chrome/browser/content_settings/cookie_settings_unittest.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "base/auto_reset.h"
   6 #include "base/command_line.h"
   7 #include "base/message_loop/message_loop.h"
   8 #include "base/prefs/pref_service.h"
   9 #include "chrome/browser/content_settings/cookie_settings.h"
  10 #include "chrome/common/chrome_switches.h"
  11 #include "chrome/common/content_settings_pattern.h"
  12 #include "chrome/common/pref_names.h"
  13 #include "chrome/test/base/testing_profile.h"
  14 #include "content/public/test/test_browser_thread.h"
  15 #include "net/base/static_cookie_policy.h"
  16 #include "testing/gtest/include/gtest/gtest.h"
  17 #include "url/gurl.h"
  18
  19 using content::BrowserThread;
  20
  21 namespace {
  22
  23 class CookieSettingsTest : public testing::Test {
  24  public:
  25   CookieSettingsTest()
  26       : ui_thread_(BrowserThread::UI, &message_loop_),
  27         cookie_settings_(CookieSettings::Factory::GetForProfile(&profile_)
  28                              .get()),
  29         kBlockedSite("http://ads.thirdparty.com"),
  30         kAllowedSite("http://good.allays.com"),
  31         kFirstPartySite("http://cool.things.com"),
  32         kBlockedFirstPartySite("http://no.thirdparties.com"),
  33         kExtensionURL("chrome-extension://deadbeef"),
  34         kHttpsSite("https://example.com"),
  35         kAllHttpsSitesPattern(ContentSettingsPattern::FromString("https://*")) {
  36   }
  37
  38  protected:
  39   base::MessageLoop message_loop_;
  40   content::TestBrowserThread ui_thread_;
  41   TestingProfile profile_;
  42   CookieSettings* cookie_settings_;
  43   const GURL kBlockedSite;
  44   const GURL kAllowedSite;
  45   const GURL kFirstPartySite;
  46   const GURL kBlockedFirstPartySite;
  47   const GURL kExtensionURL;
  48   const GURL kHttpsSite;
  49   ContentSettingsPattern kAllHttpsSitesPattern;
  50 };
  51
  52 TEST_F(CookieSettingsTest, CookiesBlockSingle) {
  53   cookie_settings_->SetCookieSetting(
  54       ContentSettingsPattern::FromURL(kBlockedSite),
  55       ContentSettingsPattern::Wildcard(),
  56       CONTENT_SETTING_BLOCK);
  57   EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
  58       kBlockedSite, kBlockedSite));
  59 }
  60
  61 TEST_F(CookieSettingsTest, CookiesBlockThirdParty) {
  62   profile_.GetPrefs()->SetBoolean(prefs::kBlockThirdPartyCookies, true);
  63   EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
  64       kBlockedSite, kFirstPartySite));
  65   EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kBlockedSite));
  66   EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(
  67       kBlockedSite, kFirstPartySite));
  68 }
  69
  70 TEST_F(CookieSettingsTest, CookiesAllowThirdParty) {
  71   EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
  72       kBlockedSite, kFirstPartySite));
  73   EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
  74       kBlockedSite, kFirstPartySite));
  75   EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kBlockedSite));
  76 }
  77
  78 TEST_F(CookieSettingsTest, CookiesExplicitBlockSingleThirdParty) {
  79   cookie_settings_->SetCookieSetting(
  80       ContentSettingsPattern::FromURL(kBlockedSite),
  81       ContentSettingsPattern::Wildcard(),
  82       CONTENT_SETTING_BLOCK);
  83   EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
  84       kBlockedSite, kFirstPartySite));
  85   EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(
  86       kBlockedSite, kFirstPartySite));
  87   EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
  88       kAllowedSite, kFirstPartySite));
  89 }
  90
  91 TEST_F(CookieSettingsTest, CookiesExplicitSessionOnly) {
  92   cookie_settings_->SetCookieSetting(
