Implement CanRequest in BaseFetchContext

third_party/WebKit/Source/core/loader/BaseFetchContextTest.cpp

Index: third_party/WebKit/Source/core/loader/BaseFetchContextTest.cpp
diff --git a/third_party/WebKit/Source/core/loader/BaseFetchContextTest.cpp b/third_party/WebKit/Source/core/loader/BaseFetchContextTest.cpp
index 93b79ae7be940db3ea0fab6b8e2d8f99808d696c..249d00b651f6c6d1491c0241164f7e7817e858d9 100644
--- a/third_party/WebKit/Source/core/loader/BaseFetchContextTest.cpp
+++ b/third_party/WebKit/Source/core/loader/BaseFetchContextTest.cpp
@@ -30,18 +30,52 @@
 
 #include "core/loader/BaseFetchContext.h"
 
-#include "core/testing/NullExecutionContext.h"
+#include "core/dom/Document.h"
 #include "platform/RuntimeEnabledFeatures.h"
 #include "testing/gmock/include/gmock/gmock.h"
 #include "testing/gtest/include/gtest/gtest.h"
 
 namespace blink {
 
+class MockBaseFetchContext final : public BaseFetchContext {
+ public:
+  explicit MockBaseFetchContext(ExecutionContext* execution_context)
+      : BaseFetchContext(execution_context) {}
+  ~MockBaseFetchContext() override {}
+
+  // BaseFetchContext overrides:
+  ContentSettingsClient* GetContentSettingsClient() const override {
+    return nullptr;
+  }
+  Settings* GetSettings() const override { return nullptr; }
+  SubresourceFilter* GetSubresourceFilter() const override { return nullptr; }
+  SecurityContext* GetMainResourceSecurityContext() const override {
+    return nullptr;
+  }
+  bool ShouldBlockRequestByInspector(const ResourceRequest&) const override {
+    return false;
+  }
+  void DispatchDidBlockRequest(const ResourceRequest&,
+                               const FetchInitiatorInfo&,
+                               ResourceRequestBlockedReason) const override {}
+  void ReportLocalLoadFailed(const KURL&) const override {}
+  bool ShouldBypassMainWorldCSP() const override { return false; }
+  bool IsSVGImageChromeClient() const override { return false; }
+  void CountUsage(UseCounter::Feature) const override {}
+  void CountDeprecation(UseCounter::Feature) const override {}
+  bool ShouldBlockFetchByMixedContentCheck(
+      const ResourceRequest&,
+      const KURL&,
+      SecurityViolationReportingPolicy) const override {
+    return false;
+  }
+};
+
 class BaseFetchContextTest : public ::testing::Test {
  protected:
   void SetUp() override {
-    execution_context_ = new NullExecutionContext();
-    fetch_context_ = new BaseFetchContext(execution_context_);
+    execution_context_ = Document::Create();

[Nate Chapin, 2017/04/21 18:33:07]

Why is this change necessary?

[kinuko, 2017/04/24 06:05:27]

NullExecutionContext doesn't have ContentSecurityPolicy. I've reverted this line
but instead added some support code to test CSP with NullExecutionContext.

+    fetch_context_ = new MockBaseFetchContext(execution_context_);
   }
 
   Persistent<ExecutionContext> execution_context_;
@@ -183,4 +217,46 @@ TEST_F(BaseFetchContextTest, SetIsExternalRequestForLocalContext) {
   }
 }
 
+// Tests that CanFollowRedirect() checks both report-only and enforced CSP
+// headers.
+TEST_F(BaseFetchContextTest, RedirectChecksReportedAndEnforcedCSP) {
+  ContentSecurityPolicy* policy =
+      execution_context_->GetContentSecurityPolicy();
+  policy->DidReceiveHeader("script-src https://foo.test",
+                           kContentSecurityPolicyHeaderTypeEnforce,
+                           kContentSecurityPolicyHeaderSourceHTTP);
+  policy->DidReceiveHeader("script-src https://bar.test",
+                           kContentSecurityPolicyHeaderTypeReport,
+                           kContentSecurityPolicyHeaderSourceHTTP);
+  KURL url(KURL(), "http://baz.test");
+  ResourceRequest resource_request(url);
+  resource_request.SetRequestContext(WebURLRequest::kRequestContextScript);
+  EXPECT_EQ(
+      ResourceRequestBlockedReason::CSP,
+      fetch_context_->CanFollowRedirect(
+          Resource::kScript, resource_request, url, ResourceLoaderOptions(),
+          SecurityViolationReportingPolicy::kReport,
+          FetchParameters::kUseDefaultOriginRestrictionForType));
+  EXPECT_EQ(2u, policy->violation_reports_sent_.size());
+}
+
+// Tests that AllowResponse() checks both report-only and enforced CSP headers.
+TEST_F(BaseFetchContextTest, AllowResponseChecksReportedAndEnforcedCSP) {
+  ContentSecurityPolicy* policy =
+      execution_context_->GetContentSecurityPolicy();
+  policy->DidReceiveHeader("script-src https://foo.test",
+                           kContentSecurityPolicyHeaderTypeEnforce,
+                           kContentSecurityPolicyHeaderSourceHTTP);
+  policy->DidReceiveHeader("script-src https://bar.test",
+                           kContentSecurityPolicyHeaderTypeReport,
+                           kContentSecurityPolicyHeaderSourceHTTP);
+  KURL url(KURL(), "http://baz.test");
+  ResourceRequest resource_request(url);
+  resource_request.SetRequestContext(WebURLRequest::kRequestContextScript);
+  EXPECT_EQ(ResourceRequestBlockedReason::CSP,
+            fetch_context_->AllowResponse(Resource::kScript, resource_request,
+                                          url, ResourceLoaderOptions()));
+  EXPECT_EQ(2u, policy->violation_reports_sent_.size());
+}
+
 }  // namespace blink