Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(179)

Side by Side Diff: third_party/WebKit/Source/web/WebAssociatedURLLoaderImplTest.cpp

Issue 2399463007: AssociatedURLLoader shouldn't derive from WebURLLoader (Closed)
Patch Set: Rebase Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2011 Google Inc. All rights reserved. 2 * Copyright (C) 2011 Google Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are 5 * modification, are permitted provided that the following conditions are
6 * met: 6 * met:
7 * 7 *
8 * * Redistributions of source code must retain the above copyright 8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer. 9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above 10 * * Redistributions in binary form must reproduce the above
(...skipping 10 matching lines...) Expand all
21 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 21 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
22 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 22 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
23 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 23 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
29 */ 29 */
30 30
31 #include "public/web/WebAssociatedURLLoader.h"
32
31 #include "platform/testing/URLTestHelpers.h" 33 #include "platform/testing/URLTestHelpers.h"
32 #include "platform/testing/UnitTestHelpers.h" 34 #include "platform/testing/UnitTestHelpers.h"
33 #include "public/platform/Platform.h" 35 #include "public/platform/Platform.h"
34 #include "public/platform/WebString.h" 36 #include "public/platform/WebString.h"
35 #include "public/platform/WebThread.h" 37 #include "public/platform/WebThread.h"
36 #include "public/platform/WebURL.h" 38 #include "public/platform/WebURL.h"
37 #include "public/platform/WebURLLoader.h"
38 #include "public/platform/WebURLLoaderClient.h"
39 #include "public/platform/WebURLLoaderMockFactory.h" 39 #include "public/platform/WebURLLoaderMockFactory.h"
40 #include "public/platform/WebURLRequest.h" 40 #include "public/platform/WebURLRequest.h"
41 #include "public/platform/WebURLResponse.h" 41 #include "public/platform/WebURLResponse.h"
42 #include "public/web/WebAssociatedURLLoaderClient.h"
43 #include "public/web/WebAssociatedURLLoaderOptions.h"
42 #include "public/web/WebCache.h" 44 #include "public/web/WebCache.h"
43 #include "public/web/WebFrame.h" 45 #include "public/web/WebFrame.h"
44 #include "public/web/WebURLLoaderOptions.h"
45 #include "public/web/WebView.h" 46 #include "public/web/WebView.h"
46 #include "testing/gtest/include/gtest/gtest.h" 47 #include "testing/gtest/include/gtest/gtest.h"
47 #include "web/tests/FrameTestHelpers.h" 48 #include "web/tests/FrameTestHelpers.h"
48 #include "wtf/PtrUtil.h" 49 #include "wtf/PtrUtil.h"
49 #include "wtf/text/CString.h" 50 #include "wtf/text/CString.h"
50 #include "wtf/text/WTFString.h" 51 #include "wtf/text/WTFString.h"
51 #include <memory> 52 #include <memory>
52 53
53 using blink::URLTestHelpers::toKURL; 54 using blink::URLTestHelpers::toKURL;
54 using blink::testing::runPendingTasks; 55 using blink::testing::runPendingTasks;
55 56
56 namespace blink { 57 namespace blink {
57 58
58 class AssociatedURLLoaderTest : public ::testing::Test, 59 class WebAssociatedURLLoaderTest : public ::testing::Test,
59 public WebURLLoaderClient { 60 public WebAssociatedURLLoaderClient {
60 public: 61 public:
61 AssociatedURLLoaderTest() 62 WebAssociatedURLLoaderTest()
62 : m_willFollowRedirect(false), 63 : m_willFollowRedirect(false),
63 m_didSendData(false), 64 m_didSendData(false),
64 m_didReceiveResponse(false), 65 m_didReceiveResponse(false),
65 m_didReceiveData(false), 66 m_didReceiveData(false),
66 m_didReceiveCachedMetadata(false), 67 m_didReceiveCachedMetadata(false),
67 m_didFinishLoading(false), 68 m_didFinishLoading(false),
68 m_didFail(false) { 69 m_didFail(false) {
69 // Reuse one of the test files from WebFrameTest. 70 // Reuse one of the test files from WebFrameTest.
70 m_baseFilePath = testing::blinkRootDir(); 71 m_baseFilePath = testing::blinkRootDir();
71 m_baseFilePath.append("/Source/web/tests/data/"); 72 m_baseFilePath.append("/Source/web/tests/data/");
(...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after
105 106
106 void TearDown() override { 107 void TearDown() override {
107 Platform::current()->getURLLoaderMockFactory()->unregisterAllURLs(); 108 Platform::current()->getURLLoaderMockFactory()->unregisterAllURLs();
108 WebCache::clear(); 109 WebCache::clear();
109 } 110 }
110 111
111 void serveRequests() { 112 void serveRequests() {
112 Platform::current()->getURLLoaderMockFactory()->serveAsynchronousRequests(); 113 Platform::current()->getURLLoaderMockFactory()->serveAsynchronousRequests();
113 } 114 }
114 115
115 std::unique_ptr<WebURLLoader> createAssociatedURLLoader( 116 std::unique_ptr<WebAssociatedURLLoader> createAssociatedURLLoader(
116 const WebURLLoaderOptions options = WebURLLoaderOptions()) { 117 const WebAssociatedURLLoaderOptions options =
118 WebAssociatedURLLoaderOptions()) {
117 return wrapUnique(mainFrame()->createAssociatedURLLoader(options)); 119 return wrapUnique(mainFrame()->createAssociatedURLLoader(options));
118 } 120 }
119 121
120 // WebURLLoaderClient implementation. 122 // WebAssociatedURLLoaderClient implementation.
121 bool willFollowRedirect(WebURLLoader* loader, 123 bool willFollowRedirect(const WebURLRequest& newRequest,
122 WebURLRequest& newRequest,
123 const WebURLResponse& redirectResponse) override { 124 const WebURLResponse& redirectResponse) override {
124 m_willFollowRedirect = true; 125 m_willFollowRedirect = true;
125 EXPECT_EQ(m_expectedLoader.get(), loader);
126 EXPECT_EQ(m_expectedNewRequest.url(), newRequest.url()); 126 EXPECT_EQ(m_expectedNewRequest.url(), newRequest.url());
127 // Check that CORS simple headers are transferred to the new request. 127 // Check that CORS simple headers are transferred to the new request.
