Only grant permissions to new extensions from sync if they have the expected version
[chromium-blink-merge.git] / chrome / browser / extensions / extension_resource_request_policy_apitest.cc
blob2f2fbf8313265ef5d185db18b38a656597369d00
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "base/command_line.h"
6 #include "base/logging.h"
7 #include "chrome/browser/extensions/extension_apitest.h"
8 #include "chrome/browser/ui/browser.h"
9 #include "chrome/browser/ui/tabs/tab_strip_model.h"
10 #include "chrome/test/base/test_switches.h"
11 #include "chrome/test/base/ui_test_utils.h"
12 #include "content/public/browser/web_contents.h"
13 #include "content/public/test/browser_test_utils.h"
14 #include "extensions/common/switches.h"
15 #include "net/dns/mock_host_resolver.h"
16 #include "url/gurl.h"
18 class ExtensionResourceRequestPolicyTest : public ExtensionApiTest {
19 protected:
20 void SetUpCommandLine(base::CommandLine* command_line) override {
21 ExtensionApiTest::SetUpCommandLine(command_line);
22 command_line->AppendSwitch(
23 extensions::switches::kAllowLegacyExtensionManifests);
27 // Note, this mostly tests the logic of chrome/renderer/extensions/
28 // extension_resource_request_policy.*, but we have it as a browser test so that
29 // can make sure it works end-to-end.
30 IN_PROC_BROWSER_TEST_F(ExtensionResourceRequestPolicyTest, OriginPrivileges) {
31 #if defined(OS_WIN) && defined(USE_ASH)
32 // Disable this test in Metro+Ash for now (http://crbug.com/262796).
33 if (base::CommandLine::ForCurrentProcess()->HasSwitch(
34 switches::kAshBrowserTests))
35 return;
36 #endif
38 host_resolver()->AddRule("*", "127.0.0.1");
39 ASSERT_TRUE(test_server()->Start());
40 ASSERT_TRUE(LoadExtensionWithFlags(test_data_dir_
41 .AppendASCII("extension_resource_request_policy")
42 .AppendASCII("extension"),
43 // Tests manifest_version 1 behavior, so warnings are expected.
44 ExtensionBrowserTest::kFlagIgnoreManifestWarnings));
46 GURL web_resource(
47 test_server()->GetURL(
48 "files/extensions/api_test/extension_resource_request_policy/"
49 "index.html"));
51 GURL::Replacements make_host_a_com;
52 make_host_a_com.SetHostStr("a.com");
54 GURL::Replacements make_host_b_com;
55 make_host_b_com.SetHostStr("b.com");
57 // A web host that has permission.
58 ui_test_utils::NavigateToURL(
59 browser(), web_resource.ReplaceComponents(make_host_a_com));
60 std::string result;
61 ASSERT_TRUE(content::ExecuteScriptAndExtractString(
62 browser()->tab_strip_model()->GetActiveWebContents(),
63 "window.domAutomationController.send(document.title)",
64 &result));
65 EXPECT_EQ(result, "Loaded");
67 // A web host that loads a non-existent extension.
68 GURL non_existent_extension(
69 test_server()->GetURL(
70 "files/extensions/api_test/extension_resource_request_policy/"
71 "non_existent_extension.html"));
72 ui_test_utils::NavigateToURL(browser(), non_existent_extension);
73 ASSERT_TRUE(content::ExecuteScriptAndExtractString(
74 browser()->tab_strip_model()->GetActiveWebContents(),
75 "window.domAutomationController.send(document.title)",
76 &result));
77 EXPECT_EQ(result, "Image failed to load");
79 // A data URL. Data URLs should always be able to load chrome-extension://
80 // resources.
81 std::string file_source;
82 ASSERT_TRUE(base::ReadFileToString(
83 test_data_dir_.AppendASCII("extension_resource_request_policy")
84 .AppendASCII("index.html"), &file_source));
85 ui_test_utils::NavigateToURL(browser(),
86 GURL(std::string("data:text/html;charset=utf-8,") + file_source));
87 ASSERT_TRUE(content::ExecuteScriptAndExtractString(
88 browser()->tab_strip_model()->GetActiveWebContents(),
89 "window.domAutomationController.send(document.title)",
90 &result));
91 EXPECT_EQ(result, "Loaded");
93 // A different extension. Legacy (manifest_version 1) extensions should always
94 // be able to load each other's resources.
