1
    2
    3
    4
    5
    6
    7
    8
    9
   10
   11
   12
   13
   14
   15
   16
   17
   18
   19
   20
   21
   22
   23
   24
   25
   26
   27
   28
   29
   30
   31
   32
   33
   34
   35
   36
   37
   38
   39
   40
   41
   42
   43
   44
   45
   46
   47
   48
   49
   50
   51
   52
   53
   54
   55
   56
   57
   58
   59
   60
   61
   62
   63
   64
   65
   66
   67
   68
   69
   70
   71
   72
   73
   74
   75
   76
   77
   78
   79
   80
   81
   82
   83
   84
   85
   86
   87
   88
   89
   90
   91
   92
   93
   94
   95
   96
   97
   98
   99
  100
  101
  102
  103
  104
  105
  106
  107
  108
  109
  110
  111
  112
  113
  114
  115
  116
  117
  118
  119
  120
  121
  122
  123
  124
  125
  126
  127
  128
  129
  130
  131
  132
  133
  134
  135


content / test / top_frame_population_browsertest.cc [blame]

// Copyright 2020 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "base/test/bind.h"
#include "base/test/task_environment.h"
#include "content/public/test/browser_test.h"
#include "content/public/test/content_browser_test.h"
#include "content/public/test/content_browser_test_utils.h"
#include "content/public/test/url_loader_interceptor.h"
#include "content/shell/browser/shell_content_browser_client.h"
#include "services/network/public/cpp/resource_request.h"
#include "services/network/public/mojom/network_context.mojom.h"
#include "testing/gmock/include/gmock/gmock.h"
#include "testing/gtest/include/gtest/gtest.h"

using ::testing::Optional;

namespace content {

namespace {
const char kTestHeaders[] = "HTTP/1.1 200 OK\nContent-type: text/html\n\n";
}  // namespace

using TopFramePopulationBrowsertest = ContentBrowserTest;

// Test that the top frame origin field is populated on subresource requests
// from a top frame.
IN_PROC_BROWSER_TEST_F(TopFramePopulationBrowsertest, FromTopFrame) {
  int number_of_frame_loaders = 0;
  bool attempted_to_load_image = false;
  ShellContentBrowserClient::Get()->set_url_loader_factory_params_callback(
      base::BindLambdaForTesting(
          [&](const network::mojom::URLLoaderFactoryParams* params,
              const url::Origin& unused_origin,
              bool unused_is_for_isolated_world) {
            ASSERT_TRUE(params);

            // Ignore URLLoaderFactoryParams for the initial empty document.
            if (params->isolation_info.top_frame_origin()->opaque())
              return;

            ASSERT_THAT(params->isolation_info.top_frame_origin(),
                        Optional(url::Origin::Create(GURL("http://main.com"))));
            ++number_of_frame_loaders;
          }));

  // Serve a page from which the renderer will make a subresource
  // request, in order to observe this request's top frame origin and verify
  // that it is correct.
  URLLoaderInterceptor interceptor(base::BindLambdaForTesting(
      [&attempted_to_load_image](URLLoaderInterceptor::RequestParams* params) {
        std::string spec = params->url_request.url.spec();

        if (spec.find("main") != std::string::npos) {
          URLLoaderInterceptor::WriteResponse(
              kTestHeaders,
              R"(<html><img src="http://www.image.com/image.png"></html>)",
              params->client.get());

          return true;
        }
        if (spec.find("image")) {
          attempted_to_load_image = true;
        }
        return false;
      }));

  EXPECT_TRUE(NavigateToURL(shell(), GURL("http://main.com/")));

  // As a sanity check, make sure the test did actually try to load the
  // subresource.
  ASSERT_TRUE(attempted_to_load_image);
  ASSERT_EQ(number_of_frame_loaders, 1);
}

// Test that the top frame origin field is populated on subresource requests
// from a nested frame.
IN_PROC_BROWSER_TEST_F(TopFramePopulationBrowsertest, FromNestedFrame) {
  int number_of_frame_loaders = 0;
  bool attempted_to_load_image = false;
  ShellContentBrowserClient::Get()->set_url_loader_factory_params_callback(
      base::BindLambdaForTesting(
          [&](const network::mojom::URLLoaderFactoryParams* params,
              const url::Origin& unused_origin,
              bool unused_is_for_isolated_world) {
            ASSERT_TRUE(params);

            // Ignore URLLoaderFactoryParams for the initial empty document.
            if (params->isolation_info.top_frame_origin()->opaque())
              return;

            ASSERT_THAT(params->isolation_info.top_frame_origin(),
                        Optional(url::Origin::Create(GURL("http://main.com"))));
            ++number_of_frame_loaders;
          }));

  // Serve a page with a nested cross-origin frame in order to, when the
  // renderer makes a subresource request from this nested frame, verify that
  // the request's top frame origin correctly equals the top frame's origin
  // (instead of, say, the nested frame's origin).
  URLLoaderInterceptor interceptor(base::BindLambdaForTesting(
      [&attempted_to_load_image](URLLoaderInterceptor::RequestParams* params) {
        std::string spec = params->url_request.url.spec();

        if (spec.find("main") != std::string::npos) {
          URLLoaderInterceptor::WriteResponse(kTestHeaders, R"(<html><iframe
              src="http://frame.com/"></html>)",
                                              params->client.get());

          return true;
        }
        if (spec.find("frame") != std::string::npos) {
          URLLoaderInterceptor::WriteResponse(
              kTestHeaders,
              R"(<html><img src="http://www.image.com/image.png"></html>)",
              params->client.get());

          return true;
        }
        if (spec.find("image")) {
          attempted_to_load_image = true;
        }
        return false;
      }));

  EXPECT_TRUE(NavigateToURL(shell(), GURL("http://main.com/")));

  // As a sanity check, make sure the test did actually try to load the
  // subresource.
  ASSERT_TRUE(attempted_to_load_image);
  ASSERT_EQ(number_of_frame_loaders, 2);
}

}  // namespace content