Chromium Code Reviews
|
|
Chromium Code Reviews
Issue
2876653003:
Integration test for protecting clients*.google.com (Closed)
DescriptionIntegration test for protecting clients*.google.com
BUG=715184
Review-Url: https://codereview.chromium.org/2876653003
Cr-Commit-Position: refs/heads/master@{#472141}
Committed: https://chromium.googlesource.com/chromium/src/+/d6a0a2e456e9f9e938d72c80a681ea701bdec8ec
Patch Set 1 #
Total comments: 15
Patch Set 2 : Addressed commend and compilation issue #Patch Set 3 : Fix copyright year #Patch Set 4 : Merge with ToT to resolve merge conflict #
Messages
Total messages: 44 (28 generated)
The CQ bit was checked by battre@chromium.org to run a CQ dry run
Description was changed from ========== Integration test for protecting clients*.google.com BUG=715184 ========== to ========== Integration test for protecting clients*.google.com BUG=715184 ==========
battre@chromium.org changed reviewers: + mmenke@chromium.org, rdevlin.cronin@chromium.org
Dry run: CQ is trying da patch. Follow status at: https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
Here is the requested integration test. Thanks a lot for reviewing! Best regards, Dominic
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: win_chromium_compile_dbg_ng on master.tryserver.chromium.win (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_comp...)
https://codereview.chromium.org/2876653003/diff/1/chrome/browser/extensions/a... File chrome/browser/extensions/api/web_request/web_request_apitest.cc (right): https://codereview.chromium.org/2876653003/diff/1/chrome/browser/extensions/a... chrome/browser/extensions/api/web_request/web_request_apitest.cc:717: EXPECT_FALSE(success); If the requests are failing due to CORS, does that mean we're actually observing CORS requests, not the actual network requests? If so, do we even send CORS requests for chrome URLs? If not, I'm very confused.
The CQ bit was checked by mmenke@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at: https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: win_chromium_x64_rel_ng on master.tryserver.chromium.win (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_x64_...)
https://codereview.chromium.org/2876653003/diff/1/chrome/browser/extensions/a... File chrome/browser/extensions/api/web_request/web_request_apitest.cc (right): https://codereview.chromium.org/2876653003/diff/1/chrome/browser/extensions/a... chrome/browser/extensions/api/web_request/web_request_apitest.cc:679: int expected_requests_observed = 0; Maybe check the initial value, just for completeness? https://codereview.chromium.org/2876653003/diff/1/chrome/browser/extensions/a... chrome/browser/extensions/api/web_request/web_request_apitest.cc:704: ASSERT_TRUE(runner); Used? https://codereview.chromium.org/2876653003/diff/1/chrome/browser/extensions/a... chrome/browser/extensions/api/web_request/web_request_apitest.cc:717: EXPECT_FALSE(success); On 2017/05/11 18:39:45, mmenke wrote: > If the requests are failing due to CORS, does that mean we're actually observing > CORS requests, not the actual network requests? If so, do we even send CORS > requests for chrome URLs? If not, I'm very confused. We actually notify the extension *before* the request is sent, so I think this is okay. But it might be worth a comment. https://codereview.chromium.org/2876653003/diff/1/chrome/browser/extensions/a... chrome/browser/extensions/api/web_request/web_request_apitest.cc:728: class TestURLFetcherDelegate : public net::URLFetcherDelegate { I don't know if we have a specific rule about classes with logic being defined inline, but it's rare enough in our codebase (i.e., I've never seen it) that I think it breaks the "match surrounding code style" rule. Can we define this outside the test? https://codereview.chromium.org/2876653003/diff/1/chrome/test/data/extensions... File chrome/test/data/extensions/api_test/webrequest_clients_google_com/background.js (right): https://codereview.chromium.org/2876653003/diff/1/chrome/test/data/extensions... chrome/test/data/extensions/api_test/webrequest_clients_google_com/background.js:1: // Copyright 2016 The Chromium Authors. All rights reserved. not 2016 :)
https://codereview.chromium.org/2876653003/diff/1/chrome/browser/extensions/a... File chrome/browser/extensions/api/web_request/web_request_apitest.cc (right): https://codereview.chromium.org/2876653003/diff/1/chrome/browser/extensions/a... chrome/browser/extensions/api/web_request/web_request_apitest.cc:717: EXPECT_FALSE(success); On 2017/05/15 16:44:21, Devlin (catching up) wrote: > On 2017/05/11 18:39:45, mmenke wrote: > > If the requests are failing due to CORS, does that mean we're actually > observing > > CORS requests, not the actual network requests? If so, do we even send CORS > > requests for chrome URLs? If not, I'm very confused. > > We actually notify the extension *before* the request is sent, so I think this > is okay. But it might be worth a comment. CORS blocks requests from even reaching the network stack, which is where the WebRequest API is hooked up. So I'm not sure that resolves my concern.
