| Index: chrome/browser/ssl/security_state_tab_helper_browser_tests.cc
|
| diff --git a/chrome/browser/ssl/security_state_tab_helper_browser_tests.cc b/chrome/browser/ssl/security_state_tab_helper_browser_tests.cc
|
| index 8af6de1cc0d9639a45584a7f3df98f5eabad5e0c..f6aa2405f1c549024c39c148910235a361f0a24b 100644
|
| --- a/chrome/browser/ssl/security_state_tab_helper_browser_tests.cc
|
| +++ b/chrome/browser/ssl/security_state_tab_helper_browser_tests.cc
|
| @@ -9,6 +9,7 @@
|
| #include "base/macros.h"
|
| #include "base/strings/string_split.h"
|
| #include "base/strings/utf_string_conversions.h"
|
| +#include "base/test/scoped_command_line.h"
|
| #include "base/threading/sequenced_worker_pool.h"
|
| #include "chrome/browser/ssl/cert_verifier_browser_test.h"
|
| #include "chrome/browser/ssl/ssl_blocking_page.h"
|
| @@ -372,6 +373,21 @@ class SecurityStateTabHelperTest : public CertVerifierBrowserTest {
|
| DISALLOW_COPY_AND_ASSIGN(SecurityStateTabHelperTest);
|
| };
|
|
|
| +// Same as SecurityStateTabHelperTest, but with Incognito enabled.
|
| +class SecurityStateTabHelperIncognitoTest : public SecurityStateTabHelperTest {
|
| + public:
|
| + SecurityStateTabHelperIncognitoTest() : SecurityStateTabHelperTest() {}
|
| +
|
| + void SetUpCommandLine(base::CommandLine* command_line) override {
|
| + SecurityStateTabHelperTest::SetUpCommandLine(command_line);
|
| + // Test should run Incognito.
|
| + command_line->AppendSwitch(switches::kIncognito);
|
| + }
|
| +
|
| + private:
|
| + DISALLOW_COPY_AND_ASSIGN(SecurityStateTabHelperIncognitoTest);
|
| +};
|
| +
|
| class DidChangeVisibleSecurityStateTest : public InProcessBrowserTest {
|
| public:
|
| DidChangeVisibleSecurityStateTest()
|
| @@ -933,6 +949,7 @@ class SecurityStateLoadingTest : public SecurityStateTabHelperTest {
|
| embedded_test_server()->GetURL("/title1.html").host()));
|
| }
|
|
|
| + private:
|
| DISALLOW_COPY_AND_ASSIGN(SecurityStateLoadingTest);
|
| };
|
|
|
| @@ -983,6 +1000,17 @@ IN_PROC_BROWSER_TEST_F(SecurityStateTabHelperTest,
|
| ASSERT_TRUE(entry);
|
| EXPECT_TRUE(entry->GetSSL().content_status &
|
| content::SSLStatus::DISPLAYED_PASSWORD_FIELD_ON_HTTP);
|
| +
|
| + {
|
| + // Ensure the warning is still present when HTTPBad Phase 2 flag is enabled.