128 EXPECT_EQ(m_expectedNewRequest.httpHeaderField("accept"), 128 EXPECT_EQ(m_expectedNewRequest.httpHeaderField("accept"),
129 newRequest.httpHeaderField("accept")); 129 newRequest.httpHeaderField("accept"));
130 EXPECT_EQ(m_expectedRedirectResponse.url(), redirectResponse.url()); 130 EXPECT_EQ(m_expectedRedirectResponse.url(), redirectResponse.url());
131 EXPECT_EQ(m_expectedRedirectResponse.httpStatusCode(), 131 EXPECT_EQ(m_expectedRedirectResponse.httpStatusCode(),
132 redirectResponse.httpStatusCode()); 132 redirectResponse.httpStatusCode());
133 EXPECT_EQ(m_expectedRedirectResponse.mimeType(), 133 EXPECT_EQ(m_expectedRedirectResponse.mimeType(),
134 redirectResponse.mimeType()); 134 redirectResponse.mimeType());
135 return true; 135 return true;
136 } 136 }
137 137
138 void didSendData(WebURLLoader* loader, 138 void didSendData(unsigned long long bytesSent,
139 unsigned long long bytesSent,
140 unsigned long long totalBytesToBeSent) override { 139 unsigned long long totalBytesToBeSent) override {
141 m_didSendData = true; 140 m_didSendData = true;
142 EXPECT_EQ(m_expectedLoader.get(), loader);
143 } 141 }
144 142
145 void didReceiveResponse(WebURLLoader* loader, 143 void didReceiveResponse(const WebURLResponse& response) override {
146 const WebURLResponse& response) override {
147 m_didReceiveResponse = true; 144 m_didReceiveResponse = true;
148 m_actualResponse = WebURLResponse(response); 145 m_actualResponse = WebURLResponse(response);
149 EXPECT_EQ(m_expectedLoader.get(), loader);
150 EXPECT_EQ(m_expectedResponse.url(), response.url()); 146 EXPECT_EQ(m_expectedResponse.url(), response.url());
151 EXPECT_EQ(m_expectedResponse.httpStatusCode(), response.httpStatusCode()); 147 EXPECT_EQ(m_expectedResponse.httpStatusCode(), response.httpStatusCode());
152 } 148 }
153 149
154 void didDownloadData(WebURLLoader* loader, 150 void didDownloadData(int dataLength) override { m_didDownloadData = true; }
155 int dataLength,
156 int encodedDataLength) override {
157 m_didDownloadData = true;
158 EXPECT_EQ(m_expectedLoader.get(), loader);
159 }
160 151
161 void didReceiveData(WebURLLoader* loader, 152 void didReceiveData(const char* data, int dataLength) override {
162 const char* data,
163 int dataLength,
164 int encodedDataLength,
165 int encodedBodyLength) override {
166 m_didReceiveData = true; 153 m_didReceiveData = true;
167 EXPECT_EQ(m_expectedLoader.get(), loader);
168 EXPECT_TRUE(data); 154 EXPECT_TRUE(data);
169 EXPECT_GT(dataLength, 0); 155 EXPECT_GT(dataLength, 0);
170 } 156 }
171 157
172 void didReceiveCachedMetadata(WebURLLoader* loader, 158 void didReceiveCachedMetadata(const char* data, int dataLength) override {
173 const char* data,
174 int dataLength) override {
175 m_didReceiveCachedMetadata = true; 159 m_didReceiveCachedMetadata = true;
176 EXPECT_EQ(m_expectedLoader.get(), loader);
177 } 160 }
178 161
179 void didFinishLoading(WebURLLoader* loader, 162 void didFinishLoading(double finishTime) override {
180 double finishTime,
181 int64_t encodedDataLength) override {
182 m_didFinishLoading = true; 163 m_didFinishLoading = true;
183 EXPECT_EQ(m_expectedLoader.get(), loader);
184 } 164 }
185 165
186 void didFail(WebURLLoader* loader, const WebURLError& error) override { 166 void didFail(const WebURLError& error) override { m_didFail = true; }
187 m_didFail = true;
188 EXPECT_EQ(m_expectedLoader.get(), loader);
189 }
190 167
191 void CheckMethodFails(const char* unsafeMethod) { 168 void CheckMethodFails(const char* unsafeMethod) {
192 WebURLRequest request; 169 WebURLRequest request;
193 request.setURL(toKURL("http://www.test.com/success.html")); 170 request.setURL(toKURL("http://www.test.com/success.html"));
194 request.setHTTPMethod(WebString::fromUTF8(unsafeMethod)); 171 request.setHTTPMethod(WebString::fromUTF8(unsafeMethod));
195 WebURLLoaderOptions options; 172 WebAssociatedURLLoaderOptions options;
196 options.untrustedHTTP = true; 173 options.untrustedHTTP = true;
197 CheckFails(request, options); 174 CheckFails(request, options);
198 } 175 }
199 176
200 void CheckHeaderFails(const char* headerField) { 177 void CheckHeaderFails(const char* headerField) {
201 CheckHeaderFails(headerField, "foo"); 178 CheckHeaderFails(headerField, "foo");
202 } 179 }
203 180
204 void CheckHeaderFails(const char* headerField, const char* headerValue) { 181 void CheckHeaderFails(const char* headerField, const char* headerValue) {
205 WebURLRequest request; 182 WebURLRequest request;
206 request.setURL(toKURL("http://www.test.com/success.html")); 183 request.setURL(toKURL("http://www.test.com/success.html"));
207 if (equalIgnoringASCIICase(WebString::fromUTF8(headerField), "referer")) 184 if (equalIgnoringASCIICase(WebString::fromUTF8(headerField), "referer")) {
208 request.setHTTPReferrer(WebString::fromUTF8(headerValue), 185 request.setHTTPReferrer(WebString::fromUTF8(headerValue),
209 WebReferrerPolicyDefault); 186 WebReferrerPolicyDefault);
210 else 187 } else {
211 request.setHTTPHeaderField(WebString::fromUTF8(headerField), 188 request.setHTTPHeaderField(WebString::fromUTF8(headerField),
212 WebString::fromUTF8(headerValue)); 189 WebString::fromUTF8(headerValue));
213 WebURLLoaderOptions options; 190 }
191 WebAssociatedURLLoaderOptions options;
214 options.untrustedHTTP = true; 192 options.untrustedHTTP = true;
215 CheckFails(request, options); 193 CheckFails(request, options);
216 } 194 }
217 195
218 void CheckFails(const WebURLRequest& request, 196 void CheckFails(
219 WebURLLoaderOptions options = WebURLLoaderOptions()) { 197 const WebURLRequest& request,
198 WebAssociatedURLLoaderOptions options = WebAssociatedURLLoaderOptions()) {
220 m_expectedLoader = createAssociatedURLLoader(options); 199 m_expectedLoader = createAssociatedURLLoader(options);
221 EXPECT_TRUE(m_expectedLoader); 200 EXPECT_TRUE(m_expectedLoader);
222 m_didFail = false; 201 m_didFail = false;
223 m_expectedLoader->loadAsynchronously(request, this); 202 m_expectedLoader->loadAsynchronously(request, this);
224 // Failure should not be reported synchronously. 203 // Failure should not be reported synchronously.
225 EXPECT_FALSE(m_didFail); 204 EXPECT_FALSE(m_didFail);
226 // Allow the loader to return the error. 205 // Allow the loader to return the error.