95 ASSERT_TRUE(LoadExtensionWithFlags(test_data_dir_
96 .AppendASCII("extension_resource_request_policy")
97 .AppendASCII("extension2"),
98 // Tests manifest_version 1 behavior, so warnings are expected.
99 ExtensionBrowserTest::kFlagIgnoreManifestWarnings));
100 ui_test_utils::NavigateToURL(
101 browser(),
102 GURL("chrome-extension://pbkkcbgdkliohhfaeefcijaghglkahja/index.html"));
103 ASSERT_TRUE(content::ExecuteScriptAndExtractString(
104 browser()->tab_strip_model()->GetActiveWebContents(),
105 "window.domAutomationController.send(document.title)",
106 &result));
107 EXPECT_EQ(result, "Loaded");
110 IN_PROC_BROWSER_TEST_F(ExtensionResourceRequestPolicyTest,
111 ExtensionCanLoadHostedAppIcons) {
112 ASSERT_TRUE(LoadExtensionWithFlags(test_data_dir_
113 .AppendASCII("extension_resource_request_policy")
114 .AppendASCII("extension"),
115 // Tests manifest_version 1 behavior, so warnings are expected.
116 ExtensionBrowserTest::kFlagIgnoreManifestWarnings));
118 ASSERT_TRUE(RunExtensionSubtest(
119 "extension_resource_request_policy/extension2/",
120 "can_load_icons_from_hosted_apps.html",
121 // Tests manifest_version 1 behavior, so warnings are expected.
122 ExtensionApiTest::kFlagIgnoreManifestWarnings)) << message_;
125 IN_PROC_BROWSER_TEST_F(ExtensionResourceRequestPolicyTest, Audio) {
126 EXPECT_TRUE(RunExtensionSubtest(
127 "extension_resource_request_policy/extension2",
128 "audio.html",
129 // Tests manifest_version 1 behavior, so warnings are expected.
130 ExtensionApiTest::kFlagIgnoreManifestWarnings)) << message_;
133 #if defined(OS_MACOSX) || defined(OS_WIN)
134 // http://crbug.com/238733 - Video is flaky on Mac and Win.
135 #define MAYBE_Video DISABLED_Video
136 #else
137 #define MAYBE_Video Video
138 #endif
140 IN_PROC_BROWSER_TEST_F(ExtensionResourceRequestPolicyTest, MAYBE_Video) {
141 EXPECT_TRUE(RunExtensionSubtest(
142 "extension_resource_request_policy/extension2",
143 "video.html",
144 // Tests manifest_version 1 behavior, so warnings are expected.
145 ExtensionApiTest::kFlagIgnoreManifestWarnings)) << message_;
148 // This test times out regularly on win_rel trybots. See http://crbug.com/122154
149 #if defined(OS_WIN)
150 #define MAYBE_WebAccessibleResources DISABLED_WebAccessibleResources
151 #else
152 #define MAYBE_WebAccessibleResources WebAccessibleResources
153 #endif
154 IN_PROC_BROWSER_TEST_F(ExtensionResourceRequestPolicyTest,
155 MAYBE_WebAccessibleResources) {
156 std::string result;
157 ASSERT_TRUE(test_server()->Start());
158 ASSERT_TRUE(LoadExtension(test_data_dir_
159 .AppendASCII("extension_resource_request_policy")
160 .AppendASCII("web_accessible")));
162 GURL accessible_resource(
163 test_server()->GetURL(
164 "files/extensions/api_test/extension_resource_request_policy/"
165 "web_accessible/accessible_resource.html"));
166 ui_test_utils::NavigateToURL(browser(), accessible_resource);
167 ASSERT_TRUE(content::ExecuteScriptAndExtractString(
168 browser()->tab_strip_model()->GetActiveWebContents(),
169 "window.domAutomationController.send(document.title)",
170 &result));
171 EXPECT_EQ("Loaded", result);
173 GURL xhr_accessible_resource(
174 test_server()->GetURL(
175 "files/extensions/api_test/extension_resource_request_policy/"
176 "web_accessible/xhr_accessible_resource.html"));
177 ui_test_utils::NavigateToURL(
178 browser(), xhr_accessible_resource);
179 ASSERT_TRUE(content::ExecuteScriptAndExtractString(
