| OLD | NEW |
|---|
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. | 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "core/fetch/CrossOriginAccessControl.h" | 5 #include "core/fetch/CrossOriginAccessControl.h" |
| 6 | 6 |
| 7 #include "platform/network/ResourceRequest.h" | 7 #include "platform/network/ResourceRequest.h" |
| 8 #include "platform/weborigin/SecurityOrigin.h" | 8 #include "platform/weborigin/SecurityOrigin.h" |
| 9 #include "testing/gtest/include/gtest/gtest.h" | 9 #include "testing/gtest/include/gtest/gtest.h" |
| 10 #include "wtf/RefPtr.h" | 10 #include "wtf/RefPtr.h" |
| 11 #include "wtf/text/WTFString.h" | 11 #include "wtf/text/WTFString.h" |
| 12 | 12 |
| 13 namespace blink { | 13 namespace blink { |
| 14 | 14 |
| 15 namespace { | 15 namespace { |
| 16 | 16 |
| 17 class CreateAccessControlPreflightRequestTest : public ::testing::Test { | 17 TEST(CreateAccessControlPreflightRequestTest, LexicographicalOrder) { |
| 18 protected: | |
| 19 virtual void SetUp() { | |
| 20 m_securityOrigin = SecurityOrigin::createFromString("http://example.com"); | |
| 21 } | |
| 22 | |
| 23 RefPtr<SecurityOrigin> m_securityOrigin; | |
| 24 }; | |
| 25 | |
| 26 TEST_F(CreateAccessControlPreflightRequestTest, LexicographicalOrder) { | |
| 27 ResourceRequest request; | 18 ResourceRequest request; |
| 28 request.addHTTPHeaderField("Orange", "Orange"); | 19 request.addHTTPHeaderField("Orange", "Orange"); |
| 29 request.addHTTPHeaderField("Apple", "Red"); | 20 request.addHTTPHeaderField("Apple", "Red"); |
| 30 request.addHTTPHeaderField("Kiwifruit", "Green"); | 21 request.addHTTPHeaderField("Kiwifruit", "Green"); |
| 31 request.addHTTPHeaderField("Content-Type", "application/octet-stream"); | 22 request.addHTTPHeaderField("Content-Type", "application/octet-stream"); |
| 32 request.addHTTPHeaderField("Strawberry", "Red"); | 23 request.addHTTPHeaderField("Strawberry", "Red"); |
| 33 | 24 |
| 34 ResourceRequest preflight = | 25 ResourceRequest preflight = createAccessControlPreflightRequest(request); |
| 35 createAccessControlPreflightRequest(request, m_securityOrigin.get()); | |
| 36 | 26 |
| 37 EXPECT_EQ("apple,content-type,kiwifruit,orange,strawberry", | 27 EXPECT_EQ("apple,content-type,kiwifruit,orange,strawberry", |
| 38 preflight.httpHeaderField("Access-Control-Request-Headers")); | 28 preflight.httpHeaderField("Access-Control-Request-Headers")); |
| 39 } | 29 } |
| 40 | 30 |
| 41 TEST_F(CreateAccessControlPreflightRequestTest, ExcludeSimpleHeaders) { | 31 TEST(CreateAccessControlPreflightRequestTest, ExcludeSimpleHeaders) { |
| 42 ResourceRequest request; | 32 ResourceRequest request; |
| 43 request.addHTTPHeaderField("Accept", "everything"); | 33 request.addHTTPHeaderField("Accept", "everything"); |
| 44 request.addHTTPHeaderField("Accept-Language", "everything"); | 34 request.addHTTPHeaderField("Accept-Language", "everything"); |
| 45 request.addHTTPHeaderField("Content-Language", "everything"); | 35 request.addHTTPHeaderField("Content-Language", "everything"); |
| 46 request.addHTTPHeaderField("Save-Data", "on"); | 36 request.addHTTPHeaderField("Save-Data", "on"); |
| 47 | 37 |
| 48 ResourceRequest preflight = | 38 ResourceRequest preflight = createAccessControlPreflightRequest(request); |
| 49 createAccessControlPreflightRequest(request, m_securityOrigin.get()); | |
| 50 | 39 |