227 runPendingTasks(); 206 runPendingTasks();
228 EXPECT_TRUE(m_didFail); 207 EXPECT_TRUE(m_didFail);
229 EXPECT_FALSE(m_didReceiveResponse); 208 EXPECT_FALSE(m_didReceiveResponse);
230 } 209 }
231 210
232 bool CheckAccessControlHeaders(const char* headerName, bool exposed) { 211 bool CheckAccessControlHeaders(const char* headerName, bool exposed) {
233 std::string id("http://www.other.com/CheckAccessControlExposeHeaders_"); 212 std::string id("http://www.other.com/CheckAccessControlExposeHeaders_");
234 id.append(headerName); 213 id.append(headerName);
235 if (exposed) 214 if (exposed)
236 id.append("-Exposed"); 215 id.append("-Exposed");
237 id.append(".html"); 216 id.append(".html");
238 217
239 KURL url = toKURL(id); 218 KURL url = toKURL(id);
240 WebURLRequest request; 219 WebURLRequest request;
241 request.setURL(url); 220 request.setURL(url);
242 221
243 WebString headerNameString(WebString::fromUTF8(headerName)); 222 WebString headerNameString(WebString::fromUTF8(headerName));
244 m_expectedResponse = WebURLResponse(); 223 m_expectedResponse = WebURLResponse();
245 m_expectedResponse.setMIMEType("text/html"); 224 m_expectedResponse.setMIMEType("text/html");
246 m_expectedResponse.setHTTPStatusCode(200); 225 m_expectedResponse.setHTTPStatusCode(200);
247 m_expectedResponse.addHTTPHeaderField("Access-Control-Allow-Origin", "*"); 226 m_expectedResponse.addHTTPHeaderField("Access-Control-Allow-Origin", "*");
248 if (exposed) 227 if (exposed) {
249 m_expectedResponse.addHTTPHeaderField("access-control-expose-headers", 228 m_expectedResponse.addHTTPHeaderField("access-control-expose-headers",
250 headerNameString); 229 headerNameString);
230 }
251 m_expectedResponse.addHTTPHeaderField(headerNameString, "foo"); 231 m_expectedResponse.addHTTPHeaderField(headerNameString, "foo");
252 Platform::current()->getURLLoaderMockFactory()->registerURL( 232 Platform::current()->getURLLoaderMockFactory()->registerURL(
253 url, m_expectedResponse, m_frameFilePath); 233 url, m_expectedResponse, m_frameFilePath);
254 234
255 WebURLLoaderOptions options; 235 WebAssociatedURLLoaderOptions options;
256 options.crossOriginRequestPolicy = 236 options.crossOriginRequestPolicy =
257 WebURLLoaderOptions::CrossOriginRequestPolicyUseAccessControl; 237 WebAssociatedURLLoaderOptions::CrossOriginRequestPolicyUseAccessControl;
258 m_expectedLoader = createAssociatedURLLoader(options); 238 m_expectedLoader = createAssociatedURLLoader(options);
259 EXPECT_TRUE(m_expectedLoader); 239 EXPECT_TRUE(m_expectedLoader);
260 m_expectedLoader->loadAsynchronously(request, this); 240 m_expectedLoader->loadAsynchronously(request, this);
261 serveRequests(); 241 serveRequests();
262 EXPECT_TRUE(m_didReceiveResponse); 242 EXPECT_TRUE(m_didReceiveResponse);
263 EXPECT_TRUE(m_didReceiveData); 243 EXPECT_TRUE(m_didReceiveData);
264 EXPECT_TRUE(m_didFinishLoading); 244 EXPECT_TRUE(m_didFinishLoading);
265 245
266 return !m_actualResponse.httpHeaderField(headerNameString).isEmpty(); 246 return !m_actualResponse.httpHeaderField(headerNameString).isEmpty();
267 } 247 }
268 248
269 WebFrame* mainFrame() const { return m_helper.webView()->mainFrame(); } 249 WebFrame* mainFrame() const { return m_helper.webView()->mainFrame(); }
270 250
271 protected: 251 protected:
272 String m_baseFilePath; 252 String m_baseFilePath;
273 String m_frameFilePath; 253 String m_frameFilePath;
274 FrameTestHelpers::WebViewHelper m_helper; 254 FrameTestHelpers::WebViewHelper m_helper;
275 255
276 std::unique_ptr<WebURLLoader> m_expectedLoader; 256 std::unique_ptr<WebAssociatedURLLoader> m_expectedLoader;
277 WebURLResponse m_actualResponse; 257 WebURLResponse m_actualResponse;
278 WebURLResponse m_expectedResponse; 258 WebURLResponse m_expectedResponse;
279 WebURLRequest m_expectedNewRequest; 259 WebURLRequest m_expectedNewRequest;
280 WebURLResponse m_expectedRedirectResponse; 260 WebURLResponse m_expectedRedirectResponse;
281 bool m_willFollowRedirect; 261 bool m_willFollowRedirect;
282 bool m_didSendData; 262 bool m_didSendData;
283 bool m_didReceiveResponse; 263 bool m_didReceiveResponse;
284 bool m_didDownloadData; 264 bool m_didDownloadData;
285 bool m_didReceiveData; 265 bool m_didReceiveData;
286 bool m_didReceiveCachedMetadata; 266 bool m_didReceiveCachedMetadata;
287 bool m_didFinishLoading; 267 bool m_didFinishLoading;
288 bool m_didFail; 268 bool m_didFail;
289 }; 269 };
290 270
291 // Test a successful same-origin URL load. 271 // Test a successful same-origin URL load.
292 TEST_F(AssociatedURLLoaderTest, SameOriginSuccess) { 272 TEST_F(WebAssociatedURLLoaderTest, SameOriginSuccess) {
293 KURL url = toKURL("http://www.test.com/SameOriginSuccess.html"); 273 KURL url = toKURL("http://www.test.com/SameOriginSuccess.html");
294 WebURLRequest request; 274 WebURLRequest request;
295 request.setURL(url); 275 request.setURL(url);
296 276
297 m_expectedResponse = WebURLResponse(); 277 m_expectedResponse = WebURLResponse();
298 m_expectedResponse.setMIMEType("text/html"); 278 m_expectedResponse.setMIMEType("text/html");
299 m_expectedResponse.setHTTPStatusCode(200); 279 m_expectedResponse.setHTTPStatusCode(200);
300 Platform::current()->getURLLoaderMockFactory()->registerURL( 280 Platform::current()->getURLLoaderMockFactory()->registerURL(
301 url, m_expectedResponse, m_frameFilePath); 281 url, m_expectedResponse, m_frameFilePath);
302 282
303 m_expectedLoader = createAssociatedURLLoader(); 283 m_expectedLoader = createAssociatedURLLoader();
304 EXPECT_TRUE(m_expectedLoader); 284 EXPECT_TRUE(m_expectedLoader);
305 m_expectedLoader->loadAsynchronously(request, this); 285 m_expectedLoader->loadAsynchronously(request, this);
306 serveRequests(); 286 serveRequests();
307 EXPECT_TRUE(m_didReceiveResponse); 287 EXPECT_TRUE(m_didReceiveResponse);
308 EXPECT_TRUE(m_didReceiveData); 288 EXPECT_TRUE(m_didReceiveData);
309 EXPECT_TRUE(m_didFinishLoading); 289 EXPECT_TRUE(m_didFinishLoading);
310 } 290 }
311 291
312 // Test that the same-origin restriction is the default. 292 // Test that the same-origin restriction is the default.
