| Index: content/common/content_security_policy/csp_context_unittest.cc
|
| diff --git a/content/common/content_security_policy/csp_context_unittest.cc b/content/common/content_security_policy/csp_context_unittest.cc
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..a885b90dcceb0ddef983f39fe36b00c8971238b9
|
| --- /dev/null
|
| +++ b/content/common/content_security_policy/csp_context_unittest.cc
|
| @@ -0,0 +1,72 @@
|
| +// Copyright 2017 The Chromium Authors. All rights reserved.
|
| +// Use of this source code is governed by a BSD-style license that can be
|
| +// found in the LICENSE file.
|
| +
|
| +#include "content/common/content_security_policy/csp_context.h"
|
| +#include "content/common/content_security_policy_header.h"
|
| +#include "testing/gtest/include/gtest/gtest.h"
|
| +
|
| +namespace content {
|
| +
|
| +namespace {
|
| +
|
| +class CSPContextTest : public CSPContext {
|
| + public:
|
| + const std::string& LastConsoleMessage() { return console_message_; }
|
| +
|
| + void AddSchemeToByPass(const std::string& scheme) {
|
| + scheme_to_bypass_.push_back(scheme);
|
| + }
|
| +
|
| + bool SchemeShouldByPass(const base::StringPiece& scheme) override {
|
| + return std::find(scheme_to_bypass_.begin(), scheme_to_bypass_.end(),
|
| + scheme) != scheme_to_bypass_.end();
|
| + }
|
| +
|
| + private:
|
| + void LogToConsole(const std::string& message) override {
|
| + console_message_ = message;
|
| + }
|
| + std::string console_message_;
|
| + std::vector<std::string> scheme_to_bypass_;
|
| +};
|
| +
|
| +CSPPolicy ParsePolicy(CSPContext* context, const std::string& value) {
|
| + return CSPPolicy::Parse(context,
|
| + ContentSecurityPolicyHeader{
|
| + value, blink::WebContentSecurityPolicyTypeEnforce,
|
| + blink::WebContentSecurityPolicySourceHTTP});
|
| +}
|
| +
|
| +} // namespace;
|
| +
|
| +TEST(CSPContextTest, SchemeShouldByPass) {
|
| + CSPContextTest context;
|
| +
|
| + CSPPolicy policy = ParsePolicy(&context, "default-src example.com");
|
| + EXPECT_FALSE(context.Allow({policy}, CSPDirective::FrameSrc,
|
| + GURL("data:text/html,<html></html>")));
|
| + context.AddSchemeToByPass("data");
|
| + EXPECT_TRUE(context.Allow({policy}, CSPDirective::FrameSrc,
|
| + GURL("data:text/html,<html></html>")));
|
| +}
|
| +
|
| +TEST(CSPContextTest, MultiplePolicies) {
|
| + CSPContextTest context;
|
| + context.SetSelf(url::Origin(GURL("http://example.com")));
|
| +
|
| + std::vector<CSPPolicy> policies = {
|
| + ParsePolicy(&context, "frame-src a.com b.com"),
|
| + ParsePolicy(&context, "frame-src a.com c.com")};
|
| +
|
| + EXPECT_TRUE(
|
| + context.Allow(policies, CSPDirective::FrameSrc, GURL("http://a.com")));
|
| + EXPECT_FALSE(
|
| + context.Allow(policies, CSPDirective::FrameSrc, GURL("http://b.com")));
|
| + EXPECT_FALSE(
|
| + context.Allow(policies, CSPDirective::FrameSrc, GURL("http://c.com")));
|
| + EXPECT_FALSE(
|
| + context.Allow(policies, CSPDirective::FrameSrc, GURL("http://d.com")));
|
| +}
|
| +
|
| +} // namespace content
|
|
|
Chromium Code Reviews
Issue 2612793002:
Implement ContentSecurityPolicy on the browser-side. (Closed)
