Adding Embedding-CSP HTTP header

third_party/WebKit/Source/core/loader/FrameFetchContextTest.cpp

 /*
  * Copyright (c) 2015, Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
  *     * Redistributions in binary form must reproduce the above
@@ skipping 19 matching lines @@
 
 #include "core/loader/FrameFetchContext.h"
 
 #include "core/dom/Document.h"
 #include "core/fetch/FetchInitiatorInfo.h"
 #include "core/fetch/UniqueIdentifier.h"
 #include "core/frame/FrameHost.h"
 #include "core/frame/FrameOwner.h"
 #include "core/frame/FrameView.h"
 #include "core/frame/Settings.h"
+#include "core/html/HTMLIFrameElement.h"
 #include "core/loader/DocumentLoader.h"
 #include "core/loader/EmptyClients.h"
 #include "core/page/Page.h"
 #include "core/testing/DummyPageHolder.h"
 #include "platform/network/ResourceRequest.h"
 #include "platform/weborigin/KURL.h"
 #include "public/platform/WebAddressSpace.h"
 #include "public/platform/WebCachePolicy.h"
 #include "public/platform/WebInsecureRequestPolicy.h"
 #include "testing/gmock/include/gmock/gmock-generated-function-mockers.h"
@@ skipping 106 matching lines @@
     fetchContext =
         static_cast<FrameFetchContext*>(&documentLoader->fetcher()->context());
     owner = DummyFrameOwner::create();
     FrameFetchContext::provideDocumentToContext(*fetchContext, document.get());
   }
 
   KURL url;
   KURL mainResourceUrl;
 };
 
-class FrameFetchContextUpgradeTest : public FrameFetchContextTest {
+class FrameFetchContextModifyRequestTest : public FrameFetchContextTest {

[Mike West, 2016/10/06 13:30:21]

I would have expected you to need to set the runtime enabled flag for this
feature for these tests to pass... Do they pass? If so, what am I missing? :)

[amalika, 2016/10/06 18:54:57]

From my understanding this might be because site_per_proces_browsertests
explicitly overrides SetUpCommandLine in 
https://cs.chromium.org/chromium/src/content/browser/site_per_process_browser...
? 
But not too sure. I tried looking for confirmation but couldnt find it in 15
minutes or so I stopped... But I double checked with printf statement and the
flag is set to true in FrameFetchContext test. (Also in that file
setCorsRFC1918Enabled flag is explicitly set to false first so I am guessing all
RuntimeEnabledFeatures are set by default for tests?
https://cs.chromium.org/chromium/src/third_party/WebKit/Source/core/loader/Fr...)

  public:
-  FrameFetchContextUpgradeTest()
+  FrameFetchContextModifyRequestTest()
       : exampleOrigin(SecurityOrigin::create(
             KURL(ParsedURLString, "https://example.test/"))),
         secureOrigin(SecurityOrigin::create(
             KURL(ParsedURLString, "https://secureorigin.test/image.png"))) {}
 
  protected:
   void expectUpgrade(const char* input, const char* expected) {
     expectUpgrade(input, WebURLRequest::RequestContextScript,
                   WebURLRequest::FrameTypeNone, expected);
   }
 
   void expectUpgrade(const char* input,
                      WebURLRequest::RequestContext requestContext,
                      WebURLRequest::FrameType frameType,
                      const char* expected) {
     KURL inputURL(ParsedURLString, input);
     KURL expectedURL(ParsedURLString, expected);
 
     FetchRequest fetchRequest =
         FetchRequest(ResourceRequest(inputURL), FetchInitiatorInfo());
     fetchRequest.mutableResourceRequest().setRequestContext(requestContext);
     fetchRequest.mutableResourceRequest().setFrameType(frameType);
 
-    fetchContext->upgradeInsecureRequest(fetchRequest.mutableResourceRequest());
+    fetchContext->modifyRequestForCSP(fetchRequest.mutableResourceRequest());
 
     EXPECT_EQ(expectedURL.getString(),
               fetchRequest.resourceRequest().url().getString());
     EXPECT_EQ(expectedURL.protocol(),
               fetchRequest.resourceRequest().url().protocol());
     EXPECT_EQ(expectedURL.host(), fetchRequest.resourceRequest().url().host());
     EXPECT_EQ(expectedURL.port(), fetchRequest.resourceRequest().url().port());
     EXPECT_EQ(expectedURL.hasPort(),
               fetchRequest.resourceRequest().url().hasPort());
     EXPECT_EQ(expectedURL.path(), fetchRequest.resourceRequest().url().path());
   }
 
