Send certificate errors from worker fetch context for off-main-thread-fetch.

chrome/browser/ssl/ssl_browser_tests.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <utility>
 
 #include "base/base_switches.h"
 #include "base/bind.h"
 #include "base/bind_helpers.h"
 #include "base/callback.h"
@@ skipping 63 matching lines @@
 #include "content/public/browser/notification_details.h"
 #include "content/public/browser/notification_service.h"
 #include "content/public/browser/render_frame_host.h"
 #include "content/public/browser/render_view_host.h"
 #include "content/public/browser/render_widget_host_view.h"
 #include "content/public/browser/restore_type.h"
 #include "content/public/browser/ssl_status.h"
 #include "content/public/browser/web_contents.h"
 #include "content/public/browser/web_contents_observer.h"
 #include "content/public/common/browser_side_navigation_policy.h"
+#include "content/public/common/content_features.h"
 #include "content/public/common/content_switches.h"
 #include "content/public/common/page_state.h"
 #include "content/public/test/browser_test_utils.h"
 #include "content/public/test/download_test_observer.h"
 #include "content/public/test/test_navigation_observer.h"
 #include "content/public/test/test_renderer_host.h"
 #include "content/public/test/test_utils.h"
 #include "crypto/sha2.h"
 #include "net/base/host_port_pair.h"
 #include "net/base/io_buffer.h"
@@ skipping 384 matching lines @@
 
     // Substitute the generated frame_left URL into the top_frame page.
     base::StringPairs replacement_text_top_frame;
     replacement_text_top_frame.push_back(
         make_pair("REPLACE_WITH_FRAME_LEFT_PATH", frame_left_path));
     net::test_server::GetFilePathWithReplacements(
         "/ssl/top_frame.html", replacement_text_top_frame, top_frame_path);
   }
 
   static void GetPageWithUnsafeWorkerPath(
-      const net::EmbeddedTestServer& https_server,
+      const std::string& unsafe_worker_path,
       std::string* page_with_unsafe_worker_path) {
-    // Get the "imported.js" URL from the expired https server and
-    // substitute it into the unsafe_worker.js file.
-    GURL imported_js_url = https_server.GetURL("/ssl/imported.js");
-    base::StringPairs replacement_text_for_unsafe_worker;
-    replacement_text_for_unsafe_worker.push_back(
-        make_pair("REPLACE_WITH_IMPORTED_JS_URL", imported_js_url.spec()));
-    std::string unsafe_worker_path;
-    net::test_server::GetFilePathWithReplacements(
-        "unsafe_worker.js", replacement_text_for_unsafe_worker,
-        &unsafe_worker_path);
-
     // Now, substitute this into the page with unsafe worker.
     base::StringPairs replacement_text_for_page_with_unsafe_worker;
     replacement_text_for_page_with_unsafe_worker.push_back(
         make_pair("REPLACE_WITH_UNSAFE_WORKER_PATH", unsafe_worker_path));
     net::test_server::GetFilePathWithReplacements(
         "/ssl/page_with_unsafe_worker.html",
         replacement_text_for_page_with_unsafe_worker,
         page_with_unsafe_worker_path);
   }
 
+  static void GetPageWithUnsafeImportingWorkerPath(
+      const net::EmbeddedTestServer& https_server,
+      std::string* page_with_unsafe_importing_worker_path) {
+    // Get the "imported.js" URL from the expired https server and
+    // substitute it into the unsafe_importing_worker.js file.
+    GURL imported_js_url = https_server.GetURL("/ssl/imported.js");
+    base::StringPairs replacement_text_for_unsafe_worker;
+    replacement_text_for_unsafe_worker.push_back(
+        make_pair("REPLACE_WITH_IMPORTED_JS_URL", imported_js_url.spec()));
+    std::string unsafe_importing_worker_path;
+    net::test_server::GetFilePathWithReplacements(
+        "unsafe_importing_worker.js", replacement_text_for_unsafe_worker,
+        &unsafe_importing_worker_path);
+    GetPageWithUnsafeWorkerPath(unsafe_importing_worker_path,
+                                page_with_unsafe_importing_worker_path);
+  }
+
+  static void GetPageWithUnsafeFetchingWorkerPath(
+      const net::EmbeddedTestServer& https_server,
+      std::string* page_with_unsafe_fetching_worker_path) {
+    // Get the "imported.js" URL from the expired https server and
+    // substitute it into the unsafe_fetching_worker.js file.
+    GURL test_file_url = https_server.GetURL("/ssl/imported.js");
+    base::StringPairs replacement_text_for_unsafe_worker;
+    replacement_text_for_unsafe_worker.push_back(
+        make_pair("REPLACE_WITH_TEST_FILE_URL", test_file_url.spec()));
+    std::string unsafe_fetcing_worker_path;
+    net::test_server::GetFilePathWithReplacements(
+        "unsafe_fetching_worker.js", replacement_text_for_unsafe_worker,
+        &unsafe_fetcing_worker_path);
+    GetPageWithUnsafeWorkerPath(unsafe_fetcing_worker_path,
+                                page_with_unsafe_fetching_worker_path);
+  }
+
   // Helper function for testing invalid certificate chain reporting.
   void TestBrokenHTTPSReporting(
       certificate_reporting_test_utils::OptIn opt_in,
       ProceedDecision proceed,
       certificate_reporting_test_utils::ExpectReport expect_report,
       Browser* browser) {
     ASSERT_TRUE(https_server_expired_.Start());
 
