diff options
| author | timvolodine <timvolodine@chromium.org> | 2015-01-20 09:21:23 -0800 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2015-01-20 17:23:04 +0000 |
| commit | a2830559eda8642679901cf8ababe61daa1a0d17 (patch) | |
| tree | 16a312eabd9b9ad2a33300f400404285475319c6 /chrome/browser/content_settings | |
| parent | 569ce1bcb696473c117b8afdc15871183c0052ef (diff) | |
| download | chromium_src-a2830559eda8642679901cf8ababe61daa1a0d17.zip chromium_src-a2830559eda8642679901cf8ababe61daa1a0d17.tar.gz chromium_src-a2830559eda8642679901cf8ababe61daa1a0d17.tar.bz2 | |
Move origin url validation check to PermissionContextBase class.
Currently the validity check for the origin url and embedding url is performed
within the permissions related code on a case by case basis, i.e. for each API
separately. This patch moves the check to the base class to have a uniform
code path for all permissions in chrome. Also added a test.
BUG=
Review URL: https://codereview.chromium.org/815743003
Cr-Commit-Position: refs/heads/master@{#312217}
Diffstat (limited to 'chrome/browser/content_settings')
| -rw-r--r-- | chrome/browser/content_settings/permission_context_base.cc | 14 | ||||
| -rw-r--r-- | chrome/browser/content_settings/permission_context_base_unittest.cc | 43 |
2 files changed, 55 insertions, 2 deletions
diff --git a/chrome/browser/content_settings/permission_context_base.cc b/chrome/browser/content_settings/permission_context_base.cc index 9211703..45ce75a 100644 --- a/chrome/browser/content_settings/permission_context_base.cc +++ b/chrome/browser/content_settings/permission_context_base.cc @@ -12,6 +12,7 @@ #include "chrome/browser/profiles/profile.h" #include "chrome/browser/ui/website_settings/permission_bubble_manager.h" #include "chrome/common/pref_names.h" +#include "components/content_settings/core/browser/content_settings_utils.h" #include "components/content_settings/core/browser/host_content_settings_map.h" #include "components/content_settings/core/common/permission_request_id.h" #include "content/public/browser/browser_thread.h" @@ -82,11 +83,24 @@ void PermissionContextBase::DecidePermission( const BrowserPermissionCallback& callback) { DCHECK(content::BrowserThread::CurrentlyOn(content::BrowserThread::UI)); + if (!requesting_origin.is_valid() || !embedding_origin.is_valid()) { + DVLOG(1) + << "Attempt to use " << content_settings::GetTypeName(permission_type_) + << " from an invalid URL: " << requesting_origin + << "," << embedding_origin + << " (" << content_settings::GetTypeName(permission_type_) + << " is not supported in popups)"; + NotifyPermissionSet(id, requesting_origin, embedding_origin, + callback, false /* persist */, false /* granted */); + return; + } + ContentSetting content_setting = profile_->GetHostContentSettingsMap() ->GetContentSettingAndMaybeUpdateLastUsage( requesting_origin, embedding_origin, permission_type_, std::string()); + switch (content_setting) { case CONTENT_SETTING_BLOCK: NotifyPermissionSet(id, requesting_origin, embedding_origin, callback, diff --git a/chrome/browser/content_settings/permission_context_base_unittest.cc b/chrome/browser/content_settings/permission_context_base_unittest.cc index e915728..ab3a31d4 100644 --- a/chrome/browser/content_settings/permission_context_base_unittest.cc +++ b/chrome/browser/content_settings/permission_context_base_unittest.cc @@ -152,6 +152,32 @@ class PermissionContextBaseTests : public ChromeRenderViewHostTestHarness { EXPECT_EQ(CONTENT_SETTING_ASK , setting); } + void TestRequestPermissionInvalidUrl(ContentSettingsType type) { + TestPermissionContext permission_context(profile(), type); + GURL url; + ASSERT_FALSE(url.is_valid()); + content::WebContentsTester::For(web_contents())->NavigateAndCommit(url); + + const PermissionRequestID id( + web_contents()->GetRenderProcessHost()->GetID(), + web_contents()->GetRenderViewHost()->GetRoutingID(), + -1, GURL()); + permission_context.RequestPermission( + web_contents(), + id, url, true, + base::Bind(&TestPermissionContext::TrackPermissionDecision, + base::Unretained(&permission_context))); + + EXPECT_TRUE(permission_context.permission_set()); + EXPECT_FALSE(permission_context.permission_granted()); + EXPECT_TRUE(permission_context.tab_context_updated()); + + ContentSetting setting = + profile()->GetHostContentSettingsMap()->GetContentSetting( + url.GetOrigin(), url.GetOrigin(), type, std::string()); + EXPECT_EQ(CONTENT_SETTING_ASK, setting); + } + private: // ChromeRenderViewHostTestHarness: void SetUp() override { @@ -169,7 +195,7 @@ TEST_F(PermissionContextBaseTests, TestAskAndGrant) { TestAskAndGrant_TestContent(); StartUsingPermissionBubble(); TestAskAndGrant_TestContent(); -}; +} // Simulates clicking Dismiss (X) in the infobar/bubble. // The permission should be denied but not saved for future use. @@ -177,4 +203,17 @@ TEST_F(PermissionContextBaseTests, TestAskAndDismiss) { TestAskAndDismiss_TestContent(); StartUsingPermissionBubble(); TestAskAndDismiss_TestContent(); -}; +} + +// Simulates non-valid requesting URL. +// The permission should be denied but not saved for future use. +TEST_F(PermissionContextBaseTests, TestNonValidRequestingUrl) { + TestRequestPermissionInvalidUrl(CONTENT_SETTINGS_TYPE_GEOLOCATION); + TestRequestPermissionInvalidUrl(CONTENT_SETTINGS_TYPE_NOTIFICATIONS); + TestRequestPermissionInvalidUrl(CONTENT_SETTINGS_TYPE_MIDI_SYSEX); + TestRequestPermissionInvalidUrl(CONTENT_SETTINGS_TYPE_PUSH_MESSAGING); +#if defined(OS_ANDROID) || defined(OS_CHROMEOS) + TestRequestPermissionInvalidUrl( + CONTENT_SETTINGS_TYPE_PROTECTED_MEDIA_IDENTIFIER); +#endif +} |