1 // Copyright 2012 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include <stdint.h>
6
7 #include <algorithm>
8 #include <iterator>
9 #include <limits>
10 #include <memory>
11 #include <utility>
12
13 #include "base/base64url.h"
14 #include "base/compiler_specific.h"
15 #include "base/files/file_path.h"
16 #include "base/files/file_util.h"
17 #include "base/files/scoped_temp_dir.h"
18 #include "base/format_macros.h"
19 #include "base/functional/bind.h"
20 #include "base/functional/callback_helpers.h"
21 #include "base/location.h"
22 #include "base/memory/ptr_util.h"
23 #include "base/memory/raw_ptr.h"
24 #include "base/memory/weak_ptr.h"
25 #include "base/path_service.h"
26 #include "base/ranges/algorithm.h"
27 #include "base/run_loop.h"
28 #include "base/strings/escape.h"
29 #include "base/strings/strcat.h"
30 #include "base/strings/string_number_conversions.h"
31 #include "base/strings/string_piece.h"
32 #include "base/strings/string_split.h"
33 #include "base/strings/string_util.h"
34 #include "base/strings/stringprintf.h"
35 #include "base/strings/utf_string_conversions.h"
36 #include "base/task/single_thread_task_runner.h"
37 #include "base/test/bind.h"
38 #include "base/test/metrics/histogram_tester.h"
39 #include "base/test/scoped_feature_list.h"
40 #include "base/test/test_future.h"
41 #include "base/test/values_test_util.h"
42 #include "base/time/time.h"
43 #include "base/values.h"
44 #include "build/build_config.h"
45 #include "build/buildflag.h"
46 #include "crypto/sha2.h"
47 #include "net/base/chunked_upload_data_stream.h"
48 #include "net/base/directory_listing.h"
49 #include "net/base/elements_upload_data_stream.h"
50 #include "net/base/features.h"
51 #include "net/base/hash_value.h"
52 #include "net/base/ip_address.h"
53 #include "net/base/ip_endpoint.h"
54 #include "net/base/isolation_info.h"
55 #include "net/base/load_flags.h"
56 #include "net/base/load_timing_info.h"
57 #include "net/base/load_timing_info_test_util.h"
58 #include "net/base/net_errors.h"
59 #include "net/base/net_module.h"
60 #include "net/base/proxy_chain.h"
61 #include "net/base/proxy_server.h"
62 #include "net/base/proxy_string_util.h"
63 #include "net/base/request_priority.h"
64 #include "net/base/test_completion_callback.h"
65 #include "net/base/transport_info.h"
66 #include "net/base/upload_bytes_element_reader.h"
67 #include "net/base/upload_data_stream.h"
68 #include "net/base/upload_file_element_reader.h"
69 #include "net/base/url_util.h"
70 #include "net/cert/asn1_util.h"
71 #include "net/cert/caching_cert_verifier.h"
72 #include "net/cert/cert_net_fetcher.h"
73 #include "net/cert/cert_verifier.h"
74 #include "net/cert/coalescing_cert_verifier.h"
75 #include "net/cert/crl_set.h"
76 #include "net/cert/ct_policy_enforcer.h"
77 #include "net/cert/ct_policy_status.h"
78 #include "net/cert/do_nothing_ct_verifier.h"
79 #include "net/cert/ev_root_ca_metadata.h"
80 #include "net/cert/mock_cert_verifier.h"
81 #include "net/cert/multi_log_ct_verifier.h"
82 #include "net/cert/signed_certificate_timestamp_and_status.h"
83 #include "net/cert/test_root_certs.h"
84 #include "net/cert/x509_util.h"
85 #include "net/cert_net/cert_net_fetcher_url_request.h"
86 #include "net/cookies/canonical_cookie_test_helpers.h"
87 #include "net/cookies/cookie_inclusion_status.h"
88 #include "net/cookies/cookie_monster.h"
89 #include "net/cookies/cookie_setting_override.h"
90 #include "net/cookies/cookie_store_test_helpers.h"
91 #include "net/cookies/test_cookie_access_delegate.h"
92 #include "net/disk_cache/disk_cache.h"
93 #include "net/dns/mock_host_resolver.h"
94 #include "net/dns/public/host_resolver_results.h"
95 #include "net/dns/public/secure_dns_policy.h"
96 #include "net/http/http_byte_range.h"
97 #include "net/http/http_cache.h"
98 #include "net/http/http_connection_info.h"
99 #include "net/http/http_network_layer.h"
100 #include "net/http/http_network_session.h"
101 #include "net/http/http_request_headers.h"
102 #include "net/http/http_response_headers.h"
103 #include "net/http/http_server_properties.h"
104 #include "net/http/http_transaction_test_util.h"
105 #include "net/http/http_util.h"
106 #include "net/http/transport_security_state.h"
107 #include "net/http/transport_security_state_source.h"
108 #include "net/log/file_net_log_observer.h"
109 #include "net/log/net_log.h"
110 #include "net/log/net_log_event_type.h"
111 #include "net/log/net_log_source.h"
112 #include "net/log/test_net_log.h"
113 #include "net/log/test_net_log_util.h"
114 #include "net/net_buildflags.h"
115 #include "net/proxy_resolution/configured_proxy_resolution_service.h"
116 #include "net/quic/mock_crypto_client_stream_factory.h"
117 #include "net/quic/quic_server_info.h"
118 #include "net/socket/read_buffering_stream_socket.h"
119 #include "net/socket/socket_test_util.h"
120 #include "net/socket/ssl_client_socket.h"
121 #include "net/ssl/client_cert_identity_test_util.h"
122 #include "net/ssl/ssl_connection_status_flags.h"
123 #include "net/ssl/ssl_private_key.h"
124 #include "net/ssl/ssl_server_config.h"
125 #include "net/ssl/test_ssl_config_service.h"
126 #include "net/test/cert_test_util.h"
127 #include "net/test/embedded_test_server/http_request.h"
128 #include "net/test/embedded_test_server/http_response.h"
129 #include "net/test/gtest_util.h"
130 #include "net/test/spawned_test_server/spawned_test_server.h"
131 #include "net/test/test_data_directory.h"
132 #include "net/test/test_with_task_environment.h"
133 #include "net/test/url_request/url_request_failed_job.h"
134 #include "net/test/url_request/url_request_mock_http_job.h"
135 #include "net/traffic_annotation/network_traffic_annotation_test_helper.h"
136 #include "net/url_request/redirect_util.h"
137 #include "net/url_request/referrer_policy.h"
138 #include "net/url_request/static_http_user_agent_settings.h"
139 #include "net/url_request/url_request.h"
140 #include "net/url_request/url_request_context.h"
141 #include "net/url_request/url_request_context_builder.h"
142 #include "net/url_request/url_request_filter.h"
143 #include "net/url_request/url_request_http_job.h"
144 #include "net/url_request/url_request_interceptor.h"
145 #include "net/url_request/url_request_redirect_job.h"
146 #include "net/url_request/url_request_test_job.h"
147 #include "net/url_request/url_request_test_util.h"
148 #include "net/url_request/websocket_handshake_userdata_key.h"
149 #include "testing/gmock/include/gmock/gmock-matchers.h"
150 #include "testing/gmock/include/gmock/gmock.h"
151 #include "testing/gtest/include/gtest/gtest.h"
152 #include "testing/platform_test.h"
153 #include "third_party/abseil-cpp/absl/types/optional.h"
154 #include "third_party/boringssl/src/include/openssl/ssl.h"
155 #include "url/url_constants.h"
156 #include "url/url_util.h"
157
158 #if BUILDFLAG(IS_WIN)
159 #include <objbase.h>
160 #include <shlobj.h>
161 #include <windows.h>
162 #include <wrl/client.h>
163
164 #include "base/win/scoped_com_initializer.h"
165 #endif
166
167 #if BUILDFLAG(IS_APPLE)
168 #include "base/mac/mac_util.h"
169 #endif
170
171 #if BUILDFLAG(ENABLE_REPORTING)
172 #include "net/network_error_logging/network_error_logging_service.h"
173 #include "net/network_error_logging/network_error_logging_test_util.h"
174 #endif // BUILDFLAG(ENABLE_REPORTING)
175
176 #if BUILDFLAG(ENABLE_WEBSOCKETS)
177 #include "net/websockets/websocket_test_util.h"
178 #endif // BUILDFLAG(ENABLE_WEBSOCKETS)
179
180 using net::test::IsError;
181 using net::test::IsOk;
182 using net::test_server::RegisterDefaultHandlers;
183 using testing::_;
184 using testing::AnyOf;
185 using testing::ElementsAre;
186 using testing::IsEmpty;
187 using testing::Optional;
188 using testing::UnorderedElementsAre;
189
190 using base::ASCIIToUTF16;
191 using base::Time;
192 using std::string;
193
194 namespace net {
195
196 namespace {
197
198 namespace test_default {
199 #include "net/http/transport_security_state_static_unittest_default.h"
200 }
201
202 const std::u16string kSecret(u"secret");
203 const std::u16string kUser(u"user");
204
205 const base::FilePath::CharType kTestFilePath[] =
206 FILE_PATH_LITERAL("net/data/url_request_unittest");
207
208 // Tests load timing information in the case a fresh connection was used, with
209 // no proxy.
TestLoadTimingNotReused(const LoadTimingInfo & load_timing_info,int connect_timing_flags)210 void TestLoadTimingNotReused(const LoadTimingInfo& load_timing_info,
211 int connect_timing_flags) {
212 EXPECT_FALSE(load_timing_info.socket_reused);
213 EXPECT_NE(NetLogSource::kInvalidId, load_timing_info.socket_log_id);
214
215 EXPECT_FALSE(load_timing_info.request_start_time.is_null());
216 EXPECT_FALSE(load_timing_info.request_start.is_null());
217
218 EXPECT_LE(load_timing_info.request_start,
219 load_timing_info.connect_timing.connect_start);
220 ExpectConnectTimingHasTimes(load_timing_info.connect_timing,
221 connect_timing_flags);
222 EXPECT_LE(load_timing_info.connect_timing.connect_end,
223 load_timing_info.send_start);
224 EXPECT_LE(load_timing_info.send_start, load_timing_info.send_end);
225 EXPECT_LE(load_timing_info.send_end, load_timing_info.receive_headers_start);
226 EXPECT_LE(load_timing_info.receive_headers_start,
227 load_timing_info.receive_headers_end);
228
229 EXPECT_TRUE(load_timing_info.proxy_resolve_start.is_null());
230 EXPECT_TRUE(load_timing_info.proxy_resolve_end.is_null());
231 }
232
233 // Same as above, but with proxy times.
TestLoadTimingNotReusedWithProxy(const LoadTimingInfo & load_timing_info,int connect_timing_flags)234 void TestLoadTimingNotReusedWithProxy(const LoadTimingInfo& load_timing_info,
235 int connect_timing_flags) {
236 EXPECT_FALSE(load_timing_info.socket_reused);
237 EXPECT_NE(NetLogSource::kInvalidId, load_timing_info.socket_log_id);
238
239 EXPECT_FALSE(load_timing_info.request_start_time.is_null());
240 EXPECT_FALSE(load_timing_info.request_start.is_null());
241
242 EXPECT_LE(load_timing_info.request_start,
243 load_timing_info.proxy_resolve_start);
244 EXPECT_LE(load_timing_info.proxy_resolve_start,
245 load_timing_info.proxy_resolve_end);
246 EXPECT_LE(load_timing_info.proxy_resolve_end,
247 load_timing_info.connect_timing.connect_start);
248 ExpectConnectTimingHasTimes(load_timing_info.connect_timing,
249 connect_timing_flags);
250 EXPECT_LE(load_timing_info.connect_timing.connect_end,
251 load_timing_info.send_start);
252 EXPECT_LE(load_timing_info.send_start, load_timing_info.send_end);
253 EXPECT_LE(load_timing_info.send_end, load_timing_info.receive_headers_start);
254 EXPECT_LE(load_timing_info.receive_headers_start,
255 load_timing_info.receive_headers_end);
256 }
257
258 // Same as above, but with a reused socket and proxy times.
TestLoadTimingReusedWithProxy(const LoadTimingInfo & load_timing_info)259 void TestLoadTimingReusedWithProxy(const LoadTimingInfo& load_timing_info) {
260 EXPECT_TRUE(load_timing_info.socket_reused);
261 EXPECT_NE(NetLogSource::kInvalidId, load_timing_info.socket_log_id);
262
263 EXPECT_FALSE(load_timing_info.request_start_time.is_null());
264 EXPECT_FALSE(load_timing_info.request_start.is_null());
265
266 ExpectConnectTimingHasNoTimes(load_timing_info.connect_timing);
267
268 EXPECT_LE(load_timing_info.request_start,
269 load_timing_info.proxy_resolve_start);
270 EXPECT_LE(load_timing_info.proxy_resolve_start,
271 load_timing_info.proxy_resolve_end);
272 EXPECT_LE(load_timing_info.proxy_resolve_end, load_timing_info.send_start);
273 EXPECT_LE(load_timing_info.send_start, load_timing_info.send_end);
274 EXPECT_LE(load_timing_info.send_end, load_timing_info.receive_headers_start);
275 EXPECT_LE(load_timing_info.receive_headers_start,
276 load_timing_info.receive_headers_end);
277 }
278
GetAllCookies(URLRequestContext * request_context)279 CookieList GetAllCookies(URLRequestContext* request_context) {
280 CookieList cookie_list;
281 base::RunLoop run_loop;
282 request_context->cookie_store()->GetAllCookiesAsync(
283 base::BindLambdaForTesting([&](const CookieList& cookies) {
284 cookie_list = cookies;
285 run_loop.Quit();
286 }));
287 run_loop.Run();
288 return cookie_list;
289 }
290
TestLoadTimingCacheHitNoNetwork(const LoadTimingInfo & load_timing_info)291 void TestLoadTimingCacheHitNoNetwork(const LoadTimingInfo& load_timing_info) {
292 EXPECT_FALSE(load_timing_info.socket_reused);
293 EXPECT_EQ(NetLogSource::kInvalidId, load_timing_info.socket_log_id);
294
295 EXPECT_FALSE(load_timing_info.request_start_time.is_null());
296 EXPECT_FALSE(load_timing_info.request_start.is_null());
297
298 ExpectConnectTimingHasNoTimes(load_timing_info.connect_timing);
299 EXPECT_LE(load_timing_info.request_start, load_timing_info.send_start);
300 EXPECT_LE(load_timing_info.send_start, load_timing_info.send_end);
301 EXPECT_LE(load_timing_info.send_end, load_timing_info.receive_headers_start);
302 EXPECT_LE(load_timing_info.receive_headers_start,
303 load_timing_info.receive_headers_end);
304
305 EXPECT_TRUE(load_timing_info.proxy_resolve_start.is_null());
306 EXPECT_TRUE(load_timing_info.proxy_resolve_end.is_null());
307 }
308
309 // Job that allows monitoring of its priority.
310 class PriorityMonitoringURLRequestJob : public URLRequestTestJob {
311 public:
312 // The latest priority of the job is always written to |request_priority_|.
PriorityMonitoringURLRequestJob(URLRequest * request,RequestPriority * request_priority)313 PriorityMonitoringURLRequestJob(URLRequest* request,
314 RequestPriority* request_priority)
315 : URLRequestTestJob(request), request_priority_(request_priority) {
316 *request_priority_ = DEFAULT_PRIORITY;
317 }
318
SetPriority(RequestPriority priority)319 void SetPriority(RequestPriority priority) override {
320 *request_priority_ = priority;
321 URLRequestTestJob::SetPriority(priority);
322 }
323
324 private:
325 const raw_ptr<RequestPriority> request_priority_;
326 };
327
328 // Do a case-insensitive search through |haystack| for |needle|.
ContainsString(const std::string & haystack,const char * needle)329 bool ContainsString(const std::string& haystack, const char* needle) {
330 std::string::const_iterator it =
331 base::ranges::search(haystack, base::StringPiece(needle),
332 base::CaseInsensitiveCompareASCII<char>());
333 return it != haystack.end();
334 }
335
CreateSimpleUploadData(const char * data)336 std::unique_ptr<UploadDataStream> CreateSimpleUploadData(const char* data) {
337 auto reader = std::make_unique<UploadBytesElementReader>(data, strlen(data));
338 return ElementsUploadDataStream::CreateWithReader(std::move(reader), 0);
339 }
340
341 // Verify that the SSLInfo of a successful SSL connection has valid values.
CheckSSLInfo(const SSLInfo & ssl_info)342 void CheckSSLInfo(const SSLInfo& ssl_info) {
343 // The cipher suite TLS_NULL_WITH_NULL_NULL (0) must not be negotiated.
344 uint16_t cipher_suite =
345 SSLConnectionStatusToCipherSuite(ssl_info.connection_status);
346 EXPECT_NE(0U, cipher_suite);
347 }
348
349 // A network delegate that allows the user to choose a subset of request stages
350 // to block in. When blocking, the delegate can do one of the following:
351 // * synchronously return a pre-specified error code, or
352 // * asynchronously return that value via an automatically called callback,
353 // or
354 // * block and wait for the user to do a callback.
355 // Additionally, the user may also specify a redirect URL -- then each request
356 // with the current URL different from the redirect target will be redirected
357 // to that target, in the on-before-URL-request stage, independent of whether
358 // the delegate blocks in ON_BEFORE_URL_REQUEST or not.
359 class BlockingNetworkDelegate : public TestNetworkDelegate {
360 public:
361 // Stages in which the delegate can block.
362 enum Stage {
363 NOT_BLOCKED = 0,
364 ON_BEFORE_URL_REQUEST = 1 << 0,
365 ON_BEFORE_SEND_HEADERS = 1 << 1,
366 ON_HEADERS_RECEIVED = 1 << 2,
367 };
368
369 // Behavior during blocked stages. During other stages, just
370 // returns OK or NetworkDelegate::AUTH_REQUIRED_RESPONSE_NO_ACTION.
371 enum BlockMode {
372 SYNCHRONOUS, // No callback, returns specified return values.
373 AUTO_CALLBACK, // |this| posts a task to run the callback using the
374 // specified return codes.
375 USER_CALLBACK, // User takes care of doing a callback. |retval_| and
376 // |auth_retval_| are ignored. In every blocking stage the
377 // message loop is quit.
378 };
379
380 // Creates a delegate which does not block at all.
381 explicit BlockingNetworkDelegate(BlockMode block_mode);
382
383 BlockingNetworkDelegate(const BlockingNetworkDelegate&) = delete;
384 BlockingNetworkDelegate& operator=(const BlockingNetworkDelegate&) = delete;
385
386 // Runs the message loop until the delegate blocks.
387 void RunUntilBlocked();
388
389 // For users to trigger a callback returning |response|.
390 // Side-effects: resets |stage_blocked_for_callback_| and stored callbacks.
391 // Only call if |block_mode_| == USER_CALLBACK.
392 void DoCallback(int response);
393
394 // Setters.
set_retval(int retval)395 void set_retval(int retval) {
396 ASSERT_NE(USER_CALLBACK, block_mode_);
397 ASSERT_NE(ERR_IO_PENDING, retval);
398 ASSERT_NE(OK, retval);
399 retval_ = retval;
400 }
set_redirect_url(const GURL & url)401 void set_redirect_url(const GURL& url) { redirect_url_ = url; }
402
set_block_on(int block_on)403 void set_block_on(int block_on) { block_on_ = block_on; }
404
405 // Allows the user to check in which state did we block.
stage_blocked_for_callback() const406 Stage stage_blocked_for_callback() const {
407 EXPECT_EQ(USER_CALLBACK, block_mode_);
408 return stage_blocked_for_callback_;
409 }
410
411 private:
412 void OnBlocked();
413
414 void RunCallback(int response, CompletionOnceCallback callback);
415
416 // TestNetworkDelegate implementation.
417 int OnBeforeURLRequest(URLRequest* request,
418 CompletionOnceCallback callback,
419 GURL* new_url) override;
420
421 int OnBeforeStartTransaction(
422 URLRequest* request,
423 const HttpRequestHeaders& headers,
424 OnBeforeStartTransactionCallback callback) override;
425
426 int OnHeadersReceived(
427 URLRequest* request,
428 CompletionOnceCallback callback,
429 const HttpResponseHeaders* original_response_headers,
430 scoped_refptr<HttpResponseHeaders>* override_response_headers,
431 const IPEndPoint& endpoint,
432 absl::optional<GURL>* preserve_fragment_on_redirect_url) override;
433
434 // Resets the callbacks and |stage_blocked_for_callback_|.
435 void Reset();
436
437 // Checks whether we should block in |stage|. If yes, returns an error code
438 // and optionally sets up callback based on |block_mode_|. If no, returns OK.
439 int MaybeBlockStage(Stage stage, CompletionOnceCallback callback);
440
441 // Configuration parameters, can be adjusted by public methods:
442 const BlockMode block_mode_;
443
444 // Values returned on blocking stages when mode is SYNCHRONOUS or
445 // AUTO_CALLBACK. For USER_CALLBACK these are set automatically to IO_PENDING.
446 int retval_ = OK;
447
448 GURL redirect_url_; // Used if non-empty during OnBeforeURLRequest.
449 int block_on_ = 0; // Bit mask: in which stages to block.
450
451 // Internal variables, not set by not the user:
452 // Last blocked stage waiting for user callback (unused if |block_mode_| !=
453 // USER_CALLBACK).
454 Stage stage_blocked_for_callback_ = NOT_BLOCKED;
455
456 // Callback objects stored during blocking stages.
457 CompletionOnceCallback callback_;
458
459 // Closure to run to exit RunUntilBlocked().
460 base::OnceClosure on_blocked_;
461
462 base::WeakPtrFactory<BlockingNetworkDelegate> weak_factory_{this};
463 };
464
BlockingNetworkDelegate(BlockMode block_mode)465 BlockingNetworkDelegate::BlockingNetworkDelegate(BlockMode block_mode)
466 : block_mode_(block_mode) {}
467
RunUntilBlocked()468 void BlockingNetworkDelegate::RunUntilBlocked() {
469 base::RunLoop run_loop;
470 on_blocked_ = run_loop.QuitClosure();
471 run_loop.Run();
472 }
473
DoCallback(int response)474 void BlockingNetworkDelegate::DoCallback(int response) {
475 ASSERT_EQ(USER_CALLBACK, block_mode_);
476 ASSERT_NE(NOT_BLOCKED, stage_blocked_for_callback_);
477 CompletionOnceCallback callback = std::move(callback_);
478 Reset();
479
480 // |callback| may trigger completion of a request, so post it as a task, so
481 // it will run under a subsequent TestDelegate::RunUntilComplete() loop.
482 base::SingleThreadTaskRunner::GetCurrentDefault()->PostTask(
483 FROM_HERE, base::BindOnce(&BlockingNetworkDelegate::RunCallback,
484 weak_factory_.GetWeakPtr(), response,
485 std::move(callback)));
486 }
487
OnBlocked()488 void BlockingNetworkDelegate::OnBlocked() {
489 // If this fails due to |on_blocked_| being null then OnBlocked() was run by
490 // a RunLoop other than RunUntilBlocked(), indicating a bug in the calling
491 // test.
492 std::move(on_blocked_).Run();
493 }
494
RunCallback(int response,CompletionOnceCallback callback)495 void BlockingNetworkDelegate::RunCallback(int response,
496 CompletionOnceCallback callback) {
497 std::move(callback).Run(response);
498 }
499
OnBeforeURLRequest(URLRequest * request,CompletionOnceCallback callback,GURL * new_url)500 int BlockingNetworkDelegate::OnBeforeURLRequest(URLRequest* request,
501 CompletionOnceCallback callback,
502 GURL* new_url) {
503 if (redirect_url_ == request->url())
504 return OK; // We've already seen this request and redirected elsewhere.
505
506 // TestNetworkDelegate always completes synchronously.
507 CHECK_NE(ERR_IO_PENDING, TestNetworkDelegate::OnBeforeURLRequest(
508 request, base::NullCallback(), new_url));
509
510 if (!redirect_url_.is_empty())
511 *new_url = redirect_url_;
512
513 return MaybeBlockStage(ON_BEFORE_URL_REQUEST, std::move(callback));
514 }
515
OnBeforeStartTransaction(URLRequest * request,const HttpRequestHeaders & headers,OnBeforeStartTransactionCallback callback)516 int BlockingNetworkDelegate::OnBeforeStartTransaction(
517 URLRequest* request,
518 const HttpRequestHeaders& headers,
519 OnBeforeStartTransactionCallback callback) {
520 // TestNetworkDelegate always completes synchronously.
521 CHECK_NE(ERR_IO_PENDING, TestNetworkDelegate::OnBeforeStartTransaction(
522 request, headers, base::NullCallback()));
523
524 return MaybeBlockStage(
525 ON_BEFORE_SEND_HEADERS,
526 base::BindOnce(
527 [](OnBeforeStartTransactionCallback callback, int result) {
528 std::move(callback).Run(result, absl::nullopt);
529 },
530 std::move(callback)));
531 }
532
OnHeadersReceived(URLRequest * request,CompletionOnceCallback callback,const HttpResponseHeaders * original_response_headers,scoped_refptr<HttpResponseHeaders> * override_response_headers,const IPEndPoint & endpoint,absl::optional<GURL> * preserve_fragment_on_redirect_url)533 int BlockingNetworkDelegate::OnHeadersReceived(
534 URLRequest* request,
535 CompletionOnceCallback callback,
536 const HttpResponseHeaders* original_response_headers,
537 scoped_refptr<HttpResponseHeaders>* override_response_headers,
538 const IPEndPoint& endpoint,
539 absl::optional<GURL>* preserve_fragment_on_redirect_url) {
540 // TestNetworkDelegate always completes synchronously.
541 CHECK_NE(ERR_IO_PENDING,
542 TestNetworkDelegate::OnHeadersReceived(
543 request, base::NullCallback(), original_response_headers,
544 override_response_headers, endpoint,
545 preserve_fragment_on_redirect_url));
546
547 return MaybeBlockStage(ON_HEADERS_RECEIVED, std::move(callback));
548 }
549
Reset()550 void BlockingNetworkDelegate::Reset() {
551 EXPECT_NE(NOT_BLOCKED, stage_blocked_for_callback_);
552 stage_blocked_for_callback_ = NOT_BLOCKED;
553 callback_.Reset();
554 }
555
MaybeBlockStage(BlockingNetworkDelegate::Stage stage,CompletionOnceCallback callback)556 int BlockingNetworkDelegate::MaybeBlockStage(
557 BlockingNetworkDelegate::Stage stage,
558 CompletionOnceCallback callback) {
559 // Check that the user has provided callback for the previous blocked stage.
560 EXPECT_EQ(NOT_BLOCKED, stage_blocked_for_callback_);
561
562 if ((block_on_ & stage) == 0) {
563 return OK;
564 }
565
566 switch (block_mode_) {
567 case SYNCHRONOUS:
568 EXPECT_NE(OK, retval_);
569 return retval_;
570
571 case AUTO_CALLBACK:
572 base::SingleThreadTaskRunner::GetCurrentDefault()->PostTask(
573 FROM_HERE, base::BindOnce(&BlockingNetworkDelegate::RunCallback,
574 weak_factory_.GetWeakPtr(), retval_,
575 std::move(callback)));
576 return ERR_IO_PENDING;
577
578 case USER_CALLBACK:
579 callback_ = std::move(callback);
580 stage_blocked_for_callback_ = stage;
581 // We may reach here via a callback prior to RunUntilBlocked(), so post
582 // a task to fetch and run the |on_blocked_| closure.
583 base::SingleThreadTaskRunner::GetCurrentDefault()->PostTask(
584 FROM_HERE, base::BindOnce(&BlockingNetworkDelegate::OnBlocked,
585 weak_factory_.GetWeakPtr()));
586 return ERR_IO_PENDING;
587 }
588 NOTREACHED();
589 return 0;
590 }
591
592 // A mock ReportSenderInterface that just remembers the latest report
593 // URI and report to be sent.
594 class MockCertificateReportSender
595 : public TransportSecurityState::ReportSenderInterface {
596 public:
597 MockCertificateReportSender() = default;
598 ~MockCertificateReportSender() override = default;
599
Send(const GURL & report_uri,base::StringPiece content_type,base::StringPiece report,const NetworkAnonymizationKey & network_anonymization_key,base::OnceCallback<void ()> success_callback,base::OnceCallback<void (const GURL &,int,int)> error_callback)600 void Send(
601 const GURL& report_uri,
602 base::StringPiece content_type,
603 base::StringPiece report,
604 const NetworkAnonymizationKey& network_anonymization_key,
605 base::OnceCallback<void()> success_callback,
606 base::OnceCallback<void(const GURL&, int, int)> error_callback) override {
607 latest_report_uri_ = report_uri;
608 latest_report_.assign(report.data(), report.size());
609 latest_content_type_.assign(content_type.data(), content_type.size());
610 latest_network_anonymization_key_ = network_anonymization_key;
611 }
latest_report_uri()612 const GURL& latest_report_uri() { return latest_report_uri_; }
latest_report()613 const std::string& latest_report() { return latest_report_; }
latest_content_type()614 const std::string& latest_content_type() { return latest_content_type_; }
latest_network_anonymization_key()615 const NetworkAnonymizationKey& latest_network_anonymization_key() {
616 return latest_network_anonymization_key_;
617 }
618
619 private:
620 GURL latest_report_uri_;
621 std::string latest_report_;
622 std::string latest_content_type_;
623 NetworkAnonymizationKey latest_network_anonymization_key_;
624 };
625
626 // OCSPErrorTestDelegate caches the SSLInfo passed to OnSSLCertificateError.
627 // This is needed because after the certificate failure, the URLRequest will
628 // retry the connection, and return a partial SSLInfo with a cached cert status.
629 // The partial SSLInfo does not have the OCSP information filled out.
630 class OCSPErrorTestDelegate : public TestDelegate {
631 public:
OnSSLCertificateError(URLRequest * request,int net_error,const SSLInfo & ssl_info,bool fatal)632 void OnSSLCertificateError(URLRequest* request,
633 int net_error,
634 const SSLInfo& ssl_info,
635 bool fatal) override {
636 ssl_info_ = ssl_info;
637 on_ssl_certificate_error_called_ = true;
638 TestDelegate::OnSSLCertificateError(request, net_error, ssl_info, fatal);
639 }
640
on_ssl_certificate_error_called()641 bool on_ssl_certificate_error_called() {
642 return on_ssl_certificate_error_called_;
643 }
644
ssl_info()645 SSLInfo ssl_info() { return ssl_info_; }
646
647 private:
648 bool on_ssl_certificate_error_called_ = false;
649 SSLInfo ssl_info_;
650 };
651
652 #if !BUILDFLAG(IS_IOS)
653 // Compute the root cert's SPKI hash on the fly, to avoid hardcoding it within
654 // tests.
GetTestRootCertSPKIHash(SHA256HashValue * root_hash)655 bool GetTestRootCertSPKIHash(SHA256HashValue* root_hash) {
656 scoped_refptr<X509Certificate> root_cert =
657 ImportCertFromFile(GetTestCertsDirectory(), "root_ca_cert.pem");
658 if (!root_cert)
659 return false;
660 base::StringPiece root_spki;
661 if (!asn1::ExtractSPKIFromDERCert(
662 x509_util::CryptoBufferAsStringPiece(root_cert->cert_buffer()),
663 &root_spki)) {
664 return false;
665 }
666 crypto::SHA256HashString(root_spki, root_hash, sizeof(SHA256HashValue));
667 return true;
668 }
669 #endif
670
671 } // namespace
672
673 // Inherit PlatformTest since we require the autorelease pool on Mac OS X.
674 class URLRequestTest : public PlatformTest, public WithTaskEnvironment {
675 public:
676 URLRequestTest() = default;
677
~URLRequestTest()678 ~URLRequestTest() override {
679 // URLRequestJobs may post clean-up tasks on destruction.
680 base::RunLoop().RunUntilIdle();
681
682 SetTransportSecurityStateSourceForTesting(nullptr);
683 }
684
SetUp()685 void SetUp() override {
686 auto context_builder = CreateTestURLRequestContextBuilder();
687 context_builder->set_net_log(NetLog::Get());
688 SetUpContextBuilder(*context_builder);
689 // We set the TestNetworkDelegate after calling SetUpContextBuilder as
690 // default_network_delegate() relies on this set up and we don't want to
691 // allow subclasses to break the assumption.
692 context_builder->set_network_delegate(
693 std::make_unique<TestNetworkDelegate>());
694 default_context_ = context_builder->Build();
695 PlatformTest::SetUp();
696 }
697
TearDown()698 void TearDown() override { default_context_.reset(); }
699
SetUpContextBuilder(URLRequestContextBuilder & builder)700 virtual void SetUpContextBuilder(URLRequestContextBuilder& builder) {}
701
default_network_delegate()702 TestNetworkDelegate& default_network_delegate() {
703 // This cast is safe because we provided a TestNetworkDelegate in SetUp().
704 return *static_cast<TestNetworkDelegate*>(
705 default_context_->network_delegate());
706 }
707
default_context() const708 URLRequestContext& default_context() const { return *default_context_; }
709
710 // Creates a temp test file and writes |data| to the file. The file will be
711 // deleted after the test completes.
CreateTestFile(const char * data,size_t data_size,base::FilePath * test_file)712 void CreateTestFile(const char* data,
713 size_t data_size,
714 base::FilePath* test_file) {
715 ASSERT_TRUE(temp_dir_.CreateUniqueTempDir());
716 // Get an absolute path since |temp_dir| can contain a symbolic link. As of
717 // now, Mac and Android bots return a path with a symbolic link.
718 base::FilePath absolute_temp_dir =
719 base::MakeAbsoluteFilePath(temp_dir_.GetPath());
720
721 ASSERT_TRUE(base::CreateTemporaryFileInDir(absolute_temp_dir, test_file));
722 ASSERT_TRUE(
723 base::WriteFile(*test_file, base::StringPiece(data, data_size)));
724 }
725
726 static std::unique_ptr<ConfiguredProxyResolutionService>
CreateFixedProxyResolutionService(const std::string & proxy)727 CreateFixedProxyResolutionService(const std::string& proxy) {
728 return ConfiguredProxyResolutionService::CreateFixedForTest(
729 proxy, TRAFFIC_ANNOTATION_FOR_TESTS);
730 }
731
CreateFirstPartyRequest(const URLRequestContext & context,const GURL & url,URLRequest::Delegate * delegate)732 std::unique_ptr<URLRequest> CreateFirstPartyRequest(
733 const URLRequestContext& context,
734 const GURL& url,
735 URLRequest::Delegate* delegate) {
736 auto req = context.CreateRequest(url, DEFAULT_PRIORITY, delegate,
737 TRAFFIC_ANNOTATION_FOR_TESTS);
738 req->set_initiator(url::Origin::Create(url));
739 req->set_site_for_cookies(SiteForCookies::FromUrl(url));
740 return req;
741 }
742
743 protected:
744 RecordingNetLogObserver net_log_observer_;
745 std::unique_ptr<URLRequestContext> default_context_;
746 base::ScopedTempDir temp_dir_;
747 };
748
TEST_F(URLRequestTest,AboutBlankTest)749 TEST_F(URLRequestTest, AboutBlankTest) {
750 TestDelegate d;
751 {
752 std::unique_ptr<URLRequest> r(
753 default_context().CreateRequest(GURL("about:blank"), DEFAULT_PRIORITY,
754 &d, TRAFFIC_ANNOTATION_FOR_TESTS));
755
756 r->Start();
757 EXPECT_TRUE(r->is_pending());
758
759 d.RunUntilComplete();
760
761 EXPECT_TRUE(!r->is_pending());
762 EXPECT_FALSE(d.received_data_before_response());
763 EXPECT_EQ(d.bytes_received(), 0);
764 EXPECT_TRUE(r->GetResponseRemoteEndpoint().address().empty());
765 EXPECT_EQ(0, r->GetResponseRemoteEndpoint().port());
766 }
767 }
768
TEST_F(URLRequestTest,InvalidUrlTest)769 TEST_F(URLRequestTest, InvalidUrlTest) {
770 TestDelegate d;
771 {
772 std::unique_ptr<URLRequest> r(
773 default_context().CreateRequest(GURL("invalid url"), DEFAULT_PRIORITY,
774 &d, TRAFFIC_ANNOTATION_FOR_TESTS));
775
776 r->Start();
777 EXPECT_TRUE(r->is_pending());
778
779 d.RunUntilComplete();
780 EXPECT_TRUE(d.request_failed());
781 }
782 }
783
784 // Test that URLRequest rejects WS URLs by default.
TEST_F(URLRequestTest,WsUrlTest)785 TEST_F(URLRequestTest, WsUrlTest) {
786 const url::Origin kOrigin = url::Origin::Create(GURL("http://foo.test/"));
787
788 TestDelegate d;
789 std::unique_ptr<URLRequest> r(
790 default_context().CreateRequest(GURL("ws://foo.test/"), DEFAULT_PRIORITY,
791 &d, TRAFFIC_ANNOTATION_FOR_TESTS));
792 // This is not strictly necessary for this test, but used to trigger a DCHECK.
793 // See https://crbug.com/1245115.
794 r->set_isolation_info(
795 IsolationInfo::Create(IsolationInfo::RequestType::kMainFrame, kOrigin,
796 kOrigin, SiteForCookies::FromOrigin(kOrigin)));
797
798 r->Start();
799 d.RunUntilComplete();
800 EXPECT_TRUE(d.request_failed());
801 EXPECT_THAT(d.request_status(), IsError(ERR_UNKNOWN_URL_SCHEME));
802 }
803
804 // Test that URLRequest rejects WSS URLs by default.
TEST_F(URLRequestTest,WssUrlTest)805 TEST_F(URLRequestTest, WssUrlTest) {
806 const url::Origin kOrigin = url::Origin::Create(GURL("https://foo.test/"));
807
808 TestDelegate d;
809 std::unique_ptr<URLRequest> r(
810 default_context().CreateRequest(GURL("wss://foo.test/"), DEFAULT_PRIORITY,
811 &d, TRAFFIC_ANNOTATION_FOR_TESTS));
812 // This is not strictly necessary for this test, but used to trigger a DCHECK.
813 // See https://crbug.com/1245115.
814 r->set_isolation_info(
815 IsolationInfo::Create(IsolationInfo::RequestType::kMainFrame, kOrigin,
816 kOrigin, SiteForCookies::FromOrigin(kOrigin)));
817
818 r->Start();
819 d.RunUntilComplete();
820 EXPECT_TRUE(d.request_failed());
821 EXPECT_THAT(d.request_status(), IsError(ERR_UNKNOWN_URL_SCHEME));
822 }
823
TEST_F(URLRequestTest,InvalidReferrerTest)824 TEST_F(URLRequestTest, InvalidReferrerTest) {
825 default_network_delegate().set_cancel_request_with_policy_violating_referrer(
826 true);
827 TestDelegate d;
828 std::unique_ptr<URLRequest> req = default_context().CreateRequest(
829 GURL("http://localhost/"), DEFAULT_PRIORITY, &d,
830 TRAFFIC_ANNOTATION_FOR_TESTS);
831 req->SetReferrer("https://somewhere.com/");
832
833 req->Start();
834 d.RunUntilComplete();
835 EXPECT_TRUE(d.request_failed());
836 }
837
TEST_F(URLRequestTest,RecordsSameOriginReferrerHistogram)838 TEST_F(URLRequestTest, RecordsSameOriginReferrerHistogram) {
839 default_network_delegate().set_cancel_request_with_policy_violating_referrer(
840 false);
841 TestDelegate d;
842 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
843 GURL("http://google.com/"), DEFAULT_PRIORITY, &d,
844 TRAFFIC_ANNOTATION_FOR_TESTS));
845 req->SetReferrer("http://google.com");
846 req->set_referrer_policy(ReferrerPolicy::NEVER_CLEAR);
847
848 base::HistogramTester histograms;
849
850 req->Start();
851 d.RunUntilComplete();
852 histograms.ExpectUniqueSample(
853 "Net.URLRequest.ReferrerPolicyForRequest.SameOrigin",
854 static_cast<int>(ReferrerPolicy::NEVER_CLEAR), 1);
855 }
856
TEST_F(URLRequestTest,RecordsCrossOriginReferrerHistogram)857 TEST_F(URLRequestTest, RecordsCrossOriginReferrerHistogram) {
858 TestDelegate d;
859 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
860 GURL("http://google.com/"), DEFAULT_PRIORITY, &d,
861 TRAFFIC_ANNOTATION_FOR_TESTS));
862 req->SetReferrer("http://origin.com");
863
864 // Set a different policy just to make sure we aren't always logging the same
865 // policy.
866 req->set_referrer_policy(
867 ReferrerPolicy::CLEAR_ON_TRANSITION_FROM_SECURE_TO_INSECURE);
868
869 base::HistogramTester histograms;
870
871 req->Start();
872 d.RunUntilComplete();
873 histograms.ExpectUniqueSample(
874 "Net.URLRequest.ReferrerPolicyForRequest.CrossOrigin",
875 static_cast<int>(
876 ReferrerPolicy::CLEAR_ON_TRANSITION_FROM_SECURE_TO_INSECURE),
877 1);
878 }
879
TEST_F(URLRequestTest,RecordsReferrerHistogramAgainOnRedirect)880 TEST_F(URLRequestTest, RecordsReferrerHistogramAgainOnRedirect) {
881 auto context_builder = CreateTestURLRequestContextBuilder();
882 auto network_delegate = std::make_unique<BlockingNetworkDelegate>(
883 BlockingNetworkDelegate::SYNCHRONOUS);
884 network_delegate->set_redirect_url(GURL("http://redirect.com/"));
885 context_builder->set_network_delegate(std::move(network_delegate));
886 auto context = context_builder->Build();
887
888 TestDelegate d;
889 std::unique_ptr<URLRequest> req(
890 context->CreateRequest(GURL("http://google.com/"), DEFAULT_PRIORITY, &d,
891 TRAFFIC_ANNOTATION_FOR_TESTS));
892 req->SetReferrer("http://google.com");
893
894 req->set_referrer_policy(
895 ReferrerPolicy::CLEAR_ON_TRANSITION_FROM_SECURE_TO_INSECURE);
896
897 base::HistogramTester histograms;
898
899 req->Start();
900 d.RunUntilRedirect();
901 histograms.ExpectUniqueSample(
902 "Net.URLRequest.ReferrerPolicyForRequest.SameOrigin",
903 static_cast<int>(
904 ReferrerPolicy::CLEAR_ON_TRANSITION_FROM_SECURE_TO_INSECURE),
905 1);
906 req->FollowDeferredRedirect(/*removed_headers=*/absl::nullopt,
907 /*modified_headers=*/absl::nullopt);
908 d.RunUntilComplete();
909 histograms.ExpectUniqueSample(
910 "Net.URLRequest.ReferrerPolicyForRequest.CrossOrigin",
911 static_cast<int>(
912 ReferrerPolicy::CLEAR_ON_TRANSITION_FROM_SECURE_TO_INSECURE),
913 1);
914 }
915
TEST_F(URLRequestTest,RecordsReferrrerWithInformativePath)916 TEST_F(URLRequestTest, RecordsReferrrerWithInformativePath) {
917 auto context_builder = CreateTestURLRequestContextBuilder();
918 auto network_delegate = std::make_unique<BlockingNetworkDelegate>(
919 BlockingNetworkDelegate::SYNCHRONOUS);
920 network_delegate->set_cancel_request_with_policy_violating_referrer(true);
921 network_delegate->set_redirect_url(GURL("http://redirect.com/"));
922 context_builder->set_network_delegate(std::move(network_delegate));
923 auto context = context_builder->Build();
924
925 TestDelegate d;
926 std::unique_ptr<URLRequest> req(
927 context->CreateRequest(GURL("http://google.com/"), DEFAULT_PRIORITY, &d,
928 TRAFFIC_ANNOTATION_FOR_TESTS));
929
930 // Since this referrer is much more informative than the initiating origin,
931 // we should see the histograms' true buckets populated.
932 req->SetReferrer("http://google.com/very-informative-path");
933
934 base::HistogramTester histograms;
935
936 req->Start();
937 d.RunUntilRedirect();
938 histograms.ExpectUniqueSample(
939 "Net.URLRequest.ReferrerHasInformativePath.SameOrigin",
940 /* Check the count of the "true" bucket in the boolean histogram. */ true,
941 1);
942 req->FollowDeferredRedirect(/*removed_headers=*/absl::nullopt,
943 /*modified_headers=*/absl::nullopt);
944 d.RunUntilComplete();
945 histograms.ExpectUniqueSample(
946 "Net.URLRequest.ReferrerHasInformativePath.CrossOrigin", true, 1);
947 }
948
TEST_F(URLRequestTest,RecordsReferrerWithInformativeQuery)949 TEST_F(URLRequestTest, RecordsReferrerWithInformativeQuery) {
950 auto context_builder = CreateTestURLRequestContextBuilder();
951 auto network_delegate = std::make_unique<BlockingNetworkDelegate>(
952 BlockingNetworkDelegate::SYNCHRONOUS);
953 network_delegate->set_cancel_request_with_policy_violating_referrer(true);
954 network_delegate->set_redirect_url(GURL("http://redirect.com/"));
955 context_builder->set_network_delegate(std::move(network_delegate));
956 auto context = context_builder->Build();
957
958 TestDelegate d;
959 std::unique_ptr<URLRequest> req(
960 context->CreateRequest(GURL("http://google.com/"), DEFAULT_PRIORITY, &d,
961 TRAFFIC_ANNOTATION_FOR_TESTS));
962
963 // Since this referrer is much more informative than the initiating origin,
964 // we should see the histograms' true buckets populated.
965 req->SetReferrer("http://google.com/?very-informative-query");
966
967 base::HistogramTester histograms;
968
969 req->Start();
970 d.RunUntilRedirect();
971 histograms.ExpectUniqueSample(
972 "Net.URLRequest.ReferrerHasInformativePath.SameOrigin",
973 /* Check the count of the "true" bucket in the boolean histogram. */ true,
974 1);
975 req->FollowDeferredRedirect(/*removed_headers=*/absl::nullopt,
976 /*modified_headers=*/absl::nullopt);
977 d.RunUntilComplete();
978 histograms.ExpectUniqueSample(
979 "Net.URLRequest.ReferrerHasInformativePath.CrossOrigin", true, 1);
980 }
981
TEST_F(URLRequestTest,RecordsReferrerWithoutInformativePathOrQuery)982 TEST_F(URLRequestTest, RecordsReferrerWithoutInformativePathOrQuery) {
983 auto context_builder = CreateTestURLRequestContextBuilder();
984 auto network_delegate = std::make_unique<BlockingNetworkDelegate>(
985 BlockingNetworkDelegate::SYNCHRONOUS);
986 network_delegate->set_cancel_request_with_policy_violating_referrer(false);
987 network_delegate->set_redirect_url(GURL("http://origin.com/"));
988 context_builder->set_network_delegate(std::move(network_delegate));
989 auto context = context_builder->Build();
990
991 TestDelegate d;
992 std::unique_ptr<URLRequest> req(
993 context->CreateRequest(GURL("http://google.com/"), DEFAULT_PRIORITY, &d,
994 TRAFFIC_ANNOTATION_FOR_TESTS));
995
996 // Since this referrer _isn't_ more informative than the initiating origin,
997 // we should see the histograms' false buckets populated.
998 req->SetReferrer("http://origin.com");
999
1000 base::HistogramTester histograms;
1001
1002 req->Start();
1003 d.RunUntilRedirect();
1004 histograms.ExpectUniqueSample(
1005 "Net.URLRequest.ReferrerHasInformativePath.CrossOrigin", false, 1);
1006 req->FollowDeferredRedirect(/*removed_headers=*/absl::nullopt,
1007 /*modified_headers=*/absl::nullopt);
1008 d.RunUntilComplete();
1009 histograms.ExpectUniqueSample(
1010 "Net.URLRequest.ReferrerHasInformativePath.SameOrigin", false, 1);
1011 }
1012
1013 // A URLRequestInterceptor that allows setting the LoadTimingInfo value of the
1014 // URLRequestJobs it creates.
1015 class URLRequestInterceptorWithLoadTimingInfo : public URLRequestInterceptor {
1016 public:
1017 // Static getters for canned response header and data strings.
ok_data()1018 static std::string ok_data() { return URLRequestTestJob::test_data_1(); }
1019
ok_headers()1020 static std::string ok_headers() { return URLRequestTestJob::test_headers(); }
1021
1022 URLRequestInterceptorWithLoadTimingInfo() = default;
1023 ~URLRequestInterceptorWithLoadTimingInfo() override = default;
1024
1025 // URLRequestInterceptor implementation:
MaybeInterceptRequest(URLRequest * request) const1026 std::unique_ptr<URLRequestJob> MaybeInterceptRequest(
1027 URLRequest* request) const override {
1028 std::unique_ptr<URLRequestTestJob> job =
1029 std::make_unique<URLRequestTestJob>(request, ok_headers(), ok_data(),
1030 true);
1031 job->set_load_timing_info(main_request_load_timing_info_);
1032 return job;
1033 }
1034
set_main_request_load_timing_info(const LoadTimingInfo & main_request_load_timing_info)1035 void set_main_request_load_timing_info(
1036 const LoadTimingInfo& main_request_load_timing_info) {
1037 main_request_load_timing_info_ = main_request_load_timing_info;
1038 }
1039
1040 private:
1041 mutable LoadTimingInfo main_request_load_timing_info_;
1042 };
1043
1044 // These tests inject a MockURLRequestInterceptor
1045 class URLRequestLoadTimingTest : public URLRequestTest {
1046 public:
URLRequestLoadTimingTest()1047 URLRequestLoadTimingTest() {
1048 std::unique_ptr<URLRequestInterceptorWithLoadTimingInfo> interceptor =
1049 std::make_unique<URLRequestInterceptorWithLoadTimingInfo>();
1050 interceptor_ = interceptor.get();
1051 URLRequestFilter::GetInstance()->AddHostnameInterceptor(
1052 "http", "test_intercept", std::move(interceptor));
1053 }
1054
~URLRequestLoadTimingTest()1055 ~URLRequestLoadTimingTest() override {
1056 URLRequestFilter::GetInstance()->ClearHandlers();
1057 }
1058
interceptor() const1059 URLRequestInterceptorWithLoadTimingInfo* interceptor() const {
1060 return interceptor_;
1061 }
1062
1063 private:
1064 raw_ptr<URLRequestInterceptorWithLoadTimingInfo, DanglingUntriaged>
1065 interceptor_;
1066 };
1067
1068 // "Normal" LoadTimingInfo as returned by a job. Everything is in order, not
1069 // reused. |connect_time_flags| is used to indicate if there should be dns
1070 // or SSL times, and |used_proxy| is used for proxy times.
NormalLoadTimingInfo(base::TimeTicks now,int connect_time_flags,bool used_proxy)1071 LoadTimingInfo NormalLoadTimingInfo(base::TimeTicks now,
1072 int connect_time_flags,
1073 bool used_proxy) {
1074 LoadTimingInfo load_timing;
1075 load_timing.socket_log_id = 1;
1076
1077 if (used_proxy) {
1078 load_timing.proxy_resolve_start = now + base::Days(1);
1079 load_timing.proxy_resolve_end = now + base::Days(2);
1080 }
1081
1082 LoadTimingInfo::ConnectTiming& connect_timing = load_timing.connect_timing;
1083 if (connect_time_flags & CONNECT_TIMING_HAS_DNS_TIMES) {
1084 connect_timing.domain_lookup_start = now + base::Days(3);
1085 connect_timing.domain_lookup_end = now + base::Days(4);
1086 }
1087 connect_timing.connect_start = now + base::Days(5);
1088 if (connect_time_flags & CONNECT_TIMING_HAS_SSL_TIMES) {
1089 connect_timing.ssl_start = now + base::Days(6);
1090 connect_timing.ssl_end = now + base::Days(7);
1091 }
1092 connect_timing.connect_end = now + base::Days(8);
1093
1094 load_timing.send_start = now + base::Days(9);
1095 load_timing.send_end = now + base::Days(10);
1096 load_timing.receive_headers_start = now + base::Days(11);
1097 load_timing.receive_headers_end = now + base::Days(12);
1098 return load_timing;
1099 }
1100
1101 // Same as above, but in the case of a reused socket.
NormalLoadTimingInfoReused(base::TimeTicks now,bool used_proxy)1102 LoadTimingInfo NormalLoadTimingInfoReused(base::TimeTicks now,
1103 bool used_proxy) {
1104 LoadTimingInfo load_timing;
1105 load_timing.socket_log_id = 1;
1106 load_timing.socket_reused = true;
1107
1108 if (used_proxy) {
1109 load_timing.proxy_resolve_start = now + base::Days(1);
1110 load_timing.proxy_resolve_end = now + base::Days(2);
1111 }
1112
1113 load_timing.send_start = now + base::Days(9);
1114 load_timing.send_end = now + base::Days(10);
1115 load_timing.receive_headers_start = now + base::Days(11);
1116 load_timing.receive_headers_end = now + base::Days(12);
1117 return load_timing;
1118 }
1119
RunURLRequestInterceptorLoadTimingTest(const LoadTimingInfo & job_load_timing,const URLRequestContext & context,URLRequestInterceptorWithLoadTimingInfo * interceptor)1120 LoadTimingInfo RunURLRequestInterceptorLoadTimingTest(
1121 const LoadTimingInfo& job_load_timing,
1122 const URLRequestContext& context,
1123 URLRequestInterceptorWithLoadTimingInfo* interceptor) {
1124 interceptor->set_main_request_load_timing_info(job_load_timing);
1125 TestDelegate d;
1126 std::unique_ptr<URLRequest> req(
1127 context.CreateRequest(GURL("http://test_intercept/foo"), DEFAULT_PRIORITY,
1128 &d, TRAFFIC_ANNOTATION_FOR_TESTS));
1129 req->Start();
1130 d.RunUntilComplete();
1131
1132 LoadTimingInfo resulting_load_timing;
1133 req->GetLoadTimingInfo(&resulting_load_timing);
1134
1135 // None of these should be modified by the URLRequest.
1136 EXPECT_EQ(job_load_timing.socket_reused, resulting_load_timing.socket_reused);
1137 EXPECT_EQ(job_load_timing.socket_log_id, resulting_load_timing.socket_log_id);
1138 EXPECT_EQ(job_load_timing.send_start, resulting_load_timing.send_start);
1139 EXPECT_EQ(job_load_timing.send_end, resulting_load_timing.send_end);
1140 EXPECT_EQ(job_load_timing.receive_headers_start,
1141 resulting_load_timing.receive_headers_start);
1142 EXPECT_EQ(job_load_timing.receive_headers_end,
1143 resulting_load_timing.receive_headers_end);
1144 EXPECT_EQ(job_load_timing.push_start, resulting_load_timing.push_start);
1145 EXPECT_EQ(job_load_timing.push_end, resulting_load_timing.push_end);
1146
1147 return resulting_load_timing;
1148 }
1149
1150 // Basic test that the intercept + load timing tests work.
TEST_F(URLRequestLoadTimingTest,InterceptLoadTiming)1151 TEST_F(URLRequestLoadTimingTest, InterceptLoadTiming) {
1152 base::TimeTicks now = base::TimeTicks::Now();
1153 LoadTimingInfo job_load_timing =
1154 NormalLoadTimingInfo(now, CONNECT_TIMING_HAS_DNS_TIMES, false);
1155
1156 LoadTimingInfo load_timing_result = RunURLRequestInterceptorLoadTimingTest(
1157 job_load_timing, default_context(), interceptor());
1158
1159 // Nothing should have been changed by the URLRequest.
1160 EXPECT_EQ(job_load_timing.proxy_resolve_start,
1161 load_timing_result.proxy_resolve_start);
1162 EXPECT_EQ(job_load_timing.proxy_resolve_end,
1163 load_timing_result.proxy_resolve_end);
1164 EXPECT_EQ(job_load_timing.connect_timing.domain_lookup_start,
1165 load_timing_result.connect_timing.domain_lookup_start);
1166 EXPECT_EQ(job_load_timing.connect_timing.domain_lookup_end,
1167 load_timing_result.connect_timing.domain_lookup_end);
1168 EXPECT_EQ(job_load_timing.connect_timing.connect_start,
1169 load_timing_result.connect_timing.connect_start);
1170 EXPECT_EQ(job_load_timing.connect_timing.connect_end,
1171 load_timing_result.connect_timing.connect_end);
1172 EXPECT_EQ(job_load_timing.connect_timing.ssl_start,
1173 load_timing_result.connect_timing.ssl_start);
1174 EXPECT_EQ(job_load_timing.connect_timing.ssl_end,
1175 load_timing_result.connect_timing.ssl_end);
1176
1177 // Redundant sanity check.
1178 TestLoadTimingNotReused(load_timing_result, CONNECT_TIMING_HAS_DNS_TIMES);
1179 }
1180
1181 // Another basic test, with proxy and SSL times, but no DNS times.
TEST_F(URLRequestLoadTimingTest,InterceptLoadTimingProxy)1182 TEST_F(URLRequestLoadTimingTest, InterceptLoadTimingProxy) {
1183 base::TimeTicks now = base::TimeTicks::Now();
1184 LoadTimingInfo job_load_timing =
1185 NormalLoadTimingInfo(now, CONNECT_TIMING_HAS_SSL_TIMES, true);
1186
1187 LoadTimingInfo load_timing_result = RunURLRequestInterceptorLoadTimingTest(
1188 job_load_timing, default_context(), interceptor());
1189
1190 // Nothing should have been changed by the URLRequest.
1191 EXPECT_EQ(job_load_timing.proxy_resolve_start,
1192 load_timing_result.proxy_resolve_start);
1193 EXPECT_EQ(job_load_timing.proxy_resolve_end,
1194 load_timing_result.proxy_resolve_end);
1195 EXPECT_EQ(job_load_timing.connect_timing.domain_lookup_start,
1196 load_timing_result.connect_timing.domain_lookup_start);
1197 EXPECT_EQ(job_load_timing.connect_timing.domain_lookup_end,
1198 load_timing_result.connect_timing.domain_lookup_end);
1199 EXPECT_EQ(job_load_timing.connect_timing.connect_start,
1200 load_timing_result.connect_timing.connect_start);
1201 EXPECT_EQ(job_load_timing.connect_timing.connect_end,
1202 load_timing_result.connect_timing.connect_end);
1203 EXPECT_EQ(job_load_timing.connect_timing.ssl_start,
1204 load_timing_result.connect_timing.ssl_start);
1205 EXPECT_EQ(job_load_timing.connect_timing.ssl_end,
1206 load_timing_result.connect_timing.ssl_end);
1207
1208 // Redundant sanity check.
1209 TestLoadTimingNotReusedWithProxy(load_timing_result,
1210 CONNECT_TIMING_HAS_SSL_TIMES);
1211 }
1212
1213 // Make sure that URLRequest correctly adjusts proxy times when they're before
1214 // |request_start|, due to already having a connected socket. This happens in
1215 // the case of reusing a SPDY session. The connected socket is not considered
1216 // reused in this test (May be a preconnect).
1217 //
1218 // To mix things up from the test above, assumes DNS times but no SSL times.
TEST_F(URLRequestLoadTimingTest,InterceptLoadTimingEarlyProxyResolution)1219 TEST_F(URLRequestLoadTimingTest, InterceptLoadTimingEarlyProxyResolution) {
1220 base::TimeTicks now = base::TimeTicks::Now();
1221 LoadTimingInfo job_load_timing =
1222 NormalLoadTimingInfo(now, CONNECT_TIMING_HAS_DNS_TIMES, true);
1223 job_load_timing.proxy_resolve_start = now - base::Days(6);
1224 job_load_timing.proxy_resolve_end = now - base::Days(5);
1225 job_load_timing.connect_timing.domain_lookup_start = now - base::Days(4);
1226 job_load_timing.connect_timing.domain_lookup_end = now - base::Days(3);
1227 job_load_timing.connect_timing.connect_start = now - base::Days(2);
1228 job_load_timing.connect_timing.connect_end = now - base::Days(1);
1229
1230 LoadTimingInfo load_timing_result = RunURLRequestInterceptorLoadTimingTest(
1231 job_load_timing, default_context(), interceptor());
1232
1233 // Proxy times, connect times, and DNS times should all be replaced with
1234 // request_start.
1235 EXPECT_EQ(load_timing_result.request_start,
1236 load_timing_result.proxy_resolve_start);
1237 EXPECT_EQ(load_timing_result.request_start,
1238 load_timing_result.proxy_resolve_end);
1239 EXPECT_EQ(load_timing_result.request_start,
1240 load_timing_result.connect_timing.domain_lookup_start);
1241 EXPECT_EQ(load_timing_result.request_start,
1242 load_timing_result.connect_timing.domain_lookup_end);
1243 EXPECT_EQ(load_timing_result.request_start,
1244 load_timing_result.connect_timing.connect_start);
1245 EXPECT_EQ(load_timing_result.request_start,
1246 load_timing_result.connect_timing.connect_end);
1247
1248 // Other times should have been left null.
1249 TestLoadTimingNotReusedWithProxy(load_timing_result,
1250 CONNECT_TIMING_HAS_DNS_TIMES);
1251 }
1252
1253 // Same as above, but in the reused case.
TEST_F(URLRequestLoadTimingTest,InterceptLoadTimingEarlyProxyResolutionReused)1254 TEST_F(URLRequestLoadTimingTest,
1255 InterceptLoadTimingEarlyProxyResolutionReused) {
1256 base::TimeTicks now = base::TimeTicks::Now();
1257 LoadTimingInfo job_load_timing = NormalLoadTimingInfoReused(now, true);
1258 job_load_timing.proxy_resolve_start = now - base::Days(4);
1259 job_load_timing.proxy_resolve_end = now - base::Days(3);
1260
1261 LoadTimingInfo load_timing_result = RunURLRequestInterceptorLoadTimingTest(
1262 job_load_timing, default_context(), interceptor());
1263
1264 // Proxy times and connect times should all be replaced with request_start.
1265 EXPECT_EQ(load_timing_result.request_start,
1266 load_timing_result.proxy_resolve_start);
1267 EXPECT_EQ(load_timing_result.request_start,
1268 load_timing_result.proxy_resolve_end);
1269
1270 // Other times should have been left null.
1271 TestLoadTimingReusedWithProxy(load_timing_result);
1272 }
1273
1274 // Make sure that URLRequest correctly adjusts connect times when they're before
1275 // |request_start|, due to reusing a connected socket. The connected socket is
1276 // not considered reused in this test (May be a preconnect).
1277 //
1278 // To mix things up, the request has SSL times, but no DNS times.
TEST_F(URLRequestLoadTimingTest,InterceptLoadTimingEarlyConnect)1279 TEST_F(URLRequestLoadTimingTest, InterceptLoadTimingEarlyConnect) {
1280 base::TimeTicks now = base::TimeTicks::Now();
1281 LoadTimingInfo job_load_timing =
1282 NormalLoadTimingInfo(now, CONNECT_TIMING_HAS_SSL_TIMES, false);
1283 job_load_timing.connect_timing.connect_start = now - base::Days(1);
1284 job_load_timing.connect_timing.ssl_start = now - base::Days(2);
1285 job_load_timing.connect_timing.ssl_end = now - base::Days(3);
1286 job_load_timing.connect_timing.connect_end = now - base::Days(4);
1287
1288 LoadTimingInfo load_timing_result = RunURLRequestInterceptorLoadTimingTest(
1289 job_load_timing, default_context(), interceptor());
1290
1291 // Connect times, and SSL times should be replaced with request_start.
1292 EXPECT_EQ(load_timing_result.request_start,
1293 load_timing_result.connect_timing.connect_start);
1294 EXPECT_EQ(load_timing_result.request_start,
1295 load_timing_result.connect_timing.ssl_start);
1296 EXPECT_EQ(load_timing_result.request_start,
1297 load_timing_result.connect_timing.ssl_end);
1298 EXPECT_EQ(load_timing_result.request_start,
1299 load_timing_result.connect_timing.connect_end);
1300
1301 // Other times should have been left null.
1302 TestLoadTimingNotReused(load_timing_result, CONNECT_TIMING_HAS_SSL_TIMES);
1303 }
1304
1305 // Make sure that URLRequest correctly adjusts connect times when they're before
1306 // |request_start|, due to reusing a connected socket in the case that there
1307 // are also proxy times. The connected socket is not considered reused in this
1308 // test (May be a preconnect).
1309 //
1310 // In this test, there are no SSL or DNS times.
TEST_F(URLRequestLoadTimingTest,InterceptLoadTimingEarlyConnectWithProxy)1311 TEST_F(URLRequestLoadTimingTest, InterceptLoadTimingEarlyConnectWithProxy) {
1312 base::TimeTicks now = base::TimeTicks::Now();
1313 LoadTimingInfo job_load_timing =
1314 NormalLoadTimingInfo(now, CONNECT_TIMING_HAS_CONNECT_TIMES_ONLY, true);
1315 job_load_timing.connect_timing.connect_start = now - base::Days(1);
1316 job_load_timing.connect_timing.connect_end = now - base::Days(2);
1317
1318 LoadTimingInfo load_timing_result = RunURLRequestInterceptorLoadTimingTest(
1319 job_load_timing, default_context(), interceptor());
1320
1321 // Connect times should be replaced with proxy_resolve_end.
1322 EXPECT_EQ(load_timing_result.proxy_resolve_end,
1323 load_timing_result.connect_timing.connect_start);
1324 EXPECT_EQ(load_timing_result.proxy_resolve_end,
1325 load_timing_result.connect_timing.connect_end);
1326
1327 // Other times should have been left null.
1328 TestLoadTimingNotReusedWithProxy(load_timing_result,
1329 CONNECT_TIMING_HAS_CONNECT_TIMES_ONLY);
1330 }
1331
TEST_F(URLRequestTest,NetworkDelegateProxyError)1332 TEST_F(URLRequestTest, NetworkDelegateProxyError) {
1333 auto context_builder = CreateTestURLRequestContextBuilder();
1334 context_builder->set_proxy_resolution_service(
1335 CreateFixedProxyResolutionService("myproxy:70"));
1336 auto& network_delegate = *context_builder->set_network_delegate(
1337 std::make_unique<TestNetworkDelegate>());
1338 auto host_resolver = std::make_unique<MockHostResolver>();
1339 host_resolver->rules()->AddSimulatedTimeoutFailure("*");
1340 context_builder->set_host_resolver(std::move(host_resolver));
1341 auto context = context_builder->Build();
1342
1343 TestDelegate d;
1344 std::unique_ptr<URLRequest> req(
1345 context->CreateRequest(GURL("http://example.com"), DEFAULT_PRIORITY, &d,
1346 TRAFFIC_ANNOTATION_FOR_TESTS));
1347 req->set_method("GET");
1348
1349 req->Start();
1350 d.RunUntilComplete();
1351
1352 // Check we see a failed request.
1353 // The proxy chain should be set before failure.
1354 EXPECT_EQ(PacResultElementToProxyChain("PROXY myproxy:70"),
1355 req->proxy_chain());
1356 EXPECT_EQ(ERR_PROXY_CONNECTION_FAILED, d.request_status());
1357 EXPECT_THAT(req->response_info().resolve_error_info.error,
1358 IsError(ERR_DNS_TIMED_OUT));
1359
1360 EXPECT_EQ(1, network_delegate.error_count());
1361 EXPECT_THAT(network_delegate.last_error(),
1362 IsError(ERR_PROXY_CONNECTION_FAILED));
1363 EXPECT_EQ(1, network_delegate.completed_requests());
1364 }
1365
1366 // Test that when host resolution fails with `ERR_DNS_NAME_HTTPS_ONLY` for
1367 // "http://" requests, scheme is upgraded to "https://".
TEST_F(URLRequestTest,DnsNameHttpsOnlyErrorCausesSchemeUpgrade)1368 TEST_F(URLRequestTest, DnsNameHttpsOnlyErrorCausesSchemeUpgrade) {
1369 EmbeddedTestServer https_server(EmbeddedTestServer::TYPE_HTTPS);
1370 https_server.SetSSLConfig(EmbeddedTestServer::CERT_TEST_NAMES);
1371 RegisterDefaultHandlers(&https_server);
1372 ASSERT_TRUE(https_server.Start());
1373
1374 // Build an http URL that should be auto-upgraded to https.
1375 const std::string kHost = "foo.a.test"; // Covered by CERT_TEST_NAMES.
1376 const GURL https_url = https_server.GetURL(kHost, "/defaultresponse");
1377 GURL::Replacements replacements;
1378 replacements.SetSchemeStr(url::kHttpScheme);
1379 const GURL http_url = https_url.ReplaceComponents(replacements);
1380
1381 // Return `ERR_DNS_NAME_HTTPS_ONLY` for "http://" requests and an address for
1382 // "https://" requests. This simulates the HostResolver behavior for a domain
1383 // with an HTTPS DNS record.
1384 auto host_resolver = std::make_unique<MockHostResolver>();
1385 MockHostResolverBase::RuleResolver::RuleKey unencrypted_resolve_key;
1386 unencrypted_resolve_key.scheme = url::kHttpScheme;
1387 unencrypted_resolve_key.hostname_pattern = kHost;
1388 host_resolver->rules()->AddRule(std::move(unencrypted_resolve_key),
1389 ERR_DNS_NAME_HTTPS_ONLY);
1390 MockHostResolverBase::RuleResolver::RuleKey encrypted_resolve_key;
1391 encrypted_resolve_key.scheme = url::kHttpsScheme;
1392 encrypted_resolve_key.hostname_pattern = kHost;
1393 host_resolver->rules()->AddRule(std::move(encrypted_resolve_key),
1394 https_server.GetIPLiteralString());
1395 auto context_builder = CreateTestURLRequestContextBuilder();
1396 context_builder->set_host_resolver(std::move(host_resolver));
1397 auto& network_delegate = *context_builder->set_network_delegate(
1398 std::make_unique<TestNetworkDelegate>());
1399 auto context = context_builder->Build();
1400
1401 TestDelegate d;
1402 std::unique_ptr<URLRequest> req(context->CreateRequest(
1403 http_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
1404 EXPECT_FALSE(req->url().SchemeIsCryptographic());
1405
1406 // Note that there is no http server running, so the request should fail or
1407 // hang if its scheme is not upgraded to https.
1408 req->Start();
1409 d.RunUntilComplete();
1410
1411 EXPECT_EQ(d.received_redirect_count(), 1);
1412
1413 EXPECT_EQ(0, network_delegate.error_count());
1414 EXPECT_EQ(200, req->GetResponseCode());
1415 ASSERT_TRUE(req->response_headers());
1416 EXPECT_EQ(200, req->response_headers()->response_code());
1417
1418 // Observe that the scheme has been upgraded to https.
1419 EXPECT_TRUE(req->url().SchemeIsCryptographic());
1420 EXPECT_TRUE(req->url().SchemeIs(url::kHttpsScheme));
1421 }
1422
1423 // Test that DNS-based scheme upgrade supports deferred redirect.
TEST_F(URLRequestTest,DnsNameHttpsOnlyErrorCausesSchemeUpgradeDeferred)1424 TEST_F(URLRequestTest, DnsNameHttpsOnlyErrorCausesSchemeUpgradeDeferred) {
1425 EmbeddedTestServer https_server(EmbeddedTestServer::TYPE_HTTPS);
1426 https_server.SetSSLConfig(EmbeddedTestServer::CERT_TEST_NAMES);
1427 RegisterDefaultHandlers(&https_server);
1428 ASSERT_TRUE(https_server.Start());
1429
1430 // Build an http URL that should be auto-upgraded to https.
1431 const std::string kHost = "foo.a.test"; // Covered by CERT_TEST_NAMES.
1432 const GURL https_url = https_server.GetURL(kHost, "/defaultresponse");
1433 GURL::Replacements replacements;
1434 replacements.SetSchemeStr(url::kHttpScheme);
1435 const GURL http_url = https_url.ReplaceComponents(replacements);
1436
1437 // Return `ERR_DNS_NAME_HTTPS_ONLY` for "http://" requests and an address for
1438 // "https://" requests. This simulates the HostResolver behavior for a domain
1439 // with an HTTPS DNS record.
1440 auto host_resolver = std::make_unique<MockHostResolver>();
1441 MockHostResolverBase::RuleResolver::RuleKey unencrypted_resolve_key;
1442 unencrypted_resolve_key.scheme = url::kHttpScheme;
1443 unencrypted_resolve_key.hostname_pattern = kHost;
1444 host_resolver->rules()->AddRule(std::move(unencrypted_resolve_key),
1445 ERR_DNS_NAME_HTTPS_ONLY);
1446 MockHostResolverBase::RuleResolver::RuleKey encrypted_resolve_key;
1447 encrypted_resolve_key.scheme = url::kHttpsScheme;
1448 encrypted_resolve_key.hostname_pattern = kHost;
1449 host_resolver->rules()->AddRule(std::move(encrypted_resolve_key),
1450 https_server.GetIPLiteralString());
1451 auto context_builder = CreateTestURLRequestContextBuilder();
1452 context_builder->set_host_resolver(std::move(host_resolver));
1453 auto& network_delegate = *context_builder->set_network_delegate(
1454 std::make_unique<TestNetworkDelegate>());
1455 auto context = context_builder->Build();
1456
1457 TestDelegate d;
1458 std::unique_ptr<URLRequest> req(context->CreateRequest(
1459 http_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
1460 EXPECT_FALSE(req->url().SchemeIsCryptographic());
1461
1462 // Note that there is no http server running, so the request should fail or
1463 // hang if its scheme is not upgraded to https.
1464 req->Start();
1465 d.RunUntilRedirect();
1466
1467 EXPECT_EQ(d.received_redirect_count(), 1);
1468
1469 req->FollowDeferredRedirect(/*removed_headers=*/absl::nullopt,
1470 /*modified_headers=*/absl::nullopt);
1471 d.RunUntilComplete();
1472
1473 EXPECT_EQ(0, network_delegate.error_count());
1474 EXPECT_EQ(200, req->GetResponseCode());
1475 ASSERT_TRUE(req->response_headers());
1476 EXPECT_EQ(200, req->response_headers()->response_code());
1477
1478 // Observe that the scheme has been upgraded to https.
