diff options
author | Jason Kersey <kerz@google.com> | 2015-04-08 20:02:53 -0700 |
---|---|---|
committer | Jason Kersey <kerz@google.com> | 2015-04-09 03:04:11 +0000 |
commit | 5c9eb989dce9d8786096a2a127d889a4481f21c3 (patch) | |
tree | 1b3b64c92fab1c60b84c980c2015af53dbba86f3 | |
parent | a505eb437606df51f6699e68a1ecfc3f4e2bc92f (diff) | |
download | chromium_src-5c9eb989dce9d8786096a2a127d889a4481f21c3.zip chromium_src-5c9eb989dce9d8786096a2a127d889a4481f21c3.tar.gz chromium_src-5c9eb989dce9d8786096a2a127d889a4481f21c3.tar.bz2 |
Revert "Accept cross origins Manifest if they have valid Access Controls headers."
This reverts commit bf697ce57b6661429b7544cd5dd146ef8aa1627b.
BUG=471236
Cr-Commit-Position: refs/branch-heads/2311@{#468}
Cr-Branched-From: 09b7de5dd7254947cd4306de907274fa63373d48-refs/heads/master@{#317474}
4 files changed, 9 insertions, 59 deletions
diff --git a/content/browser/manifest/manifest_browsertest.cc b/content/browser/manifest/manifest_browsertest.cc index 527a21b..f6905a9 100644 --- a/content/browser/manifest/manifest_browsertest.cc +++ b/content/browser/manifest/manifest_browsertest.cc @@ -3,7 +3,6 @@ // found in the LICENSE file. #include "base/command_line.h" -#include "base/path_service.h" #include "content/public/browser/web_contents.h" #include "content/public/common/content_switches.h" #include "content/public/common/manifest.h" @@ -41,15 +40,7 @@ class ManifestBrowserTest : public ContentBrowserTest { protected: friend MockWebContentsDelegate; - ManifestBrowserTest() - : console_error_count_(0) { - cors_embedded_test_server_.reset(new net::test_server::EmbeddedTestServer); - base::FilePath test_data_dir; - CHECK(PathService::Get(base::DIR_SOURCE_ROOT, &test_data_dir)); - cors_embedded_test_server_->ServeFilesFromDirectory( - test_data_dir.AppendASCII("content/test/data/")); - } - + ManifestBrowserTest() : console_error_count_(0) {} ~ManifestBrowserTest() override {} void SetUpOnMainThread() override { @@ -87,14 +78,9 @@ class ManifestBrowserTest : public ContentBrowserTest { console_error_count_++; } - net::test_server::EmbeddedTestServer* cors_embedded_test_server() const { - return cors_embedded_test_server_.get(); - } - private: scoped_refptr<MessageLoopRunner> message_loop_runner_; scoped_ptr<MockWebContentsDelegate> mock_web_contents_delegate_; - scoped_ptr<net::test_server::EmbeddedTestServer> cors_embedded_test_server_; Manifest manifest_; int console_error_count_; @@ -227,36 +213,12 @@ IN_PROC_BROWSER_TEST_F(ManifestBrowserTest, DynamicManifest) { // rules and requesting the manifest should return an empty manifest (unless the // response contains CORS headers). IN_PROC_BROWSER_TEST_F(ManifestBrowserTest, CORSManifest) { - ASSERT_TRUE(embedded_test_server()->InitializeAndWaitUntilReady()); - ASSERT_TRUE(cors_embedded_test_server()->InitializeAndWaitUntilReady()); - ASSERT_NE(embedded_test_server()->port(), - cors_embedded_test_server()->port()); - - GURL test_url = - embedded_test_server()->GetURL("/manifest/dynamic-manifest.html"); - - TestNavigationObserver navigation_observer(shell()->web_contents(), 1); - shell()->LoadURL(test_url); - navigation_observer.Wait(); + scoped_ptr<net::test_server::EmbeddedTestServer> cors_embedded_test_server( + new net::test_server::EmbeddedTestServer); - std::string