Chromium Code Reviews| OLD | NEW |
|---|---|
| (Empty) | |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 #include "content/browser/frame_host/form_submission_throttle.h" | |
| 5 | |
| 6 #include "content/browser/frame_host/frame_tree_node.h" | |
| 7 #include "content/browser/frame_host/navigation_handle_impl.h" | |
| 8 #include "content/browser/web_contents/web_contents_impl.h" | |
| 9 #include "content/public/common/browser_side_navigation_policy.h" | |
| 10 #include "content/public/test/content_browser_test.h" | |
| 11 #include "content/public/test/content_browser_test_utils.h" | |
| 12 #include "content/shell/browser/shell.h" | |
| 13 #include "net/dns/mock_host_resolver.h" | |
| 14 #include "net/test/embedded_test_server/embedded_test_server.h" | |
| 15 #include "url/url_constants.h" | |
| 16 #include "url/url_util.h" | |
| 17 | |
| 18 namespace content { | |
| 19 | |
| 20 class FormSubmissionBrowserTest : public ContentBrowserTest { | |
| 21 void SetUpOnMainThread() override { | |
| 22 host_resolver()->AddRule("*", "127.0.0.1"); | |
| 23 ASSERT_TRUE(embedded_test_server()->Start()); | |
| 24 } | |
| 25 }; | |
| 26 | |
| 27 IN_PROC_BROWSER_TEST_F(FormSubmissionBrowserTest, | |
| 28 CheckContentSecurityPolicyFormAction) { | |
| 29 // The FormSubmittionThrottle aren't used without PlzNavigate. | |
|
alexmos
2017/02/28 02:48:46
nit: FormSubmittionThrottle -> FormSubmissionThrot
arthursonzogni
2017/03/07 16:25:51
Done.
| |
| 30 if (!IsBrowserSideNavigationEnabled()) | |
| 31 return; | |
| 32 | |
| 33 const struct { | |
| 34 GURL main_page_url; | |
| 35 GURL form_page_url; | |
| 36 NavigationThrottle::ThrottleCheckResult start_expectation; | |
| 37 NavigationThrottle::ThrottleCheckResult redirect_expectation; | |
| 38 } kTestCases[] = { | |
| 39 // Form submissions are allowed by default when there is not CSP. | |
| 40 { | |
| 41 embedded_test_server()->GetURL( | |
| 42 "/form_submission_throttle/no_csp.html"), | |
| 43 embedded_test_server()->GetURL("/simple_page.html"), | |
| 44 NavigationThrottle::PROCEED, // start expectation. | |
| 45 NavigationThrottle::PROCEED // redirect expectation. | |
| 46 }, | |
| 47 | |
| 48 // No form submission is allowed when the calling RenderFrameHost's CSP | |
| 49 // is "form-action 'none'". | |
| 50 { | |
| 51 embedded_test_server()->GetURL( | |
| 52 "/form_submission_throttle/form_action_none.html"), | |
| 53 embedded_test_server()->GetURL("/simple_page.html"), | |
| 54 NavigationThrottle::CANCEL, // start expectation. | |
| 55 NavigationThrottle::CANCEL // redirect expectation. | |
| 56 }, | |
| 57 | |
| 58 // The path of the source-expression is only enforced when there is no | |
| 59 // redirection. By using this behavior, this test can checks a case where | |
|
alexmos
2017/02/28 02:48:46
Just curious, is this because of what the spec say
Mike West
2017/03/02 10:45:34
Totally non-intuitive. Totally what the spec says.
arthursonzogni
2017/03/07 16:25:51
Acknowledged.
