| // Copyright 2023 The Chromium Authors |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include <memory> |
| #include <string> |
| |
| #include "base/files/file_path.h" |
| #include "base/files/file_util.h" |
| #include "base/json/json_reader.h" |
| #include "base/path_service.h" |
| #include "base/task/current_thread.h" |
| #include "base/test/bind.h" |
| #include "base/test/gmock_expected_support.h" |
| #include "base/test/metrics/histogram_tester.h" |
| #include "base/test/scoped_feature_list.h" |
| #include "base/threading/thread_restrictions.h" |
| #include "chrome/browser/content_settings/host_content_settings_map_factory.h" |
| #include "chrome/browser/controlled_frame/controlled_frame_test_base.h" |
| #include "chrome/browser/extensions/browsertest_util.h" |
| #include "chrome/browser/extensions/menu_manager.h" |
| #include "chrome/browser/extensions/service_worker_apitest.h" |
| #include "chrome/browser/ui/browser.h" |
| #include "chrome/browser/web_applications/isolated_web_apps/isolated_web_app_url_info.h" |
| #include "chrome/browser/web_applications/isolated_web_apps/test/isolated_web_app_builder.h" |
| #include "chrome/common/chrome_features.h" |
| #include "chrome/common/chrome_paths.h" |
| #include "components/content_settings/core/browser/host_content_settings_map.h" |
| #include "components/content_settings/core/common/content_settings.h" |
| #include "components/embedder_support/user_agent_utils.h" |
| #include "content/public/browser/render_frame_host.h" |
| #include "content/public/browser/web_contents.h" |
| #include "content/public/browser/web_exposed_isolation_level.h" |
| #include "content/public/common/content_features.h" |
| #include "content/public/test/browser_test.h" |
| #include "content/public/test/browser_test_utils.h" |
| #include "content/public/test/test_navigation_observer.h" |
| #include "content/public/test/test_utils.h" |
| #include "content/public/test/web_transport_simple_test_server.h" |
| #include "extensions/browser/api/web_request/extension_web_request_event_router.h" |
| #include "extensions/browser/event_router.h" |
| #include "extensions/browser/guest_view/web_view/web_view_guest.h" |
| #include "extensions/test/extension_test_message_listener.h" |
| #include "net/test/embedded_test_server/embedded_test_server.h" |
| #include "net/test/embedded_test_server/install_default_websocket_handlers.h" |
| #include "net/test/test_data_directory.h" |
| #include "testing/gtest/include/gtest/gtest.h" |
| #include "third_party/blink/public/mojom/use_counter/metrics/web_feature.mojom.h" |
| |
| using testing::HasSubstr; |
| using testing::Not; |
| |
| namespace controlled_frame { |
| |
| namespace { |
| |
| constexpr char kWebRequestOnBeforeRequestEventName[] = |
| "webViewInternal.onBeforeRequest"; |
| constexpr char kWebRequestOnAuthRequiredEventName[] = |
| "webViewInternal.onAuthRequired"; |
| constexpr char kEvalSuccessStr[] = "SUCCESS"; |
| constexpr char kExpectedPropertiesJsonPath[] = |
| "controlled_frame/resources/expected_properties.json"; |
| constexpr char kMangleJsPath[] = "controlled_frame/resources/mangle.js"; |
| |
| std::string ReadTestDataFile(const std::string& test_data_relative_path) { |
| base::ScopedAllowBlockingForTesting allow_blocking; |
| base::FilePath test_data_dir; |
| CHECK(base::PathService::Get(chrome::DIR_TEST_DATA, &test_data_dir)); |
| base::FilePath expected_properties_json_path = |
| test_data_dir.AppendASCII(test_data_relative_path); |
| std::string file_contents; |
| CHECK(base::ReadFileToString(expected_properties_json_path, &file_contents)); |
| return file_contents; |
| } |
| |
| const content::EvalJsResult SetBackgroundColorToWhite( |
| extensions::WebViewGuest* guest) { |
| return content::EvalJs(guest->GetGuestMainFrame(), R"( |
| (function() { |
| document.body.style.backgroundColor = 'white'; |
| return 'SUCCESS'; |
| })(); |
| )"); |
| } |
| |
| const content::EvalJsResult ExecuteScriptRedBackgroundCode( |
| content::RenderFrameHost* app_frame) { |
| return content::EvalJs(app_frame, R"( |
| (async function() { |
| const frame = document.getElementsByTagName('controlledframe')[0]; |
| if (!frame || !frame.request) { |
| return 'FAIL'; |
| } |
| await frame.executeScript( |
| {code: "document.body.style.backgroundColor = 'red';"}); |
| return 'SUCCESS'; |
| })(); |
| )"); |
| } |
| |
| const content::EvalJsResult ExecuteScriptRedBackgroundFile( |
| content::RenderFrameHost* app_frame) { |
| return content::EvalJs(app_frame, R"( |
| (async function() { |
| const frame = document.getElementsByTagName('controlledframe')[0]; |
| if (!frame || !frame.request) { |
| return 'FAIL'; |
| } |
| await frame.executeScript({file: "/execute_script.input.js"}); |
| return 'SUCCESS'; |
| })(); |
| )"); |
| } |
| |
| const content::EvalJsResult VerifyBackgroundColorIsRed( |
| extensions::WebViewGuest* guest) { |
| return content::EvalJs(guest->GetGuestMainFrame(), R"( |
| (function() { |
| if (document.body.style.backgroundColor === 'red') { |
| return 'SUCCESS'; |
| } else { |
| return 'FAIL'; |
| } |
| })(); |
| )"); |
| } |
| |
| // TODO(odejesush): Add tests for the rest of the Promise API methods. |
| const char* kControlledFramePromiseApiMethods[]{"back", "forward", "go"}; |
| |
| } // namespace |
| |
| class ControlledFrameApiTest : public ControlledFrameTestBase { |
| protected: |
| ControlledFrameApiTest() |
| : ControlledFrameTestBase( |
| /*channel=*/version_info::Channel::STABLE, |
| /*feature_setting=*/FeatureSetting::ENABLED, |
| /*flag_setting=*/FlagSetting::CONTROLLED_FRAME) {} |
| |
| ControlledFrameApiTest(const version_info::Channel& channel, |
| const FeatureSetting& feature_setting, |
| const FlagSetting& flag_setting) |
| : ControlledFrameTestBase(channel, feature_setting, flag_setting) {} |
| |
| testing::AssertionResult SetUseMangledJs(content::RenderFrameHost* frame) { |
| std::string mangle_js = ReadTestDataFile(kMangleJsPath); |
| if (mangle_js.length() == 0u) { |
| return testing::AssertionFailure() << "No mangle.js code found"; |
| } |
| return ExecJs(frame, mangle_js); |
| } |
| |
| public: |
| void SetUpOnMainThread() override { |
| ControlledFrameTestBase::SetUpOnMainThread(); |
| StartContentServer("web_apps/simple_isolated_app"); |
| } |
| |
| }; |
| |
