| Index: content/browser/site_per_process_browsertest.cc
|
| diff --git a/content/browser/site_per_process_browsertest.cc b/content/browser/site_per_process_browsertest.cc
|
| index 0f1c057eacff88c93113bd9f51295b7c4974f36c..92628471cf7048d46e46597fc0340557251288f1 100644
|
| --- a/content/browser/site_per_process_browsertest.cc
|
| +++ b/content/browser/site_per_process_browsertest.cc
|
| @@ -593,6 +593,23 @@ class SitePerProcessIgnoreCertErrorsBrowserTest
|
| }
|
| };
|
|
|
| +// SitePerProcessEmbedderCSPEnforcementBrowserTest
|
| +
|
| +class SitePerProcessEmbedderCSPEnforcementBrowserTest
|
| + : public SitePerProcessBrowserTest {
|
| + public:
|
| + SitePerProcessEmbedderCSPEnforcementBrowserTest() {}
|
| +
|
| + protected:
|
| + void SetUpCommandLine(base::CommandLine* command_line) override {
|
| + SitePerProcessBrowserTest::SetUpCommandLine(command_line);
|
| + // TODO(amalika): Remove this switch when the EmbedderCSPEnforcement becomes
|
| + // stable
|
| + command_line->AppendSwitchASCII(switches::kEnableBlinkFeatures,
|
| + "EmbedderCSPEnforcement");
|
| + }
|
| +};
|
| +
|
| double GetFrameDeviceScaleFactor(const ToRenderFrameHost& adapter) {
|
| double device_scale_factor;
|
| const char kGetFrameDeviceScaleFactor[] =
|
| @@ -3117,6 +3134,63 @@ IN_PROC_BROWSER_TEST_F(SitePerProcessBrowserTest,
|
| }
|
| }
|
|
|
| +// Verify that "csp" property on frame elements propagates to child frames
|
| +// correctly. See https://crbug.com/647588
|
| +IN_PROC_BROWSER_TEST_F(SitePerProcessEmbedderCSPEnforcementBrowserTest,
|
| + FrameOwnerPropertiesPropagationCSP) {
|
| + GURL main_url(embedded_test_server()->GetURL(
|
| + "a.com", "/frame_owner_properties_csp.html"));
|
| + EXPECT_TRUE(NavigateToURL(shell(), main_url));
|
| +
|
| + // It is safe to obtain the root frame tree node here, as it doesn't change.
|
| + FrameTreeNode* root = web_contents()->GetFrameTree()->root();
|
| + ASSERT_EQ(1u, root->child_count());
|
| +
|
| + EXPECT_EQ(
|
| + " Site A ------------ proxies for B\n"
|
| + " +--Site B ------- proxies for A\n"
|
| + "Where A = http://a.com/\n"
|
| + " B = http://b.com/",
|
| + DepictFrameTree(root));
|
| +
|
| + FrameTreeNode* child = root->child_at(0);
|
| +
|
| + std::string csp;
|
| + EXPECT_TRUE(ExecuteScriptAndExtractString(
|
| + root,
|
| + "window.domAutomationController.send("
|
| + "document.getElementById('child-1').getAttribute('csp'));",
|
| + &csp));
|
| + EXPECT_EQ("object-src \'none\'", csp);
|
| +
|
| + // Run the test over variety of parent/child cases.
|
| + GURL urls[] = {// Remote to remote.
|
| + embedded_test_server()->GetURL("c.com", "/title2.html"),
|
| + // Remote to local.
|
| + embedded_test_server()->GetURL("a.com", "/title1.html"),
|
| + // Local to remote.
|
| + embedded_test_server()->GetURL("b.com", "/title2.html")};
|
| +
|
| + std::vector<std::string> csp_values = {"default-src a.com",
|
| + "default-src b.com", "img-src c.com"};
|
| +
|
| + // Before each navigation, we change the csp property of the frame.
|
| + // We then check whether that property is applied
|
| + // correctly after the navigation has completed.
|
| + for (size_t i = 0; i < arraysize(urls); ++i) {
|
| + // Change csp before navigating.
|
| + EXPECT_TRUE(ExecuteScript(
|
| + root,
|
| + base::StringPrintf("document.getElementById('child-1').setAttribute("
|
| + " 'csp', '%s');",
|
| + csp_values[i].c_str())));
|
| +
|
| + NavigateFrameToURL(child, urls[i]);
|
| + EXPECT_EQ(csp_values[i], child->frame_owner_properties().required_csp);
|
| + // TODO(amalika): add checks that the CSP replication takes effect
|
| + }
|
| +}
|
| +
|
| // Verify origin replication with an A-embed-B-embed-C-embed-A hierarchy.
|
| IN_PROC_BROWSER_TEST_F(SitePerProcessBrowserTest, OriginReplication) {
|
| GURL main_url(embedded_test_server()->GetURL(
|
|
|
Chromium Code Reviews
Issue 2378643002:
Propagating csp attribute changes on frameOwnerPropertiesChanged() (Closed)
