| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/command_line.h" | 5 #include "base/command_line.h" |
| 6 #include "base/macros.h" | 6 #include "base/macros.h" |
| 7 #include "build/build_config.h" | 7 #include "build/build_config.h" |
| 8 #include "content/browser/frame_host/frame_tree.h" | 8 #include "content/browser/frame_host/frame_tree.h" |
| 9 #include "content/browser/frame_host/frame_tree_node.h" | 9 #include "content/browser/frame_host/frame_tree_node.h" |
| 10 #include "content/browser/renderer_host/render_view_host_impl.h" | 10 #include "content/browser/renderer_host/render_view_host_impl.h" |
| (...skipping 256 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 267 EXPECT_TRUE( | 267 EXPECT_TRUE( |
| 268 root->current_frame_host()->GetLastCommittedOrigin().IsSameOriginWith( | 268 root->current_frame_host()->GetLastCommittedOrigin().IsSameOriginWith( |
| 269 root->child_at(0)->current_frame_host()->GetLastCommittedOrigin())); | 269 root->child_at(0)->current_frame_host()->GetLastCommittedOrigin())); |
| 270 EXPECT_EQ(root->current_origin().Serialize(), GetOriginFromRenderer(root)); | 270 EXPECT_EQ(root->current_origin().Serialize(), GetOriginFromRenderer(root)); |
| 271 EXPECT_EQ(root->child_at(0)->current_origin().Serialize(), | 271 EXPECT_EQ(root->child_at(0)->current_origin().Serialize(), |
| 272 GetOriginFromRenderer(root->child_at(0))); | 272 GetOriginFromRenderer(root->child_at(0))); |
| 273 | 273 |
| 274 GURL data_url("data:text/html,foo"); | 274 GURL data_url("data:text/html,foo"); |
| 275 EXPECT_TRUE(NavigateToURL(shell(), data_url)); | 275 EXPECT_TRUE(NavigateToURL(shell(), data_url)); |
| 276 | 276 |
| 277 // Navigating to a data URL should set a unique origin. This is represented | 277 // Navigating to a data URL should set a unique opaque origin. This is |
| 278 // as "null" per RFC 6454. | 278 // represented as "null" per RFC 6454. |
| 279 EXPECT_EQ("null", root->current_origin().Serialize()); | 279 EXPECT_EQ("null", root->current_origin().Serialize()); |
| 280 EXPECT_TRUE(contents->GetMainFrame()->GetLastCommittedOrigin().unique()); | 280 EXPECT_TRUE(contents->GetMainFrame()->GetLastCommittedOrigin().opaque()); |
| 281 EXPECT_EQ("null", GetOriginFromRenderer(root)); | 281 EXPECT_EQ("null", GetOriginFromRenderer(root)); |
| 282 | 282 |
| 283 // Re-navigating to a normal URL should update the origin. | 283 // Re-navigating to a normal URL should update the origin. |
| 284 EXPECT_TRUE(NavigateToURL(shell(), main_url)); | 284 EXPECT_TRUE(NavigateToURL(shell(), main_url)); |
| 285 EXPECT_EQ(main_url.GetOrigin().spec(), | 285 EXPECT_EQ(main_url.GetOrigin().spec(), |
| 286 root->current_origin().Serialize() + '/'); | 286 root->current_origin().Serialize() + '/'); |
| 287 EXPECT_EQ( | 287 EXPECT_EQ( |
| 288 main_url.GetOrigin().spec(), | 288 main_url.GetOrigin().spec(), |
| 289 contents->GetMainFrame()->GetLastCommittedOrigin().Serialize() + '/'); | 289 contents->GetMainFrame()->GetLastCommittedOrigin().Serialize() + '/'); |
| 290 EXPECT_FALSE(contents->GetMainFrame()->GetLastCommittedOrigin().unique()); | 290 EXPECT_FALSE(contents->GetMainFrame()->GetLastCommittedOrigin().opaque()); |
| 291 EXPECT_EQ(root->current_origin().Serialize(), GetOriginFromRenderer(root)); | 291 EXPECT_EQ(root->current_origin().Serialize(), GetOriginFromRenderer(root)); |
| 292 } | 292 } |
| 293 | 293 |
| 294 // Tests a cross-origin navigation to a blob URL. The main frame initiates this | 294 // Tests a cross-origin navigation to a blob URL. The main frame initiates this |
| 295 // navigation on its grandchild. It should wind up in the main frame's process. | 295 // navigation on its grandchild. It should wind up in the main frame's process. |
| 296 IN_PROC_BROWSER_TEST_F(FrameTreeBrowserTest, NavigateGrandchildToBlob) { | 296 IN_PROC_BROWSER_TEST_F(FrameTreeBrowserTest, NavigateGrandchildToBlob) { |
| 297 WebContents* contents = shell()->web_contents(); | 297 WebContents* contents = shell()->web_contents(); |
