1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "base/auto_reset.h" 6 #include "base/message_loop/message_loop.h" 7 #include "base/prefs/pref_service.h" 8 #include "chrome/browser/content_settings/cookie_settings.h" 9 #include "chrome/common/pref_names.h" 10 #include "chrome/test/base/testing_profile.h" 11 #include "components/content_settings/core/common/content_settings_pattern.h" 12 #include "content/public/test/test_browser_thread.h" 13 #include "net/base/static_cookie_policy.h" 14 #include "testing/gtest/include/gtest/gtest.h" 15 #include "url/gurl.h" 16 17 using content::BrowserThread; 18 19 namespace { 20 21 class CookieSettingsTest : public testing::Test { 22 public: 23 CookieSettingsTest() 24 : ui_thread_(BrowserThread::UI, &message_loop_), 25 cookie_settings_(CookieSettings::Factory::GetForProfile(&profile_) 26 .get()), 27 kBlockedSite("http://ads.thirdparty.com"), 28 kAllowedSite("http://good.allays.com"), 29 kFirstPartySite("http://cool.things.com"), 30 kBlockedFirstPartySite("http://no.thirdparties.com"), 31 kExtensionURL("chrome-extension://deadbeef"), 32 kHttpsSite("https://example.com"), 33 kAllHttpsSitesPattern(ContentSettingsPattern::FromString("https://*")) { 34 } 35 36 protected: 37 base::MessageLoop message_loop_; 38 content::TestBrowserThread ui_thread_; 39 TestingProfile profile_; 40 CookieSettings* cookie_settings_; 41 const GURL kBlockedSite; 42 const GURL kAllowedSite; 43 const GURL kFirstPartySite; 44 const GURL kBlockedFirstPartySite; 45 const GURL kExtensionURL; 46 const GURL kHttpsSite; 47 ContentSettingsPattern kAllHttpsSitesPattern; 48 }; 49 50 TEST_F(CookieSettingsTest, CookiesBlockSingle) { 51 cookie_settings_->SetCookieSetting( 52 ContentSettingsPattern::FromURL(kBlockedSite), 53 ContentSettingsPattern::Wildcard(), 54 CONTENT_SETTING_BLOCK); 55 EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed( 56 kBlockedSite, kBlockedSite)); 57 } 58 59 TEST_F(CookieSettingsTest, CookiesBlockThirdParty) { 60 profile_.GetPrefs()->SetBoolean(prefs::kBlockThirdPartyCookies, true); 61 EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed( 62 kBlockedSite, kFirstPartySite)); 63 EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kBlockedSite)); 64 EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed( 65 kBlockedSite, kFirstPartySite)); 66 } 67 68 TEST_F(CookieSettingsTest, CookiesAllowThirdParty) { 69 EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed( 70 kBlockedSite, kFirstPartySite)); 71 EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed( 72 kBlockedSite, kFirstPartySite)); 73 EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kBlockedSite)); 74 } 75 76 TEST_F(CookieSettingsTest, CookiesExplicitBlockSingleThirdParty) { 77 cookie_settings_->SetCookieSetting( 78 ContentSettingsPattern::FromURL(kBlockedSite), 79 ContentSettingsPattern::Wildcard(), 80 CONTENT_SETTING_BLOCK); 81 EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed( 82 kBlockedSite, kFirstPartySite)); 83 EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed( 84 kBlockedSite, kFirstPartySite)); 85 EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed( 86 kAllowedSite, kFirstPartySite)); 87 } 88 89 TEST_F(CookieSettingsTest, CookiesExplicitSessionOnly) { 90 cookie_settings_->SetCookieSetting( 91 ContentSettingsPattern::FromURL(kBlockedSite), 92 ContentSettingsPattern::Wildcard(), 93 CONTENT_SETTING_SESSION_ONLY); 94 EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed( 95 kBlockedSite, kFirstPartySite)); 96 EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed( 97 kBlockedSite, kFirstPartySite)); 98 EXPECT_TRUE(cookie_settings_->IsCookieSessionOnly(kBlockedSite)); 99 100 profile_.GetPrefs()->SetBoolean(prefs::kBlockThirdPartyCookies, true); 101 EXPECT_TRUE(cookie_settings_-> 102 IsReadingCookieAllowed(kBlockedSite, kFirstPartySite)); 103 EXPECT_TRUE(cookie_settings_-> 