| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2011 Google Inc. All rights reserved. | 2 * Copyright (C) 2011 Google Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
| 6 * met: | 6 * met: |
| 7 * | 7 * |
| 8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
| (...skipping 10 matching lines...) Expand all Loading... |
| 21 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT | 21 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT |
| 22 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | 22 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
| 23 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT | 23 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
| 24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | 24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
| 25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
| 26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| 27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | 27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
| 28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 29 */ | 29 */ |
| 30 | 30 |
| 31 #include "public/web/WebAssociatedURLLoader.h" |
| 32 |
| 31 #include "platform/testing/URLTestHelpers.h" | 33 #include "platform/testing/URLTestHelpers.h" |
| 32 #include "platform/testing/UnitTestHelpers.h" | 34 #include "platform/testing/UnitTestHelpers.h" |
| 33 #include "public/platform/Platform.h" | 35 #include "public/platform/Platform.h" |
| 34 #include "public/platform/WebString.h" | 36 #include "public/platform/WebString.h" |
| 35 #include "public/platform/WebThread.h" | 37 #include "public/platform/WebThread.h" |
| 36 #include "public/platform/WebURL.h" | 38 #include "public/platform/WebURL.h" |
| 37 #include "public/platform/WebURLLoader.h" | |
| 38 #include "public/platform/WebURLLoaderClient.h" | |
| 39 #include "public/platform/WebURLLoaderMockFactory.h" | 39 #include "public/platform/WebURLLoaderMockFactory.h" |
| 40 #include "public/platform/WebURLRequest.h" | 40 #include "public/platform/WebURLRequest.h" |
| 41 #include "public/platform/WebURLResponse.h" | 41 #include "public/platform/WebURLResponse.h" |
| 42 #include "public/web/WebAssociatedURLLoaderClient.h" |
| 43 #include "public/web/WebAssociatedURLLoaderOptions.h" |
| 42 #include "public/web/WebCache.h" | 44 #include "public/web/WebCache.h" |
| 43 #include "public/web/WebFrame.h" | 45 #include "public/web/WebFrame.h" |
| 44 #include "public/web/WebURLLoaderOptions.h" | |
| 45 #include "public/web/WebView.h" | 46 #include "public/web/WebView.h" |
| 46 #include "testing/gtest/include/gtest/gtest.h" | 47 #include "testing/gtest/include/gtest/gtest.h" |
| 47 #include "web/tests/FrameTestHelpers.h" | 48 #include "web/tests/FrameTestHelpers.h" |
| 48 #include "wtf/PtrUtil.h" | 49 #include "wtf/PtrUtil.h" |
| 49 #include "wtf/text/CString.h" | 50 #include "wtf/text/CString.h" |
| 50 #include "wtf/text/WTFString.h" | 51 #include "wtf/text/WTFString.h" |
| 51 #include <memory> | 52 #include <memory> |
| 52 | 53 |
| 53 using blink::URLTestHelpers::toKURL; | 54 using blink::URLTestHelpers::toKURL; |
| 54 using blink::testing::runPendingTasks; | 55 using blink::testing::runPendingTasks; |
| 55 | 56 |
| 56 namespace blink { | 57 namespace blink { |
| 57 | 58 |
| 58 class AssociatedURLLoaderTest : public ::testing::Test, | 59 class WebAssociatedURLLoaderTest : public ::testing::Test, |
| 59 public WebURLLoaderClient { | 60 public WebAssociatedURLLoaderClient { |
| 60 public: | 61 public: |
| 61 AssociatedURLLoaderTest() | 62 WebAssociatedURLLoaderTest() |
| 62 : m_willFollowRedirect(false), | 63 : m_willFollowRedirect(false), |
| 63 m_didSendData(false), | 64 m_didSendData(false), |
| 64 m_didReceiveResponse(false), | 65 m_didReceiveResponse(false), |
| 65 m_didReceiveData(false), | 66 m_didReceiveData(false), |
| 66 m_didReceiveCachedMetadata(false), | 67 m_didReceiveCachedMetadata(false), |
| 67 m_didFinishLoading(false), | 68 m_didFinishLoading(false), |
| 68 m_didFail(false) { | 69 m_didFail(false) { |
| 69 // Reuse one of the test files from WebFrameTest. | 70 // Reuse one of the test files from WebFrameTest. |
| 70 m_baseFilePath = testing::blinkRootDir(); | 71 m_baseFilePath = testing::blinkRootDir(); |
| 71 m_baseFilePath.append("/Source/web/tests/data/"); | 72 m_baseFilePath.append("/Source/web/tests/data/"); |
| (...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 105 | 106 |
| 106 void TearDown() override { | 107 void TearDown() override { |
| 107 Platform::current()->getURLLoaderMockFactory()->unregisterAllURLs(); | 108 Platform::current()->getURLLoaderMockFactory()->unregisterAllURLs(); |
| 108 WebCache::clear(); | 109 WebCache::clear(); |
| 109 } | 110 } |
| 110 | 111 |
| 111 void serveRequests() { | 112 void serveRequests() { |
| 112 Platform::current()->getURLLoaderMockFactory()->serveAsynchronousRequests(); | 113 Platform::current()->getURLLoaderMockFactory()->serveAsynchronousRequests(); |
| 113 } | 114 } |
| 114 | 115 |
| 115 std::unique_ptr<WebURLLoader> createAssociatedURLLoader( | 116 std::unique_ptr<WebAssociatedURLLoader> createAssociatedURLLoader( |
| 116 const WebURLLoaderOptions options = WebURLLoaderOptions()) { | 117 const WebAssociatedURLLoaderOptions options = |
| 118 WebAssociatedURLLoaderOptions()) { |
| 117 return wrapUnique(mainFrame()->createAssociatedURLLoader(options)); | 119 return wrapUnique(mainFrame()->createAssociatedURLLoader(options)); |
| 118 } | 120 } |
| 119 | 121 |
| 120 // WebURLLoaderClient implementation. | 122 // WebAssociatedURLLoaderClient implementation. |
| 121 bool willFollowRedirect(WebURLLoader* loader, | 123 bool willFollowRedirect(const WebURLRequest& newRequest, |
| 122 WebURLRequest& newRequest, | |
| 123 const WebURLResponse& redirectResponse) override { | 124 const WebURLResponse& redirectResponse) override { |
| 124 m_willFollowRedirect = true; | 125 m_willFollowRedirect = true; |
| 125 EXPECT_EQ(m_expectedLoader.get(), loader); | |
| 126 EXPECT_EQ(m_expectedNewRequest.url(), newRequest.url()); | 126 EXPECT_EQ(m_expectedNewRequest.url(), newRequest.url()); |
| 127 // Check that CORS simple headers are transferred to the new request. | 127 // Check that CORS simple headers are transferred to the new request. |
| 128 EXPECT_EQ(m_expectedNewRequest.httpHeaderField("accept"), | 128 EXPECT_EQ(m_expectedNewRequest.httpHeaderField("accept"), |
