OLD | NEW |
1 // Copyright 2017 The Chromium Authors. All rights reserved. | 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/common/content_security_policy/csp_source_list.h" | 5 #include "content/common/content_security_policy/csp_source_list.h" |
6 #include "content/common/content_security_policy/csp_context.h" | 6 #include "content/common/content_security_policy/csp_context.h" |
7 #include "testing/gtest/include/gtest/gtest.h" | 7 #include "testing/gtest/include/gtest/gtest.h" |
8 | 8 |
9 namespace content { | 9 namespace content { |
10 | 10 |
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
62 context.SetSelf(url::Origin(GURL("http://example.com"))); | 62 context.SetSelf(url::Origin(GURL("http://example.com"))); |
63 CSPSourceList source_list(true, // allow_self | 63 CSPSourceList source_list(true, // allow_self |
64 false, // allow_star: | 64 false, // allow_star: |
65 std::vector<CSPSource>()); // source_list | 65 std::vector<CSPSource>()); // source_list |
66 EXPECT_TRUE(Allow(source_list, GURL("http://example.com"), &context)); | 66 EXPECT_TRUE(Allow(source_list, GURL("http://example.com"), &context)); |
67 EXPECT_FALSE(Allow(source_list, GURL("http://not-example.com"), &context)); | 67 EXPECT_FALSE(Allow(source_list, GURL("http://not-example.com"), &context)); |
68 EXPECT_TRUE(Allow(source_list, GURL("https://example.com"), &context)); | 68 EXPECT_TRUE(Allow(source_list, GURL("https://example.com"), &context)); |
69 EXPECT_FALSE(Allow(source_list, GURL("ws://example.com"), &context)); | 69 EXPECT_FALSE(Allow(source_list, GURL("ws://example.com"), &context)); |
70 } | 70 } |
71 | 71 |
| 72 TEST(CSPSourceList, AllowStarAndSelf) { |
| 73 CSPContext context; |
| 74 context.SetSelf(url::Origin(GURL("https://a.com"))); |
| 75 CSPSourceList source_list(false, // allow_self |
| 76 false, // allow_star |
| 77 std::vector<CSPSource>()); |
| 78 |
| 79 // If the request is allowed by {*} and not by {'self'} then it should be |
| 80 // allowed by the union {*,'self'}. |
| 81 source_list.allow_self = true; |
| 82 source_list.allow_star = false; |
| 83 EXPECT_FALSE(Allow(source_list, GURL("http://b.com"), &context)); |
| 84 source_list.allow_self = false; |
| 85 source_list.allow_star = true; |
| 86 EXPECT_TRUE(Allow(source_list, GURL("http://b.com"), &context)); |
| 87 source_list.allow_self = true; |
| 88 source_list.allow_star = true; |
| 89 EXPECT_TRUE(Allow(source_list, GURL("http://b.com"), &context)); |
| 90 } |
| 91 |
72 TEST(CSPSourceList, AllowSelfWithUnspecifiedPort) { | 92 TEST(CSPSourceList, AllowSelfWithUnspecifiedPort) { |
73 CSPContext context; | 93 CSPContext context; |
74 context.SetSelf(url::Origin(GURL("chrome://print"))); | 94 context.SetSelf(url::Origin(GURL("chrome://print"))); |
75 CSPSourceList source_list(true, // allow_self | 95 CSPSourceList source_list(true, // allow_self |
76 false, // allow_star: | 96 false, // allow_star: |
77 std::vector<CSPSource>()); // source_list | 97 std::vector<CSPSource>()); // source_list |
78 | 98 |
79 EXPECT_TRUE(Allow( | 99 EXPECT_TRUE(Allow( |
80 source_list, | 100 source_list, |
81 GURL("chrome://print/pdf_preview.html?chrome://print/1/0/print.pdf"), | 101 GURL("chrome://print/pdf_preview.html?chrome://print/1/0/print.pdf"), |
(...skipping 20 matching lines...) Expand all Loading... |
102 context.SetSelf(url::Origin(GURL("http://a.com"))); | 122 context.SetSelf(url::Origin(GURL("http://a.com"))); |
103 EXPECT_TRUE(Allow(source_list, GURL("http://a.com"), &context)); | 123 EXPECT_TRUE(Allow(source_list, GURL("http://a.com"), &context)); |
104 EXPECT_FALSE(Allow(source_list, GURL("data:text/html,hello"), &context)); | 124 EXPECT_FALSE(Allow(source_list, GURL("data:text/html,hello"), &context)); |
105 | 125 |
106 context.SetSelf(url::Origin(GURL("data:text/html,<iframe src=[...]>"))); | 126 context.SetSelf(url::Origin(GURL("data:text/html,<iframe src=[...]>"))); |
107 EXPECT_FALSE(Allow(source_list, GURL("http://a.com"), &context)); | 127 EXPECT_FALSE(Allow(source_list, GURL("http://a.com"), &context)); |
108 EXPECT_FALSE(Allow(source_list, GURL("data:text/html,hello"), &context)); | 128 EXPECT_FALSE(Allow(source_list, GURL("data:text/html,hello"), &context)); |
109 } | 129 } |
110 | 130 |
111 } // namespace content | 131 } // namespace content |
OLD | NEW |