Chromium Code Reviews Chromium Code Reviews
Issue 2891443002:
Keep subdomains of an isolated origin in the isolated origin's SiteInstance. (Closed)
| Index: content/browser/site_instance_impl_unittest.cc |
| diff --git a/content/browser/site_instance_impl_unittest.cc b/content/browser/site_instance_impl_unittest.cc |
| index 39246c9be642c82ea95c42d0daf7916b391cc30d..06e2eec979884287eae96aaca2ef8ece435314fb 100644 |
| --- a/content/browser/site_instance_impl_unittest.cc |
| +++ b/content/browser/site_instance_impl_unittest.cc |
| @@ -905,8 +905,6 @@ TEST_F(SiteInstanceTest, IsolatedOrigins) { |
| policy->IsIsolatedOrigin(url::Origin(GURL("https://isolated.foo.com")))); |
| EXPECT_FALSE(policy->IsIsolatedOrigin( |
| url::Origin(GURL("http://isolated.foo.com:12345")))); |
| - EXPECT_FALSE(policy->IsIsolatedOrigin( |
| - url::Origin(GURL("http://bar.isolated.foo.com")))); |
| policy->AddIsolatedOrigin(url::Origin(isolated_bar_url)); |
| EXPECT_TRUE(policy->IsIsolatedOrigin(url::Origin(isolated_bar_url))); |
| @@ -949,6 +947,146 @@ TEST_F(SiteInstanceTest, IsolatedOrigins) { |
| nullptr, isolated_blob_foo_url)); |
| EXPECT_TRUE(SiteInstanceImpl::DoesSiteRequireDedicatedProcess( |
| nullptr, isolated_filesystem_foo_url)); |
| + |
| + // Cleanup. |
| + policy->RemoveIsolatedOriginForTesting(url::Origin(isolated_foo_url)); |
| + policy->RemoveIsolatedOriginForTesting(url::Origin(isolated_bar_url)); |
| +} |
| + |
| +TEST_F(SiteInstanceTest, SubdomainOnIsolatedSite) { |
| + GURL isolated_url("http://isolated.com"); |
| + GURL foo_isolated_url("http://foo.isolated.com"); |
| + |
| + auto* policy = ChildProcessSecurityPolicyImpl::GetInstance(); |
| + policy->AddIsolatedOrigin(url::Origin(isolated_url)); |
| + |
| + EXPECT_TRUE(policy->IsIsolatedOrigin(url::Origin(isolated_url))); |
| + EXPECT_TRUE(policy->IsIsolatedOrigin(url::Origin(foo_isolated_url))); |
| + EXPECT_FALSE( |
| + policy->IsIsolatedOrigin(url::Origin(GURL("http://unisolated.com")))); |
| + EXPECT_FALSE( |
| + policy->IsIsolatedOrigin(url::Origin(GURL("http://isolated.foo.com")))); |
| + // Wrong scheme. |
| + EXPECT_FALSE( |
| + policy->IsIsolatedOrigin(url::Origin(GURL("https://foo.isolated.com")))); |
| + |
| + // A new SiteInstance created for a subdomain on an isolated origin |
| + // should use the isolated origin's host and not its own host as the site |
| + // URL. |
| + EXPECT_EQ(isolated_url, |
| + SiteInstance::GetSiteForURL(nullptr, foo_isolated_url)); |
| + |
| + EXPECT_TRUE(SiteInstanceImpl::DoesSiteRequireDedicatedProcess( |
| + nullptr, foo_isolated_url)); |
| + |
| + EXPECT_TRUE( |
| + SiteInstance::IsSameWebSite(nullptr, isolated_url, foo_isolated_url)); |
| + EXPECT_TRUE( |
| + SiteInstance::IsSameWebSite(nullptr, foo_isolated_url, isolated_url)); |
| + |
| + // Cleanup. |
| + policy->RemoveIsolatedOriginForTesting(url::Origin(isolated_url)); |
| +} |
| + |
| +TEST_F(SiteInstanceTest, SubdomainOnIsolatedOrigin) { |
| + GURL foo_url("http://foo.com"); |
| + GURL isolated_foo_url("http://isolated.foo.com"); |
| + GURL bar_isolated_foo_url("http://bar.isolated.foo.com"); |
| + GURL baz_isolated_foo_url("http://baz.isolated.foo.com"); |
|
ncarter (slow)
2017/06/28 20:59:19
You might want to toss in a test somewhere that do
alexmos
2017/06/29 21:54:02
This is really interesting. I played around with
|
| + |
| + auto* policy = ChildProcessSecurityPolicyImpl::GetInstance(); |
| + policy->AddIsolatedOrigin(url::Origin(isolated_foo_url)); |
| + |
| + EXPECT_FALSE(policy->IsIsolatedOrigin(url::Origin(foo_url))); |
| + EXPECT_TRUE(policy->IsIsolatedOrigin(url::Origin(isolated_foo_url))); |
| + EXPECT_TRUE(policy->IsIsolatedOrigin(url::Origin(bar_isolated_foo_url))); |
| + EXPECT_TRUE(policy->IsIsolatedOrigin(url::Origin(baz_isolated_foo_url))); |
| + |
| + EXPECT_EQ(foo_url, SiteInstance::GetSiteForURL(nullptr, foo_url)); |
| + EXPECT_EQ(isolated_foo_url, |
