[CORS-RFC1918] Test secure context inheritance.

Specifically, we test inheritance in the case of local schemes. Other tests already cover the cases where the document is delivered from the network. Bug: chromium:1126856 Change-Id: I3b2c605f758e7dfdfb798f92cef85247c1008582 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2587742 Commit-Queue: Titouan Rigoudy <titouan@chromium.org> Auto-Submit: Titouan Rigoudy <titouan@chromium.org> Reviewed-by: Arthur Sonzogni <arthursonzogni@chromium.org> Cr-Commit-Position: refs/heads/master@{#837005}

[CORS-RFC1918] Test secure context inheritance.
Specifically, we test inheritance in the case of local schemes. Other tests already cover the cases where the document is delivered from the network. Bug: chromium:1126856 Change-Id: I3b2c605f758e7dfdfb798f92cef85247c1008582 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2587742 Commit-Queue: Titouan Rigoudy <titouan@chromium.org> Auto-Submit: Titouan Rigoudy <titouan@chromium.org> Reviewed-by: Arthur Sonzogni <arthursonzogni@chromium.org> Cr-Commit-Position: refs/heads/master@{#837005}
341d4109 · Titouan Rigoudy · Chromium LUCI CQ · 5d2fda3f · 341d4109
Commit 341d4109 authored Dec 15, 2020 by Titouan Rigoudy Committed by Chromium LUCI CQ Dec 15, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 163 additions and 0 deletions

content/browser/renderer_host/render_frame_host_impl_browsertest.cc ...owser/renderer_host/render_frame_host_impl_browsertest.cc +163 -0

