| OLD | NEW |
|---|
| 1 // Copyright 2017 The Chromium Authors. All rights reserved. | 1 // Copyright 2017 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/common/content_security_policy/csp_context.h" | 5 #include "content/common/content_security_policy/csp_context.h" |
| 6 #include "content/common/content_security_policy_header.h" | 6 #include "content/common/content_security_policy_header.h" |
| 7 #include "testing/gtest/include/gtest/gtest.h" | 7 #include "testing/gtest/include/gtest/gtest.h" |
| 8 | 8 |
| 9 namespace content { | 9 namespace content { |
| 10 | 10 |
| (...skipping 17 matching lines...) Expand all Loading... |
| 28 console_message_ = message; | 28 console_message_ = message; |
| 29 } | 29 } |
| 30 std::string console_message_; | 30 std::string console_message_; |
| 31 std::vector<std::string> scheme_to_bypass_; | 31 std::vector<std::string> scheme_to_bypass_; |
| 32 }; | 32 }; |
| 33 | 33 |
| 34 // Build a new policy made of only one directive and no report endpoints. | 34 // Build a new policy made of only one directive and no report endpoints. |
| 35 ContentSecurityPolicy BuildPolicy(CSPDirective::Name directive_name, | 35 ContentSecurityPolicy BuildPolicy(CSPDirective::Name directive_name, |
| 36 std::vector<CSPSource> sources) { | 36 std::vector<CSPSource> sources) { |
| 37 return ContentSecurityPolicy( | 37 return ContentSecurityPolicy( |
| 38 blink::WebContentSecurityPolicyTypeEnforce, | 38 ContentSecurityPolicyHeader(std::string(), // header |
| 39 blink::WebContentSecurityPolicySourceHTTP, | 39 blink::WebContentSecurityPolicyTypeEnforce, |
| 40 blink::WebContentSecurityPolicySourceHTTP), |
| 40 {CSPDirective(directive_name, CSPSourceList(false, false, sources))}, | 41 {CSPDirective(directive_name, CSPSourceList(false, false, sources))}, |
| 41 std::vector<std::string>(), // report_end_points | 42 std::vector<std::string>()); // report_end_points |
| 42 std::string()); // header | |
| 43 } | 43 } |
| 44 | 44 |
| 45 } // namespace; | 45 } // namespace; |
| 46 | 46 |
| 47 TEST(CSPContextTest, SchemeShouldBypassCSP) { | 47 TEST(CSPContextTest, SchemeShouldBypassCSP) { |
| 48 CSPSource source("", "example.com", false, url::PORT_UNSPECIFIED, false, ""); | 48 CSPSource source("", "example.com", false, url::PORT_UNSPECIFIED, false, ""); |
| 49 CSPContextTest context; | 49 CSPContextTest context; |
| 50 context.AddContentSecurityPolicy( | 50 context.AddContentSecurityPolicy( |
| 51 BuildPolicy(CSPDirective::DefaultSrc, {source})); | 51 BuildPolicy(CSPDirective::DefaultSrc, {source})); |
| 52 | 52 |
| (...skipping 23 matching lines...) Expand all Loading... |
| 76 context.IsAllowedByCsp(CSPDirective::FrameSrc, GURL("http://a.com"))); | 76 context.IsAllowedByCsp(CSPDirective::FrameSrc, GURL("http://a.com"))); |
| 77 EXPECT_FALSE( | 77 EXPECT_FALSE( |
| 78 context.IsAllowedByCsp(CSPDirective::FrameSrc, GURL("http://b.com"))); | 78 context.IsAllowedByCsp(CSPDirective::FrameSrc, GURL("http://b.com"))); |
| 79 EXPECT_FALSE( | 79 EXPECT_FALSE( |
| 80 context.IsAllowedByCsp(CSPDirective::FrameSrc, GURL("http://c.com"))); | 80 context.IsAllowedByCsp(CSPDirective::FrameSrc, GURL("http://c.com"))); |
| 81 EXPECT_FALSE( | 81 EXPECT_FALSE( |
| 82 context.IsAllowedByCsp(CSPDirective::FrameSrc, GURL("http://d.com"))); | 82 context.IsAllowedByCsp(CSPDirective::FrameSrc, GURL("http://d.com"))); |
| 83 } | 83 } |
| 84 | 84 |
| 85 } // namespace content | 85 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2764993002:
CSP: group policies in didAddContentSecurityPolicy. (Closed)
