1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "base/auto_reset.h" 6 #include "base/command_line.h" 7 #include "base/message_loop/message_loop.h" 8 #include "base/prefs/pref_service.h" 9 #include "chrome/browser/content_settings/cookie_settings.h" 10 #include "chrome/common/chrome_switches.h" 11 #include "chrome/common/content_settings_pattern.h" 12 #include "chrome/common/pref_names.h" 13 #include "chrome/test/base/testing_profile.h" 14 #include "content/public/test/test_browser_thread.h" 15 #include "net/base/static_cookie_policy.h" 16 #include "testing/gtest/include/gtest/gtest.h" 17 #include "url/gurl.h" 18 19 using content::BrowserThread; 20 21 namespace { 22 23 class CookieSettingsTest : public testing::Test { 24 public: 25 CookieSettingsTest() 26 : ui_thread_(BrowserThread::UI, &message_loop_), 27 cookie_settings_(CookieSettings::Factory::GetForProfile(&profile_) 28 .get()), 29 kBlockedSite("http://ads.thirdparty.com"), 30 kAllowedSite("http://good.allays.com"), 31 kFirstPartySite("http://cool.things.com"), 32 kBlockedFirstPartySite("http://no.thirdparties.com"), 33 kExtensionURL("chrome-extension://deadbeef"), 34 kHttpsSite("https://example.com"), 35 kAllHttpsSitesPattern(ContentSettingsPattern::FromString("https://*")) { 36 } 37 38 protected: 39 base::MessageLoop message_loop_; 40 content::TestBrowserThread ui_thread_; 41 TestingProfile profile_; 42 CookieSettings* cookie_settings_; 43 const GURL kBlockedSite; 44 const GURL kAllowedSite; 45 const GURL kFirstPartySite; 46 const GURL kBlockedFirstPartySite; 47 const GURL kExtensionURL; 48 const GURL kHttpsSite; 49 ContentSettingsPattern kAllHttpsSitesPattern; 50 }; 51 52 TEST_F(CookieSettingsTest, CookiesBlockSingle) { 53 cookie_settings_->SetCookieSetting( 54 ContentSettingsPattern::FromURL(kBlockedSite), 55 ContentSettingsPattern::Wildcard(), 56 CONTENT_SETTING_BLOCK); 57 EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed( 58 kBlockedSite, kBlockedSite)); 59 } 60 61 TEST_F(CookieSettingsTest, CookiesBlockThirdParty) { 62 profile_.GetPrefs()->SetBoolean(prefs::kBlockThirdPartyCookies, true); 63 EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed( 64 kBlockedSite, kFirstPartySite)); 65 EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kBlockedSite)); 66 EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed( 67 kBlockedSite, kFirstPartySite)); 68 69 CommandLine* cmd = CommandLine::ForCurrentProcess(); 70 base::AutoReset<CommandLine> auto_reset(cmd, *cmd); 71 cmd->AppendSwitch(switches::kOnlyBlockSettingThirdPartyCookies); 72 73 EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed( 74 kBlockedSite, kFirstPartySite)); 75 EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed( 76 kBlockedSite, kFirstPartySite)); 77 } 78 79 TEST_F(CookieSettingsTest, CookiesAllowThirdParty) { 80 EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed( 81 kBlockedSite, kFirstPartySite)); 82 EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed( 83 kBlockedSite, kFirstPartySite)); 84 EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kBlockedSite)); 85 } 86 87 TEST_F(CookieSettingsTest, CookiesExplicitBlockSingleThirdParty) { 88 cookie_settings_->SetCookieSetting( 89 ContentSettingsPattern::FromURL(kBlockedSite), 90 ContentSettingsPattern::Wildcard(), 91 CONTENT_SETTING_BLOCK); 92 EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed( 93 kBlockedSite, kFirstPartySite)); 94 EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed( 95 kBlockedSite, kFirstPartySite)); 96 EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed( 97 kAllowedSite, kFirstPartySite)); 98 } 99 100 TEST_F(CookieSettingsTest, CookiesExplicitSessionOnly) { 101 cookie_settings_->SetCookieSetting( 102 ContentSettingsPattern::FromURL(kBlockedSite), 103 ContentSettingsPattern::Wildcard(), 104 CONTENT_SETTING_SESSION_ONLY); 105 EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed( 106 kBlockedSite, kFirstPartySite)); 107 EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed( 