OLD | NEW |
(Empty) | |
| 1 // Copyright 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "content/common/feature_policy/feature_policy.h" |
| 6 |
| 7 #include "testing/gtest/include/gtest/gtest.h" |
| 8 #include "url/gurl.h" |
| 9 |
| 10 namespace content { |
| 11 |
| 12 namespace { |
| 13 |
| 14 // This is an example of a feature which should be enabled by default in all |
| 15 // frames. |
| 16 const FeaturePolicy::Feature kDefaultOnFeatureDfn{ |
| 17 "default-on", FeaturePolicy::FeatureDefault::EnableForAll}; |
| 18 |
| 19 // This is an example of a feature which should be enabled in top-level frames, |
| 20 // and same-origin child-frames, but must be delegated to all cross-origin |
| 21 // frames explicitly. |
| 22 const FeaturePolicy::Feature kDefaultSelfFeatureDfn{ |
| 23 "default-self", FeaturePolicy::FeatureDefault::EnableForSelf}; |
| 24 |
| 25 // This is an example of a feature which should be disabled by default, both in |
| 26 // top-level and nested frames. |
| 27 const FeaturePolicy::Feature kDefaultOffFeatureDfn{ |
| 28 "default-off", FeaturePolicy::FeatureDefault::DisableForAll}; |
| 29 |
| 30 // Define the three new features for testing |
| 31 blink::WebFeaturePolicyFeature kDefaultOnFeature = |
| 32 static_cast<blink::WebFeaturePolicyFeature>( |
| 33 static_cast<int>(blink::WebFeaturePolicyFeature::LAST_FEATURE) + 1); |
| 34 |
| 35 blink::WebFeaturePolicyFeature kDefaultSelfFeature = |
| 36 static_cast<blink::WebFeaturePolicyFeature>( |
| 37 static_cast<int>(blink::WebFeaturePolicyFeature::LAST_FEATURE) + 2); |
| 38 |
| 39 blink::WebFeaturePolicyFeature kDefaultOffFeature = |
| 40 static_cast<blink::WebFeaturePolicyFeature>( |
| 41 static_cast<int>(blink::WebFeaturePolicyFeature::LAST_FEATURE) + 3); |
| 42 |
| 43 } // namespace |
| 44 |
| 45 class FeaturePolicyTest : public ::testing::Test { |
| 46 protected: |
| 47 FeaturePolicyTest() |
| 48 : featureList_({{kDefaultOnFeature, &kDefaultOnFeatureDfn}, |
| 49 {kDefaultSelfFeature, &kDefaultSelfFeatureDfn}, |
| 50 {kDefaultOffFeature, &kDefaultOffFeatureDfn}}) {} |
| 51 |
| 52 ~FeaturePolicyTest() override {} |
| 53 |
| 54 std::unique_ptr<FeaturePolicy> CreateFromParentPolicy( |
| 55 const FeaturePolicy* parent, |
| 56 const url::Origin& origin) { |
| 57 return FeaturePolicy::CreateFromParentPolicy(parent, origin, featureList_); |
| 58 } |
| 59 |
| 60 url::Origin originA_ = url::Origin(GURL("https://example.com/")); |
| 61 url::Origin originB_ = url::Origin(GURL("https://example.net/")); |
| 62 url::Origin originC_ = url::Origin(GURL("https://example.org/")); |
| 63 |
| 64 private: |
| 65 // Contains the list of controlled features, so that we are guaranteed to |
| 66 // have at least one of each kind of default behaviour represented. |
| 67 FeaturePolicy::FeatureList featureList_; |
| 68 }; |
| 69 |
| 70 TEST_F(FeaturePolicyTest, TestInitialPolicy) { |
| 71 // +-------------+ |
| 72 // |(1)Origin A | |
| 73 // |No Policy | |
| 74 // +-------------+ |
| 75 // Default-on and top-level-only features should be enabled in top-level |
| 76 // frame. Default-off features should be disabled. |
| 77 std::unique_ptr<FeaturePolicy> policy1 = |
| 78 CreateFromParentPolicy(nullptr, originA_); |
| 79 EXPECT_TRUE(policy1->IsFeatureEnabled(kDefaultOnFeature)); |
| 80 EXPECT_TRUE(policy1->IsFeatureEnabled(kDefaultSelfFeature)); |
| 81 EXPECT_FALSE(policy1->IsFeatureEnabled(kDefaultOffFeature)); |
| 82 } |
| 83 |
| 84 TEST_F(FeaturePolicyTest, TestInitialSameOriginChildPolicy) { |
| 85 // +-----------------+ |
| 86 // |(1)Origin A | |
| 87 // |No Policy | |
| 88 // | +-------------+ | |
| 89 // | |(2)Origin A | | |
| 90 // | |No Policy | | |
| 91 // | +-------------+ | |
| 92 // +-----------------+ |
| 93 // Default-on and Default-self features should be enabled in a same-origin |
| 94 // child frame. Default-off features should be disabled. |