  93       ContentSettingsPattern::FromURL(kBlockedSite),
  94       ContentSettingsPattern::Wildcard(),
  95       CONTENT_SETTING_SESSION_ONLY);
  96   EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
  97       kBlockedSite, kFirstPartySite));
  98   EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
  99       kBlockedSite, kFirstPartySite));
 100   EXPECT_TRUE(cookie_settings_->IsCookieSessionOnly(kBlockedSite));
 101
 102   profile_.GetPrefs()->SetBoolean(prefs::kBlockThirdPartyCookies, true);
 103   EXPECT_TRUE(cookie_settings_->
 104               IsReadingCookieAllowed(kBlockedSite, kFirstPartySite));
 105   EXPECT_TRUE(cookie_settings_->
 106               IsSettingCookieAllowed(kBlockedSite, kFirstPartySite));
 107   EXPECT_TRUE(cookie_settings_->IsCookieSessionOnly(kBlockedSite));
 108 }
 109
 110 TEST_F(CookieSettingsTest, CookiesThirdPartyBlockedExplicitAllow) {
 111   cookie_settings_->SetCookieSetting(
 112       ContentSettingsPattern::FromURL(kAllowedSite),
 113       ContentSettingsPattern::Wildcard(),
 114       CONTENT_SETTING_ALLOW);
 115   profile_.GetPrefs()->SetBoolean(prefs::kBlockThirdPartyCookies, true);
 116   EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
 117       kAllowedSite, kFirstPartySite));
 118   EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
 119       kAllowedSite, kFirstPartySite));
 120   EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kAllowedSite));
 121
 122   // Extensions should always be allowed to use cookies.
 123   EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
 124       kAllowedSite, kExtensionURL));
 125   EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
 126       kAllowedSite, kExtensionURL));
 127
 128   // Extensions should always be allowed to use cookies.
 129   EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
 130       kAllowedSite, kExtensionURL));
 131   EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
 132       kAllowedSite, kExtensionURL));
 133 }
 134
 135 TEST_F(CookieSettingsTest, CookiesThirdPartyBlockedAllSitesAllowed) {
 136   cookie_settings_->SetCookieSetting(
 137       ContentSettingsPattern::FromURL(kAllowedSite),
 138       ContentSettingsPattern::Wildcard(),
 139       CONTENT_SETTING_ALLOW);
 140   profile_.GetPrefs()->SetBoolean(prefs::kBlockThirdPartyCookies, true);
 141   // As an example for a pattern that matches all hosts but not all origins,
 142   // match all HTTPS sites.
 143   cookie_settings_->SetCookieSetting(
 144       kAllHttpsSitesPattern,
 145       ContentSettingsPattern::Wildcard(),
 146       CONTENT_SETTING_ALLOW);
 147   cookie_settings_->SetDefaultCookieSetting(CONTENT_SETTING_SESSION_ONLY);
 148
 149   // |kAllowedSite| should be allowed.
 150   EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
 151       kAllowedSite, kBlockedSite));
 152   EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
 153       kAllowedSite, kBlockedSite));
 154   EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kAllowedSite));
 155
 156   // HTTPS sites should be allowed in a first-party context.
 157   EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
 158       kHttpsSite, kHttpsSite));
 159   EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
 160       kHttpsSite, kHttpsSite));
 161   EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kAllowedSite));
 162
 163   // HTTP sites should be allowed, but session-only.
 164   EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
 165       kFirstPartySite, kFirstPartySite));
 166   EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
 167       kFirstPartySite, kFirstPartySite));
 168   EXPECT_TRUE(cookie_settings_->IsCookieSessionOnly(kFirstPartySite));
 169
 170   // Third-party cookies should be blocked.
