| Index: chrome/browser/extensions/api/web_request/web_request_apitest.cc
|
| diff --git a/chrome/browser/extensions/api/web_request/web_request_apitest.cc b/chrome/browser/extensions/api/web_request/web_request_apitest.cc
|
| index ef400b6a0e2ec76571b6887d8d6f5d70535f2775..2ea2352b637d54937495f8d98c477a7fa4799248 100644
|
| --- a/chrome/browser/extensions/api/web_request/web_request_apitest.cc
|
| +++ b/chrome/browser/extensions/api/web_request/web_request_apitest.cc
|
| @@ -12,6 +12,7 @@
|
| #include "chrome/browser/extensions/extension_action_runner.h"
|
| #include "chrome/browser/extensions/extension_apitest.h"
|
| #include "chrome/browser/extensions/extension_service.h"
|
| +#include "chrome/browser/extensions/extension_with_management_policy_apitest.h"
|
| #include "chrome/browser/extensions/tab_helper.h"
|
| #include "chrome/browser/profiles/profile.h"
|
| #include "chrome/browser/search_engines/template_url_service_factory.h"
|
| @@ -22,6 +23,7 @@
|
| #include "chrome/common/extensions/extension_process_policy.h"
|
| #include "chrome/test/base/search_test_utils.h"
|
| #include "chrome/test/base/ui_test_utils.h"
|
| +#include "chromeos/login/scoped_test_public_session_login_state.h"
|
| #include "content/public/browser/notification_registrar.h"
|
| #include "content/public/browser/notification_service.h"
|
| #include "content/public/browser/render_frame_host.h"
|
| @@ -38,6 +40,7 @@
|
| #include "extensions/test/result_catcher.h"
|
| #include "net/dns/mock_host_resolver.h"
|
| #include "net/test/embedded_test_server/embedded_test_server.h"
|
| +#include "net/test/embedded_test_server/http_request.h"
|
| #include "net/test/test_data_directory.h"
|
| #include "third_party/WebKit/public/platform/WebInputEvent.h"
|
|
|
| @@ -124,10 +127,10 @@ int GetWebRequestCountFromBackgroundPage(const Extension* extension,
|
|
|
| } // namespace
|
|
|
| -class ExtensionWebRequestApiTest : public ExtensionApiTest {
|
| +class ExtensionWebRequestApiTest : public ExtensionApiTestWithManagementPolicy {
|
| public:
|
| void SetUpInProcessBrowserTestFixture() override {
|
| - ExtensionApiTest::SetUpInProcessBrowserTestFixture();
|
| + ExtensionApiTestWithManagementPolicy::SetUpInProcessBrowserTestFixture();
|
| host_resolver()->AddRule("*", "127.0.0.1");
|
| }
|
|
|
| @@ -170,10 +173,7 @@ IN_PROC_BROWSER_TEST_F(ExtensionWebRequestApiTest, WebRequestTypes) {
|
| #if defined(OS_CHROMEOS)
|
| IN_PROC_BROWSER_TEST_F(ExtensionWebRequestApiTest, WebRequestPublicSession) {
|
| ASSERT_TRUE(StartEmbeddedTestServer());
|
| - // Set Public Session state.
|
| - chromeos::LoginState::Get()->SetLoggedInState(
|
| - chromeos::LoginState::LOGGED_IN_ACTIVE,
|
| - chromeos::LoginState::LOGGED_IN_USER_PUBLIC_ACCOUNT);
|
| + chromeos::ScopedTestPublicSessionLoginState login_state;
|
| // Disable a CHECK while doing api tests.
|
| WebRequestPermissions::AllowAllExtensionLocationsInPublicSessionForTesting(
|
| true);
|
| @@ -667,4 +667,201 @@ IN_PROC_BROWSER_TEST_F(ExtensionWebRequestApiTest,
|
| << message_;
|
| }
|
|
|
| +IN_PROC_BROWSER_TEST_F(ExtensionWebRequestApiTest, policyBlockByOrigin) {
|
| + // Browse to protected example.com page, which loads JS of unprotected
|
| + // domain. We try to block this external JS in the extension. Since
|
| + // the JS is loaded from a protected Origin, we succeed if the request
|
| + // isn't blocked.
|
| +
|
| + // Set enterprise policy to block modification of requests to or
|
| + // from (origin) example.com/no*. This should NOT match the URL so the request
|
| + // CAN NOT be viewed or modified
|
| + {
|
| + ExtensionManagementPolicyUpdater pref(&policy_provider_);
|
| + pref.AddRuntimeBlockedHost("*", "*://example.com/no*");
|
| + }
|
| + // Set auto confirm UI flag.
|
| + PermissionsRequestFunction::SetAutoConfirmForTests(true);
|
| + PermissionsRequestFunction::SetIgnoreUserGestureForTests(true);
|
| +
|
| + ASSERT_TRUE(StartEmbeddedTestServer());
|
| +
|
| + LoadExtension(test_data_dir_.AppendASCII("webrequest/policy_blocked"));
|
| +
|
| + // Listen to verify extension sees the web request.
