chrome/common/secure_origin_whitelist_unittest.cc

   1 // Copyright 2015 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "base/command_line.h"
   6 #include "chrome/common/chrome_switches.h"
   7 #include "content/public/common/origin_util.h"
   8 #include "testing/gtest/include/gtest/gtest.h"
   9 #include "url/gurl.h"
  10
  11 using content::IsOriginSecure;
  12
  13 namespace chrome {
  14
  15 TEST(SecureOriginWhiteList, UnsafelyTreatInsecureOriginAsSecure) {
  16   EXPECT_FALSE(content::IsOriginSecure(GURL("http://example.com/a.html")));
  17   EXPECT_FALSE(
  18       content::IsOriginSecure(GURL("http://127.example.com/a.html")));
  19
  20   // Add http://example.com and http://127.example.com to whitelist by
  21   // command-line and see if they are now considered secure origins.
  22   // (The command line is applied via
  23   // ChromeContentClient::AddSecureSchemesAndOrigins)
  24   base::CommandLine* command_line = base::CommandLine::ForCurrentProcess();
  25   command_line->AppendSwitchASCII(
  26       switches::kUnsafelyTreatInsecureOriginAsSecure,
  27       "http://example.com,http://127.example.com");
  28   command_line->AppendSwitch(switches::kUserDataDir);
  29   content::ResetSchemesAndOriginsWhitelistForTesting();
  30
  31   // They should be now white-listed.
  32   EXPECT_TRUE(content::IsOriginSecure(GURL("http://example.com/a.html")));
  33   EXPECT_TRUE(content::IsOriginSecure(GURL("http://127.example.com/a.html")));
  34
  35   // Check that similarly named sites are not considered secure.
  36   EXPECT_FALSE(content::IsOriginSecure(GURL("http://128.example.com/a.html")));
  37   EXPECT_FALSE(content::IsOriginSecure(
  38       GURL("http://foobar.127.example.com/a.html")));
  39 }
  40
  41 }  // namespace chrome