Commit e4802393 authored by Takashi Toyoshima's avatar Takashi Toyoshima Committed by Commit Bot

OOR-CORS: Make WebRequestCORSWithExtraHeaders run with policies

This patch updates the WebRequestCORSWithExtraHeaders test run with
various configurations, based on kOutOfBlinkCors base::Feature,
policy::CorsLegacyModeEnabled, and policy::CorsMitigationList.

Bug: 1002884
Change-Id: I8929b588f6999ccec3bcf011cd019211c9fc256a
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1862356
Commit-Queue: Takashi Toyoshima <toyoshim@chromium.org>
Reviewed-by: default avatarKaran Bhatia <karandeepb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#708982}
parent 7e31a1fe
......@@ -57,6 +57,9 @@
#include "chrome/test/base/ui_test_utils.h"
#include "chromeos/login/login_state/scoped_test_public_session_login_state.h"
#include "components/google/core/common/google_switches.h"
#include "components/policy/core/browser/browser_policy_connector.h"
#include "components/policy/core/common/mock_configuration_policy_provider.h"
#include "components/policy/policy_constants.h"
#include "components/prefs/pref_service.h"
#include "components/proxy_config/proxy_config_dictionary.h"
#include "components/proxy_config/proxy_config_pref_names.h"
......@@ -617,16 +620,93 @@ IN_PROC_BROWSER_TEST_F(ExtensionWebRequestApiTest,
<< message_;
}
IN_PROC_BROWSER_TEST_F(ExtensionWebRequestApiTest,
enum class ExtraHeadersRequirementMode {
kEnabled,
kDisabled,
kEnabledWithCorsLegacyModeEnabledPolicy,
kEnabledWithCorsMitigationListPolicy,
};
class ExtensionWebRequestApiPolicyTest
: public ExtensionWebRequestApiTest,
public ::testing::WithParamInterface<ExtraHeadersRequirementMode> {
public:
const std::string& test_name() { return test_name_; }
private:
void SetUpInProcessBrowserTestFixture() override {
EXPECT_CALL(provider_, IsInitializationComplete(testing::_))
.WillRepeatedly(testing::Return(true));
policy::BrowserPolicyConnector::SetPolicyProviderForTesting(&provider_);
switch (GetParam()) {
case ExtraHeadersRequirementMode::kEnabled:
feature_list_.InitAndEnableFeature(network::features::kOutOfBlinkCors);
test_name_ += "?cors_mode=network_service";
break;
case ExtraHeadersRequirementMode::kDisabled:
feature_list_.InitAndDisableFeature(network::features::kOutOfBlinkCors);
test_name_ += "?cors_mode=blink";
break;
case ExtraHeadersRequirementMode::kEnabledWithCorsLegacyModeEnabledPolicy:
feature_list_.InitAndEnableFeature(network::features::kOutOfBlinkCors);
UpdatePolicy(policy::key::kCorsLegacyModeEnabled,
std::make_unique<base::Value>(true));
test_name_ += "?cors_mode=blink";
break;
case ExtraHeadersRequirementMode::kEnabledWithCorsMitigationListPolicy:
feature_list_.InitAndEnableFeature(network::features::kOutOfBlinkCors);
UpdatePolicy(policy::key::kCorsMitigationList,
std::make_unique<base::ListValue>());
test_name_ += "?cors_mode=network_service&with_force_extra_headers";
break;
}
ExtensionWebRequestApiTest::SetUpInProcessBrowserTestFixture();
}
void UpdatePolicy(const std::string& policy,
std::unique_ptr<base::Value> value) {
policy::PolicyMap policy_map;
policy_map.Set(policy, policy::POLICY_LEVEL_MANDATORY,
policy::POLICY_SCOPE_USER, policy::POLICY_SOURCE_CLOUD,
std::move(value), nullptr);
provider_.UpdateChromePolicy(policy_map);
}
private:
base::test::ScopedFeatureList feature_list_;
policy::MockConfigurationPolicyProvider provider_;
std::string test_name_ = "test_cors.html";
};
IN_PROC_BROWSER_TEST_P(ExtensionWebRequestApiPolicyTest,
WebRequestCORSWithExtraHeaders) {
ASSERT_TRUE(StartEmbeddedTestServer());
std::string test = "test_cors.html";
if (network::features::ShouldEnableOutOfBlinkCorsForTesting())
test += "?cors_mode=network_service";