| 51 // Do not emit empty-valued headers; an empty list of non-"CORS safelisted" | 40 // Do not emit empty-valued headers; an empty list of non-"CORS safelisted" |
| 52 // request headers should cause "Access-Control-Request-Headers:" to be | 41 // request headers should cause "Access-Control-Request-Headers:" to be |
| 53 // left out in the preflight request. | 42 // left out in the preflight request. |
| 54 EXPECT_EQ(nullAtom, | 43 EXPECT_EQ(nullAtom, |
| 55 preflight.httpHeaderField("Access-Control-Request-Headers")); | 44 preflight.httpHeaderField("Access-Control-Request-Headers")); |
| 56 } | 45 } |
| 57 | 46 |
| 58 TEST_F(CreateAccessControlPreflightRequestTest, | 47 TEST(CreateAccessControlPreflightRequestTest, ExcludeSimpleContentTypeHeader) { |
| 59 ExcludeSimpleContentTypeHeader) { | |
| 60 ResourceRequest request; | 48 ResourceRequest request; |
| 61 request.addHTTPHeaderField("Content-Type", "text/plain"); | 49 request.addHTTPHeaderField("Content-Type", "text/plain"); |
| 62 | 50 |
| 63 ResourceRequest preflight = | 51 ResourceRequest preflight = createAccessControlPreflightRequest(request); |
| 64 createAccessControlPreflightRequest(request, m_securityOrigin.get()); | |
| 65 | 52 |
| 66 // Empty list also; see comment in test above. | 53 // Empty list also; see comment in test above. |
| 67 EXPECT_EQ(nullAtom, | 54 EXPECT_EQ(nullAtom, |
| 68 preflight.httpHeaderField("Access-Control-Request-Headers")); | 55 preflight.httpHeaderField("Access-Control-Request-Headers")); |
| 69 } | 56 } |
| 70 | 57 |
| 71 TEST_F(CreateAccessControlPreflightRequestTest, IncludeNonSimpleHeader) { | 58 TEST(CreateAccessControlPreflightRequestTest, IncludeNonSimpleHeader) { |
| 72 ResourceRequest request; | 59 ResourceRequest request; |
| 73 request.addHTTPHeaderField("X-Custom-Header", "foobar"); | 60 request.addHTTPHeaderField("X-Custom-Header", "foobar"); |
| 74 | 61 |
| 75 ResourceRequest preflight = | 62 ResourceRequest preflight = createAccessControlPreflightRequest(request); |
| 76 createAccessControlPreflightRequest(request, m_securityOrigin.get()); | |
| 77 | 63 |
| 78 EXPECT_EQ("x-custom-header", | 64 EXPECT_EQ("x-custom-header", |
| 79 preflight.httpHeaderField("Access-Control-Request-Headers")); | 65 preflight.httpHeaderField("Access-Control-Request-Headers")); |
| 80 } | 66 } |
| 81 | 67 |
| 82 TEST_F(CreateAccessControlPreflightRequestTest, | 68 TEST(CreateAccessControlPreflightRequestTest, |
| 83 IncludeNonSimpleContentTypeHeader) { | 69 IncludeNonSimpleContentTypeHeader) { |
| 84 ResourceRequest request; | 70 ResourceRequest request; |
| 85 request.addHTTPHeaderField("Content-Type", "application/octet-stream"); | 71 request.addHTTPHeaderField("Content-Type", "application/octet-stream"); |
| 86 | 72 |
| 87 ResourceRequest preflight = | 73 ResourceRequest preflight = createAccessControlPreflightRequest(request); |
| 88 createAccessControlPreflightRequest(request, m_securityOrigin.get()); | |
| 89 | 74 |
| 90 EXPECT_EQ("content-type", | 75 EXPECT_EQ("content-type", |
| 91 preflight.httpHeaderField("Access-Control-Request-Headers")); | 76 preflight.httpHeaderField("Access-Control-Request-Headers")); |
| 92 } | 77 } |
| 93 | 78 |
| 94 } // namespace | 79 } // namespace |
| 95 | 80 |
| 96 } // namespace blink | 81 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2635023003:
Fix a bug in origin header generation for CORS preflight in extensions (Closed)
