1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "base/auto_reset.h"
6 #include "base/message_loop/message_loop.h"
7 #include "base/prefs/pref_service.h"
8 #include "chrome/browser/content_settings/cookie_settings.h"
9 #include "chrome/common/pref_names.h"
10 #include "chrome/test/base/testing_profile.h"
11 #include "components/content_settings/core/common/content_settings_pattern.h"
12 #include "content/public/test/test_browser_thread.h"
13 #include "net/base/static_cookie_policy.h"
14 #include "testing/gtest/include/gtest/gtest.h"
17 using content::BrowserThread
;
21 class CookieSettingsTest
: public testing::Test
{
24 : ui_thread_(BrowserThread::UI
, &message_loop_
),
25 cookie_settings_(CookieSettings::Factory::GetForProfile(&profile_
)
27 kBlockedSite("http://ads.thirdparty.com"),
28 kAllowedSite("http://good.allays.com"),
29 kFirstPartySite("http://cool.things.com"),
30 kBlockedFirstPartySite("http://no.thirdparties.com"),
31 kExtensionURL("chrome-extension://deadbeef"),
32 kHttpsSite("https://example.com"),
33 kAllHttpsSitesPattern(ContentSettingsPattern::FromString("https://*")) {
37 base::MessageLoop message_loop_
;
38 content::TestBrowserThread ui_thread_
;
39 TestingProfile profile_
;
40 CookieSettings
* cookie_settings_
;
41 const GURL kBlockedSite
;
42 const GURL kAllowedSite
;
43 const GURL kFirstPartySite
;
44 const GURL kBlockedFirstPartySite
;
45 const GURL kExtensionURL
;
46 const GURL kHttpsSite
;
47 ContentSettingsPattern kAllHttpsSitesPattern
;
50 TEST_F(CookieSettingsTest
, CookiesBlockSingle
) {
51 cookie_settings_
->SetCookieSetting(
52 ContentSettingsPattern::FromURL(kBlockedSite
),
53 ContentSettingsPattern::Wildcard(),
54 CONTENT_SETTING_BLOCK
);
55 EXPECT_FALSE(cookie_settings_
->IsReadingCookieAllowed(
56 kBlockedSite
, kBlockedSite
));
59 TEST_F(CookieSettingsTest
, CookiesBlockThirdParty
) {
60 profile_
.GetPrefs()->SetBoolean(prefs::kBlockThirdPartyCookies
, true);
61 EXPECT_FALSE(cookie_settings_
->IsReadingCookieAllowed(
62 kBlockedSite
, kFirstPartySite
));
63 EXPECT_FALSE(cookie_settings_
->IsCookieSessionOnly(kBlockedSite
));
64 EXPECT_FALSE(cookie_settings_
->IsSettingCookieAllowed(
65 kBlockedSite
, kFirstPartySite
));
68 TEST_F(CookieSettingsTest
, CookiesAllowThirdParty
) {
69 EXPECT_TRUE(cookie_settings_
->IsReadingCookieAllowed(
70 kBlockedSite
, kFirstPartySite
));
71 EXPECT_TRUE(cookie_settings_
->IsSettingCookieAllowed(
72 kBlockedSite
, kFirstPartySite
));
73 EXPECT_FALSE(cookie_settings_
->IsCookieSessionOnly(kBlockedSite
));
76 TEST_F(CookieSettingsTest
, CookiesExplicitBlockSingleThirdParty
) {
77 cookie_settings_
->SetCookieSetting(
78 ContentSettingsPattern::FromURL(kBlockedSite
),
79 ContentSettingsPattern::Wildcard(),
80 CONTENT_SETTING_BLOCK
);
81 EXPECT_FALSE(cookie_settings_
->IsReadingCookieAllowed(
82 kBlockedSite
, kFirstPartySite
));
83 EXPECT_FALSE(cookie_settings_
->IsSettingCookieAllowed(
84 kBlockedSite
, kFirstPartySite
));
85 EXPECT_TRUE(cookie_settings_
->IsSettingCookieAllowed(
86 kAllowedSite
, kFirstPartySite
));
89 TEST_F(CookieSettingsTest
, CookiesExplicitSessionOnly
) {
90 cookie_settings_
->SetCookieSetting(
91 ContentSettingsPattern::FromURL(kBlockedSite
),
92 ContentSettingsPattern::Wildcard(),
93 CONTENT_SETTING_SESSION_ONLY
);
94 EXPECT_TRUE(cookie_settings_
->IsReadingCookieAllowed(
95 kBlockedSite
, kFirstPartySite
));
96 EXPECT_TRUE(cookie_settings_
->IsSettingCookieAllowed(
97 kBlockedSite
, kFirstPartySite
));
98 EXPECT_TRUE(cookie_settings_
->IsCookieSessionOnly(kBlockedSite
));
100 profile_
.GetPrefs()->SetBoolean(prefs::kBlockThirdPartyCookies
, true);
101 EXPECT_TRUE(cookie_settings_
->
102 IsReadingCookieAllowed(kBlockedSite
, kFirstPartySite
));
103 EXPECT_TRUE(cookie_settings_
->
104 IsSettingCookieAllowed(kBlockedSite
, kFirstPartySite
));
105 EXPECT_TRUE(cookie_settings_
->IsCookieSessionOnly(kBlockedSite
));
108 TEST_F(CookieSettingsTest
, CookiesThirdPartyBlockedExplicitAllow
) {
109 cookie_settings_
->SetCookieSetting(
110 ContentSettingsPattern::FromURL(kAllowedSite
),
111 ContentSettingsPattern::Wildcard(),
112 CONTENT_SETTING_ALLOW
);
113 profile_
.GetPrefs()->SetBoolean(prefs::kBlockThirdPartyCookies
, true);
114 EXPECT_TRUE(cookie_settings_
->IsReadingCookieAllowed(
115 kAllowedSite
, kFirstPartySite
));
116 EXPECT_TRUE(cookie_settings_
->IsSettingCookieAllowed(
117 kAllowedSite
, kFirstPartySite
));
118 EXPECT_FALSE(cookie_settings_
->IsCookieSessionOnly(kAllowedSite
));
120 // Extensions should always be allowed to use cookies.
