// Copyright 2018 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include <string> #include "base/command_line.h" #include "base/files/file_path.h" #include "base/functional/bind.h" #include "base/functional/callback_helpers.h" #include "base/path_service.h" #include "base/strings/stringprintf.h" #include "base/strings/utf_string_conversions.h" #include "base/synchronization/waitable_event.h" #include "base/test/scoped_command_line.h" #include "build/build_config.h" #include "build/chromeos_buildflags.h" #include "content/public/browser/render_view_host.h" #include "content/public/browser/web_contents.h" #include "content/public/common/content_paths.h" #include "content/public/common/content_switches.h" #include "content/public/test/browser_test.h" #include "content/public/test/browser_test_utils.h" #include "content/public/test/content_browser_test.h" #include "content/public/test/content_browser_test_utils.h" #include "content/shell/browser/shell.h" #include "net/http/http_request_headers.h" #include "net/http/http_status_code.h" #include "net/test/embedded_test_server/embedded_test_server.h" #include "net/test/embedded_test_server/http_request.h" #include "net/test/embedded_test_server/http_response.h" #include "net/test/embedded_test_server/request_handler_util.h" #include "services/network/public/cpp/cors/cors.h" #include "testing/gmock/include/gmock/gmock.h" #include "testing/gtest/include/gtest/gtest.h" #include "third_party/blink/public/common/web_preferences/web_preferences.h" #include "url/gurl.h" #include "url/url_constants.h" namespace content { namespace { BasicHttpResponse; HttpRequest; HttpResponse; // Tests end to end Origin header and CORS check behaviors without // --allow-file-access-from-files flag. class CorsFileOriginBrowserTest : public ContentBrowserTest { … }; // Tests end to end Origin header and CORS check behaviors with // --allow-file-access-from-files flag. class CorsFileOriginBrowserTestWithAllowFileAccessFromFiles : public CorsFileOriginBrowserTest { … }; // Tests end to end Origin header and CORS check behaviors with // --disable-web-security flag. class CorsFileOriginBrowserTestWithDisableWebSecurity : public CorsFileOriginBrowserTest { … }; IN_PROC_BROWSER_TEST_F(CorsFileOriginBrowserTest, AccessControlAllowOriginIsNull) { … } IN_PROC_BROWSER_TEST_F(CorsFileOriginBrowserTest, AccessControlAllowOriginIsFile) { … } IN_PROC_BROWSER_TEST_F(CorsFileOriginBrowserTest, AccessToSelfFileUrl) { … } IN_PROC_BROWSER_TEST_F(CorsFileOriginBrowserTest, AccessToAnotherFileUrl) { … } // TODO(lukasza, nasko): https://crbug.com/981018: Enable this test on Macs // after understanding what makes it flakily fail on the mac-rel trybot. // Also flaky on Lacros: https://crbug.com/1247748. #if BUILDFLAG(IS_MAC) || BUILDFLAG(IS_CHROMEOS_LACROS) #define MAYBE_UniversalAccessFromFileUrls … #else #define MAYBE_UniversalAccessFromFileUrls … #endif IN_PROC_BROWSER_TEST_F(CorsFileOriginBrowserTest, MAYBE_UniversalAccessFromFileUrls) { … } IN_PROC_BROWSER_TEST_F(CorsFileOriginBrowserTestWithAllowFileAccessFromFiles, AccessControlAllowOriginIsNull) { … } IN_PROC_BROWSER_TEST_F(CorsFileOriginBrowserTestWithAllowFileAccessFromFiles, AccessControlAllowOriginIsFile) { … } IN_PROC_BROWSER_TEST_F(CorsFileOriginBrowserTestWithAllowFileAccessFromFiles, AccessToSelfFileUrl) { … } IN_PROC_BROWSER_TEST_F(CorsFileOriginBrowserTestWithAllowFileAccessFromFiles, AccessToAnotherFileUrl) { … } IN_PROC_BROWSER_TEST_F(CorsFileOriginBrowserTestWithDisableWebSecurity, AccessControlAllowOriginIsNull) { … } IN_PROC_BROWSER_TEST_F(CorsFileOriginBrowserTestWithDisableWebSecurity, AccessControlAllowOriginIsFile) { … } IN_PROC_BROWSER_TEST_F(CorsFileOriginBrowserTestWithDisableWebSecurity, AccessToSelfFileUrl) { … } IN_PROC_BROWSER_TEST_F(CorsFileOriginBrowserTestWithDisableWebSecurity, AccessToAnotherFileUrl) { … } // Test if local image files can be protected by canvas tainting. // We can not have following test cases in web_tests because web_tests run with // --run-web-tests flag that internally specifies --allow-file-access-from-files // that changes this specific behavior. IN_PROC_BROWSER_TEST_F(CorsFileOriginBrowserTest, NoCorsImagefileTaint) { … } IN_PROC_BROWSER_TEST_F(CorsFileOriginBrowserTest, CorsImagefileTaint) { … } IN_PROC_BROWSER_TEST_F(CorsFileOriginBrowserTestWithAllowFileAccessFromFiles, NoCorsImagefileTaint) { … } IN_PROC_BROWSER_TEST_F(CorsFileOriginBrowserTestWithAllowFileAccessFromFiles, CorsImagefileTaint) { … } IN_PROC_BROWSER_TEST_F(CorsFileOriginBrowserTestWithDisableWebSecurity, NoCorsImagefileTaint) { … } IN_PROC_BROWSER_TEST_F(CorsFileOriginBrowserTestWithDisableWebSecurity, CorsImagefileTaint) { … } } // namespace } // namespace content
Codebase Browser
chromium