| // Copyright 2017 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "services/network/initiator_lock_compatibility.h" |
| |
| #include "base/optional.h" |
| #include "services/network/public/cpp/resource_request.h" |
| #include "services/network/public/mojom/network_context.mojom.h" |
| #include "testing/gtest/include/gtest/gtest.h" |
| #include "url/origin.h" |
| |
| namespace network { |
| |
| InitiatorLockCompatibility VerifyRequestInitiatorSiteLock( |
| int process_id, |
| base::Optional<url::Origin> lock, |
| base::Optional<url::Origin> initiator) { |
| auto factory_params = mojom::URLLoaderFactoryParams::New(); |
| factory_params->process_id = process_id; |
| factory_params->request_initiator_site_lock = lock; |
| |
| ResourceRequest request; |
| request.request_initiator = initiator; |
| |
| return VerifyRequestInitiatorLock(*factory_params, request); |
| } |
| |
| TEST(InitiatorLockCompatibilityTest, VerifyRequestInitiatorSiteLock) { |
| url::Origin opaque_origin = url::Origin(); |
| url::Origin opaque_origin2 = url::Origin(); |
| |
| url::Origin ip_origin1 = url::Origin::Create(GURL("http://127.0.0.1/")); |
| url::Origin ip_origin2 = url::Origin::Create(GURL("http://217.17.45.162/")); |
| |
| url::Origin example_com = url::Origin::Create(GURL("http://example.com")); |
| url::Origin foo_example_com = |
| url::Origin::Create(GURL("http://foo.example.com")); |
| url::Origin bar_example_com = |
| url::Origin::Create(GURL("http://bar.example.com")); |
| url::Origin foo_example_com_dot = |
| url::Origin::Create(GURL("http://foo.example.com.")); |
| url::Origin bar_foo_example_com = |
| url::Origin::Create(GURL("http://bar.foo.example.com")); |
| |
| url::Origin other_site = url::Origin::Create(GURL("http://other.com")); |
| constexpr int kRendererProcessId = 123; |
| |
| // Cases without a lock. |
| EXPECT_EQ(InitiatorLockCompatibility::kBrowserProcess, |
| VerifyRequestInitiatorSiteLock(mojom::kBrowserProcessId, |
| base::nullopt, base::nullopt)); |
| EXPECT_EQ(InitiatorLockCompatibility::kNoLock, |
| VerifyRequestInitiatorSiteLock(kRendererProcessId, base::nullopt, |
| base::nullopt)); |
| |
| // Opaque initiator is always safe (and so results in kCompatibleLock). |
| // OTOH, opaque lock is only compatible with an opaque initiator. |
| EXPECT_EQ(InitiatorLockCompatibility::kCompatibleLock, |
| VerifyRequestInitiatorSiteLock(kRendererProcessId, |
| bar_foo_example_com, opaque_origin)); |
| EXPECT_EQ(InitiatorLockCompatibility::kCompatibleLock, |
| VerifyRequestInitiatorSiteLock(kRendererProcessId, opaque_origin, |
| opaque_origin2)); |
| EXPECT_EQ(InitiatorLockCompatibility::kIncorrectLock, |
| VerifyRequestInitiatorSiteLock(kRendererProcessId, opaque_origin, |
| bar_foo_example_com)); |
| |
| // Regular origin equality. |
| EXPECT_EQ(InitiatorLockCompatibility::kCompatibleLock, |
| VerifyRequestInitiatorSiteLock( |
| kRendererProcessId, bar_foo_example_com, bar_foo_example_com)); |
| |
| // Regular origin inequality. |
| EXPECT_EQ(InitiatorLockCompatibility::kIncorrectLock, |
| VerifyRequestInitiatorSiteLock(kRendererProcessId, |
| bar_foo_example_com, other_site)); |
| |
| // IP addresses have to be special-cased in some places (e.g. they shouldn't |
| // be subject to DomainIs / eTLD+1 comparisons). |
| EXPECT_EQ(InitiatorLockCompatibility::kIncorrectLock, |
| VerifyRequestInitiatorSiteLock(kRendererProcessId, ip_origin1, |
| ip_origin2)); |
| EXPECT_EQ(InitiatorLockCompatibility::kCompatibleLock, |
| VerifyRequestInitiatorSiteLock(kRendererProcessId, ip_origin1, |
| ip_origin1)); |
| |
| // Compatibility check shouldn't strip the lock down to eTLD+1. |
| EXPECT_EQ(InitiatorLockCompatibility::kIncorrectLock, |
| VerifyRequestInitiatorSiteLock(kRendererProcessId, foo_example_com, |
| bar_example_com)); |
| |
| // Site-URL-based comparisons. |
| // |
| // TODO(lukasza): These should result in kIncorrectLock eventually (once |
| // request_initiator_site_lock becomes request_initiator_origin_lock - see |
| // https://crbug.com/888079 and https://crbug.com/891872. |
| EXPECT_EQ(InitiatorLockCompatibility::kCompatibleLock, |
| VerifyRequestInitiatorSiteLock(kRendererProcessId, example_com, |
| bar_foo_example_com)); |
| EXPECT_EQ(InitiatorLockCompatibility::kCompatibleLock, |
| VerifyRequestInitiatorSiteLock(kRendererProcessId, foo_example_com, |
| bar_foo_example_com)); |
| |
| // The trailing dot is not important (at least for site-URL-based |
| // comparisons). |
| EXPECT_EQ(InitiatorLockCompatibility::kCompatibleLock, |
| VerifyRequestInitiatorSiteLock( |
| kRendererProcessId, foo_example_com_dot, foo_example_com)); |
| EXPECT_EQ(InitiatorLockCompatibility::kCompatibleLock, |
| VerifyRequestInitiatorSiteLock(kRendererProcessId, foo_example_com, |
| foo_example_com_dot)); |
| } |
| |
| } // namespace network |