Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(82)

Unified Diff: content/common/content_security_policy/csp_source_list_unittest.cc

Issue 2937503002: CSP, PlzNavigate: make clear what happens with unique origins. (Closed)
Patch Set: Add web platform tests. Created 3 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: content/common/content_security_policy/csp_source_list_unittest.cc
diff --git a/content/common/content_security_policy/csp_source_list_unittest.cc b/content/common/content_security_policy/csp_source_list_unittest.cc
index 43a5cadf579f19e2e84e11ea5ee0cfbc1db20d5e..e675263c8bef51f41b29394189f0ddee901f9771 100644
--- a/content/common/content_security_policy/csp_source_list_unittest.cc
+++ b/content/common/content_security_policy/csp_source_list_unittest.cc
@@ -92,4 +92,20 @@ TEST(CSPSourceList, AllowNone) {
EXPECT_FALSE(Allow(source_list, GURL("https://example.test/"), &context));
}
+TEST(CSPSourceTest, SelfIsUnique) {
+ // Policy: 'self'
+ CSPSourceList source_list(true, // allow_self
+ false, // allow_star:
+ std::vector<CSPSource>()); // source_list
+ CSPContext context;
+
+ context.SetSelf(url::Origin(GURL("http://a.com")));
+ EXPECT_TRUE(Allow(source_list, GURL("http://a.com"), &context));
+ EXPECT_FALSE(Allow(source_list, GURL("data:text/html,hello"), &context));
+
+ context.SetSelf(url::Origin(GURL("data:text/html,<iframe src=[...]>")));
+ EXPECT_FALSE(Allow(source_list, GURL("http://a.com"), &context));
+ EXPECT_FALSE(Allow(source_list, GURL("data:text/html,hello"), &context));
+}
+
} // namespace content

Powered by Google App Engine
This is Rietveld 408576698