|
| + ExtensionTestMessageListener before_request_listener("protected_origin",
|
| + false);
|
| +
|
| + // Wait until all remote Javascript files have been blocked / pulled down.
|
| + ui_test_utils::NavigateToURLWithDisposition(
|
| + browser(),
|
| + embedded_test_server()->GetURL(
|
| + "example.com",
|
| + "/extensions/api_test/webrequest/policy_blocked/ref_remote_js.html"),
|
| + WindowOpenDisposition::CURRENT_TAB,
|
| + ui_test_utils::BROWSER_TEST_WAIT_FOR_NAVIGATION);
|
| +
|
| + // The webRequest was seen by the extension
|
| + EXPECT_TRUE(before_request_listener.was_satisfied());
|
| +
|
| + // Clear the list of domains the server has seen
|
| + ClearRequestLog();
|
| +
|
| + // Set enterprise policy to block modification of requests to or
|
| + // from (origin) example.com/e*. This SHOULD match the URL so the request
|
| + // SHOULD be modifyable, in this case
|
| + {
|
| + ExtensionManagementPolicyUpdater pref(&policy_provider_);
|
| + pref.AddRuntimeBlockedHost("*", "*://example.com/e*");
|
| + }
|
| +
|
| + // Listen in case extension sees the web requst
|
| + ExtensionTestMessageListener before_request_listener2("protected_origin",
|
| + false);
|
| +
|
| + // Wait until all remote Javascript files have been pulled down
|
| + ui_test_utils::NavigateToURLWithDisposition(
|
| + browser(),
|
| + embedded_test_server()->GetURL(
|
| + "example.com",
|
| + "/extensions/api_test/webrequest/policy_blocked/ref_remote_js.html"),
|
| + WindowOpenDisposition::CURRENT_TAB,
|
| + ui_test_utils::BROWSER_TEST_WAIT_FOR_NAVIGATION);
|
| +
|
| + // The server saw a request for the remote Javascript file
|
| + EXPECT_TRUE(BrowsedTo("example2.com"));
|
| +
|
| + // The webRequest was hidden from the extension
|
| + EXPECT_FALSE(before_request_listener2.was_satisfied());
|
| +
|
| + // We need to test again to make sure non-protected URLs are still visible
|
| + ClearRequestLog();
|
| +
|
| + // Wait until all remote Javascript files have been pulled down
|
| + ui_test_utils::NavigateToURLWithDisposition(
|
| + browser(),
|
| + embedded_test_server()->GetURL(
|
| + "not_blocked_example.com",
|
| + "/extensions/api_test/webrequest/policy_blocked/ref_remote_js.html"),
|
| + WindowOpenDisposition::CURRENT_TAB,
|
| + ui_test_utils::BROWSER_TEST_WAIT_FOR_NAVIGATION);
|
| +
|
| + // The server saw a request for the remote Javascript file
|
| + EXPECT_TRUE(BrowsedTo("example2.com"));
|
| +
|
| + // The webRequest was visible from the extension
|
| + EXPECT_TRUE(before_request_listener.was_satisfied());
|
| +}
|
| +
|
| +IN_PROC_BROWSER_TEST_F(ExtensionWebRequestApiTest, policyBlockByUrl) {
|
| + // Set enterprise policy to block modification of requests to or
|
| + // from (origin) example.com.
|
| + {
|
| + ExtensionManagementPolicyUpdater pref(&policy_provider_);
|
| + pref.AddRuntimeBlockedHost("*", "*://example.com/*");
|
| + }
|
| + // Set auto confirm UI flag.
|
| + PermissionsRequestFunction::SetAutoConfirmForTests(true);
|
| + PermissionsRequestFunction::SetIgnoreUserGestureForTests(true);
|
| +
|
| + ASSERT_TRUE(StartEmbeddedTestServer());
|
| +
|
| + LoadExtension(test_data_dir_.AppendASCII("webrequest/policy_blocked"));
|
| +
|
| + // Listen in case extension sees the web requst
|
| + ExtensionTestMessageListener before_request_listener("protected_url", false);
|
| +
|
| + // Wait until page fully loads
|
| + ui_test_utils::NavigateToURLWithDisposition(
|
| + browser(),
|
| + embedded_test_server()->GetURL(
|
| + "example.com",
|
| + "/extensions/api_test/webrequest/policy_blocked/protected_url.html"),
|
| + WindowOpenDisposition::CURRENT_TAB,
|
| + ui_test_utils::BROWSER_TEST_WAIT_FOR_NAVIGATION);
|
| +
|
| + // The server saw a request for the protected site
|
| + EXPECT_TRUE(BrowsedTo("example.com"));
|
| +
|
| + // The webRequest was hidden from the extension
|
| + EXPECT_FALSE(before_request_listener.was_satisfied());
|
| +
|
| + // Wait until page fully loads
|
| + ui_test_utils::NavigateToURLWithDisposition(
|
| + browser(),
|
| + embedded_test_server()->GetURL(
|
| + "not_blocked_example.com",
|
| + "/extensions/api_test/webrequest/policy_blocked/protected_url.html"),
|
| + WindowOpenDisposition::CURRENT_TAB,
|
| + ui_test_utils::BROWSER_TEST_WAIT_FOR_NAVIGATION);
|
| +
|
| + // The server saw a request for the protected site
|
| + EXPECT_TRUE(BrowsedTo("not_blocked_example.com"));
|
| +
|
| + // The webRequest was visible from the extension
|
| + EXPECT_TRUE(before_request_listener.was_satisfied());
|
| +}
|
| +
|
| +// Tests that webRequest respects hosts protected by ExtensionSettings policy.
