OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "config.h" | 5 #include "config.h" |
6 #include "core/frame/csp/ContentSecurityPolicy.h" | 6 #include "core/frame/csp/ContentSecurityPolicy.h" |
7 | 7 |
8 #include "core/dom/Document.h" | 8 #include "core/dom/Document.h" |
9 #include "core/loader/DocumentLoader.h" | 9 #include "core/loader/DocumentLoader.h" |
10 #include "platform/RuntimeEnabledFeatures.h" | 10 #include "platform/RuntimeEnabledFeatures.h" |
(...skipping 28 matching lines...) Expand all Loading... |
39 }; | 39 }; |
40 | 40 |
41 TEST_F(ContentSecurityPolicyTest, ParseUpgradeInsecureRequestsDisabled) | 41 TEST_F(ContentSecurityPolicyTest, ParseUpgradeInsecureRequestsDisabled) |
42 { | 42 { |
43 RuntimeEnabledFeatures::setExperimentalContentSecurityPolicyFeaturesEnabled(
false); | 43 RuntimeEnabledFeatures::setExperimentalContentSecurityPolicyFeaturesEnabled(
false); |
44 csp->didReceiveHeader("upgrade-insecure-requests", ContentSecurityPolicyHead
erTypeEnforce, ContentSecurityPolicyHeaderSourceHTTP); | 44 csp->didReceiveHeader("upgrade-insecure-requests", ContentSecurityPolicyHead
erTypeEnforce, ContentSecurityPolicyHeaderSourceHTTP); |
45 EXPECT_EQ(SecurityContext::InsecureRequestsDoNotUpgrade, csp->insecureReques
tsPolicy()); | 45 EXPECT_EQ(SecurityContext::InsecureRequestsDoNotUpgrade, csp->insecureReques
tsPolicy()); |
46 | 46 |
47 csp->bindToExecutionContext(document.get()); | 47 csp->bindToExecutionContext(document.get()); |
48 EXPECT_EQ(SecurityContext::InsecureRequestsDoNotUpgrade, document->insecureR
equestsPolicy()); | 48 EXPECT_EQ(SecurityContext::InsecureRequestsDoNotUpgrade, document->insecureR
equestsPolicy()); |
| 49 EXPECT_FALSE(document->insecureNavigationsToUpgrade()->contains(secureOrigin
->host().impl()->hash())); |
49 } | 50 } |
50 | 51 |
51 TEST_F(ContentSecurityPolicyTest, ParseUpgradeInsecureRequestsEnabled) | 52 TEST_F(ContentSecurityPolicyTest, ParseUpgradeInsecureRequestsEnabled) |
52 { | 53 { |
53 RuntimeEnabledFeatures::setExperimentalContentSecurityPolicyFeaturesEnabled(
true); | 54 RuntimeEnabledFeatures::setExperimentalContentSecurityPolicyFeaturesEnabled(
true); |
54 csp->didReceiveHeader("upgrade-insecure-requests", ContentSecurityPolicyHead
erTypeEnforce, ContentSecurityPolicyHeaderSourceHTTP); | 55 csp->didReceiveHeader("upgrade-insecure-requests", ContentSecurityPolicyHead
erTypeEnforce, ContentSecurityPolicyHeaderSourceHTTP); |
55 EXPECT_EQ(SecurityContext::InsecureRequestsUpgrade, csp->insecureRequestsPol
icy()); | 56 EXPECT_EQ(SecurityContext::InsecureRequestsUpgrade, csp->insecureRequestsPol
icy()); |
56 | 57 |
57 csp->bindToExecutionContext(document.get()); | 58 csp->bindToExecutionContext(document.get()); |
58 EXPECT_EQ(SecurityContext::InsecureRequestsUpgrade, document->insecureReques
tsPolicy()); | 59 EXPECT_EQ(SecurityContext::InsecureRequestsUpgrade, document->insecureReques
tsPolicy()); |
| 60 EXPECT_TRUE(document->insecureNavigationsToUpgrade()->contains(secureOrigin-
>host().impl()->hash())); |
59 } | 61 } |
60 | 62 |
61 TEST_F(ContentSecurityPolicyTest, ParseMonitorInsecureRequestsDisabled) | 63 TEST_F(ContentSecurityPolicyTest, ParseMonitorInsecureRequestsDisabled) |
62 { | 64 { |
63 RuntimeEnabledFeatures::setExperimentalContentSecurityPolicyFeaturesEnabled(
false); | 65 RuntimeEnabledFeatures::setExperimentalContentSecurityPolicyFeaturesEnabled(
false); |
64 csp->didReceiveHeader("upgrade-insecure-requests", ContentSecurityPolicyHead
erTypeReport, ContentSecurityPolicyHeaderSourceHTTP); | 66 csp->didReceiveHeader("upgrade-insecure-requests", ContentSecurityPolicyHead
erTypeReport, ContentSecurityPolicyHeaderSourceHTTP); |
65 EXPECT_EQ(SecurityContext::InsecureRequestsDoNotUpgrade, csp->insecureReques
tsPolicy()); | 67 EXPECT_EQ(SecurityContext::InsecureRequestsDoNotUpgrade, csp->insecureReques
tsPolicy()); |
66 | 68 |
67 csp->bindToExecutionContext(document.get()); | 69 csp->bindToExecutionContext(document.get()); |
68 EXPECT_EQ(SecurityContext::InsecureRequestsDoNotUpgrade, document->insecureR
equestsPolicy()); | 70 EXPECT_EQ(SecurityContext::InsecureRequestsDoNotUpgrade, document->insecureR
equestsPolicy()); |
| 71 EXPECT_FALSE(document->insecureNavigationsToUpgrade()->contains(secureOrigin
->host().impl()->hash())); |
69 } | 72 } |
70 | 73 |
71 TEST_F(ContentSecurityPolicyTest, ParseMonitorInsecureRequestsEnabled) | 74 TEST_F(ContentSecurityPolicyTest, ParseMonitorInsecureRequestsEnabled) |
72 { | 75 { |
73 RuntimeEnabledFeatures::setExperimentalContentSecurityPolicyFeaturesEnabled(
true); | 76 RuntimeEnabledFeatures::setExperimentalContentSecurityPolicyFeaturesEnabled(
true); |
74 csp->didReceiveHeader("upgrade-insecure-requests", ContentSecurityPolicyHead
erTypeReport, ContentSecurityPolicyHeaderSourceHTTP); | 77 csp->didReceiveHeader("upgrade-insecure-requests", ContentSecurityPolicyHead
erTypeReport, ContentSecurityPolicyHeaderSourceHTTP); |
75 EXPECT_EQ(SecurityContext::InsecureRequestsDoNotUpgrade, csp->insecureReques
tsPolicy()); | 78 EXPECT_EQ(SecurityContext::InsecureRequestsDoNotUpgrade, csp->insecureReques
tsPolicy()); |
76 | 79 |
77 csp->bindToExecutionContext(document.get()); | 80 csp->bindToExecutionContext(document.get()); |
78 EXPECT_EQ(SecurityContext::InsecureRequestsDoNotUpgrade, document->insecureR
equestsPolicy()); | 81 EXPECT_EQ(SecurityContext::InsecureRequestsDoNotUpgrade, document->insecureR
equestsPolicy()); |
| 82 EXPECT_FALSE(document->insecureNavigationsToUpgrade()->contains(secureOrigin
->host().impl()->hash())); |
79 } | 83 } |
80 | 84 |
81 } // namespace | 85 } // namespace |
OLD | NEW |