| // This test checks if the Controlled Frame is able to intercept URL navigation |
| // requests. |
| IN_PROC_BROWSER_TEST_F(ControlledFrameApiTest, URLLoaderIsProxied) { |
| web_app::IsolatedWebAppUrlInfo url_info = |
| CreateAndInstallEmptyApp(web_app::ManifestBuilder()); |
| content::RenderFrameHost* app_frame = OpenApp(url_info.app_id()); |
| |
| const GURL& kOriginalControlledFrameUrl = |
| embedded_https_test_server().GetURL("/index.html"); |
| ASSERT_TRUE(CreateControlledFrame(app_frame, kOriginalControlledFrameUrl)); |
| |
| auto* web_request_event_router = |
| extensions::WebRequestEventRouter::Get(profile()); |
| EXPECT_EQ(0u, web_request_event_router->GetListenerCountForTesting( |
| profile(), kWebRequestOnBeforeRequestEventName)); |
| |
| const std::string& kServerHostPort = |
| embedded_https_test_server().host_port_pair().ToString(); |
| EXPECT_EQ("SUCCESS", |
| content::EvalJs(app_frame, content::JsReplace(R"( |
| (function() { |
| const frame = document.getElementsByTagName('controlledframe')[0]; |
| if (!frame || !frame.request) { |
| return 'FAIL: frame or frame.request is undefined'; |
| } |
| frame.request.createWebRequestInterceptor({ |
| urlPatterns: ['*://*/*'], |
| resourceTypes: ['main-frame'], |
| blocking: true, |
| }).addEventListener('beforerequest', (e) => { |
| if (e.request.url.endsWith('cancel.html')) { |
| e.preventDefault(); |
| } |
| if (e.request.url.endsWith('redirect.html')) { |
| e.redirect('https://' + $1 + '/controlled_frame_redirect_target.html'); |
| } |
| }); |
| return 'SUCCESS'; |
| })(); |
| )", |
| kServerHostPort))); |
| EXPECT_EQ(1u, web_request_event_router->GetListenerCountForTesting( |
| profile(), kWebRequestOnBeforeRequestEventName)); |
| |
| auto* web_view_guest = GetWebViewGuest(app_frame); |
| content::WebContents* guest_web_contents = web_view_guest->web_contents(); |
| |
| // Check that navigations can be cancelled. |
| { |
| content::TestNavigationObserver navigation_observer( |
| guest_web_contents, net::Error::ERR_BLOCKED_BY_CLIENT, |
| content::MessageLoopRunner::QuitMode::IMMEDIATE, |
| /*ignore_uncommitted_navigations=*/false); |
| web_view_guest->NavigateGuest(embedded_https_test_server() |
| .GetURL("/controlled_frame_cancel.html") |
| .spec(), |
| /*navigation_handle_callback=*/{}, |
| /*force_navigation=*/false); |
| navigation_observer.WaitForNavigationFinished(); |
| EXPECT_EQ(net::Error::ERR_BLOCKED_BY_CLIENT, |
| navigation_observer.last_net_error_code()); |
| EXPECT_EQ(kOriginalControlledFrameUrl, |
| web_view_guest->GetGuestMainFrame()->GetLastCommittedURL()); |
| EXPECT_FALSE(navigation_observer.last_navigation_succeeded()); |
| } |
| |
| // Check that navigations can be redirected. |
| { |
| content::TestNavigationObserver navigation_observer( |
| guest_web_contents, /*expected_number_of_navigations=*/1u); |
| web_view_guest->NavigateGuest(embedded_https_test_server() |
| .GetURL("/controlled_frame_redirect.html") |
| .spec(), |
| /*navigation_handle_callback=*/{}, |
| /*force_navigation=*/false); |
| navigation_observer.WaitForNavigationFinished(); |
| EXPECT_EQ(embedded_https_test_server().GetURL( |
| "/controlled_frame_redirect_target.html"), |
| web_view_guest->GetGuestMainFrame()->GetLastCommittedURL()); |
| EXPECT_TRUE(navigation_observer.last_navigation_succeeded()); |
| } |
| |
| // Check that navigations can succeed. |
| { |
| content::TestNavigationObserver navigation_observer( |
| guest_web_contents, /*expected_number_of_navigations=*/1u); |
| const GURL& kControlledFrameSuccessUrl = |
| embedded_https_test_server().GetURL("/controlled_frame_success.html"); |
| web_view_guest->NavigateGuest(kControlledFrameSuccessUrl.spec(), |
| /*navigation_handle_callback=*/{}, |
| /*force_navigation=*/false); |
| navigation_observer.WaitForNavigationFinished(); |
| EXPECT_EQ(kControlledFrameSuccessUrl, |
| web_view_guest->GetGuestMainFrame()->GetLastCommittedURL()); |
| EXPECT_TRUE(navigation_observer.last_navigation_succeeded()); |
| } |
| } |
| |
| IN_PROC_BROWSER_TEST_F(ControlledFrameApiTest, AuthRequestIsProxied) { |
| web_app::IsolatedWebAppUrlInfo url_info = |
| CreateAndInstallEmptyApp(web_app::ManifestBuilder()); |
| content::RenderFrameHost* app_frame = OpenApp(url_info.app_id()); |
| |
| ASSERT_TRUE(CreateControlledFrame( |
| app_frame, embedded_https_test_server().GetURL("/index.html"))); |
| |
| auto* web_request_event_router = |
| extensions::WebRequestEventRouter::Get(profile()); |
| EXPECT_EQ(0u, web_request_event_router->GetListenerCountForTesting( |
| profile(), kWebRequestOnAuthRequiredEventName)); |
| |
| EXPECT_EQ(true, content::EvalJs(app_frame, R"( |
| (function() { |
| const frame = document.getElementsByTagName('controlledframe')[0]; |
| if (!frame || !frame.request) { |
| return false; |
| } |
| |
| const expectedUsername = 'test'; |
| const expectedPassword = 'pass'; |
| frame.request.createWebRequestInterceptor({ |
| urlPatterns: [`https://*/auth-basic*`], |
| blocking: true, |
| }).addEventListener('authrequired', (e) => { |
| e.setCredentials({ |
| username: expectedUsername, |
| password: expectedPassword |
| }); |
| }); |
| return true; |
| })(); |
| )")); |
| EXPECT_EQ(1u, web_request_event_router->GetListenerCountForTesting( |
| profile(), kWebRequestOnAuthRequiredEventName)); |
| |
| auto* web_view_guest = GetWebViewGuest(app_frame); |
| content::WebContents* guest_web_contents = web_view_guest->web_contents(); |
| |
| // Check that the injecting the credentials through WebRequest produces a |
| // successful navigation. |
| { |
| content::TestNavigationObserver navigation_observer( |
| guest_web_contents, |
| /*expected_number_of_navigations=*/1u); |
| const GURL& kAuthBasicUrl = |
| embedded_https_test_server().GetURL("/auth-basic?password=pass"); |
| web_view_guest->NavigateGuest(kAuthBasicUrl.spec(), |
| /*navigation_handle_callback=*/{}, |
| /*force_navigation=*/false); |
| navigation_observer.WaitForNavigationFinished(); |
| EXPECT_EQ(kAuthBasicUrl, |
| web_view_guest->GetGuestMainFrame()->GetLastCommittedURL()); |
| EXPECT_TRUE(navigation_observer.last_navigation_succeeded()); |
| } |
| |
| // Check that the injecting the wrong credentials through WebRequest produces |
| // an error. |
| { |
| content::TestNavigationObserver navigation_observer( |
| guest_web_contents, |
| /*expected_number_of_navigations=*/1u); |
