// Copyright (c) 2012 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "base/command_line.h" #include "base/strings/stringprintf.h" #include "content/browser/frame_host/frame_tree.h" #include "content/browser/renderer_host/render_view_host_impl.h" #include "content/browser/web_contents/web_contents_impl.h" #include "content/public/browser/notification_observer.h" #include "content/public/browser/notification_service.h" #include "content/public/browser/notification_types.h" #include "content/public/browser/web_contents_observer.h" #include "content/public/common/content_switches.h" #include "content/public/test/browser_test_utils.h" #include "content/public/test/content_browser_test.h" #include "content/public/test/content_browser_test_utils.h" #include "content/public/test/test_utils.h" #include "content/shell/browser/shell.h" #include "content/test/content_browser_test_utils_internal.h" #include "net/dns/mock_host_resolver.h" #include "url/gurl.h" namespace content { class SitePerProcessWebContentsObserver: public WebContentsObserver { public: explicit SitePerProcessWebContentsObserver(WebContents* web_contents) : WebContentsObserver(web_contents), navigation_succeeded_(false) {} virtual ~SitePerProcessWebContentsObserver() {} virtual void DidStartProvisionalLoadForFrame( int64 frame_id, int64 parent_frame_id, bool is_main_frame, const GURL& validated_url, bool is_error_page, bool is_iframe_srcdoc, RenderViewHost* render_view_host) OVERRIDE { navigation_succeeded_ = false; } virtual void DidFailProvisionalLoad( int64 frame_id, const base::string16& frame_unique_name, bool is_main_frame, const GURL& validated_url, int error_code, const base::string16& error_description, RenderViewHost* render_view_host) OVERRIDE { navigation_url_ = validated_url; navigation_succeeded_ = false; } virtual void DidCommitProvisionalLoadForFrame( int64 frame_id, const base::string16& frame_unique_name, bool is_main_frame, const GURL& url, PageTransition transition_type, RenderViewHost* render_view_host) OVERRIDE{ navigation_url_ = url; navigation_succeeded_ = true; } const GURL& navigation_url() const { return navigation_url_; } int navigation_succeeded() const { return navigation_succeeded_; } private: GURL navigation_url_; bool navigation_succeeded_; DISALLOW_COPY_AND_ASSIGN(SitePerProcessWebContentsObserver); }; class RedirectNotificationObserver : public NotificationObserver { public: // Register to listen for notifications of the given type from either a // specific source, or from all sources if |source| is // NotificationService::AllSources(). RedirectNotificationObserver(int notification_type, const NotificationSource& source); virtual ~RedirectNotificationObserver(); // Wait until the specified notification occurs. If the notification was // emitted between the construction of this object and this call then it // returns immediately. void Wait(); // Returns NotificationService::AllSources() if we haven't observed a // notification yet. const NotificationSource& source() const { return source_; } const NotificationDetails& details() const { return details_; } // NotificationObserver: virtual void Observe(int type, const NotificationSource& source, const NotificationDetails& details) OVERRIDE; private: bool seen_; bool seen_twice_; bool running_; NotificationRegistrar registrar_; NotificationSource source_; NotificationDetails details_; scoped_refptr message_loop_runner_; DISALLOW_COPY_AND_ASSIGN(RedirectNotificationObserver); }; RedirectNotificationObserver::RedirectNotificationObserver( int notification_type, const