components/content_settings/core/browser/cookie_settings_unittest.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "components/content_settings/core/browser/cookie_settings.h"
   6
   7 #include "components/content_settings/core/browser/host_content_settings_map.h"
   8 #include "components/content_settings/core/common/content_settings_pattern.h"
   9 #include "components/content_settings/core/common/pref_names.h"
  10 #include "components/pref_registry/testing_pref_service_syncable.h"
  11 #include "testing/gtest/include/gtest/gtest.h"
  12 #include "url/gurl.h"
  13
  14 namespace content_settings {
  15
  16 namespace {
  17
  18 class CookieSettingsTest : public testing::Test {
  19  public:
  20   CookieSettingsTest()
  21       : kBlockedSite("http://ads.thirdparty.com"),
  22         kAllowedSite("http://good.allays.com"),
  23         kFirstPartySite("http://cool.things.com"),
  24         kBlockedFirstPartySite("http://no.thirdparties.com"),
  25         kChromeURL("chrome://foo"),
  26         kExtensionURL("chrome-extension://deadbeef"),
  27         kHttpSite("http://example.com"),
  28         kHttpsSite("https://example.com"),
  29         kAllHttpsSitesPattern(ContentSettingsPattern::FromString("https://*")) {
  30     CookieSettings::RegisterProfilePrefs(prefs_.registry());
  31     HostContentSettingsMap::RegisterProfilePrefs(prefs_.registry());
  32     settings_map_ = new HostContentSettingsMap(&prefs_, false);
  33     cookie_settings_ =
  34         new CookieSettings(settings_map_.get(), &prefs_, "chrome-extension");
  35   }
  36
  37   ~CookieSettingsTest() override { settings_map_->ShutdownOnUIThread(); }
  38
  39  protected:
  40   user_prefs::TestingPrefServiceSyncable prefs_;
  41   scoped_refptr<HostContentSettingsMap> settings_map_;
  42   scoped_refptr<CookieSettings> cookie_settings_;
  43   const GURL kBlockedSite;
  44   const GURL kAllowedSite;
  45   const GURL kFirstPartySite;
  46   const GURL kBlockedFirstPartySite;
  47   const GURL kChromeURL;
  48   const GURL kExtensionURL;
  49   const GURL kHttpSite;
  50   const GURL kHttpsSite;
  51   ContentSettingsPattern kAllHttpsSitesPattern;
  52 };
  53
  54 TEST_F(CookieSettingsTest, TestWhitelistedScheme) {
  55   cookie_settings_->SetCookieSetting(ContentSettingsPattern::Wildcard(),
  56                                      ContentSettingsPattern::Wildcard(),
  57                                      CONTENT_SETTING_BLOCK);
  58   EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(kHttpSite, kChromeURL));
  59   EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(kHttpsSite, kChromeURL));
  60   EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(kChromeURL, kHttpSite));
  61 #if defined(ENABLE_EXTENSIONS)
  62   EXPECT_TRUE(
  63       cookie_settings_->IsReadingCookieAllowed(kExtensionURL, kExtensionURL));
  64 #else
  65   EXPECT_FALSE(
  66       cookie_settings_->IsReadingCookieAllowed(kExtensionURL, kExtensionURL));
  67 #endif
  68   EXPECT_FALSE(
  69       cookie_settings_->IsReadingCookieAllowed(kExtensionURL, kHttpSite));
  70 }
  71
  72 TEST_F(CookieSettingsTest, CookiesBlockSingle) {
  73   cookie_settings_->SetCookieSetting(
  74       ContentSettingsPattern::FromURL(kBlockedSite),
  75       ContentSettingsPattern::Wildcard(), CONTENT_SETTING_BLOCK);
  76   EXPECT_FALSE(
  77       cookie_settings_->IsReadingCookieAllowed(kBlockedSite, kBlockedSite));
  78 }
  79
  80 TEST_F(CookieSettingsTest, CookiesBlockThirdParty) {