     base::RunLoop run_loop;
     certificate_reporting_test_utils::SSLCertReporterCallback reporter_callback(
@@ skipping 1926 matching lines @@
   content::RenderFrameHost* content_frame = content::FrameMatchingPredicate(
         tab, base::Bind(&content::FrameMatchesName, "contentFrame"));
   std::string is_evil_js("window.domAutomationController.send("
                          "document.getElementById('evilDiv') != null);");
   EXPECT_TRUE(content::ExecuteScriptAndExtractBool(content_frame,
                                                    is_evil_js,
                                                    &is_content_evil));
   EXPECT_FALSE(is_content_evil);
 }
 
-IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeContentsInWorkerFiltered) {
+enum class OffMainThreadFetchMode { kEnabled, kDisabled };
+enum class SSLUIWorkerFetchTestType { kUseFetch, kUseImportScripts };
+
+class SSLUIWorkerFetchTest
+    : public testing::WithParamInterface<
+          std::pair<OffMainThreadFetchMode, SSLUIWorkerFetchTestType>>,
+      public SSLUITest {
+ public:
+  ~SSLUIWorkerFetchTest() override {}
+  void SetUpCommandLine(base::CommandLine* command_line) override {
+    SSLUITest::SetUpCommandLine(command_line);
+    if (GetParam().first == OffMainThreadFetchMode::kEnabled) {
+      command_line->AppendSwitchASCII(switches::kEnableFeatures,
+                                      features::kOffMainThreadFetch.name);
+    } else {
+      command_line->AppendSwitchASCII(switches::kDisableFeatures,
+                                      features::kOffMainThreadFetch.name);
+    }
+  }
+
+ protected:
+  void GetTestWorkerPagePath(const net::EmbeddedTestServer& https_server,
+                             std::string* test_worker_page_path) {
+    switch (GetParam().second) {
+      case SSLUIWorkerFetchTestType::kUseFetch:
+        GetPageWithUnsafeFetchingWorkerPath(https_server,
+                                            test_worker_page_path);
+        break;
+      case SSLUIWorkerFetchTestType::kUseImportScripts:
+        GetPageWithUnsafeImportingWorkerPath(https_server,
+                                             test_worker_page_path);
+        break;
+    }
+  }
+};
+
+IN_PROC_BROWSER_TEST_P(SSLUIWorkerFetchTest,
+                       TestUnsafeContentsInWorkerFiltered) {
   ASSERT_TRUE(https_server_.Start());
   ASSERT_TRUE(https_server_expired_.Start());
 
   // This page will spawn a Worker which will try to load content from
   // BadCertServer.
-  std::string page_with_unsafe_worker_path;
-  GetPageWithUnsafeWorkerPath(https_server_expired_,
-                              &page_with_unsafe_worker_path);
-  ui_test_utils::NavigateToURL(browser(), https_server_.GetURL(
-      page_with_unsafe_worker_path));
+  std::string test_worker_page_path;
+  GetTestWorkerPagePath(https_server_expired_, &test_worker_page_path);
+  ui_test_utils::NavigateToURL(browser(),
+                               https_server_.GetURL(test_worker_page_path));
   WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
   // Expect Worker not to load insecure content.
   CheckWorkerLoadResult(tab, false);
   // The bad content is filtered, expect the state to be authenticated.
   CheckAuthenticatedState(tab, AuthState::NONE);
 }
 
