// Copyright 2018 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "content/public/browser/cors_origin_pattern_setter.h" #include <memory> #include <string> #include "base/files/file_path.h" #include "base/functional/bind.h" #include "base/path_service.h" #include "base/run_loop.h" #include "base/strings/stringprintf.h" #include "base/strings/utf_string_conversions.h" #include "build/build_config.h" #include "content/public/browser/browser_context.h" #include "content/public/browser/browser_thread.h" #include "content/public/common/isolated_world_ids.h" #include "content/public/test/browser_test.h" #include "content/public/test/browser_test_utils.h" #include "content/public/test/content_browser_test.h" #include "content/public/test/test_browser_context.h" #include "content/shell/browser/shell.h" #include "net/base/host_port_pair.h" #include "net/dns/mock_host_resolver.h" #include "services/network/public/mojom/cors.mojom.h" #include "services/network/public/mojom/cors_origin_pattern.mojom.h" #include "testing/gtest/include/gtest/gtest.h" #include "url/gurl.h" #include "url/origin.h" namespace content { const auto kAllowSubdomains = …; const auto kDisallowSubdomains = …; const char kTestPath[] = …; const char kTestHost[] = …; const char kTestHostInDifferentCase[] = …; const char kTestSubdomainHost[] = …; // Tests end to end functionality of CORS access origin allow lists. class CorsOriginPatternSetterBrowserTest : public ContentBrowserTest { … }; // Tests if specifying only protocol allows all hosts to pass. IN_PROC_BROWSER_TEST_F(CorsOriginPatternSetterBrowserTest, AllowAll) { … } // Tests if specifying only protocol allows all IP address based hosts to pass. IN_PROC_BROWSER_TEST_F(CorsOriginPatternSetterBrowserTest, AllowAllForIp) { … } // Tests if complete allow list set allows only exactly matched host to pass. IN_PROC_BROWSER_TEST_F(CorsOriginPatternSetterBrowserTest, AllowExactHost) { … } // Tests if complete allow list set allows host that matches exactly, but in // case insensitive way to pass. IN_PROC_BROWSER_TEST_F(CorsOriginPatternSetterBrowserTest, AllowExactHostInCaseInsensitive) { … } // Tests if complete allow list set does not allow a host with a different port // to pass. IN_PROC_BROWSER_TEST_F(CorsOriginPatternSetterBrowserTest, BlockDifferentPort) { … } // Tests if complete allow list set allows a subdomain to pass if it is allowed. IN_PROC_BROWSER_TEST_F(CorsOriginPatternSetterBrowserTest, AllowSubdomain) { … } // Tests if complete allow list set does not allow a subdomain to pass. IN_PROC_BROWSER_TEST_F(CorsOriginPatternSetterBrowserTest, BlockSubdomain) { … } // Tests if complete allow list set does not allow a host with a different // protocol to pass. IN_PROC_BROWSER_TEST_F(CorsOriginPatternSetterBrowserTest, BlockDifferentProtocol) { … } // Tests if IP address based hosts should not follow subdomain match rules. IN_PROC_BROWSER_TEST_F(CorsOriginPatternSetterBrowserTest, SubdomainMatchShouldNotBeAppliedForIPAddress) { … } // Assures that the access lists are properly propagated to the storage // partitions and network contexts created after the lists have been set. class NewContextCorsOriginPatternSetterBrowserTest : public CorsOriginPatternSetterBrowserTest { … }; IN_PROC_BROWSER_TEST_F(NewContextCorsOriginPatternSetterBrowserTest, PatternListPropagation) { … } } // namespace content
Codebase Browser
chromium