chrome/test/data/extensions/api_test/webrequest/test_types.js - Issue 2472333003: CSP: "local schemes" should inherit policy when embedded. - Code Review

Chromium Code Reviews

chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out

(43)

My Issues | Starred Open | Closed | All

Side by Side Diff: chrome/test/data/extensions/api_test/webrequest/test_types.js

Issue 2472333003: CSP: "local schemes" should inherit policy when embedded. (Closed)

Patch Set: dcheng@ Created 4 years ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« no previous file with comments | « chrome/test/data/extensions/api_test/webrequest/manifest.json ('k') | third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/cascade/cross-origin.html » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 // Copyright 2015 The Chromium Authors. All rights reserved.	1 // Copyright 2015 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 function getStyleURL() {	5 function getStyleURL() {

6 // This is not a style sheet, but it must still be classified as "stylesheet"	6 // This is not a style sheet, but it must still be classified as "stylesheet"

7 // because it is loaded as a style sheet.	7 // because it is loaded as a style sheet.

8 return getServerURL('empty.html?as-style');	8 return getServerURL('empty.html?as-style');

9 }	9 }

10	10

11 function getScriptURL() {	11 function getScriptURL() {

12 // The file is empty, so JS errors will not be generated upon execution.	12 // The file is empty, so JS errors will not be generated upon execution.

13 return getServerURL('empty.html?as-script');	13 //

	14 // We load from '127.0.0.1', as that is a whitelistable source of script

	15 // from outside the extension's package.

	16 return getServerURL('empty.html?as-script', '127.0.0.1');

14 }	17 }

15	18

16 function getFontURL() {	19 function getFontURL() {

17 // Not a font, but will be loaded as a font.	20 // Not a font, but will be loaded as a font.

18 return getServerURL('empty.html?as-font');	21 return getServerURL('empty.html?as-font');

19 }	22 }

20	23

21 function getWorkerURL() {	24 function getWorkerURL() {

22 // This file is empty, so it does not generate JavaScript errors when loaded	25 // This file is empty, so it does not generate JavaScript errors when loaded

23 // as a worker script.	26 // as a worker script.

(...skipping 172 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
196 ip: '127.0.0.1',	199 ip: '127.0.0.1',

197 fromCache: false,	200 fromCache: false,

198 statusLine: 'HTTP/1.1 200 OK',	201 statusLine: 'HTTP/1.1 200 OK',

199 statusCode: 200,	202 statusCode: 200,

200 },	203 },

201 }],	204 }],

202 [['onBeforeRequest', 'onBeforeSendHeaders', 'onSendHeaders',	205 [['onBeforeRequest', 'onBeforeSendHeaders', 'onSendHeaders',

203 'onHeadersReceived', 'onResponseStarted', 'onCompleted']],	206 'onHeadersReceived', 'onResponseStarted', 'onCompleted']],

204 getScriptFilter());	207 getScriptFilter());

205	208

206 // This tab is an extension, and the default Content Security Policy forbids

207 // injecting external scripts in the page. So we just load the script in a

208 // frame via a data:-URL (which is not subject to the extension's CSP).

209 //

210 // data-URLs are not visible to the webRequest API, so we don't have to

211 // include the frame in the expectations - this is a nice side effect.

212 var frame = document.createElement('iframe');	209 var frame = document.createElement('iframe');

213 frame.src = 'data:text/html,<script src="' + getScriptURL() + '"></script>';	210 frame.src = 'data:text/html,<script src="' + getScriptURL() + '"></script>';

214 document.body.appendChild(frame);	211 document.body.appendChild(frame);

215 },	212 },

216	213

217 function typeFont() {	214 function typeFont() {

218 expect([	215 expect([

219 { label: 'onBeforeRequest',	216 { label: 'onBeforeRequest',

220 event: 'onBeforeRequest',	217 event: 'onBeforeRequest',

221 details: {	218 details: {

(...skipping 385 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
607 var frame = document.createElement('iframe');	604 var frame = document.createElement('iframe');

608 document.body.appendChild(frame);	605 document.body.appendChild(frame);

609 frame.contentWindow.onunload = function() {	606 frame.contentWindow.onunload = function() {

610 console.log('Going to send beacon...');	607 console.log('Going to send beacon...');

611 var sentBeacon = frame.contentWindow.navigator.sendBeacon(getSlowURL());	608 var sentBeacon = frame.contentWindow.navigator.sendBeacon(getSlowURL());

612 chrome.test.assertTrue(sentBeacon);	609 chrome.test.assertTrue(sentBeacon);

613 };	610 };

614 frame.remove();	611 frame.remove();

615 },	612 },

616 ]);	613 ]);

OLD	NEW

« no previous file with comments | « chrome/test/data/extensions/api_test/webrequest/manifest.json ('k') | third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/cascade/cross-origin.html » ('j') | no next file with comments »

Powered by Google App Engine

This is Rietveld 408576698