|
| +IN_PROC_BROWSER_TEST_F(ExtensionWebRequestApiTest,
|
| + WebRequestProtectedByPolicy) {
|
| + FeatureSwitch::ScopedOverride enable_scripts_require_action(
|
| + FeatureSwitch::scripts_require_action(), true);
|
| + {
|
| + ExtensionManagementPolicyUpdater pref(&policy_provider_);
|
| + pref.AddRuntimeBlockedHost("*", "*://example.com/*");
|
| + }
|
| + extensions::PermissionsRequestFunction::SetIgnoreUserGestureForTests(true);
|
| + extensions::PermissionsRequestFunction::SetAutoConfirmForTests(true);
|
| + ASSERT_TRUE(StartEmbeddedTestServer());
|
| +
|
| + ExtensionTestMessageListener listener("ready", false);
|
| + const Extension* extension =
|
| + LoadExtension(test_data_dir_.AppendASCII("webrequest_activetab"));
|
| + ASSERT_TRUE(extension) << message_;
|
| + EXPECT_TRUE(listener.WaitUntilSatisfied());
|
| +
|
| + // Navigate the browser to a page in a new tab.
|
| + const std::string kHost = "example.com";
|
| + GURL url = embedded_test_server()->GetURL(kHost, "/empty.html");
|
| + chrome::NavigateParams params(browser(), url, ui::PAGE_TRANSITION_LINK);
|
| + params.disposition = WindowOpenDisposition::NEW_FOREGROUND_TAB;
|
| + ui_test_utils::NavigateToURL(¶ms);
|
| +
|
| + content::WebContents* web_contents =
|
| + browser()->tab_strip_model()->GetActiveWebContents();
|
| + ASSERT_TRUE(web_contents);
|
| + ExtensionActionRunner* runner =
|
| + ExtensionActionRunner::GetForWebContents(web_contents);
|
| + ASSERT_TRUE(runner);
|
| +
|
| + int port = embedded_test_server()->port();
|
| + const std::string kXhrPath = "simple.html";
|
| +
|
| + // The extension shouldn't have currently received any webRequest events,
|
| + // since it doesn't have permission (and shouldn't receive any from an XHR).
|
| + EXPECT_EQ(0, GetWebRequestCountFromBackgroundPage(extension, profile()));
|
| + PerformXhrInFrame(web_contents->GetMainFrame(), kHost, port, kXhrPath);
|
| + EXPECT_EQ(0, GetWebRequestCountFromBackgroundPage(extension, profile()));
|
| +
|
| + // Grant activeTab permission, and perform another XHR. The extension should
|
| + // still be blocked due to ExtensionSettings policy on example.com.
|
| + EXPECT_EQ(BLOCKED_ACTION_WEB_REQUEST, runner->GetBlockedActions(extension));
|
| + runner->set_default_bubble_close_action_for_testing(
|
| + base::WrapUnique(new ToolbarActionsBarBubbleDelegate::CloseAction(
|
| + ToolbarActionsBarBubbleDelegate::CLOSE_EXECUTE)));
|
| + runner->RunAction(extension, true);
|
| + base::RunLoop().RunUntilIdle();
|
| + EXPECT_TRUE(content::WaitForLoadStop(web_contents));
|
| + // The runner will have refreshed the page...
|
| + EXPECT_EQ(BLOCKED_ACTION_NONE, runner->GetBlockedActions(extension));
|
| + int xhr_count = GetWebRequestCountFromBackgroundPage(extension, profile());
|
| + // ... which means that we should have a non-zero xhr count.
|
| + EXPECT_EQ(xhr_count, 0);
|
| + // And the extension should also block future events.
|
| + PerformXhrInFrame(web_contents->GetMainFrame(), kHost, port, kXhrPath);
|
| + EXPECT_EQ(xhr_count,
|
| + GetWebRequestCountFromBackgroundPage(extension, profile()));
|
| +}
|
| +
|
| } // namespace extensions
|
|
|
Chromium Code Reviews
Issue 2495353003:
chrome.webRequest support for ExtensionSettings (Closed)