1479 EXPECT_TRUE(req->url().SchemeIsCryptographic());
1480 EXPECT_TRUE(req->url().SchemeIs(url::kHttpsScheme));
1481 }
1482
1483 #if BUILDFLAG(ENABLE_WEBSOCKETS)
1484 // Test that requests with "ws" scheme are upgraded to "wss" when DNS
1485 // indicates that the name is HTTPS-only.
TEST_F(URLRequestTest,DnsHttpsRecordPresentCausesWsSchemeUpgrade)1486 TEST_F(URLRequestTest, DnsHttpsRecordPresentCausesWsSchemeUpgrade) {
1487 EmbeddedTestServer https_server(EmbeddedTestServer::TYPE_HTTPS);
1488 https_server.SetSSLConfig(EmbeddedTestServer::CERT_TEST_NAMES);
1489 RegisterDefaultHandlers(&https_server);
1490 ASSERT_TRUE(https_server.Start());
1491
1492 // Build an http URL that should be auto-upgraded to https.
1493 const std::string kHost = "foo.a.test"; // Covered by CERT_TEST_NAMES.
1494 const GURL https_url = https_server.GetURL(kHost, "/defaultresponse");
1495 GURL::Replacements replacements;
1496 replacements.SetSchemeStr(url::kWsScheme);
1497 const GURL ws_url = https_url.ReplaceComponents(replacements);
1498
1499 auto host_resolver = std::make_unique<MockHostResolver>();
1500 MockHostResolverBase::RuleResolver::RuleKey unencrypted_resolve_key;
1501 unencrypted_resolve_key.scheme = url::kHttpScheme;
1502 unencrypted_resolve_key.hostname_pattern = kHost;
1503 host_resolver->rules()->AddRule(std::move(unencrypted_resolve_key),
1504 ERR_DNS_NAME_HTTPS_ONLY);
1505 MockHostResolverBase::RuleResolver::RuleKey encrypted_resolve_key;
1506 encrypted_resolve_key.scheme = url::kHttpsScheme;
1507 encrypted_resolve_key.hostname_pattern = kHost;
1508 host_resolver->rules()->AddRule(std::move(encrypted_resolve_key),
1509 https_server.GetIPLiteralString());
1510 auto context_builder = CreateTestURLRequestContextBuilder();
1511 context_builder->set_host_resolver(std::move(host_resolver));
1512 auto& network_delegate = *context_builder->set_network_delegate(
1513 std::make_unique<TestNetworkDelegate>());
1514 auto context = context_builder->Build();
1515
1516 TestDelegate d;
1517 std::unique_ptr<URLRequest> req(context->CreateRequest(
1518 ws_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS,
1519 /*is_for_websockets=*/true));
1520 EXPECT_FALSE(req->url().SchemeIsCryptographic());
1521
1522 HttpRequestHeaders headers = WebSocketCommonTestHeaders();
1523 req->SetExtraRequestHeaders(headers);
1524
1525 auto websocket_stream_create_helper =
1526 std::make_unique<TestWebSocketHandshakeStreamCreateHelper>();
1527 req->SetUserData(kWebSocketHandshakeUserDataKey,
1528 std::move(websocket_stream_create_helper));
1529
1530 // Note that there is no ws server running, so the request should fail or hang
1531 // if its scheme is not upgraded to wss.
1532 req->Start();
1533 d.RunUntilComplete();
1534
1535 EXPECT_EQ(d.received_redirect_count(), 1);
1536
1537 // Expect failure because test server is not set up to provide websocket
1538 // responses.
1539 EXPECT_EQ(network_delegate.error_count(), 1);
1540 EXPECT_EQ(network_delegate.last_error(), ERR_INVALID_RESPONSE);
1541
1542 // Observe that the scheme has been upgraded to wss.
1543 EXPECT_TRUE(req->url().SchemeIsCryptographic());
1544 EXPECT_TRUE(req->url().SchemeIs(url::kWssScheme));
1545 }
1546
1547 // Test that same-site requests with "wss" scheme retain the
1548 // `kStorageAccessGrantEligible` override, even if the initiator origin uses the
1549 // HTTPS version of the site.
TEST_F(URLRequestTest,WssRequestsAreEligibleForStorageAccess)1550 TEST_F(URLRequestTest, WssRequestsAreEligibleForStorageAccess) {
1551 EmbeddedTestServer https_server(EmbeddedTestServer::TYPE_HTTPS);
1552 https_server.SetSSLConfig(EmbeddedTestServer::CERT_TEST_NAMES);
1553 RegisterDefaultHandlers(&https_server);
1554 ASSERT_TRUE(https_server.Start());
1555
1556 const GURL https_url = https_server.GetURL("a.test", "/defaultresponse");
1557 GURL::Replacements replacements;
1558 replacements.SetSchemeStr(url::kWssScheme);
1559
1560 auto context_builder = CreateTestURLRequestContextBuilder();
1561 auto& network_delegate = *context_builder->set_network_delegate(
1562 std::make_unique<TestNetworkDelegate>());
1563 auto context = context_builder->Build();
1564
1565 TestDelegate d;
1566 std::unique_ptr<URLRequest> req(
1567 context->CreateRequest(https_url.ReplaceComponents(replacements),
1568 DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS,
1569 /*is_for_websockets=*/true));
1570
1571 req->SetExtraRequestHeaders(WebSocketCommonTestHeaders());
1572
1573 auto websocket_stream_create_helper =
1574 std::make_unique<TestWebSocketHandshakeStreamCreateHelper>();
1575 req->SetUserData(kWebSocketHandshakeUserDataKey,
1576 std::move(websocket_stream_create_helper));
1577
1578 req->set_has_storage_access(true);
1579 req->set_initiator(url::Origin::Create(https_url));
1580
1581 req->Start();
1582 d.RunUntilComplete();
1583
1584 // Expect failure because test server is not set up to provide websocket
1585 // responses.
1586 ASSERT_EQ(network_delegate.error_count(), 1);
1587 ASSERT_EQ(network_delegate.last_error(), ERR_INVALID_RESPONSE);
1588
1589 CookieSettingOverrides expected_overides;
1590 expected_overides.Put(CookieSettingOverride::kStorageAccessGrantEligible);
1591
1592 EXPECT_THAT(network_delegate.cookie_setting_overrides_records(),
1593 testing::ElementsAre(expected_overides, expected_overides));
1594 }
1595 #endif // BUILDFLAG(ENABLE_WEBSOCKETS)
1596
TEST_F(URLRequestTest,DnsHttpsRecordAbsentNoSchemeUpgrade)1597 TEST_F(URLRequestTest, DnsHttpsRecordAbsentNoSchemeUpgrade) {
1598 EmbeddedTestServer http_server(EmbeddedTestServer::TYPE_HTTP);
1599 RegisterDefaultHandlers(&http_server);
1600 ASSERT_TRUE(http_server.Start());
1601
1602 // Build an http URL that should be auto-upgraded to https.
1603 const std::string kHost = "foo.a.test"; // Covered by CERT_TEST_NAMES.
1604 const GURL http_url = http_server.GetURL(kHost, "/defaultresponse");
1605
1606 auto context_builder = CreateTestURLRequestContextBuilder();
1607 auto host_resolver = std::make_unique<MockHostResolver>();
1608 host_resolver->rules()->AddRule(kHost, http_server.GetIPLiteralString());
1609 context_builder->set_host_resolver(std::move(host_resolver));
1610 auto& network_delegate = *context_builder->set_network_delegate(
1611 std::make_unique<TestNetworkDelegate>());
1612 auto context = context_builder->Build();
1613
1614 TestDelegate d;
1615 std::unique_ptr<URLRequest> req(context->CreateRequest(
1616 http_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
1617 EXPECT_FALSE(req->url().SchemeIsCryptographic());
1618
1619 req->Start();
1620 d.RunUntilComplete();
1621
1622 EXPECT_EQ(d.received_redirect_count(), 0);
1623
1624 EXPECT_EQ(0, network_delegate.error_count());
1625 EXPECT_EQ(200, req->GetResponseCode());
1626 ASSERT_TRUE(req->response_headers());
1627 EXPECT_EQ(200, req->response_headers()->response_code());
1628
1629 // Observe that the scheme has not been upgraded.
1630 EXPECT_EQ(http_url, req->url());
1631 EXPECT_FALSE(req->url().SchemeIsCryptographic());
1632 EXPECT_TRUE(req->url().SchemeIs(url::kHttpScheme));
1633 }
1634
TEST_F(URLRequestTest,SkipSecureDnsDisabledByDefault)1635 TEST_F(URLRequestTest, SkipSecureDnsDisabledByDefault) {
1636 auto context_builder = CreateTestURLRequestContextBuilder();
1637 auto host_resolver = std::make_unique<MockHostResolver>();
1638 host_resolver->rules()->AddRule("example.com", "127.0.0.1");
1639 context_builder->set_host_resolver(std::move(host_resolver));
1640 auto context = context_builder->Build();
1641
1642 TestDelegate d;
1643 std::unique_ptr<URLRequest> req(
1644 context->CreateRequest(GURL("http://example.com"), DEFAULT_PRIORITY, &d,
1645 TRAFFIC_ANNOTATION_FOR_TESTS));
1646 req->Start();
1647 d.RunUntilComplete();
1648
1649 EXPECT_EQ(SecureDnsPolicy::kAllow,
1650 static_cast<MockHostResolver*>(context->host_resolver())
1651 ->last_secure_dns_policy());
1652 }
1653
TEST_F(URLRequestTest,SkipSecureDnsEnabled)1654 TEST_F(URLRequestTest, SkipSecureDnsEnabled) {
1655 auto context_builder = CreateTestURLRequestContextBuilder();
1656 auto host_resolver = std::make_unique<MockHostResolver>();
1657 host_resolver->rules()->AddRule("example.com", "127.0.0.1");
1658 context_builder->set_host_resolver(std::move(host_resolver));
1659 auto context = context_builder->Build();
1660
1661 TestDelegate d;
1662 std::unique_ptr<URLRequest> req(
1663 context->CreateRequest(GURL("http://example.com"), DEFAULT_PRIORITY, &d,
1664 TRAFFIC_ANNOTATION_FOR_TESTS));
1665 req->SetSecureDnsPolicy(SecureDnsPolicy::kDisable);
1666 req->Start();
1667 d.RunUntilComplete();
1668
1669 EXPECT_EQ(SecureDnsPolicy::kDisable,
1670 static_cast<MockHostResolver*>(context->host_resolver())
1671 ->last_secure_dns_policy());
1672 }
1673
1674 // Make sure that NetworkDelegate::NotifyCompleted is called if
1675 // content is empty.
TEST_F(URLRequestTest,RequestCompletionForEmptyResponse)1676 TEST_F(URLRequestTest, RequestCompletionForEmptyResponse) {
1677 HttpTestServer test_server;
1678 ASSERT_TRUE(test_server.Start());
1679
1680 TestDelegate d;
1681 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
1682 test_server.GetURL("/nocontent"), DEFAULT_PRIORITY, &d,
1683 TRAFFIC_ANNOTATION_FOR_TESTS));
1684 req->Start();
1685 d.RunUntilComplete();
1686 EXPECT_THAT(d.request_status(), IsOk());
1687 EXPECT_EQ(204, req->GetResponseCode());
1688 EXPECT_EQ("", d.data_received());
1689 EXPECT_EQ(1, default_network_delegate().completed_requests());
1690 }
1691
1692 // Make sure that SetPriority actually sets the URLRequest's priority
1693 // correctly, both before and after start.
TEST_F(URLRequestTest,SetPriorityBasic)1694 TEST_F(URLRequestTest, SetPriorityBasic) {
1695 TestDelegate d;
1696 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
1697 GURL("http://test_intercept/foo"), DEFAULT_PRIORITY, &d,
1698 TRAFFIC_ANNOTATION_FOR_TESTS));
1699 EXPECT_EQ(DEFAULT_PRIORITY, req->priority());
1700
1701 req->SetPriority(LOW);
1702 EXPECT_EQ(LOW, req->priority());
1703
1704 req->Start();
1705 EXPECT_EQ(LOW, req->priority());
1706
1707 req->SetPriority(MEDIUM);
1708 EXPECT_EQ(MEDIUM, req->priority());
1709 }
1710
1711 // Make sure that URLRequest calls SetPriority on a job before calling
1712 // Start on it.
TEST_F(URLRequestTest,SetJobPriorityBeforeJobStart)1713 TEST_F(URLRequestTest, SetJobPriorityBeforeJobStart) {
1714 TestDelegate d;
1715 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
1716 GURL("http://test_intercept/foo"), DEFAULT_PRIORITY, &d,
1717 TRAFFIC_ANNOTATION_FOR_TESTS));
1718 EXPECT_EQ(DEFAULT_PRIORITY, req->priority());
1719
1720 RequestPriority job_priority;
1721 std::unique_ptr<URLRequestJob> job =
1722 std::make_unique<PriorityMonitoringURLRequestJob>(req.get(),
1723 &job_priority);
1724 TestScopedURLInterceptor interceptor(req->url(), std::move(job));
1725 EXPECT_EQ(DEFAULT_PRIORITY, job_priority);
1726
1727 req->SetPriority(LOW);
1728
1729 req->Start();
1730 EXPECT_EQ(LOW, job_priority);
1731 }
1732
1733 // Make sure that URLRequest passes on its priority updates to its
1734 // job.
TEST_F(URLRequestTest,SetJobPriority)1735 TEST_F(URLRequestTest, SetJobPriority) {
1736 TestDelegate d;
1737 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
1738 GURL("http://test_intercept/foo"), DEFAULT_PRIORITY, &d,
1739 TRAFFIC_ANNOTATION_FOR_TESTS));
1740
1741 RequestPriority job_priority;
1742 std::unique_ptr<URLRequestJob> job =
1743 std::make_unique<PriorityMonitoringURLRequestJob>(req.get(),
1744 &job_priority);
1745 TestScopedURLInterceptor interceptor(req->url(), std::move(job));
1746
1747 req->SetPriority(LOW);
1748 req->Start();
1749 EXPECT_EQ(LOW, job_priority);
1750
1751 req->SetPriority(MEDIUM);
1752 EXPECT_EQ(MEDIUM, req->priority());
1753 EXPECT_EQ(MEDIUM, job_priority);
1754 }
1755
1756 // Setting the IGNORE_LIMITS load flag should be okay if the priority
1757 // is MAXIMUM_PRIORITY.
TEST_F(URLRequestTest,PriorityIgnoreLimits)1758 TEST_F(URLRequestTest, PriorityIgnoreLimits) {
1759 TestDelegate d;
1760 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
1761 GURL("http://test_intercept/foo"), MAXIMUM_PRIORITY, &d,
1762 TRAFFIC_ANNOTATION_FOR_TESTS));
1763 EXPECT_EQ(MAXIMUM_PRIORITY, req->priority());
1764
1765 RequestPriority job_priority;
1766 std::unique_ptr<URLRequestJob> job =
1767 std::make_unique<PriorityMonitoringURLRequestJob>(req.get(),
1768 &job_priority);
1769 TestScopedURLInterceptor interceptor(req->url(), std::move(job));
1770
1771 req->SetLoadFlags(LOAD_IGNORE_LIMITS);
1772 EXPECT_EQ(MAXIMUM_PRIORITY, req->priority());
1773
1774 req->SetPriority(MAXIMUM_PRIORITY);
1775 EXPECT_EQ(MAXIMUM_PRIORITY, req->priority());
1776
1777 req->Start();
1778 EXPECT_EQ(MAXIMUM_PRIORITY, req->priority());
1779 EXPECT_EQ(MAXIMUM_PRIORITY, job_priority);
1780 }
1781
1782 // This test verifies that URLRequest::Delegate's OnConnected() callback is
1783 // never called if the request fails before connecting to a remote endpoint.
TEST_F(URLRequestTest,NotifyDelegateConnectedSkippedOnEarlyFailure)1784 TEST_F(URLRequestTest, NotifyDelegateConnectedSkippedOnEarlyFailure) {
1785 TestDelegate delegate;
1786
1787 // The request will never connect to anything because the URL is invalid.
1788 auto request =
1789 default_context().CreateRequest(GURL("invalid url"), DEFAULT_PRIORITY,
1790 &delegate, TRAFFIC_ANNOTATION_FOR_TESTS);
1791
1792 request->Start();
1793 delegate.RunUntilComplete();
1794
1795 EXPECT_THAT(delegate.transports(), IsEmpty());
1796 }
1797
1798 // This test verifies that URLRequest::Delegate's OnConnected() method
1799 // is called once for simple redirect-less requests.
TEST_F(URLRequestTest,OnConnected)1800 TEST_F(URLRequestTest, OnConnected) {
1801 HttpTestServer test_server;
1802 ASSERT_TRUE(test_server.Start());
1803
1804 TestDelegate delegate;
1805
1806 auto request = default_context().CreateRequest(test_server.GetURL("/echo"),
1807 DEFAULT_PRIORITY, &delegate,
1808 TRAFFIC_ANNOTATION_FOR_TESTS);
1809
1810 request->Start();
1811 delegate.RunUntilComplete();
1812
1813 TransportInfo expected_transport;
1814 expected_transport.endpoint =
1815 IPEndPoint(IPAddress::IPv4Localhost(), test_server.port());
1816 expected_transport.negotiated_protocol = kProtoUnknown;
1817 EXPECT_THAT(delegate.transports(), ElementsAre(expected_transport));
1818
1819 // Make sure URL_REQUEST_DELEGATE_CONNECTED is logged correctly.
1820 auto entries = net_log_observer_.GetEntries();
1821 size_t start_event_index = ExpectLogContainsSomewhere(
1822 entries, /*min_offset=*/0,
1823 NetLogEventType::URL_REQUEST_DELEGATE_CONNECTED, NetLogEventPhase::BEGIN);
1824 size_t end_event_index = ExpectLogContainsSomewhereAfter(
1825 entries, /*start_offset=*/start_event_index,
1826 NetLogEventType::URL_REQUEST_DELEGATE_CONNECTED, NetLogEventPhase::END);
1827 EXPECT_FALSE(LogContainsEntryWithTypeAfter(
1828 entries, end_event_index + 1,
1829 NetLogEventType::URL_REQUEST_DELEGATE_CONNECTED));
1830 ASSERT_LT(end_event_index, entries.size());
1831 EXPECT_FALSE(GetOptionalNetErrorCodeFromParams(entries[end_event_index]));
1832 }
1833
1834 // This test verifies that URLRequest::Delegate's OnConnected() method is
1835 // called after each redirect.
TEST_F(URLRequestTest,OnConnectedRedirect)1836 TEST_F(URLRequestTest, OnConnectedRedirect) {
1837 HttpTestServer test_server;
1838 ASSERT_TRUE(test_server.Start());
1839
1840 TestDelegate delegate;
1841
1842 // Fetch a page that redirects us once.
1843 GURL url = test_server.GetURL("/server-redirect?" +
1844 test_server.GetURL("/echo").spec());
1845 auto request = default_context().CreateRequest(
1846 url, DEFAULT_PRIORITY, &delegate, TRAFFIC_ANNOTATION_FOR_TESTS);
1847
1848 request->Start();
1849 delegate.RunUntilRedirect();
1850
1851 TransportInfo expected_transport;
1852 expected_transport.endpoint =
1853 IPEndPoint(IPAddress::IPv4Localhost(), test_server.port());
1854 expected_transport.negotiated_protocol = kProtoUnknown;
1855 EXPECT_THAT(delegate.transports(), ElementsAre(expected_transport));
1856
1857 request->FollowDeferredRedirect(/*removed_headers=*/{},
1858 /*modified_headers=*/{});
1859 delegate.RunUntilComplete();
1860
1861 EXPECT_THAT(delegate.transports(),
1862 ElementsAre(expected_transport, expected_transport));
1863 }
1864
1865 // This test verifies that when the URLRequest Delegate returns an error from
1866 // OnConnected(), the entire request fails with that error.
TEST_F(URLRequestTest,OnConnectedError)1867 TEST_F(URLRequestTest, OnConnectedError) {
1868 HttpTestServer test_server;
1869 ASSERT_TRUE(test_server.Start());
1870
1871 TestDelegate delegate;
1872 delegate.set_on_connected_result(ERR_NOT_IMPLEMENTED);
1873
1874 auto request = default_context().CreateRequest(test_server.GetURL("/echo"),
1875 DEFAULT_PRIORITY, &delegate,
1876 TRAFFIC_ANNOTATION_FOR_TESTS);
1877
1878 request->Start();
1879 delegate.RunUntilComplete();
1880
1881 TransportInfo expected_transport;
1882 expected_transport.endpoint =
1883 IPEndPoint(IPAddress::IPv4Localhost(), test_server.port());
1884 expected_transport.negotiated_protocol = kProtoUnknown;
1885 EXPECT_THAT(delegate.transports(), ElementsAre(expected_transport));
1886
1887 EXPECT_TRUE(delegate.request_failed());
1888 EXPECT_THAT(delegate.request_status(), IsError(ERR_NOT_IMPLEMENTED));
1889
1890 // Make sure URL_REQUEST_DELEGATE_CONNECTED is logged correctly.
1891 auto entries = net_log_observer_.GetEntries();
1892 size_t start_event_index = ExpectLogContainsSomewhere(
1893 entries, /*min_offset=*/0,
1894 NetLogEventType::URL_REQUEST_DELEGATE_CONNECTED, NetLogEventPhase::BEGIN);
1895 size_t end_event_index = ExpectLogContainsSomewhereAfter(
1896 entries, /*start_offset=*/start_event_index,
1897 NetLogEventType::URL_REQUEST_DELEGATE_CONNECTED, NetLogEventPhase::END);
1898 EXPECT_FALSE(LogContainsEntryWithTypeAfter(
1899 entries, end_event_index + 1,
1900 NetLogEventType::URL_REQUEST_DELEGATE_CONNECTED));
1901 ASSERT_LT(end_event_index, entries.size());
1902 EXPECT_EQ(ERR_NOT_IMPLEMENTED,
1903 GetOptionalNetErrorCodeFromParams(entries[end_event_index]));
1904 }
1905
TEST_F(URLRequestTest,OnConnectedAsync)1906 TEST_F(URLRequestTest, OnConnectedAsync) {
1907 HttpTestServer test_server;
1908 ASSERT_TRUE(test_server.Start());
1909
1910 TestDelegate d;
1911 d.set_on_connected_run_callback(true);
1912 d.set_on_connected_result(OK);
1913 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
1914 default_context(), test_server.GetURL("/defaultresponse"), &d);
1915 req->Start();
1916 d.RunUntilComplete();
1917 EXPECT_THAT(d.request_status(), IsOk());
1918
1919 // Make sure URL_REQUEST_DELEGATE_CONNECTED is logged correctly.
1920 auto entries = net_log_observer_.GetEntries();
1921 size_t start_event_index = ExpectLogContainsSomewhere(
1922 entries, /*min_offset=*/0,
1923 NetLogEventType::URL_REQUEST_DELEGATE_CONNECTED, NetLogEventPhase::BEGIN);
1924 size_t end_event_index = ExpectLogContainsSomewhereAfter(
1925 entries, /*start_offset=*/start_event_index,
1926 NetLogEventType::URL_REQUEST_DELEGATE_CONNECTED, NetLogEventPhase::END);
1927 EXPECT_FALSE(LogContainsEntryWithTypeAfter(
1928 entries, end_event_index + 1,
1929 NetLogEventType::URL_REQUEST_DELEGATE_CONNECTED));
1930 ASSERT_LT(end_event_index, entries.size());
1931 EXPECT_FALSE(GetOptionalNetErrorCodeFromParams(entries[end_event_index]));
1932 }
1933
TEST_F(URLRequestTest,OnConnectedAsyncError)1934 TEST_F(URLRequestTest, OnConnectedAsyncError) {
1935 HttpTestServer test_server;
1936 ASSERT_TRUE(test_server.Start());
1937
1938 TestDelegate d;
1939 d.set_on_connected_run_callback(true);
1940 d.set_on_connected_result(ERR_NOT_IMPLEMENTED);
1941 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
1942 default_context(), test_server.GetURL("/defaultresponse"), &d);
1943 req->Start();
1944 d.RunUntilComplete();
1945 EXPECT_THAT(d.request_status(), IsError(ERR_NOT_IMPLEMENTED));
1946
1947 // Make sure URL_REQUEST_DELEGATE_CONNECTED is logged correctly.
1948 auto entries = net_log_observer_.GetEntries();
1949 size_t start_event_index = ExpectLogContainsSomewhere(
1950 entries, /*min_offset=*/0,
1951 NetLogEventType::URL_REQUEST_DELEGATE_CONNECTED, NetLogEventPhase::BEGIN);
1952 size_t end_event_index = ExpectLogContainsSomewhereAfter(
1953 entries, /*start_offset=*/start_event_index,
1954 NetLogEventType::URL_REQUEST_DELEGATE_CONNECTED, NetLogEventPhase::END);
1955 EXPECT_FALSE(LogContainsEntryWithTypeAfter(
1956 entries, end_event_index + 1,
1957 NetLogEventType::URL_REQUEST_DELEGATE_CONNECTED));
1958 ASSERT_LT(end_event_index, entries.size());
1959 EXPECT_EQ(ERR_NOT_IMPLEMENTED,
1960 GetOptionalNetErrorCodeFromParams(entries[end_event_index]));
1961 }
1962
TEST_F(URLRequestTest,DelayedCookieCallback)1963 TEST_F(URLRequestTest, DelayedCookieCallback) {
1964 HttpTestServer test_server;
1965 ASSERT_TRUE(test_server.Start());
1966
1967 auto context_builder = CreateTestURLRequestContextBuilder();
1968 context_builder->SetCookieStore(std::make_unique<DelayedCookieMonster>());
1969 auto& network_delegate = *context_builder->set_network_delegate(
1970 std::make_unique<TestNetworkDelegate>());
1971 auto context = context_builder->Build();
1972
1973 // Set up a cookie.
1974 {
1975 TestDelegate d;
1976 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
1977 *context, test_server.GetURL("/set-cookie?CookieToNotSend=1"), &d);
1978 req->Start();
1979 d.RunUntilComplete();
1980 EXPECT_EQ(0, network_delegate.blocked_annotate_cookies_count());
1981 EXPECT_EQ(0, network_delegate.blocked_set_cookie_count());
1982 EXPECT_EQ(1, network_delegate.set_cookie_count());
1983 }
1984
1985 // Verify that the cookie is set.
1986 {
1987 TestDelegate d;
1988 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
1989 *context, test_server.GetURL("/echoheader?Cookie"), &d);
1990 req->Start();
1991 d.RunUntilComplete();
1992
1993 EXPECT_TRUE(d.data_received().find("CookieToNotSend=1") !=
1994 std::string::npos);
1995 EXPECT_EQ(0, network_delegate.blocked_annotate_cookies_count());
1996 EXPECT_EQ(0, network_delegate.blocked_set_cookie_count());
1997 }
1998 }
1999
TEST_F(URLRequestTest,DelayedCookieCallbackAsync)2000 TEST_F(URLRequestTest, DelayedCookieCallbackAsync) {
2001 HttpTestServer test_server;
2002 ASSERT_TRUE(test_server.Start());
2003
2004 // Add a secure cookie so we can try to set an insecure cookie and have
2005 // SetCanonicalCookie fail.
2006 GURL::Replacements replace_scheme;
2007 replace_scheme.SetSchemeStr("https");
2008 GURL url = test_server.base_url().ReplaceComponents(replace_scheme);
2009
2010 auto cookie1 = CanonicalCookie::Create(
2011 url, "AlreadySetCookie=1;Secure", base::Time::Now(),
2012 absl::nullopt /* server_time */,
2013 absl::nullopt /* cookie_partition_key */);
2014 auto delayed_cm = std::make_unique<DelayedCookieMonster>();
2015 delayed_cm->SetCanonicalCookieAsync(std::move(cookie1), url,
2016 net::CookieOptions::MakeAllInclusive(),
2017 CookieStore::SetCookiesCallback());
2018
2019 auto cookie2 = CanonicalCookie::Create(
2020 url, "AlreadySetCookie=1;Secure", base::Time::Now(),
2021 absl::nullopt /* server_time */,
2022 absl::nullopt /* cookie_partition_key */);
2023 auto cm = std::make_unique<CookieMonster>(nullptr, nullptr);
2024 cm->SetCanonicalCookieAsync(std::move(cookie2), url,
2025 net::CookieOptions::MakeAllInclusive(),
2026 CookieStore::SetCookiesCallback());
2027
2028 auto async_context_builder = CreateTestURLRequestContextBuilder();
2029 async_context_builder->SetCookieStore(std::move(delayed_cm));
2030 auto& async_filter_network_delegate =
2031 *async_context_builder->set_network_delegate(
2032 std::make_unique<FilteringTestNetworkDelegate>());
2033 auto async_context = async_context_builder->Build();
2034 async_filter_network_delegate.SetCookieFilter("CookieBlockedOnCanGetCookie");
2035 TestDelegate async_delegate;
2036
2037 auto sync_context_builder = CreateTestURLRequestContextBuilder();
2038 sync_context_builder->SetCookieStore(std::move(cm));
2039 auto& sync_filter_network_delegate =
2040 *sync_context_builder->set_network_delegate(
2041 std::make_unique<FilteringTestNetworkDelegate>());
2042 auto sync_context = sync_context_builder->Build();
2043 sync_filter_network_delegate.SetCookieFilter("CookieBlockedOnCanGetCookie");
2044 TestDelegate sync_delegate;
2045
2046 std::vector<std::string> cookie_lines(
2047 {// Fails in SetCanonicalCookie for trying to set a secure cookie
2048 // on an insecure host.
2049 "CookieNotSet=1;Secure",
2050 // Fail in FilteringTestNetworkDelegate::CanGetCookie.
2051 "CookieBlockedOnCanGetCookie=1",
2052 // Fails in SetCanonicalCookie for trying to overwrite a secure cookie
2053 // with an insecure cookie.
2054 "AlreadySetCookie=1",
2055 // Succeeds and added cookie to store. Delayed (which makes the callback
2056 // run asynchronously) in DelayedCookieMonster.
2057 "CookieSet=1"});
2058
2059 for (auto first_cookie_line : cookie_lines) {
2060 for (auto second_cookie_line : cookie_lines) {
2061 // Run with the delayed cookie monster.
2062 std::unique_ptr<URLRequest> request = CreateFirstPartyRequest(
2063 *async_context,
2064 test_server.GetURL("/set-cookie?" + first_cookie_line + "&" +
2065 second_cookie_line),
2066 &async_delegate);
2067
2068 request->Start();
2069 async_delegate.RunUntilComplete();
2070 EXPECT_THAT(async_delegate.request_status(), IsOk());
2071
2072 // Run with the regular cookie monster.
2073 request = CreateFirstPartyRequest(
2074 *sync_context,
2075 test_server.GetURL("/set-cookie?" + first_cookie_line + "&" +
2076 second_cookie_line),
2077 &sync_delegate);
2078
2079 request->Start();
2080 sync_delegate.RunUntilComplete();
2081 EXPECT_THAT(sync_delegate.request_status(), IsOk());
2082
2083 int expected_set_cookie_count = 0;
2084 int expected_blocked_cookie_count = 0;
2085
2086 // 2 calls to the delegate's OnCanSetCookie method are expected, even if
2087 // the cookies don't end up getting set.
2088 expected_set_cookie_count += 2;
2089
2090 if (first_cookie_line == "CookieBlockedOnCanGetCookie=1")
2091 ++expected_blocked_cookie_count;
2092 if (second_cookie_line == "CookieBlockedOnCanGetCookie=1")
2093 ++expected_blocked_cookie_count;
2094
2095 EXPECT_EQ(expected_set_cookie_count,
2096 async_filter_network_delegate.set_cookie_called_count());
2097 EXPECT_EQ(expected_blocked_cookie_count,
2098 async_filter_network_delegate.blocked_set_cookie_count());
2099
2100 EXPECT_EQ(expected_set_cookie_count,
2101 sync_filter_network_delegate.set_cookie_called_count());
2102 EXPECT_EQ(expected_blocked_cookie_count,
2103 sync_filter_network_delegate.blocked_set_cookie_count());
2104
2105 async_filter_network_delegate.ResetSetCookieCalledCount();
2106 async_filter_network_delegate.ResetBlockedSetCookieCount();
2107
2108 sync_filter_network_delegate.ResetSetCookieCalledCount();
2109 sync_filter_network_delegate.ResetBlockedSetCookieCount();
2110 }
2111 }
2112 }
2113
TEST_F(URLRequestTest,DoNotSendCookies)2114 TEST_F(URLRequestTest, DoNotSendCookies) {
2115 HttpTestServer test_server;
2116 ASSERT_TRUE(test_server.Start());
2117
2118 // Set up a cookie.
2119 {
2120 TestDelegate d;
2121 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
2122 default_context(), test_server.GetURL("/set-cookie?CookieToNotSend=1"),
2123 &d);
2124 req->Start();
2125 d.RunUntilComplete();
2126 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
2127 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
2128 }
2129
2130 // Verify that the cookie is set.
2131 {
2132 TestDelegate d;
2133 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
2134 default_context(), test_server.GetURL("/echoheader?Cookie"), &d);
2135 req->Start();
2136 d.RunUntilComplete();
2137
2138 EXPECT_TRUE(d.data_received().find("CookieToNotSend=1") !=
2139 std::string::npos);
2140 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
2141 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
2142 }
2143
2144 // Verify that the cookie isn't sent when credentials are not allowed.
2145 {
2146 TestDelegate d;
2147 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
2148 default_context(), test_server.GetURL("/echoheader?Cookie"), &d);
2149 req->set_allow_credentials(false);
2150 req->Start();
2151 d.RunUntilComplete();
2152
2153 EXPECT_TRUE(d.data_received().find("Cookie: CookieToNotSend=1") ==
2154 std::string::npos);
2155
2156 // When credentials are blocked, OnAnnotateAndMoveUserBlockedCookies() is
2157 // not invoked.
2158 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
2159 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
2160 }
2161 }
2162
TEST_F(URLRequestTest,DoNotSaveCookies)2163 TEST_F(URLRequestTest, DoNotSaveCookies) {
2164 HttpTestServer test_server;
2165 ASSERT_TRUE(test_server.Start());
2166
2167 // Set up a cookie.
2168 {
2169 TestDelegate d;
2170 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
2171 default_context(),
2172 test_server.GetURL("/set-cookie?CookieToNotUpdate=2"), &d);
2173 req->Start();
2174 d.RunUntilComplete();
2175
2176 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
2177 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
2178 EXPECT_EQ(1, default_network_delegate().set_cookie_count());
2179 }
2180
2181 // Try to set-up another cookie and update the previous cookie.
2182 {
2183 TestDelegate d;
2184 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
2185 default_context(),
2186 test_server.GetURL("/set-cookie?CookieToNotSave=1&CookieToNotUpdate=1"),
2187 &d);
2188 req->SetLoadFlags(LOAD_DO_NOT_SAVE_COOKIES);
2189 req->Start();
2190
2191 d.RunUntilComplete();
2192
2193 // LOAD_DO_NOT_SAVE_COOKIES does not trigger OnSetCookie.
2194 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
2195 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
2196 EXPECT_EQ(1, default_network_delegate().set_cookie_count());
2197 }
2198
2199 // Verify the cookies weren't saved or updated.
2200 {
2201 TestDelegate d;
2202 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
2203 default_context(), test_server.GetURL("/echoheader?Cookie"), &d);
2204 req->Start();
2205 d.RunUntilComplete();
2206
2207 EXPECT_TRUE(d.data_received().find("CookieToNotSave=1") ==
2208 std::string::npos);
2209 EXPECT_TRUE(d.data_received().find("CookieToNotUpdate=2") !=
2210 std::string::npos);
2211
2212 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
2213 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
2214 EXPECT_EQ(1, default_network_delegate().set_cookie_count());
2215 }
2216 }
2217
TEST_F(URLRequestTest,DoNotSendCookies_ViaPolicy)2218 TEST_F(URLRequestTest, DoNotSendCookies_ViaPolicy) {
2219 HttpTestServer test_server;
2220 ASSERT_TRUE(test_server.Start());
2221
2222 // Set up a cookie.
2223 {
2224 TestDelegate d;
2225 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
2226 default_context(), test_server.GetURL("/set-cookie?CookieToNotSend=1"),
2227 &d);
2228 req->Start();
2229 d.RunUntilComplete();
2230
2231 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
2232 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
2233 }
2234
2235 // Verify that the cookie is set.
2236 {
2237 TestDelegate d;
2238 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
2239 default_context(), test_server.GetURL("/echoheader?Cookie"), &d);
2240 req->Start();
2241 d.RunUntilComplete();
2242
2243 EXPECT_TRUE(d.data_received().find("CookieToNotSend=1") !=
2244 std::string::npos);
2245
2246 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
2247 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
2248 auto entries = net_log_observer_.GetEntries();
2249 for (const auto& entry : entries) {
2250 EXPECT_NE(entry.type,
2251 NetLogEventType::COOKIE_GET_BLOCKED_BY_NETWORK_DELEGATE);
2252 }
2253 }
2254
2255 // Verify that the cookie isn't sent.
2256 {
2257 TestDelegate d;
2258 default_network_delegate().set_cookie_options(
2259 TestNetworkDelegate::NO_GET_COOKIES);
2260 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
2261 default_context(), test_server.GetURL("/echoheader?Cookie"), &d);
2262 req->Start();
2263 d.RunUntilComplete();
2264
2265 EXPECT_TRUE(d.data_received().find("Cookie: CookieToNotSend=1") ==
2266 std::string::npos);
2267
2268 EXPECT_EQ(1, default_network_delegate().blocked_annotate_cookies_count());
2269 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
2270 auto entries = net_log_observer_.GetEntries();
2271 ExpectLogContainsSomewhereAfter(
2272 entries, 0, NetLogEventType::COOKIE_GET_BLOCKED_BY_NETWORK_DELEGATE,
2273 NetLogEventPhase::NONE);
2274 }
2275 }
2276
2277 // TODO(crbug.com/564656) This test is flaky on iOS.
2278 #if BUILDFLAG(IS_IOS)
2279 #define MAYBE_DoNotSaveCookies_ViaPolicy FLAKY_DoNotSaveCookies_ViaPolicy
2280 #else
2281 #define MAYBE_DoNotSaveCookies_ViaPolicy DoNotSaveCookies_ViaPolicy
2282 #endif
TEST_F(URLRequestTest,MAYBE_DoNotSaveCookies_ViaPolicy)2283 TEST_F(URLRequestTest, MAYBE_DoNotSaveCookies_ViaPolicy) {
2284 HttpTestServer test_server;
2285 ASSERT_TRUE(test_server.Start());
2286
2287 // Set up a cookie.
2288 {
2289 TestDelegate d;
2290 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
2291 default_context(),
2292 test_server.GetURL("/set-cookie?CookieToNotUpdate=2"), &d);
2293 req->Start();
2294 d.RunUntilComplete();
2295
2296 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
2297 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
2298 auto entries = net_log_observer_.GetEntries();
2299 for (const auto& entry : entries) {
2300 EXPECT_NE(entry.type,
2301 NetLogEventType::COOKIE_SET_BLOCKED_BY_NETWORK_DELEGATE);
2302 }
2303 }
2304
2305 // Try to set-up another cookie and update the previous cookie.
2306 {
2307 TestDelegate d;
2308 default_network_delegate().set_cookie_options(
2309 TestNetworkDelegate::NO_SET_COOKIE);
2310 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
2311 default_context(),
2312 test_server.GetURL("/set-cookie?CookieToNotSave=1&CookieToNotUpdate=1"),
2313 &d);
2314 req->Start();
2315
2316 d.RunUntilComplete();
2317
2318 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
2319 EXPECT_EQ(2, default_network_delegate().blocked_set_cookie_count());
2320 auto entries = net_log_observer_.GetEntries();
2321 ExpectLogContainsSomewhereAfter(
2322 entries, 0, NetLogEventType::COOKIE_SET_BLOCKED_BY_NETWORK_DELEGATE,
2323 NetLogEventPhase::NONE);
2324 }
2325
2326 // Verify the cookies weren't saved or updated.
2327 {
2328 TestDelegate d;
2329 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
2330 default_context(), test_server.GetURL("/echoheader?Cookie"), &d);
2331 req->Start();
2332 d.RunUntilComplete();
2333
2334 EXPECT_TRUE(d.data_received().find("CookieToNotSave=1") ==
2335 std::string::npos);
2336 EXPECT_TRUE(d.data_received().find("CookieToNotUpdate=2") !=
2337 std::string::npos);
2338
2339 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
2340 EXPECT_EQ(2, default_network_delegate().blocked_set_cookie_count());
2341 }
2342 }
2343
TEST_F(URLRequestTest,DoNotSaveEmptyCookies)2344 TEST_F(URLRequestTest, DoNotSaveEmptyCookies) {
2345 HttpTestServer test_server;
2346 ASSERT_TRUE(test_server.Start());
2347
2348 // Set up an empty cookie.
2349 {
2350 TestDelegate d;
2351 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
2352 default_context(), test_server.GetURL("/set-cookie"), &d);
2353 req->Start();
2354 d.RunUntilComplete();
2355
2356 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
2357 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
2358 EXPECT_EQ(0, default_network_delegate().set_cookie_count());
2359 }
2360 }
2361
TEST_F(URLRequestTest,DoNotSendCookies_ViaPolicy_Async)2362 TEST_F(URLRequestTest, DoNotSendCookies_ViaPolicy_Async) {
2363 HttpTestServer test_server;
2364 ASSERT_TRUE(test_server.Start());
2365
2366 // Set up a cookie.
2367 {
2368 TestDelegate d;
2369 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
2370 default_context(), test_server.GetURL("/set-cookie?CookieToNotSend=1"),
2371 &d);
2372 req->Start();
2373 d.RunUntilComplete();
2374
2375 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
2376 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
2377 }
2378
2379 // Verify that the cookie is set.
2380 {
2381 TestDelegate d;
2382 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
2383 default_context(), test_server.GetURL("/echoheader?Cookie"), &d);
2384 req->Start();
2385 d.RunUntilComplete();
2386
2387 EXPECT_TRUE(d.data_received().find("CookieToNotSend=1") !=
2388 std::string::npos);
2389
2390 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
2391 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
2392 }
2393
2394 // Verify that the cookie isn't sent.
2395 {
2396 TestDelegate d;
2397 default_network_delegate().set_cookie_options(
2398 TestNetworkDelegate::NO_GET_COOKIES);
2399 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
2400 default_context(), test_server.GetURL("/echoheader?Cookie"), &d);
2401 req->Start();
2402 d.RunUntilComplete();
2403
2404 EXPECT_TRUE(d.data_received().find("Cookie: CookieToNotSend=1") ==
2405 std::string::npos);
2406
2407 EXPECT_EQ(1, default_network_delegate().blocked_annotate_cookies_count());
2408 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
2409 }
2410 }
2411
TEST_F(URLRequestTest,DoNotSaveCookies_ViaPolicy_Async)2412 TEST_F(URLRequestTest, DoNotSaveCookies_ViaPolicy_Async) {
2413 HttpTestServer test_server;
2414 ASSERT_TRUE(test_server.Start());
2415
2416 // Set up a cookie.
2417 {
2418 TestDelegate d;
2419 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
2420 default_context(),
2421 test_server.GetURL("/set-cookie?CookieToNotUpdate=2"), &d);
2422 req->Start();
2423 d.RunUntilComplete();
2424
2425 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
2426 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
2427 }
2428
2429 // Try to set-up another cookie and update the previous cookie.
2430 {
2431 TestDelegate d;
2432 default_network_delegate().set_cookie_options(
2433 TestNetworkDelegate::NO_SET_COOKIE);
2434 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
2435 default_context(),
2436 test_server.GetURL("/set-cookie?CookieToNotSave=1&CookieToNotUpdate=1"),
2437 &d);
2438 req->Start();
2439
2440 d.RunUntilComplete();
2441
2442 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
2443 EXPECT_EQ(2, default_network_delegate().blocked_set_cookie_count());
2444 }
2445
2446 // Verify the cookies weren't saved or updated.
2447 {
2448 TestDelegate d;
2449 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
2450 default_context(), test_server.GetURL("/echoheader?Cookie"), &d);
2451 req->Start();
2452 d.RunUntilComplete();
2453
2454 EXPECT_TRUE(d.data_received().find("CookieToNotSave=1") ==
2455 std::string::npos);
2456 EXPECT_TRUE(d.data_received().find("CookieToNotUpdate=2") !=
2457 std::string::npos);
2458
2459 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
2460 EXPECT_EQ(2, default_network_delegate().blocked_set_cookie_count());
2461 }
2462 }
2463
2464 // Tests for SameSite cookies. The test param indicates whether the same-site
2465 // calculation considers redirect chains.
2466 class URLRequestSameSiteCookiesTest
2467 : public URLRequestTest,
2468 public ::testing::WithParamInterface<bool> {
2469 public:
URLRequestSameSiteCookiesTest()2470 URLRequestSameSiteCookiesTest() {
2471 if (DoesCookieSameSiteConsiderRedirectChain()) {
2472 feature_list_.InitAndEnableFeature(
2473 features::kCookieSameSiteConsidersRedirectChain);
2474 }
2475 }
2476
DoesCookieSameSiteConsiderRedirectChain()2477 bool DoesCookieSameSiteConsiderRedirectChain() { return GetParam(); }
2478
2479 private:
2480 base::test::ScopedFeatureList feature_list_;
2481 };
2482
TEST_P(URLRequestSameSiteCookiesTest,SameSiteCookies)2483 TEST_P(URLRequestSameSiteCookiesTest, SameSiteCookies) {
2484 HttpTestServer test_server;
2485 ASSERT_TRUE(test_server.Start());
2486
2487 const std::string kHost = "example.test";
2488 const std::string kSubHost = "subdomain.example.test";
2489 const std::string kCrossHost = "cross-origin.test";
2490 const url::Origin kOrigin =
2491 url::Origin::Create(test_server.GetURL(kHost, "/"));
2492 const url::Origin kSubOrigin =
2493 url::Origin::Create(test_server.GetURL(kSubHost, "/"));
2494 const url::Origin kCrossOrigin =
2495 url::Origin::Create(test_server.GetURL(kCrossHost, "/"));
2496 const SiteForCookies kSiteForCookies = SiteForCookies::FromOrigin(kOrigin);
2497 const SiteForCookies kCrossSiteForCookies =
2498 SiteForCookies::FromOrigin(kCrossOrigin);
2499
2500 // Set up two 'SameSite' cookies on 'example.test'
2501 {
2502 TestDelegate d;
2503 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
2504 default_context(),
2505 test_server.GetURL(kHost,
2506 "/set-cookie?StrictSameSiteCookie=1;SameSite=Strict&"
2507 "LaxSameSiteCookie=1;SameSite=Lax"),
2508 &d);
2509 req->set_site_for_cookies(kSiteForCookies);
2510 req->set_initiator(kOrigin);
2511 req->Start();
2512 d.RunUntilComplete();
2513 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
2514 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
2515 EXPECT_EQ(2, default_network_delegate().set_cookie_count());
2516 }
2517
2518 // Verify that both cookies are sent for same-site requests, whether they are
2519 // subresource requests, subframe navigations, or main frame navigations.
2520 for (IsolationInfo::RequestType request_type :
2521 {IsolationInfo::RequestType::kMainFrame,
2522 IsolationInfo::RequestType::kSubFrame,
2523 IsolationInfo::RequestType::kOther}) {
2524 TestDelegate d;
2525 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
2526 test_server.GetURL(kHost, "/echoheader?Cookie"), DEFAULT_PRIORITY, &d,
2527 TRAFFIC_ANNOTATION_FOR_TESTS));
2528 req->set_isolation_info(
2529 IsolationInfo::Create(request_type, kOrigin, kOrigin, kSiteForCookies));
2530 req->set_site_for_cookies(kSiteForCookies);
2531 req->set_initiator(kOrigin);
2532 req->Start();
2533 d.RunUntilComplete();
2534
2535 EXPECT_NE(std::string::npos,
2536 d.data_received().find("StrictSameSiteCookie=1"));
2537 EXPECT_NE(std::string::npos, d.data_received().find("LaxSameSiteCookie=1"));
2538 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
2539 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
2540 }
2541
2542 // Verify that both cookies are sent when the request has no initiator (can
2543 // happen for main frame browser-initiated navigations).
2544 {
2545 TestDelegate d;
2546 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
2547 test_server.GetURL(kHost, "/echoheader?Cookie"), DEFAULT_PRIORITY, &d,
2548 TRAFFIC_ANNOTATION_FOR_TESTS));
2549 req->set_site_for_cookies(kSiteForCookies);
2550 req->Start();
2551 d.RunUntilComplete();
2552
2553 EXPECT_NE(std::string::npos,
2554 d.data_received().find("StrictSameSiteCookie=1"));
2555 EXPECT_NE(std::string::npos, d.data_received().find("LaxSameSiteCookie=1"));
2556 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
2557 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
2558 }
2559
2560 // Verify that both cookies are sent for same-registrable-domain requests.
2561 {
2562 TestDelegate d;
2563 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
2564 test_server.GetURL(kHost, "/echoheader?Cookie"), DEFAULT_PRIORITY, &d,
2565 TRAFFIC_ANNOTATION_FOR_TESTS));
2566 req->set_site_for_cookies(
2567 SiteForCookies::FromUrl(test_server.GetURL(kSubHost, "/")));
2568 req->set_initiator(kSubOrigin);
2569 req->Start();
2570 d.RunUntilComplete();
2571
2572 EXPECT_NE(std::string::npos,
2573 d.data_received().find("StrictSameSiteCookie=1"));
2574 EXPECT_NE(std::string::npos, d.data_received().find("LaxSameSiteCookie=1"));
2575 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
2576 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
2577 }
2578
2579 // Verify that neither cookie is not sent for cross-site requests.
2580 {
2581 TestDelegate d;
2582 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
2583 test_server.GetURL(kHost, "/echoheader?Cookie"), DEFAULT_PRIORITY, &d,
2584 TRAFFIC_ANNOTATION_FOR_TESTS));
2585 req->set_site_for_cookies(kCrossSiteForCookies);
2586 req->set_initiator(kCrossOrigin);
2587 req->Start();
2588 d.RunUntilComplete();
2589
2590 EXPECT_EQ(std::string::npos,
2591 d.data_received().find("StrictSameSiteCookie=1"));
2592 EXPECT_EQ(std::string::npos, d.data_received().find("LaxSameSiteCookie=1"));
2593 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
2594 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
2595 }
2596
2597 // Verify that the lax cookie is sent for cross-site initiators when the
2598 // method is "safe" and the request is a main frame navigation.
2599 {
2600 TestDelegate d;
2601 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
2602 test_server.GetURL(kHost, "/echoheader?Cookie"), DEFAULT_PRIORITY, &d,
2603 TRAFFIC_ANNOTATION_FOR_TESTS));
2604 req->set_isolation_info(
2605 IsolationInfo::Create(IsolationInfo::RequestType::kMainFrame, kOrigin,
2606 kOrigin, kSiteForCookies));
2607 req->set_site_for_cookies(kSiteForCookies);
2608 req->set_initiator(kCrossOrigin);
2609 req->set_method("GET");
2610 req->Start();
2611 d.RunUntilComplete();
2612
2613 EXPECT_EQ(std::string::npos,
2614 d.data_received().find("StrictSameSiteCookie=1"));
2615 EXPECT_NE(std::string::npos, d.data_received().find("LaxSameSiteCookie=1"));
2616 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
2617 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
2618 }
2619
2620 // Verify that the lax cookie is sent for cross-site initiators when the
2621 // method is "safe" and the request is being forced to be considered as a
2622 // main frame navigation.
2623 {
2624 TestDelegate d;
2625 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
2626 test_server.GetURL(kHost, "/echoheader?Cookie"), DEFAULT_PRIORITY, &d,
2627 TRAFFIC_ANNOTATION_FOR_TESTS));
2628 req->set_isolation_info(IsolationInfo::Create(
2629 IsolationInfo::RequestType::kOther, kOrigin, kOrigin, kSiteForCookies));
2630 req->set_site_for_cookies(kSiteForCookies);
2631 req->set_initiator(kCrossOrigin);
2632 req->set_method("GET");
2633 req->set_force_main_frame_for_same_site_cookies(true);
2634 req->Start();
2635 d.RunUntilComplete();
2636
2637 EXPECT_EQ(std::string::npos,
2638 d.data_received().find("StrictSameSiteCookie=1"));
2639 EXPECT_NE(std::string::npos, d.data_received().find("LaxSameSiteCookie=1"));
2640 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
2641 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
2642 }
2643
2644 // Verify that neither cookie is sent for cross-site initiators when the
2645 // method is unsafe (e.g. POST), even if the request is a main frame
2646 // navigation.
2647 {
2648 TestDelegate d;
2649 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
2650 test_server.GetURL(kHost, "/echoheader?Cookie"), DEFAULT_PRIORITY, &d,
2651 TRAFFIC_ANNOTATION_FOR_TESTS));
2652 req->set_isolation_info(
2653 IsolationInfo::Create(IsolationInfo::RequestType::kMainFrame, kOrigin,
2654 kOrigin, kSiteForCookies));
2655 req->set_site_for_cookies(kSiteForCookies);
2656 req->set_initiator(kCrossOrigin);
2657 req->set_method("POST");
2658 req->Start();
2659 d.RunUntilComplete();
2660
2661 EXPECT_EQ(std::string::npos,
2662 d.data_received().find("StrictSameSiteCookie=1"));
2663 EXPECT_EQ(std::string::npos, d.data_received().find("LaxSameSiteCookie=1"));
2664 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
2665 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
2666 }
2667
2668 // Verify that neither cookie is sent for cross-site initiators when the
2669 // method is safe and the site-for-cookies is same-site, but the request is
2670 // not a main frame navigation.
2671 {
2672 TestDelegate d;
2673 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
2674 test_server.GetURL(kHost, "/echoheader?Cookie"), DEFAULT_PRIORITY, &d,
2675 TRAFFIC_ANNOTATION_FOR_TESTS));
2676 req->set_isolation_info(
2677 IsolationInfo::Create(IsolationInfo::RequestType::kSubFrame, kOrigin,
2678 kOrigin, kSiteForCookies));
2679 req->set_site_for_cookies(kSiteForCookies);
2680 req->set_initiator(kCrossOrigin);
2681 req->set_method("GET");
2682 req->Start();
2683 d.RunUntilComplete();
2684
2685 EXPECT_EQ(std::string::npos,
2686 d.data_received().find("StrictSameSiteCookie=1"));
2687 EXPECT_EQ(std::string::npos, d.data_received().find("LaxSameSiteCookie=1"));
2688 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
2689 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
2690
2691 // Check that the appropriate cookie inclusion status is set.
2692 ASSERT_EQ(2u, req->maybe_sent_cookies().size());
2693 CookieInclusionStatus expected_strict_status =
2694 CookieInclusionStatus::MakeFromReasonsForTesting(
2695 {CookieInclusionStatus::EXCLUDE_SAMESITE_STRICT},
2696 {} /* warning_reasons */);
2697 CookieInclusionStatus expected_lax_status =
2698 CookieInclusionStatus::MakeFromReasonsForTesting(
2699 {CookieInclusionStatus::EXCLUDE_SAMESITE_LAX},
2700 {} /* warning_reasons */);
2701 EXPECT_EQ(expected_strict_status,
2702 req->maybe_sent_cookies()[0].access_result.status);
2703 EXPECT_EQ(expected_lax_status,
2704 req->maybe_sent_cookies()[1].access_result.status);
2705 }
2706 }
2707
TEST_P(URLRequestSameSiteCookiesTest,SameSiteCookies_Redirect)2708 TEST_P(URLRequestSameSiteCookiesTest, SameSiteCookies_Redirect) {
2709 EmbeddedTestServer http_server;
2710 RegisterDefaultHandlers(&http_server);
2711 EmbeddedTestServer https_server(EmbeddedTestServer::TYPE_HTTPS);
2712 https_server.SetSSLConfig(EmbeddedTestServer::CERT_TEST_NAMES);
2713 RegisterDefaultHandlers(&https_server);
2714 ASSERT_TRUE(http_server.Start());
2715 ASSERT_TRUE(https_server.Start());
2716
2717 const std::string kHost = "foo.a.test";
2718 const std::string kSameSiteHost = "bar.a.test";
2719 const std::string kCrossSiteHost = "b.test";
2720 const url::Origin kOrigin =
2721 url::Origin::Create(https_server.GetURL(kHost, "/"));
2722 const url::Origin kHttpOrigin =
2723 url::Origin::Create(http_server.GetURL(kHost, "/"));
2724 const url::Origin kSameSiteOrigin =
2725 url::Origin::Create(https_server.GetURL(kSameSiteHost, "/"));
2726 const url::Origin kCrossSiteOrigin =
2727 url::Origin::Create(https_server.GetURL(kCrossSiteHost, "/"));
2728 const SiteForCookies kSiteForCookies = SiteForCookies::FromOrigin(kOrigin);
2729 const SiteForCookies kHttpSiteForCookies =
2730 SiteForCookies::FromOrigin(kHttpOrigin);
2731 const SiteForCookies kCrossSiteForCookies =
2732 SiteForCookies::FromOrigin(kCrossSiteOrigin);
2733
2734 // Set up two 'SameSite' cookies on foo.a.test
2735 {
2736 TestDelegate d;
2737 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
2738 default_context(),
2739 https_server.GetURL(
2740 kHost,
2741 "/set-cookie?StrictSameSiteCookie=1;SameSite=Strict&"
2742 "LaxSameSiteCookie=1;SameSite=Lax"),
2743 &d);
2744 req->set_site_for_cookies(kSiteForCookies);
2745 req->set_initiator(kOrigin);
2746 req->Start();
2747 d.RunUntilComplete();
2748 ASSERT_EQ(2u, GetAllCookies(&default_context()).size());
2749 }
2750
2751 // Verify that both cookies are sent for same-site, unredirected requests.
2752 {
2753 TestDelegate d;
2754 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
2755 https_server.GetURL(kHost, "/echoheader?Cookie"), DEFAULT_PRIORITY, &d,
2756 TRAFFIC_ANNOTATION_FOR_TESTS));
2757 req->set_site_for_cookies(kSiteForCookies);
2758 req->set_initiator(kOrigin);
2759 req->Start();
2760 d.RunUntilComplete();
2761
2762 EXPECT_EQ(1u, req->url_chain().size());
2763 EXPECT_NE(std::string::npos,
2764 d.data_received().find("StrictSameSiteCookie=1"));
2765 EXPECT_NE(std::string::npos, d.data_received().find("LaxSameSiteCookie=1"));
2766 }
2767
2768 // Verify that both cookies are sent for a same-origin redirected top level
2769 // navigation.
2770 {
2771 TestDelegate d;
2772 GURL url = https_server.GetURL(
2773 kHost, "/server-redirect?" +
2774 https_server.GetURL(kHost, "/echoheader?Cookie").spec());
2775 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
2776 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
2777 req->set_isolation_info(
2778 IsolationInfo::Create(IsolationInfo::RequestType::kMainFrame, kOrigin,
2779 kOrigin, kSiteForCookies));
2780 req->set_first_party_url_policy(
2781 RedirectInfo::FirstPartyURLPolicy::UPDATE_URL_ON_REDIRECT);
2782 req->set_site_for_cookies(kSiteForCookies);
2783 req->set_initiator(kOrigin);
2784 req->Start();
2785 d.RunUntilComplete();
2786
2787 EXPECT_EQ(2u, req->url_chain().size());
2788 EXPECT_NE(std::string::npos,
2789 d.data_received().find("StrictSameSiteCookie=1"));
2790 EXPECT_NE(std::string::npos, d.data_received().find("LaxSameSiteCookie=1"));
2791 }
2792
2793 // Verify that both cookies are sent for a same-site redirected top level
2794 // navigation.
2795 {
2796 TestDelegate d;
2797 GURL url = https_server.GetURL(
2798 kSameSiteHost,
2799 "/server-redirect?" +
2800 https_server.GetURL(kHost, "/echoheader?Cookie").spec());
2801 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
2802 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
2803 req->set_isolation_info(IsolationInfo::Create(
2804 IsolationInfo::RequestType::kMainFrame, kSameSiteOrigin,
2805 kSameSiteOrigin, kSiteForCookies));
2806 req->set_first_party_url_policy(
2807 RedirectInfo::FirstPartyURLPolicy::UPDATE_URL_ON_REDIRECT);
2808 req->set_site_for_cookies(kSiteForCookies);
2809 req->set_initiator(kOrigin);
2810 req->Start();
2811 d.RunUntilComplete();
2812
2813 EXPECT_EQ(2u, req->url_chain().size());
2814 EXPECT_NE(std::string::npos,
2815 d.data_received().find("StrictSameSiteCookie=1"));
2816 EXPECT_NE(std::string::npos, d.data_received().find("LaxSameSiteCookie=1"));
2817 }
2818
2819 // If redirect chains are considered:
2820 // Verify that the Strict cookie may or may not be sent for a cross-scheme
2821 // (same-registrable-domain) redirected top level navigation, depending on the
2822 // status of Schemeful Same-Site. The Lax cookie is sent regardless, because
2823 // this is a top-level navigation.
2824 //
2825 // If redirect chains are not considered:
2826 // Verify that both cookies are sent, because this is a top-level navigation.
2827 {
2828 base::test::ScopedFeatureList feature_list;
2829 feature_list.InitAndDisableFeature(features::kSchemefulSameSite);
2830 TestDelegate d;
2831 GURL url = http_server.GetURL(
2832 kHost, "/server-redirect?" +
2833 https_server.GetURL(kHost, "/echoheader?Cookie").spec());
2834 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
2835 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
2836 req->set_isolation_info(
2837 IsolationInfo::Create(IsolationInfo::RequestType::kMainFrame,
2838 kHttpOrigin, kHttpOrigin, kHttpSiteForCookies));
2839 req->set_first_party_url_policy(
2840 RedirectInfo::FirstPartyURLPolicy::UPDATE_URL_ON_REDIRECT);
2841 req->set_site_for_cookies(kHttpSiteForCookies);
2842 req->set_initiator(kOrigin);
2843 req->Start();
2844 d.RunUntilComplete();
2845
2846 EXPECT_EQ(2u, req->url_chain().size());
2847 EXPECT_NE(std::string::npos,
2848 d.data_received().find("StrictSameSiteCookie=1"));
2849 EXPECT_NE(std::string::npos, d.data_received().find("LaxSameSiteCookie=1"));
2850 }
2851 {
2852 base::test::ScopedFeatureList feature_list;
2853 feature_list.InitAndEnableFeature(features::kSchemefulSameSite);
2854 TestDelegate d;
2855 GURL url = http_server.GetURL(
2856 kHost, "/server-redirect?" +
2857 https_server.GetURL(kHost, "/echoheader?Cookie").spec());
2858 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
2859 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
2860 req->set_isolation_info(
2861 IsolationInfo::Create(IsolationInfo::RequestType::kMainFrame,
2862 kHttpOrigin, kHttpOrigin, kHttpSiteForCookies));
2863 req->set_first_party_url_policy(
2864 RedirectInfo::FirstPartyURLPolicy::UPDATE_URL_ON_REDIRECT);
2865 req->set_site_for_cookies(kHttpSiteForCookies);
2866 req->set_initiator(kOrigin);
2867 req->Start();
2868 d.RunUntilComplete();
2869
2870 EXPECT_EQ(2u, req->url_chain().size());
2871 EXPECT_EQ(
2872 DoesCookieSameSiteConsiderRedirectChain(),
2873 std::string::npos == d.data_received().find("StrictSameSiteCookie=1"));
2874 EXPECT_NE(std::string::npos, d.data_received().find("LaxSameSiteCookie=1"));
2875 }
2876
2877 // Verify that (depending on whether redirect chains are considered), the
2878 // Strict cookie is (not) sent for a cross-site redirected top level
2879 // navigation...
2880 {
2881 TestDelegate d;
2882 GURL url = https_server.GetURL(
2883 kCrossSiteHost,
2884 "/server-redirect?" +
2885 https_server.GetURL(kHost, "/echoheader?Cookie").spec());
2886 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
2887 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
2888 req->set_isolation_info(IsolationInfo::Create(
2889 IsolationInfo::RequestType::kMainFrame, kCrossSiteOrigin,
2890 kCrossSiteOrigin, kCrossSiteForCookies));
2891 req->set_first_party_url_policy(
2892 RedirectInfo::FirstPartyURLPolicy::UPDATE_URL_ON_REDIRECT);
2893 req->set_site_for_cookies(kCrossSiteForCookies);
2894 req->set_initiator(kOrigin);
2895 req->Start();
2896 d.RunUntilComplete();
2897
2898 EXPECT_EQ(2u, req->url_chain().size());
2899 EXPECT_EQ(
2900 DoesCookieSameSiteConsiderRedirectChain(),
2901 std::string::npos == d.data_received().find("StrictSameSiteCookie=1"));
2902 EXPECT_NE(std::string::npos, d.data_received().find("LaxSameSiteCookie=1"));
2903 }
2904 // ... even if the initial URL is same-site.
2905 {
2906 TestDelegate d;
2907 GURL middle_url = https_server.GetURL(
2908 kCrossSiteHost,
2909 "/server-redirect?" +
2910 https_server.GetURL(kHost, "/echoheader?Cookie").spec());
2911 GURL url =
2912 https_server.GetURL(kHost, "/server-redirect?" + middle_url.spec());
2913 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
2914 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
2915 req->set_isolation_info(
2916 IsolationInfo::Create(IsolationInfo::RequestType::kMainFrame, kOrigin,
2917 kOrigin, kSiteForCookies));
2918 req->set_first_party_url_policy(
2919 RedirectInfo::FirstPartyURLPolicy::UPDATE_URL_ON_REDIRECT);
2920 req->set_site_for_cookies(kSiteForCookies);
2921 req->set_initiator(kOrigin);
2922 req->Start();
2923 d.RunUntilComplete();
2924
2925 EXPECT_EQ(3u, req->url_chain().size());
2926 EXPECT_EQ(
2927 DoesCookieSameSiteConsiderRedirectChain(),
2928 std::string::npos == d.data_received().find("StrictSameSiteCookie=1"));
2929 EXPECT_NE(std::string::npos, d.data_received().find("LaxSameSiteCookie=1"));
2930 }
2931
2932 // Verify that (depending on whether redirect chains are considered), neither
2933 // (or both) SameSite cookie is sent for a cross-site redirected subresource
2934 // request...
2935 {
2936 TestDelegate d;
2937 GURL url = https_server.GetURL(
2938 kCrossSiteHost,
2939 "/server-redirect?" +
2940 https_server.GetURL(kHost, "/echoheader?Cookie").spec());
2941 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
2942 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
2943 req->set_isolation_info(IsolationInfo::Create(
2944 IsolationInfo::RequestType::kOther, kOrigin, kOrigin, kSiteForCookies));
2945 req->set_site_for_cookies(kSiteForCookies);
2946 req->set_initiator(kOrigin);
2947 req->Start();
2948 d.RunUntilComplete();
2949
2950 EXPECT_EQ(2u, req->url_chain().size());
2951 EXPECT_EQ(
2952 DoesCookieSameSiteConsiderRedirectChain(),
2953 std::string::npos == d.data_received().find("StrictSameSiteCookie=1"));
2954 EXPECT_EQ(
2955 DoesCookieSameSiteConsiderRedirectChain(),
2956 std::string::npos == d.data_received().find("LaxSameSiteCookie=1"));
2957 }
2958 // ... even if the initial URL is same-site.
2959 {
2960 TestDelegate d;
2961 GURL middle_url = https_server.GetURL(
2962 kCrossSiteHost,
2963 "/server-redirect?" +
2964 https_server.GetURL(kHost, "/echoheader?Cookie").spec());
2965 GURL url =
2966 https_server.GetURL(kHost, "/server-redirect?" + middle_url.spec());
2967 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
2968 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
2969 req->set_isolation_info(IsolationInfo::Create(
2970 IsolationInfo::RequestType::kOther, kOrigin, kOrigin, kSiteForCookies));
2971 req->set_site_for_cookies(kSiteForCookies);
2972 req->set_initiator(kOrigin);
2973 req->Start();
2974 d.RunUntilComplete();
2975
2976 EXPECT_EQ(3u, req->url_chain().size());
2977 EXPECT_EQ(
2978 DoesCookieSameSiteConsiderRedirectChain(),
2979 std::string::npos == d.data_received().find("StrictSameSiteCookie=1"));
2980 EXPECT_EQ(
2981 DoesCookieSameSiteConsiderRedirectChain(),
2982 std::string::npos == d.data_received().find("LaxSameSiteCookie=1"));
2983 }
2984 }
2985
TEST_P(URLRequestSameSiteCookiesTest,SettingSameSiteCookies)2986 TEST_P(URLRequestSameSiteCookiesTest, SettingSameSiteCookies) {
2987 HttpTestServer test_server;
2988 ASSERT_TRUE(test_server.Start());
2989
2990 const std::string kHost = "example.test";
2991 const std::string kSubHost = "subdomain.example.test";
2992 const std::string kCrossHost = "cross-origin.test";
2993 const url::Origin kOrigin =
2994 url::Origin::Create(test_server.GetURL(kHost, "/"));
2995 const url::Origin kSubOrigin =
2996 url::Origin::Create(test_server.GetURL(kSubHost, "/"));
2997 const url::Origin kCrossOrigin =
2998 url::Origin::Create(test_server.GetURL(kCrossHost, "/"));
2999 const SiteForCookies kSiteForCookies = SiteForCookies::FromOrigin(kOrigin);
3000 const SiteForCookies kCrossSiteForCookies =
3001 SiteForCookies::FromOrigin(kCrossOrigin);
3002
3003 int expected_cookies = 0;
3004
3005 {
3006 TestDelegate d;
3007 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
3008 test_server.GetURL(kHost,
3009 "/set-cookie?Strict1=1;SameSite=Strict&"
3010 "Lax1=1;SameSite=Lax"),
3011 DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
3012 req->set_site_for_cookies(kSiteForCookies);
3013 req->set_initiator(kOrigin);
3014
3015 // 'SameSite' cookies are settable from strict same-site contexts
3016 // (same-origin site_for_cookies, same-origin initiator), so this request
3017 // should result in two cookies being set.
3018 expected_cookies += 2;
3019
3020 req->Start();
3021 d.RunUntilComplete();
3022 EXPECT_EQ(expected_cookies,
3023 static_cast<int>(GetAllCookies(&default_context()).size()));
3024 EXPECT_EQ(expected_cookies, default_network_delegate().set_cookie_count());
3025 }
3026
3027 {
3028 TestDelegate d;
3029 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
3030 test_server.GetURL(kHost,
3031 "/set-cookie?Strict2=1;SameSite=Strict&"
3032 "Lax2=1;SameSite=Lax"),
3033 DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
3034 req->set_isolation_info(
3035 IsolationInfo::Create(IsolationInfo::RequestType::kMainFrame, kOrigin,
3036 kOrigin, kSiteForCookies));
3037 req->set_site_for_cookies(kSiteForCookies);
3038 req->set_initiator(kCrossOrigin);
3039
3040 // 'SameSite' cookies are settable from lax same-site contexts (same-origin
3041 // site_for_cookies, cross-site initiator, main frame navigation), so this
3042 // request should result in two cookies being set.
3043 expected_cookies += 2;
3044
3045 req->Start();
3046 d.RunUntilComplete();
3047 EXPECT_EQ(expected_cookies,
3048 static_cast<int>(GetAllCookies(&default_context()).size()));
3049 EXPECT_EQ(expected_cookies, default_network_delegate().set_cookie_count());
3050 }
3051
3052 {
3053 TestDelegate d;
3054 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
3055 test_server.GetURL(kHost,
3056 "/set-cookie?Strict3=1;SameSite=Strict&"
3057 "Lax3=1;SameSite=Lax"),
3058 DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
3059 req->set_isolation_info(
3060 IsolationInfo::Create(IsolationInfo::RequestType::kMainFrame,
3061 kSubOrigin, kSubOrigin, kSiteForCookies));
3062 req->set_site_for_cookies(
3063 SiteForCookies::FromUrl(test_server.GetURL(kSubHost, "/")));
3064 req->set_initiator(kCrossOrigin);
3065
3066 // 'SameSite' cookies are settable from lax same-site contexts (same-site
3067 // site_for_cookies, cross-site initiator, main frame navigation), so this
3068 // request should result in two cookies being set.
3069 expected_cookies += 2;
3070
3071 req->Start();
3072 d.RunUntilComplete();
3073 EXPECT_EQ(expected_cookies,
3074 static_cast<int>(GetAllCookies(&default_context()).size()));
3075 EXPECT_EQ(expected_cookies, default_network_delegate().set_cookie_count());
3076 }
3077
3078 {
3079 TestDelegate d;
3080 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
3081 test_server.GetURL(kHost,
3082 "/set-cookie?Strict4=1;SameSite=Strict&"
3083 "Lax4=1;SameSite=Lax"),
3084 DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
3085 req->set_site_for_cookies(
3086 SiteForCookies::FromUrl(test_server.GetURL(kSubHost, "/")));
3087
3088 // 'SameSite' cookies are settable from strict same-site contexts (same-site
3089 // site_for_cookies, no initiator), so this request should result in two
3090 // cookies being set.
3091 expected_cookies += 2;
3092
3093 req->Start();
3094 d.RunUntilComplete();
3095 EXPECT_EQ(expected_cookies,
3096 static_cast<int>(GetAllCookies(&default_context()).size()));
3097 EXPECT_EQ(expected_cookies, default_network_delegate().set_cookie_count());
3098 }
3099
3100 int expected_network_delegate_set_cookie_count;
3101 {
3102 TestDelegate d;
3103 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
3104 test_server.GetURL(kHost,
3105 "/set-cookie?Strict5=1;SameSite=Strict&"
3106 "Lax5=1;SameSite=Lax"),
3107 DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
3108 req->set_site_for_cookies(kCrossSiteForCookies);
3109 req->set_initiator(kCrossOrigin);
3110
3111 // 'SameSite' cookies are not settable from cross-site contexts, so this
3112 // should not result in any new cookies being set.
3113 expected_cookies += 0;
3114 // This counts the number of successful calls to CanSetCookie() when
3115 // attempting to set a cookie. The two cookies above were created and
3116 // attempted to be set, and were not rejected by the NetworkDelegate, so the
3117 // count here is 2 more than the number of cookies actually set.
