services/network/origin_policy/origin_policy_fetcher_unittest.cc - chromium/src - Git at Google

 // Copyright 2019 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include <memory>
 #include <utility>

 #include "base/strings/strcat.h"
 #include "base/test/gtest_util.h"
 #include "base/test/scoped_task_environment.h"
 #include "net/http/http_status_code.h"
 #include "net/test/embedded_test_server/embedded_test_server.h"
 #include "net/test/embedded_test_server/http_request.h"
 #include "net/test/embedded_test_server/http_response.h"
 #include "services/network/network_context.h"
 #include "services/network/network_service.h"
 #include "services/network/origin_policy/origin_policy_constants.h"
 #include "services/network/origin_policy/origin_policy_fetcher.h"
 #include "services/network/origin_policy/origin_policy_header_values.h"
 #include "services/network/origin_policy/origin_policy_manager.h"
 #include "services/network/origin_policy/origin_policy_parser.h"
 #include "services/network/public/cpp/origin_policy.h"
 #include "services/network/test/test_network_service_client.h"
 #include "testing/gtest/include/gtest/gtest.h"

 namespace network {

 namespace {

 void DummyRetrieveOriginPolicyCallback(const network::OriginPolicy& result) {}

 }  // namespace

 class OriginPolicyFetcherTest : public testing::Test {
  public:
   OriginPolicyFetcherTest()
       : scoped_task_environment_(
             base::test::ScopedTaskEnvironment::MainThreadType::IO) {
     network_service_ = NetworkService::CreateForTesting();
     auto context_params = mojom::NetworkContextParams::New();
     // Use a fixed proxy config, to avoid dependencies on local network
     // configuration.
     context_params->initial_proxy_config =
         net::ProxyConfigWithAnnotation::CreateDirect();
     network_context_ = std::make_unique<NetworkContext>(
         network_service_.get(), mojo::MakeRequest(&network_context_ptr_),
         std::move(context_params));

     mojom::URLLoaderFactoryParamsPtr params =
         mojom::URLLoaderFactoryParams::New();
     params->process_id = mojom::kBrowserProcessId;
     params->is_corb_enabled = false;
     network_context_->CreateURLLoaderFactory(
         mojo::MakeRequest(&url_loader_factory_), std::move(params));

     manager_ = std::make_unique<OriginPolicyManager>(network_context_.get());

     test_server_.RegisterRequestHandler(base::BindRepeating(
         &OriginPolicyFetcherTest::HandleResponse, base::Unretained(this)));

     EXPECT_TRUE(test_server_.Start());

     test_server_origin_ = url::Origin::Create(test_server_.base_url());
   }

   const url::Origin& test_server_origin() const { return test_server_origin_; }

   OriginPolicyManager* manager() { return manager_.get(); }

   mojom::URLLoaderFactory* url_loader_factory() {
     return url_loader_factory_.get();
   }

  protected:
   const net::test_server::EmbeddedTestServer& test_server() const {
     return test_server_;
   }

   void SetUpDefaultPolicyResponse(const std::string& manifest_body) {
     default_policy_response_is_redirect_ = false;
     default_policy_extra_info_ = manifest_body;
   }

   void SetUpDefaultPolicyRedirect(const std::string& location_path) {
     default_policy_response_is_redirect_ = true;
     default_policy_extra_info_ = test_server_.GetURL(location_path).spec();
   }

  private:
   // The test server will know how to respond to the following requests:
   // `/.well-known/origin-policy` => use the response that was setup via
   //            SetUpDefaultPolicyRedirect() or SetUpDefaultPolicyResponse()
   // `/.well-known/origin-policy/policy-1` => 200, body: R"({ "feature-policy":
   // ["geolocation http://example1.com"] })"
   // `/.well-known/origin-policy/policy-2` => 200, body: R"({ "feature-policy":
   // ["geolocation http://example2.com"] })"
   // `/.well-known/origin-policy/redirect-policy` => 302 redirect to policy-1
   std::unique_ptr<net::test_server::HttpResponse> HandleResponse(
       const net::test_server::HttpRequest& request) {
     std::unique_ptr<net::test_server::BasicHttpResponse> response =
         std::make_unique<net::test_server::BasicHttpResponse>();

