Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(257)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/common/content_security_policy/csp_source_unittest.cc

Issue 2937503002: CSP, PlzNavigate: make clear what happens with unique origins. (Closed)
Patch Set: Add web platform tests. Created 3 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/common/content_security_policy/csp_source_list_unittest.cc ('k') | third_party/WebKit/LayoutTests/external/wpt/content-security-policy/frame-src/frame-src-self-unique-origin.html » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2017 The Chromium Authors. All rights reserved. 1 // Copyright 2017 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/common/content_security_policy/csp_context.h" 5 #include "content/common/content_security_policy/csp_context.h"
6 #include "testing/gtest/include/gtest/gtest.h" 6 #include "testing/gtest/include/gtest/gtest.h"
7 7
8 namespace content { 8 namespace content {
9 9
10 namespace { 10 namespace {
(...skipping 94 matching lines...) Expand 10 before | Expand all | Expand 10 after
105 EXPECT_FALSE(Allow(source, GURL("http-so://a.com"), &context)); 105 EXPECT_FALSE(Allow(source, GURL("http-so://a.com"), &context));
106 // TODO(jochen): Maybe it should return false? 106 // TODO(jochen): Maybe it should return false?
107 EXPECT_TRUE(Allow(source, GURL("https-so://a.com"), &context)); 107 EXPECT_TRUE(Allow(source, GURL("https-so://a.com"), &context));
108 EXPECT_FALSE(Allow(source, GURL("ftp://a.com"), &context)); 108 EXPECT_FALSE(Allow(source, GURL("ftp://a.com"), &context));
109 109
110 // Self's scheme is not in the http familly. 110 // Self's scheme is not in the http familly.
111 context.SetSelf(url::Origin(GURL("ftp://a.com/"))); 111 context.SetSelf(url::Origin(GURL("ftp://a.com/")));
112 EXPECT_FALSE(Allow(source, GURL("http://a.com"), &context)); 112 EXPECT_FALSE(Allow(source, GURL("http://a.com"), &context));
113 EXPECT_TRUE(Allow(source, GURL("ftp://a.com"), &context)); 113 EXPECT_TRUE(Allow(source, GURL("ftp://a.com"), &context));
114 114
115 // Self's scheme is unique. 115 // Self's scheme is unique (non standard scheme).
116 context.SetSelf(url::Origin(GURL("non-standard-scheme://a.com"))); 116 context.SetSelf(url::Origin(GURL("non-standard-scheme://a.com")));
117 // TODO(mkwst, arthursonzogni): This result might be wrong.
118 // See http://crbug.com/692449
119 EXPECT_FALSE(Allow(source, GURL("http://a.com"), &context)); 117 EXPECT_FALSE(Allow(source, GURL("http://a.com"), &context));
120 // TODO(mkwst, arthursonzogni): This result might be wrong.
121 // See http://crbug.com/692449
122 EXPECT_FALSE(Allow(source, GURL("non-standard-scheme://a.com"), &context)); 118 EXPECT_FALSE(Allow(source, GURL("non-standard-scheme://a.com"), &context));
119
120 // Self's scheme is unique (data-url).
121 context.SetSelf(url::Origin(GURL("data:text/html,<iframe src=[...]>")));
122 EXPECT_FALSE(Allow(source, GURL("http://a.com"), &context));
123 EXPECT_FALSE(Allow(source, GURL("data:text/html,hello"), &context));
123 } 124 }
124 } 125 }
125 126
126 TEST(CSPSourceTest, AllowHost) { 127 TEST(CSPSourceTest, AllowHost) {
127 CSPContext context; 128 CSPContext context;
128 context.SetSelf(url::Origin(GURL("http://example.com"))); 129 context.SetSelf(url::Origin(GURL("http://example.com")));
129 130
130 // Host is * (source-expression = "http://*") 131 // Host is * (source-expression = "http://*")
131 { 132 {
132 CSPSource source("http", "", true, url::PORT_UNSPECIFIED, false, ""); 133 CSPSource source("http", "", true, url::PORT_UNSPECIFIED, false, "");
(...skipping 195 matching lines...) Expand 10 before | Expand all | Expand 10 after
328 CSPContext context; 329 CSPContext context;
329 CSPSource source("http", "a.com", false, 80, false, ""); 330 CSPSource source("http", "a.com", false, 80, false, "");
330 EXPECT_TRUE(Allow(source, GURL("http://a.com:80"), &context, true)); 331 EXPECT_TRUE(Allow(source, GURL("http://a.com:80"), &context, true));
331 EXPECT_FALSE(Allow(source, GURL("https://a.com:80"), &context, true)); 332 EXPECT_FALSE(Allow(source, GURL("https://a.com:80"), &context, true));
332 EXPECT_FALSE(Allow(source, GURL("http://a.com:443"), &context, true)); 333 EXPECT_FALSE(Allow(source, GURL("http://a.com:443"), &context, true));
333 EXPECT_TRUE(Allow(source, GURL("https://a.com:443"), &context, true)); 334 EXPECT_TRUE(Allow(source, GURL("https://a.com:443"), &context, true));
334 EXPECT_TRUE(Allow(source, GURL("https://a.com"), &context, true)); 335 EXPECT_TRUE(Allow(source, GURL("https://a.com"), &context, true));
335 } 336 }
336 337
337 } // namespace content 338 } // namespace content
OLDNEW
« no previous file with comments | « content/common/content_security_policy/csp_source_list_unittest.cc ('k') | third_party/WebKit/LayoutTests/external/wpt/content-security-policy/frame-src/frame-src-self-unique-origin.html » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698