| 129 newRequest.httpHeaderField("accept")); | 129 newRequest.httpHeaderField("accept")); |
| 130 EXPECT_EQ(m_expectedRedirectResponse.url(), redirectResponse.url()); | 130 EXPECT_EQ(m_expectedRedirectResponse.url(), redirectResponse.url()); |
| 131 EXPECT_EQ(m_expectedRedirectResponse.httpStatusCode(), | 131 EXPECT_EQ(m_expectedRedirectResponse.httpStatusCode(), |
| 132 redirectResponse.httpStatusCode()); | 132 redirectResponse.httpStatusCode()); |
| 133 EXPECT_EQ(m_expectedRedirectResponse.mimeType(), | 133 EXPECT_EQ(m_expectedRedirectResponse.mimeType(), |
| 134 redirectResponse.mimeType()); | 134 redirectResponse.mimeType()); |
| 135 return true; | 135 return true; |
| 136 } | 136 } |
| 137 | 137 |
| 138 void didSendData(WebURLLoader* loader, | 138 void didSendData(unsigned long long bytesSent, |
| 139 unsigned long long bytesSent, | |
| 140 unsigned long long totalBytesToBeSent) override { | 139 unsigned long long totalBytesToBeSent) override { |
| 141 m_didSendData = true; | 140 m_didSendData = true; |
| 142 EXPECT_EQ(m_expectedLoader.get(), loader); | |
| 143 } | 141 } |
| 144 | 142 |
| 145 void didReceiveResponse(WebURLLoader* loader, | 143 void didReceiveResponse(const WebURLResponse& response) override { |
| 146 const WebURLResponse& response) override { | |
| 147 m_didReceiveResponse = true; | 144 m_didReceiveResponse = true; |
| 148 m_actualResponse = WebURLResponse(response); | 145 m_actualResponse = WebURLResponse(response); |
| 149 EXPECT_EQ(m_expectedLoader.get(), loader); | |
| 150 EXPECT_EQ(m_expectedResponse.url(), response.url()); | 146 EXPECT_EQ(m_expectedResponse.url(), response.url()); |
| 151 EXPECT_EQ(m_expectedResponse.httpStatusCode(), response.httpStatusCode()); | 147 EXPECT_EQ(m_expectedResponse.httpStatusCode(), response.httpStatusCode()); |
| 152 } | 148 } |
| 153 | 149 |
| 154 void didDownloadData(WebURLLoader* loader, | 150 void didDownloadData(int dataLength) override { m_didDownloadData = true; } |
| 155 int dataLength, | |
| 156 int encodedDataLength) override { | |
| 157 m_didDownloadData = true; | |
| 158 EXPECT_EQ(m_expectedLoader.get(), loader); | |
| 159 } | |
| 160 | 151 |
| 161 void didReceiveData(WebURLLoader* loader, | 152 void didReceiveData(const char* data, int dataLength) override { |
| 162 const char* data, | |
| 163 int dataLength, | |
| 164 int encodedDataLength, | |
| 165 int encodedBodyLength) override { | |
| 166 m_didReceiveData = true; | 153 m_didReceiveData = true; |
| 167 EXPECT_EQ(m_expectedLoader.get(), loader); | |
| 168 EXPECT_TRUE(data); | 154 EXPECT_TRUE(data); |
| 169 EXPECT_GT(dataLength, 0); | 155 EXPECT_GT(dataLength, 0); |
| 170 } | 156 } |
| 171 | 157 |
| 172 void didReceiveCachedMetadata(WebURLLoader* loader, | 158 void didReceiveCachedMetadata(const char* data, int dataLength) override { |
| 173 const char* data, | |
| 174 int dataLength) override { | |
| 175 m_didReceiveCachedMetadata = true; | 159 m_didReceiveCachedMetadata = true; |
| 176 EXPECT_EQ(m_expectedLoader.get(), loader); | |
| 177 } | 160 } |
| 178 | 161 |
| 179 void didFinishLoading(WebURLLoader* loader, | 162 void didFinishLoading(double finishTime) override { |
| 180 double finishTime, | |
| 181 int64_t encodedDataLength) override { | |
| 182 m_didFinishLoading = true; | 163 m_didFinishLoading = true; |
| 183 EXPECT_EQ(m_expectedLoader.get(), loader); | |
| 184 } | 164 } |
| 185 | 165 |
| 186 void didFail(WebURLLoader* loader, const WebURLError& error) override { | 166 void didFail(const WebURLError& error) override { m_didFail = true; } |
| 187 m_didFail = true; | |
| 188 EXPECT_EQ(m_expectedLoader.get(), loader); | |
| 189 } | |
| 190 | 167 |
| 191 void CheckMethodFails(const char* unsafeMethod) { | 168 void CheckMethodFails(const char* unsafeMethod) { |
| 192 WebURLRequest request; | 169 WebURLRequest request; |
| 193 request.setURL(toKURL("http://www.test.com/success.html")); | 170 request.setURL(toKURL("http://www.test.com/success.html")); |
| 194 request.setHTTPMethod(WebString::fromUTF8(unsafeMethod)); | 171 request.setHTTPMethod(WebString::fromUTF8(unsafeMethod)); |
| 195 WebURLLoaderOptions options; | 172 WebAssociatedURLLoaderOptions options; |
| 196 options.untrustedHTTP = true; | 173 options.untrustedHTTP = true; |
| 197 CheckFails(request, options); | 174 CheckFails(request, options); |
| 198 } | 175 } |
| 199 | 176 |
| 200 void CheckHeaderFails(const char* headerField) { | 177 void CheckHeaderFails(const char* headerField) { |
| 201 CheckHeaderFails(headerField, "foo"); | 178 CheckHeaderFails(headerField, "foo"); |
| 202 } | 179 } |
| 203 | 180 |
| 204 void CheckHeaderFails(const char* headerField, const char* headerValue) { | 181 void CheckHeaderFails(const char* headerField, const char* headerValue) { |
| 205 WebURLRequest request; | 182 WebURLRequest request; |
| 206 request.setURL(toKURL("http://www.test.com/success.html")); | 183 request.setURL(toKURL("http://www.test.com/success.html")); |
| 207 if (equalIgnoringASCIICase(WebString::fromUTF8(headerField), "referer")) | 184 if (equalIgnoringASCIICase(WebString::fromUTF8(headerField), "referer")) { |
| 208 request.setHTTPReferrer(WebString::fromUTF8(headerValue), | 185 request.setHTTPReferrer(WebString::fromUTF8(headerValue), |
| 209 WebReferrerPolicyDefault); | 186 WebReferrerPolicyDefault); |
| 210 else | 187 } else { |
| 211 request.setHTTPHeaderField(WebString::fromUTF8(headerField), | 188 request.setHTTPHeaderField(WebString::fromUTF8(headerField), |
| 212 WebString::fromUTF8(headerValue)); | 189 WebString::fromUTF8(headerValue)); |
| 213 WebURLLoaderOptions options; | 190 } |
| 191 WebAssociatedURLLoaderOptions options; |
| 214 options.untrustedHTTP = true; | 192 options.untrustedHTTP = true; |
| 215 CheckFails(request, options); | 193 CheckFails(request, options); |
| 216 } | 194 } |
| 217 | 195 |
| 218 void CheckFails(const WebURLRequest& request, | 196 void CheckFails( |
| 219 WebURLLoaderOptions options = WebURLLoaderOptions()) { | 197 const WebURLRequest& request, |
| 198 WebAssociatedURLLoaderOptions options = WebAssociatedURLLoaderOptions()) { |
| 220 m_expectedLoader = createAssociatedURLLoader(options); | 199 m_expectedLoader = createAssociatedURLLoader(options); |
| 221 EXPECT_TRUE(m_expectedLoader); | 200 EXPECT_TRUE(m_expectedLoader); |
| 222 m_didFail = false; | 201 m_didFail = false; |
