| Index: content/common/content_security_policy/csp_source_list_unittest.cc
|
| diff --git a/content/common/content_security_policy/csp_source_list_unittest.cc b/content/common/content_security_policy/csp_source_list_unittest.cc
|
| index 43a5cadf579f19e2e84e11ea5ee0cfbc1db20d5e..e675263c8bef51f41b29394189f0ddee901f9771 100644
|
| --- a/content/common/content_security_policy/csp_source_list_unittest.cc
|
| +++ b/content/common/content_security_policy/csp_source_list_unittest.cc
|
| @@ -92,4 +92,20 @@ TEST(CSPSourceList, AllowNone) {
|
| EXPECT_FALSE(Allow(source_list, GURL("https://example.test/"), &context));
|
| }
|
|
|
| +TEST(CSPSourceTest, SelfIsUnique) {
|
| + // Policy: 'self'
|
| + CSPSourceList source_list(true, // allow_self
|
| + false, // allow_star:
|
| + std::vector<CSPSource>()); // source_list
|
| + CSPContext context;
|
| +
|
| + context.SetSelf(url::Origin(GURL("http://a.com")));
|
| + EXPECT_TRUE(Allow(source_list, GURL("http://a.com"), &context));
|
| + EXPECT_FALSE(Allow(source_list, GURL("data:text/html,hello"), &context));
|
| +
|
| + context.SetSelf(url::Origin(GURL("data:text/html,<iframe src=[...]>")));
|
| + EXPECT_FALSE(Allow(source_list, GURL("http://a.com"), &context));
|
| + EXPECT_FALSE(Allow(source_list, GURL("data:text/html,hello"), &context));
|
| +}
|
| +
|
| } // namespace content
|
|
|
Chromium Code Reviews
Issue 2937503002:
CSP, PlzNavigate: make clear what happens with unique origins. (Closed)
