diff options
| author | joi@chromium.org <joi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-11-19 02:25:42 +0000 |
|---|---|---|
| committer | joi@chromium.org <joi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-11-19 02:25:42 +0000 |
| commit | d578d30e0467eee57ed3c82bf6d0e01fdb5aedcf (patch) | |
| tree | 90941e7d2f5f3d8503dc6ffe6539d501e56266f2 /chrome_frame/html_utils_unittest.cc | |
| parent | 4d6995212927d8496fb61fe4efb58f5485499fa7 (diff) | |
| download | chromium_src-d578d30e0467eee57ed3c82bf6d0e01fdb5aedcf.zip chromium_src-d578d30e0467eee57ed3c82bf6d0e01fdb5aedcf.tar.gz chromium_src-d578d30e0467eee57ed3c82bf6d0e01fdb5aedcf.tar.bz2 | |
Respect the "allowall" value for the X-Frame-Options header, as some
front-ends send this rather than simply omitting the X-Frame-Options
header altogether.
BUG=none
TEST=chrome_frame_unittests.exe
Review URL: http://codereview.chromium.org/404003
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@32473 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome_frame/html_utils_unittest.cc')
| -rw-r--r-- | chrome_frame/html_utils_unittest.cc | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/chrome_frame/html_utils_unittest.cc b/chrome_frame/html_utils_unittest.cc new file mode 100644 index 0000000..73b7a4a --- /dev/null +++ b/chrome_frame/html_utils_unittest.cc @@ -0,0 +1,61 @@ +// Copyright (c) 2009 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "base/logging.h" +#include "chrome_frame/html_utils.h" +#include "testing/gtest/include/gtest/gtest.h" + +namespace { + +TEST(HttpUtils, HasFrameBustingHeader) { + // Simple negative cases. + ASSERT_FALSE(http_utils::HasFrameBustingHeader("")); + ASSERT_FALSE(http_utils::HasFrameBustingHeader("Content-Type: text/plain")); + // Explicit negative cases, test that we ignore case. + ASSERT_FALSE(http_utils::HasFrameBustingHeader("X-Frame-Options: ALLOWALL")); + ASSERT_FALSE(http_utils::HasFrameBustingHeader("X-Frame-Options: allowall")); + ASSERT_FALSE(http_utils::HasFrameBustingHeader("X-Frame-Options: ALLowalL")); + // Added space, ensure stripped out + ASSERT_FALSE(http_utils::HasFrameBustingHeader( + "X-Frame-Options: ALLOWALL ")); + // Added space with linefeed, ensure still stripped out + ASSERT_FALSE(http_utils::HasFrameBustingHeader( + "X-Frame-Options: ALLOWALL \r\n")); + // Multiple identical headers, all of them allowing framing. + ASSERT_FALSE(http_utils::HasFrameBustingHeader( + "X-Frame-Options: ALLOWALL\r\n" + "X-Frame-Options: ALLOWALL\r\n" + "X-Frame-Options: ALLOWALL")); + // Interleave with other headers. + ASSERT_FALSE(http_utils::HasFrameBustingHeader( + "Content-Type: text/plain\r\n" + "X-Frame-Options: ALLOWALL\r\n" + "Content-Length: 42")); + + // Simple positive cases. + ASSERT_TRUE(http_utils::HasFrameBustingHeader("X-Frame-Options: deny")); + ASSERT_TRUE(http_utils::HasFrameBustingHeader( + "X-Frame-Options: SAMEorigin")); + + // Allowall entries do not override the denying entries, are + // order-independent, and the deny entries can interleave with + // other headers. + ASSERT_TRUE(http_utils::HasFrameBustingHeader( + "Content-Length: 42\r\n" + "X-Frame-Options: ALLOWall\r\n" + "X-Frame-Options: deny\r\n")); + ASSERT_TRUE(http_utils::HasFrameBustingHeader( + "X-Frame-Options: ALLOWall\r\n" + "Content-Length: 42\r\n" + "X-Frame-Options: SAMEORIGIN\r\n")); + ASSERT_TRUE(http_utils::HasFrameBustingHeader( + "X-Frame-Options: deny\r\n" + "X-Frame-Options: ALLOWall\r\n" + "Content-Length: 42\r\n")); + ASSERT_TRUE(http_utils::HasFrameBustingHeader( + "X-Frame-Options: SAMEORIGIN\r\n" + "X-Frame-Options: ALLOWall\r\n")); +} + +} // namespace |