| 223 m_expectedLoader->loadAsynchronously(request, this); | 202 m_expectedLoader->loadAsynchronously(request, this); |
| 224 // Failure should not be reported synchronously. | 203 // Failure should not be reported synchronously. |
| 225 EXPECT_FALSE(m_didFail); | 204 EXPECT_FALSE(m_didFail); |
| 226 // Allow the loader to return the error. | 205 // Allow the loader to return the error. |
| 227 runPendingTasks(); | 206 runPendingTasks(); |
| 228 EXPECT_TRUE(m_didFail); | 207 EXPECT_TRUE(m_didFail); |
| 229 EXPECT_FALSE(m_didReceiveResponse); | 208 EXPECT_FALSE(m_didReceiveResponse); |
| 230 } | 209 } |
| 231 | 210 |
| 232 bool CheckAccessControlHeaders(const char* headerName, bool exposed) { | 211 bool CheckAccessControlHeaders(const char* headerName, bool exposed) { |
| 233 std::string id("http://www.other.com/CheckAccessControlExposeHeaders_"); | 212 std::string id("http://www.other.com/CheckAccessControlExposeHeaders_"); |
| 234 id.append(headerName); | 213 id.append(headerName); |
| 235 if (exposed) | 214 if (exposed) |
| 236 id.append("-Exposed"); | 215 id.append("-Exposed"); |
| 237 id.append(".html"); | 216 id.append(".html"); |
| 238 | 217 |
| 239 KURL url = toKURL(id); | 218 KURL url = toKURL(id); |
| 240 WebURLRequest request; | 219 WebURLRequest request; |
| 241 request.setURL(url); | 220 request.setURL(url); |
| 242 | 221 |
| 243 WebString headerNameString(WebString::fromUTF8(headerName)); | 222 WebString headerNameString(WebString::fromUTF8(headerName)); |
| 244 m_expectedResponse = WebURLResponse(); | 223 m_expectedResponse = WebURLResponse(); |
| 245 m_expectedResponse.setMIMEType("text/html"); | 224 m_expectedResponse.setMIMEType("text/html"); |
| 246 m_expectedResponse.setHTTPStatusCode(200); | 225 m_expectedResponse.setHTTPStatusCode(200); |
| 247 m_expectedResponse.addHTTPHeaderField("Access-Control-Allow-Origin", "*"); | 226 m_expectedResponse.addHTTPHeaderField("Access-Control-Allow-Origin", "*"); |
| 248 if (exposed) | 227 if (exposed) { |
| 249 m_expectedResponse.addHTTPHeaderField("access-control-expose-headers", | 228 m_expectedResponse.addHTTPHeaderField("access-control-expose-headers", |
| 250 headerNameString); | 229 headerNameString); |
| 230 } |
| 251 m_expectedResponse.addHTTPHeaderField(headerNameString, "foo"); | 231 m_expectedResponse.addHTTPHeaderField(headerNameString, "foo"); |
| 252 Platform::current()->getURLLoaderMockFactory()->registerURL( | 232 Platform::current()->getURLLoaderMockFactory()->registerURL( |
| 253 url, m_expectedResponse, m_frameFilePath); | 233 url, m_expectedResponse, m_frameFilePath); |
| 254 | 234 |
| 255 WebURLLoaderOptions options; | 235 WebAssociatedURLLoaderOptions options; |
| 256 options.crossOriginRequestPolicy = | 236 options.crossOriginRequestPolicy = |
| 257 WebURLLoaderOptions::CrossOriginRequestPolicyUseAccessControl; | 237 WebAssociatedURLLoaderOptions::CrossOriginRequestPolicyUseAccessControl; |
| 258 m_expectedLoader = createAssociatedURLLoader(options); | 238 m_expectedLoader = createAssociatedURLLoader(options); |
| 259 EXPECT_TRUE(m_expectedLoader); | 239 EXPECT_TRUE(m_expectedLoader); |
| 260 m_expectedLoader->loadAsynchronously(request, this); | 240 m_expectedLoader->loadAsynchronously(request, this); |
| 261 serveRequests(); | 241 serveRequests(); |
| 262 EXPECT_TRUE(m_didReceiveResponse); | 242 EXPECT_TRUE(m_didReceiveResponse); |
| 263 EXPECT_TRUE(m_didReceiveData); | 243 EXPECT_TRUE(m_didReceiveData); |
| 264 EXPECT_TRUE(m_didFinishLoading); | 244 EXPECT_TRUE(m_didFinishLoading); |
| 265 | 245 |
| 266 return !m_actualResponse.httpHeaderField(headerNameString).isEmpty(); | 246 return !m_actualResponse.httpHeaderField(headerNameString).isEmpty(); |
| 267 } | 247 } |
| 268 | 248 |
| 269 WebFrame* mainFrame() const { return m_helper.webView()->mainFrame(); } | 249 WebFrame* mainFrame() const { return m_helper.webView()->mainFrame(); } |
| 270 | 250 |
| 271 protected: | 251 protected: |
| 272 String m_baseFilePath; | 252 String m_baseFilePath; |
| 273 String m_frameFilePath; | 253 String m_frameFilePath; |
| 274 FrameTestHelpers::WebViewHelper m_helper; | 254 FrameTestHelpers::WebViewHelper m_helper; |
| 275 | 255 |
| 276 std::unique_ptr<WebURLLoader> m_expectedLoader; | 256 std::unique_ptr<WebAssociatedURLLoader> m_expectedLoader; |
| 277 WebURLResponse m_actualResponse; | 257 WebURLResponse m_actualResponse; |
| 278 WebURLResponse m_expectedResponse; | 258 WebURLResponse m_expectedResponse; |
| 279 WebURLRequest m_expectedNewRequest; | 259 WebURLRequest m_expectedNewRequest; |
| 280 WebURLResponse m_expectedRedirectResponse; | 260 WebURLResponse m_expectedRedirectResponse; |
| 281 bool m_willFollowRedirect; | 261 bool m_willFollowRedirect; |
| 282 bool m_didSendData; | 262 bool m_didSendData; |
| 283 bool m_didReceiveResponse; | 263 bool m_didReceiveResponse; |
| 284 bool m_didDownloadData; | 264 bool m_didDownloadData; |
| 285 bool m_didReceiveData; | 265 bool m_didReceiveData; |
| 286 bool m_didReceiveCachedMetadata; | 266 bool m_didReceiveCachedMetadata; |
| 287 bool m_didFinishLoading; | 267 bool m_didFinishLoading; |
| 288 bool m_didFail; | 268 bool m_didFail; |
| 289 }; | 269 }; |
| 290 | 270 |
| 291 // Test a successful same-origin URL load. | 271 // Test a successful same-origin URL load. |
| 292 TEST_F(AssociatedURLLoaderTest, SameOriginSuccess) { | 272 TEST_F(WebAssociatedURLLoaderTest, SameOriginSuccess) { |
| 293 KURL url = toKURL("http://www.test.com/SameOriginSuccess.html"); | 273 KURL url = toKURL("http://www.test.com/SameOriginSuccess.html"); |
| 294 WebURLRequest request; | 274 WebURLRequest request; |
| 295 request.setURL(url); | 275 request.setURL(url); |
| 296 | 276 |
| 297 m_expectedResponse = WebURLResponse(); | 277 m_expectedResponse = WebURLResponse(); |
| 298 m_expectedResponse.setMIMEType("text/html"); | 278 m_expectedResponse.setMIMEType("text/html"); |
| 299 m_expectedResponse.setHTTPStatusCode(200); | 279 m_expectedResponse.setHTTPStatusCode(200); |
| 300 Platform::current()->getURLLoaderMockFactory()->registerURL( | 280 Platform::current()->getURLLoaderMockFactory()->registerURL( |
| 301 url, m_expectedResponse, m_frameFilePath); | 281 url, m_expectedResponse, m_frameFilePath); |
| 302 | 282 |
| 303 m_expectedLoader = createAssociatedURLLoader(); | 283 m_expectedLoader = createAssociatedURLLoader(); |