-  void expectHTTPSHeader(const char* input,
-                         WebURLRequest::FrameType frameType,
-                         bool shouldPrefer) {
+  void expectUpgradeInsecureRequestHeader(const char* input,
+                                          WebURLRequest::FrameType frameType,
+                                          bool shouldPrefer) {
     KURL inputURL(ParsedURLString, input);
 
     FetchRequest fetchRequest =
         FetchRequest(ResourceRequest(inputURL), FetchInitiatorInfo());
     fetchRequest.mutableResourceRequest().setRequestContext(
         WebURLRequest::RequestContextScript);
     fetchRequest.mutableResourceRequest().setFrameType(frameType);
 
-    fetchContext->upgradeInsecureRequest(fetchRequest.mutableResourceRequest());
+    fetchContext->modifyRequestForCSP(fetchRequest.mutableResourceRequest());
 
     EXPECT_EQ(shouldPrefer ? String("1") : String(),
               fetchRequest.resourceRequest().httpHeaderField(
                   HTTPNames::Upgrade_Insecure_Requests));
 
-    // Calling upgradeInsecureRequest more than once shouldn't affect the
+    // Calling modifyRequestForCSP more than once shouldn't affect the
     // header.
     if (shouldPrefer) {
-      fetchContext->upgradeInsecureRequest(
-          fetchRequest.mutableResourceRequest());
+      fetchContext->modifyRequestForCSP(fetchRequest.mutableResourceRequest());
       EXPECT_EQ("1", fetchRequest.resourceRequest().httpHeaderField(
                          HTTPNames::Upgrade_Insecure_Requests));
     }
   }
 
+  void expectSetEmbeddingCSPRequestHeader(
+      const char* input,
+      WebURLRequest::FrameType frameType,
+      const AtomicString& expectedEmbeddingCSP) {
+    KURL inputURL(ParsedURLString, input);
+
+    FetchRequest fetchRequest =
+        FetchRequest(ResourceRequest(inputURL), FetchInitiatorInfo());
+    fetchRequest.mutableResourceRequest().setRequestContext(
+        WebURLRequest::RequestContextScript);
+    fetchRequest.mutableResourceRequest().setFrameType(frameType);
+
+    fetchContext->modifyRequestForCSP(fetchRequest.mutableResourceRequest());
+
+    EXPECT_EQ(expectedEmbeddingCSP,
+              fetchRequest.resourceRequest().httpHeaderField(
+                  HTTPNames::Embedding_CSP));
+  }
+
+  const AtomicString& setFrameOwnerBasedOnFrameType(
+      WebURLRequest::FrameType frameType,
+      HTMLIFrameElement* iframe,
+      const AtomicString& potentialValue) {
+    if (frameType == WebURLRequest::FrameTypeNested) {

[Mike West, 2016/10/06 13:30:21]

Nit: We generally try to do the quick exit first. So, perhaps reverse this into:

```
if (frameType != WebURLRequest::FrameTypeNested) {
  document->frame()->setOwner(nullptr);
  return nullAtom;
}

iframe->setAttribute(...);
...
return ...;
```

+      iframe->setAttribute(HTMLNames::cspAttr, potentialValue);
+      document->frame()->setOwner(iframe);
+      return potentialValue;
+    }
+
+    document->frame()->setOwner(0);

[Mike West, 2016/10/06 13:30:21]

Nit: s/0/nullptr/

+    return nullAtom;
+  }
+
   RefPtr<SecurityOrigin> exampleOrigin;
   RefPtr<SecurityOrigin> secureOrigin;
 };
 
-TEST_F(FrameFetchContextUpgradeTest, UpgradeInsecureResourceRequests) {
+TEST_F(FrameFetchContextModifyRequestTest, UpgradeInsecureResourceRequests) {
   struct TestCase {
     const char* original;
     const char* upgraded;
   } tests[] = {
       {"http://example.test/image.png", "https://example.test/image.png"},
       {"http://example.test:80/image.png",
        "https://example.test:443/image.png"},
       {"http://example.test:1212/image.png",
        "https://example.test:1212/image.png"},
 