313 TEST_F(AssociatedURLLoaderTest, SameOriginRestriction) { 293 TEST_F(WebAssociatedURLLoaderTest, SameOriginRestriction) {
314 // This is cross-origin since the frame was loaded from www.test.com. 294 // This is cross-origin since the frame was loaded from www.test.com.
315 KURL url = toKURL("http://www.other.com/SameOriginRestriction.html"); 295 KURL url = toKURL("http://www.other.com/SameOriginRestriction.html");
316 WebURLRequest request; 296 WebURLRequest request;
317 request.setURL(url); 297 request.setURL(url);
318 CheckFails(request); 298 CheckFails(request);
319 } 299 }
320 300
321 // Test a successful cross-origin load. 301 // Test a successful cross-origin load.
322 TEST_F(AssociatedURLLoaderTest, CrossOriginSuccess) { 302 TEST_F(WebAssociatedURLLoaderTest, CrossOriginSuccess) {
323 // This is cross-origin since the frame was loaded from www.test.com. 303 // This is cross-origin since the frame was loaded from www.test.com.
324 KURL url = toKURL("http://www.other.com/CrossOriginSuccess"); 304 KURL url = toKURL("http://www.other.com/CrossOriginSuccess");
325 WebURLRequest request; 305 WebURLRequest request;
326 request.setURL(url); 306 request.setURL(url);
327 // No-CORS requests (CrossOriginRequestPolicyAllow) aren't allowed for the 307 // No-CORS requests (CrossOriginRequestPolicyAllow) aren't allowed for the
328 // default context. So we set the context as Script here. 308 // default context. So we set the context as Script here.
329 request.setRequestContext(WebURLRequest::RequestContextScript); 309 request.setRequestContext(WebURLRequest::RequestContextScript);
330 310
331 m_expectedResponse = WebURLResponse(); 311 m_expectedResponse = WebURLResponse();
332 m_expectedResponse.setMIMEType("text/html"); 312 m_expectedResponse.setMIMEType("text/html");
333 m_expectedResponse.setHTTPStatusCode(200); 313 m_expectedResponse.setHTTPStatusCode(200);
334 Platform::current()->getURLLoaderMockFactory()->registerURL( 314 Platform::current()->getURLLoaderMockFactory()->registerURL(
335 url, m_expectedResponse, m_frameFilePath); 315 url, m_expectedResponse, m_frameFilePath);
336 316
337 WebURLLoaderOptions options; 317 WebAssociatedURLLoaderOptions options;
338 options.crossOriginRequestPolicy = 318 options.crossOriginRequestPolicy =
339 WebURLLoaderOptions::CrossOriginRequestPolicyAllow; 319 WebAssociatedURLLoaderOptions::CrossOriginRequestPolicyAllow;
340 m_expectedLoader = createAssociatedURLLoader(options); 320 m_expectedLoader = createAssociatedURLLoader(options);
341 EXPECT_TRUE(m_expectedLoader); 321 EXPECT_TRUE(m_expectedLoader);
342 m_expectedLoader->loadAsynchronously(request, this); 322 m_expectedLoader->loadAsynchronously(request, this);
343 serveRequests(); 323 serveRequests();
344 EXPECT_TRUE(m_didReceiveResponse); 324 EXPECT_TRUE(m_didReceiveResponse);
345 EXPECT_TRUE(m_didReceiveData); 325 EXPECT_TRUE(m_didReceiveData);
346 EXPECT_TRUE(m_didFinishLoading); 326 EXPECT_TRUE(m_didFinishLoading);
347 } 327 }
348 328
349 // Test a successful cross-origin load using CORS. 329 // Test a successful cross-origin load using CORS.
350 TEST_F(AssociatedURLLoaderTest, CrossOriginWithAccessControlSuccess) { 330 TEST_F(WebAssociatedURLLoaderTest, CrossOriginWithAccessControlSuccess) {
351 // This is cross-origin since the frame was loaded from www.test.com. 331 // This is cross-origin since the frame was loaded from www.test.com.
352 KURL url = 332 KURL url =
353 toKURL("http://www.other.com/CrossOriginWithAccessControlSuccess.html"); 333 toKURL("http://www.other.com/CrossOriginWithAccessControlSuccess.html");
354 WebURLRequest request; 334 WebURLRequest request;
355 request.setURL(url); 335 request.setURL(url);
356 336
357 m_expectedResponse = WebURLResponse(); 337 m_expectedResponse = WebURLResponse();
358 m_expectedResponse.setMIMEType("text/html"); 338 m_expectedResponse.setMIMEType("text/html");
359 m_expectedResponse.setHTTPStatusCode(200); 339 m_expectedResponse.setHTTPStatusCode(200);
360 m_expectedResponse.addHTTPHeaderField("access-control-allow-origin", "*"); 340 m_expectedResponse.addHTTPHeaderField("access-control-allow-origin", "*");
361 Platform::current()->getURLLoaderMockFactory()->registerURL( 341 Platform::current()->getURLLoaderMockFactory()->registerURL(
362 url, m_expectedResponse, m_frameFilePath); 342 url, m_expectedResponse, m_frameFilePath);
363 343
364 WebURLLoaderOptions options; 344 WebAssociatedURLLoaderOptions options;
365 options.crossOriginRequestPolicy = 345 options.crossOriginRequestPolicy =
366 WebURLLoaderOptions::CrossOriginRequestPolicyUseAccessControl; 346 WebAssociatedURLLoaderOptions::CrossOriginRequestPolicyUseAccessControl;
367 m_expectedLoader = createAssociatedURLLoader(options); 347 m_expectedLoader = createAssociatedURLLoader(options);
368 EXPECT_TRUE(m_expectedLoader); 348 EXPECT_TRUE(m_expectedLoader);
369 m_expectedLoader->loadAsynchronously(request, this); 349 m_expectedLoader->loadAsynchronously(request, this);
370 serveRequests(); 350 serveRequests();
371 EXPECT_TRUE(m_didReceiveResponse); 351 EXPECT_TRUE(m_didReceiveResponse);
372 EXPECT_TRUE(m_didReceiveData); 352 EXPECT_TRUE(m_didReceiveData);
373 EXPECT_TRUE(m_didFinishLoading); 353 EXPECT_TRUE(m_didFinishLoading);
374 } 354 }
375 355
376 // Test an unsuccessful cross-origin load using CORS. 356 // Test an unsuccessful cross-origin load using CORS.
377 TEST_F(AssociatedURLLoaderTest, CrossOriginWithAccessControlFailure) { 357 TEST_F(WebAssociatedURLLoaderTest, CrossOriginWithAccessControlFailure) {
378 // This is cross-origin since the frame was loaded from www.test.com. 358 // This is cross-origin since the frame was loaded from www.test.com.