     if (request.relative_url == "/.well-known/origin-policy") {
       if (default_policy_response_is_redirect_) {
         response->set_code(net::HTTP_FOUND);
         response->AddCustomHeader("Location", default_policy_extra_info_);
       } else {
         response->set_code(net::HTTP_OK);
         response->set_content(default_policy_extra_info_);
       }
     } else if (request.relative_url == "/.well-known/origin-policy/policy-1") {
       response->set_code(net::HTTP_OK);
       response->set_content(
           R"({ "feature-policy": ["geolocation http://example1.com"] })");
     } else if (request.relative_url == "/.well-known/origin-policy/policy-2") {
       response->set_code(net::HTTP_OK);
       response->set_content(
           R"({ "feature-policy": ["geolocation http://example2.com"] })");
     } else if (request.relative_url ==
                "/.well-known/origin-policy/redirect-policy") {
       response->set_code(net::HTTP_FOUND);
       response->AddCustomHeader(
           "Location",
           test_server_.GetURL("/.well-known/origin-policy/policy-1").spec());
     } else {
       response->set_code(net::HTTP_NOT_FOUND);
     }

     return std::move(response);
   }

   base::test::ScopedTaskEnvironment scoped_task_environment_;
   std::unique_ptr<NetworkService> network_service_;
   std::unique_ptr<NetworkContext> network_context_;
   mojom::NetworkContextPtr network_context_ptr_;
   network::mojom::URLLoaderFactoryPtr url_loader_factory_;

   net::test_server::EmbeddedTestServer test_server_;
   url::Origin test_server_origin_;

   std::unique_ptr<OriginPolicyManager> manager_;

   bool default_policy_response_is_redirect_ = false;
   std::string default_policy_extra_info_;
 };

 TEST_F(OriginPolicyFetcherTest, GetPolicyURL) {
   url::Origin example_origin = url::Origin::Create(GURL("http://example.com/"));

   EXPECT_EQ(GURL("http://example.com/.well-known/origin-policy"),
             OriginPolicyFetcher::GetDefaultPolicyURL(example_origin));

   EXPECT_EQ(GURL("http://example.com/.well-known/origin-policy/some-version"),
             OriginPolicyFetcher::GetPolicyURL("some-version", example_origin));
 }

 TEST_F(OriginPolicyFetcherTest, IsValidRedirect) {
   const struct {
     const std::string initial_version;
     const std::string redirect_path;
     const bool expected;
   } kTests[] = {
       // Default policy is only allowed to redirect to valid policy version.
       {"", "/.well-known/origin-policy/some-policy", true},
       {"", "/not-in-well-known/origin-policy/some-policy", false},
       {"", "/.well-known/origin-policy", false},
       {"", "/.well-known/a/b", false},
       {"", "/.well-known/origin-policy-foo", false},
       {"", "/.well-known/return-policy", false},
       {"", "/.well-known/origin-policy", false},

       // Specific version policy is not allowed to redirect to other policy.
       {"some-policy", "/.well-known/origin-policy/other-policy", false},
       {"some-policy", "/.well-known/origin-policy", false},
       {"some-policy", "/.well-known/origin-policy/some-policy", false},
       {"other-policy", "/.well-known/origin-policy/some-policy/other-policy",
        false},

       // Query strings/hashes not allowed.
       {"", "/.well-known/origin-policy/some-policy?param=value", false},
       {"", "/.well-known/origin-policy/some-policy?%20", false},
       {"", "/.well-known/origin-policy?some-policy", false},
       {"", "/.well-known/origin-policy?version=some-policy", false},
       {"", "/.well-known/origin-policy/some-policy?", false},
       {"", "/.well-known/origin-policy/some-policy#h1", false},
       {"", "/.well-known/origin-policy#h1", false},
       {"", "/.well-known/origin-policy#some-policy", false},
       {"", "/.well-known/origin-policy/some-policy#", false},
       {"", "/.well-known/origin-policy/some-policy?param=value#h1", false},
       {"", "/.well-known/origin-policy/some-policy?param=value#", false},
       {"", "/.well-known/origin-policy/some-policy?#h1", false},
       {"", "/.well-known/origin-policy/some-policy?#", false},
       {"", "/.well-known/origin-policy?some-policy#", false},
       {"", "/.well-known/origin-policy?#some-policy", false},
   };