104 IsSettingCookieAllowed(kBlockedSite, kFirstPartySite)); 105 EXPECT_TRUE(cookie_settings_->IsCookieSessionOnly(kBlockedSite)); 106 } 107 108 TEST_F(CookieSettingsTest, CookiesThirdPartyBlockedExplicitAllow) { 109 cookie_settings_->SetCookieSetting( 110 ContentSettingsPattern::FromURL(kAllowedSite), 111 ContentSettingsPattern::Wildcard(), 112 CONTENT_SETTING_ALLOW); 113 profile_.GetPrefs()->SetBoolean(prefs::kBlockThirdPartyCookies, true); 114 EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed( 115 kAllowedSite, kFirstPartySite)); 116 EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed( 117 kAllowedSite, kFirstPartySite)); 118 EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kAllowedSite)); 119 120 // Extensions should always be allowed to use cookies. 121 EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed( 122 kAllowedSite, kExtensionURL)); 123 EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed( 124 kAllowedSite, kExtensionURL)); 125 } 126 127 TEST_F(CookieSettingsTest, CookiesThirdPartyBlockedAllSitesAllowed) { 128 cookie_settings_->SetCookieSetting( 129 ContentSettingsPattern::FromURL(kAllowedSite), 130 ContentSettingsPattern::Wildcard(), 131 CONTENT_SETTING_ALLOW); 132 profile_.GetPrefs()->SetBoolean(prefs::kBlockThirdPartyCookies, true); 133 // As an example for a pattern that matches all hosts but not all origins, 134 // match all HTTPS sites. 135 cookie_settings_->SetCookieSetting( 136 kAllHttpsSitesPattern, 137 ContentSettingsPattern::Wildcard(), 138 CONTENT_SETTING_ALLOW); 139 cookie_settings_->SetDefaultCookieSetting(CONTENT_SETTING_SESSION_ONLY); 140 141 // |kAllowedSite| should be allowed. 142 EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed( 143 kAllowedSite, kBlockedSite)); 144 EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed( 145 kAllowedSite, kBlockedSite)); 146 EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kAllowedSite)); 147 148 // HTTPS sites should be allowed in a first-party context. 149 EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed( 150 kHttpsSite, kHttpsSite)); 151 EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed( 152 kHttpsSite, kHttpsSite)); 153 EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kAllowedSite)); 154 155 // HTTP sites should be allowed, but session-only. 156 EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed( 157 kFirstPartySite, kFirstPartySite)); 158 EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed( 159 kFirstPartySite, kFirstPartySite)); 160 EXPECT_TRUE(cookie_settings_->IsCookieSessionOnly(kFirstPartySite)); 161 162 // Third-party cookies should be blocked. 163 EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed( 164 kFirstPartySite, kBlockedSite)); 165 EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed( 166 kFirstPartySite, kBlockedSite)); 167 EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed( 168 kHttpsSite, kBlockedSite)); 169 EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed( 170 kHttpsSite, kBlockedSite)); 171 } 172 173 TEST_F(CookieSettingsTest, CookiesBlockEverything) { 174 cookie_settings_->SetDefaultCookieSetting(CONTENT_SETTING_BLOCK); 175 176 EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed( 177 kFirstPartySite, kFirstPartySite)); 178 EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed( 179 kFirstPartySite, kFirstPartySite)); 180 EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed( 181 kAllowedSite, kFirstPartySite)); 182 } 183 184 TEST_F(CookieSettingsTest, CookiesBlockEverythingExceptAllowed) { 185 cookie_settings_->SetDefaultCookieSetting(CONTENT_SETTING_BLOCK); 186 cookie_settings_->SetCookieSetting( 187 ContentSettingsPattern::FromURL(kAllowedSite), 188 ContentSettingsPattern::Wildcard(), 189 CONTENT_SETTING_ALLOW); 190 EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed( 191 