| 95 std::unique_ptr<FeaturePolicy> policy1 = |
| 96 CreateFromParentPolicy(nullptr, originA_); |
| 97 std::unique_ptr<FeaturePolicy> policy2 = |
| 98 CreateFromParentPolicy(policy1.get(), originA_); |
| 99 EXPECT_TRUE(policy2->IsFeatureEnabled(kDefaultOnFeature)); |
| 100 EXPECT_TRUE(policy2->IsFeatureEnabled(kDefaultSelfFeature)); |
| 101 EXPECT_FALSE(policy2->IsFeatureEnabled(kDefaultOffFeature)); |
| 102 } |
| 103 |
| 104 TEST_F(FeaturePolicyTest, TestInitialCrossOriginChildPolicy) { |
| 105 // +-----------------+ |
| 106 // |(1)Origin A | |
| 107 // |No Policy | |
| 108 // | +-------------+ | |
| 109 // | |(2)Origin B | | |
| 110 // | |No Policy | | |
| 111 // | +-------------+ | |
| 112 // +-----------------+ |
| 113 // Default-on features should be enabled in child frame. Default-self and |
| 114 // Default-off features should be disabled. |
| 115 std::unique_ptr<FeaturePolicy> policy1 = |
| 116 CreateFromParentPolicy(nullptr, originA_); |
| 117 std::unique_ptr<FeaturePolicy> policy2 = |
| 118 CreateFromParentPolicy(policy1.get(), originB_); |
| 119 EXPECT_TRUE(policy2->IsFeatureEnabled(kDefaultOnFeature)); |
| 120 EXPECT_FALSE(policy2->IsFeatureEnabled(kDefaultSelfFeature)); |
| 121 EXPECT_FALSE(policy2->IsFeatureEnabled(kDefaultOffFeature)); |
| 122 } |
| 123 |
| 124 TEST_F(FeaturePolicyTest, TestCrossOriginChildCannotEnableFeature) { |
| 125 // +---------------------------------------+ |
| 126 // |(1) Origin A | |
| 127 // |No Policy | |
| 128 // | +-----------------------------------+ | |
| 129 // | |(2) Origin B | | |
| 130 // | |Policy: {"default-self": ["self"]} | | |
| 131 // | +-----------------------------------+ | |
| 132 // +---------------------------------------+ |
| 133 // Default-self feature should be disabled in cross origin frame, even if no |
| 134 // policy was specified in the parent frame. |
| 135 std::unique_ptr<FeaturePolicy> policy1 = |
| 136 CreateFromParentPolicy(nullptr, originA_); |
| 137 std::unique_ptr<FeaturePolicy> policy2 = |
| 138 CreateFromParentPolicy(policy1.get(), originB_); |
| 139 policy2->SetHeaderPolicy({{{"default-self", false, {originB_}}}}); |
| 140 EXPECT_FALSE(policy2->IsFeatureEnabled(kDefaultSelfFeature)); |
| 141 } |
| 142 |
| 143 TEST_F(FeaturePolicyTest, TestFrameSelfInheritance) { |
| 144 // +------------------------------------------+ |
| 145 // |(1) Origin A | |
| 146 // |Policy: {"default-self": ["self"]} | |
| 147 // | +-----------------+ +-----------------+ | |
| 148 // | |(2) Origin A | |(4) Origin B | | |
| 149 // | |No Policy | |No Policy | | |
| 150 // | | +-------------+ | | +-------------+ | | |
| 151 // | | |(3)Origin A | | | |(5)Origin B | | | |
| 152 // | | |No Policy | | | |No Policy | | | |
| 153 // | | +-------------+ | | +-------------+ | | |
| 154 // | +-----------------+ +-----------------+ | |
| 155 // +------------------------------------------+ |
| 156 // Feature should be enabled at the top-level, and through the chain of |
| 157 // same-origin frames 2 and 3. It should be disabled in frames 4 and 5, as |
| 158 // they are at a different origin. |
| 159 std::unique_ptr<FeaturePolicy> policy1 = |
| 160 CreateFromParentPolicy(nullptr, originA_); |
| 161 policy1->SetHeaderPolicy({{{"default-self", false, {originA_}}}}); |
| 162 std::unique_ptr<FeaturePolicy> policy2 = |
| 163 CreateFromParentPolicy(policy1.get(), originA_); |
| 164 std::unique_ptr<FeaturePolicy> policy3 = |
| 165 CreateFromParentPolicy(policy2.get(), originA_); |
| 166 std::unique_ptr<FeaturePolicy> policy4 = |
| 167 CreateFromParentPolicy(policy1.get(), originB_); |
| 168 std::unique_ptr<FeaturePolicy> policy5 = |
| 169 CreateFromParentPolicy(policy4.get(), originB_); |
| 170 EXPECT_TRUE(policy2->IsFeatureEnabled(kDefaultSelfFeature)); |
| 171 EXPECT_TRUE(policy3->IsFeatureEnabled(kDefaultSelfFeature)); |
| 172 EXPECT_FALSE(policy4->IsFeatureEnabled(kDefaultSelfFeature)); |
