Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(48)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/fetch/ResourceFetcherTest.cpp

Issue 901903003: CSP: Adding the 'upgrade-insecure-requests' directive. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: WebSockets + Tests. Created 5 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « Source/core/fetch/ResourceFetcher.cpp ('k') | Source/core/frame/csp/CSPDirectiveList.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (c) 2013, Google Inc. All rights reserved. 2 * Copyright (c) 2013, Google Inc. All rights reserved.
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are 5 * modification, are permitted provided that the following conditions are
6 * met: 6 * met:
7 * 7 *
8 * * Redistributions of source code must retain the above copyright 8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer. 9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above 10 * * Redistributions in binary form must reproduce the above
(...skipping 22 matching lines...) Expand all
33 33
34 #include <gtest/gtest.h> 34 #include <gtest/gtest.h>
35 #include "core/fetch/FetchInitiatorInfo.h" 35 #include "core/fetch/FetchInitiatorInfo.h"
36 #include "core/fetch/FetchRequest.h" 36 #include "core/fetch/FetchRequest.h"
37 #include "core/fetch/ImageResource.h" 37 #include "core/fetch/ImageResource.h"
38 #include "core/fetch/MemoryCache.h" 38 #include "core/fetch/MemoryCache.h"
39 #include "core/fetch/ResourcePtr.h" 39 #include "core/fetch/ResourcePtr.h"
40 #include "core/html/HTMLDocument.h" 40 #include "core/html/HTMLDocument.h"
41 #include "core/loader/DocumentLoader.h" 41 #include "core/loader/DocumentLoader.h"
42 #include "platform/network/ResourceRequest.h" 42 #include "platform/network/ResourceRequest.h"
43 #include "platform/weborigin/KURL.h"
44 #include "platform/weborigin/SecurityOrigin.h"
43 45
44 using namespace blink; 46 namespace blink {
45 47
46 namespace { 48 class ResourceFetcherTest : public ::testing::Test {
49 public:
50 ResourceFetcherTest()
51 : secureURL(ParsedURLString, "https://example.test/image.png")
52 , secureOrigin(SecurityOrigin::create(secureURL))
53 {
54 }
47 55
48 TEST(ResourceFetcherTest, StartLoadAfterFrameDetach) 56 protected:
57 virtual void SetUp()
58 {
59 // Create a ResourceFetcher that has a real DocumentLoader and Document, but is not attached to a LocalFrame.
60 // Technically, we're concerned about what happens after a LocalFrame is detached (rather than before
61 // any attach occurs), but ResourceFetcher can't tell the difference.
62 documentLoader = DocumentLoader::create(0, ResourceRequest(secureURL), S ubstituteData());
63 document = Document::create();
64 fetcher = documentLoader->fetcher();
65 fetcher->setDocument(document.get());
66 }
67
68 void expectUpgrade(const char* input, const char* expected)
69 {
70 KURL inputURL(ParsedURLString, input);
71 KURL expectedURL(ParsedURLString, expected);
72
73 FetchRequest fetchRequest = FetchRequest(ResourceRequest(inputURL), Fetc hInitiatorInfo());
74 fetcher->maybeUpgradeInsecureRequestURL(fetchRequest);
75 EXPECT_STREQ(expectedURL.string().utf8().data(), fetchRequest.resourceRe quest().url().string().utf8().data());
76 EXPECT_EQ(expectedURL.protocol(), fetchRequest.resourceRequest().url().p rotocol());
77 EXPECT_EQ(expectedURL.host(), fetchRequest.resourceRequest().url().host( ));
78 EXPECT_EQ(expectedURL.port(), fetchRequest.resourceRequest().url().port( ));
79 EXPECT_EQ(expectedURL.hasPort(), fetchRequest.resourceRequest().url().ha sPort());
80 EXPECT_EQ(expectedURL.path(), fetchRequest.resourceRequest().url().path( ));
81 }
82
83 KURL secureURL;
84 RefPtr<SecurityOrigin> secureOrigin;
85
86 // We don't use the DocumentLoader directly in any tests, but need to keep i t around as long
87 // as the ResourceFetcher and Document live due to indirect usage.
88 RefPtr<DocumentLoader> documentLoader;
89 RefPtrWillBeRawPtr<ResourceFetcher> fetcher;
90 RefPtrWillBePersistent<Document> document;
91 };
92
93 TEST_F(ResourceFetcherTest, StartLoadAfterFrameDetach)
49 { 94 {
50 KURL testURL(ParsedURLString, "http://www.test.com/cancelTest.jpg");
51
52 // Create a ResourceFetcher that has a real DocumentLoader and Document, but is not attached to a LocalFrame.
53 // Technically, we're concerned about what happens after a LocalFrame is det ached (rather than before
54 // any attach occurs), but ResourceFetcher can't tell the difference.