NotificationSource& source) : seen_(false), running_(false), source_(NotificationService::AllSources()) { registrar_.Add(this, notification_type, source); } RedirectNotificationObserver::~RedirectNotificationObserver() {} void RedirectNotificationObserver::Wait() { if (seen_ && seen_twice_) return; running_ = true; message_loop_runner_ = new MessageLoopRunner; message_loop_runner_->Run(); EXPECT_TRUE(seen_); } void RedirectNotificationObserver::Observe( int type, const NotificationSource& source, const NotificationDetails& details) { source_ = source; details_ = details; seen_twice_ = seen_; seen_ = true; if (!running_) return; message_loop_runner_->Quit(); running_ = false; } class SitePerProcessBrowserTest : public ContentBrowserTest { public: SitePerProcessBrowserTest() {} protected: // Start at a data URL so each extra navigation creates a navigation entry. // (The first navigation will silently be classified as AUTO_SUBFRAME.) // TODO(creis): This won't be necessary when we can wait for LOAD_STOP. void StartFrameAtDataURL() { std::string data_url_script = "var iframes = document.getElementById('test');iframes.src=" "'data:text/html,dataurl';"; ASSERT_TRUE(ExecuteScript(shell()->web_contents(), data_url_script)); } bool NavigateIframeToURL(Shell* window, const GURL& url, std::string iframe_id) { // TODO(creis): This should wait for LOAD_STOP, but cross-site subframe // navigations generate extra DidStartLoading and DidStopLoading messages. // Until we replace swappedout:// with frame proxies, we need to listen for // something else. For now, we trigger NEW_SUBFRAME navigations and listen // for commit. std::string script = base::StringPrintf( "setTimeout(\"" "var iframes = document.getElementById('%s');iframes.src='%s';" "\",0)", iframe_id.c_str(), url.spec().c_str()); WindowedNotificationObserver load_observer( NOTIFICATION_NAV_ENTRY_COMMITTED, Source( &window->web_contents()->GetController())); bool result = ExecuteScript(window->web_contents(), script); load_observer.Wait(); return result; } virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { command_line->AppendSwitch(switches::kSitePerProcess); } }; // Ensure that we can complete a cross-process subframe navigation. IN_PROC_BROWSER_TEST_F(SitePerProcessBrowserTest, CrossSiteIframe) { host_resolver()->AddRule("*", "127.0.0.1"); ASSERT_TRUE(test_server()->Start()); GURL main_url(test_server()->GetURL("files/site_per_process_main.html")); NavigateToURL(shell(), main_url); // It is safe to obtain the root frame tree node here, as it doesn't change. FrameTreeNode* root = static_cast(shell()->web_contents())-> GetFrameTree()->root(); SitePerProcessWebContentsObserver observer(shell()->web_contents()); // Load same-site page into iframe. GURL http_url(test_server()->GetURL("files/title1.html")); NavigateFrameToURL(root->child_at(0), http_url); EXPECT_EQ(http_url, observer.navigation_url()); EXPECT_TRUE(observer.navigation_succeeded()); // These must stay in scope with replace_host. GURL::Replacements replace_host; std::string foo_com("foo.com"); // Load cross-site page into iframe. GURL cross_site_url(test_server()->GetURL("files/title2.html")); replace_host.SetHostStr(foo_com); cross_site_url = cross_site_url.ReplaceComponents(replace_host); NavigateFrameToURL(root->child_at(0), cross_site_url); EXPECT_EQ(cross_site_url, observer.navigation_url()); EXPECT_TRUE(observer.navigation_succeeded()); // Ensure that we have created a new process for the subframe. ASSERT_EQ(1U, root->child_count()); FrameTreeNode* child = root->child_at(0); SiteInstance* site_instance = child->current_frame_host()->GetSiteInstance(); RenderViewHost* rvh = child->current_frame_host()->render_view_host(); RenderProcessHost* rph = child->current_frame_host()->GetProcess(); EXPECT_NE(shell()->web_contents()->GetRenderViewHost(), rvh); EXPECT_NE(shell()->web_contents()->GetSiteInstance(), site_instance); EXPECT_NE(shell()->web_contents()->GetRenderProcessHost(), rph); // Load another cross-site page into the same iframe. cross_site_url = test_server()->GetURL("files/title3.html"); std::string bar_com("bar.com"); replace_host.SetHostStr(bar_com); cross_site_url = cross_site_url.ReplaceComponents(replace_host); NavigateFrameToURL(root->child_at(0), cross_site_url); EXPECT_EQ(cross_site_url, observer.navigation_url()); EXPECT_TRUE(observer.navigation_succeeded()); // Check again that a new process is created and is different from the // top level one and the previous one. ASSERT_EQ(1U, root->child_count()); child = root->child_at(0); EXPECT_NE(shell()->web_contents()->GetRenderViewHost(), child->current_frame_host()->render_view_host()); EXPECT_NE(rvh, child->current_frame_host()->render_view_host()); EXPECT_NE(shell()->web_contents()->GetSiteInstance(), child->current_frame_host()->GetSiteInstance()); EXPECT_NE(site_instance, child->current_frame_host()->GetSiteInstance()); EXPECT_NE(shell()->web_contents()->GetRenderProcessHost(), child->current_frame_host()->GetProcess()); EXPECT_NE(rph, child->current_frame_host()->GetProcess()); } // Crash a subframe and ensures its children are cleared from the FrameTree. // See http://crbug.com/338508. // TODO(creis): Enable this on Android when we can kill the process there. #if defined(OS_ANDROID) #define MAYBE_CrashSubframe DISABLED_CrashSubframe #else #define MAYBE_CrashSubframe CrashSubframe #endif IN_PROC_BROWSER_TEST_F(SitePerProcessBrowserTest, MAYBE_CrashSubframe) { host_resolver()->AddRule("*", "127.0.0.1"); ASSERT_TRUE(test_server()->Start()); GURL main_url(test_server()->GetURL("files/site_per_process_main.html")); NavigateToURL(shell(), main_url); StartFrameAtDataURL(); // These must stay in scope with replace_host. GURL::Replacements replace_host; std::string foo_com("foo.com"); // Load cross-site page into iframe. GURL cross_site_url(test_server()->GetURL("files/title2.html")); replace_host.SetHostStr(foo_com); cross_site_url = cross_site_url.ReplaceComponents(replace_host); EXPECT_TRUE(NavigateIframeToURL(shell(), cross_site_url, "test")); // Check the subframe process. FrameTreeNode* root = static_cast(shell()->web_contents())-> GetFrameTree()->root(); ASSERT_EQ(1U, root->child_count()); FrameTreeNode* child = root->child_at(0); EXPECT_EQ(main_url, root->current_url()); EXPECT_EQ(cross_site_url, child->current_url()); // Crash the subframe process. RenderProcessHost* root_process = root->current_frame_host()->GetProcess(); RenderProcessHost* child_process = child->current_frame_host()->GetProcess(); { RenderProcessHostWatcher crash_observer( child_process, RenderProcessHostWatcher::WATCH_FOR_PROCESS_EXIT); base::KillProcess(child_process->GetHandle(), 0, false); crash_observer.Wait(); } // Ensure that the child frame still exists but has been cleared. EXPECT_EQ(1U, root->child_count()); EXPECT_EQ(main_url, root->current_url()); EXPECT_EQ(GURL(), child->current_url()); // Now crash the top-level page to clear the child frame. { RenderProcessHostWatcher crash_observer( root_process, RenderProcessHostWatcher::WATCH_FOR_PROCESS_EXIT); base::KillProcess(root_process->GetHandle(), 0, false); crash_observer.Wait(); } EXPECT_EQ(0U, root->child_count()); EXPECT_EQ(GURL(), root->current_url()); } // TODO(nasko): Disable this test until out-of-process iframes is ready and the // security checks are back in place. // TODO(creis): Replace SpawnedTestServer with host_resolver to get test to run // on Android (http://crbug.com/187570). IN_PROC_BROWSER_TEST_F(SitePerProcessBrowserTest, DISABLED_CrossSiteIframeRedirectOnce) { ASSERT_TRUE(test_server()->Start()); net::SpawnedTestServer https_server( net::SpawnedTestServer::TYPE_HTTPS, net::SpawnedTestServer::kLocalhost, base::FilePath(FILE_PATH_LITERAL("content/test/data"))); ASSERT_TRUE(https_server.Start()); GURL main_url(test_server()->GetURL("files/site_per_process_main.html")); GURL http_url(test_server()->GetURL("files/title1.html")); GURL https_url(https_server.GetURL("files/title1.html")); NavigateToURL(shell(), main_url); SitePerProcessWebContentsObserver observer(shell()->web_contents()); { // Load cross-site client-redirect page into Iframe. // Should be blocked. GURL client_redirect_https_url(https_server.GetURL( "client-redirect?files/title1.html")); EXPECT_TRUE(NavigateIframeToURL(shell(), client_redirect_https_url, "test")); // DidFailProvisionalLoad when navigating to client_redirect_https_url. EXPECT_EQ(observer.navigation_url(), client_redirect_https_url); EXPECT_FALSE(observer.navigation_succeeded()); } { // Load cross-site server-redirect page into Iframe, // which redirects to same-site page. GURL server_redirect_http_url(https_server.GetURL( "server-redirect?" + http_url.spec())); EXPECT_TRUE(NavigateIframeToURL(shell(), server_redirect_http_url, "test")); EXPECT_EQ(observer.navigation_url(), http_url); EXPECT_TRUE(observer.navigation_succeeded()); } { // Load cross-site server-redirect page into Iframe, // which redirects to cross-site page. GURL server_redirect_http_url(https_server.GetURL( "server-redirect?files/title1.html")); EXPECT_TRUE(NavigateIframeToURL(shell(), server_redirect_http_url, "test")); // DidFailProvisionalLoad when navigating to https_url. EXPECT_EQ(observer.navigation_url(), https_url); EXPECT_FALSE(observer.navigation_succeeded()); } { // Load same-site server-redirect page into Iframe, // which redirects to cross-site page. GURL server_redirect_http_url(test_server()->GetURL( "server-redirect?" + https_url.spec())); EXPECT_TRUE(NavigateIframeToURL(shell(), server_redirect_http_url, "test")); EXPECT_EQ(observer.navigation_url(), https_url); EXPECT_FALSE(observer.navigation_succeeded()); } { // Load same-site client-redirect page into Iframe, // which redirects to cross-site page. GURL client_redirect_http_url(test_server()->GetURL( "client-redirect?" + https_url.spec())); RedirectNotificationObserver load_observer2( NOTIFICATION_LOAD_STOP, Source( &shell()->web_contents()->GetController())); EXPECT_TRUE(NavigateIframeToURL(shell(), client_redirect_http_url, "test")); // Same-site Client-Redirect Page should be loaded successfully. EXPECT_EQ(observer.navigation_url(), client_redirect_http_url); EXPECT_TRUE(observer.navigation_succeeded()); // Redirecting to Cross-site Page should be blocked. load_observer2.Wait(); EXPECT_EQ(observer.navigation_url(), https_url); EXPECT_FALSE(observer.navigation_succeeded()); } { // Load same-site server-redirect page into Iframe, // which redirects to same-site page. GURL server_redirect_http_url(test_server()->GetURL( "server-redirect?files/title1.html")); EXPECT_TRUE(NavigateIframeToURL(shell(), server_redirect_http_url, "test")); EXPECT_EQ(observer.navigation_url(), http_url); EXPECT_TRUE(observer.navigation_succeeded()); } { // Load same-site client-redirect page into Iframe, // which redirects to same-site page. GURL client_redirect_http_url(test_server()->GetURL( "client-redirect?" + http_url.spec())); RedirectNotificationObserver load_observer2( NOTIFICATION_LOAD_STOP, Source( &shell()->web_contents()->GetController())); EXPECT_TRUE(NavigateIframeToURL(shell(), client_redirect_http_url, "test")); // Same-site Client-Redirect Page