Chromium Code Reviews Chromium Code Reviews
Issue 27073003:
CSP Suborigins
Base URL: https://chromium.googlesource.com/chromium/blink.git@master| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2013 Google Inc. All rights reserved. | 2 * Copyright (C) 2013 Google Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
| 6 * met: | 6 * met: |
| 7 * | 7 * |
| 8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
| (...skipping 121 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 132 EXPECT_EQ(inputs[i].accessGranted, errorMessage.isEmpty()); | 132 EXPECT_EQ(inputs[i].accessGranted, errorMessage.isEmpty()); |
| 133 } | 133 } |
| 134 | 134 |
| 135 // Unique origins are not considered secure. | 135 // Unique origins are not considered secure. |
| 136 RefPtr<SecurityOrigin> uniqueOrigin = SecurityOrigin::createUnique(); | 136 RefPtr<SecurityOrigin> uniqueOrigin = SecurityOrigin::createUnique(); |
| 137 String errorMessage; | 137 String errorMessage; |
| 138 EXPECT_FALSE(uniqueOrigin->canAccessFeatureRequiringSecureOrigin(errorMessag e)); | 138 EXPECT_FALSE(uniqueOrigin->canAccessFeatureRequiringSecureOrigin(errorMessag e)); |
| 139 EXPECT_EQ("Only secure origins are allowed. http://goo.gl/lq4gCo", errorMess age); | 139 EXPECT_EQ("Only secure origins are allowed. http://goo.gl/lq4gCo", errorMess age); |
| 140 } | 140 } |
| 141 | 141 |
| 142 TEST(SecurityOriginTest, Suborigins) | |
| 143 { | |
| 144 RefPtr<SecurityOrigin> origin = SecurityOrigin::createFromString("https://te st.com"); | |
| 145 EXPECT_FALSE(origin->hasSuborigin()); | |
| 146 origin->addSuborigin("foobar"); | |
| 147 EXPECT_TRUE(origin->hasSuborigin()); | |
| 148 EXPECT_EQ("foobar", origin->suboriginName()); | |
| 149 | |
| 150 origin = SecurityOrigin::createFromString("suborigin+foobar+https://test.com "); | |
| 151 EXPECT_TRUE(origin->hasSuborigin()); | |
| 152 EXPECT_EQ("foobar", origin->suboriginName()); | |
|
Mike West
2015/03/23 07:32:56
Please verify the rest of the origin as well here
| |
| 153 | |
| 154 origin = SecurityOrigin::createFromString("sborigin+foobar+https://test.com" ); | |
| 155 EXPECT_FALSE(origin->hasSuborigin()); | |
| 156 | |
| 157 origin = SecurityOrigin::createFromString("+foobar+https://test.com"); | |
| 158 EXPECT_FALSE(origin->hasSuborigin()); | |
| 159 | |
| 160 origin = SecurityOrigin::createFromString("suborigin++https://test.com"); | |
| 161 EXPECT_FALSE(origin->hasSuborigin()); | |
| 162 | |
| 163 origin = SecurityOrigin::createFromString("suborigin+https://test.com"); | |
| 164 EXPECT_FALSE(origin->hasSuborigin()); | |
| 165 } | |
| 166 | |
|
Mike West
2015/03/23 07:32:56
It would be good to add a number of new unit tests
jww
2015/04/11 02:52:36
Yup, added.
| |
| 142 } // namespace | 167 } // namespace |
| 143 | 168 |
| OLD | NEW |
