// Copyright 2019 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "services/network/sec_header_helpers.h" #include "base/test/task_environment.h" #include "net/traffic_annotation/network_traffic_annotation_test_helper.h" #include "net/url_request/url_request.h" #include "net/url_request/url_request_context.h" #include "net/url_request/url_request_context_builder.h" #include "net/url_request/url_request_test_util.h" #include "services/network/public/cpp/cors/origin_access_list.h" #include "services/network/public/mojom/cors_origin_pattern.mojom.h" #include "services/network/public/mojom/fetch_api.mojom.h" #include "services/network/public/mojom/network_context.mojom.h" #include "testing/gtest/include/gtest/gtest.h" #include "testing/platform_test.h" #include "url/gurl.h" namespace { constexpr char kSecureSite[] = …; constexpr char kInsecureSite[] = …; constexpr char kPrivilegedInitiator[] = …; constexpr char kKnownSecChHeader[] = …; constexpr char kKnownSecFetchSiteHeader[] = …; constexpr char kKnownSecFetchModeHeader[] = …; constexpr char kKnownSecFetchUserHeader[] = …; constexpr char kKnownSecFetchDestHeader[] = …; constexpr char kOtherSecHeader[] = …; constexpr char kOtherHeader[] = …; constexpr char kHeaderValue[] = …; } // namespace namespace network { class SecHeaderHelpersTest : public PlatformTest { … }; // Validate that Sec- prefixed headers are all removed when a request is // downgraded from trustworthy to not such as when an https => http redirect // occurs. We should only remove sec-ch- and sec-fetch- prefixed headers. Others // should remain as they may be valid in an insecure context. TEST_F(SecHeaderHelpersTest, SecHeadersRemovedOnDowngrade) { … } // Validate that if no downgrade occurs any Sec- prefixed headers remain on the // provided request. TEST_F(SecHeaderHelpersTest, SecHeadersRemainOnSecureRedirect) { … } // Validate that if Sec- headers exist as the first or last entries we properly // remove them also. TEST_F(SecHeaderHelpersTest, SecHeadersRemoveFirstLast) { … } // Validate Sec-Fetch-Site and Sec-Fetch-Mode are set correctly with // unprivileged requests from chrome extension background page. TEST_F(SecHeaderHelpersTest, UnprivilegedRequestOnExtension) { … } // Validate Sec-Fetch-Site and Sec-Fetch-Mode are set correctly with privileged // requests from chrome extension background page. TEST_F(SecHeaderHelpersTest, PrivilegedRequestOnExtension) { … } } // namespace network
Codebase Browser
chromium