| Index: third_party/WebKit/Source/web/tests/WebFrameTest.cpp
|
| diff --git a/third_party/WebKit/Source/web/tests/WebFrameTest.cpp b/third_party/WebKit/Source/web/tests/WebFrameTest.cpp
|
| index 4b6d25479e55330bf4a7ecbdafc01ca2683bb686..cc7b8361721960a8952dd8a7d51038e72a3e0cbc 100644
|
| --- a/third_party/WebKit/Source/web/tests/WebFrameTest.cpp
|
| +++ b/third_party/WebKit/Source/web/tests/WebFrameTest.cpp
|
| @@ -8644,4 +8644,62 @@ TEST(WebFrameGlobalReuseTest, ReuseForMainFrameIfEnabled)
|
| EXPECT_EQ("world", toCoreString(result->ToString(mainFrame->mainWorldScriptContext()).ToLocalChecked()));
|
| }
|
|
|
| +static void setSecurityOrigin(WebFrame* frame, PassRefPtr<SecurityOrigin> securityOrigin)
|
| +{
|
| + Document* document = frame->document();
|
| + document->setSecurityOrigin(securityOrigin);
|
| +}
|
| +
|
| +TEST_F(WebFrameTest, CanHaveSecureChild)
|
| +{
|
| + FrameTestHelpers::WebViewHelper helper;
|
| + FrameTestHelpers::TestWebFrameClient client;
|
| + helper.initialize(true, &client, nullptr, nullptr);
|
| + WebFrame* mainFrame = helper.webView()->mainFrame();
|
| + RefPtr<SecurityOrigin> secureOrigin = SecurityOrigin::createFromString("https://example.com");
|
| + RefPtr<SecurityOrigin> insecureOrigin = SecurityOrigin::createFromString("http://example.com");
|
| +
|
| + // Secure frame.
|
| + setSecurityOrigin(mainFrame, secureOrigin);
|
| + ASSERT_TRUE(mainFrame->canHaveSecureChild());
|
| +
|
| + // Insecure frame.
|
| + setSecurityOrigin(mainFrame, insecureOrigin);
|
| + ASSERT_FALSE(mainFrame->canHaveSecureChild());
|
| +
|
| + // Create a chain of frames.
|
| + FrameTestHelpers::loadFrame(mainFrame, "data:text/html,<iframe></iframe>");
|
| + WebFrame* childFrame = mainFrame->firstChild();
|
| + FrameTestHelpers::loadFrame(childFrame, "data:text/html,<iframe></iframe>");
|
| + WebFrame* grandchildFrame = childFrame->firstChild();
|
| +
|
| + // Secure -> insecure -> secure frame.
|
| + setSecurityOrigin(mainFrame, secureOrigin);
|
| + setSecurityOrigin(childFrame, insecureOrigin);
|
| + setSecurityOrigin(grandchildFrame, secureOrigin);
|
| + ASSERT_TRUE(mainFrame->canHaveSecureChild());
|
| + ASSERT_FALSE(childFrame->canHaveSecureChild());
|
| + ASSERT_FALSE(grandchildFrame->canHaveSecureChild());
|
| +
|
| + // A document in an insecure context can be considered secure if it has a
|
| + // scheme that bypasses the secure context check. But the exception doesn't
|
| + // apply to children of that document's frame.
|
| + SchemeRegistry::registerURLSchemeBypassingSecureContextCheck("very-special-scheme");
|
| + SchemeRegistry::registerURLSchemeAsSecure("very-special-scheme");
|
| + RefPtr<SecurityOrigin> specialOrigin = SecurityOrigin::createFromString("very-special-scheme://example.com");
|
| +
|
| + setSecurityOrigin(mainFrame, insecureOrigin);
|
| + setSecurityOrigin(childFrame, specialOrigin);
|
| + setSecurityOrigin(grandchildFrame, secureOrigin);
|
| + ASSERT_FALSE(mainFrame->canHaveSecureChild());
|
| + ASSERT_FALSE(childFrame->canHaveSecureChild());
|
| + ASSERT_FALSE(grandchildFrame->canHaveSecureChild());
|
| + Document* mainDocument = mainFrame->document();
|
| + Document* childDocument = childFrame->document();
|
| + Document* grandchildDocument = grandchildFrame->document();
|
| + ASSERT_FALSE(mainDocument->isSecureContext());
|
| + ASSERT_TRUE(childDocument->isSecureContext());
|
| + ASSERT_FALSE(grandchildDocument->isSecureContext());
|
| +}
|
| +
|
| } // namespace blink
|
|
|
Chromium Code Reviews
Issue 2071433003:
Reland: service worker: Don't control a subframe of an insecure context (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master