https://codereview.chromium.org/2876653003/diff/1/chrome/browser/extensions/a... File chrome/browser/extensions/api/web_request/web_request_apitest.cc (right): https://codereview.chromium.org/2876653003/diff/1/chrome/browser/extensions/a... chrome/browser/extensions/api/web_request/web_request_apitest.cc:717: EXPECT_FALSE(success); On 2017/05/15 16:47:26, mmenke wrote: > On 2017/05/15 16:44:21, Devlin (catching up) wrote: > > On 2017/05/11 18:39:45, mmenke wrote: > > > If the requests are failing due to CORS, does that mean we're actually > > observing > > > CORS requests, not the actual network requests? If so, do we even send CORS > > > requests for chrome URLs? If not, I'm very confused. > > > > We actually notify the extension *before* the request is sent, so I think this > > is okay. But it might be worth a comment. > > CORS blocks requests from even reaching the network stack, which is where the > WebRequest API is hooked up. So I'm not sure that resolves my concern. Hmm, interesting... Why does this succeed in intercepting the request from example.com (which is also cross-origin)?
https://codereview.chromium.org/2876653003/diff/1/chrome/browser/extensions/a... File chrome/browser/extensions/api/web_request/web_request_apitest.cc (right): https://codereview.chromium.org/2876653003/diff/1/chrome/browser/extensions/a... chrome/browser/extensions/api/web_request/web_request_apitest.cc:717: EXPECT_FALSE(success); On 2017/05/15 17:03:35, Devlin (catching up) wrote: > On 2017/05/15 16:47:26, mmenke wrote: > > On 2017/05/15 16:44:21, Devlin (catching up) wrote: > > > On 2017/05/11 18:39:45, mmenke wrote: > > > > If the requests are failing due to CORS, does that mean we're actually > > > observing > > > > CORS requests, not the actual network requests? If so, do we even send > CORS > > > > requests for chrome URLs? If not, I'm very confused. > > > > > > We actually notify the extension *before* the request is sent, so I think > this > > > is okay. But it might be worth a comment. > > > > CORS blocks requests from even reaching the network stack, which is where the > > WebRequest API is hooked up. So I'm not sure that resolves my concern. > > Hmm, interesting... Why does this succeed in intercepting the request from > http://example.com (which is also cross-origin)? My guess is that it intercepts the CORS request. I have not confirmed that.
