| Index: third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicyTest.cpp
|
| diff --git a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicyTest.cpp b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicyTest.cpp
|
| index 66eb6243a86a945b9eb3785fee106f1d210a47f0..cc39c4818c2abac20efe0434e4dd34d6f5a80886 100644
|
| --- a/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicyTest.cpp
|
| +++ b/third_party/WebKit/Source/core/frame/csp/ContentSecurityPolicyTest.cpp
|
| @@ -958,4 +958,35 @@ TEST_F(ContentSecurityPolicyTest, DirectiveType) {
|
| }
|
| }
|
|
|
| +TEST_F(ContentSecurityPolicyTest, Subsumes) {
|
| + ContentSecurityPolicy* other = ContentSecurityPolicy::create();
|
| + EXPECT_TRUE(csp->subsumes(*other));
|
| + EXPECT_TRUE(other->subsumes(*csp));
|
| +
|
| + csp->didReceiveHeader("default-src http://example.com;",
|
| + ContentSecurityPolicyHeaderTypeEnforce,
|
| + ContentSecurityPolicyHeaderSourceHTTP);
|
| + // If this CSP is not empty, the other must not be empty either.
|
| + EXPECT_FALSE(csp->subsumes(*other));
|
| + EXPECT_TRUE(other->subsumes(*csp));
|
| +
|
| + // Report-only policies do not impact subsumption.
|
| + other->didReceiveHeader("default-src http://example.com;",
|
| + ContentSecurityPolicyHeaderTypeReport,
|
| + ContentSecurityPolicyHeaderSourceHTTP);
|
| + EXPECT_FALSE(csp->subsumes(*other));
|
| +
|
| + // CSPDirectiveLists have to subsume.
|
| + other->didReceiveHeader("default-src http://example.com https://another.com;",
|
| + ContentSecurityPolicyHeaderTypeEnforce,
|
| + ContentSecurityPolicyHeaderSourceHTTP);
|
| + EXPECT_FALSE(csp->subsumes(*other));
|
| +
|
| + // `other` is stricter than `this`.
|
| + other->didReceiveHeader("default-src https://example.com;",
|
| + ContentSecurityPolicyHeaderTypeEnforce,
|
| + ContentSecurityPolicyHeaderSourceHTTP);
|
| + EXPECT_TRUE(csp->subsumes(*other));
|
| +}
|
| +
|
| } // namespace blink
|
|
|
Chromium Code Reviews
Issue 2526473005:
Part 4.1: Is policy list subsumed under subsuming policy? (Closed)
