OLD | NEW |
1 /* | 1 /* |
2 * Copyright (c) 2015, Google Inc. All rights reserved. | 2 * Copyright (c) 2015, Google Inc. All rights reserved. |
3 * | 3 * |
4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
6 * met: | 6 * met: |
7 * | 7 * |
8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
(...skipping 261 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
272 | 272 |
273 // Calling modifyRequestForCSP more than once shouldn't affect the | 273 // Calling modifyRequestForCSP more than once shouldn't affect the |
274 // header. | 274 // header. |
275 if (should_prefer) { | 275 if (should_prefer) { |
276 fetch_context->ModifyRequestForCSP(resource_request); | 276 fetch_context->ModifyRequestForCSP(resource_request); |
277 EXPECT_EQ("1", resource_request.HttpHeaderField( | 277 EXPECT_EQ("1", resource_request.HttpHeaderField( |
278 HTTPNames::Upgrade_Insecure_Requests)); | 278 HTTPNames::Upgrade_Insecure_Requests)); |
279 } | 279 } |
280 } | 280 } |
281 | 281 |
282 void ExpectSetEmbeddingCSPRequestHeader( | 282 void ExpectSetRequiredCSPRequestHeader( |
283 const char* input, | 283 const char* input, |
284 WebURLRequest::FrameType frame_type, | 284 WebURLRequest::FrameType frame_type, |
285 const AtomicString& expected_embedding_csp) { | 285 const AtomicString& expected_required_csp) { |
286 KURL input_url(kParsedURLString, input); | 286 KURL input_url(kParsedURLString, input); |
287 ResourceRequest resource_request(input_url); | 287 ResourceRequest resource_request(input_url); |
288 resource_request.SetRequestContext(WebURLRequest::kRequestContextScript); | 288 resource_request.SetRequestContext(WebURLRequest::kRequestContextScript); |
289 resource_request.SetFrameType(frame_type); | 289 resource_request.SetFrameType(frame_type); |
290 | 290 |
291 fetch_context->ModifyRequestForCSP(resource_request); | 291 fetch_context->ModifyRequestForCSP(resource_request); |
292 | 292 |
293 EXPECT_EQ(expected_embedding_csp, | 293 EXPECT_EQ(expected_required_csp, |
294 resource_request.HttpHeaderField(HTTPNames::Embedding_CSP)); | 294 resource_request.HttpHeaderField(HTTPNames::Required_CSP)); |
295 } | 295 } |
296 | 296 |
297 void SetFrameOwnerBasedOnFrameType(WebURLRequest::FrameType frame_type, | 297 void SetFrameOwnerBasedOnFrameType(WebURLRequest::FrameType frame_type, |
298 HTMLIFrameElement* iframe, | 298 HTMLIFrameElement* iframe, |
299 const AtomicString& potential_value) { | 299 const AtomicString& potential_value) { |
300 if (frame_type != WebURLRequest::kFrameTypeNested) { | 300 if (frame_type != WebURLRequest::kFrameTypeNested) { |
301 document->GetFrame()->SetOwner(nullptr); | 301 document->GetFrame()->SetOwner(nullptr); |
302 return; | 302 return; |
303 } | 303 } |
304 | 304 |
(...skipping 128 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
433 document->SetInsecureRequestPolicy(kLeaveInsecureRequestsAlone); | 433 document->SetInsecureRequestPolicy(kLeaveInsecureRequestsAlone); |
434 ExpectUpgradeInsecureRequestHeader(test.to_request, test.frame_type, | 434 ExpectUpgradeInsecureRequestHeader(test.to_request, test.frame_type, |
435 test.should_prefer); | 435 test.should_prefer); |
436 | 436 |
437 document->SetInsecureRequestPolicy(kUpgradeInsecureRequests); | 437 document->SetInsecureRequestPolicy(kUpgradeInsecureRequests); |
438 ExpectUpgradeInsecureRequestHeader(test.to_request, test.frame_type, | 438 ExpectUpgradeInsecureRequestHeader(test.to_request, test.frame_type, |
439 test.should_prefer); | 439 test.should_prefer); |
440 } | 440 } |
441 } | 441 } |
442 | 442 |
443 TEST_F(FrameFetchContextModifyRequestTest, SendEmbeddingCSPHeader) { | 443 TEST_F(FrameFetchContextModifyRequestTest, SendRequiredCSPHeader) { |
444 struct TestCase { | 444 struct TestCase { |
