CSP Suborigins

Source/platform/weborigin/SecurityOriginTest.cpp

Index: Source/platform/weborigin/SecurityOriginTest.cpp
diff --git a/Source/platform/weborigin/SecurityOriginTest.cpp b/Source/platform/weborigin/SecurityOriginTest.cpp
index 8c9e36e1209df69fb0495c7bc6c9f167be46853a..c64ced2f462531be0214acd47456ae126437a16f 100644
--- a/Source/platform/weborigin/SecurityOriginTest.cpp
+++ b/Source/platform/weborigin/SecurityOriginTest.cpp
@@ -31,6 +31,7 @@
 #include "config.h"
 #include "platform/weborigin/SecurityOrigin.h"
 
+#include "platform/RuntimeEnabledFeatures.h"
 #include "platform/weborigin/KURL.h"
 #include <gtest/gtest.h>
 
@@ -139,5 +140,51 @@ TEST(SecurityOriginTest, CanAccessFeatureRequringSecureOrigin)
     EXPECT_EQ("Only secure origins are allowed. http://goo.gl/lq4gCo", errorMessage);
 }
 
+TEST(SecurityOriginTest, Suborigins)
+{
+    blink::RuntimeEnabledFeatures::setSuboriginsEnabled(true);
+
+    RefPtr<SecurityOrigin> origin = SecurityOrigin::createFromString("https://test.com");
+    EXPECT_FALSE(origin->hasSuborigin());
+    origin->addSuborigin("foobar");
+    EXPECT_TRUE(origin->hasSuborigin());
+    EXPECT_EQ("foobar", origin->suboriginName());
+
+    origin = SecurityOrigin::createFromString("suborigin+foobar+https://test.com");
+    EXPECT_TRUE(origin->hasSuborigin());
+    EXPECT_EQ("foobar", origin->suboriginName());
+
+    origin = SecurityOrigin::createFromString("sborigin+foobar+https://test.com");
+    EXPECT_FALSE(origin->hasSuborigin());
+
+    origin = SecurityOrigin::createFromString("+foobar+https://test.com");
+    EXPECT_FALSE(origin->hasSuborigin());
+
+    origin = SecurityOrigin::createFromString("suborigin++https://test.com");
+    EXPECT_FALSE(origin->hasSuborigin());
+
+    origin = SecurityOrigin::createFromString("suborigin+https://test.com");
+    EXPECT_FALSE(origin->hasSuborigin());
+
+    origin = SecurityOrigin::createFromString("suborigin+foobar+https://test.com");
+    EXPECT_DEATH(origin->addSuborigin("shouldhitassert"), "");
+
+    origin = SecurityOrigin::createFromString("https://test.com");
+    RefPtr<SecurityOrigin> suborigin1 = SecurityOrigin::createFromString("suborigin+foobar+https://test.com");
+    RefPtr<SecurityOrigin> suborigin2 = SecurityOrigin::createFromString("suborigin+bazbar+https://test.com");
+    EXPECT_TRUE(suborigin1->canAccess(suborigin1.get()));
+    EXPECT_FALSE(origin->canAccess(suborigin1.get()));
+    EXPECT_FALSE(suborigin1->canAccess(origin.get()));
+    EXPECT_FALSE(suborigin1->canAccess(suborigin2.get()));

[Mike West, 2015/04/13 10:03:35]

Nit: I'd suggest splitting `canAccess` and `canRequest` into separate unit
tests, just for clarity.

+
+    EXPECT_TRUE(suborigin1->canRequest(blink::KURL(blink::KURL(), suborigin1->toString())));
+    EXPECT_FALSE(origin->canRequest(blink::KURL(blink::KURL(), suborigin1->toString())));
+    EXPECT_FALSE(suborigin1->canRequest(blink::KURL(blink::KURL(), origin->toString())));
+    EXPECT_FALSE(suborigin1->canRequest(blink::KURL(blink::KURL(), suborigin2->toString())));
+
+    origin = SecurityOrigin::createFromString("suborigin+foobar+https://test.com");
+    EXPECT_FALSE(origin->canShowNotifications());
+}
+
 } // namespace