121 EXPECT_TRUE(cookie_settings_
->IsReadingCookieAllowed(
122 kAllowedSite
, kExtensionURL
));
123 EXPECT_TRUE(cookie_settings_
->IsSettingCookieAllowed(
124 kAllowedSite
, kExtensionURL
));
127 TEST_F(CookieSettingsTest
, CookiesThirdPartyBlockedAllSitesAllowed
) {
128 cookie_settings_
->SetCookieSetting(
129 ContentSettingsPattern::FromURL(kAllowedSite
),
130 ContentSettingsPattern::Wildcard(),
131 CONTENT_SETTING_ALLOW
);
132 profile_
.GetPrefs()->SetBoolean(prefs::kBlockThirdPartyCookies
, true);
133 // As an example for a pattern that matches all hosts but not all origins,
134 // match all HTTPS sites.
135 cookie_settings_
->SetCookieSetting(
136 kAllHttpsSitesPattern
,
137 ContentSettingsPattern::Wildcard(),
138 CONTENT_SETTING_ALLOW
);
139 cookie_settings_
->SetDefaultCookieSetting(CONTENT_SETTING_SESSION_ONLY
);
141 // |kAllowedSite| should be allowed.
142 EXPECT_TRUE(cookie_settings_
->IsReadingCookieAllowed(
143 kAllowedSite
, kBlockedSite
));
144 EXPECT_TRUE(cookie_settings_
->IsSettingCookieAllowed(
145 kAllowedSite
, kBlockedSite
));
146 EXPECT_FALSE(cookie_settings_
->IsCookieSessionOnly(kAllowedSite
));
148 // HTTPS sites should be allowed in a first-party context.
149 EXPECT_TRUE(cookie_settings_
->IsReadingCookieAllowed(
150 kHttpsSite
, kHttpsSite
));
151 EXPECT_TRUE(cookie_settings_
->IsSettingCookieAllowed(
152 kHttpsSite
, kHttpsSite
));
153 EXPECT_FALSE(cookie_settings_
->IsCookieSessionOnly(kAllowedSite
));
155 // HTTP sites should be allowed, but session-only.
156 EXPECT_TRUE(cookie_settings_
->IsReadingCookieAllowed(
157 kFirstPartySite
, kFirstPartySite
));
158 EXPECT_TRUE(cookie_settings_
->IsSettingCookieAllowed(
159 kFirstPartySite
, kFirstPartySite
));
160 EXPECT_TRUE(cookie_settings_
->IsCookieSessionOnly(kFirstPartySite
));
162 // Third-party cookies should be blocked.
