Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(36)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/browser/frame_host/navigation_handle_impl_browsertest.cc

Issue 2898763004: PlzNavigateNavigationHandleImplBrowserTest.BlockedRequestAfterWebUI (Closed)
Patch Set: web_contents Created 3 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/browser/frame_host/navigation_handle_impl_browsertest.cc
diff --git a/content/browser/frame_host/navigation_handle_impl_browsertest.cc b/content/browser/frame_host/navigation_handle_impl_browsertest.cc
index 6f8d0334d29c5052a9d815272d94ffc884f253ae..9f523a7831ee5febfafda4a36e3c62cddc53dacf 100644
--- a/content/browser/frame_host/navigation_handle_impl_browsertest.cc
+++ b/content/browser/frame_host/navigation_handle_impl_browsertest.cc
@@ -7,6 +7,7 @@
#include "content/browser/web_contents/web_contents_impl.h"
#include "content/public/browser/web_contents.h"
#include "content/public/browser/web_contents_observer.h"
+#include "content/public/common/bindings_policy.h"
#include "content/public/common/browser_side_navigation_policy.h"
#include "content/public/common/content_switches.h"
#include "content/public/common/request_context_type.h"
@@ -1276,4 +1277,40 @@ IN_PROC_BROWSER_TEST_F(PlzNavigateNavigationHandleImplBrowserTest,
}
}
+// Tests the case where a browser-initiated navigation to a normal webpage is
+// blocked (net::ERR_BLOCKED_BY_CLIENT) while departing from a privileged WebUI
+// page (chrome://gpu). It is a security risk for the error page to commit in
+// the privileged process.
+IN_PROC_BROWSER_TEST_F(PlzNavigateNavigationHandleImplBrowserTest,
+ BlockedRequestAfterWebUI) {
+ GURL web_ui_url("chrome://gpu");
+ WebContents* web_contents = shell()->web_contents();
+
+ // Navigate to the initial page.
+ EXPECT_FALSE(web_contents->GetMainFrame()->GetEnabledBindings() &
+ BINDINGS_POLICY_WEB_UI);
+ EXPECT_TRUE(NavigateToURL(shell(), web_ui_url));
+ EXPECT_TRUE(web_contents->GetMainFrame()->GetEnabledBindings() &
+ BINDINGS_POLICY_WEB_UI);
+ scoped_refptr<SiteInstance> web_ui_process = web_contents->GetSiteInstance();
nasko 2017/05/23 04:48:53 nit: web_ui_site_instance?
ncarter (slow) 2017/05/24 17:18:07 The name was intentional, to highlight the importa
+
+ // Start a new, non-webUI navigation that will be blocked by a
+ // NavigationThrottle.
+ GURL blocked_url("http://blocked-by-throttle.example.cc");
+ TestNavigationThrottleInstaller installer(
+ web_contents, NavigationThrottle::BLOCK_REQUEST,
+ NavigationThrottle::PROCEED, NavigationThrottle::PROCEED);
+ NavigationHandleObserver commit_observer(web_contents, blocked_url);
+ EXPECT_FALSE(NavigateToURL(shell(), blocked_url));
+ NavigationEntry* last_committed =
+ web_contents->GetController().GetLastCommittedEntry();
+ EXPECT_TRUE(last_committed);
+ EXPECT_EQ(blocked_url, last_committed->GetVirtualURL());
+ EXPECT_EQ(PAGE_TYPE_ERROR, last_committed->GetPageType());
+ EXPECT_NE(web_ui_process.get(), web_contents->GetSiteInstance());
+ EXPECT_TRUE(commit_observer.has_committed());
+ EXPECT_TRUE(commit_observer.is_error());
+ EXPECT_FALSE(commit_observer.is_renderer_initiated());
+}
+
} // namespace content
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698