| 304 EXPECT_TRUE(m_expectedLoader); | 284 EXPECT_TRUE(m_expectedLoader); |
| 305 m_expectedLoader->loadAsynchronously(request, this); | 285 m_expectedLoader->loadAsynchronously(request, this); |
| 306 serveRequests(); | 286 serveRequests(); |
| 307 EXPECT_TRUE(m_didReceiveResponse); | 287 EXPECT_TRUE(m_didReceiveResponse); |
| 308 EXPECT_TRUE(m_didReceiveData); | 288 EXPECT_TRUE(m_didReceiveData); |
| 309 EXPECT_TRUE(m_didFinishLoading); | 289 EXPECT_TRUE(m_didFinishLoading); |
| 310 } | 290 } |
| 311 | 291 |
| 312 // Test that the same-origin restriction is the default. | 292 // Test that the same-origin restriction is the default. |
| 313 TEST_F(AssociatedURLLoaderTest, SameOriginRestriction) { | 293 TEST_F(WebAssociatedURLLoaderTest, SameOriginRestriction) { |
| 314 // This is cross-origin since the frame was loaded from www.test.com. | 294 // This is cross-origin since the frame was loaded from www.test.com. |
| 315 KURL url = toKURL("http://www.other.com/SameOriginRestriction.html"); | 295 KURL url = toKURL("http://www.other.com/SameOriginRestriction.html"); |
| 316 WebURLRequest request; | 296 WebURLRequest request; |
| 317 request.setURL(url); | 297 request.setURL(url); |
| 318 CheckFails(request); | 298 CheckFails(request); |
| 319 } | 299 } |
| 320 | 300 |
| 321 // Test a successful cross-origin load. | 301 // Test a successful cross-origin load. |
| 322 TEST_F(AssociatedURLLoaderTest, CrossOriginSuccess) { | 302 TEST_F(WebAssociatedURLLoaderTest, CrossOriginSuccess) { |
| 323 // This is cross-origin since the frame was loaded from www.test.com. | 303 // This is cross-origin since the frame was loaded from www.test.com. |
| 324 KURL url = toKURL("http://www.other.com/CrossOriginSuccess"); | 304 KURL url = toKURL("http://www.other.com/CrossOriginSuccess"); |
| 325 WebURLRequest request; | 305 WebURLRequest request; |
| 326 request.setURL(url); | 306 request.setURL(url); |
| 327 // No-CORS requests (CrossOriginRequestPolicyAllow) aren't allowed for the | 307 // No-CORS requests (CrossOriginRequestPolicyAllow) aren't allowed for the |
| 328 // default context. So we set the context as Script here. | 308 // default context. So we set the context as Script here. |
| 329 request.setRequestContext(WebURLRequest::RequestContextScript); | 309 request.setRequestContext(WebURLRequest::RequestContextScript); |
| 330 | 310 |
| 331 m_expectedResponse = WebURLResponse(); | 311 m_expectedResponse = WebURLResponse(); |
| 332 m_expectedResponse.setMIMEType("text/html"); | 312 m_expectedResponse.setMIMEType("text/html"); |
| 333 m_expectedResponse.setHTTPStatusCode(200); | 313 m_expectedResponse.setHTTPStatusCode(200); |
| 334 Platform::current()->getURLLoaderMockFactory()->registerURL( | 314 Platform::current()->getURLLoaderMockFactory()->registerURL( |
| 335 url, m_expectedResponse, m_frameFilePath); | 315 url, m_expectedResponse, m_frameFilePath); |
| 336 | 316 |
| 337 WebURLLoaderOptions options; | 317 WebAssociatedURLLoaderOptions options; |
| 338 options.crossOriginRequestPolicy = | 318 options.crossOriginRequestPolicy = |
| 339 WebURLLoaderOptions::CrossOriginRequestPolicyAllow; | 319 WebAssociatedURLLoaderOptions::CrossOriginRequestPolicyAllow; |
| 340 m_expectedLoader = createAssociatedURLLoader(options); | 320 m_expectedLoader = createAssociatedURLLoader(options); |
| 341 EXPECT_TRUE(m_expectedLoader); | 321 EXPECT_TRUE(m_expectedLoader); |
| 342 m_expectedLoader->loadAsynchronously(request, this); | 322 m_expectedLoader->loadAsynchronously(request, this); |
| 343 serveRequests(); | 323 serveRequests(); |
| 344 EXPECT_TRUE(m_didReceiveResponse); | 324 EXPECT_TRUE(m_didReceiveResponse); |
| 345 EXPECT_TRUE(m_didReceiveData); | 325 EXPECT_TRUE(m_didReceiveData); |
| 346 EXPECT_TRUE(m_didFinishLoading); | 326 EXPECT_TRUE(m_didFinishLoading); |
| 347 } | 327 } |
| 348 | 328 |
| 349 // Test a successful cross-origin load using CORS. | 329 // Test a successful cross-origin load using CORS. |
| 350 TEST_F(AssociatedURLLoaderTest, CrossOriginWithAccessControlSuccess) { | 330 TEST_F(WebAssociatedURLLoaderTest, CrossOriginWithAccessControlSuccess) { |
| 351 // This is cross-origin since the frame was loaded from www.test.com. | 331 // This is cross-origin since the frame was loaded from www.test.com. |
| 352 KURL url = | 332 KURL url = |
| 353 toKURL("http://www.other.com/CrossOriginWithAccessControlSuccess.html"); | 333 toKURL("http://www.other.com/CrossOriginWithAccessControlSuccess.html"); |
| 354 WebURLRequest request; | 334 WebURLRequest request; |
| 355 request.setURL(url); | 335 request.setURL(url); |
| 356 | 336 |
| 357 m_expectedResponse = WebURLResponse(); | 337 m_expectedResponse = WebURLResponse(); |
| 358 m_expectedResponse.setMIMEType("text/html"); | 338 m_expectedResponse.setMIMEType("text/html"); |
| 359 m_expectedResponse.setHTTPStatusCode(200); | 339 m_expectedResponse.setHTTPStatusCode(200); |
| 360 m_expectedResponse.addHTTPHeaderField("access-control-allow-origin", "*"); | 340 m_expectedResponse.addHTTPHeaderField("access-control-allow-origin", "*"); |
| 361 Platform::current()->getURLLoaderMockFactory()->registerURL( | 341 Platform::current()->getURLLoaderMockFactory()->registerURL( |
| 362 url, m_expectedResponse, m_frameFilePath); | 342 url, m_expectedResponse, m_frameFilePath); |
| 363 | 343 |
| 364 WebURLLoaderOptions options; | 344 WebAssociatedURLLoaderOptions options; |
| 365 options.crossOriginRequestPolicy = | 345 options.crossOriginRequestPolicy = |
| 366 WebURLLoaderOptions::CrossOriginRequestPolicyUseAccessControl; | 346 WebAssociatedURLLoaderOptions::CrossOriginRequestPolicyUseAccessControl; |
| 367 m_expectedLoader = createAssociatedURLLoader(options); | 347 m_expectedLoader = createAssociatedURLLoader(options); |
| 368 EXPECT_TRUE(m_expectedLoader); | 348 EXPECT_TRUE(m_expectedLoader); |
| 369 m_expectedLoader->loadAsynchronously(request, this); | 349 m_expectedLoader->loadAsynchronously(request, this); |
| 370 serveRequests(); | 350 serveRequests(); |
| 371 EXPECT_TRUE(m_didReceiveResponse); | 351 EXPECT_TRUE(m_didReceiveResponse); |
| 372 EXPECT_TRUE(m_didReceiveData); | 352 EXPECT_TRUE(m_didReceiveData); |
| 373 EXPECT_TRUE(m_didFinishLoading); | 353 EXPECT_TRUE(m_didFinishLoading); |
| 374 } | 354 } |
| 375 | 355 |
| 376 // Test an unsuccessful cross-origin load using CORS. | 356 // Test an unsuccessful cross-origin load using CORS. |