3118 expected_network_delegate_set_cookie_count = expected_cookies + 2;
3119
3120 req->Start();
3121 d.RunUntilComplete();
3122 // This counts the number of cookies actually set.
3123 EXPECT_EQ(expected_cookies,
3124 static_cast<int>(GetAllCookies(&default_context()).size()));
3125 EXPECT_EQ(expected_network_delegate_set_cookie_count,
3126 default_network_delegate().set_cookie_count());
3127 }
3128
3129 {
3130 TestDelegate d;
3131 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
3132 test_server.GetURL(kHost,
3133 "/set-cookie?Strict6=1;SameSite=Strict&"
3134 "Lax6=1;SameSite=Lax"),
3135 DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
3136 req->set_isolation_info(
3137 IsolationInfo::Create(IsolationInfo::RequestType::kSubFrame, kOrigin,
3138 kOrigin, kSiteForCookies));
3139 req->set_site_for_cookies(kSiteForCookies);
3140 req->set_initiator(kCrossOrigin);
3141
3142 // Same-site site-for-cookies, cross-site initiator, non main frame
3143 // navigation -> context is considered cross-site so no SameSite cookies are
3144 // set.
3145 expected_cookies += 0;
3146 // This counts the number of successful calls to CanSetCookie() when
3147 // attempting to set a cookie. The two cookies above were created and
3148 // attempted to be set, and were not rejected by the NetworkDelegate, so the
3149 // count here is 2 more than the number of cookies actually set.
3150 expected_network_delegate_set_cookie_count += 2;
3151
3152 req->Start();
3153 d.RunUntilComplete();
3154 EXPECT_EQ(expected_cookies,
3155 static_cast<int>(GetAllCookies(&default_context()).size()));
3156 EXPECT_EQ(expected_network_delegate_set_cookie_count,
3157 default_network_delegate().set_cookie_count());
3158
3159 // Check that the appropriate cookie inclusion status is set.
3160 ASSERT_EQ(2u, req->maybe_stored_cookies().size());
3161 CookieInclusionStatus expected_strict_status =
3162 CookieInclusionStatus::MakeFromReasonsForTesting(
3163 {CookieInclusionStatus::EXCLUDE_SAMESITE_STRICT},
3164 {} /* warning_reasons */);
3165 CookieInclusionStatus expected_lax_status =
3166 CookieInclusionStatus::MakeFromReasonsForTesting(
3167 {CookieInclusionStatus::EXCLUDE_SAMESITE_LAX},
3168 {} /* warning_reasons */);
3169 EXPECT_EQ(expected_strict_status,
3170 req->maybe_stored_cookies()[0].access_result.status);
3171 EXPECT_EQ(expected_lax_status,
3172 req->maybe_stored_cookies()[1].access_result.status);
3173 }
3174
3175 {
3176 TestDelegate d;
3177 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
3178 test_server.GetURL(kHost,
3179 "/set-cookie?Strict7=1;SameSite=Strict&"
3180 "Lax7=1;SameSite=Lax"),
3181 DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
3182 req->set_isolation_info(IsolationInfo::Create(
3183 IsolationInfo::RequestType::kOther, kOrigin, kOrigin, kSiteForCookies));
3184 req->set_site_for_cookies(kSiteForCookies);
3185 req->set_initiator(kCrossOrigin);
3186 req->set_force_main_frame_for_same_site_cookies(true);
3187
3188 // 'SameSite' cookies are settable from lax same-site contexts (same-origin
3189 // site_for_cookies, cross-site initiator, main frame navigation), so this
3190 // request should result in two cookies being set.
3191 expected_cookies += 2;
3192 expected_network_delegate_set_cookie_count += 2;
3193
3194 req->Start();
3195 d.RunUntilComplete();
3196 EXPECT_EQ(expected_cookies,
3197 static_cast<int>(GetAllCookies(&default_context()).size()));
3198 EXPECT_EQ(expected_network_delegate_set_cookie_count,
3199 default_network_delegate().set_cookie_count());
3200 }
3201 }
3202
3203 // Tests special chrome:// scheme that is supposed to always attach SameSite
3204 // cookies if the requested site is secure.
TEST_P(URLRequestSameSiteCookiesTest,SameSiteCookiesSpecialScheme)3205 TEST_P(URLRequestSameSiteCookiesTest, SameSiteCookiesSpecialScheme) {
3206 url::ScopedSchemeRegistryForTests scoped_registry;
3207 url::AddStandardScheme("chrome", url::SchemeType::SCHEME_WITH_HOST);
3208
3209 EmbeddedTestServer https_test_server(EmbeddedTestServer::TYPE_HTTPS);
3210 RegisterDefaultHandlers(&https_test_server);
3211 ASSERT_TRUE(https_test_server.Start());
3212 EmbeddedTestServer http_test_server(EmbeddedTestServer::TYPE_HTTP);
3213 RegisterDefaultHandlers(&http_test_server);
3214 ASSERT_TRUE(http_test_server.Start());
3215 ASSERT_NE(https_test_server.port(), http_test_server.port());
3216 // Both hostnames should be 127.0.0.1 (so that we can use the same set of
3217 // cookies on both, for convenience).
3218 ASSERT_EQ(https_test_server.host_port_pair().host(),
3219 http_test_server.host_port_pair().host());
3220
3221 // Set up special schemes
3222 auto cad = std::make_unique<TestCookieAccessDelegate>();
3223 cad->SetIgnoreSameSiteRestrictionsScheme("chrome", true);
3224 auto cm = std::make_unique<CookieMonster>(nullptr, nullptr);
3225 cm->SetCookieAccessDelegate(std::move(cad));
3226
3227 auto context_builder = CreateTestURLRequestContextBuilder();
3228 context_builder->SetCookieStore(std::move(cm));
3229 auto context = context_builder->Build();
3230
3231 // SameSite cookies are not set for 'chrome' scheme if requested origin is not
3232 // secure.
3233 {
3234 TestDelegate d;
3235 std::unique_ptr<URLRequest> req(context->CreateRequest(
3236 http_test_server.GetURL(
3237 "/set-cookie?StrictSameSiteCookie=1;SameSite=Strict&"
3238 "LaxSameSiteCookie=1;SameSite=Lax"),
3239 DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
3240 req->set_site_for_cookies(
3241 SiteForCookies::FromUrl(GURL("chrome://whatever/")));
3242 req->Start();
3243 d.RunUntilComplete();
3244 EXPECT_EQ(0u, GetAllCookies(context.get()).size());
3245 }
3246
3247 // But they are set for 'chrome' scheme if the requested origin is secure.
3248 {
3249 TestDelegate d;
3250 std::unique_ptr<URLRequest> req(context->CreateRequest(
3251 https_test_server.GetURL(
3252 "/set-cookie?StrictSameSiteCookie=1;SameSite=Strict&"
3253 "LaxSameSiteCookie=1;SameSite=Lax"),
3254 DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
3255 req->set_site_for_cookies(
3256 SiteForCookies::FromUrl(GURL("chrome://whatever/")));
3257 req->Start();
3258 d.RunUntilComplete();
3259 CookieList cookies = GetAllCookies(context.get());
3260 EXPECT_EQ(2u, cookies.size());
3261 }
3262
3263 // Verify that they are both sent when the site_for_cookies scheme is
3264 // 'chrome' and the requested origin is secure.
3265 {
3266 TestDelegate d;
3267 std::unique_ptr<URLRequest> req(context->CreateRequest(
3268 https_test_server.GetURL("/echoheader?Cookie"), DEFAULT_PRIORITY, &d,
3269 TRAFFIC_ANNOTATION_FOR_TESTS));
3270 req->set_site_for_cookies(
3271 SiteForCookies::FromUrl(GURL("chrome://whatever/")));
3272 req->Start();
3273 d.RunUntilComplete();
3274 EXPECT_NE(std::string::npos,
3275 d.data_received().find("StrictSameSiteCookie=1"));
3276 EXPECT_NE(std::string::npos, d.data_received().find("LaxSameSiteCookie=1"));
3277 }
3278
3279 // Verify that they are not sent when the site_for_cookies scheme is
3280 // 'chrome' and the requested origin is not secure.
3281 {
3282 TestDelegate d;
3283 std::unique_ptr<URLRequest> req(context->CreateRequest(
3284 http_test_server.GetURL("/echoheader?Cookie"), DEFAULT_PRIORITY, &d,
3285 TRAFFIC_ANNOTATION_FOR_TESTS));
3286 req->set_site_for_cookies(
3287 SiteForCookies::FromUrl(GURL("chrome://whatever/")));
3288 req->Start();
3289 d.RunUntilComplete();
3290 EXPECT_EQ(std::string::npos,
3291 d.data_received().find("StrictSameSiteCookie"));
3292 EXPECT_EQ(std::string::npos, d.data_received().find("LaxSameSiteCookie"));
3293 }
3294 }
3295
TEST_P(URLRequestSameSiteCookiesTest,SettingSameSiteCookies_Redirect)3296 TEST_P(URLRequestSameSiteCookiesTest, SettingSameSiteCookies_Redirect) {
3297 EmbeddedTestServer http_server;
3298 RegisterDefaultHandlers(&http_server);
3299 EmbeddedTestServer https_server(EmbeddedTestServer::TYPE_HTTPS);
3300 https_server.SetSSLConfig(EmbeddedTestServer::CERT_TEST_NAMES);
3301 RegisterDefaultHandlers(&https_server);
3302 ASSERT_TRUE(http_server.Start());
3303 ASSERT_TRUE(https_server.Start());
3304
3305 auto& network_delegate = default_network_delegate();
3306
3307 const std::string kHost = "foo.a.test";
3308 const std::string kSameSiteHost = "bar.a.test";
3309 const std::string kCrossSiteHost = "b.test";
3310 const url::Origin kOrigin =
3311 url::Origin::Create(https_server.GetURL(kHost, "/"));
3312 const url::Origin kHttpOrigin =
3313 url::Origin::Create(http_server.GetURL(kHost, "/"));
3314 const url::Origin kSameSiteOrigin =
3315 url::Origin::Create(https_server.GetURL(kSameSiteHost, "/"));
3316 const url::Origin kCrossSiteOrigin =
3317 url::Origin::Create(https_server.GetURL(kCrossSiteHost, "/"));
3318 const SiteForCookies kSiteForCookies = SiteForCookies::FromOrigin(kOrigin);
3319 const SiteForCookies kHttpSiteForCookies =
3320 SiteForCookies::FromOrigin(kHttpOrigin);
3321 const SiteForCookies kCrossSiteForCookies =
3322 SiteForCookies::FromOrigin(kCrossSiteOrigin);
3323
3324 int expected_cookies = 0;
3325 int expected_set_cookie_count = 0;
3326
3327 // Verify that SameSite cookies can be set for a same-origin redirected
3328 // top-level navigation request.
3329 {
3330 TestDelegate d;
3331 GURL set_cookie_url = https_server.GetURL(
3332 kHost, "/set-cookie?Strict1=1;SameSite=Strict&Lax1=1;SameSite=Lax");
3333 GURL url =
3334 https_server.GetURL(kHost, "/server-redirect?" + set_cookie_url.spec());
3335 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
3336 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
3337 req->set_isolation_info(
3338 IsolationInfo::Create(IsolationInfo::RequestType::kMainFrame, kOrigin,
3339 kOrigin, kSiteForCookies));
3340 req->set_first_party_url_policy(
3341 RedirectInfo::FirstPartyURLPolicy::UPDATE_URL_ON_REDIRECT);
3342 req->set_site_for_cookies(kSiteForCookies);
3343 req->set_initiator(kOrigin);
3344
3345 expected_cookies += 2;
3346 expected_set_cookie_count += 2;
3347
3348 req->Start();
3349 d.RunUntilComplete();
3350 EXPECT_EQ(expected_cookies,
3351 static_cast<int>(GetAllCookies(&default_context()).size()));
3352 EXPECT_EQ(expected_set_cookie_count, network_delegate.set_cookie_count());
3353 }
3354
3355 // Verify that SameSite cookies can be set for a same-site redirected
3356 // top-level navigation request.
3357 {
3358 TestDelegate d;
3359 GURL set_cookie_url = https_server.GetURL(
3360 kHost, "/set-cookie?Strict2=1;SameSite=Strict&Lax2=1;SameSite=Lax");
3361 GURL url = https_server.GetURL(kSameSiteHost,
3362 "/server-redirect?" + set_cookie_url.spec());
3363 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
3364 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
3365 req->set_isolation_info(IsolationInfo::Create(
3366 IsolationInfo::RequestType::kMainFrame, kSameSiteOrigin,
3367 kSameSiteOrigin, kSiteForCookies));
3368 req->set_first_party_url_policy(
3369 RedirectInfo::FirstPartyURLPolicy::UPDATE_URL_ON_REDIRECT);
3370 req->set_site_for_cookies(kSiteForCookies);
3371 req->set_initiator(kSameSiteOrigin);
3372
3373 expected_cookies += 2;
3374 expected_set_cookie_count += 2;
3375
3376 req->Start();
3377 d.RunUntilComplete();
3378 EXPECT_EQ(expected_cookies,
3379 static_cast<int>(GetAllCookies(&default_context()).size()));
3380 EXPECT_EQ(expected_set_cookie_count, network_delegate.set_cookie_count());
3381 }
3382
3383 // Verify that SameSite cookies can be set for a cross-site redirected
3384 // top-level navigation request.
3385 {
3386 TestDelegate d;
3387 GURL set_cookie_url = https_server.GetURL(
3388 kHost, "/set-cookie?Strict3=1;SameSite=Strict&Lax3=1;SameSite=Lax");
3389 GURL url = https_server.GetURL(kCrossSiteHost,
3390 "/server-redirect?" + set_cookie_url.spec());
3391 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
3392 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
3393 req->set_isolation_info(IsolationInfo::Create(
3394 IsolationInfo::RequestType::kMainFrame, kCrossSiteOrigin,
3395 kCrossSiteOrigin, kCrossSiteForCookies));
3396 req->set_first_party_url_policy(
3397 RedirectInfo::FirstPartyURLPolicy::UPDATE_URL_ON_REDIRECT);
3398 req->set_site_for_cookies(kCrossSiteForCookies);
3399 req->set_initiator(kCrossSiteOrigin);
3400
3401 expected_cookies += 2;
3402 expected_set_cookie_count += 2;
3403
3404 req->Start();
3405 d.RunUntilComplete();
3406 EXPECT_EQ(expected_cookies,
3407 static_cast<int>(GetAllCookies(&default_context()).size()));
3408 EXPECT_EQ(expected_set_cookie_count, network_delegate.set_cookie_count());
3409 }
3410
3411 // Verify that SameSite cookies can be set for a same-origin redirected
3412 // subresource request.
3413 {
3414 TestDelegate d;
3415 GURL set_cookie_url = https_server.GetURL(
3416 kHost, "/set-cookie?Strict4=1;SameSite=Strict&Lax4=1;SameSite=Lax");
3417 GURL url =
3418 https_server.GetURL(kHost, "/server-redirect?" + set_cookie_url.spec());
3419 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
3420 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
3421 req->set_isolation_info(IsolationInfo::Create(
3422 IsolationInfo::RequestType::kOther, kOrigin, kOrigin, kSiteForCookies));
3423 req->set_site_for_cookies(kSiteForCookies);
3424 req->set_initiator(kOrigin);
3425
3426 expected_cookies += 2;
3427 expected_set_cookie_count += 2;
3428
3429 req->Start();
3430 d.RunUntilComplete();
3431 EXPECT_EQ(expected_cookies,
3432 static_cast<int>(GetAllCookies(&default_context()).size()));
3433 EXPECT_EQ(expected_set_cookie_count, network_delegate.set_cookie_count());
3434 }
3435
3436 // Verify that SameSite cookies can be set for a same-site redirected
3437 // subresource request.
3438 {
3439 TestDelegate d;
3440 GURL set_cookie_url = https_server.GetURL(
3441 kHost, "/set-cookie?Strict5=1;SameSite=Strict&Lax5=1;SameSite=Lax");
3442 GURL url = https_server.GetURL(kSameSiteHost,
3443 "/server-redirect?" + set_cookie_url.spec());
3444 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
3445 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
3446 req->set_isolation_info(IsolationInfo::Create(
3447 IsolationInfo::RequestType::kOther, kSameSiteOrigin, kSameSiteOrigin,
3448 kSiteForCookies));
3449 req->set_site_for_cookies(kSiteForCookies);
3450 req->set_initiator(kSameSiteOrigin);
3451
3452 expected_cookies += 2;
3453 expected_set_cookie_count += 2;
3454
3455 req->Start();
3456 d.RunUntilComplete();
3457 EXPECT_EQ(expected_cookies,
3458 static_cast<int>(GetAllCookies(&default_context()).size()));
3459 EXPECT_EQ(expected_set_cookie_count, network_delegate.set_cookie_count());
3460 }
3461
3462 // Verify that (depending on whether redirect chains are considered) SameSite
3463 // cookies can/cannot be set for a cross-site redirected subresource request,
3464 // even if the site-for-cookies and initiator are same-site, ...
3465 {
3466 TestDelegate d;
3467 GURL set_cookie_url = https_server.GetURL(
3468 kHost, "/set-cookie?Strict6=1;SameSite=Strict&Lax6=1;SameSite=Lax");
3469 GURL url = https_server.GetURL(kCrossSiteHost,
3470 "/server-redirect?" + set_cookie_url.spec());
3471 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
3472 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
3473 req->set_isolation_info(IsolationInfo::Create(
3474 IsolationInfo::RequestType::kOther, kOrigin, kOrigin, kSiteForCookies));
3475 req->set_site_for_cookies(kSiteForCookies);
3476 req->set_initiator(kOrigin);
3477
3478 expected_cookies += DoesCookieSameSiteConsiderRedirectChain() ? 0 : 2;
3479 expected_set_cookie_count += 2;
3480
3481 req->Start();
3482 d.RunUntilComplete();
3483 EXPECT_EQ(expected_cookies,
3484 static_cast<int>(GetAllCookies(&default_context()).size()));
3485 EXPECT_EQ(expected_set_cookie_count, network_delegate.set_cookie_count());
3486 }
3487 // ... even if the initial URL is same-site.
3488 {
3489 TestDelegate d;
3490 GURL set_cookie_url = https_server.GetURL(
3491 kHost, "/set-cookie?Strict7=1;SameSite=Strict&Lax7=1;SameSite=Lax");
3492 GURL middle_url = https_server.GetURL(
3493 kCrossSiteHost, "/server-redirect?" + set_cookie_url.spec());
3494 GURL url =
3495 https_server.GetURL(kHost, "/server-redirect?" + middle_url.spec());
3496 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
3497 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
3498 req->set_isolation_info(IsolationInfo::Create(
3499 IsolationInfo::RequestType::kOther, kOrigin, kOrigin, kSiteForCookies));
3500 req->set_site_for_cookies(kSiteForCookies);
3501 req->set_initiator(kOrigin);
3502
3503 expected_cookies += DoesCookieSameSiteConsiderRedirectChain() ? 0 : 2;
3504 expected_set_cookie_count += 2;
3505
3506 req->Start();
3507 d.RunUntilComplete();
3508 EXPECT_EQ(expected_cookies,
3509 static_cast<int>(GetAllCookies(&default_context()).size()));
3510 EXPECT_EQ(expected_set_cookie_count, network_delegate.set_cookie_count());
3511 }
3512
3513 // Verify that SameSite cookies may or may not be set for a cross-scheme
3514 // (same-registrable-domain) redirected subresource request, depending on the
3515 // status of Schemeful Same-Site and whether redirect chains are considered.
3516 {
3517 base::test::ScopedFeatureList feature_list;
3518 feature_list.InitAndDisableFeature(features::kSchemefulSameSite);
3519 TestDelegate d;
3520 GURL set_cookie_url = https_server.GetURL(
3521 kHost, "/set-cookie?Strict8=1;SameSite=Strict&Lax8=1;SameSite=Lax");
3522 GURL url =
3523 http_server.GetURL(kHost, "/server-redirect?" + set_cookie_url.spec());
3524 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
3525 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
3526 req->set_isolation_info(
3527 IsolationInfo::Create(IsolationInfo::RequestType::kOther, kHttpOrigin,
3528 kHttpOrigin, kHttpSiteForCookies));
3529 req->set_first_party_url_policy(
3530 RedirectInfo::FirstPartyURLPolicy::UPDATE_URL_ON_REDIRECT);
3531 req->set_site_for_cookies(kHttpSiteForCookies);
3532 req->set_initiator(kOrigin);
3533
3534 expected_cookies += 2;
3535 expected_set_cookie_count += 2;
3536
3537 req->Start();
3538 d.RunUntilComplete();
3539 EXPECT_EQ(expected_cookies,
3540 static_cast<int>(GetAllCookies(&default_context()).size()));
3541 EXPECT_EQ(expected_set_cookie_count, network_delegate.set_cookie_count());
3542 }
3543 {
3544 base::test::ScopedFeatureList feature_list;
3545 feature_list.InitAndEnableFeature(features::kSchemefulSameSite);
3546 TestDelegate d;
3547 GURL set_cookie_url = https_server.GetURL(
3548 kHost, "/set-cookie?Strict9=1;SameSite=Strict&Lax9=1;SameSite=Lax");
3549 GURL url =
3550 http_server.GetURL(kHost, "/server-redirect?" + set_cookie_url.spec());
3551 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
3552 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
3553 req->set_isolation_info(
3554 IsolationInfo::Create(IsolationInfo::RequestType::kOther, kHttpOrigin,
3555 kHttpOrigin, kHttpSiteForCookies));
3556 req->set_first_party_url_policy(
3557 RedirectInfo::FirstPartyURLPolicy::UPDATE_URL_ON_REDIRECT);
3558 req->set_site_for_cookies(kHttpSiteForCookies);
3559 req->set_initiator(kOrigin);
3560
3561 expected_cookies += DoesCookieSameSiteConsiderRedirectChain() ? 0 : 2;
3562 expected_set_cookie_count += 2;
3563
3564 req->Start();
3565 d.RunUntilComplete();
3566 EXPECT_EQ(expected_cookies,
3567 static_cast<int>(GetAllCookies(&default_context()).size()));
3568 EXPECT_EQ(expected_set_cookie_count, network_delegate.set_cookie_count());
3569 }
3570 }
3571
3572 INSTANTIATE_TEST_SUITE_P(/* no label */,
3573 URLRequestSameSiteCookiesTest,
3574 ::testing::Bool());
3575
TEST_F(URLRequestTest,PartitionedCookiesRedirect)3576 TEST_F(URLRequestTest, PartitionedCookiesRedirect) {
3577 EmbeddedTestServer https_server(EmbeddedTestServer::TYPE_HTTPS);
3578 https_server.SetSSLConfig(EmbeddedTestServer::CERT_TEST_NAMES);
3579 RegisterDefaultHandlers(&https_server);
3580 ASSERT_TRUE(https_server.Start());
3581
3582 const std::string kHost = "a.test";
3583 const std::string kCrossSiteHost = "b.test";
3584
3585 const GURL create_cookie_url = https_server.GetURL(kHost, "/");
3586
3587 auto context_builder = CreateTestURLRequestContextBuilder();
3588 context_builder->SetCookieStore(
3589 std::make_unique<CookieMonster>(nullptr, nullptr));
3590 auto context = context_builder->Build();
3591 auto& cm = *static_cast<CookieMonster*>(context->cookie_store());
3592
3593 // Set partitioned cookie with same-site partitionkey.
3594 {
3595 auto same_site_partitioned_cookie = CanonicalCookie::Create(
3596 create_cookie_url, "samesite_partitioned=1;Secure;Partitioned",
3597 base::Time::Now(), absl::nullopt,
3598 CookiePartitionKey::FromURLForTesting(create_cookie_url));
3599 ASSERT_TRUE(same_site_partitioned_cookie);
3600 ASSERT_TRUE(same_site_partitioned_cookie->IsPartitioned());
3601 base::test::TestFuture<CookieAccessResult> future;
3602 cm.SetCanonicalCookieAsync(
3603 std::move(same_site_partitioned_cookie), create_cookie_url,
3604 CookieOptions::MakeAllInclusive(), future.GetCallback());
3605 ASSERT_TRUE(future.Get().status.IsInclude());
3606 }
3607
3608 // Set a partitioned cookie with a cross-site partition key.
3609 // In the redirect below from site B to A, this cookie's partition key is site
3610 // B it should not be sent in the redirected request.
3611 {
3612 auto cross_site_partitioned_cookie = CanonicalCookie::Create(
3613 create_cookie_url, "xsite_partitioned=1;Secure;Partitioned",
3614 base::Time::Now(), absl::nullopt,
3615 CookiePartitionKey::FromURLForTesting(
3616 https_server.GetURL(kCrossSiteHost, "/")));
3617 ASSERT_TRUE(cross_site_partitioned_cookie);
3618 ASSERT_TRUE(cross_site_partitioned_cookie->IsPartitioned());
3619 base::test::TestFuture<CookieAccessResult> future;
3620 cm.SetCanonicalCookieAsync(
3621 std::move(cross_site_partitioned_cookie), create_cookie_url,
3622 CookieOptions::MakeAllInclusive(), future.GetCallback());
3623 ASSERT_TRUE(future.Get().status.IsInclude());
3624 }
3625
3626 const auto kCrossSiteOrigin =
3627 url::Origin::Create(https_server.GetURL(kCrossSiteHost, "/"));
3628 const auto kCrossSiteSiteForCookies =
3629 SiteForCookies::FromOrigin(kCrossSiteOrigin);
3630
3631 // Test that when a request is redirected that the partitioned cookies
3632 // attached to the redirected request match the partition key of the new
3633 // request.
3634 TestDelegate d;
3635 GURL url = https_server.GetURL(
3636 kCrossSiteHost,
3637 "/server-redirect?" +
3638 https_server.GetURL(kHost, "/echoheader?Cookie").spec());
3639 std::unique_ptr<URLRequest> req = context->CreateRequest(
3640 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS);
3641 req->set_isolation_info(IsolationInfo::Create(
3642 IsolationInfo::RequestType::kMainFrame, kCrossSiteOrigin,
3643 kCrossSiteOrigin, kCrossSiteSiteForCookies));
3644 req->set_first_party_url_policy(
3645 RedirectInfo::FirstPartyURLPolicy::UPDATE_URL_ON_REDIRECT);
3646 req->set_site_for_cookies(kCrossSiteSiteForCookies);
3647 req->set_initiator(kCrossSiteOrigin);
3648 req->Start();
3649 d.RunUntilComplete();
3650
3651 EXPECT_EQ(2u, req->url_chain().size());
3652 EXPECT_NE(std::string::npos,
3653 d.data_received().find("samesite_partitioned=1"));
3654 EXPECT_EQ(std::string::npos, d.data_received().find("xsite_partitioned=1"));
3655 }
3656
3657 // Tests that __Secure- cookies can't be set on non-secure origins.
TEST_F(URLRequestTest,SecureCookiePrefixOnNonsecureOrigin)3658 TEST_F(URLRequestTest, SecureCookiePrefixOnNonsecureOrigin) {
3659 EmbeddedTestServer http_server;
3660 RegisterDefaultHandlers(&http_server);
3661 EmbeddedTestServer https_server(EmbeddedTestServer::TYPE_HTTPS);
3662 https_server.SetSSLConfig(EmbeddedTestServer::CERT_TEST_NAMES);
3663 RegisterDefaultHandlers(&https_server);
3664 ASSERT_TRUE(http_server.Start());
3665 ASSERT_TRUE(https_server.Start());
3666
3667 // Try to set a Secure __Secure- cookie on http://a.test (non-secure origin).
3668 {
3669 TestDelegate d;
3670 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
3671 default_context(),
3672 http_server.GetURL("a.test",
3673 "/set-cookie?__Secure-nonsecure-origin=1;Secure&"
3674 "cookienotsecure=1"),
3675 &d);
3676 req->Start();
3677 d.RunUntilComplete();
3678 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
3679 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
3680 }
3681
3682 // Verify that the __Secure- cookie was not set by checking cookies for
3683 // https://a.test (secure origin).
3684 {
3685 TestDelegate d;
3686 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
3687 default_context(), https_server.GetURL("a.test", "/echoheader?Cookie"),
3688 &d);
3689 req->Start();
3690 d.RunUntilComplete();
3691
3692 EXPECT_EQ(d.data_received().find("__Secure-nonsecure-origin=1"),
3693 std::string::npos);
3694 EXPECT_NE(d.data_received().find("cookienotsecure=1"), std::string::npos);
3695 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
3696 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
3697 }
3698 }
3699
TEST_F(URLRequestTest,SecureCookiePrefixNonsecure)3700 TEST_F(URLRequestTest, SecureCookiePrefixNonsecure) {
3701 EmbeddedTestServer https_server(EmbeddedTestServer::TYPE_HTTPS);
3702 RegisterDefaultHandlers(&https_server);
3703 ASSERT_TRUE(https_server.Start());
3704
3705 // Try to set a non-Secure __Secure- cookie.
3706 {
3707 TestDelegate d;
3708 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
3709 default_context(), https_server.GetURL("/set-cookie?__Secure-foo=1"),
3710 &d);
3711 req->Start();
3712 d.RunUntilComplete();
3713 EXPECT_EQ(0, default_network_delegate().set_cookie_count());
3714 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
3715 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
3716 }
3717
3718 // Verify that the cookie is not set.
3719 {
3720 TestDelegate d;
3721 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
3722 default_context(), https_server.GetURL("/echoheader?Cookie"), &d);
3723 req->Start();
3724 d.RunUntilComplete();
3725
3726 EXPECT_EQ(d.data_received().find("__Secure-foo=1"), std::string::npos);
3727 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
3728 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
3729 }
3730 }
3731
TEST_F(URLRequestTest,SecureCookiePrefixSecure)3732 TEST_F(URLRequestTest, SecureCookiePrefixSecure) {
3733 EmbeddedTestServer https_server(EmbeddedTestServer::TYPE_HTTPS);
3734 RegisterDefaultHandlers(&https_server);
3735 ASSERT_TRUE(https_server.Start());
3736
3737 // Try to set a Secure __Secure- cookie.
3738 {
3739 TestDelegate d;
3740 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
3741 default_context(),
3742 https_server.GetURL("/set-cookie?__Secure-bar=1;Secure"), &d);
3743 req->Start();
3744 d.RunUntilComplete();
3745 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
3746 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
3747 }
3748
3749 // Verify that the cookie is set.
3750 {
3751 TestDelegate d;
3752 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
3753 default_context(), https_server.GetURL("/echoheader?Cookie"), &d);
3754 req->Start();
3755 d.RunUntilComplete();
3756
3757 EXPECT_NE(d.data_received().find("__Secure-bar=1"), std::string::npos);
3758 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
3759 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
3760 }
3761 }
3762
3763 // Tests that secure cookies can't be set on non-secure origins if strict secure
3764 // cookies are enabled.
TEST_F(URLRequestTest,StrictSecureCookiesOnNonsecureOrigin)3765 TEST_F(URLRequestTest, StrictSecureCookiesOnNonsecureOrigin) {
3766 EmbeddedTestServer http_server;
3767 RegisterDefaultHandlers(&http_server);
3768 EmbeddedTestServer https_server(EmbeddedTestServer::TYPE_HTTPS);
3769 https_server.SetSSLConfig(EmbeddedTestServer::CERT_TEST_NAMES);
3770 RegisterDefaultHandlers(&https_server);
3771 ASSERT_TRUE(http_server.Start());
3772 ASSERT_TRUE(https_server.Start());
3773
3774 // Try to set a Secure cookie and a non-Secure cookie from a nonsecure origin.
3775 {
3776 TestDelegate d;
3777 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
3778 default_context(),
3779 http_server.GetURL("a.test",
3780 "/set-cookie?nonsecure-origin=1;Secure&"
3781 "cookienotsecure=1"),
3782 &d);
3783 req->Start();
3784 d.RunUntilComplete();
3785 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
3786 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
3787 }
3788
3789 // Verify that the Secure cookie was not set.
3790 {
3791 TestDelegate d;
3792 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
3793 default_context(), https_server.GetURL("a.test", "/echoheader?Cookie"),
3794 &d);
3795 req->Start();
3796 d.RunUntilComplete();
3797
3798 EXPECT_EQ(d.data_received().find("nonsecure-origin=1"), std::string::npos);
3799 EXPECT_NE(d.data_received().find("cookienotsecure=1"), std::string::npos);
3800 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
3801 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
3802 }
3803 }
3804
3805 // FixedDateNetworkDelegate swaps out the server's HTTP Date response header
3806 // value for the `fixed_date_` member.
3807 class FixedDateNetworkDelegate : public TestNetworkDelegate {
3808 public:
FixedDateNetworkDelegate(base::StringPiece fixed_date)3809 explicit FixedDateNetworkDelegate(base::StringPiece fixed_date)
3810 : fixed_date_(fixed_date) {}
3811
3812 FixedDateNetworkDelegate(const FixedDateNetworkDelegate&) = delete;
3813 FixedDateNetworkDelegate& operator=(const FixedDateNetworkDelegate&) = delete;
3814
3815 ~FixedDateNetworkDelegate() override = default;
3816
set_fixed_date(base::StringPiece fixed_date)3817 void set_fixed_date(base::StringPiece fixed_date) {
3818 fixed_date_ = static_cast<std::string>(fixed_date);
3819 }
3820
3821 // NetworkDelegate implementation
3822 int OnHeadersReceived(
3823 URLRequest* request,
3824 CompletionOnceCallback callback,
3825 const HttpResponseHeaders* original_response_headers,
3826 scoped_refptr<HttpResponseHeaders>* override_response_headers,
3827 const IPEndPoint& endpoint,
3828 absl::optional<GURL>* preserve_fragment_on_redirect_url) override;
3829
3830 private:
3831 std::string fixed_date_;
3832 };
3833
OnHeadersReceived(URLRequest * request,CompletionOnceCallback callback,const HttpResponseHeaders * original_response_headers,scoped_refptr<HttpResponseHeaders> * override_response_headers,const IPEndPoint & endpoint,absl::optional<GURL> * preserve_fragment_on_redirect_url)3834 int FixedDateNetworkDelegate::OnHeadersReceived(
3835 URLRequest* request,
3836 CompletionOnceCallback callback,
3837 const HttpResponseHeaders* original_response_headers,
3838 scoped_refptr<HttpResponseHeaders>* override_response_headers,
3839 const IPEndPoint& endpoint,
3840 absl::optional<GURL>* preserve_fragment_on_redirect_url) {
3841 *override_response_headers = base::MakeRefCounted<HttpResponseHeaders>(
3842 original_response_headers->raw_headers());
3843
3844 (*override_response_headers)->SetHeader("Date", fixed_date_);
3845
3846 return TestNetworkDelegate::OnHeadersReceived(
3847 request, std::move(callback), original_response_headers,
3848 override_response_headers, endpoint, preserve_fragment_on_redirect_url);
3849 }
3850
3851 // Test that cookie expiration times are adjusted for server/client clock
3852 // skew and that we handle incorrect timezone specifier "UTC" in HTTP Date
3853 // headers by defaulting to GMT. (crbug.com/135131)
TEST_F(URLRequestTest,AcceptClockSkewCookieWithWrongDateTimezone)3854 TEST_F(URLRequestTest, AcceptClockSkewCookieWithWrongDateTimezone) {
3855 HttpTestServer test_server;
3856 ASSERT_TRUE(test_server.Start());
3857
3858 auto context_builder = CreateTestURLRequestContextBuilder();
3859 auto& network_delegate = *context_builder->set_network_delegate(
3860 std::make_unique<FixedDateNetworkDelegate>("04-Jan-2004 04:09:25 UTC"));
3861 auto context = context_builder->Build();
3862
3863 // Set up an expired cookie.
3864 {
3865 TestDelegate d;
3866 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
3867 *context,
3868 test_server.GetURL(
3869 "/set-cookie?StillGood=1;expires=Mon,18-Apr-1977,22:50:13,GMT"),
3870 &d);
3871 req->Start();
3872 d.RunUntilComplete();
3873 }
3874 // Verify that the cookie is not set.
3875 {
3876 TestDelegate d;
3877 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
3878 *context, test_server.GetURL("/echoheader?Cookie"), &d);
3879 req->Start();
3880 d.RunUntilComplete();
3881
3882 EXPECT_TRUE(d.data_received().find("StillGood=1") == std::string::npos);
3883 }
3884 // Set up a cookie with clock skew and "UTC" HTTP Date timezone specifier.
3885 {
3886 TestDelegate d;
3887 network_delegate.set_fixed_date("18-Apr-1977 22:49:13 UTC");
3888 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
3889 *context,
3890 test_server.GetURL(
3891 "/set-cookie?StillGood=1;expires=Mon,18-Apr-1977,22:50:13,GMT"),
3892 &d);
3893 req->Start();
3894 d.RunUntilComplete();
3895 }
3896 // Verify that the cookie is set.
3897 {
3898 TestDelegate d;
3899 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
3900 *context, test_server.GetURL("/echoheader?Cookie"), &d);
3901 req->Start();
3902 d.RunUntilComplete();
3903
3904 EXPECT_TRUE(d.data_received().find("StillGood=1") != std::string::npos);
3905 }
3906 }
3907
3908 // Check that it is impossible to change the referrer in the extra headers of
3909 // an URLRequest.
TEST_F(URLRequestTest,DoNotOverrideReferrer)3910 TEST_F(URLRequestTest, DoNotOverrideReferrer) {
3911 HttpTestServer test_server;
3912 ASSERT_TRUE(test_server.Start());
3913
3914 // If extra headers contain referer and the request contains a referer,
3915 // only the latter shall be respected.
3916 {
3917 TestDelegate d;
3918 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
3919 test_server.GetURL("/echoheader?Referer"), DEFAULT_PRIORITY, &d,
3920 TRAFFIC_ANNOTATION_FOR_TESTS));
3921 req->SetReferrer("http://foo.com/");
3922
3923 HttpRequestHeaders headers;
3924 headers.SetHeader(HttpRequestHeaders::kReferer, "http://bar.com/");
3925 req->SetExtraRequestHeaders(headers);
3926
3927 req->Start();
3928 d.RunUntilComplete();
3929
3930 EXPECT_EQ("http://foo.com/", d.data_received());
3931 }
3932
3933 // If extra headers contain a referer but the request does not, no referer
3934 // shall be sent in the header.
3935 {
3936 TestDelegate d;
3937 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
3938 test_server.GetURL("/echoheader?Referer"), DEFAULT_PRIORITY, &d,
3939 TRAFFIC_ANNOTATION_FOR_TESTS));
3940
3941 HttpRequestHeaders headers;
3942 headers.SetHeader(HttpRequestHeaders::kReferer, "http://bar.com/");
3943 req->SetExtraRequestHeaders(headers);
3944 req->SetLoadFlags(LOAD_VALIDATE_CACHE);
3945
3946 req->Start();
3947 d.RunUntilComplete();
3948
3949 EXPECT_EQ("None", d.data_received());
3950 }
3951 }
3952
3953 class URLRequestTestHTTP : public URLRequestTest {
3954 public:
3955 const url::Origin origin1_;
3956 const url::Origin origin2_;
3957 const IsolationInfo isolation_info1_;
3958 const IsolationInfo isolation_info2_;
3959
URLRequestTestHTTP()3960 URLRequestTestHTTP()
3961 : origin1_(url::Origin::Create(GURL("https://foo.test/"))),
3962 origin2_(url::Origin::Create(GURL("https://bar.test/"))),
3963 isolation_info1_(IsolationInfo::CreateForInternalRequest(origin1_)),
3964 isolation_info2_(IsolationInfo::CreateForInternalRequest(origin2_)),
3965 test_server_(base::FilePath(kTestFilePath)) {
3966 // Needed for NetworkAnonymizationKey to make it down to the socket layer,
3967 // for the PKP violation report test.
3968 feature_list_.InitAndEnableFeature(
3969 net::features::kPartitionConnectionsByNetworkIsolationKey);
3970 }
3971
3972 protected:
3973 // ProtocolHandler for the scheme that's unsafe to redirect to.
3974 class NET_EXPORT UnsafeRedirectProtocolHandler
3975 : public URLRequestJobFactory::ProtocolHandler {
3976 public:
3977 UnsafeRedirectProtocolHandler() = default;
3978
3979 UnsafeRedirectProtocolHandler(const UnsafeRedirectProtocolHandler&) =
3980 delete;
3981 UnsafeRedirectProtocolHandler& operator=(
3982 const UnsafeRedirectProtocolHandler&) = delete;
3983
3984 ~UnsafeRedirectProtocolHandler() override = default;
3985
3986 // URLRequestJobFactory::ProtocolHandler implementation:
3987
CreateJob(URLRequest * request) const3988 std::unique_ptr<URLRequestJob> CreateJob(
3989 URLRequest* request) const override {
3990 NOTREACHED();
3991 return nullptr;
3992 }
3993
IsSafeRedirectTarget(const GURL & location) const3994 bool IsSafeRedirectTarget(const GURL& location) const override {
3995 return false;
3996 }
3997 };
3998
3999 // URLRequestTest interface:
SetUpContextBuilder(URLRequestContextBuilder & builder)4000 void SetUpContextBuilder(URLRequestContextBuilder& builder) override {
4001 // Add support for an unsafe scheme to the default URLRequestContext.
4002 builder.SetProtocolHandler(
4003 "unsafe", std::make_unique<UnsafeRedirectProtocolHandler>());
4004 }
4005
4006 // Requests |redirect_url|, which must return a HTTP 3xx redirect.
4007 // |request_method| is the method to use for the initial request.
4008 // |redirect_method| is the method that is expected to be used for the second
4009 // request, after redirection.
4010 // If |include_data| is true, data is uploaded with the request. The
4011 // response body is expected to match it exactly, if and only if
4012 // |request_method| == |redirect_method|.
HTTPRedirectMethodTest(const GURL & redirect_url,const std::string & request_method,const std::string & redirect_method,bool include_data)4013 void HTTPRedirectMethodTest(const GURL& redirect_url,
4014 const std::string& request_method,
4015 const std::string& redirect_method,
4016 bool include_data) {
4017 static const char kData[] = "hello world";
4018 TestDelegate d;
4019 std::unique_ptr<URLRequest> req =
4020 CreateFirstPartyRequest(default_context(), redirect_url, &d);
4021 req->set_method(request_method);
4022 if (include_data) {
4023 req->set_upload(CreateSimpleUploadData(kData));
4024 HttpRequestHeaders headers;
4025 headers.SetHeader(HttpRequestHeaders::kContentLength,
4026 base::NumberToString(std::size(kData) - 1));
4027 headers.SetHeader(HttpRequestHeaders::kContentType, "text/plain");
4028 req->SetExtraRequestHeaders(headers);
4029 }
4030 req->Start();
4031 d.RunUntilComplete();
4032 EXPECT_EQ(redirect_method, req->method());
4033 EXPECT_EQ(OK, d.request_status());
4034 if (include_data) {
4035 if (request_method == redirect_method) {
4036 EXPECT_TRUE(req->extra_request_headers().HasHeader(
4037 HttpRequestHeaders::kContentLength));
4038 EXPECT_TRUE(req->extra_request_headers().HasHeader(
4039 HttpRequestHeaders::kContentType));
4040 EXPECT_EQ(kData, d.data_received());
4041 } else {
4042 EXPECT_FALSE(req->extra_request_headers().HasHeader(
4043 HttpRequestHeaders::kContentLength));
4044 EXPECT_FALSE(req->extra_request_headers().HasHeader(
4045 HttpRequestHeaders::kContentType));
4046 EXPECT_NE(kData, d.data_received());
4047 }
4048 }
4049 if (HasFailure())
4050 LOG(WARNING) << "Request method was: " << request_method;
4051 }
4052
4053 // Requests |redirect_url|, which must return a HTTP 3xx redirect. It's also
4054 // used as the initial origin.
4055 // |request_method| is the method to use for the initial request.
4056 // |redirect_method| is the method that is expected to be used for the second
4057 // request, after redirection.
4058 // |expected_origin_value| is the expected value for the Origin header after
4059 // redirection. If empty, expects that there will be no Origin header.
HTTPRedirectOriginHeaderTest(const GURL & redirect_url,const std::string & request_method,const std::string & redirect_method,const std::string & expected_origin_value)4060 void HTTPRedirectOriginHeaderTest(const GURL& redirect_url,
4061 const std::string& request_method,
4062 const std::string& redirect_method,
4063 const std::string& expected_origin_value) {
4064 TestDelegate d;
4065 std::unique_ptr<URLRequest> req =
4066 CreateFirstPartyRequest(default_context(), redirect_url, &d);
4067 req->set_method(request_method);
4068 req->SetExtraRequestHeaderByName(
4069 HttpRequestHeaders::kOrigin,
4070 redirect_url.DeprecatedGetOriginAsURL().spec(), false);
4071 req->Start();
4072
4073 d.RunUntilComplete();
4074
4075 EXPECT_EQ(redirect_method, req->method());
4076 // Note that there is no check for request success here because, for
4077 // purposes of testing, the request very well may fail. For example, if the
4078 // test redirects to an HTTPS server from an HTTP origin, thus it is cross
4079 // origin, there is not an HTTPS server in this unit test framework, so the
4080 // request would fail. However, that's fine, as long as the request headers
4081 // are in order and pass the checks below.
4082 if (expected_origin_value.empty()) {
4083 EXPECT_FALSE(
4084 req->extra_request_headers().HasHeader(HttpRequestHeaders::kOrigin));
4085 } else {
4086 std::string origin_header;
4087 EXPECT_TRUE(req->extra_request_headers().GetHeader(
4088 HttpRequestHeaders::kOrigin, &origin_header));
4089 EXPECT_EQ(expected_origin_value, origin_header);
4090 }
4091 }
4092
HTTPUploadDataOperationTest(const std::string & method)4093 void HTTPUploadDataOperationTest(const std::string& method) {
4094 const int kMsgSize = 20000; // multiple of 10
4095 const int kIterations = 50;
4096 auto uploadBytes = std::make_unique<char[]>(kMsgSize + 1);
4097 char* ptr = uploadBytes.get();
4098 char marker = 'a';
4099 for (int idx = 0; idx < kMsgSize / 10; idx++) {
4100 memcpy(ptr, "----------", 10);
4101 ptr += 10;
4102 if (idx % 100 == 0) {
4103 ptr--;
4104 *ptr++ = marker;
4105 if (++marker > 'z')
4106 marker = 'a';
4107 }
4108 }
4109 uploadBytes[kMsgSize] = '\0';
4110
4111 for (int i = 0; i < kIterations; ++i) {
4112 TestDelegate d;
4113 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
4114 test_server_.GetURL("/echo"), DEFAULT_PRIORITY, &d,
4115 TRAFFIC_ANNOTATION_FOR_TESTS));
4116 r->set_method(method);
4117
4118 r->set_upload(CreateSimpleUploadData(uploadBytes.get()));
4119
4120 r->Start();
4121 EXPECT_TRUE(r->is_pending());
4122
4123 d.RunUntilComplete();
4124
4125 ASSERT_EQ(1, d.response_started_count())
4126 << "request failed. Error: " << d.request_status();
4127
4128 EXPECT_FALSE(d.received_data_before_response());
4129 EXPECT_EQ(base::StringPiece(uploadBytes.get(), kMsgSize),
4130 d.data_received());
4131 }
4132 }
4133
http_test_server()4134 HttpTestServer* http_test_server() { return &test_server_; }
4135
4136 private:
4137 base::test::ScopedFeatureList feature_list_;
4138
4139 HttpTestServer test_server_;
4140 };
4141
4142 namespace {
4143
HandleRedirectConnect(const test_server::HttpRequest & request)4144 std::unique_ptr<test_server::HttpResponse> HandleRedirectConnect(
4145 const test_server::HttpRequest& request) {
4146 if (request.headers.find("Host") == request.headers.end() ||
4147 request.headers.at("Host") != "www.redirect.com" ||
4148 request.method != test_server::METHOD_CONNECT) {
4149 return nullptr;
4150 }
4151
4152 auto http_response = std::make_unique<test_server::BasicHttpResponse>();
4153 http_response->set_code(HTTP_FOUND);
4154 http_response->AddCustomHeader("Location",
4155 "http://www.destination.com/foo.js");
4156 return std::move(http_response);
4157 }
4158
4159 } // namespace
4160
4161 // In this unit test, we're using the HTTPTestServer as a proxy server and
4162 // issuing a CONNECT request with the magic host name "www.redirect.com".
4163 // The EmbeddedTestServer will return a 302 response, which we should not
4164 // follow.
TEST_F(URLRequestTestHTTP,ProxyTunnelRedirectTest)4165 TEST_F(URLRequestTestHTTP, ProxyTunnelRedirectTest) {
4166 http_test_server()->RegisterRequestHandler(
4167 base::BindRepeating(&HandleRedirectConnect));
4168 ASSERT_TRUE(http_test_server()->Start());
4169
4170 auto context_builder = CreateTestURLRequestContextBuilder();
4171 context_builder->set_proxy_resolution_service(
4172 CreateFixedProxyResolutionService(
4173 http_test_server()->host_port_pair().ToString()));
4174 auto context = context_builder->Build();
4175
4176 TestDelegate d;
4177 {
4178 std::unique_ptr<URLRequest> r(context->CreateRequest(
4179 GURL("https://www.redirect.com/"), DEFAULT_PRIORITY, &d,
4180 TRAFFIC_ANNOTATION_FOR_TESTS));
4181 r->Start();
4182 EXPECT_TRUE(r->is_pending());
4183
4184 d.RunUntilComplete();
4185
4186 // The proxy chain should be set before failure.
4187 EXPECT_EQ(ProxyChain(ProxyServer::SCHEME_HTTP,
4188 http_test_server()->host_port_pair()),
4189 r->proxy_chain());
4190 EXPECT_EQ(ERR_TUNNEL_CONNECTION_FAILED, d.request_status());
4191 EXPECT_EQ(1, d.response_started_count());
4192 // We should not have followed the redirect.
4193 EXPECT_EQ(0, d.received_redirect_count());
4194 }
4195 }
4196
4197 // This is the same as the previous test, but checks that the network delegate
4198 // registers the error.
TEST_F(URLRequestTestHTTP,NetworkDelegateTunnelConnectionFailed)4199 TEST_F(URLRequestTestHTTP, NetworkDelegateTunnelConnectionFailed) {
4200 ASSERT_TRUE(http_test_server()->Start());
4201
4202 auto context_builder = CreateTestURLRequestContextBuilder();
4203 context_builder->set_proxy_resolution_service(
4204 CreateFixedProxyResolutionService(
4205 http_test_server()->host_port_pair().ToString()));
4206 auto& network_delegate = *context_builder->set_network_delegate(
4207 std::make_unique<TestNetworkDelegate>());
4208 auto context = context_builder->Build();
4209
4210 TestDelegate d;
4211 {
4212 std::unique_ptr<URLRequest> r(context->CreateRequest(
4213 GURL("https://www.redirect.com/"), DEFAULT_PRIORITY, &d,
4214 TRAFFIC_ANNOTATION_FOR_TESTS));
4215 r->Start();
4216 EXPECT_TRUE(r->is_pending());
4217
4218 d.RunUntilComplete();
4219
4220 // The proxy chain should be set before failure.
4221 EXPECT_EQ(ProxyChain(ProxyServer::SCHEME_HTTP,
4222 http_test_server()->host_port_pair()),
4223 r->proxy_chain());
4224 EXPECT_EQ(1, d.response_started_count());
4225 EXPECT_EQ(ERR_TUNNEL_CONNECTION_FAILED, d.request_status());
4226 // We should not have followed the redirect.
4227 EXPECT_EQ(0, d.received_redirect_count());
4228
4229 EXPECT_EQ(1, network_delegate.error_count());
4230 EXPECT_THAT(network_delegate.last_error(),
4231 IsError(ERR_TUNNEL_CONNECTION_FAILED));
4232 }
4233 }
4234
4235 // Tests that we can block and asynchronously return OK in various stages.
TEST_F(URLRequestTestHTTP,NetworkDelegateBlockAsynchronously)4236 TEST_F(URLRequestTestHTTP, NetworkDelegateBlockAsynchronously) {
4237 static const BlockingNetworkDelegate::Stage blocking_stages[] = {
4238 BlockingNetworkDelegate::ON_BEFORE_URL_REQUEST,
4239 BlockingNetworkDelegate::ON_BEFORE_SEND_HEADERS,
4240 BlockingNetworkDelegate::ON_HEADERS_RECEIVED};
4241
4242 ASSERT_TRUE(http_test_server()->Start());
4243
4244 TestDelegate d;
4245 auto context_builder = CreateTestURLRequestContextBuilder();
4246 auto& network_delegate = *context_builder->set_network_delegate(
4247 std::make_unique<BlockingNetworkDelegate>(
4248 BlockingNetworkDelegate::USER_CALLBACK));
4249 network_delegate.set_block_on(
4250 BlockingNetworkDelegate::ON_BEFORE_URL_REQUEST |
4251 BlockingNetworkDelegate::ON_BEFORE_SEND_HEADERS |
4252 BlockingNetworkDelegate::ON_HEADERS_RECEIVED);
4253 auto context = context_builder->Build();
4254
4255 {
4256 std::unique_ptr<URLRequest> r(context->CreateRequest(
4257 http_test_server()->GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d,
4258 TRAFFIC_ANNOTATION_FOR_TESTS));
4259
4260 r->Start();
4261 for (auto stage : blocking_stages) {
4262 network_delegate.RunUntilBlocked();
4263 EXPECT_EQ(stage, network_delegate.stage_blocked_for_callback());
4264 network_delegate.DoCallback(OK);
4265 }
4266 d.RunUntilComplete();
4267 EXPECT_EQ(200, r->GetResponseCode());
4268 EXPECT_EQ(OK, d.request_status());
4269 EXPECT_EQ(1, network_delegate.created_requests());
4270 EXPECT_EQ(0, network_delegate.destroyed_requests());
4271 }
4272 EXPECT_EQ(1, network_delegate.destroyed_requests());
4273 }
4274
4275 // Tests that the network delegate can block and cancel a request.
TEST_F(URLRequestTestHTTP,NetworkDelegateCancelRequest)4276 TEST_F(URLRequestTestHTTP, NetworkDelegateCancelRequest) {
4277 ASSERT_TRUE(http_test_server()->Start());
4278
4279 TestDelegate d;
4280 auto context_builder = CreateTestURLRequestContextBuilder();
4281 context_builder->set_proxy_resolution_service(
4282 CreateFixedProxyResolutionService(
4283 http_test_server()->host_port_pair().ToString()));
4284 auto& network_delegate = *context_builder->set_network_delegate(
4285 std::make_unique<BlockingNetworkDelegate>(
4286 BlockingNetworkDelegate::AUTO_CALLBACK));
4287 auto context = context_builder->Build();
4288
4289 network_delegate.set_block_on(BlockingNetworkDelegate::ON_BEFORE_URL_REQUEST);
4290 network_delegate.set_retval(ERR_EMPTY_RESPONSE);
4291 {
4292 std::unique_ptr<URLRequest> r(context->CreateRequest(
4293 http_test_server()->GetURL("/"), DEFAULT_PRIORITY, &d,
4294 TRAFFIC_ANNOTATION_FOR_TESTS));
4295
4296 r->Start();
4297 d.RunUntilComplete();
4298
4299 // The proxy chain is not set before cancellation.
4300 EXPECT_FALSE(r->proxy_chain().IsValid());
4301 EXPECT_EQ(ERR_EMPTY_RESPONSE, d.request_status());
4302 EXPECT_EQ(1, network_delegate.created_requests());
4303 EXPECT_EQ(0, network_delegate.destroyed_requests());
4304 }
4305 EXPECT_EQ(1, network_delegate.destroyed_requests());
4306 }
4307
4308 // Helper function for NetworkDelegateCancelRequestAsynchronously and
4309 // NetworkDelegateCancelRequestSynchronously. Sets up a blocking network
4310 // delegate operating in |block_mode| and a request for |url|. It blocks the
4311 // request in |stage| and cancels it with ERR_BLOCKED_BY_CLIENT.
NetworkDelegateCancelRequest(BlockingNetworkDelegate::BlockMode block_mode,BlockingNetworkDelegate::Stage stage,const GURL & url)4312 void NetworkDelegateCancelRequest(BlockingNetworkDelegate::BlockMode block_mode,
4313 BlockingNetworkDelegate::Stage stage,
4314 const GURL& url) {
4315 TestDelegate d;
4316 auto context_builder = CreateTestURLRequestContextBuilder();
4317 auto& network_delegate = *context_builder->set_network_delegate(
4318 std::make_unique<BlockingNetworkDelegate>(block_mode));
4319 network_delegate.set_retval(ERR_BLOCKED_BY_CLIENT);
4320 network_delegate.set_block_on(stage);
4321
4322 auto context = context_builder->Build();
4323 {
4324 std::unique_ptr<URLRequest> r(context->CreateRequest(
4325 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
4326
4327 r->Start();
4328 d.RunUntilComplete();
4329
4330 // The proxy chain is not set before cancellation.
4331 if (stage == BlockingNetworkDelegate::ON_BEFORE_URL_REQUEST ||
4332 stage == BlockingNetworkDelegate::ON_BEFORE_SEND_HEADERS) {
4333 EXPECT_FALSE(r->proxy_chain().IsValid());
4334 } else if (stage == BlockingNetworkDelegate::ON_HEADERS_RECEIVED) {
4335 EXPECT_TRUE(r->proxy_chain().is_direct());
4336 } else {
4337 NOTREACHED();
4338 }
4339 EXPECT_EQ(ERR_BLOCKED_BY_CLIENT, d.request_status());
4340 EXPECT_EQ(1, network_delegate.created_requests());
4341 EXPECT_EQ(0, network_delegate.destroyed_requests());
4342 }
4343 EXPECT_EQ(1, network_delegate.destroyed_requests());
4344 }
4345
4346 // The following 3 tests check that the network delegate can cancel a request
4347 // synchronously in various stages of the request.
TEST_F(URLRequestTestHTTP,NetworkDelegateCancelRequestSynchronously1)4348 TEST_F(URLRequestTestHTTP, NetworkDelegateCancelRequestSynchronously1) {
4349 ASSERT_TRUE(http_test_server()->Start());
4350 NetworkDelegateCancelRequest(BlockingNetworkDelegate::SYNCHRONOUS,
4351 BlockingNetworkDelegate::ON_BEFORE_URL_REQUEST,
4352 http_test_server()->GetURL("/"));
4353 }
4354
TEST_F(URLRequestTestHTTP,NetworkDelegateCancelRequestSynchronously2)4355 TEST_F(URLRequestTestHTTP, NetworkDelegateCancelRequestSynchronously2) {
4356 ASSERT_TRUE(http_test_server()->Start());
4357 NetworkDelegateCancelRequest(BlockingNetworkDelegate::SYNCHRONOUS,
4358 BlockingNetworkDelegate::ON_BEFORE_SEND_HEADERS,
4359 http_test_server()->GetURL("/"));
4360 }
4361
TEST_F(URLRequestTestHTTP,NetworkDelegateCancelRequestSynchronously3)4362 TEST_F(URLRequestTestHTTP, NetworkDelegateCancelRequestSynchronously3) {
4363 ASSERT_TRUE(http_test_server()->Start());
4364 NetworkDelegateCancelRequest(BlockingNetworkDelegate::SYNCHRONOUS,
4365 BlockingNetworkDelegate::ON_HEADERS_RECEIVED,
4366 http_test_server()->GetURL("/"));
4367 }
4368
4369 // The following 3 tests check that the network delegate can cancel a request
4370 // asynchronously in various stages of the request.
TEST_F(URLRequestTestHTTP,NetworkDelegateCancelRequestAsynchronously1)4371 TEST_F(URLRequestTestHTTP, NetworkDelegateCancelRequestAsynchronously1) {
4372 ASSERT_TRUE(http_test_server()->Start());
4373 NetworkDelegateCancelRequest(BlockingNetworkDelegate::AUTO_CALLBACK,
4374 BlockingNetworkDelegate::ON_BEFORE_URL_REQUEST,
4375 http_test_server()->GetURL("/"));
4376 }
4377
TEST_F(URLRequestTestHTTP,NetworkDelegateCancelRequestAsynchronously2)4378 TEST_F(URLRequestTestHTTP, NetworkDelegateCancelRequestAsynchronously2) {
4379 ASSERT_TRUE(http_test_server()->Start());
4380 NetworkDelegateCancelRequest(BlockingNetworkDelegate::AUTO_CALLBACK,
4381 BlockingNetworkDelegate::ON_BEFORE_SEND_HEADERS,
4382 http_test_server()->GetURL("/"));
4383 }
4384
TEST_F(URLRequestTestHTTP,NetworkDelegateCancelRequestAsynchronously3)4385 TEST_F(URLRequestTestHTTP, NetworkDelegateCancelRequestAsynchronously3) {
4386 ASSERT_TRUE(http_test_server()->Start());
4387 NetworkDelegateCancelRequest(BlockingNetworkDelegate::AUTO_CALLBACK,
4388 BlockingNetworkDelegate::ON_HEADERS_RECEIVED,
4389 http_test_server()->GetURL("/"));
4390 }
4391
4392 // Tests that the network delegate can block and redirect a request to a new
4393 // URL.
TEST_F(URLRequestTestHTTP,NetworkDelegateRedirectRequest)4394 TEST_F(URLRequestTestHTTP, NetworkDelegateRedirectRequest) {
4395 ASSERT_TRUE(http_test_server()->Start());
4396
4397 TestDelegate d;
4398 auto context_builder = CreateTestURLRequestContextBuilder();
4399 context_builder->set_proxy_resolution_service(
4400 CreateFixedProxyResolutionService(
4401 http_test_server()->host_port_pair().ToString()));
4402 auto& network_delegate = *context_builder->set_network_delegate(
4403 std::make_unique<BlockingNetworkDelegate>(
4404 BlockingNetworkDelegate::AUTO_CALLBACK));
4405 auto context = context_builder->Build();
4406
4407 GURL redirect_url("http://does.not.resolve.test/simple.html");
4408 network_delegate.set_redirect_url(redirect_url);
4409 {
4410 GURL original_url("http://does.not.resolve.test/defaultresponse");
4411 std::unique_ptr<URLRequest> r(context->CreateRequest(
4412 original_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
4413
4414 // Quit after hitting the redirect, so can check the headers.
4415 r->Start();
4416 d.RunUntilRedirect();
4417
4418 // Check headers from URLRequestJob.
4419 EXPECT_EQ(307, r->GetResponseCode());
4420 EXPECT_EQ(307, r->response_headers()->response_code());
4421 std::string location;
4422 ASSERT_TRUE(
4423 r->response_headers()->EnumerateHeader(nullptr, "Location", &location));
4424 EXPECT_EQ(redirect_url, GURL(location));
4425
4426 // Let the request finish.
4427 r->FollowDeferredRedirect(absl::nullopt /* removed_headers */,
4428 absl::nullopt /* modified_headers */);
4429 d.RunUntilComplete();
4430 EXPECT_EQ(OK, d.request_status());
4431 EXPECT_EQ(ProxyChain(ProxyServer::SCHEME_HTTP,
4432 http_test_server()->host_port_pair()),
4433 r->proxy_chain());
4434 EXPECT_EQ(OK, d.request_status());
4435 EXPECT_EQ(redirect_url, r->url());
4436 EXPECT_EQ(original_url, r->original_url());
4437 EXPECT_EQ(2U, r->url_chain().size());
4438 EXPECT_EQ(1, network_delegate.created_requests());
4439 EXPECT_EQ(0, network_delegate.destroyed_requests());
4440 }
4441 EXPECT_EQ(1, network_delegate.destroyed_requests());
4442 }
4443
4444 // Tests that the network delegate can block and redirect a request to a new
4445 // URL by setting a redirect_url and returning in OnBeforeURLRequest directly.
TEST_F(URLRequestTestHTTP,NetworkDelegateRedirectRequestSynchronously)4446 TEST_F(URLRequestTestHTTP, NetworkDelegateRedirectRequestSynchronously) {
4447 ASSERT_TRUE(http_test_server()->Start());
4448
4449 TestDelegate d;
4450 auto context_builder = CreateTestURLRequestContextBuilder();
4451 context_builder->set_proxy_resolution_service(
4452 CreateFixedProxyResolutionService(
4453 http_test_server()->host_port_pair().ToString()));
4454 auto& network_delegate = *context_builder->set_network_delegate(
4455 std::make_unique<BlockingNetworkDelegate>(
4456 BlockingNetworkDelegate::SYNCHRONOUS));
4457 auto context = context_builder->Build();
4458
4459 GURL redirect_url("http://does.not.resolve.test/simple.html");
4460 network_delegate.set_redirect_url(redirect_url);
4461 {
4462 GURL original_url("http://does.not.resolve.test/defaultresponse");
4463 std::unique_ptr<URLRequest> r(context->CreateRequest(
4464 original_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
4465
4466 // Quit after hitting the redirect, so can check the headers.
4467 r->Start();
4468 d.RunUntilRedirect();
4469
4470 // Check headers from URLRequestJob.
4471 EXPECT_EQ(307, r->GetResponseCode());
4472 EXPECT_EQ(307, r->response_headers()->response_code());
4473 std::string location;
4474 ASSERT_TRUE(
4475 r->response_headers()->EnumerateHeader(nullptr, "Location", &location));
4476 EXPECT_EQ(redirect_url, GURL(location));
4477
4478 // Let the request finish.
4479 r->FollowDeferredRedirect(absl::nullopt /* removed_headers */,
4480 absl::nullopt /* modified_headers */);
4481 d.RunUntilComplete();
4482
4483 EXPECT_EQ(OK, d.request_status());
4484 EXPECT_EQ(ProxyChain(ProxyServer::SCHEME_HTTP,
4485 http_test_server()->host_port_pair()),
4486 r->proxy_chain());
4487 EXPECT_EQ(OK, d.request_status());
4488 EXPECT_EQ(redirect_url, r->url());
4489 EXPECT_EQ(original_url, r->original_url());
4490 EXPECT_EQ(2U, r->url_chain().size());
4491 EXPECT_EQ(1, network_delegate.created_requests());
4492 EXPECT_EQ(0, network_delegate.destroyed_requests());
4493 }
4494 EXPECT_EQ(1, network_delegate.destroyed_requests());
4495 }
4496
4497 // Tests that redirects caused by the network delegate preserve POST data.
TEST_F(URLRequestTestHTTP,NetworkDelegateRedirectRequestPost)4498 TEST_F(URLRequestTestHTTP, NetworkDelegateRedirectRequestPost) {
4499 ASSERT_TRUE(http_test_server()->Start());
4500
4501 const char kData[] = "hello world";
4502
4503 TestDelegate d;
4504 auto context_builder = CreateTestURLRequestContextBuilder();
4505 auto& network_delegate = *context_builder->set_network_delegate(
4506 std::make_unique<BlockingNetworkDelegate>(
4507 BlockingNetworkDelegate::AUTO_CALLBACK));
4508 network_delegate.set_block_on(BlockingNetworkDelegate::ON_BEFORE_URL_REQUEST);
4509 GURL redirect_url(http_test_server()->GetURL("/echo"));
4510 network_delegate.set_redirect_url(redirect_url);
4511
4512 auto context = context_builder->Build();
4513
4514 {
4515 GURL original_url(http_test_server()->GetURL("/defaultresponse"));
4516 std::unique_ptr<URLRequest> r(context->CreateRequest(
4517 original_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
4518 r->set_method("POST");
4519 r->set_upload(CreateSimpleUploadData(kData));
4520 HttpRequestHeaders headers;
4521 headers.SetHeader(HttpRequestHeaders::kContentLength,
4522 base::NumberToString(std::size(kData) - 1));
4523 r->SetExtraRequestHeaders(headers);
4524
4525 // Quit after hitting the redirect, so can check the headers.
4526 r->Start();
4527 d.RunUntilRedirect();
4528
4529 // Check headers from URLRequestJob.
4530 EXPECT_EQ(307, r->GetResponseCode());
4531 EXPECT_EQ(307, r->response_headers()->response_code());
4532 std::string location;
4533 ASSERT_TRUE(
4534 r->response_headers()->EnumerateHeader(nullptr, "Location", &location));
4535 EXPECT_EQ(redirect_url, GURL(location));
4536
4537 // Let the request finish.
4538 r->FollowDeferredRedirect(absl::nullopt /* removed_headers */,
4539 absl::nullopt /* modified_headers */);
4540 d.RunUntilComplete();
4541
4542 EXPECT_EQ(OK, d.request_status());
4543 EXPECT_EQ(redirect_url, r->url());
4544 EXPECT_EQ(original_url, r->original_url());
4545 EXPECT_EQ(2U, r->url_chain().size());
4546 EXPECT_EQ(1, network_delegate.created_requests());
4547 EXPECT_EQ(0, network_delegate.destroyed_requests());
4548 EXPECT_EQ("POST", r->method());
4549 EXPECT_EQ(kData, d.data_received());
4550 }
4551 EXPECT_EQ(1, network_delegate.destroyed_requests());
4552 }
4553
4554 // Tests that the network delegate can block and redirect a request to a new
4555 // URL during OnHeadersReceived.
TEST_F(URLRequestTestHTTP,NetworkDelegateRedirectRequestOnHeadersReceived)4556 TEST_F(URLRequestTestHTTP, NetworkDelegateRedirectRequestOnHeadersReceived) {
4557 ASSERT_TRUE(http_test_server()->Start());
4558
4559 TestDelegate d;
4560 auto context_builder = CreateTestURLRequestContextBuilder();
4561 context_builder->set_proxy_resolution_service(
4562 CreateFixedProxyResolutionService(
4563 http_test_server()->host_port_pair().ToString()));
4564 auto& network_delegate = *context_builder->set_network_delegate(
4565 std::make_unique<BlockingNetworkDelegate>(
4566 BlockingNetworkDelegate::AUTO_CALLBACK));
4567 auto context = context_builder->Build();
4568
4569 network_delegate.set_block_on(BlockingNetworkDelegate::ON_HEADERS_RECEIVED);
4570 GURL redirect_url("http://does.not.resolve.test/simple.html");
4571 network_delegate.set_redirect_on_headers_received_url(redirect_url);
4572 {
4573 GURL original_url("http://does.not.resolve.test/defaultresponse");
4574 std::unique_ptr<URLRequest> r(context->CreateRequest(
4575 original_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
4576
4577 r->Start();
4578 d.RunUntilComplete();
4579
4580 EXPECT_EQ(OK, d.request_status());
4581 EXPECT_EQ(ProxyChain(ProxyServer::SCHEME_HTTP,
4582 http_test_server()->host_port_pair()),
4583 r->proxy_chain());
4584 EXPECT_EQ(OK, d.request_status());
4585 EXPECT_EQ(redirect_url, r->url());
4586 EXPECT_EQ(original_url, r->original_url());
4587 EXPECT_EQ(2U, r->url_chain().size());
4588 EXPECT_EQ(2, network_delegate.created_requests());
4589 EXPECT_EQ(0, network_delegate.destroyed_requests());
4590 }
4591 EXPECT_EQ(1, network_delegate.destroyed_requests());
4592 }
4593
4594 // Tests that the network delegate can synchronously complete OnAuthRequired
4595 // by taking no action. This indicates that the NetworkDelegate does not want to
4596 // handle the challenge, and is passing the buck along to the
4597 // URLRequest::Delegate.
TEST_F(URLRequestTestHTTP,NetworkDelegateOnAuthRequiredSyncNoAction)4598 TEST_F(URLRequestTestHTTP, NetworkDelegateOnAuthRequiredSyncNoAction) {
4599 ASSERT_TRUE(http_test_server()->Start());
4600
4601 TestDelegate d;
4602 auto context_builder = CreateTestURLRequestContextBuilder();
4603 auto& network_delegate = *context_builder->set_network_delegate(
4604 std::make_unique<BlockingNetworkDelegate>(
4605 BlockingNetworkDelegate::SYNCHRONOUS));
4606 auto context = context_builder->Build();
4607
4608 d.set_credentials(AuthCredentials(kUser, kSecret));
4609
4610 {
4611 GURL url(http_test_server()->GetURL("/auth-basic"));
4612 std::unique_ptr<URLRequest> r(context->CreateRequest(
4613 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
4614 r->Start();
4615
4616 d.RunUntilComplete();
4617
4618 EXPECT_EQ(OK, d.request_status());
4619 EXPECT_EQ(200, r->GetResponseCode());
4620 EXPECT_TRUE(d.auth_required_called());
4621 EXPECT_EQ(1, network_delegate.created_requests());
4622 EXPECT_EQ(0, network_delegate.destroyed_requests());
4623 }
4624 EXPECT_EQ(1, network_delegate.destroyed_requests());
4625 }
4626
4627 // Tests that NetworkDelegate header overrides from the 401 response do not
4628 // affect the 200 response. This is a regression test for
4629 // https://crbug.com/801237.
TEST_F(URLRequestTestHTTP,NetworkDelegateOverrideHeadersWithAuth)4630 TEST_F(URLRequestTestHTTP, NetworkDelegateOverrideHeadersWithAuth) {
4631 ASSERT_TRUE(http_test_server()->Start());
4632
4633 TestDelegate d;
4634 d.set_credentials(AuthCredentials(kUser, kSecret));
4635 default_network_delegate().set_add_header_to_first_response(true);
4636
4637 {
4638 GURL url(http_test_server()->GetURL("/auth-basic"));
4639 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
4640 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
4641 r->Start();
4642
4643 d.RunUntilComplete();
4644
4645 EXPECT_EQ(OK, d.request_status());
4646 EXPECT_EQ(200, r->GetResponseCode());
4647 EXPECT_TRUE(d.auth_required_called());
4648 EXPECT_FALSE(r->response_headers()->HasHeader("X-Network-Delegate"));
4649 }
4650
4651 {
4652 GURL url(http_test_server()->GetURL("/defaultresponse"));
4653 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
4654 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
4655 r->Start();
4656
4657 d.RunUntilComplete();
4658
4659 // Check that set_add_header_to_first_response normally adds a header.