   for (const auto& test : kTests) {
     SCOPED_TRACE(test.redirect_path);
     auto fetcher =
         test.initial_version.empty()
             ? std::make_unique<OriginPolicyFetcher>(
                   manager(), test_server_origin(), url_loader_factory(),
                   base::BindOnce(&DummyRetrieveOriginPolicyCallback))
             : std::make_unique<OriginPolicyFetcher>(
                   manager(),
                   OriginPolicyHeaderValues(
                       {.policy_version = test.initial_version}),
                   test_server_origin(), url_loader_factory(),
                   base::BindOnce(&DummyRetrieveOriginPolicyCallback));

     net::RedirectInfo redirect_info;
     redirect_info.new_url = test_server().GetURL(test.redirect_path);
     EXPECT_EQ(test.expected, fetcher->IsValidRedirectForTesting(redirect_info));
   }
 }

 // Helper class for starting a fetcher and saving the result
 class TestOriginPolicyFetcherResult {
  public:
   TestOriginPolicyFetcherResult() {}

   void RetrieveOriginPolicy(const std::string& version,
                             OriginPolicyFetcherTest* fixture) {
     if (version.empty()) {
       fixture->manager()->RetrieveDefaultOriginPolicy(
           fixture->test_server_origin(),
           base::BindOnce(&TestOriginPolicyFetcherResult::Callback,
                          base::Unretained(this)));
     } else {
       fixture->manager()->RetrieveOriginPolicy(
           fixture->test_server_origin(), base::StrCat({"policy=", version}),
           base::BindOnce(&TestOriginPolicyFetcherResult::Callback,
                          base::Unretained(this)));
     }
     run_loop_.Run();
   }

   const OriginPolicy* origin_policy_result() const {
     return origin_policy_result_.get();
   }

  private:
   void Callback(const OriginPolicy& result) {
     origin_policy_result_ = std::make_unique<OriginPolicy>(result);
     run_loop_.Quit();
   }

   base::RunLoop run_loop_;
   std::unique_ptr<OriginPolicyFetcher> fetcher_;
   std::unique_ptr<OriginPolicy> origin_policy_result_;

   DISALLOW_COPY_AND_ASSIGN(TestOriginPolicyFetcherResult);
 };

 TEST_F(OriginPolicyFetcherTest, EndToEnd) {
   const struct {
     const std::string version;
     const OriginPolicyState expected_state;
     const std::string expected_raw_policy;
   } kTests[] = {
       {"policy-1", OriginPolicyState::kLoaded,
        R"({ "feature-policy": ["geolocation http://example1.com"] })"},
       {"policy-2", OriginPolicyState::kLoaded,
        R"({ "feature-policy": ["geolocation http://example2.com"] })"},
       {"", OriginPolicyState::kLoaded,
        R"({ "feature-policy": ["geolocation http://example1.com"] })"},
       {"redirect-policy", OriginPolicyState::kInvalidRedirect, ""},
       {"404-version", OriginPolicyState::kCannotLoadPolicy, ""},
   };

   SetUpDefaultPolicyRedirect("/.well-known/origin-policy/policy-1");

   for (const auto& test : kTests) {
     SCOPED_TRACE(test.version);
     TestOriginPolicyFetcherResult tester;
     tester.RetrieveOriginPolicy(test.version, this);
     EXPECT_EQ(test.expected_state, tester.origin_policy_result()->state);
     if (test.expected_raw_policy.empty()) {
       EXPECT_FALSE(tester.origin_policy_result()->contents);
     } else {
       OriginPolicyContentsPtr expected_origin_policy_contents =
           OriginPolicyParser::Parse(test.expected_raw_policy);
       EXPECT_EQ(expected_origin_policy_contents,
                 tester.origin_policy_result()->contents);
     }
   }
 }

