OLD | NEW |
1 // Copyright 2017 The Chromium Authors. All rights reserved. | 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/common/content_security_policy/csp_context.h" | 5 #include "content/common/content_security_policy/csp_context.h" |
6 #include "testing/gtest/include/gtest/gtest.h" | 6 #include "testing/gtest/include/gtest/gtest.h" |
7 | 7 |
8 namespace content { | 8 namespace content { |
9 | 9 |
10 namespace { | 10 namespace { |
(...skipping 94 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
105 EXPECT_FALSE(Allow(source, GURL("http-so://a.com"), &context)); | 105 EXPECT_FALSE(Allow(source, GURL("http-so://a.com"), &context)); |
106 // TODO(jochen): Maybe it should return false? | 106 // TODO(jochen): Maybe it should return false? |
107 EXPECT_TRUE(Allow(source, GURL("https-so://a.com"), &context)); | 107 EXPECT_TRUE(Allow(source, GURL("https-so://a.com"), &context)); |
108 EXPECT_FALSE(Allow(source, GURL("ftp://a.com"), &context)); | 108 EXPECT_FALSE(Allow(source, GURL("ftp://a.com"), &context)); |
109 | 109 |
110 // Self's scheme is not in the http familly. | 110 // Self's scheme is not in the http familly. |
111 context.SetSelf(url::Origin(GURL("ftp://a.com/"))); | 111 context.SetSelf(url::Origin(GURL("ftp://a.com/"))); |
112 EXPECT_FALSE(Allow(source, GURL("http://a.com"), &context)); | 112 EXPECT_FALSE(Allow(source, GURL("http://a.com"), &context)); |
113 EXPECT_TRUE(Allow(source, GURL("ftp://a.com"), &context)); | 113 EXPECT_TRUE(Allow(source, GURL("ftp://a.com"), &context)); |
114 | 114 |
115 // Self's scheme is unique. | 115 // Self's scheme is unique (non standard scheme). |
116 context.SetSelf(url::Origin(GURL("non-standard-scheme://a.com"))); | 116 context.SetSelf(url::Origin(GURL("non-standard-scheme://a.com"))); |
117 // TODO(mkwst, arthursonzogni): This result might be wrong. | |
118 // See http://crbug.com/692449 | |
119 EXPECT_FALSE(Allow(source, GURL("http://a.com"), &context)); | 117 EXPECT_FALSE(Allow(source, GURL("http://a.com"), &context)); |
120 // TODO(mkwst, arthursonzogni): This result might be wrong. | |
121 // See http://crbug.com/692449 | |
122 EXPECT_FALSE(Allow(source, GURL("non-standard-scheme://a.com"), &context)); | 118 EXPECT_FALSE(Allow(source, GURL("non-standard-scheme://a.com"), &context)); |
| 119 |
| 120 // Self's scheme is unique (data-url). |
| 121 context.SetSelf(url::Origin(GURL("data:text/html,<iframe src=[...]>"))); |
| 122 EXPECT_FALSE(Allow(source, GURL("http://a.com"), &context)); |
| 123 EXPECT_FALSE(Allow(source, GURL("data:text/html,hello"), &context)); |
123 } | 124 } |
124 } | 125 } |
125 | 126 |
126 TEST(CSPSourceTest, AllowHost) { | 127 TEST(CSPSourceTest, AllowHost) { |
127 CSPContext context; | 128 CSPContext context; |
128 context.SetSelf(url::Origin(GURL("http://example.com"))); | 129 context.SetSelf(url::Origin(GURL("http://example.com"))); |
129 | 130 |
130 // Host is * (source-expression = "http://*") | 131 // Host is * (source-expression = "http://*") |
131 { | 132 { |
132 CSPSource source("http", "", true, url::PORT_UNSPECIFIED, false, ""); | 133 CSPSource source("http", "", true, url::PORT_UNSPECIFIED, false, ""); |
(...skipping 195 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
328 CSPContext context; | 329 CSPContext context; |
329 CSPSource source("http", "a.com", false, 80, false, ""); | 330 CSPSource source("http", "a.com", false, 80, false, ""); |
330 EXPECT_TRUE(Allow(source, GURL("http://a.com:80"), &context, true)); | 331 EXPECT_TRUE(Allow(source, GURL("http://a.com:80"), &context, true)); |
331 EXPECT_FALSE(Allow(source, GURL("https://a.com:80"), &context, true)); | 332 EXPECT_FALSE(Allow(source, GURL("https://a.com:80"), &context, true)); |
332 EXPECT_FALSE(Allow(source, GURL("http://a.com:443"), &context, true)); | 333 EXPECT_FALSE(Allow(source, GURL("http://a.com:443"), &context, true)); |
333 EXPECT_TRUE(Allow(source, GURL("https://a.com:443"), &context, true)); | 334 EXPECT_TRUE(Allow(source, GURL("https://a.com:443"), &context, true)); |
334 EXPECT_TRUE(Allow(source, GURL("https://a.com"), &context, true)); | 335 EXPECT_TRUE(Allow(source, GURL("https://a.com"), &context, true)); |
335 } | 336 } |
336 | 337 |
337 } // namespace content | 338 } // namespace content |
OLD | NEW |