| 173 EXPECT_FALSE(policy5->IsFeatureEnabled(kDefaultSelfFeature)); |
| 174 } |
| 175 |
| 176 TEST_F(FeaturePolicyTest, TestReflexiveFrameSelfInheritance) { |
| 177 // +-----------------------------------+ |
| 178 // |(1) Origin A | |
| 179 // |Policy: {"default-self": ["self"]} | |
| 180 // | +-----------------+ | |
| 181 // | |(2) Origin B | | |
| 182 // | |No Policy | | |
| 183 // | | +-------------+ | | |
| 184 // | | |(3)Origin A | | | |
| 185 // | | |No Policy | | | |
| 186 // | | +-------------+ | | |
| 187 // | +-----------------+ | |
| 188 // +-----------------------------------+ |
| 189 // Feature which is enabled at top-level should be disabled in frame 3, as |
| 190 // it is embedded by frame 2, for which the feature is not enabled. |
| 191 std::unique_ptr<FeaturePolicy> policy1 = |
| 192 CreateFromParentPolicy(nullptr, originA_); |
| 193 policy1->SetHeaderPolicy({{{"default-self", false, {originA_}}}}); |
| 194 std::unique_ptr<FeaturePolicy> policy2 = |
| 195 CreateFromParentPolicy(policy1.get(), originB_); |
| 196 std::unique_ptr<FeaturePolicy> policy3 = |
| 197 CreateFromParentPolicy(policy2.get(), originA_); |
| 198 EXPECT_FALSE(policy2->IsFeatureEnabled(kDefaultSelfFeature)); |
| 199 EXPECT_FALSE(policy3->IsFeatureEnabled(kDefaultSelfFeature)); |
| 200 } |
| 201 |
| 202 TEST_F(FeaturePolicyTest, TestSelectiveFrameInheritance) { |
| 203 // +------------------------------------------+ |
| 204 // |(1) Origin A | |
| 205 // |Policy: {"default-self": ["Origin B"]} | |
| 206 // | +-----------------+ +-----------------+ | |
| 207 // | |(2) Origin B | |(3) Origin C | | |
| 208 // | |No Policy | |No Policy | | |
| 209 // | | | | +-------------+ | | |
| 210 // | | | | |(4)Origin B | | | |
| 211 // | | | | |No Policy | | | |
| 212 // | | | | +-------------+ | | |
| 213 // | +-----------------+ +-----------------+ | |
| 214 // +------------------------------------------+ |
| 215 // Feature should be enabled in second level Origin B frame, but disabled in |
| 216 // Frame 4, because it is embedded by frame 3, where the feature is not |
| 217 // enabled. |
| 218 std::unique_ptr<FeaturePolicy> policy1 = |
| 219 CreateFromParentPolicy(nullptr, originA_); |
| 220 policy1->SetHeaderPolicy({{{"default-self", false, {originB_}}}}); |
| 221 std::unique_ptr<FeaturePolicy> policy2 = |
| 222 CreateFromParentPolicy(policy1.get(), originB_); |
| 223 std::unique_ptr<FeaturePolicy> policy3 = |
| 224 CreateFromParentPolicy(policy1.get(), originC_); |
| 225 std::unique_ptr<FeaturePolicy> policy4 = |
| 226 CreateFromParentPolicy(policy3.get(), originB_); |
| 227 EXPECT_TRUE(policy2->IsFeatureEnabled(kDefaultSelfFeature)); |
| 228 EXPECT_FALSE(policy3->IsFeatureEnabled(kDefaultSelfFeature)); |
| 229 EXPECT_FALSE(policy4->IsFeatureEnabled(kDefaultSelfFeature)); |
| 230 } |
| 231 |
| 232 TEST_F(FeaturePolicyTest, TestPolicyCanBlockSelf) { |
| 233 // +----------------------------+ |
| 234 // |(1)Origin A | |
| 235 // |Policy: {"default-on": []} | |
| 236 // +----------------------------+ |
| 237 // Default-on feature should be disabled in top-level frame. |
| 238 std::unique_ptr<FeaturePolicy> policy1 = |
| 239 CreateFromParentPolicy(nullptr, originA_); |
| 240 policy1->SetHeaderPolicy( |
| 241 {{{"default-on", false, std::vector<url::Origin>()}}}); |
| 242 EXPECT_FALSE(policy1->IsFeatureEnabled(kDefaultOnFeature)); |
| 243 } |
| 244 |
| 245 TEST_F(FeaturePolicyTest, TestParentPolicyBlocksSameOriginChildPolicy) { |
| 246 // +----------------------------+ |
| 247 // |(1)Origin A | |
| 248 // |Policy: {"default-on": []} | |
| 249 // | +-------------+ | |
| 250 // | |(2)Origin A | | |
| 251 // | |No Policy | | |
| 252 // | +-------------+ | |
| 253 // +----------------------------+ |
| 254 // Feature should be disabled in child frame. |
| 255 std::unique_ptr<FeaturePolicy> policy1 = |
| 256 CreateFromParentPolicy(nullptr, originA_); |