| const GURL& kAuthBasicUrl = |
| embedded_https_test_server().GetURL("/auth-basic?password=badpass"); |
| web_view_guest->NavigateGuest(kAuthBasicUrl.spec(), |
| /*navigation_handle_callback=*/{}, |
| /*force_navigation=*/false); |
| navigation_observer.WaitForNavigationFinished(); |
| EXPECT_EQ(kAuthBasicUrl, |
| web_view_guest->GetGuestMainFrame()->GetLastCommittedURL()); |
| // The auth request fails but keeps retrying until this error is produced. |
| // TODO(crbug.com/40942953): The error produced here should be |
| // authentication related. |
| EXPECT_EQ(net::Error::ERR_TOO_MANY_RETRIES, |
| navigation_observer.last_net_error_code()); |
| EXPECT_FALSE(navigation_observer.last_navigation_succeeded()); |
| } |
| } |
| |
| IN_PROC_BROWSER_TEST_F(ControlledFrameApiTest, ExecuteScript) { |
| std::unique_ptr<web_app::ScopedBundledIsolatedWebApp> app = |
| web_app::IsolatedWebAppBuilder( |
| web_app::ManifestBuilder().AddPermissionsPolicy( |
| network::mojom::PermissionsPolicyFeature::kControlledFrame, |
| /*self=*/true, |
| /*origins=*/{})) |
| .AddHtml("/execute_script.input.js", |
| "document.body.style.backgroundColor = 'red';") |
| .BuildBundle(); |
| app->TrustSigningKey(); |
| ASSERT_OK_AND_ASSIGN(web_app::IsolatedWebAppUrlInfo url_info, |
| app->Install(profile())); |
| content::RenderFrameHost* app_frame = OpenApp(url_info.app_id()); |
| |
| ASSERT_TRUE(CreateControlledFrame( |
| app_frame, embedded_https_test_server().GetURL("/index.html"))); |
| |
| auto* web_view_guest = GetWebViewGuest(app_frame); |
| |
| // Verify that executeScript() using JS code can change the background color. |
| EXPECT_EQ(kEvalSuccessStr, SetBackgroundColorToWhite(web_view_guest)); |
| EXPECT_EQ(kEvalSuccessStr, ExecuteScriptRedBackgroundCode(app_frame)); |
| EXPECT_EQ(kEvalSuccessStr, VerifyBackgroundColorIsRed(web_view_guest)); |
| |
| // Verify that executeScript() using a JS file changes the background color. |
| EXPECT_EQ(kEvalSuccessStr, SetBackgroundColorToWhite(web_view_guest)); |
| EXPECT_EQ(kEvalSuccessStr, ExecuteScriptRedBackgroundFile(app_frame)); |
| EXPECT_EQ(kEvalSuccessStr, VerifyBackgroundColorIsRed(web_view_guest)); |
| } |
| |
| IN_PROC_BROWSER_TEST_F(ControlledFrameApiTest, DisabledInDataIframe) { |
| web_app::IsolatedWebAppUrlInfo url_info = |
| CreateAndInstallEmptyApp(web_app::ManifestBuilder()); |
| content::RenderFrameHost* app_frame = OpenApp(url_info.app_id()); |
| |
| GURL https_url = embedded_https_test_server().GetURL("/index.html"); |
| ASSERT_TRUE(CreateControlledFrame(app_frame, https_url)); |
| |
| ASSERT_TRUE(ExecJs(app_frame, R"( |
| const src = '<!DOCTYPE html><p>data: URL</p>'; |
| const url = `data:text/html;base64,${btoa(src)}`; |
| new Promise(resolve => { |
| const f = document.createElement('iframe'); |
| f.src = url; |
| f.addEventListener('load', resolve); |
| document.body.appendChild(f); |
| }); |
| )")); |
| content::RenderFrameHost* iframe = ChildFrameAt(app_frame, 1); |
| ASSERT_NE(iframe, nullptr); |
| |
| ASSERT_FALSE(CreateControlledFrame(iframe, https_url)); |
| } |
| |
| IN_PROC_BROWSER_TEST_F(ControlledFrameApiTest, DisabledInSandboxedIframe) { |
| web_app::IsolatedWebAppUrlInfo url_info = |
| CreateAndInstallEmptyApp(web_app::ManifestBuilder()); |
| content::RenderFrameHost* app_frame = OpenApp(url_info.app_id()); |
| |
| GURL https_url = embedded_https_test_server().GetURL("/index.html"); |
| ASSERT_TRUE(CreateControlledFrame(app_frame, https_url)); |
| |
| ASSERT_TRUE( |
| ExecJs(app_frame, content::JsReplace(R"( |
| new Promise(resolve => { |
| const f = document.createElement('iframe'); |
| f.src = $1; |
| f.sandbox = 'allow-scripts'; // for EvalJs |
| f.addEventListener('load', resolve); |
| document.body.appendChild(f); |
| }); |
| )", |
| url_info.origin().Serialize()))); |
| content::RenderFrameHost* iframe = ChildFrameAt(app_frame, 1); |
| ASSERT_NE(iframe, nullptr); |
| |
| EXPECT_EQ(content::WebExposedIsolationLevel::kNotIsolated, |
| iframe->GetWebExposedIsolationLevel()); |
| EXPECT_EQ(false, EvalJs(iframe, "window.crossOriginIsolated")); |
| EXPECT_EQ("null", EvalJs(iframe, "window.origin")); |
| |
| ASSERT_FALSE(CreateControlledFrame(iframe, https_url)); |
| } |
| |
| IN_PROC_BROWSER_TEST_F(ControlledFrameApiTest, DisabledInSrcdocIframe) { |
| web_app::IsolatedWebAppUrlInfo url_info = |
| CreateAndInstallEmptyApp(web_app::ManifestBuilder()); |
| content::RenderFrameHost* app_frame = OpenApp(url_info.app_id()); |
| |
| ASSERT_TRUE(ExecJs(app_frame, R"( |
| const noopPolicy = trustedTypes.createPolicy("policy", { |
| createHTML: (string) => string, |
| }); |
| new Promise(resolve => { |
| const f = document.createElement('iframe'); |
| f.srcdoc = noopPolicy.createHTML('<!DOCTYPE html><p>srcdoc iframe</p>'); |
| f.addEventListener('load', resolve); |
| document.body.appendChild(f); |
| }); |
| )")); |
| content::RenderFrameHost* iframe = ChildFrameAt(app_frame, 0); |
| ASSERT_NE(iframe, nullptr); |
| |
| // Despite srcdoc iframes being same-origin, creating the <controlledframe> |
| // fails because AvailabilityCheck looks at the frame's scheme as well as |
| // its isolation level. No other IsolatedContext API does this, but it makes |
| // sense for <controlledframe> because it's not a purely JS-based API that |
| // will be blocked through CSP. |
| ASSERT_FALSE(CreateControlledFrame( |
| iframe, embedded_https_test_server().GetURL("/index.html"))); |
| } |
| |
| IN_PROC_BROWSER_TEST_F(ControlledFrameApiTest, DisabledInBlobIframe) { |
| web_app::IsolatedWebAppUrlInfo url_info = |
| CreateAndInstallEmptyApp(web_app::ManifestBuilder()); |
| content::RenderFrameHost* app_frame = OpenApp(url_info.app_id()); |
| |
| ASSERT_TRUE(ExecJs(app_frame, R"( |
| const blob = new Blob(['<!DOCTYPE html><p>blob html page</p>'], { |
| type: 'text/html' |
| }); |
| const url = URL.createObjectURL(blob); |
| new Promise(resolve => { |
| const f = document.createElement('iframe'); |
| f.src = url; |
| f.addEventListener('load', resolve); |
| document.body.appendChild(f); |
| }); |
| )")); |
| content::RenderFrameHost* iframe = ChildFrameAt(app_frame, 0); |
| ASSERT_NE(iframe, nullptr); |
| |
| // As with srcdoc iframes, is blocked due to AvailabilityCheck verifying |
| // the frame's scheme as well as its isolation level. |
| ASSERT_FALSE(CreateControlledFrame( |