180 browser()->tab_strip_model()->GetActiveWebContents(),
181 "window.domAutomationController.send(document.title)",
182 &result));
183 EXPECT_EQ("XHR completed with status: 200", result);
185 GURL xhr_inaccessible_resource(
186 test_server()->GetURL(
187 "files/extensions/api_test/extension_resource_request_policy/"
188 "web_accessible/xhr_inaccessible_resource.html"));
189 ui_test_utils::NavigateToURL(
190 browser(), xhr_inaccessible_resource);
191 ASSERT_TRUE(content::ExecuteScriptAndExtractString(
192 browser()->tab_strip_model()->GetActiveWebContents(),
193 "window.domAutomationController.send(document.title)",
194 &result));
195 EXPECT_EQ("XHR failed to load resource", result);
197 GURL nonaccessible_resource(
198 test_server()->GetURL(
199 "files/extensions/api_test/extension_resource_request_policy/"
200 "web_accessible/nonaccessible_resource.html"));
201 ui_test_utils::NavigateToURL(browser(), nonaccessible_resource);
202 ASSERT_TRUE(content::ExecuteScriptAndExtractString(
203 browser()->tab_strip_model()->GetActiveWebContents(),
204 "window.domAutomationController.send(document.title)",
205 &result));
206 EXPECT_EQ("Image failed to load", result);
208 GURL nonexistent_resource(
209 test_server()->GetURL(
210 "files/extensions/api_test/extension_resource_request_policy/"
211 "web_accessible/nonexistent_resource.html"));
212 ui_test_utils::NavigateToURL(browser(), nonexistent_resource);
213 ASSERT_TRUE(content::ExecuteScriptAndExtractString(
214 browser()->tab_strip_model()->GetActiveWebContents(),
215 "window.domAutomationController.send(document.title)",
216 &result));
217 EXPECT_EQ("Image failed to load", result);
219 GURL nonaccessible_cer_resource(
220 test_server()->GetURL(
221 "files/extensions/api_test/extension_resource_request_policy/"
222 "web_accessible/nonaccessible_chrome_resource_scheme.html"));
223 ui_test_utils::NavigateToURL(browser(), nonaccessible_cer_resource);
224 ASSERT_TRUE(content::ExecuteScriptAndExtractString(
225 browser()->tab_strip_model()->GetActiveWebContents(),
226 "window.domAutomationController.send(document.title)",
227 &result));
228 EXPECT_EQ("Loading CER:// failed.", result);
230 GURL newtab_page("chrome://newtab");
231 GURL accessible_newtab_override(
232 test_server()->GetURL(
233 "files/extensions/api_test/extension_resource_request_policy/"
234 "web_accessible/accessible_history_navigation.html"));
235 ui_test_utils::NavigateToURL(browser(), newtab_page);
236 ui_test_utils::NavigateToURLBlockUntilNavigationsComplete(
237 browser(), accessible_newtab_override, 2);
238 ASSERT_TRUE(content::ExecuteScriptAndExtractString(
239 browser()->tab_strip_model()->GetActiveWebContents(),
240 "window.domAutomationController.send(document.title)",
241 &result));
242 EXPECT_EQ("New Tab Page Loaded Successfully", result);
245 IN_PROC_BROWSER_TEST_F(ExtensionResourceRequestPolicyTest,
246 LinkToWebAccessibleResources) {
247 std::string result;
248 ASSERT_TRUE(test_server()->Start());
249 ASSERT_TRUE(LoadExtension(test_data_dir_
250 .AppendASCII("extension_resource_request_policy")
251 .AppendASCII("web_accessible")));
253 GURL accessible_linked_resource(
254 test_server()->GetURL(
255 "files/extensions/api_test/extension_resource_request_policy/"
256 "web_accessible/accessible_link_resource.html"));
257 ui_test_utils::NavigateToURLBlockUntilNavigationsComplete(browser(),
258 accessible_linked_resource, 2);
259 ASSERT_TRUE(content::ExecuteScriptAndExtractString(