| 257 policy1->SetHeaderPolicy( |
| 258 {{{"default-on", false, std::vector<url::Origin>()}}}); |
| 259 std::unique_ptr<FeaturePolicy> policy2 = |
| 260 CreateFromParentPolicy(policy1.get(), originA_); |
| 261 EXPECT_FALSE(policy2->IsFeatureEnabled(kDefaultOnFeature)); |
| 262 } |
| 263 |
| 264 TEST_F(FeaturePolicyTest, TestChildPolicyCanBlockSelf) { |
| 265 // +--------------------------------+ |
| 266 // |(1)Origin A | |
| 267 // |No Policy | |
| 268 // | +----------------------------+ | |
| 269 // | |(2)Origin B | | |
| 270 // | |Policy: {"default-on": []} | | |
| 271 // | +----------------------------+ | |
| 272 // +--------------------------------+ |
| 273 // Default-on feature should be disabled by cross-origin child frame. |
| 274 std::unique_ptr<FeaturePolicy> policy1 = |
| 275 CreateFromParentPolicy(nullptr, originA_); |
| 276 std::unique_ptr<FeaturePolicy> policy2 = |
| 277 CreateFromParentPolicy(policy1.get(), originB_); |
| 278 policy2->SetHeaderPolicy( |
| 279 {{{"default-on", false, std::vector<url::Origin>()}}}); |
| 280 EXPECT_FALSE(policy2->IsFeatureEnabled(kDefaultOnFeature)); |
| 281 } |
| 282 |
| 283 TEST_F(FeaturePolicyTest, TestChildPolicyCanBlockChildren) { |
| 284 // +--------------------------------------+ |
| 285 // |(1)Origin A | |
| 286 // |No Policy | |
| 287 // | +----------------------------------+ | |
| 288 // | |(2)Origin B | | |
| 289 // | |Policy: {"default-on": ["self"]} | | |
| 290 // | | +-------------+ | | |
| 291 // | | |(3)Origin C | | | |
| 292 // | | |No Policy | | | |
| 293 // | | +-------------+ | | |
| 294 // | +----------------------------------+ | |
| 295 // +--------------------------------------+ |
| 296 // Default-on feature should be enabled in frames 1 and 2; disabled in frame |
| 297 // 3 by child frame policy. |
| 298 std::unique_ptr<FeaturePolicy> policy1 = |
| 299 CreateFromParentPolicy(nullptr, originA_); |
| 300 std::unique_ptr<FeaturePolicy> policy2 = |
| 301 CreateFromParentPolicy(policy1.get(), originB_); |
| 302 policy2->SetHeaderPolicy({{{"default-on", false, {originB_}}}}); |
| 303 std::unique_ptr<FeaturePolicy> policy3 = |
| 304 CreateFromParentPolicy(policy2.get(), originC_); |
| 305 EXPECT_TRUE(policy2->IsFeatureEnabled(kDefaultOnFeature)); |
| 306 EXPECT_FALSE(policy3->IsFeatureEnabled(kDefaultOnFeature)); |
| 307 } |
| 308 |
| 309 TEST_F(FeaturePolicyTest, TestParentPolicyBlocksCrossOriginChildPolicy) { |
| 310 // +----------------------------+ |
| 311 // |(1)Origin A | |
| 312 // |Policy: {"default-on": []} | |
| 313 // | +-------------+ | |
| 314 // | |(2)Origin B | | |
| 315 // | |No Policy | | |
| 316 // | +-------------+ | |
| 317 // +----------------------------+ |
| 318 // Default-on feature should be disabled in cross-origin child frame. |
| 319 std::unique_ptr<FeaturePolicy> policy1 = |
| 320 CreateFromParentPolicy(nullptr, originA_); |
| 321 policy1->SetHeaderPolicy( |
| 322 {{{"default-on", false, std::vector<url::Origin>()}}}); |
| 323 std::unique_ptr<FeaturePolicy> policy2 = |
| 324 CreateFromParentPolicy(policy1.get(), originB_); |
| 325 EXPECT_FALSE(policy2->IsFeatureEnabled(kDefaultOnFeature)); |
| 326 } |
| 327 |
| 328 TEST_F(FeaturePolicyTest, TestEnableForAllOrigins) { |
| 329 // +--------------------------------+ |
| 330 // |(1) Origin A | |
| 331 // |Policy: {"default-self": ["*"]} | |
| 332 // | +-----------------+ | |
| 333 // | |(2) Origin B | | |
| 334 // | |No Policy | | |
| 335 // | | +-------------+ | | |
| 336 // | | |(3)Origin A | | | |
| 337 // | | |No Policy | | | |
| 338 // | | +-------------+ | | |
| 339 // | +-----------------+ | |
| 340 // +--------------------------------+ |
| 341 // Feature should be enabled in top and second level; disabled in frame 3. |
| 342 std::unique_ptr<FeaturePolicy> policy1 = |
| 343 CreateFromParentPolicy(nullptr, originA_); |
| 344 policy1->SetHeaderPolicy( |