| |
| 60 // the request is canceled in WillStartRequest() but not in | |
| 61 // WillRedirectRequest(). | |
| 62 { | |
| 63 embedded_test_server()->GetURL( | |
| 64 "/form_submission_throttle/form_action_with_path.html"), | |
| 65 embedded_test_server()->GetURL("/not_the_file.html"), | |
| 66 NavigationThrottle::CANCEL, // start expectation. | |
| 67 NavigationThrottle::PROCEED // redirect expectation. | |
| 68 }, | |
| 69 }; | |
| 70 | |
| 71 for (const auto& test : kTestCases) { | |
| 72 SCOPED_TRACE(testing::Message() | |
| 73 << std::endl | |
| 74 << "main_page_url = " << test.main_page_url << std::endl | |
| 75 << "form_page_url = " << test.form_page_url << std::endl); | |
| 76 | |
| 77 // Load the main page. | |
| 78 EXPECT_TRUE(NavigateToURL(shell(), test.main_page_url)); | |
| 79 | |
| 80 // Build a new form submission navigation. | |
| 81 FrameTreeNode* root = static_cast<WebContentsImpl*>(shell()->web_contents()) | |
| 82 ->GetFrameTree() | |
| 83 ->root(); | |
| 84 std::unique_ptr<NavigationHandle> handle = NavigationHandleImpl::Create( | |
| 85 test.form_page_url, // url | |
| 86 std::vector<GURL>(), // redirect chain | |
| 87 root, // frame_tree_node | |
| 88 true, // is_renderer_initiated | |
| 89 false, // is_same_page | |
| 90 base::TimeTicks::Now(), // navigation_start | |
| 91 0, // pending_nav_entry_id | |
| 92 false, // started_from_context_menu | |
| 93 false, // should_bypass_main_world_csp | |
| 94 true); // is_form_submission | |
| 95 | |
| 96 // Test the expectations with a FormSubmissionThrottle. | |
| 97 std::unique_ptr<NavigationThrottle> throttle = | |
| 98 FormSubmissionThrottle::MaybeCreateThrottleFor(handle.get()); | |
| 99 ASSERT_TRUE(throttle); | |
| 100 EXPECT_EQ(test.start_expectation, throttle->WillStartRequest()); | |
| 101 EXPECT_EQ(test.redirect_expectation, throttle->WillRedirectRequest()); | |
|
alexmos
2017/02/28 02:48:46
Maybe not in this test, but it'd be nice to add an
Mike West
2017/03/02 10:45:34
Are we landing on an error page? That sounds great
arthursonzogni
2017/03/07 16:25:51
There is some layout tests that does what you want
Mike West
2017/03/09 08:20:04
If alexmos@ and creis@ are ok with landing on an e
arthursonzogni
2017/03/10 09:35:37
FYI: We currently have some issue with the error p
| |
| 102 } | |
| 103 } | |
| 104 | |
| 105 IN_PROC_BROWSER_TEST_F(FormSubmissionBrowserTest, | |
| 106 CheckContentSecurityPolicyFormActionBypassCSP) { | |
| 107 // The FormSubmittionThrottle aren't used without PlzNavigate. | |
| 108 if (!IsBrowserSideNavigationEnabled()) | |
| 109 return; | |
| 110 | |
| 111 GURL main_url = embedded_test_server()->GetURL( | |
| 112 "/form_submission_throttle/form_action_none.html"); | |
| 113 GURL form_url = embedded_test_server()->GetURL("/simple_page.html"); | |
| 114 | |
| 115 // Load the main page. | |
| 116 EXPECT_TRUE(NavigateToURL(shell(), main_url)); | |
| 117 | |
| 118 // Build a new form submission navigation. | |
| 119 FrameTreeNode* root = static_cast<WebContentsImpl*>(shell()->web_contents()) | |
| 120 ->GetFrameTree() | |
| 121 ->root(); | |
| 122 std::unique_ptr<NavigationHandle> handle = | |
| 123 NavigationHandleImpl::Create(form_url, // url | |
| 124 std::vector<GURL>(), // redirect chain | |
| 125 root, // frame_tree_node | |
| 126 true, // is_renderer_initiated | |
| 127 false, // is_same_page | |
| 128 base::TimeTicks::Now(), // navigation_start | |
| 129 0, // pending_nav_entry_id | |
| 130 false, // started_from_context_menu | |
| 131 true, // should_bypass_main_world_csp | |
| 132 true); // is_form_submission | |
| 133 | |
| 134 // Test the expectations with a FormSubmissionThrottle. | |
|
alexmos
2017/02/28 02:48:46
Can you add a short comment to make it more obviou
arthursonzogni
2017/03/07 16:25:51
Done.
| |
| 135 std::unique_ptr<NavigationThrottle> throttle = | |
| 136 FormSubmissionThrottle::MaybeCreateThrottleFor(handle.get()); | |
| 137 ASSERT_TRUE(throttle); | |
| 138 EXPECT_EQ(NavigationThrottle::PROCEED, throttle->WillStartRequest()); | |
| 139 EXPECT_EQ(NavigationThrottle::PROCEED, throttle->WillRedirectRequest()); | |
| 140 } | |
| 141 | |
| 142 } // namespace content | |
| OLD | NEW |