 TEST_F(OriginPolicyFetcherTest, EndToEndInvalidRedirects) {
   const struct {
     std::string default_redirect_location;
   } kTests[] = {
       {"/.well-known/origin-policy/redirect-policy"},
       {"/not-well-known/origin-policy/policy-1"},
       {"/.well-known/origin-policy-something-else"},
       {"/.well-known/origin-policy/policy-1/policy-2"},
       {"/.well-known/origin-policy/policy-1/policy-2/policy-3"},
       {"/.well-known/origin-policy/policy-1?foo=bar"},
   };

   for (const auto& test : kTests) {
     SCOPED_TRACE(test.default_redirect_location);
     SetUpDefaultPolicyRedirect(test.default_redirect_location);

     TestOriginPolicyFetcherResult tester;
     tester.RetrieveOriginPolicy("", this);
     EXPECT_EQ(OriginPolicyState::kInvalidRedirect,
               tester.origin_policy_result()->state);
     EXPECT_FALSE(tester.origin_policy_result()->contents);
   }
 }

 TEST_F(OriginPolicyFetcherTest, EndToEndDefaultNotRedirecting) {
   SetUpDefaultPolicyResponse(
       R"({ "feature-policy": ["geolocation http://example1.com"] })");

   TestOriginPolicyFetcherResult tester;
   tester.RetrieveOriginPolicy("", this);
   EXPECT_EQ(OriginPolicyState::kCannotLoadPolicy,
             tester.origin_policy_result()->state);
   EXPECT_FALSE(tester.origin_policy_result()->contents);
 }

 TEST_F(OriginPolicyFetcherTest, EmptyVersionConstructor) {
   EXPECT_DCHECK_DEATH(
       OriginPolicyFetcher(manager(), OriginPolicyHeaderValues(),
                           test_server_origin(), url_loader_factory(),
                           base::BindOnce(&DummyRetrieveOriginPolicyCallback)));
 }

 }  // namespace network
	// Copyright 2019 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include <memory>
	#include <utility>

	#include "base/strings/strcat.h"
	#include "base/test/gtest_util.h"
	#include "base/test/scoped_task_environment.h"
	#include "net/http/http_status_code.h"
	#include "net/test/embedded_test_server/embedded_test_server.h"
	#include "net/test/embedded_test_server/http_request.h"
	#include "net/test/embedded_test_server/http_response.h"
	#include "services/network/network_context.h"
	#include "services/network/network_service.h"
	#include "services/network/origin_policy/origin_policy_constants.h"
	#include "services/network/origin_policy/origin_policy_fetcher.h"
	#include "services/network/origin_policy/origin_policy_header_values.h"
	#include "services/network/origin_policy/origin_policy_manager.h"
	#include "services/network/origin_policy/origin_policy_parser.h"
	#include "services/network/public/cpp/origin_policy.h"
	#include "services/network/test/test_network_service_client.h"
	#include "testing/gtest/include/gtest/gtest.h"

	namespace network {

	namespace {

	void DummyRetrieveOriginPolicyCallback(const network::OriginPolicy& result) {}

	} // namespace

	class OriginPolicyFetcherTest : public testing::Test {
	public:
	OriginPolicyFetcherTest()
	: scoped_task_environment_(
	base::test::ScopedTaskEnvironment::MainThreadType::IO) {
	network_service_ = NetworkService::CreateForTesting();
	auto context_params = mojom::NetworkContextParams::New();
	// Use a fixed proxy config, to avoid dependencies on local network
	// configuration.
	context_params->initial_proxy_config =
	net::ProxyConfigWithAnnotation::CreateDirect();
	network_context_ = std::make_unique<NetworkContext>(
	network_service_.get(), mojo::MakeRequest(&network_context_ptr_),
	std::move(context_params));

	mojom::URLLoaderFactoryParamsPtr params =
	mojom::URLLoaderFactoryParams::New();
	params->process_id = mojom::kBrowserProcessId;
	params->is_corb_enabled = false;
	network_context_->CreateURLLoaderFactory(
	mojo::MakeRequest(&url_loader_factory_), std::move(params));

	manager_ = std::make_unique<OriginPolicyManager>(network_context_.get());

	test_server_.RegisterRequestHandler(base::BindRepeating(
	&OriginPolicyFetcherTest::HandleResponse, base::Unretained(this)));