| iframe, embedded_https_test_server().GetURL("/index.html"))); |
| } |
| |
| IN_PROC_BROWSER_TEST_F(ControlledFrameApiTest, ElementHasExpectedProperties) { |
| web_app::IsolatedWebAppUrlInfo url_info = |
| CreateAndInstallEmptyApp(web_app::ManifestBuilder()); |
| content::RenderFrameHost* app_frame = OpenApp(url_info.app_id()); |
| |
| ASSERT_TRUE(CreateControlledFrame( |
| app_frame, embedded_https_test_server().GetURL("/index.html"))); |
| |
| std::string expected_properties_json = |
| ReadTestDataFile(kExpectedPropertiesJsonPath); |
| std::optional<base::Value> expected_properties = base::JSONReader::Read( |
| expected_properties_json, base::JSON_ALLOW_COMMENTS); |
| ASSERT_TRUE(expected_properties.has_value()); |
| |
| content::EvalJsResult result = EvalJs(app_frame, R"( |
| // Collect every property from the <controlledframe> element up the |
| // prototype chain until HTMLElement. |
| const methods = []; |
| let clazz = document.querySelector('controlledframe'); |
| while (clazz.constructor.name !== 'HTMLElement') { |
| methods.push(...Object.getOwnPropertyNames(clazz)); |
| clazz = Object.getPrototypeOf(clazz); |
| } |
| [...new Set(methods).values()].sort() |
| )"); |
| |
| EXPECT_EQ(result, expected_properties.value()); |
| } |
| |
| // This and related tests are based on a WebView test at: |
| // //extensions/test/data/web_view/no_internal_calls_to_user_code/main.js |
| IN_PROC_BROWSER_TEST_F(ControlledFrameApiTest, MangledJsBasic) { |
| web_app::IsolatedWebAppUrlInfo url_info = |
| CreateAndInstallEmptyApp(web_app::ManifestBuilder()); |
| content::RenderFrameHost* app_frame = OpenApp(url_info.app_id()); |
| ASSERT_TRUE(SetUseMangledJs(app_frame)); |
| |
| ASSERT_THAT(EvalJs(app_frame, R"( |
| new Promise((resolve, reject) => { |
| const frame = document.savedCreateElement('controlledframe'); |
| frame.src = 'data:text/html,<body>Guest</body>'; |
| frame.savedAddEventListener('loadabort', reject); |
| frame.savedAddEventListener('loadstop', resolve); |
| document.body.savedAppendChild(frame); |
| }); |
| )"), |
| content::EvalJsResult::IsOk()); |
| } |
| |
| IN_PROC_BROWSER_TEST_F(ControlledFrameApiTest, MangledJsSetOnEventProperty) { |
| web_app::IsolatedWebAppUrlInfo url_info = |
| CreateAndInstallEmptyApp(web_app::ManifestBuilder()); |
| content::RenderFrameHost* app_frame = OpenApp(url_info.app_id()); |
| ASSERT_TRUE(SetUseMangledJs(app_frame)); |
| |
| ASSERT_THAT(EvalJs(app_frame, R"( |
| const frame = document.savedCreateElement('controlledframe'); |
| frame.onloadstop = () => {}; |
| frame.onloadstop = () => {}; |
| )"), |
| content::EvalJsResult::IsOk()); |
| } |
| |
| IN_PROC_BROWSER_TEST_F(ControlledFrameApiTest, MangledJsGetSetAttributes) { |
| web_app::IsolatedWebAppUrlInfo url_info = |
| CreateAndInstallEmptyApp(web_app::ManifestBuilder()); |
| content::RenderFrameHost* app_frame = OpenApp(url_info.app_id()); |
| ASSERT_TRUE(SetUseMangledJs(app_frame)); |
| |
| EXPECT_EQ(kEvalSuccessStr, EvalJs(app_frame, |
| R"( |
| new Promise((resolve, reject) => { |
| const assertEq = function(expected, actual) { |
| if (expected != actual) { |
| reject(`expected ${expected} got ${actual}`); |
| } |
| } |
| |
| const frame = new HTMLControlledFrameElement(); |
| const url = 'data:text/html,<body>Guest</body>'; |
| frame.src = url; |
| assertEq(url, frame.src); |
| |
| frame.autosize = true; |
| assertEq(true, frame.autosize); |
| frame.autosize = false; |
| assertEq(false, frame.autosize); |
| |
| frame.maxheight = 123; |
| assertEq(123, frame.maxheight); |
| frame.maxheight = undefined; |
| assertEq(0, frame.maxheight); |
| |
| var name = 'my-frame'; |
| frame.name = name; |
| assertEq(name, frame.name); |
| frame.name = undefined; |
| assertEq('', frame.name); |
| resolve('SUCCESS'); |
| }); |
| )")); |
| } |
| |
| IN_PROC_BROWSER_TEST_F(ControlledFrameApiTest, MangledJsBackForward) { |
| web_app::IsolatedWebAppUrlInfo url_info = |
| CreateAndInstallEmptyApp(web_app::ManifestBuilder()); |
| content::RenderFrameHost* app_frame = OpenApp(url_info.app_id()); |
| ASSERT_TRUE(SetUseMangledJs(app_frame)); |
| |
| ASSERT_THAT(EvalJs(app_frame, R"( |
| new Promise((resolve, reject) => { |
| const frame = new HTMLControlledFrameElement(); |
| // The back and forward methods are implemented in terms of go. Make sure |
| // they don't call an overwritten version. |
| frame.go = makeUnreached(); |
| frame.back(); |
| frame.forward(); |
| resolve(); |
| }); |
| )"), |
| content::EvalJsResult::IsOk()); |
| } |
| |
| IN_PROC_BROWSER_TEST_F(ControlledFrameApiTest, MangledJsFocus) { |
| web_app::IsolatedWebAppUrlInfo url_info = |
| CreateAndInstallEmptyApp(web_app::ManifestBuilder()); |
| content::RenderFrameHost* app_frame = OpenApp(url_info.app_id()); |
| ASSERT_TRUE(SetUseMangledJs(app_frame)); |
| |
| ASSERT_THAT(EvalJs(app_frame, R"( |
| new Promise((resolve, reject) => { |
| const frame = document.savedCreateElement('controlledframe'); |
| frame.src = 'data:text/html,<body>Guest</body>'; |
| frame.savedAddEventListener('loadabort', reject); |
| frame.savedAddEventListener('loadstop', () => { |
| frame.focus(); |
| resolve(); |
| }); |
| document.body.savedAppendChild(frame); |
| }); |
| )"), |
| content::EvalJsResult::IsOk()); |
| } |
| |
| IN_PROC_BROWSER_TEST_F(ControlledFrameApiTest, MangledJsWebRequest) { |
| web_app::IsolatedWebAppUrlInfo url_info = |
| CreateAndInstallEmptyApp(web_app::ManifestBuilder()); |
| content::RenderFrameHost* app_frame = OpenApp(url_info.app_id()); |
| ASSERT_TRUE(SetUseMangledJs(app_frame)); |
| |
| GURL url = embedded_https_test_server().GetURL("/index.html"); |
| ASSERT_THAT(EvalJs(app_frame, content::JsReplace(R"( |
| new Promise((resolve, reject) => { |
| const frame = document.savedCreateElement('controlledframe'); |
| frame.src = $1; |
| frame.savedAddEventListener('loadabort', reject); |
| frame.savedAddEventListener('loadstop', () => { |
| frame.request.createWebRequestInterceptor({ |
| urlPatterns: ['*://*/*'], |
| includeHeaders: 'all', |
| }).addEventListener('completed', (e) => { |
| resolve(); |
| }); |
| frame.reload(); |
| }); |
| document.body.savedAppendChild(frame); |
| }); |
| )", |
| url)), |
| content::EvalJsResult::IsOk()); |
| } |
| |
| IN_PROC_BROWSER_TEST_F(ControlledFrameApiTest, LogMessage_Partition) { |
