| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2011 Google Inc. All rights reserved. | 2 * Copyright (C) 2011 Google Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
| 6 * met: | 6 * met: |
| 7 * | 7 * |
| 8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
| (...skipping 371 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 382 request.setURL(url); | 382 request.setURL(url); |
| 383 | 383 |
| 384 m_expectedResponse = WebURLResponse(); | 384 m_expectedResponse = WebURLResponse(); |
| 385 m_expectedResponse.setMIMEType("text/html"); | 385 m_expectedResponse.setMIMEType("text/html"); |
| 386 m_expectedResponse.setHTTPStatusCode(200); | 386 m_expectedResponse.setHTTPStatusCode(200); |
| 387 m_expectedResponse.addHTTPHeaderField("access-control-allow-origin", "*"); | 387 m_expectedResponse.addHTTPHeaderField("access-control-allow-origin", "*"); |
| 388 Platform::current()->getURLLoaderMockFactory()->registerURL( | 388 Platform::current()->getURLLoaderMockFactory()->registerURL( |
| 389 url, m_expectedResponse, m_frameFilePath); | 389 url, m_expectedResponse, m_frameFilePath); |
| 390 | 390 |
| 391 WebURLLoaderOptions options; | 391 WebURLLoaderOptions options; |
| 392 // Send credentials. This will cause the CORS checks to fail, because credenti
als can't be | 392 // Send credentials. This will cause the CORS checks to fail, because |
| 393 // sent to a server which returns the header "access-control-allow-origin" wit
h "*" as its value. | 393 // credentials can't be sent to a server which returns the header |
| 394 // "access-control-allow-origin" with "*" as its value. |
| 394 options.allowCredentials = true; | 395 options.allowCredentials = true; |
| 395 options.crossOriginRequestPolicy = | 396 options.crossOriginRequestPolicy = |
| 396 WebURLLoaderOptions::CrossOriginRequestPolicyUseAccessControl; | 397 WebURLLoaderOptions::CrossOriginRequestPolicyUseAccessControl; |
| 397 m_expectedLoader = createAssociatedURLLoader(options); | 398 m_expectedLoader = createAssociatedURLLoader(options); |
| 398 EXPECT_TRUE(m_expectedLoader); | 399 EXPECT_TRUE(m_expectedLoader); |
| 399 m_expectedLoader->loadAsynchronously(request, this); | 400 m_expectedLoader->loadAsynchronously(request, this); |
| 400 | 401 |
| 401 // Failure should not be reported synchronously. | 402 // Failure should not be reported synchronously. |
| 402 EXPECT_FALSE(m_didFail); | 403 EXPECT_FALSE(m_didFail); |
| 403 // The loader needs to receive the response, before doing the CORS check. | 404 // The loader needs to receive the response, before doing the CORS check. |
| (...skipping 102 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 506 EXPECT_FALSE(m_willFollowRedirect); | 507 EXPECT_FALSE(m_willFollowRedirect); |
| 507 EXPECT_FALSE(m_didReceiveResponse); | 508 EXPECT_FALSE(m_didReceiveResponse); |
| 508 EXPECT_FALSE(m_didReceiveData); | 509 EXPECT_FALSE(m_didReceiveData); |
| 509 EXPECT_FALSE(m_didFinishLoading); | 510 EXPECT_FALSE(m_didFinishLoading); |
| 510 } | 511 } |
| 511 | 512 |
| 512 // Test that a cross origin redirect response without CORS headers fails. | 513 // Test that a cross origin redirect response without CORS headers fails. |
| 513 TEST_F(AssociatedURLLoaderTest, RedirectCrossOriginWithAccessControlFailure) { | 514 TEST_F(AssociatedURLLoaderTest, RedirectCrossOriginWithAccessControlFailure) { |
| 514 KURL url = toKURL( | 515 KURL url = toKURL( |
| 515 "http://www.test.com/RedirectCrossOriginWithAccessControlFailure.html"); | 516 "http://www.test.com/RedirectCrossOriginWithAccessControlFailure.html"); |
| 516 char | 517 char redirect[] = |
| 517 redirect[] = | 518 "http://www.other.com/" |