@@ skipping 37 matching lines @@
     // InsecureNavigationsSet:
     document->addInsecureNavigationUpgrade(
         exampleOrigin->host().impl()->hash());
     expectUpgrade(test.original, WebURLRequest::RequestContextScript,
                   WebURLRequest::FrameTypeTopLevel, test.upgraded);
     expectUpgrade(test.original, WebURLRequest::RequestContextScript,
                   WebURLRequest::FrameTypeAuxiliary, test.upgraded);
   }
 }
 
-TEST_F(FrameFetchContextUpgradeTest, DoNotUpgradeInsecureResourceRequests) {
+TEST_F(FrameFetchContextModifyRequestTest,
+       DoNotUpgradeInsecureResourceRequests) {
   FrameFetchContext::provideDocumentToContext(*fetchContext, document.get());
   document->setSecurityOrigin(secureOrigin);
   document->setInsecureRequestPolicy(kLeaveInsecureRequestsAlone);
 
   expectUpgrade("http://example.test/image.png",
                 "http://example.test/image.png");
   expectUpgrade("http://example.test:80/image.png",
                 "http://example.test:80/image.png");
   expectUpgrade("http://example.test:1212/image.png",
                 "http://example.test:1212/image.png");
 
   expectUpgrade("https://example.test/image.png",
                 "https://example.test/image.png");
   expectUpgrade("https://example.test:80/image.png",
                 "https://example.test:80/image.png");
   expectUpgrade("https://example.test:1212/image.png",
                 "https://example.test:1212/image.png");
 
   expectUpgrade("ftp://example.test/image.png", "ftp://example.test/image.png");
   expectUpgrade("ftp://example.test:21/image.png",
                 "ftp://example.test:21/image.png");
   expectUpgrade("ftp://example.test:1212/image.png",
                 "ftp://example.test:1212/image.png");
 }
 
-TEST_F(FrameFetchContextUpgradeTest, SendHTTPSHeader) {
+TEST_F(FrameFetchContextModifyRequestTest, SendUpgradeInsecureRequestHeader) {
   struct TestCase {
     const char* toRequest;
     WebURLRequest::FrameType frameType;
     bool shouldPrefer;
   } tests[] = {
       {"http://example.test/page.html", WebURLRequest::FrameTypeAuxiliary,
        true},
       {"http://example.test/page.html", WebURLRequest::FrameTypeNested, true},
       {"http://example.test/page.html", WebURLRequest::FrameTypeNone, false},
       {"http://example.test/page.html", WebURLRequest::FrameTypeTopLevel, true},
       {"https://example.test/page.html", WebURLRequest::FrameTypeAuxiliary,
        true},
       {"https://example.test/page.html", WebURLRequest::FrameTypeNested, true},
       {"https://example.test/page.html", WebURLRequest::FrameTypeNone, false},
       {"https://example.test/page.html", WebURLRequest::FrameTypeTopLevel,
        true}};
 
   // This should work correctly both when the FrameFetchContext has a Document,
   // and when it doesn't (e.g. during main frame navigations), so run through
   // the tests both before and after providing a document to the context.
   for (const auto& test : tests) {
     document->setInsecureRequestPolicy(kLeaveInsecureRequestsAlone);
-    expectHTTPSHeader(test.toRequest, test.frameType, test.shouldPrefer);
+    expectUpgradeInsecureRequestHeader(test.toRequest, test.frameType,
+                                       test.shouldPrefer);
 
     document->setInsecureRequestPolicy(kUpgradeInsecureRequests);
-    expectHTTPSHeader(test.toRequest, test.frameType, test.shouldPrefer);
+    expectUpgradeInsecureRequestHeader(test.toRequest, test.frameType,
+                                       test.shouldPrefer);
   }
 