kFirstPartySite, kFirstPartySite)); 192 EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed( 193 kFirstPartySite, kFirstPartySite)); 194 EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed( 195 kAllowedSite, kFirstPartySite)); 196 EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed( 197 kAllowedSite, kFirstPartySite)); 198 EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed( 199 kAllowedSite, kAllowedSite)); 200 EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed( 201 kAllowedSite, kAllowedSite)); 202 EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kAllowedSite)); 203 } 204 205 TEST_F(CookieSettingsTest, CookiesBlockSingleFirstParty) { 206 cookie_settings_->SetCookieSetting( 207 ContentSettingsPattern::FromURL(kAllowedSite), 208 ContentSettingsPattern::FromURL(kFirstPartySite), 209 CONTENT_SETTING_ALLOW); 210 cookie_settings_->SetCookieSetting( 211 ContentSettingsPattern::FromURL(kAllowedSite), 212 ContentSettingsPattern::FromURL(kBlockedFirstPartySite), 213 CONTENT_SETTING_BLOCK); 214 215 EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed( 216 kAllowedSite, kFirstPartySite)); 217 EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed( 218 kAllowedSite, kFirstPartySite)); 219 EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kAllowedSite)); 220 221 EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed( 222 kAllowedSite, kBlockedFirstPartySite)); 223 EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed( 224 kAllowedSite, kBlockedFirstPartySite)); 225 226 cookie_settings_->SetDefaultCookieSetting(CONTENT_SETTING_BLOCK); 227 228 EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed( 229 kAllowedSite, kFirstPartySite)); 230 EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed( 231 kAllowedSite, kFirstPartySite)); 232 EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kAllowedSite)); 233 234 EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed( 235 kAllowedSite, kBlockedFirstPartySite)); 236 EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed( 237 kAllowedSite, kBlockedFirstPartySite)); 238 239 cookie_settings_->ResetCookieSetting( 240 ContentSettingsPattern::FromURL(kAllowedSite), 241 ContentSettingsPattern::FromURL(kFirstPartySite)); 242 243 EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed( 244 kAllowedSite, kFirstPartySite)); 245 EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed( 246 kAllowedSite, kFirstPartySite)); 247 } 248 249 TEST_F(CookieSettingsTest, ExtensionsRegularSettings) { 250 cookie_settings_->SetCookieSetting( 251 ContentSettingsPattern::FromURL(kBlockedSite), 252 ContentSettingsPattern::Wildcard(), 253 CONTENT_SETTING_BLOCK); 254 255 // Regular cookie settings also apply to extensions. 256 EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed( 257 kBlockedSite, kExtensionURL)); 258 } 259 260 TEST_F(CookieSettingsTest, ExtensionsOwnCookies) { 261 cookie_settings_->SetDefaultCookieSetting(CONTENT_SETTING_BLOCK); 262 263 #if defined(ENABLE_EXTENSIONS) 264 // Extensions can always use cookies (and site data) in their own origin. 265 EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed( 266 kExtensionURL, kExtensionURL)); 267 #else 268 // Except if extensions are disabled. Then the extension-specific checks do 269 // not exist and the default setting is to block. 270 EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed( 271 kExtensionURL, kExtensionURL)); 272 #endif 273 } 274 275 TEST_F(CookieSettingsTest, ExtensionsThirdParty) { 276 profile_.GetPrefs()->SetBoolean(prefs::kBlockThirdPartyCookies, true); 277 278 // XHRs stemming from extensions are exempt from third-party cookie blocking 279 // rules (as the first party is always the extension's security origin). 280 EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed( 281 kBlockedSite, kExtensionURL)); 282 } 283 284 } // namespace 285