  81   prefs_.SetBoolean(prefs::kBlockThirdPartyCookies, true);
  82   EXPECT_FALSE(
  83       cookie_settings_->IsReadingCookieAllowed(kBlockedSite, kFirstPartySite));
  84   EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kBlockedSite));
  85   EXPECT_FALSE(
  86       cookie_settings_->IsSettingCookieAllowed(kBlockedSite, kFirstPartySite));
  87 }
  88
  89 TEST_F(CookieSettingsTest, CookiesAllowThirdParty) {
  90   EXPECT_TRUE(
  91       cookie_settings_->IsReadingCookieAllowed(kBlockedSite, kFirstPartySite));
  92   EXPECT_TRUE(
  93       cookie_settings_->IsSettingCookieAllowed(kBlockedSite, kFirstPartySite));
  94   EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kBlockedSite));
  95 }
  96
  97 TEST_F(CookieSettingsTest, CookiesExplicitBlockSingleThirdParty) {
  98   cookie_settings_->SetCookieSetting(
  99       ContentSettingsPattern::FromURL(kBlockedSite),
 100       ContentSettingsPattern::Wildcard(), CONTENT_SETTING_BLOCK);
 101   EXPECT_FALSE(
 102       cookie_settings_->IsReadingCookieAllowed(kBlockedSite, kFirstPartySite));
 103   EXPECT_FALSE(
 104       cookie_settings_->IsSettingCookieAllowed(kBlockedSite, kFirstPartySite));
 105   EXPECT_TRUE(
 106       cookie_settings_->IsSettingCookieAllowed(kAllowedSite, kFirstPartySite));
 107 }
 108
 109 TEST_F(CookieSettingsTest, CookiesExplicitSessionOnly) {
 110   cookie_settings_->SetCookieSetting(
 111       ContentSettingsPattern::FromURL(kBlockedSite),
 112       ContentSettingsPattern::Wildcard(), CONTENT_SETTING_SESSION_ONLY);
 113   EXPECT_TRUE(
 114       cookie_settings_->IsReadingCookieAllowed(kBlockedSite, kFirstPartySite));
 115   EXPECT_TRUE(
 116       cookie_settings_->IsSettingCookieAllowed(kBlockedSite, kFirstPartySite));
 117   EXPECT_TRUE(cookie_settings_->IsCookieSessionOnly(kBlockedSite));
 118
 119   prefs_.SetBoolean(prefs::kBlockThirdPartyCookies, true);
 120   EXPECT_TRUE(
 121       cookie_settings_->IsReadingCookieAllowed(kBlockedSite, kFirstPartySite));
 122   EXPECT_TRUE(
 123       cookie_settings_->IsSettingCookieAllowed(kBlockedSite, kFirstPartySite));
 124   EXPECT_TRUE(cookie_settings_->IsCookieSessionOnly(kBlockedSite));
 125 }
 126
 127 TEST_F(CookieSettingsTest, CookiesThirdPartyBlockedExplicitAllow) {
 128   cookie_settings_->SetCookieSetting(
 129       ContentSettingsPattern::FromURL(kAllowedSite),
 130       ContentSettingsPattern::Wildcard(), CONTENT_SETTING_ALLOW);
 131   prefs_.SetBoolean(prefs::kBlockThirdPartyCookies, true);
 132   EXPECT_TRUE(
 133       cookie_settings_->IsReadingCookieAllowed(kAllowedSite, kFirstPartySite));
 134   EXPECT_TRUE(
 135       cookie_settings_->IsSettingCookieAllowed(kAllowedSite, kFirstPartySite));
 136   EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kAllowedSite));
 137
 138   // Extensions should always be allowed to use cookies.
 139   EXPECT_TRUE(
 140       cookie_settings_->IsReadingCookieAllowed(kAllowedSite, kExtensionURL));
 141   EXPECT_TRUE(
 142       cookie_settings_->IsSettingCookieAllowed(kAllowedSite, kExtensionURL));
 143 }
 144
 145 TEST_F(CookieSettingsTest, CookiesThirdPartyBlockedAllSitesAllowed) {
 146   cookie_settings_->SetCookieSetting(
 147       ContentSettingsPattern::FromURL(kAllowedSite),
 148       ContentSettingsPattern::Wildcard(), CONTENT_SETTING_ALLOW);
 149   prefs_.SetBoolean(prefs::kBlockThirdPartyCookies, true);
 150   // As an example for a pattern that matches all hosts but not all origins,
 151   // match all HTTPS sites.
