third_party/WebKit/Source/core/loader/BaseFetchContextTest.cpp - Issue 2823213002: Implement CanRequest in BaseFetchContext

Side by Side Diff: third_party/WebKit/Source/core/loader/BaseFetchContextTest.cpp

Issue 2823213002: Implement CanRequest in BaseFetchContext (Closed)

Patch Set: rebase, tests Created 3 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

« third_party/WebKit/Source/core/loader/BaseFetchContext.cpp ('K') | « third_party/WebKit/Source/core/loader/BaseFetchContext.cpp ('k') | third_party/WebKit/Source/core/loader/FrameFetchContext.h » ('j') | third_party/WebKit/Source/core/loader/SubresourceFilter.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

OLD	NEW
1 /*	1 /*

2 * Copyright (c) 2015, Google Inc. All rights reserved.	2 * Copyright (c) 2015, Google Inc. All rights reserved.

3 *	3 *

4 * Redistribution and use in source and binary forms, with or without	4 * Redistribution and use in source and binary forms, with or without

5 * modification, are permitted provided that the following conditions are	5 * modification, are permitted provided that the following conditions are

6 * met:	6 * met:

7 *	7 *

8 * * Redistributions of source code must retain the above copyright	8 * * Redistributions of source code must retain the above copyright

9 * notice, this list of conditions and the following disclaimer.	9 * notice, this list of conditions and the following disclaimer.

10 * * Redistributions in binary form must reproduce the above	10 * * Redistributions in binary form must reproduce the above

(...skipping 12 matching lines...) Expand all Loading...
23 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT	23 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT

24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,	24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,

25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY	25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY

26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT	26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT

27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE	27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE

28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

29 */	29 */

30	30

31 #include "core/loader/BaseFetchContext.h"	31 #include "core/loader/BaseFetchContext.h"

32	32

33 #include "core/testing/NullExecutionContext.h"	33 #include "core/dom/Document.h"

34 #include "platform/RuntimeEnabledFeatures.h"	34 #include "platform/RuntimeEnabledFeatures.h"

35 #include "testing/gmock/include/gmock/gmock.h"	35 #include "testing/gmock/include/gmock/gmock.h"

36 #include "testing/gtest/include/gtest/gtest.h"	36 #include "testing/gtest/include/gtest/gtest.h"

37	37

38 namespace blink {	38 namespace blink {

39	39

	40 class MockBaseFetchContext final : public BaseFetchContext {

	41 public:

	42 explicit MockBaseFetchContext(ExecutionContext* execution_context)

	43 : BaseFetchContext(execution_context) {}

	44 ~MockBaseFetchContext() override {}

	45

	46 // BaseFetchContext overrides:

	47 ContentSettingsClient* GetContentSettingsClient() const override {

	48 return nullptr;

	49 }

	50 Settings* GetSettings() const override { return nullptr; }

	51 SubresourceFilter* GetSubresourceFilter() const override { return nullptr; }

	52 SecurityContext* GetMainResourceSecurityContext() const override {

	53 return nullptr;

	54 }

	55 bool ShouldBlockRequestByInspector(const ResourceRequest&) const override {

	56 return false;

	57 }

	58 void DispatchDidBlockRequest(const ResourceRequest&,

	59 const FetchInitiatorInfo&,

	60 ResourceRequestBlockedReason) const override {}

	61 void ReportLocalLoadFailed(const KURL&) const override {}

	62 bool ShouldBypassMainWorldCSP() const override { return false; }

	63 bool IsSVGImageChromeClient() const override { return false; }

	64 void CountUsage(UseCounter::Feature) const override {}

	65 void CountDeprecation(UseCounter::Feature) const override {}

	66 bool ShouldBlockFetchByMixedContentCheck(

	67 const ResourceRequest&,

	68 const KURL&,

	69 SecurityViolationReportingPolicy) const override {

	70 return false;

	71 }

	72 };

	73

40 class BaseFetchContextTest : public ::testing::Test {	74 class BaseFetchContextTest : public ::testing::Test {

41 protected:	75 protected:

42 void SetUp() override {	76 void SetUp() override {

43 execution_context_ = new NullExecutionContext();	77 execution_context_ = Document::Create();
	Nate Chapin 2017/04/21 18:33:07 Why is this change necessary? Why is this change necessary? kinuko 2017/04/24 06:05:27 NullExecutionContext doesn't have ContentSecurityP Show quoted text On 2017/04/21 18:33:07, Nate Chapin wrote: > Why is this change necessary? NullExecutionContext doesn't have ContentSecurityPolicy. I've reverted this line but instead added some support code to test CSP with NullExecutionContext.
44 fetch_context_ = new BaseFetchContext(execution_context_);	78 fetch_context_ = new MockBaseFetchContext(execution_context_);

