OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "core/frame/csp/ContentSecurityPolicy.h" | 5 #include "core/frame/csp/ContentSecurityPolicy.h" |
6 | 6 |
7 #include "core/dom/Document.h" | 7 #include "core/dom/Document.h" |
8 #include "core/fetch/IntegrityMetadata.h" | 8 #include "core/fetch/IntegrityMetadata.h" |
9 #include "core/frame/csp/CSPDirectiveList.h" | 9 #include "core/frame/csp/CSPDirectiveList.h" |
10 #include "core/html/HTMLScriptElement.h" | 10 #include "core/html/HTMLScriptElement.h" |
(...skipping 893 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
904 response, secureOrigin.get()), | 904 response, secureOrigin.get()), |
905 test.inherits); | 905 test.inherits); |
906 | 906 |
907 response.setHTTPHeaderField(HTTPNames::Allow_CSP_From, | 907 response.setHTTPHeaderField(HTTPNames::Allow_CSP_From, |
908 AtomicString("https://example.test")); | 908 AtomicString("https://example.test")); |
909 EXPECT_TRUE(ContentSecurityPolicy::shouldEnforceEmbeddersPolicy( | 909 EXPECT_TRUE(ContentSecurityPolicy::shouldEnforceEmbeddersPolicy( |
910 response, secureOrigin.get())); | 910 response, secureOrigin.get())); |
911 } | 911 } |
912 } | 912 } |
913 | 913 |
914 TEST_F(ContentSecurityPolicyTest, DirectiveType) { | |
915 struct TestCase { | |
916 ContentSecurityPolicy::DirectiveType type; | |
917 const String& name; | |
918 } cases[] = { | |
919 {ContentSecurityPolicy::DirectiveType::BaseURI, "base-uri"}, | |
920 {ContentSecurityPolicy::DirectiveType::BlockAllMixedContent, | |
921 "block-all-mixed-content"}, | |
922 {ContentSecurityPolicy::DirectiveType::ChildSrc, "child-src"}, | |
923 {ContentSecurityPolicy::DirectiveType::ConnectSrc, "connect-src"}, | |
924 {ContentSecurityPolicy::DirectiveType::DefaultSrc, "default-src"}, | |
925 {ContentSecurityPolicy::DirectiveType::FrameAncestors, "frame-ancestors"}, | |
926 {ContentSecurityPolicy::DirectiveType::FrameSrc, "frame-src"}, | |
927 {ContentSecurityPolicy::DirectiveType::FontSrc, "font-src"}, | |
928 {ContentSecurityPolicy::DirectiveType::FormAction, "form-action"}, | |
929 {ContentSecurityPolicy::DirectiveType::ImgSrc, "img-src"}, | |
930 {ContentSecurityPolicy::DirectiveType::ManifestSrc, "manifest-src"}, | |
931 {ContentSecurityPolicy::DirectiveType::MediaSrc, "media-src"}, | |
932 {ContentSecurityPolicy::DirectiveType::ObjectSrc, "object-src"}, | |
933 {ContentSecurityPolicy::DirectiveType::PluginTypes, "plugin-types"}, | |
934 {ContentSecurityPolicy::DirectiveType::ReportURI, "report-uri"}, | |
935 {ContentSecurityPolicy::DirectiveType::RequireSRIFor, "require-sri-for"}, | |
936 {ContentSecurityPolicy::DirectiveType::Sandbox, "sandbox"}, | |
937 {ContentSecurityPolicy::DirectiveType::ScriptSrc, "script-src"}, | |
938 {ContentSecurityPolicy::DirectiveType::StyleSrc, "style-src"}, | |
939 {ContentSecurityPolicy::DirectiveType::TreatAsPublicAddress, | |
940 "treat-as-public-address"}, | |
941 {ContentSecurityPolicy::DirectiveType::UpgradeInsecureRequests, | |
942 "upgrade-insecure-requests"}, | |
943 {ContentSecurityPolicy::DirectiveType::WorkerSrc, "worker-src"}, | |
944 }; | |
945 | |
946 EXPECT_EQ(ContentSecurityPolicy::DirectiveType::Undefined, | |
947 ContentSecurityPolicy::getDirectiveType("random")); | |
948 ASSERT_DEATH(ContentSecurityPolicy::getDirectiveName( | |
949 ContentSecurityPolicy::DirectiveType::Undefined), | |
950 "Check failed"); | |
951 | |
952 for (const auto& test : cases) { | |
953 const String& nameFromType = | |
954 ContentSecurityPolicy::getDirectiveName(test.type); | |
955 ContentSecurityPolicy::DirectiveType typeFromName = | |
956 ContentSecurityPolicy::getDirectiveType(test.name); | |
957 EXPECT_EQ(nameFromType, test.name); | |
958 EXPECT_EQ(typeFromName, test.type); | |
959 EXPECT_EQ(test.type, ContentSecurityPolicy::getDirectiveType(nameFromType)); | |
960 EXPECT_EQ(test.name, ContentSecurityPolicy::getDirectiveName(typeFromName)); | |
961 } | |
962 } | |
963 | |
964 } // namespace blink | 914 } // namespace blink |
OLD | NEW |