| 298 FrameTreeNode* root = | 298 FrameTreeNode* root = |
| 299 static_cast<WebContentsImpl*>(contents)->GetFrameTree()->root(); | 299 static_cast<WebContentsImpl*>(contents)->GetFrameTree()->root(); |
| 300 | 300 |
| (...skipping 26 matching lines...) Expand all Loading... |
| 327 " window.parent.parent.postMessage(\"HI\", document.origin);" | 327 " window.parent.parent.postMessage(\"HI\", document.origin);" |
| 328 " </script></body></html>'], {type: 'text/html'});" | 328 " </script></body></html>'], {type: 'text/html'});" |
| 329 "var blob_url = URL.createObjectURL(blob);" | 329 "var blob_url = URL.createObjectURL(blob);" |
| 330 "frames[0][0].location.href = blob_url;", | 330 "frames[0][0].location.href = blob_url;", |
| 331 &blob_url_string)); | 331 &blob_url_string)); |
| 332 // Wait for the RenderFrame to go away, if this will be cross-process. | 332 // Wait for the RenderFrame to go away, if this will be cross-process. |
| 333 if (AreAllSitesIsolatedForTesting()) | 333 if (AreAllSitesIsolatedForTesting()) |
| 334 deleted_observer.WaitUntilDeleted(); | 334 deleted_observer.WaitUntilDeleted(); |
| 335 EXPECT_EQ(GURL(blob_url_string), target->current_url()); | 335 EXPECT_EQ(GURL(blob_url_string), target->current_url()); |
| 336 EXPECT_EQ(url::kBlobScheme, target->current_url().scheme()); | 336 EXPECT_EQ(url::kBlobScheme, target->current_url().scheme()); |
| 337 EXPECT_FALSE(target->current_origin().unique()); | 337 EXPECT_FALSE(target->current_origin().opaque()); |
| 338 EXPECT_EQ("a.com", target->current_origin().host()); | 338 EXPECT_EQ("a.com", target->current_origin().host()); |
| 339 EXPECT_EQ(url::kHttpScheme, target->current_origin().scheme()); | 339 EXPECT_EQ(url::kHttpScheme, target->current_origin().scheme()); |
| 340 | 340 |
| 341 std::string document_body; | 341 std::string document_body; |
| 342 EXPECT_TRUE(ExecuteScriptAndExtractString( | 342 EXPECT_TRUE(ExecuteScriptAndExtractString( |
| 343 target, | 343 target, |
| 344 "domAutomationController.send(document.body.children[0].innerHTML);", | 344 "domAutomationController.send(document.body.children[0].innerHTML);", |
| 345 &document_body)); | 345 &document_body)); |
| 346 EXPECT_EQ("This is blob content.", document_body); | 346 EXPECT_EQ("This is blob content.", document_body); |
| 347 EXPECT_EQ(reference_tree, FrameTreeVisualizer().DepictFrameTree(root)); | 347 EXPECT_EQ(reference_tree, FrameTreeVisualizer().DepictFrameTree(root)); |
| (...skipping 28 matching lines...) Expand all Loading... |
| 376 " // Poll the document until it doesn't throw a SecurityError.\n" | 376 " // Poll the document until it doesn't throw a SecurityError.\n" |
| 377 " try {" | 377 " try {" |
| 378 " frames[0].document.write('Hi from ' + document.domain);" | 378 " frames[0].document.write('Hi from ' + document.domain);" |
| 379 " } catch (e) { return; }" | 379 " } catch (e) { return; }" |
| 380 " clearInterval(intervalID);" | 380 " clearInterval(intervalID);" |
| 381 " domAutomationController.send(frames[0].document.origin);" | 381 " domAutomationController.send(frames[0].document.origin);" |
| 382 "}, 16);", | 382 "}, 16);", |
| 383 &about_blank_origin)); | 383 &about_blank_origin)); |
| 384 EXPECT_EQ(GURL(url::kAboutBlankURL), target->current_url()); | 384 EXPECT_EQ(GURL(url::kAboutBlankURL), target->current_url()); |
| 385 EXPECT_EQ(url::kAboutScheme, target->current_url().scheme()); | 385 EXPECT_EQ(url::kAboutScheme, target->current_url().scheme()); |
| 386 EXPECT_FALSE(target->current_origin().unique()); | 386 EXPECT_FALSE(target->current_origin().opaque()); |
| 387 EXPECT_EQ("b.com", target->current_origin().host()); | 387 EXPECT_EQ("b.com", target->current_origin().host()); |
| 388 EXPECT_EQ(url::kHttpScheme, target->current_origin().scheme()); | 388 EXPECT_EQ(url::kHttpScheme, target->current_origin().scheme()); |
| 389 EXPECT_EQ(target->current_origin().Serialize(), about_blank_origin); | 389 EXPECT_EQ(target->current_origin().Serialize(), about_blank_origin); |
