Google Git
Sign in
chromium / chromium / src.git / b817bfb789d60aebe7c41c3c9ca06df10ba06a38 / . / content / common / origin_util_unittest.cc
blob: 69c522e203602b758c212f53e4caee59cfb86fde [file] [log] [blame]
kinuko8cbea052015-04-25 13:35:43[diff] [blame]1// Copyright 2015 The Chromium Authors. All rights reserved.
palmer6c3473c2015-04-16 19:23:31[diff] [blame]2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
kinuko8cbea052015-04-25 13:35:43[diff] [blame]5#include "content/public/common/origin_util.h"
palmer6c3473c2015-04-16 19:23:31[diff] [blame]6#include "testing/gtest/include/gtest/gtest.h"
7#include "url/gurl.h"
8
kinuko8cbea052015-04-25 13:35:43[diff] [blame]9namespace content {
10
Lukasz Anforowicz0e9ad4e2019-03-14 20:03:47[diff] [blame]11TEST(OriginUtilTest, IsOriginSecure) {
palmer6c3473c2015-04-16 19:23:31[diff] [blame]12 EXPECT_TRUE(IsOriginSecure(GURL("file:///test/fun.html")));
13 EXPECT_TRUE(IsOriginSecure(GURL("file:///test/")));
14
15 EXPECT_TRUE(IsOriginSecure(GURL("https://example.com/fun.html")));
16 EXPECT_FALSE(IsOriginSecure(GURL("http://example.com/fun.html")));
17
18 EXPECT_TRUE(IsOriginSecure(GURL("wss://example.com/fun.html")));
19 EXPECT_FALSE(IsOriginSecure(GURL("ws://example.com/fun.html")));
20
21 EXPECT_TRUE(IsOriginSecure(GURL("http://localhost/fun.html")));
palmerf9094b32015-05-15 18:38:51[diff] [blame]22 EXPECT_TRUE(IsOriginSecure(GURL("http://pumpkin.localhost/fun.html")));
23 EXPECT_TRUE(
24 IsOriginSecure(GURL("http://crumpet.pumpkin.localhost/fun.html")));
25 EXPECT_TRUE(IsOriginSecure(GURL("http://pumpkin.localhost:8080/fun.html")));
26 EXPECT_TRUE(
27 IsOriginSecure(GURL("http://crumpet.pumpkin.localhost:3000/fun.html")));
palmer6c3473c2015-04-16 19:23:31[diff] [blame]28 EXPECT_FALSE(IsOriginSecure(GURL("http://localhost.com/fun.html")));
29 EXPECT_TRUE(IsOriginSecure(GURL("https://localhost.com/fun.html")));
30
31 EXPECT_TRUE(IsOriginSecure(GURL("http://127.0.0.1/fun.html")));
32 EXPECT_TRUE(IsOriginSecure(GURL("ftp://127.0.0.1/fun.html")));
33 EXPECT_TRUE(IsOriginSecure(GURL("http://127.3.0.1/fun.html")));
kinuko8cbea052015-04-25 13:35:43[diff] [blame]34 EXPECT_FALSE(IsOriginSecure(GURL("http://127.example.com/fun.html")));
35 EXPECT_TRUE(IsOriginSecure(GURL("https://127.example.com/fun.html")));
palmer6c3473c2015-04-16 19:23:31[diff] [blame]36
37 EXPECT_TRUE(IsOriginSecure(GURL("http://[::1]/fun.html")));
38 EXPECT_FALSE(IsOriginSecure(GURL("http://[::2]/fun.html")));
kinuko8cbea052015-04-25 13:35:43[diff] [blame]39 EXPECT_FALSE(IsOriginSecure(GURL("http://[::1].example.com/fun.html")));
palmer6c3473c2015-04-16 19:23:31[diff] [blame]40
kinuko8cbea052015-04-25 13:35:43[diff] [blame]41 EXPECT_FALSE(
42 IsOriginSecure(GURL("filesystem:http://www.example.com/temporary/")));
43 EXPECT_FALSE(
44 IsOriginSecure(GURL("filesystem:ftp://www.example.com/temporary/")));
45 EXPECT_TRUE(IsOriginSecure(GURL("filesystem:ftp://127.0.0.1/temporary/")));
46 EXPECT_TRUE(
47 IsOriginSecure(GURL("filesystem:https://www.example.com/temporary/")));
Lukasz Anforowicz0e9ad4e2019-03-14 20:03:47[diff] [blame]48
49 EXPECT_TRUE(IsOriginSecure(GURL("about:blank")));
50 EXPECT_TRUE(IsOriginSecure(GURL("about:blank#ref")));
51 EXPECT_TRUE(IsOriginSecure(GURL("about:srcdoc")));
52
53 EXPECT_FALSE(IsOriginSecure(GURL("javascript:alert('blah')")));
54
55 // TODO(lukasza): data: URLs (and opaque origins associated with them) should
56 // be considered insecure according to
57 // https://www.w3.org/TR/powerful-features/#is-url-trustworthy.
58 // Unfortunately, changing the behavior of content::IsOriginSecure breaks
59 // quite a few tests for now (e.g. considering data: insecure makes us think
60 // that https + data = mixed content).
61 EXPECT_TRUE(IsOriginSecure(GURL("data:test/plain;blah")));
62
Lukasz Anforowicz0e9ad4e2019-03-14 20:03:47[diff] [blame]63 EXPECT_FALSE(
Lukasz Anforowicz16586e12019-03-22 22:29:35[diff] [blame]64 IsOriginSecure(GURL("blob:http://www.example.com/guid-goes-here")));
65 EXPECT_FALSE(
66 IsOriginSecure(GURL("blob:ftp://www.example.com/guid-goes-here")));
67 EXPECT_TRUE(IsOriginSecure(GURL("blob:ftp://127.0.0.1/guid-goes-here")));
68 EXPECT_TRUE(
Lukasz Anforowicz0e9ad4e2019-03-14 20:03:47[diff] [blame]69 IsOriginSecure(GURL("blob:https://www.example.com/guid-goes-here")));
70}
71
72TEST(OriginUtilTest, IsPotentiallyTrustworthyOrigin) {
73 EXPECT_FALSE(
74 IsPotentiallyTrustworthyOrigin(url::Origin::Create(GURL("about:blank"))));
75 EXPECT_FALSE(IsPotentiallyTrustworthyOrigin(
76 url::Origin::Create(GURL("about:blank#ref"))));
77 EXPECT_FALSE(IsPotentiallyTrustworthyOrigin(
78 url::Origin::Create(GURL("about:srcdoc"))));
79
80 EXPECT_FALSE(IsPotentiallyTrustworthyOrigin(
81 url::Origin::Create(GURL("javascript:alert('blah')"))));
82
83 EXPECT_FALSE(IsPotentiallyTrustworthyOrigin(
84 url::Origin::Create(GURL("data:test/plain;blah"))));
palmer6c3473c2015-04-16 19:23:31[diff] [blame]85}
kinuko8cbea052015-04-25 13:35:43[diff] [blame]86
87} // namespace content