379 KURL url = 359 KURL url =
380 toKURL("http://www.other.com/CrossOriginWithAccessControlFailure.html"); 360 toKURL("http://www.other.com/CrossOriginWithAccessControlFailure.html");
381 WebURLRequest request; 361 WebURLRequest request;
382 request.setURL(url); 362 request.setURL(url);
383 363
384 m_expectedResponse = WebURLResponse(); 364 m_expectedResponse = WebURLResponse();
385 m_expectedResponse.setMIMEType("text/html"); 365 m_expectedResponse.setMIMEType("text/html");
386 m_expectedResponse.setHTTPStatusCode(200); 366 m_expectedResponse.setHTTPStatusCode(200);
387 m_expectedResponse.addHTTPHeaderField("access-control-allow-origin", "*"); 367 m_expectedResponse.addHTTPHeaderField("access-control-allow-origin", "*");
388 Platform::current()->getURLLoaderMockFactory()->registerURL( 368 Platform::current()->getURLLoaderMockFactory()->registerURL(
389 url, m_expectedResponse, m_frameFilePath); 369 url, m_expectedResponse, m_frameFilePath);
390 370
391 WebURLLoaderOptions options; 371 WebAssociatedURLLoaderOptions options;
392 // Send credentials. This will cause the CORS checks to fail, because 372 // Send credentials. This will cause the CORS checks to fail, because
393 // credentials can't be sent to a server which returns the header 373 // credentials can't be sent to a server which returns the header
394 // "access-control-allow-origin" with "*" as its value. 374 // "access-control-allow-origin" with "*" as its value.
395 options.allowCredentials = true; 375 options.allowCredentials = true;
396 options.crossOriginRequestPolicy = 376 options.crossOriginRequestPolicy =
397 WebURLLoaderOptions::CrossOriginRequestPolicyUseAccessControl; 377 WebAssociatedURLLoaderOptions::CrossOriginRequestPolicyUseAccessControl;
398 m_expectedLoader = createAssociatedURLLoader(options); 378 m_expectedLoader = createAssociatedURLLoader(options);
399 EXPECT_TRUE(m_expectedLoader); 379 EXPECT_TRUE(m_expectedLoader);
400 m_expectedLoader->loadAsynchronously(request, this); 380 m_expectedLoader->loadAsynchronously(request, this);
401 381
402 // Failure should not be reported synchronously. 382 // Failure should not be reported synchronously.
403 EXPECT_FALSE(m_didFail); 383 EXPECT_FALSE(m_didFail);
404 // The loader needs to receive the response, before doing the CORS check. 384 // The loader needs to receive the response, before doing the CORS check.
405 serveRequests(); 385 serveRequests();
406 EXPECT_TRUE(m_didFail); 386 EXPECT_TRUE(m_didFail);
407 EXPECT_FALSE(m_didReceiveResponse); 387 EXPECT_FALSE(m_didReceiveResponse);
408 } 388 }
409 389
410 // Test an unsuccessful cross-origin load using CORS. 390 // Test an unsuccessful cross-origin load using CORS.
411 TEST_F(AssociatedURLLoaderTest, 391 TEST_F(WebAssociatedURLLoaderTest,
412 CrossOriginWithAccessControlFailureBadStatusCode) { 392 CrossOriginWithAccessControlFailureBadStatusCode) {
413 // This is cross-origin since the frame was loaded from www.test.com. 393 // This is cross-origin since the frame was loaded from www.test.com.
414 KURL url = 394 KURL url =
415 toKURL("http://www.other.com/CrossOriginWithAccessControlFailure.html"); 395 toKURL("http://www.other.com/CrossOriginWithAccessControlFailure.html");
416 WebURLRequest request; 396 WebURLRequest request;
417 request.setURL(url); 397 request.setURL(url);
418 398
419 m_expectedResponse = WebURLResponse(); 399 m_expectedResponse = WebURLResponse();
420 m_expectedResponse.setMIMEType("text/html"); 400 m_expectedResponse.setMIMEType("text/html");
421 m_expectedResponse.setHTTPStatusCode(0); 401 m_expectedResponse.setHTTPStatusCode(0);
422 m_expectedResponse.addHTTPHeaderField("access-control-allow-origin", "*"); 402 m_expectedResponse.addHTTPHeaderField("access-control-allow-origin", "*");
423 Platform::current()->getURLLoaderMockFactory()->registerURL( 403 Platform::current()->getURLLoaderMockFactory()->registerURL(
424 url, m_expectedResponse, m_frameFilePath); 404 url, m_expectedResponse, m_frameFilePath);
425 405
426 WebURLLoaderOptions options; 406 WebAssociatedURLLoaderOptions options;
427 options.crossOriginRequestPolicy = 407 options.crossOriginRequestPolicy =
428 WebURLLoaderOptions::CrossOriginRequestPolicyUseAccessControl; 408 WebAssociatedURLLoaderOptions::CrossOriginRequestPolicyUseAccessControl;
429 m_expectedLoader = createAssociatedURLLoader(options); 409 m_expectedLoader = createAssociatedURLLoader(options);
430 EXPECT_TRUE(m_expectedLoader); 410 EXPECT_TRUE(m_expectedLoader);
431 m_expectedLoader->loadAsynchronously(request, this); 411 m_expectedLoader->loadAsynchronously(request, this);
432 412
433 // Failure should not be reported synchronously. 413 // Failure should not be reported synchronously.
434 EXPECT_FALSE(m_didFail); 414 EXPECT_FALSE(m_didFail);
435 // The loader needs to receive the response, before doing the CORS check. 415 // The loader needs to receive the response, before doing the CORS check.
436 serveRequests(); 416 serveRequests();
437 EXPECT_TRUE(m_didFail); 417 EXPECT_TRUE(m_didFail);
438 EXPECT_FALSE(m_didReceiveResponse); 418 EXPECT_FALSE(m_didReceiveResponse);
439 } 419 }
440 420
441 // Test a same-origin URL redirect and load. 421 // Test a same-origin URL redirect and load.
442 TEST_F(AssociatedURLLoaderTest, RedirectSuccess) { 422 TEST_F(WebAssociatedURLLoaderTest, RedirectSuccess) {
443 KURL url = toKURL("http://www.test.com/RedirectSuccess.html"); 423 KURL url = toKURL("http://www.test.com/RedirectSuccess.html");
444 char redirect[] = "http://www.test.com/RedirectSuccess2.html"; // Same-origin 424 char redirect[] = "http://www.test.com/RedirectSuccess2.html"; // Same-origin
445 KURL redirectURL = toKURL(redirect); 425 KURL redirectURL = toKURL(redirect);
446 426
447 WebURLRequest request; 427 WebURLRequest request;
448 request.setURL(url); 428 request.setURL(url);
449 429
450 m_expectedRedirectResponse = WebURLResponse(); 430 m_expectedRedirectResponse = WebURLResponse();
451 m_expectedRedirectResponse.setMIMEType("text/html"); 431 m_expectedRedirectResponse.setMIMEType("text/html");
452 m_expectedRedirectResponse.setHTTPStatusCode(301); 432 m_expectedRedirectResponse.setHTTPStatusCode(301);
(...skipping 14 matching lines...) Expand all
467 EXPECT_TRUE(m_expectedLoader); 447 EXPECT_TRUE(m_expectedLoader);
468 m_expectedLoader->loadAsynchronously(request, this); 448 m_expectedLoader->loadAsynchronously(request, this);
469 serveRequests(); 449 serveRequests();
470 EXPECT_TRUE(m_willFollowRedirect); 450 EXPECT_TRUE(m_willFollowRedirect);
471 EXPECT_TRUE(m_didReceiveResponse); 451 EXPECT_TRUE(m_didReceiveResponse);
472 EXPECT_TRUE(m_didReceiveData); 452 EXPECT_TRUE(m_didReceiveData);
473 EXPECT_TRUE(m_didFinishLoading); 453 EXPECT_TRUE(m_didFinishLoading);
474 } 454 }
475 455
476 // Test a cross-origin URL redirect without Access Control set. 456 // Test a cross-origin URL redirect without Access Control set.