	EXPECT_TRUE(test_server_.Start());

	test_server_origin_ = url::Origin::Create(test_server_.base_url());
	}

	const url::Origin& test_server_origin() const { return test_server_origin_; }

	OriginPolicyManager* manager() { return manager_.get(); }

	mojom::URLLoaderFactory* url_loader_factory() {
	return url_loader_factory_.get();
	}

	protected:
	const net::test_server::EmbeddedTestServer& test_server() const {
	return test_server_;
	}

	void SetUpDefaultPolicyResponse(const std::string& manifest_body) {
	default_policy_response_is_redirect_ = false;
	default_policy_extra_info_ = manifest_body;
	}

	void SetUpDefaultPolicyRedirect(const std::string& location_path) {
	default_policy_response_is_redirect_ = true;
	default_policy_extra_info_ = test_server_.GetURL(location_path).spec();
	}

	private:
	// The test server will know how to respond to the following requests:
	// `/.well-known/origin-policy` => use the response that was setup via
	// SetUpDefaultPolicyRedirect() or SetUpDefaultPolicyResponse()
	// `/.well-known/origin-policy/policy-1` => 200, body: R"({ "feature-policy":
	// ["geolocation http://example1.com"] })"
	// `/.well-known/origin-policy/policy-2` => 200, body: R"({ "feature-policy":
	// ["geolocation http://example2.com"] })"
	// `/.well-known/origin-policy/redirect-policy` => 302 redirect to policy-1
	std::unique_ptr<net::test_server::HttpResponse> HandleResponse(
	const net::test_server::HttpRequest& request) {
	std::unique_ptr<net::test_server::BasicHttpResponse> response =
	std::make_unique<net::test_server::BasicHttpResponse>();

	if (request.relative_url == "/.well-known/origin-policy") {
	if (default_policy_response_is_redirect_) {
	response->set_code(net::HTTP_FOUND);
	response->AddCustomHeader("Location", default_policy_extra_info_);
	} else {
	response->set_code(net::HTTP_OK);
	response->set_content(default_policy_extra_info_);
	}
	} else if (request.relative_url == "/.well-known/origin-policy/policy-1") {
	response->set_code(net::HTTP_OK);
	response->set_content(
	R"({ "feature-policy": ["geolocation http://example1.com"] })");
	} else if (request.relative_url == "/.well-known/origin-policy/policy-2") {
	response->set_code(net::HTTP_OK);
	response->set_content(
	R"({ "feature-policy": ["geolocation http://example2.com"] })");
	} else if (request.relative_url ==
	"/.well-known/origin-policy/redirect-policy") {
	response->set_code(net::HTTP_FOUND);
	response->AddCustomHeader(
	"Location",
	test_server_.GetURL("/.well-known/origin-policy/policy-1").spec());
	} else {
	response->set_code(net::HTTP_NOT_FOUND);
	}

	return std::move(response);
	}

	base::test::ScopedTaskEnvironment scoped_task_environment_;
	std::unique_ptr<NetworkService> network_service_;
	std::unique_ptr<NetworkContext> network_context_;
	mojom::NetworkContextPtr network_context_ptr_;
	network::mojom::URLLoaderFactoryPtr url_loader_factory_;

	net::test_server::EmbeddedTestServer test_server_;
	url::Origin test_server_origin_;

	std::unique_ptr<OriginPolicyManager> manager_;

	bool default_policy_response_is_redirect_ = false;
	std::string default_policy_extra_info_;
	};

	TEST_F(OriginPolicyFetcherTest, GetPolicyURL) {
	url::Origin example_origin = url::Origin::Create(GURL("http://example.com/"));