else
test += "?cors_mode=blink";
ASSERT_TRUE(RunExtensionSubtest("webrequest", test)) << message_;
}
ASSERT_TRUE(RunExtensionSubtest("webrequest", test_name())) << message_;
}
INSTANTIATE_TEST_SUITE_P(
Enabled,
ExtensionWebRequestApiPolicyTest,
testing::Values(ExtraHeadersRequirementMode::kEnabled));
INSTANTIATE_TEST_SUITE_P(
Disabled,
ExtensionWebRequestApiPolicyTest,
testing::Values(ExtraHeadersRequirementMode::kDisabled));
INSTANTIATE_TEST_SUITE_P(
EnabledWithCorsLegacyModeEnabledPolicy,
ExtensionWebRequestApiPolicyTest,
testing::Values(
ExtraHeadersRequirementMode::kEnabledWithCorsLegacyModeEnabledPolicy));
INSTANTIATE_TEST_SUITE_P(
EnabledWithCorsMitigationListPolicy,
ExtensionWebRequestApiPolicyTest,
testing::Values(
ExtraHeadersRequirementMode::kEnabledWithCorsMitigationListPolicy));
IN_PROC_BROWSER_TEST_F(ExtensionWebRequestApiTest, WebRequestRedirects) {
ASSERT_TRUE(StartEmbeddedTestServer());
......
......@@ -4,17 +4,21 @@
const callbackPass = chrome.test.callbackPass;
const listeningUrlPattern = '*://cors.example.com/*';
const params = (new URL(location.href)).searchParams;
const BASE = 'extensions/api_test/webrequest/cors/';
function getCorsMode() {
const query = location.search;
const prefix = '?cors_mode=';
chrome.test.assertTrue(query.startsWith(prefix));
const mode = query.substr(prefix.length);
const name = 'cors_mode';
chrome.test.assertTrue(params.has(name));
const mode = params.get(name);
chrome.test.assertTrue(mode == 'blink' || mode == 'network_service');
return mode;
}
function isExtraHeadersForced() {
return params.has('with_force_extra_headers');
}
function setExpectationsForNonObservablePreflight() {
// In this case the preflight request is not observable.
chrome.test.assertTrue(getCorsMode() == 'network_service');
......@@ -243,7 +247,7 @@ function registerRequestHeaderInjectionListeners(extraInfoSpec) {
// Otherwises, modified headers are not observed by CORS implementations, and
// do not trigger the CORS preflight.
const triggerPreflight = !extraInfoSpec.includes('extraHeaders') &&
getCorsMode() == 'network_service';
!isExtraHeadersForced() && getCorsMode() == 'network_service';
const event = triggerPreflight ? chrome.webRequest.onErrorOccurred :
chrome.webRequest.onCompleted;
......@@ -269,8 +273,8 @@ function registerResponseHeaderInjectionListeners(extraInfoSpec) {
// If the 'extraHeaders' is not specified and OOR-CORS is enabled, Chrome
// detects CORS failures before |headerReceivedListener| is called and injects
// fake headers to deceive the CORS checks.
const canInjectFakeCorsResponse =
extraInfoSpec.includes('extraHeaders') || getCorsMode() == 'blink';
const canInjectFakeCorsResponse = extraInfoSpec.includes('extraHeaders') ||
isExtraHeadersForced() || getCorsMode() == 'blink';
const event = canInjectFakeCorsResponse ? chrome.webRequest.onCompleted :
chrome.webRequest.onErrorOccurred;
......@@ -578,7 +582,7 @@ runTests([
// without it.
// If OOR-CORS is enabled, the Origin header is invisible if the
// extraHeaders is not specified.
if (getCorsMode() == 'network_service')
if (getCorsMode() == 'network_service' && !isExtraHeadersForced())
registerOriginListeners([], ['origin'], ['requestHeaders']);
else
registerOriginListeners(['origin'], [], ['requestHeaders']);
......@@ -620,7 +624,7 @@ runTests([
'extensions/api_test/webrequest/cors/fetch.html?path=reject'));
},
function testCorsPreflightWithoutExtraHeaders() {
if (getCorsMode() == 'network_service') {
if (getCorsMode() == 'network_service' && !isExtraHeadersForced()) {
setExpectationsForNonObservablePreflight();
} else {
setExpectationsForObservablePreflight([]);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment