Index: Source/platform/weborigin/SecurityOriginTest.cpp |
diff --git a/Source/platform/weborigin/SecurityOriginTest.cpp b/Source/platform/weborigin/SecurityOriginTest.cpp |
index 90f5c93618152c965560d27816469ea16693becf..554c3b6e6da72b79d29aaa4b8ae31d830fc2979d 100644 |
--- a/Source/platform/weborigin/SecurityOriginTest.cpp |
+++ b/Source/platform/weborigin/SecurityOriginTest.cpp |
@@ -60,5 +60,48 @@ TEST(SecurityOriginTest, ValidPortsCreateNonUniqueOrigins) |
} |
} |
+TEST(SecurityOriginTest, CanAccessFeatureRequringSecureOrigin) |
+{ |
+ struct TestCase { |
+ bool accessGranted; |
+ const char* url; |
+ }; |
+ |
+ TestCase inputs[] = { |
+ // Access is granted to webservers running on localhost. |
+ { true, "http://localhost" }, |
+ { true, "http://localhost:100" }, |
+ { true, "http://127.0.0.1" }, |
+ { true, "http://[::1]" }, |
+ { true, "http://[::1]:80" }, |
+ { true, "http://127.0.0.1:80" }, |
palmer
2014/05/24 01:44:30
Maybe throw in a few more non-standard ports just
eroman
2014/05/24 02:08:57
Done. Expanded on the tests:
* Added ftp://local
|
+ { true, "ws://127.0.0.1" }, |
+ |
+ // Access is granted to all secure transports. |
+ { true, "https://foobar.com" }, |
+ { true, "wss://foobar.com" }, |
+ |
+ // Access is denied to insecure transports. |
+ { false, "ftp://foobar.com" }, |
+ { false, "http://foobar.com" }, |
+ { false, "ws://foobar.com" }, |
+ { false, "data:text/html;charset=utf-8;base64,PHNjcmlwdD5hbGVydCgnaGkhJyk8L3NjcmlwdD4=" }, |
+ { false, "javascript:alert('hi')" }, |
+ |
+ // Access is granted to local files |
+ { true, "file:///home/foobar/index.html" }, |
+ }; |
+ |
+ for (size_t i = 0; i < ARRAYSIZE_UNSAFE(inputs); ++i) { |
+ SCOPED_TRACE(i); |
+ RefPtr<SecurityOrigin> origin = SecurityOrigin::createFromString(inputs[i].url); |
+ EXPECT_EQ(inputs[i].accessGranted, origin->canAccessFeatureRequiringSecureOrigin()); |
+ } |
+ |
+ // Unique origins are not considered secure. |
+ RefPtr<SecurityOrigin> uniqueOrigin = SecurityOrigin::createUnique(); |
+ EXPECT_FALSE(uniqueOrigin->canAccessFeatureRequiringSecureOrigin()); |
+} |
+ |
} // namespace |