| 345 {{{"default-self", true, std::vector<url::Origin>()}}}); |
| 346 std::unique_ptr<FeaturePolicy> policy2 = |
| 347 CreateFromParentPolicy(policy1.get(), originB_); |
| 348 std::unique_ptr<FeaturePolicy> policy3 = |
| 349 CreateFromParentPolicy(policy2.get(), originA_); |
| 350 EXPECT_TRUE(policy1->IsFeatureEnabled(kDefaultSelfFeature)); |
| 351 EXPECT_TRUE(policy2->IsFeatureEnabled(kDefaultSelfFeature)); |
| 352 EXPECT_FALSE(policy3->IsFeatureEnabled(kDefaultSelfFeature)); |
| 353 } |
| 354 |
| 355 TEST_F(FeaturePolicyTest, TestDefaultOnEnablesForAllAncestors) { |
| 356 // +---------------------------------------+ |
| 357 // |(1) Origin A | |
| 358 // |Policy: {"default-on": ["Origin B"]} | |
| 359 // | +-----------------------------------+ | |
| 360 // | |(2) Origin B | | |
| 361 // | |No Policy | | |
| 362 // | | +-------------+ +-------------+ | | |
| 363 // | | |(3)Origin B | |(4)Origin C | | | |
| 364 // | | |No Policy | |No Policy | | | |
| 365 // | | +-------------+ +-------------+ | | |
| 366 // | +-----------------------------------+ | |
| 367 // +---------------------------------------+ |
| 368 // Feature should be disabled in frame 1; enabled in frames 2, 3 and 4. |
| 369 std::unique_ptr<FeaturePolicy> policy1 = |
| 370 CreateFromParentPolicy(nullptr, originA_); |
| 371 policy1->SetHeaderPolicy({{{"default-on", false, {originB_}}}}); |
| 372 std::unique_ptr<FeaturePolicy> policy2 = |
| 373 CreateFromParentPolicy(policy1.get(), originB_); |
| 374 std::unique_ptr<FeaturePolicy> policy3 = |
| 375 CreateFromParentPolicy(policy2.get(), originB_); |
| 376 std::unique_ptr<FeaturePolicy> policy4 = |
| 377 CreateFromParentPolicy(policy2.get(), originC_); |
| 378 EXPECT_FALSE(policy1->IsFeatureEnabled(kDefaultOnFeature)); |
| 379 EXPECT_TRUE(policy2->IsFeatureEnabled(kDefaultOnFeature)); |
| 380 EXPECT_TRUE(policy3->IsFeatureEnabled(kDefaultOnFeature)); |
| 381 EXPECT_TRUE(policy4->IsFeatureEnabled(kDefaultOnFeature)); |
| 382 } |
| 383 |
| 384 TEST_F(FeaturePolicyTest, TestDefaultSelfRespectsSameOriginEmbedding) { |
| 385 // +---------------------------------------+ |
| 386 // |(1) Origin A | |
| 387 // |Policy: {"default-self": ["Origin B"]} | |
| 388 // | +-----------------------------------+ | |
| 389 // | |(2) Origin B | | |
| 390 // | |No Policy | | |
| 391 // | | +-------------+ +-------------+ | | |
| 392 // | | |(3)Origin B | |(4)Origin C | | | |
| 393 // | | |No Policy | |No Policy | | | |
| 394 // | | +-------------+ +-------------+ | | |
| 395 // | +-----------------------------------+ | |
| 396 // +---------------------------------------+ |
| 397 // Feature should be disabled in frames 1 and 4; enabled in frames 2 and 3. |
| 398 std::unique_ptr<FeaturePolicy> policy1 = |
| 399 CreateFromParentPolicy(nullptr, originA_); |
| 400 policy1->SetHeaderPolicy({{{"default-self", false, {originB_}}}}); |
| 401 std::unique_ptr<FeaturePolicy> policy2 = |
| 402 CreateFromParentPolicy(policy1.get(), originB_); |
| 403 std::unique_ptr<FeaturePolicy> policy3 = |
| 404 CreateFromParentPolicy(policy2.get(), originB_); |
| 405 std::unique_ptr<FeaturePolicy> policy4 = |
| 406 CreateFromParentPolicy(policy2.get(), originC_); |
| 407 EXPECT_FALSE(policy1->IsFeatureEnabled(kDefaultSelfFeature)); |
| 408 EXPECT_TRUE(policy2->IsFeatureEnabled(kDefaultSelfFeature)); |
| 409 EXPECT_TRUE(policy3->IsFeatureEnabled(kDefaultSelfFeature)); |
| 410 EXPECT_FALSE(policy4->IsFeatureEnabled(kDefaultSelfFeature)); |
| 411 } |
| 412 |
| 413 TEST_F(FeaturePolicyTest, TestDefaultOffMustBeDelegatedToAllCrossOriginFrames) { |
| 414 // +------------------------------------------------------------+ |
| 415 // |(1) Origin A | |
| 416 // |Policy: {"default-off": ["Origin B"]} | |
| 417 // | +--------------------------------------------------------+ | |
| 418 // | |(2) Origin B | | |
| 419 // | |Policy: {"default-off": ["self"]} | | |
