| Index: third_party/WebKit/Source/core/loader/BaseFetchContextTest.cpp
|
| diff --git a/third_party/WebKit/Source/core/loader/BaseFetchContextTest.cpp b/third_party/WebKit/Source/core/loader/BaseFetchContextTest.cpp
|
| index 93b79ae7be940db3ea0fab6b8e2d8f99808d696c..2e2411ceeecb006602f8ccdbb0e4816865cf7ae0 100644
|
| --- a/third_party/WebKit/Source/core/loader/BaseFetchContextTest.cpp
|
| +++ b/third_party/WebKit/Source/core/loader/BaseFetchContextTest.cpp
|
| @@ -37,11 +37,47 @@
|
|
|
| namespace blink {
|
|
|
| +class MockBaseFetchContext final : public BaseFetchContext {
|
| + public:
|
| + explicit MockBaseFetchContext(ExecutionContext* execution_context)
|
| + : BaseFetchContext(execution_context) {}
|
| + ~MockBaseFetchContext() override {}
|
| +
|
| + // BaseFetchContext overrides:
|
| + ContentSettingsClient* GetContentSettingsClient() const override {
|
| + return nullptr;
|
| + }
|
| + Settings* GetSettings() const override { return nullptr; }
|
| + SubresourceFilter* GetSubresourceFilter() const override { return nullptr; }
|
| + SecurityContext* GetMainResourceSecurityContext() const override {
|
| + return nullptr;
|
| + }
|
| + bool ShouldBlockRequestByInspector(const ResourceRequest&) const override {
|
| + return false;
|
| + }
|
| + void DispatchDidBlockRequest(const ResourceRequest&,
|
| + const FetchInitiatorInfo&,
|
| + ResourceRequestBlockedReason) const override {}
|
| + void ReportLocalLoadFailed(const KURL&) const override {}
|
| + bool ShouldBypassMainWorldCSP() const override { return false; }
|
| + bool IsSVGImageChromeClient() const override { return false; }
|
| + void CountUsage(UseCounter::Feature) const override {}
|
| + void CountDeprecation(UseCounter::Feature) const override {}
|
| + bool ShouldBlockFetchByMixedContentCheck(
|
| + const ResourceRequest&,
|
| + const KURL&,
|
| + SecurityViolationReportingPolicy) const override {
|
| + return false;
|
| + }
|
| +};
|
| +
|
| class BaseFetchContextTest : public ::testing::Test {
|
| protected:
|
| void SetUp() override {
|
| execution_context_ = new NullExecutionContext();
|
| - fetch_context_ = new BaseFetchContext(execution_context_);
|
| + static_cast<NullExecutionContext*>(execution_context_.Get())
|
| + ->SetUpSecurityContext();
|
| + fetch_context_ = new MockBaseFetchContext(execution_context_);
|
| }
|
|
|
| Persistent<ExecutionContext> execution_context_;
|
| @@ -183,4 +219,46 @@ TEST_F(BaseFetchContextTest, SetIsExternalRequestForLocalContext) {
|
| }
|
| }
|
|
|
| +// Tests that CanFollowRedirect() checks both report-only and enforced CSP
|
| +// headers.
|
| +TEST_F(BaseFetchContextTest, RedirectChecksReportedAndEnforcedCSP) {
|
| + ContentSecurityPolicy* policy =
|
| + execution_context_->GetContentSecurityPolicy();
|
| + policy->DidReceiveHeader("script-src https://foo.test",
|
| + kContentSecurityPolicyHeaderTypeEnforce,
|
| + kContentSecurityPolicyHeaderSourceHTTP);
|
| + policy->DidReceiveHeader("script-src https://bar.test",
|
| + kContentSecurityPolicyHeaderTypeReport,
|
| + kContentSecurityPolicyHeaderSourceHTTP);
|
| + KURL url(KURL(), "http://baz.test");
|
| + ResourceRequest resource_request(url);
|
| + resource_request.SetRequestContext(WebURLRequest::kRequestContextScript);
|
| + EXPECT_EQ(
|
| + ResourceRequestBlockedReason::CSP,
|
| + fetch_context_->CanFollowRedirect(
|
| + Resource::kScript, resource_request, url, ResourceLoaderOptions(),
|
| + SecurityViolationReportingPolicy::kReport,
|
| + FetchParameters::kUseDefaultOriginRestrictionForType));
|
| + EXPECT_EQ(2u, policy->violation_reports_sent_.size());
|
| +}
|
| +
|
| +// Tests that AllowResponse() checks both report-only and enforced CSP headers.
|
| +TEST_F(BaseFetchContextTest, AllowResponseChecksReportedAndEnforcedCSP) {
|
| + ContentSecurityPolicy* policy =
|
| + execution_context_->GetContentSecurityPolicy();
|
| + policy->DidReceiveHeader("script-src https://foo.test",
|
| + kContentSecurityPolicyHeaderTypeEnforce,
|
| + kContentSecurityPolicyHeaderSourceHTTP);
|
| + policy->DidReceiveHeader("script-src https://bar.test",
|
| + kContentSecurityPolicyHeaderTypeReport,
|
| + kContentSecurityPolicyHeaderSourceHTTP);
|
| + KURL url(KURL(), "http://baz.test");
|
| + ResourceRequest resource_request(url);
|
| + resource_request.SetRequestContext(WebURLRequest::kRequestContextScript);
|
| + EXPECT_EQ(ResourceRequestBlockedReason::CSP,
|
| + fetch_context_->AllowResponse(Resource::kScript, resource_request,
|
| + url, ResourceLoaderOptions()));
|
| + EXPECT_EQ(2u, policy->violation_reports_sent_.size());
|
| +}
|
| +
|
| } // namespace blink
|
|
|
Chromium Code Reviews
Issue 2823213002:
Implement CanRequest in BaseFetchContext (Closed)
