| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/command_line.h" | 5 #include "base/command_line.h" |
| 6 #include "base/logging.h" | 6 #include "base/logging.h" |
| 7 #include "build/build_config.h" | 7 #include "build/build_config.h" |
| 8 #include "chrome/browser/extensions/extension_apitest.h" | 8 #include "chrome/browser/extensions/extension_apitest.h" |
| 9 #include "chrome/browser/ui/browser.h" | 9 #include "chrome/browser/ui/browser.h" |
| 10 #include "chrome/browser/ui/tabs/tab_strip_model.h" | 10 #include "chrome/browser/ui/tabs/tab_strip_model.h" |
| 11 #include "chrome/common/chrome_switches.h" | 11 #include "chrome/common/chrome_switches.h" |
| 12 #include "chrome/test/base/test_switches.h" | 12 #include "chrome/test/base/test_switches.h" |
| 13 #include "chrome/test/base/ui_test_utils.h" | 13 #include "chrome/test/base/ui_test_utils.h" |
| 14 #include "content/public/browser/navigation_handle.h" | 14 #include "content/public/browser/navigation_handle.h" |
| 15 #include "content/public/browser/notification_service.h" | 15 #include "content/public/browser/notification_service.h" |
| 16 #include "content/public/browser/render_frame_host.h" |
| 16 #include "content/public/browser/web_contents.h" | 17 #include "content/public/browser/web_contents.h" |
| 17 #include "content/public/browser/web_contents_observer.h" | 18 #include "content/public/browser/web_contents_observer.h" |
| 18 #include "content/public/common/browser_side_navigation_policy.h" | 19 #include "content/public/common/browser_side_navigation_policy.h" |
| 19 #include "content/public/test/browser_test_utils.h" | 20 #include "content/public/test/browser_test_utils.h" |
| 20 #include "extensions/common/switches.h" | 21 #include "extensions/common/switches.h" |
| 21 #include "net/dns/mock_host_resolver.h" | 22 #include "net/dns/mock_host_resolver.h" |
| 22 #include "net/test/embedded_test_server/embedded_test_server.h" | 23 #include "net/test/embedded_test_server/embedded_test_server.h" |
| 23 #include "url/gurl.h" | 24 #include "url/gurl.h" |
| 24 | 25 |
| 25 class ExtensionResourceRequestPolicyTest : public ExtensionApiTest { | 26 class ExtensionResourceRequestPolicyTest : public ExtensionApiTest { |
| (...skipping 321 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 347 ChildFrameAt(web_contents->GetMainFrame(), 0), | 348 ChildFrameAt(web_contents->GetMainFrame(), 0), |
| 348 "domAutomationController.send(document.body.innerText)", &content)); | 349 "domAutomationController.send(document.body.innerText)", &content)); |
| 349 | 350 |
| 350 // The iframe should not load |private_page|, which is not web-accessible. | 351 // The iframe should not load |private_page|, which is not web-accessible. |
| 351 // | 352 // |
| 352 // TODO(alexmos): Make this check stricter, as extensions are now fully | 353 // TODO(alexmos): Make this check stricter, as extensions are now fully |
| 353 // isolated. The failure mode is that the request is canceled and we stay on | 354 // isolated. The failure mode is that the request is canceled and we stay on |
| 354 // public.html (see https://crbug.com/656752). | 355 // public.html (see https://crbug.com/656752). |
| 355 EXPECT_NE("Private", content); | 356 EXPECT_NE("Private", content); |
| 356 } | 357 } |
| 358 |
| 359 IN_PROC_BROWSER_TEST_F(ExtensionResourceRequestPolicyTest, |
| 360 IframeNavigateToInaccessibleViaServerRedirect) { |
| 361 content::WebContents* web_contents = |
| 362 browser()->tab_strip_model()->GetActiveWebContents(); |
| 363 |
| 364 // Any valid extension that happens to have a web accessible resource. |
| 365 const extensions::Extension* patsy = LoadExtension( |
| 366 test_data_dir_.AppendASCII("extension_resource_request_policy") |
| 367 .AppendASCII("some_accessible")); |
| 368 |
| 369 // An extension with a non-webaccessible resource. |
| 370 const extensions::Extension* target = LoadExtension( |
| 371 test_data_dir_.AppendASCII("extension_resource_request_policy") |
| 372 .AppendASCII("inaccessible")); |
| 373 |
| 374 // Start with an http iframe. |
| 375 ui_test_utils::NavigateToURL(browser(), |
| 376 embedded_test_server()->GetURL("/iframe.html")); |
| 377 |
| 378 // Send it to a web accessible resource of a valid extension. |
| 379 GURL patsy_url = patsy->GetResourceURL("public.html"); |
| 380 content::NavigateIframeToURL(web_contents, "test", patsy_url); |
| 381 |
| 382 // Now send it to a NON-web-accessible resource of any other extension, via |
| 383 // http redirect. |
| 384 GURL target_url = target->GetResourceURL("inaccessible-iframe-contents.html"); |
| 385 GURL http_redirect_to_target_url = |
| 386 embedded_test_server()->GetURL("/server-redirect?" + target_url.spec()); |
| 387 content::NavigateIframeToURL(web_contents, "test", |
| 388 http_redirect_to_target_url); |
| 389 |
| 390 // That should not have been allowed. |
| 391 EXPECT_NE(url::Origin(target_url).GetURL(), |
| 392 ChildFrameAt(web_contents->GetMainFrame(), 0) |
| 393 ->GetLastCommittedOrigin() |
| 394 .GetURL()); |
| 395 } |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2881733006:
ExtensionNavigationThrottle: Enforce the same rules on redirect as we (Closed)