| 420 // | | +-------------+ +----------------------------------+ | | |
| 421 // | | |(3)Origin B | |(4)Origin C | | | |
| 422 // | | |No Policy | |Policy: {"default-off": ["self"]} | | | |
| 423 // | | +-------------+ +----------------------------------+ | | |
| 424 // | +--------------------------------------------------------+ | |
| 425 // +------------------------------------------------------------+ |
| 426 // Feature should be disabled in frames 1, 3 and 4; enabled in frame 2 only. |
| 427 std::unique_ptr<FeaturePolicy> policy1 = |
| 428 CreateFromParentPolicy(nullptr, originA_); |
| 429 policy1->SetHeaderPolicy({{{"default-off", false, {originB_}}}}); |
| 430 std::unique_ptr<FeaturePolicy> policy2 = |
| 431 CreateFromParentPolicy(policy1.get(), originB_); |
| 432 policy2->SetHeaderPolicy({{{"default-off", false, {originB_}}}}); |
| 433 std::unique_ptr<FeaturePolicy> policy3 = |
| 434 CreateFromParentPolicy(policy2.get(), originB_); |
| 435 std::unique_ptr<FeaturePolicy> policy4 = |
| 436 CreateFromParentPolicy(policy2.get(), originC_); |
| 437 policy4->SetHeaderPolicy({{{"default-off", false, {originC_}}}}); |
| 438 EXPECT_FALSE(policy1->IsFeatureEnabled(kDefaultOffFeature)); |
| 439 EXPECT_TRUE(policy2->IsFeatureEnabled(kDefaultOffFeature)); |
| 440 EXPECT_FALSE(policy3->IsFeatureEnabled(kDefaultOffFeature)); |
| 441 EXPECT_FALSE(policy4->IsFeatureEnabled(kDefaultOffFeature)); |
| 442 } |
| 443 |
| 444 TEST_F(FeaturePolicyTest, TestReenableForAllOrigins) { |
| 445 // +------------------------------------+ |
| 446 // |(1) Origin A | |
| 447 // |Policy: {"default-self": ["*"]} | |
| 448 // | +--------------------------------+ | |
| 449 // | |(2) Origin B | | |
| 450 // | |Policy: {"default-self": ["*"]} | | |
| 451 // | | +-------------+ | | |
| 452 // | | |(3)Origin A | | | |
| 453 // | | |No Policy | | | |
| 454 // | | +-------------+ | | |
| 455 // | +--------------------------------+ | |
| 456 // +------------------------------------+ |
| 457 // Feature should be enabled in all frames. |
| 458 std::unique_ptr<FeaturePolicy> policy1 = |
| 459 CreateFromParentPolicy(nullptr, originA_); |
| 460 policy1->SetHeaderPolicy( |
| 461 {{{"default-self", true, std::vector<url::Origin>()}}}); |
| 462 std::unique_ptr<FeaturePolicy> policy2 = |
| 463 CreateFromParentPolicy(policy1.get(), originB_); |
| 464 policy2->SetHeaderPolicy( |
| 465 {{{"default-self", true, std::vector<url::Origin>()}}}); |
| 466 std::unique_ptr<FeaturePolicy> policy3 = |
| 467 CreateFromParentPolicy(policy2.get(), originA_); |
| 468 EXPECT_TRUE(policy1->IsFeatureEnabled(kDefaultSelfFeature)); |
| 469 EXPECT_TRUE(policy2->IsFeatureEnabled(kDefaultSelfFeature)); |
| 470 EXPECT_TRUE(policy3->IsFeatureEnabled(kDefaultSelfFeature)); |
| 471 } |
| 472 |
| 473 TEST_F(FeaturePolicyTest, TestBlockedFrameCannotReenable) { |
| 474 // +--------------------------------------+ |
| 475 // |(1)Origin A | |
| 476 // |Policy: {"default-self": ["self"]} | |
| 477 // | +----------------------------------+ | |
| 478 // | |(2)Origin B | | |
| 479 // | |Policy: {"default-self": ["*"]} | | |
| 480 // | | +-------------+ +-------------+ | | |
| 481 // | | |(3)Origin A | |(4)Origin C | | | |
| 482 // | | |No Policy | |No Policy | | | |
| 483 // | | +-------------+ +-------------+ | | |
| 484 // | +----------------------------------+ | |
| 485 // +--------------------------------------+ |
| 486 // Feature should be enabled at the top level; disabled in all other frames. |
| 487 std::unique_ptr<FeaturePolicy> policy1 = |
| 488 CreateFromParentPolicy(nullptr, originA_); |
| 489 policy1->SetHeaderPolicy({{{"default-self", false, {originA_}}}}); |
| 490 std::unique_ptr<FeaturePolicy> policy2 = |
| 491 CreateFromParentPolicy(policy1.get(), originB_); |
| 492 policy2->SetHeaderPolicy( |
| 493 {{{"default-self", true, std::vector<url::Origin>()}}}); |
