1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "base/command_line.h" 6 #include "base/logging.h" 7 #include "chrome/browser/extensions/extension_apitest.h" 8 #include "chrome/browser/ui/browser.h" 9 #include "chrome/browser/ui/tabs/tab_strip_model.h" 10 #include "chrome/test/base/test_switches.h" 11 #include "chrome/test/base/ui_test_utils.h" 12 #include "content/public/browser/web_contents.h" 13 #include "content/public/test/browser_test_utils.h" 14 #include "extensions/common/switches.h" 15 #include "net/dns/mock_host_resolver.h" 16 #include "url/gurl.h" 17 18 class ExtensionResourceRequestPolicyTest : public ExtensionApiTest { 19 protected: 20 virtual void SetUp() OVERRIDE { 21 // TODO(danakj): The GPU Video Decoder needs real GL bindings. 22 // crbug.com/269087 23 UseRealGLBindings(); 24 25 ExtensionApiTest::SetUp(); 26 } 27 28 virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { 29 ExtensionApiTest::SetUpCommandLine(command_line); 30 command_line->AppendSwitch( 31 extensions::switches::kAllowLegacyExtensionManifests); 32 } 33 }; 34 35 // Note, this mostly tests the logic of chrome/renderer/extensions/ 36 // extension_resource_request_policy.*, but we have it as a browser test so that 37 // can make sure it works end-to-end. 38 IN_PROC_BROWSER_TEST_F(ExtensionResourceRequestPolicyTest, OriginPrivileges) { 39 #if defined(OS_WIN) && defined(USE_ASH) 40 // Disable this test in Metro+Ash for now (http://crbug.com/262796). 41 if (CommandLine::ForCurrentProcess()->HasSwitch(switches::kAshBrowserTests)) 42 return; 43 #endif 44 45 host_resolver()->AddRule("*", "127.0.0.1"); 46 ASSERT_TRUE(test_server()->Start()); 47 ASSERT_TRUE(LoadExtensionWithFlags(test_data_dir_ 48 .AppendASCII("extension_resource_request_policy") 49 .AppendASCII("extension"), 50 // Tests manifest_version 1 behavior, so warnings are expected. 51 ExtensionBrowserTest::kFlagIgnoreManifestWarnings)); 52 53 GURL web_resource( 54 test_server()->GetURL( 55 "files/extensions/api_test/extension_resource_request_policy/" 56 "index.html")); 57 58 std::string host_a("a.com"); 59 GURL::Replacements make_host_a_com; 60 make_host_a_com.SetHostStr(host_a); 61 62 std::string host_b("b.com"); 63 GURL::Replacements make_host_b_com; 64 make_host_b_com.SetHostStr(host_b); 65 66 // A web host that has permission. 67 ui_test_utils::NavigateToURL( 68 browser(), web_resource.ReplaceComponents(make_host_a_com)); 69 std::string result; 70 ASSERT_TRUE(content::ExecuteScriptAndExtractString( 71 browser()->tab_strip_model()->GetActiveWebContents(), 72 "window.domAutomationController.send(document.title)", 73 &result)); 74 EXPECT_EQ(result, "Loaded"); 75 76 // A web host that loads a non-existent extension. 77 GURL non_existent_extension( 78 test_server()->GetURL( 79 "files/extensions/api_test/extension_resource_request_policy/" 80 "non_existent_extension.html")); 81 ui_test_utils::NavigateToURL(browser(), non_existent_extension); 82 ASSERT_TRUE(content::ExecuteScriptAndExtractString( 83 browser()->tab_strip_model()->GetActiveWebContents(), 84 "window.domAutomationController.send(document.title)", 85 &result)); 86 EXPECT_EQ(result, "Image failed to load"); 87 88 // A data URL. Data URLs should always be able to load chrome-extension:// 89 // resources. 90 std::string file_source; 91 ASSERT_TRUE(file_util::ReadFileToString( 92 test_data_dir_.AppendASCII("extension_resource_request_policy") 93 .AppendASCII("index.html"), &file_source)); 94 ui_test_utils::NavigateToURL(browser(), 95 GURL(std::string("data:text/html;charset=utf-8,") + file_source)); 96 ASSERT_TRUE(content::ExecuteScriptAndExtractString( 97 browser()->tab_strip_model()->GetActiveWebContents(), 98 "window.domAutomationController.send(document.title)", 99 &result)); 100 EXPECT_EQ(result, "Loaded"); 101 102 // A different extension. Legacy (manifest_version 1) extensions should always 103 // be able to load each other's resources. 