| 377 TEST_F(AssociatedURLLoaderTest, CrossOriginWithAccessControlFailure) { | 357 TEST_F(WebAssociatedURLLoaderTest, CrossOriginWithAccessControlFailure) { |
| 378 // This is cross-origin since the frame was loaded from www.test.com. | 358 // This is cross-origin since the frame was loaded from www.test.com. |
| 379 KURL url = | 359 KURL url = |
| 380 toKURL("http://www.other.com/CrossOriginWithAccessControlFailure.html"); | 360 toKURL("http://www.other.com/CrossOriginWithAccessControlFailure.html"); |
| 381 WebURLRequest request; | 361 WebURLRequest request; |
| 382 request.setURL(url); | 362 request.setURL(url); |
| 383 | 363 |
| 384 m_expectedResponse = WebURLResponse(); | 364 m_expectedResponse = WebURLResponse(); |
| 385 m_expectedResponse.setMIMEType("text/html"); | 365 m_expectedResponse.setMIMEType("text/html"); |
| 386 m_expectedResponse.setHTTPStatusCode(200); | 366 m_expectedResponse.setHTTPStatusCode(200); |
| 387 m_expectedResponse.addHTTPHeaderField("access-control-allow-origin", "*"); | 367 m_expectedResponse.addHTTPHeaderField("access-control-allow-origin", "*"); |
| 388 Platform::current()->getURLLoaderMockFactory()->registerURL( | 368 Platform::current()->getURLLoaderMockFactory()->registerURL( |
| 389 url, m_expectedResponse, m_frameFilePath); | 369 url, m_expectedResponse, m_frameFilePath); |
| 390 | 370 |
| 391 WebURLLoaderOptions options; | 371 WebAssociatedURLLoaderOptions options; |
| 392 // Send credentials. This will cause the CORS checks to fail, because | 372 // Send credentials. This will cause the CORS checks to fail, because |
| 393 // credentials can't be sent to a server which returns the header | 373 // credentials can't be sent to a server which returns the header |
| 394 // "access-control-allow-origin" with "*" as its value. | 374 // "access-control-allow-origin" with "*" as its value. |
| 395 options.allowCredentials = true; | 375 options.allowCredentials = true; |
| 396 options.crossOriginRequestPolicy = | 376 options.crossOriginRequestPolicy = |
| 397 WebURLLoaderOptions::CrossOriginRequestPolicyUseAccessControl; | 377 WebAssociatedURLLoaderOptions::CrossOriginRequestPolicyUseAccessControl; |
| 398 m_expectedLoader = createAssociatedURLLoader(options); | 378 m_expectedLoader = createAssociatedURLLoader(options); |
| 399 EXPECT_TRUE(m_expectedLoader); | 379 EXPECT_TRUE(m_expectedLoader); |
| 400 m_expectedLoader->loadAsynchronously(request, this); | 380 m_expectedLoader->loadAsynchronously(request, this); |
| 401 | 381 |
| 402 // Failure should not be reported synchronously. | 382 // Failure should not be reported synchronously. |
| 403 EXPECT_FALSE(m_didFail); | 383 EXPECT_FALSE(m_didFail); |
| 404 // The loader needs to receive the response, before doing the CORS check. | 384 // The loader needs to receive the response, before doing the CORS check. |
| 405 serveRequests(); | 385 serveRequests(); |
| 406 EXPECT_TRUE(m_didFail); | 386 EXPECT_TRUE(m_didFail); |
| 407 EXPECT_FALSE(m_didReceiveResponse); | 387 EXPECT_FALSE(m_didReceiveResponse); |
| 408 } | 388 } |
| 409 | 389 |
| 410 // Test an unsuccessful cross-origin load using CORS. | 390 // Test an unsuccessful cross-origin load using CORS. |
| 411 TEST_F(AssociatedURLLoaderTest, | 391 TEST_F(WebAssociatedURLLoaderTest, |
| 412 CrossOriginWithAccessControlFailureBadStatusCode) { | 392 CrossOriginWithAccessControlFailureBadStatusCode) { |
| 413 // This is cross-origin since the frame was loaded from www.test.com. | 393 // This is cross-origin since the frame was loaded from www.test.com. |
| 414 KURL url = | 394 KURL url = |
| 415 toKURL("http://www.other.com/CrossOriginWithAccessControlFailure.html"); | 395 toKURL("http://www.other.com/CrossOriginWithAccessControlFailure.html"); |
| 416 WebURLRequest request; | 396 WebURLRequest request; |
| 417 request.setURL(url); | 397 request.setURL(url); |
| 418 | 398 |
| 419 m_expectedResponse = WebURLResponse(); | 399 m_expectedResponse = WebURLResponse(); |
| 420 m_expectedResponse.setMIMEType("text/html"); | 400 m_expectedResponse.setMIMEType("text/html"); |
| 421 m_expectedResponse.setHTTPStatusCode(0); | 401 m_expectedResponse.setHTTPStatusCode(0); |
| 422 m_expectedResponse.addHTTPHeaderField("access-control-allow-origin", "*"); | 402 m_expectedResponse.addHTTPHeaderField("access-control-allow-origin", "*"); |
| 423 Platform::current()->getURLLoaderMockFactory()->registerURL( | 403 Platform::current()->getURLLoaderMockFactory()->registerURL( |
| 424 url, m_expectedResponse, m_frameFilePath); | 404 url, m_expectedResponse, m_frameFilePath); |
| 425 | 405 |
| 426 WebURLLoaderOptions options; | 406 WebAssociatedURLLoaderOptions options; |
| 427 options.crossOriginRequestPolicy = | 407 options.crossOriginRequestPolicy = |
| 428 WebURLLoaderOptions::CrossOriginRequestPolicyUseAccessControl; | 408 WebAssociatedURLLoaderOptions::CrossOriginRequestPolicyUseAccessControl; |
| 429 m_expectedLoader = createAssociatedURLLoader(options); | 409 m_expectedLoader = createAssociatedURLLoader(options); |
| 430 EXPECT_TRUE(m_expectedLoader); | 410 EXPECT_TRUE(m_expectedLoader); |
| 431 m_expectedLoader->loadAsynchronously(request, this); | 411 m_expectedLoader->loadAsynchronously(request, this); |
| 432 | 412 |
| 433 // Failure should not be reported synchronously. | 413 // Failure should not be reported synchronously. |
| 434 EXPECT_FALSE(m_didFail); | 414 EXPECT_FALSE(m_didFail); |
| 435 // The loader needs to receive the response, before doing the CORS check. | 415 // The loader needs to receive the response, before doing the CORS check. |
| 436 serveRequests(); | 416 serveRequests(); |
| 437 EXPECT_TRUE(m_didFail); | 417 EXPECT_TRUE(m_didFail); |
| 438 EXPECT_FALSE(m_didReceiveResponse); | 418 EXPECT_FALSE(m_didReceiveResponse); |
| 439 } | 419 } |
| 440 | 420 |
| 441 // Test a same-origin URL redirect and load. | 421 // Test a same-origin URL redirect and load. |
| 442 TEST_F(AssociatedURLLoaderTest, RedirectSuccess) { | 422 TEST_F(WebAssociatedURLLoaderTest, RedirectSuccess) { |
| 443 KURL url = toKURL("http://www.test.com/RedirectSuccess.html"); | 423 KURL url = toKURL("http://www.test.com/RedirectSuccess.html"); |
| 444 char redirect[] = "http://www.test.com/RedirectSuccess2.html"; // Same-origin | 424 char redirect[] = "http://www.test.com/RedirectSuccess2.html"; // Same-origin |
