Index: third_party/WebKit/Source/core/frame/csp/CSPSourceTest.cpp |
diff --git a/third_party/WebKit/Source/core/frame/csp/CSPSourceTest.cpp b/third_party/WebKit/Source/core/frame/csp/CSPSourceTest.cpp |
index 5fb8f9373c800ba405f2d7b395dc76b2dd11f347..986ab6beb91e30e7edcb32eca3de120c930ea7ec 100644 |
--- a/third_party/WebKit/Source/core/frame/csp/CSPSourceTest.cpp |
+++ b/third_party/WebKit/Source/core/frame/csp/CSPSourceTest.cpp |
@@ -141,24 +141,45 @@ TEST_F(CSPSourceTest, InsecureHostSchemeMatchesSecureScheme) { |
TEST_F(CSPSourceTest, InsecureHostSchemePortMatchesSecurePort) { |
KURL base; |
- CSPSource source(csp.get(), "http", "example.com", 80, "/", |
- CSPSource::NoWildcard, CSPSource::NoWildcard); |
- EXPECT_TRUE(source.matches(KURL(base, "http://example.com/"))); |
- EXPECT_TRUE(source.matches(KURL(base, "http://example.com:80/"))); |
- EXPECT_TRUE(source.matches(KURL(base, "http://example.com:443/"))); |
- EXPECT_TRUE(source.matches(KURL(base, "https://example.com/"))); |
- EXPECT_TRUE(source.matches(KURL(base, "https://example.com:80/"))); |
- EXPECT_TRUE(source.matches(KURL(base, "https://example.com:443/"))); |
- |
- EXPECT_FALSE(source.matches(KURL(base, "http://example.com:8443/"))); |
- EXPECT_FALSE(source.matches(KURL(base, "https://example.com:8443/"))); |
- |
- EXPECT_FALSE(source.matches(KURL(base, "http://not-example.com/"))); |
- EXPECT_FALSE(source.matches(KURL(base, "http://not-example.com:80/"))); |
- EXPECT_FALSE(source.matches(KURL(base, "http://not-example.com:443/"))); |
- EXPECT_FALSE(source.matches(KURL(base, "https://not-example.com/"))); |
- EXPECT_FALSE(source.matches(KURL(base, "https://not-example.com:80/"))); |
- EXPECT_FALSE(source.matches(KURL(base, "https://not-example.com:443/"))); |
+ |
+ // source scheme is "http" |
+ { |
+ CSPSource source(csp.get(), "http", "example.com", 80, "/", |
+ CSPSource::NoWildcard, CSPSource::NoWildcard); |
+ EXPECT_TRUE(source.matches(KURL(base, "http://example.com/"))); |
+ EXPECT_TRUE(source.matches(KURL(base, "http://example.com:80/"))); |
+ // TODO(mkwst, arthursonzogni): It is weird to upgrade the port without the |
+ // sheme. See http://crbug.com/692499 |
+ EXPECT_TRUE(source.matches(KURL(base, "http://example.com:443/"))); |
+ EXPECT_TRUE(source.matches(KURL(base, "https://example.com/"))); |
+ // TODO(mkwst, arthursonzogni): It is weird to upgrade the scheme without |
+ // the port. See http://crbug.com/692499 |
+ EXPECT_TRUE(source.matches(KURL(base, "https://example.com:80/"))); |
+ EXPECT_TRUE(source.matches(KURL(base, "https://example.com:443/"))); |
+ |
+ EXPECT_FALSE(source.matches(KURL(base, "http://example.com:8443/"))); |
+ EXPECT_FALSE(source.matches(KURL(base, "https://example.com:8443/"))); |
+ |
+ EXPECT_FALSE(source.matches(KURL(base, "http://not-example.com/"))); |
+ EXPECT_FALSE(source.matches(KURL(base, "http://not-example.com:80/"))); |
+ EXPECT_FALSE(source.matches(KURL(base, "http://not-example.com:443/"))); |
+ EXPECT_FALSE(source.matches(KURL(base, "https://not-example.com/"))); |
+ EXPECT_FALSE(source.matches(KURL(base, "https://not-example.com:80/"))); |
+ EXPECT_FALSE(source.matches(KURL(base, "https://not-example.com:443/"))); |
+ } |
+ |
+ // source scheme is empty |
+ { |
+ Persistent<ContentSecurityPolicy> csp(ContentSecurityPolicy::create()); |
+ csp->setupSelf(*SecurityOrigin::createFromString("http://example.com")); |
+ CSPSource source(csp.get(), "", "example.com", 80, "/", |
+ CSPSource::NoWildcard, CSPSource::NoWildcard); |
+ EXPECT_TRUE(source.matches(KURL(base, "http://example.com/"))); |
+ EXPECT_TRUE(source.matches(KURL(base, "https://example.com:443"))); |
+ // TODO(mkwst, arthursonzogni): It is weird to upgrade the port without the |
+ // sheme. See http://crbug.com/692499 |
+ EXPECT_TRUE(source.matches(KURL(base, "http://example.com:443"))); |
+ } |
} |
TEST_F(CSPSourceTest, DoesNotSubsume) { |