diff options
| author | darin@chromium.org <darin@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2008-11-20 08:14:39 +0000 |
|---|---|---|
| committer | darin@chromium.org <darin@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2008-11-20 08:14:39 +0000 |
| commit | cd5b9a73feb4a4178973ccd571b277fcdd83e590 (patch) | |
| tree | 56dee2f3bc2065f4f44b39d3f8dbc25c568a2dde /net/http/http_response_headers_unittest.cc | |
| parent | 5103a768ef9ba423590b7417baa3f1bda6daa829 (diff) | |
| download | chromium_src-cd5b9a73feb4a4178973ccd571b277fcdd83e590.zip chromium_src-cd5b9a73feb4a4178973ccd571b277fcdd83e590.tar.gz chromium_src-cd5b9a73feb4a4178973ccd571b277fcdd83e590.tar.bz2 | |
Add a flags to further control response header persistence. We use this to
filter out Set-Cookie and Set-Cookie2 response headers from being forwarded to
the renderer. This serves to prevent the renderer from having any access to
HttpOnly cookies, and it also prevents XMLHttpRequest consumers from being able
to read cookies in the HTTP response headers. This is consistent with changes
made to Firefox and WebKit.
Patch by marius.schilder@gmail.com
R=deanm,darin
Review URL: http://codereview.chromium.org/11264
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@5767 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/http/http_response_headers_unittest.cc')
| -rw-r--r-- | net/http/http_response_headers_unittest.cc | 51 |
1 files changed, 38 insertions, 13 deletions
diff --git a/net/http/http_response_headers_unittest.cc b/net/http/http_response_headers_unittest.cc index fa5cbaa..79064b6 100644 --- a/net/http/http_response_headers_unittest.cc +++ b/net/http/http_response_headers_unittest.cc @@ -290,24 +290,29 @@ TEST(HttpResponseHeadersTest, GetNormalizedHeader) { TEST(HttpResponseHeadersTest, Persist) { const struct { + net::HttpResponseHeaders::PersistOptions options; const char* raw_headers; const char* expected_headers; } tests[] = { - { "HTTP/1.1 200 OK\n" + { net::HttpResponseHeaders::PERSIST_ALL, + "HTTP/1.1 200 OK\n" "Cache-control:private\n" "cache-Control:no-store\n", "HTTP/1.1 200 OK\n" "Cache-control: private, no-store\n" }, - { "HTTP/1.1 200 OK\n" + { net::HttpResponseHeaders::PERSIST_SANS_HOP_BY_HOP, + "HTTP/1.1 200 OK\n" "connection: keep-alive\n" "server: blah\n", "HTTP/1.1 200 OK\n" "server: blah\n" }, - { "HTTP/1.1 200 OK\n" + { net::HttpResponseHeaders::PERSIST_SANS_NON_CACHEABLE | + net::HttpResponseHeaders::PERSIST_SANS_HOP_BY_HOP, + "HTTP/1.1 200 OK\n" "fOo: 1\n" "Foo: 2\n" "Transfer-Encoding: chunked\n" @@ -317,7 +322,8 @@ TEST(HttpResponseHeadersTest, Persist) { "HTTP/1.1 200 OK\n" "cache-control: private, no-cache=\"foo\"\n" }, - { "HTTP/1.1 200 OK\n" + { net::HttpResponseHeaders::PERSIST_SANS_NON_CACHEABLE, + "HTTP/1.1 200 OK\n" "Foo: 2\n" "Cache-Control: private,no-cache=\"foo, bar\"\n" "bar", @@ -326,7 +332,8 @@ TEST(HttpResponseHeadersTest, Persist) { "Cache-Control: private,no-cache=\"foo, bar\"\n" }, // ignore bogus no-cache value - { "HTTP/1.1 200 OK\n" + { net::HttpResponseHeaders::PERSIST_SANS_NON_CACHEABLE, + "HTTP/1.1 200 OK\n" "Foo: 2\n" "Cache-Control: private,no-cache=foo\n", @@ -335,7 +342,8 @@ TEST(HttpResponseHeadersTest, Persist) { "Cache-Control: private,no-cache=foo\n" }, // ignore bogus no-cache value - { "HTTP/1.1 200 OK\n" + { net::HttpResponseHeaders::PERSIST_SANS_NON_CACHEABLE, + "HTTP/1.1 200 OK\n" "Foo: 2\n" "Cache-Control: private, no-cache=\n", @@ -344,7 +352,8 @@ TEST(HttpResponseHeadersTest, Persist) { "Cache-Control: private, no-cache=\n" }, // ignore empty no-cache value - { "HTTP/1.1 200 OK\n" + { net::HttpResponseHeaders::PERSIST_SANS_NON_CACHEABLE, + "HTTP/1.1 200 OK\n" "Foo: 2\n" "Cache-Control: private, no-cache=\"\"\n", @@ -353,7 +362,8 @@ TEST(HttpResponseHeadersTest, Persist) { "Cache-Control: private, no-cache=\"\"\n" }, // ignore wrong quotes no-cache value - { "HTTP/1.1 200 OK\n" + { net::HttpResponseHeaders::PERSIST_SANS_NON_CACHEABLE, + "HTTP/1.1 200 OK\n" "Foo: 2\n" "Cache-Control: private, no-cache=\'foo\'\n", @@ -362,7 +372,8 @@ TEST(HttpResponseHeadersTest, Persist) { "Cache-Control: private, no-cache=\'foo\'\n" }, // ignore unterminated quotes no-cache value - { "HTTP/1.1 200 OK\n" + { net::HttpResponseHeaders::PERSIST_SANS_NON_CACHEABLE, + "HTTP/1.1 200 OK\n" "Foo: 2\n" "Cache-Control: private, no-cache=\"foo\n", @@ -371,7 +382,8 @@ TEST(HttpResponseHeadersTest, Persist) { "Cache-Control: private, no-cache=\"foo\n" }, // accept sloppy LWS - { "HTTP/1.1 200 OK\n" + { net::HttpResponseHeaders::PERSIST_SANS_NON_CACHEABLE, + "HTTP/1.1 200 OK\n" "Foo: 2\n" "Cache-Control: private, no-cache=\" foo\t, bar\"\n", @@ -379,7 +391,8 @@ TEST(HttpResponseHeadersTest, Persist) { "Cache-Control: private, no-cache=\" foo\t, bar\"\n" }, // header name appears twice, separated by another header - { "HTTP/1.1 200 OK\n" + { net::HttpResponseHeaders::PERSIST_ALL, + "HTTP/1.1 200 OK\n" "Foo: 1\n" "Bar: 2\n" "Foo: 3\n", @@ -389,7 +402,8 @@ TEST(HttpResponseHeadersTest, Persist) { "Bar: 2\n" }, // header name appears twice, separated by another header (type 2) - { "HTTP/1.1 200 OK\n" + { net::HttpResponseHeaders::PERSIST_ALL, + "HTTP/1.1 200 OK\n" "Foo: 1, 3\n" "Bar: 2\n" "Foo: 4\n", @@ -398,6 +412,17 @@ TEST(HttpResponseHeadersTest, Persist) { "Foo: 1, 3, 4\n" "Bar: 2\n" }, + // Test filtering of cookie headers. + { net::HttpResponseHeaders::PERSIST_SANS_COOKIES, + "HTTP/1.1 200 OK\n" + "Set-Cookie: foo=bar; httponly\n" + "Set-Cookie: bar=foo\n" + "Bar: 1\n" + "Set-Cookie2: bar2=foo2\n", + + "HTTP/1.1 200 OK\n" + "Bar: 1\n" + }, }; for (size_t i = 0; i < ARRAYSIZE_UNSAFE(tests); ++i) { @@ -407,7 +432,7 @@ TEST(HttpResponseHeadersTest, Persist) { new HttpResponseHeaders(headers); Pickle pickle; - parsed1->Persist(&pickle, true); + parsed1->Persist(&pickle, tests[i].options); void* iter = NULL; scoped_refptr<HttpResponseHeaders> parsed2 = |