|
| + base::test::ScopedCommandLine scoped_command_line;
|
| + scoped_command_line.GetProcessCommandLine()->AppendSwitchASCII(
|
| + security_state::switches::kMarkHttpAs,
|
| + security_state::switches::kMarkHttpAsNonSecureWhileIncognito);
|
| +
|
| + helper->GetSecurityInfo(&security_info);
|
| + EXPECT_EQ(security_state::HTTP_SHOW_WARNING, security_info.security_level);
|
| + }
|
| }
|
|
|
| // Tests that when a visible password field is detected on a blob URL, the
|
| @@ -1352,6 +1380,7 @@ IN_PROC_BROWSER_TEST_F(SecurityStateTabHelperTest,
|
| contents, "document.getElementById('navFrame').src = '/title2.html';"));
|
| subframe_observer.Wait();
|
| contents->OnCreditCardInputShownOnHttp();
|
| + helper->GetSecurityInfo(&security_info);
|
| EXPECT_EQ(security_state::HTTP_SHOW_WARNING, security_info.security_level);
|
|
|
| // Do a main frame navigation and then trigger HTTP_SHOW_WARNING
|
| @@ -1428,6 +1457,7 @@ IN_PROC_BROWSER_TEST_F(SecurityStateTabHelperTest,
|
| EXPECT_TRUE(content::ExecuteScript(
|
| contents, "history.pushState({ foo: 'bar' }, 'foo', 'bar');"));
|
| contents->OnCreditCardInputShownOnHttp();
|
| + helper->GetSecurityInfo(&security_info);
|
| EXPECT_EQ(security_state::HTTP_SHOW_WARNING, security_info.security_level);
|
|
|
| // Do a main frame navigation and then trigger HTTP_SHOW_WARNING
|
| @@ -1614,6 +1644,117 @@ IN_PROC_BROWSER_TEST_F(DidChangeVisibleSecurityStateTest,
|
| EXPECT_TRUE(observer.latest_explanations().summary.empty());
|
| }
|
|
|
| +// Tests that the security level of a HTTP page in Incognito mode is downgraded
|
| +// to HTTP_SHOW_WARNING when MarkHttpAsNonSecureWhileIncognito is enabled.
|
| +IN_PROC_BROWSER_TEST_F(SecurityStateTabHelperIncognitoTest,
|
| + SecurityLevelDowngradedForHTTPInIncognito) {
|
| + // Set the mode using the command line flag rather than the field trial to
|
| + // ensure that fieldtrial_testing_config.json does not interfere.
|
| + base::test::ScopedCommandLine scoped_command_line;
|
| + scoped_command_line.GetProcessCommandLine()->AppendSwitchASCII(
|
| + security_state::switches::kMarkHttpAs,
|
| + security_state::switches::kMarkHttpAsNonSecureWhileIncognito);
|
| +
|
| + content::WebContents* contents =
|
| + browser()->tab_strip_model()->GetActiveWebContents();
|
| + ASSERT_TRUE(contents);
|
| +
|
| + ASSERT_TRUE(contents->GetBrowserContext()->IsOffTheRecord());
|
| +
|
| + SecurityStyleTestObserver observer(contents);
|
| +
|
| + SecurityStateTabHelper* helper =
|
| + SecurityStateTabHelper::FromWebContents(contents);
|
| + ASSERT_TRUE(helper);
|
| +
|
| + // Navigate to an HTTP page. Use a non-local hostname so that is it
|
| + // not considered secure.
|
| + GURL http_url =
|
| + GetURLWithNonLocalHostname(embedded_test_server(), "/title1.html");
|
| + ui_test_utils::NavigateToURL(browser(), http_url);
|
| +
|
| + security_state::SecurityInfo security_info;
|
| + helper->GetSecurityInfo(&security_info);
|
| + EXPECT_TRUE(security_info.is_incognito);
|
| + EXPECT_EQ(security_state::HTTP_SHOW_WARNING, security_info.security_level);
|
| + EXPECT_EQ(1u, observer.latest_explanations().neutral_explanations.size());
|
| + EXPECT_EQ(blink::kWebSecurityStyleNeutral, observer.latest_security_style());
|
| +
|
| + // Ensure that same-page pushstate does not add another notice.
|
| + EXPECT_TRUE(content::ExecuteScript(
|
| + contents, "history.pushState({ foo: 'bar' }, 'foo', 'bar');"));
|
| + EXPECT_EQ(1u, observer.latest_explanations().neutral_explanations.size());
|
| + EXPECT_EQ(blink::kWebSecurityStyleNeutral, observer.latest_security_style());
|
| +}
|
| +
|
| +// Tests that the security level of a HTTP page is NEUTRAL when MarkHttpAs is
|
| +// not set.
