diff options
| author | robertshield@chromium.org <robertshield@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-01-05 19:16:23 +0000 |
|---|---|---|
| committer | robertshield@chromium.org <robertshield@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-01-05 19:16:23 +0000 |
| commit | ea9ed97d074fa3ae84486f952eb66ea1e95ce37e (patch) | |
| tree | d4603d01863ded8450e4d3109bf56d406e2c1d1a /chrome_frame/test/html_util_unittests.cc | |
| parent | 880b6f26f7cda4ddefbf2c269a2ec86dce71c2ff (diff) | |
| download | chromium_src-ea9ed97d074fa3ae84486f952eb66ea1e95ce37e.zip chromium_src-ea9ed97d074fa3ae84486f952eb66ea1e95ce37e.tar.gz chromium_src-ea9ed97d074fa3ae84486f952eb66ea1e95ce37e.tar.bz2 | |
Some Chrome Frame cleanup:
1) Rearrange the chrome_frame.gyp file to:
a) Split out most of CF into a static lib to make writing unit tests easier (not having to re-include source files).
b) Remove most of the un-needed xulrunner-sdk includes.
2) Move all OBJECT_ENTRY_AUTO macros to chrome_tab.cc since they don't work without extra work when residing in a lib.
3) Rename npchrome_tab.dll to npchrome_frame.dll.
BUG=none
TEST=none
Review URL: http://codereview.chromium.org/523040
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@35543 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome_frame/test/html_util_unittests.cc')
| -rw-r--r-- | chrome_frame/test/html_util_unittests.cc | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/chrome_frame/test/html_util_unittests.cc b/chrome_frame/test/html_util_unittests.cc index f654726..969e680 100644 --- a/chrome_frame/test/html_util_unittests.cc +++ b/chrome_frame/test/html_util_unittests.cc @@ -309,3 +309,55 @@ TEST_F(HtmlUtilUnittest, GetChromeFrameUserAgent) { std::string ua(call1); EXPECT_EQ("chromeframe/0.0", ua); } + +TEST(HttpUtils, HasFrameBustingHeader) { + // Simple negative cases. + EXPECT_FALSE(http_utils::HasFrameBustingHeader("")); + EXPECT_FALSE(http_utils::HasFrameBustingHeader("Content-Type: text/plain")); + // Explicit negative cases, test that we ignore case. + EXPECT_FALSE(http_utils::HasFrameBustingHeader("X-Frame-Options: ALLOWALL")); + EXPECT_FALSE(http_utils::HasFrameBustingHeader("X-Frame-Options: allowall")); + EXPECT_FALSE(http_utils::HasFrameBustingHeader("X-Frame-Options: ALLowalL")); + // Added space, ensure stripped out + EXPECT_FALSE(http_utils::HasFrameBustingHeader( + "X-Frame-Options: ALLOWALL ")); + // Added space with linefeed, ensure still stripped out + EXPECT_FALSE(http_utils::HasFrameBustingHeader( + "X-Frame-Options: ALLOWALL \r\n")); + // Multiple identical headers, all of them allowing framing. + EXPECT_FALSE(http_utils::HasFrameBustingHeader( + "X-Frame-Options: ALLOWALL\r\n" + "X-Frame-Options: ALLOWALL\r\n" + "X-Frame-Options: ALLOWALL")); + // Interleave with other headers. + EXPECT_FALSE(http_utils::HasFrameBustingHeader( + "Content-Type: text/plain\r\n" + "X-Frame-Options: ALLOWALL\r\n" + "Content-Length: 42")); + + // Simple positive cases. + EXPECT_TRUE(http_utils::HasFrameBustingHeader("X-Frame-Options: deny")); + EXPECT_TRUE(http_utils::HasFrameBustingHeader( + "X-Frame-Options: SAMEorigin")); + + // Allowall entries do not override the denying entries, are + // order-independent, and the deny entries can interleave with + // other headers. + EXPECT_TRUE(http_utils::HasFrameBustingHeader( + "Content-Length: 42\r\n" + "X-Frame-Options: ALLOWall\r\n" + "X-Frame-Options: deny\r\n")); + EXPECT_TRUE(http_utils::HasFrameBustingHeader( + "X-Frame-Options: ALLOWall\r\n" + "Content-Length: 42\r\n" + "X-Frame-Options: SAMEORIGIN\r\n")); + EXPECT_TRUE(http_utils::HasFrameBustingHeader( + "X-Frame-Options: deny\r\n" + "X-Frame-Options: ALLOWall\r\n" + "Content-Length: 42\r\n")); + EXPECT_TRUE(http_utils::HasFrameBustingHeader( + "X-Frame-Options: SAMEORIGIN\r\n" + "X-Frame-Options: ALLOWall\r\n")); +} + + |