| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (c) 2015, Google Inc. All rights reserved. | 2 * Copyright (c) 2015, Google Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
| 6 * met: | 6 * met: |
| 7 * | 7 * |
| 8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
| (...skipping 261 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 272 | 272 |
| 273 // Calling modifyRequestForCSP more than once shouldn't affect the | 273 // Calling modifyRequestForCSP more than once shouldn't affect the |
| 274 // header. | 274 // header. |
| 275 if (should_prefer) { | 275 if (should_prefer) { |
| 276 fetch_context->ModifyRequestForCSP(resource_request); | 276 fetch_context->ModifyRequestForCSP(resource_request); |
| 277 EXPECT_EQ("1", resource_request.HttpHeaderField( | 277 EXPECT_EQ("1", resource_request.HttpHeaderField( |
| 278 HTTPNames::Upgrade_Insecure_Requests)); | 278 HTTPNames::Upgrade_Insecure_Requests)); |
| 279 } | 279 } |
| 280 } | 280 } |
| 281 | 281 |
| 282 void ExpectSetEmbeddingCSPRequestHeader( | 282 void ExpectSetRequiredCSPRequestHeader( |
| 283 const char* input, | 283 const char* input, |
| 284 WebURLRequest::FrameType frame_type, | 284 WebURLRequest::FrameType frame_type, |
| 285 const AtomicString& expected_embedding_csp) { | 285 const AtomicString& expected_required_csp) { |
| 286 KURL input_url(kParsedURLString, input); | 286 KURL input_url(kParsedURLString, input); |
| 287 ResourceRequest resource_request(input_url); | 287 ResourceRequest resource_request(input_url); |
| 288 resource_request.SetRequestContext(WebURLRequest::kRequestContextScript); | 288 resource_request.SetRequestContext(WebURLRequest::kRequestContextScript); |
| 289 resource_request.SetFrameType(frame_type); | 289 resource_request.SetFrameType(frame_type); |
| 290 | 290 |
| 291 fetch_context->ModifyRequestForCSP(resource_request); | 291 fetch_context->ModifyRequestForCSP(resource_request); |
| 292 | 292 |
| 293 EXPECT_EQ(expected_embedding_csp, | 293 EXPECT_EQ(expected_required_csp, |
| 294 resource_request.HttpHeaderField(HTTPNames::Embedding_CSP)); | 294 resource_request.HttpHeaderField(HTTPNames::Required_CSP)); |
| 295 } | 295 } |
| 296 | 296 |
| 297 void SetFrameOwnerBasedOnFrameType(WebURLRequest::FrameType frame_type, | 297 void SetFrameOwnerBasedOnFrameType(WebURLRequest::FrameType frame_type, |
| 298 HTMLIFrameElement* iframe, | 298 HTMLIFrameElement* iframe, |
| 299 const AtomicString& potential_value) { | 299 const AtomicString& potential_value) { |
| 300 if (frame_type != WebURLRequest::kFrameTypeNested) { | 300 if (frame_type != WebURLRequest::kFrameTypeNested) { |
| 301 document->GetFrame()->SetOwner(nullptr); | 301 document->GetFrame()->SetOwner(nullptr); |
| 302 return; | 302 return; |
| 303 } | 303 } |
| 304 | 304 |
| (...skipping 128 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 433 document->SetInsecureRequestPolicy(kLeaveInsecureRequestsAlone); | 433 document->SetInsecureRequestPolicy(kLeaveInsecureRequestsAlone); |
| 434 ExpectUpgradeInsecureRequestHeader(test.to_request, test.frame_type, | 434 ExpectUpgradeInsecureRequestHeader(test.to_request, test.frame_type, |
| 435 test.should_prefer); | 435 test.should_prefer); |
| 436 | 436 |
| 437 document->SetInsecureRequestPolicy(kUpgradeInsecureRequests); | 437 document->SetInsecureRequestPolicy(kUpgradeInsecureRequests); |
| 438 ExpectUpgradeInsecureRequestHeader(test.to_request, test.frame_type, | 438 ExpectUpgradeInsecureRequestHeader(test.to_request, test.frame_type, |
| 439 test.should_prefer); | 439 test.should_prefer); |
| 440 } | 440 } |
| 441 } | 441 } |
| 442 | 442 |
| 443 TEST_F(FrameFetchContextModifyRequestTest, SendEmbeddingCSPHeader) { | 443 TEST_F(FrameFetchContextModifyRequestTest, SendRequiredCSPHeader) { |
| 444 struct TestCase { | 444 struct TestCase { |
| 445 const char* to_request; | 445 const char* to_request; |