| + SiteInstance::GetSiteForURL(nullptr, isolated_foo_url)); |
| + EXPECT_EQ(isolated_foo_url, |
| + SiteInstance::GetSiteForURL(nullptr, bar_isolated_foo_url)); |
| + EXPECT_EQ(isolated_foo_url, |
| + SiteInstance::GetSiteForURL(nullptr, baz_isolated_foo_url)); |
| + |
| + if (!AreAllSitesIsolatedForTesting()) { |
| + EXPECT_FALSE( |
| + SiteInstanceImpl::DoesSiteRequireDedicatedProcess(nullptr, foo_url)); |
| + } |
| + EXPECT_TRUE(SiteInstanceImpl::DoesSiteRequireDedicatedProcess( |
| + nullptr, isolated_foo_url)); |
| + EXPECT_TRUE(SiteInstanceImpl::DoesSiteRequireDedicatedProcess( |
| + nullptr, bar_isolated_foo_url)); |
| + EXPECT_TRUE(SiteInstanceImpl::DoesSiteRequireDedicatedProcess( |
| + nullptr, baz_isolated_foo_url)); |
| + |
| + EXPECT_FALSE(SiteInstance::IsSameWebSite(nullptr, foo_url, isolated_foo_url)); |
| + EXPECT_FALSE(SiteInstance::IsSameWebSite(nullptr, isolated_foo_url, foo_url)); |
| + EXPECT_FALSE( |
| + SiteInstance::IsSameWebSite(nullptr, foo_url, bar_isolated_foo_url)); |
| + EXPECT_FALSE( |
| + SiteInstance::IsSameWebSite(nullptr, bar_isolated_foo_url, foo_url)); |
| + EXPECT_TRUE(SiteInstance::IsSameWebSite(nullptr, bar_isolated_foo_url, |
| + isolated_foo_url)); |
| + EXPECT_TRUE(SiteInstance::IsSameWebSite(nullptr, isolated_foo_url, |
| + bar_isolated_foo_url)); |
| + EXPECT_TRUE(SiteInstance::IsSameWebSite(nullptr, bar_isolated_foo_url, |
| + baz_isolated_foo_url)); |
| + EXPECT_TRUE(SiteInstance::IsSameWebSite(nullptr, baz_isolated_foo_url, |
| + bar_isolated_foo_url)); |
| + |
| + // Cleanup. |
| + policy->RemoveIsolatedOriginForTesting(url::Origin(isolated_foo_url)); |
| +} |
| + |
| +TEST_F(SiteInstanceTest, MultipleIsolatedOriginsWithCommonSite) { |
| + GURL foo_url("http://foo.com"); |
| + GURL bar_foo_url("http://bar.foo.com"); |
| + GURL baz_bar_foo_url("http://baz.bar.foo.com"); |
| + GURL qux_baz_bar_foo_url("http://qux.baz.bar.foo.com"); |
| + |
| + auto* policy = ChildProcessSecurityPolicyImpl::GetInstance(); |
| + policy->AddIsolatedOrigin(url::Origin(foo_url)); |
| + policy->AddIsolatedOrigin(url::Origin(baz_bar_foo_url)); |
| + |
| + EXPECT_TRUE(policy->IsIsolatedOrigin(url::Origin(foo_url))); |
| + EXPECT_TRUE(policy->IsIsolatedOrigin(url::Origin(bar_foo_url))); |
| + EXPECT_TRUE(policy->IsIsolatedOrigin(url::Origin(baz_bar_foo_url))); |
| + EXPECT_TRUE(policy->IsIsolatedOrigin(url::Origin(qux_baz_bar_foo_url))); |
| + |
| + EXPECT_EQ(foo_url, SiteInstance::GetSiteForURL(nullptr, foo_url)); |
| + EXPECT_EQ(foo_url, SiteInstance::GetSiteForURL(nullptr, bar_foo_url)); |
| + EXPECT_EQ(baz_bar_foo_url, |
| + SiteInstance::GetSiteForURL(nullptr, baz_bar_foo_url)); |
| + EXPECT_EQ(baz_bar_foo_url, |
| + SiteInstance::GetSiteForURL(nullptr, qux_baz_bar_foo_url)); |
| + |
| + EXPECT_TRUE( |
| + SiteInstanceImpl::DoesSiteRequireDedicatedProcess(nullptr, foo_url)); |
| + EXPECT_TRUE( |
| + SiteInstanceImpl::DoesSiteRequireDedicatedProcess(nullptr, bar_foo_url)); |
| + EXPECT_TRUE(SiteInstanceImpl::DoesSiteRequireDedicatedProcess( |
| + nullptr, baz_bar_foo_url)); |
| + EXPECT_TRUE(SiteInstanceImpl::DoesSiteRequireDedicatedProcess( |
| + nullptr, qux_baz_bar_foo_url)); |
| + |
| + EXPECT_TRUE(SiteInstance::IsSameWebSite(nullptr, foo_url, bar_foo_url)); |
| + EXPECT_FALSE(SiteInstance::IsSameWebSite(nullptr, foo_url, baz_bar_foo_url)); |
| + EXPECT_FALSE( |
| + SiteInstance::IsSameWebSite(nullptr, foo_url, qux_baz_bar_foo_url)); |
| + |
| + EXPECT_FALSE( |
| + SiteInstance::IsSameWebSite(nullptr, bar_foo_url, baz_bar_foo_url)); |
| + EXPECT_FALSE( |
| + SiteInstance::IsSameWebSite(nullptr, bar_foo_url, qux_baz_bar_foo_url)); |
| + |
| + EXPECT_TRUE(SiteInstance::IsSameWebSite(nullptr, baz_bar_foo_url, |
| + qux_baz_bar_foo_url)); |
| + |
| + // Cleanup. |
| + policy->RemoveIsolatedOriginForTesting(url::Origin(foo_url)); |
| + policy->RemoveIsolatedOriginForTesting(url::Origin(baz_bar_foo_url)); |
| } |
| } // namespace content |