163 EXPECT_FALSE(cookie_settings_
->IsReadingCookieAllowed(
164 kFirstPartySite
, kBlockedSite
));
165 EXPECT_FALSE(cookie_settings_
->IsSettingCookieAllowed(
166 kFirstPartySite
, kBlockedSite
));
167 EXPECT_FALSE(cookie_settings_
->IsReadingCookieAllowed(
168 kHttpsSite
, kBlockedSite
));
169 EXPECT_FALSE(cookie_settings_
->IsSettingCookieAllowed(
170 kHttpsSite
, kBlockedSite
));
173 TEST_F(CookieSettingsTest
, CookiesBlockEverything
) {
174 cookie_settings_
->SetDefaultCookieSetting(CONTENT_SETTING_BLOCK
);
176 EXPECT_FALSE(cookie_settings_
->IsReadingCookieAllowed(
177 kFirstPartySite
, kFirstPartySite
));
178 EXPECT_FALSE(cookie_settings_
->IsSettingCookieAllowed(
179 kFirstPartySite
, kFirstPartySite
));
180 EXPECT_FALSE(cookie_settings_
->IsSettingCookieAllowed(
181 kAllowedSite
, kFirstPartySite
));
184 TEST_F(CookieSettingsTest
, CookiesBlockEverythingExceptAllowed
) {
185 cookie_settings_
->SetDefaultCookieSetting(CONTENT_SETTING_BLOCK
);
186 cookie_settings_
->SetCookieSetting(
187 ContentSettingsPattern::FromURL(kAllowedSite
),
188 ContentSettingsPattern::Wildcard(),
189 CONTENT_SETTING_ALLOW
);
190 EXPECT_FALSE(cookie_settings_
->IsReadingCookieAllowed(
191 kFirstPartySite
, kFirstPartySite
));
192 EXPECT_FALSE(cookie_settings_
->IsSettingCookieAllowed(
193 kFirstPartySite
, kFirstPartySite
));
194 EXPECT_TRUE(cookie_settings_
->IsReadingCookieAllowed(
195 kAllowedSite
, kFirstPartySite
));
196 EXPECT_TRUE(cookie_settings_
->IsSettingCookieAllowed(
197 kAllowedSite
, kFirstPartySite
));
198 EXPECT_TRUE(cookie_settings_
->IsReadingCookieAllowed(
199 kAllowedSite
, kAllowedSite
));
200 EXPECT_TRUE(cookie_settings_
->IsSettingCookieAllowed(
201 kAllowedSite
, kAllowedSite
));
202 EXPECT_FALSE(cookie_settings_
->IsCookieSessionOnly(kAllowedSite
));
205 TEST_F(CookieSettingsTest
, CookiesBlockSingleFirstParty
) {
206 cookie_settings_
->SetCookieSetting(
207 ContentSettingsPattern::FromURL(kAllowedSite
),
208 ContentSettingsPattern::FromURL(kFirstPartySite
),
209 CONTENT_SETTING_ALLOW
);
210 cookie_settings_
->SetCookieSetting(
211 ContentSettingsPattern::FromURL(kAllowedSite
),
212 ContentSettingsPattern::FromURL(kBlockedFirstPartySite
),
213 CONTENT_SETTING_BLOCK
);
215 EXPECT_TRUE(cookie_settings_
->IsReadingCookieAllowed(
216 kAllowedSite
, kFirstPartySite
));
217 EXPECT_TRUE(cookie_settings_
->IsSettingCookieAllowed(
218 kAllowedSite
, kFirstPartySite
));
219 EXPECT_FALSE(cookie_settings_
->IsCookieSessionOnly(kAllowedSite
));
221 EXPECT_FALSE(cookie_settings_
->IsReadingCookieAllowed(
222 kAllowedSite
, kBlockedFirstPartySite
));
223 EXPECT_FALSE(cookie_settings_
->IsSettingCookieAllowed(
224 kAllowedSite
, kBlockedFirstPartySite
));
226 cookie_settings_
->SetDefaultCookieSetting(CONTENT_SETTING_BLOCK
);
228 EXPECT_TRUE(cookie_settings_
->IsReadingCookieAllowed(
229 kAllowedSite
, kFirstPartySite
));
230 EXPECT_TRUE(cookie_settings_
->IsSettingCookieAllowed(
231 kAllowedSite
, kFirstPartySite
));
232 EXPECT_FALSE(cookie_settings_
->IsCookieSessionOnly(kAllowedSite
));
234 EXPECT_FALSE(cookie_settings_
->IsReadingCookieAllowed(
235 kAllowedSite
, kBlockedFirstPartySite
));
236 EXPECT_FALSE(cookie_settings_
->IsSettingCookieAllowed(
237 kAllowedSite
, kBlockedFirstPartySite
));
239 cookie_settings_
->ResetCookieSetting(
240 ContentSettingsPattern::FromURL(kAllowedSite
),
241 ContentSettingsPattern::FromURL(kFirstPartySite
));
243 EXPECT_FALSE(cookie_settings_
->IsReadingCookieAllowed(
244 kAllowedSite
, kFirstPartySite
));
245 EXPECT_FALSE(cookie_settings_
->IsSettingCookieAllowed(
246 kAllowedSite
, kFirstPartySite
));
249 TEST_F(CookieSettingsTest
, ExtensionsRegularSettings
) {
250 cookie_settings_
->SetCookieSetting(
251 ContentSettingsPattern::FromURL(kBlockedSite
),
252 ContentSettingsPattern::Wildcard(),
253 CONTENT_SETTING_BLOCK
);
255 // Regular cookie settings also apply to extensions.