55 RefPtr<DocumentLoader> documentLoader = DocumentLoader::create(0, ResourceRe quest(testURL), SubstituteData());
56 RefPtrWillBeRawPtr<HTMLDocument> document = HTMLDocument::create();
57 RefPtrWillBeRawPtr<ResourceFetcher> fetcher(documentLoader->fetcher());
58 fetcher->setDocument(document.get());
59 EXPECT_EQ(fetcher->frame(), static_cast<LocalFrame*>(0)); 95 EXPECT_EQ(fetcher->frame(), static_cast<LocalFrame*>(0));
60 96
61 // Try to request a url. The request should fail, no resource should be retu rned, 97 // Try to request a url. The request should fail, no resource should be retu rned,
62 // and no resource should be present in the cache. 98 // and no resource should be present in the cache.
63 FetchRequest fetchRequest = FetchRequest(ResourceRequest(testURL), FetchInit iatorInfo()); 99 FetchRequest fetchRequest = FetchRequest(ResourceRequest(secureURL), FetchIn itiatorInfo());
64 ResourcePtr<ImageResource> image = fetcher->fetchImage(fetchRequest); 100 ResourcePtr<ImageResource> image = fetcher->fetchImage(fetchRequest);
65 EXPECT_EQ(image.get(), static_cast<ImageResource*>(0)); 101 EXPECT_EQ(image.get(), static_cast<ImageResource*>(0));
66 EXPECT_EQ(memoryCache()->resourceForURL(testURL), static_cast<Resource*>(0)) ; 102 EXPECT_EQ(memoryCache()->resourceForURL(secureURL), static_cast<Resource*>(0 ));
103 }
104
105 TEST_F(ResourceFetcherTest, UpgradeInsecureResourceRequests)
106 {
107 document->setSecurityOrigin(secureOrigin);
108 document->setInsecureContentPolicy(SecurityContext::InsecureContentUpgrade);
109
110 expectUpgrade("http://example.test/image.png", "https://example.test/image.p ng");
111 expectUpgrade("http://example.test:80/image.png", "https://example.test:443/ image.png");
112 expectUpgrade("http://example.test:1212/image.png", "https://example.test:12 12/image.png");
113
114 expectUpgrade("https://example.test/image.png", "https://example.test/image. png");
115 expectUpgrade("https://example.test:80/image.png", "https://example.test:80/ image.png");
116 expectUpgrade("https://example.test:1212/image.png", "https://example.test:1 212/image.png");
117
118 expectUpgrade("ftp://example.test/image.png", "ftp://example.test/image.png" );
119 expectUpgrade("ftp://example.test:21/image.png", "ftp://example.test:21/imag e.png");
120 expectUpgrade("ftp://example.test:1212/image.png", "ftp://example.test:1212/ image.png");
121 }
122
123 TEST_F(ResourceFetcherTest, DoNotUpgradeInsecureResourceRequests)
124 {
125 document->setSecurityOrigin(secureOrigin);
126 document->setInsecureContentPolicy(SecurityContext::InsecureContentDoNotUpgr ade);
127
128 expectUpgrade("http://example.test/image.png", "http://example.test/image.pn g");
129 expectUpgrade("http://example.test:80/image.png", "http://example.test:80/im age.png");
130 expectUpgrade("http://example.test:1212/image.png", "http://example.test:121 2/image.png");
131
132 expectUpgrade("https://example.test/image.png", "https://example.test/image. png");
133 expectUpgrade("https://example.test:80/image.png", "https://example.test:80/ image.png");
134 expectUpgrade("https://example.test:1212/image.png", "https://example.test:1 212/image.png");
135
136 expectUpgrade("ftp://example.test/image.png", "ftp://example.test/image.png" );
137 expectUpgrade("ftp://example.test:21/image.png", "ftp://example.test:21/imag e.png");
138 expectUpgrade("ftp://example.test:1212/image.png", "ftp://example.test:1212/ image.png");
139 }
140
141 TEST_F(ResourceFetcherTest, MonitorInsecureResourceRequests)
142 {
143 document->setSecurityOrigin(secureOrigin);
144 document->setInsecureContentPolicy(SecurityContext::InsecureContentMonitor);
145
146 expectUpgrade("http://example.test/image.png", "http://example.test/image.pn g");
147 expectUpgrade("http://example.test:80/image.png", "http://example.test:80/im age.png");
148 expectUpgrade("http://example.test:1212/image.png", "http://example.test:121 2/image.png");
149
150 expectUpgrade("https://example.test/image.png", "https://example.test/image. png");
151 expectUpgrade("https://example.test:80/image.png", "https://example.test:80/ image.png");
152 expectUpgrade("https://example.test:1212/image.png", "https://example.test:1 212/image.png");
153
154 expectUpgrade("ftp://example.test/image.png", "ftp://example.test/image.png" );
155 expectUpgrade("ftp://example.test:21/image.png", "ftp://example.test:21/imag e.png");
156 expectUpgrade("ftp://example.test:1212/image.png", "ftp://example.test:1212/ image.png");
67 } 157 }
68 158
69 } // namespace 159 } // namespace
OLDNEW
« no previous file with comments | « Source/core/fetch/ResourceFetcher.cpp ('k') | Source/core/frame/csp/CSPDirectiveList.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698