 // This test, and the related test TestUnsafeContentsWithUserException, verify
 // that if unsafe content is loaded but the host of that unsafe content has a
 // user exception, the content runs and the security style is downgraded.
-IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeContentsInWorkerWithUserException) {
+IN_PROC_BROWSER_TEST_P(SSLUIWorkerFetchTest,
+                       TestUnsafeContentsInWorkerWithUserException) {
   ASSERT_TRUE(https_server_.Start());
   // Note that it is necessary to user https_server_mismatched_ here over the
   // other invalid cert servers. This is because the test relies on the two
   // servers having different hosts since SSL exceptions are per-host, not per
   // origin, and https_server_mismatched_ uses 'localhost' rather than
   // '127.0.0.1'.
   ASSERT_TRUE(https_server_mismatched_.Start());
 
   // Navigate to an unsafe site. Proceed with interstitial page to indicate
   // the user approves the bad certificate.
@@ skipping 11 matching lines @@
   security_state::SecurityInfo security_info;
   helper->GetSecurityInfo(&security_info);
   EXPECT_EQ(security_state::CONTENT_STATUS_NONE,
             security_info.mixed_content_status);
   EXPECT_EQ(security_state::CONTENT_STATUS_NONE,
             security_info.content_with_cert_errors_status);
 
   // Navigate to safe page that has Worker loading unsafe content.
   // Expect content to load but be marked as auth broken due to running insecure
   // content.
-  std::string page_with_unsafe_worker_path;
-  GetPageWithUnsafeWorkerPath(https_server_mismatched_,
-                              &page_with_unsafe_worker_path);
-  ui_test_utils::NavigateToURL(
-      browser(), https_server_.GetURL(page_with_unsafe_worker_path));
+  std::string test_worker_page_path;
+  GetTestWorkerPagePath(https_server_mismatched_, &test_worker_page_path);
+
+  ui_test_utils::NavigateToURL(browser(),
+                               https_server_.GetURL(test_worker_page_path));
   CheckWorkerLoadResult(tab, true);  // Worker loads insecure content
   CheckAuthenticationBrokenState(tab, CertError::NONE, AuthState::NONE);
 
   helper->GetSecurityInfo(&security_info);
   EXPECT_EQ(security_state::CONTENT_STATUS_NONE,
             security_info.mixed_content_status);
   EXPECT_EQ(security_state::CONTENT_STATUS_RAN,
             security_info.content_with_cert_errors_status);
 }
 
+INSTANTIATE_TEST_CASE_P(
+    /* no prefix */,
+    SSLUIWorkerFetchTest,
+    ::testing::Values(
+        std::make_pair(OffMainThreadFetchMode::kDisabled,
+                       SSLUIWorkerFetchTestType::kUseFetch),
+        std::make_pair(OffMainThreadFetchMode::kDisabled,
+                       SSLUIWorkerFetchTestType::kUseImportScripts),
+        std::make_pair(OffMainThreadFetchMode::kEnabled,
+                       SSLUIWorkerFetchTestType::kUseFetch),
+        std::make_pair(OffMainThreadFetchMode::kEnabled,
+                       SSLUIWorkerFetchTestType::kUseImportScripts)));
+
 // Visits a page with unsafe content and makes sure that if a user exception to
 // the certificate error is present, the image is loaded and script executes.
 IN_PROC_BROWSER_TEST_F(SSLUITest, TestUnsafeContentsWithUserException) {
   WebContents* tab = browser()->tab_strip_model()->GetActiveWebContents();
   ASSERT_NO_FATAL_FAILURE(SetUpUnsafeContentsWithUserException(
       "/ssl/page_with_unsafe_contents.html"));
   CheckAuthenticationBrokenState(tab, CertError::NONE, AuthState::NONE);
 
   SecurityStateTabHelper* helper = SecurityStateTabHelper::FromWebContents(tab);
   ASSERT_TRUE(helper);
@@ skipping 1873 matching lines @@
 
 // Visit a page over https that contains a frame with a redirect.
 
 // XMLHttpRequest insecure content in synchronous mode.
 
 // XMLHttpRequest insecure content in asynchronous mode.
 
 // XMLHttpRequest over bad ssl in synchronous mode.
 
 // XMLHttpRequest over OK ssl in synchronous mode.