1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "base/command_line.h"
6 #include "chrome/common/chrome_switches.h"
7 #include "content/public/common/origin_util.h"
8 #include "testing/gtest/include/gtest/gtest.h"
11 using content::IsOriginSecure
;
15 TEST(SecureOriginWhiteList
, UnsafelyTreatInsecureOriginAsSecure
) {
16 EXPECT_FALSE(content::IsOriginSecure(GURL("http://example.com/a.html")));
18 content::IsOriginSecure(GURL("http://127.example.com/a.html")));
20 // Add http://example.com and http://127.example.com to whitelist by
21 // command-line and see if they are now considered secure origins.
22 // (The command line is applied via
23 // ChromeContentClient::AddSecureSchemesAndOrigins)
24 base::CommandLine
* command_line
= base::CommandLine::ForCurrentProcess();
25 command_line
->AppendSwitchASCII(
26 switches::kUnsafelyTreatInsecureOriginAsSecure
,
27 "http://example.com,http://127.example.com");
28 command_line
->AppendSwitch(switches::kUserDataDir
);
29 content::ResetSchemesAndOriginsWhitelistForTesting();
31 // They should be now white-listed.
32 EXPECT_TRUE(content::IsOriginSecure(GURL("http://example.com/a.html")));
33 EXPECT_TRUE(content::IsOriginSecure(GURL("http://127.example.com/a.html")));
35 // Check that similarly named sites are not considered secure.
36 EXPECT_FALSE(content::IsOriginSecure(GURL("http://128.example.com/a.html")));
37 EXPECT_FALSE(content::IsOriginSecure(
38 GURL("http://foobar.127.example.com/a.html")));