|
| +IN_PROC_BROWSER_TEST_F(SecurityStateTabHelperIncognitoTest,
|
| + SecurityLevelNeutralByDefaultForHTTP) {
|
| + content::WebContents* contents =
|
| + browser()->tab_strip_model()->GetActiveWebContents();
|
| + ASSERT_TRUE(contents);
|
| +
|
| + ASSERT_TRUE(contents->GetBrowserContext()->IsOffTheRecord());
|
| +
|
| + SecurityStyleTestObserver observer(contents);
|
| +
|
| + SecurityStateTabHelper* helper =
|
| + SecurityStateTabHelper::FromWebContents(contents);
|
| + ASSERT_TRUE(helper);
|
| +
|
| + // Navigate to an HTTP page. Use a non-local hostname so that is it
|
| + // not considered secure.
|
| + GURL http_url =
|
| + GetURLWithNonLocalHostname(embedded_test_server(), "/title1.html");
|
| + ui_test_utils::NavigateToURL(browser(), http_url);
|
| +
|
| + security_state::SecurityInfo security_info;
|
| + helper->GetSecurityInfo(&security_info);
|
| + // The Incognito flag is unset to avoid incorrect logging in the console and
|
| + // developer tools.
|
| + EXPECT_FALSE(security_info.is_incognito);
|
| + EXPECT_EQ(security_state::NONE, security_info.security_level);
|
| + EXPECT_EQ(0u, observer.latest_explanations().neutral_explanations.size());
|
| + EXPECT_EQ(blink::kWebSecurityStyleNeutral, observer.latest_security_style());
|
| +}
|
| +
|
| +// Tests that the security level of a HTTP page is downgraded to DANGEROUS when
|
| +// MarkHttpAsDangerous is enabled.
|
| +IN_PROC_BROWSER_TEST_F(SecurityStateTabHelperIncognitoTest,
|
| + SecurityLevelDangerousWhenMarkHttpAsDangerous) {
|
| + base::test::ScopedCommandLine scoped_command_line;
|
| + scoped_command_line.GetProcessCommandLine()->AppendSwitchASCII(
|
| + security_state::switches::kMarkHttpAs,
|
| + security_state::switches::kMarkHttpAsDangerous);
|
| +
|
| + content::WebContents* contents =
|
| + browser()->tab_strip_model()->GetActiveWebContents();
|
| + ASSERT_TRUE(contents);
|
| +
|
| + ASSERT_TRUE(contents->GetBrowserContext()->IsOffTheRecord());
|
| +
|
| + SecurityStyleTestObserver observer(contents);
|
| +
|
| + SecurityStateTabHelper* helper =
|
| + SecurityStateTabHelper::FromWebContents(contents);
|
| + ASSERT_TRUE(helper);
|
| +
|
| + // Navigate to an HTTP page. Use a non-local hostname so that is it
|
| + // not considered secure.
|
| + GURL http_url =
|
| + GetURLWithNonLocalHostname(embedded_test_server(), "/title1.html");
|
| + ui_test_utils::NavigateToURL(browser(), http_url);
|
| +
|
| + security_state::SecurityInfo security_info;
|
| + helper->GetSecurityInfo(&security_info);
|
| + // The Incognito flag is unset to avoid incorrect logging in the console and
|
| + // developer tools.
|
| + EXPECT_FALSE(security_info.is_incognito);
|
| + EXPECT_EQ(security_state::DANGEROUS, security_info.security_level);
|
| + EXPECT_EQ(blink::kWebSecurityStyleInsecure, observer.latest_security_style());
|
| +}
|
| +
|
| // Visit a valid HTTPS page, then a broken HTTPS page, and then go back,
|
| // and test that the observed security style matches.
|
| #if defined(OS_CHROMEOS)
|
|
|
Chromium Code Reviews
Issue 2917873004:
Implement 'Not secure' warning for non-secure pages in Incognito mode (Closed)