 152   cookie_settings_->SetCookieSetting(kAllHttpsSitesPattern,
 153                                      ContentSettingsPattern::Wildcard(),
 154                                      CONTENT_SETTING_ALLOW);
 155   cookie_settings_->SetDefaultCookieSetting(CONTENT_SETTING_SESSION_ONLY);
 156
 157   // |kAllowedSite| should be allowed.
 158   EXPECT_TRUE(
 159       cookie_settings_->IsReadingCookieAllowed(kAllowedSite, kBlockedSite));
 160   EXPECT_TRUE(
 161       cookie_settings_->IsSettingCookieAllowed(kAllowedSite, kBlockedSite));
 162   EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kAllowedSite));
 163
 164   // HTTPS sites should be allowed in a first-party context.
 165   EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(kHttpsSite, kHttpsSite));
 166   EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(kHttpsSite, kHttpsSite));
 167   EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kAllowedSite));
 168
 169   // HTTP sites should be allowed, but session-only.
 170   EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(kFirstPartySite,
 171                                                        kFirstPartySite));
 172   EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(kFirstPartySite,
 173                                                        kFirstPartySite));
 174   EXPECT_TRUE(cookie_settings_->IsCookieSessionOnly(kFirstPartySite));
 175
 176   // Third-party cookies should be blocked.
 177   EXPECT_FALSE(
 178       cookie_settings_->IsReadingCookieAllowed(kFirstPartySite, kBlockedSite));
 179   EXPECT_FALSE(
 180       cookie_settings_->IsSettingCookieAllowed(kFirstPartySite, kBlockedSite));
 181   EXPECT_FALSE(
 182       cookie_settings_->IsReadingCookieAllowed(kHttpsSite, kBlockedSite));
 183   EXPECT_FALSE(
 184       cookie_settings_->IsSettingCookieAllowed(kHttpsSite, kBlockedSite));
 185 }
 186
 187 TEST_F(CookieSettingsTest, CookiesBlockEverything) {
 188   cookie_settings_->SetDefaultCookieSetting(CONTENT_SETTING_BLOCK);
 189
 190   EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(kFirstPartySite,
 191                                                         kFirstPartySite));
 192   EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(kFirstPartySite,
 193                                                         kFirstPartySite));
 194   EXPECT_FALSE(
 195       cookie_settings_->IsSettingCookieAllowed(kAllowedSite, kFirstPartySite));
 196 }
 197
 198 TEST_F(CookieSettingsTest, CookiesBlockEverythingExceptAllowed) {
 199   cookie_settings_->SetDefaultCookieSetting(CONTENT_SETTING_BLOCK);
 200   cookie_settings_->SetCookieSetting(
 201       ContentSettingsPattern::FromURL(kAllowedSite),
 202       ContentSettingsPattern::Wildcard(), CONTENT_SETTING_ALLOW);
 203   EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(kFirstPartySite,
 204                                                         kFirstPartySite));
 205   EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(kFirstPartySite,
 206                                                         kFirstPartySite));
 207   EXPECT_TRUE(
 208       cookie_settings_->IsReadingCookieAllowed(kAllowedSite, kFirstPartySite));
 209   EXPECT_TRUE(
 210       cookie_settings_->IsSettingCookieAllowed(kAllowedSite, kFirstPartySite));
 211   EXPECT_TRUE(
 212       cookie_settings_->IsReadingCookieAllowed(kAllowedSite, kAllowedSite));
 213   EXPECT_TRUE(
 214       cookie_settings_->IsSettingCookieAllowed(kAllowedSite, kAllowedSite));
 215   EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kAllowedSite));
