Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1473)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: Source/web/tests/WebFrameTest.cpp

Issue 570563003: Implement CSP check for manifest fetching (Closed) Base URL: svn://svn.chromium.org/blink/trunk
Patch Set: Rebased Created 6 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« Source/core/frame/csp/ContentSecurityPolicy.h ('K') | « Source/core/testing/URLTestHelpers.cpp ('k') | Source/web/tests/data/link-manifest-fetch.json » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: Source/web/tests/WebFrameTest.cpp
diff --git a/Source/web/tests/WebFrameTest.cpp b/Source/web/tests/WebFrameTest.cpp
index dd36331e7f040ac47d3788312c9e4266b133d4f7..360e1f30acae0d2ba11809113f6aac082b28f72b 100644
--- a/Source/web/tests/WebFrameTest.cpp
+++ b/Source/web/tests/WebFrameTest.cpp
@@ -48,7 +48,9 @@
#include "core/editing/SpellChecker.h"
#include "core/editing/VisiblePosition.h"
#include "core/events/MouseEvent.h"
+#include "core/fetch/FetchRequest.h"
#include "core/fetch/MemoryCache.h"
+#include "core/fetch/ResourceFetcher.h"
#include "core/frame/FrameView.h"
#include "core/frame/LocalFrame.h"
#include "core/frame/Settings.h"
@@ -130,6 +132,7 @@ class WebFrameTest : public testing::Test {
protected:
WebFrameTest()
: m_baseURL("http://www.test.com/")
+ , m_notBaseURL("http://www.nottest.com/")
Mike West 2014/09/29 11:00:46 Nit: These shouldn't be real URLs. Would you mind
, m_chromeURL("chrome://")
{
}
@@ -149,6 +152,17 @@ protected:
URLTestHelpers::registerMockedURLFromBaseURL(WebString::fromUTF8(m_chromeURL.c_str()), WebString::fromUTF8(fileName.c_str()));
}
+
+ void registerMockedHttpURLLoadWithCSP(const std::string& fileName, const std::string& csp)
+ {
+ WebURLResponse response;
+ response.initialize();
+ response.setMIMEType("text/html");
+ response.addHTTPHeaderField("Content-Security-Policy", WebString::fromUTF8(csp));
Mike West 2014/09/29 11:00:46 It would be good to add a test which verified that
+ std::string fullString = m_baseURL + fileName;
+ URLTestHelpers::registerMockedURLLoadWithCustomResponse(toKURL(fullString.c_str()), WebString::fromUTF8(fileName.c_str()), WebString::fromUTF8(""), response);
+ }
+
void applyViewportStyleOverride(FrameTestHelpers::WebViewHelper* webViewHelper)
{
RefPtrWillBeRawPtr<StyleSheetContents> styleSheet = StyleSheetContents::create(CSSParserContext(UASheetMode, 0));
@@ -191,6 +205,7 @@ protected:
}
std::string m_baseURL;
+ std::string m_notBaseURL;
std::string m_chromeURL;
};
@@ -5858,6 +5873,56 @@ TEST_F(WebFrameTest, NotifyManifestChange)
EXPECT_EQ(14, webFrameClient.manifestChangeCount());
}
+static ResourcePtr<Resource> fetchManifest(Document* document, const KURL& url)
+{
+ FetchRequest fetchRequest = FetchRequest(ResourceRequest(url), FetchInitiatorInfo());
+ fetchRequest.mutableResourceRequest().setRequestContext(WebURLRequest::RequestContextManifest);
+
+ return document->fetcher()->fetchSynchronously(fetchRequest);
+}
+
+TEST_F(WebFrameTest, ManifestFetch)
+{
+ registerMockedHttpURLLoad("foo.html");
+ registerMockedHttpURLLoad("link-manifest-fetch.json");
+
+ FrameTestHelpers::WebViewHelper webViewHelper;
+ webViewHelper.initializeAndLoad(m_baseURL + "foo.html");
+ Document* document = toWebLocalFrameImpl(webViewHelper.webViewImpl()->mainFrame())->frame()->document();
+
+ ResourcePtr<Resource> resource = fetchManifest(document, toKURL(m_baseURL + "link-manifest-fetch.json"));
+
+ EXPECT_TRUE(resource->isLoaded());
+}
+
+TEST_F(WebFrameTest, ManifestCSPFetchAllow)
+{
+ URLTestHelpers::registerMockedURLLoad(toKURL(m_notBaseURL + "link-manifest-fetch.json"), "link-manifest-fetch.json");
+ registerMockedHttpURLLoadWithCSP("foo.html", "manifest-src *");
+
+ FrameTestHelpers::WebViewHelper webViewHelper;
+ webViewHelper.initializeAndLoad(m_baseURL + "foo.html");
+ Document* document = toWebLocalFrameImpl(webViewHelper.webViewImpl()->mainFrame())->frame()->document();
+
+ ResourcePtr<Resource> resource = fetchManifest(document, toKURL(m_notBaseURL + "link-manifest-fetch.json"));
+
+ EXPECT_TRUE(resource->isLoaded());
+}
+
+TEST_F(WebFrameTest, ManifestCSPFetchSelf)
+{
+ URLTestHelpers::registerMockedURLLoad(toKURL(m_notBaseURL + "link-manifest-fetch.json"), "link-manifest-fetch.json");
+ registerMockedHttpURLLoadWithCSP("foo.html", "manifest-src 'self'");
+
+ FrameTestHelpers::WebViewHelper webViewHelper;
+ webViewHelper.initializeAndLoad(m_baseURL + "foo.html");
+ Document* document = toWebLocalFrameImpl(webViewHelper.webViewImpl()->mainFrame())->frame()->document();
+
+ ResourcePtr<Resource> resource = fetchManifest(document, toKURL(m_notBaseURL + "link-manifest-fetch.json"));
+
+ EXPECT_EQ(0, resource.get()); // Fetching resource wasn't allowed.
+}
+
TEST_F(WebFrameTest, ReloadBypassingCache)
{
// Check that a reload ignoring cache on a frame will result in the cache
« Source/core/frame/csp/ContentSecurityPolicy.h ('K') | « Source/core/testing/URLTestHelpers.cpp ('k') | Source/web/tests/data/link-manifest-fetch.json » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698