search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Use content::Referrer to pass around referrers in the plugin code
[chromium-blink-merge.git] / chrome / browser / content_settings / cookie_settings_unittest.cc
blob30b547f7e00d28c04e3add8ccbf9f10dcae3b8fa
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "base/auto_reset.h"
6 #include "base/message_loop/message_loop.h"
7 #include "base/prefs/pref_service.h"
8 #include "chrome/browser/content_settings/cookie_settings.h"
9 #include "chrome/common/pref_names.h"
10 #include "chrome/test/base/testing_profile.h"
11 #include "components/content_settings/core/common/content_settings_pattern.h"
12 #include "content/public/test/test_browser_thread.h"
13 #include "net/base/static_cookie_policy.h"
14 #include "testing/gtest/include/gtest/gtest.h"
15 #include "url/gurl.h"
16
17 using content::BrowserThread;
18
19 namespace {
20
21 class CookieSettingsTest : public testing::Test {
22 public:
23 CookieSettingsTest()
24 : ui_thread_(BrowserThread::UI, &message_loop_),
25 cookie_settings_(CookieSettings::Factory::GetForProfile(&profile_)
26 .get()),
27 kBlockedSite("http://ads.thirdparty.com"),
28 kAllowedSite("http://good.allays.com"),
29 kFirstPartySite("http://cool.things.com"),
30 kBlockedFirstPartySite("http://no.thirdparties.com"),
31 kExtensionURL("chrome-extension://deadbeef"),
32 kHttpsSite("https://example.com"),
33 kAllHttpsSitesPattern(ContentSettingsPattern::FromString("https://*")) {
34 }
35
36 protected:
37 base::MessageLoop message_loop_;
38 content::TestBrowserThread ui_thread_;
39 TestingProfile profile_;
40 CookieSettings* cookie_settings_;
41 const GURL kBlockedSite;
42 const GURL kAllowedSite;
43 const GURL kFirstPartySite;
44 const GURL kBlockedFirstPartySite;
45 const GURL kExtensionURL;
46 const GURL kHttpsSite;
47 ContentSettingsPattern kAllHttpsSitesPattern;
48 };
49
50 TEST_F(CookieSettingsTest, CookiesBlockSingle) {
51 cookie_settings_->SetCookieSetting(
52 ContentSettingsPattern::FromURL(kBlockedSite),
53 ContentSettingsPattern::Wildcard(),
54 CONTENT_SETTING_BLOCK);
55 EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
56 kBlockedSite, kBlockedSite));
57 }
58
59 TEST_F(CookieSettingsTest, CookiesBlockThirdParty) {
60 profile_.GetPrefs()->SetBoolean(prefs::kBlockThirdPartyCookies, true);
61 EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
62 kBlockedSite, kFirstPartySite));
63 EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kBlockedSite));
64 EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(
65 kBlockedSite, kFirstPartySite));
66 }
67
68 TEST_F(CookieSettingsTest, CookiesAllowThirdParty) {
69 EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
70 kBlockedSite, kFirstPartySite));
71 EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
72 kBlockedSite, kFirstPartySite));
73 EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kBlockedSite));
74 }
75
76 TEST_F(CookieSettingsTest, CookiesExplicitBlockSingleThirdParty) {
77 cookie_settings_->SetCookieSetting(
78 ContentSettingsPattern::FromURL(kBlockedSite),
79 ContentSettingsPattern::Wildcard(),
80 CONTENT_SETTING_BLOCK);
81 EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
82 kBlockedSite, kFirstPartySite));
83 EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(
84 kBlockedSite, kFirstPartySite));
85 EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