4660 EXPECT_EQ(OK, d.request_status());
4661 EXPECT_EQ(200, r->GetResponseCode());
4662 EXPECT_TRUE(r->response_headers()->HasHeader("X-Network-Delegate"));
4663 }
4664 }
4665
4666 // Tests that we can handle when a network request was canceled while we were
4667 // waiting for the network delegate.
4668 // Part 1: Request is cancelled while waiting for OnBeforeURLRequest callback.
TEST_F(URLRequestTestHTTP,NetworkDelegateCancelWhileWaiting1)4669 TEST_F(URLRequestTestHTTP, NetworkDelegateCancelWhileWaiting1) {
4670 ASSERT_TRUE(http_test_server()->Start());
4671
4672 TestDelegate d;
4673 auto context_builder = CreateTestURLRequestContextBuilder();
4674 auto& network_delegate = *context_builder->set_network_delegate(
4675 std::make_unique<BlockingNetworkDelegate>(
4676 BlockingNetworkDelegate::USER_CALLBACK));
4677 network_delegate.set_block_on(BlockingNetworkDelegate::ON_BEFORE_URL_REQUEST);
4678 auto context = context_builder->Build();
4679
4680 {
4681 std::unique_ptr<URLRequest> r(context->CreateRequest(
4682 http_test_server()->GetURL("/"), DEFAULT_PRIORITY, &d,
4683 TRAFFIC_ANNOTATION_FOR_TESTS));
4684
4685 r->Start();
4686 network_delegate.RunUntilBlocked();
4687 EXPECT_EQ(BlockingNetworkDelegate::ON_BEFORE_URL_REQUEST,
4688 network_delegate.stage_blocked_for_callback());
4689 EXPECT_EQ(0, network_delegate.completed_requests());
4690 // Cancel before callback.
4691 r->Cancel();
4692 // Ensure that network delegate is notified.
4693 EXPECT_EQ(1, network_delegate.completed_requests());
4694 EXPECT_EQ(1, network_delegate.canceled_requests());
4695 EXPECT_EQ(1, network_delegate.created_requests());
4696 EXPECT_EQ(0, network_delegate.destroyed_requests());
4697 }
4698 EXPECT_EQ(1, network_delegate.destroyed_requests());
4699 }
4700
4701 // Tests that we can handle when a network request was canceled while we were
4702 // waiting for the network delegate.
4703 // Part 2: Request is cancelled while waiting for OnBeforeStartTransaction
4704 // callback.
TEST_F(URLRequestTestHTTP,NetworkDelegateCancelWhileWaiting2)4705 TEST_F(URLRequestTestHTTP, NetworkDelegateCancelWhileWaiting2) {
4706 ASSERT_TRUE(http_test_server()->Start());
4707
4708 TestDelegate d;
4709 auto context_builder = CreateTestURLRequestContextBuilder();
4710 auto& network_delegate = *context_builder->set_network_delegate(
4711 std::make_unique<BlockingNetworkDelegate>(
4712 BlockingNetworkDelegate::USER_CALLBACK));
4713 network_delegate.set_block_on(
4714 BlockingNetworkDelegate::ON_BEFORE_SEND_HEADERS);
4715 auto context = context_builder->Build();
4716
4717 {
4718 std::unique_ptr<URLRequest> r(context->CreateRequest(
4719 http_test_server()->GetURL("/"), DEFAULT_PRIORITY, &d,
4720 TRAFFIC_ANNOTATION_FOR_TESTS));
4721
4722 r->Start();
4723 network_delegate.RunUntilBlocked();
4724 EXPECT_EQ(BlockingNetworkDelegate::ON_BEFORE_SEND_HEADERS,
4725 network_delegate.stage_blocked_for_callback());
4726 EXPECT_EQ(0, network_delegate.completed_requests());
4727 // Cancel before callback.
4728 r->Cancel();
4729 // Ensure that network delegate is notified.
4730 EXPECT_EQ(1, network_delegate.completed_requests());
4731 EXPECT_EQ(1, network_delegate.canceled_requests());
4732 EXPECT_EQ(1, network_delegate.created_requests());
4733 EXPECT_EQ(0, network_delegate.destroyed_requests());
4734 }
4735 EXPECT_EQ(1, network_delegate.destroyed_requests());
4736 }
4737
4738 // Tests that we can handle when a network request was canceled while we were
4739 // waiting for the network delegate.
4740 // Part 3: Request is cancelled while waiting for OnHeadersReceived callback.
TEST_F(URLRequestTestHTTP,NetworkDelegateCancelWhileWaiting3)4741 TEST_F(URLRequestTestHTTP, NetworkDelegateCancelWhileWaiting3) {
4742 ASSERT_TRUE(http_test_server()->Start());
4743
4744 TestDelegate d;
4745 auto context_builder = CreateTestURLRequestContextBuilder();
4746 auto& network_delegate = *context_builder->set_network_delegate(
4747 std::make_unique<BlockingNetworkDelegate>(
4748 BlockingNetworkDelegate::USER_CALLBACK));
4749 network_delegate.set_block_on(BlockingNetworkDelegate::ON_HEADERS_RECEIVED);
4750 auto context = context_builder->Build();
4751
4752 {
4753 std::unique_ptr<URLRequest> r(context->CreateRequest(
4754 http_test_server()->GetURL("/"), DEFAULT_PRIORITY, &d,
4755 TRAFFIC_ANNOTATION_FOR_TESTS));
4756
4757 r->Start();
4758 network_delegate.RunUntilBlocked();
4759 EXPECT_EQ(BlockingNetworkDelegate::ON_HEADERS_RECEIVED,
4760 network_delegate.stage_blocked_for_callback());
4761 EXPECT_EQ(0, network_delegate.completed_requests());
4762 // Cancel before callback.
4763 r->Cancel();
4764 // Ensure that network delegate is notified.
4765 EXPECT_EQ(1, network_delegate.completed_requests());
4766 EXPECT_EQ(1, network_delegate.canceled_requests());
4767 EXPECT_EQ(1, network_delegate.created_requests());
4768 EXPECT_EQ(0, network_delegate.destroyed_requests());
4769 }
4770 EXPECT_EQ(1, network_delegate.destroyed_requests());
4771 }
4772
4773 namespace {
4774
HandleServerAuthConnect(const test_server::HttpRequest & request)4775 std::unique_ptr<test_server::HttpResponse> HandleServerAuthConnect(
4776 const test_server::HttpRequest& request) {
4777 if (request.headers.find("Host") == request.headers.end() ||
4778 request.headers.at("Host") != "www.server-auth.com" ||
4779 request.method != test_server::METHOD_CONNECT) {
4780 return nullptr;
4781 }
4782
4783 auto http_response = std::make_unique<test_server::BasicHttpResponse>();
4784 http_response->set_code(HTTP_UNAUTHORIZED);
4785 http_response->AddCustomHeader("WWW-Authenticate",
4786 "Basic realm=\"WallyWorld\"");
4787 return http_response;
4788 }
4789
4790 } // namespace
4791
4792 // In this unit test, we're using the EmbeddedTestServer as a proxy server and
4793 // issuing a CONNECT request with the magic host name "www.server-auth.com".
4794 // The EmbeddedTestServer will return a 401 response, which we should balk at.
TEST_F(URLRequestTestHTTP,UnexpectedServerAuthTest)4795 TEST_F(URLRequestTestHTTP, UnexpectedServerAuthTest) {
4796 http_test_server()->RegisterRequestHandler(
4797 base::BindRepeating(&HandleServerAuthConnect));
4798 ASSERT_TRUE(http_test_server()->Start());
4799
4800 auto context_builder = CreateTestURLRequestContextBuilder();
4801 context_builder->set_proxy_resolution_service(
4802 CreateFixedProxyResolutionService(
4803 http_test_server()->host_port_pair().ToString()));
4804 auto context = context_builder->Build();
4805
4806 TestDelegate d;
4807 {
4808 std::unique_ptr<URLRequest> r(context->CreateRequest(
4809 GURL("https://www.server-auth.com/"), DEFAULT_PRIORITY, &d,
4810 TRAFFIC_ANNOTATION_FOR_TESTS));
4811
4812 r->Start();
4813 EXPECT_TRUE(r->is_pending());
4814
4815 d.RunUntilComplete();
4816
4817 // The proxy chain should be set before failure.
4818 EXPECT_EQ(ProxyChain(ProxyServer::SCHEME_HTTP,
4819 http_test_server()->host_port_pair()),
4820 r->proxy_chain());
4821 EXPECT_EQ(ERR_TUNNEL_CONNECTION_FAILED, d.request_status());
4822 }
4823 }
4824
TEST_F(URLRequestTestHTTP,GetTest_NoCache)4825 TEST_F(URLRequestTestHTTP, GetTest_NoCache) {
4826 ASSERT_TRUE(http_test_server()->Start());
4827
4828 TestDelegate d;
4829 {
4830 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
4831 http_test_server()->GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d,
4832 TRAFFIC_ANNOTATION_FOR_TESTS));
4833
4834 r->Start();
4835 EXPECT_TRUE(r->is_pending());
4836
4837 d.RunUntilComplete();
4838
4839 EXPECT_EQ(1, d.response_started_count());
4840 EXPECT_FALSE(d.received_data_before_response());
4841 EXPECT_NE(0, d.bytes_received());
4842 EXPECT_EQ(http_test_server()->host_port_pair().host(),
4843 r->GetResponseRemoteEndpoint().ToStringWithoutPort());
4844 EXPECT_EQ(http_test_server()->host_port_pair().port(),
4845 r->GetResponseRemoteEndpoint().port());
4846
4847 // TODO(eroman): Add back the NetLog tests...
4848 }
4849 }
4850
TEST_F(URLRequestTestHTTP,GetTest)4851 TEST_F(URLRequestTestHTTP, GetTest) {
4852 ASSERT_TRUE(http_test_server()->Start());
4853
4854 TestDelegate d;
4855 {
4856 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
4857 http_test_server()->GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d,
4858 TRAFFIC_ANNOTATION_FOR_TESTS));
4859
4860 r->Start();
4861 EXPECT_TRUE(r->is_pending());
4862
4863 d.RunUntilComplete();
4864
4865 EXPECT_EQ(1, d.response_started_count());
4866 EXPECT_FALSE(d.received_data_before_response());
4867 EXPECT_NE(0, d.bytes_received());
4868 EXPECT_EQ(http_test_server()->host_port_pair().host(),
4869 r->GetResponseRemoteEndpoint().ToStringWithoutPort());
4870 EXPECT_EQ(http_test_server()->host_port_pair().port(),
4871 r->GetResponseRemoteEndpoint().port());
4872 }
4873 }
4874
TEST_F(URLRequestTestHTTP,GetTestLoadTiming)4875 TEST_F(URLRequestTestHTTP, GetTestLoadTiming) {
4876 ASSERT_TRUE(http_test_server()->Start());
4877
4878 TestDelegate d;
4879 {
4880 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
4881 http_test_server()->GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d,
4882 TRAFFIC_ANNOTATION_FOR_TESTS));
4883
4884 r->Start();
4885 EXPECT_TRUE(r->is_pending());
4886
4887 d.RunUntilComplete();
4888
4889 LoadTimingInfo load_timing_info;
4890 r->GetLoadTimingInfo(&load_timing_info);
4891 TestLoadTimingNotReused(load_timing_info, CONNECT_TIMING_HAS_DNS_TIMES);
4892
4893 EXPECT_EQ(1, d.response_started_count());
4894 EXPECT_FALSE(d.received_data_before_response());
4895 EXPECT_NE(0, d.bytes_received());
4896 EXPECT_EQ(http_test_server()->host_port_pair().host(),
4897 r->GetResponseRemoteEndpoint().ToStringWithoutPort());
4898 EXPECT_EQ(http_test_server()->host_port_pair().port(),
4899 r->GetResponseRemoteEndpoint().port());
4900 }
4901 }
4902
4903 namespace {
4904
4905 // Sends the correct Content-Length matching the compressed length.
4906 const char kZippedContentLengthCompressed[] = "C";
4907 // Sends an incorrect Content-Length matching the uncompressed length.
4908 const char kZippedContentLengthUncompressed[] = "U";
4909 // Sends an incorrect Content-Length shorter than the compressed length.
4910 const char kZippedContentLengthShort[] = "S";
4911 // Sends an incorrect Content-Length between the compressed and uncompressed
4912 // lengths.
4913 const char kZippedContentLengthMedium[] = "M";
4914 // Sends an incorrect Content-Length larger than both compressed and
4915 // uncompressed lengths.
4916 const char kZippedContentLengthLong[] = "L";
4917
4918 // Sends |compressed_content| which, when decoded with deflate, should have
4919 // length |uncompressed_length|. The Content-Length header will be sent based on
4920 // which of the constants above is sent in the query string.
HandleZippedRequest(const std::string & compressed_content,size_t uncompressed_length,const test_server::HttpRequest & request)4921 std::unique_ptr<test_server::HttpResponse> HandleZippedRequest(
4922 const std::string& compressed_content,
4923 size_t uncompressed_length,
4924 const test_server::HttpRequest& request) {
4925 GURL url = request.GetURL();
4926 if (url.path_piece() != "/compressedfiles/BullRunSpeech.txt")
4927 return nullptr;
4928
4929 size_t length;
4930 if (url.query_piece() == kZippedContentLengthCompressed) {
4931 length = compressed_content.size();
4932 } else if (url.query_piece() == kZippedContentLengthUncompressed) {
4933 length = uncompressed_length;
4934 } else if (url.query_piece() == kZippedContentLengthShort) {
4935 length = compressed_content.size() / 2;
4936 } else if (url.query_piece() == kZippedContentLengthMedium) {
4937 length = (compressed_content.size() + uncompressed_length) / 2;
4938 } else if (url.query_piece() == kZippedContentLengthLong) {
4939 length = compressed_content.size() + uncompressed_length;
4940 } else {
4941 return nullptr;
4942 }
4943
4944 std::string headers = "HTTP/1.1 200 OK\r\n";
4945 headers += "Content-Encoding: deflate\r\n";
4946 base::StringAppendF(&headers, "Content-Length: %zu\r\n", length);
4947 return std::make_unique<test_server::RawHttpResponse>(headers,
4948 compressed_content);
4949 }
4950
4951 } // namespace
4952
TEST_F(URLRequestTestHTTP,GetZippedTest)4953 TEST_F(URLRequestTestHTTP, GetZippedTest) {
4954 base::FilePath file_path;
4955 base::PathService::Get(base::DIR_SRC_TEST_DATA_ROOT, &file_path);
4956 file_path = file_path.Append(kTestFilePath);
4957 std::string expected_content, compressed_content;
4958 ASSERT_TRUE(base::ReadFileToString(
4959 file_path.Append(FILE_PATH_LITERAL("BullRunSpeech.txt")),
4960 &expected_content));
4961 // This file is the output of the Python zlib.compress function on
4962 // |expected_content|.
4963 ASSERT_TRUE(base::ReadFileToString(
4964 file_path.Append(FILE_PATH_LITERAL("BullRunSpeech.txt.deflate")),
4965 &compressed_content));
4966
4967 http_test_server()->RegisterRequestHandler(base::BindRepeating(
4968 &HandleZippedRequest, compressed_content, expected_content.size()));
4969 ASSERT_TRUE(http_test_server()->Start());
4970
4971 static const struct {
4972 const char* parameter;
4973 bool expect_success;
4974 } kTests[] = {
4975 // Sending the compressed Content-Length is correct.
4976 {kZippedContentLengthCompressed, true},
4977 // Sending the uncompressed Content-Length is incorrect, but we accept it
4978 // to workaround some broken servers.
4979 {kZippedContentLengthUncompressed, true},
4980 // Sending too long of Content-Length is rejected.
4981 {kZippedContentLengthLong, false},
4982 {kZippedContentLengthMedium, false},
4983 // Sending too short of Content-Length successfully fetches a response
4984 // body, but it will be truncated.
4985 {kZippedContentLengthShort, true},
4986 };
4987
4988 for (const auto& test : kTests) {
4989 SCOPED_TRACE(test.parameter);
4990 TestDelegate d;
4991 std::string test_file = base::StringPrintf(
4992 "/compressedfiles/BullRunSpeech.txt?%s", test.parameter);
4993
4994 auto context_builder = CreateTestURLRequestContextBuilder();
4995 context_builder->set_network_delegate(
4996 std::make_unique<TestNetworkDelegate>());
4997 auto context = context_builder->Build();
4998
4999 std::unique_ptr<URLRequest> r(context->CreateRequest(
5000 http_test_server()->GetURL(test_file), DEFAULT_PRIORITY, &d,
5001 TRAFFIC_ANNOTATION_FOR_TESTS));
5002 r->Start();
5003 EXPECT_TRUE(r->is_pending());
5004
5005 d.RunUntilComplete();
5006
5007 EXPECT_EQ(1, d.response_started_count());
5008 EXPECT_FALSE(d.received_data_before_response());
5009 VLOG(1) << " Received " << d.bytes_received() << " bytes"
5010 << " error = " << d.request_status();
5011 if (test.expect_success) {
5012 EXPECT_EQ(OK, d.request_status())
5013 << " Parameter = \"" << test_file << "\"";
5014 if (strcmp(test.parameter, kZippedContentLengthShort) == 0) {
5015 // When content length is smaller than both compressed length and
5016 // uncompressed length, HttpStreamParser might not read the full
5017 // response body.
5018 EXPECT_EQ(expected_content.substr(0, d.data_received().size()),
5019 d.data_received());
5020 } else {
5021 EXPECT_EQ(expected_content, d.data_received());
5022 }
5023 } else {
5024 EXPECT_EQ(ERR_CONTENT_LENGTH_MISMATCH, d.request_status())
5025 << " Parameter = \"" << test_file << "\"";
5026 }
5027 }
5028 }
5029
TEST_F(URLRequestTestHTTP,RedirectLoadTiming)5030 TEST_F(URLRequestTestHTTP, RedirectLoadTiming) {
5031 ASSERT_TRUE(http_test_server()->Start());
5032
5033 GURL destination_url = http_test_server()->GetURL("/");
5034 GURL original_url =
5035 http_test_server()->GetURL("/server-redirect?" + destination_url.spec());
5036 TestDelegate d;
5037 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
5038 original_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
5039 req->Start();
5040 d.RunUntilComplete();
5041
5042 EXPECT_EQ(1, d.response_started_count());
5043 EXPECT_EQ(1, d.received_redirect_count());
5044 EXPECT_EQ(destination_url, req->url());
5045 EXPECT_EQ(original_url, req->original_url());
5046 ASSERT_EQ(2U, req->url_chain().size());
5047 EXPECT_EQ(original_url, req->url_chain()[0]);
5048 EXPECT_EQ(destination_url, req->url_chain()[1]);
5049
5050 LoadTimingInfo load_timing_info_before_redirect;
5051 EXPECT_TRUE(default_network_delegate().GetLoadTimingInfoBeforeRedirect(
5052 &load_timing_info_before_redirect));
5053 TestLoadTimingNotReused(load_timing_info_before_redirect,
5054 CONNECT_TIMING_HAS_DNS_TIMES);
5055
5056 LoadTimingInfo load_timing_info;
5057 req->GetLoadTimingInfo(&load_timing_info);
5058 TestLoadTimingNotReused(load_timing_info, CONNECT_TIMING_HAS_DNS_TIMES);
5059
5060 // Check that a new socket was used on redirect, since the server does not
5061 // supposed keep-alive sockets, and that the times before the redirect are
5062 // before the ones recorded for the second request.
5063 EXPECT_NE(load_timing_info_before_redirect.socket_log_id,
5064 load_timing_info.socket_log_id);
5065 EXPECT_LE(load_timing_info_before_redirect.receive_headers_end,
5066 load_timing_info.connect_timing.connect_start);
5067 }
5068
TEST_F(URLRequestTestHTTP,MultipleRedirectTest)5069 TEST_F(URLRequestTestHTTP, MultipleRedirectTest) {
5070 ASSERT_TRUE(http_test_server()->Start());
5071
5072 GURL destination_url = http_test_server()->GetURL("/");
5073 GURL middle_redirect_url =
5074 http_test_server()->GetURL("/server-redirect?" + destination_url.spec());
5075 GURL original_url = http_test_server()->GetURL("/server-redirect?" +
5076 middle_redirect_url.spec());
5077 TestDelegate d;
5078 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
5079 original_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
5080 req->Start();
5081 d.RunUntilComplete();
5082
5083 EXPECT_EQ(1, d.response_started_count());
5084 EXPECT_EQ(2, d.received_redirect_count());
5085 EXPECT_EQ(destination_url, req->url());
5086 EXPECT_EQ(original_url, req->original_url());
5087 ASSERT_EQ(3U, req->url_chain().size());
5088 EXPECT_EQ(original_url, req->url_chain()[0]);
5089 EXPECT_EQ(middle_redirect_url, req->url_chain()[1]);
5090 EXPECT_EQ(destination_url, req->url_chain()[2]);
5091 }
5092
5093 // This is a regression test for https://crbug.com/942073.
TEST_F(URLRequestTestHTTP,RedirectEscaping)5094 TEST_F(URLRequestTestHTTP, RedirectEscaping) {
5095 ASSERT_TRUE(http_test_server()->Start());
5096
5097 // Assemble the destination URL as a string so it is not escaped by GURL.
5098 GURL destination_base = http_test_server()->GetURL("/defaultresponse");
5099 // Add a URL fragment of U+2603 unescaped, U+2603 escaped, and then a UTF-8
5100 // encoding error.
5101 std::string destination_url =
5102 destination_base.spec() + "#\xE2\x98\x83_%E2%98%83_\xE0\xE0";
5103 // Redirect resolution should percent-escape bytes and preserve the UTF-8
5104 // error at the end.
5105 std::string destination_escaped =
5106 destination_base.spec() + "#%E2%98%83_%E2%98%83_%E0%E0";
5107 GURL original_url = http_test_server()->GetURL(
5108 "/server-redirect?" +
5109 base::EscapeQueryParamValue(destination_url, false));
5110 TestDelegate d;
5111 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
5112 original_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
5113 req->Start();
5114 d.RunUntilComplete();
5115
5116 EXPECT_EQ(1, d.response_started_count());
5117 EXPECT_EQ(1, d.received_redirect_count());
5118 EXPECT_EQ(destination_escaped, req->url().spec());
5119 EXPECT_EQ(original_url, req->original_url());
5120 ASSERT_EQ(2U, req->url_chain().size());
5121 EXPECT_EQ(original_url, req->url_chain()[0]);
5122 EXPECT_EQ(destination_escaped, req->url_chain()[1].spec());
5123 }
5124
5125 // First and second pieces of information logged by delegates to URLRequests.
5126 const char kFirstDelegateInfo[] = "Wonderful delegate";
5127 const char16_t kFirstDelegateInfo16[] = u"Wonderful delegate";
5128 const char kSecondDelegateInfo[] = "Exciting delegate";
5129 const char16_t kSecondDelegateInfo16[] = u"Exciting delegate";
5130
5131 // Logs delegate information to a URLRequest. The first string is logged
5132 // synchronously on Start(), using DELEGATE_INFO_DEBUG_ONLY. The second is
5133 // logged asynchronously, using DELEGATE_INFO_DISPLAY_TO_USER. Then
5134 // another asynchronous call is used to clear the delegate information
5135 // before calling a callback. The object then deletes itself.
5136 class AsyncDelegateLogger : public base::RefCounted<AsyncDelegateLogger> {
5137 public:
5138 using Callback = base::OnceCallback<void()>;
5139
5140 AsyncDelegateLogger(const AsyncDelegateLogger&) = delete;
5141 AsyncDelegateLogger& operator=(const AsyncDelegateLogger&) = delete;
5142
5143 // Each time delegate information is added to the URLRequest, the resulting
5144 // load state is checked. The expected load state after each request is
5145 // passed in as an argument.
Run(URLRequest * url_request,LoadState expected_first_load_state,LoadState expected_second_load_state,LoadState expected_third_load_state,Callback callback)5146 static void Run(URLRequest* url_request,
5147 LoadState expected_first_load_state,
5148 LoadState expected_second_load_state,
5149 LoadState expected_third_load_state,
5150 Callback callback) {
5151 // base::MakeRefCounted<AsyncDelegateLogger> is unavailable here, since the
5152 // constructor of AsyncDelegateLogger is private.
5153 auto logger = base::WrapRefCounted(new AsyncDelegateLogger(
5154 url_request, expected_first_load_state, expected_second_load_state,
5155 expected_third_load_state, std::move(callback)));
5156 logger->Start();
5157 }
5158
5159 // Checks that the log entries, starting with log_position, contain the
5160 // DELEGATE_INFO NetLog events that an AsyncDelegateLogger should have
5161 // recorded. Returns the index of entry after the expected number of
5162 // events this logged, or entries.size() if there aren't enough entries.
CheckDelegateInfo(const std::vector<NetLogEntry> & entries,size_t log_position)5163 static size_t CheckDelegateInfo(const std::vector<NetLogEntry>& entries,
5164 size_t log_position) {
5165 // There should be 4 DELEGATE_INFO events: Two begins and two ends.
5166 if (log_position + 3 >= entries.size()) {
5167 ADD_FAILURE() << "Not enough log entries";
5168 return entries.size();
5169 }
5170 std::string delegate_info;
5171 EXPECT_EQ(NetLogEventType::DELEGATE_INFO, entries[log_position].type);
5172 EXPECT_EQ(NetLogEventPhase::BEGIN, entries[log_position].phase);
5173 EXPECT_EQ(
5174 kFirstDelegateInfo,
5175 GetStringValueFromParams(entries[log_position], "delegate_blocked_by"));
5176
5177 ++log_position;
5178 EXPECT_EQ(NetLogEventType::DELEGATE_INFO, entries[log_position].type);
5179 EXPECT_EQ(NetLogEventPhase::END, entries[log_position].phase);
5180
5181 ++log_position;
5182 EXPECT_EQ(NetLogEventType::DELEGATE_INFO, entries[log_position].type);
5183 EXPECT_EQ(NetLogEventPhase::BEGIN, entries[log_position].phase);
5184 EXPECT_EQ(
5185 kSecondDelegateInfo,
5186 GetStringValueFromParams(entries[log_position], "delegate_blocked_by"));
5187
5188 ++log_position;
5189 EXPECT_EQ(NetLogEventType::DELEGATE_INFO, entries[log_position].type);
5190 EXPECT_EQ(NetLogEventPhase::END, entries[log_position].phase);
5191
5192 return log_position + 1;
5193 }
5194
5195 private:
5196 friend class base::RefCounted<AsyncDelegateLogger>;
5197
AsyncDelegateLogger(URLRequest * url_request,LoadState expected_first_load_state,LoadState expected_second_load_state,LoadState expected_third_load_state,Callback callback)5198 AsyncDelegateLogger(URLRequest* url_request,
5199 LoadState expected_first_load_state,
5200 LoadState expected_second_load_state,
5201 LoadState expected_third_load_state,
5202 Callback callback)
5203 : url_request_(url_request),
5204 expected_first_load_state_(expected_first_load_state),
5205 expected_second_load_state_(expected_second_load_state),
5206 expected_third_load_state_(expected_third_load_state),
5207 callback_(std::move(callback)) {}
5208
5209 ~AsyncDelegateLogger() = default;
5210
Start()5211 void Start() {
5212 url_request_->LogBlockedBy(kFirstDelegateInfo);
5213 LoadStateWithParam load_state = url_request_->GetLoadState();
5214 EXPECT_EQ(expected_first_load_state_, load_state.state);
5215 EXPECT_NE(kFirstDelegateInfo16, load_state.param);
5216 base::SingleThreadTaskRunner::GetCurrentDefault()->PostTask(
5217 FROM_HERE,
5218 base::BindOnce(&AsyncDelegateLogger::LogSecondDelegate, this));
5219 }
5220
LogSecondDelegate()5221 void LogSecondDelegate() {
5222 url_request_->LogAndReportBlockedBy(kSecondDelegateInfo);
5223 LoadStateWithParam load_state = url_request_->GetLoadState();
5224 EXPECT_EQ(expected_second_load_state_, load_state.state);
5225 if (expected_second_load_state_ == LOAD_STATE_WAITING_FOR_DELEGATE) {
5226 EXPECT_EQ(kSecondDelegateInfo16, load_state.param);
5227 } else {
5228 EXPECT_NE(kSecondDelegateInfo16, load_state.param);
5229 }
5230 base::SingleThreadTaskRunner::GetCurrentDefault()->PostTask(
5231 FROM_HERE, base::BindOnce(&AsyncDelegateLogger::LogComplete, this));
5232 }
5233
LogComplete()5234 void LogComplete() {
5235 url_request_->LogUnblocked();
5236 LoadStateWithParam load_state = url_request_->GetLoadState();
5237 EXPECT_EQ(expected_third_load_state_, load_state.state);
5238 if (expected_second_load_state_ == LOAD_STATE_WAITING_FOR_DELEGATE)
5239 EXPECT_EQ(std::u16string(), load_state.param);
5240 std::move(callback_).Run();
5241 }
5242
5243 raw_ptr<URLRequest> url_request_;
5244 const int expected_first_load_state_;
5245 const int expected_second_load_state_;
5246 const int expected_third_load_state_;
5247 Callback callback_;
5248 };
5249
5250 // NetworkDelegate that logs delegate information before a request is started,
5251 // before headers are sent, when headers are read, and when auth information
5252 // is requested. Uses AsyncDelegateLogger.
5253 class AsyncLoggingNetworkDelegate : public TestNetworkDelegate {
5254 public:
5255 AsyncLoggingNetworkDelegate() = default;
5256
5257 AsyncLoggingNetworkDelegate(const AsyncLoggingNetworkDelegate&) = delete;
5258 AsyncLoggingNetworkDelegate& operator=(const AsyncLoggingNetworkDelegate&) =
5259 delete;
5260
5261 ~AsyncLoggingNetworkDelegate() override = default;
5262
5263 // NetworkDelegate implementation.
OnBeforeURLRequest(URLRequest * request,CompletionOnceCallback callback,GURL * new_url)5264 int OnBeforeURLRequest(URLRequest* request,
5265 CompletionOnceCallback callback,
5266 GURL* new_url) override {
5267 // TestNetworkDelegate always completes synchronously.
5268 CHECK_NE(ERR_IO_PENDING, TestNetworkDelegate::OnBeforeURLRequest(
5269 request, base::NullCallback(), new_url));
5270 return RunCallbackAsynchronously(request, std::move(callback));
5271 }
5272
OnBeforeStartTransaction(URLRequest * request,const HttpRequestHeaders & headers,OnBeforeStartTransactionCallback callback)5273 int OnBeforeStartTransaction(
5274 URLRequest* request,
5275 const HttpRequestHeaders& headers,
5276 OnBeforeStartTransactionCallback callback) override {
5277 // TestNetworkDelegate always completes synchronously.
5278 CHECK_NE(ERR_IO_PENDING, TestNetworkDelegate::OnBeforeStartTransaction(
5279 request, headers, base::NullCallback()));
5280 return RunCallbackAsynchronously(
5281 request, base::BindOnce(
5282 [](OnBeforeStartTransactionCallback callback, int result) {
5283 std::move(callback).Run(result, absl::nullopt);
5284 },
5285 std::move(callback)));
5286 }
5287
OnHeadersReceived(URLRequest * request,CompletionOnceCallback callback,const HttpResponseHeaders * original_response_headers,scoped_refptr<HttpResponseHeaders> * override_response_headers,const IPEndPoint & endpoint,absl::optional<GURL> * preserve_fragment_on_redirect_url)5288 int OnHeadersReceived(
5289 URLRequest* request,
5290 CompletionOnceCallback callback,
5291 const HttpResponseHeaders* original_response_headers,
5292 scoped_refptr<HttpResponseHeaders>* override_response_headers,
5293 const IPEndPoint& endpoint,
5294 absl::optional<GURL>* preserve_fragment_on_redirect_url) override {
5295 // TestNetworkDelegate always completes synchronously.
5296 CHECK_NE(ERR_IO_PENDING,
5297 TestNetworkDelegate::OnHeadersReceived(
5298 request, base::NullCallback(), original_response_headers,
5299 override_response_headers, endpoint,
5300 preserve_fragment_on_redirect_url));
5301 return RunCallbackAsynchronously(request, std::move(callback));
5302 }
5303
5304 private:
RunCallbackAsynchronously(URLRequest * request,CompletionOnceCallback callback)5305 static int RunCallbackAsynchronously(URLRequest* request,
5306 CompletionOnceCallback callback) {
5307 AsyncDelegateLogger::Run(request, LOAD_STATE_WAITING_FOR_DELEGATE,
5308 LOAD_STATE_WAITING_FOR_DELEGATE,
5309 LOAD_STATE_WAITING_FOR_DELEGATE,
5310 base::BindOnce(std::move(callback), OK));
5311 return ERR_IO_PENDING;
5312 }
5313 };
5314
5315 // URLRequest::Delegate that logs delegate information when the headers
5316 // are received, when each read completes, and during redirects. Uses
5317 // AsyncDelegateLogger. Can optionally cancel a request in any phase.
5318 //
5319 // Inherits from TestDelegate to reuse the TestDelegate code to handle
5320 // advancing to the next step in most cases, as well as cancellation.
5321 class AsyncLoggingUrlRequestDelegate : public TestDelegate {
5322 public:
5323 enum CancelStage {
5324 NO_CANCEL = 0,
5325 CANCEL_ON_RECEIVED_REDIRECT,
5326 CANCEL_ON_RESPONSE_STARTED,
5327 CANCEL_ON_READ_COMPLETED
5328 };
5329
AsyncLoggingUrlRequestDelegate(CancelStage cancel_stage)5330 explicit AsyncLoggingUrlRequestDelegate(CancelStage cancel_stage)
5331 : cancel_stage_(cancel_stage) {
5332 if (cancel_stage == CANCEL_ON_RECEIVED_REDIRECT)
5333 set_cancel_in_received_redirect(true);
5334 else if (cancel_stage == CANCEL_ON_RESPONSE_STARTED)
5335 set_cancel_in_response_started(true);
5336 else if (cancel_stage == CANCEL_ON_READ_COMPLETED)
5337 set_cancel_in_received_data(true);
5338 }
5339
5340 AsyncLoggingUrlRequestDelegate(const AsyncLoggingUrlRequestDelegate&) =
5341 delete;
5342 AsyncLoggingUrlRequestDelegate& operator=(
5343 const AsyncLoggingUrlRequestDelegate&) = delete;
5344
5345 ~AsyncLoggingUrlRequestDelegate() override = default;
5346
5347 // URLRequest::Delegate implementation:
OnReceivedRedirect(URLRequest * request,const RedirectInfo & redirect_info,bool * defer_redirect)5348 void OnReceivedRedirect(URLRequest* request,
5349 const RedirectInfo& redirect_info,
5350 bool* defer_redirect) override {
5351 *defer_redirect = true;
5352 AsyncDelegateLogger::Run(
5353 request, LOAD_STATE_WAITING_FOR_DELEGATE,
5354 LOAD_STATE_WAITING_FOR_DELEGATE, LOAD_STATE_WAITING_FOR_DELEGATE,
5355 base::BindOnce(
5356 &AsyncLoggingUrlRequestDelegate::OnReceivedRedirectLoggingComplete,
5357 base::Unretained(this), request, redirect_info));
5358 }
5359
OnResponseStarted(URLRequest * request,int net_error)5360 void OnResponseStarted(URLRequest* request, int net_error) override {
5361 AsyncDelegateLogger::Run(
5362 request, LOAD_STATE_WAITING_FOR_DELEGATE,
5363 LOAD_STATE_WAITING_FOR_DELEGATE, LOAD_STATE_WAITING_FOR_DELEGATE,
5364 base::BindOnce(
5365 &AsyncLoggingUrlRequestDelegate::OnResponseStartedLoggingComplete,
5366 base::Unretained(this), request, net_error));
5367 }
5368
OnReadCompleted(URLRequest * request,int bytes_read)5369 void OnReadCompleted(URLRequest* request, int bytes_read) override {
5370 AsyncDelegateLogger::Run(
5371 request, LOAD_STATE_IDLE, LOAD_STATE_IDLE, LOAD_STATE_IDLE,
5372 base::BindOnce(
5373 &AsyncLoggingUrlRequestDelegate::AfterReadCompletedLoggingComplete,
5374 base::Unretained(this), request, bytes_read));
5375 }
5376
5377 private:
OnReceivedRedirectLoggingComplete(URLRequest * request,const RedirectInfo & redirect_info)5378 void OnReceivedRedirectLoggingComplete(URLRequest* request,
5379 const RedirectInfo& redirect_info) {
5380 bool defer_redirect = false;
5381 TestDelegate::OnReceivedRedirect(request, redirect_info, &defer_redirect);
5382 // FollowDeferredRedirect should not be called after cancellation.
5383 if (cancel_stage_ == CANCEL_ON_RECEIVED_REDIRECT)
5384 return;
5385 if (!defer_redirect) {
5386 request->FollowDeferredRedirect(absl::nullopt /* removed_headers */,
5387 absl::nullopt /* modified_headers */);
5388 }
5389 }
5390
OnResponseStartedLoggingComplete(URLRequest * request,int net_error)5391 void OnResponseStartedLoggingComplete(URLRequest* request, int net_error) {
5392 // The parent class continues the request.
5393 TestDelegate::OnResponseStarted(request, net_error);
5394 }
5395
AfterReadCompletedLoggingComplete(URLRequest * request,int bytes_read)5396 void AfterReadCompletedLoggingComplete(URLRequest* request, int bytes_read) {
5397 // The parent class continues the request.
5398 TestDelegate::OnReadCompleted(request, bytes_read);
5399 }
5400
5401 const CancelStage cancel_stage_;
5402 };
5403
5404 // Tests handling of delegate info before a request starts.
TEST_F(URLRequestTestHTTP,DelegateInfoBeforeStart)5405 TEST_F(URLRequestTestHTTP, DelegateInfoBeforeStart) {
5406 ASSERT_TRUE(http_test_server()->Start());
5407
5408 TestDelegate request_delegate;
5409 auto context_builder = CreateTestURLRequestContextBuilder();
5410 context_builder->set_net_log(NetLog::Get());
5411 auto context = context_builder->Build();
5412
5413 {
5414 std::unique_ptr<URLRequest> r(context->CreateRequest(
5415 http_test_server()->GetURL("/defaultresponse"), DEFAULT_PRIORITY,
5416 &request_delegate, TRAFFIC_ANNOTATION_FOR_TESTS));
5417 LoadStateWithParam load_state = r->GetLoadState();
5418 EXPECT_EQ(LOAD_STATE_IDLE, load_state.state);
5419 EXPECT_EQ(std::u16string(), load_state.param);
5420
5421 AsyncDelegateLogger::Run(
5422 r.get(), LOAD_STATE_WAITING_FOR_DELEGATE,
5423 LOAD_STATE_WAITING_FOR_DELEGATE, LOAD_STATE_IDLE,
5424 base::BindOnce(&URLRequest::Start, base::Unretained(r.get())));
5425
5426 request_delegate.RunUntilComplete();
5427
5428 EXPECT_EQ(200, r->GetResponseCode());
5429 EXPECT_EQ(OK, request_delegate.request_status());
5430 }
5431
5432 auto entries = net_log_observer_.GetEntries();
5433 size_t log_position = ExpectLogContainsSomewhereAfter(
5434 entries, 0, NetLogEventType::DELEGATE_INFO, NetLogEventPhase::BEGIN);
5435
5436 log_position = AsyncDelegateLogger::CheckDelegateInfo(entries, log_position);
5437
5438 // Nothing else should add any delegate info to the request.
5439 EXPECT_FALSE(LogContainsEntryWithTypeAfter(entries, log_position + 1,
5440 NetLogEventType::DELEGATE_INFO));
5441 }
5442
5443 // Tests handling of delegate info from a network delegate.
TEST_F(URLRequestTestHTTP,NetworkDelegateInfo)5444 TEST_F(URLRequestTestHTTP, NetworkDelegateInfo) {
5445 ASSERT_TRUE(http_test_server()->Start());
5446
5447 TestDelegate request_delegate;
5448 auto context_builder = CreateTestURLRequestContextBuilder();
5449 auto& network_delegate = *context_builder->set_network_delegate(
5450 std::make_unique<AsyncLoggingNetworkDelegate>());
5451 context_builder->set_net_log(NetLog::Get());
5452 auto context = context_builder->Build();
5453
5454 {
5455 std::unique_ptr<URLRequest> r(context->CreateRequest(
5456 http_test_server()->GetURL("/simple.html"), DEFAULT_PRIORITY,
5457 &request_delegate, TRAFFIC_ANNOTATION_FOR_TESTS));
5458 LoadStateWithParam load_state = r->GetLoadState();
5459 EXPECT_EQ(LOAD_STATE_IDLE, load_state.state);
5460 EXPECT_EQ(std::u16string(), load_state.param);
5461
5462 r->Start();
5463 request_delegate.RunUntilComplete();
5464
5465 EXPECT_EQ(200, r->GetResponseCode());
5466 EXPECT_EQ(OK, request_delegate.request_status());
5467 EXPECT_EQ(1, network_delegate.created_requests());
5468 EXPECT_EQ(0, network_delegate.destroyed_requests());
5469 }
5470 EXPECT_EQ(1, network_delegate.destroyed_requests());
5471
5472 size_t log_position = 0;
5473 auto entries = net_log_observer_.GetEntries();
5474 static const NetLogEventType kExpectedEvents[] = {
5475 NetLogEventType::NETWORK_DELEGATE_BEFORE_URL_REQUEST,
5476 NetLogEventType::NETWORK_DELEGATE_BEFORE_START_TRANSACTION,
5477 NetLogEventType::NETWORK_DELEGATE_HEADERS_RECEIVED,
5478 };
5479 for (NetLogEventType event : kExpectedEvents) {
5480 SCOPED_TRACE(NetLogEventTypeToString(event));
5481 log_position = ExpectLogContainsSomewhereAfter(
5482 entries, log_position + 1, event, NetLogEventPhase::BEGIN);
5483
5484 log_position =
5485 AsyncDelegateLogger::CheckDelegateInfo(entries, log_position + 1);
5486
5487 ASSERT_LT(log_position, entries.size());
5488 EXPECT_EQ(event, entries[log_position].type);
5489 EXPECT_EQ(NetLogEventPhase::END, entries[log_position].phase);
5490 }
5491
5492 EXPECT_FALSE(LogContainsEntryWithTypeAfter(entries, log_position + 1,
5493 NetLogEventType::DELEGATE_INFO));
5494 }
5495
5496 // Tests handling of delegate info from a network delegate in the case of an
5497 // HTTP redirect.
TEST_F(URLRequestTestHTTP,NetworkDelegateInfoRedirect)5498 TEST_F(URLRequestTestHTTP, NetworkDelegateInfoRedirect) {
5499 ASSERT_TRUE(http_test_server()->Start());
5500
5501 TestDelegate request_delegate;
5502 auto context_builder = CreateTestURLRequestContextBuilder();
5503 auto& network_delegate = *context_builder->set_network_delegate(
5504 std::make_unique<AsyncLoggingNetworkDelegate>());
5505 auto context = context_builder->Build();
5506
5507 {
5508 std::unique_ptr<URLRequest> r(context->CreateRequest(
5509 http_test_server()->GetURL("/server-redirect?simple.html"),
5510 DEFAULT_PRIORITY, &request_delegate, TRAFFIC_ANNOTATION_FOR_TESTS));
5511 LoadStateWithParam load_state = r->GetLoadState();
5512 EXPECT_EQ(LOAD_STATE_IDLE, load_state.state);
5513 EXPECT_EQ(std::u16string(), load_state.param);
5514
5515 r->Start();
5516 request_delegate.RunUntilComplete();
5517
5518 EXPECT_EQ(200, r->GetResponseCode());
5519 EXPECT_EQ(OK, request_delegate.request_status());
5520 EXPECT_EQ(2, network_delegate.created_requests());
5521 EXPECT_EQ(0, network_delegate.destroyed_requests());
5522 }
5523 EXPECT_EQ(1, network_delegate.destroyed_requests());
5524
5525 size_t log_position = 0;
5526 auto entries = net_log_observer_.GetEntries();
5527 static const NetLogEventType kExpectedEvents[] = {
5528 NetLogEventType::NETWORK_DELEGATE_BEFORE_URL_REQUEST,
5529 NetLogEventType::NETWORK_DELEGATE_BEFORE_START_TRANSACTION,
5530 NetLogEventType::NETWORK_DELEGATE_HEADERS_RECEIVED,
5531 };
5532 for (NetLogEventType event : kExpectedEvents) {
5533 SCOPED_TRACE(NetLogEventTypeToString(event));
5534 log_position = ExpectLogContainsSomewhereAfter(
5535 entries, log_position + 1, event, NetLogEventPhase::BEGIN);
5536
5537 log_position =
5538 AsyncDelegateLogger::CheckDelegateInfo(entries, log_position + 1);
5539
5540 ASSERT_LT(log_position, entries.size());
5541 EXPECT_EQ(event, entries[log_position].type);
5542 EXPECT_EQ(NetLogEventPhase::END, entries[log_position].phase);
5543 }
5544
5545 // The URLRequest::Delegate then gets informed about the redirect.
5546 log_position = ExpectLogContainsSomewhereAfter(
5547 entries, log_position + 1,
5548 NetLogEventType::URL_REQUEST_DELEGATE_RECEIVED_REDIRECT,
5549 NetLogEventPhase::BEGIN);
5550
5551 // The NetworkDelegate logged information in the same three events as before.
5552 for (NetLogEventType event : kExpectedEvents) {
5553 SCOPED_TRACE(NetLogEventTypeToString(event));
5554 log_position = ExpectLogContainsSomewhereAfter(
5555 entries, log_position + 1, event, NetLogEventPhase::BEGIN);
5556
5557 log_position =
5558 AsyncDelegateLogger::CheckDelegateInfo(entries, log_position + 1);
5559
5560 ASSERT_LT(log_position, entries.size());
5561 EXPECT_EQ(event, entries[log_position].type);
5562 EXPECT_EQ(NetLogEventPhase::END, entries[log_position].phase);
5563 }
5564
5565 EXPECT_FALSE(LogContainsEntryWithTypeAfter(entries, log_position + 1,
5566 NetLogEventType::DELEGATE_INFO));
5567 }
5568
5569 // Tests handling of delegate info from a URLRequest::Delegate.
TEST_F(URLRequestTestHTTP,URLRequestDelegateInfo)5570 TEST_F(URLRequestTestHTTP, URLRequestDelegateInfo) {
5571 ASSERT_TRUE(http_test_server()->Start());
5572
5573 AsyncLoggingUrlRequestDelegate request_delegate(
5574 AsyncLoggingUrlRequestDelegate::NO_CANCEL);
5575 auto context_builder = CreateTestURLRequestContextBuilder();
5576 context_builder->set_net_log(NetLog::Get());
5577 auto context = context_builder->Build();
5578
5579 {
5580 // A chunked response with delays between chunks is used to make sure that
5581 // attempts by the URLRequest delegate to log information while reading the
5582 // body are ignored. Since they are ignored, this test is robust against
5583 // the possibility of multiple reads being combined in the unlikely event
5584 // that it occurs.
5585 std::unique_ptr<URLRequest> r(context->CreateRequest(
5586 http_test_server()->GetURL("/chunked?waitBetweenChunks=20"),
5587 DEFAULT_PRIORITY, &request_delegate, TRAFFIC_ANNOTATION_FOR_TESTS));
5588 LoadStateWithParam load_state = r->GetLoadState();
5589 r->Start();
5590 request_delegate.RunUntilComplete();
5591
5592 EXPECT_EQ(200, r->GetResponseCode());
5593 EXPECT_EQ(OK, request_delegate.request_status());
5594 }
5595
5596 auto entries = net_log_observer_.GetEntries();
5597
5598 size_t log_position = 0;
5599
5600 // The delegate info should only have been logged on header complete. Other
5601 // times it should silently be ignored.
5602 log_position = ExpectLogContainsSomewhereAfter(
5603 entries, log_position + 1,
5604 NetLogEventType::URL_REQUEST_DELEGATE_RESPONSE_STARTED,
5605 NetLogEventPhase::BEGIN);
5606
5607 log_position =
5608 AsyncDelegateLogger::CheckDelegateInfo(entries, log_position + 1);
5609
5610 ASSERT_LT(log_position, entries.size());
5611 EXPECT_EQ(NetLogEventType::URL_REQUEST_DELEGATE_RESPONSE_STARTED,
5612 entries[log_position].type);
5613 EXPECT_EQ(NetLogEventPhase::END, entries[log_position].phase);
5614
5615 EXPECT_FALSE(LogContainsEntryWithTypeAfter(entries, log_position + 1,
5616 NetLogEventType::DELEGATE_INFO));
5617 EXPECT_FALSE(LogContainsEntryWithTypeAfter(
5618 entries, log_position + 1,
5619 NetLogEventType::URL_REQUEST_DELEGATE_RESPONSE_STARTED));
5620 }
5621
5622 // Tests handling of delegate info from a URLRequest::Delegate in the case of
5623 // an HTTP redirect.
TEST_F(URLRequestTestHTTP,URLRequestDelegateInfoOnRedirect)5624 TEST_F(URLRequestTestHTTP, URLRequestDelegateInfoOnRedirect) {
5625 ASSERT_TRUE(http_test_server()->Start());
5626
5627 AsyncLoggingUrlRequestDelegate request_delegate(
5628 AsyncLoggingUrlRequestDelegate::NO_CANCEL);
5629 auto context_builder = CreateTestURLRequestContextBuilder();
5630 context_builder->set_net_log(NetLog::Get());
5631 auto context = context_builder->Build();
5632
5633 {
5634 std::unique_ptr<URLRequest> r(context->CreateRequest(
5635 http_test_server()->GetURL("/server-redirect?simple.html"),
5636 DEFAULT_PRIORITY, &request_delegate, TRAFFIC_ANNOTATION_FOR_TESTS));
5637 LoadStateWithParam load_state = r->GetLoadState();
5638 r->Start();
5639 request_delegate.RunUntilComplete();
5640
5641 EXPECT_EQ(200, r->GetResponseCode());
5642 EXPECT_EQ(OK, request_delegate.request_status());
5643 }
5644
5645 auto entries = net_log_observer_.GetEntries();
5646
5647 // Delegate info should only have been logged in OnReceivedRedirect and
5648 // OnResponseStarted.
5649 size_t log_position = 0;
5650 static const NetLogEventType kExpectedEvents[] = {
5651 NetLogEventType::URL_REQUEST_DELEGATE_RECEIVED_REDIRECT,
5652 NetLogEventType::URL_REQUEST_DELEGATE_RESPONSE_STARTED,
5653 };
5654 for (NetLogEventType event : kExpectedEvents) {
5655 SCOPED_TRACE(NetLogEventTypeToString(event));
5656 log_position = ExpectLogContainsSomewhereAfter(entries, log_position, event,
5657 NetLogEventPhase::BEGIN);
5658
5659 log_position =
5660 AsyncDelegateLogger::CheckDelegateInfo(entries, log_position + 1);
5661
5662 ASSERT_LT(log_position, entries.size());
5663 EXPECT_EQ(event, entries[log_position].type);
5664 EXPECT_EQ(NetLogEventPhase::END, entries[log_position].phase);
5665 }
5666
5667 EXPECT_FALSE(LogContainsEntryWithTypeAfter(entries, log_position + 1,
5668 NetLogEventType::DELEGATE_INFO));
5669 }
5670
5671 // Tests handling of delegate info from a URLRequest::Delegate in the case of
5672 // an HTTP redirect, with cancellation at various points.
TEST_F(URLRequestTestHTTP,URLRequestDelegateOnRedirectCancelled)5673 TEST_F(URLRequestTestHTTP, URLRequestDelegateOnRedirectCancelled) {
5674 ASSERT_TRUE(http_test_server()->Start());
5675
5676 const AsyncLoggingUrlRequestDelegate::CancelStage kCancelStages[] = {
5677 AsyncLoggingUrlRequestDelegate::CANCEL_ON_RECEIVED_REDIRECT,
5678 AsyncLoggingUrlRequestDelegate::CANCEL_ON_RESPONSE_STARTED,
5679 AsyncLoggingUrlRequestDelegate::CANCEL_ON_READ_COMPLETED,
5680 };
5681
5682 for (auto cancel_stage : kCancelStages) {
5683 AsyncLoggingUrlRequestDelegate request_delegate(cancel_stage);
5684 RecordingNetLogObserver net_log_observer;
5685 auto context_builder = CreateTestURLRequestContextBuilder();
5686 context_builder->set_net_log(NetLog::Get());
5687 auto context = context_builder->Build();
5688
5689 {
5690 std::unique_ptr<URLRequest> r(context->CreateRequest(
5691 http_test_server()->GetURL("/server-redirect?simple.html"),
5692 DEFAULT_PRIORITY, &request_delegate, TRAFFIC_ANNOTATION_FOR_TESTS));
5693 LoadStateWithParam load_state = r->GetLoadState();
5694 r->Start();
5695 request_delegate.RunUntilComplete();
5696 EXPECT_EQ(ERR_ABORTED, request_delegate.request_status());
5697
5698 // Spin the message loop to run AsyncDelegateLogger task(s) posted after
5699 // the |request_delegate| completion task.
5700 base::RunLoop().RunUntilIdle();
5701 }
5702
5703 auto entries = net_log_observer.GetEntries();
5704
5705 // Delegate info is always logged in both OnReceivedRedirect and
5706 // OnResponseStarted. In the CANCEL_ON_RECEIVED_REDIRECT, the
5707 // OnResponseStarted delegate call is after cancellation, but logging is
5708 // still currently supported in that call.
5709 size_t log_position = 0;
5710 static const NetLogEventType kExpectedEvents[] = {
5711 NetLogEventType::URL_REQUEST_DELEGATE_RECEIVED_REDIRECT,
5712 NetLogEventType::URL_REQUEST_DELEGATE_RESPONSE_STARTED,
5713 };
5714 for (NetLogEventType event : kExpectedEvents) {
5715 SCOPED_TRACE(NetLogEventTypeToString(event));
5716 log_position = ExpectLogContainsSomewhereAfter(
5717 entries, log_position, event, NetLogEventPhase::BEGIN);
5718
5719 log_position =
5720 AsyncDelegateLogger::CheckDelegateInfo(entries, log_position + 1);
5721
5722 ASSERT_LT(log_position, entries.size());
5723 EXPECT_EQ(event, entries[log_position].type);
5724 EXPECT_EQ(NetLogEventPhase::END, entries[log_position].phase);
5725 }
5726
5727 EXPECT_FALSE(LogContainsEntryWithTypeAfter(entries, log_position + 1,
5728 NetLogEventType::DELEGATE_INFO));
5729 }
5730 }
5731
5732 namespace {
5733
5734 const char kExtraHeader[] = "Allow-Snafu";
5735 const char kExtraValue[] = "fubar";
5736
5737 class RedirectWithAdditionalHeadersDelegate : public TestDelegate {
OnReceivedRedirect(URLRequest * request,const RedirectInfo & redirect_info,bool * defer_redirect)5738 void OnReceivedRedirect(URLRequest* request,
5739 const RedirectInfo& redirect_info,
5740 bool* defer_redirect) override {
5741 TestDelegate::OnReceivedRedirect(request, redirect_info, defer_redirect);
5742 request->SetExtraRequestHeaderByName(kExtraHeader, kExtraValue, false);
5743 }
5744 };
5745
5746 } // namespace
5747
TEST_F(URLRequestTestHTTP,RedirectWithAdditionalHeadersTest)5748 TEST_F(URLRequestTestHTTP, RedirectWithAdditionalHeadersTest) {
5749 ASSERT_TRUE(http_test_server()->Start());
5750
5751 GURL destination_url =
5752 http_test_server()->GetURL("/echoheader?" + std::string(kExtraHeader));
5753 GURL original_url =
5754 http_test_server()->GetURL("/server-redirect?" + destination_url.spec());
5755 RedirectWithAdditionalHeadersDelegate d;
5756 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
5757 original_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
5758 req->Start();
5759 d.RunUntilComplete();
5760
5761 std::string value;
5762 const HttpRequestHeaders& headers = req->extra_request_headers();
5763 EXPECT_TRUE(headers.GetHeader(kExtraHeader, &value));
5764 EXPECT_EQ(kExtraValue, value);
5765 EXPECT_FALSE(req->is_pending());
5766 EXPECT_FALSE(req->is_redirecting());
5767 EXPECT_EQ(kExtraValue, d.data_received());
5768 }
5769
5770 namespace {
5771
5772 const char kExtraHeaderToRemove[] = "To-Be-Removed";
5773
5774 class RedirectWithHeaderRemovalDelegate : public TestDelegate {
OnReceivedRedirect(URLRequest * request,const RedirectInfo & redirect_info,bool * defer_redirect)5775 void OnReceivedRedirect(URLRequest* request,
5776 const RedirectInfo& redirect_info,
5777 bool* defer_redirect) override {
5778 TestDelegate::OnReceivedRedirect(request, redirect_info, defer_redirect);
5779 request->RemoveRequestHeaderByName(kExtraHeaderToRemove);
5780 }
5781 };
5782
5783 } // namespace
5784
TEST_F(URLRequestTestHTTP,RedirectWithHeaderRemovalTest)5785 TEST_F(URLRequestTestHTTP, RedirectWithHeaderRemovalTest) {
5786 ASSERT_TRUE(http_test_server()->Start());
5787
5788 GURL destination_url = http_test_server()->GetURL(
5789 "/echoheader?" + std::string(kExtraHeaderToRemove));
5790 GURL original_url =
5791 http_test_server()->GetURL("/server-redirect?" + destination_url.spec());
5792 RedirectWithHeaderRemovalDelegate d;
5793 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
5794 original_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
5795 req->SetExtraRequestHeaderByName(kExtraHeaderToRemove, "dummy", false);
5796 req->Start();
5797 d.RunUntilComplete();
5798
5799 std::string value;
5800 const HttpRequestHeaders& headers = req->extra_request_headers();
5801 EXPECT_FALSE(headers.GetHeader(kExtraHeaderToRemove, &value));
5802 EXPECT_FALSE(req->is_pending());
5803 EXPECT_FALSE(req->is_redirecting());
5804 EXPECT_EQ("None", d.data_received());
5805 }
5806
TEST_F(URLRequestTestHTTP,CancelAfterStart)5807 TEST_F(URLRequestTestHTTP, CancelAfterStart) {
5808 TestDelegate d;
5809 {
5810 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
5811 GURL("http://www.google.com/"), DEFAULT_PRIORITY, &d,
5812 TRAFFIC_ANNOTATION_FOR_TESTS));
5813
5814 r->Start();
5815 EXPECT_TRUE(r->is_pending());
5816
5817 r->Cancel();
5818
5819 d.RunUntilComplete();
5820
5821 // We expect to receive OnResponseStarted even though the request has been
5822 // cancelled.
5823 EXPECT_EQ(1, d.response_started_count());
5824 EXPECT_EQ(0, d.bytes_received());
5825 EXPECT_FALSE(d.received_data_before_response());
5826 }
5827 }
5828
TEST_F(URLRequestTestHTTP,CancelInResponseStarted)5829 TEST_F(URLRequestTestHTTP, CancelInResponseStarted) {
5830 ASSERT_TRUE(http_test_server()->Start());
5831
5832 TestDelegate d;
5833 {
5834 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
5835 http_test_server()->GetURL("/"), DEFAULT_PRIORITY, &d,
5836 TRAFFIC_ANNOTATION_FOR_TESTS));
5837
5838 d.set_cancel_in_response_started(true);
5839
5840 r->Start();
5841 EXPECT_TRUE(r->is_pending());
5842
5843 d.RunUntilComplete();
5844
5845 EXPECT_EQ(1, d.response_started_count());
5846 EXPECT_EQ(0, d.bytes_received());
5847 EXPECT_FALSE(d.received_data_before_response());
5848 EXPECT_EQ(ERR_ABORTED, d.request_status());
5849 }
5850 }
5851
TEST_F(URLRequestTestHTTP,CancelOnDataReceived)5852 TEST_F(URLRequestTestHTTP, CancelOnDataReceived) {
5853 ASSERT_TRUE(http_test_server()->Start());
5854
5855 TestDelegate d;
5856 {
5857 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
5858 http_test_server()->GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d,
5859 TRAFFIC_ANNOTATION_FOR_TESTS));
5860
5861 d.set_cancel_in_received_data(true);
5862
5863 r->Start();
5864 EXPECT_TRUE(r->is_pending());
5865
5866 d.RunUntilComplete();
5867
5868 EXPECT_EQ(1, d.response_started_count());
5869 EXPECT_NE(0, d.received_bytes_count());
5870 EXPECT_FALSE(d.received_data_before_response());
5871 EXPECT_EQ(ERR_ABORTED, d.request_status());
5872 }
5873 }
5874
TEST_F(URLRequestTestHTTP,CancelDuringEofRead)5875 TEST_F(URLRequestTestHTTP, CancelDuringEofRead) {
5876 ASSERT_TRUE(http_test_server()->Start());
5877
5878 TestDelegate d;
5879 {
5880 // This returns an empty response (With headers).
5881 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
5882 http_test_server()->GetURL("/"), DEFAULT_PRIORITY, &d,
5883 TRAFFIC_ANNOTATION_FOR_TESTS));
5884
5885 d.set_cancel_in_received_data(true);
5886
5887 r->Start();
5888 EXPECT_TRUE(r->is_pending());
5889
5890 d.RunUntilComplete();
5891
5892 EXPECT_EQ(1, d.response_started_count());
5893 EXPECT_EQ(0, d.received_bytes_count());
5894 EXPECT_FALSE(d.received_data_before_response());
5895 EXPECT_EQ(ERR_ABORTED, d.request_status());
5896 }
5897 }
5898
TEST_F(URLRequestTestHTTP,CancelByDestroyingAfterStart)5899 TEST_F(URLRequestTestHTTP, CancelByDestroyingAfterStart) {
5900 ASSERT_TRUE(http_test_server()->Start());
5901
5902 TestDelegate d;
5903 {
5904 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
5905 http_test_server()->GetURL("/"), DEFAULT_PRIORITY, &d,
5906 TRAFFIC_ANNOTATION_FOR_TESTS));
5907
5908 r->Start();
5909 EXPECT_TRUE(r->is_pending());
5910
5911 // The request will be implicitly canceled when it is destroyed. The
5912 // test delegate must not post a quit message when this happens because
5913 // this test doesn't actually have a message loop. The quit message would
5914 // get put on this thread's message queue and the next test would exit
5915 // early, causing problems.
5916 d.set_on_complete(base::DoNothing());
5917 }
5918 // expect things to just cleanup properly.
5919
5920 // we won't actually get a received response here because we've never run the
5921 // message loop
5922 EXPECT_FALSE(d.received_data_before_response());
5923 EXPECT_EQ(0, d.bytes_received());
5924 }
5925
TEST_F(URLRequestTestHTTP,CancelWhileReadingFromCache)5926 TEST_F(URLRequestTestHTTP, CancelWhileReadingFromCache) {
5927 ASSERT_TRUE(http_test_server()->Start());
5928
5929 // populate cache
5930 {
5931 TestDelegate d;
5932 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
5933 http_test_server()->GetURL("/cachetime"), DEFAULT_PRIORITY, &d,
5934 TRAFFIC_ANNOTATION_FOR_TESTS));
5935 r->Start();
5936 d.RunUntilComplete();
5937 EXPECT_EQ(OK, d.request_status());
5938 }
5939
5940 // cancel read from cache (see bug 990242)
5941 {
5942 TestDelegate d;
5943 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
5944 http_test_server()->GetURL("/cachetime"), DEFAULT_PRIORITY, &d,
5945 TRAFFIC_ANNOTATION_FOR_TESTS));
5946 r->Start();
5947 r->Cancel();
5948 d.RunUntilComplete();
5949
5950 EXPECT_EQ(ERR_ABORTED, d.request_status());
5951 EXPECT_EQ(1, d.response_started_count());
5952 EXPECT_EQ(0, d.bytes_received());
5953 EXPECT_FALSE(d.received_data_before_response());
5954 }
5955 }
5956
TEST_F(URLRequestTestHTTP,PostTest)5957 TEST_F(URLRequestTestHTTP, PostTest) {
5958 ASSERT_TRUE(http_test_server()->Start());
5959 HTTPUploadDataOperationTest("POST");
5960 }
5961
TEST_F(URLRequestTestHTTP,PutTest)5962 TEST_F(URLRequestTestHTTP, PutTest) {
5963 ASSERT_TRUE(http_test_server()->Start());
5964 HTTPUploadDataOperationTest("PUT");
5965 }
5966
TEST_F(URLRequestTestHTTP,PostEmptyTest)5967 TEST_F(URLRequestTestHTTP, PostEmptyTest) {
5968 ASSERT_TRUE(http_test_server()->Start());
5969
5970 TestDelegate d;
5971 {
5972 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
5973 http_test_server()->GetURL("/echo"), DEFAULT_PRIORITY, &d,
5974 TRAFFIC_ANNOTATION_FOR_TESTS));
5975 r->set_method("POST");
5976
5977 r->Start();
5978 EXPECT_TRUE(r->is_pending());
5979
5980 d.RunUntilComplete();
5981
5982 ASSERT_EQ(1, d.response_started_count())
5983 << "request failed. Error: " << d.request_status();
5984
5985 EXPECT_FALSE(d.received_data_before_response());
5986 EXPECT_TRUE(d.data_received().empty());
5987 }
5988 }
5989
TEST_F(URLRequestTestHTTP,PostFileTest)5990 TEST_F(URLRequestTestHTTP, PostFileTest) {
5991 ASSERT_TRUE(http_test_server()->Start());
5992
5993 TestDelegate d;
5994 {
5995 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
5996 http_test_server()->GetURL("/echo"), DEFAULT_PRIORITY, &d,
5997 TRAFFIC_ANNOTATION_FOR_TESTS));
5998 r->set_method("POST");
5999
6000 base::FilePath dir;
6001 base::PathService::Get(base::DIR_EXE, &dir);
6002 base::SetCurrentDirectory(dir);
6003
6004 std::vector<std::unique_ptr<UploadElementReader>> element_readers;
6005
6006 base::FilePath path;
6007 base::PathService::Get(base::DIR_SRC_TEST_DATA_ROOT, &path);
6008 path = path.Append(kTestFilePath);
6009 path = path.Append(FILE_PATH_LITERAL("with-headers.html"));
6010 element_readers.push_back(std::make_unique<UploadFileElementReader>(
6011 base::SingleThreadTaskRunner::GetCurrentDefault().get(), path, 0,
6012 std::numeric_limits<uint64_t>::max(), base::Time()));
6013 r->set_upload(std::make_unique<ElementsUploadDataStream>(
6014 std::move(element_readers), 0));
6015
6016 r->Start();
6017 EXPECT_TRUE(r->is_pending());
6018
6019 d.RunUntilComplete();
6020
6021 int64_t size64 = 0;
6022 ASSERT_EQ(true, base::GetFileSize(path, &size64));
6023 ASSERT_LE(size64, std::numeric_limits<int>::max());
6024 int size = static_cast<int>(size64);
6025 auto buf = std::make_unique<char[]>(size);
6026
6027 ASSERT_EQ(size, base::ReadFile(path, buf.get(), size));
6028
6029 ASSERT_EQ(1, d.response_started_count())
6030 << "request failed. Error: " << d.request_status();
6031
6032 EXPECT_FALSE(d.received_data_before_response());
6033
6034 EXPECT_EQ(size, d.bytes_received());
6035 EXPECT_EQ(std::string(&buf[0], size), d.data_received());
6036 }
6037 }
6038
TEST_F(URLRequestTestHTTP,PostUnreadableFileTest)6039 TEST_F(URLRequestTestHTTP, PostUnreadableFileTest) {
6040 ASSERT_TRUE(http_test_server()->Start());
6041
6042 TestDelegate d;
6043 {
6044 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
6045 http_test_server()->GetURL("/echo"), DEFAULT_PRIORITY, &d,
6046 TRAFFIC_ANNOTATION_FOR_TESTS));
6047 r->set_method("POST");
6048
6049 std::vector<std::unique_ptr<UploadElementReader>> element_readers;
6050
6051 element_readers.push_back(std::make_unique<UploadFileElementReader>(
6052 base::SingleThreadTaskRunner::GetCurrentDefault().get(),
6053 base::FilePath(FILE_PATH_LITERAL(
6054 "c:\\path\\to\\non\\existant\\file.randomness.12345")),
6055 0, std::numeric_limits<uint64_t>::max(), base::Time()));
6056 r->set_upload(std::make_unique<ElementsUploadDataStream>(
6057 std::move(element_readers), 0));
6058
6059 r->Start();
6060 EXPECT_TRUE(r->is_pending());
6061
6062 d.RunUntilComplete();
6063
6064 EXPECT_TRUE(d.request_failed());
6065 EXPECT_FALSE(d.received_data_before_response());
6066 EXPECT_EQ(0, d.bytes_received());
6067 EXPECT_EQ(ERR_FILE_NOT_FOUND, d.request_status());
6068 }
6069 }
6070
6071 namespace {
6072
6073 // Adds a standard set of data to an upload for chunked upload integration
6074 // tests.
AddDataToUpload(ChunkedUploadDataStream::Writer * writer)6075 void AddDataToUpload(ChunkedUploadDataStream::Writer* writer) {
6076 writer->AppendData("a", 1, false);
6077 writer->AppendData("bcd", 3, false);
6078 writer->AppendData("this is a longer chunk than before.", 35, false);
6079 writer->AppendData("\r\n\r\n", 4, false);
6080 writer->AppendData("0", 1, false);
6081 writer->AppendData("2323", 4, true);
6082 }
6083
6084 // Checks that the upload data added in AddChunksToUpload() was echoed back from
6085 // the server.
VerifyReceivedDataMatchesChunks(URLRequest * r,TestDelegate * d)6086 void VerifyReceivedDataMatchesChunks(URLRequest* r, TestDelegate* d) {
6087 // This should match the chunks sent by AddChunksToUpload().
6088 const std::string expected_data =
6089 "abcdthis is a longer chunk than before.\r\n\r\n02323";
6090
6091 ASSERT_EQ(1, d->response_started_count())
6092 << "request failed. Error: " << d->request_status();
6093
6094 EXPECT_FALSE(d->received_data_before_response());
6095
6096 EXPECT_EQ(expected_data.size(), static_cast<size_t>(d->bytes_received()));
6097 EXPECT_EQ(expected_data, d->data_received());
6098 }
6099
6100 } // namespace
6101
TEST_F(URLRequestTestHTTP,TestPostChunkedDataBeforeStart)6102 TEST_F(URLRequestTestHTTP, TestPostChunkedDataBeforeStart) {
6103 ASSERT_TRUE(http_test_server()->Start());
6104
6105 TestDelegate d;
6106 {
6107 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
6108 http_test_server()->GetURL("/echo"), DEFAULT_PRIORITY, &d,
6109 TRAFFIC_ANNOTATION_FOR_TESTS));
6110 auto upload_data_stream = std::make_unique<ChunkedUploadDataStream>(0);
6111 std::unique_ptr<ChunkedUploadDataStream::Writer> writer =
6112 upload_data_stream->CreateWriter();
6113 r->set_upload(std::move(upload_data_stream));
6114 r->set_method("POST");
6115 AddDataToUpload(writer.get());
6116 r->Start();
6117 EXPECT_TRUE(r->is_pending());
6118
6119 d.RunUntilComplete();
6120
6121 VerifyReceivedDataMatchesChunks(r.get(), &d);
6122 }
6123 }
6124
TEST_F(URLRequestTestHTTP,TestPostChunkedDataJustAfterStart)6125 TEST_F(URLRequestTestHTTP, TestPostChunkedDataJustAfterStart) {
6126 ASSERT_TRUE(http_test_server()->Start());
6127
6128 TestDelegate d;
6129 {
6130 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
6131 http_test_server()->GetURL("/echo"), DEFAULT_PRIORITY, &d,
6132 TRAFFIC_ANNOTATION_FOR_TESTS));
6133 auto upload_data_stream = std::make_unique<ChunkedUploadDataStream>(0);
6134 std::unique_ptr<ChunkedUploadDataStream::Writer> writer =
6135 upload_data_stream->CreateWriter();
6136 r->set_upload(std::move(upload_data_stream));
6137 r->set_method("POST");
6138 r->Start();
6139 EXPECT_TRUE(r->is_pending());
6140 AddDataToUpload(writer.get());
6141 d.RunUntilComplete();
6142
6143 VerifyReceivedDataMatchesChunks(r.get(), &d);
6144 }
6145 }
6146
TEST_F(URLRequestTestHTTP,TestPostChunkedDataAfterStart)6147 TEST_F(URLRequestTestHTTP, TestPostChunkedDataAfterStart) {
6148 ASSERT_TRUE(http_test_server()->Start());
6149
6150 TestDelegate d;
6151 {
6152 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
6153 http_test_server()->GetURL("/echo"), DEFAULT_PRIORITY, &d,
6154 TRAFFIC_ANNOTATION_FOR_TESTS));
6155 auto upload_data_stream = std::make_unique<ChunkedUploadDataStream>(0);
6156 std::unique_ptr<ChunkedUploadDataStream::Writer> writer =
6157 upload_data_stream->CreateWriter();
6158 r->set_upload(std::move(upload_data_stream));
6159 r->set_method("POST");
6160 r->Start();
6161 EXPECT_TRUE(r->is_pending());
6162
6163 // Pump messages until we start sending headers..
6164 base::RunLoop().RunUntilIdle();
6165
6166 // And now wait for completion.
6167 base::RunLoop run_loop;
6168 d.set_on_complete(run_loop.QuitClosure());
6169 AddDataToUpload(writer.get());
6170 run_loop.Run();
6171
6172 VerifyReceivedDataMatchesChunks(r.get(), &d);
6173 }
6174 }
6175
TEST_F(URLRequestTestHTTP,ResponseHeadersTest)6176 TEST_F(URLRequestTestHTTP, ResponseHeadersTest) {
6177 ASSERT_TRUE(http_test_server()->Start());
6178
6179 TestDelegate d;
6180 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
6181 http_test_server()->GetURL("/with-headers.html"), DEFAULT_PRIORITY, &d,
6182 TRAFFIC_ANNOTATION_FOR_TESTS));
6183 req->Start();
6184 d.RunUntilComplete();
6185
6186 const HttpResponseHeaders* headers = req->response_headers();
6187
6188 // Simple sanity check that response_info() accesses the same data.