| 390 | 390 |
| 391 std::string document_body; | 391 std::string document_body; |
| 392 EXPECT_TRUE(ExecuteScriptAndExtractString( | 392 EXPECT_TRUE(ExecuteScriptAndExtractString( |
| 393 target, "domAutomationController.send(document.body.innerHTML);", | 393 target, "domAutomationController.send(document.body.innerHTML);", |
| 394 &document_body)); | 394 &document_body)); |
| 395 EXPECT_EQ("Hi from b.com", document_body); | 395 EXPECT_EQ("Hi from b.com", document_body); |
| 396 } | 396 } |
| (...skipping 29 matching lines...) Expand all Loading... |
| 426 " window.open('about:blank', 'target');" | 426 " window.open('about:blank', 'target');" |
| 427 " }" | 427 " }" |
| 428 " // May raise a SecurityError, that's expected.\n" | 428 " // May raise a SecurityError, that's expected.\n" |
| 429 " frames[0][0].document.write('Hi from ' + document.domain);" | 429 " frames[0][0].document.write('Hi from ' + document.domain);" |
| 430 " clearInterval(intervalID);" | 430 " clearInterval(intervalID);" |
| 431 " domAutomationController.send(frames[0][0].document.origin);" | 431 " domAutomationController.send(frames[0][0].document.origin);" |
| 432 "}, 16);", | 432 "}, 16);", |
| 433 &about_blank_origin)); | 433 &about_blank_origin)); |
| 434 EXPECT_EQ(GURL(url::kAboutBlankURL), target->current_url()); | 434 EXPECT_EQ(GURL(url::kAboutBlankURL), target->current_url()); |
| 435 EXPECT_EQ(url::kAboutScheme, target->current_url().scheme()); | 435 EXPECT_EQ(url::kAboutScheme, target->current_url().scheme()); |
| 436 EXPECT_FALSE(target->current_origin().unique()); | 436 EXPECT_FALSE(target->current_origin().opaque()); |
| 437 EXPECT_EQ("a.com", target->current_origin().host()); | 437 EXPECT_EQ("a.com", target->current_origin().host()); |
| 438 EXPECT_EQ(url::kHttpScheme, target->current_origin().scheme()); | 438 EXPECT_EQ(url::kHttpScheme, target->current_origin().scheme()); |
| 439 EXPECT_EQ(target->current_origin().Serialize(), about_blank_origin); | 439 EXPECT_EQ(target->current_origin().Serialize(), about_blank_origin); |
| 440 | 440 |
| 441 std::string document_body; | 441 std::string document_body; |
| 442 EXPECT_TRUE(ExecuteScriptAndExtractString( | 442 EXPECT_TRUE(ExecuteScriptAndExtractString( |
| 443 target, "domAutomationController.send(document.body.innerHTML);", | 443 target, "domAutomationController.send(document.body.innerHTML);", |
| 444 &document_body)); | 444 &document_body)); |
| 445 EXPECT_EQ("Hi from a.com", document_body); | 445 EXPECT_EQ("Hi from a.com", document_body); |
| 446 } | 446 } |
| (...skipping 77 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 524 EXPECT_EQ(blink::WebSandboxFlags::kAll, | 524 EXPECT_EQ(blink::WebSandboxFlags::kAll, |
| 525 root->child_at(0)->effective_sandbox_flags()); | 525 root->child_at(0)->effective_sandbox_flags()); |
| 526 EXPECT_EQ(blink::WebSandboxFlags::kAll & ~blink::WebSandboxFlags::kScripts & | 526 EXPECT_EQ(blink::WebSandboxFlags::kAll & ~blink::WebSandboxFlags::kScripts & |
| 527 ~blink::WebSandboxFlags::kAutomaticFeatures, | 527 ~blink::WebSandboxFlags::kAutomaticFeatures, |
| 528 root->child_at(1)->effective_sandbox_flags()); | 528 root->child_at(1)->effective_sandbox_flags()); |
| 529 EXPECT_EQ(blink::WebSandboxFlags::kAll & ~blink::WebSandboxFlags::kScripts & | 529 EXPECT_EQ(blink::WebSandboxFlags::kAll & ~blink::WebSandboxFlags::kScripts & |
| 530 ~blink::WebSandboxFlags::kAutomaticFeatures & | 530 ~blink::WebSandboxFlags::kAutomaticFeatures & |
| 531 ~blink::WebSandboxFlags::kOrigin, | 531 ~blink::WebSandboxFlags::kOrigin, |
| 532 root->child_at(2)->effective_sandbox_flags()); | 532 root->child_at(2)->effective_sandbox_flags()); |
| 533 | 533 |
| 534 // Sandboxed frames should set a unique origin unless they have the | 534 // Sandboxed frames should set a unique opaque origin unless they have the |
| 535 // "allow-same-origin" directive. | 535 // "allow-same-origin" directive. |
