Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(47)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/common/content_security_policy/csp_source_list_unittest.cc

Issue 2944373002: CSP: Remove wrong DCHECK in CSPSourceList (Closed)
Patch Set: Add test Created 3 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/common/content_security_policy/csp_source_list.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2017 The Chromium Authors. All rights reserved. 1 // Copyright 2017 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/common/content_security_policy/csp_source_list.h" 5 #include "content/common/content_security_policy/csp_source_list.h"
6 #include "content/common/content_security_policy/csp_context.h" 6 #include "content/common/content_security_policy/csp_context.h"
7 #include "testing/gtest/include/gtest/gtest.h" 7 #include "testing/gtest/include/gtest/gtest.h"
8 8
9 namespace content { 9 namespace content {
10 10
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after
62 context.SetSelf(url::Origin(GURL("http://example.com"))); 62 context.SetSelf(url::Origin(GURL("http://example.com")));
63 CSPSourceList source_list(true, // allow_self 63 CSPSourceList source_list(true, // allow_self
64 false, // allow_star: 64 false, // allow_star:
65 std::vector<CSPSource>()); // source_list 65 std::vector<CSPSource>()); // source_list
66 EXPECT_TRUE(Allow(source_list, GURL("http://example.com"), &context)); 66 EXPECT_TRUE(Allow(source_list, GURL("http://example.com"), &context));
67 EXPECT_FALSE(Allow(source_list, GURL("http://not-example.com"), &context)); 67 EXPECT_FALSE(Allow(source_list, GURL("http://not-example.com"), &context));
68 EXPECT_TRUE(Allow(source_list, GURL("https://example.com"), &context)); 68 EXPECT_TRUE(Allow(source_list, GURL("https://example.com"), &context));
69 EXPECT_FALSE(Allow(source_list, GURL("ws://example.com"), &context)); 69 EXPECT_FALSE(Allow(source_list, GURL("ws://example.com"), &context));
70 } 70 }
71 71
72 TEST(CSPSourceList, AllowStarAndSelf) {
73 CSPContext context;
74 context.SetSelf(url::Origin(GURL("https://a.com")));
75 CSPSourceList source_list(false, // allow_self
76 false, // allow_star
77 std::vector<CSPSource>());
78
79 // If the request is allowed by {*} and not by {'self'} then it should be
80 // allowed by the union {*,'self'}.
81 source_list.allow_self = true;
82 source_list.allow_star = false;
83 EXPECT_FALSE(Allow(source_list, GURL("http://b.com"), &context));
84 source_list.allow_self = false;
85 source_list.allow_star = true;
86 EXPECT_TRUE(Allow(source_list, GURL("http://b.com"), &context));
87 source_list.allow_self = true;
88 source_list.allow_star = true;
89 EXPECT_TRUE(Allow(source_list, GURL("http://b.com"), &context));
90 }
91
72 TEST(CSPSourceList, AllowSelfWithUnspecifiedPort) { 92 TEST(CSPSourceList, AllowSelfWithUnspecifiedPort) {
73 CSPContext context; 93 CSPContext context;
74 context.SetSelf(url::Origin(GURL("chrome://print"))); 94 context.SetSelf(url::Origin(GURL("chrome://print")));
75 CSPSourceList source_list(true, // allow_self 95 CSPSourceList source_list(true, // allow_self
76 false, // allow_star: 96 false, // allow_star:
77 std::vector<CSPSource>()); // source_list 97 std::vector<CSPSource>()); // source_list
78 98
79 EXPECT_TRUE(Allow( 99 EXPECT_TRUE(Allow(
80 source_list, 100 source_list,
81 GURL("chrome://print/pdf_preview.html?chrome://print/1/0/print.pdf"), 101 GURL("chrome://print/pdf_preview.html?chrome://print/1/0/print.pdf"),
(...skipping 20 matching lines...) Expand all
102 context.SetSelf(url::Origin(GURL("http://a.com"))); 122 context.SetSelf(url::Origin(GURL("http://a.com")));
103 EXPECT_TRUE(Allow(source_list, GURL("http://a.com"), &context)); 123 EXPECT_TRUE(Allow(source_list, GURL("http://a.com"), &context));
104 EXPECT_FALSE(Allow(source_list, GURL("data:text/html,hello"), &context)); 124 EXPECT_FALSE(Allow(source_list, GURL("data:text/html,hello"), &context));
105 125
106 context.SetSelf(url::Origin(GURL("data:text/html,<iframe src=[...]>"))); 126 context.SetSelf(url::Origin(GURL("data:text/html,<iframe src=[...]>")));
107 EXPECT_FALSE(Allow(source_list, GURL("http://a.com"), &context)); 127 EXPECT_FALSE(Allow(source_list, GURL("http://a.com"), &context));
108 EXPECT_FALSE(Allow(source_list, GURL("data:text/html,hello"), &context)); 128 EXPECT_FALSE(Allow(source_list, GURL("data:text/html,hello"), &context));
109 } 129 }
110 130
111 } // namespace content 131 } // namespace content
OLDNEW
« no previous file with comments | « content/common/content_security_policy/csp_source_list.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698