	EXPECT_EQ(GURL("http://example.com/.well-known/origin-policy"),
	OriginPolicyFetcher::GetDefaultPolicyURL(example_origin));

	EXPECT_EQ(GURL("http://example.com/.well-known/origin-policy/some-version"),
	OriginPolicyFetcher::GetPolicyURL("some-version", example_origin));
	}

	TEST_F(OriginPolicyFetcherTest, IsValidRedirect) {
	const struct {
	const std::string initial_version;
	const std::string redirect_path;
	const bool expected;
	} kTests[] = {
	// Default policy is only allowed to redirect to valid policy version.
	{"", "/.well-known/origin-policy/some-policy", true},
	{"", "/not-in-well-known/origin-policy/some-policy", false},
	{"", "/.well-known/origin-policy", false},
	{"", "/.well-known/a/b", false},
	{"", "/.well-known/origin-policy-foo", false},
	{"", "/.well-known/return-policy", false},
	{"", "/.well-known/origin-policy", false},

	// Specific version policy is not allowed to redirect to other policy.
	{"some-policy", "/.well-known/origin-policy/other-policy", false},
	{"some-policy", "/.well-known/origin-policy", false},
	{"some-policy", "/.well-known/origin-policy/some-policy", false},
	{"other-policy", "/.well-known/origin-policy/some-policy/other-policy",
	false},

	// Query strings/hashes not allowed.
	{"", "/.well-known/origin-policy/some-policy?param=value", false},
	{"", "/.well-known/origin-policy/some-policy?%20", false},
	{"", "/.well-known/origin-policy?some-policy", false},
	{"", "/.well-known/origin-policy?version=some-policy", false},
	{"", "/.well-known/origin-policy/some-policy?", false},
	{"", "/.well-known/origin-policy/some-policy#h1", false},
	{"", "/.well-known/origin-policy#h1", false},
	{"", "/.well-known/origin-policy#some-policy", false},
	{"", "/.well-known/origin-policy/some-policy#", false},
	{"", "/.well-known/origin-policy/some-policy?param=value#h1", false},
	{"", "/.well-known/origin-policy/some-policy?param=value#", false},
	{"", "/.well-known/origin-policy/some-policy?#h1", false},
	{"", "/.well-known/origin-policy/some-policy?#", false},
	{"", "/.well-known/origin-policy?some-policy#", false},
	{"", "/.well-known/origin-policy?#some-policy", false},
	};

	for (const auto& test : kTests) {
	SCOPED_TRACE(test.redirect_path);
	auto fetcher =
	test.initial_version.empty()
	? std::make_unique<OriginPolicyFetcher>(
	manager(), test_server_origin(), url_loader_factory(),
	base::BindOnce(&DummyRetrieveOriginPolicyCallback))
	: std::make_unique<OriginPolicyFetcher>(
	manager(),
	OriginPolicyHeaderValues(
	{.policy_version = test.initial_version}),
	test_server_origin(), url_loader_factory(),
	base::BindOnce(&DummyRetrieveOriginPolicyCallback));

	net::RedirectInfo redirect_info;
	redirect_info.new_url = test_server().GetURL(test.redirect_path);
	EXPECT_EQ(test.expected, fetcher->IsValidRedirectForTesting(redirect_info));
	}
	}

	// Helper class for starting a fetcher and saving the result
	class TestOriginPolicyFetcherResult {
	public:
	TestOriginPolicyFetcherResult() {}

	void RetrieveOriginPolicy(const std::string& version,
	OriginPolicyFetcherTest* fixture) {
	if (version.empty()) {
	fixture->manager()->RetrieveDefaultOriginPolicy(
	fixture->test_server_origin(),
	base::BindOnce(&TestOriginPolicyFetcherResult::Callback,
	base::Unretained(this)));
	} else {
	fixture->manager()->RetrieveOriginPolicy(
	fixture->test_server_origin(), base::StrCat({"policy=", version}),
	base::BindOnce(&TestOriginPolicyFetcherResult::Callback,
	base::Unretained(this)));
	}
	run_loop_.Run();
	}

	const OriginPolicy* origin_policy_result() const {
	return origin_policy_result_.get();
	}

	private:
	void Callback(const OriginPolicy& result) {
	origin_policy_result_ = std::make_unique<OriginPolicy>(result);
	run_loop_.Quit();
	}

	base::RunLoop run_loop_;
	std::unique_ptr<OriginPolicyFetcher> fetcher_;
	std::unique_ptr<OriginPolicy> origin_policy_result_;