445 const char* to_request; | 445 const char* to_request; |
446 WebURLRequest::FrameType frame_type; | 446 WebURLRequest::FrameType frame_type; |
447 } tests[] = { | 447 } tests[] = { |
448 {"https://example.test/page.html", WebURLRequest::kFrameTypeAuxiliary}, | 448 {"https://example.test/page.html", WebURLRequest::kFrameTypeAuxiliary}, |
449 {"https://example.test/page.html", WebURLRequest::kFrameTypeNested}, | 449 {"https://example.test/page.html", WebURLRequest::kFrameTypeNested}, |
450 {"https://example.test/page.html", WebURLRequest::kFrameTypeNone}, | 450 {"https://example.test/page.html", WebURLRequest::kFrameTypeNone}, |
451 {"https://example.test/page.html", WebURLRequest::kFrameTypeTopLevel}}; | 451 {"https://example.test/page.html", WebURLRequest::kFrameTypeTopLevel}}; |
452 | 452 |
453 HTMLIFrameElement* iframe = HTMLIFrameElement::Create(*document); | 453 HTMLIFrameElement* iframe = HTMLIFrameElement::Create(*document); |
454 const AtomicString& required_csp = AtomicString("default-src 'none'"); | 454 const AtomicString& required_csp = AtomicString("default-src 'none'"); |
455 const AtomicString& another_required_csp = AtomicString("default-src 'self'"); | 455 const AtomicString& another_required_csp = AtomicString("default-src 'self'"); |
456 | 456 |
457 for (const auto& test : tests) { | 457 for (const auto& test : tests) { |
458 SetFrameOwnerBasedOnFrameType(test.frame_type, iframe, required_csp); | 458 SetFrameOwnerBasedOnFrameType(test.frame_type, iframe, required_csp); |
459 ExpectSetEmbeddingCSPRequestHeader( | 459 ExpectSetRequiredCSPRequestHeader( |
460 test.to_request, test.frame_type, | 460 test.to_request, test.frame_type, |
461 test.frame_type == WebURLRequest::kFrameTypeNested ? required_csp | 461 test.frame_type == WebURLRequest::kFrameTypeNested ? required_csp |
462 : g_null_atom); | 462 : g_null_atom); |
463 | 463 |
464 SetFrameOwnerBasedOnFrameType(test.frame_type, iframe, | 464 SetFrameOwnerBasedOnFrameType(test.frame_type, iframe, |
465 another_required_csp); | 465 another_required_csp); |
466 ExpectSetEmbeddingCSPRequestHeader( | 466 ExpectSetRequiredCSPRequestHeader( |
467 test.to_request, test.frame_type, | 467 test.to_request, test.frame_type, |
468 test.frame_type == WebURLRequest::kFrameTypeNested | 468 test.frame_type == WebURLRequest::kFrameTypeNested |
469 ? another_required_csp | 469 ? another_required_csp |
470 : g_null_atom); | 470 : g_null_atom); |
471 } | 471 } |
472 } | 472 } |
473 | 473 |
474 // Tests that PopulateResourceRequest() checks report-only CSP headers, so that | 474 // Tests that PopulateResourceRequest() checks report-only CSP headers, so that |
475 // any violations are reported before the request is modified. | 475 // any violations are reported before the request is modified. |
476 TEST_F(FrameFetchContextTest, PopulateResourceRequestChecksReportOnlyCSP) { | 476 TEST_F(FrameFetchContextTest, PopulateResourceRequestChecksReportOnlyCSP) { |
(...skipping 428 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
905 SetFilterPolicy(WebDocumentSubresourceFilter::kWouldDisallow); | 905 SetFilterPolicy(WebDocumentSubresourceFilter::kWouldDisallow); |
906 | 906 |
907 EXPECT_EQ(ResourceRequestBlockedReason::kNone, CanRequest()); | 907 EXPECT_EQ(ResourceRequestBlockedReason::kNone, CanRequest()); |
908 EXPECT_EQ(0, GetFilteredLoadCallCount()); | 908 EXPECT_EQ(0, GetFilteredLoadCallCount()); |
909 | 909 |
910 EXPECT_EQ(ResourceRequestBlockedReason::kNone, CanRequestPreload()); | 910 EXPECT_EQ(ResourceRequestBlockedReason::kNone, CanRequestPreload()); |
911 EXPECT_EQ(0, GetFilteredLoadCallCount()); | 911 EXPECT_EQ(0, GetFilteredLoadCallCount()); |
912 } | 912 } |
913 | 913 |
914 } // namespace blink | 914 } // namespace blink |
OLD | NEW |