6189 EXPECT_EQ(headers, req->response_info().headers.get());
6190
6191 std::string header;
6192 EXPECT_TRUE(headers->GetNormalizedHeader("cache-control", &header));
6193 EXPECT_EQ("private", header);
6194
6195 header.clear();
6196 EXPECT_TRUE(headers->GetNormalizedHeader("content-type", &header));
6197 EXPECT_EQ("text/html; charset=ISO-8859-1", header);
6198
6199 // The response has two "X-Multiple-Entries" headers.
6200 // This verfies our output has them concatenated together.
6201 header.clear();
6202 EXPECT_TRUE(headers->GetNormalizedHeader("x-multiple-entries", &header));
6203 EXPECT_EQ("a, b", header);
6204 }
6205
6206 // TODO(svaldez): iOS tests are flaky with EmbeddedTestServer and transport
6207 // security state. (see http://crbug.com/550977).
6208 #if !BUILDFLAG(IS_IOS)
TEST_F(URLRequestTestHTTP,ProcessSTS)6209 TEST_F(URLRequestTestHTTP, ProcessSTS) {
6210 EmbeddedTestServer https_test_server(net::EmbeddedTestServer::TYPE_HTTPS);
6211 https_test_server.SetSSLConfig(
6212 net::EmbeddedTestServer::CERT_COMMON_NAME_IS_DOMAIN);
6213 https_test_server.ServeFilesFromSourceDirectory(
6214 base::FilePath(kTestFilePath));
6215 ASSERT_TRUE(https_test_server.Start());
6216
6217 std::string test_server_hostname = https_test_server.GetURL("/").host();
6218 TestDelegate d;
6219 std::unique_ptr<URLRequest> request(default_context().CreateRequest(
6220 https_test_server.GetURL("/hsts-headers.html"), DEFAULT_PRIORITY, &d,
6221 TRAFFIC_ANNOTATION_FOR_TESTS));
6222 request->Start();
6223 d.RunUntilComplete();
6224
6225 TransportSecurityState* security_state =
6226 default_context().transport_security_state();
6227 TransportSecurityState::STSState sts_state;
6228 TransportSecurityState::PKPState pkp_state;
6229 EXPECT_TRUE(
6230 security_state->GetDynamicSTSState(test_server_hostname, &sts_state));
6231 EXPECT_FALSE(
6232 security_state->GetDynamicPKPState(test_server_hostname, &pkp_state));
6233 EXPECT_EQ(TransportSecurityState::STSState::MODE_FORCE_HTTPS,
6234 sts_state.upgrade_mode);
6235 EXPECT_TRUE(sts_state.include_subdomains);
6236 EXPECT_FALSE(pkp_state.include_subdomains);
6237 #if BUILDFLAG(IS_ANDROID)
6238 // Android's CertVerifyProc does not (yet) handle pins.
6239 #else
6240 EXPECT_FALSE(pkp_state.HasPublicKeyPins());
6241 #endif
6242 }
6243
TEST_F(URLRequestTestHTTP,STSNotProcessedOnIP)6244 TEST_F(URLRequestTestHTTP, STSNotProcessedOnIP) {
6245 EmbeddedTestServer https_test_server(net::EmbeddedTestServer::TYPE_HTTPS);
6246 https_test_server.ServeFilesFromSourceDirectory(
6247 base::FilePath(kTestFilePath));
6248 ASSERT_TRUE(https_test_server.Start());
6249 // Make sure this test fails if the test server is changed to not
6250 // listen on an IP by default.
6251 ASSERT_TRUE(https_test_server.GetURL("/").HostIsIPAddress());
6252 std::string test_server_hostname = https_test_server.GetURL("/").host();
6253
6254 TestDelegate d;
6255 std::unique_ptr<URLRequest> request(default_context().CreateRequest(
6256 https_test_server.GetURL("/hsts-headers.html"), DEFAULT_PRIORITY, &d,
6257 TRAFFIC_ANNOTATION_FOR_TESTS));
6258 request->Start();
6259 d.RunUntilComplete();
6260 TransportSecurityState* security_state =
6261 default_context().transport_security_state();
6262 TransportSecurityState::STSState sts_state;
6263 EXPECT_FALSE(
6264 security_state->GetDynamicSTSState(test_server_hostname, &sts_state));
6265 }
6266
6267 namespace {
6268 const char kPKPReportUri[] = "http://report-uri.preloaded.test/pkp";
6269 const char kPKPHost[] = "with-report-uri-pkp.preloaded.test";
6270 } // namespace
6271
6272 // Tests that reports get sent on PKP violations when a report-uri is set.
TEST_F(URLRequestTestHTTP,ProcessPKPAndSendReport)6273 TEST_F(URLRequestTestHTTP, ProcessPKPAndSendReport) {
6274 base::test::ScopedFeatureList scoped_feature_list_;
6275 scoped_feature_list_.InitAndEnableFeature(
6276 net::features::kStaticKeyPinningEnforcement);
6277 GURL report_uri(kPKPReportUri);
6278 EmbeddedTestServer https_test_server(net::EmbeddedTestServer::TYPE_HTTPS);
6279 https_test_server.SetSSLConfig(
6280 net::EmbeddedTestServer::CERT_COMMON_NAME_IS_DOMAIN);
6281 https_test_server.ServeFilesFromSourceDirectory(
6282 base::FilePath(kTestFilePath));
6283 ASSERT_TRUE(https_test_server.Start());
6284
6285 std::string test_server_hostname = kPKPHost;
6286
6287 SetTransportSecurityStateSourceForTesting(&test_default::kHSTSSource);
6288
6289 // Set up a MockCertVerifier to trigger a violation of the previously
6290 // set pin.
6291 scoped_refptr<X509Certificate> cert = https_test_server.GetCertificate();
6292 ASSERT_TRUE(cert);
6293
6294 CertVerifyResult verify_result;
6295 verify_result.verified_cert = cert;
6296 verify_result.is_issued_by_known_root = true;
6297 HashValue hash3;
6298 ASSERT_TRUE(
6299 hash3.FromString("sha256/3333333333333333333333333333333333333333333="));
6300 verify_result.public_key_hashes.push_back(hash3);
6301 auto cert_verifier = std::make_unique<MockCertVerifier>();
6302 cert_verifier->AddResultForCert(cert.get(), verify_result, OK);
6303
6304 MockCertificateReportSender mock_report_sender; // Must outlive `context`.
6305 auto context_builder = CreateTestURLRequestContextBuilder();
6306 context_builder->SetCertVerifier(std::move(cert_verifier));
6307 auto context = context_builder->Build();
6308 context->transport_security_state()->EnableStaticPinsForTesting();
6309 context->transport_security_state()->SetPinningListAlwaysTimelyForTesting(
6310 true);
6311 context->transport_security_state()->SetReportSender(&mock_report_sender);
6312
6313 IsolationInfo isolation_info = IsolationInfo::CreateTransient();
6314
6315 // Now send a request to trigger the violation.
6316 TestDelegate d;
6317 std::unique_ptr<URLRequest> violating_request(context->CreateRequest(
6318 https_test_server.GetURL(test_server_hostname, "/simple.html"),
6319 DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
6320 violating_request->set_isolation_info(isolation_info);
6321 violating_request->Start();
6322 d.RunUntilComplete();
6323
6324 // Check that a report was sent.
6325 EXPECT_EQ(report_uri, mock_report_sender.latest_report_uri());
6326 ASSERT_FALSE(mock_report_sender.latest_report().empty());
6327 EXPECT_EQ("application/json; charset=utf-8",
6328 mock_report_sender.latest_content_type());
6329 base::Value::Dict report_dict =
6330 base::test::ParseJsonDict(mock_report_sender.latest_report());
6331 ASSERT_FALSE(report_dict.empty());
6332 std::string* report_hostname = report_dict.FindString("hostname");
6333 ASSERT_TRUE(report_hostname);
6334 EXPECT_EQ(test_server_hostname, *report_hostname);
6335 EXPECT_EQ(isolation_info.network_anonymization_key(),
6336 mock_report_sender.latest_network_anonymization_key());
6337 }
6338
6339 // Tests that reports do not get sent on requests to static pkp hosts that
6340 // don't have pin violations.
TEST_F(URLRequestTestHTTP,ProcessPKPWithNoViolation)6341 TEST_F(URLRequestTestHTTP, ProcessPKPWithNoViolation) {
6342 base::test::ScopedFeatureList scoped_feature_list_;
6343 scoped_feature_list_.InitAndEnableFeature(
6344 net::features::kStaticKeyPinningEnforcement);
6345 EmbeddedTestServer https_test_server(net::EmbeddedTestServer::TYPE_HTTPS);
6346 https_test_server.SetSSLConfig(
6347 net::EmbeddedTestServer::CERT_COMMON_NAME_IS_DOMAIN);
6348 https_test_server.ServeFilesFromSourceDirectory(
6349 base::FilePath(kTestFilePath));
6350 ASSERT_TRUE(https_test_server.Start());
6351
6352 std::string test_server_hostname = kPKPHost;
6353
6354 SetTransportSecurityStateSourceForTesting(&test_default::kHSTSSource);
6355
6356 scoped_refptr<X509Certificate> cert = https_test_server.GetCertificate();
6357 ASSERT_TRUE(cert);
6358 CertVerifyResult verify_result;
6359 verify_result.verified_cert = cert;
6360 verify_result.is_issued_by_known_root = true;
6361 HashValue hash;
6362 // The expected value of GoodPin1 used by |test_default::kHSTSSource|.
6363 ASSERT_TRUE(
6364 hash.FromString("sha256/Nn8jk5By4Vkq6BeOVZ7R7AC6XUUBZsWmUbJR1f1Y5FY="));
6365 verify_result.public_key_hashes.push_back(hash);
6366 auto mock_cert_verifier = std::make_unique<MockCertVerifier>();
6367 mock_cert_verifier->AddResultForCert(cert.get(), verify_result, OK);
6368
6369 MockCertificateReportSender mock_report_sender; // Must outlive `context`.
6370 auto context_builder = CreateTestURLRequestContextBuilder();
6371 context_builder->SetCertVerifier(std::move(mock_cert_verifier));
6372 auto context = context_builder->Build();
6373 context->transport_security_state()->EnableStaticPinsForTesting();
6374 context->transport_security_state()->SetPinningListAlwaysTimelyForTesting(
6375 true);
6376 context->transport_security_state()->SetReportSender(&mock_report_sender);
6377
6378 // Now send a request that does not trigger the violation.
6379 TestDelegate d;
6380 std::unique_ptr<URLRequest> request(context->CreateRequest(
6381 https_test_server.GetURL(test_server_hostname, "/simple.html"),
6382 DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
6383 request->set_isolation_info(IsolationInfo::CreateTransient());
6384 request->Start();
6385 d.RunUntilComplete();
6386
6387 // Check that the request succeeded, a report was not sent and the pkp was
6388 // not bypassed.
6389 EXPECT_EQ(OK, d.request_status());
6390 EXPECT_EQ(GURL(), mock_report_sender.latest_report_uri());
6391 EXPECT_EQ(std::string(), mock_report_sender.latest_report());
6392 EXPECT_EQ(NetworkAnonymizationKey(),
6393 mock_report_sender.latest_network_anonymization_key());
6394 TransportSecurityState::PKPState pkp_state;
6395 EXPECT_TRUE(context->transport_security_state()->GetStaticPKPState(
6396 test_server_hostname, &pkp_state));
6397 EXPECT_TRUE(pkp_state.HasPublicKeyPins());
6398 EXPECT_FALSE(request->ssl_info().pkp_bypassed);
6399 }
6400
TEST_F(URLRequestTestHTTP,PKPBypassRecorded)6401 TEST_F(URLRequestTestHTTP, PKPBypassRecorded) {
6402 base::test::ScopedFeatureList scoped_feature_list_;
6403 scoped_feature_list_.InitAndEnableFeature(
6404 net::features::kStaticKeyPinningEnforcement);
6405 EmbeddedTestServer https_test_server(net::EmbeddedTestServer::TYPE_HTTPS);
6406 https_test_server.SetSSLConfig(
6407 net::EmbeddedTestServer::CERT_COMMON_NAME_IS_DOMAIN);
6408 https_test_server.ServeFilesFromSourceDirectory(
6409 base::FilePath(kTestFilePath));
6410 ASSERT_TRUE(https_test_server.Start());
6411
6412 // Set up a MockCertVerifier to be a local root that violates the pin
6413 scoped_refptr<X509Certificate> cert = https_test_server.GetCertificate();
6414 ASSERT_TRUE(cert);
6415
6416 CertVerifyResult verify_result;
6417 verify_result.verified_cert = cert;
6418 verify_result.is_issued_by_known_root = false;
6419 HashValue hash;
6420 ASSERT_TRUE(
6421 hash.FromString("sha256/1111111111111111111111111111111111111111111="));
6422 verify_result.public_key_hashes.push_back(hash);
6423 auto cert_verifier = std::make_unique<MockCertVerifier>();
6424 cert_verifier->AddResultForCert(cert.get(), verify_result, OK);
6425
6426 std::string test_server_hostname = kPKPHost;
6427
6428 SetTransportSecurityStateSourceForTesting(&test_default::kHSTSSource);
6429
6430 MockCertificateReportSender mock_report_sender; // Must outlive `context`.
6431 auto context_builder = CreateTestURLRequestContextBuilder();
6432 context_builder->SetCertVerifier(std::move(cert_verifier));
6433 auto context = context_builder->Build();
6434 context->transport_security_state()->EnableStaticPinsForTesting();
6435 context->transport_security_state()->SetPinningListAlwaysTimelyForTesting(
6436 true);
6437 context->transport_security_state()->SetReportSender(&mock_report_sender);
6438
6439 TestDelegate d;
6440 std::unique_ptr<URLRequest> request(context->CreateRequest(
6441 https_test_server.GetURL(test_server_hostname, "/simple.html"),
6442 DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
6443 request->set_isolation_info(IsolationInfo::CreateTransient());
6444 request->Start();
6445 d.RunUntilComplete();
6446
6447 // Check that the request succeeded, a report was not sent and the PKP was
6448 // bypassed.
6449 EXPECT_EQ(OK, d.request_status());
6450 EXPECT_EQ(GURL(), mock_report_sender.latest_report_uri());
6451 EXPECT_EQ(std::string(), mock_report_sender.latest_report());
6452 EXPECT_EQ(NetworkAnonymizationKey(),
6453 mock_report_sender.latest_network_anonymization_key());
6454 TransportSecurityState::PKPState pkp_state;
6455 EXPECT_TRUE(context->transport_security_state()->GetStaticPKPState(
6456 test_server_hostname, &pkp_state));
6457 EXPECT_TRUE(pkp_state.HasPublicKeyPins());
6458 EXPECT_TRUE(request->ssl_info().pkp_bypassed);
6459 }
6460
TEST_F(URLRequestTestHTTP,ProcessSTSOnce)6461 TEST_F(URLRequestTestHTTP, ProcessSTSOnce) {
6462 EmbeddedTestServer https_test_server(net::EmbeddedTestServer::TYPE_HTTPS);
6463 https_test_server.SetSSLConfig(
6464 net::EmbeddedTestServer::CERT_COMMON_NAME_IS_DOMAIN);
6465 https_test_server.ServeFilesFromSourceDirectory(
6466 base::FilePath(kTestFilePath));
6467 ASSERT_TRUE(https_test_server.Start());
6468
6469 std::string test_server_hostname = https_test_server.GetURL("/").host();
6470
6471 TestDelegate d;
6472 std::unique_ptr<URLRequest> request(default_context().CreateRequest(
6473 https_test_server.GetURL("/hsts-multiple-headers.html"), DEFAULT_PRIORITY,
6474 &d, TRAFFIC_ANNOTATION_FOR_TESTS));
6475 request->Start();
6476 d.RunUntilComplete();
6477
6478 // We should have set parameters from the first header, not the second.
6479 TransportSecurityState* security_state =
6480 default_context().transport_security_state();
6481 TransportSecurityState::STSState sts_state;
6482 EXPECT_TRUE(
6483 security_state->GetDynamicSTSState(test_server_hostname, &sts_state));
6484 EXPECT_EQ(TransportSecurityState::STSState::MODE_FORCE_HTTPS,
6485 sts_state.upgrade_mode);
6486 EXPECT_FALSE(sts_state.include_subdomains);
6487 EXPECT_FALSE(sts_state.include_subdomains);
6488 }
6489
6490 #endif // !BUILDFLAG(IS_IOS)
6491
6492 #if BUILDFLAG(ENABLE_REPORTING)
6493
TEST_F(URLRequestTestHTTP,NetworkErrorLogging_DontReportIfNetworkNotAccessed)6494 TEST_F(URLRequestTestHTTP, NetworkErrorLogging_DontReportIfNetworkNotAccessed) {
6495 EmbeddedTestServer https_test_server(net::EmbeddedTestServer::TYPE_HTTPS);
6496 RegisterDefaultHandlers(&https_test_server);
6497 ASSERT_TRUE(https_test_server.Start());
6498 GURL request_url = https_test_server.GetURL("/cachetime");
6499
6500 auto context_builder = CreateTestURLRequestContextBuilder();
6501 context_builder->set_network_error_logging_enabled(true);
6502 auto& nel_service = *context_builder->SetNetworkErrorLoggingServiceForTesting(
6503 std::make_unique<TestNetworkErrorLoggingService>());
6504 auto context = context_builder->Build();
6505
6506 // Populate the cache.
6507 TestDelegate d;
6508 std::unique_ptr<URLRequest> request(context->CreateRequest(
6509 request_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
6510 request->set_isolation_info(isolation_info1_);
6511 request->Start();
6512 d.RunUntilComplete();
6513
6514 ASSERT_EQ(1u, nel_service.errors().size());
6515 const TestNetworkErrorLoggingService::RequestDetails& error =
6516 nel_service.errors()[0];
6517 EXPECT_EQ(request_url, error.uri);
6518 EXPECT_EQ(200, error.status_code);
6519 EXPECT_EQ(OK, error.type);
6520
6521 request = context->CreateRequest(request_url, DEFAULT_PRIORITY, &d,
6522 TRAFFIC_ANNOTATION_FOR_TESTS);
6523 request->set_isolation_info(isolation_info1_);
6524 request->Start();
6525 d.RunUntilComplete();
6526
6527 EXPECT_FALSE(request->response_info().network_accessed);
6528 EXPECT_TRUE(request->response_info().was_cached);
6529 // No additional NEL report was generated.
6530 EXPECT_EQ(1u, nel_service.errors().size());
6531 }
6532
TEST_F(URLRequestTestHTTP,NetworkErrorLogging_BasicSuccess)6533 TEST_F(URLRequestTestHTTP, NetworkErrorLogging_BasicSuccess) {
6534 EmbeddedTestServer https_test_server(net::EmbeddedTestServer::TYPE_HTTPS);
6535 https_test_server.ServeFilesFromSourceDirectory(
6536 base::FilePath(kTestFilePath));
6537 ASSERT_TRUE(https_test_server.Start());
6538 GURL request_url = https_test_server.GetURL("/simple.html");
6539
6540 auto context_builder = CreateTestURLRequestContextBuilder();
6541 context_builder->set_network_error_logging_enabled(true);
6542 auto& nel_service = *context_builder->SetNetworkErrorLoggingServiceForTesting(
6543 std::make_unique<TestNetworkErrorLoggingService>());
6544 auto context = context_builder->Build();
6545
6546 TestDelegate d;
6547 std::unique_ptr<URLRequest> request(context->CreateRequest(
6548 request_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
6549 request->Start();
6550 d.RunUntilComplete();
6551
6552 ASSERT_EQ(1u, nel_service.errors().size());
6553 const TestNetworkErrorLoggingService::RequestDetails& error =
6554 nel_service.errors()[0];
6555 EXPECT_EQ(request_url, error.uri);
6556 EXPECT_EQ(200, error.status_code);
6557 EXPECT_EQ(OK, error.type);
6558 }
6559
TEST_F(URLRequestTestHTTP,NetworkErrorLogging_BasicError)6560 TEST_F(URLRequestTestHTTP, NetworkErrorLogging_BasicError) {
6561 EmbeddedTestServer https_test_server(net::EmbeddedTestServer::TYPE_HTTPS);
6562 RegisterDefaultHandlers(&https_test_server);
6563 ASSERT_TRUE(https_test_server.Start());
6564 GURL request_url = https_test_server.GetURL("/close-socket");
6565
6566 auto context_builder = CreateTestURLRequestContextBuilder();
6567 context_builder->set_network_error_logging_enabled(true);
6568 auto& nel_service = *context_builder->SetNetworkErrorLoggingServiceForTesting(
6569 std::make_unique<TestNetworkErrorLoggingService>());
6570 auto context = context_builder->Build();
6571
6572 TestDelegate d;
6573 std::unique_ptr<URLRequest> request(context->CreateRequest(
6574 request_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
6575 request->Start();
6576 d.RunUntilComplete();
6577
6578 ASSERT_EQ(1u, nel_service.errors().size());
6579 const TestNetworkErrorLoggingService::RequestDetails& error =
6580 nel_service.errors()[0];
6581 EXPECT_EQ(request_url, error.uri);
6582 EXPECT_EQ(0, error.status_code);
6583 EXPECT_EQ(ERR_EMPTY_RESPONSE, error.type);
6584 }
6585
TEST_F(URLRequestTestHTTP,NetworkErrorLogging_Redirect)6586 TEST_F(URLRequestTestHTTP, NetworkErrorLogging_Redirect) {
6587 EmbeddedTestServer https_test_server(net::EmbeddedTestServer::TYPE_HTTPS);
6588 https_test_server.ServeFilesFromSourceDirectory(
6589 base::FilePath(kTestFilePath));
6590 ASSERT_TRUE(https_test_server.Start());
6591 GURL request_url = https_test_server.GetURL("/redirect-test.html");
6592 GURL redirect_url = https_test_server.GetURL("/with-headers.html");
6593
6594 auto context_builder = CreateTestURLRequestContextBuilder();
6595 context_builder->set_network_error_logging_enabled(true);
6596 auto& nel_service = *context_builder->SetNetworkErrorLoggingServiceForTesting(
6597 std::make_unique<TestNetworkErrorLoggingService>());
6598 auto context = context_builder->Build();
6599
6600 TestDelegate d;
6601 std::unique_ptr<URLRequest> request(context->CreateRequest(
6602 request_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
6603 request->Start();
6604 d.RunUntilComplete();
6605
6606 ASSERT_EQ(2u, nel_service.errors().size());
6607 const TestNetworkErrorLoggingService::RequestDetails& error1 =
6608 nel_service.errors()[0];
6609 EXPECT_EQ(request_url, error1.uri);
6610 EXPECT_EQ(302, error1.status_code);
6611 EXPECT_EQ(OK, error1.type);
6612 const TestNetworkErrorLoggingService::RequestDetails& error2 =
6613 nel_service.errors()[1];
6614 EXPECT_EQ(redirect_url, error2.uri);
6615 EXPECT_EQ(200, error2.status_code);
6616 EXPECT_EQ(OK, error2.type);
6617 }
6618
TEST_F(URLRequestTestHTTP,NetworkErrorLogging_RedirectWithoutLocationHeader)6619 TEST_F(URLRequestTestHTTP, NetworkErrorLogging_RedirectWithoutLocationHeader) {
6620 EmbeddedTestServer https_test_server(net::EmbeddedTestServer::TYPE_HTTPS);
6621 https_test_server.ServeFilesFromSourceDirectory(
6622 base::FilePath(kTestFilePath));
6623 ASSERT_TRUE(https_test_server.Start());
6624 GURL request_url = https_test_server.GetURL("/308-without-location-header");
6625
6626 auto context_builder = CreateTestURLRequestContextBuilder();
6627 context_builder->set_network_error_logging_enabled(true);
6628 auto& nel_service = *context_builder->SetNetworkErrorLoggingServiceForTesting(
6629 std::make_unique<TestNetworkErrorLoggingService>());
6630 auto context = context_builder->Build();
6631
6632 TestDelegate d;
6633 std::unique_ptr<URLRequest> request(context->CreateRequest(
6634 request_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
6635 request->Start();
6636 d.RunUntilComplete();
6637
6638 ASSERT_EQ(1u, nel_service.errors().size());
6639 const TestNetworkErrorLoggingService::RequestDetails& error =
6640 nel_service.errors()[0];
6641 EXPECT_EQ(request_url, error.uri);
6642 EXPECT_EQ(308, error.status_code);
6643 // The body of the response was successfully read.
6644 EXPECT_EQ(OK, error.type);
6645 }
6646
TEST_F(URLRequestTestHTTP,NetworkErrorLogging_Auth)6647 TEST_F(URLRequestTestHTTP, NetworkErrorLogging_Auth) {
6648 EmbeddedTestServer https_test_server(net::EmbeddedTestServer::TYPE_HTTPS);
6649 RegisterDefaultHandlers(&https_test_server);
6650 ASSERT_TRUE(https_test_server.Start());
6651 GURL request_url = https_test_server.GetURL("/auth-basic");
6652
6653 auto context_builder = CreateTestURLRequestContextBuilder();
6654 context_builder->set_network_error_logging_enabled(true);
6655 auto& nel_service = *context_builder->SetNetworkErrorLoggingServiceForTesting(
6656 std::make_unique<TestNetworkErrorLoggingService>());
6657 auto context = context_builder->Build();
6658
6659 TestDelegate d;
6660 d.set_credentials(AuthCredentials(kUser, kSecret));
6661 std::unique_ptr<URLRequest> request(context->CreateRequest(
6662 request_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
6663 request->Start();
6664 d.RunUntilComplete();
6665
6666 ASSERT_EQ(2u, nel_service.errors().size());
6667 const TestNetworkErrorLoggingService::RequestDetails& error1 =
6668 nel_service.errors()[0];
6669 EXPECT_EQ(request_url, error1.uri);
6670 EXPECT_EQ(401, error1.status_code);
6671 EXPECT_EQ(OK, error1.type);
6672 const TestNetworkErrorLoggingService::RequestDetails& error2 =
6673 nel_service.errors()[1];
6674 EXPECT_EQ(request_url, error2.uri);
6675 EXPECT_EQ(200, error2.status_code);
6676 EXPECT_EQ(OK, error2.type);
6677 }
6678
TEST_F(URLRequestTestHTTP,NetworkErrorLogging_304Response)6679 TEST_F(URLRequestTestHTTP, NetworkErrorLogging_304Response) {
6680 EmbeddedTestServer https_test_server(net::EmbeddedTestServer::TYPE_HTTPS);
6681 RegisterDefaultHandlers(&https_test_server);
6682 ASSERT_TRUE(https_test_server.Start());
6683 GURL request_url = https_test_server.GetURL("/auth-basic");
6684
6685 auto context_builder = CreateTestURLRequestContextBuilder();
6686 context_builder->set_network_error_logging_enabled(true);
6687 auto& nel_service = *context_builder->SetNetworkErrorLoggingServiceForTesting(
6688 std::make_unique<TestNetworkErrorLoggingService>());
6689 auto context = context_builder->Build();
6690
6691 // populate the cache
6692 {
6693 TestDelegate d;
6694 d.set_credentials(AuthCredentials(kUser, kSecret));
6695 std::unique_ptr<URLRequest> r(context->CreateRequest(
6696 request_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
6697 r->set_isolation_info(isolation_info1_);
6698 r->Start();
6699 d.RunUntilComplete();
6700 }
6701 ASSERT_EQ(2u, nel_service.errors().size());
6702 const TestNetworkErrorLoggingService::RequestDetails& error1 =
6703 nel_service.errors()[0];
6704 EXPECT_EQ(request_url, error1.uri);
6705 EXPECT_EQ(401, error1.status_code);
6706 EXPECT_EQ(OK, error1.type);
6707 const TestNetworkErrorLoggingService::RequestDetails& error2 =
6708 nel_service.errors()[1];
6709 EXPECT_EQ(request_url, error2.uri);
6710 EXPECT_EQ(200, error2.status_code);
6711 EXPECT_EQ(OK, error2.type);
6712
6713 // repeat request with end-to-end validation. since auth-basic results in a
6714 // cachable page, we expect this test to result in a 304. in which case, the
6715 // response should be fetched from the cache.
6716 {
6717 TestDelegate d;
6718 d.set_credentials(AuthCredentials(kUser, kSecret));
6719 std::unique_ptr<URLRequest> r(context->CreateRequest(
6720 request_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
6721 r->SetLoadFlags(LOAD_VALIDATE_CACHE);
6722 r->set_isolation_info(isolation_info1_);
6723 r->Start();
6724 d.RunUntilComplete();
6725
6726 // Should be the same cached document.
6727 EXPECT_TRUE(r->was_cached());
6728 }
6729 ASSERT_EQ(3u, nel_service.errors().size());
6730 const TestNetworkErrorLoggingService::RequestDetails& error3 =
6731 nel_service.errors()[2];
6732 EXPECT_EQ(request_url, error3.uri);
6733 EXPECT_EQ(304, error3.status_code);
6734 EXPECT_EQ(OK, error3.type);
6735 }
6736
TEST_F(URLRequestTestHTTP,NetworkErrorLogging_CancelInResponseStarted)6737 TEST_F(URLRequestTestHTTP, NetworkErrorLogging_CancelInResponseStarted) {
6738 EmbeddedTestServer https_test_server(net::EmbeddedTestServer::TYPE_HTTPS);
6739 https_test_server.ServeFilesFromSourceDirectory(
6740 base::FilePath(kTestFilePath));
6741 ASSERT_TRUE(https_test_server.Start());
6742 GURL request_url = https_test_server.GetURL("/simple.html");
6743
6744 auto context_builder = CreateTestURLRequestContextBuilder();
6745 context_builder->set_network_error_logging_enabled(true);
6746 auto& nel_service = *context_builder->SetNetworkErrorLoggingServiceForTesting(
6747 std::make_unique<TestNetworkErrorLoggingService>());
6748 auto context = context_builder->Build();
6749
6750 TestDelegate d;
6751 d.set_cancel_in_response_started(true);
6752 std::unique_ptr<URLRequest> request(context->CreateRequest(
6753 request_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
6754 request->Start();
6755 d.RunUntilComplete();
6756
6757 ASSERT_EQ(1u, nel_service.errors().size());
6758 const TestNetworkErrorLoggingService::RequestDetails& error =
6759 nel_service.errors()[0];
6760 EXPECT_EQ(request_url, error.uri);
6761 EXPECT_EQ(200, error.status_code);
6762 // Headers were received and the body should have been read but was not.
6763 EXPECT_EQ(ERR_ABORTED, error.type);
6764 }
6765
TEST_F(URLRequestTestHTTP,NetworkErrorLogging_CancelOnDataReceived)6766 TEST_F(URLRequestTestHTTP, NetworkErrorLogging_CancelOnDataReceived) {
6767 EmbeddedTestServer https_test_server(net::EmbeddedTestServer::TYPE_HTTPS);
6768 https_test_server.ServeFilesFromSourceDirectory(
6769 base::FilePath(kTestFilePath));
6770 ASSERT_TRUE(https_test_server.Start());
6771 GURL request_url = https_test_server.GetURL("/simple.html");
6772
6773 auto context_builder = CreateTestURLRequestContextBuilder();
6774 context_builder->set_network_error_logging_enabled(true);
6775 auto& nel_service = *context_builder->SetNetworkErrorLoggingServiceForTesting(
6776 std::make_unique<TestNetworkErrorLoggingService>());
6777 auto context = context_builder->Build();
6778
6779 TestDelegate d;
6780 d.set_cancel_in_received_data(true);
6781 std::unique_ptr<URLRequest> request(context->CreateRequest(
6782 request_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
6783 request->Start();
6784 d.RunUntilComplete();
6785
6786 ASSERT_EQ(1u, nel_service.errors().size());
6787 const TestNetworkErrorLoggingService::RequestDetails& error =
6788 nel_service.errors()[0];
6789 EXPECT_EQ(request_url, error.uri);
6790 EXPECT_EQ(200, error.status_code);
6791 // Data was received but the body was not completely read.
6792 EXPECT_EQ(ERR_ABORTED, error.type);
6793 }
6794
TEST_F(URLRequestTestHTTP,NetworkErrorLogging_CancelRedirect)6795 TEST_F(URLRequestTestHTTP, NetworkErrorLogging_CancelRedirect) {
6796 EmbeddedTestServer https_test_server(net::EmbeddedTestServer::TYPE_HTTPS);
6797 https_test_server.ServeFilesFromSourceDirectory(
6798 base::FilePath(kTestFilePath));
6799 ASSERT_TRUE(https_test_server.Start());
6800 GURL request_url = https_test_server.GetURL("/redirect-test.html");
6801
6802 auto context_builder = CreateTestURLRequestContextBuilder();
6803 context_builder->set_network_error_logging_enabled(true);
6804 auto& nel_service = *context_builder->SetNetworkErrorLoggingServiceForTesting(
6805 std::make_unique<TestNetworkErrorLoggingService>());
6806 auto context = context_builder->Build();
6807
6808 TestDelegate d;
6809 d.set_cancel_in_received_redirect(true);
6810 std::unique_ptr<URLRequest> request(context->CreateRequest(
6811 request_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
6812 request->Start();
6813 d.RunUntilComplete();
6814
6815 ASSERT_EQ(1u, nel_service.errors().size());
6816 const TestNetworkErrorLoggingService::RequestDetails& error =
6817 nel_service.errors()[0];
6818 EXPECT_EQ(request_url, error.uri);
6819 EXPECT_EQ(302, error.status_code);
6820 // A valid HTTP response was received, even though the request was cancelled.
6821 EXPECT_EQ(OK, error.type);
6822 }
6823
6824 #endif // BUILDFLAG(ENABLE_REPORTING)
6825
TEST_F(URLRequestTestHTTP,ContentTypeNormalizationTest)6826 TEST_F(URLRequestTestHTTP, ContentTypeNormalizationTest) {
6827 ASSERT_TRUE(http_test_server()->Start());
6828
6829 TestDelegate d;
6830 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
6831 http_test_server()->GetURL("/content-type-normalization.html"),
6832 DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
6833 req->Start();
6834 d.RunUntilComplete();
6835
6836 std::string mime_type;
6837 req->GetMimeType(&mime_type);
6838 EXPECT_EQ("text/html", mime_type);
6839
6840 std::string charset;
6841 req->GetCharset(&charset);
6842 EXPECT_EQ("utf-8", charset);
6843 req->Cancel();
6844 }
6845
TEST_F(URLRequestTestHTTP,FileRedirect)6846 TEST_F(URLRequestTestHTTP, FileRedirect) {
6847 ASSERT_TRUE(http_test_server()->Start());
6848
6849 TestDelegate d;
6850 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
6851 http_test_server()->GetURL("/redirect-to-file.html"), DEFAULT_PRIORITY,
6852 &d, TRAFFIC_ANNOTATION_FOR_TESTS));
6853 req->Start();
6854 d.RunUntilComplete();
6855
6856 EXPECT_EQ(ERR_UNKNOWN_URL_SCHEME, d.request_status());
6857 EXPECT_EQ(1, d.received_redirect_count());
6858 }
6859
TEST_F(URLRequestTestHTTP,DataRedirect)6860 TEST_F(URLRequestTestHTTP, DataRedirect) {
6861 ASSERT_TRUE(http_test_server()->Start());
6862
6863 TestDelegate d;
6864 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
6865 http_test_server()->GetURL("/redirect-to-data.html"), DEFAULT_PRIORITY,
6866 &d, TRAFFIC_ANNOTATION_FOR_TESTS));
6867 req->Start();
6868 d.RunUntilComplete();
6869
6870 EXPECT_EQ(ERR_UNKNOWN_URL_SCHEME, d.request_status());
6871 EXPECT_EQ(1, d.received_redirect_count());
6872 }
6873
TEST_F(URLRequestTestHTTP,RestrictUnsafeRedirect)6874 TEST_F(URLRequestTestHTTP, RestrictUnsafeRedirect) {
6875 ASSERT_TRUE(http_test_server()->Start());
6876
6877 TestDelegate d;
6878 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
6879 http_test_server()->GetURL(
6880 "/server-redirect?unsafe://here-there-be-dragons"),
6881 DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
6882 req->Start();
6883 d.RunUntilComplete();
6884
6885 EXPECT_EQ(ERR_UNSAFE_REDIRECT, d.request_status());
6886
6887 // The redirect should have been rejected before reporting it to the
6888 // caller. See https://crbug.com/723796
6889 EXPECT_EQ(0, d.received_redirect_count());
6890 }
6891
6892 // Test that redirects to invalid URLs are rejected. See
6893 // https://crbug.com/462272.
TEST_F(URLRequestTestHTTP,RedirectToInvalidURL)6894 TEST_F(URLRequestTestHTTP, RedirectToInvalidURL) {
6895 ASSERT_TRUE(http_test_server()->Start());
6896
6897 TestDelegate d;
6898 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
6899 http_test_server()->GetURL("/redirect-to-invalid-url.html"),
6900 DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
6901 req->Start();
6902 d.RunUntilComplete();
6903
6904 EXPECT_EQ(1, d.response_started_count());
6905 EXPECT_EQ(ERR_INVALID_REDIRECT, d.request_status());
6906
6907 // The redirect should have been rejected before reporting it to the caller.
6908 EXPECT_EQ(0, d.received_redirect_count());
6909 }
6910
6911 // Make sure redirects are cached, despite not reading their bodies.
TEST_F(URLRequestTestHTTP,CacheRedirect)6912 TEST_F(URLRequestTestHTTP, CacheRedirect) {
6913 ASSERT_TRUE(http_test_server()->Start());
6914 GURL redirect_url =
6915 http_test_server()->GetURL("/redirect302-to-echo-cacheable");
6916
6917 {
6918 TestDelegate d;
6919 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
6920 redirect_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
6921 req->set_isolation_info(isolation_info1_);
6922 req->Start();
6923 d.RunUntilComplete();
6924 EXPECT_EQ(OK, d.request_status());
6925 EXPECT_EQ(1, d.received_redirect_count());
6926 EXPECT_EQ(http_test_server()->GetURL("/echo"), req->url());
6927 }
6928
6929 {
6930 TestDelegate d;
6931 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
6932 redirect_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
6933 req->set_isolation_info(isolation_info1_);
6934 req->Start();
6935 d.RunUntilRedirect();
6936
6937 EXPECT_EQ(1, d.received_redirect_count());
6938 EXPECT_EQ(0, d.response_started_count());
6939 EXPECT_TRUE(req->was_cached());
6940
6941 req->FollowDeferredRedirect(absl::nullopt /* removed_headers */,
6942 absl::nullopt /* modified_headers */);
6943 d.RunUntilComplete();
6944 EXPECT_EQ(1, d.received_redirect_count());
6945 EXPECT_EQ(1, d.response_started_count());
6946 EXPECT_EQ(OK, d.request_status());
6947 EXPECT_EQ(http_test_server()->GetURL("/echo"), req->url());
6948 }
6949 }
6950
6951 // Make sure a request isn't cached when a NetworkDelegate forces a redirect
6952 // when the headers are read, since the body won't have been read.
TEST_F(URLRequestTestHTTP,NoCacheOnNetworkDelegateRedirect)6953 TEST_F(URLRequestTestHTTP, NoCacheOnNetworkDelegateRedirect) {
6954 ASSERT_TRUE(http_test_server()->Start());
6955 // URL that is normally cached.
6956 GURL initial_url = http_test_server()->GetURL("/cachetime");
6957
6958 {
6959 // Set up the TestNetworkDelegate tp force a redirect.
6960 GURL redirect_to_url = http_test_server()->GetURL("/echo");
6961 default_network_delegate().set_redirect_on_headers_received_url(
6962 redirect_to_url);
6963
6964 TestDelegate d;
6965 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
6966 initial_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
6967 req->Start();
6968 d.RunUntilComplete();
6969 EXPECT_EQ(OK, d.request_status());
6970 EXPECT_EQ(1, d.received_redirect_count());
6971 EXPECT_EQ(redirect_to_url, req->url());
6972 }
6973
6974 {
6975 TestDelegate d;
6976 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
6977 initial_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
6978 req->Start();
6979 d.RunUntilComplete();
6980
6981 EXPECT_EQ(OK, d.request_status());
6982 EXPECT_FALSE(req->was_cached());
6983 EXPECT_EQ(0, d.received_redirect_count());
6984 EXPECT_EQ(initial_url, req->url());
6985 }
6986 }
6987
6988 // Check that |preserve_fragment_on_redirect_url| is respected.
TEST_F(URLRequestTestHTTP,PreserveFragmentOnRedirectUrl)6989 TEST_F(URLRequestTestHTTP, PreserveFragmentOnRedirectUrl) {
6990 ASSERT_TRUE(http_test_server()->Start());
6991
6992 GURL original_url(http_test_server()->GetURL("/original#fragment1"));
6993 GURL preserve_fragement_url(http_test_server()->GetURL("/echo"));
6994
6995 default_network_delegate().set_redirect_on_headers_received_url(
6996 preserve_fragement_url);
6997 default_network_delegate().set_preserve_fragment_on_redirect_url(
6998 preserve_fragement_url);
6999
7000 TestDelegate d;
7001 {
7002 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
7003 original_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
7004
7005 r->Start();
7006 d.RunUntilComplete();
7007
7008 EXPECT_EQ(2U, r->url_chain().size());
7009 EXPECT_EQ(OK, d.request_status());
7010 EXPECT_EQ(original_url, r->original_url());
7011 EXPECT_EQ(preserve_fragement_url, r->url());
7012 }
7013 }
7014
7015 // Check that |preserve_fragment_on_redirect_url| has no effect when it doesn't
7016 // match the URL being redirected to.
TEST_F(URLRequestTestHTTP,PreserveFragmentOnRedirectUrlMismatch)7017 TEST_F(URLRequestTestHTTP, PreserveFragmentOnRedirectUrlMismatch) {
7018 ASSERT_TRUE(http_test_server()->Start());
7019
7020 GURL original_url(http_test_server()->GetURL("/original#fragment1"));
7021 GURL preserve_fragement_url(http_test_server()->GetURL("/echo#fragment2"));
7022 GURL redirect_url(http_test_server()->GetURL("/echo"));
7023 GURL expected_url(http_test_server()->GetURL("/echo#fragment1"));
7024
7025 default_network_delegate().set_redirect_on_headers_received_url(redirect_url);
7026 default_network_delegate().set_preserve_fragment_on_redirect_url(
7027 preserve_fragement_url);
7028
7029 TestDelegate d;
7030 {
7031 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
7032 original_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
7033
7034 r->Start();
7035 d.RunUntilComplete();
7036
7037 EXPECT_EQ(2U, r->url_chain().size());
7038 EXPECT_EQ(OK, d.request_status());
7039 EXPECT_EQ(original_url, r->original_url());
7040 EXPECT_EQ(expected_url, r->url());
7041 }
7042 }
7043
7044 // When a URLRequestRedirectJob is created, the redirection must be followed and
7045 // the reference fragment of the target URL must not be modified.
TEST_F(URLRequestTestHTTP,RedirectJobWithReferenceFragment)7046 TEST_F(URLRequestTestHTTP, RedirectJobWithReferenceFragment) {
7047 ASSERT_TRUE(http_test_server()->Start());
7048
7049 GURL original_url(
7050 http_test_server()->GetURL("/original#should-not-be-appended"));
7051 GURL redirect_url(http_test_server()->GetURL("/echo"));
7052
7053 TestDelegate d;
7054 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
7055 original_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
7056
7057 std::unique_ptr<URLRequestRedirectJob> job =
7058 std::make_unique<URLRequestRedirectJob>(
7059 r.get(), redirect_url, RedirectUtil::ResponseCode::REDIRECT_302_FOUND,
7060 "Very Good Reason");
7061 TestScopedURLInterceptor interceptor(r->url(), std::move(job));
7062
7063 r->Start();
7064 d.RunUntilComplete();
7065
7066 EXPECT_EQ(OK, d.request_status());
7067 EXPECT_EQ(original_url, r->original_url());
7068 EXPECT_EQ(redirect_url, r->url());
7069 }
7070
TEST_F(URLRequestTestHTTP,UnsupportedReferrerScheme)7071 TEST_F(URLRequestTestHTTP, UnsupportedReferrerScheme) {
7072 ASSERT_TRUE(http_test_server()->Start());
7073
7074 const std::string referrer("foobar://totally.legit.referrer");
7075 TestDelegate d;
7076 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
7077 http_test_server()->GetURL("/echoheader?Referer"), DEFAULT_PRIORITY, &d,
7078 TRAFFIC_ANNOTATION_FOR_TESTS));
7079 req->SetReferrer(referrer);
7080 req->Start();
7081 d.RunUntilComplete();
7082
7083 EXPECT_EQ(std::string("None"), d.data_received());
7084 }
7085
TEST_F(URLRequestTestHTTP,NoUserPassInReferrer)7086 TEST_F(URLRequestTestHTTP, NoUserPassInReferrer) {
7087 ASSERT_TRUE(http_test_server()->Start());
7088
7089 TestDelegate d;
7090 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
7091 http_test_server()->GetURL("/echoheader?Referer"), DEFAULT_PRIORITY, &d,
7092 TRAFFIC_ANNOTATION_FOR_TESTS));
7093 req->SetReferrer("http://user:pass@foo.com/");
7094 req->Start();
7095 d.RunUntilComplete();
7096
7097 EXPECT_EQ(std::string("http://foo.com/"), d.data_received());
7098 }
7099
TEST_F(URLRequestTestHTTP,NoFragmentInReferrer)7100 TEST_F(URLRequestTestHTTP, NoFragmentInReferrer) {
7101 ASSERT_TRUE(http_test_server()->Start());
7102
7103 TestDelegate d;
7104 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
7105 http_test_server()->GetURL("/echoheader?Referer"), DEFAULT_PRIORITY, &d,
7106 TRAFFIC_ANNOTATION_FOR_TESTS));
7107 req->SetReferrer("http://foo.com/test#fragment");
7108 req->Start();
7109 d.RunUntilComplete();
7110
7111 EXPECT_EQ(std::string("http://foo.com/test"), d.data_received());
7112 }
7113
TEST_F(URLRequestTestHTTP,EmptyReferrerAfterValidReferrer)7114 TEST_F(URLRequestTestHTTP, EmptyReferrerAfterValidReferrer) {
7115 ASSERT_TRUE(http_test_server()->Start());
7116
7117 TestDelegate d;
7118 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
7119 http_test_server()->GetURL("/echoheader?Referer"), DEFAULT_PRIORITY, &d,
7120 TRAFFIC_ANNOTATION_FOR_TESTS));
7121 req->SetReferrer("http://foo.com/test#fragment");
7122 req->SetReferrer("");
7123 req->Start();
7124 d.RunUntilComplete();
7125
7126 EXPECT_EQ(std::string("None"), d.data_received());
7127 }
7128
TEST_F(URLRequestTestHTTP,CapRefererHeaderLength)7129 TEST_F(URLRequestTestHTTP, CapRefererHeaderLength) {
7130 ASSERT_TRUE(http_test_server()->Start());
7131
7132 // Verify that referrers over 4k are stripped to an origin, and referrers at
7133 // or under 4k are unmodified.
7134 {
7135 std::string original_header = "http://example.com/";
7136 original_header.resize(4097, 'a');
7137
7138 TestDelegate d;
7139 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
7140 http_test_server()->GetURL("/echoheader?Referer"), DEFAULT_PRIORITY, &d,
7141 TRAFFIC_ANNOTATION_FOR_TESTS));
7142 req->SetReferrer(original_header);
7143 req->Start();
7144 d.RunUntilComplete();
7145
7146 // The request's referrer will be stripped since (1) there will be a
7147 // mismatch between the request's referrer and the output of
7148 // URLRequestJob::ComputeReferrerForPolicy and (2) the delegate, when
7149 // offered the opportunity to cancel the request for this reason, will
7150 // decline.
7151 EXPECT_EQ("None", d.data_received());
7152 }
7153 {
7154 std::string original_header = "http://example.com/";
7155 original_header.resize(4096, 'a');
7156
7157 TestDelegate d;
7158 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
7159 http_test_server()->GetURL("/echoheader?Referer"), DEFAULT_PRIORITY, &d,
7160 TRAFFIC_ANNOTATION_FOR_TESTS));
7161 req->SetReferrer(original_header);
7162 req->Start();
7163 d.RunUntilComplete();
7164
7165 EXPECT_EQ(original_header, d.data_received());
7166 }
7167 {
7168 std::string original_header = "http://example.com/";
7169 original_header.resize(4095, 'a');
7170
7171 TestDelegate d;
7172 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
7173 http_test_server()->GetURL("/echoheader?Referer"), DEFAULT_PRIORITY, &d,
7174 TRAFFIC_ANNOTATION_FOR_TESTS));
7175 req->SetReferrer(original_header);
7176 req->Start();
7177 d.RunUntilComplete();
7178
7179 EXPECT_EQ(original_header, d.data_received());
7180 }
7181 }
7182
TEST_F(URLRequestTestHTTP,CancelRedirect)7183 TEST_F(URLRequestTestHTTP, CancelRedirect) {
7184 ASSERT_TRUE(http_test_server()->Start());
7185
7186 TestDelegate d;
7187 {
7188 d.set_cancel_in_received_redirect(true);
7189 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
7190 http_test_server()->GetURL("/redirect-test.html"), DEFAULT_PRIORITY, &d,
7191 TRAFFIC_ANNOTATION_FOR_TESTS));
7192 req->Start();
7193 d.RunUntilComplete();
7194
7195 EXPECT_EQ(1, d.response_started_count());
7196 EXPECT_EQ(0, d.bytes_received());
7197 EXPECT_FALSE(d.received_data_before_response());
7198 EXPECT_EQ(ERR_ABORTED, d.request_status());
7199 }
7200 }
7201
TEST_F(URLRequestTestHTTP,DeferredRedirect)7202 TEST_F(URLRequestTestHTTP, DeferredRedirect) {
7203 ASSERT_TRUE(http_test_server()->Start());
7204
7205 TestDelegate d;
7206 {
7207 GURL test_url(http_test_server()->GetURL("/redirect-test.html"));
7208 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
7209 test_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
7210
7211 req->Start();
7212 d.RunUntilRedirect();
7213
7214 EXPECT_EQ(1, d.received_redirect_count());
7215
7216 req->FollowDeferredRedirect(absl::nullopt /* removed_headers */,
7217 absl::nullopt /* modified_headers */);
7218 d.RunUntilComplete();
7219
7220 EXPECT_EQ(1, d.response_started_count());
7221 EXPECT_FALSE(d.received_data_before_response());
7222 EXPECT_EQ(OK, d.request_status());
7223
7224 base::FilePath path;
7225 base::PathService::Get(base::DIR_SRC_TEST_DATA_ROOT, &path);
7226 path = path.Append(kTestFilePath);
7227 path = path.Append(FILE_PATH_LITERAL("with-headers.html"));
7228
7229 std::string contents;
7230 EXPECT_TRUE(base::ReadFileToString(path, &contents));
7231 EXPECT_EQ(contents, d.data_received());
7232 }
7233 }
7234
TEST_F(URLRequestTestHTTP,DeferredRedirect_ModifiedHeaders)7235 TEST_F(URLRequestTestHTTP, DeferredRedirect_ModifiedHeaders) {
7236 test_server::HttpRequest http_request;
7237 int num_observed_requests = 0;
7238 http_test_server()->RegisterRequestMonitor(
7239 base::BindLambdaForTesting([&](const test_server::HttpRequest& request) {
7240 http_request = request;
7241 ++num_observed_requests;
7242 }));
7243 ASSERT_TRUE(http_test_server()->Start());
7244
7245 TestDelegate d;
7246 {
7247 GURL test_url(http_test_server()->GetURL("/redirect-test.html"));
7248 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
7249 test_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
7250
7251 // Set initial headers for the request.
7252 req->SetExtraRequestHeaderByName("Header1", "Value1", true /* overwrite */);
7253 req->SetExtraRequestHeaderByName("Header2", "Value2", true /* overwrite */);
7254
7255 req->Start();
7256 d.RunUntilRedirect();
7257
7258 // Initial request should only have initial headers.
7259 EXPECT_EQ(1, d.received_redirect_count());
7260 EXPECT_EQ(1, num_observed_requests);
7261 EXPECT_EQ("Value1", http_request.headers["Header1"]);
7262 EXPECT_EQ("Value2", http_request.headers["Header2"]);
7263 EXPECT_EQ(0u, http_request.headers.count("Header3"));
7264
7265 // Overwrite Header2 and add Header3.
7266 net::HttpRequestHeaders modified_headers;
7267 modified_headers.SetHeader("Header2", "");
7268 modified_headers.SetHeader("Header3", "Value3");
7269
7270 req->FollowDeferredRedirect(absl::nullopt /* removed_headers */,
7271 modified_headers);
7272 d.RunUntilComplete();
7273
7274 EXPECT_EQ(1, d.response_started_count());
7275 EXPECT_FALSE(d.received_data_before_response());
7276 EXPECT_EQ(OK, d.request_status());
7277
7278 // Redirected request should also have modified headers.
7279 EXPECT_EQ(2, num_observed_requests);
7280 EXPECT_EQ("Value1", http_request.headers["Header1"]);
7281 EXPECT_EQ(1u, http_request.headers.count("Header2"));
7282 EXPECT_EQ("", http_request.headers["Header2"]);
7283 EXPECT_EQ("Value3", http_request.headers["Header3"]);
7284 }
7285 }
7286
TEST_F(URLRequestTestHTTP,DeferredRedirect_RemovedHeaders)7287 TEST_F(URLRequestTestHTTP, DeferredRedirect_RemovedHeaders) {
7288 test_server::HttpRequest http_request;
7289 int num_observed_requests = 0;
7290 http_test_server()->RegisterRequestMonitor(
7291 base::BindLambdaForTesting([&](const test_server::HttpRequest& request) {
7292 http_request = request;
7293 ++num_observed_requests;
7294 }));
7295 ASSERT_TRUE(http_test_server()->Start());
7296
7297 TestDelegate d;
7298 {
7299 GURL test_url(http_test_server()->GetURL("/redirect-test.html"));
7300 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
7301 test_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
7302
7303 // Set initial headers for the request.
7304 req->SetExtraRequestHeaderByName("Header1", "Value1", true /* overwrite */);
7305 req->SetExtraRequestHeaderByName("Header2", "Value2", true /* overwrite */);
7306
7307 req->Start();
7308 d.RunUntilRedirect();
7309
7310 // Initial request should have initial headers.
7311 EXPECT_EQ(1, d.received_redirect_count());
7312 EXPECT_EQ(1, num_observed_requests);
7313 EXPECT_EQ("Value1", http_request.headers["Header1"]);
7314 EXPECT_EQ("Value2", http_request.headers["Header2"]);
7315
7316 // Keep Header1 and remove Header2.
7317 std::vector<std::string> removed_headers({"Header2"});
7318 req->FollowDeferredRedirect(removed_headers,
7319 absl::nullopt /* modified_headers */);
7320 d.RunUntilComplete();
7321
7322 EXPECT_EQ(1, d.response_started_count());
7323 EXPECT_FALSE(d.received_data_before_response());
7324 EXPECT_EQ(OK, d.request_status());
7325
7326 // Redirected request should have modified headers.
7327 EXPECT_EQ(2, num_observed_requests);
7328 EXPECT_EQ("Value1", http_request.headers["Header1"]);
7329 EXPECT_EQ(0u, http_request.headers.count("Header2"));
7330 }
7331 }
7332
TEST_F(URLRequestTestHTTP,CancelDeferredRedirect)7333 TEST_F(URLRequestTestHTTP, CancelDeferredRedirect) {
7334 ASSERT_TRUE(http_test_server()->Start());
7335
7336 TestDelegate d;
7337 {
7338 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
7339 http_test_server()->GetURL("/redirect-test.html"), DEFAULT_PRIORITY, &d,
7340 TRAFFIC_ANNOTATION_FOR_TESTS));
7341 req->Start();
7342 d.RunUntilRedirect();
7343
7344 EXPECT_EQ(1, d.received_redirect_count());
7345
7346 req->Cancel();
7347 d.RunUntilComplete();
7348
7349 EXPECT_EQ(1, d.response_started_count());
7350 EXPECT_EQ(0, d.bytes_received());
7351 EXPECT_FALSE(d.received_data_before_response());
7352 EXPECT_EQ(ERR_ABORTED, d.request_status());
7353 }
7354 }
7355
TEST_F(URLRequestTestHTTP,VaryHeader)7356 TEST_F(URLRequestTestHTTP, VaryHeader) {
7357 ASSERT_TRUE(http_test_server()->Start());
7358
7359 // Populate the cache.
7360 {
7361 TestDelegate d;
7362 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
7363 http_test_server()->GetURL("/echoheadercache?foo"), DEFAULT_PRIORITY,
7364 &d, TRAFFIC_ANNOTATION_FOR_TESTS));
7365 HttpRequestHeaders headers;
7366 headers.SetHeader("foo", "1");
7367 req->SetExtraRequestHeaders(headers);
7368 req->set_isolation_info(isolation_info1_);
7369 req->Start();
7370 d.RunUntilComplete();
7371
7372 LoadTimingInfo load_timing_info;
7373 req->GetLoadTimingInfo(&load_timing_info);
7374 TestLoadTimingNotReused(load_timing_info, CONNECT_TIMING_HAS_DNS_TIMES);
7375 }
7376
7377 // Expect a cache hit.
7378 {
7379 TestDelegate d;
7380 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
7381 http_test_server()->GetURL("/echoheadercache?foo"), DEFAULT_PRIORITY,
7382 &d, TRAFFIC_ANNOTATION_FOR_TESTS));
7383 HttpRequestHeaders headers;
7384 headers.SetHeader("foo", "1");
7385 req->SetExtraRequestHeaders(headers);
7386 req->set_isolation_info(isolation_info1_);
7387 req->Start();
7388 d.RunUntilComplete();
7389
7390 EXPECT_TRUE(req->was_cached());
7391
7392 LoadTimingInfo load_timing_info;
7393 req->GetLoadTimingInfo(&load_timing_info);
7394 TestLoadTimingCacheHitNoNetwork(load_timing_info);
7395 }
7396
7397 // Expect a cache miss.
7398 {
7399 TestDelegate d;
7400 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
7401 http_test_server()->GetURL("/echoheadercache?foo"), DEFAULT_PRIORITY,
7402 &d, TRAFFIC_ANNOTATION_FOR_TESTS));
7403 HttpRequestHeaders headers;
7404 headers.SetHeader("foo", "2");
7405 req->SetExtraRequestHeaders(headers);
7406 req->set_isolation_info(isolation_info1_);
7407 req->Start();
7408 d.RunUntilComplete();
7409
7410 EXPECT_FALSE(req->was_cached());
7411
7412 LoadTimingInfo load_timing_info;
7413 req->GetLoadTimingInfo(&load_timing_info);
7414 TestLoadTimingNotReused(load_timing_info, CONNECT_TIMING_HAS_DNS_TIMES);
7415 }
7416 }
7417
TEST_F(URLRequestTestHTTP,BasicAuth)7418 TEST_F(URLRequestTestHTTP, BasicAuth) {
7419 ASSERT_TRUE(http_test_server()->Start());
7420
7421 // populate the cache
7422 {
7423 TestDelegate d;
7424 d.set_credentials(AuthCredentials(kUser, kSecret));
7425
7426 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
7427 http_test_server()->GetURL("/auth-basic"), DEFAULT_PRIORITY, &d,
7428 TRAFFIC_ANNOTATION_FOR_TESTS));
7429 r->set_isolation_info(isolation_info1_);
7430 r->Start();
7431
7432 d.RunUntilComplete();
7433
7434 EXPECT_TRUE(d.data_received().find("user/secret") != std::string::npos);
7435 }
7436
7437 // repeat request with end-to-end validation. since auth-basic results in a
7438 // cachable page, we expect this test to result in a 304. in which case, the
7439 // response should be fetched from the cache.
7440 {
7441 TestDelegate d;
7442 d.set_credentials(AuthCredentials(kUser, kSecret));
7443
7444 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
7445 http_test_server()->GetURL("/auth-basic"), DEFAULT_PRIORITY, &d,
7446 TRAFFIC_ANNOTATION_FOR_TESTS));
7447 r->SetLoadFlags(LOAD_VALIDATE_CACHE);
7448 r->set_isolation_info(isolation_info1_);
7449 r->Start();
7450
7451 d.RunUntilComplete();
7452
7453 EXPECT_TRUE(d.data_received().find("user/secret") != std::string::npos);
7454
7455 // Should be the same cached document.
7456 EXPECT_TRUE(r->was_cached());
7457 }
7458 }
7459
7460 // Check that Set-Cookie headers in 401 responses are respected.
7461 // http://crbug.com/6450
TEST_F(URLRequestTestHTTP,BasicAuthWithCookies)7462 TEST_F(URLRequestTestHTTP, BasicAuthWithCookies) {
7463 ASSERT_TRUE(http_test_server()->Start());
7464
7465 GURL url_requiring_auth =
7466 http_test_server()->GetURL("/auth-basic?set-cookie-if-challenged");
7467
7468 // Request a page that will give a 401 containing a Set-Cookie header.
7469 // Verify that when the transaction is restarted, it includes the new cookie.
7470 TestDelegate d;
7471 d.set_credentials(AuthCredentials(kUser, kSecret));
7472
7473 std::unique_ptr<URLRequest> r =
7474 CreateFirstPartyRequest(default_context(), url_requiring_auth, &d);
7475 r->Start();
7476
7477 d.RunUntilComplete();
7478
7479 EXPECT_TRUE(d.data_received().find("user/secret") != std::string::npos);
7480
7481 // Make sure we sent the cookie in the restarted transaction.
7482 EXPECT_TRUE(d.data_received().find("Cookie: got_challenged=true") !=
7483 std::string::npos);
7484 }
7485
7486 // Same test as above, except this time the restart is initiated earlier
7487 // (without user intervention since identity is embedded in the URL).
TEST_F(URLRequestTestHTTP,BasicAuthWithCredentialsWithCookies)7488 TEST_F(URLRequestTestHTTP, BasicAuthWithCredentialsWithCookies) {
7489 ASSERT_TRUE(http_test_server()->Start());
7490 GURL url_requiring_auth =
7491 http_test_server()->GetURL("/auth-basic?set-cookie-if-challenged");
7492 GURL::Replacements replacements;
7493 replacements.SetUsernameStr("user2");
7494 replacements.SetPasswordStr("secret");
7495 GURL url_with_identity = url_requiring_auth.ReplaceComponents(replacements);
7496
7497 TestDelegate d;
7498
7499 std::unique_ptr<URLRequest> r =
7500 CreateFirstPartyRequest(default_context(), url_with_identity, &d);
7501 r->Start();
7502
7503 d.RunUntilComplete();
7504
7505 EXPECT_TRUE(d.data_received().find("user2/secret") != std::string::npos);
7506
7507 // Make sure we sent the cookie in the restarted transaction.
7508 EXPECT_TRUE(d.data_received().find("Cookie: got_challenged=true") !=
7509 std::string::npos);
7510 }
7511
TEST_F(URLRequestTestHTTP,BasicAuthWithCookiesCancelAuth)7512 TEST_F(URLRequestTestHTTP, BasicAuthWithCookiesCancelAuth) {
7513 ASSERT_TRUE(http_test_server()->Start());
7514
7515 GURL url_requiring_auth =
7516 http_test_server()->GetURL("/auth-basic?set-cookie-if-challenged");
7517
7518 // Request a page that will give a 401 containing a Set-Cookie header.
7519 // Verify that cookies are set before credentials are provided, and then
7520 // cancelling auth does not result in setting the cookies again.
7521 TestDelegate d;
7522
7523 EXPECT_TRUE(GetAllCookies(&default_context()).empty());
7524
7525 std::unique_ptr<URLRequest> r =
7526 CreateFirstPartyRequest(default_context(), url_requiring_auth, &d);
7527 r->Start();
7528 d.RunUntilAuthRequired();
7529
7530 // Cookie should have been set.
7531 EXPECT_EQ(1, default_network_delegate().set_cookie_count());
7532 CookieList cookies = GetAllCookies(&default_context());
7533 ASSERT_EQ(1u, cookies.size());
7534 EXPECT_EQ("got_challenged", cookies[0].Name());
7535 EXPECT_EQ("true", cookies[0].Value());
7536
7537 // Delete cookie.
7538 default_context().cookie_store()->DeleteAllAsync(
7539 CookieStore::DeleteCallback());
7540
7541 // Cancel auth and continue the request.
7542 r->CancelAuth();
7543 d.RunUntilComplete();
7544 ASSERT_TRUE(r->response_headers());
7545 EXPECT_EQ(401, r->response_headers()->response_code());
7546
7547 // Cookie should not have been set again.
7548 EXPECT_TRUE(GetAllCookies(&default_context()).empty());
7549 EXPECT_EQ(1, default_network_delegate().set_cookie_count());
7550 }
7551
7552 // Tests the IsolationInfo is updated approiately on redirect.
TEST_F(URLRequestTestHTTP,IsolationInfoUpdatedOnRedirect)7553 TEST_F(URLRequestTestHTTP, IsolationInfoUpdatedOnRedirect) {
7554 base::test::ScopedFeatureList feature_list;
7555 feature_list.InitAndEnableFeature(
7556 net::features::kSplitCacheByNetworkIsolationKey);
7557
7558 ASSERT_TRUE(http_test_server()->Start());
7559
7560 GURL redirect_url =
7561 http_test_server()->GetURL("redirected.test", "/cachetime");
7562 GURL original_url = http_test_server()->GetURL(
7563 "original.test", "/server-redirect?" + redirect_url.spec());
7564
7565 url::Origin original_origin = url::Origin::Create(original_url);
7566 url::Origin redirect_origin = url::Origin::Create(redirect_url);
7567
7568 // Since transient IsolationInfos use opaque origins, need to create a single
7569 // consistent transient origin one for be used as the original and updated
7570 // info in the same test case.
7571 IsolationInfo transient_isolation_info = IsolationInfo::CreateTransient();
7572
7573 const struct {
7574 IsolationInfo info_before_redirect;
7575 IsolationInfo expected_info_after_redirect;
7576 } kTestCases[] = {
7577 {IsolationInfo(), IsolationInfo()},
7578 {IsolationInfo::Create(IsolationInfo::RequestType::kMainFrame,
7579 original_origin, original_origin,
7580 SiteForCookies()),
7581 IsolationInfo::Create(IsolationInfo::RequestType::kMainFrame,
7582 redirect_origin, redirect_origin,
7583 SiteForCookies::FromOrigin(redirect_origin))},
7584 {IsolationInfo::Create(IsolationInfo::RequestType::kSubFrame,
7585 original_origin, original_origin,
7586 SiteForCookies::FromOrigin(original_origin)),
7587 IsolationInfo::Create(IsolationInfo::RequestType::kSubFrame,
7588 original_origin, redirect_origin,
7589 SiteForCookies::FromOrigin(original_origin))},
7590 {IsolationInfo::Create(IsolationInfo::RequestType::kOther,
7591 original_origin, original_origin,
7592 SiteForCookies()),
7593 IsolationInfo::Create(IsolationInfo::RequestType::kOther,
7594 original_origin, original_origin,
7595 SiteForCookies())},
7596 {transient_isolation_info, transient_isolation_info},
7597 };
7598
7599 for (const auto& test_case : kTestCases) {
7600 // Populate the cache, using the expected final IsolationInfo.
7601 {
7602 TestDelegate d;
7603
7604 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
7605 redirect_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
7606 r->set_isolation_info(test_case.expected_info_after_redirect);
7607 r->Start();
7608 d.RunUntilComplete();
7609 EXPECT_THAT(d.request_status(), IsOk());
7610 }
7611
7612 // Send a request using the initial IsolationInfo that should be redirected
7613 // to the cached url, and should use the cached entry if the NIK was
7614 // updated, except in the case the IsolationInfo's NIK was empty.
7615 {
7616 TestDelegate d;
7617
7618 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
7619 original_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
7620 r->set_isolation_info(test_case.info_before_redirect);
7621 r->Start();
7622 d.RunUntilComplete();
7623 EXPECT_THAT(d.request_status(), IsOk());
7624 EXPECT_EQ(redirect_url, r->url());
7625
7626 EXPECT_EQ(!test_case.expected_info_after_redirect.network_isolation_key()
7627 .IsTransient(),
7628 r->was_cached());
7629 EXPECT_EQ(test_case.expected_info_after_redirect.request_type(),
7630 r->isolation_info().request_type());
7631 EXPECT_EQ(test_case.expected_info_after_redirect.top_frame_origin(),
7632 r->isolation_info().top_frame_origin());
7633 EXPECT_EQ(test_case.expected_info_after_redirect.frame_origin(),
7634 r->isolation_info().frame_origin());
7635 EXPECT_EQ(test_case.expected_info_after_redirect.network_isolation_key(),
7636 r->isolation_info().network_isolation_key());
7637 EXPECT_TRUE(test_case.expected_info_after_redirect.site_for_cookies()
7638 .IsEquivalent(r->isolation_info().site_for_cookies()));
7639 }
7640 }
7641 }
7642
7643 // Tests that |key_auth_cache_by_network_anonymization_key| is respected.
TEST_F(URLRequestTestHTTP,AuthWithNetworkAnonymizationKey)7644 TEST_F(URLRequestTestHTTP, AuthWithNetworkAnonymizationKey) {
7645 ASSERT_TRUE(http_test_server()->Start());
7646
7647 for (bool key_auth_cache_by_network_anonymization_key : {false, true}) {
7648 auto context_builder = CreateTestURLRequestContextBuilder();
7649 HttpNetworkSessionParams network_session_params;
7650 network_session_params
7651 .key_auth_cache_server_entries_by_network_anonymization_key =
7652 key_auth_cache_by_network_anonymization_key;
7653 context_builder->set_http_network_session_params(network_session_params);
7654 auto context = context_builder->Build();
7655
7656 // Populate the auth cache using one NetworkAnonymizationKey.
7657 {
7658 TestDelegate d;
7659 GURL url(base::StringPrintf(
7660 "http://%s:%s@%s/auth-basic", base::UTF16ToASCII(kUser).c_str(),
7661 base::UTF16ToASCII(kSecret).c_str(),
7662 http_test_server()->host_port_pair().ToString().c_str()));
7663
7664 std::unique_ptr<URLRequest> r(context->CreateRequest(
7665 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
7666 r->SetLoadFlags(LOAD_BYPASS_CACHE);
7667 r->set_isolation_info(isolation_info1_);
7668 r->Start();
7669
7670 d.RunUntilComplete();
7671 EXPECT_THAT(d.request_status(), IsOk());
7672 ASSERT_TRUE(r->response_headers());
7673 EXPECT_EQ(200, r->response_headers()->response_code());
7674 EXPECT_TRUE(d.data_received().find("user/secret") != std::string::npos);
7675 }
7676
7677 // Make a request with another NetworkAnonymizationKey. This may or may not
7678 // use the cached auth credentials, depending on whether or not the
7679 // HttpAuthCache is configured to respect the NetworkAnonymizationKey.
7680 {
7681 TestDelegate d;
7682
7683 std::unique_ptr<URLRequest> r(context->CreateRequest(
7684 http_test_server()->GetURL("/auth-basic"), DEFAULT_PRIORITY, &d,
7685 TRAFFIC_ANNOTATION_FOR_TESTS));
7686 r->SetLoadFlags(LOAD_BYPASS_CACHE);
7687 r->set_isolation_info(isolation_info2_);
7688 r->Start();
7689
7690 d.RunUntilComplete();
7691
7692 EXPECT_THAT(d.request_status(), IsOk());
7693 ASSERT_TRUE(r->response_headers());
7694 if (key_auth_cache_by_network_anonymization_key) {
7695 EXPECT_EQ(401, r->response_headers()->response_code());
7696 } else {
7697 EXPECT_EQ(200, r->response_headers()->response_code());
7698 }
7699
7700 EXPECT_EQ(!key_auth_cache_by_network_anonymization_key,
7701 d.data_received().find("user/secret") != std::string::npos);
7702 }
7703 }
7704 }
7705
TEST_F(URLRequestTest,ReportCookieActivity)7706 TEST_F(URLRequestTest, ReportCookieActivity) {
7707 HttpTestServer test_server;
7708 ASSERT_TRUE(test_server.Start());
7709
7710 RecordingNetLogObserver net_log_observer;
7711 auto context_builder = CreateTestURLRequestContextBuilder();
7712 auto& network_delegate = *context_builder->set_network_delegate(
7713 std::make_unique<FilteringTestNetworkDelegate>());
7714 network_delegate.SetCookieFilter("not_stored_cookie");
7715 network_delegate.set_block_annotate_cookies();
7716 context_builder->set_net_log(net::NetLog::Get());
7717 auto context = context_builder->Build();
7718 // Make sure cookies blocked from being stored are caught, and those that are
7719 // accepted are reported as well.
