| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <stddef.h> | 5 #include <stddef.h> |
| 6 #include <stdint.h> | 6 #include <stdint.h> |
| 7 | 7 |
| 8 #include <memory> | 8 #include <memory> |
| 9 #include <set> | 9 #include <set> |
| 10 | 10 |
| (...skipping 3254 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3265 // This navigation shouldn't be blocked. Blocking should only occur when more | 3265 // This navigation shouldn't be blocked. Blocking should only occur when more |
| 3266 // than one ancestor has the same URL (excluding fragments), and the | 3266 // than one ancestor has the same URL (excluding fragments), and the |
| 3267 // navigating frame's current URL shouldn't count toward that. | 3267 // navigating frame's current URL shouldn't count toward that. |
| 3268 EXPECT_TRUE( | 3268 EXPECT_TRUE( |
| 3269 ExecuteScript(child, "location.href = '" + first_url.spec() + "';")); | 3269 ExecuteScript(child, "location.href = '" + first_url.spec() + "';")); |
| 3270 observer2.Wait(); | 3270 observer2.Wait(); |
| 3271 | 3271 |
| 3272 EXPECT_EQ(child->current_url(), first_url); | 3272 EXPECT_EQ(child->current_url(), first_url); |
| 3273 } | 3273 } |
| 3274 | 3274 |
| 3275 // Ensures that POST requests bypass self-referential URL checks. See |
| 3276 // https://crbug.com/710008. |
| 3277 IN_PROC_BROWSER_TEST_F(RenderFrameHostManagerTest, |
| 3278 SelfReferencingFramesWithPOST) { |
| 3279 StartEmbeddedServer(); |
| 3280 GURL url(embedded_test_server()->GetURL("a.com", "/page_with_iframe.html")); |
| 3281 EXPECT_TRUE(NavigateToURL(shell(), url)); |
| 3282 |
| 3283 WebContentsImpl* web_contents = |
| 3284 static_cast<WebContentsImpl*>(shell()->web_contents()); |
| 3285 |
| 3286 FrameTreeNode* root = web_contents->GetFrameTree()->root(); |
| 3287 FrameTreeNode* child = root->child_at(0); |
| 3288 |
| 3289 GURL child_url(embedded_test_server()->GetURL("a.com", "/title1.html")); |
| 3290 EXPECT_EQ(url, root->current_url()); |
| 3291 EXPECT_EQ(child_url, child->current_url()); |
| 3292 |
| 3293 // Navigate the child frame to the same URL as parent via POST. |
| 3294 std::string script = |
| 3295 "var f = document.createElement('form');\n" |
| 3296 "f.method = 'POST';\n" |
| 3297 "f.action = '/page_with_iframe.html';\n" |
| 3298 "document.body.appendChild(f);\n" |
| 3299 "f.submit();"; |
| 3300 { |
| 3301 TestFrameNavigationObserver observer(child); |
| 3302 EXPECT_TRUE(ExecuteScript(child, script)); |
| 3303 observer.Wait(); |
| 3304 } |
| 3305 |
| 3306 FrameTreeNode* grandchild = child->child_at(0); |
| 3307 EXPECT_EQ(url, child->current_url()); |
| 3308 EXPECT_EQ(child_url, grandchild->current_url()); |
| 3309 |
| 3310 // Now navigate the grandchild to the same URL as its two ancestors. This |
| 3311 // should be allowed since it uses POST; it was blocked prior to |
| 3312 // fixing https://crbug.com/710008. |
| 3313 { |
| 3314 TestFrameNavigationObserver observer(grandchild); |
| 3315 EXPECT_TRUE(ExecuteScript(grandchild, script)); |
| 3316 observer.Wait(); |
| 3317 } |
| 3318 |
| 3319 EXPECT_EQ(url, grandchild->current_url()); |
| 3320 ASSERT_EQ(1U, grandchild->child_count()); |
| 3321 EXPECT_EQ(child_url, grandchild->child_at(0)->current_url()); |
| 3322 } |
| 3323 |
| 3275 } // namespace content | 3324 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2815423003:
Skip self-referential frame checks for POST requests (Merge to M58). (Closed)