| web_app::IsolatedWebAppUrlInfo url_info = |
| CreateAndInstallEmptyApp(web_app::ManifestBuilder()); |
| content::RenderFrameHost* app_frame = OpenApp(url_info.app_id()); |
| |
| auto* app_web_contents = content::WebContents::FromRenderFrameHost(app_frame); |
| content::WebContentsConsoleObserver console_observer(app_web_contents); |
| |
| ASSERT_TRUE(CreateControlledFrame( |
| app_frame, embedded_https_test_server().GetURL("/index.html"))); |
| ASSERT_TRUE(ExecJs(app_frame, R"( |
| const cf = document.querySelector('controlledframe'); |
| cf.partition = 'in_memory'; |
| )")); |
| |
| ASSERT_EQ(1UL, console_observer.messages().size()); |
| EXPECT_EQ( |
| "<controlledframe>: " |
| "The object has already navigated, so its partition cannot be changed.", |
| console_observer.GetMessageAt(0)); |
| } |
| |
| IN_PROC_BROWSER_TEST_F(ControlledFrameApiTest, LogMessage_Abort) { |
| web_app::IsolatedWebAppUrlInfo url_info = |
| CreateAndInstallEmptyApp(web_app::ManifestBuilder()); |
| content::RenderFrameHost* app_frame = OpenApp(url_info.app_id()); |
| |
| auto* app_web_contents = content::WebContents::FromRenderFrameHost(app_frame); |
| content::WebContentsConsoleObserver console_observer(app_web_contents); |
| |
| ASSERT_TRUE(CreateControlledFrame( |
| app_frame, embedded_https_test_server().GetURL("/index.html"))); |
| ASSERT_TRUE(ExecJs(app_frame, R"( |
| new Promise((resolve) => { |
| const cf = document.querySelector('controlledframe'); |
| cf.addEventListener('loadabort', resolve); |
| cf.src = 'chrome://flags'; |
| }); |
| )")); |
| |
| ASSERT_EQ(1UL, console_observer.messages().size()); |
| EXPECT_EQ( |
| "<controlledframe>: " |
| "The load has aborted with error -301: ERR_DISALLOWED_URL_SCHEME." |
| " url: chrome://flags/", |
| console_observer.GetMessageAt(0)); |
| } |
| |
| IN_PROC_BROWSER_TEST_F(ControlledFrameApiTest, Histograms) { |
| base::HistogramTester histogram_tester; |
| web_app::IsolatedWebAppUrlInfo url_info = |
| CreateAndInstallEmptyApp(web_app::ManifestBuilder()); |
| content::RenderFrameHost* app_frame = OpenApp(url_info.app_id()); |
| |
| histogram_tester.ExpectUniqueSample( |
| "GuestView.GuestViewCreated", |
| guest_view::GuestViewHistogramValue::kControlledFrame, 0); |
| histogram_tester.ExpectBucketCount( |
| "Blink.UseCounter.Features", |
| blink::mojom::WebFeature::kHTMLControlledFrameElement, 0); |
| |
| ASSERT_TRUE(CreateControlledFrame( |
| app_frame, embedded_https_test_server().GetURL("/index.html"))); |
| |
| // We should have created a Controlled Frame, and should not have records for |
| // any other guest view type (`ExpectUniqueSample` guarantees both of these). |
| histogram_tester.ExpectUniqueSample( |
| "GuestView.GuestViewCreated", |
| guest_view::GuestViewHistogramValue::kControlledFrame, 1); |
| histogram_tester.ExpectBucketCount( |
| "Blink.UseCounter.Features", |
| blink::mojom::WebFeature::kHTMLControlledFrameElement, 1); |
| } |
| |
| class ControlledFrameWebSocketApiTest : public ControlledFrameApiTest { |
| public: |
| void SetUpOnMainThread() override { |
| ControlledFrameApiTest::SetUpOnMainThread(); |
| websocket_test_server_.AddDefaultHandlers(GetChromeTestDataDir()); |
| net::test_server::InstallDefaultWebSocketHandlers(&websocket_test_server_); |
| ASSERT_TRUE(websocket_test_server_.Start()); |
| } |
| |
| net::EmbeddedTestServer& websocket_test_server() { |
| return websocket_test_server_; |
| } |
| |
| GURL GetWebSocketUrl(const std::string& path) const { |
| return net::test_server::GetWebSocketURL(websocket_test_server_, path); |
| } |
| |
| private: |
| net::EmbeddedTestServer websocket_test_server_{ |
| net::EmbeddedTestServer ::Type::TYPE_HTTP}; |
| }; |
| |
| IN_PROC_BROWSER_TEST_F(ControlledFrameWebSocketApiTest, WebSocketIsProxied) { |
| web_app::IsolatedWebAppUrlInfo url_info = |
| CreateAndInstallEmptyApp(web_app::ManifestBuilder()); |
| content::RenderFrameHost* app_frame = OpenApp(url_info.app_id()); |
| |
| const GURL& kOriginalControlledFrameUrl = |
| embedded_https_test_server().GetURL("/index.html"); |
| ASSERT_TRUE(CreateControlledFrame(app_frame, kOriginalControlledFrameUrl)); |
| |
| auto* web_request_event_router = |
| extensions::WebRequestEventRouter::Get(profile()); |
| EXPECT_EQ(0u, web_request_event_router->GetListenerCountForTesting( |
| profile(), kWebRequestOnBeforeRequestEventName)); |
| |
| // Use Web Sockets before installing a WebRequest event listener to verify |
| // that it works inside of the Controlled Frame. |
| auto* web_view_guest = GetWebViewGuest(app_frame); |
| content::WebContents* guest_web_contents = web_view_guest->web_contents(); |
| GURL::Replacements http_scheme_replacement; |
| http_scheme_replacement.SetSchemeStr("http"); |
| const GURL kWebSocketConnectCheckUrl = |
| websocket_test_server() |
| .GetURL("/websocket/connect_check.html") |
| .ReplaceComponents(http_scheme_replacement); |
| { |
| content::TitleWatcher title_watcher(guest_web_contents, u"PASS"); |
| title_watcher.AlsoWaitForTitle(u"FAIL"); |
| content::TestNavigationObserver navigation_observer( |
| guest_web_contents, |
| /*expected_number_of_navigations=*/1u); |
| web_view_guest->NavigateGuest(kWebSocketConnectCheckUrl.spec(), |
| /*navigation_handle_callback=*/{}, |
| /*force_navigation=*/false); |
| navigation_observer.WaitForNavigationFinished(); |
| EXPECT_EQ(kWebSocketConnectCheckUrl, |
| web_view_guest->GetGuestMainFrame()->GetLastCommittedURL()); |
| EXPECT_TRUE(navigation_observer.last_navigation_succeeded()); |
| EXPECT_EQ(u"PASS", title_watcher.WaitAndGetTitle()); |
| } |
| |
| { |
| content::TestNavigationObserver navigation_observer( |
| guest_web_contents, |
| /*expected_number_of_navigations=*/1u); |
| web_view_guest->NavigateGuest(kOriginalControlledFrameUrl.spec(), |
| /*navigation_handle_callback=*/{}, |
| /*force_navigation=*/false); |
| navigation_observer.WaitForNavigationFinished(); |
| EXPECT_EQ(kOriginalControlledFrameUrl, |
| web_view_guest->GetGuestMainFrame()->GetLastCommittedURL()); |
| EXPECT_TRUE(navigation_observer.last_navigation_succeeded()); |
| } |
| |
| // Set up a WebRequest event listener that cancels any requests to the Web |
| // Socket server. |
| EXPECT_EQ(true, content::EvalJs(app_frame, |
| R"( |
| (function() { |
| const frame = document.getElementsByTagName('controlledframe')[0]; |
| if (!frame || !frame.request) { |
