// Copyright 2021 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include <tuple> #include "base/base64.h" #include "base/files/file_path.h" #include "base/memory/raw_ref.h" #include "base/notreached.h" #include "base/path_service.h" #include "base/test/scoped_feature_list.h" #include "base/threading/thread_restrictions.h" #include "content/browser/renderer_host/render_frame_host_impl.h" #include "content/browser/web_contents/web_contents_impl.h" #include "content/public/common/content_paths.h" #include "content/public/test/browser_test.h" #include "content/public/test/browser_test_utils.h" #include "content/public/test/content_browser_test.h" #include "content/public/test/content_browser_test_content_browser_client.h" #include "content/public/test/content_browser_test_utils.h" #include "content/public/test/content_mock_cert_verifier.h" #include "content/public/test/test_navigation_observer.h" #include "content/shell/browser/shell.h" #include "content/test/content_browser_test_base.h" #include "net/base/features.h" #include "net/base/filename_util.h" #include "net/dns/mock_host_resolver.h" #include "net/test/embedded_test_server/embedded_test_server.h" #include "net/test/embedded_test_server/http_request.h" #include "net/test/embedded_test_server/http_response.h" #include "net/test/spawned_test_server/spawned_test_server.h" #include "net/test/test_data_directory.h" #include "third_party/blink/public/common/features.h" namespace content { ContentSecurityPolicyBrowserTest; // Test that the console error message for a Content Security Policy violation // triggered by web assembly compilation does not mention the keyword // 'wasm-eval' (which is currently only supported for extensions). This is a // regression test for https://crbug.com/1169592. IN_PROC_BROWSER_TEST_F(ContentSecurityPolicyBrowserTest, WasmEvalBlockedConsoleMessage) { … } // Test that creating a duplicate Trusted Types policy will yield a console // message containing "already exists". // // This & the following test together ensure that different error causes get // appropriate messages. // // Note: The bulk of Trusted Types related tests are found in the WPT suite // under trusted-types/*. These two are here, because they need to access // console messages. IN_PROC_BROWSER_TEST_F(ContentSecurityPolicyBrowserTest, TrustedTypesCreatePolicyDupeMessage) { … } // Test that creating a Trusted Types policy with a disallowed name will yield // a console message indicating a directive has been violated. IN_PROC_BROWSER_TEST_F(ContentSecurityPolicyBrowserTest, TrustedTypesCreatePolicyForbiddenMessage) { … } IN_PROC_BROWSER_TEST_F(ContentSecurityPolicyBrowserTest, WildcardNotMatchingNonNetworkSchemeBrowserSide) { … } IN_PROC_BROWSER_TEST_F(ContentSecurityPolicyBrowserTest, WildcardNotMatchingNonNetworkSchemeRendererSide) { … } namespace { base::FilePath TestFilePath(const char* filename) { … } } // namespace // We test that we correctly match the file: scheme against file: URLs. // Unfortunately, we cannot write this as Web Platform Test since Web Platform // Tests don't support file: urls. IN_PROC_BROWSER_TEST_F(ContentSecurityPolicyBrowserTest, FileURLs) { … } // Test that a 'csp' attribute longer than 4096 bytes is ignored. IN_PROC_BROWSER_TEST_F(ContentSecurityPolicyBrowserTest, CSPAttributeTooLong) { … } class TransparentPlaceholderImageContentSecurityPolicyBrowserTest : public ContentSecurityPolicyBrowserTest, public ::testing::WithParamInterface<bool> { … }; INSTANTIATE_TEST_SUITE_P(…); IN_PROC_BROWSER_TEST_P( TransparentPlaceholderImageContentSecurityPolicyBrowserTest, ImgSrcPolicyEnforced) { … } IN_PROC_BROWSER_TEST_P( TransparentPlaceholderImageContentSecurityPolicyBrowserTest, ImgSrcPolicyReported) { … } namespace { constexpr char kWebmPath[] = …; std::unique_ptr<net::test_server::HttpResponse> ServeCSPMedia( const net::test_server::HttpRequest& request) { … } } // namespace class ThirdPartyCookiesContentSecurityPolicyBrowserTest : public ContentSecurityPolicyBrowserTest { … }; // Test that CSP does not break rendering access-controlled media due to // third-party cookie blocking. IN_PROC_BROWSER_TEST_F(ThirdPartyCookiesContentSecurityPolicyBrowserTest, CSPMediaThirdPartyCookieBlocking) { … } IN_PROC_BROWSER_TEST_F(ThirdPartyCookiesContentSecurityPolicyBrowserTest, CSPMediaThirdPartyCookieBlocking_IFrame) { … } } // namespace content
Codebase Browser
chromium