should be loaded successfully. EXPECT_EQ(observer.navigation_url(), client_redirect_http_url); EXPECT_TRUE(observer.navigation_succeeded()); // Redirecting to Same-site Page should be loaded successfully. load_observer2.Wait(); EXPECT_EQ(observer.navigation_url(), http_url); EXPECT_TRUE(observer.navigation_succeeded()); } } // TODO(nasko): Disable this test until out-of-process iframes is ready and the // security checks are back in place. // TODO(creis): Replace SpawnedTestServer with host_resolver to get test to run // on Android (http://crbug.com/187570). IN_PROC_BROWSER_TEST_F(SitePerProcessBrowserTest, DISABLED_CrossSiteIframeRedirectTwice) { ASSERT_TRUE(test_server()->Start()); net::SpawnedTestServer https_server( net::SpawnedTestServer::TYPE_HTTPS, net::SpawnedTestServer::kLocalhost, base::FilePath(FILE_PATH_LITERAL("content/test/data"))); ASSERT_TRUE(https_server.Start()); GURL main_url(test_server()->GetURL("files/site_per_process_main.html")); GURL http_url(test_server()->GetURL("files/title1.html")); GURL https_url(https_server.GetURL("files/title1.html")); NavigateToURL(shell(), main_url); SitePerProcessWebContentsObserver observer(shell()->web_contents()); { // Load client-redirect page pointing to a cross-site client-redirect page, // which eventually redirects back to same-site page. GURL client_redirect_https_url(https_server.GetURL( "client-redirect?" + http_url.spec())); GURL client_redirect_http_url(test_server()->GetURL( "client-redirect?" + client_redirect_https_url.spec())); // We should wait until second client redirect get cancelled. RedirectNotificationObserver load_observer2( NOTIFICATION_LOAD_STOP, Source( &shell()->web_contents()->GetController())); EXPECT_TRUE(NavigateIframeToURL(shell(), client_redirect_http_url, "test")); // DidFailProvisionalLoad when navigating to client_redirect_https_url. load_observer2.Wait(); EXPECT_EQ(observer.navigation_url(), client_redirect_https_url); EXPECT_FALSE(observer.navigation_succeeded()); } { // Load server-redirect page pointing to a cross-site server-redirect page, // which eventually redirect back to same-site page. GURL server_redirect_https_url(https_server.GetURL( "server-redirect?" + http_url.spec())); GURL server_redirect_http_url(test_server()->GetURL( "server-redirect?" + server_redirect_https_url.spec())); EXPECT_TRUE(NavigateIframeToURL(shell(), server_redirect_http_url, "test")); EXPECT_EQ(observer.navigation_url(), http_url); EXPECT_TRUE(observer.navigation_succeeded()); } { // Load server-redirect page pointing to a cross-site server-redirect page, // which eventually redirects back to cross-site page. GURL server_redirect_https_url(https_server.GetURL( "server-redirect?" + https_url.spec())); GURL server_redirect_http_url(test_server()->GetURL( "server-redirect?" + server_redirect_https_url.spec())); EXPECT_TRUE(NavigateIframeToURL(shell(), server_redirect_http_url, "test")); // DidFailProvisionalLoad when navigating to https_url. EXPECT_EQ(observer.navigation_url(), https_url); EXPECT_FALSE(observer.navigation_succeeded()); } { // Load server-redirect page pointing to a cross-site client-redirect page, // which eventually redirects back to same-site page. GURL client_redirect_http_url(https_server.GetURL( "client-redirect?" + http_url.spec())); GURL server_redirect_http_url(test_server()->GetURL( "server-redirect?" + client_redirect_http_url.spec())); EXPECT_TRUE(NavigateIframeToURL(shell(), server_redirect_http_url, "test")); // DidFailProvisionalLoad when navigating to client_redirect_http_url. EXPECT_EQ(observer.navigation_url(), client_redirect_http_url); EXPECT_FALSE(observer.navigation_succeeded()); } } } // namespace content