1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "base/command_line.h" 6 #include "base/logging.h" 7 #include "chrome/browser/extensions/extension_apitest.h" 8 #include "chrome/browser/ui/browser.h" 9 #include "chrome/browser/ui/tabs/tab_strip_model.h" 10 #include "chrome/test/base/test_switches.h" 11 #include "chrome/test/base/ui_test_utils.h" 12 #include "content/public/browser/web_contents.h" 13 #include "content/public/test/browser_test_utils.h" 14 #include "extensions/common/switches.h" 15 #include "net/dns/mock_host_resolver.h" 16 #include "url/gurl.h" 17 18 class ExtensionResourceRequestPolicyTest : public ExtensionApiTest { 19 protected: 20 virtual void SetUpCommandLine(CommandLine* command_line) OVERRIDE { 21 ExtensionApiTest::SetUpCommandLine(command_line); 22 command_line->AppendSwitch( 23 extensions::switches::kAllowLegacyExtensionManifests); 24 } 25 }; 26 27 // Note, this mostly tests the logic of chrome/renderer/extensions/ 28 // extension_resource_request_policy.*, but we have it as a browser test so that 29 // can make sure it works end-to-end. 30 IN_PROC_BROWSER_TEST_F(ExtensionResourceRequestPolicyTest, OriginPrivileges) { 31 #if defined(OS_WIN) && defined(USE_ASH) 32 // Disable this test in Metro+Ash for now (http://crbug.com/262796). 33 if (CommandLine::ForCurrentProcess()->HasSwitch(switches::kAshBrowserTests)) 34 return; 35 #endif 36 37 host_resolver()->AddRule("*", "127.0.0.1"); 38 ASSERT_TRUE(test_server()->Start()); 39 ASSERT_TRUE(LoadExtensionWithFlags(test_data_dir_ 40 .AppendASCII("extension_resource_request_policy") 41 .AppendASCII("extension"), 42 // Tests manifest_version 1 behavior, so warnings are expected. 43 ExtensionBrowserTest::kFlagIgnoreManifestWarnings)); 44 45 GURL web_resource( 46 test_server()->GetURL( 47 "files/extensions/api_test/extension_resource_request_policy/" 48 "index.html")); 49 50 std::string host_a("a.com"); 51 GURL::Replacements make_host_a_com; 52 make_host_a_com.SetHostStr(host_a); 53 54 std::string host_b("b.com"); 55 GURL::Replacements make_host_b_com; 56 make_host_b_com.SetHostStr(host_b); 57 58 // A web host that has permission. 59 ui_test_utils::NavigateToURL( 60 browser(), web_resource.ReplaceComponents(make_host_a_com)); 61 std::string result; 62 ASSERT_TRUE(content::ExecuteScriptAndExtractString( 63 browser()->tab_strip_model()->GetActiveWebContents(), 64 "window.domAutomationController.send(document.title)", 65 &result)); 66 EXPECT_EQ(result, "Loaded"); 67 68 // A web host that loads a non-existent extension. 69 GURL non_existent_extension( 70 test_server()->GetURL( 71 "files/extensions/api_test/extension_resource_request_policy/" 72 "non_existent_extension.html")); 73 ui_test_utils::NavigateToURL(browser(), non_existent_extension); 74 ASSERT_TRUE(content::ExecuteScriptAndExtractString( 75 browser()->tab_strip_model()->GetActiveWebContents(), 76 "window.domAutomationController.send(document.title)", 77 &result)); 78 EXPECT_EQ(result, "Image failed to load"); 79 80 // A data URL. Data URLs should always be able to load chrome-extension:// 81 // resources. 82 std::string file_source; 83 ASSERT_TRUE(base::ReadFileToString( 84 test_data_dir_.AppendASCII("extension_resource_request_policy") 85 .AppendASCII("index.html"), &file_source)); 86 ui_test_utils::NavigateToURL(browser(), 87 GURL(std::string("data:text/html;charset=utf-8,") + file_source)); 88 ASSERT_TRUE(content::ExecuteScriptAndExtractString( 89 browser()->tab_strip_model()->GetActiveWebContents(), 90 "window.domAutomationController.send(document.title)", 91 &result)); 92 EXPECT_EQ(result, "Loaded"); 93 94 // A different extension. Legacy (manifest_version 1) extensions should always 95 // be able to load each other's resources. 