Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1812)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/android/javatests/src/org/chromium/chrome/browser/customtabs/ClientManagerTest.java

Issue 2893483007: android:Early reject non-https origins for postMessage (Closed)
Patch Set: Lint Created 3 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/android/java/src/org/chromium/chrome/browser/customtabs/OriginVerifier.java ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/android/javatests/src/org/chromium/chrome/browser/customtabs/ClientManagerTest.java
diff --git a/chrome/android/javatests/src/org/chromium/chrome/browser/customtabs/ClientManagerTest.java b/chrome/android/javatests/src/org/chromium/chrome/browser/customtabs/ClientManagerTest.java
index 70e0b83632eadfc817482208f19d19e76d47fa7a..3ce29345573e08a94f39fc991685ee87d16dcd85 100644
--- a/chrome/android/javatests/src/org/chromium/chrome/browser/customtabs/ClientManagerTest.java
+++ b/chrome/android/javatests/src/org/chromium/chrome/browser/customtabs/ClientManagerTest.java
@@ -34,6 +34,8 @@ public class ClientManagerTest {
public NativeLibraryTestRule mActivityTestRule = new NativeLibraryTestRule();
private static final String URL = "https://www.android.com";
+ private static final String HTTP_URL = "http://www.android.com";
+
private ClientManager mClientManager;
private CustomTabsSessionToken mSession =
CustomTabsSessionToken.createDummySessionTokenForTesting();
@@ -189,6 +191,28 @@ public class ClientManagerTest {
@Test
@SmallTest
+ public void testPostMessageOriginHttpNotAllowed() {
+ Assert.assertTrue(
+ mClientManager.newSession(mSession, mUid, null, new PostMessageHandler(mSession)));
+ // Should always start with no origin.
+ Assert.assertNull(mClientManager.getPostMessageOriginForSessionForTesting(mSession));
+
+ // With no prepopulated origins, this verification should fail.
+ mClientManager.verifyAndInitializeWithPostMessageOriginForSession(
+ mSession, Uri.parse(HTTP_URL));
+ Assert.assertNull(mClientManager.getPostMessageOriginForSessionForTesting(mSession));
+
+ // Even if there is a prepopulated origin, non-https origins should get an early return with
+ // false.
+ OriginVerifier.prePopulateVerifiedOriginForTesting(
+ ContextUtils.getApplicationContext().getPackageName(), Uri.parse(HTTP_URL));
+ mClientManager.verifyAndInitializeWithPostMessageOriginForSession(
+ mSession, Uri.parse(HTTP_URL));
+ Assert.assertNull(mClientManager.getPostMessageOriginForSessionForTesting(mSession));
+ }
+
+ @Test
+ @SmallTest
public void testFirstLowConfidencePredictionIsNotThrottled() {
Context context = InstrumentationRegistry.getInstrumentation()
.getTargetContext()
« no previous file with comments | « chrome/android/java/src/org/chromium/chrome/browser/customtabs/OriginVerifier.java ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698