477 TEST_F(AssociatedURLLoaderTest, RedirectCrossOriginFailure) { 457 TEST_F(WebAssociatedURLLoaderTest, RedirectCrossOriginFailure) {
478 KURL url = toKURL("http://www.test.com/RedirectCrossOriginFailure.html"); 458 KURL url = toKURL("http://www.test.com/RedirectCrossOriginFailure.html");
479 char redirect[] = 459 char redirect[] =
480 "http://www.other.com/RedirectCrossOriginFailure.html"; // Cross-origin 460 "http://www.other.com/RedirectCrossOriginFailure.html"; // Cross-origin
481 KURL redirectURL = toKURL(redirect); 461 KURL redirectURL = toKURL(redirect);
482 462
483 WebURLRequest request; 463 WebURLRequest request;
484 request.setURL(url); 464 request.setURL(url);
485 465
486 m_expectedRedirectResponse = WebURLResponse(); 466 m_expectedRedirectResponse = WebURLResponse();
487 m_expectedRedirectResponse.setMIMEType("text/html"); 467 m_expectedRedirectResponse.setMIMEType("text/html");
(...skipping 16 matching lines...) Expand all
504 m_expectedLoader->loadAsynchronously(request, this); 484 m_expectedLoader->loadAsynchronously(request, this);
505 485
506 serveRequests(); 486 serveRequests();
507 EXPECT_FALSE(m_willFollowRedirect); 487 EXPECT_FALSE(m_willFollowRedirect);
508 EXPECT_FALSE(m_didReceiveResponse); 488 EXPECT_FALSE(m_didReceiveResponse);
509 EXPECT_FALSE(m_didReceiveData); 489 EXPECT_FALSE(m_didReceiveData);
510 EXPECT_FALSE(m_didFinishLoading); 490 EXPECT_FALSE(m_didFinishLoading);
511 } 491 }
512 492
513 // Test that a cross origin redirect response without CORS headers fails. 493 // Test that a cross origin redirect response without CORS headers fails.
514 TEST_F(AssociatedURLLoaderTest, RedirectCrossOriginWithAccessControlFailure) { 494 TEST_F(WebAssociatedURLLoaderTest,
495 RedirectCrossOriginWithAccessControlFailure) {
515 KURL url = toKURL( 496 KURL url = toKURL(
516 "http://www.test.com/RedirectCrossOriginWithAccessControlFailure.html"); 497 "http://www.test.com/RedirectCrossOriginWithAccessControlFailure.html");
517 char redirect[] = 498 char redirect[] =
518 "http://www.other.com/" 499 "http://www.other.com/"
519 "RedirectCrossOriginWithAccessControlFailure.html"; // Cross-origin 500 "RedirectCrossOriginWithAccessControlFailure.html"; // Cross-origin
520 KURL redirectURL = toKURL(redirect); 501 KURL redirectURL = toKURL(redirect);
521 502
522 WebURLRequest request; 503 WebURLRequest request;
523 request.setURL(url); 504 request.setURL(url);
524 505
525 m_expectedRedirectResponse = WebURLResponse(); 506 m_expectedRedirectResponse = WebURLResponse();
526 m_expectedRedirectResponse.setMIMEType("text/html"); 507 m_expectedRedirectResponse.setMIMEType("text/html");
527 m_expectedRedirectResponse.setHTTPStatusCode(301); 508 m_expectedRedirectResponse.setHTTPStatusCode(301);
528 m_expectedRedirectResponse.setHTTPHeaderField("Location", redirect); 509 m_expectedRedirectResponse.setHTTPHeaderField("Location", redirect);
529 Platform::current()->getURLLoaderMockFactory()->registerURL( 510 Platform::current()->getURLLoaderMockFactory()->registerURL(
530 url, m_expectedRedirectResponse, m_frameFilePath); 511 url, m_expectedRedirectResponse, m_frameFilePath);
531 512
532 m_expectedNewRequest = WebURLRequest(); 513 m_expectedNewRequest = WebURLRequest();
533 m_expectedNewRequest.setURL(redirectURL); 514 m_expectedNewRequest.setURL(redirectURL);
534 515
535 m_expectedResponse = WebURLResponse(); 516 m_expectedResponse = WebURLResponse();
536 m_expectedResponse.setMIMEType("text/html"); 517 m_expectedResponse.setMIMEType("text/html");
537 m_expectedResponse.setHTTPStatusCode(200); 518 m_expectedResponse.setHTTPStatusCode(200);
538 Platform::current()->getURLLoaderMockFactory()->registerURL( 519 Platform::current()->getURLLoaderMockFactory()->registerURL(
539 redirectURL, m_expectedResponse, m_frameFilePath); 520 redirectURL, m_expectedResponse, m_frameFilePath);
540 521
541 WebURLLoaderOptions options; 522 WebAssociatedURLLoaderOptions options;
542 options.crossOriginRequestPolicy = 523 options.crossOriginRequestPolicy =
543 WebURLLoaderOptions::CrossOriginRequestPolicyUseAccessControl; 524 WebAssociatedURLLoaderOptions::CrossOriginRequestPolicyUseAccessControl;
544 m_expectedLoader = createAssociatedURLLoader(options); 525 m_expectedLoader = createAssociatedURLLoader(options);
545 EXPECT_TRUE(m_expectedLoader); 526 EXPECT_TRUE(m_expectedLoader);
546 m_expectedLoader->loadAsynchronously(request, this); 527 m_expectedLoader->loadAsynchronously(request, this);
547 528
548 serveRequests(); 529 serveRequests();
549 // We should get a notification about access control check failure. 530 // We should get a notification about access control check failure.
550 EXPECT_FALSE(m_willFollowRedirect); 531 EXPECT_FALSE(m_willFollowRedirect);
551 EXPECT_FALSE(m_didReceiveResponse); 532 EXPECT_FALSE(m_didReceiveResponse);
552 EXPECT_FALSE(m_didReceiveData); 533 EXPECT_FALSE(m_didReceiveData);
553 EXPECT_TRUE(m_didFail); 534 EXPECT_TRUE(m_didFail);
554 } 535 }
555 536
556 // Test that a cross origin redirect response with CORS headers that allow the 537 // Test that a cross origin redirect response with CORS headers that allow the
557 // requesting origin succeeds. 538 // requesting origin succeeds.