45 }	79 }

46	80

47 Persistent<ExecutionContext> execution_context_;	81 Persistent<ExecutionContext> execution_context_;

48 Persistent<BaseFetchContext> fetch_context_;	82 Persistent<BaseFetchContext> fetch_context_;

49 };	83 };

50	84

51 TEST_F(BaseFetchContextTest, SetIsExternalRequestForPublicContext) {	85 TEST_F(BaseFetchContextTest, SetIsExternalRequestForPublicContext) {

52 EXPECT_EQ(kWebAddressSpacePublic,	86 EXPECT_EQ(kWebAddressSpacePublic,

53 execution_context_->GetSecurityContext().AddressSpace());	87 execution_context_->GetSecurityContext().AddressSpace());

54	88

(...skipping 121 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
176 fetch_context_->AddAdditionalRequestHeaders(main_request,	210 fetch_context_->AddAdditionalRequestHeaders(main_request,

177 kFetchMainResource);	211 kFetchMainResource);

178 EXPECT_EQ(test.is_external_expectation, main_request.IsExternalRequest());	212 EXPECT_EQ(test.is_external_expectation, main_request.IsExternalRequest());

179	213

180 ResourceRequest sub_request(test.url);	214 ResourceRequest sub_request(test.url);

181 fetch_context_->AddAdditionalRequestHeaders(sub_request, kFetchSubresource);	215 fetch_context_->AddAdditionalRequestHeaders(sub_request, kFetchSubresource);

182 EXPECT_EQ(test.is_external_expectation, sub_request.IsExternalRequest());	216 EXPECT_EQ(test.is_external_expectation, sub_request.IsExternalRequest());

183 }	217 }

184 }	218 }

185	219

	220 // Tests that CanFollowRedirect() checks both report-only and enforced CSP

	221 // headers.

	222 TEST_F(BaseFetchContextTest, RedirectChecksReportedAndEnforcedCSP) {

	223 ContentSecurityPolicy* policy =

	224 execution_context_->GetContentSecurityPolicy();

	225 policy->DidReceiveHeader("script-src https://foo.test",

	226 kContentSecurityPolicyHeaderTypeEnforce,

	227 kContentSecurityPolicyHeaderSourceHTTP);

	228 policy->DidReceiveHeader("script-src https://bar.test",

	229 kContentSecurityPolicyHeaderTypeReport,

	230 kContentSecurityPolicyHeaderSourceHTTP);

	231 KURL url(KURL(), "http://baz.test");

	232 ResourceRequest resource_request(url);

	233 resource_request.SetRequestContext(WebURLRequest::kRequestContextScript);

	234 EXPECT_EQ(

	235 ResourceRequestBlockedReason::CSP,

	236 fetch_context_->CanFollowRedirect(

	237 Resource::kScript, resource_request, url, ResourceLoaderOptions(),

	238 SecurityViolationReportingPolicy::kReport,

	239 FetchParameters::kUseDefaultOriginRestrictionForType));

	240 EXPECT_EQ(2u, policy->violation_reports_sent_.size());

	241 }

	242

	243 // Tests that AllowResponse() checks both report-only and enforced CSP headers.

	244 TEST_F(BaseFetchContextTest, AllowResponseChecksReportedAndEnforcedCSP) {

	245 ContentSecurityPolicy* policy =

	246 execution_context_->GetContentSecurityPolicy();

	247 policy->DidReceiveHeader("script-src https://foo.test",

	248 kContentSecurityPolicyHeaderTypeEnforce,

	249 kContentSecurityPolicyHeaderSourceHTTP);

	250 policy->DidReceiveHeader("script-src https://bar.test",

	251 kContentSecurityPolicyHeaderTypeReport,

	252 kContentSecurityPolicyHeaderSourceHTTP);

	253 KURL url(KURL(), "http://baz.test");

	254 ResourceRequest resource_request(url);

	255 resource_request.SetRequestContext(WebURLRequest::kRequestContextScript);

	256 EXPECT_EQ(ResourceRequestBlockedReason::CSP,

	257 fetch_context_->AllowResponse(Resource::kScript, resource_request,

	258 url, ResourceLoaderOptions()));

	259 EXPECT_EQ(2u, policy->violation_reports_sent_.size());

	260 }

	261

186 } // namespace blink	262 } // namespace blink

OLD	NEW