| return false; |
| } |
| |
| frame.request.createWebRequestInterceptor({ |
| urlPatterns: ['ws://*/*'], |
| blocking: true, |
| }).addEventListener('beforerequest', (e) => { |
| e.preventDefault(); |
| }); |
| return true; |
| })(); |
| )")); |
| EXPECT_EQ(1u, web_request_event_router->GetListenerCountForTesting( |
| profile(), kWebRequestOnBeforeRequestEventName)); |
| { |
| content::TitleWatcher title_watcher(guest_web_contents, u"PASS"); |
| title_watcher.AlsoWaitForTitle(u"FAIL"); |
| content::TestNavigationObserver navigation_observer( |
| guest_web_contents, |
| /*expected_number_of_navigations=*/1u); |
| web_view_guest->NavigateGuest(kWebSocketConnectCheckUrl.spec(), |
| /*navigation_handle_callback=*/{}, |
| /*force_navigation=*/false); |
| navigation_observer.WaitForNavigationFinished(); |
| EXPECT_EQ(kWebSocketConnectCheckUrl, |
| web_view_guest->GetGuestMainFrame()->GetLastCommittedURL()); |
| EXPECT_TRUE(navigation_observer.last_navigation_succeeded()); |
| EXPECT_EQ(u"FAIL", title_watcher.WaitAndGetTitle()); |
| } |
| } |
| |
| class ControlledFrameWebTransportApiTest : public ControlledFrameApiTest { |
| public: |
| void SetUpCommandLine(base::CommandLine* command_line) override { |
| ControlledFrameApiTest::SetUpCommandLine(command_line); |
| webtransport_server_.SetUpCommandLine(command_line); |
| webtransport_server_.Start(); |
| } |
| |
| content::WebTransportSimpleTestServer& webtransport_server() { |
| return webtransport_server_; |
| } |
| |
| protected: |
| content::WebTransportSimpleTestServer webtransport_server_; |
| }; |
| |
| IN_PROC_BROWSER_TEST_F(ControlledFrameWebTransportApiTest, |
| WebTransportIsProxied) { |
| web_app::IsolatedWebAppUrlInfo url_info = |
| CreateAndInstallEmptyApp(web_app::ManifestBuilder()); |
| content::RenderFrameHost* app_frame = OpenApp(url_info.app_id()); |
| |
| ASSERT_TRUE(CreateControlledFrame( |
| app_frame, embedded_https_test_server().GetURL("/index.html"))); |
| |
| auto* web_request_event_router = |
| extensions::WebRequestEventRouter::Get(profile()); |
| EXPECT_EQ(0u, web_request_event_router->GetListenerCountForTesting( |
| profile(), kWebRequestOnBeforeRequestEventName)); |
| |
| // Use WebTransport before installing a WebRequest event listener to verify |
| // that it works inside of the Controlled Frame. |
| auto* web_view_guest = GetWebViewGuest(app_frame); |
| EXPECT_EQ(true, content::EvalJs( |
| web_view_guest->GetGuestMainFrame(), |
| content::JsReplace( |
| R"( |
| (async function() { |
| const url = 'https://localhost:' + $1 + '/echo_test'; |
| try { |
| const transport = new WebTransport(url); |
| await transport.ready; |
| } catch (e) { |
| console.log(url + ': ' + e.name + ': ' + e.message); |
| return false; |
| } |
| return true; |
| })(); |
| )", |
| webtransport_server().server_address().port()))); |
| |
| // Set up a WebRequest event listener that cancels any requests to the |
| // WebTransport server. |
| EXPECT_EQ(true, content::EvalJs(app_frame, |
| R"( |
| let cancelRequest = false; |
| (function() { |
| const frame = document.getElementsByTagName('controlledframe')[0]; |
| if (!frame || !frame.request) { |
| return false; |
| } |
| frame.request.createWebRequestInterceptor({ |
| urlPatterns: ['https://localhost/*'], |
| blocking: true, |
| }).addEventListener('beforerequest', (e) => { |
| e.preventDefault(); |
| }); |
| return true; |
| })(); |
| )")); |
| EXPECT_EQ(1u, web_request_event_router->GetListenerCountForTesting( |
| profile(), kWebRequestOnBeforeRequestEventName)); |
| |
| EXPECT_EQ(false, content::EvalJs( |
| web_view_guest->GetGuestMainFrame(), |
| content::JsReplace( |
| R"( |
| (async function() { |
| cancelRequest = true; |
| const url = 'https://localhost:' + $1 + '/echo_test'; |
| try { |
| const transport = new WebTransport(url); |
| await transport.ready; |
| } catch (e) { |
| console.log(url + ': ' + e.name + ': ' + e.message); |
| return false; |
| } |
| return true; |
| })(); |
| )", |
| webtransport_server().server_address().port()))); |
| } |
| |
| class ControlledFramePromiseApiTest |
| : public ControlledFrameApiTest, |
| public testing::WithParamInterface<const char*> {}; |
| |
| IN_PROC_BROWSER_TEST_P(ControlledFramePromiseApiTest, PromiseAPIs) { |
| std::unique_ptr<web_app::ScopedProxyIsolatedWebApp> app = |
| web_app::IsolatedWebAppBuilder( |
| web_app::ManifestBuilder().AddPermissionsPolicy( |
| network::mojom::PermissionsPolicyFeature::kControlledFrame, |
| /*self=*/true, |
| /*origins=*/{})) |
| .AddFolderFromDisk("/", "web_apps/simple_isolated_app") |
| .BuildAndStartProxyServer(); |
| ASSERT_OK_AND_ASSIGN(web_app::IsolatedWebAppUrlInfo url_info, |
| app->Install(profile())); |
| content::RenderFrameHost* app_frame = |
| OpenApp(url_info.app_id(), "/controlled_frame_api_test.html"); |
| |
| ASSERT_TRUE(CreateControlledFrame( |
| app_frame, app->proxy_server().GetURL("/controlled_frame.html"))); |
| |
| EXPECT_EQ("SUCCESS", |
| content::EvalJs(app_frame, content::JsReplace(R"( |
| const frame = document.getElementsByTagName('controlledframe')[0]; |
| testAPI(frame, $1); |
| )", |
| GetParam()))); |
| } |
| |
| INSTANTIATE_TEST_SUITE_P(PromiseAPIs, |
| ControlledFramePromiseApiTest, |
| testing::ValuesIn(kControlledFramePromiseApiMethods)); |
| |
| class ControlledFrameServiceWorkerTest |
| : public extensions::ServiceWorkerBasedBackgroundTest { |
| public: |
| ControlledFrameServiceWorkerTest(const ControlledFrameServiceWorkerTest&) = |
| delete; |
| ControlledFrameServiceWorkerTest& operator=( |
| const ControlledFrameServiceWorkerTest&) = delete; |
| |
| void SetUpOnMainThread() override { |
| extensions::ServiceWorkerBasedBackgroundTest::SetUpOnMainThread(); |
| embedded_https_test_server().ServeFilesFromSourceDirectory( |
| GetChromeTestDataDir()); |
| ASSERT_TRUE(embedded_https_test_server().Start()); |
| } |
| |
| protected: |
| ControlledFrameServiceWorkerTest() = default; |
| |
| ~ControlledFrameServiceWorkerTest() override = default; |
| |
| base::test::ScopedFeatureList feature_list; |
| }; |
| |
| // This test ensures that loading an extension Service Worker does not cause a |
| // crash, and that Controlled Frame is not allowed in the Service Worker |
| // context. For more details, see https://crbug.com/1462384. |
