| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 #include "content/browser/frame_host/form_submission_throttle.h" |
| 5 |
| 6 #include "content/browser/frame_host/frame_tree_node.h" |
| 7 #include "content/browser/frame_host/navigation_handle_impl.h" |
| 8 #include "content/browser/web_contents/web_contents_impl.h" |
| 9 #include "content/public/common/browser_side_navigation_policy.h" |
| 10 #include "content/public/test/content_browser_test.h" |
| 11 #include "content/public/test/content_browser_test_utils.h" |
| 12 #include "content/shell/browser/shell.h" |
| 13 #include "net/dns/mock_host_resolver.h" |
| 14 #include "net/test/embedded_test_server/embedded_test_server.h" |
| 15 #include "url/url_constants.h" |
| 16 #include "url/url_util.h" |
| 17 |
| 18 namespace content { |
| 19 |
| 20 class FormSubmissionBrowserTest : public ContentBrowserTest { |
| 21 void SetUpOnMainThread() override { |
| 22 host_resolver()->AddRule("*", "127.0.0.1"); |
| 23 ASSERT_TRUE(embedded_test_server()->Start()); |
| 24 } |
| 25 }; |
| 26 |
| 27 IN_PROC_BROWSER_TEST_F(FormSubmissionBrowserTest, |
| 28 CheckContentSecurityPolicyFormAction) { |
| 29 // The FormSubmissionThrottle isn't used without PlzNavigate. |
| 30 if (!IsBrowserSideNavigationEnabled()) |
| 31 return; |
| 32 |
| 33 const struct { |
| 34 GURL main_page_url; |
| 35 GURL form_page_url; |
| 36 NavigationThrottle::ThrottleCheckResult start_expectation; |
| 37 NavigationThrottle::ThrottleCheckResult redirect_expectation; |
| 38 } kTestCases[] = { |
| 39 // Form submissions is allowed by default when there is no CSP. |
| 40 { |
| 41 embedded_test_server()->GetURL( |
| 42 "/form_submission_throttle/no_csp.html"), |
| 43 embedded_test_server()->GetURL("/simple_page.html"), |
| 44 NavigationThrottle::PROCEED, // start expectation. |
| 45 NavigationThrottle::PROCEED // redirect expectation. |
| 46 }, |
| 47 |
| 48 // No form submission is allowed when the calling RenderFrameHost's CSP |
| 49 // is "form-action 'none'". |
| 50 { |
| 51 embedded_test_server()->GetURL( |
| 52 "/form_submission_throttle/form_action_none.html"), |
| 53 embedded_test_server()->GetURL("/simple_page.html"), |
| 54 NavigationThrottle::CANCEL, // start expectation. |
| 55 NavigationThrottle::CANCEL // redirect expectation. |
| 56 }, |
| 57 |
| 58 // The path of the source-expression is only enforced when there is no |
| 59 // redirection. By using this behavior, this test can check a case where |
| 60 // the request is canceled in WillStartRequest() but not in |
| 61 // WillRedirectRequest(). |
| 62 // See https://www.w3.org/TR/CSP2/#source-list-paths-and-redirects for |
| 63 // details. |
| 64 { |
| 65 embedded_test_server()->GetURL( |
| 66 "/form_submission_throttle/form_action_with_path.html"), |
| 67 embedded_test_server()->GetURL("/not_the_file.html"), |
| 68 NavigationThrottle::CANCEL, // start expectation. |
| 69 NavigationThrottle::PROCEED // redirect expectation. |
| 70 }, |
| 71 }; |
| 72 |
| 73 for (const auto& test : kTestCases) { |
| 74 SCOPED_TRACE(testing::Message() |
| 75 << std::endl |
| 76 << "main_page_url = " << test.main_page_url << std::endl |
| 77 << "form_page_url = " << test.form_page_url << std::endl); |
| 78 |
| 79 // Load the main page. |
| 80 EXPECT_TRUE(NavigateToURL(shell(), test.main_page_url)); |
| 81 |
| 82 // Build a new form submission navigation. |
| 83 FrameTreeNode* root = static_cast<WebContentsImpl*>(shell()->web_contents()) |
| 84 ->GetFrameTree() |
| 85 ->root(); |
| 86 std::unique_ptr<NavigationHandle> handle = NavigationHandleImpl::Create( |
| 87 test.form_page_url, // url |
| 88 std::vector<GURL>(), // redirect chain |
| 89 root, // frame_tree_node |
| 90 true, // is_renderer_initiated |
| 91 false, // is_same_page |
| 92 base::TimeTicks::Now(), // navigation_start |
| 93 0, // pending_nav_entry_id |
| 94 false, // started_from_context_menu |
| 95 CSPDisposition::CHECK, // should_check_main_world_csp |
| 96 true); // is_form_submission |
| 97 |
| 98 // Test the expectations with a FormSubmissionThrottle. |
| 99 std::unique_ptr<NavigationThrottle> throttle = |
| 100 FormSubmissionThrottle::MaybeCreateThrottleFor(handle.get()); |
| 101 ASSERT_TRUE(throttle); |
| 102 EXPECT_EQ(test.start_expectation, throttle->WillStartRequest()); |
| 103 EXPECT_EQ(test.redirect_expectation, throttle->WillRedirectRequest()); |
| 104 } |
| 105 } |
| 106 |
| 107 IN_PROC_BROWSER_TEST_F(FormSubmissionBrowserTest, |
| 108 CheckContentSecurityPolicyFormActionBypassCSP) { |
| 109 // The FormSubmissionThrottle isn't used without PlzNavigate. |
| 110 if (!IsBrowserSideNavigationEnabled()) |
| 111 return; |
| 112 |
| 113 GURL main_url = embedded_test_server()->GetURL( |
| 114 "/form_submission_throttle/form_action_none.html"); |
| 115 GURL form_url = embedded_test_server()->GetURL("/simple_page.html"); |
| 116 |
| 117 // Load the main page. |
| 118 EXPECT_TRUE(NavigateToURL(shell(), main_url)); |
| 119 |
| 120 // Build a new form submission navigation. |
| 121 FrameTreeNode* root = static_cast<WebContentsImpl*>(shell()->web_contents()) |
| 122 ->GetFrameTree() |
| 123 ->root(); |
| 124 std::unique_ptr<NavigationHandle> handle = NavigationHandleImpl::Create( |
| 125 form_url, // url |
| 126 std::vector<GURL>(), // redirect chain |
| 127 root, // frame_tree_node |
| 128 true, // is_renderer_initiated |
| 129 false, // is_same_page |
| 130 base::TimeTicks::Now(), // navigation_start |
| 131 0, // pending_nav_entry_id |
| 132 false, // started_from_context_menu |
| 133 CSPDisposition::DO_NOT_CHECK, // should_check_main_world_csp |
| 134 true); // is_form_submission |
| 135 |
| 136 // Test that the navigation is allowed because "should_by_pass_main_world_csp" |
| 137 // is true, even if it is a form submission and the policy is |
| 138 // "form-action 'none'". |
| 139 std::unique_ptr<NavigationThrottle> throttle = |
| 140 FormSubmissionThrottle::MaybeCreateThrottleFor(handle.get()); |
| 141 ASSERT_TRUE(throttle); |
| 142 EXPECT_EQ(NavigationThrottle::PROCEED, throttle->WillStartRequest()); |
| 143 EXPECT_EQ(NavigationThrottle::PROCEED, throttle->WillRedirectRequest()); |
| 144 } |
| 145 |
| 146 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2689653003:
PlzNavigate: Enforce 'form-action' CSP on the browser-side. (Closed)