| 446 WebURLRequest::FrameType frame_type; | 446 WebURLRequest::FrameType frame_type; |
| 447 } tests[] = { | 447 } tests[] = { |
| 448 {"https://example.test/page.html", WebURLRequest::kFrameTypeAuxiliary}, | 448 {"https://example.test/page.html", WebURLRequest::kFrameTypeAuxiliary}, |
| 449 {"https://example.test/page.html", WebURLRequest::kFrameTypeNested}, | 449 {"https://example.test/page.html", WebURLRequest::kFrameTypeNested}, |
| 450 {"https://example.test/page.html", WebURLRequest::kFrameTypeNone}, | 450 {"https://example.test/page.html", WebURLRequest::kFrameTypeNone}, |
| 451 {"https://example.test/page.html", WebURLRequest::kFrameTypeTopLevel}}; | 451 {"https://example.test/page.html", WebURLRequest::kFrameTypeTopLevel}}; |
| 452 | 452 |
| 453 HTMLIFrameElement* iframe = HTMLIFrameElement::Create(*document); | 453 HTMLIFrameElement* iframe = HTMLIFrameElement::Create(*document); |
| 454 const AtomicString& required_csp = AtomicString("default-src 'none'"); | 454 const AtomicString& required_csp = AtomicString("default-src 'none'"); |
| 455 const AtomicString& another_required_csp = AtomicString("default-src 'self'"); | 455 const AtomicString& another_required_csp = AtomicString("default-src 'self'"); |
| 456 | 456 |
| 457 for (const auto& test : tests) { | 457 for (const auto& test : tests) { |
| 458 SetFrameOwnerBasedOnFrameType(test.frame_type, iframe, required_csp); | 458 SetFrameOwnerBasedOnFrameType(test.frame_type, iframe, required_csp); |
| 459 ExpectSetEmbeddingCSPRequestHeader( | 459 ExpectSetRequiredCSPRequestHeader( |
| 460 test.to_request, test.frame_type, | 460 test.to_request, test.frame_type, |
| 461 test.frame_type == WebURLRequest::kFrameTypeNested ? required_csp | 461 test.frame_type == WebURLRequest::kFrameTypeNested ? required_csp |
| 462 : g_null_atom); | 462 : g_null_atom); |
| 463 | 463 |
| 464 SetFrameOwnerBasedOnFrameType(test.frame_type, iframe, | 464 SetFrameOwnerBasedOnFrameType(test.frame_type, iframe, |
| 465 another_required_csp); | 465 another_required_csp); |
| 466 ExpectSetEmbeddingCSPRequestHeader( | 466 ExpectSetRequiredCSPRequestHeader( |
| 467 test.to_request, test.frame_type, | 467 test.to_request, test.frame_type, |
| 468 test.frame_type == WebURLRequest::kFrameTypeNested | 468 test.frame_type == WebURLRequest::kFrameTypeNested |
| 469 ? another_required_csp | 469 ? another_required_csp |
| 470 : g_null_atom); | 470 : g_null_atom); |
| 471 } | 471 } |
| 472 } | 472 } |
| 473 | 473 |
| 474 // Tests that PopulateResourceRequest() checks report-only CSP headers, so that | 474 // Tests that PopulateResourceRequest() checks report-only CSP headers, so that |
| 475 // any violations are reported before the request is modified. | 475 // any violations are reported before the request is modified. |
| 476 TEST_F(FrameFetchContextTest, PopulateResourceRequestChecksReportOnlyCSP) { | 476 TEST_F(FrameFetchContextTest, PopulateResourceRequestChecksReportOnlyCSP) { |
| (...skipping 428 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 905 SetFilterPolicy(WebDocumentSubresourceFilter::kWouldDisallow); | 905 SetFilterPolicy(WebDocumentSubresourceFilter::kWouldDisallow); |
| 906 | 906 |
| 907 EXPECT_EQ(ResourceRequestBlockedReason::kNone, CanRequest()); | 907 EXPECT_EQ(ResourceRequestBlockedReason::kNone, CanRequest()); |
| 908 EXPECT_EQ(0, GetFilteredLoadCallCount()); | 908 EXPECT_EQ(0, GetFilteredLoadCallCount()); |
| 909 | 909 |
| 910 EXPECT_EQ(ResourceRequestBlockedReason::kNone, CanRequestPreload()); | 910 EXPECT_EQ(ResourceRequestBlockedReason::kNone, CanRequestPreload()); |
| 911 EXPECT_EQ(0, GetFilteredLoadCallCount()); | 911 EXPECT_EQ(0, GetFilteredLoadCallCount()); |
| 912 } | 912 } |
| 913 | 913 |
| 914 } // namespace blink | 914 } // namespace blink |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2892903002:
Renamed `embedding-csp` HTTP request header to `required-csp`. (Closed)