| 445 KURL redirectURL = toKURL(redirect); | 425 KURL redirectURL = toKURL(redirect); |
| 446 | 426 |
| 447 WebURLRequest request; | 427 WebURLRequest request; |
| 448 request.setURL(url); | 428 request.setURL(url); |
| 449 | 429 |
| 450 m_expectedRedirectResponse = WebURLResponse(); | 430 m_expectedRedirectResponse = WebURLResponse(); |
| 451 m_expectedRedirectResponse.setMIMEType("text/html"); | 431 m_expectedRedirectResponse.setMIMEType("text/html"); |
| 452 m_expectedRedirectResponse.setHTTPStatusCode(301); | 432 m_expectedRedirectResponse.setHTTPStatusCode(301); |
| (...skipping 14 matching lines...) Expand all Loading... |
| 467 EXPECT_TRUE(m_expectedLoader); | 447 EXPECT_TRUE(m_expectedLoader); |
| 468 m_expectedLoader->loadAsynchronously(request, this); | 448 m_expectedLoader->loadAsynchronously(request, this); |
| 469 serveRequests(); | 449 serveRequests(); |
| 470 EXPECT_TRUE(m_willFollowRedirect); | 450 EXPECT_TRUE(m_willFollowRedirect); |
| 471 EXPECT_TRUE(m_didReceiveResponse); | 451 EXPECT_TRUE(m_didReceiveResponse); |
| 472 EXPECT_TRUE(m_didReceiveData); | 452 EXPECT_TRUE(m_didReceiveData); |
| 473 EXPECT_TRUE(m_didFinishLoading); | 453 EXPECT_TRUE(m_didFinishLoading); |
| 474 } | 454 } |
| 475 | 455 |
| 476 // Test a cross-origin URL redirect without Access Control set. | 456 // Test a cross-origin URL redirect without Access Control set. |
| 477 TEST_F(AssociatedURLLoaderTest, RedirectCrossOriginFailure) { | 457 TEST_F(WebAssociatedURLLoaderTest, RedirectCrossOriginFailure) { |
| 478 KURL url = toKURL("http://www.test.com/RedirectCrossOriginFailure.html"); | 458 KURL url = toKURL("http://www.test.com/RedirectCrossOriginFailure.html"); |
| 479 char redirect[] = | 459 char redirect[] = |
| 480 "http://www.other.com/RedirectCrossOriginFailure.html"; // Cross-origin | 460 "http://www.other.com/RedirectCrossOriginFailure.html"; // Cross-origin |
| 481 KURL redirectURL = toKURL(redirect); | 461 KURL redirectURL = toKURL(redirect); |
| 482 | 462 |
| 483 WebURLRequest request; | 463 WebURLRequest request; |
| 484 request.setURL(url); | 464 request.setURL(url); |
| 485 | 465 |
| 486 m_expectedRedirectResponse = WebURLResponse(); | 466 m_expectedRedirectResponse = WebURLResponse(); |
| 487 m_expectedRedirectResponse.setMIMEType("text/html"); | 467 m_expectedRedirectResponse.setMIMEType("text/html"); |
| (...skipping 16 matching lines...) Expand all Loading... |
| 504 m_expectedLoader->loadAsynchronously(request, this); | 484 m_expectedLoader->loadAsynchronously(request, this); |
| 505 | 485 |
| 506 serveRequests(); | 486 serveRequests(); |
| 507 EXPECT_FALSE(m_willFollowRedirect); | 487 EXPECT_FALSE(m_willFollowRedirect); |
| 508 EXPECT_FALSE(m_didReceiveResponse); | 488 EXPECT_FALSE(m_didReceiveResponse); |
| 509 EXPECT_FALSE(m_didReceiveData); | 489 EXPECT_FALSE(m_didReceiveData); |
| 510 EXPECT_FALSE(m_didFinishLoading); | 490 EXPECT_FALSE(m_didFinishLoading); |
| 511 } | 491 } |
| 512 | 492 |
| 513 // Test that a cross origin redirect response without CORS headers fails. | 493 // Test that a cross origin redirect response without CORS headers fails. |
| 514 TEST_F(AssociatedURLLoaderTest, RedirectCrossOriginWithAccessControlFailure) { | 494 TEST_F(WebAssociatedURLLoaderTest, |
| 495 RedirectCrossOriginWithAccessControlFailure) { |
| 515 KURL url = toKURL( | 496 KURL url = toKURL( |
| 516 "http://www.test.com/RedirectCrossOriginWithAccessControlFailure.html"); | 497 "http://www.test.com/RedirectCrossOriginWithAccessControlFailure.html"); |
| 517 char redirect[] = | 498 char redirect[] = |
| 518 "http://www.other.com/" | 499 "http://www.other.com/" |
| 519 "RedirectCrossOriginWithAccessControlFailure.html"; // Cross-origin | 500 "RedirectCrossOriginWithAccessControlFailure.html"; // Cross-origin |
| 520 KURL redirectURL = toKURL(redirect); | 501 KURL redirectURL = toKURL(redirect); |
| 521 | 502 |
| 522 WebURLRequest request; | 503 WebURLRequest request; |
| 523 request.setURL(url); | 504 request.setURL(url); |
| 524 | 505 |
| 525 m_expectedRedirectResponse = WebURLResponse(); | 506 m_expectedRedirectResponse = WebURLResponse(); |
| 526 m_expectedRedirectResponse.setMIMEType("text/html"); | 507 m_expectedRedirectResponse.setMIMEType("text/html"); |
| 527 m_expectedRedirectResponse.setHTTPStatusCode(301); | 508 m_expectedRedirectResponse.setHTTPStatusCode(301); |
| 528 m_expectedRedirectResponse.setHTTPHeaderField("Location", redirect); | 509 m_expectedRedirectResponse.setHTTPHeaderField("Location", redirect); |
| 529 Platform::current()->getURLLoaderMockFactory()->registerURL( | 510 Platform::current()->getURLLoaderMockFactory()->registerURL( |
| 530 url, m_expectedRedirectResponse, m_frameFilePath); | 511 url, m_expectedRedirectResponse, m_frameFilePath); |
| 531 | 512 |
| 532 m_expectedNewRequest = WebURLRequest(); | 513 m_expectedNewRequest = WebURLRequest(); |
| 533 m_expectedNewRequest.setURL(redirectURL); | 514 m_expectedNewRequest.setURL(redirectURL); |
| 534 | 515 |
| 535 m_expectedResponse = WebURLResponse(); | 516 m_expectedResponse = WebURLResponse(); |
| 536 m_expectedResponse.setMIMEType("text/html"); | 517 m_expectedResponse.setMIMEType("text/html"); |
| 537 m_expectedResponse.setHTTPStatusCode(200); | 518 m_expectedResponse.setHTTPStatusCode(200); |
| 538 Platform::current()->getURLLoaderMockFactory()->registerURL( | 519 Platform::current()->getURLLoaderMockFactory()->registerURL( |
| 539 redirectURL, m_expectedResponse, m_frameFilePath); | 520 redirectURL, m_expectedResponse, m_frameFilePath); |
| 540 | 521 |
| 541 WebURLLoaderOptions options; | 522 WebAssociatedURLLoaderOptions options; |
| 542 options.crossOriginRequestPolicy = | 523 options.crossOriginRequestPolicy = |
| 543 WebURLLoaderOptions::CrossOriginRequestPolicyUseAccessControl; | 524 WebAssociatedURLLoaderOptions::CrossOriginRequestPolicyUseAccessControl; |
| 544 m_expectedLoader = createAssociatedURLLoader(options); | 525 m_expectedLoader = createAssociatedURLLoader(options); |
| 545 EXPECT_TRUE(m_expectedLoader); | 526 EXPECT_TRUE(m_expectedLoader); |
| 546 m_expectedLoader->loadAsynchronously(request, this); | 527 m_expectedLoader->loadAsynchronously(request, this); |
| 547 | 528 |
| 548 serveRequests(); | 529 serveRequests(); |
| 549 // We should get a notification about access control check failure. | 530 // We should get a notification about access control check failure. |