256 EXPECT_FALSE(cookie_settings_
->IsReadingCookieAllowed(
257 kBlockedSite
, kExtensionURL
));
260 TEST_F(CookieSettingsTest
, ExtensionsOwnCookies
) {
261 cookie_settings_
->SetDefaultCookieSetting(CONTENT_SETTING_BLOCK
);
263 #if defined(ENABLE_EXTENSIONS)
264 // Extensions can always use cookies (and site data) in their own origin.
265 EXPECT_TRUE(cookie_settings_
->IsReadingCookieAllowed(
266 kExtensionURL
, kExtensionURL
));
268 // Except if extensions are disabled. Then the extension-specific checks do
269 // not exist and the default setting is to block.
270 EXPECT_FALSE(cookie_settings_
->IsReadingCookieAllowed(
271 kExtensionURL
, kExtensionURL
));
275 TEST_F(CookieSettingsTest
, ExtensionsThirdParty
) {
276 profile_
.GetPrefs()->SetBoolean(prefs::kBlockThirdPartyCookies
, true);
278 // XHRs stemming from extensions are exempt from third-party cookie blocking
279 // rules (as the first party is always the extension's security origin).
280 EXPECT_TRUE(cookie_settings_
->IsSettingCookieAllowed(
281 kBlockedSite
, kExtensionURL
));
284 TEST_F(CookieSettingsTest
, IncognitoBehaviorOfBlockingRules
) {
285 scoped_refptr
<CookieSettings
> incognito_settings
=
286 CookieSettings::Factory::GetForProfile(profile_
.GetOffTheRecordProfile());
288 // Modify the regular cookie settings after the incognito cookie settings have
289 // been instantiated.
290 cookie_settings_
->SetCookieSetting(
291 ContentSettingsPattern::FromURL(kBlockedSite
),
292 ContentSettingsPattern::Wildcard(),
293 CONTENT_SETTING_BLOCK
);
295 // The modification should apply to the regular profile and incognito profile.
296 EXPECT_FALSE(cookie_settings_
->IsReadingCookieAllowed(
297 kBlockedSite
, kBlockedSite
));
298 EXPECT_FALSE(incognito_settings
->IsReadingCookieAllowed(
299 kBlockedSite
, kBlockedSite
));
301 // Modify an incognito cookie setting and check that this does not propagate
302 // into regular mode.
303 incognito_settings
->SetCookieSetting(
304 ContentSettingsPattern::FromURL(kHttpsSite
),
305 ContentSettingsPattern::Wildcard(),
306 CONTENT_SETTING_BLOCK
);
307 EXPECT_TRUE(cookie_settings_
->IsReadingCookieAllowed(
308 kHttpsSite
, kHttpsSite
));
309 EXPECT_FALSE(incognito_settings
->IsReadingCookieAllowed(
310 kHttpsSite
, kHttpsSite
));
313 TEST_F(CookieSettingsTest
, IncognitoBehaviorOfBlockingEverything
) {
314 scoped_refptr
<CookieSettings
> incognito_settings
=
315 CookieSettings::Factory::GetForProfile(profile_
.GetOffTheRecordProfile());
317 // Apply the general blocking to the regular profile.
318 cookie_settings_
->SetDefaultCookieSetting(CONTENT_SETTING_BLOCK
);
320 // It should be effective for regular and incognito session.
321 EXPECT_FALSE(cookie_settings_
->IsReadingCookieAllowed(
322 kFirstPartySite
, kFirstPartySite
));
323 EXPECT_FALSE(incognito_settings
->IsReadingCookieAllowed(
324 kFirstPartySite
, kFirstPartySite
));
326 // A whitelisted item set in incognito mode should only apply to incognito
328 incognito_settings
->SetCookieSetting(
329 ContentSettingsPattern::FromURL(kAllowedSite
),
330 ContentSettingsPattern::Wildcard(),
331 CONTENT_SETTING_ALLOW
);
332 EXPECT_TRUE(incognito_settings
->IsReadingCookieAllowed(
333 kAllowedSite
, kAllowedSite
));
334 EXPECT_FALSE(cookie_settings_
->IsReadingCookieAllowed(
335 kAllowedSite
, kAllowedSite
));
337 // A whitelisted item set in regular mode should apply to regular and
339 cookie_settings_
->SetCookieSetting(
340 ContentSettingsPattern::FromURL(kHttpsSite
),
341 ContentSettingsPattern::Wildcard(),
342 CONTENT_SETTING_ALLOW
);
343 EXPECT_TRUE(incognito_settings
->IsReadingCookieAllowed(
344 kHttpsSite
, kHttpsSite
));
345 EXPECT_TRUE(cookie_settings_
->IsReadingCookieAllowed(
346 kHttpsSite
, kHttpsSite
));