OLD | NEW |
1 // Copyright 2017 The Chromium Authors. All rights reserved. | 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/common/content_security_policy/csp_context.h" | 5 #include "content/common/content_security_policy/csp_context.h" |
6 #include "content/common/content_security_policy_header.h" | 6 #include "content/common/content_security_policy_header.h" |
7 #include "testing/gtest/include/gtest/gtest.h" | 7 #include "testing/gtest/include/gtest/gtest.h" |
8 | 8 |
9 namespace content { | 9 namespace content { |
10 | 10 |
(...skipping 27 matching lines...) Expand all Loading... |
38 blink::WebContentSecurityPolicyTypeEnforce, | 38 blink::WebContentSecurityPolicyTypeEnforce, |
39 blink::WebContentSecurityPolicySourceHTTP, | 39 blink::WebContentSecurityPolicySourceHTTP, |
40 {CSPDirective(directive_name, CSPSourceList(false, false, sources))}, | 40 {CSPDirective(directive_name, CSPSourceList(false, false, sources))}, |
41 std::vector<std::string>(), // report_end_points | 41 std::vector<std::string>(), // report_end_points |
42 std::string()); // header | 42 std::string()); // header |
43 } | 43 } |
44 | 44 |
45 } // namespace; | 45 } // namespace; |
46 | 46 |
47 TEST(CSPContextTest, SchemeShouldBypassCSP) { | 47 TEST(CSPContextTest, SchemeShouldBypassCSP) { |
| 48 CSPSource source("", "example.com", false, url::PORT_UNSPECIFIED, false, ""); |
48 CSPContextTest context; | 49 CSPContextTest context; |
49 CSPSource source("", "example.com", false, url::PORT_UNSPECIFIED, false, ""); | 50 context.AddContentSecurityPolicy( |
50 ContentSecurityPolicy policy = | 51 BuildPolicy(CSPDirective::DefaultSrc, {source})); |
51 BuildPolicy(CSPDirective::DefaultSrc, {source}); | 52 |
52 EXPECT_FALSE(context.Allow({policy}, CSPDirective::FrameSrc, | 53 EXPECT_FALSE(context.AllowContentSecurityPolicy( |
53 GURL("data:text/html,<html></html>"))); | 54 CSPDirective::FrameSrc, GURL("data:text/html,<html></html>"))); |
| 55 |
54 context.AddSchemeToBypassCSP("data"); | 56 context.AddSchemeToBypassCSP("data"); |
55 EXPECT_TRUE(context.Allow({policy}, CSPDirective::FrameSrc, | 57 |
56 GURL("data:text/html,<html></html>"))); | 58 EXPECT_TRUE(context.AllowContentSecurityPolicy( |
| 59 CSPDirective::FrameSrc, GURL("data:text/html,<html></html>"))); |
57 } | 60 } |
58 | 61 |
59 TEST(CSPContextTest, MultiplePolicies) { | 62 TEST(CSPContextTest, MultiplePolicies) { |
60 CSPContextTest context; | 63 CSPContextTest context; |
61 context.SetSelf(url::Origin(GURL("http://example.com"))); | 64 context.SetSelf(url::Origin(GURL("http://example.com"))); |
62 | 65 |
63 CSPSource source_a("", "a.com", false, url::PORT_UNSPECIFIED, false, ""); | 66 CSPSource source_a("", "a.com", false, url::PORT_UNSPECIFIED, false, ""); |
64 CSPSource source_b("", "b.com", false, url::PORT_UNSPECIFIED, false, ""); | 67 CSPSource source_b("", "b.com", false, url::PORT_UNSPECIFIED, false, ""); |
65 CSPSource source_c("", "c.com", false, url::PORT_UNSPECIFIED, false, ""); | 68 CSPSource source_c("", "c.com", false, url::PORT_UNSPECIFIED, false, ""); |
66 | 69 |
67 ContentSecurityPolicy policy1 = | 70 context.AddContentSecurityPolicy( |
68 BuildPolicy(CSPDirective::FrameSrc, {source_a, source_b}); | 71 BuildPolicy(CSPDirective::FrameSrc, {source_a, source_b})); |
69 ContentSecurityPolicy policy2 = | 72 context.AddContentSecurityPolicy( |
70 BuildPolicy(CSPDirective::FrameSrc, {source_a, source_c}); | 73 BuildPolicy(CSPDirective::FrameSrc, {source_a, source_c})); |
71 | 74 |
72 std::vector<ContentSecurityPolicy> policies = {policy1, policy2}; | 75 EXPECT_TRUE(context.AllowContentSecurityPolicy(CSPDirective::FrameSrc, |
73 | 76 GURL("http://a.com"))); |
74 EXPECT_TRUE( | 77 EXPECT_FALSE(context.AllowContentSecurityPolicy(CSPDirective::FrameSrc, |
75 context.Allow(policies, CSPDirective::FrameSrc, GURL("http://a.com"))); | 78 GURL("http://b.com"))); |
76 EXPECT_FALSE( | 79 EXPECT_FALSE(context.AllowContentSecurityPolicy(CSPDirective::FrameSrc, |
77 context.Allow(policies, CSPDirective::FrameSrc, GURL("http://b.com"))); | 80 GURL("http://c.com"))); |
78 EXPECT_FALSE( | 81 EXPECT_FALSE(context.AllowContentSecurityPolicy(CSPDirective::FrameSrc, |
79 context.Allow(policies, CSPDirective::FrameSrc, GURL("http://c.com"))); | 82 GURL("http://d.com"))); |
80 EXPECT_FALSE( | |
81 context.Allow(policies, CSPDirective::FrameSrc, GURL("http://d.com"))); | |
82 } | 83 } |
83 | 84 |
84 } // namespace content | 85 } // namespace content |
OLD | NEW |