diff options
Diffstat (limited to 'chromium/third_party/blink/renderer/platform/weborigin/security_policy_test.cc')
| -rw-r--r-- | chromium/third_party/blink/renderer/platform/weborigin/security_policy_test.cc | 91 |
1 files changed, 72 insertions, 19 deletions
diff --git a/chromium/third_party/blink/renderer/platform/weborigin/security_policy_test.cc b/chromium/third_party/blink/renderer/platform/weborigin/security_policy_test.cc index 2c6e996fef8..ecc706ea8ea 100644 --- a/chromium/third_party/blink/renderer/platform/weborigin/security_policy_test.cc +++ b/chromium/third_party/blink/renderer/platform/weborigin/security_policy_test.cc @@ -32,10 +32,15 @@ #include "services/network/public/mojom/cors.mojom-blink.h" #include "services/network/public/mojom/cors_origin_pattern.mojom-blink.h" +#include "services/network/public/mojom/referrer_policy.mojom-shared.h" #include "testing/gtest/include/gtest/gtest.h" +#include "third_party/blink/renderer/platform/runtime_enabled_features.h" +#include "third_party/blink/renderer/platform/testing/runtime_enabled_features_test_helpers.h" #include "third_party/blink/renderer/platform/weborigin/kurl.h" #include "third_party/blink/renderer/platform/weborigin/scheme_registry.h" #include "third_party/blink/renderer/platform/weborigin/security_origin.h" +#include "url/url_canon.h" +#include "url/url_util.h" namespace blink { @@ -97,6 +102,9 @@ TEST(SecurityPolicyTest, GenerateReferrer) { "blob:http://a.test/b3aae9c8-7f90-440d-8d7c-43aa20d72fde"; const char kFilesystemURL[] = "filesystem:http://a.test/path/t/file.html"; + bool reduced_granularity = + RuntimeEnabledFeatures::ReducedReferrerGranularityEnabled(); + TestCase inputs[] = { // HTTP -> HTTP: Same Origin {network::mojom::ReferrerPolicy::kAlways, kInsecureURLA, kInsecureURLA, @@ -115,15 +123,14 @@ TEST(SecurityPolicyTest, GenerateReferrer) { kInsecureURLA, kInsecureURLA}, {network::mojom::ReferrerPolicy::kStrictOrigin, kInsecureURLA, kInsecureURLA, kInsecureOriginA}, - {network::mojom::ReferrerPolicy:: - kNoReferrerWhenDowngradeOriginWhenCrossOrigin, + {network::mojom::ReferrerPolicy::kStrictOriginWhenCrossOrigin, kInsecureURLA, kInsecureURLA, kInsecureURLA}, // HTTP -> HTTP: Cross Origin {network::mojom::ReferrerPolicy::kAlways, kInsecureURLA, kInsecureURLB, kInsecureURLA}, {network::mojom::ReferrerPolicy::kDefault, kInsecureURLA, kInsecureURLB, - kInsecureURLA}, + reduced_granularity ? kInsecureOriginA : kInsecureURLA}, {network::mojom::ReferrerPolicy::kNoReferrerWhenDowngrade, kInsecureURLA, kInsecureURLB, kInsecureURLA}, {network::mojom::ReferrerPolicy::kNever, kInsecureURLA, kInsecureURLB, @@ -136,8 +143,7 @@ TEST(SecurityPolicyTest, GenerateReferrer) { kInsecureURLB, nullptr}, {network::mojom::ReferrerPolicy::kStrictOrigin, kInsecureURLA, kInsecureURLB, kInsecureOriginA}, - {network::mojom::ReferrerPolicy:: - kNoReferrerWhenDowngradeOriginWhenCrossOrigin, + {network::mojom::ReferrerPolicy::kStrictOriginWhenCrossOrigin, kInsecureURLA, kInsecureURLB, kInsecureOriginA}, // HTTPS -> HTTPS: Same Origin @@ -157,15 +163,14 @@ TEST(SecurityPolicyTest, GenerateReferrer) { kSecureURLA}, {network::mojom::ReferrerPolicy::kStrictOrigin, kSecureURLA, kSecureURLA, kSecureOriginA}, - {network::mojom::ReferrerPolicy:: - kNoReferrerWhenDowngradeOriginWhenCrossOrigin, + {network::mojom::ReferrerPolicy::kStrictOriginWhenCrossOrigin, kSecureURLA, kSecureURLA, kSecureURLA}, // HTTPS -> HTTPS: Cross Origin {network::mojom::ReferrerPolicy::kAlways, kSecureURLA, kSecureURLB, kSecureURLA}, {network::mojom::ReferrerPolicy::kDefault, kSecureURLA, kSecureURLB, - kSecureURLA}, + reduced_granularity ? kSecureOriginA : kSecureURLA}, {network::mojom::ReferrerPolicy::kNoReferrerWhenDowngrade, kSecureURLA, kSecureURLB, kSecureURLA}, {network::mojom::ReferrerPolicy::kNever, kSecureURLA, kSecureURLB, @@ -178,15 +183,14 @@ TEST(SecurityPolicyTest, GenerateReferrer) { nullptr}, {network::mojom::ReferrerPolicy::kStrictOrigin, kSecureURLA, kSecureURLB, kSecureOriginA}, - {network::mojom::ReferrerPolicy:: - kNoReferrerWhenDowngradeOriginWhenCrossOrigin, + {network::mojom::ReferrerPolicy::kStrictOriginWhenCrossOrigin, kSecureURLA, kSecureURLB, kSecureOriginA}, // HTTP -> HTTPS {network::mojom::ReferrerPolicy::kAlways, kInsecureURLA, kSecureURLB, kInsecureURLA}, {network::mojom::ReferrerPolicy::kDefault, kInsecureURLA, kSecureURLB, - kInsecureURLA}, + reduced_granularity ? kInsecureOriginA : kInsecureURLA}, {network::mojom::ReferrerPolicy::kNoReferrerWhenDowngrade, kInsecureURLA, kSecureURLB, kInsecureURLA}, {network::mojom::ReferrerPolicy::kNever, kInsecureURLA, kSecureURLB, @@ -199,8 +203,7 @@ TEST(SecurityPolicyTest, GenerateReferrer) { nullptr}, {network::mojom::ReferrerPolicy::kStrictOrigin, kInsecureURLA, kSecureURLB, kInsecureOriginA}, - {network::mojom::ReferrerPolicy:: - kNoReferrerWhenDowngradeOriginWhenCrossOrigin, + {network::mojom::ReferrerPolicy::kStrictOriginWhenCrossOrigin, kInsecureURLA, kSecureURLB, kInsecureOriginA}, // HTTPS -> HTTP @@ -220,8 +223,7 @@ TEST(SecurityPolicyTest, GenerateReferrer) { nullptr}, {network::mojom::ReferrerPolicy::kStrictOrigin, kSecureURLA, kInsecureURLB, nullptr}, - {network::mojom::ReferrerPolicy:: - kNoReferrerWhenDowngradeOriginWhenCrossOrigin, + {network::mojom::ReferrerPolicy::kStrictOriginWhenCrossOrigin, kSecureURLA, kInsecureURLB, nullptr}, // blob and filesystem URL handling @@ -250,10 +252,18 @@ TEST(SecurityPolicyTest, GenerateReferrer) { << "' should have been empty: was '" << result.referrer.Utf8() << "'."; } - EXPECT_EQ(test.policy == network::mojom::ReferrerPolicy::kDefault - ? network::mojom::ReferrerPolicy::kNoReferrerWhenDowngrade - : test.policy, - result.referrer_policy); + + network::mojom::ReferrerPolicy expected_policy = test.policy; + if (expected_policy == network::mojom::ReferrerPolicy::kDefault) { + if (RuntimeEnabledFeatures::ReducedReferrerGranularityEnabled()) { + expected_policy = + network::mojom::ReferrerPolicy::kStrictOriginWhenCrossOrigin; + } else { + expected_policy = + network::mojom::ReferrerPolicy::kNoReferrerWhenDowngrade; + } + } + EXPECT_EQ(expected_policy, result.referrer_policy); } } @@ -550,4 +560,47 @@ TEST_F(SecurityPolicyAccessTest, IsOriginAccessAllowedPriority) { https_chromium_origin(), https_sub_example_origin())); } +// Test that referrers for custom hierarchical (standard) schemes are correctly +// handled by the new policy. (For instance, this covers android-app://.) +TEST(SecurityPolicyTest, ReferrerForCustomScheme) { + url::ScopedSchemeRegistryForTests scoped_registry; + const char kCustomStandardScheme[] = "my-new-scheme"; + url::AddStandardScheme(kCustomStandardScheme, url::SCHEME_WITH_HOST); + SchemeRegistry::RegisterURLSchemeAsAllowedForReferrer(kCustomStandardScheme); + + String kFullReferrer = "my-new-scheme://com.foo.me/this-should-be-truncated"; + String kTruncatedReferrer = "my-new-scheme://com.foo.me/"; + + bool initially_enabled = + RuntimeEnabledFeatures::ReducedReferrerGranularityEnabled(); + + { + // With the feature off, the old default policy of + // no-referrer-when-downgrade should preserve the entire URL. + RuntimeEnabledFeatures::SetReducedReferrerGranularityEnabled(false); + + EXPECT_EQ(SecurityPolicy::GenerateReferrer( + network::mojom::ReferrerPolicy::kDefault, + KURL("https://www.example.com/"), kFullReferrer) + .referrer, + kFullReferrer); + } + + { + // With the feature on, the new default policy of + // strict-origin-when-cross-origin should truncate the referrer. + RuntimeEnabledFeatures::SetReducedReferrerGranularityEnabled(true); + + ASSERT_TRUE(RuntimeEnabledFeatures::ReducedReferrerGranularityEnabled()); + EXPECT_EQ(SecurityPolicy::GenerateReferrer( + network::mojom::ReferrerPolicy::kDefault, + KURL("https://www.example.com/"), kFullReferrer) + .referrer, + kTruncatedReferrer); + } + + RuntimeEnabledFeatures::SetReducedReferrerGranularityEnabled( + initially_enabled); +} + } // namespace blink |