96 ASSERT_TRUE(LoadExtensionWithFlags(test_data_dir_ 97 .AppendASCII("extension_resource_request_policy") 98 .AppendASCII("extension2"), 99 // Tests manifest_version 1 behavior, so warnings are expected. 100 ExtensionBrowserTest::kFlagIgnoreManifestWarnings)); 101 ui_test_utils::NavigateToURL( 102 browser(), 103 GURL("chrome-extension://pbkkcbgdkliohhfaeefcijaghglkahja/index.html")); 104 ASSERT_TRUE(content::ExecuteScriptAndExtractString( 105 browser()->tab_strip_model()->GetActiveWebContents(), 106 "window.domAutomationController.send(document.title)", 107 &result)); 108 EXPECT_EQ(result, "Loaded"); 109 } 110 111 IN_PROC_BROWSER_TEST_F(ExtensionResourceRequestPolicyTest, 112 ExtensionCanLoadHostedAppIcons) { 113 ASSERT_TRUE(LoadExtensionWithFlags(test_data_dir_ 114 .AppendASCII("extension_resource_request_policy") 115 .AppendASCII("extension"), 116 // Tests manifest_version 1 behavior, so warnings are expected. 117 ExtensionBrowserTest::kFlagIgnoreManifestWarnings)); 118 119 ASSERT_TRUE(RunExtensionSubtest( 120 "extension_resource_request_policy/extension2/", 121 "can_load_icons_from_hosted_apps.html", 122 // Tests manifest_version 1 behavior, so warnings are expected. 123 ExtensionApiTest::kFlagIgnoreManifestWarnings)) << message_; 124 } 125 126 IN_PROC_BROWSER_TEST_F(ExtensionResourceRequestPolicyTest, Audio) { 127 EXPECT_TRUE(RunExtensionSubtest( 128 "extension_resource_request_policy/extension2", 129 "audio.html", 130 // Tests manifest_version 1 behavior, so warnings are expected. 131 ExtensionApiTest::kFlagIgnoreManifestWarnings)) << message_; 132 } 133 134 #if defined(OS_MACOSX) || defined(OS_WIN) 135 // http://crbug.com/238733 - Video is flaky on Mac and Win. 136 #define MAYBE_Video DISABLED_Video 137 #else 138 #define MAYBE_Video Video 139 #endif 140 141 IN_PROC_BROWSER_TEST_F(ExtensionResourceRequestPolicyTest, MAYBE_Video) { 142 EXPECT_TRUE(RunExtensionSubtest( 143 "extension_resource_request_policy/extension2", 144 "video.html", 145 // Tests manifest_version 1 behavior, so warnings are expected. 146 ExtensionApiTest::kFlagIgnoreManifestWarnings)) << message_; 147 } 148 149 // This test times out regularly on win_rel trybots. See http://crbug.com/122154 150 #if defined(OS_WIN) 151 #define MAYBE_WebAccessibleResources DISABLED_WebAccessibleResources 152 #else 153 #define MAYBE_WebAccessibleResources WebAccessibleResources 154 #endif 155 IN_PROC_BROWSER_TEST_F(ExtensionResourceRequestPolicyTest, 156 MAYBE_WebAccessibleResources) { 157 std::string result; 158 ASSERT_TRUE(test_server()->Start()); 159 ASSERT_TRUE(LoadExtension(test_data_dir_ 160 .AppendASCII("extension_resource_request_policy") 161 .AppendASCII("web_accessible"))); 162 163 GURL accessible_resource( 164 test_server()->GetURL( 165 "files/extensions/api_test/extension_resource_request_policy/" 166 "web_accessible/accessible_resource.html")); 167 ui_test_utils::NavigateToURL(browser(), accessible_resource); 168 ASSERT_TRUE(content::ExecuteScriptAndExtractString( 169 browser()->tab_strip_model()->GetActiveWebContents(), 170 "window.domAutomationController.send(document.title)", 171 &result)); 172 EXPECT_EQ("Loaded", result); 173 174 GURL xhr_accessible_resource( 175 test_server()->GetURL( 176 "files/extensions/api_test/extension_resource_request_policy/" 177 "web_accessible/xhr_accessible_resource.html")); 178 