| 536 EXPECT_EQ("null", root->child_at(0)->current_origin().Serialize()); | 536 EXPECT_EQ("null", root->child_at(0)->current_origin().Serialize()); |
| 537 EXPECT_EQ("null", root->child_at(1)->current_origin().Serialize()); | 537 EXPECT_EQ("null", root->child_at(1)->current_origin().Serialize()); |
| 538 EXPECT_EQ(main_url.GetOrigin().spec(), | 538 EXPECT_EQ(main_url.GetOrigin().spec(), |
| 539 root->child_at(2)->current_origin().Serialize() + "/"); | 539 root->child_at(2)->current_origin().Serialize() + "/"); |
| 540 | 540 |
| 541 // Navigating to a different URL should not clear sandbox flags. | 541 // Navigating to a different URL should not clear sandbox flags. |
| 542 GURL frame_url(embedded_test_server()->GetURL("/title1.html")); | 542 GURL frame_url(embedded_test_server()->GetURL("/title1.html")); |
| 543 NavigateFrameToURL(root->child_at(0), frame_url); | 543 NavigateFrameToURL(root->child_at(0), frame_url); |
| 544 EXPECT_EQ(blink::WebSandboxFlags::kAll, | 544 EXPECT_EQ(blink::WebSandboxFlags::kAll, |
| (...skipping 133 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 678 EXPECT_EQ(root->child_at(0)->current_origin().Serialize() + '/', | 678 EXPECT_EQ(root->child_at(0)->current_origin().Serialize() + '/', |
| 679 cross_site_url.GetOrigin().spec()); | 679 cross_site_url.GetOrigin().spec()); |
| 680 | 680 |
| 681 // The root's origin shouldn't have changed. | 681 // The root's origin shouldn't have changed. |
| 682 EXPECT_EQ(root->current_origin().Serialize() + '/', | 682 EXPECT_EQ(root->current_origin().Serialize() + '/', |
| 683 main_url.GetOrigin().spec()); | 683 main_url.GetOrigin().spec()); |
| 684 | 684 |
| 685 GURL data_url("data:text/html,foo"); | 685 GURL data_url("data:text/html,foo"); |
| 686 NavigateFrameToURL(root->child_at(1), data_url); | 686 NavigateFrameToURL(root->child_at(1), data_url); |
| 687 | 687 |
| 688 // Navigating to a data URL should set a unique origin. This is represented | 688 // Navigating to a data URL should set a unique opaque origin. This is |
| 689 // as "null" per RFC 6454. | 689 // represented as "null" per RFC 6454. |
| 690 EXPECT_EQ(root->child_at(1)->current_origin().Serialize(), "null"); | 690 EXPECT_EQ(root->child_at(1)->current_origin().Serialize(), "null"); |
| 691 } | 691 } |
| 692 | 692 |
| 693 // FrameTreeBrowserTest variant where we isolate http://*.is, Iceland's top | 693 // FrameTreeBrowserTest variant where we isolate http://*.is, Iceland's top |
| 694 // level domain. This is an analogue to isolating extensions, which we can use | 694 // level domain. This is an analogue to isolating extensions, which we can use |
| 695 // inside content_browsertests, where extensions don't exist. Iceland, like an | 695 // inside content_browsertests, where extensions don't exist. Iceland, like an |
| 696 // extension process, is a special place with magical powers; we want to protect | 696 // extension process, is a special place with magical powers; we want to protect |
| 697 // it from outsiders. | 697 // it from outsiders. |
| 698 class IsolateIcelandFrameTreeBrowserTest : public ContentBrowserTest { | 698 class IsolateIcelandFrameTreeBrowserTest : public ContentBrowserTest { |
| 699 public: | 699 public: |
| (...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 745 // Make sure we did a process transfer back to "b.is". | 745 // Make sure we did a process transfer back to "b.is". |
| 746 EXPECT_EQ( | 746 EXPECT_EQ( |
| 747 " Site A ------------ proxies for B\n" | 747 " Site A ------------ proxies for B\n" |
| 748 " +--Site B ------- proxies for A\n" | 748 " +--Site B ------- proxies for A\n" |
| 749 "Where A = http://a.com/\n" | 749 "Where A = http://a.com/\n" |
| 750 " B = http://b.is/", | 750 " B = http://b.is/", |
| 751 FrameTreeVisualizer().DepictFrameTree(root)); | 751 FrameTreeVisualizer().DepictFrameTree(root)); |
| 752 } | 752 } |
| 753 | 753 |
| 754 } // namespace content | 754 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2716583003:
Rename Origin.unique() to opaque().
