1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
|
// Copyright 2019 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "content/browser/frame_host/frame_tree_node.h"
#include "content/browser/frame_host/navigation_request.h"
#include "content/common/content_security_policy/csp_context.h"
#include "content/public/browser/navigation_throttle.h"
#include "content/test/navigation_simulator_impl.h"
#include "content/test/test_render_frame_host.h"
#include "content/test/test_render_view_host.h"
namespace content {
class FormSubmissionTest : public RenderViewHostImplTestHarness {
public:
void PreventFormSubmission() {
std::vector<CSPDirective> directives;
directives.push_back(
CSPDirective(CSPDirective::FormAction, CSPSourceList()));
ContentSecurityPolicy form_action_none(ContentSecurityPolicyHeader(),
directives,
std::vector<std::string>(), false);
main_test_rfh()->AddContentSecurityPolicy(form_action_none);
}
};
// Tests that form submissions are allowed by default when there is no CSP.
TEST_F(FormSubmissionTest, ContentSecurityPolicyFormActionNoCSP) {
const GURL kUrl("https://chromium.org");
const GURL kFormUrl("https://foo.com");
const GURL kRedirectUrl("https://bar.com");
// Load a page.
NavigateAndCommit(kUrl);
// Try to submit a form.
auto form_submission =
NavigationSimulatorImpl::CreateRendererInitiated(kFormUrl, main_rfh());
form_submission->SetIsFormSubmission(true);
form_submission->set_should_check_main_world_csp(CSPDisposition::CHECK);
form_submission->Start();
EXPECT_EQ(NavigationThrottle::PROCEED,
form_submission->GetLastThrottleCheckResult());
form_submission->Redirect(kRedirectUrl);
EXPECT_EQ(NavigationThrottle::PROCEED,
form_submission->GetLastThrottleCheckResult());
}
// Tests that no form submission is allowed when the calling RenderFrameHost's
// CSP is "form-action 'none'".
TEST_F(FormSubmissionTest, ContentSecurityPolicyFormActionNone) {
const GURL kUrl("https://chromium.org");
const GURL kFormUrl("https://foo.com");
const GURL kRedirectUrl("https://bar.com");
// Load a page.
NavigateAndCommit(kUrl);
PreventFormSubmission();
// Try to submit a form.
auto form_submission =
NavigationSimulatorImpl::CreateRendererInitiated(kFormUrl, main_rfh());
form_submission->SetIsFormSubmission(true);
form_submission->set_should_check_main_world_csp(CSPDisposition::CHECK);
// Browser side checks have been disabled on the initial load. Only the
// renderer side checks occurs. Related issue: https://crbug.com/798698.
form_submission->Start();
EXPECT_EQ(NavigationThrottle::PROCEED,
form_submission->GetLastThrottleCheckResult());
form_submission->Redirect(kRedirectUrl);
EXPECT_EQ(NavigationThrottle::CANCEL,
form_submission->GetLastThrottleCheckResult());
}
// Tests that the navigation is allowed because "should_by_pass_main_world_csp"
// is true, even if it is a form submission and the policy is
// "form-action 'none'".
TEST_F(FormSubmissionTest, ContentSecurityPolicyFormActionBypassCSP) {
const GURL kUrl("https://chromium.org");
const GURL kFormUrl("https://foo.com");
const GURL kRedirectUrl("https://bar.com");
// Load a page.
NavigateAndCommit(kUrl);
PreventFormSubmission();
// Try to submit a form.
auto form_submission =
NavigationSimulatorImpl::CreateRendererInitiated(kFormUrl, main_rfh());
form_submission->SetIsFormSubmission(true);
form_submission->set_should_check_main_world_csp(
CSPDisposition::DO_NOT_CHECK);
form_submission->Start();
EXPECT_EQ(NavigationThrottle::PROCEED,
form_submission->GetLastThrottleCheckResult());
form_submission->Redirect(kRedirectUrl);
EXPECT_EQ(NavigationThrottle::PROCEED,
form_submission->GetLastThrottleCheckResult());
}
} // namespace content
|