ui_test_utils::NavigateToURL( 179 browser(), xhr_accessible_resource); 180 ASSERT_TRUE(content::ExecuteScriptAndExtractString( 181 browser()->tab_strip_model()->GetActiveWebContents(), 182 "window.domAutomationController.send(document.title)", 183 &result)); 184 EXPECT_EQ("XHR completed with status: 200", result); 185 186 GURL xhr_inaccessible_resource( 187 test_server()->GetURL( 188 "files/extensions/api_test/extension_resource_request_policy/" 189 "web_accessible/xhr_inaccessible_resource.html")); 190 ui_test_utils::NavigateToURL( 191 browser(), xhr_inaccessible_resource); 192 ASSERT_TRUE(content::ExecuteScriptAndExtractString( 193 browser()->tab_strip_model()->GetActiveWebContents(), 194 "window.domAutomationController.send(document.title)", 195 &result)); 196 EXPECT_EQ("XHR failed to load resource", result); 197 198 GURL nonaccessible_resource( 199 test_server()->GetURL( 200 "files/extensions/api_test/extension_resource_request_policy/" 201 "web_accessible/nonaccessible_resource.html")); 202 ui_test_utils::NavigateToURL(browser(), nonaccessible_resource); 203 ASSERT_TRUE(content::ExecuteScriptAndExtractString( 204 browser()->tab_strip_model()->GetActiveWebContents(), 205 "window.domAutomationController.send(document.title)", 206 &result)); 207 EXPECT_EQ("Image failed to load", result); 208 209 GURL nonexistent_resource( 210 test_server()->GetURL( 211 "files/extensions/api_test/extension_resource_request_policy/" 212 "web_accessible/nonexistent_resource.html")); 213 ui_test_utils::NavigateToURL(browser(), nonexistent_resource); 214 ASSERT_TRUE(content::ExecuteScriptAndExtractString( 215 browser()->tab_strip_model()->GetActiveWebContents(), 216 "window.domAutomationController.send(document.title)", 217 &result)); 218 EXPECT_EQ("Image failed to load", result); 219 220 GURL nonaccessible_cer_resource( 221 test_server()->GetURL( 222 "files/extensions/api_test/extension_resource_request_policy/" 223 "web_accessible/nonaccessible_chrome_resource_scheme.html")); 224 ui_test_utils::NavigateToURL(browser(), nonaccessible_cer_resource); 225 ASSERT_TRUE(content::ExecuteScriptAndExtractString( 226 browser()->tab_strip_model()->GetActiveWebContents(), 227 "window.domAutomationController.send(document.title)", 228 &result)); 229 EXPECT_EQ("Loading CER:// failed.", result); 230 231 GURL newtab_page("chrome://newtab"); 232 GURL accessible_newtab_override( 233 test_server()->GetURL( 234 "files/extensions/api_test/extension_resource_request_policy/" 235 "web_accessible/accessible_history_navigation.html")); 236 ui_test_utils::NavigateToURL(browser(), newtab_page); 237 ui_test_utils::NavigateToURLBlockUntilNavigationsComplete( 238 browser(), accessible_newtab_override, 2); 239 ASSERT_TRUE(content::ExecuteScriptAndExtractString( 240 browser()->tab_strip_model()->GetActiveWebContents(), 241 "window.domAutomationController.send(document.title)", 242 &result)); 243 EXPECT_EQ("New Tab Page Loaded Successfully", result); 244 } 245 246 IN_PROC_BROWSER_TEST_F(ExtensionResourceRequestPolicyTest, 247 LinkToWebAccessibleResources) { 248 std::string result; 249 ASSERT_TRUE(test_server()->Start()); 250 ASSERT_TRUE(LoadExtension(test_data_dir_ 251 .AppendASCII("extension_resource_request_policy") 252 .AppendASCII("web_accessible"))); 253 254 GURL accessible_linked_resource( 255 test_server()->GetURL( 256 "files/extensions/api_test/extension_resource_request_policy/" 257 "web_accessible/accessible_link_resource.html")); 258 ui_test_utils::NavigateToURLBlockUntilNavigationsComplete(browser(), 259 