86 kAllowedSite, kFirstPartySite));
87 }
88
89 TEST_F(CookieSettingsTest, CookiesExplicitSessionOnly) {
90 cookie_settings_->SetCookieSetting(
91 ContentSettingsPattern::FromURL(kBlockedSite),
92 ContentSettingsPattern::Wildcard(),
93 CONTENT_SETTING_SESSION_ONLY);
94 EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
95 kBlockedSite, kFirstPartySite));
96 EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
97 kBlockedSite, kFirstPartySite));
98 EXPECT_TRUE(cookie_settings_->IsCookieSessionOnly(kBlockedSite));
99
100 profile_.GetPrefs()->SetBoolean(prefs::kBlockThirdPartyCookies, true);
101 EXPECT_TRUE(cookie_settings_->
102 IsReadingCookieAllowed(kBlockedSite, kFirstPartySite));
103 EXPECT_TRUE(cookie_settings_->
104 IsSettingCookieAllowed(kBlockedSite, kFirstPartySite));
105 EXPECT_TRUE(cookie_settings_->IsCookieSessionOnly(kBlockedSite));
106 }
107
108 TEST_F(CookieSettingsTest, CookiesThirdPartyBlockedExplicitAllow) {
109 cookie_settings_->SetCookieSetting(
110 ContentSettingsPattern::FromURL(kAllowedSite),
111 ContentSettingsPattern::Wildcard(),
112 CONTENT_SETTING_ALLOW);
113 profile_.GetPrefs()->SetBoolean(prefs::kBlockThirdPartyCookies, true);
114 EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
115 kAllowedSite, kFirstPartySite));
116 EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
117 kAllowedSite, kFirstPartySite));
118 EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kAllowedSite));
119
120 // Extensions should always be allowed to use cookies.
121 EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
122 kAllowedSite, kExtensionURL));
123 EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
124 kAllowedSite, kExtensionURL));
125 }
126
127 TEST_F(CookieSettingsTest, CookiesThirdPartyBlockedAllSitesAllowed) {
128 cookie_settings_->SetCookieSetting(
129 ContentSettingsPattern::FromURL(kAllowedSite),
130 ContentSettingsPattern::Wildcard(),
131 CONTENT_SETTING_ALLOW);
132 profile_.GetPrefs()->SetBoolean(prefs::kBlockThirdPartyCookies, true);
133 // As an example for a pattern that matches all hosts but not all origins,
134 // match all HTTPS sites.
135 cookie_settings_->SetCookieSetting(
136 kAllHttpsSitesPattern,
137 ContentSettingsPattern::Wildcard(),
138 CONTENT_SETTING_ALLOW);
139 cookie_settings_->SetDefaultCookieSetting(CONTENT_SETTING_SESSION_ONLY);
140
141 // |kAllowedSite| should be allowed.
142 EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
143 kAllowedSite, kBlockedSite));
144 EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
145 kAllowedSite, kBlockedSite));
146 EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kAllowedSite));
147
148 // HTTPS sites should be allowed in a first-party context.
149 EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
150 kHttpsSite, kHttpsSite));
151 EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
152 kHttpsSite, kHttpsSite));
153 EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kAllowedSite));
154
155 // HTTP sites should be allowed, but session-only.
156 EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
157 kFirstPartySite, kFirstPartySite));
158 EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
159 kFirstPartySite, kFirstPartySite));
160 EXPECT_TRUE(cookie_settings_->IsCookieSessionOnly(kFirstPartySite));
161
162 // Third-party cookies should be blocked.