| 494 std::unique_ptr<FeaturePolicy> policy3 = |
| 495 CreateFromParentPolicy(policy2.get(), originA_); |
| 496 std::unique_ptr<FeaturePolicy> policy4 = |
| 497 CreateFromParentPolicy(policy2.get(), originC_); |
| 498 EXPECT_TRUE(policy1->IsFeatureEnabled(kDefaultSelfFeature)); |
| 499 EXPECT_FALSE(policy2->IsFeatureEnabled(kDefaultSelfFeature)); |
| 500 EXPECT_FALSE(policy3->IsFeatureEnabled(kDefaultSelfFeature)); |
| 501 EXPECT_FALSE(policy4->IsFeatureEnabled(kDefaultSelfFeature)); |
| 502 } |
| 503 |
| 504 TEST_F(FeaturePolicyTest, TestEnabledFrameCanDelegate) { |
| 505 // +---------------------------------------------------+ |
| 506 // |(1) Origin A | |
| 507 // |Policy: {"default-self": ["self", "Origin B"]} | |
| 508 // | +-----------------------------------------------+ | |
| 509 // | |(2) Origin B | | |
| 510 // | |Policy: {"default-self": ["self", "Origin C"]} | | |
| 511 // | | +-------------+ | | |
| 512 // | | |(3)Origin C | | | |
| 513 // | | |No Policy | | | |
| 514 // | | +-------------+ | | |
| 515 // | +-----------------------------------------------+ | |
| 516 // +---------------------------------------------------+ |
| 517 // Feature should be enabled in all frames. |
| 518 std::unique_ptr<FeaturePolicy> policy1 = |
| 519 CreateFromParentPolicy(nullptr, originA_); |
| 520 policy1->SetHeaderPolicy({{{"default-self", false, {originA_, originB_}}}}); |
| 521 std::unique_ptr<FeaturePolicy> policy2 = |
| 522 CreateFromParentPolicy(policy1.get(), originB_); |
| 523 policy2->SetHeaderPolicy({{{"default-self", false, {originB_, originC_}}}}); |
| 524 std::unique_ptr<FeaturePolicy> policy3 = |
| 525 CreateFromParentPolicy(policy2.get(), originC_); |
| 526 EXPECT_TRUE(policy1->IsFeatureEnabled(kDefaultSelfFeature)); |
| 527 EXPECT_TRUE(policy2->IsFeatureEnabled(kDefaultSelfFeature)); |
| 528 EXPECT_TRUE(policy3->IsFeatureEnabled(kDefaultSelfFeature)); |
| 529 } |
| 530 |
| 531 TEST_F(FeaturePolicyTest, TestEnabledFrameCanDelegateByDefault) { |
| 532 // +-----------------------------------------------+ |
| 533 // |(1) Origin A | |
| 534 // |Policy: {"default-on": ["self", "Origin B"]} | |
| 535 // | +--------------------+ +--------------------+ | |
| 536 // | |(2) Origin B | | (4) Origin C | | |
| 537 // | |No Policy | | No Policy | | |
| 538 // | | +-------------+ | | | | |
| 539 // | | |(3)Origin C | | | | | |
| 540 // | | |No Policy | | | | | |
| 541 // | | +-------------+ | | | | |
| 542 // | +--------------------+ +--------------------+ | |
| 543 // +-----------------------------------------------+ |
| 544 // Feature should be enabled in frames 1, 2, and 3, and disabled in frame 4. |
| 545 std::unique_ptr<FeaturePolicy> policy1 = |
| 546 CreateFromParentPolicy(nullptr, originA_); |
| 547 policy1->SetHeaderPolicy({{{"default-on", false, {originA_, originB_}}}}); |
| 548 std::unique_ptr<FeaturePolicy> policy2 = |
| 549 CreateFromParentPolicy(policy1.get(), originB_); |
| 550 std::unique_ptr<FeaturePolicy> policy3 = |
| 551 CreateFromParentPolicy(policy2.get(), originC_); |
| 552 std::unique_ptr<FeaturePolicy> policy4 = |
| 553 CreateFromParentPolicy(policy1.get(), originC_); |
| 554 EXPECT_TRUE(policy1->IsFeatureEnabled(kDefaultOnFeature)); |
| 555 EXPECT_TRUE(policy2->IsFeatureEnabled(kDefaultOnFeature)); |
| 556 EXPECT_TRUE(policy3->IsFeatureEnabled(kDefaultOnFeature)); |
| 557 EXPECT_FALSE(policy4->IsFeatureEnabled(kDefaultOnFeature)); |
| 558 } |
| 559 |
| 560 TEST_F(FeaturePolicyTest, TestNonNestedFeaturesDontDelegateByDefault) { |
| 561 // +-----------------------------------------------+ |
| 562 // |(1) Origin A | |
| 563 // |Policy: {"default-self": ["self", "Origin B"]} | |
| 564 // | +--------------------+ +--------------------+ | |
| 565 // | |(2) Origin B | | (4) Origin C | | |
| 566 // | |No Policy | | No Policy | | |
| 567 // | | +-------------+ | | | | |
| 568 // | | |(3)Origin C | | | | | |