260 browser()->tab_strip_model()->GetActiveWebContents(),
261 "window.domAutomationController.send(document.URL)",
262 &result));
263 EXPECT_NE("about:blank", result);
265 GURL nonaccessible_linked_resource(
266 test_server()->GetURL(
267 "files/extensions/api_test/extension_resource_request_policy/"
268 "web_accessible/nonaccessible_link_resource.html"));
269 ui_test_utils::NavigateToURLBlockUntilNavigationsComplete(browser(),
270 nonaccessible_linked_resource, 2);
271 ASSERT_TRUE(content::ExecuteScriptAndExtractString(
272 browser()->tab_strip_model()->GetActiveWebContents(),
273 "window.domAutomationController.send(document.URL)",
274 &result));
275 EXPECT_EQ("about:blank", result);
277 GURL accessible_client_redirect_resource(
278 test_server()->GetURL(
279 "files/extensions/api_test/extension_resource_request_policy/"
280 "web_accessible/accessible_redirect_resource.html"));
281 ui_test_utils::NavigateToURLBlockUntilNavigationsComplete(browser(),
282 accessible_client_redirect_resource, 2);
283 ASSERT_TRUE(content::ExecuteScriptAndExtractString(
284 browser()->tab_strip_model()->GetActiveWebContents(),
285 "window.domAutomationController.send(document.URL)",
286 &result));
287 EXPECT_NE("about:blank", result);
289 GURL nonaccessible_client_redirect_resource(
290 test_server()->GetURL(
291 "files/extensions/api_test/extension_resource_request_policy/"
292 "web_accessible/nonaccessible_redirect_resource.html"));
293 ui_test_utils::NavigateToURLBlockUntilNavigationsComplete(browser(),
294 nonaccessible_client_redirect_resource, 2);
295 ASSERT_TRUE(content::ExecuteScriptAndExtractString(
296 browser()->tab_strip_model()->GetActiveWebContents(),
297 "window.domAutomationController.send(document.URL)",
298 &result));
299 EXPECT_EQ("about:blank", result);
302 IN_PROC_BROWSER_TEST_F(ExtensionResourceRequestPolicyTest,
303 WebAccessibleResourcesWithCSP) {
304 std::string result;
305 ASSERT_TRUE(test_server()->Start());
306 ASSERT_TRUE(LoadExtension(test_data_dir_
307 .AppendASCII("extension_resource_request_policy")
308 .AppendASCII("web_accessible")));
310 GURL accessible_resource_with_csp(
311 test_server()->GetURL(
312 "files/extensions/api_test/extension_resource_request_policy/"
313 "web_accessible/accessible_resource_with_csp.html"));
314 ui_test_utils::NavigateToURL(browser(), accessible_resource_with_csp);
315 ASSERT_TRUE(content::ExecuteScriptAndExtractString(
316 browser()->tab_strip_model()->GetActiveWebContents(),
317 "window.domAutomationController.send(document.title)",
318 &result));
319 EXPECT_EQ("Loaded", result);
322 IN_PROC_BROWSER_TEST_F(ExtensionResourceRequestPolicyTest, Iframe) {
323 // Load another extension, which the test one shouldn't be able to get
324 // resources from.
325 ASSERT_TRUE(LoadExtension(test_data_dir_
326 .AppendASCII("extension_resource_request_policy")
327 .AppendASCII("inaccessible")));
328 EXPECT_TRUE(RunExtensionSubtest(
329 "extension_resource_request_policy/web_accessible",
330 "iframe.html")) << message_;
333 #if defined(OS_MACOSX)
334 #define MAYBE_ExtensionAccessibleResources DISABLED_ExtensionAccessibleResources
335 #else
336 #define MAYBE_ExtensionAccessibleResources ExtensionAccessibleResources
337 #endif
338 IN_PROC_BROWSER_TEST_F(ExtensionResourceRequestPolicyTest,
339 MAYBE_ExtensionAccessibleResources) {
340 ASSERT_TRUE(RunExtensionSubtest("accessible_cer", "main.html")) << message_;