163 EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
164 kFirstPartySite, kBlockedSite));
165 EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(
166 kFirstPartySite, kBlockedSite));
167 EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
168 kHttpsSite, kBlockedSite));
169 EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(
170 kHttpsSite, kBlockedSite));
171 }
172
173 TEST_F(CookieSettingsTest, CookiesBlockEverything) {
174 cookie_settings_->SetDefaultCookieSetting(CONTENT_SETTING_BLOCK);
175
176 EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
177 kFirstPartySite, kFirstPartySite));
178 EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(
179 kFirstPartySite, kFirstPartySite));
180 EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(
181 kAllowedSite, kFirstPartySite));
182 }
183
184 TEST_F(CookieSettingsTest, CookiesBlockEverythingExceptAllowed) {
185 cookie_settings_->SetDefaultCookieSetting(CONTENT_SETTING_BLOCK);
186 cookie_settings_->SetCookieSetting(
187 ContentSettingsPattern::FromURL(kAllowedSite),
188 ContentSettingsPattern::Wildcard(),
189 CONTENT_SETTING_ALLOW);
190 EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
191 kFirstPartySite, kFirstPartySite));
192 EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(
193 kFirstPartySite, kFirstPartySite));
194 EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
195 kAllowedSite, kFirstPartySite));
196 EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
197 kAllowedSite, kFirstPartySite));
198 EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
199 kAllowedSite, kAllowedSite));
200 EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
201 kAllowedSite, kAllowedSite));
202 EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kAllowedSite));
203 }
204
205 TEST_F(CookieSettingsTest, CookiesBlockSingleFirstParty) {
206 cookie_settings_->SetCookieSetting(
207 ContentSettingsPattern::FromURL(kAllowedSite),
208 ContentSettingsPattern::FromURL(kFirstPartySite),
209 CONTENT_SETTING_ALLOW);
210 cookie_settings_->SetCookieSetting(
211 ContentSettingsPattern::FromURL(kAllowedSite),
212 ContentSettingsPattern::FromURL(kBlockedFirstPartySite),
213 CONTENT_SETTING_BLOCK);
214
215 EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
216 kAllowedSite, kFirstPartySite));
217 EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
218 kAllowedSite, kFirstPartySite));
219 EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kAllowedSite));
220
221 EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
222 kAllowedSite, kBlockedFirstPartySite));
223 EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(
224 kAllowedSite, kBlockedFirstPartySite));
225
226 cookie_settings_->SetDefaultCookieSetting(CONTENT_SETTING_BLOCK);
227
228 EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
229 kAllowedSite, kFirstPartySite));
230 EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
231 kAllowedSite, kFirstPartySite));
232 EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kAllowedSite));
233
234 EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
235 kAllowedSite, kBlockedFirstPartySite));
236 EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(
237 kAllowedSite, kBlockedFirstPartySite));
238
239 cookie_settings_->ResetCookieSetting(
240 ContentSettingsPattern::FromURL(kAllowedSite),
241 ContentSettingsPattern::FromURL(kFirstPartySite));
242
243 EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
244 kAllowedSite, kFirstPartySite));
245 EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(
246 kAllowedSite, kFirstPartySite));
247 }
248
249 TEST_F(CookieSettingsTest, ExtensionsRegularSettings) {
250 cookie_settings_->SetCookieSetting(
251 ContentSettingsPattern::FromURL(kBlockedSite),
252 ContentSettingsPattern::Wildcard(),
253 CONTENT_SETTING_BLOCK);
254
255 // Regular cookie settings also apply to extensions.
256 EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
257 kBlockedSite, kExtensionURL));
258 }
259
260 TEST_F(CookieSettingsTest, ExtensionsOwnCookies) {
261 cookie_settings_->SetDefaultCookieSetting(CONTENT_SETTING_BLOCK);
262
263 #if defined(ENABLE_EXTENSIONS)
264 // Extensions can always use cookies (and site data) in their own origin.
265 EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
266 kExtensionURL, kExtensionURL));
267 #else
268 // Except if extensions are disabled. Then the extension-specific checks do
269 // not exist and the default setting is to block.
270 EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
271 kExtensionURL, kExtensionURL));
272 #endif
273 }
274
275 TEST_F(CookieSettingsTest, ExtensionsThirdParty) {
276 profile_.GetPrefs()->SetBoolean(prefs::kBlockThirdPartyCookies, true);
277
278 // XHRs stemming from extensions are exempt from third-party cookie blocking
279 // rules (as the first party is always the extension's security origin).
280 EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
281 kBlockedSite, kExtensionURL));
282 }
283
284 } // namespace