Revert "Accept cross origins Manifest if they have valid Access Controls headers."

This reverts commit bf697ce57b6661429b7544cd5dd146ef8aa1627b. BUG=471236 Cr-Commit-Position: refs/branch-heads/2311@{#468} Cr-Branched-From: 09b7de5dd7254947cd4306de907274fa63373d48-refs/heads/master@{#317474}
author: Jason Kersey <kerz@google.com> 2015-04-08 20:02:53 -0700
committer: Jason Kersey <kerz@google.com> 2015-04-09 03:04:11 +0000
commit: 5c9eb989dce9d8786096a2a127d889a4481f21c3 (patch)
tree: 1b3b64c92fab1c60b84c980c2015af53dbba86f3
parent: a505eb437606df51f6699e68a1ecfc3f4e2bc92f (diff)
download: chromium_src-5c9eb989dce9d8786096a2a127d889a4481f21c3.zip
chromium_src-5c9eb989dce9d8786096a2a127d889a4481f21c3.tar.gz
chromium_src-5c9eb989dce9d8786096a2a127d889a4481f21c3.tar.bz2
4 files changed, 9 insertions, 59 deletions
diff --git a/content/browser/manifest/manifest_browsertest.cc b/content/browser/manifest/manifest_browsertest.cc
index 527a21b..f6905a9 100644
--- a/content/browser/manifest/manifest_browsertest.cc
+++ b/content/browser/manifest/manifest_browsertest.cc
@@ -3,7 +3,6 @@
 // found in the LICENSE file.
 
 #include "base/command_line.h"
-#include "base/path_service.h"
 #include "content/public/browser/web_contents.h"
 #include "content/public/common/content_switches.h"
 #include "content/public/common/manifest.h"
@@ -41,15 +40,7 @@ class ManifestBrowserTest : public ContentBrowserTest  {
  protected:
   friend MockWebContentsDelegate;
 
-  ManifestBrowserTest()
-      : console_error_count_(0) {
-    cors_embedded_test_server_.reset(new net::test_server::EmbeddedTestServer);
-    base::FilePath test_data_dir;
-    CHECK(PathService::Get(base::DIR_SOURCE_ROOT, &test_data_dir));
-    cors_embedded_test_server_->ServeFilesFromDirectory(
-        test_data_dir.AppendASCII("content/test/data/"));
-  }
-
+  ManifestBrowserTest() : console_error_count_(0) {}
   ~ManifestBrowserTest() override {}
 
   void SetUpOnMainThread() override {
@@ -87,14 +78,9 @@ class ManifestBrowserTest : public ContentBrowserTest  {
     console_error_count_++;
   }
 
-  net::test_server::EmbeddedTestServer* cors_embedded_test_server() const {
-    return cors_embedded_test_server_.get();
-  }
-
  private:
   scoped_refptr<MessageLoopRunner> message_loop_runner_;
   scoped_ptr<MockWebContentsDelegate> mock_web_contents_delegate_;
-  scoped_ptr<net::test_server::EmbeddedTestServer> cors_embedded_test_server_;
   Manifest manifest_;
   int console_error_count_;
 
@@ -227,36 +213,12 @@ IN_PROC_BROWSER_TEST_F(ManifestBrowserTest, DynamicManifest) {
 // rules and requesting the manifest should return an empty manifest (unless the
 // response contains CORS headers).
 IN_PROC_BROWSER_TEST_F(ManifestBrowserTest, CORSManifest) {
-  ASSERT_TRUE(embedded_test_server()->InitializeAndWaitUntilReady());
-  ASSERT_TRUE(cors_embedded_test_server()->InitializeAndWaitUntilReady());
-  ASSERT_NE(embedded_test_server()->port(),
-            cors_embedded_test_server()->port());
-
-  GURL test_url =
-      embedded_test_server()->GetURL("/manifest/dynamic-manifest.html");
-
-  TestNavigationObserver navigation_observer(shell()->web_contents(), 1);
-  shell()->LoadURL(test_url);
-  navigation_observer.Wait();
+  scoped_ptr<net::test_server::EmbeddedTestServer> cors_embedded_test_server(
+      new net::test_server::EmbeddedTestServer);
 