558 TEST_F(AssociatedURLLoaderTest, RedirectCrossOriginWithAccessControlSuccess) { 539 TEST_F(WebAssociatedURLLoaderTest,
540 RedirectCrossOriginWithAccessControlSuccess) {
559 KURL url = toKURL( 541 KURL url = toKURL(
560 "http://www.test.com/RedirectCrossOriginWithAccessControlSuccess.html"); 542 "http://www.test.com/RedirectCrossOriginWithAccessControlSuccess.html");
561 char redirect[] = 543 char redirect[] =
562 "http://www.other.com/" 544 "http://www.other.com/"
563 "RedirectCrossOriginWithAccessControlSuccess.html"; // Cross-origin 545 "RedirectCrossOriginWithAccessControlSuccess.html"; // Cross-origin
564 KURL redirectURL = toKURL(redirect); 546 KURL redirectURL = toKURL(redirect);
565 547
566 WebURLRequest request; 548 WebURLRequest request;
567 request.setURL(url); 549 request.setURL(url);
568 // Add a CORS simple header. 550 // Add a CORS simple header.
(...skipping 14 matching lines...) Expand all
583 m_expectedNewRequest.setURL(redirectURL); 565 m_expectedNewRequest.setURL(redirectURL);
584 m_expectedNewRequest.setHTTPHeaderField("accept", "application/json"); 566 m_expectedNewRequest.setHTTPHeaderField("accept", "application/json");
585 567
586 m_expectedResponse = WebURLResponse(); 568 m_expectedResponse = WebURLResponse();
587 m_expectedResponse.setMIMEType("text/html"); 569 m_expectedResponse.setMIMEType("text/html");
588 m_expectedResponse.setHTTPStatusCode(200); 570 m_expectedResponse.setHTTPStatusCode(200);
589 m_expectedResponse.addHTTPHeaderField("access-control-allow-origin", "*"); 571 m_expectedResponse.addHTTPHeaderField("access-control-allow-origin", "*");
590 Platform::current()->getURLLoaderMockFactory()->registerURL( 572 Platform::current()->getURLLoaderMockFactory()->registerURL(
591 redirectURL, m_expectedResponse, m_frameFilePath); 573 redirectURL, m_expectedResponse, m_frameFilePath);
592 574
593 WebURLLoaderOptions options; 575 WebAssociatedURLLoaderOptions options;
594 options.crossOriginRequestPolicy = 576 options.crossOriginRequestPolicy =
595 WebURLLoaderOptions::CrossOriginRequestPolicyUseAccessControl; 577 WebAssociatedURLLoaderOptions::CrossOriginRequestPolicyUseAccessControl;
596 m_expectedLoader = createAssociatedURLLoader(options); 578 m_expectedLoader = createAssociatedURLLoader(options);
597 EXPECT_TRUE(m_expectedLoader); 579 EXPECT_TRUE(m_expectedLoader);
598 m_expectedLoader->loadAsynchronously(request, this); 580 m_expectedLoader->loadAsynchronously(request, this);
599 serveRequests(); 581 serveRequests();
600 // We should not receive a notification for the redirect. 582 // We should not receive a notification for the redirect.
601 EXPECT_FALSE(m_willFollowRedirect); 583 EXPECT_FALSE(m_willFollowRedirect);
602 EXPECT_TRUE(m_didReceiveResponse); 584 EXPECT_TRUE(m_didReceiveResponse);
603 EXPECT_TRUE(m_didReceiveData); 585 EXPECT_TRUE(m_didReceiveData);
604 EXPECT_TRUE(m_didFinishLoading); 586 EXPECT_TRUE(m_didFinishLoading);
605 } 587 }
606 588
607 // Test that untrusted loads can't use a forbidden method. 589 // Test that untrusted loads can't use a forbidden method.
608 TEST_F(AssociatedURLLoaderTest, UntrustedCheckMethods) { 590 TEST_F(WebAssociatedURLLoaderTest, UntrustedCheckMethods) {
609 // Check non-token method fails. 591 // Check non-token method fails.
610 CheckMethodFails("GET()"); 592 CheckMethodFails("GET()");
611 CheckMethodFails("POST\x0d\x0ax-csrf-token:\x20test1234"); 593 CheckMethodFails("POST\x0d\x0ax-csrf-token:\x20test1234");
612 594
613 // Forbidden methods should fail regardless of casing. 595 // Forbidden methods should fail regardless of casing.
614 CheckMethodFails("CoNneCt"); 596 CheckMethodFails("CoNneCt");
615 CheckMethodFails("TrAcK"); 597 CheckMethodFails("TrAcK");
616 CheckMethodFails("TrAcE"); 598 CheckMethodFails("TrAcE");
617 } 599 }
618 600
619 // This test is flaky on Windows and Android. See <http://crbug.com/471645>. 601 // This test is flaky on Windows and Android. See <http://crbug.com/471645>.
620 #if OS(WIN) || OS(ANDROID) 602 #if OS(WIN) || OS(ANDROID)
621 #define MAYBE_UntrustedCheckHeaders DISABLED_UntrustedCheckHeaders 603 #define MAYBE_UntrustedCheckHeaders DISABLED_UntrustedCheckHeaders
622 #else 604 #else
623 #define MAYBE_UntrustedCheckHeaders UntrustedCheckHeaders 605 #define MAYBE_UntrustedCheckHeaders UntrustedCheckHeaders
624 #endif 606 #endif
625 607
626 // Test that untrusted loads can't use a forbidden header field. 608 // Test that untrusted loads can't use a forbidden header field.
627 TEST_F(AssociatedURLLoaderTest, MAYBE_UntrustedCheckHeaders) { 609 TEST_F(WebAssociatedURLLoaderTest, MAYBE_UntrustedCheckHeaders) {
628 // Check non-token header fails. 610 // Check non-token header fails.
629 CheckHeaderFails("foo()"); 611 CheckHeaderFails("foo()");
630 612
631 // Check forbidden headers fail. 613 // Check forbidden headers fail.
632 CheckHeaderFails("accept-charset"); 614 CheckHeaderFails("accept-charset");
633 CheckHeaderFails("accept-encoding"); 615 CheckHeaderFails("accept-encoding");
634 CheckHeaderFails("connection"); 616 CheckHeaderFails("connection");
635 CheckHeaderFails("content-length"); 617 CheckHeaderFails("content-length");
636 CheckHeaderFails("cookie"); 618 CheckHeaderFails("cookie");
637 CheckHeaderFails("cookie2"); 619 CheckHeaderFails("cookie2");
(...skipping 18 matching lines...) Expand all
656 638
657 // Check that validation is case-insensitive. 639 // Check that validation is case-insensitive.
658 CheckHeaderFails("AcCePt-ChArSeT"); 640 CheckHeaderFails("AcCePt-ChArSeT");
659 CheckHeaderFails("ProXy-FoO"); 641 CheckHeaderFails("ProXy-FoO");
660 642
661 // Check invalid header values. 643 // Check invalid header values.