No files found.
--- a/content/browser/renderer_host/render_frame_host_impl_browsertest.cc
+++ b/content/browser/renderer_host/render_frame_host_impl_browsertest.cc
@@ -5254,6 +5254,169 @@ IN_PROC_BROWSER_TEST_F(
            security_state->ip_address_space);
 }
+IN_PROC_BROWSER_TEST_F(
+    RenderFrameHostImplBrowserTestWithInsecurePrivateNetworkRequestsBlocked,
+    IframeInheritsSecureContextForAboutBlankFromSecure) {
+  EXPECT_TRUE(
+      NavigateToURL(shell(), SecureDefaultURL(*embedded_test_server())));
+  RenderFrameHostImpl* child_frame = AddChildFromAboutBlank(root_frame_host());
+  ASSERT_NE(nullptr, child_frame);
+  const network::mojom::ClientSecurityStatePtr& security_state =
+      child_frame->last_committed_client_security_state();
+  ASSERT_FALSE(security_state.is_null());
+  // TODO(https://crbug.com/1126856): Expect true once inheritance is fixed.
+  EXPECT_FALSE(security_state->is_web_secure_context);
+}
+IN_PROC_BROWSER_TEST_F(
+    RenderFrameHostImplBrowserTestWithInsecurePrivateNetworkRequestsBlocked,
+    IframeInheritsSecureContextForAboutBlankFromInsecure) {
+  EXPECT_TRUE(
+      NavigateToURL(shell(), InsecureDefaultURL(*embedded_test_server())));
+  RenderFrameHostImpl* child_frame = AddChildFromAboutBlank(root_frame_host());
+  ASSERT_NE(nullptr, child_frame);
+  const network::mojom::ClientSecurityStatePtr& security_state =
+      child_frame->last_committed_client_security_state();
+  ASSERT_FALSE(security_state.is_null());
+  EXPECT_FALSE(security_state->is_web_secure_context);
+}
+IN_PROC_BROWSER_TEST_F(
+    RenderFrameHostImplBrowserTestWithInsecurePrivateNetworkRequestsBlocked,
+    IframeInheritsSecureContextForAboutSrcdocFromSecure) {
+  EXPECT_TRUE(
+      NavigateToURL(shell(), SecureDefaultURL(*embedded_test_server())));
+  RenderFrameHostImpl* child_frame = AddChildFromSrcdoc(root_frame_host());
+  ASSERT_NE(nullptr, child_frame);
+  const network::mojom::ClientSecurityStatePtr& security_state =
+      child_frame->last_committed_client_security_state();
+  ASSERT_FALSE(security_state.is_null());
+  // TODO(https://crbug.com/1126856): Expect true once inheritance is fixed.
+  EXPECT_FALSE(security_state->is_web_secure_context);
+}
+IN_PROC_BROWSER_TEST_F(
+    RenderFrameHostImplBrowserTestWithInsecurePrivateNetworkRequestsBlocked,
+    IframeInheritsSecureContextForAboutSrcdocFromInsecure) {
+  EXPECT_TRUE(
+      NavigateToURL(shell(), InsecureDefaultURL(*embedded_test_server())));
+  RenderFrameHostImpl* child_frame = AddChildFromSrcdoc(root_frame_host());
+  ASSERT_NE(nullptr, child_frame);
+  const network::mojom::ClientSecurityStatePtr& security_state =
+      child_frame->last_committed_client_security_state();
+  ASSERT_FALSE(security_state.is_null());
+  EXPECT_FALSE(security_state->is_web_secure_context);
+}
+IN_PROC_BROWSER_TEST_F(
+    RenderFrameHostImplBrowserTestWithInsecurePrivateNetworkRequestsBlocked,
+    IframeInheritsSecureContextForDataURLFromSecure) {
+  EXPECT_TRUE(
+      NavigateToURL(shell(), SecureDefaultURL(*embedded_test_server())));
+  RenderFrameHostImpl* child_frame = AddChildFromDataURL(root_frame_host());
+  ASSERT_NE(nullptr, child_frame);
+  const network::mojom::ClientSecurityStatePtr& security_state =
+      child_frame->last_committed_client_security_state();
+  ASSERT_FALSE(security_state.is_null());
+  // TODO(https://crbug.com/1126856): Expect true once inheritance is fixed.
+  EXPECT_FALSE(security_state->is_web_secure_context);
+}
+IN_PROC_BROWSER_TEST_F(
+    RenderFrameHostImplBrowserTestWithInsecurePrivateNetworkRequestsBlocked,
+    IframeInheritsSecureContextForDataURLFromInsecure) {
+  EXPECT_TRUE(
+      NavigateToURL(shell(), InsecureDefaultURL(*embedded_test_server())));
+  RenderFrameHostImpl* child_frame = AddChildFromDataURL(root_frame_host());
+  ASSERT_NE(nullptr, child_frame);
+  const network::mojom::ClientSecurityStatePtr& security_state =
+      child_frame->last_committed_client_security_state();
+  ASSERT_FALSE(security_state.is_null());
+  EXPECT_FALSE(security_state->is_web_secure_context);
+}
+IN_PROC_BROWSER_TEST_F(
+    RenderFrameHostImplBrowserTestWithInsecurePrivateNetworkRequestsBlocked,
+    IframeInheritsSecureContextForBlobURLFromSecure) {
+  EXPECT_TRUE(
+      NavigateToURL(shell(), SecureDefaultURL(*embedded_test_server())));
+  RenderFrameHostImpl* child_frame = AddChildFromBlob(root_frame_host());
+  ASSERT_NE(nullptr, child_frame);
+  const network::mojom::ClientSecurityStatePtr& security_state =
+      child_frame->last_committed_client_security_state();
+  ASSERT_FALSE(security_state.is_null());
+  EXPECT_TRUE(security_state->is_web_secure_context);
+}
+IN_PROC_BROWSER_TEST_F(
+    RenderFrameHostImplBrowserTestWithInsecurePrivateNetworkRequestsBlocked,
+    IframeInheritsSecureContextForBlobURLFromInsecure) {
+  EXPECT_TRUE(
+      NavigateToURL(shell(), InsecureDefaultURL(*embedded_test_server())));
+  RenderFrameHostImpl* child_frame = AddChildFromBlob(root_frame_host());
+  ASSERT_NE(nullptr, child_frame);
+  const network::mojom::ClientSecurityStatePtr& security_state =
+      child_frame->last_committed_client_security_state();
+  ASSERT_FALSE(security_state.is_null());
+  EXPECT_FALSE(security_state->is_web_secure_context);
+}
+IN_PROC_BROWSER_TEST_F(
+    RenderFrameHostImplBrowserTestWithInsecurePrivateNetworkRequestsBlocked,
+    IframeInheritsSecureContextForFilesystemURLFromSecure) {
+  EXPECT_TRUE(
+      NavigateToURL(shell(), SecureDefaultURL(*embedded_test_server())));
+  RenderFrameHostImpl* child_frame = AddChildFromFilesystem(root_frame_host());
+  ASSERT_NE(nullptr, child_frame);
+  const network::mojom::ClientSecurityStatePtr& security_state =
+      child_frame->last_committed_client_security_state();
+  ASSERT_FALSE(security_state.is_null());
+  EXPECT_TRUE(security_state->is_web_secure_context);
+}
+IN_PROC_BROWSER_TEST_F(
+    RenderFrameHostImplBrowserTestWithInsecurePrivateNetworkRequestsBlocked,
+    IframeInheritsSecureContextForFilesystemURLFromInsecure) {
+  EXPECT_TRUE(
+      NavigateToURL(shell(), InsecureDefaultURL(*embedded_test_server())));
+  RenderFrameHostImpl* child_frame = AddChildFromFilesystem(root_frame_host());
+  ASSERT_NE(nullptr, child_frame);
+  const network::mojom::ClientSecurityStatePtr& security_state =
+      child_frame->last_committed_client_security_state();
+  ASSERT_FALSE(security_state.is_null());
+  EXPECT_FALSE(security_state->is_web_secure_context);
+}
 // This test verifies that even with the blocking feature disabled, an insecure
 // page in the `local` address space cannot fetch a `file:` URL.
 //