| // Copyright (c) 2009 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "base/logging.h" |
| #include "chrome_frame/html_utils.h" |
| #include "testing/gtest/include/gtest/gtest.h" |
| |
| namespace { |
| |
| TEST(HttpUtils, HasFrameBustingHeader) { |
| // Simple negative cases. |
| ASSERT_FALSE(http_utils::HasFrameBustingHeader("")); |
| ASSERT_FALSE(http_utils::HasFrameBustingHeader("Content-Type: text/plain")); |
| // Explicit negative cases, test that we ignore case. |
| ASSERT_FALSE(http_utils::HasFrameBustingHeader("X-Frame-Options: ALLOWALL")); |
| ASSERT_FALSE(http_utils::HasFrameBustingHeader("X-Frame-Options: allowall")); |
| ASSERT_FALSE(http_utils::HasFrameBustingHeader("X-Frame-Options: ALLowalL")); |
| // Added space, ensure stripped out |
| ASSERT_FALSE(http_utils::HasFrameBustingHeader( |
| "X-Frame-Options: ALLOWALL ")); |
| // Added space with linefeed, ensure still stripped out |
| ASSERT_FALSE(http_utils::HasFrameBustingHeader( |
| "X-Frame-Options: ALLOWALL \r\n")); |
| // Multiple identical headers, all of them allowing framing. |
| ASSERT_FALSE(http_utils::HasFrameBustingHeader( |
| "X-Frame-Options: ALLOWALL\r\n" |
| "X-Frame-Options: ALLOWALL\r\n" |
| "X-Frame-Options: ALLOWALL")); |
| // Interleave with other headers. |
| ASSERT_FALSE(http_utils::HasFrameBustingHeader( |
| "Content-Type: text/plain\r\n" |
| "X-Frame-Options: ALLOWALL\r\n" |
| "Content-Length: 42")); |
| |
| // Simple positive cases. |
| ASSERT_TRUE(http_utils::HasFrameBustingHeader("X-Frame-Options: deny")); |
| ASSERT_TRUE(http_utils::HasFrameBustingHeader( |
| "X-Frame-Options: SAMEorigin")); |
| |
| // Allowall entries do not override the denying entries, are |
| // order-independent, and the deny entries can interleave with |
| // other headers. |
| ASSERT_TRUE(http_utils::HasFrameBustingHeader( |
| "Content-Length: 42\r\n" |
| "X-Frame-Options: ALLOWall\r\n" |
| "X-Frame-Options: deny\r\n")); |
| ASSERT_TRUE(http_utils::HasFrameBustingHeader( |
| "X-Frame-Options: ALLOWall\r\n" |
| "Content-Length: 42\r\n" |
| "X-Frame-Options: SAMEORIGIN\r\n")); |
| ASSERT_TRUE(http_utils::HasFrameBustingHeader( |
| "X-Frame-Options: deny\r\n" |
| "X-Frame-Options: ALLOWall\r\n" |
| "Content-Length: 42\r\n")); |
| ASSERT_TRUE(http_utils::HasFrameBustingHeader( |
| "X-Frame-Options: SAMEORIGIN\r\n" |
| "X-Frame-Options: ALLOWall\r\n")); |
| } |
| |
| } // namespace |