7720 GURL set_cookie_test_url = test_server.GetURL(
7721 "/set-cookie?not_stored_cookie=true&"
7722 "stored_cookie=tasty"
7723 "&path_cookie=narrow;path=/set-cookie");
7724 {
7725 TestDelegate d;
7726 std::unique_ptr<URLRequest> req =
7727 CreateFirstPartyRequest(*context, set_cookie_test_url, &d);
7728 req->Start();
7729 d.RunUntilComplete();
7730
7731 ASSERT_EQ(3u, req->maybe_stored_cookies().size());
7732 EXPECT_EQ("not_stored_cookie",
7733 req->maybe_stored_cookies()[0].cookie->Name());
7734 EXPECT_TRUE(req->maybe_stored_cookies()[0]
7735 .access_result.status.HasExactlyExclusionReasonsForTesting(
7736 {CookieInclusionStatus::EXCLUDE_USER_PREFERENCES}));
7737 EXPECT_EQ("stored_cookie", req->maybe_stored_cookies()[1].cookie->Name());
7738 EXPECT_TRUE(
7739 req->maybe_stored_cookies()[1].access_result.status.IsInclude());
7740 EXPECT_EQ("stored_cookie", req->maybe_stored_cookies()[1].cookie->Name());
7741 EXPECT_TRUE(
7742 req->maybe_stored_cookies()[2].access_result.status.IsInclude());
7743 EXPECT_EQ("path_cookie", req->maybe_stored_cookies()[2].cookie->Name());
7744 auto entries = net_log_observer.GetEntriesWithType(
7745 NetLogEventType::COOKIE_INCLUSION_STATUS);
7746 EXPECT_EQ(3u, entries.size());
7747 EXPECT_EQ("{\"domain\":\"" + set_cookie_test_url.host() +
7748 "\",\"name\":\"not_stored_cookie\",\"operation\":\"store\","
7749 "\"path\":\"/\",\"status\":\"EXCLUDE_USER_PREFERENCES, "
7750 "DO_NOT_WARN\"}",
7751 SerializeNetLogValueToJson(entries[0].params));
7752 EXPECT_EQ("{\"domain\":\"" + set_cookie_test_url.host() +
7753 "\",\"name\":\"stored_cookie\",\"operation\":\"store\","
7754 "\"path\":\"/\",\"status\":\"INCLUDE, DO_NOT_WARN\"}",
7755 SerializeNetLogValueToJson(entries[1].params));
7756 EXPECT_EQ(
7757 "{\"domain\":\"" + set_cookie_test_url.host() +
7758 "\",\"name\":\"path_cookie\",\"operation\":\"store\","
7759 "\"path\":\"/set-cookie\",\"status\":\"INCLUDE, DO_NOT_WARN\"}",
7760 SerializeNetLogValueToJson(entries[2].params));
7761 net_log_observer.Clear();
7762 }
7763 {
7764 TestDelegate d;
7765 // Make sure cookies blocked from being sent are caught.
7766 GURL test_url = test_server.GetURL("/echoheader?Cookie");
7767 std::unique_ptr<URLRequest> req =
7768 CreateFirstPartyRequest(*context, test_url, &d);
7769 req->Start();
7770 d.RunUntilComplete();
7771
7772 EXPECT_TRUE(d.data_received().find("stored_cookie=tasty") ==
7773 std::string::npos);
7774
7775 ASSERT_EQ(2u, req->maybe_sent_cookies().size());
7776 EXPECT_EQ("path_cookie", req->maybe_sent_cookies()[0].cookie.Name());
7777 EXPECT_TRUE(
7778 req->maybe_sent_cookies()[0]
7779 .access_result.status.HasExactlyExclusionReasonsForTesting(
7780 {net::CookieInclusionStatus::EXCLUDE_NOT_ON_PATH,
7781 net::CookieInclusionStatus::EXCLUDE_USER_PREFERENCES}));
7782 EXPECT_EQ("stored_cookie", req->maybe_sent_cookies()[1].cookie.Name());
7783 EXPECT_TRUE(
7784 req->maybe_sent_cookies()[1]
7785 .access_result.status.HasExactlyExclusionReasonsForTesting(
7786 {net::CookieInclusionStatus::EXCLUDE_USER_PREFERENCES}));
7787 auto entries = net_log_observer.GetEntriesWithType(
7788 NetLogEventType::COOKIE_INCLUSION_STATUS);
7789 EXPECT_EQ(2u, entries.size());
7790 EXPECT_EQ("{\"domain\":\"" + set_cookie_test_url.host() +
7791 "\",\"name\":\"path_cookie\",\"operation\":\"send\",\"path\":"
7792 "\"/set-cookie\",\"status\":\"EXCLUDE_NOT_ON_PATH, "
7793 "EXCLUDE_USER_PREFERENCES, DO_NOT_WARN\"}",
7794 SerializeNetLogValueToJson(entries[0].params));
7795 EXPECT_EQ(
7796 "{\"domain\":\"" + set_cookie_test_url.host() +
7797 "\",\"name\":\"stored_cookie\",\"operation\":\"send\",\"path\":\"/"
7798 "\",\"status\":\"EXCLUDE_USER_PREFERENCES, DO_NOT_WARN\"}",
7799 SerializeNetLogValueToJson(entries[1].params));
7800 net_log_observer.Clear();
7801 }
7802 {
7803 TestDelegate d;
7804 // Ensure that the log does not contain cookie names when not set to collect
7805 // sensitive data.
7806 net_log_observer.SetObserverCaptureMode(NetLogCaptureMode::kDefault);
7807
7808 GURL test_url = test_server.GetURL("/echoheader?Cookie");
7809 std::unique_ptr<URLRequest> req =
7810 CreateFirstPartyRequest(*context, test_url, &d);
7811 req->Start();
7812 d.RunUntilComplete();
7813
7814 auto entries = net_log_observer.GetEntriesWithType(
7815 NetLogEventType::COOKIE_INCLUSION_STATUS);
7816 EXPECT_EQ(2u, entries.size());
7817
7818 // Ensure that the potentially-sensitive |name|, |domain|, and |path| fields
7819 // are omitted, but other fields are logged as expected.
7820 EXPECT_EQ(
7821 "{\"operation\":\"send\",\"status\":\"EXCLUDE_NOT_ON_PATH, "
7822 "EXCLUDE_USER_PREFERENCES, DO_NOT_WARN\"}",
7823 SerializeNetLogValueToJson(entries[0].params));
7824 EXPECT_EQ(
7825 "{\"operation\":\"send\",\"status\":\"EXCLUDE_USER_PREFERENCES, "
7826 "DO_NOT_WARN\"}",
7827 SerializeNetLogValueToJson(entries[1].params));
7828
7829 net_log_observer.Clear();
7830 net_log_observer.SetObserverCaptureMode(
7831 NetLogCaptureMode::kIncludeSensitive);
7832 }
7833
7834 network_delegate.unset_block_annotate_cookies();
7835 {
7836 // Now with sending cookies re-enabled, it should actually be sent.
7837 TestDelegate d;
7838 GURL test_url = test_server.GetURL("/echoheader?Cookie");
7839 std::unique_ptr<URLRequest> req =
7840 CreateFirstPartyRequest(*context, test_url, &d);
7841 req->Start();
7842 d.RunUntilComplete();
7843
7844 EXPECT_TRUE(d.data_received().find("stored_cookie=tasty") !=
7845 std::string::npos);
7846
7847 ASSERT_EQ(2u, req->maybe_sent_cookies().size());
7848 EXPECT_EQ("path_cookie", req->maybe_sent_cookies()[0].cookie.Name());
7849 EXPECT_TRUE(req->maybe_sent_cookies()[0]
7850 .access_result.status.HasExactlyExclusionReasonsForTesting(
7851 {net::CookieInclusionStatus::EXCLUDE_NOT_ON_PATH}));
7852 EXPECT_EQ("stored_cookie", req->maybe_sent_cookies()[1].cookie.Name());
7853 EXPECT_TRUE(req->maybe_sent_cookies()[1].access_result.status.IsInclude());
7854 auto entries = net_log_observer.GetEntriesWithType(
7855 NetLogEventType::COOKIE_INCLUSION_STATUS);
7856 EXPECT_EQ(2u, entries.size());
7857 EXPECT_EQ(
7858 "{\"domain\":\"" + set_cookie_test_url.host() +
7859 "\",\"name\":\"path_cookie\",\"operation\":\"send\",\"path\":\"/"
7860 "set-cookie\",\"status\":\"EXCLUDE_NOT_ON_PATH, DO_NOT_WARN\"}",
7861 SerializeNetLogValueToJson(entries[0].params));
7862 EXPECT_EQ("{\"domain\":\"" + set_cookie_test_url.host() +
7863 "\",\"name\":\"stored_cookie\",\"operation\":\"send\","
7864 "\"path\":\"/\",\"status\":\"INCLUDE, DO_NOT_WARN\"}",
7865 SerializeNetLogValueToJson(entries[1].params));
7866 net_log_observer.Clear();
7867 }
7868 }
7869
7870 // Test that the SameSite-by-default CookieInclusionStatus warnings do not get
7871 // set if the cookie would have been rejected for other reasons.
7872 // Regression test for https://crbug.com/1027318.
TEST_F(URLRequestTest,NoCookieInclusionStatusWarningIfWouldBeExcludedAnyway)7873 TEST_F(URLRequestTest, NoCookieInclusionStatusWarningIfWouldBeExcludedAnyway) {
7874 HttpTestServer test_server;
7875 ASSERT_TRUE(test_server.Start());
7876
7877 auto context_builder = CreateTestURLRequestContextBuilder();
7878 auto& network_delegate = *context_builder->set_network_delegate(
7879 std::make_unique<FilteringTestNetworkDelegate>());
7880 network_delegate.SetCookieFilter("blockeduserpreference");
7881 context_builder->SetCookieStore(
7882 std::make_unique<CookieMonster>(nullptr, nullptr));
7883 auto context = context_builder->Build();
7884 auto& cm = *static_cast<CookieMonster*>(context->cookie_store());
7885
7886 // Set cookies
7887 {
7888 // Attempt to set some cookies in a cross-site context without a SameSite
7889 // attribute. They should all be blocked. Only the one that would have been
7890 // included had it not been for the new SameSite features should have a
7891 // warning attached.
7892 TestDelegate d;
7893 GURL test_url = test_server.GetURL("this.example",
7894 "/set-cookie?blockeduserpreference=true&"
7895 "unspecifiedsamesite=1&"
7896 "invalidsecure=1;Secure");
7897 GURL cross_site_url = test_server.GetURL("other.example", "/");
7898 std::unique_ptr<URLRequest> req(context->CreateRequest(
7899 test_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
7900 req->set_site_for_cookies(
7901 net::SiteForCookies::FromUrl(cross_site_url)); // cross-site context
7902 req->Start();
7903 d.RunUntilComplete();
7904
7905 ASSERT_EQ(3u, req->maybe_stored_cookies().size());
7906
7907 // Cookie blocked by user preferences is not warned about.
7908 EXPECT_EQ("blockeduserpreference",
7909 req->maybe_stored_cookies()[0].cookie->Name());
7910 // It doesn't pick up the EXCLUDE_UNSPECIFIED_TREATED_AS_LAX because it
7911 // doesn't even make it to the cookie store (it is filtered out beforehand).
7912 EXPECT_TRUE(req->maybe_stored_cookies()[0]
7913 .access_result.status.HasExactlyExclusionReasonsForTesting(
7914 {CookieInclusionStatus::EXCLUDE_USER_PREFERENCES}));
7915 EXPECT_FALSE(
7916 req->maybe_stored_cookies()[0].access_result.status.ShouldWarn());
7917
7918 // Cookie that would be included had it not been for the new SameSite rules
7919 // is warned about.
7920 EXPECT_EQ("unspecifiedsamesite",
7921 req->maybe_stored_cookies()[1].cookie->Name());
7922 EXPECT_TRUE(req->maybe_stored_cookies()[1]
7923 .access_result.status.HasExactlyExclusionReasonsForTesting(
7924 {CookieInclusionStatus::
7925 EXCLUDE_SAMESITE_UNSPECIFIED_TREATED_AS_LAX}));
7926 EXPECT_TRUE(req->maybe_stored_cookies()[1]
7927 .access_result.status.HasExactlyWarningReasonsForTesting(
7928 {CookieInclusionStatus::
7929 WARN_SAMESITE_UNSPECIFIED_CROSS_SITE_CONTEXT}));
7930
7931 // Cookie that is blocked because of invalid Secure attribute is not warned
7932 // about.
7933 EXPECT_EQ("invalidsecure", req->maybe_stored_cookies()[2].cookie->Name());
7934 EXPECT_TRUE(req->maybe_stored_cookies()[2]
7935 .access_result.status.HasExactlyExclusionReasonsForTesting(
7936 {CookieInclusionStatus::EXCLUDE_SECURE_ONLY,
7937 CookieInclusionStatus::
7938 EXCLUDE_SAMESITE_UNSPECIFIED_TREATED_AS_LAX}));
7939 EXPECT_TRUE(req->maybe_stored_cookies()[2]
7940 .access_result.status.HasExactlyWarningReasonsForTesting(
7941 {CookieInclusionStatus::
7942 WARN_TENTATIVELY_ALLOWING_SECURE_SOURCE_SCHEME}));
7943 }
7944
7945 // Get cookies (blocked by user preference)
7946 network_delegate.set_block_annotate_cookies();
7947 {
7948 GURL url = test_server.GetURL("/");
7949 auto cookie1 = CanonicalCookie::Create(
7950 url, "cookienosamesite=1", base::Time::Now(), absl::nullopt,
7951 absl::nullopt /* cookie_partition_key */);
7952 base::RunLoop run_loop;
7953 CookieAccessResult access_result;
7954 cm.SetCanonicalCookieAsync(
7955 std::move(cookie1), url, CookieOptions::MakeAllInclusive(),
7956 base::BindLambdaForTesting([&](CookieAccessResult result) {
7957 access_result = result;
7958 run_loop.Quit();
7959 }));
7960 run_loop.Run();
7961 EXPECT_TRUE(access_result.status.IsInclude());
7962
7963 TestDelegate d;
7964 GURL test_url = test_server.GetURL("/echoheader?Cookie");
7965 std::unique_ptr<URLRequest> req(context->CreateRequest(
7966 test_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
7967 GURL cross_site_url = test_server.GetURL("other.example", "/");
7968 req->set_site_for_cookies(
7969 net::SiteForCookies::FromUrl(cross_site_url)); // cross-site context
7970 req->Start();
7971 d.RunUntilComplete();
7972
7973 // No cookies were sent with the request because getting cookies is blocked.
7974 EXPECT_EQ("None", d.data_received());
7975 ASSERT_EQ(1u, req->maybe_sent_cookies().size());
7976 EXPECT_EQ("cookienosamesite", req->maybe_sent_cookies()[0].cookie.Name());
7977 EXPECT_TRUE(req->maybe_sent_cookies()[0]
7978 .access_result.status.HasExactlyExclusionReasonsForTesting(
7979 {CookieInclusionStatus::EXCLUDE_USER_PREFERENCES,
7980 CookieInclusionStatus::
7981 EXCLUDE_SAMESITE_UNSPECIFIED_TREATED_AS_LAX}));
7982 // Cookie should not be warned about because it was blocked because of user
7983 // preferences.
7984 EXPECT_FALSE(
7985 req->maybe_sent_cookies()[0].access_result.status.ShouldWarn());
7986 }
7987 network_delegate.unset_block_annotate_cookies();
7988
7989 // Get cookies
7990 {
7991 GURL url = test_server.GetURL("/");
7992 auto cookie2 = CanonicalCookie::Create(
7993 url, "cookiewithpath=1;path=/foo", base::Time::Now(), absl::nullopt,
7994 absl::nullopt /* cookie_partition_key */);
7995 base::RunLoop run_loop;
7996 // Note: cookie1 from the previous testcase is still in the cookie store.
7997 CookieAccessResult access_result;
7998 cm.SetCanonicalCookieAsync(
7999 std::move(cookie2), url, CookieOptions::MakeAllInclusive(),
8000 base::BindLambdaForTesting([&](CookieAccessResult result) {
8001 access_result = result;
8002 run_loop.Quit();
8003 }));
8004 run_loop.Run();
8005 EXPECT_TRUE(access_result.status.IsInclude());
8006
8007 TestDelegate d;
8008 GURL test_url = test_server.GetURL("/echoheader?Cookie");
8009 std::unique_ptr<URLRequest> req(context->CreateRequest(
8010 test_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
8011 GURL cross_site_url = test_server.GetURL("other.example", "/");
8012 req->set_site_for_cookies(
8013 net::SiteForCookies::FromUrl(cross_site_url)); // cross-site context
8014 req->Start();
8015 d.RunUntilComplete();
8016
8017 // No cookies were sent with the request because they don't specify SameSite
8018 // and the request is cross-site.
8019 EXPECT_EQ("None", d.data_received());
8020 ASSERT_EQ(2u, req->maybe_sent_cookies().size());
8021 // Cookie excluded for other reasons is not warned about.
8022 // Note: this cookie is first because the cookies are sorted by path length
8023 // with longest first. See CookieSorter() in cookie_monster.cc.
8024 EXPECT_EQ("cookiewithpath", req->maybe_sent_cookies()[0].cookie.Name());
8025 EXPECT_TRUE(req->maybe_sent_cookies()[0]
8026 .access_result.status.HasExactlyExclusionReasonsForTesting(
8027 {CookieInclusionStatus::EXCLUDE_NOT_ON_PATH,
8028 CookieInclusionStatus::
8029 EXCLUDE_SAMESITE_UNSPECIFIED_TREATED_AS_LAX}));
8030 EXPECT_FALSE(
8031 req->maybe_sent_cookies()[0].access_result.status.ShouldWarn());
8032 // Cookie that was only blocked because of unspecified SameSite should be
8033 // warned about.
8034 EXPECT_EQ("cookienosamesite", req->maybe_sent_cookies()[1].cookie.Name());
8035 EXPECT_TRUE(req->maybe_sent_cookies()[1]
8036 .access_result.status.HasExactlyExclusionReasonsForTesting(
8037 {CookieInclusionStatus::
8038 EXCLUDE_SAMESITE_UNSPECIFIED_TREATED_AS_LAX}));
8039 EXPECT_TRUE(req->maybe_sent_cookies()[1]
8040 .access_result.status.HasExactlyWarningReasonsForTesting(
8041 {CookieInclusionStatus::
8042 WARN_SAMESITE_UNSPECIFIED_CROSS_SITE_CONTEXT}));
8043 }
8044 }
8045
TEST_F(URLRequestTestHTTP,AuthChallengeCancelCookieCollect)8046 TEST_F(URLRequestTestHTTP, AuthChallengeCancelCookieCollect) {
8047 ASSERT_TRUE(http_test_server()->Start());
8048 GURL url_requiring_auth =
8049 http_test_server()->GetURL("/auth-basic?set-cookie-if-challenged");
8050
8051 auto context_builder = CreateTestURLRequestContextBuilder();
8052 auto filtering_network_delegate =
8053 std::make_unique<FilteringTestNetworkDelegate>();
8054 filtering_network_delegate->SetCookieFilter("got_challenged");
8055 context_builder->set_network_delegate(std::move(filtering_network_delegate));
8056 auto context = context_builder->Build();
8057
8058 TestDelegate delegate;
8059
8060 std::unique_ptr<URLRequest> request =
8061 CreateFirstPartyRequest(*context, url_requiring_auth, &delegate);
8062 request->Start();
8063
8064 delegate.RunUntilAuthRequired();
8065 ASSERT_EQ(1u, request->maybe_stored_cookies().size());
8066 EXPECT_TRUE(request->maybe_stored_cookies()[0]
8067 .access_result.status.HasExactlyExclusionReasonsForTesting(
8068 {net::CookieInclusionStatus::EXCLUDE_USER_PREFERENCES}));
8069 EXPECT_EQ("got_challenged=true",
8070 request->maybe_stored_cookies()[0].cookie_string);
8071
8072 // This shouldn't DCHECK-fail.
8073 request->CancelAuth();
8074 delegate.RunUntilComplete();
8075 }
8076
TEST_F(URLRequestTestHTTP,AuthChallengeWithFilteredCookies)8077 TEST_F(URLRequestTestHTTP, AuthChallengeWithFilteredCookies) {
8078 ASSERT_TRUE(http_test_server()->Start());
8079
8080 GURL url_requiring_auth =
8081 http_test_server()->GetURL("/auth-basic?set-cookie-if-challenged");
8082 GURL url_requiring_auth_wo_cookies =
8083 http_test_server()->GetURL("/auth-basic");
8084 // Check maybe_stored_cookies is populated first round trip, and cleared on
8085 // the second.
8086 {
8087 auto context_builder = CreateTestURLRequestContextBuilder();
8088 auto& filtering_network_delegate = *context_builder->set_network_delegate(
8089 std::make_unique<FilteringTestNetworkDelegate>());
8090 filtering_network_delegate.SetCookieFilter("got_challenged");
8091 auto context = context_builder->Build();
8092
8093 TestDelegate delegate;
8094
8095 std::unique_ptr<URLRequest> request =
8096 CreateFirstPartyRequest(*context, url_requiring_auth, &delegate);
8097 request->Start();
8098
8099 delegate.RunUntilAuthRequired();
8100 // Make sure it was blocked once.
8101 EXPECT_EQ(1, filtering_network_delegate.blocked_set_cookie_count());
8102
8103 // The number of cookies blocked from the most recent round trip.
8104 ASSERT_EQ(1u, request->maybe_stored_cookies().size());
8105 EXPECT_TRUE(
8106 request->maybe_stored_cookies()
8107 .front()
8108 .access_result.status.HasExactlyExclusionReasonsForTesting(
8109 {net::CookieInclusionStatus::EXCLUDE_USER_PREFERENCES}));
8110
8111 // Now check the second round trip
8112 request->SetAuth(AuthCredentials(kUser, kSecret));
8113 delegate.RunUntilComplete();
8114 EXPECT_THAT(delegate.request_status(), IsOk());
8115
8116 // There are DCHECKs in URLRequestHttpJob that would fail if
8117 // maybe_sent_cookies and maybe_stored_cookies were not cleared properly.
8118
8119 // Make sure the cookie was actually filtered and not sent.
8120 EXPECT_EQ(std::string::npos,
8121 delegate.data_received().find("Cookie: got_challenged=true"));
8122
8123 // The number of cookies that most recent round trip tried to set.
8124 ASSERT_EQ(0u, request->maybe_stored_cookies().size());
8125 }
8126
8127 // Check maybe_sent_cookies on first round trip (and cleared for the second).
8128 {
8129 auto context_builder = CreateTestURLRequestContextBuilder();
8130 auto& filtering_network_delegate = *context_builder->set_network_delegate(
8131 std::make_unique<FilteringTestNetworkDelegate>());
8132 filtering_network_delegate.set_block_annotate_cookies();
8133 context_builder->SetCookieStore(
8134 std::make_unique<CookieMonster>(nullptr, nullptr));
8135 auto context = context_builder->Build();
8136
8137 auto* cm = static_cast<CookieMonster*>(context->cookie_store());
8138 auto another_cookie = CanonicalCookie::Create(
8139 url_requiring_auth_wo_cookies, "another_cookie=true", base::Time::Now(),
8140 absl::nullopt /* server_time */,
8141 absl::nullopt /* cookie_partition_key */);
8142 cm->SetCanonicalCookieAsync(std::move(another_cookie),
8143 url_requiring_auth_wo_cookies,
8144 net::CookieOptions::MakeAllInclusive(),
8145 CookieStore::SetCookiesCallback());
8146
8147 TestDelegate delegate;
8148
8149 std::unique_ptr<URLRequest> request = CreateFirstPartyRequest(
8150 *context, url_requiring_auth_wo_cookies, &delegate);
8151 request->Start();
8152
8153 delegate.RunUntilAuthRequired();
8154
8155 ASSERT_EQ(1u, request->maybe_sent_cookies().size());
8156 EXPECT_EQ("another_cookie",
8157 request->maybe_sent_cookies().front().cookie.Name());
8158 EXPECT_EQ("true", request->maybe_sent_cookies().front().cookie.Value());
8159 EXPECT_TRUE(
8160 request->maybe_sent_cookies()
8161 .front()
8162 .access_result.status.HasExactlyExclusionReasonsForTesting(
8163 {net::CookieInclusionStatus::EXCLUDE_USER_PREFERENCES}));
8164
8165 // Check maybe_sent_cookies on second roundtrip.
8166 request->set_maybe_sent_cookies({});
8167 cm->DeleteAllAsync(CookieStore::DeleteCallback());
8168 auto one_more_cookie = CanonicalCookie::Create(
8169 url_requiring_auth_wo_cookies, "one_more_cookie=true",
8170 base::Time::Now(), absl::nullopt /* server_time */,
8171 absl::nullopt /* cookie_partition_key */);
8172 cm->SetCanonicalCookieAsync(std::move(one_more_cookie),
8173 url_requiring_auth_wo_cookies,
8174 net::CookieOptions::MakeAllInclusive(),
8175 CookieStore::SetCookiesCallback());
8176
8177 request->SetAuth(AuthCredentials(kUser, kSecret));
8178 delegate.RunUntilComplete();
8179 EXPECT_THAT(delegate.request_status(), IsOk());
8180
8181 // There are DCHECKs in URLRequestHttpJob that would fail if
8182 // maybe_sent_cookies and maybe_stored_cookies were not cleared properly.
8183
8184 // Make sure the cookie was actually filtered.
8185 EXPECT_EQ(std::string::npos,
8186 delegate.data_received().find("Cookie: one_more_cookie=true"));
8187 // got_challenged was set after the first request and blocked on the second,
8188 // so it should only have been blocked this time
8189 EXPECT_EQ(2, filtering_network_delegate.blocked_annotate_cookies_count());
8190
8191 // // The number of cookies blocked from the most recent round trip.
8192 ASSERT_EQ(1u, request->maybe_sent_cookies().size());
8193 EXPECT_EQ("one_more_cookie",
8194 request->maybe_sent_cookies().front().cookie.Name());
8195 EXPECT_TRUE(
8196 request->maybe_sent_cookies()
8197 .front()
8198 .access_result.status.HasExactlyExclusionReasonsForTesting(
8199 {net::CookieInclusionStatus::EXCLUDE_USER_PREFERENCES}));
8200 }
8201 }
8202
8203 // Tests that load timing works as expected with auth and the cache.
TEST_F(URLRequestTestHTTP,BasicAuthLoadTiming)8204 TEST_F(URLRequestTestHTTP, BasicAuthLoadTiming) {
8205 ASSERT_TRUE(http_test_server()->Start());
8206
8207 // populate the cache
8208 {
8209 TestDelegate d;
8210
8211 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
8212 http_test_server()->GetURL("/auth-basic"), DEFAULT_PRIORITY, &d,
8213 TRAFFIC_ANNOTATION_FOR_TESTS));
8214 r->set_isolation_info(isolation_info1_);
8215 r->Start();
8216 d.RunUntilAuthRequired();
8217
8218 LoadTimingInfo load_timing_info_before_auth;
8219 r->GetLoadTimingInfo(&load_timing_info_before_auth);
8220 TestLoadTimingNotReused(load_timing_info_before_auth,
8221 CONNECT_TIMING_HAS_DNS_TIMES);
8222
8223 r->SetAuth(AuthCredentials(kUser, kSecret));
8224 d.RunUntilComplete();
8225
8226 EXPECT_TRUE(d.data_received().find("user/secret") != std::string::npos);
8227 LoadTimingInfo load_timing_info;
8228 r->GetLoadTimingInfo(&load_timing_info);
8229 // The test server does not support keep alive sockets, so the second
8230 // request with auth should use a new socket.
8231 TestLoadTimingNotReused(load_timing_info, CONNECT_TIMING_HAS_DNS_TIMES);
8232 EXPECT_NE(load_timing_info_before_auth.socket_log_id,
8233 load_timing_info.socket_log_id);
8234 EXPECT_LE(load_timing_info_before_auth.receive_headers_end,
8235 load_timing_info.connect_timing.connect_start);
8236 }
8237
8238 // Repeat request with end-to-end validation. Since auth-basic results in a
8239 // cachable page, we expect this test to result in a 304. In which case, the
8240 // response should be fetched from the cache.
8241 {
8242 TestDelegate d;
8243 d.set_credentials(AuthCredentials(kUser, kSecret));
8244
8245 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
8246 http_test_server()->GetURL("/auth-basic"), DEFAULT_PRIORITY, &d,
8247 TRAFFIC_ANNOTATION_FOR_TESTS));
8248 r->SetLoadFlags(LOAD_VALIDATE_CACHE);
8249 r->set_isolation_info(isolation_info1_);
8250 r->Start();
8251
8252 d.RunUntilComplete();
8253
8254 EXPECT_TRUE(d.data_received().find("user/secret") != std::string::npos);
8255
8256 // Should be the same cached document.
8257 EXPECT_TRUE(r->was_cached());
8258
8259 // Since there was a request that went over the wire, the load timing
8260 // information should include connection times.
8261 LoadTimingInfo load_timing_info;
8262 r->GetLoadTimingInfo(&load_timing_info);
8263 TestLoadTimingNotReused(load_timing_info, CONNECT_TIMING_HAS_DNS_TIMES);
8264 }
8265 }
8266
8267 // In this test, we do a POST which the server will 302 redirect.
8268 // The subsequent transaction should use GET, and should not send the
8269 // Content-Type header.
8270 // http://code.google.com/p/chromium/issues/detail?id=843
TEST_F(URLRequestTestHTTP,Post302RedirectGet)8271 TEST_F(URLRequestTestHTTP, Post302RedirectGet) {
8272 ASSERT_TRUE(http_test_server()->Start());
8273
8274 const char kData[] = "hello world";
8275
8276 TestDelegate d;
8277 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
8278 http_test_server()->GetURL("/redirect-to-echoall"), DEFAULT_PRIORITY, &d,
8279 TRAFFIC_ANNOTATION_FOR_TESTS));
8280 req->set_method("POST");
8281 req->set_upload(CreateSimpleUploadData(kData));
8282
8283 // Set headers (some of which are specific to the POST).
8284 HttpRequestHeaders headers;
8285 headers.SetHeader("Content-Type",
8286 "multipart/form-data;"
8287 "boundary=----WebKitFormBoundaryAADeAA+NAAWMAAwZ");
8288 headers.SetHeader("Accept",
8289 "text/xml,application/xml,application/xhtml+xml,"
8290 "text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5");
8291 headers.SetHeader("Accept-Language", "en-US,en");
8292 headers.SetHeader("Accept-Charset", "ISO-8859-1,*,utf-8");
8293 headers.SetHeader("Content-Length", "11");
8294 headers.SetHeader("Origin", "http://localhost:1337/");
8295 req->SetExtraRequestHeaders(headers);
8296 req->Start();
8297 d.RunUntilComplete();
8298
8299 std::string mime_type;
8300 req->GetMimeType(&mime_type);
8301 EXPECT_EQ("text/html", mime_type);
8302
8303 const std::string& data = d.data_received();
8304
8305 // Check that the post-specific headers were stripped:
8306 EXPECT_FALSE(ContainsString(data, "Content-Length:"));
8307 EXPECT_FALSE(ContainsString(data, "Content-Type:"));
8308 EXPECT_FALSE(ContainsString(data, "Origin:"));
8309
8310 // These extra request headers should not have been stripped.
8311 EXPECT_TRUE(ContainsString(data, "Accept:"));
8312 EXPECT_TRUE(ContainsString(data, "Accept-Language:"));
8313 EXPECT_TRUE(ContainsString(data, "Accept-Charset:"));
8314 }
8315
8316 // The following tests check that we handle mutating the request for HTTP
8317 // redirects as expected.
8318 // See https://crbug.com/56373, https://crbug.com/102130, and
8319 // https://crbug.com/465517.
8320
TEST_F(URLRequestTestHTTP,Redirect301Tests)8321 TEST_F(URLRequestTestHTTP, Redirect301Tests) {
8322 ASSERT_TRUE(http_test_server()->Start());
8323
8324 const GURL url = http_test_server()->GetURL("/redirect301-to-echo");
8325 const GURL https_redirect_url =
8326 http_test_server()->GetURL("/redirect301-to-https");
8327
8328 HTTPRedirectMethodTest(url, "POST", "GET", true);
8329 HTTPRedirectMethodTest(url, "PUT", "PUT", true);
8330 HTTPRedirectMethodTest(url, "HEAD", "HEAD", false);
8331
8332 HTTPRedirectOriginHeaderTest(url, "GET", "GET",
8333 url.DeprecatedGetOriginAsURL().spec());
8334 HTTPRedirectOriginHeaderTest(https_redirect_url, "GET", "GET", "null");
8335 HTTPRedirectOriginHeaderTest(url, "POST", "GET", std::string());
8336 HTTPRedirectOriginHeaderTest(https_redirect_url, "POST", "GET",
8337 std::string());
8338 HTTPRedirectOriginHeaderTest(url, "PUT", "PUT",
8339 url.DeprecatedGetOriginAsURL().spec());
8340 HTTPRedirectOriginHeaderTest(https_redirect_url, "PUT", "PUT", "null");
8341 }
8342
TEST_F(URLRequestTestHTTP,Redirect302Tests)8343 TEST_F(URLRequestTestHTTP, Redirect302Tests) {
8344 ASSERT_TRUE(http_test_server()->Start());
8345
8346 const GURL url = http_test_server()->GetURL("/redirect302-to-echo");
8347 const GURL https_redirect_url =
8348 http_test_server()->GetURL("/redirect302-to-https");
8349
8350 HTTPRedirectMethodTest(url, "POST", "GET", true);
8351 HTTPRedirectMethodTest(url, "PUT", "PUT", true);
8352 HTTPRedirectMethodTest(url, "HEAD", "HEAD", false);
8353
8354 HTTPRedirectOriginHeaderTest(url, "GET", "GET",
8355 url.DeprecatedGetOriginAsURL().spec());
8356 HTTPRedirectOriginHeaderTest(https_redirect_url, "GET", "GET", "null");
8357 HTTPRedirectOriginHeaderTest(url, "POST", "GET", std::string());
8358 HTTPRedirectOriginHeaderTest(https_redirect_url, "POST", "GET",
8359 std::string());
8360 HTTPRedirectOriginHeaderTest(url, "PUT", "PUT",
8361 url.DeprecatedGetOriginAsURL().spec());
8362 HTTPRedirectOriginHeaderTest(https_redirect_url, "PUT", "PUT", "null");
8363 }
8364
TEST_F(URLRequestTestHTTP,Redirect303Tests)8365 TEST_F(URLRequestTestHTTP, Redirect303Tests) {
8366 ASSERT_TRUE(http_test_server()->Start());
8367
8368 const GURL url = http_test_server()->GetURL("/redirect303-to-echo");
8369 const GURL https_redirect_url =
8370 http_test_server()->GetURL("/redirect303-to-https");
8371
8372 HTTPRedirectMethodTest(url, "POST", "GET", true);
8373 HTTPRedirectMethodTest(url, "PUT", "GET", true);
8374 HTTPRedirectMethodTest(url, "HEAD", "HEAD", false);
8375
8376 HTTPRedirectOriginHeaderTest(url, "DELETE", "GET", std::string());
8377 HTTPRedirectOriginHeaderTest(https_redirect_url, "DELETE", "GET",
8378 std::string());
8379 HTTPRedirectOriginHeaderTest(url, "GET", "GET",
8380 url.DeprecatedGetOriginAsURL().spec());
8381 HTTPRedirectOriginHeaderTest(https_redirect_url, "GET", "GET", "null");
8382 HTTPRedirectOriginHeaderTest(url, "HEAD", "HEAD",
8383 url.DeprecatedGetOriginAsURL().spec());
8384 HTTPRedirectOriginHeaderTest(https_redirect_url, "HEAD", "HEAD", "null");
8385 HTTPRedirectOriginHeaderTest(url, "OPTIONS", "GET", std::string());
8386 HTTPRedirectOriginHeaderTest(https_redirect_url, "OPTIONS", "GET",
8387 std::string());
8388 HTTPRedirectOriginHeaderTest(url, "POST", "GET", std::string());
8389 HTTPRedirectOriginHeaderTest(https_redirect_url, "POST", "GET",
8390 std::string());
8391 HTTPRedirectOriginHeaderTest(url, "PUT", "GET", std::string());
8392 HTTPRedirectOriginHeaderTest(https_redirect_url, "PUT", "GET", std::string());
8393 }
8394
TEST_F(URLRequestTestHTTP,Redirect307Tests)8395 TEST_F(URLRequestTestHTTP, Redirect307Tests) {
8396 ASSERT_TRUE(http_test_server()->Start());
8397
8398 const GURL url = http_test_server()->GetURL("/redirect307-to-echo");
8399 const GURL https_redirect_url =
8400 http_test_server()->GetURL("/redirect307-to-https");
8401
8402 HTTPRedirectMethodTest(url, "POST", "POST", true);
8403 HTTPRedirectMethodTest(url, "PUT", "PUT", true);
8404 HTTPRedirectMethodTest(url, "HEAD", "HEAD", false);
8405
8406 HTTPRedirectOriginHeaderTest(url, "GET", "GET",
8407 url.DeprecatedGetOriginAsURL().spec());
8408 HTTPRedirectOriginHeaderTest(https_redirect_url, "GET", "GET", "null");
8409 HTTPRedirectOriginHeaderTest(url, "POST", "POST",
8410 url.DeprecatedGetOriginAsURL().spec());
8411 HTTPRedirectOriginHeaderTest(https_redirect_url, "POST", "POST", "null");
8412 HTTPRedirectOriginHeaderTest(url, "PUT", "PUT",
8413 url.DeprecatedGetOriginAsURL().spec());
8414 HTTPRedirectOriginHeaderTest(https_redirect_url, "PUT", "PUT", "null");
8415 }
8416
TEST_F(URLRequestTestHTTP,Redirect308Tests)8417 TEST_F(URLRequestTestHTTP, Redirect308Tests) {
8418 ASSERT_TRUE(http_test_server()->Start());
8419
8420 const GURL url = http_test_server()->GetURL("/redirect308-to-echo");
8421 const GURL https_redirect_url =
8422 http_test_server()->GetURL("/redirect308-to-https");
8423
8424 HTTPRedirectMethodTest(url, "POST", "POST", true);
8425 HTTPRedirectMethodTest(url, "PUT", "PUT", true);
8426 HTTPRedirectMethodTest(url, "HEAD", "HEAD", false);
8427
8428 HTTPRedirectOriginHeaderTest(url, "GET", "GET",
8429 url.DeprecatedGetOriginAsURL().spec());
8430 HTTPRedirectOriginHeaderTest(https_redirect_url, "GET", "GET", "null");
8431 HTTPRedirectOriginHeaderTest(url, "POST", "POST",
8432 url.DeprecatedGetOriginAsURL().spec());
8433 HTTPRedirectOriginHeaderTest(https_redirect_url, "POST", "POST", "null");
8434 HTTPRedirectOriginHeaderTest(url, "PUT", "PUT",
8435 url.DeprecatedGetOriginAsURL().spec());
8436 HTTPRedirectOriginHeaderTest(https_redirect_url, "PUT", "PUT", "null");
8437 }
8438
8439 // Make sure that 308 responses without bodies are not treated as redirects.
8440 // Certain legacy apis that pre-date the response code expect this behavior
8441 // (Like Google Drive).
TEST_F(URLRequestTestHTTP,NoRedirectOn308WithoutLocationHeader)8442 TEST_F(URLRequestTestHTTP, NoRedirectOn308WithoutLocationHeader) {
8443 ASSERT_TRUE(http_test_server()->Start());
8444
8445 TestDelegate d;
8446 const GURL url = http_test_server()->GetURL("/308-without-location-header");
8447
8448 std::unique_ptr<URLRequest> request(default_context().CreateRequest(
8449 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
8450
8451 request->Start();
8452 d.RunUntilComplete();
8453 EXPECT_EQ(OK, d.request_status());
8454 EXPECT_EQ(0, d.received_redirect_count());
8455 EXPECT_EQ(308, request->response_headers()->response_code());
8456 EXPECT_EQ("This is not a redirect.", d.data_received());
8457 }
8458
TEST_F(URLRequestTestHTTP,Redirect302PreserveReferenceFragment)8459 TEST_F(URLRequestTestHTTP, Redirect302PreserveReferenceFragment) {
8460 ASSERT_TRUE(http_test_server()->Start());
8461
8462 GURL original_url(
8463 http_test_server()->GetURL("/redirect302-to-echo#fragment"));
8464 GURL expected_url(http_test_server()->GetURL("/echo#fragment"));
8465
8466 TestDelegate d;
8467 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
8468 original_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
8469
8470 r->Start();
8471 d.RunUntilComplete();
8472
8473 EXPECT_EQ(2U, r->url_chain().size());
8474 EXPECT_EQ(OK, d.request_status());
8475 EXPECT_EQ(original_url, r->original_url());
8476 EXPECT_EQ(expected_url, r->url());
8477 }
8478
TEST_F(URLRequestTestHTTP,RedirectWithFilteredCookies)8479 TEST_F(URLRequestTestHTTP, RedirectWithFilteredCookies) {
8480 ASSERT_TRUE(http_test_server()->Start());
8481
8482 // FilteringTestNetworkDelegate filters by name, so the names of the two
8483 // cookies have to be the same. The values have been set to different strings
8484 // (the value of the server-redirect cookies is "true" and set-cookie is
8485 // "other") to differentiate between the two round trips.
8486 GURL redirect_to(
8487 http_test_server()->GetURL("/set-cookie?server-redirect=other"));
8488
8489 GURL original_url(http_test_server()->GetURL("/server-redirect-with-cookie?" +
8490 redirect_to.spec()));
8491
8492 GURL original_url_wo_cookie(
8493 http_test_server()->GetURL("/server-redirect?" + redirect_to.spec()));
8494 // Check maybe_stored_cookies on first round trip.
8495 {
8496 auto context_builder = CreateTestURLRequestContextBuilder();
8497 auto& filtering_network_delegate = *context_builder->set_network_delegate(
8498 std::make_unique<FilteringTestNetworkDelegate>());
8499 filtering_network_delegate.SetCookieFilter(
8500 "server-redirect"); // Filter the cookie server-redirect sets.
8501 auto context = context_builder->Build();
8502
8503 TestDelegate delegate;
8504 std::unique_ptr<URLRequest> request =
8505 CreateFirstPartyRequest(*context, original_url, &delegate);
8506
8507 request->Start();
8508 delegate.RunUntilRedirect();
8509
8510 // Make sure it was blocked once.
8511 EXPECT_EQ(1, filtering_network_delegate.blocked_set_cookie_count());
8512
8513 // The number of cookies blocked from the most recent round trip.
8514 ASSERT_EQ(1u, request->maybe_stored_cookies().size());
8515 EXPECT_EQ("server-redirect",
8516 request->maybe_stored_cookies().front().cookie->Name());
8517 EXPECT_EQ("true", request->maybe_stored_cookies().front().cookie->Value());
8518 EXPECT_TRUE(
8519 request->maybe_stored_cookies()
8520 .front()
8521 .access_result.status.HasExactlyExclusionReasonsForTesting(
8522 {net::CookieInclusionStatus::EXCLUDE_USER_PREFERENCES}));
8523
8524 // Check maybe_stored_cookies on second round trip (and clearing from the
8525 // first).
8526 request->FollowDeferredRedirect(absl::nullopt, absl::nullopt);
8527 delegate.RunUntilComplete();
8528 EXPECT_THAT(delegate.request_status(), IsOk());
8529
8530 // There are DCHECKs in URLRequestHttpJob that would fail if
8531 // maybe_sent_cookies and maybe_stored_cookies we not cleared properly.
8532
8533 // Make sure it was blocked twice.
8534 EXPECT_EQ(2, filtering_network_delegate.blocked_set_cookie_count());
8535
8536 // The number of cookies blocked from the most recent round trip.
8537 ASSERT_EQ(1u, request->maybe_stored_cookies().size());
8538 EXPECT_EQ("server-redirect",
8539 request->maybe_stored_cookies().front().cookie->Name());
8540 EXPECT_EQ("other", request->maybe_stored_cookies().front().cookie->Value());
8541 EXPECT_TRUE(
8542 request->maybe_stored_cookies()
8543 .front()
8544 .access_result.status.HasExactlyExclusionReasonsForTesting(
8545 {net::CookieInclusionStatus::EXCLUDE_USER_PREFERENCES}));
8546 }
8547
8548 // Check maybe_sent_cookies on first round trip.
8549 {
8550 auto context_builder = CreateTestURLRequestContextBuilder();
8551 auto& filtering_network_delegate = *context_builder->set_network_delegate(
8552 std::make_unique<FilteringTestNetworkDelegate>());
8553 filtering_network_delegate.set_block_annotate_cookies();
8554 context_builder->SetCookieStore(
8555 std::make_unique<CookieMonster>(nullptr, nullptr));
8556 auto context = context_builder->Build();
8557
8558 auto* cm = static_cast<CookieMonster*>(context->cookie_store());
8559 auto another_cookie = CanonicalCookie::Create(
8560 original_url, "another_cookie=true", base::Time::Now(),
8561 absl::nullopt /* server_time */,
8562 absl::nullopt /* cookie_partition_key */);
8563 cm->SetCanonicalCookieAsync(std::move(another_cookie), original_url,
8564 net::CookieOptions::MakeAllInclusive(),
8565 CookieStore::SetCookiesCallback());
8566
8567 TestDelegate delegate;
8568 std::unique_ptr<URLRequest> request =
8569 CreateFirstPartyRequest(*context, original_url_wo_cookie, &delegate);
8570 request->Start();
8571
8572 delegate.RunUntilRedirect();
8573
8574 ASSERT_EQ(1u, request->maybe_sent_cookies().size());
8575 EXPECT_EQ("another_cookie",
8576 request->maybe_sent_cookies().front().cookie.Name());
8577 EXPECT_TRUE(
8578 request->maybe_sent_cookies()
8579 .front()
8580 .access_result.status.HasExactlyExclusionReasonsForTesting(
8581 {net::CookieInclusionStatus::EXCLUDE_USER_PREFERENCES}));
8582
8583 // Check maybe_sent_cookies on second round trip
8584 request->set_maybe_sent_cookies({});
8585 cm->DeleteAllAsync(CookieStore::DeleteCallback());
8586 auto one_more_cookie = CanonicalCookie::Create(
8587 original_url_wo_cookie, "one_more_cookie=true", base::Time::Now(),
8588 absl::nullopt /* server_time */,
8589 absl::nullopt /* cookie_partition_key */);
8590 cm->SetCanonicalCookieAsync(std::move(one_more_cookie),
8591 original_url_wo_cookie,
8592 net::CookieOptions::MakeAllInclusive(),
8593 CookieStore::SetCookiesCallback());
8594
8595 request->FollowDeferredRedirect(absl::nullopt, absl::nullopt);
8596 delegate.RunUntilComplete();
8597 EXPECT_THAT(delegate.request_status(), IsOk());
8598
8599 // There are DCHECKs in URLRequestHttpJob that would fail if
8600 // maybe_sent_cookies and maybe_stored_cookies we not cleared properly.
8601
8602 EXPECT_EQ(2, filtering_network_delegate.blocked_annotate_cookies_count());
8603
8604 // The number of cookies blocked from the most recent round trip.
8605 ASSERT_EQ(1u, request->maybe_sent_cookies().size());
8606 EXPECT_EQ("one_more_cookie",
8607 request->maybe_sent_cookies().front().cookie.Name());
8608 EXPECT_EQ("true", request->maybe_sent_cookies().front().cookie.Value());
8609 EXPECT_TRUE(
8610 request->maybe_sent_cookies()
8611 .front()
8612 .access_result.status.HasExactlyExclusionReasonsForTesting(
8613 {net::CookieInclusionStatus::EXCLUDE_USER_PREFERENCES}));
8614 }
8615 }
8616
TEST_F(URLRequestTestHTTP,RedirectPreserveFirstPartyURL)8617 TEST_F(URLRequestTestHTTP, RedirectPreserveFirstPartyURL) {
8618 ASSERT_TRUE(http_test_server()->Start());
8619
8620 GURL url(http_test_server()->GetURL("/redirect302-to-echo"));
8621 GURL first_party_url("http://example.com");
8622
8623 TestDelegate d;
8624 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
8625 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
8626 r->set_site_for_cookies(SiteForCookies::FromUrl(first_party_url));
8627
8628 r->Start();
8629 d.RunUntilComplete();
8630
8631 EXPECT_EQ(2U, r->url_chain().size());
8632 EXPECT_EQ(OK, d.request_status());
8633 EXPECT_TRUE(SiteForCookies::FromUrl(first_party_url)
8634 .IsEquivalent(r->site_for_cookies()));
8635 }
8636
TEST_F(URLRequestTestHTTP,RedirectUpdateFirstPartyURL)8637 TEST_F(URLRequestTestHTTP, RedirectUpdateFirstPartyURL) {
8638 ASSERT_TRUE(http_test_server()->Start());
8639
8640 GURL url(http_test_server()->GetURL("/redirect302-to-echo"));
8641 GURL original_first_party_url("http://example.com");
8642 GURL expected_first_party_url(http_test_server()->GetURL("/echo"));
8643
8644 TestDelegate d;
8645
8646 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
8647 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
8648 r->set_site_for_cookies(SiteForCookies::FromUrl(original_first_party_url));
8649 r->set_first_party_url_policy(
8650 RedirectInfo::FirstPartyURLPolicy::UPDATE_URL_ON_REDIRECT);
8651
8652 r->Start();
8653 d.RunUntilComplete();
8654
8655 EXPECT_EQ(2U, r->url_chain().size());
8656 EXPECT_EQ(OK, d.request_status());
8657 EXPECT_TRUE(SiteForCookies::FromUrl(expected_first_party_url)
8658 .IsEquivalent(r->site_for_cookies()));
8659 }
8660
TEST_F(URLRequestTestHTTP,InterceptPost302RedirectGet)8661 TEST_F(URLRequestTestHTTP, InterceptPost302RedirectGet) {
8662 ASSERT_TRUE(http_test_server()->Start());
8663
8664 const char kData[] = "hello world";
8665
8666 TestDelegate d;
8667 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
8668 http_test_server()->GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d,
8669 TRAFFIC_ANNOTATION_FOR_TESTS));
8670 req->set_method("POST");
8671 req->set_upload(CreateSimpleUploadData(kData));
8672 HttpRequestHeaders headers;
8673 headers.SetHeader(HttpRequestHeaders::kContentLength,
8674 base::NumberToString(std::size(kData) - 1));
8675 req->SetExtraRequestHeaders(headers);
8676
8677 std::unique_ptr<URLRequestRedirectJob> job =
8678 std::make_unique<URLRequestRedirectJob>(
8679 req.get(), http_test_server()->GetURL("/echo"),
8680 RedirectUtil::ResponseCode::REDIRECT_302_FOUND, "Very Good Reason");
8681 TestScopedURLInterceptor interceptor(req->url(), std::move(job));
8682
8683 req->Start();
8684 d.RunUntilComplete();
8685 EXPECT_EQ("GET", req->method());
8686 }
8687
TEST_F(URLRequestTestHTTP,InterceptPost307RedirectPost)8688 TEST_F(URLRequestTestHTTP, InterceptPost307RedirectPost) {
8689 ASSERT_TRUE(http_test_server()->Start());
8690
8691 const char kData[] = "hello world";
8692
8693 TestDelegate d;
8694 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
8695 http_test_server()->GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d,
8696 TRAFFIC_ANNOTATION_FOR_TESTS));
8697 req->set_method("POST");
8698 req->set_upload(CreateSimpleUploadData(kData));
8699 HttpRequestHeaders headers;
8700 headers.SetHeader(HttpRequestHeaders::kContentLength,
8701 base::NumberToString(std::size(kData) - 1));
8702 req->SetExtraRequestHeaders(headers);
8703
8704 std::unique_ptr<URLRequestRedirectJob> job =
8705 std::make_unique<URLRequestRedirectJob>(
8706 req.get(), http_test_server()->GetURL("/echo"),
8707 RedirectUtil::ResponseCode::REDIRECT_307_TEMPORARY_REDIRECT,
8708 "Very Good Reason");
8709 TestScopedURLInterceptor interceptor(req->url(), std::move(job));
8710
8711 req->Start();
8712 d.RunUntilComplete();
8713 EXPECT_EQ("POST", req->method());
8714 EXPECT_EQ(kData, d.data_received());
8715 }
8716
8717 // Check that default A-L header is sent.
TEST_F(URLRequestTestHTTP,DefaultAcceptLanguage)8718 TEST_F(URLRequestTestHTTP, DefaultAcceptLanguage) {
8719 ASSERT_TRUE(http_test_server()->Start());
8720
8721 auto context_builder = CreateTestURLRequestContextBuilder();
8722 context_builder->set_http_user_agent_settings(
8723 std::make_unique<StaticHttpUserAgentSettings>("en", std::string()));
8724 auto context = context_builder->Build();
8725
8726 TestDelegate d;
8727 std::unique_ptr<URLRequest> req(context->CreateRequest(
8728 http_test_server()->GetURL("/echoheader?Accept-Language"),
8729 DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
8730 req->Start();
8731 d.RunUntilComplete();
8732 EXPECT_EQ("en", d.data_received());
8733 }
8734
8735 // Check that an empty A-L header is not sent. http://crbug.com/77365.
TEST_F(URLRequestTestHTTP,EmptyAcceptLanguage)8736 TEST_F(URLRequestTestHTTP, EmptyAcceptLanguage) {
8737 ASSERT_TRUE(http_test_server()->Start());
8738
8739 auto context_builder = CreateTestURLRequestContextBuilder();
8740 context_builder->set_http_user_agent_settings(
8741 std::make_unique<StaticHttpUserAgentSettings>(std::string(),
8742 std::string()));
8743 auto context = context_builder->Build();
8744
8745 TestDelegate d;
8746 std::unique_ptr<URLRequest> req(context->CreateRequest(
8747 http_test_server()->GetURL("/echoheader?Accept-Language"),
8748 DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
8749 req->Start();
8750 d.RunUntilComplete();
8751 EXPECT_EQ("None", d.data_received());
8752 }
8753
8754 // Check that if request overrides the A-L header, the default is not appended.
8755 // See http://crbug.com/20894
TEST_F(URLRequestTestHTTP,OverrideAcceptLanguage)8756 TEST_F(URLRequestTestHTTP, OverrideAcceptLanguage) {
8757 ASSERT_TRUE(http_test_server()->Start());
8758
8759 TestDelegate d;
8760 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
8761 http_test_server()->GetURL("/echoheader?Accept-Language"),
8762 DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
8763 HttpRequestHeaders headers;
8764 headers.SetHeader(HttpRequestHeaders::kAcceptLanguage, "ru");
8765 req->SetExtraRequestHeaders(headers);
8766 req->Start();
8767 d.RunUntilComplete();
8768 EXPECT_EQ(std::string("ru"), d.data_received());
8769 }
8770
8771 // Check that default A-E header is sent.
TEST_F(URLRequestTestHTTP,DefaultAcceptEncoding)8772 TEST_F(URLRequestTestHTTP, DefaultAcceptEncoding) {
8773 ASSERT_TRUE(http_test_server()->Start());
8774
8775 TestDelegate d;
8776 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
8777 http_test_server()->GetURL("/echoheader?Accept-Encoding"),
8778 DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
8779 HttpRequestHeaders headers;
8780 req->SetExtraRequestHeaders(headers);
8781 req->Start();
8782 d.RunUntilComplete();
8783 EXPECT_TRUE(ContainsString(d.data_received(), "gzip"));
8784 }
8785
8786 // Check that it's possible to override the default A-E header.
TEST_F(URLRequestTestHTTP,DefaultAcceptEncodingOverriden)8787 TEST_F(URLRequestTestHTTP, DefaultAcceptEncodingOverriden) {
8788 ASSERT_TRUE(http_test_server()->Start());
8789
8790 struct {
8791 base::flat_set<net::SourceStream::SourceType> accepted_types;
8792 const char* expected_accept_encoding;
8793 } tests[] = {{{net::SourceStream::SourceType::TYPE_DEFLATE}, "deflate"},
8794 {{}, "None"},
8795 {{net::SourceStream::SourceType::TYPE_GZIP}, "gzip"},
8796 {{net::SourceStream::SourceType::TYPE_GZIP,
8797 net::SourceStream::SourceType::TYPE_DEFLATE},
8798 "gzip, deflate"}};
8799 for (auto test : tests) {
8800 TestDelegate d;
8801 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
8802 http_test_server()->GetURL("/echoheader?Accept-Encoding"),
8803 DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
8804 req->set_accepted_stream_types(test.accepted_types);
8805 req->Start();
8806 d.RunUntilComplete();
8807 EXPECT_STRCASEEQ(d.data_received().c_str(), test.expected_accept_encoding);
8808 }
8809 }
8810
8811 // Check that if request overrides the A-E header, the default is not appended.
8812 // See http://crbug.com/47381
TEST_F(URLRequestTestHTTP,OverrideAcceptEncoding)8813 TEST_F(URLRequestTestHTTP, OverrideAcceptEncoding) {
8814 ASSERT_TRUE(http_test_server()->Start());
8815
8816 TestDelegate d;
8817 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
8818 http_test_server()->GetURL("/echoheader?Accept-Encoding"),
8819 DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
8820 HttpRequestHeaders headers;
8821 headers.SetHeader(HttpRequestHeaders::kAcceptEncoding, "identity");
8822 req->SetExtraRequestHeaders(headers);
8823 req->Start();
8824 d.RunUntilComplete();
8825 EXPECT_FALSE(ContainsString(d.data_received(), "gzip"));
8826 EXPECT_TRUE(ContainsString(d.data_received(), "identity"));
8827 }
8828
8829 // Check that setting the A-C header sends the proper header.
TEST_F(URLRequestTestHTTP,SetAcceptCharset)8830 TEST_F(URLRequestTestHTTP, SetAcceptCharset) {
8831 ASSERT_TRUE(http_test_server()->Start());
8832
8833 TestDelegate d;
8834 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
8835 http_test_server()->GetURL("/echoheader?Accept-Charset"),
8836 DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
8837 HttpRequestHeaders headers;
8838 headers.SetHeader(HttpRequestHeaders::kAcceptCharset, "koi-8r");
8839 req->SetExtraRequestHeaders(headers);
8840 req->Start();
8841 d.RunUntilComplete();
8842 EXPECT_EQ(std::string("koi-8r"), d.data_received());
8843 }
8844
8845 // Check that default User-Agent header is sent.
TEST_F(URLRequestTestHTTP,DefaultUserAgent)8846 TEST_F(URLRequestTestHTTP, DefaultUserAgent) {
8847 ASSERT_TRUE(http_test_server()->Start());
8848
8849 TestDelegate d;
8850 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
8851 http_test_server()->GetURL("/echoheader?User-Agent"), DEFAULT_PRIORITY,
8852 &d, TRAFFIC_ANNOTATION_FOR_TESTS));
8853 req->Start();
8854 d.RunUntilComplete();
8855 EXPECT_EQ(default_context().http_user_agent_settings()->GetUserAgent(),
8856 d.data_received());
8857 }
8858
8859 // Check that if request overrides the User-Agent header,
8860 // the default is not appended.
8861 // TODO(crbug.com/564656) This test is flaky on iOS.
8862 #if BUILDFLAG(IS_IOS)
8863 #define MAYBE_OverrideUserAgent FLAKY_OverrideUserAgent
8864 #else
8865 #define MAYBE_OverrideUserAgent OverrideUserAgent
8866 #endif
TEST_F(URLRequestTestHTTP,MAYBE_OverrideUserAgent)8867 TEST_F(URLRequestTestHTTP, MAYBE_OverrideUserAgent) {
8868 ASSERT_TRUE(http_test_server()->Start());
8869
8870 TestDelegate d;
8871 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
8872 http_test_server()->GetURL("/echoheader?User-Agent"), DEFAULT_PRIORITY,
8873 &d, TRAFFIC_ANNOTATION_FOR_TESTS));
8874 HttpRequestHeaders headers;
8875 headers.SetHeader(HttpRequestHeaders::kUserAgent, "Lynx (textmode)");
8876 req->SetExtraRequestHeaders(headers);
8877 req->Start();
8878 d.RunUntilComplete();
8879 EXPECT_EQ(std::string("Lynx (textmode)"), d.data_received());
8880 }
8881
8882 // Check that a NULL HttpUserAgentSettings causes the corresponding empty
8883 // User-Agent header to be sent but does not send the Accept-Language and
8884 // Accept-Charset headers.
TEST_F(URLRequestTestHTTP,EmptyHttpUserAgentSettings)8885 TEST_F(URLRequestTestHTTP, EmptyHttpUserAgentSettings) {
8886 ASSERT_TRUE(http_test_server()->Start());
8887
8888 auto context_builder = CreateTestURLRequestContextBuilder();
8889 context_builder->set_http_user_agent_settings(nullptr);
8890 auto context = context_builder->Build();
8891
8892 struct {
8893 const char* request;
8894 const char* expected_response;
8895 } tests[] = {{"/echoheader?Accept-Language", "None"},
8896 {"/echoheader?Accept-Charset", "None"},
8897 {"/echoheader?User-Agent", ""}};
8898
8899 for (const auto& test : tests) {
8900 TestDelegate d;
8901 std::unique_ptr<URLRequest> req(context->CreateRequest(
8902 http_test_server()->GetURL(test.request), DEFAULT_PRIORITY, &d,
8903 TRAFFIC_ANNOTATION_FOR_TESTS));
8904 req->Start();
8905 d.RunUntilComplete();
8906 EXPECT_EQ(test.expected_response, d.data_received())
8907 << " Request = \"" << test.request << "\"";
8908 }
8909 }
8910
8911 // Make sure that URLRequest passes on its priority updates to
8912 // newly-created jobs after the first one.
TEST_F(URLRequestTestHTTP,SetSubsequentJobPriority)8913 TEST_F(URLRequestTestHTTP, SetSubsequentJobPriority) {
8914 GURL initial_url("http://foo.test/");
8915 GURL redirect_url("http://bar.test/");
8916
8917 TestDelegate d;
8918 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
8919 initial_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
8920 EXPECT_EQ(DEFAULT_PRIORITY, req->priority());
8921
8922 std::unique_ptr<URLRequestRedirectJob> redirect_job =
8923 std::make_unique<URLRequestRedirectJob>(
8924 req.get(), redirect_url,
8925 RedirectUtil::ResponseCode::REDIRECT_302_FOUND, "Very Good Reason");
8926 auto interceptor = std::make_unique<TestScopedURLInterceptor>(
8927 initial_url, std::move(redirect_job));
8928
8929 req->SetPriority(LOW);
8930 req->Start();
8931 EXPECT_TRUE(req->is_pending());
8932 d.RunUntilRedirect();
8933 interceptor.reset();
8934
8935 RequestPriority job_priority;
8936 std::unique_ptr<URLRequestJob> job =
8937 std::make_unique<PriorityMonitoringURLRequestJob>(req.get(),
8938 &job_priority);
8939 interceptor =
8940 std::make_unique<TestScopedURLInterceptor>(redirect_url, std::move(job));
8941
8942 // Should trigger |job| to be started.
8943 req->FollowDeferredRedirect(absl::nullopt /* removed_headers */,
8944 absl::nullopt /* modified_headers */);
8945 d.RunUntilComplete();
8946 EXPECT_EQ(LOW, job_priority);
8947 }
8948
8949 // Check that creating a network request while entering/exiting suspend mode
8950 // fails as it should. This is the only case where an HttpTransactionFactory
8951 // does not return an HttpTransaction.
TEST_F(URLRequestTestHTTP,NetworkSuspendTest)8952 TEST_F(URLRequestTestHTTP, NetworkSuspendTest) {
8953 auto context_builder = CreateTestURLRequestContextBuilder();
8954 context_builder->SetCreateHttpTransactionFactoryCallback(
8955 base::BindOnce([](HttpNetworkSession* session) {
8956 // Create a new HttpNetworkLayer that thinks it's suspended.
8957 auto network_layer = std::make_unique<HttpNetworkLayer>(session);
8958 network_layer->OnSuspend();
8959 std::unique_ptr<HttpTransactionFactory> factory =
8960 std::make_unique<HttpCache>(std::move(network_layer),
8961 HttpCache::DefaultBackend::InMemory(0));
8962 return factory;
8963 }));
8964 auto context = context_builder->Build();
8965
8966 TestDelegate d;
8967 std::unique_ptr<URLRequest> req(
8968 context->CreateRequest(GURL("http://127.0.0.1/"), DEFAULT_PRIORITY, &d,
8969 TRAFFIC_ANNOTATION_FOR_TESTS));
8970 req->Start();
8971 d.RunUntilComplete();
8972
8973 EXPECT_TRUE(d.request_failed());
8974 EXPECT_EQ(ERR_NETWORK_IO_SUSPENDED, d.request_status());
8975 }
8976
8977 namespace {
8978
8979 // HttpTransactionFactory that synchronously fails to create transactions.
8980 class FailingHttpTransactionFactory : public HttpTransactionFactory {
8981 public:
FailingHttpTransactionFactory(HttpNetworkSession * network_session)8982 explicit FailingHttpTransactionFactory(HttpNetworkSession* network_session)
8983 : network_session_(network_session) {}
8984
8985 FailingHttpTransactionFactory(const FailingHttpTransactionFactory&) = delete;
8986 FailingHttpTransactionFactory& operator=(
8987 const FailingHttpTransactionFactory&) = delete;
8988
8989 ~FailingHttpTransactionFactory() override = default;
8990
8991 // HttpTransactionFactory methods:
CreateTransaction(RequestPriority priority,std::unique_ptr<HttpTransaction> * trans)8992 int CreateTransaction(RequestPriority priority,
8993 std::unique_ptr<HttpTransaction>* trans) override {
8994 return ERR_FAILED;
8995 }
8996
GetCache()8997 HttpCache* GetCache() override { return nullptr; }
8998
GetSession()8999 HttpNetworkSession* GetSession() override { return network_session_; }
9000
9001 private:
9002 raw_ptr<HttpNetworkSession> network_session_;
9003 };
9004
9005 } // namespace
9006
9007 // Check that when a request that fails to create an HttpTransaction can be
9008 // cancelled while the failure notification is pending, and doesn't send two
9009 // failure notifications.
9010 //
9011 // This currently only happens when in suspend mode and there's no cache, but
9012 // just use a special HttpTransactionFactory, to avoid depending on those
9013 // behaviors.
TEST_F(URLRequestTestHTTP,NetworkCancelAfterCreateTransactionFailsTest)9014 TEST_F(URLRequestTestHTTP, NetworkCancelAfterCreateTransactionFailsTest) {
9015 auto context_builder = CreateTestURLRequestContextBuilder();
9016 context_builder->SetCreateHttpTransactionFactoryCallback(
9017 base::BindOnce([](HttpNetworkSession* session) {
9018 std::unique_ptr<HttpTransactionFactory> factory =
9019 std::make_unique<FailingHttpTransactionFactory>(session);
9020 return factory;
9021 }));
9022 auto& network_delegate = *context_builder->set_network_delegate(
9023 std::make_unique<TestNetworkDelegate>());
9024 auto context = context_builder->Build();
9025
9026 TestDelegate d;
9027 std::unique_ptr<URLRequest> req(
9028 context->CreateRequest(GURL("http://127.0.0.1/"), DEFAULT_PRIORITY, &d,
9029 TRAFFIC_ANNOTATION_FOR_TESTS));
9030 // Don't send cookies (Collecting cookies is asynchronous, and need request to
9031 // try to create an HttpNetworkTransaction synchronously on start).
9032 req->set_allow_credentials(false);
9033 req->Start();
9034 req->Cancel();
9035 d.RunUntilComplete();
9036 // Run pending error task, if there is one.
9037 base::RunLoop().RunUntilIdle();
9038
9039 EXPECT_TRUE(d.request_failed());
9040 EXPECT_EQ(1, d.response_started_count());
9041 EXPECT_EQ(ERR_ABORTED, d.request_status());
9042
9043 // NetworkDelegate should see the cancellation, but not the error.
9044 EXPECT_EQ(1, network_delegate.canceled_requests());
9045 EXPECT_EQ(0, network_delegate.error_count());
9046 }
9047
TEST_F(URLRequestTestHTTP,NetworkAccessedSetOnNetworkRequest)9048 TEST_F(URLRequestTestHTTP, NetworkAccessedSetOnNetworkRequest) {
9049 ASSERT_TRUE(http_test_server()->Start());
9050
9051 TestDelegate d;
9052 GURL test_url(http_test_server()->GetURL("/"));
9053 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
9054 test_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
9055
9056 req->Start();
9057 d.RunUntilComplete();
9058
9059 EXPECT_TRUE(req->response_info().network_accessed);
9060 }
9061
TEST_F(URLRequestTestHTTP,NetworkAccessedClearOnCachedResponse)9062 TEST_F(URLRequestTestHTTP, NetworkAccessedClearOnCachedResponse) {
9063 ASSERT_TRUE(http_test_server()->Start());
9064
9065 // Populate the cache.
9066 TestDelegate d;
9067 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
9068 http_test_server()->GetURL("/cachetime"), DEFAULT_PRIORITY, &d,
9069 TRAFFIC_ANNOTATION_FOR_TESTS));
9070 req->set_isolation_info(isolation_info1_);
9071 req->Start();
9072 d.RunUntilComplete();
9073
9074 EXPECT_EQ(OK, d.request_status());
9075 EXPECT_TRUE(req->response_info().network_accessed);
9076 EXPECT_FALSE(req->response_info().was_cached);
9077
9078 req = default_context().CreateRequest(
9079 http_test_server()->GetURL("/cachetime"), DEFAULT_PRIORITY, &d,
9080 TRAFFIC_ANNOTATION_FOR_TESTS);
9081 req->set_isolation_info(isolation_info1_);
9082 req->Start();
9083 d.RunUntilComplete();
9084
9085 EXPECT_EQ(OK, d.request_status());
9086 EXPECT_FALSE(req->response_info().network_accessed);
9087 EXPECT_TRUE(req->response_info().was_cached);
9088 }
9089
TEST_F(URLRequestTestHTTP,NetworkAccessedClearOnLoadOnlyFromCache)9090 TEST_F(URLRequestTestHTTP, NetworkAccessedClearOnLoadOnlyFromCache) {
9091 ASSERT_TRUE(http_test_server()->Start());
9092
9093 TestDelegate d;
9094 GURL test_url(http_test_server()->GetURL("/"));
9095 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
9096 test_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
9097 req->SetLoadFlags(LOAD_ONLY_FROM_CACHE | LOAD_SKIP_CACHE_VALIDATION);
9098
9099 req->Start();
9100 d.RunUntilComplete();
9101
9102 EXPECT_FALSE(req->response_info().network_accessed);
9103 }
9104
9105 // Test that a single job with a THROTTLED priority completes
9106 // correctly in the absence of contention.
TEST_F(URLRequestTestHTTP,ThrottledPriority)9107 TEST_F(URLRequestTestHTTP, ThrottledPriority) {
9108 ASSERT_TRUE(http_test_server()->Start());
9109
9110 TestDelegate d;
9111 GURL test_url(http_test_server()->GetURL("/"));
9112 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
9113 test_url, THROTTLED, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
9114 req->Start();
9115 d.RunUntilComplete();
9116
9117 EXPECT_EQ(OK, d.request_status());
9118 }
9119
TEST_F(URLRequestTestHTTP,RawBodyBytesNoContentEncoding)9120 TEST_F(URLRequestTestHTTP, RawBodyBytesNoContentEncoding) {
9121 ASSERT_TRUE(http_test_server()->Start());
9122
9123 TestDelegate d;
9124 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
9125 http_test_server()->GetURL("/simple.html"), DEFAULT_PRIORITY, &d,
9126 TRAFFIC_ANNOTATION_FOR_TESTS));
9127 req->Start();
9128 d.RunUntilComplete();
9129
9130 EXPECT_EQ(5, req->GetRawBodyBytes());
9131 }
9132
TEST_F(URLRequestTestHTTP,RawBodyBytesGzipEncoding)9133 TEST_F(URLRequestTestHTTP, RawBodyBytesGzipEncoding) {
9134 ASSERT_TRUE(http_test_server()->Start());
9135
9136 TestDelegate d;
9137 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
9138 http_test_server()->GetURL("/gzip-encoded"), DEFAULT_PRIORITY, &d,
9139 TRAFFIC_ANNOTATION_FOR_TESTS));
9140 req->Start();
9141 d.RunUntilComplete();
9142
9143 EXPECT_EQ(30, req->GetRawBodyBytes());
9144 }
9145
9146 // Check that if NetworkDelegate::OnBeforeStartTransaction returns an error,
9147 // the delegate isn't called back synchronously.
TEST_F(URLRequestTestHTTP,TesBeforeStartTransactionFails)9148 TEST_F(URLRequestTestHTTP, TesBeforeStartTransactionFails) {
9149 ASSERT_TRUE(http_test_server()->Start());
9150 default_network_delegate().set_before_start_transaction_fails();
9151
9152 TestDelegate d;
9153 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
9154 http_test_server()->GetURL("/"), DEFAULT_PRIORITY, &d,
9155 TRAFFIC_ANNOTATION_FOR_TESTS));
9156 req->Start();
9157 DCHECK(!d.response_completed());
9158 d.RunUntilComplete();
9159 DCHECK(d.response_completed());
9160 EXPECT_EQ(ERR_FAILED, d.request_status());
9161 }
9162
9163 class URLRequestTestReferrerPolicy : public URLRequestTest {
9164 public:
9165 URLRequestTestReferrerPolicy() = default;
9166
InstantiateSameOriginServers(net::EmbeddedTestServer::Type type)9167 void InstantiateSameOriginServers(net::EmbeddedTestServer::Type type) {
9168 origin_server_ = std::make_unique<EmbeddedTestServer>(type);
9169 RegisterDefaultHandlers(origin_server_.get());
9170 ASSERT_TRUE(origin_server_->Start());
9171 }
9172
InstantiateCrossOriginServers(net::EmbeddedTestServer::Type origin_type,net::EmbeddedTestServer::Type dest_type)9173 void InstantiateCrossOriginServers(net::EmbeddedTestServer::Type origin_type,
9174 net::EmbeddedTestServer::Type dest_type) {
9175 origin_server_ = std::make_unique<EmbeddedTestServer>(origin_type);
9176 RegisterDefaultHandlers(origin_server_.get());
9177 ASSERT_TRUE(origin_server_->Start());
9178
9179 destination_server_ = std::make_unique<EmbeddedTestServer>(dest_type);
9180 RegisterDefaultHandlers(destination_server_.get());
9181 ASSERT_TRUE(destination_server_->Start());
9182 }
9183
VerifyReferrerAfterRedirect(ReferrerPolicy policy,const GURL & referrer,const GURL & expected)9184 void VerifyReferrerAfterRedirect(ReferrerPolicy policy,
9185 const GURL& referrer,
9186 const GURL& expected) {
9187 // Create and execute the request: we'll only have a |destination_server_|
9188 // if the origins are meant to be distinct. Otherwise, we'll use the
9189 // |origin_server_| for both endpoints.
