OLD | NEW |
1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "core/frame/csp/CSPDirectiveList.h" | 5 #include "core/frame/csp/CSPDirectiveList.h" |
6 | 6 |
7 #include "core/frame/csp/ContentSecurityPolicy.h" | 7 #include "core/frame/csp/ContentSecurityPolicy.h" |
8 #include "core/frame/csp/SourceListDirective.h" | 8 #include "core/frame/csp/SourceListDirective.h" |
9 #include "platform/network/ContentSecurityPolicyParsers.h" | 9 #include "platform/network/ContentSecurityPolicyParsers.h" |
10 #include "platform/network/ResourceRequest.h" | 10 #include "platform/network/ResourceRequest.h" |
(...skipping 373 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
384 // Enforce | 384 // Enforce |
385 directiveList = | 385 directiveList = |
386 createList(test.list, ContentSecurityPolicyHeaderTypeEnforce); | 386 createList(test.list, ContentSecurityPolicyHeaderTypeEnforce); |
387 EXPECT_EQ(test.expected, directiveList->allowRequestWithoutIntegrity( | 387 EXPECT_EQ(test.expected, directiveList->allowRequestWithoutIntegrity( |
388 test.context, resource, | 388 test.context, resource, |
389 ResourceRequest::RedirectStatus::NoRedirect, | 389 ResourceRequest::RedirectStatus::NoRedirect, |
390 ContentSecurityPolicy::SuppressReport)); | 390 ContentSecurityPolicy::SuppressReport)); |
391 } | 391 } |
392 } | 392 } |
393 | 393 |
| 394 TEST_F(CSPDirectiveListTest, workerSrc) { |
| 395 struct TestCase { |
| 396 const char* list; |
| 397 bool allowed; |
| 398 } cases[] = { |
| 399 {"worker-src 'none'", false}, |
| 400 {"worker-src http://not.example.test", false}, |
| 401 {"worker-src https://example.test", true}, |
| 402 {"default-src *; worker-src 'none'", false}, |
| 403 {"default-src *; worker-src http://not.example.test", false}, |
| 404 {"default-src *; worker-src https://example.test", true}, |
| 405 {"child-src *; worker-src 'none'", false}, |
| 406 {"child-src *; worker-src http://not.example.test", false}, |
| 407 {"child-src *; worker-src https://example.test", true}, |
| 408 {"default-src *; child-src *; worker-src 'none'", false}, |
| 409 {"default-src *; child-src *; worker-src http://not.example.test", false}, |
| 410 {"default-src *; child-src *; worker-src https://example.test", true}, |
| 411 |
| 412 // Fallback to child-src. |
| 413 {"child-src 'none'", false}, |
| 414 {"child-src http://not.example.test", false}, |
| 415 {"child-src https://example.test", true}, |
| 416 {"default-src *; child-src 'none'", false}, |
| 417 {"default-src *; child-src http://not.example.test", false}, |
| 418 {"default-src *; child-src https://example.test", true}, |
| 419 |
| 420 // Fallback to default-src. |
| 421 {"default-src 'none'", false}, |
| 422 {"default-src http://not.example.test", false}, |
| 423 {"default-src https://example.test", true}, |
| 424 }; |
| 425 |
| 426 for (const auto& test : cases) { |
| 427 SCOPED_TRACE(test.list); |
| 428 KURL resource = KURL(KURL(), "https://example.test/worker.js"); |
| 429 Member<CSPDirectiveList> directiveList = |
| 430 createList(test.list, ContentSecurityPolicyHeaderTypeEnforce); |
| 431 EXPECT_EQ(test.allowed, |
| 432 directiveList->allowWorkerFromSource( |
| 433 resource, ResourceRequest::RedirectStatus::NoRedirect, |
| 434 ContentSecurityPolicy::SuppressReport)); |
| 435 } |
| 436 } |
| 437 |
394 } // namespace blink | 438 } // namespace blink |
OLD | NEW |