104 ASSERT_TRUE(LoadExtensionWithFlags(test_data_dir_ 105 .AppendASCII("extension_resource_request_policy") 106 .AppendASCII("extension2"), 107 // Tests manifest_version 1 behavior, so warnings are expected. 108 ExtensionBrowserTest::kFlagIgnoreManifestWarnings)); 109 ui_test_utils::NavigateToURL( 110 browser(), 111 GURL("chrome-extension://pbkkcbgdkliohhfaeefcijaghglkahja/index.html")); 112 ASSERT_TRUE(content::ExecuteScriptAndExtractString( 113 browser()->tab_strip_model()->GetActiveWebContents(), 114 "window.domAutomationController.send(document.title)", 115 &result)); 116 EXPECT_EQ(result, "Loaded"); 117 } 118 119 IN_PROC_BROWSER_TEST_F(ExtensionResourceRequestPolicyTest, 120 ExtensionCanLoadHostedAppIcons) { 121 ASSERT_TRUE(LoadExtensionWithFlags(test_data_dir_ 122 .AppendASCII("extension_resource_request_policy") 123 .AppendASCII("extension"), 124 // Tests manifest_version 1 behavior, so warnings are expected. 125 ExtensionBrowserTest::kFlagIgnoreManifestWarnings)); 126 127 ASSERT_TRUE(RunExtensionSubtest( 128 "extension_resource_request_policy/extension2/", 129 "can_load_icons_from_hosted_apps.html", 130 // Tests manifest_version 1 behavior, so warnings are expected. 131 ExtensionApiTest::kFlagIgnoreManifestWarnings)) << message_; 132 } 133 134 IN_PROC_BROWSER_TEST_F(ExtensionResourceRequestPolicyTest, Audio) { 135 EXPECT_TRUE(RunExtensionSubtest( 136 "extension_resource_request_policy/extension2", 137 "audio.html", 138 // Tests manifest_version 1 behavior, so warnings are expected. 139 ExtensionApiTest::kFlagIgnoreManifestWarnings)) << message_; 140 } 141 142 #if defined(OS_MACOSX) || defined(OS_WIN) 143 // http://crbug.com/238733 - Video is flaky on Mac and Win. 144 #define MAYBE_Video DISABLED_Video 145 #else 146 #define MAYBE_Video Video 147 #endif 148 149 IN_PROC_BROWSER_TEST_F(ExtensionResourceRequestPolicyTest, MAYBE_Video) { 150 EXPECT_TRUE(RunExtensionSubtest( 151 "extension_resource_request_policy/extension2", 152 "video.html", 153 // Tests manifest_version 1 behavior, so warnings are expected. 154 ExtensionApiTest::kFlagIgnoreManifestWarnings)) << message_; 155 } 156 157 // This test times out regularly on win_rel trybots. See http://crbug.com/122154 158 #if defined(OS_WIN) 159 #define MAYBE_WebAccessibleResources DISABLED_WebAccessibleResources 160 #else 161 #define MAYBE_WebAccessibleResources WebAccessibleResources 162 #endif 163 IN_PROC_BROWSER_TEST_F(ExtensionResourceRequestPolicyTest, 164 MAYBE_WebAccessibleResources) { 165 std::string result; 166 ASSERT_TRUE(test_server()->Start()); 167 ASSERT_TRUE(LoadExtension(test_data_dir_ 168 .AppendASCII("extension_resource_request_policy") 169 .AppendASCII("web_accessible"))); 170 171 GURL accessible_resource( 172 test_server()->GetURL( 173 "files/extensions/api_test/extension_resource_request_policy/" 174 "web_accessible/accessible_resource.html")); 175 ui_test_utils::NavigateToURL(browser(), accessible_resource); 176 ASSERT_TRUE(content::ExecuteScriptAndExtractString( 177 browser()->tab_strip_model()->GetActiveWebContents(), 178 "window.domAutomationController.send(document.title)", 179 &result)); 180 EXPECT_EQ("Loaded", result); 181 182 GURL xhr_accessible_resource( 183 test_server()->GetURL( 184 "files/extensions/api_test/extension_resource_request_policy/" 185 "web_accessible/xhr_accessible_resource.html")); 186 ui_test_utils::NavigateToURL( 187 browser(), xhr_accessible_resource); 188 ASSERT_TRUE(content::ExecuteScriptAndExtractString( 189 browser()->tab_strip_model()->GetActiveWebContents(), 190 "window.domAutomationController.send(document.title)", 191 &result)); 192 EXPECT_EQ("XHR completed with status: 200", result); 193 194 GURL xhr_inaccessible_resource( 195 test_server()->GetURL( 196 "files/extensions/api_test/extension_resource_request_policy/" 197 "web_accessible/xhr_inaccessible_resource.html")); 198 ui_test_utils::NavigateToURL( 199 browser(), xhr_inaccessible_resource); 200 ASSERT_TRUE(content::ExecuteScriptAndExtractString( 201 