| 518 "http://www.other.com/" | 519 "RedirectCrossOriginWithAccessControlFailure.html"; // Cross-origin |
| 519 "RedirectCrossOriginWithAccessControlFailure.html"; // Cross-origin | |
| 520 KURL redirectURL = toKURL(redirect); | 520 KURL redirectURL = toKURL(redirect); |
| 521 | 521 |
| 522 WebURLRequest request; | 522 WebURLRequest request; |
| 523 request.setURL(url); | 523 request.setURL(url); |
| 524 | 524 |
| 525 m_expectedRedirectResponse = WebURLResponse(); | 525 m_expectedRedirectResponse = WebURLResponse(); |
| 526 m_expectedRedirectResponse.setMIMEType("text/html"); | 526 m_expectedRedirectResponse.setMIMEType("text/html"); |
| 527 m_expectedRedirectResponse.setHTTPStatusCode(301); | 527 m_expectedRedirectResponse.setHTTPStatusCode(301); |
| 528 m_expectedRedirectResponse.setHTTPHeaderField("Location", redirect); | 528 m_expectedRedirectResponse.setHTTPHeaderField("Location", redirect); |
| 529 Platform::current()->getURLLoaderMockFactory()->registerURL( | 529 Platform::current()->getURLLoaderMockFactory()->registerURL( |
| (...skipping 16 matching lines...) Expand all Loading... |
| 546 m_expectedLoader->loadAsynchronously(request, this); | 546 m_expectedLoader->loadAsynchronously(request, this); |
| 547 | 547 |
| 548 serveRequests(); | 548 serveRequests(); |
| 549 // We should get a notification about access control check failure. | 549 // We should get a notification about access control check failure. |
| 550 EXPECT_FALSE(m_willFollowRedirect); | 550 EXPECT_FALSE(m_willFollowRedirect); |
| 551 EXPECT_FALSE(m_didReceiveResponse); | 551 EXPECT_FALSE(m_didReceiveResponse); |
| 552 EXPECT_FALSE(m_didReceiveData); | 552 EXPECT_FALSE(m_didReceiveData); |
| 553 EXPECT_TRUE(m_didFail); | 553 EXPECT_TRUE(m_didFail); |
| 554 } | 554 } |
| 555 | 555 |
| 556 // Test that a cross origin redirect response with CORS headers that allow the r
equesting origin succeeds. | 556 // Test that a cross origin redirect response with CORS headers that allow the |
| 557 // requesting origin succeeds. |
| 557 TEST_F(AssociatedURLLoaderTest, RedirectCrossOriginWithAccessControlSuccess) { | 558 TEST_F(AssociatedURLLoaderTest, RedirectCrossOriginWithAccessControlSuccess) { |
| 558 KURL url = toKURL( | 559 KURL url = toKURL( |
| 559 "http://www.test.com/RedirectCrossOriginWithAccessControlSuccess.html"); | 560 "http://www.test.com/RedirectCrossOriginWithAccessControlSuccess.html"); |
| 560 char | 561 char redirect[] = |
| 561 redirect[] = | 562 "http://www.other.com/" |
| 562 "http://www.other.com/" | 563 "RedirectCrossOriginWithAccessControlSuccess.html"; // Cross-origin |
| 563 "RedirectCrossOriginWithAccessControlSuccess.html"; // Cross-origin | |
| 564 KURL redirectURL = toKURL(redirect); | 564 KURL redirectURL = toKURL(redirect); |
| 565 | 565 |
| 566 WebURLRequest request; | 566 WebURLRequest request; |
| 567 request.setURL(url); | 567 request.setURL(url); |
| 568 // Add a CORS simple header. | 568 // Add a CORS simple header. |
| 569 request.setHTTPHeaderField("accept", "application/json"); | 569 request.setHTTPHeaderField("accept", "application/json"); |
| 570 | 570 |
| 571 // Create a redirect response that allows the redirect to pass the access cont
rol checks. | 571 // Create a redirect response that allows the redirect to pass the access |
| 572 // control checks. |
| 572 m_expectedRedirectResponse = WebURLResponse(); | 573 m_expectedRedirectResponse = WebURLResponse(); |
| 573 m_expectedRedirectResponse.setMIMEType("text/html"); | 574 m_expectedRedirectResponse.setMIMEType("text/html"); |
| 574 m_expectedRedirectResponse.setHTTPStatusCode(301); | 575 m_expectedRedirectResponse.setHTTPStatusCode(301); |
