Avoid calling into the ContentBrowserClient interface from ResourceDispatcherHostImpl to determine …

content/browser/security_exploit_browsertest.cc

 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <stdint.h>
 
 #include "base/command_line.h"
 #include "base/containers/hash_tables.h"
 #include "base/macros.h"
 #include "base/strings/utf_string_conversions.h"
 #include "build/build_config.h"
+#include "content/browser/bad_message.h"
 #include "content/browser/dom_storage/dom_storage_context_wrapper.h"
 #include "content/browser/dom_storage/session_storage_namespace_impl.h"
 #include "content/browser/frame_host/navigator.h"
 #include "content/browser/frame_host/render_frame_host_impl.h"
 #include "content/browser/renderer_host/render_view_host_factory.h"
 #include "content/browser/renderer_host/render_view_host_impl.h"
 #include "content/browser/web_contents/web_contents_impl.h"
 #include "content/common/frame_messages.h"
 #include "content/common/resource_messages.h"
 #include "content/common/resource_request.h"
 #include "content/common/view_messages.h"
 #include "content/public/browser/browser_context.h"
 #include "content/public/browser/content_browser_client.h"
 #include "content/public/browser/interstitial_page.h"
 #include "content/public/browser/interstitial_page_delegate.h"
+#include "content/public/browser/resource_context.h"
 #include "content/public/browser/resource_dispatcher_host.h"
 #include "content/public/browser/storage_partition.h"
 #include "content/public/common/appcache_info.h"
 #include "content/public/common/browser_side_navigation_policy.h"
 #include "content/public/common/content_switches.h"
 #include "content/public/common/file_chooser_params.h"
 #include "content/public/test/browser_test_utils.h"
 #include "content/public/test/content_browser_test.h"
 #include "content/public/test/content_browser_test_utils.h"
 #include "content/public/test/test_utils.h"
@@ skipping 357 matching lines @@
 
   // Send a second message from the interstitial page, and make sure that the
   // "evil" message doesn't arrive in the intervening period.
   ASSERT_TRUE(ExecuteScript(interstitial_page->GetMainFrame(),
                             "window.domAutomationController.send(\"okay2\");"));
   ASSERT_TRUE(message_queue.WaitForMessage(&message));
   ASSERT_EQ("\"okay2\"", message);
   ASSERT_EQ("\"okay2\"", interstitial->last_command());
 }
 
-class IsolatedAppContentBrowserClient : public TestContentBrowserClient {
- public:
-  bool IsIllegalOrigin(content::ResourceContext* resource_context,
-                       int child_process_id,
-                       const GURL& origin) override {
-    // Simulate a case where an app origin is not in an app process.
-    return true;
-  }
-};
+// Intercepts the HTTP origin header and on being invoked once it is found
+// aborts the requeest.
+void OnHttpHeaderReceived(const std::string& header,
+                          const std::string& value,
+                          int child_process_id,
+                          content::ResourceContext* resource_context,
+                          OnHeaderProcessedCallback callback) {
+  callback.Run(false, content::bad_message::RDH_ILLEGAL_ORIGIN);
+}
 
 // Renderer processes should not be able to spoof Origin HTTP headers.
 IN_PROC_BROWSER_TEST_F(SecurityExploitBrowserTest, InvalidOriginHeaders) {
   // Create a set of IPC messages with various Origin headers.
   ResourceRequest chrome_origin_msg(
       CreateXHRRequestWithOrigin("chrome://settings"));
   ResourceRequest embedder_isolated_origin_msg(
       CreateXHRRequestWithOrigin("https://isolated.bar.com"));
   ResourceRequest invalid_origin_msg(CreateXHRRequestWithOrigin("invalidurl"));
   ResourceRequest invalid_scheme_origin_msg(
@@ skipping 15 matching lines @@
                                         chrome_origin_msg));
     web_process_killed.Wait();
   }
 
   // Web processes cannot make XHRs with URLs that the content embedder expects
   // to have process isolation.  Ideally this would test chrome-extension://
   // URLs for Chrome Apps, but those can't be tested inside content/ and the
   // ResourceRequest IPC can't be created in a test outside content/.
   NavigateToURL(shell(), web_url);
   {
-    // Set up a ContentBrowserClient that simulates an app URL in a non-app
-    // process.
-    IsolatedAppContentBrowserClient app_client;
-    ContentBrowserClient* old_client = SetBrowserClientForTesting(&app_client);
+    content::ResourceDispatcherHost::Get()->RegisterInterceptor(
+        "Origin", "", base::Bind(&OnHttpHeaderReceived));
+
     RenderProcessHostWatcher web_process_killed(
         web_rfh->GetProcess(),
         RenderProcessHostWatcher::WATCH_FOR_PROCESS_EXIT);
     IPC::IpcSecurityTestUtil::PwnMessageReceived(
         web_rfh->GetProcess()->GetChannel(),
         ResourceHostMsg_RequestResource(web_rfh->GetRoutingID(),
                                         kRequestIdNotPreviouslyUsed,
                                         embedder_isolated_origin_msg));
     web_process_killed.Wait();
-    SetBrowserClientForTesting(old_client);
   }
 
   // Web processes cannot make XHRs with invalid Origin headers.
   NavigateToURL(shell(), web_url);
   {
     RenderProcessHostWatcher web_process_killed(
         web_rfh->GetProcess(),
         RenderProcessHostWatcher::WATCH_FOR_PROCESS_EXIT);
     IPC::IpcSecurityTestUtil::PwnMessageReceived(
         web_rfh->GetProcess()->GetChannel(),
@@ skipping 78 matching lines @@
   // separate task of the message loop, so ensure that the process is still
   // considered alive.
   EXPECT_TRUE(root->current_frame_host()->GetProcess()->HasConnection());
 
   exit_observer.Wait();
   EXPECT_FALSE(exit_observer.did_exit_normally());
   ResourceDispatcherHost::Get()->SetDelegate(nullptr);
 }
 
 }  // namespace content