccess = nullptr; 46 std::string* const kExpectSuccess = nullptr;
45 47
(...skipping 581 matching lines...) Expand 10 before | Expand all | Expand 10 after
627 // This test also verifies that if the requested resource exists in the manifest 629 // This test also verifies that if the requested resource exists in the manifest
628 // but is not present in the extension directory, the Service Worker can still 630 // but is not present in the extension directory, the Service Worker can still
629 // serve the resource file. 631 // serve the resource file.
630 IN_PROC_BROWSER_TEST_F(ServiceWorkerTest, WebAccessibleResourcesIframeSrc) { 632 IN_PROC_BROWSER_TEST_F(ServiceWorkerTest, WebAccessibleResourcesIframeSrc) {
631 const Extension* extension = LoadExtensionWithFlags( 633 const Extension* extension = LoadExtensionWithFlags(
632 test_data_dir_.AppendASCII( 634 test_data_dir_.AppendASCII(
633 "service_worker/web_accessible_resources/iframe_src"), 635 "service_worker/web_accessible_resources/iframe_src"),
634 kFlagNone); 636 kFlagNone);
635 ASSERT_TRUE(extension); 637 ASSERT_TRUE(extension);
636 ASSERT_TRUE(StartEmbeddedTestServer()); 638 ASSERT_TRUE(StartEmbeddedTestServer());
637 GURL page_url = embedded_test_server()->GetURL( 639
638 "/extensions/api_test/service_worker/web_accessible_resources/" 640 // Service workers can only control secure contexts
639 "webpage.html"); 641 // (https://w3c.github.io/webappsec-secure-contexts/). For documents, this
642 // typically means the document must have a secure origin AND all its ancestor
643 // frames must have documents with secure origins. However, extension pages
644 // are considered secure, even if they have an ancestor document that is an
645 // insecure context (see GetSchemesBypassingSecureContextCheckWhitelist). So
646 // extension service workers must be able to control an extension page
647 // embedded in an insecure context. To test this, set up an insecure
648 // (non-localhost, non-https) URL for the web page. This page will create
649 // iframes that load extension pages that must be controllable by service
650 // worker.
651 host_resolver()->AddRule("a.com", "127.0.0.1");
652 GURL page_url =
653 embedded_test_server()->GetURL("a.com",
654 "/extensions/api_test/service_worker/"
655 "web_accessible_resources/webpage.html");
656 EXPECT_FALSE(content::IsOriginSecure(page_url));
640 657
641 content::WebContents* web_contents = AddTab(browser(), page_url); 658 content::WebContents* web_contents = AddTab(browser(), page_url);
642 std::string result; 659 std::string result;
643 // webpage.html will create an iframe pointing to a resource from |extension|. 660 // webpage.html will create an iframe pointing to a resource from |extension|.
644 // Expect the resource to be served by the extension. 661 // Expect the resource to be served by the extension.
645 EXPECT_TRUE(content::ExecuteScriptAndExtractString( 662 EXPECT_TRUE(content::ExecuteScriptAndExtractString(
646 web_contents, base::StringPrintf("window.testIframe('%s', 'iframe.html')", 663 web_contents, base::StringPrintf("window.testIframe('%s', 'iframe.html')",
647 extension->id().c_str()), 664 extension->id().c_str()),
648 &result)); 665 &result));
649 EXPECT_EQ("FROM_EXTENSION_RESOURCE", result); 666 EXPECT_EQ("FROM_EXTENSION_RESOURCE", result);
(...skipping 106 matching lines...) Expand 10 before | Expand all | Expand 10 after
756 message.sender_id = "1234567890"; 773 message.sender_id = "1234567890";
757 message.raw_data = "testdata"; 774 message.raw_data = "testdata";
758 message.decrypted = true; 775 message.decrypted = true;
759 push_service()->SetMessageCallbackForTesting(run_loop.QuitClosure()); 776 push_service()->SetMessageCallbackForTesting(run_loop.QuitClosure());
760 push_service()->OnMessage(app_identifier.app_id(), message); 777 push_service()->OnMessage(app_identifier.app_id(), message);
761 EXPECT_TRUE(push_message_listener.WaitUntilSatisfied()); 778 EXPECT_TRUE(push_message_listener.WaitUntilSatisfied());
762 run_loop.Run(); // Wait until the message is handled by push service. 779 run_loop.Run(); // Wait until the message is handled by push service.
763 } 780 }
764 781
765 } // namespace extensions 782 } // namespace extensions
OLDNEW
« no previous file with comments | « chrome/browser/chrome_content_browser_client.cc ('k') | content/browser/service_worker/service_worker_browsertest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698