Index: third_party/WebKit/Source/core/frame/csp/CSPSourceTest.cpp |
diff --git a/third_party/WebKit/Source/core/frame/csp/CSPSourceTest.cpp b/third_party/WebKit/Source/core/frame/csp/CSPSourceTest.cpp |
index 5fb8f9373c800ba405f2d7b395dc76b2dd11f347..c382d068d9f358cf01b5010769e03b7345bff94d 100644 |
--- a/third_party/WebKit/Source/core/frame/csp/CSPSourceTest.cpp |
+++ b/third_party/WebKit/Source/core/frame/csp/CSPSourceTest.cpp |
@@ -161,6 +161,44 @@ TEST_F(CSPSourceTest, InsecureHostSchemePortMatchesSecurePort) { |
EXPECT_FALSE(source.matches(KURL(base, "https://not-example.com:443/"))); |
} |
+TEST_F(CSPSourceTest, HostMatches) { |
+ KURL base; |
+ Persistent<ContentSecurityPolicy> csp(ContentSecurityPolicy::create()); |
+ csp->setupSelf(*SecurityOrigin::createFromString("http://a.com")); |
+ |
+ // Host is * (source-expression = "http://*") |
+ { |
+ CSPSource source(csp.get(), "http", "", 0, "", CSPSource::HasWildcard, |
+ CSPSource::NoWildcard); |
+ EXPECT_TRUE(source.matches(KURL(base, "http://a.com"))); |
+ EXPECT_TRUE(source.matches(KURL(base, "http://."))); |
+ } |
+ |
+ // Host is *.foo.bar |
+ { |
+ CSPSource source(csp.get(), "", "foo.bar", 0, "", CSPSource::HasWildcard, |
+ CSPSource::NoWildcard); |
+ EXPECT_FALSE(source.matches(KURL(base, "http://a.com"))); |
+ EXPECT_FALSE(source.matches(KURL(base, "http://bar"))); |
+ EXPECT_FALSE(source.matches(KURL(base, "http://foo.bar"))); |
+ EXPECT_FALSE(source.matches(KURL(base, "http://o.bar"))); |
+ EXPECT_TRUE(source.matches(KURL(base, "http://*.foo.bar"))); |
arthursonzogni
2017/02/14 14:16:30
It is strange to me(A wildcard in the host name),
Mike West
2017/02/15 06:43:49
This should match. It gets canonicalized to someth
arthursonzogni
2017/02/15 12:47:59
Acknowledged.
|
+ EXPECT_TRUE(source.matches(KURL(base, "http://sub.foo.bar"))); |
+ EXPECT_TRUE(source.matches(KURL(base, "http://sub.sub.foo.bar"))); |
+ EXPECT_TRUE(source.matches(KURL(base, "http://.foo.bar"))); |
arthursonzogni
2017/02/14 14:16:30
You said it looks strange to you. What do you thin
Mike West
2017/02/15 06:43:49
I did say that this looks strange. Please file a b
arthursonzogni
2017/02/15 12:47:59
Done. BUG=692505
|
+ } |
+ |
+ // Host is exact. |
+ { |
+ CSPSource source(csp.get(), "", "foo.bar", 0, "", CSPSource::NoWildcard, |
+ CSPSource::NoWildcard); |
+ EXPECT_TRUE(source.matches(KURL(base, "http://foo.bar"))); |
+ EXPECT_FALSE(source.matches(KURL(base, "http://sub.foo.bar"))); |
+ EXPECT_FALSE(source.matches(KURL(base, "http://bar"))); |
+ EXPECT_FALSE(source.matches(KURL(base, "http://.foo.bar"))); |
arthursonzogni
2017/02/14 14:16:30
Same here.
Mike West
2017/02/15 06:43:49
Ditto.
arthursonzogni
2017/02/15 12:47:59
Done.
|
+ } |
+} |
+ |
TEST_F(CSPSourceTest, DoesNotSubsume) { |
struct Source { |
const char* scheme; |