| 575 m_expectedRedirectResponse.setHTTPHeaderField("Location", redirect); | 576 m_expectedRedirectResponse.setHTTPHeaderField("Location", redirect); |
| 576 m_expectedRedirectResponse.addHTTPHeaderField("access-control-allow-origin", | 577 m_expectedRedirectResponse.addHTTPHeaderField("access-control-allow-origin", |
| 577 "*"); | 578 "*"); |
| 578 Platform::current()->getURLLoaderMockFactory()->registerURL( | 579 Platform::current()->getURLLoaderMockFactory()->registerURL( |
| 579 url, m_expectedRedirectResponse, m_frameFilePath); | 580 url, m_expectedRedirectResponse, m_frameFilePath); |
| 580 | 581 |
| 581 m_expectedNewRequest = WebURLRequest(); | 582 m_expectedNewRequest = WebURLRequest(); |
| (...skipping 96 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 678 EXPECT_FALSE(CheckAccessControlHeaders("Set-Cookie", false)); | 679 EXPECT_FALSE(CheckAccessControlHeaders("Set-Cookie", false)); |
| 679 EXPECT_FALSE(CheckAccessControlHeaders("Set-Cookie2", false)); | 680 EXPECT_FALSE(CheckAccessControlHeaders("Set-Cookie2", false)); |
| 680 | 681 |
| 681 // Test that exposed headers that aren't whitelisted are returned. | 682 // Test that exposed headers that aren't whitelisted are returned. |
| 682 EXPECT_TRUE(CheckAccessControlHeaders("non-whitelisted", true)); | 683 EXPECT_TRUE(CheckAccessControlHeaders("non-whitelisted", true)); |
| 683 | 684 |
| 684 // Test that Set-Cookie headers aren't returned, even if exposed. | 685 // Test that Set-Cookie headers aren't returned, even if exposed. |
| 685 EXPECT_FALSE(CheckAccessControlHeaders("Set-Cookie", true)); | 686 EXPECT_FALSE(CheckAccessControlHeaders("Set-Cookie", true)); |
| 686 } | 687 } |
| 687 | 688 |
| 688 // Test that the loader can allow non-whitelisted response headers for trusted C
ORS loads. | 689 // Test that the loader can allow non-whitelisted response headers for trusted |
| 690 // CORS loads. |
| 689 TEST_F(AssociatedURLLoaderTest, CrossOriginHeaderAllowResponseHeaders) { | 691 TEST_F(AssociatedURLLoaderTest, CrossOriginHeaderAllowResponseHeaders) { |
| 690 WebURLRequest request; | 692 WebURLRequest request; |
| 691 KURL url = | 693 KURL url = |
| 692 toKURL("http://www.other.com/CrossOriginHeaderAllowResponseHeaders.html"); | 694 toKURL("http://www.other.com/CrossOriginHeaderAllowResponseHeaders.html"); |
| 693 request.setURL(url); | 695 request.setURL(url); |
| 694 | 696 |
| 695 WebString headerNameString(WebString::fromUTF8("non-whitelisted")); | 697 WebString headerNameString(WebString::fromUTF8("non-whitelisted")); |
| 696 m_expectedResponse = WebURLResponse(); | 698 m_expectedResponse = WebURLResponse(); |
| 697 m_expectedResponse.setMIMEType("text/html"); | 699 m_expectedResponse.setMIMEType("text/html"); |
| 698 m_expectedResponse.setHTTPStatusCode(200); | 700 m_expectedResponse.setHTTPStatusCode(200); |
| (...skipping 12 matching lines...) Expand all Loading... |
| 711 m_expectedLoader->loadAsynchronously(request, this); | 713 m_expectedLoader->loadAsynchronously(request, this); |
| 712 serveRequests(); | 714 serveRequests(); |
| 713 EXPECT_TRUE(m_didReceiveResponse); | 715 EXPECT_TRUE(m_didReceiveResponse); |
| 714 EXPECT_TRUE(m_didReceiveData); | 716 EXPECT_TRUE(m_didReceiveData); |
| 715 EXPECT_TRUE(m_didFinishLoading); | 717 EXPECT_TRUE(m_didFinishLoading); |
| 716 | 718 |
| 717 EXPECT_FALSE(m_actualResponse.httpHeaderField(headerNameString).isEmpty()); | 719 EXPECT_FALSE(m_actualResponse.httpHeaderField(headerNameString).isEmpty()); |
| 718 } | 720 } |
| 719 | 721 |
| 720 } // namespace blink | 722 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2389633002:
reflow comments in web/ (Closed)
