AW NS: add CORS test

No change to production logic. This adds a regression test for http://crbug.com/960165. This loads a page and ensures that WebView correctly respects the Access-Control-Allow-Origin header, by using the JavaScript fetch() API. Bug: 960165 Test: run_webview_instrumentation_test_apk --enable-features=NetworkService,NetworkServiceInProcess -f AwNetworkConfigurationTest#testAccessControlAllowOriginHeader Change-Id: I74b6e789bb47a5ba8d70e1416bf963b0afbcb2ed Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1618160 Commit-Queue: Nate Fischer <ntfschr@chromium.org> Reviewed-by: Changwan Ryu <changwan@chromium.org> Cr-Commit-Position: refs/heads/master@{#664008}

AW NS: add CORS test
No change to production logic. This adds a regression test for http://crbug.com/960165. This loads a page and ensures that WebView correctly respects the Access-Control-Allow-Origin header, by using the JavaScript fetch() API. Bug: 960165 Test: run_webview_instrumentation_test_apk --enable-features=NetworkService,NetworkServiceInProcess -f AwNetworkConfigurationTest#testAccessControlAllowOriginHeader Change-Id: I74b6e789bb47a5ba8d70e1416bf963b0afbcb2ed Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1618160 Commit-Queue: Nate Fischer <ntfschr@chromium.org> Reviewed-by: Changwan Ryu <changwan@chromium.org> Cr-Commit-Position: refs/heads/master@{#664008}
f29cac37 · Nate Fischer · Commit Bot · 686c090e · f29cac37
Commit f29cac37 authored May 28, 2019 by Nate Fischer Committed by Commit Bot May 28, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 63 additions and 0 deletions

android_webview/javatests/src/org/chromium/android_webview/test/AwNetworkConfigurationTest.java ...mium/android_webview/test/AwNetworkConfigurationTest.java +63 -0

No files found.
--- a/android_webview/javatests/src/org/chromium/android_webview/test/AwNetworkConfigurationTest.java
+++ b/android_webview/javatests/src/org/chromium/android_webview/test/AwNetworkConfigurationTest.java
@@ -4,8 +4,13 @@

 package org.chromium.android_webview.test;

+import static org.chromium.android_webview.test.AwActivityTestRule.WAIT_TIMEOUT_MS;
+
 import android.support.test.InstrumentationRegistry;
 import android.support.test.filters.SmallTest;
+import android.webkit.JavascriptInterface;
+
+import com.google.common.util.concurrent.SettableFuture;

 import org.junit.Assert;
 import org.junit.Before;
@@ -17,12 +22,14 @@ import org.chromium.android_webview.AwContents;
 import org.chromium.android_webview.AwContentsClient.AwWebResourceRequest;
 import org.chromium.base.test.util.CallbackHelper;
 import org.chromium.base.test.util.Feature;
+import org.chromium.content_public.browser.test.util.TestThreadUtils;
 import org.chromium.net.test.EmbeddedTestServer;
 import org.chromium.net.test.ServerCertificate;

 import java.net.URLEncoder;
 import java.util.HashMap;
 import java.util.Map;
+import java.util.concurrent.TimeUnit;

 /**
 * A test suite for WebView's network-related configuration. This tests WebView's default settings,
@@ -194,6 +201,62 @@ public class AwNetworkConfigurationTest {
        }
    }

+    @Test
+    @SmallTest
+    @Feature({"AndroidWebView", "Network"})
+    public void testAccessControlAllowOriginHeader() throws Throwable {
+        mTestServer = EmbeddedTestServer.createAndStartServer(
+                InstrumentationRegistry.getInstrumentation().getContext());
+        try {
+            AwActivityTestRule.enableJavaScriptOnUiThread(mAwContents);
+
+            final SettableFuture<Boolean> fetchResultFuture = SettableFuture.create();
+            Object injectedObject = new Object() {
+                @JavascriptInterface
+                public void success() {
+                    fetchResultFuture.set(true);
+                }
+                @JavascriptInterface
+                public void error() {
+                    fetchResultFuture.set(false);
+                }
+            };
+            TestThreadUtils.runOnUiThreadBlocking(() -> {
+                mTestContainerView.getAwContents().addJavascriptInterface(
+                        injectedObject, "injectedObject");
+            });
+
+            // The test server will add the Access-Control-Allow-Origin header to the HTTP response
+            // for this resource. We should check WebView correctly respects this.
+            final String fetchWithAllowOrigin =
+                    mTestServer.getURL("/set-header?Access-Control-Allow-Origin:%20*");
+            String html = "<html>"
+                    + "  <head>"
+                    + "  </head>"
+                    + "  <body>"
+                    + "    HTML content does not matter."
+                    + "  </body>"
+                    + "</html>";
+            final String baseUrl = "http://some.origin.test/index.html";
+            mActivityTestRule.loadDataWithBaseUrlSync(mAwContents,
+                    mContentsClient.getOnPageFinishedHelper(), html,
+                    /* mimeType */ null, /* isBase64Encoded */ false, baseUrl,
+                    /* historyUrl */ null);
+
+            String script = "fetch('" + fetchWithAllowOrigin + "')"
+                    + "  .then(() => { injectedObject.success(); })"
+                    + "  .catch(() => { injectedObject.failure(); });";
+            mActivityTestRule.executeJavaScriptAndWaitForResult(
+                    mAwContents, mContentsClient, script);
+            Assert.assertTrue("fetch() should succeed, due to Access-Control-Allow-Origin header",
+                    fetchResultFuture.get(WAIT_TIMEOUT_MS, TimeUnit.MILLISECONDS));
+            // If we timeout, this indicates the fetch() was erroneously blocked by CORS (as was the
+            // root cause of https://crbug.com/960165).
+        } finally {
+            mTestServer.stopAndDestroyServer();
+        }
+    }
+
    /**
     * Like {@link AwActivityTestRule#getJavaScriptResultBodyTextContent}, but it gets the text
     * content of the iframe instead. This assumes the main frame has only a single iframe.