| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "config.h" |
| 6 #include "core/frame/csp/ContentSecurityPolicy.h" |
| 7 |
| 8 #include "core/dom/Document.h" |
| 9 #include "core/loader/DocumentLoader.h" |
| 10 #include "platform/RuntimeEnabledFeatures.h" |
| 11 #include "platform/network/ContentSecurityPolicyParsers.h" |
| 12 #include "platform/network/ResourceRequest.h" |
| 13 #include "platform/weborigin/KURL.h" |
| 14 #include "platform/weborigin/SecurityOrigin.h" |
| 15 #include <gtest/gtest.h> |
| 16 |
| 17 namespace blink { |
| 18 |
| 19 class ContentSecurityPolicyTest : public ::testing::Test { |
| 20 public: |
| 21 ContentSecurityPolicyTest() |
| 22 : csp(ContentSecurityPolicy::create()) |
| 23 , secureURL(ParsedURLString, "https://example.test/image.png") |
| 24 , secureOrigin(SecurityOrigin::create(secureURL)) |
| 25 { |
| 26 } |
| 27 |
| 28 protected: |
| 29 virtual void SetUp() |
| 30 { |
| 31 document = Document::create(); |
| 32 document->setSecurityOrigin(secureOrigin); |
| 33 } |
| 34 |
| 35 RefPtr<ContentSecurityPolicy> csp; |
| 36 KURL secureURL; |
| 37 RefPtr<SecurityOrigin> secureOrigin; |
| 38 RefPtrWillBePersistent<Document> document; |
| 39 }; |
| 40 |
| 41 TEST_F(ContentSecurityPolicyTest, ParseUpgradeInsecureRequestsDisabled) |
| 42 { |
| 43 RuntimeEnabledFeatures::setExperimentalContentSecurityPolicyFeaturesEnabled(
false); |
| 44 csp->didReceiveHeader("upgrade-insecure-requests", ContentSecurityPolicyHead
erTypeEnforce, ContentSecurityPolicyHeaderSourceHTTP); |
| 45 EXPECT_EQ(SecurityContext::InsecureContentDoNotUpgrade, csp->insecureContent
Policy()); |
| 46 |
| 47 csp->bindToExecutionContext(document.get()); |
| 48 EXPECT_EQ(SecurityContext::InsecureContentDoNotUpgrade, document->insecureCo
ntentPolicy()); |
| 49 } |
| 50 |
| 51 TEST_F(ContentSecurityPolicyTest, ParseUpgradeInsecureRequestsEnabled) |
| 52 { |
| 53 RuntimeEnabledFeatures::setExperimentalContentSecurityPolicyFeaturesEnabled(
true); |
| 54 csp->didReceiveHeader("upgrade-insecure-requests", ContentSecurityPolicyHead
erTypeEnforce, ContentSecurityPolicyHeaderSourceHTTP); |
| 55 EXPECT_EQ(SecurityContext::InsecureContentUpgrade, csp->insecureContentPolic
y()); |
| 56 |
| 57 csp->bindToExecutionContext(document.get()); |
| 58 EXPECT_EQ(SecurityContext::InsecureContentUpgrade, document->insecureContent
Policy()); |
| 59 } |
| 60 |
| 61 TEST_F(ContentSecurityPolicyTest, ParseMonitorInsecureRequestsDisabled) |
| 62 { |
| 63 RuntimeEnabledFeatures::setExperimentalContentSecurityPolicyFeaturesEnabled(
false); |
| 64 csp->didReceiveHeader("upgrade-insecure-requests", ContentSecurityPolicyHead
erTypeReport, ContentSecurityPolicyHeaderSourceHTTP); |
| 65 EXPECT_EQ(SecurityContext::InsecureContentDoNotUpgrade, csp->insecureContent
Policy()); |
| 66 |
| 67 csp->bindToExecutionContext(document.get()); |
| 68 EXPECT_EQ(SecurityContext::InsecureContentDoNotUpgrade, document->insecureCo
ntentPolicy()); |
| 69 } |
| 70 |
| 71 TEST_F(ContentSecurityPolicyTest, ParseMonitorInsecureRequestsEnabled) |
| 72 { |
| 73 RuntimeEnabledFeatures::setExperimentalContentSecurityPolicyFeaturesEnabled(
true); |
| 74 csp->didReceiveHeader("upgrade-insecure-requests", ContentSecurityPolicyHead
erTypeReport, ContentSecurityPolicyHeaderSourceHTTP); |
| 75 EXPECT_EQ(SecurityContext::InsecureContentMonitor, csp->insecureContentPolic
y()); |
| 76 |
| 77 csp->bindToExecutionContext(document.get()); |
| 78 EXPECT_EQ(SecurityContext::InsecureContentMonitor, document->insecureContent
Policy()); |
| 79 } |
| 80 |
| 81 } // namespace |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 901903003:
CSP: Adding the 'upgrade-insecure-requests' directive. (Closed)
Base URL: https://chromium.googlesource.com/chromium/blink.git@master