accessible_linked_resource, 2); 260 ASSERT_TRUE(content::ExecuteScriptAndExtractString( 261 browser()->tab_strip_model()->GetActiveWebContents(), 262 "window.domAutomationController.send(document.URL)", 263 &result)); 264 EXPECT_NE("about:blank", result); 265 266 GURL nonaccessible_linked_resource( 267 test_server()->GetURL( 268 "files/extensions/api_test/extension_resource_request_policy/" 269 "web_accessible/nonaccessible_link_resource.html")); 270 ui_test_utils::NavigateToURLBlockUntilNavigationsComplete(browser(), 271 nonaccessible_linked_resource, 2); 272 ASSERT_TRUE(content::ExecuteScriptAndExtractString( 273 browser()->tab_strip_model()->GetActiveWebContents(), 274 "window.domAutomationController.send(document.URL)", 275 &result)); 276 EXPECT_EQ("about:blank", result); 277 278 GURL accessible_client_redirect_resource( 279 test_server()->GetURL( 280 "files/extensions/api_test/extension_resource_request_policy/" 281 "web_accessible/accessible_redirect_resource.html")); 282 ui_test_utils::NavigateToURLBlockUntilNavigationsComplete(browser(), 283 accessible_client_redirect_resource, 2); 284 ASSERT_TRUE(content::ExecuteScriptAndExtractString( 285 browser()->tab_strip_model()->GetActiveWebContents(), 286 "window.domAutomationController.send(document.URL)", 287 &result)); 288 EXPECT_NE("about:blank", result); 289 290 GURL nonaccessible_client_redirect_resource( 291 test_server()->GetURL( 292 "files/extensions/api_test/extension_resource_request_policy/" 293 "web_accessible/nonaccessible_redirect_resource.html")); 294 ui_test_utils::NavigateToURLBlockUntilNavigationsComplete(browser(), 295 nonaccessible_client_redirect_resource, 2); 296 ASSERT_TRUE(content::ExecuteScriptAndExtractString( 297 browser()->tab_strip_model()->GetActiveWebContents(), 298 "window.domAutomationController.send(document.URL)", 299 &result)); 300 EXPECT_EQ("about:blank", result); 301 } 302 303 IN_PROC_BROWSER_TEST_F(ExtensionResourceRequestPolicyTest, 304 WebAccessibleResourcesWithCSP) { 305 std::string result; 306 ASSERT_TRUE(test_server()->Start()); 307 ASSERT_TRUE(LoadExtension(test_data_dir_ 308 .AppendASCII("extension_resource_request_policy") 309 .AppendASCII("web_accessible"))); 310 311 GURL accessible_resource_with_csp( 312 test_server()->GetURL( 313 "files/extensions/api_test/extension_resource_request_policy/" 314 "web_accessible/accessible_resource_with_csp.html")); 315 ui_test_utils::NavigateToURL(browser(), accessible_resource_with_csp); 316 ASSERT_TRUE(content::ExecuteScriptAndExtractString( 317 browser()->tab_strip_model()->GetActiveWebContents(), 318 "window.domAutomationController.send(document.title)", 319 &result)); 320 EXPECT_EQ("Loaded", result); 321 } 322 323 IN_PROC_BROWSER_TEST_F(ExtensionResourceRequestPolicyTest, Iframe) { 324 // Load another extension, which the test one shouldn't be able to get 325 // resources from. 326 ASSERT_TRUE(LoadExtension(test_data_dir_ 327 .AppendASCII("extension_resource_request_policy") 328 .AppendASCII("inaccessible"))); 329 EXPECT_TRUE(RunExtensionSubtest( 330 "extension_resource_request_policy/web_accessible", 331 "iframe.html")) << message_; 332 } 333 334 #if defined(OS_MACOSX) 335 #define MAYBE_ExtensionAccessibleResources DISABLED_ExtensionAccessibleResources 336 #else 337 #define MAYBE_ExtensionAccessibleResources ExtensionAccessibleResources 338 #endif 339 IN_PROC_BROWSER_TEST_F(ExtensionResourceRequestPolicyTest, 340 MAYBE_ExtensionAccessibleResources) { 341 ASSERT_TRUE(RunExtensionSubtest("accessible_cer", "main.html")) << message_; 342 } 343