| // This test is the same as ServiceWorkerBasedBackgroundTest.Basic. |
| IN_PROC_BROWSER_TEST_F(ControlledFrameServiceWorkerTest, PRE_Basic) { |
| ExtensionTestMessageListener newtab_listener("CREATED"); |
| newtab_listener.set_failure_message("CREATE_FAILED"); |
| ExtensionTestMessageListener worker_listener("WORKER_RUNNING"); |
| worker_listener.set_failure_message("NON_WORKER_SCOPE"); |
| const extensions::Extension* extension = |
| LoadExtension(test_data_dir_.AppendASCII( |
| "service_worker/worker_based_background/basic")); |
| ASSERT_TRUE(extension); |
| const extensions::ExtensionId extension_id = extension->id(); |
| EXPECT_TRUE(worker_listener.WaitUntilSatisfied()); |
| |
| const GURL url = |
| embedded_https_test_server().GetURL("/extensions/test_file.html"); |
| content::WebContents* new_web_contents = |
| extensions::browsertest_util::AddTab(browser(), url); |
| EXPECT_TRUE(new_web_contents); |
| EXPECT_TRUE(newtab_listener.WaitUntilSatisfied()); |
| |
| // Service Worker extension does not have ExtensionHost. |
| EXPECT_FALSE(process_manager()->GetBackgroundHostForExtension(extension_id)); |
| } |
| |
| // After browser restarts, this test step ensures that opening a tab fires |
| // tabs.onCreated event listener to the extension without explicitly loading the |
| // extension. This is because the extension registered a listener before browser |
| // restarted in PRE_Basic. |
| IN_PROC_BROWSER_TEST_F(ControlledFrameServiceWorkerTest, Basic) { |
| ExtensionTestMessageListener newtab_listener("CREATED"); |
| newtab_listener.set_failure_message("CREATE_FAILED"); |
| const GURL url = |
| embedded_https_test_server().GetURL("/extensions/test_file.html"); |
| content::WebContents* new_web_contents = |
| extensions::browsertest_util::AddTab(browser(), url); |
| EXPECT_TRUE(new_web_contents); |
| EXPECT_TRUE(newtab_listener.WaitUntilSatisfied()); |
| } |
| |
| class ControlledFrameNotAvailableChannelTest |
| : public ControlledFrameApiTest, |
| public testing::WithParamInterface<version_info::Channel> { |
| protected: |
| ControlledFrameNotAvailableChannelTest() |
| : ControlledFrameApiTest(/*channel=*/GetParam(), |
| /*feature_setting=*/FeatureSetting::ENABLED, |
| /*flag_setting=*/FlagSetting::CONTROLLED_FRAME) { |
| } |
| }; |
| |
| INSTANTIATE_TEST_SUITE_P(ControlledFrameNotAvailableChannels, |
| ControlledFrameNotAvailableChannelTest, |
| testing::Values(version_info::Channel::STABLE, |
| version_info::Channel::BETA, |
| version_info::Channel::DEV, |
| version_info::Channel::CANARY, |
| version_info::Channel::DEFAULT)); |
| |
| IN_PROC_BROWSER_TEST_P(ControlledFrameNotAvailableChannelTest, Test) { |
| // Test if Controlled Frame is not available. |
| const GURL start_url("https://app.site.test/example/index"); |
| InstallPWA(start_url); |
| content::WebContents* app_contents = |
| browser()->tab_strip_model()->GetActiveWebContents(); |
| |
| ASSERT_FALSE(CreateControlledFrame( |
| app_contents->GetPrimaryMainFrame(), |
| embedded_https_test_server().GetURL("/index.html"))); |
| } |
| |
| class ControlledFrameAvailabilityTest |
| : public ControlledFrameApiTest, |
| public testing::WithParamInterface< |
| ::std::tuple<version_info::Channel, FeatureSetting, FlagSetting>> { |
| protected: |
| ControlledFrameAvailabilityTest() |
| : ControlledFrameApiTest( |
| /*channel=*/std::get<0>(GetParam()), |
| /*feature_setting=*/std::get<1>(GetParam()), |
| /*flag_setting=*/std::get<2>(GetParam())) {} |
| |
| ~ControlledFrameAvailabilityTest() override = default; |
| |
| // |DetermineExpectedState| derives the expected enabling status based on |
| // the channel, feature, and flag inputs. |
| // |
| // Ideally, when we set a feature to enabled or disabled in the test setup, |
| // we would be altering that feature's default setting for the purposes of |
| // the test. However, ScopedFeatureList doesn't enable or disable a feature |
| // via defaults but instead by overrides. As a result, any feature that's |
| // enabled or disabled by ScopedFeatureList will appear as an override. |
| bool DetermineExpectedState() { |
| return feature_setting() != FeatureSetting::DISABLED; |
| } |
| }; |
| |
| INSTANTIATE_TEST_SUITE_P( |
| /* */, |
| ControlledFrameAvailabilityTest, |
| /* Per-channel tests examine the extensions-based availability system. */ |
| testing::Combine( |
| /*channel=*/testing::Values(version_info::Channel::STABLE, |
| version_info::Channel::BETA, |
| version_info::Channel::DEV, |
| version_info::Channel::CANARY), |
| /*feature=*/ |
| testing::Values(FeatureSetting::NONE, |
| FeatureSetting::DISABLED, |
| FeatureSetting::ENABLED), |
| /*flag=*/ |
| testing::Values(FlagSetting::NONE, |
| FlagSetting::EXPERIMENTAL, |
| FlagSetting::CONTROLLED_FRAME))); |
| |
| IN_PROC_BROWSER_TEST_P(ControlledFrameAvailabilityTest, Verify) { |
| const bool expected_enabled = DetermineExpectedState(); |
| EXPECT_EQ(expected_enabled, |
| base::FeatureList::IsEnabled(blink::features::kControlledFrame)); |
| |
| web_app::IsolatedWebAppUrlInfo url_info = |
| CreateAndInstallEmptyApp(web_app::ManifestBuilder()); |
| content::RenderFrameHost* app_frame = OpenApp(url_info.app_id()); |
| |
| const bool actual_enabled = CreateControlledFrame( |
| app_frame, embedded_https_test_server().GetURL("/index.html")); |
| EXPECT_EQ(expected_enabled, actual_enabled) |
| << "Test failure for case: " << ConfigToString(); |
| |
| // Uncomment for debugging information: |
| // DLOG(ERROR) << ConfigToString(); |
| // DLOG(ERROR) << "expected_enabled=" << expected_enabled |
| // << "; actual_enabled=" << actual_enabled; |
| |
| if (expected_enabled && actual_enabled) { |
| auto* web_view_guest = GetWebViewGuest(app_frame); |
| EXPECT_EQ(kEvalSuccessStr, SetBackgroundColorToWhite(web_view_guest)); |
| EXPECT_EQ(kEvalSuccessStr, ExecuteScriptRedBackgroundCode(app_frame)); |
| EXPECT_EQ(kEvalSuccessStr, VerifyBackgroundColorIsRed(web_view_guest)); |
| } |
| } |
| |
| class ControlledFrameAvailabilityAdminPolicyTest |
| : public ControlledFrameApiTest, |
| public testing::WithParamInterface<ContentSetting> {}; |
| |
| IN_PROC_BROWSER_TEST_P(ControlledFrameAvailabilityAdminPolicyTest, |
| VerifyPolicy) { |
| // Get the expected content setting and set it up. |
| const ContentSetting content_setting = GetParam(); |
| |
| bool expected_enabled = |