| 550 EXPECT_FALSE(m_willFollowRedirect); | 531 EXPECT_FALSE(m_willFollowRedirect); |
| 551 EXPECT_FALSE(m_didReceiveResponse); | 532 EXPECT_FALSE(m_didReceiveResponse); |
| 552 EXPECT_FALSE(m_didReceiveData); | 533 EXPECT_FALSE(m_didReceiveData); |
| 553 EXPECT_TRUE(m_didFail); | 534 EXPECT_TRUE(m_didFail); |
| 554 } | 535 } |
| 555 | 536 |
| 556 // Test that a cross origin redirect response with CORS headers that allow the | 537 // Test that a cross origin redirect response with CORS headers that allow the |
| 557 // requesting origin succeeds. | 538 // requesting origin succeeds. |
| 558 TEST_F(AssociatedURLLoaderTest, RedirectCrossOriginWithAccessControlSuccess) { | 539 TEST_F(WebAssociatedURLLoaderTest, |
| 540 RedirectCrossOriginWithAccessControlSuccess) { |
| 559 KURL url = toKURL( | 541 KURL url = toKURL( |
| 560 "http://www.test.com/RedirectCrossOriginWithAccessControlSuccess.html"); | 542 "http://www.test.com/RedirectCrossOriginWithAccessControlSuccess.html"); |
| 561 char redirect[] = | 543 char redirect[] = |
| 562 "http://www.other.com/" | 544 "http://www.other.com/" |
| 563 "RedirectCrossOriginWithAccessControlSuccess.html"; // Cross-origin | 545 "RedirectCrossOriginWithAccessControlSuccess.html"; // Cross-origin |
| 564 KURL redirectURL = toKURL(redirect); | 546 KURL redirectURL = toKURL(redirect); |
| 565 | 547 |
| 566 WebURLRequest request; | 548 WebURLRequest request; |
| 567 request.setURL(url); | 549 request.setURL(url); |
| 568 // Add a CORS simple header. | 550 // Add a CORS simple header. |
| (...skipping 14 matching lines...) Expand all Loading... |
| 583 m_expectedNewRequest.setURL(redirectURL); | 565 m_expectedNewRequest.setURL(redirectURL); |
| 584 m_expectedNewRequest.setHTTPHeaderField("accept", "application/json"); | 566 m_expectedNewRequest.setHTTPHeaderField("accept", "application/json"); |
| 585 | 567 |
| 586 m_expectedResponse = WebURLResponse(); | 568 m_expectedResponse = WebURLResponse(); |
| 587 m_expectedResponse.setMIMEType("text/html"); | 569 m_expectedResponse.setMIMEType("text/html"); |
| 588 m_expectedResponse.setHTTPStatusCode(200); | 570 m_expectedResponse.setHTTPStatusCode(200); |
| 589 m_expectedResponse.addHTTPHeaderField("access-control-allow-origin", "*"); | 571 m_expectedResponse.addHTTPHeaderField("access-control-allow-origin", "*"); |
| 590 Platform::current()->getURLLoaderMockFactory()->registerURL( | 572 Platform::current()->getURLLoaderMockFactory()->registerURL( |
| 591 redirectURL, m_expectedResponse, m_frameFilePath); | 573 redirectURL, m_expectedResponse, m_frameFilePath); |
| 592 | 574 |
| 593 WebURLLoaderOptions options; | 575 WebAssociatedURLLoaderOptions options; |
| 594 options.crossOriginRequestPolicy = | 576 options.crossOriginRequestPolicy = |
| 595 WebURLLoaderOptions::CrossOriginRequestPolicyUseAccessControl; | 577 WebAssociatedURLLoaderOptions::CrossOriginRequestPolicyUseAccessControl; |
| 596 m_expectedLoader = createAssociatedURLLoader(options); | 578 m_expectedLoader = createAssociatedURLLoader(options); |
| 597 EXPECT_TRUE(m_expectedLoader); | 579 EXPECT_TRUE(m_expectedLoader); |
| 598 m_expectedLoader->loadAsynchronously(request, this); | 580 m_expectedLoader->loadAsynchronously(request, this); |
| 599 serveRequests(); | 581 serveRequests(); |
| 600 // We should not receive a notification for the redirect. | 582 // We should not receive a notification for the redirect. |
| 601 EXPECT_FALSE(m_willFollowRedirect); | 583 EXPECT_FALSE(m_willFollowRedirect); |
| 602 EXPECT_TRUE(m_didReceiveResponse); | 584 EXPECT_TRUE(m_didReceiveResponse); |
| 603 EXPECT_TRUE(m_didReceiveData); | 585 EXPECT_TRUE(m_didReceiveData); |
| 604 EXPECT_TRUE(m_didFinishLoading); | 586 EXPECT_TRUE(m_didFinishLoading); |
| 605 } | 587 } |
| 606 | 588 |
| 607 // Test that untrusted loads can't use a forbidden method. | 589 // Test that untrusted loads can't use a forbidden method. |
| 608 TEST_F(AssociatedURLLoaderTest, UntrustedCheckMethods) { | 590 TEST_F(WebAssociatedURLLoaderTest, UntrustedCheckMethods) { |
| 609 // Check non-token method fails. | 591 // Check non-token method fails. |
| 610 CheckMethodFails("GET()"); | 592 CheckMethodFails("GET()"); |
| 611 CheckMethodFails("POST\x0d\x0ax-csrf-token:\x20test1234"); | 593 CheckMethodFails("POST\x0d\x0ax-csrf-token:\x20test1234"); |
| 612 | 594 |
| 613 // Forbidden methods should fail regardless of casing. | 595 // Forbidden methods should fail regardless of casing. |
| 614 CheckMethodFails("CoNneCt"); | 596 CheckMethodFails("CoNneCt"); |
| 615 CheckMethodFails("TrAcK"); | 597 CheckMethodFails("TrAcK"); |
| 616 CheckMethodFails("TrAcE"); | 598 CheckMethodFails("TrAcE"); |
| 617 } | 599 } |
| 618 | 600 |
| 619 // This test is flaky on Windows and Android. See <http://crbug.com/471645>. | 601 // This test is flaky on Windows and Android. See <http://crbug.com/471645>. |
| 620 #if OS(WIN) || OS(ANDROID) | 602 #if OS(WIN) || OS(ANDROID) |
| 621 #define MAYBE_UntrustedCheckHeaders DISABLED_UntrustedCheckHeaders | 603 #define MAYBE_UntrustedCheckHeaders DISABLED_UntrustedCheckHeaders |
| 622 #else | 604 #else |
| 623 #define MAYBE_UntrustedCheckHeaders UntrustedCheckHeaders | 605 #define MAYBE_UntrustedCheckHeaders UntrustedCheckHeaders |
| 624 #endif | 606 #endif |
| 625 | 607 |
| 626 // Test that untrusted loads can't use a forbidden header field. | 608 // Test that untrusted loads can't use a forbidden header field. |
| 627 TEST_F(AssociatedURLLoaderTest, MAYBE_UntrustedCheckHeaders) { | 609 TEST_F(WebAssociatedURLLoaderTest, MAYBE_UntrustedCheckHeaders) { |
| 628 // Check non-token header fails. | 610 // Check non-token header fails. |
| 629 CheckHeaderFails("foo()"); | 611 CheckHeaderFails("foo()"); |
| 630 | 612 |
| 631 // Check forbidden headers fail. | 613 // Check forbidden headers fail. |
| 632 CheckHeaderFails("accept-charset"); | 614 CheckHeaderFails("accept-charset"); |
| 633 CheckHeaderFails("accept-encoding"); | 615 CheckHeaderFails("accept-encoding"); |
| 634 CheckHeaderFails("connection"); | 616 CheckHeaderFails("connection"); |
| 635 CheckHeaderFails("content-length"); | 617 CheckHeaderFails("content-length"); |
| 636 CheckHeaderFails("cookie"); | 618 CheckHeaderFails("cookie"); |
| 637 CheckHeaderFails("cookie2"); | 619 CheckHeaderFails("cookie2"); |
| (...skipping 18 matching lines...) Expand all Loading... |
| 656 | 638 |
