content/common/content_security_policy/csp_context_unittest.cc - Issue 2655463006: PlzNavigate: Enforce 'frame-src' CSP on the browser.

Unified Diff: content/common/content_security_policy/csp_context_unittest.cc

Issue 2655463006: PlzNavigate: Enforce 'frame-src' CSP on the browser. (Closed)

Patch Set: Rebase. Created 3 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« no previous file with comments | « content/common/content_security_policy/csp_context.cc ('k') | content/common/content_security_policy/csp_disposition_enum.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: content/common/content_security_policy/csp_context_unittest.cc

diff --git a/content/common/content_security_policy/csp_context_unittest.cc b/content/common/content_security_policy/csp_context_unittest.cc

index dd508e00b53a6c52befd359112f74b18152e6ca1..41bbca409532871832e6ab84c6de007cb687980d 100644

--- a/content/common/content_security_policy/csp_context_unittest.cc

+++ b/content/common/content_security_policy/csp_context_unittest.cc

@@ -45,15 +45,18 @@ ContentSecurityPolicy BuildPolicy(CSPDirective::Name directive_name,

} // namespace;

TEST(CSPContextTest, SchemeShouldBypassCSP) {

- CSPContextTest context;

CSPSource source("", "example.com", false, url::PORT_UNSPECIFIED, false, "");

- ContentSecurityPolicy policy =

- BuildPolicy(CSPDirective::DefaultSrc, {source});

- EXPECT_FALSE(context.Allow({policy}, CSPDirective::FrameSrc,

- GURL("data:text/html,<html></html>")));

+ CSPContextTest context;

+ context.AddContentSecurityPolicy(

+ BuildPolicy(CSPDirective::DefaultSrc, {source}));

+ EXPECT_FALSE(context.IsAllowedByCsp(CSPDirective::FrameSrc,

+ GURL("data:text/html,<html></html>")));

context.AddSchemeToBypassCSP("data");

- EXPECT_TRUE(context.Allow({policy}, CSPDirective::FrameSrc,

- GURL("data:text/html,<html></html>")));

+ EXPECT_TRUE(context.IsAllowedByCsp(CSPDirective::FrameSrc,

+ GURL("data:text/html,<html></html>")));

}

TEST(CSPContextTest, MultiplePolicies) {

@@ -64,21 +67,19 @@ TEST(CSPContextTest, MultiplePolicies) {

CSPSource source_b("", "b.com", false, url::PORT_UNSPECIFIED, false, "");

CSPSource source_c("", "c.com", false, url::PORT_UNSPECIFIED, false, "");

- ContentSecurityPolicy policy1 =

- BuildPolicy(CSPDirective::FrameSrc, {source_a, source_b});

- ContentSecurityPolicy policy2 =

- BuildPolicy(CSPDirective::FrameSrc, {source_a, source_c});

- std::vector<ContentSecurityPolicy> policies = {policy1, policy2};

+ context.AddContentSecurityPolicy(

+ BuildPolicy(CSPDirective::FrameSrc, {source_a, source_b}));

+ context.AddContentSecurityPolicy(

+ BuildPolicy(CSPDirective::FrameSrc, {source_a, source_c}));

EXPECT_TRUE(

- context.Allow(policies, CSPDirective::FrameSrc, GURL("http://a.com")));

+ context.IsAllowedByCsp(CSPDirective::FrameSrc, GURL("http://a.com")));

EXPECT_FALSE(

- context.Allow(policies, CSPDirective::FrameSrc, GURL("http://b.com")));

+ context.IsAllowedByCsp(CSPDirective::FrameSrc, GURL("http://b.com")));

EXPECT_FALSE(

- context.Allow(policies, CSPDirective::FrameSrc, GURL("http://c.com")));

+ context.IsAllowedByCsp(CSPDirective::FrameSrc, GURL("http://c.com")));

EXPECT_FALSE(

- context.Allow(policies, CSPDirective::FrameSrc, GURL("http://d.com")));

+ context.IsAllowedByCsp(CSPDirective::FrameSrc, GURL("http://d.com")));

}

} // namespace content