The CQ bit was checked by battre@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at: https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was checked by battre@chromium.org to run a CQ dry run
battre@google.com changed reviewers: + battre@google.com
https://codereview.chromium.org/2876653003/diff/1/chrome/browser/extensions/a... File chrome/browser/extensions/api/web_request/web_request_apitest.cc (right): https://codereview.chromium.org/2876653003/diff/1/chrome/browser/extensions/a... chrome/browser/extensions/api/web_request/web_request_apitest.cc:679: int expected_requests_observed = 0; On 2017/05/15 16:44:21, Devlin (catching up) wrote: > Maybe check the initial value, just for completeness? Done. https://codereview.chromium.org/2876653003/diff/1/chrome/browser/extensions/a... chrome/browser/extensions/api/web_request/web_request_apitest.cc:704: ASSERT_TRUE(runner); On 2017/05/15 16:44:21, Devlin (catching up) wrote: > Used? Done. https://codereview.chromium.org/2876653003/diff/1/chrome/browser/extensions/a... chrome/browser/extensions/api/web_request/web_request_apitest.cc:717: EXPECT_FALSE(success); On 2017/05/15 17:09:51, mmenke wrote: > On 2017/05/15 17:03:35, Devlin (catching up) wrote: > > On 2017/05/15 16:47:26, mmenke wrote: > > > On 2017/05/15 16:44:21, Devlin (catching up) wrote: > > > > On 2017/05/11 18:39:45, mmenke wrote: > > > > > If the requests are failing due to CORS, does that mean we're actually > > > > observing > > > > > CORS requests, not the actual network requests? If so, do we even send > > CORS > > > > > requests for chrome URLs? If not, I'm very confused. > > > > > > > > We actually notify the extension *before* the request is sent, so I think > > this > > > > is okay. But it might be worth a comment. > > > > > > CORS blocks requests from even reaching the network stack, which is where > the > > > WebRequest API is hooked up. So I'm not sure that resolves my concern. > > > > Hmm, interesting... Why does this succeed in intercepting the request from > > http://example.com (which is also cross-origin)? > > My guess is that it intercepts the CORS request. I have not confirmed that. My understanding is that Chrome sends the request but delivers it only if the response contains an Access-Control-Allow-Origin header. Here is what the console says: XMLHttpRequest cannot load https://clients1.google.com/. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://developer.mozilla.org' is therefore not allowed access. The response had HTTP status code 404. In this test we don't really care. What gets blocked (and counted) is whether the GET is sent to the net. https://codereview.chromium.org/2876653003/diff/1/chrome/browser/extensions/a... chrome/browser/extensions/api/web_request/web_request_apitest.cc:728: class TestURLFetcherDelegate : public net::URLFetcherDelegate { On 2017/05/15 16:44:21, Devlin (catching up) wrote: > I don't know if we have a specific rule about classes with logic being defined > inline, but it's rare enough in our codebase (i.e., I've never seen it) that I > think it breaks the "match surrounding code style" rule. Can we define this > outside the test? I actually copied this from code in Chrome. I like this here because it keeps the context. If you don't mind, I'd prefer keeping it inline. But you are the owner and can choose. :-)
Dry run: CQ is trying da patch. Follow status at: https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
LGTM https://codereview.chromium.org/2876653003/diff/1/chrome/browser/extensions/a... File chrome/browser/extensions/api/web_request/web_request_apitest.cc (right): https://codereview.chromium.org/2876653003/diff/1/chrome/browser/extensions/a... chrome/browser/extensions/api/web_request/web_request_apitest.cc:717: EXPECT_FALSE(success); On 2017/05/15 17:39:22, battre (please use the other) wrote: > On 2017/05/15 17:09:51, mmenke wrote: > > On 2017/05/15 17:03:35, Devlin (catching up) wrote: > > > On 2017/05/15 16:47:26, mmenke wrote: > > > > On 2017/05/15 16:44:21, Devlin (catching up) wrote: > > > > > On 2017/05/11 18:39:45, mmenke wrote: > > > > > > If the requests are failing due to CORS, does that mean we're actually > > > > > observing > > > > > > CORS requests, not the actual network requests? If so, do we even > send > > > CORS > > > > > > requests for chrome URLs? If not, I'm very confused. > > > > > > > > > > We actually notify the extension *before* the request is sent, so I > think > > > this > > > > > is okay. But it might be worth a comment. > > > > > > > > CORS blocks requests from even reaching the network stack, which is where > > the > > > > WebRequest API is hooked up. So I'm not sure that resolves my concern. > > > > > > Hmm, interesting... Why does this succeed in intercepting the request from > > > http://example.com (which is also cross-origin)? > > > > My guess is that it intercepts the CORS request. I have not confirmed that. > > My understanding is that Chrome sends the request but delivers it only if the > response contains an Access-Control-Allow-Origin header. > > Here is what the console says: > XMLHttpRequest cannot load https://clients1.google.com/. No > 'Access-Control-Allow-Origin' header is present on the requested resource. > Origin 'https://developer.mozilla.org' is therefore not allowed access. The > response had HTTP status code 404. > > In this test we don't really care. What gets blocked (and counted) is whether > the GET is sent to the net. I was concenred that we wouldn't be making a request at all the in the settings case, meaning this test wouldn't be checking anything. After some experimentation, looks like my concerns were unfounded.
