net/url_request/url_request_unittest.cc - Issue 348253002: Add CORS headers to URLRequestRedirectJob.

Side by Side Diff: net/url_request/url_request_unittest.cc

Issue 348253002: Add CORS headers to URLRequestRedirectJob. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Add HTTPSRequestTest.HSTSCrossOriginAddHeaders Created 6 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "build/build_config.h"	5 #include "build/build_config.h"

6	6

7 #if defined(OS_WIN)	7 #if defined(OS_WIN)

8 #include <windows.h>	8 #include <windows.h>

9 #include <shlobj.h>	9 #include <shlobj.h>

10 #endif	10 #endif

(...skipping 6774 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
6785 EXPECT_EQ("https", req.url().scheme());	6785 EXPECT_EQ("https", req.url().scheme());

6786 EXPECT_EQ("POST", req.method());	6786 EXPECT_EQ("POST", req.method());

6787 EXPECT_EQ(kData, d.data_received());	6787 EXPECT_EQ(kData, d.data_received());

6788	6788

6789 LoadTimingInfo load_timing_info;	6789 LoadTimingInfo load_timing_info;

6790 network_delegate.GetLoadTimingInfoBeforeRedirect(&load_timing_info);	6790 network_delegate.GetLoadTimingInfoBeforeRedirect(&load_timing_info);

6791 // LoadTimingInfo of HSTS redirects is similar to that of network cache hits	6791 // LoadTimingInfo of HSTS redirects is similar to that of network cache hits

6792 TestLoadTimingCacheHitNoNetwork(load_timing_info);	6792 TestLoadTimingCacheHitNoNetwork(load_timing_info);

6793 }	6793 }

6794	6794

	6795 // Make sure that the CORS headers are added to cross-origin HSTS redirects.

	6796 TEST_F(HTTPSRequestTest, HSTSCrossOriginAddHeaders) {

	6797 static const char kOriginHeaderValue[] = "http://www.example.com";

	6798

	6799 SpawnedTestServer::SSLOptions ssl_options(

	6800 SpawnedTestServer::SSLOptions::CERT_OK);

	6801 SpawnedTestServer test_server(

	6802 SpawnedTestServer::TYPE_HTTPS,

	6803 ssl_options,

	6804 base::FilePath(FILE_PATH_LITERAL("net/data/ssl")));

	6805 ASSERT_TRUE(test_server.Start());

	6806

	6807

	6808 // Per spec, TransportSecurityState expects a domain name, rather than an IP

	6809 // address, so a MockHostResolver is needed to redirect www.somewhere.com to

	6810 // the SpawnedTestServer. By default, MockHostResolver maps all hosts

	6811 // to 127.0.0.1.

	6812 MockHostResolver host_resolver;

	6813

	6814 // Force https for www.somewhere.com.
	Ryan Sleevi 2014/09/10 21:47:47 Use a truly reserved domain name test.example foo Use a truly reserved domain name test.example foo.example example.net etc robwu 2014/09/11 11:54:29 Done. Show quoted text On 2014/09/10 21:47:47, Ryan Sleevi wrote: > Use a truly reserved domain name > > test.example > foo.example > http://example.net > > etc Done.
	6815 TransportSecurityState transport_security_state;

	6816 base::Time expiry = base::Time::Now() + base::TimeDelta::FromDays(1000);

	6817 bool include_subdomains = false;

	6818 transport_security_state.AddHSTS("www.somewhere.com", expiry,

	6819 include_subdomains);
	Ryan Sleevi 2014/09/10 21:47:47 TransportSecurityState has a MaxAge of 30 days Ju TransportSecurityState has a MaxAge of 30 days Just set the value at something simple, like a day, or an hour. robwu 2014/09/11 11:54:29 Done. Show quoted text On 2014/09/10 21:47:47, Ryan Sleevi wrote: > TransportSecurityState has a MaxAge of 30 days > > Just set the value at something simple, like a day, or an hour. Done.
	6820

	6821 TestNetworkDelegate network_delegate; // Must outlive URLRequest.

	6822

	6823 TestURLRequestContext context(true);

	6824 context.set_host_resolver(&host_resolver);

	6825 context.set_transport_security_state(&transport_security_state);

	6826 context.set_network_delegate(&network_delegate);

	6827 context.Init();

	6828

	6829 TestDelegate d;

	6830 // Navigating to https://www.somewhere.com instead of https://127.0.0.1 will

	6831 // cause a certificate error. Ignore the error.

