Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(213)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/common/content_security_policy/csp_context_unittest.cc

Issue 2756913002: Revert of PlzNavigate: Enforce 'frame-src' CSP on the browser. (Closed)
Patch Set: Created 3 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/common/content_security_policy/csp_context.cc ('k') | content/common/content_security_policy/csp_disposition_enum.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2017 The Chromium Authors. All rights reserved. 1 // Copyright 2017 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/common/content_security_policy/csp_context.h" 5 #include "content/common/content_security_policy/csp_context.h"
6 #include "content/common/content_security_policy_header.h" 6 #include "content/common/content_security_policy_header.h"
7 #include "testing/gtest/include/gtest/gtest.h" 7 #include "testing/gtest/include/gtest/gtest.h"
8 8
9 namespace content { 9 namespace content {
10 10
(...skipping 27 matching lines...) Expand all
38 blink::WebContentSecurityPolicyTypeEnforce, 38 blink::WebContentSecurityPolicyTypeEnforce,
39 blink::WebContentSecurityPolicySourceHTTP, 39 blink::WebContentSecurityPolicySourceHTTP,
40 {CSPDirective(directive_name, CSPSourceList(false, false, sources))}, 40 {CSPDirective(directive_name, CSPSourceList(false, false, sources))},
41 std::vector<std::string>(), // report_end_points 41 std::vector<std::string>(), // report_end_points
42 std::string()); // header 42 std::string()); // header
43 } 43 }
44 44
45 } // namespace; 45 } // namespace;
46 46
47 TEST(CSPContextTest, SchemeShouldBypassCSP) { 47 TEST(CSPContextTest, SchemeShouldBypassCSP) {
48 CSPContextTest context;
48 CSPSource source("", "example.com", false, url::PORT_UNSPECIFIED, false, ""); 49 CSPSource source("", "example.com", false, url::PORT_UNSPECIFIED, false, "");
49 CSPContextTest context; 50 ContentSecurityPolicy policy =
50 context.AddContentSecurityPolicy( 51 BuildPolicy(CSPDirective::DefaultSrc, {source});
51 BuildPolicy(CSPDirective::DefaultSrc, {source})); 52 EXPECT_FALSE(context.Allow({policy}, CSPDirective::FrameSrc,
52 53 GURL("data:text/html,<html></html>")));
53 EXPECT_FALSE(context.IsAllowedByCsp(CSPDirective::FrameSrc,
54 GURL("data:text/html,<html></html>")));
55
56 context.AddSchemeToBypassCSP("data"); 54 context.AddSchemeToBypassCSP("data");
57 55 EXPECT_TRUE(context.Allow({policy}, CSPDirective::FrameSrc,
58 EXPECT_TRUE(context.IsAllowedByCsp(CSPDirective::FrameSrc, 56 GURL("data:text/html,<html></html>")));
59 GURL("data:text/html,<html></html>")));
60 } 57 }
61 58
62 TEST(CSPContextTest, MultiplePolicies) { 59 TEST(CSPContextTest, MultiplePolicies) {
63 CSPContextTest context; 60 CSPContextTest context;
64 context.SetSelf(url::Origin(GURL("http://example.com"))); 61 context.SetSelf(url::Origin(GURL("http://example.com")));
65 62
66 CSPSource source_a("", "a.com", false, url::PORT_UNSPECIFIED, false, ""); 63 CSPSource source_a("", "a.com", false, url::PORT_UNSPECIFIED, false, "");
67 CSPSource source_b("", "b.com", false, url::PORT_UNSPECIFIED, false, ""); 64 CSPSource source_b("", "b.com", false, url::PORT_UNSPECIFIED, false, "");
68 CSPSource source_c("", "c.com", false, url::PORT_UNSPECIFIED, false, ""); 65 CSPSource source_c("", "c.com", false, url::PORT_UNSPECIFIED, false, "");
69 66
70 context.AddContentSecurityPolicy( 67 ContentSecurityPolicy policy1 =
71 BuildPolicy(CSPDirective::FrameSrc, {source_a, source_b})); 68 BuildPolicy(CSPDirective::FrameSrc, {source_a, source_b});
72 context.AddContentSecurityPolicy( 69 ContentSecurityPolicy policy2 =
73 BuildPolicy(CSPDirective::FrameSrc, {source_a, source_c})); 70 BuildPolicy(CSPDirective::FrameSrc, {source_a, source_c});
71
72 std::vector<ContentSecurityPolicy> policies = {policy1, policy2};
74 73
75 EXPECT_TRUE( 74 EXPECT_TRUE(
76 context.IsAllowedByCsp(CSPDirective::FrameSrc, GURL("http://a.com"))); 75 context.Allow(policies, CSPDirective::FrameSrc, GURL("http://a.com")));
77 EXPECT_FALSE( 76 EXPECT_FALSE(
78 context.IsAllowedByCsp(CSPDirective::FrameSrc, GURL("http://b.com"))); 77 context.Allow(policies, CSPDirective::FrameSrc, GURL("http://b.com")));
79 EXPECT_FALSE( 78 EXPECT_FALSE(
80 context.IsAllowedByCsp(CSPDirective::FrameSrc, GURL("http://c.com"))); 79 context.Allow(policies, CSPDirective::FrameSrc, GURL("http://c.com")));
81 EXPECT_FALSE( 80 EXPECT_FALSE(
82 context.IsAllowedByCsp(CSPDirective::FrameSrc, GURL("http://d.com"))); 81 context.Allow(policies, CSPDirective::FrameSrc, GURL("http://d.com")));
83 } 82 }
84 83
85 } // namespace content 84 } // namespace content
OLDNEW
« no previous file with comments | « content/common/content_security_policy/csp_context.cc ('k') | content/common/content_security_policy/csp_disposition_enum.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698