9190 GURL destination_url =
9191 destination_server_ ? destination_server_->GetURL("/echoheader?Referer")
9192 : origin_server_->GetURL("/echoheader?Referer");
9193 GURL origin_url =
9194 origin_server_->GetURL("/server-redirect?" + destination_url.spec());
9195
9196 TestDelegate d;
9197 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
9198 origin_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
9199 req->set_referrer_policy(policy);
9200 req->SetReferrer(referrer.spec());
9201 req->Start();
9202 d.RunUntilComplete();
9203
9204 EXPECT_EQ(1, d.response_started_count());
9205 EXPECT_EQ(1, d.received_redirect_count());
9206 EXPECT_EQ(destination_url, req->url());
9207 EXPECT_EQ(OK, d.request_status());
9208 EXPECT_EQ(200, req->response_headers()->response_code());
9209
9210 EXPECT_EQ(expected.spec(), req->referrer());
9211 if (expected.is_empty())
9212 EXPECT_EQ("None", d.data_received());
9213 else
9214 EXPECT_EQ(expected.spec(), d.data_received());
9215 }
9216
origin_server() const9217 EmbeddedTestServer* origin_server() const { return origin_server_.get(); }
9218
9219 private:
9220 std::unique_ptr<EmbeddedTestServer> origin_server_;
9221 std::unique_ptr<EmbeddedTestServer> destination_server_;
9222 };
9223
TEST_F(URLRequestTestReferrerPolicy,HTTPToSameOriginHTTP)9224 TEST_F(URLRequestTestReferrerPolicy, HTTPToSameOriginHTTP) {
9225 InstantiateSameOriginServers(net::EmbeddedTestServer::TYPE_HTTP);
9226
9227 GURL referrer = origin_server()->GetURL("/path/to/file.html");
9228 VerifyReferrerAfterRedirect(
9229 ReferrerPolicy::CLEAR_ON_TRANSITION_FROM_SECURE_TO_INSECURE, referrer,
9230 referrer);
9231
9232 VerifyReferrerAfterRedirect(
9233 ReferrerPolicy::REDUCE_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN, referrer,
9234 referrer);
9235
9236 VerifyReferrerAfterRedirect(
9237 ReferrerPolicy::ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN, referrer,
9238 referrer);
9239
9240 VerifyReferrerAfterRedirect(ReferrerPolicy::NEVER_CLEAR, referrer, referrer);
9241
9242 // The original referrer set on the request is expected to obey the referrer
9243 // policy and already be stripped to the origin; thus this test case just
9244 // checks that this policy doesn't cause the referrer to change when following
9245 // a redirect.
9246 VerifyReferrerAfterRedirect(ReferrerPolicy::ORIGIN,
9247 referrer.DeprecatedGetOriginAsURL(),
9248 referrer.DeprecatedGetOriginAsURL());
9249
9250 VerifyReferrerAfterRedirect(ReferrerPolicy::CLEAR_ON_TRANSITION_CROSS_ORIGIN,
9251 referrer, referrer);
9252
9253 // The original referrer set on the request is expected to obey the referrer
9254 // policy and already be stripped to the origin; thus this test case just
9255 // checks that this policy doesn't cause the referrer to change when following
9256 // a redirect.
9257 VerifyReferrerAfterRedirect(
9258 ReferrerPolicy::ORIGIN_CLEAR_ON_TRANSITION_FROM_SECURE_TO_INSECURE,
9259 referrer.DeprecatedGetOriginAsURL(), referrer.DeprecatedGetOriginAsURL());
9260
9261 VerifyReferrerAfterRedirect(ReferrerPolicy::NO_REFERRER, GURL(), GURL());
9262 }
9263
TEST_F(URLRequestTestReferrerPolicy,HTTPToCrossOriginHTTP)9264 TEST_F(URLRequestTestReferrerPolicy, HTTPToCrossOriginHTTP) {
9265 InstantiateCrossOriginServers(net::EmbeddedTestServer::TYPE_HTTP,
9266 net::EmbeddedTestServer::TYPE_HTTP);
9267 GURL referrer = origin_server()->GetURL("/path/to/file.html");
9268
9269 VerifyReferrerAfterRedirect(
9270 ReferrerPolicy::CLEAR_ON_TRANSITION_FROM_SECURE_TO_INSECURE, referrer,
9271 referrer);
9272
9273 VerifyReferrerAfterRedirect(
9274 ReferrerPolicy::REDUCE_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN, referrer,
9275 referrer.DeprecatedGetOriginAsURL());
9276
9277 VerifyReferrerAfterRedirect(
9278 ReferrerPolicy::ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN, referrer,
9279 referrer.DeprecatedGetOriginAsURL());
9280
9281 VerifyReferrerAfterRedirect(ReferrerPolicy::NEVER_CLEAR, referrer, referrer);
9282
9283 // The original referrer set on the request is expected to obey the referrer
9284 // policy and already be stripped to the origin; thus this test case just
9285 // checks that this policy doesn't cause the referrer to change when following
9286 // a redirect.
9287 VerifyReferrerAfterRedirect(ReferrerPolicy::ORIGIN,
9288 referrer.DeprecatedGetOriginAsURL(),
9289 referrer.DeprecatedGetOriginAsURL());
9290
9291 VerifyReferrerAfterRedirect(ReferrerPolicy::CLEAR_ON_TRANSITION_CROSS_ORIGIN,
9292 referrer, GURL());
9293
9294 // The original referrer set on the request is expected to obey the referrer
9295 // policy and already be stripped to the origin; thus this test case just
9296 // checks that this policy doesn't cause the referrer to change when following
9297 // a redirect.
9298 VerifyReferrerAfterRedirect(
9299 ReferrerPolicy::ORIGIN_CLEAR_ON_TRANSITION_FROM_SECURE_TO_INSECURE,
9300 referrer.DeprecatedGetOriginAsURL(), referrer.DeprecatedGetOriginAsURL());
9301
9302 VerifyReferrerAfterRedirect(ReferrerPolicy::NO_REFERRER, GURL(), GURL());
9303 }
9304
TEST_F(URLRequestTestReferrerPolicy,HTTPSToSameOriginHTTPS)9305 TEST_F(URLRequestTestReferrerPolicy, HTTPSToSameOriginHTTPS) {
9306 InstantiateSameOriginServers(net::EmbeddedTestServer::TYPE_HTTPS);
9307 GURL referrer = origin_server()->GetURL("/path/to/file.html");
9308
9309 VerifyReferrerAfterRedirect(
9310 ReferrerPolicy::CLEAR_ON_TRANSITION_FROM_SECURE_TO_INSECURE, referrer,
9311 referrer);
9312
9313 VerifyReferrerAfterRedirect(
9314 ReferrerPolicy::REDUCE_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN, referrer,
9315 referrer);
9316
9317 VerifyReferrerAfterRedirect(
9318 ReferrerPolicy::ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN, referrer,
9319 referrer);
9320
9321 VerifyReferrerAfterRedirect(ReferrerPolicy::NEVER_CLEAR, referrer, referrer);
9322
9323 // The original referrer set on the request is expected to obey the referrer
9324 // policy and already be stripped to the origin; thus this test case just
9325 // checks that this policy doesn't cause the referrer to change when following
9326 // a redirect.
9327 VerifyReferrerAfterRedirect(ReferrerPolicy::ORIGIN,
9328 referrer.DeprecatedGetOriginAsURL(),
9329 referrer.DeprecatedGetOriginAsURL());
9330
9331 VerifyReferrerAfterRedirect(ReferrerPolicy::CLEAR_ON_TRANSITION_CROSS_ORIGIN,
9332 referrer, referrer);
9333
9334 // The original referrer set on the request is expected to obey the referrer
9335 // policy and already be stripped to the origin; thus this test case just
9336 // checks that this policy doesn't cause the referrer to change when following
9337 // a redirect.
9338 VerifyReferrerAfterRedirect(
9339 ReferrerPolicy::ORIGIN_CLEAR_ON_TRANSITION_FROM_SECURE_TO_INSECURE,
9340 referrer.DeprecatedGetOriginAsURL(), referrer.DeprecatedGetOriginAsURL());
9341
9342 VerifyReferrerAfterRedirect(ReferrerPolicy::NO_REFERRER, GURL(), GURL());
9343 }
9344
TEST_F(URLRequestTestReferrerPolicy,HTTPSToCrossOriginHTTPS)9345 TEST_F(URLRequestTestReferrerPolicy, HTTPSToCrossOriginHTTPS) {
9346 InstantiateCrossOriginServers(net::EmbeddedTestServer::TYPE_HTTPS,
9347 net::EmbeddedTestServer::TYPE_HTTPS);
9348 GURL referrer = origin_server()->GetURL("/path/to/file.html");
9349
9350 VerifyReferrerAfterRedirect(
9351 ReferrerPolicy::CLEAR_ON_TRANSITION_FROM_SECURE_TO_INSECURE, referrer,
9352 referrer);
9353
9354 VerifyReferrerAfterRedirect(
9355 ReferrerPolicy::REDUCE_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN, referrer,
9356 origin_server()->GetURL("/"));
9357
9358 VerifyReferrerAfterRedirect(
9359 ReferrerPolicy::ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN, referrer,
9360 origin_server()->GetURL("/"));
9361
9362 VerifyReferrerAfterRedirect(ReferrerPolicy::NEVER_CLEAR, referrer, referrer);
9363
9364 // The original referrer set on the request is expected to obey the referrer
9365 // policy and already be stripped to the origin; thus this test case just
9366 // checks that this policy doesn't cause the referrer to change when following
9367 // a redirect.
9368 VerifyReferrerAfterRedirect(ReferrerPolicy::ORIGIN,
9369 referrer.DeprecatedGetOriginAsURL(),
9370 referrer.DeprecatedGetOriginAsURL());
9371
9372 VerifyReferrerAfterRedirect(ReferrerPolicy::CLEAR_ON_TRANSITION_CROSS_ORIGIN,
9373 referrer, GURL());
9374
9375 // The original referrer set on the request is expected to obey the referrer
9376 // policy and already be stripped to the origin; thus this test case just
9377 // checks that this policy doesn't cause the referrer to change when following
9378 // a redirect.
9379 VerifyReferrerAfterRedirect(
9380 ReferrerPolicy::ORIGIN_CLEAR_ON_TRANSITION_FROM_SECURE_TO_INSECURE,
9381 referrer.DeprecatedGetOriginAsURL(), referrer.DeprecatedGetOriginAsURL());
9382
9383 VerifyReferrerAfterRedirect(ReferrerPolicy::NO_REFERRER, GURL(), GURL());
9384 }
9385
TEST_F(URLRequestTestReferrerPolicy,HTTPToHTTPS)9386 TEST_F(URLRequestTestReferrerPolicy, HTTPToHTTPS) {
9387 InstantiateCrossOriginServers(net::EmbeddedTestServer::TYPE_HTTP,
9388 net::EmbeddedTestServer::TYPE_HTTPS);
9389 GURL referrer = origin_server()->GetURL("/path/to/file.html");
9390
9391 VerifyReferrerAfterRedirect(
9392 ReferrerPolicy::CLEAR_ON_TRANSITION_FROM_SECURE_TO_INSECURE, referrer,
9393 referrer);
9394
9395 VerifyReferrerAfterRedirect(
9396 ReferrerPolicy::REDUCE_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN, referrer,
9397 origin_server()->GetURL("/"));
9398
9399 VerifyReferrerAfterRedirect(
9400 ReferrerPolicy::ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN, referrer,
9401 origin_server()->GetURL("/"));
9402
9403 VerifyReferrerAfterRedirect(ReferrerPolicy::NEVER_CLEAR, referrer, referrer);
9404
9405 // The original referrer set on the request is expected to obey the referrer
9406 // policy and already be stripped to the origin; thus this test case just
9407 // checks that this policy doesn't cause the referrer to change when following
9408 // a redirect.
9409 VerifyReferrerAfterRedirect(ReferrerPolicy::ORIGIN,
9410 referrer.DeprecatedGetOriginAsURL(),
9411 referrer.DeprecatedGetOriginAsURL());
9412
9413 VerifyReferrerAfterRedirect(ReferrerPolicy::CLEAR_ON_TRANSITION_CROSS_ORIGIN,
9414 referrer, GURL());
9415
9416 // The original referrer set on the request is expected to obey the referrer
9417 // policy and already be stripped to the origin; thus this test case just
9418 // checks that this policy doesn't cause the referrer to change when following
9419 // a redirect.
9420 VerifyReferrerAfterRedirect(
9421 ReferrerPolicy::ORIGIN_CLEAR_ON_TRANSITION_FROM_SECURE_TO_INSECURE,
9422 referrer.DeprecatedGetOriginAsURL(), referrer.DeprecatedGetOriginAsURL());
9423
9424 VerifyReferrerAfterRedirect(ReferrerPolicy::NO_REFERRER, GURL(), GURL());
9425 }
9426
TEST_F(URLRequestTestReferrerPolicy,HTTPSToHTTP)9427 TEST_F(URLRequestTestReferrerPolicy, HTTPSToHTTP) {
9428 InstantiateCrossOriginServers(net::EmbeddedTestServer::TYPE_HTTPS,
9429 net::EmbeddedTestServer::TYPE_HTTP);
9430 GURL referrer = origin_server()->GetURL("/path/to/file.html");
9431
9432 VerifyReferrerAfterRedirect(
9433 ReferrerPolicy::CLEAR_ON_TRANSITION_FROM_SECURE_TO_INSECURE, referrer,
9434 GURL());
9435
9436 VerifyReferrerAfterRedirect(
9437 ReferrerPolicy::REDUCE_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN, referrer,
9438 GURL());
9439
9440 VerifyReferrerAfterRedirect(
9441 ReferrerPolicy::ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN, referrer,
9442 origin_server()->GetURL("/"));
9443
9444 VerifyReferrerAfterRedirect(ReferrerPolicy::NEVER_CLEAR, referrer, referrer);
9445
9446 // The original referrer set on the request is expected to obey the referrer
9447 // policy and already be stripped to the origin; thus this test case just
9448 // checks that this policy doesn't cause the referrer to change when following
9449 // a redirect.
9450 VerifyReferrerAfterRedirect(ReferrerPolicy::ORIGIN,
9451 referrer.DeprecatedGetOriginAsURL(),
9452 referrer.DeprecatedGetOriginAsURL());
9453
9454 VerifyReferrerAfterRedirect(ReferrerPolicy::CLEAR_ON_TRANSITION_CROSS_ORIGIN,
9455 referrer, GURL());
9456
9457 // The original referrer set on the request is expected to obey the referrer
9458 // policy and already be stripped to the origin, though it should be
9459 // subsequently cleared during the downgrading redirect.
9460 VerifyReferrerAfterRedirect(
9461 ReferrerPolicy::ORIGIN_CLEAR_ON_TRANSITION_FROM_SECURE_TO_INSECURE,
9462 referrer.DeprecatedGetOriginAsURL(), GURL());
9463
9464 VerifyReferrerAfterRedirect(ReferrerPolicy::NO_REFERRER, GURL(), GURL());
9465 }
9466
9467 class HTTPSRequestTest : public TestWithTaskEnvironment {
9468 public:
HTTPSRequestTest()9469 HTTPSRequestTest() {
9470 auto context_builder = CreateTestURLRequestContextBuilder();
9471 default_context_ = context_builder->Build();
9472 }
~HTTPSRequestTest()9473 ~HTTPSRequestTest() override {
9474 SetTransportSecurityStateSourceForTesting(nullptr);
9475 }
9476
default_context()9477 URLRequestContext& default_context() { return *default_context_; }
9478
9479 private:
9480 std::unique_ptr<URLRequestContext> default_context_;
9481 };
9482
TEST_F(HTTPSRequestTest,HTTPSGetTest)9483 TEST_F(HTTPSRequestTest, HTTPSGetTest) {
9484 EmbeddedTestServer test_server(net::EmbeddedTestServer::TYPE_HTTPS);
9485 RegisterDefaultHandlers(&test_server);
9486 ASSERT_TRUE(test_server.Start());
9487
9488 TestDelegate d;
9489 {
9490 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
9491 test_server.GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d,
9492 TRAFFIC_ANNOTATION_FOR_TESTS));
9493 r->Start();
9494 EXPECT_TRUE(r->is_pending());
9495
9496 d.RunUntilComplete();
9497
9498 EXPECT_EQ(1, d.response_started_count());
9499 EXPECT_FALSE(d.received_data_before_response());
9500 EXPECT_NE(0, d.bytes_received());
9501 CheckSSLInfo(r->ssl_info());
9502 EXPECT_EQ(test_server.host_port_pair().host(),
9503 r->GetResponseRemoteEndpoint().ToStringWithoutPort());
9504 EXPECT_EQ(test_server.host_port_pair().port(),
9505 r->GetResponseRemoteEndpoint().port());
9506 }
9507 }
9508
TEST_F(HTTPSRequestTest,HTTPSMismatchedTest)9509 TEST_F(HTTPSRequestTest, HTTPSMismatchedTest) {
9510 EmbeddedTestServer test_server(net::EmbeddedTestServer::TYPE_HTTPS);
9511 test_server.SetSSLConfig(net::EmbeddedTestServer::CERT_MISMATCHED_NAME);
9512 RegisterDefaultHandlers(&test_server);
9513 ASSERT_TRUE(test_server.Start());
9514
9515 bool err_allowed = true;
9516 for (int i = 0; i < 2; i++, err_allowed = !err_allowed) {
9517 TestDelegate d;
9518 {
9519 d.set_allow_certificate_errors(err_allowed);
9520 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
9521 test_server.GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d,
9522 TRAFFIC_ANNOTATION_FOR_TESTS));
9523
9524 r->Start();
9525 EXPECT_TRUE(r->is_pending());
9526
9527 d.RunUntilComplete();
9528
9529 EXPECT_EQ(1, d.response_started_count());
9530 EXPECT_FALSE(d.received_data_before_response());
9531 EXPECT_TRUE(d.have_certificate_errors());
9532 if (err_allowed) {
9533 EXPECT_NE(0, d.bytes_received());
9534 CheckSSLInfo(r->ssl_info());
9535 } else {
9536 EXPECT_EQ(0, d.bytes_received());
9537 }
9538 }
9539 }
9540 }
9541
TEST_F(HTTPSRequestTest,HTTPSExpiredTest)9542 TEST_F(HTTPSRequestTest, HTTPSExpiredTest) {
9543 EmbeddedTestServer test_server(net::EmbeddedTestServer::TYPE_HTTPS);
9544 test_server.SetSSLConfig(net::EmbeddedTestServer::CERT_EXPIRED);
9545 RegisterDefaultHandlers(&test_server);
9546 ASSERT_TRUE(test_server.Start());
9547
9548 // Iterate from false to true, just so that we do the opposite of the
9549 // previous test in order to increase test coverage.
9550 bool err_allowed = false;
9551 for (int i = 0; i < 2; i++, err_allowed = !err_allowed) {
9552 TestDelegate d;
9553 {
9554 d.set_allow_certificate_errors(err_allowed);
9555 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
9556 test_server.GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d,
9557 TRAFFIC_ANNOTATION_FOR_TESTS));
9558
9559 r->Start();
9560 EXPECT_TRUE(r->is_pending());
9561
9562 d.RunUntilComplete();
9563
9564 EXPECT_EQ(1, d.response_started_count());
9565 EXPECT_FALSE(d.received_data_before_response());
9566 EXPECT_TRUE(d.have_certificate_errors());
9567 if (err_allowed) {
9568 EXPECT_NE(0, d.bytes_received());
9569 CheckSSLInfo(r->ssl_info());
9570 } else {
9571 EXPECT_EQ(0, d.bytes_received());
9572 }
9573 }
9574 }
9575 }
9576
9577 // A TestDelegate used to test that an appropriate net error code is provided
9578 // when an SSL certificate error occurs.
9579 class SSLNetErrorTestDelegate : public TestDelegate {
9580 public:
OnSSLCertificateError(URLRequest * request,int net_error,const SSLInfo & ssl_info,bool fatal)9581 void OnSSLCertificateError(URLRequest* request,
9582 int net_error,
9583 const SSLInfo& ssl_info,
9584 bool fatal) override {
9585 net_error_ = net_error;
9586 on_ssl_certificate_error_called_ = true;
9587 TestDelegate::OnSSLCertificateError(request, net_error, ssl_info, fatal);
9588 }
9589
on_ssl_certificate_error_called()9590 bool on_ssl_certificate_error_called() {
9591 return on_ssl_certificate_error_called_;
9592 }
9593
net_error()9594 int net_error() { return net_error_; }
9595
9596 private:
9597 bool on_ssl_certificate_error_called_ = false;
9598 int net_error_ = net::OK;
9599 };
9600
9601 // Tests that the URLRequest::Delegate receives an appropriate net error code
9602 // when an SSL certificate error occurs.
TEST_F(HTTPSRequestTest,SSLNetErrorReportedToDelegate)9603 TEST_F(HTTPSRequestTest, SSLNetErrorReportedToDelegate) {
9604 EmbeddedTestServer test_server(net::EmbeddedTestServer::TYPE_HTTPS);
9605 test_server.SetSSLConfig(net::EmbeddedTestServer::CERT_EXPIRED);
9606 RegisterDefaultHandlers(&test_server);
9607 ASSERT_TRUE(test_server.Start());
9608
9609 SSLNetErrorTestDelegate d;
9610 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
9611 test_server.GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d,
9612 TRAFFIC_ANNOTATION_FOR_TESTS));
9613 r->Start();
9614 EXPECT_TRUE(r->is_pending());
9615 d.RunUntilComplete();
9616
9617 EXPECT_TRUE(d.on_ssl_certificate_error_called());
9618 EXPECT_EQ(net::ERR_CERT_DATE_INVALID, d.net_error());
9619 }
9620
9621 // TODO(svaldez): iOS tests are flaky with EmbeddedTestServer and transport
9622 // security state. (see http://crbug.com/550977).
9623 #if !BUILDFLAG(IS_IOS)
9624 // This tests that a load of a domain with preloaded HSTS and HPKP with a
9625 // certificate error sets the |certificate_errors_are_fatal| flag correctly.
9626 // This flag will cause the interstitial to be fatal.
TEST_F(HTTPSRequestTest,HTTPSPreloadedHSTSTest)9627 TEST_F(HTTPSRequestTest, HTTPSPreloadedHSTSTest) {
9628 SetTransportSecurityStateSourceForTesting(&test_default::kHSTSSource);
9629
9630 EmbeddedTestServer test_server(net::EmbeddedTestServer::TYPE_HTTPS);
9631 test_server.SetSSLConfig(net::EmbeddedTestServer::CERT_MISMATCHED_NAME);
9632 test_server.ServeFilesFromSourceDirectory("net/data/ssl");
9633 ASSERT_TRUE(test_server.Start());
9634
9635 // We require that the URL be hsts-hpkp-preloaded.test. This is a test domain
9636 // that has a preloaded HSTS+HPKP entry in the TransportSecurityState. This
9637 // means that we have to use a MockHostResolver in order to direct
9638 // hsts-hpkp-preloaded.test to the testserver.
9639
9640 auto host_resolver = std::make_unique<MockHostResolver>();
9641 host_resolver->rules()->AddRule("hsts-hpkp-preloaded.test",
9642 test_server.GetIPLiteralString());
9643 auto context_builder = CreateTestURLRequestContextBuilder();
9644 context_builder->set_host_resolver(std::move(host_resolver));
9645 auto context = context_builder->Build();
9646
9647 TestDelegate d;
9648 std::unique_ptr<URLRequest> r(context->CreateRequest(
9649 GURL(base::StringPrintf("https://hsts-hpkp-preloaded.test:%d",
9650 test_server.host_port_pair().port())),
9651 DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
9652
9653 r->Start();
9654 EXPECT_TRUE(r->is_pending());
9655
9656 d.RunUntilComplete();
9657
9658 EXPECT_EQ(1, d.response_started_count());
9659 EXPECT_FALSE(d.received_data_before_response());
9660 EXPECT_TRUE(d.have_certificate_errors());
9661 EXPECT_TRUE(d.certificate_errors_are_fatal());
9662 }
9663
9664 // This tests that cached HTTPS page loads do not cause any updates to the
9665 // TransportSecurityState.
TEST_F(HTTPSRequestTest,HTTPSErrorsNoClobberTSSTest)9666 TEST_F(HTTPSRequestTest, HTTPSErrorsNoClobberTSSTest) {
9667 base::test::ScopedFeatureList scoped_feature_list_;
9668 scoped_feature_list_.InitAndEnableFeature(
9669 net::features::kStaticKeyPinningEnforcement);
9670 SetTransportSecurityStateSourceForTesting(&test_default::kHSTSSource);
9671
9672 // The actual problem -- CERT_MISMATCHED_NAME in this case -- doesn't
9673 // matter. It just has to be any error.
9674 EmbeddedTestServer test_server(net::EmbeddedTestServer::TYPE_HTTPS);
9675 test_server.SetSSLConfig(net::EmbeddedTestServer::CERT_MISMATCHED_NAME);
9676 test_server.ServeFilesFromSourceDirectory("net/data/ssl");
9677 ASSERT_TRUE(test_server.Start());
9678
9679 // We require that the URL be hsts-hpkp-preloaded.test. This is a test domain
9680 // that has a preloaded HSTS+HPKP entry in the TransportSecurityState. This
9681 // means that we have to use a MockHostResolver in order to direct
9682 // hsts-hpkp-preloaded.test to the testserver.
9683
9684 auto host_resolver = std::make_unique<MockHostResolver>();
9685 host_resolver->rules()->AddRule("hsts-hpkp-preloaded.test",
9686 test_server.GetIPLiteralString());
9687 auto context_builder = CreateTestURLRequestContextBuilder();
9688 context_builder->set_host_resolver(std::move(host_resolver));
9689 auto context = context_builder->Build();
9690 ASSERT_TRUE(context->transport_security_state());
9691 TransportSecurityState& transport_security_state =
9692 *context->transport_security_state();
9693
9694 transport_security_state.EnableStaticPinsForTesting();
9695 transport_security_state.SetPinningListAlwaysTimelyForTesting(true);
9696
9697 TransportSecurityState::STSState static_sts_state;
9698 TransportSecurityState::PKPState static_pkp_state;
9699 EXPECT_TRUE(transport_security_state.GetStaticSTSState(
9700 "hsts-hpkp-preloaded.test", &static_sts_state));
9701 EXPECT_TRUE(transport_security_state.GetStaticPKPState(
9702 "hsts-hpkp-preloaded.test", &static_pkp_state));
9703
9704 TransportSecurityState::STSState dynamic_sts_state;
9705 TransportSecurityState::PKPState dynamic_pkp_state;
9706 EXPECT_FALSE(transport_security_state.GetDynamicSTSState(
9707 "hsts-hpkp-preloaded.test", &dynamic_sts_state));
9708 EXPECT_FALSE(transport_security_state.GetDynamicPKPState(
9709 "hsts-hpkp-preloaded.test", &dynamic_pkp_state));
9710
9711 TestDelegate d;
9712 std::unique_ptr<URLRequest> r(context->CreateRequest(
9713 GURL(base::StringPrintf("https://hsts-hpkp-preloaded.test:%d",
9714 test_server.host_port_pair().port())),
9715 DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
9716
9717 r->Start();
9718 EXPECT_TRUE(r->is_pending());
9719
9720 d.RunUntilComplete();
9721
9722 EXPECT_EQ(1, d.response_started_count());
9723 EXPECT_FALSE(d.received_data_before_response());
9724 EXPECT_TRUE(d.have_certificate_errors());
9725 EXPECT_TRUE(d.certificate_errors_are_fatal());
9726
9727 // Get a fresh copy of the states, and check that they haven't changed.
9728 TransportSecurityState::STSState new_static_sts_state;
9729 TransportSecurityState::PKPState new_static_pkp_state;
9730 EXPECT_TRUE(transport_security_state.GetStaticSTSState(
9731 "hsts-hpkp-preloaded.test", &new_static_sts_state));
9732 EXPECT_TRUE(transport_security_state.GetStaticPKPState(
9733 "hsts-hpkp-preloaded.test", &new_static_pkp_state));
9734 TransportSecurityState::STSState new_dynamic_sts_state;
9735 TransportSecurityState::PKPState new_dynamic_pkp_state;
9736 EXPECT_FALSE(transport_security_state.GetDynamicSTSState(
9737 "hsts-hpkp-preloaded.test", &new_dynamic_sts_state));
9738 EXPECT_FALSE(transport_security_state.GetDynamicPKPState(
9739 "hsts-hpkp-preloaded.test", &new_dynamic_pkp_state));
9740
9741 EXPECT_EQ(new_static_sts_state.upgrade_mode, static_sts_state.upgrade_mode);
9742 EXPECT_EQ(new_static_sts_state.include_subdomains,
9743 static_sts_state.include_subdomains);
9744 EXPECT_EQ(new_static_pkp_state.include_subdomains,
9745 static_pkp_state.include_subdomains);
9746 EXPECT_EQ(new_static_pkp_state.spki_hashes, static_pkp_state.spki_hashes);
9747 EXPECT_EQ(new_static_pkp_state.bad_spki_hashes,
9748 static_pkp_state.bad_spki_hashes);
9749 }
9750
9751 // Make sure HSTS preserves a POST request's method and body.
TEST_F(HTTPSRequestTest,HSTSPreservesPosts)9752 TEST_F(HTTPSRequestTest, HSTSPreservesPosts) {
9753 static const char kData[] = "hello world";
9754
9755 EmbeddedTestServer test_server(net::EmbeddedTestServer::TYPE_HTTPS);
9756 RegisterDefaultHandlers(&test_server);
9757 ASSERT_TRUE(test_server.Start());
9758
9759 // Per spec, TransportSecurityState expects a domain name, rather than an IP
9760 // address, so a MockHostResolver is needed to redirect www.somewhere.com to
9761 // the EmbeddedTestServer.
9762 auto host_resolver = std::make_unique<MockHostResolver>();
9763 host_resolver->rules()->AddRule("www.somewhere.com",
9764 test_server.GetIPLiteralString());
9765
9766 auto context_builder = CreateTestURLRequestContextBuilder();
9767 context_builder->set_host_resolver(std::move(host_resolver));
9768 auto& network_delegate = *context_builder->set_network_delegate(
9769 std::make_unique<TestNetworkDelegate>());
9770 auto context = context_builder->Build();
9771 ASSERT_TRUE(context->transport_security_state());
9772 TransportSecurityState& transport_security_state =
9773 *context->transport_security_state();
9774 // Force https for www.somewhere.com.
9775 base::Time expiry = base::Time::Now() + base::Days(1000);
9776 bool include_subdomains = false;
9777 transport_security_state.AddHSTS("www.somewhere.com", expiry,
9778 include_subdomains);
9779
9780 TestDelegate d;
9781 // Navigating to https://www.somewhere.com instead of https://127.0.0.1 will
9782 // cause a certificate error. Ignore the error.
9783 d.set_allow_certificate_errors(true);
9784
9785 std::unique_ptr<URLRequest> req(context->CreateRequest(
9786 GURL(base::StringPrintf("http://www.somewhere.com:%d/echo",
9787 test_server.host_port_pair().port())),
9788 DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
9789 req->set_method("POST");
9790 req->set_upload(CreateSimpleUploadData(kData));
9791
9792 req->Start();
9793 d.RunUntilComplete();
9794
9795 EXPECT_EQ("https", req->url().scheme());
9796 EXPECT_EQ("POST", req->method());
9797 EXPECT_EQ(kData, d.data_received());
9798
9799 LoadTimingInfo load_timing_info;
9800 network_delegate.GetLoadTimingInfoBeforeRedirect(&load_timing_info);
9801 // LoadTimingInfo of HSTS redirects is similar to that of network cache hits
9802 TestLoadTimingCacheHitNoNetwork(load_timing_info);
9803 }
9804
9805 // Make sure that the CORS headers are added to cross-origin HSTS redirects.
TEST_F(HTTPSRequestTest,HSTSCrossOriginAddHeaders)9806 TEST_F(HTTPSRequestTest, HSTSCrossOriginAddHeaders) {
9807 static const char kOriginHeaderValue[] = "http://www.example.com";
9808
9809 EmbeddedTestServer test_server(net::EmbeddedTestServer::TYPE_HTTPS);
9810 test_server.ServeFilesFromSourceDirectory("net/data/ssl");
9811 ASSERT_TRUE(test_server.Start());
9812
9813 auto cert_verifier = std::make_unique<MockCertVerifier>();
9814 cert_verifier->set_default_result(OK);
9815
9816 auto context_builder = CreateTestURLRequestContextBuilder();
9817 context_builder->SetCertVerifier(std::move(cert_verifier));
9818 auto context = context_builder->Build();
9819 ASSERT_TRUE(context->transport_security_state());
9820 TransportSecurityState& transport_security_state =
9821 *context->transport_security_state();
9822 base::Time expiry = base::Time::Now() + base::Days(1);
9823 bool include_subdomains = false;
9824 transport_security_state.AddHSTS("example.net", expiry, include_subdomains);
9825
9826 GURL hsts_http_url(base::StringPrintf("http://example.net:%d/somehstssite",
9827 test_server.host_port_pair().port()));
9828 GURL::Replacements replacements;
9829 replacements.SetSchemeStr("https");
9830 GURL hsts_https_url = hsts_http_url.ReplaceComponents(replacements);
9831
9832 TestDelegate d;
9833
9834 std::unique_ptr<URLRequest> req(context->CreateRequest(
9835 hsts_http_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
9836 // Set Origin header to simulate a cross-origin request.
9837 HttpRequestHeaders request_headers;
9838 request_headers.SetHeader("Origin", kOriginHeaderValue);
9839 req->SetExtraRequestHeaders(request_headers);
9840
9841 req->Start();
9842 d.RunUntilRedirect();
9843
9844 EXPECT_EQ(1, d.received_redirect_count());
9845
9846 const HttpResponseHeaders* headers = req->response_headers();
9847 std::string redirect_location;
9848 EXPECT_TRUE(
9849 headers->EnumerateHeader(nullptr, "Location", &redirect_location));
9850 EXPECT_EQ(hsts_https_url.spec(), redirect_location);
9851
9852 std::string received_cors_header;
9853 EXPECT_TRUE(headers->EnumerateHeader(nullptr, "Access-Control-Allow-Origin",
9854 &received_cors_header));
9855 EXPECT_EQ(kOriginHeaderValue, received_cors_header);
9856
9857 std::string received_corp_header;
9858 EXPECT_TRUE(headers->EnumerateHeader(nullptr, "Cross-Origin-Resource-Policy",
9859 &received_corp_header));
9860 EXPECT_EQ("Cross-Origin", received_corp_header);
9861 }
9862
9863 namespace {
9864
9865 class SSLClientAuthTestDelegate : public TestDelegate {
9866 public:
SSLClientAuthTestDelegate()9867 SSLClientAuthTestDelegate() { set_on_complete(base::DoNothing()); }
OnCertificateRequested(URLRequest * request,SSLCertRequestInfo * cert_request_info)9868 void OnCertificateRequested(URLRequest* request,
9869 SSLCertRequestInfo* cert_request_info) override {
9870 on_certificate_requested_count_++;
9871 std::move(on_certificate_requested_).Run();
9872 }
RunUntilCertificateRequested()9873 void RunUntilCertificateRequested() {
9874 base::RunLoop run_loop;
9875 on_certificate_requested_ = run_loop.QuitClosure();
9876 run_loop.Run();
9877 }
on_certificate_requested_count()9878 int on_certificate_requested_count() {
9879 return on_certificate_requested_count_;
9880 }
9881
9882 private:
9883 int on_certificate_requested_count_ = 0;
9884 base::OnceClosure on_certificate_requested_;
9885 };
9886
9887 class TestSSLPrivateKey : public SSLPrivateKey {
9888 public:
TestSSLPrivateKey(scoped_refptr<SSLPrivateKey> key)9889 explicit TestSSLPrivateKey(scoped_refptr<SSLPrivateKey> key)
9890 : key_(std::move(key)) {}
9891
set_fail_signing(bool fail_signing)9892 void set_fail_signing(bool fail_signing) { fail_signing_ = fail_signing; }
sign_count() const9893 int sign_count() const { return sign_count_; }
9894
GetProviderName()9895 std::string GetProviderName() override { return key_->GetProviderName(); }
GetAlgorithmPreferences()9896 std::vector<uint16_t> GetAlgorithmPreferences() override {
9897 return key_->GetAlgorithmPreferences();
9898 }
Sign(uint16_t algorithm,base::span<const uint8_t> input,SignCallback callback)9899 void Sign(uint16_t algorithm,
9900 base::span<const uint8_t> input,
9901 SignCallback callback) override {
9902 sign_count_++;
9903 if (fail_signing_) {
9904 base::SingleThreadTaskRunner::GetCurrentDefault()->PostTask(
9905 FROM_HERE, base::BindOnce(std::move(callback),
9906 ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED,
9907 std::vector<uint8_t>()));
9908 } else {
9909 key_->Sign(algorithm, input, std::move(callback));
9910 }
9911 }
9912
9913 private:
9914 ~TestSSLPrivateKey() override = default;
9915
9916 scoped_refptr<SSLPrivateKey> key_;
9917 bool fail_signing_ = false;
9918 int sign_count_ = 0;
9919 };
9920
9921 } // namespace
9922
9923 // TODO(davidben): Test the rest of the code. Specifically,
9924 // - Filtering which certificates to select.
9925 // - Getting a certificate request in an SSL renegotiation sending the
9926 // HTTP request.
TEST_F(HTTPSRequestTest,ClientAuthNoCertificate)9927 TEST_F(HTTPSRequestTest, ClientAuthNoCertificate) {
9928 EmbeddedTestServer test_server(net::EmbeddedTestServer::TYPE_HTTPS);
9929 net::SSLServerConfig ssl_config;
9930 ssl_config.client_cert_type =
9931 SSLServerConfig::ClientCertType::OPTIONAL_CLIENT_CERT;
9932 test_server.SetSSLConfig(EmbeddedTestServer::CERT_OK, ssl_config);
9933 RegisterDefaultHandlers(&test_server);
9934 ASSERT_TRUE(test_server.Start());
9935
9936 SSLClientAuthTestDelegate d;
9937 {
9938 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
9939 test_server.GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d,
9940 TRAFFIC_ANNOTATION_FOR_TESTS));
9941
9942 r->Start();
9943 EXPECT_TRUE(r->is_pending());
9944
9945 d.RunUntilCertificateRequested();
9946 EXPECT_TRUE(r->is_pending());
9947
9948 EXPECT_EQ(1, d.on_certificate_requested_count());
9949 EXPECT_FALSE(d.received_data_before_response());
9950 EXPECT_EQ(0, d.bytes_received());
9951
9952 // Send no certificate.
9953 // TODO(davidben): Get temporary client cert import (with keys) working on
9954 // all platforms so we can test sending a cert as well.
9955 r->ContinueWithCertificate(nullptr, nullptr);
9956
9957 d.RunUntilComplete();
9958
9959 EXPECT_EQ(OK, d.request_status());
9960 EXPECT_EQ(1, d.response_started_count());
9961 EXPECT_FALSE(d.received_data_before_response());
9962 EXPECT_NE(0, d.bytes_received());
9963 }
9964 }
9965
TEST_F(HTTPSRequestTest,ClientAuth)9966 TEST_F(HTTPSRequestTest, ClientAuth) {
9967 std::unique_ptr<FakeClientCertIdentity> identity =
9968 FakeClientCertIdentity::CreateFromCertAndKeyFiles(
9969 GetTestCertsDirectory(), "client_1.pem", "client_1.pk8");
9970 ASSERT_TRUE(identity);
9971 scoped_refptr<TestSSLPrivateKey> private_key =
9972 base::MakeRefCounted<TestSSLPrivateKey>(identity->ssl_private_key());
9973
9974 EmbeddedTestServer test_server(net::EmbeddedTestServer::TYPE_HTTPS);
9975 net::SSLServerConfig ssl_config;
9976 ssl_config.client_cert_type =
9977 SSLServerConfig::ClientCertType::REQUIRE_CLIENT_CERT;
9978 test_server.SetSSLConfig(EmbeddedTestServer::CERT_OK, ssl_config);
9979 RegisterDefaultHandlers(&test_server);
9980 ASSERT_TRUE(test_server.Start());
9981
9982 {
9983 SSLClientAuthTestDelegate d;
9984 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
9985 test_server.GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d,
9986 TRAFFIC_ANNOTATION_FOR_TESTS));
9987
9988 r->Start();
9989 EXPECT_TRUE(r->is_pending());
9990
9991 d.RunUntilCertificateRequested();
9992 EXPECT_TRUE(r->is_pending());
9993
9994 EXPECT_EQ(1, d.on_certificate_requested_count());
9995 EXPECT_FALSE(d.received_data_before_response());
9996 EXPECT_EQ(0, d.bytes_received());
9997
9998 // Send a certificate.
9999 r->ContinueWithCertificate(identity->certificate(), private_key);
10000
10001 d.RunUntilComplete();
10002
10003 EXPECT_EQ(OK, d.request_status());
10004 EXPECT_EQ(1, d.response_started_count());
10005 EXPECT_FALSE(d.received_data_before_response());
10006 EXPECT_NE(0, d.bytes_received());
10007
10008 // The private key should have been used.
10009 EXPECT_EQ(1, private_key->sign_count());
10010 }
10011
10012 // Close all connections and clear the session cache to force a new handshake.
10013 default_context()
10014 .http_transaction_factory()
10015 ->GetSession()
10016 ->CloseAllConnections(ERR_FAILED, "Very good reason");
10017 default_context()
10018 .http_transaction_factory()
10019 ->GetSession()
10020 ->ClearSSLSessionCache();
10021
10022 // Connecting again should not call OnCertificateRequested. The identity is
10023 // taken from the client auth cache.
10024 {
10025 SSLClientAuthTestDelegate d;
10026 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
10027 test_server.GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d,
10028 TRAFFIC_ANNOTATION_FOR_TESTS));
10029
10030 r->Start();
10031 EXPECT_TRUE(r->is_pending());
10032
10033 d.RunUntilComplete();
10034
10035 EXPECT_EQ(OK, d.request_status());
10036 EXPECT_EQ(0, d.on_certificate_requested_count());
10037 EXPECT_FALSE(d.received_data_before_response());
10038 EXPECT_EQ(1, d.response_started_count());
10039 EXPECT_FALSE(d.received_data_before_response());
10040 EXPECT_NE(0, d.bytes_received());
10041
10042 // The private key should have been used.
10043 EXPECT_EQ(2, private_key->sign_count());
10044 }
10045 }
10046
10047 // Test that private keys that fail to sign anything get evicted from the cache.
TEST_F(HTTPSRequestTest,ClientAuthFailSigning)10048 TEST_F(HTTPSRequestTest, ClientAuthFailSigning) {
10049 std::unique_ptr<FakeClientCertIdentity> identity =
10050 FakeClientCertIdentity::CreateFromCertAndKeyFiles(
10051 GetTestCertsDirectory(), "client_1.pem", "client_1.pk8");
10052 ASSERT_TRUE(identity);
10053 scoped_refptr<TestSSLPrivateKey> private_key =
10054 base::MakeRefCounted<TestSSLPrivateKey>(identity->ssl_private_key());
10055 private_key->set_fail_signing(true);
10056
10057 EmbeddedTestServer test_server(net::EmbeddedTestServer::TYPE_HTTPS);
10058 net::SSLServerConfig ssl_config;
10059 ssl_config.client_cert_type =
10060 SSLServerConfig::ClientCertType::REQUIRE_CLIENT_CERT;
10061 test_server.SetSSLConfig(EmbeddedTestServer::CERT_OK, ssl_config);
10062 RegisterDefaultHandlers(&test_server);
10063 ASSERT_TRUE(test_server.Start());
10064
10065 {
10066 SSLClientAuthTestDelegate d;
10067 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
10068 test_server.GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d,
10069 TRAFFIC_ANNOTATION_FOR_TESTS));
10070
10071 r->Start();
10072 EXPECT_TRUE(r->is_pending());
10073
10074 d.RunUntilCertificateRequested();
10075 EXPECT_TRUE(r->is_pending());
10076
10077 EXPECT_EQ(1, d.on_certificate_requested_count());
10078 EXPECT_FALSE(d.received_data_before_response());
10079 EXPECT_EQ(0, d.bytes_received());
10080
10081 // Send a certificate.
10082 r->ContinueWithCertificate(identity->certificate(), private_key);
10083 d.RunUntilComplete();
10084
10085 // The private key cannot sign anything, so we report an error.
10086 EXPECT_EQ(ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED, d.request_status());
10087 EXPECT_EQ(1, d.response_started_count());
10088 EXPECT_FALSE(d.received_data_before_response());
10089 EXPECT_EQ(0, d.bytes_received());
10090
10091 // The private key should have been used.
10092 EXPECT_EQ(1, private_key->sign_count());
10093 }
10094
10095 // Close all connections and clear the session cache to force a new handshake.
10096 default_context()
10097 .http_transaction_factory()
10098 ->GetSession()
10099 ->CloseAllConnections(ERR_FAILED, "Very good reason");
10100 default_context()
10101 .http_transaction_factory()
10102 ->GetSession()
10103 ->ClearSSLSessionCache();
10104
10105 // The bad identity should have been evicted from the cache, so connecting
10106 // again should call OnCertificateRequested again.
10107 {
10108 SSLClientAuthTestDelegate d;
10109 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
10110 test_server.GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d,
10111 TRAFFIC_ANNOTATION_FOR_TESTS));
10112
10113 r->Start();
10114 EXPECT_TRUE(r->is_pending());
10115
10116 d.RunUntilCertificateRequested();
10117 EXPECT_TRUE(r->is_pending());
10118
10119 EXPECT_EQ(1, d.on_certificate_requested_count());
10120 EXPECT_FALSE(d.received_data_before_response());
10121 EXPECT_EQ(0, d.bytes_received());
10122
10123 // There should have been no additional uses of the private key.
10124 EXPECT_EQ(1, private_key->sign_count());
10125 }
10126 }
10127
10128 // Test that cached private keys that fail to sign anything trigger a
10129 // retry. This is so we handle unplugged smartcards
10130 // gracefully. https://crbug.com/813022.
TEST_F(HTTPSRequestTest,ClientAuthFailSigningRetry)10131 TEST_F(HTTPSRequestTest, ClientAuthFailSigningRetry) {
10132 std::unique_ptr<FakeClientCertIdentity> identity =
10133 FakeClientCertIdentity::CreateFromCertAndKeyFiles(
10134 GetTestCertsDirectory(), "client_1.pem", "client_1.pk8");
10135 ASSERT_TRUE(identity);
10136 scoped_refptr<TestSSLPrivateKey> private_key =
10137 base::MakeRefCounted<TestSSLPrivateKey>(identity->ssl_private_key());
10138
10139 EmbeddedTestServer test_server(net::EmbeddedTestServer::TYPE_HTTPS);
10140 net::SSLServerConfig ssl_config;
10141 ssl_config.client_cert_type =
10142 SSLServerConfig::ClientCertType::REQUIRE_CLIENT_CERT;
10143 test_server.SetSSLConfig(EmbeddedTestServer::CERT_OK, ssl_config);
10144 RegisterDefaultHandlers(&test_server);
10145 ASSERT_TRUE(test_server.Start());
10146
10147 // Connect with a client certificate to put it in the client auth cache.
10148 {
10149 SSLClientAuthTestDelegate d;
10150 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
10151 test_server.GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d,
10152 TRAFFIC_ANNOTATION_FOR_TESTS));
10153
10154 r->Start();
10155 EXPECT_TRUE(r->is_pending());
10156
10157 d.RunUntilCertificateRequested();
10158 EXPECT_TRUE(r->is_pending());
10159
10160 EXPECT_EQ(1, d.on_certificate_requested_count());
10161 EXPECT_FALSE(d.received_data_before_response());
10162 EXPECT_EQ(0, d.bytes_received());
10163
10164 r->ContinueWithCertificate(identity->certificate(), private_key);
10165 d.RunUntilComplete();
10166
10167 EXPECT_EQ(OK, d.request_status());
10168 EXPECT_EQ(1, d.response_started_count());
10169 EXPECT_FALSE(d.received_data_before_response());
10170 EXPECT_NE(0, d.bytes_received());
10171
10172 // The private key should have been used.
10173 EXPECT_EQ(1, private_key->sign_count());
10174 }
10175
10176 // Close all connections and clear the session cache to force a new handshake.
10177 default_context()
10178 .http_transaction_factory()
10179 ->GetSession()
10180 ->CloseAllConnections(ERR_FAILED, "Very good reason");
10181 default_context()
10182 .http_transaction_factory()
10183 ->GetSession()
10184 ->ClearSSLSessionCache();
10185
10186 // Cause the private key to fail. Connecting again should attempt to use it,
10187 // notice the failure, and then request a new identity via
10188 // OnCertificateRequested.
10189 private_key->set_fail_signing(true);
10190
10191 {
10192 SSLClientAuthTestDelegate d;
10193 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
10194 test_server.GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d,
10195 TRAFFIC_ANNOTATION_FOR_TESTS));
10196
10197 r->Start();
10198 EXPECT_TRUE(r->is_pending());
10199
10200 d.RunUntilCertificateRequested();
10201 EXPECT_TRUE(r->is_pending());
10202
10203 // There was an additional signing call on the private key (the one which
10204 // failed).
10205 EXPECT_EQ(2, private_key->sign_count());
10206
10207 // That caused another OnCertificateRequested call.
10208 EXPECT_EQ(1, d.on_certificate_requested_count());
10209 EXPECT_FALSE(d.received_data_before_response());
10210 EXPECT_EQ(0, d.bytes_received());
10211 }
10212 }
10213
TEST_F(HTTPSRequestTest,ResumeTest)10214 TEST_F(HTTPSRequestTest, ResumeTest) {
10215 // Test that we attempt resume sessions when making two connections to the
10216 // same host.
10217 EmbeddedTestServer test_server(EmbeddedTestServer::TYPE_HTTPS);
10218 RegisterDefaultHandlers(&test_server);
10219 ASSERT_TRUE(test_server.Start());
10220 const auto url = test_server.GetURL("/");
10221
10222 default_context()
10223 .http_transaction_factory()
10224 ->GetSession()
10225 ->ClearSSLSessionCache();
10226
10227 {
10228 TestDelegate d;
10229 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
10230 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
10231
10232 r->Start();
10233 EXPECT_TRUE(r->is_pending());
10234
10235 d.RunUntilComplete();
10236
10237 EXPECT_EQ(1, d.response_started_count());
10238 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, r->ssl_info().handshake_type);
10239 }
10240
10241 reinterpret_cast<HttpCache*>(default_context().http_transaction_factory())
10242 ->CloseAllConnections(ERR_FAILED, "Very good reason");
10243
10244 {
10245 TestDelegate d;
10246 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
10247 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
10248
10249 r->Start();
10250 EXPECT_TRUE(r->is_pending());
10251
10252 d.RunUntilComplete();
10253
10254 EXPECT_EQ(1, d.response_started_count());
10255 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, r->ssl_info().handshake_type);
10256 }
10257 }
10258
10259 // Test that sessions aren't resumed across URLRequestContexts.
TEST_F(HTTPSRequestTest,SSLSessionCacheShardTest)10260 TEST_F(HTTPSRequestTest, SSLSessionCacheShardTest) {
10261 // Start a server.
10262 EmbeddedTestServer test_server(EmbeddedTestServer::TYPE_HTTPS);
10263 RegisterDefaultHandlers(&test_server);
10264 ASSERT_TRUE(test_server.Start());
10265 const auto url = test_server.GetURL("/");
10266
10267 // Connect to the server once. This will add an entry to the session cache.
10268 {
10269 TestDelegate d;
10270 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
10271 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
10272
10273 r->Start();
10274 EXPECT_TRUE(r->is_pending());
10275
10276 d.RunUntilComplete();
10277
10278 EXPECT_EQ(1, d.response_started_count());
10279 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, r->ssl_info().handshake_type);
10280 }
10281
10282 // Clear the socket pools and connect again. This should resume the previous
10283 // session.
10284 default_context()
10285 .http_transaction_factory()
10286 ->GetSession()
10287 ->CloseAllConnections(ERR_FAILED, /*net_log_reason_utf8=*/"");
10288
10289 {
10290 TestDelegate d;
10291 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
10292 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
10293
10294 r->Start();
10295 EXPECT_TRUE(r->is_pending());
10296
10297 d.RunUntilComplete();
10298
10299 EXPECT_EQ(1, d.response_started_count());
10300 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, r->ssl_info().handshake_type);
10301 }
10302
10303 // Now fetch on a new URLRequestContext. This should not resume the session.
10304 auto context_builder = CreateTestURLRequestContextBuilder();
10305 auto other_context = context_builder->Build();
10306
10307 {
10308 TestDelegate d;
10309 std::unique_ptr<URLRequest> r(other_context->CreateRequest(
10310 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
10311
10312 r->Start();
10313 EXPECT_TRUE(r->is_pending());
10314
10315 d.RunUntilComplete();
10316
10317 EXPECT_EQ(1, d.response_started_count());
10318 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, r->ssl_info().handshake_type);
10319 }
10320 }
10321
10322 // Test that sessions started with privacy mode enabled cannot be resumed when
10323 // it is disabled, and vice versa.
TEST_F(HTTPSRequestTest,NoSessionResumptionBetweenPrivacyModes)10324 TEST_F(HTTPSRequestTest, NoSessionResumptionBetweenPrivacyModes) {
10325 // Start a server.
10326 EmbeddedTestServer test_server(EmbeddedTestServer::TYPE_HTTPS);
10327 RegisterDefaultHandlers(&test_server);
10328 ASSERT_TRUE(test_server.Start());
10329 const auto url = test_server.GetURL("/");
10330
10331 auto ConnectAndCheckHandshake = [this, url](bool allow_credentials,
10332 auto expected_handshake) {
10333 // Construct request and indirectly set the privacy mode.
10334 TestDelegate d;
10335 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
10336 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
10337 r->set_allow_credentials(allow_credentials);
10338
10339 // Start the request and check the SSL handshake type.
10340 r->Start();
10341 EXPECT_TRUE(r->is_pending());
10342 d.RunUntilComplete();
10343 EXPECT_EQ(1, d.response_started_count());
10344 EXPECT_EQ(expected_handshake, r->ssl_info().handshake_type);
10345 };
10346
10347 // Exhaustively check all pairs of privacy mode values. Note that we are using
10348 // allow_credentials to indirectly enable/disable privacy mode.
10349 const bool kAllowCredentialsValues[] = {false, true};
10350 for (const auto allow_creds_1 : kAllowCredentialsValues) {
10351 for (const auto allow_creds_2 : kAllowCredentialsValues) {
10352 SCOPED_TRACE(base::StringPrintf("allow_creds_1=%d, allow_creds_2=%d",
10353 allow_creds_1, allow_creds_2));
10354
10355 // The session cache starts off empty, so we expect a full handshake.
10356 ConnectAndCheckHandshake(allow_creds_1, SSLInfo::HANDSHAKE_FULL);
10357
10358 // The second handshake depends on whether we are using the same session
10359 // cache as the first request.
10360 ConnectAndCheckHandshake(allow_creds_2, allow_creds_1 == allow_creds_2
10361 ? SSLInfo::HANDSHAKE_RESUME
10362 : SSLInfo::HANDSHAKE_FULL);
10363 // Flush both session caches.
10364 auto* network_session =
10365 default_context().http_transaction_factory()->GetSession();
10366 network_session->ClearSSLSessionCache();
10367 }
10368 }
10369 }
10370
10371 class HTTPSFallbackTest : public TestWithTaskEnvironment {
10372 public:
HTTPSFallbackTest()10373 HTTPSFallbackTest() {
10374 auto context_builder = CreateTestURLRequestContextBuilder();
10375 context_builder->set_ssl_config_service(
10376 std::make_unique<TestSSLConfigService>(SSLContextConfig()));
10377 context_ = context_builder->Build();
10378 }
10379 ~HTTPSFallbackTest() override = default;
10380
10381 protected:
DoFallbackTest(const SSLServerConfig & ssl_config)10382 void DoFallbackTest(const SSLServerConfig& ssl_config) {
10383 DCHECK(!request_);
10384 delegate_.set_allow_certificate_errors(true);
10385
10386 EmbeddedTestServer test_server(EmbeddedTestServer::TYPE_HTTPS);
10387 test_server.SetSSLConfig(EmbeddedTestServer::CERT_OK, ssl_config);
10388 ASSERT_TRUE(test_server.Start());
10389
10390 request_ =
10391 context_->CreateRequest(test_server.GetURL("/"), DEFAULT_PRIORITY,
10392 &delegate_, TRAFFIC_ANNOTATION_FOR_TESTS);
10393 request_->Start();
10394
10395 delegate_.RunUntilComplete();
10396 }
10397
ExpectConnection(int version)10398 void ExpectConnection(int version) {
10399 EXPECT_EQ(1, delegate_.response_started_count());
10400 EXPECT_NE(0, delegate_.bytes_received());
10401 EXPECT_EQ(version, SSLConnectionStatusToVersion(
10402 request_->ssl_info().connection_status));
10403 }
10404
ExpectFailure(int error)10405 void ExpectFailure(int error) {
10406 EXPECT_EQ(1, delegate_.response_started_count());
10407 EXPECT_EQ(error, delegate_.request_status());
10408 }
10409
10410 private:
10411 TestDelegate delegate_;
10412 std::unique_ptr<URLRequestContext> context_;
10413 std::unique_ptr<URLRequest> request_;
10414 };
10415
10416 // Tests the TLS 1.0 fallback doesn't happen.
TEST_F(HTTPSFallbackTest,TLSv1NoFallback)10417 TEST_F(HTTPSFallbackTest, TLSv1NoFallback) {
10418 net::SSLServerConfig ssl_config;
10419 ssl_config.client_hello_callback_for_testing =
10420 base::BindRepeating([](const SSL_CLIENT_HELLO* client_hello) {
10421 // Reject ClientHellos with version >= TLS 1.1.
10422 return client_hello->version <= TLS1_VERSION;
10423 });
10424
10425 ASSERT_NO_FATAL_FAILURE(DoFallbackTest(ssl_config));
10426 ExpectFailure(ERR_SSL_VERSION_OR_CIPHER_MISMATCH);
10427 }
10428
10429 // Tests the TLS 1.1 fallback doesn't happen.
TEST_F(HTTPSFallbackTest,TLSv1_1NoFallback)10430 TEST_F(HTTPSFallbackTest, TLSv1_1NoFallback) {
10431 net::SSLServerConfig ssl_config;
10432 ssl_config.client_hello_callback_for_testing =
10433 base::BindRepeating([](const SSL_CLIENT_HELLO* client_hello) {
10434 // Reject ClientHellos with version >= TLS 1.2.
10435 return client_hello->version <= TLS1_1_VERSION;
10436 });
10437
10438 ASSERT_NO_FATAL_FAILURE(DoFallbackTest(ssl_config));
10439 ExpectFailure(ERR_SSL_VERSION_OR_CIPHER_MISMATCH);
10440 }
10441
10442 // Tests the TLS 1.2 fallback doesn't happen.
TEST_F(HTTPSFallbackTest,TLSv1_2NoFallback)10443 TEST_F(HTTPSFallbackTest, TLSv1_2NoFallback) {
10444 net::SSLServerConfig ssl_config;
10445 ssl_config.client_hello_callback_for_testing =
10446 base::BindRepeating([](const SSL_CLIENT_HELLO* client_hello) {
10447 // Reject ClientHellos with a supported_versions extension. TLS 1.3 is
10448 // signaled via an extension rather than the legacy version field.
10449 const uint8_t* data;
10450 size_t len;
10451 return !SSL_early_callback_ctx_extension_get(
10452 client_hello, TLSEXT_TYPE_supported_versions, &data, &len);
10453 });
10454
10455 ASSERT_NO_FATAL_FAILURE(DoFallbackTest(ssl_config));
10456 ExpectFailure(ERR_SSL_VERSION_OR_CIPHER_MISMATCH);
10457 }
10458
10459 class HTTPSSessionTest : public TestWithTaskEnvironment {
10460 public:
HTTPSSessionTest()10461 HTTPSSessionTest() {
10462 auto context_builder = CreateTestURLRequestContextBuilder();
10463 context_builder->SetCertVerifier(std::make_unique<MockCertVerifier>());
10464 default_context_ = context_builder->Build();
10465
10466 default_cert_verifier().set_default_result(OK);
10467 }
10468 ~HTTPSSessionTest() override = default;
10469
default_context()10470 URLRequestContext& default_context() { return *default_context_; }
default_cert_verifier()10471 MockCertVerifier& default_cert_verifier() {
10472 // This cast is safe because we provided a MockCertVerifier in the ctor.
10473 return *static_cast<MockCertVerifier*>(default_context_->cert_verifier());
10474 }
10475
10476 private:
10477 std::unique_ptr<URLRequestContext> default_context_;
10478 };
10479
10480 // Tests that session resumption is not attempted if an invalid certificate
10481 // is presented.
TEST_F(HTTPSSessionTest,DontResumeSessionsForInvalidCertificates)10482 TEST_F(HTTPSSessionTest, DontResumeSessionsForInvalidCertificates) {
10483 EmbeddedTestServer test_server(EmbeddedTestServer::TYPE_HTTPS);
10484 RegisterDefaultHandlers(&test_server);
10485 ASSERT_TRUE(test_server.Start());
10486 const auto url = test_server.GetURL("/");
10487
10488 default_context()
10489 .http_transaction_factory()
10490 ->GetSession()
10491 ->ClearSSLSessionCache();
10492
10493 // Simulate the certificate being expired and attempt a connection.
10494 default_cert_verifier().set_default_result(ERR_CERT_DATE_INVALID);
10495 {
10496 TestDelegate d;
10497 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
10498 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
10499
10500 r->Start();
10501 EXPECT_TRUE(r->is_pending());
10502
10503 d.RunUntilComplete();
10504
10505 EXPECT_EQ(1, d.response_started_count());
10506 }
10507
10508 reinterpret_cast<HttpCache*>(default_context().http_transaction_factory())
10509 ->CloseAllConnections(ERR_FAILED, "Very good reason");
10510
10511 // Now change the certificate to be acceptable (so that the response is
10512 // loaded), and ensure that no session id is presented to the peer.
10513 default_cert_verifier().set_default_result(OK);
10514 {
10515 TestDelegate d;
10516 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
10517 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
10518
10519 r->Start();
10520 EXPECT_TRUE(r->is_pending());
10521
10522 d.RunUntilComplete();
10523
10524 EXPECT_EQ(1, d.response_started_count());
10525 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, r->ssl_info().handshake_type);
10526 }
10527 }
10528
10529 // Interceptor to check that secure DNS has been disabled. Secure DNS should be
10530 // disabled for any network fetch triggered during certificate verification as
10531 // it could cause a deadlock.
10532 class SecureDnsInterceptor : public net::URLRequestInterceptor {
10533 public:
10534 SecureDnsInterceptor() = default;
10535 ~SecureDnsInterceptor() override = default;
10536
10537 private:
10538 // URLRequestInterceptor implementation:
MaybeInterceptRequest(net::URLRequest * request) const10539 std::unique_ptr<net::URLRequestJob> MaybeInterceptRequest(
10540 net::URLRequest* request) const override {
10541 EXPECT_EQ(SecureDnsPolicy::kDisable, request->secure_dns_policy());
10542 return nullptr;
10543 }
10544 };
10545
10546 class HTTPSCertNetFetchingTest : public HTTPSRequestTest {
10547 public:
10548 HTTPSCertNetFetchingTest() = default;
10549
SetUp()10550 void SetUp() override {
10551 cert_net_fetcher_ = base::MakeRefCounted<CertNetFetcherURLRequest>();
10552 auto cert_verifier =
10553 CertVerifier::CreateDefaultWithoutCaching(cert_net_fetcher_);
10554 updatable_cert_verifier_ = cert_verifier.get();
10555
10556 auto context_builder = CreateTestURLRequestContextBuilder();
10557 context_builder->SetCertVerifier(std::make_unique<CachingCertVerifier>(
10558 std::make_unique<CoalescingCertVerifier>(std::move(cert_verifier))));
10559 context_ = context_builder->Build();
10560
10561 net::URLRequestFilter::GetInstance()->AddHostnameInterceptor(
10562 "http", "127.0.0.1", std::make_unique<SecureDnsInterceptor>());
10563
10564 cert_net_fetcher_->SetURLRequestContext(context_.get());
10565 context_->cert_verifier()->SetConfig(GetCertVerifierConfig());
10566 }
10567
TearDown()10568 void TearDown() override {
10569 cert_net_fetcher_->Shutdown();
10570 net::URLRequestFilter::GetInstance()->ClearHandlers();
10571 }
10572
DoConnectionWithDelegate(base::StringPiece hostname,const EmbeddedTestServer::ServerCertificateConfig & cert_config,TestDelegate * delegate,SSLInfo * out_ssl_info)10573 void DoConnectionWithDelegate(
10574 base::StringPiece hostname,
10575 const EmbeddedTestServer::ServerCertificateConfig& cert_config,
10576 TestDelegate* delegate,
10577 SSLInfo* out_ssl_info) {
10578 // Always overwrite |out_ssl_info|.
10579 out_ssl_info->Reset();
10580
10581 EmbeddedTestServer test_server(EmbeddedTestServer::TYPE_HTTPS);
10582 test_server.SetSSLConfig(cert_config);
10583 RegisterDefaultHandlers(&test_server);
10584 ASSERT_TRUE(test_server.Start());
10585
10586 delegate->set_allow_certificate_errors(true);
10587 std::unique_ptr<URLRequest> r(context_->CreateRequest(
10588 test_server.GetURL(hostname, "/"), DEFAULT_PRIORITY, delegate,
10589 TRAFFIC_ANNOTATION_FOR_TESTS));
10590 r->Start();
10591
10592 delegate->RunUntilComplete();
10593 EXPECT_EQ(1, delegate->response_started_count());
10594
10595 *out_ssl_info = r->ssl_info();
10596 }
10597
DoConnectionWithDelegate(const EmbeddedTestServer::ServerCertificateConfig & cert_config,TestDelegate * delegate,SSLInfo * out_ssl_info)10598 void DoConnectionWithDelegate(
10599 const EmbeddedTestServer::ServerCertificateConfig& cert_config,
10600 TestDelegate* delegate,
10601 SSLInfo* out_ssl_info) {
10602 DoConnectionWithDelegate("127.0.0.1", cert_config, delegate, out_ssl_info);
10603 }
10604
DoConnection(base::StringPiece hostname,const EmbeddedTestServer::ServerCertificateConfig & cert_config,CertStatus * out_cert_status)10605 void DoConnection(
10606 base::StringPiece hostname,
10607 const EmbeddedTestServer::ServerCertificateConfig& cert_config,
10608 CertStatus* out_cert_status) {
10609 // Always overwrite |out_cert_status|.
10610 *out_cert_status = 0;
10611
10612 TestDelegate d;
10613 SSLInfo ssl_info;
10614 ASSERT_NO_FATAL_FAILURE(
10615 DoConnectionWithDelegate(hostname, cert_config, &d, &ssl_info));
10616
10617 *out_cert_status = ssl_info.cert_status;
10618 }
10619
DoConnection(const EmbeddedTestServer::ServerCertificateConfig & cert_config,CertStatus * out_cert_status)10620 void DoConnection(
10621 const EmbeddedTestServer::ServerCertificateConfig& cert_config,
10622 CertStatus* out_cert_status) {
10623 DoConnection("127.0.0.1", cert_config, out_cert_status);
10624 }
10625
10626 protected:
10627 // GetCertVerifierConfig() configures the URLRequestContext that will be used
10628 // for making connections to the testserver. This can be overridden in test
10629 // subclasses for different behaviour.
GetCertVerifierConfig()10630 virtual CertVerifier::Config GetCertVerifierConfig() {
10631 CertVerifier::Config config;
10632 return config;
10633 }
10634
UpdateCertVerifier(scoped_refptr<CRLSet> crl_set)10635 void UpdateCertVerifier(scoped_refptr<CRLSet> crl_set) {
10636 net::CertVerifyProc::ImplParams params;
10637 params.crl_set = std::move(crl_set);
10638 updatable_cert_verifier_->UpdateVerifyProcData(cert_net_fetcher_, params,
10639 {});
10640 }
10641
10642 scoped_refptr<CertNetFetcherURLRequest> cert_net_fetcher_;
10643 std::unique_ptr<URLRequestContext> context_;
10644 raw_ptr<CertVerifierWithUpdatableProc> updatable_cert_verifier_;
10645 };
10646
10647 // The test EV policy OID used for generated certs.
10648 static const char kEVTestCertPolicy[] = "1.3.6.1.4.1.11129.2.4.1";
10649
10650 class HTTPSEVTest : public HTTPSCertNetFetchingTest {
10651 public:
SetUp()10652 void SetUp() override {
10653 HTTPSCertNetFetchingTest::SetUp();
10654
10655 scoped_refptr<X509Certificate> root_cert =
10656 ImportCertFromFile(GetTestCertsDirectory(), "root_ca_cert.pem");
10657 ASSERT_TRUE(root_cert);
10658
10659 ev_test_policy_ = std::make_unique<ScopedTestEVPolicy>(
10660 EVRootCAMetadata::GetInstance(),
10661 X509Certificate::CalculateFingerprint256(root_cert->cert_buffer()),
10662 kEVTestCertPolicy);
10663 }
10664
TearDown()10665 void TearDown() override { HTTPSCertNetFetchingTest::TearDown(); }
10666
10667 private:
10668 std::unique_ptr<ScopedTestEVPolicy> ev_test_policy_;
10669 };
10670
10671 class HTTPSOCSPTest : public HTTPSCertNetFetchingTest {
10672 public:
GetCertVerifierConfig()10673 CertVerifier::Config GetCertVerifierConfig() override {
10674 CertVerifier::Config config;
10675 config.enable_rev_checking = true;
10676 return config;
10677 }
10678 };
10679
UsingBuiltinCertVerifier()10680 static bool UsingBuiltinCertVerifier() {
10681 #if BUILDFLAG(IS_FUCHSIA) || BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) || \
10682 BUILDFLAG(CHROME_ROOT_STORE_ONLY)
10683 return true;
10684 #elif BUILDFLAG(CHROME_ROOT_STORE_OPTIONAL)
10685 return base::FeatureList::IsEnabled(features::kChromeRootStoreUsed);
10686 #else
10687 return false;
10688 #endif
10689 }
10690
10691 // SystemSupportsHardFailRevocationChecking returns true iff the current
10692 // operating system supports revocation checking and can distinguish between
10693 // situations where a given certificate lacks any revocation information (eg:
10694 // no CRLDistributionPoints and no OCSP Responder AuthorityInfoAccess) and when
10695 // revocation information cannot be obtained (eg: the CRL was unreachable).
10696 // If it does not, then tests which rely on 'hard fail' behaviour should be
10697 // skipped.
SystemSupportsHardFailRevocationChecking()10698 static bool SystemSupportsHardFailRevocationChecking() {
10699 return UsingBuiltinCertVerifier();
10700 }
10701
10702 // SystemUsesChromiumEVMetadata returns true iff the current operating system
10703 // uses Chromium's EV metadata (i.e. EVRootCAMetadata). If it does not, then
10704 // several tests are effected because our testing EV certificate won't be
10705 // recognised as EV.
SystemUsesChromiumEVMetadata()10706 static bool SystemUsesChromiumEVMetadata() {
10707 #if defined(PLATFORM_USES_CHROMIUM_EV_METADATA)
10708 return true;
10709 #else
10710 return false;
10711 #endif
10712 }
10713
SystemSupportsOCSP()10714 static bool SystemSupportsOCSP() {
10715 #if BUILDFLAG(IS_ANDROID)
10716 // Unsupported, see http://crbug.com/117478.
10717 return false;
10718 #else
10719 return true;
10720 #endif
10721 }
10722
SystemSupportsOCSPStapling()10723 static bool SystemSupportsOCSPStapling() {
10724 if (UsingBuiltinCertVerifier())
10725 return true;
10726 #if BUILDFLAG(IS_ANDROID)
10727 return false;
10728 #else
10729 return true;
10730 #endif
10731 }
10732
SystemSupportsCRLSets()10733 static bool SystemSupportsCRLSets() {
10734 if (UsingBuiltinCertVerifier())
10735 return true;
10736 #if BUILDFLAG(IS_ANDROID)
10737 return false;
10738 #else
10739 return true;
10740 #endif
10741 }
10742
TEST_F(HTTPSEVTest,EVCheckNoOCSP)10743 TEST_F(HTTPSEVTest, EVCheckNoOCSP) {
10744 if (!SystemUsesChromiumEVMetadata()) {
10745 LOG(WARNING) << "Skipping test because system doesn't support EV";
10746 return;
10747 }
10748 EmbeddedTestServer::ServerCertificateConfig cert_config;
10749 cert_config.policy_oids = {kEVTestCertPolicy};
10750
10751 CertStatus cert_status;
10752 DoConnection(cert_config, &cert_status);
10753
10754 EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS);
10755
10756 EXPECT_EQ(SystemUsesChromiumEVMetadata(),
10757 static_cast<bool>(cert_status & CERT_STATUS_IS_EV));
10758
10759 EXPECT_FALSE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
10760 }
10761
TEST_F(HTTPSOCSPTest,Valid)10762 TEST_F(HTTPSOCSPTest, Valid) {
10763 if (!SystemSupportsOCSP()) {
10764 LOG(WARNING) << "Skipping test because system doesn't support OCSP";
10765 return;
10766 }
10767
10768 EmbeddedTestServer::ServerCertificateConfig cert_config;
10769 cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig(
10770 {{bssl::OCSPRevocationStatus::GOOD,
10771 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}});
10772
10773 CertStatus cert_status;
10774 DoConnection(cert_config, &cert_status);
10775
10776 EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS);
10777
10778 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
10779 }
10780
TEST_F(HTTPSOCSPTest,Revoked)10781 TEST_F(HTTPSOCSPTest, Revoked) {
10782 if (!SystemSupportsOCSP()) {
10783 LOG(WARNING) << "Skipping test because system doesn't support OCSP";
10784 return;
10785 }
10786
10787 EmbeddedTestServer::ServerCertificateConfig cert_config;
10788 cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig(
10789 {{bssl::OCSPRevocationStatus::REVOKED,
10790 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}});
10791
10792 CertStatus cert_status;
10793 DoConnection(cert_config, &cert_status);
10794
10795 EXPECT_EQ(CERT_STATUS_REVOKED, cert_status & CERT_STATUS_ALL_ERRORS);
10796 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV);
10797 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
10798 }
10799
TEST_F(HTTPSOCSPTest,Invalid)10800 TEST_F(HTTPSOCSPTest, Invalid) {
10801 if (!SystemSupportsOCSP()) {
10802 LOG(WARNING) << "Skipping test because system doesn't support OCSP";
10803 return;
10804 }
10805
10806 EmbeddedTestServer::ServerCertificateConfig cert_config;
10807 cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig(
10808 EmbeddedTestServer::OCSPConfig::ResponseType::kInvalidResponse);
10809
10810 CertStatus cert_status;
10811 DoConnection(cert_config, &cert_status);
10812
10813 // Without a positive OCSP response, we shouldn't show the EV status, but also
10814 // should not show any revocation checking errors.