| 569 // | | |No Policy | | | | | |
| 570 // | | +-------------+ | | | | |
| 571 // | +--------------------+ +--------------------+ | |
| 572 // +-----------------------------------------------+ |
| 573 // Feature should be enabled in frames 1 and 2, and disabled in frames 3 and |
| 574 // 4. |
| 575 std::unique_ptr<FeaturePolicy> policy1 = |
| 576 CreateFromParentPolicy(nullptr, originA_); |
| 577 policy1->SetHeaderPolicy({{{"default-self", false, {originA_, originB_}}}}); |
| 578 std::unique_ptr<FeaturePolicy> policy2 = |
| 579 CreateFromParentPolicy(policy1.get(), originB_); |
| 580 std::unique_ptr<FeaturePolicy> policy3 = |
| 581 CreateFromParentPolicy(policy2.get(), originC_); |
| 582 std::unique_ptr<FeaturePolicy> policy4 = |
| 583 CreateFromParentPolicy(policy1.get(), originC_); |
| 584 EXPECT_TRUE(policy1->IsFeatureEnabled(kDefaultSelfFeature)); |
| 585 EXPECT_TRUE(policy2->IsFeatureEnabled(kDefaultSelfFeature)); |
| 586 EXPECT_FALSE(policy3->IsFeatureEnabled(kDefaultSelfFeature)); |
| 587 EXPECT_FALSE(policy4->IsFeatureEnabled(kDefaultSelfFeature)); |
| 588 } |
| 589 |
| 590 TEST_F(FeaturePolicyTest, TestFeaturesAreIndependent) { |
| 591 // +-----------------------------------------------+ |
| 592 // |(1) Origin A | |
| 593 // |Policy: {"default-self": ["self", "Origin B"], | |
| 594 // | "default-on": ["self"]} | |
| 595 // | +-------------------------------------------+ | |
| 596 // | |(2) Origin B | | |
| 597 // | |Policy: {"default-self": ["*"], | | |
| 598 // | | "default-on": ["*"]} | | |
| 599 // | | +-------------+ | | |
| 600 // | | |(3)Origin C | | | |
| 601 // | | |No Policy | | | |
| 602 // | | +-------------+ | | |
| 603 // | +-------------------------------------------+ | |
| 604 // +-----------------------------------------------+ |
| 605 // Default-self feature should be enabled in all frames; Default-on feature |
| 606 // should be enabled in frame 1, and disabled in frames 2 and 3. |
| 607 std::unique_ptr<FeaturePolicy> policy1 = |
| 608 CreateFromParentPolicy(nullptr, originA_); |
| 609 policy1->SetHeaderPolicy({{{"default-self", false, {originA_, originB_}}, |
| 610 {"default-on", false, {originA_}}}}); |
| 611 std::unique_ptr<FeaturePolicy> policy2 = |
| 612 CreateFromParentPolicy(policy1.get(), originB_); |
| 613 policy2->SetHeaderPolicy( |
| 614 {{{"default-self", true, std::vector<url::Origin>()}, |
| 615 {"default-on", true, std::vector<url::Origin>()}}}); |
| 616 std::unique_ptr<FeaturePolicy> policy3 = |
| 617 CreateFromParentPolicy(policy2.get(), originC_); |
| 618 EXPECT_TRUE(policy1->IsFeatureEnabled(kDefaultSelfFeature)); |
| 619 EXPECT_TRUE(policy1->IsFeatureEnabled(kDefaultOnFeature)); |
| 620 EXPECT_TRUE(policy2->IsFeatureEnabled(kDefaultSelfFeature)); |
| 621 EXPECT_FALSE(policy2->IsFeatureEnabled(kDefaultOnFeature)); |
| 622 EXPECT_TRUE(policy3->IsFeatureEnabled(kDefaultSelfFeature)); |
| 623 EXPECT_FALSE(policy3->IsFeatureEnabled(kDefaultOnFeature)); |
| 624 } |
| 625 |
| 626 TEST_F(FeaturePolicyTest, TestFeatureEnabledForOrigin) { |
| 627 // +-----------------------------------------------+ |
| 628 // |(1) Origin A | |
| 629 // |Policy: {"default-off": ["self", "Origin B"]} | |
| 630 // +-----------------------------------------------+ |
| 631 // Features should be enabled by the policy in frame 1 for origins A and B, |
| 632 // and disabled for origin C. |
| 633 std::unique_ptr<FeaturePolicy> policy1 = |
| 634 CreateFromParentPolicy(nullptr, originA_); |
| 635 policy1->SetHeaderPolicy({{{"default-off", false, {originA_, originB_}}}}); |
| 636 EXPECT_TRUE(policy1->IsFeatureEnabledForOrigin(kDefaultOffFeature, originA_)); |
| 637 EXPECT_TRUE(policy1->IsFeatureEnabledForOrigin(kDefaultOffFeature, originB_)); |
| 638 EXPECT_FALSE( |
| 639 policy1->IsFeatureEnabledForOrigin(kDefaultOffFeature, originC_)); |
| 640 } |
| 641 |
| 642 } // namespace content |
OLD | NEW |