manifest_url = cors_embedded_test_server()->GetURL( - "/manifest/dummy-manifest.json").spec(); - ASSERT_TRUE(content::ExecuteScript(shell()->web_contents(), - "setManifestTo('" + manifest_url + "')")); - - GetManifestAndWait(); - EXPECT_TRUE(manifest().IsEmpty()); - - EXPECT_EQ(0u, console_error_count()); -} - -// If a page's manifest lives in a different origin, it should be accessible if -// it has valid access controls headers. -IN_PROC_BROWSER_TEST_F(ManifestBrowserTest, CORSManifestWithAcessControls) { ASSERT_TRUE(embedded_test_server()->InitializeAndWaitUntilReady()); - ASSERT_TRUE(cors_embedded_test_server()->InitializeAndWaitUntilReady()); - ASSERT_NE(embedded_test_server()->port(), - cors_embedded_test_server()->port()); + ASSERT_TRUE(cors_embedded_test_server->InitializeAndWaitUntilReady()); + ASSERT_NE(embedded_test_server()->port(), cors_embedded_test_server->port()); GURL test_url = embedded_test_server()->GetURL("/manifest/dynamic-manifest.html"); @@ -265,18 +227,18 @@ IN_PROC_BROWSER_TEST_F(ManifestBrowserTest, CORSManifestWithAcessControls) { shell()->LoadURL(test_url); navigation_observer.Wait(); - std::string manifest_url = cors_embedded_test_server()->GetURL( - "/manifest/manifest-cors.json").spec(); + std::string manifest_url = + cors_embedded_test_server->GetURL("/manifest/dummy-manifest.json").spec(); ASSERT_TRUE(content::ExecuteScript(shell()->web_contents(), "setManifestTo('" + manifest_url + "')")); GetManifestAndWait(); - EXPECT_FALSE(manifest().IsEmpty()); + EXPECT_TRUE(manifest().IsEmpty()); EXPECT_EQ(0u, console_error_count()); } -// If a page's manifest is in an insecure origin while the page is in a secure +// If a page's manifest is in an unsecure origin while the page is in a secure // origin, requesting the manifest should return the empty manifest. IN_PROC_BROWSER_TEST_F(ManifestBrowserTest, MixedContentManifest) { scoped_ptr<net::SpawnedTestServer> https_server(new net::SpawnedTestServer( diff --git a/content/renderer/fetchers/manifest_fetcher.cc b/content/renderer/fetchers/manifest_fetcher.cc index ba0cf3a..c6a64c8 100644 --- a/content/renderer/fetchers/manifest_fetcher.cc +++ b/content/renderer/fetchers/manifest_fetcher.cc @@ -24,12 +24,6 @@ ManifestFetcher::~ManifestFetcher() { void ManifestFetcher::Start(blink::WebFrame* frame, const Callback& callback) { callback_ = callback; - - blink::WebURLLoaderOptions options; - options.crossOriginRequestPolicy = - blink::WebURLLoaderOptions::CrossOriginRequestPolicyUseAccessControl; - fetcher_->SetLoaderOptions(options); - fetcher_->Start(frame, blink::WebURLRequest::RequestContextManifest, blink::WebURLRequest::FrameTypeNone, diff --git a/content/test/data/manifest/manifest-cors.json b/content/test/data/manifest/manifest-cors.json deleted file mode 100644 index bde99de..0000000 --- a/content/test/data/manifest/manifest-cors.json +++ /dev/null @@ -1,3 +0,0 @@ -{ - "name": "foo" -} diff --git a/content/test/data/manifest/manifest-cors.json.mock-http-headers b/content/test/data/manifest/manifest-cors.json.mock-http-headers deleted file mode 100644 index 0e81b47..0000000 --- a/content/test/data/manifest/manifest-cors.json.mock-http-headers +++ /dev/null @@ -1,3 +0,0 @@ -HTTP/1.1 200 OK -Content-Type: application/json -Access-Control-Allow-Origin: * |