-  std::string manifest_url = cors_embedded_test_server()->GetURL(
-      "/manifest/dummy-manifest.json").spec();
-  ASSERT_TRUE(content::ExecuteScript(shell()->web_contents(),
-                                     "setManifestTo('" + manifest_url + "')"));
-
-  GetManifestAndWait();
-  EXPECT_TRUE(manifest().IsEmpty());
-
-  EXPECT_EQ(0u, console_error_count());
-}
-
-// If a page's manifest lives in a different origin, it should be accessible if
-// it has valid access controls headers.
-IN_PROC_BROWSER_TEST_F(ManifestBrowserTest, CORSManifestWithAcessControls) {
   ASSERT_TRUE(embedded_test_server()->InitializeAndWaitUntilReady());
-  ASSERT_TRUE(cors_embedded_test_server()->InitializeAndWaitUntilReady());
-  ASSERT_NE(embedded_test_server()->port(),
-            cors_embedded_test_server()->port());
+  ASSERT_TRUE(cors_embedded_test_server->InitializeAndWaitUntilReady());
+  ASSERT_NE(embedded_test_server()->port(), cors_embedded_test_server->port());
 
   GURL test_url =
       embedded_test_server()->GetURL("/manifest/dynamic-manifest.html");
@@ -265,18 +227,18 @@ IN_PROC_BROWSER_TEST_F(ManifestBrowserTest, CORSManifestWithAcessControls) {
   shell()->LoadURL(test_url);
   navigation_observer.Wait();
 
-  std::string manifest_url = cors_embedded_test_server()->GetURL(
-      "/manifest/manifest-cors.json").spec();
+  std::string manifest_url =
+      cors_embedded_test_server->GetURL("/manifest/dummy-manifest.json").spec();
   ASSERT_TRUE(content::ExecuteScript(shell()->web_contents(),
                                      "setManifestTo('" + manifest_url + "')"));
 
   GetManifestAndWait();
-  EXPECT_FALSE(manifest().IsEmpty());
+  EXPECT_TRUE(manifest().IsEmpty());
 
   EXPECT_EQ(0u, console_error_count());
 }
 
-// If a page's manifest is in an insecure origin while the page is in a secure
+// If a page's manifest is in an unsecure origin while the page is in a secure
 // origin, requesting the manifest should return the empty manifest.
 IN_PROC_BROWSER_TEST_F(ManifestBrowserTest, MixedContentManifest) {
   scoped_ptr<net::SpawnedTestServer> https_server(new net::SpawnedTestServer(
diff --git a/content/renderer/fetchers/manifest_fetcher.cc b/content/renderer/fetchers/manifest_fetcher.cc
index ba0cf3a..c6a64c8 100644
--- a/content/renderer/fetchers/manifest_fetcher.cc
+++ b/content/renderer/fetchers/manifest_fetcher.cc
@@ -24,12 +24,6 @@ ManifestFetcher::~ManifestFetcher() {
 
 void ManifestFetcher::Start(blink::WebFrame* frame, const Callback& callback) {
   callback_ = callback;
-
-  blink::WebURLLoaderOptions options;
-  options.crossOriginRequestPolicy =
-      blink::WebURLLoaderOptions::CrossOriginRequestPolicyUseAccessControl;
-  fetcher_->SetLoaderOptions(options);
-
   fetcher_->Start(frame,
                   blink::WebURLRequest::RequestContextManifest,
                   blink::WebURLRequest::FrameTypeNone,
diff --git a/content/test/data/manifest/manifest-cors.json b/content/test/data/manifest/manifest-cors.json
deleted file mode 100644
index bde99de..0000000
--- a/content/test/data/manifest/manifest-cors.json
+++ /dev/null
@@ -1,3 +0,0 @@
-{
-  "name": "foo"
-}
diff --git a/content/test/data/manifest/manifest-cors.json.mock-http-headers b/content/test/data/manifest/manifest-cors.json.mock-http-headers
deleted file mode 100644
index 0e81b47..0000000
--- a/content/test/data/manifest/manifest-cors.json.mock-http-headers
+++ /dev/null
@@ -1,3 +0,0 @@
-HTTP/1.1 200 OK
-Content-Type: application/json
-Access-Control-Allow-Origin: *
author	Jason Kersey <kerz@google.com>	2015-04-08 20:02:53 -0700
committer	Jason Kersey <kerz@google.com>	2015-04-09 03:04:11 +0000
commit	5c9eb989dce9d8786096a2a127d889a4481f21c3 (patch)
tree	1b3b64c92fab1c60b84c980c2015af53dbba86f3
parent	a505eb437606df51f6699e68a1ecfc3f4e2bc92f (diff)
download	chromium_src-5c9eb989dce9d8786096a2a127d889a4481f21c3.zip chromium_src-5c9eb989dce9d8786096a2a127d889a4481f21c3.tar.gz chromium_src-5c9eb989dce9d8786096a2a127d889a4481f21c3.tar.bz2