browser()->tab_strip_model()->GetActiveWebContents(), 202 "window.domAutomationController.send(document.title)", 203 &result)); 204 EXPECT_EQ("XHR failed to load resource", result); 205 206 GURL nonaccessible_resource( 207 test_server()->GetURL( 208 "files/extensions/api_test/extension_resource_request_policy/" 209 "web_accessible/nonaccessible_resource.html")); 210 ui_test_utils::NavigateToURL(browser(), nonaccessible_resource); 211 ASSERT_TRUE(content::ExecuteScriptAndExtractString( 212 browser()->tab_strip_model()->GetActiveWebContents(), 213 "window.domAutomationController.send(document.title)", 214 &result)); 215 EXPECT_EQ("Image failed to load", result); 216 217 GURL nonexistent_resource( 218 test_server()->GetURL( 219 "files/extensions/api_test/extension_resource_request_policy/" 220 "web_accessible/nonexistent_resource.html")); 221 ui_test_utils::NavigateToURL(browser(), nonexistent_resource); 222 ASSERT_TRUE(content::ExecuteScriptAndExtractString( 223 browser()->tab_strip_model()->GetActiveWebContents(), 224 "window.domAutomationController.send(document.title)", 225 &result)); 226 EXPECT_EQ("Image failed to load", result); 227 228 GURL nonaccessible_cer_resource( 229 test_server()->GetURL( 230 "files/extensions/api_test/extension_resource_request_policy/" 231 "web_accessible/nonaccessible_chrome_resource_scheme.html")); 232 ui_test_utils::NavigateToURL(browser(), nonaccessible_cer_resource); 233 ASSERT_TRUE(content::ExecuteScriptAndExtractString( 234 browser()->tab_strip_model()->GetActiveWebContents(), 235 "window.domAutomationController.send(document.title)", 236 &result)); 237 EXPECT_EQ("Loading CER:// failed.", result); 238 239 GURL newtab_page("chrome://newtab"); 240 GURL accessible_newtab_override( 241 test_server()->GetURL( 242 "files/extensions/api_test/extension_resource_request_policy/" 243 "web_accessible/accessible_history_navigation.html")); 244 ui_test_utils::NavigateToURL(browser(), newtab_page); 245 ui_test_utils::NavigateToURLBlockUntilNavigationsComplete( 246 browser(), accessible_newtab_override, 2); 247 ASSERT_TRUE(content::ExecuteScriptAndExtractString( 248 browser()->tab_strip_model()->GetActiveWebContents(), 249 "window.domAutomationController.send(document.title)", 250 &result)); 251 EXPECT_EQ("New Tab Page Loaded Successfully", result); 252 } 253 254 IN_PROC_BROWSER_TEST_F(ExtensionResourceRequestPolicyTest, 255 WebAccessibleResourcesWithCSP) { 256 std::string result; 257 ASSERT_TRUE(test_server()->Start()); 258 ASSERT_TRUE(LoadExtension(test_data_dir_ 259 .AppendASCII("extension_resource_request_policy") 260 .AppendASCII("web_accessible"))); 261 262 GURL accessible_resource_with_csp( 263 test_server()->GetURL( 264 "files/extensions/api_test/extension_resource_request_policy/" 265 "web_accessible/accessible_resource_with_csp.html")); 266 ui_test_utils::NavigateToURL(browser(), accessible_resource_with_csp); 267 ASSERT_TRUE(content::ExecuteScriptAndExtractString( 268 browser()->tab_strip_model()->GetActiveWebContents(), 269 "window.domAutomationController.send(document.title)", 270 &result)); 271 EXPECT_EQ("Loaded", result); 272 } 273 274 IN_PROC_BROWSER_TEST_F(ExtensionResourceRequestPolicyTest, Iframe) { 275 // Load another extension, which the test one shouldn't be able to get 276 // resources from. 277 ASSERT_TRUE(LoadExtension(test_data_dir_ 278 .AppendASCII("extension_resource_request_policy") 279 .AppendASCII("inaccessible"))); 280 EXPECT_TRUE(RunExtensionSubtest( 281 "extension_resource_request_policy/web_accessible", 282 "iframe.html")) << message_; 283 } 284 285 #if defined(OS_MACOSX) 286 #define MAYBE_ExtensionAccessibleResources DISABLED_ExtensionAccessibleResources 287 #else 288 #define MAYBE_ExtensionAccessibleResources ExtensionAccessibleResources 289 #endif 290 IN_PROC_BROWSER_TEST_F(ExtensionResourceRequestPolicyTest, 291 MAYBE_ExtensionAccessibleResources) { 292 ASSERT_TRUE(RunExtensionSubtest("accessible_cer", "main.html")) << message_; 293 } 294