108 kBlockedSite, kFirstPartySite)); 109 EXPECT_TRUE(cookie_settings_->IsCookieSessionOnly(kBlockedSite)); 110 111 profile_.GetPrefs()->SetBoolean(prefs::kBlockThirdPartyCookies, true); 112 EXPECT_TRUE(cookie_settings_-> 113 IsReadingCookieAllowed(kBlockedSite, kFirstPartySite)); 114 EXPECT_TRUE(cookie_settings_-> 115 IsSettingCookieAllowed(kBlockedSite, kFirstPartySite)); 116 EXPECT_TRUE(cookie_settings_->IsCookieSessionOnly(kBlockedSite)); 117 } 118 119 TEST_F(CookieSettingsTest, CookiesThirdPartyBlockedExplicitAllow) { 120 cookie_settings_->SetCookieSetting( 121 ContentSettingsPattern::FromURL(kAllowedSite), 122 ContentSettingsPattern::Wildcard(), 123 CONTENT_SETTING_ALLOW); 124 profile_.GetPrefs()->SetBoolean(prefs::kBlockThirdPartyCookies, true); 125 EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed( 126 kAllowedSite, kFirstPartySite)); 127 EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed( 128 kAllowedSite, kFirstPartySite)); 129 EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kAllowedSite)); 130 131 // Extensions should always be allowed to use cookies. 132 EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed( 133 kAllowedSite, kExtensionURL)); 134 EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed( 135 kAllowedSite, kExtensionURL)); 136 137 // Extensions should always be allowed to use cookies. 138 EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed( 139 kAllowedSite, kExtensionURL)); 140 EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed( 141 kAllowedSite, kExtensionURL)); 142 } 143 144 TEST_F(CookieSettingsTest, CookiesThirdPartyBlockedAllSitesAllowed) { 145 cookie_settings_->SetCookieSetting( 146 ContentSettingsPattern::FromURL(kAllowedSite), 147 ContentSettingsPattern::Wildcard(), 148 CONTENT_SETTING_ALLOW); 149 profile_.GetPrefs()->SetBoolean(prefs::kBlockThirdPartyCookies, true); 150 // As an example for a pattern that matches all hosts but not all origins, 151 // match all HTTPS sites. 152 cookie_settings_->SetCookieSetting( 153 kAllHttpsSitesPattern, 154 ContentSettingsPattern::Wildcard(), 155 CONTENT_SETTING_ALLOW); 156 cookie_settings_->SetDefaultCookieSetting(CONTENT_SETTING_SESSION_ONLY); 157 158 // |kAllowedSite| should be allowed. 159 EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed( 160 kAllowedSite, kBlockedSite)); 161 EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed( 162 kAllowedSite, kBlockedSite)); 163 EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kAllowedSite)); 164 165 // HTTPS sites should be allowed in a first-party context. 166 EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed( 167 kHttpsSite, kHttpsSite)); 168 EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed( 169 kHttpsSite, kHttpsSite)); 170 EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kAllowedSite)); 171 172 // HTTP sites should be allowed, but session-only. 173 EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed( 174 kFirstPartySite, kFirstPartySite)); 175 EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed( 176 kFirstPartySite, kFirstPartySite)); 177 EXPECT_TRUE(cookie_settings_->IsCookieSessionOnly(kFirstPartySite)); 178 179 // Third-party cookies should be blocked. 180 EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed( 181 kFirstPartySite, kBlockedSite)); 182 EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed( 183 kFirstPartySite, kBlockedSite)); 184 EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed( 185 kHttpsSite, kBlockedSite)); 186 EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed( 187 kHttpsSite, kBlockedSite)); 188 } 189 190 TEST_F(CookieSettingsTest, CookiesBlockEverything) { 191 cookie_settings_->SetDefaultCookieSetting(CONTENT_SETTING_BLOCK); 192 193 EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed( 194 kFirstPartySite, kFirstPartySite)); 195 EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed( 196 kFirstPartySite, kFirstPartySite)); 197 EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed( 