	6832 d.set_allow_certificate_errors(true);
	Ryan Sleevi 2014/09/10 21:47:47 You don't want to do this, as this triggers the er You don't want to do this, as this triggers the error-path side-effect. Instead, use a MockCertVerifier and set_cert_verifier robwu 2014/09/11 11:54:29 Done. Note that most of the code before this line Show quoted text On 2014/09/10 21:47:47, Ryan Sleevi wrote: > You don't want to do this, as this triggers the error-path side-effect. > > Instead, use a MockCertVerifier and set_cert_verifier Done. Note that most of the code before this line was copied from the HSTSPreservesPosts test, let me know if the original test should also be edited following the previous comments as a part of this CL.
	6833 // Quit on redirect to allow response header inspection upon redirect.

	6834 d.set_quit_on_redirect(true);

	6835

	6836 scoped_ptr<URLRequest> req(context.CreateRequest(

	6837 GURL(base::StringPrintf("http://www.somewhere.com:%d/echo",

	6838 test_server.host_port_pair().port())),

	6839 DEFAULT_PRIORITY, &d, NULL));

	6840 // Set Origin header to simulate a cross-origin request.

	6841 HttpRequestHeaders request_headers;

	6842 request_headers.SetHeader("Origin", kOriginHeaderValue);

	6843 req->SetExtraRequestHeaders(request_headers);

	6844

	6845 req->Start();

	6846 base::RunLoop().Run();

	6847

	6848 const HttpResponseHeaders* headers = req->response_headers();

	6849 std::string redirect_location;

	6850 EXPECT_TRUE(headers->EnumerateHeader(NULL, "Location", &redirect_location));

	6851 EXPECT_EQ(base::StringPrintf("https://www.somewhere.com:%d/echo",

	6852 test_server.host_port_pair().port()),

	6853 redirect_location);

	6854

	6855 std::string received_cors_header;

	6856 EXPECT_TRUE(headers->EnumerateHeader(NULL, "Access-Control-Allow-Origin",

	6857 &received_cors_header));

	6858 EXPECT_EQ(kOriginHeaderValue, received_cors_header);

	6859 }

	6860

6795 namespace {	6861 namespace {

6796	6862

6797 class SSLClientAuthTestDelegate : public TestDelegate {	6863 class SSLClientAuthTestDelegate : public TestDelegate {

6798 public:	6864 public:

6799 SSLClientAuthTestDelegate() : on_certificate_requested_count_(0) {	6865 SSLClientAuthTestDelegate() : on_certificate_requested_count_(0) {

6800 }	6866 }

6801 virtual void OnCertificateRequested(	6867 virtual void OnCertificateRequested(

6802 URLRequest* request,	6868 URLRequest* request,

6803 SSLCertRequestInfo* cert_request_info) OVERRIDE {	6869 SSLCertRequestInfo* cert_request_info) OVERRIDE {

6804 on_certificate_requested_count_++;	6870 on_certificate_requested_count_++;

(...skipping 1339 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
8144	8210

8145 EXPECT_FALSE(r.is_pending());	8211 EXPECT_FALSE(r.is_pending());

8146 EXPECT_EQ(1, d->response_started_count());	8212 EXPECT_EQ(1, d->response_started_count());

8147 EXPECT_FALSE(d->received_data_before_response());	8213 EXPECT_FALSE(d->received_data_before_response());

8148 EXPECT_EQ(d->bytes_received(), static_cast<int>(file_size));	8214 EXPECT_EQ(d->bytes_received(), static_cast<int>(file_size));

8149 }	8215 }

8150 }	8216 }

8151 #endif // !defined(DISABLE_FTP_SUPPORT)	8217 #endif // !defined(DISABLE_FTP_SUPPORT)

8152	8218

8153 } // namespace net	8219 } // namespace net

OLD	NEW

« net/url_request/url_request_redirect_job.cc ('K') | « net/url_request/url_request_redirect_job.cc ('k') | no next file » | no next file with comments »