662 CheckHeaderFails("foo", "bar\x0d\x0ax-csrf-token:\x20test1234"); 644 CheckHeaderFails("foo", "bar\x0d\x0ax-csrf-token:\x20test1234");
663 } 645 }
664 646
665 // Test that the loader filters response headers according to the CORS standard. 647 // Test that the loader filters response headers according to the CORS standard.
666 TEST_F(AssociatedURLLoaderTest, CrossOriginHeaderWhitelisting) { 648 TEST_F(WebAssociatedURLLoaderTest, CrossOriginHeaderWhitelisting) {
667 // Test that whitelisted headers are returned without exposing them. 649 // Test that whitelisted headers are returned without exposing them.
668 EXPECT_TRUE(CheckAccessControlHeaders("cache-control", false)); 650 EXPECT_TRUE(CheckAccessControlHeaders("cache-control", false));
669 EXPECT_TRUE(CheckAccessControlHeaders("content-language", false)); 651 EXPECT_TRUE(CheckAccessControlHeaders("content-language", false));
670 EXPECT_TRUE(CheckAccessControlHeaders("content-type", false)); 652 EXPECT_TRUE(CheckAccessControlHeaders("content-type", false));
671 EXPECT_TRUE(CheckAccessControlHeaders("expires", false)); 653 EXPECT_TRUE(CheckAccessControlHeaders("expires", false));
672 EXPECT_TRUE(CheckAccessControlHeaders("last-modified", false)); 654 EXPECT_TRUE(CheckAccessControlHeaders("last-modified", false));
673 EXPECT_TRUE(CheckAccessControlHeaders("pragma", false)); 655 EXPECT_TRUE(CheckAccessControlHeaders("pragma", false));
674 656
675 // Test that non-whitelisted headers aren't returned. 657 // Test that non-whitelisted headers aren't returned.
676 EXPECT_FALSE(CheckAccessControlHeaders("non-whitelisted", false)); 658 EXPECT_FALSE(CheckAccessControlHeaders("non-whitelisted", false));
677 659
678 // Test that Set-Cookie headers aren't returned. 660 // Test that Set-Cookie headers aren't returned.
679 EXPECT_FALSE(CheckAccessControlHeaders("Set-Cookie", false)); 661 EXPECT_FALSE(CheckAccessControlHeaders("Set-Cookie", false));
680 EXPECT_FALSE(CheckAccessControlHeaders("Set-Cookie2", false)); 662 EXPECT_FALSE(CheckAccessControlHeaders("Set-Cookie2", false));
681 663
682 // Test that exposed headers that aren't whitelisted are returned. 664 // Test that exposed headers that aren't whitelisted are returned.
683 EXPECT_TRUE(CheckAccessControlHeaders("non-whitelisted", true)); 665 EXPECT_TRUE(CheckAccessControlHeaders("non-whitelisted", true));
684 666
685 // Test that Set-Cookie headers aren't returned, even if exposed. 667 // Test that Set-Cookie headers aren't returned, even if exposed.
686 EXPECT_FALSE(CheckAccessControlHeaders("Set-Cookie", true)); 668 EXPECT_FALSE(CheckAccessControlHeaders("Set-Cookie", true));
687 } 669 }
688 670
689 // Test that the loader can allow non-whitelisted response headers for trusted 671 // Test that the loader can allow non-whitelisted response headers for trusted
690 // CORS loads. 672 // CORS loads.
691 TEST_F(AssociatedURLLoaderTest, CrossOriginHeaderAllowResponseHeaders) { 673 TEST_F(WebAssociatedURLLoaderTest, CrossOriginHeaderAllowResponseHeaders) {
692 WebURLRequest request; 674 WebURLRequest request;
693 KURL url = 675 KURL url =
694 toKURL("http://www.other.com/CrossOriginHeaderAllowResponseHeaders.html"); 676 toKURL("http://www.other.com/CrossOriginHeaderAllowResponseHeaders.html");
695 request.setURL(url); 677 request.setURL(url);
696 678
697 WebString headerNameString(WebString::fromUTF8("non-whitelisted")); 679 WebString headerNameString(WebString::fromUTF8("non-whitelisted"));
698 m_expectedResponse = WebURLResponse(); 680 m_expectedResponse = WebURLResponse();
699 m_expectedResponse.setMIMEType("text/html"); 681 m_expectedResponse.setMIMEType("text/html");
700 m_expectedResponse.setHTTPStatusCode(200); 682 m_expectedResponse.setHTTPStatusCode(200);
701 m_expectedResponse.addHTTPHeaderField("Access-Control-Allow-Origin", "*"); 683 m_expectedResponse.addHTTPHeaderField("Access-Control-Allow-Origin", "*");
702 m_expectedResponse.addHTTPHeaderField(headerNameString, "foo"); 684 m_expectedResponse.addHTTPHeaderField(headerNameString, "foo");
703 Platform::current()->getURLLoaderMockFactory()->registerURL( 685 Platform::current()->getURLLoaderMockFactory()->registerURL(
704 url, m_expectedResponse, m_frameFilePath); 686 url, m_expectedResponse, m_frameFilePath);
705 687
706 WebURLLoaderOptions options; 688 WebAssociatedURLLoaderOptions options;
707 options.exposeAllResponseHeaders = 689 options.exposeAllResponseHeaders =
708 true; // This turns off response whitelisting. 690 true; // This turns off response whitelisting.
709 options.crossOriginRequestPolicy = 691 options.crossOriginRequestPolicy =
710 WebURLLoaderOptions::CrossOriginRequestPolicyUseAccessControl; 692 WebAssociatedURLLoaderOptions::CrossOriginRequestPolicyUseAccessControl;
711 m_expectedLoader = createAssociatedURLLoader(options); 693 m_expectedLoader = createAssociatedURLLoader(options);
712 EXPECT_TRUE(m_expectedLoader); 694 EXPECT_TRUE(m_expectedLoader);
713 m_expectedLoader->loadAsynchronously(request, this); 695 m_expectedLoader->loadAsynchronously(request, this);
714 serveRequests(); 696 serveRequests();
715 EXPECT_TRUE(m_didReceiveResponse); 697 EXPECT_TRUE(m_didReceiveResponse);
716 EXPECT_TRUE(m_didReceiveData); 698 EXPECT_TRUE(m_didReceiveData);
717 EXPECT_TRUE(m_didFinishLoading); 699 EXPECT_TRUE(m_didFinishLoading);
718 700
719 EXPECT_FALSE(m_actualResponse.httpHeaderField(headerNameString).isEmpty()); 701 EXPECT_FALSE(m_actualResponse.httpHeaderField(headerNameString).isEmpty());
720 } 702 }
721 703
722 } // namespace blink 704 } // namespace blink
OLDNEW
« no previous file with comments | « third_party/WebKit/Source/web/WebAssociatedURLLoaderImpl.cpp ('k') | third_party/WebKit/Source/web/WebLocalFrameImpl.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698