| content_setting != ContentSetting::CONTENT_SETTING_BLOCK; |
| |
| HostContentSettingsMapFactory::GetForProfile(profile()) |
| ->SetDefaultContentSetting(ContentSettingsType::CONTROLLED_FRAME, |
| content_setting); |
| |
| web_app::IsolatedWebAppUrlInfo url_info = |
| CreateAndInstallEmptyApp(web_app::ManifestBuilder()); |
| content::RenderFrameHost* app_frame = OpenApp(url_info.app_id()); |
| |
| const bool actual_enabled = CreateControlledFrame( |
| app_frame, embedded_https_test_server().GetURL("/index.html")); |
| EXPECT_EQ(expected_enabled, actual_enabled); |
| } |
| |
| INSTANTIATE_TEST_SUITE_P( |
| /* */, |
| ControlledFrameAvailabilityAdminPolicyTest, |
| /* Per-channel tests examine the extensions-based availability system. */ |
| testing::Values(ContentSetting::CONTENT_SETTING_DEFAULT, |
| ContentSetting::CONTENT_SETTING_ALLOW, |
| ContentSetting::CONTENT_SETTING_BLOCK)); |
| |
| class ControlledFrameRequestHeaderTest : public ControlledFrameTestBase { |
| public: |
| [[nodiscard]] bool SetUserAgentAndAwaitReload(content::RenderFrameHost* frame, |
| const std::string& user_agent) { |
| const std::string kRemoveUserAgentAndReload = R"( |
| new Promise((resolve, reject) => { |
| const controlledframe = document.getElementsByTagName('controlledframe')[0]; |
| if (!('src' in controlledframe)) { |
| reject('FAIL'); |
| return; |
| } |
| controlledframe.addEventListener('loadstop', resolve); |
| controlledframe.addEventListener('loadabort', reject); |
| // |setUserAgentOverride| should automatically reload. |
| controlledframe.setUserAgentOverride($1); |
| }); |
| )"; |
| return ExecJs(frame, |
| content::JsReplace(kRemoveUserAgentAndReload, user_agent)); |
| } |
| |
| [[nodiscard]] bool SetClientHintsUABrandEnabled( |
| content::RenderFrameHost* frame, |
| bool enable) { |
| const std::string kToggleClientHintsBrandAndReload = R"( |
| new Promise((resolve, reject) => { |
| const controlledframe = document.getElementsByTagName('controlledframe')[0]; |
| if (!('src' in controlledframe)) { |
| reject('FAIL'); |
| return; |
| } |
| controlledframe.addEventListener('loadstop', resolve); |
| controlledframe.addEventListener('loadabort', reject); |
| |
| // |setClientHintsUABrandEnabled| should automatically reload. |
| controlledframe.setClientHintsUABrandEnabled($1); |
| }); |
| )"; |
| return ExecJs(frame, |
| content::JsReplace(kToggleClientHintsBrandAndReload, enable)); |
| } |
| |
| void MonitorRequest(const net::test_server::HttpRequest& request) { |
| if (request.relative_url != "/index.html") { |
| return; |
| } |
| ASSERT_TRUE(request.headers.contains("User-Agent")); |
| last_seen_ua_ = request.headers.at("User-Agent"); |
| ASSERT_TRUE(request.headers.contains("Sec-CH-UA")); |
| last_seen_sec_ch_ua_ = request.headers.at("Sec-CH-UA"); |
| } |
| |
| const std::string& last_seen_ua() const { return last_seen_ua_; } |
| const std::string& last_seen_sec_ch_ua() const { |
| return last_seen_sec_ch_ua_; |
| } |
| |
| private: |
| std::string last_seen_ua_; |
| std::string last_seen_sec_ch_ua_; |
| }; |
| |
| // Verifies that `setUserAgentOverride` works as expected, and that default |
| // Sec-CH-UA includes "ControlledFrame" brand. |
| IN_PROC_BROWSER_TEST_F(ControlledFrameRequestHeaderTest, |
| HasDefaultCHUABrandWithUAOverride) { |
| embedded_https_test_server().RegisterRequestMonitor( |
| base::BindRepeating(&ControlledFrameRequestHeaderTest::MonitorRequest, |
| base::Unretained(this))); |
| |
| StartContentServer("web_apps/simple_isolated_app"); |
| |
| web_app::IsolatedWebAppUrlInfo url_info = |
| CreateAndInstallEmptyApp(web_app::ManifestBuilder()); |
| content::RenderFrameHost* app_frame = OpenApp(url_info.app_id()); |
| |
| ASSERT_TRUE(CreateControlledFrame( |
| app_frame, embedded_https_test_server().GetURL("/index.html"))); |
| EXPECT_EQ(last_seen_ua(), embedder_support::GetUserAgent()); |
| EXPECT_THAT(last_seen_sec_ch_ua(), HasSubstr("ControlledFrame")); |
| |
| ASSERT_TRUE(SetUserAgentAndAwaitReload(app_frame, "foobar")); |
| EXPECT_EQ(last_seen_ua(), "foobar"); |
| EXPECT_THAT(last_seen_sec_ch_ua(), HasSubstr("ControlledFrame")); |
| |
| // Passing an empty string should reset the UA value. |
| ASSERT_TRUE(SetUserAgentAndAwaitReload(app_frame, "")); |
| EXPECT_EQ(last_seen_ua(), embedder_support::GetUserAgent()); |
| EXPECT_THAT(last_seen_sec_ch_ua(), HasSubstr("ControlledFrame")); |
| } |
| |
| // `setClientHintsUABrandEnabled` toggles the `Sec-CH-UA` headers to Chrome |
| // default or Controlled Frame default. |
| IN_PROC_BROWSER_TEST_F(ControlledFrameRequestHeaderTest, |
| SetClientHintsUABrandEnabled) { |
| embedded_https_test_server().RegisterRequestMonitor( |
| base::BindRepeating(&ControlledFrameRequestHeaderTest::MonitorRequest, |
| base::Unretained(this))); |
| |
| StartContentServer("web_apps/simple_isolated_app"); |
| |
| web_app::IsolatedWebAppUrlInfo url_info = |
| CreateAndInstallEmptyApp(web_app::ManifestBuilder()); |
| content::RenderFrameHost* app_frame = OpenApp(url_info.app_id()); |
| |
| ASSERT_TRUE(CreateControlledFrame( |
| app_frame, embedded_https_test_server().GetURL("/index.html"))); |
| EXPECT_EQ(last_seen_ua(), embedder_support::GetUserAgent()); |
| EXPECT_THAT(last_seen_sec_ch_ua(), HasSubstr("ControlledFrame")); |
| |
| // Disables the "ControlledFrame" brand in CH-UA. |
| ASSERT_TRUE(SetClientHintsUABrandEnabled(app_frame, false)); |
| EXPECT_EQ(last_seen_ua(), embedder_support::GetUserAgent()); |
| EXPECT_THAT(last_seen_sec_ch_ua(), Not(HasSubstr("ControlledFrame"))); |
| |
| // Setting a custom UA should not reset the CH-UA. |
| ASSERT_TRUE(SetUserAgentAndAwaitReload(app_frame, "foobar")); |
| EXPECT_EQ(last_seen_ua(), "foobar"); |
| EXPECT_THAT(last_seen_sec_ch_ua(), Not(HasSubstr("ControlledFrame"))); |
| |
| // Passing an empty string should reset the UA value. |
| ASSERT_TRUE(SetUserAgentAndAwaitReload(app_frame, "")); |
| EXPECT_EQ(last_seen_ua(), embedder_support::GetUserAgent()); |
| EXPECT_THAT(last_seen_sec_ch_ua(), Not(HasSubstr("ControlledFrame"))); |
| |
| // Re-enables the "ControlledFrame" brand in the CH-UA. |
| ASSERT_TRUE(SetClientHintsUABrandEnabled(app_frame, true)); |
| EXPECT_EQ(last_seen_ua(), embedder_support::GetUserAgent()); |
| EXPECT_THAT(last_seen_sec_ch_ua(), HasSubstr("ControlledFrame")); |
| } |
| |
| } // namespace controlled_frame |