lgtm; thanks for adding this test! https://codereview.chromium.org/2876653003/diff/1/chrome/browser/extensions/a... File chrome/browser/extensions/api/web_request/web_request_apitest.cc (right): https://codereview.chromium.org/2876653003/diff/1/chrome/browser/extensions/a... chrome/browser/extensions/api/web_request/web_request_apitest.cc:728: class TestURLFetcherDelegate : public net::URLFetcherDelegate { On 2017/05/15 17:39:22, battre (please use the other) wrote: > On 2017/05/15 16:44:21, Devlin (catching up) wrote: > > I don't know if we have a specific rule about classes with logic being defined > > inline, but it's rare enough in our codebase (i.e., I've never seen it) that I > > think it breaks the "match surrounding code style" rule. Can we define this > > outside the test? > > I actually copied this from code in Chrome. I like this here because it keeps > the context. If you don't mind, I'd prefer keeping it inline. But you are the > owner and can choose. :-) Heh fair enough. I have a TODO around here somewhere to simplify these (I've seen other places using this type of thing), so hopefully moot soon enough anyway.
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
The CQ bit was checked by battre@google.com
CQ is trying da patch. Follow status at: https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Try jobs failed on following builders: chromium_presubmit on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/chromium_presub...)
Merge with ToT to resolve merge conflict
The CQ bit was checked by battre@google.com
The patchset sent to the CQ was uploaded after l-g-t-m from rdevlin.cronin@chromium.org, mmenke@chromium.org Link to the patchset: https://codereview.chromium.org/2876653003/#ps60001 (title: "Merge with ToT to resolve merge conflict")
The CQ bit was checked by battre@google.com
The CQ bit was unchecked by battre@google.com
The CQ bit was checked by battre@google.com
CQ is trying da patch. Follow status at: https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Try jobs failed on following builders: win_chromium_rel_ng on master.tryserver.chromium.win (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.win/builders/win_chromium_rel_...)
The CQ bit was checked by battre@google.com
CQ is trying da patch. Follow status at: https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
CQ is committing da patch.
Bot data: {"patchset_id": 60001, "attempt_start_ts": 1494945124691950,
"parent_rev": "8ea3a3dbe59eceb00d1a234767c74278f5bb03fd", "commit_rev":
"d6a0a2e456e9f9e938d72c80a681ea701bdec8ec"}
Message was sent while issue was closed.
Description was changed from ========== Integration test for protecting clients*.google.com BUG=715184 ========== to ========== Integration test for protecting clients*.google.com BUG=715184 Review-Url: https://codereview.chromium.org/2876653003 Cr-Commit-Position: refs/heads/master@{#472141} Committed: https://chromium.googlesource.com/chromium/src/+/d6a0a2e456e9f9e938d72c80a681... ==========
Message was sent while issue was closed.
Committed patchset #4 (id:60001) as https://chromium.googlesource.com/chromium/src/+/d6a0a2e456e9f9e938d72c80a681... |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