| 657 // Check that validation is case-insensitive. | 639 // Check that validation is case-insensitive. |
| 658 CheckHeaderFails("AcCePt-ChArSeT"); | 640 CheckHeaderFails("AcCePt-ChArSeT"); |
| 659 CheckHeaderFails("ProXy-FoO"); | 641 CheckHeaderFails("ProXy-FoO"); |
| 660 | 642 |
| 661 // Check invalid header values. | 643 // Check invalid header values. |
| 662 CheckHeaderFails("foo", "bar\x0d\x0ax-csrf-token:\x20test1234"); | 644 CheckHeaderFails("foo", "bar\x0d\x0ax-csrf-token:\x20test1234"); |
| 663 } | 645 } |
| 664 | 646 |
| 665 // Test that the loader filters response headers according to the CORS standard. | 647 // Test that the loader filters response headers according to the CORS standard. |
| 666 TEST_F(AssociatedURLLoaderTest, CrossOriginHeaderWhitelisting) { | 648 TEST_F(WebAssociatedURLLoaderTest, CrossOriginHeaderWhitelisting) { |
| 667 // Test that whitelisted headers are returned without exposing them. | 649 // Test that whitelisted headers are returned without exposing them. |
| 668 EXPECT_TRUE(CheckAccessControlHeaders("cache-control", false)); | 650 EXPECT_TRUE(CheckAccessControlHeaders("cache-control", false)); |
| 669 EXPECT_TRUE(CheckAccessControlHeaders("content-language", false)); | 651 EXPECT_TRUE(CheckAccessControlHeaders("content-language", false)); |
| 670 EXPECT_TRUE(CheckAccessControlHeaders("content-type", false)); | 652 EXPECT_TRUE(CheckAccessControlHeaders("content-type", false)); |
| 671 EXPECT_TRUE(CheckAccessControlHeaders("expires", false)); | 653 EXPECT_TRUE(CheckAccessControlHeaders("expires", false)); |
| 672 EXPECT_TRUE(CheckAccessControlHeaders("last-modified", false)); | 654 EXPECT_TRUE(CheckAccessControlHeaders("last-modified", false)); |
| 673 EXPECT_TRUE(CheckAccessControlHeaders("pragma", false)); | 655 EXPECT_TRUE(CheckAccessControlHeaders("pragma", false)); |
| 674 | 656 |
| 675 // Test that non-whitelisted headers aren't returned. | 657 // Test that non-whitelisted headers aren't returned. |
| 676 EXPECT_FALSE(CheckAccessControlHeaders("non-whitelisted", false)); | 658 EXPECT_FALSE(CheckAccessControlHeaders("non-whitelisted", false)); |
| 677 | 659 |
| 678 // Test that Set-Cookie headers aren't returned. | 660 // Test that Set-Cookie headers aren't returned. |
| 679 EXPECT_FALSE(CheckAccessControlHeaders("Set-Cookie", false)); | 661 EXPECT_FALSE(CheckAccessControlHeaders("Set-Cookie", false)); |
| 680 EXPECT_FALSE(CheckAccessControlHeaders("Set-Cookie2", false)); | 662 EXPECT_FALSE(CheckAccessControlHeaders("Set-Cookie2", false)); |
| 681 | 663 |
| 682 // Test that exposed headers that aren't whitelisted are returned. | 664 // Test that exposed headers that aren't whitelisted are returned. |
| 683 EXPECT_TRUE(CheckAccessControlHeaders("non-whitelisted", true)); | 665 EXPECT_TRUE(CheckAccessControlHeaders("non-whitelisted", true)); |
| 684 | 666 |
| 685 // Test that Set-Cookie headers aren't returned, even if exposed. | 667 // Test that Set-Cookie headers aren't returned, even if exposed. |
| 686 EXPECT_FALSE(CheckAccessControlHeaders("Set-Cookie", true)); | 668 EXPECT_FALSE(CheckAccessControlHeaders("Set-Cookie", true)); |
| 687 } | 669 } |
| 688 | 670 |
| 689 // Test that the loader can allow non-whitelisted response headers for trusted | 671 // Test that the loader can allow non-whitelisted response headers for trusted |
| 690 // CORS loads. | 672 // CORS loads. |
| 691 TEST_F(AssociatedURLLoaderTest, CrossOriginHeaderAllowResponseHeaders) { | 673 TEST_F(WebAssociatedURLLoaderTest, CrossOriginHeaderAllowResponseHeaders) { |
| 692 WebURLRequest request; | 674 WebURLRequest request; |
| 693 KURL url = | 675 KURL url = |
| 694 toKURL("http://www.other.com/CrossOriginHeaderAllowResponseHeaders.html"); | 676 toKURL("http://www.other.com/CrossOriginHeaderAllowResponseHeaders.html"); |
| 695 request.setURL(url); | 677 request.setURL(url); |
| 696 | 678 |
| 697 WebString headerNameString(WebString::fromUTF8("non-whitelisted")); | 679 WebString headerNameString(WebString::fromUTF8("non-whitelisted")); |
| 698 m_expectedResponse = WebURLResponse(); | 680 m_expectedResponse = WebURLResponse(); |
| 699 m_expectedResponse.setMIMEType("text/html"); | 681 m_expectedResponse.setMIMEType("text/html"); |
| 700 m_expectedResponse.setHTTPStatusCode(200); | 682 m_expectedResponse.setHTTPStatusCode(200); |
| 701 m_expectedResponse.addHTTPHeaderField("Access-Control-Allow-Origin", "*"); | 683 m_expectedResponse.addHTTPHeaderField("Access-Control-Allow-Origin", "*"); |
| 702 m_expectedResponse.addHTTPHeaderField(headerNameString, "foo"); | 684 m_expectedResponse.addHTTPHeaderField(headerNameString, "foo"); |
| 703 Platform::current()->getURLLoaderMockFactory()->registerURL( | 685 Platform::current()->getURLLoaderMockFactory()->registerURL( |
| 704 url, m_expectedResponse, m_frameFilePath); | 686 url, m_expectedResponse, m_frameFilePath); |
| 705 | 687 |
| 706 WebURLLoaderOptions options; | 688 WebAssociatedURLLoaderOptions options; |
| 707 options.exposeAllResponseHeaders = | 689 options.exposeAllResponseHeaders = |
| 708 true; // This turns off response whitelisting. | 690 true; // This turns off response whitelisting. |
| 709 options.crossOriginRequestPolicy = | 691 options.crossOriginRequestPolicy = |
| 710 WebURLLoaderOptions::CrossOriginRequestPolicyUseAccessControl; | 692 WebAssociatedURLLoaderOptions::CrossOriginRequestPolicyUseAccessControl; |
| 711 m_expectedLoader = createAssociatedURLLoader(options); | 693 m_expectedLoader = createAssociatedURLLoader(options); |
| 712 EXPECT_TRUE(m_expectedLoader); | 694 EXPECT_TRUE(m_expectedLoader); |
| 713 m_expectedLoader->loadAsynchronously(request, this); | 695 m_expectedLoader->loadAsynchronously(request, this); |
| 714 serveRequests(); | 696 serveRequests(); |
| 715 EXPECT_TRUE(m_didReceiveResponse); | 697 EXPECT_TRUE(m_didReceiveResponse); |
| 716 EXPECT_TRUE(m_didReceiveData); | 698 EXPECT_TRUE(m_didReceiveData); |
| 717 EXPECT_TRUE(m_didFinishLoading); | 699 EXPECT_TRUE(m_didFinishLoading); |
| 718 | 700 |
| 719 EXPECT_FALSE(m_actualResponse.httpHeaderField(headerNameString).isEmpty()); | 701 EXPECT_FALSE(m_actualResponse.httpHeaderField(headerNameString).isEmpty()); |
| 720 } | 702 } |
| 721 | 703 |
| 722 } // namespace blink | 704 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2399463007:
AssociatedURLLoader shouldn't derive from WebURLLoader (Closed)