 171   EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
 172       kFirstPartySite, kBlockedSite));
 173   EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(
 174       kFirstPartySite, kBlockedSite));
 175   EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
 176       kHttpsSite, kBlockedSite));
 177   EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(
 178       kHttpsSite, kBlockedSite));
 179 }
 180
 181 TEST_F(CookieSettingsTest, CookiesBlockEverything) {
 182   cookie_settings_->SetDefaultCookieSetting(CONTENT_SETTING_BLOCK);
 183
 184   EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
 185       kFirstPartySite, kFirstPartySite));
 186   EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(
 187       kFirstPartySite, kFirstPartySite));
 188   EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(
 189       kAllowedSite, kFirstPartySite));
 190 }
 191
 192 TEST_F(CookieSettingsTest, CookiesBlockEverythingExceptAllowed) {
 193   cookie_settings_->SetDefaultCookieSetting(CONTENT_SETTING_BLOCK);
 194   cookie_settings_->SetCookieSetting(
 195       ContentSettingsPattern::FromURL(kAllowedSite),
 196       ContentSettingsPattern::Wildcard(),
 197       CONTENT_SETTING_ALLOW);
 198   EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
 199       kFirstPartySite, kFirstPartySite));
 200   EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(
 201       kFirstPartySite, kFirstPartySite));
 202   EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
 203       kAllowedSite, kFirstPartySite));
 204   EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
 205       kAllowedSite, kFirstPartySite));
 206   EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
 207       kAllowedSite, kAllowedSite));
 208   EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
 209       kAllowedSite, kAllowedSite));
 210   EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kAllowedSite));
 211 }
 212
 213 TEST_F(CookieSettingsTest, CookiesBlockSingleFirstParty) {
 214   cookie_settings_->SetCookieSetting(
 215       ContentSettingsPattern::FromURL(kAllowedSite),
 216       ContentSettingsPattern::FromURL(kFirstPartySite),
 217       CONTENT_SETTING_ALLOW);
 218   cookie_settings_->SetCookieSetting(
 219       ContentSettingsPattern::FromURL(kAllowedSite),
 220       ContentSettingsPattern::FromURL(kBlockedFirstPartySite),
 221       CONTENT_SETTING_BLOCK);
 222
 223   EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
 224       kAllowedSite, kFirstPartySite));
 225   EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
 226       kAllowedSite, kFirstPartySite));
 227   EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kAllowedSite));
 228
 229   EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
 230       kAllowedSite, kBlockedFirstPartySite));
 231   EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(
 232       kAllowedSite, kBlockedFirstPartySite));
 233
 234   cookie_settings_->SetDefaultCookieSetting(CONTENT_SETTING_BLOCK);
 235
 236   EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
 237       kAllowedSite, kFirstPartySite));
 238   EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
 239       kAllowedSite, kFirstPartySite));
 240   EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kAllowedSite));
 241
 242   EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
 243       kAllowedSite, kBlockedFirstPartySite));
 244   EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(
 245       kAllowedSite, kBlockedFirstPartySite));
 246
 247   cookie_settings_->ResetCookieSetting(
 248       ContentSettingsPattern::FromURL(kAllowedSite),
 249       ContentSettingsPattern::FromURL(kFirstPartySite));
 250
 251   EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
 252       kAllowedSite, kFirstPartySite));
 253   EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(
 254       kAllowedSite, kFirstPartySite));
 255 }
 256
 257 TEST_F(CookieSettingsTest, ExtensionsRegularSettings) {
 258   cookie_settings_->SetCookieSetting(
 259       ContentSettingsPattern::FromURL(kBlockedSite),
 260       ContentSettingsPattern::Wildcard(),
 261       CONTENT_SETTING_BLOCK);
 262
 263   // Regular cookie settings also apply to extensions.
 264   EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
 265       kBlockedSite, kExtensionURL));
 266 }
 267
 268 TEST_F(CookieSettingsTest, ExtensionsOwnCookies) {
 269   cookie_settings_->SetDefaultCookieSetting(CONTENT_SETTING_BLOCK);
 270
 271   // Extensions can always use cookies (and site data) in their own origin.
 272   EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
 273       kExtensionURL, kExtensionURL));
 274 }
 275
 276 TEST_F(CookieSettingsTest, ExtensionsThirdParty) {
 277   profile_.GetPrefs()->SetBoolean(prefs::kBlockThirdPartyCookies, true);
 278
 279   // XHRs stemming from extensions are exempt from third-party cookie blocking
 280   // rules (as the first party is always the extension's security origin).
 281   EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
 282       kBlockedSite, kExtensionURL));
 283 }
 284
 285 }  // namespace