OLD | NEW |
1 // Copyright 2017 The Chromium Authors. All rights reserved. | 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/common/content_security_policy/csp_context.h" | 5 #include "content/common/content_security_policy/csp_context.h" |
6 #include "content/common/content_security_policy_header.h" | 6 #include "content/common/content_security_policy_header.h" |
7 #include "testing/gtest/include/gtest/gtest.h" | 7 #include "testing/gtest/include/gtest/gtest.h" |
8 | 8 |
9 namespace content { | 9 namespace content { |
10 | 10 |
(...skipping 17 matching lines...) Expand all Loading... |
28 console_message_ = message; | 28 console_message_ = message; |
29 } | 29 } |
30 std::string console_message_; | 30 std::string console_message_; |
31 std::vector<std::string> scheme_to_bypass_; | 31 std::vector<std::string> scheme_to_bypass_; |
32 }; | 32 }; |
33 | 33 |
34 // Build a new policy made of only one directive and no report endpoints. | 34 // Build a new policy made of only one directive and no report endpoints. |
35 ContentSecurityPolicy BuildPolicy(CSPDirective::Name directive_name, | 35 ContentSecurityPolicy BuildPolicy(CSPDirective::Name directive_name, |
36 std::vector<CSPSource> sources) { | 36 std::vector<CSPSource> sources) { |
37 return ContentSecurityPolicy( | 37 return ContentSecurityPolicy( |
38 blink::WebContentSecurityPolicyTypeEnforce, | 38 ContentSecurityPolicyHeader(std::string(), // header |
39 blink::WebContentSecurityPolicySourceHTTP, | 39 blink::WebContentSecurityPolicyTypeEnforce, |
| 40 blink::WebContentSecurityPolicySourceHTTP), |
40 {CSPDirective(directive_name, CSPSourceList(false, false, sources))}, | 41 {CSPDirective(directive_name, CSPSourceList(false, false, sources))}, |
41 std::vector<std::string>(), // report_end_points | 42 std::vector<std::string>()); // report_end_points |
42 std::string()); // header | |
43 } | 43 } |
44 | 44 |
45 } // namespace; | 45 } // namespace; |
46 | 46 |
47 TEST(CSPContextTest, SchemeShouldBypassCSP) { | 47 TEST(CSPContextTest, SchemeShouldBypassCSP) { |
48 CSPSource source("", "example.com", false, url::PORT_UNSPECIFIED, false, ""); | 48 CSPSource source("", "example.com", false, url::PORT_UNSPECIFIED, false, ""); |
49 CSPContextTest context; | 49 CSPContextTest context; |
50 context.AddContentSecurityPolicy( | 50 context.AddContentSecurityPolicy( |
51 BuildPolicy(CSPDirective::DefaultSrc, {source})); | 51 BuildPolicy(CSPDirective::DefaultSrc, {source})); |
52 | 52 |
(...skipping 23 matching lines...) Expand all Loading... |
76 context.IsAllowedByCsp(CSPDirective::FrameSrc, GURL("http://a.com"))); | 76 context.IsAllowedByCsp(CSPDirective::FrameSrc, GURL("http://a.com"))); |
77 EXPECT_FALSE( | 77 EXPECT_FALSE( |
78 context.IsAllowedByCsp(CSPDirective::FrameSrc, GURL("http://b.com"))); | 78 context.IsAllowedByCsp(CSPDirective::FrameSrc, GURL("http://b.com"))); |
79 EXPECT_FALSE( | 79 EXPECT_FALSE( |
80 context.IsAllowedByCsp(CSPDirective::FrameSrc, GURL("http://c.com"))); | 80 context.IsAllowedByCsp(CSPDirective::FrameSrc, GURL("http://c.com"))); |
81 EXPECT_FALSE( | 81 EXPECT_FALSE( |
82 context.IsAllowedByCsp(CSPDirective::FrameSrc, GURL("http://d.com"))); | 82 context.IsAllowedByCsp(CSPDirective::FrameSrc, GURL("http://d.com"))); |
83 } | 83 } |
84 | 84 |
85 } // namespace content | 85 } // namespace content |
OLD | NEW |