	DISALLOW_COPY_AND_ASSIGN(TestOriginPolicyFetcherResult);
	};

	TEST_F(OriginPolicyFetcherTest, EndToEnd) {
	const struct {
	const std::string version;
	const OriginPolicyState expected_state;
	const std::string expected_raw_policy;
	} kTests[] = {
	{"policy-1", OriginPolicyState::kLoaded,
	R"({ "feature-policy": ["geolocation http://example1.com"] })"},
	{"policy-2", OriginPolicyState::kLoaded,
	R"({ "feature-policy": ["geolocation http://example2.com"] })"},
	{"", OriginPolicyState::kLoaded,
	R"({ "feature-policy": ["geolocation http://example1.com"] })"},
	{"redirect-policy", OriginPolicyState::kInvalidRedirect, ""},
	{"404-version", OriginPolicyState::kCannotLoadPolicy, ""},
	};

	SetUpDefaultPolicyRedirect("/.well-known/origin-policy/policy-1");

	for (const auto& test : kTests) {
	SCOPED_TRACE(test.version);
	TestOriginPolicyFetcherResult tester;
	tester.RetrieveOriginPolicy(test.version, this);
	EXPECT_EQ(test.expected_state, tester.origin_policy_result()->state);
	if (test.expected_raw_policy.empty()) {
	EXPECT_FALSE(tester.origin_policy_result()->contents);
	} else {
	OriginPolicyContentsPtr expected_origin_policy_contents =
	OriginPolicyParser::Parse(test.expected_raw_policy);
	EXPECT_EQ(expected_origin_policy_contents,
	tester.origin_policy_result()->contents);
	}
	}
	}

	TEST_F(OriginPolicyFetcherTest, EndToEndInvalidRedirects) {
	const struct {
	std::string default_redirect_location;
	} kTests[] = {
	{"/.well-known/origin-policy/redirect-policy"},
	{"/not-well-known/origin-policy/policy-1"},
	{"/.well-known/origin-policy-something-else"},
	{"/.well-known/origin-policy/policy-1/policy-2"},
	{"/.well-known/origin-policy/policy-1/policy-2/policy-3"},
	{"/.well-known/origin-policy/policy-1?foo=bar"},
	};

	for (const auto& test : kTests) {
	SCOPED_TRACE(test.default_redirect_location);
	SetUpDefaultPolicyRedirect(test.default_redirect_location);

	TestOriginPolicyFetcherResult tester;
	tester.RetrieveOriginPolicy("", this);
	EXPECT_EQ(OriginPolicyState::kInvalidRedirect,
	tester.origin_policy_result()->state);
	EXPECT_FALSE(tester.origin_policy_result()->contents);
	}
	}

	TEST_F(OriginPolicyFetcherTest, EndToEndDefaultNotRedirecting) {
	SetUpDefaultPolicyResponse(
	R"({ "feature-policy": ["geolocation http://example1.com"] })");

	TestOriginPolicyFetcherResult tester;
	tester.RetrieveOriginPolicy("", this);
	EXPECT_EQ(OriginPolicyState::kCannotLoadPolicy,
	tester.origin_policy_result()->state);
	EXPECT_FALSE(tester.origin_policy_result()->contents);
	}

	TEST_F(OriginPolicyFetcherTest, EmptyVersionConstructor) {
	EXPECT_DCHECK_DEATH(
	OriginPolicyFetcher(manager(), OriginPolicyHeaderValues(),
	test_server_origin(), url_loader_factory(),
	base::BindOnce(&DummyRetrieveOriginPolicyCallback)));
	}

	} // namespace network