 216 }
 217
 218 TEST_F(CookieSettingsTest, CookiesBlockSingleFirstParty) {
 219   cookie_settings_->SetCookieSetting(
 220       ContentSettingsPattern::FromURL(kAllowedSite),
 221       ContentSettingsPattern::FromURL(kFirstPartySite), CONTENT_SETTING_ALLOW);
 222   cookie_settings_->SetCookieSetting(
 223       ContentSettingsPattern::FromURL(kAllowedSite),
 224       ContentSettingsPattern::FromURL(kBlockedFirstPartySite),
 225       CONTENT_SETTING_BLOCK);
 226
 227   EXPECT_TRUE(
 228       cookie_settings_->IsReadingCookieAllowed(kAllowedSite, kFirstPartySite));
 229   EXPECT_TRUE(
 230       cookie_settings_->IsSettingCookieAllowed(kAllowedSite, kFirstPartySite));
 231   EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kAllowedSite));
 232
 233   EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
 234       kAllowedSite, kBlockedFirstPartySite));
 235   EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(
 236       kAllowedSite, kBlockedFirstPartySite));
 237
 238   cookie_settings_->SetDefaultCookieSetting(CONTENT_SETTING_BLOCK);
 239
 240   EXPECT_TRUE(
 241       cookie_settings_->IsReadingCookieAllowed(kAllowedSite, kFirstPartySite));
 242   EXPECT_TRUE(
 243       cookie_settings_->IsSettingCookieAllowed(kAllowedSite, kFirstPartySite));
 244   EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kAllowedSite));
 245
 246   EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
 247       kAllowedSite, kBlockedFirstPartySite));
 248   EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(
 249       kAllowedSite, kBlockedFirstPartySite));
 250
 251   cookie_settings_->ResetCookieSetting(
 252       ContentSettingsPattern::FromURL(kAllowedSite),
 253       ContentSettingsPattern::FromURL(kFirstPartySite));
 254
 255   EXPECT_FALSE(
 256       cookie_settings_->IsReadingCookieAllowed(kAllowedSite, kFirstPartySite));
 257   EXPECT_FALSE(
 258       cookie_settings_->IsSettingCookieAllowed(kAllowedSite, kFirstPartySite));
 259 }
 260
 261 TEST_F(CookieSettingsTest, ExtensionsRegularSettings) {
 262   cookie_settings_->SetCookieSetting(
 263       ContentSettingsPattern::FromURL(kBlockedSite),
 264       ContentSettingsPattern::Wildcard(), CONTENT_SETTING_BLOCK);
 265
 266   // Regular cookie settings also apply to extensions.
 267   EXPECT_FALSE(
 268       cookie_settings_->IsReadingCookieAllowed(kBlockedSite, kExtensionURL));
 269 }
 270
 271 TEST_F(CookieSettingsTest, ExtensionsOwnCookies) {
 272   cookie_settings_->SetDefaultCookieSetting(CONTENT_SETTING_BLOCK);
 273
 274 #if defined(ENABLE_EXTENSIONS)
 275   // Extensions can always use cookies (and site data) in their own origin.
 276   EXPECT_TRUE(
 277       cookie_settings_->IsReadingCookieAllowed(kExtensionURL, kExtensionURL));
 278 #else
 279   // Except if extensions are disabled. Then the extension-specific checks do
 280   // not exist and the default setting is to block.
 281   EXPECT_FALSE(
 282       cookie_settings_->IsReadingCookieAllowed(kExtensionURL, kExtensionURL));
 283 #endif
 284 }
 285
 286 TEST_F(CookieSettingsTest, ExtensionsThirdParty) {
 287   prefs_.SetBoolean(prefs::kBlockThirdPartyCookies, true);
 288
 289   // XHRs stemming from extensions are exempt from third-party cookie blocking
 290   // rules (as the first party is always the extension's security origin).
 291   EXPECT_TRUE(
 292       cookie_settings_->IsSettingCookieAllowed(kBlockedSite, kExtensionURL));
 293 }
 294
 295 }  // namespace
 296
 297 }  // namespace content_settings