   FrameFetchContext::provideDocumentToContext(*fetchContext, document.get());
 
   for (const auto& test : tests) {
     document->setInsecureRequestPolicy(kLeaveInsecureRequestsAlone);
-    expectHTTPSHeader(test.toRequest, test.frameType, test.shouldPrefer);
+    expectUpgradeInsecureRequestHeader(test.toRequest, test.frameType,
+                                       test.shouldPrefer);
 
     document->setInsecureRequestPolicy(kUpgradeInsecureRequests);
-    expectHTTPSHeader(test.toRequest, test.frameType, test.shouldPrefer);
+    expectUpgradeInsecureRequestHeader(test.toRequest, test.frameType,
+                                       test.shouldPrefer);
   }
 }
 
+TEST_F(FrameFetchContextModifyRequestTest, SendExpectedEmbeddingCSPHeader) {
+  struct TestCase {
+    const char* toRequest;
+    WebURLRequest::FrameType frameType;
+  } tests[] = {
+      {"https://example.test/page.html", WebURLRequest::FrameTypeAuxiliary},
+      {"https://example.test/page.html", WebURLRequest::FrameTypeNested},
+      {"https://example.test/page.html", WebURLRequest::FrameTypeNone},
+      {"https://example.test/page.html", WebURLRequest::FrameTypeTopLevel}};
+
+  HTMLIFrameElement* iframe = HTMLIFrameElement::create(*document);
+  const AtomicString& requiredCSP = AtomicString("default-src 'none'");
+  const AtomicString& anotherRequiredCSP = AtomicString("default-src 'self'");
+
+  // This should work correctly both when the FrameFetchContext has a Document,
+  // and when it doesn't (e.g. during main frame navigations), so run through
+  // the tests both before and after providing a document to the context.

[Mike West, 2016/10/06 13:30:21]

I don't think this comment is accurate for this header.
`Upgrade-Insecure-Requests: 1` is sent for all navigational requests, top-level
or nested. This new header is sent only for navigational requests in a nested
context. I agree that the behavior should be the same regardless of whether or
not a `Document` is present, but I'm not sure we can ever do a nested load
without one. :)

+  for (const auto& test : tests) {
+    AtomicString expectedRequiredCSP =
+        setFrameOwnerBasedOnFrameType(test.frameType, iframe, requiredCSP);
+    expectSetEmbeddingCSPRequestHeader(test.toRequest, test.frameType,

[Mike West, 2016/10/06 13:30:21]

Using the return value to set the expectation is somewhat more magical than I
think is comprehensible. :) Would you consider something like:

```
expectSetEmbeddingCSPRequestHeader(test.toRequest, test.frameType,
    test.frameType == WebURLRequest::FrameTypeNested ? requiredCSP : nullAtom);

```

?

+                                       expectedRequiredCSP);
+
+    expectedRequiredCSP = setFrameOwnerBasedOnFrameType(test.frameType, iframe,
+                                                        anotherRequiredCSP);
+    expectSetEmbeddingCSPRequestHeader(test.toRequest, test.frameType,
+                                       expectedRequiredCSP);
+  }
+
+  FrameFetchContext::provideDocumentToContext(*fetchContext, document.get());
+
+  for (const auto& test : tests) {
+    AtomicString expectedRequiredCSP =
+        setFrameOwnerBasedOnFrameType(test.frameType, iframe, requiredCSP);
+    expectSetEmbeddingCSPRequestHeader(test.toRequest, test.frameType,
+                                       expectedRequiredCSP);
+
+    expectedRequiredCSP = setFrameOwnerBasedOnFrameType(test.frameType, iframe,
+                                                        anotherRequiredCSP);
+    expectSetEmbeddingCSPRequestHeader(test.toRequest, test.frameType,
+                                       expectedRequiredCSP);
+  }
+}
+
 class FrameFetchContextHintsTest : public FrameFetchContextTest {
  public:
   FrameFetchContextHintsTest() {}
 
  protected:
   void expectHeader(const char* input,
                     const char* headerName,
                     bool isPresent,
                     const char* headerValue,
                     float width = 0) {
@@ skipping 368 matching lines @@
     fetchContext->addAdditionalRequestHeaders(mainRequest, FetchMainResource);
     EXPECT_EQ(test.isExternalExpectation, mainRequest.isExternalRequest());
 
     ResourceRequest subRequest(test.url);
     fetchContext->addAdditionalRequestHeaders(subRequest, FetchSubresource);
     EXPECT_EQ(test.isExternalExpectation, subRequest.isExternalRequest());
   }
 }
 
 }  // namespace blink