OLD | NEW |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "core/frame/csp/CSPSource.h" | 5 #include "core/frame/csp/CSPSource.h" |
6 | 6 |
7 #include "core/dom/Document.h" | 7 #include "core/dom/Document.h" |
8 #include "core/frame/csp/ContentSecurityPolicy.h" | 8 #include "core/frame/csp/ContentSecurityPolicy.h" |
9 #include "platform/network/ResourceRequest.h" | 9 #include "platform/network/ResourceRequest.h" |
10 #include "platform/weborigin/KURL.h" | 10 #include "platform/weborigin/KURL.h" |
(...skipping 123 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
134 CSPSource::NoWildcard, CSPSource::HasWildcard); | 134 CSPSource::NoWildcard, CSPSource::HasWildcard); |
135 | 135 |
136 EXPECT_TRUE(source.matches(KURL(base, "http://example.com:8000/"))); | 136 EXPECT_TRUE(source.matches(KURL(base, "http://example.com:8000/"))); |
137 EXPECT_FALSE(source.matches(KURL(base, "http://not-example.com:8000/"))); | 137 EXPECT_FALSE(source.matches(KURL(base, "http://not-example.com:8000/"))); |
138 EXPECT_TRUE(source.matches(KURL(base, "https://example.com:8000/"))); | 138 EXPECT_TRUE(source.matches(KURL(base, "https://example.com:8000/"))); |
139 EXPECT_FALSE(source.matches(KURL(base, "https://not-example.com:8000/"))); | 139 EXPECT_FALSE(source.matches(KURL(base, "https://not-example.com:8000/"))); |
140 } | 140 } |
141 | 141 |
142 TEST_F(CSPSourceTest, InsecureHostSchemePortMatchesSecurePort) { | 142 TEST_F(CSPSourceTest, InsecureHostSchemePortMatchesSecurePort) { |
143 KURL base; | 143 KURL base; |
144 CSPSource source(csp.get(), "http", "example.com", 80, "/", | |
145 CSPSource::NoWildcard, CSPSource::NoWildcard); | |
146 EXPECT_TRUE(source.matches(KURL(base, "http://example.com/"))); | |
147 EXPECT_TRUE(source.matches(KURL(base, "http://example.com:80/"))); | |
148 EXPECT_TRUE(source.matches(KURL(base, "http://example.com:443/"))); | |
149 EXPECT_TRUE(source.matches(KURL(base, "https://example.com/"))); | |
150 EXPECT_TRUE(source.matches(KURL(base, "https://example.com:80/"))); | |
151 EXPECT_TRUE(source.matches(KURL(base, "https://example.com:443/"))); | |
152 | 144 |
153 EXPECT_FALSE(source.matches(KURL(base, "http://example.com:8443/"))); | 145 // source scheme is "http" |
154 EXPECT_FALSE(source.matches(KURL(base, "https://example.com:8443/"))); | 146 { |
| 147 CSPSource source(csp.get(), "http", "example.com", 80, "/", |
| 148 CSPSource::NoWildcard, CSPSource::NoWildcard); |
| 149 EXPECT_TRUE(source.matches(KURL(base, "http://example.com/"))); |
| 150 EXPECT_TRUE(source.matches(KURL(base, "http://example.com:80/"))); |
| 151 // TODO(mkwst, arthursonzogni): It is weird to upgrade the port without the |
| 152 // sheme. See http://crbug.com/692499 |
| 153 EXPECT_TRUE(source.matches(KURL(base, "http://example.com:443/"))); |
| 154 EXPECT_TRUE(source.matches(KURL(base, "https://example.com/"))); |
| 155 // TODO(mkwst, arthursonzogni): It is weird to upgrade the scheme without |
| 156 // the port. See http://crbug.com/692499 |
| 157 EXPECT_TRUE(source.matches(KURL(base, "https://example.com:80/"))); |
| 158 EXPECT_TRUE(source.matches(KURL(base, "https://example.com:443/"))); |
155 | 159 |
156 EXPECT_FALSE(source.matches(KURL(base, "http://not-example.com/"))); | 160 EXPECT_FALSE(source.matches(KURL(base, "http://example.com:8443/"))); |
157 EXPECT_FALSE(source.matches(KURL(base, "http://not-example.com:80/"))); | 161 EXPECT_FALSE(source.matches(KURL(base, "https://example.com:8443/"))); |
158 EXPECT_FALSE(source.matches(KURL(base, "http://not-example.com:443/"))); | 162 |
159 EXPECT_FALSE(source.matches(KURL(base, "https://not-example.com/"))); | 163 EXPECT_FALSE(source.matches(KURL(base, "http://not-example.com/"))); |
160 EXPECT_FALSE(source.matches(KURL(base, "https://not-example.com:80/"))); | 164 EXPECT_FALSE(source.matches(KURL(base, "http://not-example.com:80/"))); |
161 EXPECT_FALSE(source.matches(KURL(base, "https://not-example.com:443/"))); | 165 EXPECT_FALSE(source.matches(KURL(base, "http://not-example.com:443/"))); |
| 166 EXPECT_FALSE(source.matches(KURL(base, "https://not-example.com/"))); |
| 167 EXPECT_FALSE(source.matches(KURL(base, "https://not-example.com:80/"))); |
| 168 EXPECT_FALSE(source.matches(KURL(base, "https://not-example.com:443/"))); |
| 169 } |
| 170 |
| 171 // source scheme is empty |
| 172 { |
| 173 Persistent<ContentSecurityPolicy> csp(ContentSecurityPolicy::create()); |
| 174 csp->setupSelf(*SecurityOrigin::createFromString("http://example.com")); |
| 175 CSPSource source(csp.get(), "", "example.com", 80, "/", |
| 176 CSPSource::NoWildcard, CSPSource::NoWildcard); |
| 177 EXPECT_TRUE(source.matches(KURL(base, "http://example.com/"))); |
| 178 EXPECT_TRUE(source.matches(KURL(base, "https://example.com:443"))); |
| 179 // TODO(mkwst, arthursonzogni): It is weird to upgrade the port without the |
| 180 // sheme. See http://crbug.com/692499 |
| 181 EXPECT_TRUE(source.matches(KURL(base, "http://example.com:443"))); |
| 182 } |
162 } | 183 } |
163 | 184 |
164 TEST_F(CSPSourceTest, DoesNotSubsume) { | 185 TEST_F(CSPSourceTest, DoesNotSubsume) { |
165 struct Source { | 186 struct Source { |
166 const char* scheme; | 187 const char* scheme; |
167 const char* host; | 188 const char* host; |
168 const char* path; | 189 const char* path; |
169 const int port; | 190 const int port; |
170 }; | 191 }; |
171 struct TestCase { | 192 struct TestCase { |
(...skipping 608 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
780 normalized = B->intersect(A); | 801 normalized = B->intersect(A); |
781 Source intersectBA = { | 802 Source intersectBA = { |
782 normalized->m_scheme, normalized->m_host, | 803 normalized->m_scheme, normalized->m_host, |
783 normalized->m_path, normalized->m_port, | 804 normalized->m_path, normalized->m_port, |
784 normalized->m_hostWildcard, normalized->m_portWildcard}; | 805 normalized->m_hostWildcard, normalized->m_portWildcard}; |
785 EXPECT_TRUE(equalSources(intersectBA, test.normalized)); | 806 EXPECT_TRUE(equalSources(intersectBA, test.normalized)); |
786 } | 807 } |
787 } | 808 } |
788 | 809 |
789 } // namespace blink | 810 } // namespace blink |
OLD | NEW |