198 kAllowedSite, kFirstPartySite)); 199 } 200 201 TEST_F(CookieSettingsTest, CookiesBlockEverythingExceptAllowed) { 202 cookie_settings_->SetDefaultCookieSetting(CONTENT_SETTING_BLOCK); 203 cookie_settings_->SetCookieSetting( 204 ContentSettingsPattern::FromURL(kAllowedSite), 205 ContentSettingsPattern::Wildcard(), 206 CONTENT_SETTING_ALLOW); 207 EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed( 208 kFirstPartySite, kFirstPartySite)); 209 EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed( 210 kFirstPartySite, kFirstPartySite)); 211 EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed( 212 kAllowedSite, kFirstPartySite)); 213 EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed( 214 kAllowedSite, kFirstPartySite)); 215 EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed( 216 kAllowedSite, kAllowedSite)); 217 EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed( 218 kAllowedSite, kAllowedSite)); 219 EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kAllowedSite)); 220 } 221 222 TEST_F(CookieSettingsTest, CookiesBlockSingleFirstParty) { 223 cookie_settings_->SetCookieSetting( 224 ContentSettingsPattern::FromURL(kAllowedSite), 225 ContentSettingsPattern::FromURL(kFirstPartySite), 226 CONTENT_SETTING_ALLOW); 227 cookie_settings_->SetCookieSetting( 228 ContentSettingsPattern::FromURL(kAllowedSite), 229 ContentSettingsPattern::FromURL(kBlockedFirstPartySite), 230 CONTENT_SETTING_BLOCK); 231 232 EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed( 233 kAllowedSite, kFirstPartySite)); 234 EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed( 235 kAllowedSite, kFirstPartySite)); 236 EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kAllowedSite)); 237 238 EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed( 239 kAllowedSite, kBlockedFirstPartySite)); 240 EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed( 241 kAllowedSite, kBlockedFirstPartySite)); 242 243 cookie_settings_->SetDefaultCookieSetting(CONTENT_SETTING_BLOCK); 244 245 EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed( 246 kAllowedSite, kFirstPartySite)); 247 EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed( 248 kAllowedSite, kFirstPartySite)); 249 EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kAllowedSite)); 250 251 EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed( 252 kAllowedSite, kBlockedFirstPartySite)); 253 EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed( 254 kAllowedSite, kBlockedFirstPartySite)); 255 256 cookie_settings_->ResetCookieSetting( 257 ContentSettingsPattern::FromURL(kAllowedSite), 258 ContentSettingsPattern::FromURL(kFirstPartySite)); 259 260 EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed( 261 kAllowedSite, kFirstPartySite)); 262 EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed( 263 kAllowedSite, kFirstPartySite)); 264 } 265 266 TEST_F(CookieSettingsTest, ExtensionsRegularSettings) { 267 cookie_settings_->SetCookieSetting( 268 ContentSettingsPattern::FromURL(kBlockedSite), 269 ContentSettingsPattern::Wildcard(), 270 CONTENT_SETTING_BLOCK); 271 272 // Regular cookie settings also apply to extensions. 273 EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed( 274 kBlockedSite, kExtensionURL)); 275 } 276 277 TEST_F(CookieSettingsTest, ExtensionsOwnCookies) { 278 cookie_settings_->SetDefaultCookieSetting(CONTENT_SETTING_BLOCK); 279 280 // Extensions can always use cookies (and site data) in their own origin. 281 EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed( 282 kExtensionURL, kExtensionURL)); 283 } 284 285 TEST_F(CookieSettingsTest, ExtensionsThirdParty) { 286 profile_.GetPrefs()->SetBoolean(prefs::kBlockThirdPartyCookies, true); 287 288 // XHRs stemming from extensions are exempt from third-party cookie blocking 289 // rules (as the first party is always the extension's security origin). 290 EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed( 291 kBlockedSite, kExtensionURL)); 292 } 293 294 } // namespace 295