10815 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV);
10816 EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS);
10817 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
10818 }
10819
TEST_F(HTTPSOCSPTest,IntermediateValid)10820 TEST_F(HTTPSOCSPTest, IntermediateValid) {
10821 if (!SystemSupportsOCSP()) {
10822 LOG(WARNING) << "Skipping test because system doesn't support OCSP";
10823 return;
10824 }
10825
10826 EmbeddedTestServer::ServerCertificateConfig cert_config;
10827 cert_config.intermediate = EmbeddedTestServer::IntermediateType::kInHandshake;
10828 cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig(
10829 {{bssl::OCSPRevocationStatus::GOOD,
10830 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}});
10831 cert_config.intermediate_ocsp_config = EmbeddedTestServer::OCSPConfig(
10832 {{bssl::OCSPRevocationStatus::GOOD,
10833 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}});
10834
10835 CertStatus cert_status;
10836 DoConnection(cert_config, &cert_status);
10837
10838 EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS);
10839
10840 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
10841 }
10842
TEST_F(HTTPSOCSPTest,IntermediateResponseOldButStillValid)10843 TEST_F(HTTPSOCSPTest, IntermediateResponseOldButStillValid) {
10844 if (!SystemSupportsOCSP()) {
10845 LOG(WARNING) << "Skipping test because system doesn't support OCSP";
10846 return;
10847 }
10848
10849 EmbeddedTestServer::ServerCertificateConfig cert_config;
10850 cert_config.intermediate = EmbeddedTestServer::IntermediateType::kInHandshake;
10851 cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig(
10852 {{bssl::OCSPRevocationStatus::GOOD,
10853 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}});
10854 // Use an OCSP response for the intermediate that would be too old for a leaf
10855 // cert, but is still valid for an intermediate.
10856 cert_config.intermediate_ocsp_config = EmbeddedTestServer::OCSPConfig(
10857 {{bssl::OCSPRevocationStatus::REVOKED,
10858 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kLong}});
10859
10860 CertStatus cert_status;
10861 DoConnection(cert_config, &cert_status);
10862
10863 EXPECT_EQ(CERT_STATUS_REVOKED, cert_status & CERT_STATUS_ALL_ERRORS);
10864 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
10865 }
10866
TEST_F(HTTPSOCSPTest,IntermediateResponseTooOldKnownRoot)10867 TEST_F(HTTPSOCSPTest, IntermediateResponseTooOldKnownRoot) {
10868 if (!SystemSupportsOCSP()) {
10869 LOG(WARNING) << "Skipping test because system doesn't support OCSP";
10870 return;
10871 }
10872
10873 scoped_refptr<X509Certificate> root_cert =
10874 ImportCertFromFile(GetTestCertsDirectory(), "root_ca_cert.pem");
10875 ASSERT_TRUE(root_cert);
10876 ScopedTestKnownRoot scoped_known_root(root_cert.get());
10877
10878 EmbeddedTestServer::ServerCertificateConfig cert_config;
10879 cert_config.intermediate = EmbeddedTestServer::IntermediateType::kInHandshake;
10880 cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig(
10881 {{bssl::OCSPRevocationStatus::GOOD,
10882 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}});
10883 cert_config.intermediate_ocsp_config = EmbeddedTestServer::OCSPConfig(
10884 {{bssl::OCSPRevocationStatus::REVOKED,
10885 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kLonger}});
10886 cert_config.dns_names = {"example.com"};
10887
10888 CertStatus cert_status;
10889 DoConnection("example.com", cert_config, &cert_status);
10890
10891 if (UsingBuiltinCertVerifier()) {
10892 // The intermediate certificate is marked as a known root and has an OCSP
10893 // response indicating REVOKED status, but the response is too old
10894 // according to the Baseline Requirements, thus the response should be
10895 // ignored and the verification succeeds.
10896 EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS);
10897 } else {
10898 EXPECT_EQ(CERT_STATUS_REVOKED, cert_status & CERT_STATUS_ALL_ERRORS);
10899 }
10900 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
10901 }
10902
TEST_F(HTTPSOCSPTest,IntermediateResponseTooOld)10903 TEST_F(HTTPSOCSPTest, IntermediateResponseTooOld) {
10904 if (!SystemSupportsOCSP()) {
10905 LOG(WARNING) << "Skipping test because system doesn't support OCSP";
10906 return;
10907 }
10908
10909 EmbeddedTestServer::ServerCertificateConfig cert_config;
10910 cert_config.intermediate = EmbeddedTestServer::IntermediateType::kInHandshake;
10911 cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig(
10912 {{bssl::OCSPRevocationStatus::GOOD,
10913 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}});
10914 cert_config.intermediate_ocsp_config = EmbeddedTestServer::OCSPConfig(
10915 {{bssl::OCSPRevocationStatus::REVOKED,
10916 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kLonger}});
10917
10918 CertStatus cert_status;
10919 DoConnection(cert_config, &cert_status);
10920
10921 // The test root is not a known root, therefore the Baseline Requirements
10922 // limits on maximum age of a response do not apply and the intermediate OCSP
10923 // response indicating revoked is honored.
10924 EXPECT_EQ(CERT_STATUS_REVOKED, cert_status & CERT_STATUS_ALL_ERRORS);
10925 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
10926 }
10927
TEST_F(HTTPSOCSPTest,IntermediateRevoked)10928 TEST_F(HTTPSOCSPTest, IntermediateRevoked) {
10929 if (!SystemSupportsOCSP()) {
10930 LOG(WARNING) << "Skipping test because system doesn't support OCSP";
10931 return;
10932 }
10933
10934 EmbeddedTestServer::ServerCertificateConfig cert_config;
10935 cert_config.intermediate = EmbeddedTestServer::IntermediateType::kInHandshake;
10936 cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig(
10937 {{bssl::OCSPRevocationStatus::GOOD,
10938 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}});
10939 cert_config.intermediate_ocsp_config = EmbeddedTestServer::OCSPConfig(
10940 {{bssl::OCSPRevocationStatus::REVOKED,
10941 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}});
10942
10943 CertStatus cert_status;
10944 DoConnection(cert_config, &cert_status);
10945
10946 EXPECT_EQ(CERT_STATUS_REVOKED, cert_status & CERT_STATUS_ALL_ERRORS);
10947 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
10948 }
10949
TEST_F(HTTPSOCSPTest,ValidStapled)10950 TEST_F(HTTPSOCSPTest, ValidStapled) {
10951 if (!SystemSupportsOCSPStapling()) {
10952 LOG(WARNING)
10953 << "Skipping test because system doesn't support OCSP stapling";
10954 return;
10955 }
10956
10957 EmbeddedTestServer::ServerCertificateConfig cert_config;
10958
10959 // AIA OCSP url is included, but does not return a successful ocsp response.
10960 cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig(
10961 EmbeddedTestServer::OCSPConfig::ResponseType::kTryLater);
10962
10963 cert_config.stapled_ocsp_config = EmbeddedTestServer::OCSPConfig(
10964 {{bssl::OCSPRevocationStatus::GOOD,
10965 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}});
10966
10967 CertStatus cert_status;
10968 DoConnection(cert_config, &cert_status);
10969
10970 EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS);
10971 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
10972 }
10973
TEST_F(HTTPSOCSPTest,RevokedStapled)10974 TEST_F(HTTPSOCSPTest, RevokedStapled) {
10975 if (!SystemSupportsOCSPStapling()) {
10976 LOG(WARNING)
10977 << "Skipping test because system doesn't support OCSP stapling";
10978 return;
10979 }
10980
10981 EmbeddedTestServer::ServerCertificateConfig cert_config;
10982
10983 // AIA OCSP url is included, but does not return a successful ocsp response.
10984 cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig(
10985 EmbeddedTestServer::OCSPConfig::ResponseType::kTryLater);
10986
10987 cert_config.stapled_ocsp_config = EmbeddedTestServer::OCSPConfig(
10988 {{bssl::OCSPRevocationStatus::REVOKED,
10989 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}});
10990
10991 CertStatus cert_status;
10992 DoConnection(cert_config, &cert_status);
10993
10994 EXPECT_EQ(CERT_STATUS_REVOKED, cert_status & CERT_STATUS_ALL_ERRORS);
10995 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
10996 }
10997
TEST_F(HTTPSOCSPTest,OldStapledAndInvalidAIA)10998 TEST_F(HTTPSOCSPTest, OldStapledAndInvalidAIA) {
10999 if (!SystemSupportsOCSPStapling()) {
11000 LOG(WARNING)
11001 << "Skipping test because system doesn't support OCSP stapling";
11002 return;
11003 }
11004
11005 EmbeddedTestServer::ServerCertificateConfig cert_config;
11006
11007 // Stapled response indicates good, but is too old.
11008 cert_config.stapled_ocsp_config = EmbeddedTestServer::OCSPConfig(
11009 {{bssl::OCSPRevocationStatus::GOOD,
11010 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kOld}});
11011
11012 // AIA OCSP url is included, but does not return a successful ocsp response.
11013 cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig(
11014 EmbeddedTestServer::OCSPConfig::ResponseType::kTryLater);
11015
11016 CertStatus cert_status;
11017 DoConnection(cert_config, &cert_status);
11018
11019 EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS);
11020 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
11021 }
11022
TEST_F(HTTPSOCSPTest,OldStapledButValidAIA)11023 TEST_F(HTTPSOCSPTest, OldStapledButValidAIA) {
11024 if (!SystemSupportsOCSPStapling()) {
11025 LOG(WARNING)
11026 << "Skipping test because system doesn't support OCSP stapling";
11027 return;
11028 }
11029
11030 EmbeddedTestServer::ServerCertificateConfig cert_config;
11031
11032 // Stapled response indicates good, but response is too old.
11033 cert_config.stapled_ocsp_config = EmbeddedTestServer::OCSPConfig(
11034 {{bssl::OCSPRevocationStatus::GOOD,
11035 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kOld}});
11036
11037 // AIA OCSP url is included, and returns a successful ocsp response.
11038 cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig(
11039 {{bssl::OCSPRevocationStatus::GOOD,
11040 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}});
11041
11042 CertStatus cert_status;
11043 DoConnection(cert_config, &cert_status);
11044
11045 EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS);
11046 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
11047 }
11048
11049 static const struct OCSPVerifyTestData {
11050 EmbeddedTestServer::OCSPConfig ocsp_config;
11051 bssl::OCSPVerifyResult::ResponseStatus expected_response_status;
11052 // |expected_cert_status| is only used if |expected_response_status| is
11053 // PROVIDED.
11054 bssl::OCSPRevocationStatus expected_cert_status;
11055 } kOCSPVerifyData[] = {
11056 // 0
11057 {EmbeddedTestServer::OCSPConfig(
11058 {{bssl::OCSPRevocationStatus::GOOD,
11059 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}},
11060 EmbeddedTestServer::OCSPConfig::Produced::kValid),
11061 bssl::OCSPVerifyResult::PROVIDED, bssl::OCSPRevocationStatus::GOOD},
11062
11063 // 1
11064 {EmbeddedTestServer::OCSPConfig(
11065 {{bssl::OCSPRevocationStatus::GOOD,
11066 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kOld}},
11067 EmbeddedTestServer::OCSPConfig::Produced::kValid),
11068 bssl::OCSPVerifyResult::INVALID_DATE, bssl::OCSPRevocationStatus::UNKNOWN},
11069
11070 // 2
11071 {EmbeddedTestServer::OCSPConfig(
11072 {{bssl::OCSPRevocationStatus::GOOD,
11073 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kEarly}},
11074 EmbeddedTestServer::OCSPConfig::Produced::kValid),
11075 bssl::OCSPVerifyResult::INVALID_DATE, bssl::OCSPRevocationStatus::UNKNOWN},
11076
11077 // 3
11078 {EmbeddedTestServer::OCSPConfig(
11079 {{bssl::OCSPRevocationStatus::GOOD,
11080 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kLong}},
11081 EmbeddedTestServer::OCSPConfig::Produced::kValid),
11082 bssl::OCSPVerifyResult::INVALID_DATE, bssl::OCSPRevocationStatus::UNKNOWN},
11083
11084 // 4
11085 {EmbeddedTestServer::OCSPConfig(
11086 EmbeddedTestServer::OCSPConfig::ResponseType::kTryLater),
11087 bssl::OCSPVerifyResult::ERROR_RESPONSE,
11088 bssl::OCSPRevocationStatus::UNKNOWN},
11089
11090 // 5
11091 {EmbeddedTestServer::OCSPConfig(
11092 EmbeddedTestServer::OCSPConfig::ResponseType::kInvalidResponse),
11093 bssl::OCSPVerifyResult::PARSE_RESPONSE_ERROR,
11094 bssl::OCSPRevocationStatus::UNKNOWN},
11095
11096 // 6
11097 {EmbeddedTestServer::OCSPConfig(
11098 EmbeddedTestServer::OCSPConfig::ResponseType::kInvalidResponseData),
11099 bssl::OCSPVerifyResult::PARSE_RESPONSE_DATA_ERROR,
11100 bssl::OCSPRevocationStatus::UNKNOWN},
11101
11102 // 7
11103 {EmbeddedTestServer::OCSPConfig(
11104 {{bssl::OCSPRevocationStatus::REVOKED,
11105 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kEarly}},
11106 EmbeddedTestServer::OCSPConfig::Produced::kValid),
11107 bssl::OCSPVerifyResult::INVALID_DATE, bssl::OCSPRevocationStatus::UNKNOWN},
11108
11109 // 8
11110 {EmbeddedTestServer::OCSPConfig(
11111 {{bssl::OCSPRevocationStatus::UNKNOWN,
11112 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}},
11113 EmbeddedTestServer::OCSPConfig::Produced::kValid),
11114 bssl::OCSPVerifyResult::PROVIDED, bssl::OCSPRevocationStatus::UNKNOWN},
11115
11116 // 9
11117 {EmbeddedTestServer::OCSPConfig(
11118 {{bssl::OCSPRevocationStatus::UNKNOWN,
11119 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kOld}},
11120 EmbeddedTestServer::OCSPConfig::Produced::kValid),
11121 bssl::OCSPVerifyResult::INVALID_DATE, bssl::OCSPRevocationStatus::UNKNOWN},
11122
11123 // 10
11124 {EmbeddedTestServer::OCSPConfig(
11125 {{bssl::OCSPRevocationStatus::UNKNOWN,
11126 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kEarly}},
11127 EmbeddedTestServer::OCSPConfig::Produced::kValid),
11128 bssl::OCSPVerifyResult::INVALID_DATE, bssl::OCSPRevocationStatus::UNKNOWN},
11129
11130 // 11
11131 {EmbeddedTestServer::OCSPConfig(
11132 {{bssl::OCSPRevocationStatus::GOOD,
11133 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}},
11134 EmbeddedTestServer::OCSPConfig::Produced::kBeforeCert),
11135 bssl::OCSPVerifyResult::BAD_PRODUCED_AT,
11136 bssl::OCSPRevocationStatus::UNKNOWN},
11137
11138 // 12
11139 {EmbeddedTestServer::OCSPConfig(
11140 {{bssl::OCSPRevocationStatus::GOOD,
11141 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}},
11142 EmbeddedTestServer::OCSPConfig::Produced::kAfterCert),
11143 bssl::OCSPVerifyResult::BAD_PRODUCED_AT,
11144 bssl::OCSPRevocationStatus::UNKNOWN},
11145
11146 // 13
11147 {EmbeddedTestServer::OCSPConfig(
11148 {{bssl::OCSPRevocationStatus::GOOD,
11149 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kOld},
11150 {bssl::OCSPRevocationStatus::GOOD,
11151 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}},
11152 EmbeddedTestServer::OCSPConfig::Produced::kValid),
11153 bssl::OCSPVerifyResult::PROVIDED, bssl::OCSPRevocationStatus::GOOD},
11154
11155 // 14
11156 {EmbeddedTestServer::OCSPConfig(
11157 {{bssl::OCSPRevocationStatus::GOOD,
11158 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kEarly},
11159 {bssl::OCSPRevocationStatus::GOOD,
11160 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}},
11161 EmbeddedTestServer::OCSPConfig::Produced::kValid),
11162 bssl::OCSPVerifyResult::PROVIDED, bssl::OCSPRevocationStatus::GOOD},
11163
11164 // 15
11165 {EmbeddedTestServer::OCSPConfig(
11166 {{bssl::OCSPRevocationStatus::GOOD,
11167 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kLong},
11168 {bssl::OCSPRevocationStatus::GOOD,
11169 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}},
11170 EmbeddedTestServer::OCSPConfig::Produced::kValid),
11171 bssl::OCSPVerifyResult::PROVIDED, bssl::OCSPRevocationStatus::GOOD},
11172
11173 // 16
11174 {EmbeddedTestServer::OCSPConfig(
11175 {{bssl::OCSPRevocationStatus::GOOD,
11176 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kEarly},
11177 {bssl::OCSPRevocationStatus::GOOD,
11178 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kOld},
11179 {bssl::OCSPRevocationStatus::GOOD,
11180 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kLong}},
11181 EmbeddedTestServer::OCSPConfig::Produced::kValid),
11182 bssl::OCSPVerifyResult::INVALID_DATE, bssl::OCSPRevocationStatus::UNKNOWN},
11183
11184 // 17
11185 {EmbeddedTestServer::OCSPConfig(
11186 {{bssl::OCSPRevocationStatus::UNKNOWN,
11187 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid},
11188 {bssl::OCSPRevocationStatus::REVOKED,
11189 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid},
11190 {bssl::OCSPRevocationStatus::GOOD,
11191 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}},
11192 EmbeddedTestServer::OCSPConfig::Produced::kValid),
11193 bssl::OCSPVerifyResult::PROVIDED, bssl::OCSPRevocationStatus::REVOKED},
11194
11195 // 18
11196 {EmbeddedTestServer::OCSPConfig(
11197 {{bssl::OCSPRevocationStatus::UNKNOWN,
11198 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid},
11199 {bssl::OCSPRevocationStatus::GOOD,
11200 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}},
11201 EmbeddedTestServer::OCSPConfig::Produced::kValid),
11202 bssl::OCSPVerifyResult::PROVIDED, bssl::OCSPRevocationStatus::UNKNOWN},
11203
11204 // 19
11205 {EmbeddedTestServer::OCSPConfig(
11206 {{bssl::OCSPRevocationStatus::UNKNOWN,
11207 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid},
11208 {bssl::OCSPRevocationStatus::REVOKED,
11209 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kLong},
11210 {bssl::OCSPRevocationStatus::GOOD,
11211 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}},
11212 EmbeddedTestServer::OCSPConfig::Produced::kValid),
11213 bssl::OCSPVerifyResult::PROVIDED, bssl::OCSPRevocationStatus::UNKNOWN},
11214
11215 // 20
11216 {EmbeddedTestServer::OCSPConfig(
11217 {{bssl::OCSPRevocationStatus::GOOD,
11218 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid,
11219 EmbeddedTestServer::OCSPConfig::SingleResponse::Serial::kMismatch}},
11220 EmbeddedTestServer::OCSPConfig::Produced::kValid),
11221 bssl::OCSPVerifyResult::NO_MATCHING_RESPONSE,
11222 bssl::OCSPRevocationStatus::UNKNOWN},
11223
11224 // 21
11225 {EmbeddedTestServer::OCSPConfig(
11226 {{bssl::OCSPRevocationStatus::GOOD,
11227 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kEarly,
11228 EmbeddedTestServer::OCSPConfig::SingleResponse::Serial::kMismatch}},
11229 EmbeddedTestServer::OCSPConfig::Produced::kValid),
11230 bssl::OCSPVerifyResult::NO_MATCHING_RESPONSE,
11231 bssl::OCSPRevocationStatus::UNKNOWN},
11232
11233 // 22
11234 {EmbeddedTestServer::OCSPConfig(
11235 {{bssl::OCSPRevocationStatus::REVOKED,
11236 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}},
11237 EmbeddedTestServer::OCSPConfig::Produced::kValid),
11238 bssl::OCSPVerifyResult::PROVIDED, bssl::OCSPRevocationStatus::REVOKED},
11239
11240 // 23
11241 {EmbeddedTestServer::OCSPConfig(
11242 {{bssl::OCSPRevocationStatus::REVOKED,
11243 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kOld}},
11244 EmbeddedTestServer::OCSPConfig::Produced::kValid),
11245 bssl::OCSPVerifyResult::INVALID_DATE, bssl::OCSPRevocationStatus::UNKNOWN},
11246
11247 // 24
11248 {EmbeddedTestServer::OCSPConfig(
11249 {{bssl::OCSPRevocationStatus::REVOKED,
11250 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kLong}},
11251 EmbeddedTestServer::OCSPConfig::Produced::kValid),
11252 bssl::OCSPVerifyResult::INVALID_DATE, bssl::OCSPRevocationStatus::UNKNOWN},
11253 };
11254
11255 class HTTPSOCSPVerifyTest
11256 : public HTTPSOCSPTest,
11257 public testing::WithParamInterface<OCSPVerifyTestData> {};
11258
TEST_P(HTTPSOCSPVerifyTest,VerifyResult)11259 TEST_P(HTTPSOCSPVerifyTest, VerifyResult) {
11260 OCSPVerifyTestData test = GetParam();
11261
11262 scoped_refptr<X509Certificate> root_cert =
11263 ImportCertFromFile(GetTestCertsDirectory(), "root_ca_cert.pem");
11264 ASSERT_TRUE(root_cert);
11265 ScopedTestKnownRoot scoped_known_root(root_cert.get());
11266
11267 EmbeddedTestServer::ServerCertificateConfig cert_config;
11268 cert_config.stapled_ocsp_config = test.ocsp_config;
11269 cert_config.dns_names = {"example.com"};
11270
11271 SSLInfo ssl_info;
11272 OCSPErrorTestDelegate delegate;
11273 ASSERT_NO_FATAL_FAILURE(DoConnectionWithDelegate("example.com", cert_config,
11274 &delegate, &ssl_info));
11275
11276 // The SSLInfo must be extracted from |delegate| on error, due to how
11277 // URLRequest caches certificate errors.
11278 if (delegate.have_certificate_errors()) {
11279 ASSERT_TRUE(delegate.on_ssl_certificate_error_called());
11280 ssl_info = delegate.ssl_info();
11281 }
11282
11283 EXPECT_EQ(test.expected_response_status,
11284 ssl_info.ocsp_result.response_status);
11285
11286 if (test.expected_response_status == bssl::OCSPVerifyResult::PROVIDED) {
11287 EXPECT_EQ(test.expected_cert_status,
11288 ssl_info.ocsp_result.revocation_status);
11289 }
11290 }
11291
11292 INSTANTIATE_TEST_SUITE_P(OCSPVerify,
11293 HTTPSOCSPVerifyTest,
11294 testing::ValuesIn(kOCSPVerifyData));
11295
11296 class HTTPSAIATest : public HTTPSCertNetFetchingTest {};
11297
TEST_F(HTTPSAIATest,AIAFetching)11298 TEST_F(HTTPSAIATest, AIAFetching) {
11299 EmbeddedTestServer test_server(EmbeddedTestServer::TYPE_HTTPS);
11300 EmbeddedTestServer::ServerCertificateConfig cert_config;
11301 cert_config.intermediate = EmbeddedTestServer::IntermediateType::kByAIA;
11302 test_server.SetSSLConfig(cert_config);
11303 RegisterDefaultHandlers(&test_server);
11304 ASSERT_TRUE(test_server.Start());
11305
11306 TestDelegate d;
11307 d.set_allow_certificate_errors(true);
11308 std::unique_ptr<URLRequest> r(context_->CreateRequest(
11309 test_server.GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d,
11310 TRAFFIC_ANNOTATION_FOR_TESTS));
11311
11312 r->Start();
11313 EXPECT_TRUE(r->is_pending());
11314
11315 d.RunUntilComplete();
11316
11317 EXPECT_EQ(1, d.response_started_count());
11318
11319 CertStatus cert_status = r->ssl_info().cert_status;
11320 EXPECT_EQ(OK, d.request_status());
11321 EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS);
11322 ASSERT_TRUE(r->ssl_info().cert);
11323 EXPECT_EQ(2u, r->ssl_info().cert->intermediate_buffers().size());
11324 ASSERT_TRUE(r->ssl_info().unverified_cert);
11325 EXPECT_EQ(0u, r->ssl_info().unverified_cert->intermediate_buffers().size());
11326 }
11327
11328 class HTTPSHardFailTest : public HTTPSOCSPTest {
11329 protected:
GetCertVerifierConfig()11330 CertVerifier::Config GetCertVerifierConfig() override {
11331 CertVerifier::Config config;
11332 config.require_rev_checking_local_anchors = true;
11333 return config;
11334 }
11335 };
11336
TEST_F(HTTPSHardFailTest,Valid)11337 TEST_F(HTTPSHardFailTest, Valid) {
11338 if (!SystemSupportsOCSP()) {
11339 LOG(WARNING) << "Skipping test because system doesn't support OCSP";
11340 return;
11341 }
11342
11343 if (!SystemSupportsHardFailRevocationChecking()) {
11344 LOG(WARNING) << "Skipping test because system doesn't support hard fail "
11345 << "revocation checking";
11346 return;
11347 }
11348
11349 EmbeddedTestServer::ServerCertificateConfig cert_config;
11350 cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig(
11351 {{bssl::OCSPRevocationStatus::GOOD,
11352 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}});
11353
11354 CertStatus cert_status;
11355 DoConnection(cert_config, &cert_status);
11356
11357 EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS);
11358 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
11359 }
11360
TEST_F(HTTPSHardFailTest,Revoked)11361 TEST_F(HTTPSHardFailTest, Revoked) {
11362 if (!SystemSupportsOCSP()) {
11363 LOG(WARNING) << "Skipping test because system doesn't support OCSP";
11364 return;
11365 }
11366
11367 if (!SystemSupportsHardFailRevocationChecking()) {
11368 LOG(WARNING) << "Skipping test because system doesn't support hard fail "
11369 << "revocation checking";
11370 return;
11371 }
11372
11373 EmbeddedTestServer::ServerCertificateConfig cert_config;
11374 cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig(
11375 {{bssl::OCSPRevocationStatus::REVOKED,
11376 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}});
11377
11378 CertStatus cert_status;
11379 DoConnection(cert_config, &cert_status);
11380
11381 EXPECT_EQ(CERT_STATUS_REVOKED, cert_status & CERT_STATUS_ALL_ERRORS);
11382 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV);
11383 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
11384 }
11385
TEST_F(HTTPSHardFailTest,FailsOnOCSPInvalid)11386 TEST_F(HTTPSHardFailTest, FailsOnOCSPInvalid) {
11387 if (!SystemSupportsOCSP()) {
11388 LOG(WARNING) << "Skipping test because system doesn't support OCSP";
11389 return;
11390 }
11391
11392 if (!SystemSupportsHardFailRevocationChecking()) {
11393 LOG(WARNING) << "Skipping test because system doesn't support hard fail "
11394 << "revocation checking";
11395 return;
11396 }
11397
11398 EmbeddedTestServer::ServerCertificateConfig cert_config;
11399 cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig(
11400 EmbeddedTestServer::OCSPConfig::ResponseType::kInvalidResponse);
11401
11402 CertStatus cert_status;
11403 DoConnection(cert_config, &cert_status);
11404
11405 EXPECT_EQ(CERT_STATUS_UNABLE_TO_CHECK_REVOCATION,
11406 cert_status & CERT_STATUS_ALL_ERRORS);
11407 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
11408 }
11409
TEST_F(HTTPSHardFailTest,IntermediateResponseOldButStillValid)11410 TEST_F(HTTPSHardFailTest, IntermediateResponseOldButStillValid) {
11411 if (!SystemSupportsOCSP()) {
11412 LOG(WARNING) << "Skipping test because system doesn't support OCSP";
11413 return;
11414 }
11415
11416 if (!SystemSupportsHardFailRevocationChecking()) {
11417 LOG(WARNING) << "Skipping test because system doesn't support hard fail "
11418 << "revocation checking";
11419 return;
11420 }
11421
11422 EmbeddedTestServer::ServerCertificateConfig cert_config;
11423 cert_config.intermediate = EmbeddedTestServer::IntermediateType::kInHandshake;
11424 cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig(
11425 {{bssl::OCSPRevocationStatus::GOOD,
11426 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}});
11427 // Use an OCSP response for the intermediate that would be too old for a leaf
11428 // cert, but is still valid for an intermediate.
11429 cert_config.intermediate_ocsp_config = EmbeddedTestServer::OCSPConfig(
11430 {{bssl::OCSPRevocationStatus::GOOD,
11431 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kLong}});
11432
11433 CertStatus cert_status;
11434 DoConnection(cert_config, &cert_status);
11435
11436 EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS);
11437 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
11438 }
11439
TEST_F(HTTPSHardFailTest,IntermediateResponseTooOld)11440 TEST_F(HTTPSHardFailTest, IntermediateResponseTooOld) {
11441 if (!SystemSupportsOCSP()) {
11442 LOG(WARNING) << "Skipping test because system doesn't support OCSP";
11443 return;
11444 }
11445
11446 if (!SystemSupportsHardFailRevocationChecking()) {
11447 LOG(WARNING) << "Skipping test because system doesn't support hard fail "
11448 << "revocation checking";
11449 return;
11450 }
11451
11452 EmbeddedTestServer::ServerCertificateConfig cert_config;
11453 cert_config.intermediate = EmbeddedTestServer::IntermediateType::kInHandshake;
11454 cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig(
11455 {{bssl::OCSPRevocationStatus::GOOD,
11456 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}});
11457 // Use an OCSP response for the intermediate that is too old according to
11458 // BRs, but is fine for a locally trusted root.
11459 cert_config.intermediate_ocsp_config = EmbeddedTestServer::OCSPConfig(
11460 {{bssl::OCSPRevocationStatus::GOOD,
11461 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kLonger}});
11462
11463 CertStatus cert_status;
11464 DoConnection(cert_config, &cert_status);
11465
11466 EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS);
11467 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
11468 }
11469
TEST_F(HTTPSHardFailTest,ValidStapled)11470 TEST_F(HTTPSHardFailTest, ValidStapled) {
11471 if (!SystemSupportsOCSPStapling()) {
11472 LOG(WARNING)
11473 << "Skipping test because system doesn't support OCSP stapling";
11474 return;
11475 }
11476
11477 if (!SystemSupportsHardFailRevocationChecking()) {
11478 LOG(WARNING) << "Skipping test because system doesn't support hard fail "
11479 << "revocation checking";
11480 return;
11481 }
11482
11483 EmbeddedTestServer::ServerCertificateConfig cert_config;
11484
11485 // AIA OCSP url is included, but does not return a successful ocsp response.
11486 cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig(
11487 EmbeddedTestServer::OCSPConfig::ResponseType::kTryLater);
11488
11489 cert_config.stapled_ocsp_config = EmbeddedTestServer::OCSPConfig(
11490 {{bssl::OCSPRevocationStatus::GOOD,
11491 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}});
11492
11493 CertStatus cert_status;
11494 DoConnection(cert_config, &cert_status);
11495
11496 EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS);
11497 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
11498 }
11499
TEST_F(HTTPSHardFailTest,RevokedStapled)11500 TEST_F(HTTPSHardFailTest, RevokedStapled) {
11501 if (!SystemSupportsOCSPStapling()) {
11502 LOG(WARNING)
11503 << "Skipping test because system doesn't support OCSP stapling";
11504 return;
11505 }
11506
11507 if (!SystemSupportsHardFailRevocationChecking()) {
11508 LOG(WARNING) << "Skipping test because system doesn't support hard fail "
11509 << "revocation checking";
11510 return;
11511 }
11512
11513 EmbeddedTestServer::ServerCertificateConfig cert_config;
11514
11515 // AIA OCSP url is included, but does not return a successful ocsp response.
11516 cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig(
11517 EmbeddedTestServer::OCSPConfig::ResponseType::kTryLater);
11518
11519 cert_config.stapled_ocsp_config = EmbeddedTestServer::OCSPConfig(
11520 {{bssl::OCSPRevocationStatus::REVOKED,
11521 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}});
11522
11523 CertStatus cert_status;
11524 DoConnection(cert_config, &cert_status);
11525
11526 EXPECT_EQ(CERT_STATUS_REVOKED, cert_status & CERT_STATUS_ALL_ERRORS);
11527 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
11528 }
11529
TEST_F(HTTPSHardFailTest,OldStapledAndInvalidAIA)11530 TEST_F(HTTPSHardFailTest, OldStapledAndInvalidAIA) {
11531 if (!SystemSupportsOCSPStapling()) {
11532 LOG(WARNING)
11533 << "Skipping test because system doesn't support OCSP stapling";
11534 return;
11535 }
11536
11537 if (!SystemSupportsHardFailRevocationChecking()) {
11538 LOG(WARNING) << "Skipping test because system doesn't support hard fail "
11539 << "revocation checking";
11540 return;
11541 }
11542
11543 EmbeddedTestServer::ServerCertificateConfig cert_config;
11544
11545 // Stapled response indicates good, but is too old.
11546 cert_config.stapled_ocsp_config = EmbeddedTestServer::OCSPConfig(
11547 {{bssl::OCSPRevocationStatus::GOOD,
11548 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kOld}});
11549
11550 // AIA OCSP url is included, but does not return a successful ocsp response.
11551 cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig(
11552 EmbeddedTestServer::OCSPConfig::ResponseType::kTryLater);
11553
11554 CertStatus cert_status;
11555 DoConnection(cert_config, &cert_status);
11556
11557 EXPECT_EQ(CERT_STATUS_UNABLE_TO_CHECK_REVOCATION,
11558 cert_status & CERT_STATUS_ALL_ERRORS);
11559 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
11560 }
11561
TEST_F(HTTPSHardFailTest,OldStapledButValidAIA)11562 TEST_F(HTTPSHardFailTest, OldStapledButValidAIA) {
11563 if (!SystemSupportsOCSPStapling()) {
11564 LOG(WARNING)
11565 << "Skipping test because system doesn't support OCSP stapling";
11566 return;
11567 }
11568
11569 if (!SystemSupportsHardFailRevocationChecking()) {
11570 LOG(WARNING) << "Skipping test because system doesn't support hard fail "
11571 << "revocation checking";
11572 return;
11573 }
11574
11575 EmbeddedTestServer::ServerCertificateConfig cert_config;
11576
11577 // Stapled response indicates good, but response is too old.
11578 cert_config.stapled_ocsp_config = EmbeddedTestServer::OCSPConfig(
11579 {{bssl::OCSPRevocationStatus::GOOD,
11580 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kOld}});
11581
11582 // AIA OCSP url is included, and returns a successful ocsp response.
11583 cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig(
11584 {{bssl::OCSPRevocationStatus::GOOD,
11585 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}});
11586
11587 CertStatus cert_status;
11588 DoConnection(cert_config, &cert_status);
11589
11590 EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS);
11591 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
11592 }
11593
11594 class HTTPSCRLSetTest : public HTTPSCertNetFetchingTest {};
11595
TEST_F(HTTPSCRLSetTest,ExpiredCRLSet)11596 TEST_F(HTTPSCRLSetTest, ExpiredCRLSet) {
11597 EmbeddedTestServer::ServerCertificateConfig cert_config;
11598 cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig(
11599 EmbeddedTestServer::OCSPConfig::ResponseType::kInvalidResponse);
11600
11601 UpdateCertVerifier(CRLSet::ExpiredCRLSetForTesting());
11602
11603 CertStatus cert_status;
11604 DoConnection(cert_config, &cert_status);
11605
11606 // If we're not trying EV verification then, even if the CRLSet has expired,
11607 // we don't fall back to online revocation checks.
11608 EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS);
11609 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV);
11610 EXPECT_FALSE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
11611 }
11612
TEST_F(HTTPSCRLSetTest,ExpiredCRLSetAndRevoked)11613 TEST_F(HTTPSCRLSetTest, ExpiredCRLSetAndRevoked) {
11614 // Test that when online revocation checking is disabled, and the leaf
11615 // certificate is not EV, that no revocation checking actually happens.
11616 if (!SystemSupportsOCSP()) {
11617 LOG(WARNING) << "Skipping test because system doesn't support OCSP";
11618 return;
11619 }
11620
11621 EmbeddedTestServer::ServerCertificateConfig cert_config;
11622 cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig(
11623 {{bssl::OCSPRevocationStatus::REVOKED,
11624 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}});
11625
11626 UpdateCertVerifier(CRLSet::ExpiredCRLSetForTesting());
11627
11628 CertStatus cert_status;
11629 DoConnection(cert_config, &cert_status);
11630
11631 EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS);
11632
11633 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV);
11634 EXPECT_FALSE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
11635 }
11636
TEST_F(HTTPSCRLSetTest,CRLSetRevoked)11637 TEST_F(HTTPSCRLSetTest, CRLSetRevoked) {
11638 if (!SystemSupportsCRLSets()) {
11639 LOG(WARNING) << "Skipping test because system doesn't support CRLSets";
11640 return;
11641 }
11642
11643 EmbeddedTestServer test_server(EmbeddedTestServer::TYPE_HTTPS);
11644 EmbeddedTestServer::ServerCertificateConfig cert_config;
11645 cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig(
11646 {{bssl::OCSPRevocationStatus::GOOD,
11647 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}});
11648 test_server.SetSSLConfig(cert_config);
11649 RegisterDefaultHandlers(&test_server);
11650 ASSERT_TRUE(test_server.Start());
11651
11652 CertVerifier::Config cert_verifier_config = GetCertVerifierConfig();
11653 SHA256HashValue root_cert_spki_hash;
11654 ASSERT_TRUE(GetTestRootCertSPKIHash(&root_cert_spki_hash));
11655 auto crl_set =
11656 CRLSet::ForTesting(false, &root_cert_spki_hash,
11657 test_server.GetCertificate()->serial_number(), "", {});
11658 ASSERT_TRUE(crl_set);
11659 UpdateCertVerifier(crl_set);
11660
11661 TestDelegate d;
11662 d.set_allow_certificate_errors(true);
11663 std::unique_ptr<URLRequest> r(context_->CreateRequest(
11664 test_server.GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d,
11665 TRAFFIC_ANNOTATION_FOR_TESTS));
11666 r->Start();
11667 EXPECT_TRUE(r->is_pending());
11668 d.RunUntilComplete();
11669 EXPECT_EQ(1, d.response_started_count());
11670 CertStatus cert_status = r->ssl_info().cert_status;
11671
11672 // If the certificate is recorded as revoked in the CRLSet, that should be
11673 // reflected without online revocation checking.
11674 EXPECT_EQ(CERT_STATUS_REVOKED, cert_status & CERT_STATUS_ALL_ERRORS);
11675 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV);
11676 EXPECT_FALSE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
11677 }
11678
TEST_F(HTTPSCRLSetTest,CRLSetRevokedBySubject)11679 TEST_F(HTTPSCRLSetTest, CRLSetRevokedBySubject) {
11680 if (!SystemSupportsCRLSets()) {
11681 LOG(WARNING) << "Skipping test because system doesn't support CRLSets";
11682 return;
11683 }
11684
11685 EmbeddedTestServer test_server(EmbeddedTestServer::TYPE_HTTPS);
11686 EmbeddedTestServer::ServerCertificateConfig cert_config;
11687 cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig(
11688 {{bssl::OCSPRevocationStatus::GOOD,
11689 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}});
11690 test_server.SetSSLConfig(cert_config);
11691 RegisterDefaultHandlers(&test_server);
11692 ASSERT_TRUE(test_server.Start());
11693
11694 std::string common_name = test_server.GetCertificate()->subject().common_name;
11695
11696 {
11697 auto crl_set = CRLSet::ForTesting(false, nullptr, "", common_name, {});
11698 ASSERT_TRUE(crl_set);
11699 UpdateCertVerifier(crl_set);
11700
11701 TestDelegate d;
11702 d.set_allow_certificate_errors(true);
11703 std::unique_ptr<URLRequest> r(context_->CreateRequest(
11704 test_server.GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d,
11705 TRAFFIC_ANNOTATION_FOR_TESTS));
11706 r->Start();
11707 EXPECT_TRUE(r->is_pending());
11708 d.RunUntilComplete();
11709 EXPECT_EQ(1, d.response_started_count());
11710 CertStatus cert_status = r->ssl_info().cert_status;
11711
11712 // If the certificate is recorded as revoked in the CRLSet, that should be
11713 // reflected without online revocation checking.
11714 EXPECT_EQ(CERT_STATUS_REVOKED, cert_status & CERT_STATUS_ALL_ERRORS);
11715 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV);
11716 EXPECT_FALSE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
11717 }
11718
11719 HashValue spki_hash_value;
11720 ASSERT_TRUE(x509_util::CalculateSha256SpkiHash(
11721 test_server.GetCertificate()->cert_buffer(), &spki_hash_value));
11722 std::string spki_hash(spki_hash_value.data(),
11723 spki_hash_value.data() + spki_hash_value.size());
11724 {
11725 auto crl_set =
11726 CRLSet::ForTesting(false, nullptr, "", common_name, {spki_hash});
11727 ASSERT_TRUE(crl_set);
11728 UpdateCertVerifier(crl_set);
11729
11730 TestDelegate d;
11731 d.set_allow_certificate_errors(true);
11732 std::unique_ptr<URLRequest> r(context_->CreateRequest(
11733 test_server.GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d,
11734 TRAFFIC_ANNOTATION_FOR_TESTS));
11735 r->Start();
11736 EXPECT_TRUE(r->is_pending());
11737 d.RunUntilComplete();
11738 EXPECT_EQ(1, d.response_started_count());
11739 CertStatus cert_status = r->ssl_info().cert_status;
11740
11741 // When the correct SPKI hash is specified in
11742 // |acceptable_spki_hashes_for_cn|, the connection should succeed even
11743 // though the subject is listed in the CRLSet.
11744 EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS);
11745 }
11746 }
11747
11748 using HTTPSLocalCRLSetTest = TestWithTaskEnvironment;
11749
11750 // Use a real CertVerifier to attempt to connect to the TestServer, and ensure
11751 // that when a CRLSet is provided that marks a given SPKI (the TestServer's
11752 // root SPKI) as known for interception, that it's adequately flagged.
TEST_F(HTTPSLocalCRLSetTest,KnownInterceptionBlocked)11753 TEST_F(HTTPSLocalCRLSetTest, KnownInterceptionBlocked) {
11754 auto cert_verifier = CertVerifier::CreateDefaultWithoutCaching(
11755 /*cert_net_fetcher=*/nullptr);
11756 CertVerifierWithUpdatableProc* updatable_cert_verifier_ = cert_verifier.get();
11757
11758 auto context_builder = CreateTestURLRequestContextBuilder();
11759 context_builder->SetCertVerifier(std::make_unique<CachingCertVerifier>(
11760 std::make_unique<CoalescingCertVerifier>(std::move(cert_verifier))));
11761 auto context = context_builder->Build();
11762
11763 // Verify the connection succeeds without being flagged.
11764 EmbeddedTestServer https_server(EmbeddedTestServer::TYPE_HTTPS);
11765 RegisterDefaultHandlers(&https_server);
11766 https_server.SetSSLConfig(EmbeddedTestServer::CERT_OK_BY_INTERMEDIATE);
11767 ASSERT_TRUE(https_server.Start());
11768
11769 {
11770 TestDelegate d;
11771 std::unique_ptr<URLRequest> req(
11772 context->CreateRequest(https_server.GetURL("/"), DEFAULT_PRIORITY, &d,
11773 TRAFFIC_ANNOTATION_FOR_TESTS));
11774 req->Start();
11775 d.RunUntilComplete();
11776
11777 EXPECT_EQ(1, d.response_started_count());
11778 EXPECT_FALSE(d.request_failed());
11779 EXPECT_FALSE(d.have_certificate_errors());
11780 EXPECT_FALSE(req->ssl_info().cert_status &
11781 CERT_STATUS_KNOWN_INTERCEPTION_BLOCKED);
11782 }
11783
11784 // Configure a CRL that will mark |root_ca_cert| as a blocked interception
11785 // root.
11786 std::string crl_set_bytes;
11787 net::CertVerifyProc::ImplParams params;
11788 ASSERT_TRUE(
11789 base::ReadFileToString(GetTestCertsDirectory().AppendASCII(
11790 "crlset_blocked_interception_by_root.raw"),
11791 &crl_set_bytes));
11792 ASSERT_TRUE(CRLSet::Parse(crl_set_bytes, ¶ms.crl_set));
11793
11794 updatable_cert_verifier_->UpdateVerifyProcData(
11795 /*cert_net_fetcher=*/nullptr, params, {});
11796
11797 // Verify the connection fails as being a known interception root.
11798 {
11799 TestDelegate d;
11800 d.set_allow_certificate_errors(true);
11801 std::unique_ptr<URLRequest> req(
11802 context->CreateRequest(https_server.GetURL("/"), DEFAULT_PRIORITY, &d,
11803 TRAFFIC_ANNOTATION_FOR_TESTS));
11804 req->Start();
11805 d.RunUntilComplete();
11806
11807 EXPECT_EQ(1, d.response_started_count());
11808 EXPECT_FALSE(d.request_failed());
11809 if (SystemSupportsCRLSets()) {
11810 EXPECT_TRUE(d.have_certificate_errors());
11811 EXPECT_FALSE(d.certificate_errors_are_fatal());
11812 EXPECT_EQ(ERR_CERT_KNOWN_INTERCEPTION_BLOCKED, d.certificate_net_error());
11813 EXPECT_TRUE(req->ssl_info().cert_status &
11814 CERT_STATUS_KNOWN_INTERCEPTION_BLOCKED);
11815 } else {
11816 EXPECT_FALSE(d.have_certificate_errors());
11817 EXPECT_TRUE(req->ssl_info().cert_status &
11818 CERT_STATUS_KNOWN_INTERCEPTION_DETECTED);
11819 }
11820 }
11821 }
11822
TEST_F(HTTPSLocalCRLSetTest,InterceptionBlockedAllowOverrideOnHSTS)11823 TEST_F(HTTPSLocalCRLSetTest, InterceptionBlockedAllowOverrideOnHSTS) {
11824 constexpr char kHSTSHost[] = "include-subdomains-hsts-preloaded.test";
11825 constexpr char kHSTSSubdomainWithKnownInterception[] =
11826 "www.include-subdomains-hsts-preloaded.test";
11827
11828 EmbeddedTestServer https_server(net::EmbeddedTestServer::TYPE_HTTPS);
11829 https_server.SetSSLConfig(net::EmbeddedTestServer::CERT_OK_BY_INTERMEDIATE);
11830 https_server.ServeFilesFromSourceDirectory(base::FilePath(kTestFilePath));
11831 ASSERT_TRUE(https_server.Start());
11832
11833 // Configure the CertVerifier to simulate:
11834 // - For the test server host, that the certificate is issued by an
11835 // unknown authority; this SHOULD NOT be a fatal error when signaled
11836 // to the delegate.
11837 // - For |kHSTSHost|, that the certificate is issued by an unknown
11838 // authority; this SHOULD be a fatal error.
11839 // Combined, these two states represent the baseline: non-fatal for non-HSTS
11840 // hosts, fatal for HSTS host.
11841 // - For |kHSTSSubdomainWithKnownInterception|, that the certificate is
11842 // issued by a known interception cert. This SHOULD be an error, but
11843 // SHOULD NOT be a fatal error
11844 auto cert_verifier = std::make_unique<MockCertVerifier>();
11845
11846 scoped_refptr<X509Certificate> cert = https_server.GetCertificate();
11847 ASSERT_TRUE(cert);
11848
11849 HashValue filler_hash;
11850 ASSERT_TRUE(filler_hash.FromString(
11851 "sha256/3333333333333333333333333333333333333333333="));
11852
11853 CertVerifyResult fake_result;
11854 fake_result.verified_cert = cert;
11855 fake_result.is_issued_by_known_root = false;
11856
11857 // Configure for the test server's default host.
11858 CertVerifyResult test_result = fake_result;
11859 test_result.public_key_hashes.push_back(filler_hash);
11860 test_result.cert_status |= CERT_STATUS_AUTHORITY_INVALID;
11861 cert_verifier->AddResultForCertAndHost(
11862 cert.get(), https_server.host_port_pair().host(), test_result,
11863 ERR_CERT_AUTHORITY_INVALID);
11864
11865 // Configure for kHSTSHost.
11866 CertVerifyResult sts_base_result = fake_result;
11867 sts_base_result.public_key_hashes.push_back(filler_hash);
11868 sts_base_result.cert_status |= CERT_STATUS_AUTHORITY_INVALID;
11869 cert_verifier->AddResultForCertAndHost(cert.get(), kHSTSHost, sts_base_result,
11870 ERR_CERT_AUTHORITY_INVALID);
11871
11872 // Configure for kHSTSSubdomainWithKnownInterception
11873 CertVerifyResult sts_sub_result = fake_result;
11874 SHA256HashValue root_hash;
11875 ASSERT_TRUE(GetTestRootCertSPKIHash(&root_hash));
11876 sts_sub_result.public_key_hashes.push_back(HashValue(root_hash));
11877 sts_sub_result.cert_status |=
11878 CERT_STATUS_REVOKED | CERT_STATUS_KNOWN_INTERCEPTION_BLOCKED;
11879 cert_verifier->AddResultForCertAndHost(
11880 cert.get(), kHSTSSubdomainWithKnownInterception, sts_sub_result,
11881 ERR_CERT_KNOWN_INTERCEPTION_BLOCKED);
11882
11883 // Configure the initial context.
11884 auto context_builder = CreateTestURLRequestContextBuilder();
11885 context_builder->SetCertVerifier(std::move(cert_verifier));
11886 auto context = context_builder->Build();
11887
11888 // Enable preloaded HSTS for |kHSTSHost|.
11889 ASSERT_TRUE(context->transport_security_state());
11890 TransportSecurityState& security_state = *context->transport_security_state();
11891 security_state.EnableStaticPinsForTesting();
11892 security_state.SetPinningListAlwaysTimelyForTesting(true);
11893 SetTransportSecurityStateSourceForTesting(&test_default::kHSTSSource);
11894
11895 // Connect to the test server and see the certificate error flagged, but
11896 // not fatal.
11897 {
11898 TestDelegate d;
11899 std::unique_ptr<URLRequest> req(
11900 context->CreateRequest(https_server.GetURL("/"), DEFAULT_PRIORITY, &d,
11901 TRAFFIC_ANNOTATION_FOR_TESTS));
11902 req->Start();
11903 d.RunUntilComplete();
11904
11905 EXPECT_EQ(1, d.response_started_count());
11906 EXPECT_TRUE(d.request_failed());
11907 EXPECT_TRUE(d.have_certificate_errors());
11908 EXPECT_FALSE(d.certificate_errors_are_fatal());
11909 EXPECT_FALSE(req->ssl_info().cert_status &
11910 CERT_STATUS_KNOWN_INTERCEPTION_BLOCKED);
11911 }
11912
11913 // Connect to kHSTSHost and see the certificate errors are flagged, and are
11914 // fatal.
11915 {
11916 TestDelegate d;
11917 std::unique_ptr<URLRequest> req(context->CreateRequest(
11918 https_server.GetURL(kHSTSHost, "/"), DEFAULT_PRIORITY, &d,
11919 TRAFFIC_ANNOTATION_FOR_TESTS));
11920 req->Start();
11921 d.RunUntilComplete();
11922
11923 EXPECT_EQ(1, d.response_started_count());
11924 EXPECT_TRUE(d.request_failed());
11925 EXPECT_TRUE(d.have_certificate_errors());
11926 EXPECT_TRUE(d.certificate_errors_are_fatal());
11927 EXPECT_FALSE(req->ssl_info().cert_status &
11928 CERT_STATUS_KNOWN_INTERCEPTION_BLOCKED);
11929 }
11930
11931 // Verify the connection fails as being a known interception root.
11932 {
11933 TestDelegate d;
11934 d.set_allow_certificate_errors(true);
11935 std::unique_ptr<URLRequest> req(context->CreateRequest(
11936 https_server.GetURL(kHSTSSubdomainWithKnownInterception, "/"),
11937 DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
11938 req->Start();
11939 d.RunUntilComplete();
11940
11941 EXPECT_EQ(1, d.response_started_count());
11942 EXPECT_FALSE(d.request_failed());
11943 EXPECT_TRUE(d.have_certificate_errors());
11944 EXPECT_FALSE(d.certificate_errors_are_fatal());
11945 EXPECT_EQ(ERR_CERT_KNOWN_INTERCEPTION_BLOCKED, d.certificate_net_error());
11946 EXPECT_TRUE(req->ssl_info().cert_status &
11947 CERT_STATUS_KNOWN_INTERCEPTION_BLOCKED);
11948 }
11949 }
11950 #endif // !BUILDFLAG(IS_IOS)
11951
TEST_F(URLRequestTest,NetworkAccessedSetOnHostResolutionFailure)11952 TEST_F(URLRequestTest, NetworkAccessedSetOnHostResolutionFailure) {
11953 auto context_builder = CreateTestURLRequestContextBuilder();
11954 auto host_resolver = std::make_unique<MockHostResolver>();
11955 host_resolver->rules()->AddSimulatedTimeoutFailure("*");
11956 context_builder->set_host_resolver(std::move(host_resolver));
11957 auto context = context_builder->Build();
11958
11959 TestDelegate d;
11960 std::unique_ptr<URLRequest> req(context->CreateRequest(
11961 GURL("http://test_intercept/foo"), DEFAULT_PRIORITY, &d,
11962 TRAFFIC_ANNOTATION_FOR_TESTS));
11963
11964 EXPECT_FALSE(req->response_info().network_accessed);
11965
11966 req->Start();
11967 d.RunUntilComplete();
11968 EXPECT_TRUE(req->response_info().network_accessed);
11969 EXPECT_THAT(req->response_info().resolve_error_info.error,
11970 IsError(ERR_DNS_TIMED_OUT));
11971 }
11972
11973 // Test that URLRequest is canceled correctly.
11974 // See http://crbug.com/508900
TEST_F(URLRequestTest,URLRequestRedirectJobCancelRequest)11975 TEST_F(URLRequestTest, URLRequestRedirectJobCancelRequest) {
11976 TestDelegate d;
11977 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
11978 GURL("http://not-a-real-domain/"), DEFAULT_PRIORITY, &d,
11979 TRAFFIC_ANNOTATION_FOR_TESTS));
11980
11981 std::unique_ptr<URLRequestRedirectJob> job =
11982 std::make_unique<URLRequestRedirectJob>(
11983 req.get(), GURL("http://this-should-never-be-navigated-to/"),
11984 RedirectUtil::ResponseCode::REDIRECT_307_TEMPORARY_REDIRECT,
11985 "Jumbo shrimp");
11986 TestScopedURLInterceptor interceptor(req->url(), std::move(job));
11987
11988 req->Start();
11989 req->Cancel();
11990 base::RunLoop().RunUntilIdle();
11991 EXPECT_EQ(ERR_ABORTED, d.request_status());
11992 EXPECT_EQ(0, d.received_redirect_count());
11993 }
11994
11995 #if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_ANDROID) || BUILDFLAG(IS_CHROMEOS)
11996 #define MAYBE_HeadersCallbacks DISABLED_HeadersCallbacks
11997 #else
11998 #define MAYBE_HeadersCallbacks HeadersCallbacks
11999 #endif
TEST_F(URLRequestTestHTTP,MAYBE_HeadersCallbacks)12000 TEST_F(URLRequestTestHTTP, MAYBE_HeadersCallbacks) {
12001 ASSERT_TRUE(http_test_server()->Start());
12002 GURL url(http_test_server()->GetURL("/cachetime"));
12003 TestDelegate delegate;
12004 HttpRequestHeaders extra_headers;
12005 extra_headers.SetHeader("X-Foo", "bar");
12006
12007 {
12008 HttpRawRequestHeaders raw_req_headers;
12009 scoped_refptr<const HttpResponseHeaders> raw_resp_headers;
12010
12011 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
12012 url, DEFAULT_PRIORITY, &delegate, TRAFFIC_ANNOTATION_FOR_TESTS));
12013 r->SetExtraRequestHeaders(extra_headers);
12014 r->SetRequestHeadersCallback(base::BindRepeating(
12015 &HttpRawRequestHeaders::Assign, base::Unretained(&raw_req_headers)));
12016 r->SetResponseHeadersCallback(base::BindRepeating(
12017 [](scoped_refptr<const HttpResponseHeaders>* left,
12018 scoped_refptr<const HttpResponseHeaders> right) { *left = right; },
12019 base::Unretained(&raw_resp_headers)));
12020 r->set_isolation_info(isolation_info1_);
12021 r->Start();
12022 while (!delegate.response_started_count())
12023 base::RunLoop().RunUntilIdle();
12024 EXPECT_FALSE(raw_req_headers.headers().empty());
12025 std::string value;
12026 EXPECT_TRUE(raw_req_headers.FindHeaderForTest("X-Foo", &value));
12027 EXPECT_EQ("bar", value);
12028 EXPECT_TRUE(raw_req_headers.FindHeaderForTest("Accept-Encoding", &value));
12029 EXPECT_EQ("gzip, deflate", value);
12030 EXPECT_TRUE(raw_req_headers.FindHeaderForTest("Connection", &value));
12031 EXPECT_TRUE(raw_req_headers.FindHeaderForTest("Host", &value));
12032 EXPECT_EQ("GET /cachetime HTTP/1.1\r\n", raw_req_headers.request_line());
12033 EXPECT_EQ(raw_resp_headers.get(), r->response_headers());
12034 }
12035 {
12036 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
12037 url, DEFAULT_PRIORITY, &delegate, TRAFFIC_ANNOTATION_FOR_TESTS));
12038 r->SetExtraRequestHeaders(extra_headers);
12039 r->SetRequestHeadersCallback(base::BindRepeating([](HttpRawRequestHeaders) {
12040 FAIL() << "Callback should not be called unless request is sent";
12041 }));
12042 r->SetResponseHeadersCallback(
12043 base::BindRepeating([](scoped_refptr<const HttpResponseHeaders>) {
12044 FAIL() << "Callback should not be called unless request is sent";
12045 }));
12046 r->set_isolation_info(isolation_info1_);
12047 r->Start();
12048 delegate.RunUntilComplete();
12049 EXPECT_TRUE(r->was_cached());
12050 }
12051 }
12052
TEST_F(URLRequestTestHTTP,HeadersCallbacksWithRedirect)12053 TEST_F(URLRequestTestHTTP, HeadersCallbacksWithRedirect) {
12054 ASSERT_TRUE(http_test_server()->Start());
12055 HttpRawRequestHeaders raw_req_headers;
12056 scoped_refptr<const HttpResponseHeaders> raw_resp_headers;
12057
12058 TestDelegate delegate;
12059 HttpRequestHeaders extra_headers;
12060 extra_headers.SetHeader("X-Foo", "bar");
12061 GURL url(http_test_server()->GetURL("/redirect-test.html"));
12062 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
12063 url, DEFAULT_PRIORITY, &delegate, TRAFFIC_ANNOTATION_FOR_TESTS));
12064 r->SetExtraRequestHeaders(extra_headers);
12065 r->SetRequestHeadersCallback(base::BindRepeating(
12066 &HttpRawRequestHeaders::Assign, base::Unretained(&raw_req_headers)));
12067 r->SetResponseHeadersCallback(base::BindRepeating(
12068 [](scoped_refptr<const HttpResponseHeaders>* left,
12069 scoped_refptr<const HttpResponseHeaders> right) { *left = right; },
12070 base::Unretained(&raw_resp_headers)));
12071 r->Start();
12072 delegate.RunUntilRedirect();
12073
12074 ASSERT_EQ(1, delegate.received_redirect_count());
12075 std::string value;
12076 EXPECT_TRUE(raw_req_headers.FindHeaderForTest("X-Foo", &value));
12077 EXPECT_EQ("bar", value);
12078 EXPECT_TRUE(raw_req_headers.FindHeaderForTest("Accept-Encoding", &value));
12079 EXPECT_EQ("gzip, deflate", value);
12080 EXPECT_EQ(1, delegate.received_redirect_count());
12081 EXPECT_EQ("GET /redirect-test.html HTTP/1.1\r\n",
12082 raw_req_headers.request_line());
12083 EXPECT_TRUE(raw_resp_headers->HasHeader("Location"));
12084 EXPECT_EQ(302, raw_resp_headers->response_code());
12085 EXPECT_EQ("Redirect", raw_resp_headers->GetStatusText());
12086
12087 raw_req_headers = HttpRawRequestHeaders();
12088 raw_resp_headers = nullptr;
12089 r->FollowDeferredRedirect(absl::nullopt /* removed_headers */,
12090 absl::nullopt /* modified_headers */);
12091 delegate.RunUntilComplete();
12092 EXPECT_TRUE(raw_req_headers.FindHeaderForTest("X-Foo", &value));
12093 EXPECT_EQ("bar", value);
12094 EXPECT_TRUE(raw_req_headers.FindHeaderForTest("Accept-Encoding", &value));
12095 EXPECT_EQ("gzip, deflate", value);
12096 EXPECT_EQ("GET /with-headers.html HTTP/1.1\r\n",
12097 raw_req_headers.request_line());
12098 EXPECT_EQ(r->response_headers(), raw_resp_headers.get());
12099 }
12100
TEST_F(URLRequestTest,HeadersCallbacksConnectFailed)12101 TEST_F(URLRequestTest, HeadersCallbacksConnectFailed) {
12102 TestDelegate request_delegate;
12103
12104 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
12105 GURL("http://127.0.0.1:9/"), DEFAULT_PRIORITY, &request_delegate,
12106 TRAFFIC_ANNOTATION_FOR_TESTS));
12107 r->SetRequestHeadersCallback(
12108 base::BindRepeating([](net::HttpRawRequestHeaders) {
12109 FAIL() << "Callback should not be called unless request is sent";
12110 }));
12111 r->SetResponseHeadersCallback(
12112 base::BindRepeating([](scoped_refptr<const net::HttpResponseHeaders>) {
12113 FAIL() << "Callback should not be called unless request is sent";
12114 }));
12115 r->Start();
12116 request_delegate.RunUntilComplete();
12117 EXPECT_FALSE(r->is_pending());
12118 }
12119
TEST_F(URLRequestTestHTTP,HeadersCallbacksAuthRetry)12120 TEST_F(URLRequestTestHTTP, HeadersCallbacksAuthRetry) {
12121 ASSERT_TRUE(http_test_server()->Start());
12122 GURL url(http_test_server()->GetURL("/auth-basic"));
12123
12124 TestDelegate delegate;
12125
12126 delegate.set_credentials(AuthCredentials(kUser, kSecret));
12127 HttpRequestHeaders extra_headers;
12128 extra_headers.SetHeader("X-Foo", "bar");
12129
12130 using ReqHeadersVector = std::vector<std::unique_ptr<HttpRawRequestHeaders>>;
12131 ReqHeadersVector raw_req_headers;
12132
12133 using RespHeadersVector =
12134 std::vector<scoped_refptr<const HttpResponseHeaders>>;
12135 RespHeadersVector raw_resp_headers;
12136
12137 auto req_headers_callback = base::BindRepeating(
12138 [](ReqHeadersVector* vec, HttpRawRequestHeaders headers) {
12139 vec->emplace_back(
12140 std::make_unique<HttpRawRequestHeaders>(std::move(headers)));
12141 },
12142 &raw_req_headers);
12143 auto resp_headers_callback = base::BindRepeating(
12144 [](RespHeadersVector* vec,
12145 scoped_refptr<const HttpResponseHeaders> headers) {
12146 vec->push_back(headers);
12147 },
12148 &raw_resp_headers);
12149 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
12150 url, DEFAULT_PRIORITY, &delegate, TRAFFIC_ANNOTATION_FOR_TESTS));
12151 r->SetExtraRequestHeaders(extra_headers);
12152 r->SetRequestHeadersCallback(req_headers_callback);
12153 r->SetResponseHeadersCallback(resp_headers_callback);
12154 r->set_isolation_info(isolation_info1_);
12155 r->Start();
12156 delegate.RunUntilComplete();
12157 EXPECT_FALSE(r->is_pending());
12158 ASSERT_EQ(raw_req_headers.size(), 2u);
12159 ASSERT_EQ(raw_resp_headers.size(), 2u);
12160 std::string value;
12161 EXPECT_FALSE(raw_req_headers[0]->FindHeaderForTest("Authorization", &value));
12162 EXPECT_TRUE(raw_req_headers[0]->FindHeaderForTest("X-Foo", &value));
12163 EXPECT_EQ("bar", value);
12164 EXPECT_TRUE(raw_req_headers[1]->FindHeaderForTest("Authorization", &value));
12165 EXPECT_TRUE(raw_req_headers[1]->FindHeaderForTest("X-Foo", &value));
12166 EXPECT_EQ("bar", value);
12167 EXPECT_EQ(raw_resp_headers[1], r->response_headers());
12168 EXPECT_NE(raw_resp_headers[0], raw_resp_headers[1]);
12169 EXPECT_EQ(401, raw_resp_headers[0]->response_code());
12170 EXPECT_EQ("Unauthorized", raw_resp_headers[0]->GetStatusText());
12171
12172 std::unique_ptr<URLRequest> r2(default_context().CreateRequest(
12173 url, DEFAULT_PRIORITY, &delegate, TRAFFIC_ANNOTATION_FOR_TESTS));
12174 r2->SetExtraRequestHeaders(extra_headers);
12175 r2->SetRequestHeadersCallback(req_headers_callback);
12176 r2->SetResponseHeadersCallback(resp_headers_callback);
12177 r2->SetLoadFlags(LOAD_VALIDATE_CACHE);
12178 r2->set_isolation_info(isolation_info1_);
12179 r2->Start();
12180 delegate.RunUntilComplete();
12181 EXPECT_FALSE(r2->is_pending());
12182 ASSERT_EQ(raw_req_headers.size(), 3u);
12183 ASSERT_EQ(raw_resp_headers.size(), 3u);
12184 EXPECT_TRUE(raw_req_headers[2]->FindHeaderForTest("If-None-Match", &value));
12185 EXPECT_NE(raw_resp_headers[2].get(), r2->response_headers());
12186 EXPECT_EQ(304, raw_resp_headers[2]->response_code());
12187 EXPECT_EQ("Not Modified", raw_resp_headers[2]->GetStatusText());
12188 }
12189
TEST_F(URLRequestTest,UpgradeIfInsecureFlagSet)12190 TEST_F(URLRequestTest, UpgradeIfInsecureFlagSet) {
12191 TestDelegate d;
12192 const GURL kOriginalUrl("https://original.test");
12193 const GURL kRedirectUrl("http://redirect.test");
12194 auto context_builder = CreateTestURLRequestContextBuilder();
12195 auto& network_delegate = *context_builder->set_network_delegate(
12196 std::make_unique<BlockingNetworkDelegate>(
12197 BlockingNetworkDelegate::SYNCHRONOUS));
12198 network_delegate.set_redirect_url(kRedirectUrl);
12199 auto context = context_builder->Build();
12200
12201 std::unique_ptr<URLRequest> r(context->CreateRequest(
12202 kOriginalUrl, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
12203 r->set_upgrade_if_insecure(true);
12204 r->Start();
12205 d.RunUntilRedirect();
12206 GURL::Replacements replacements;
12207 // Check that the redirect URL was upgraded to HTTPS since upgrade_if_insecure
12208 // was set.
12209 replacements.SetSchemeStr("https");
12210 EXPECT_EQ(kRedirectUrl.ReplaceComponents(replacements),
12211 d.redirect_info().new_url);
12212 EXPECT_TRUE(d.redirect_info().insecure_scheme_was_upgraded);
12213 }
12214
TEST_F(URLRequestTest,UpgradeIfInsecureFlagSetExplicitPort80)12215 TEST_F(URLRequestTest, UpgradeIfInsecureFlagSetExplicitPort80) {
12216 TestDelegate d;
12217 const GURL kOriginalUrl("https://original.test");
12218 const GURL kRedirectUrl("http://redirect.test:80");
12219 auto context_builder = CreateTestURLRequestContextBuilder();
12220 auto& network_delegate = *context_builder->set_network_delegate(
12221 std::make_unique<BlockingNetworkDelegate>(
12222 BlockingNetworkDelegate::SYNCHRONOUS));
12223 network_delegate.set_redirect_url(kRedirectUrl);
12224 auto context = context_builder->Build();
12225
12226 std::unique_ptr<URLRequest> r(context->CreateRequest(
12227 kOriginalUrl, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
12228 r->set_upgrade_if_insecure(true);
12229 r->Start();
12230 d.RunUntilRedirect();
12231 GURL::Replacements replacements;
12232 // The URL host should have not been changed.
12233 EXPECT_EQ(d.redirect_info().new_url.host(), kRedirectUrl.host());
12234 // The scheme should now be https, and the effective port should now be 443.
12235 EXPECT_TRUE(d.redirect_info().new_url.SchemeIs("https"));
12236 EXPECT_EQ(d.redirect_info().new_url.EffectiveIntPort(), 443);
12237 EXPECT_TRUE(d.redirect_info().insecure_scheme_was_upgraded);
12238 }
12239
TEST_F(URLRequestTest,UpgradeIfInsecureFlagSetNonStandardPort)12240 TEST_F(URLRequestTest, UpgradeIfInsecureFlagSetNonStandardPort) {
12241 TestDelegate d;
12242 const GURL kOriginalUrl("https://original.test");
12243 const GURL kRedirectUrl("http://redirect.test:1234");
12244 auto context_builder = CreateTestURLRequestContextBuilder();
12245 auto& network_delegate = *context_builder->set_network_delegate(
12246 std::make_unique<BlockingNetworkDelegate>(
12247 BlockingNetworkDelegate::SYNCHRONOUS));
12248 network_delegate.set_redirect_url(kRedirectUrl);
12249 auto context = context_builder->Build();
12250
12251 std::unique_ptr<URLRequest> r(context->CreateRequest(
12252 kOriginalUrl, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
12253 r->set_upgrade_if_insecure(true);
12254 r->Start();
12255 d.RunUntilRedirect();
12256 GURL::Replacements replacements;
12257 // Check that the redirect URL was upgraded to HTTPS since upgrade_if_insecure
12258 // was set, nonstandard port should not have been modified.
12259 replacements.SetSchemeStr("https");
12260 EXPECT_EQ(kRedirectUrl.ReplaceComponents(replacements),
12261 d.redirect_info().new_url);
12262 EXPECT_TRUE(d.redirect_info().insecure_scheme_was_upgraded);
12263 }
12264
TEST_F(URLRequestTest,UpgradeIfInsecureFlagNotSet)12265 TEST_F(URLRequestTest, UpgradeIfInsecureFlagNotSet) {
12266 TestDelegate d;
12267 const GURL kOriginalUrl("https://original.test");
12268 const GURL kRedirectUrl("http://redirect.test");
12269 auto context_builder = CreateTestURLRequestContextBuilder();
12270 auto& network_delegate = *context_builder->set_network_delegate(
12271 std::make_unique<BlockingNetworkDelegate>(
12272 BlockingNetworkDelegate::SYNCHRONOUS));
12273 network_delegate.set_redirect_url(kRedirectUrl);
12274 auto context = context_builder->Build();
12275
12276 std::unique_ptr<URLRequest> r(context->CreateRequest(
12277 kOriginalUrl, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
12278 r->set_upgrade_if_insecure(false);
12279 r->Start();
12280 d.RunUntilRedirect();
12281 // The redirect URL should not be changed if the upgrade_if_insecure flag is
12282 // not set.
12283 EXPECT_EQ(kRedirectUrl, d.redirect_info().new_url);
12284 EXPECT_FALSE(d.redirect_info().insecure_scheme_was_upgraded);
12285 }
12286
12287 // Test that URLRequests get properly tagged.
12288 #if BUILDFLAG(IS_ANDROID)
TEST_F(URLRequestTestHTTP,TestTagging)12289 TEST_F(URLRequestTestHTTP, TestTagging) {
12290 if (!CanGetTaggedBytes()) {
12291 DVLOG(0) << "Skipping test - GetTaggedBytes unsupported.";
12292 return;
12293 }
12294
12295 ASSERT_TRUE(http_test_server()->Start());
12296
12297 // The tag under which the system reports untagged traffic.
12298 static const int32_t UNTAGGED_TAG = 0;
12299
12300 uint64_t old_traffic = GetTaggedBytes(UNTAGGED_TAG);
12301
12302 // Untagged traffic should be tagged with tag UNTAGGED_TAG.
12303 TestDelegate delegate;
12304 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
12305 http_test_server()->GetURL("/"), DEFAULT_PRIORITY, &delegate,
12306 TRAFFIC_ANNOTATION_FOR_TESTS));
12307 EXPECT_EQ(SocketTag(), req->socket_tag());
12308 req->Start();
12309 delegate.RunUntilComplete();
12310
12311 EXPECT_GT(GetTaggedBytes(UNTAGGED_TAG), old_traffic);
12312
12313 int32_t tag_val1 = 0x12345678;
12314 SocketTag tag1(SocketTag::UNSET_UID, tag_val1);
12315 old_traffic = GetTaggedBytes(tag_val1);
12316
12317 // Test specific tag value.
12318 req = default_context().CreateRequest(http_test_server()->GetURL("/"),
12319 DEFAULT_PRIORITY, &delegate,
12320 TRAFFIC_ANNOTATION_FOR_TESTS);
12321 req->set_socket_tag(tag1);
12322 EXPECT_EQ(tag1, req->socket_tag());
12323 req->Start();
12324 delegate.RunUntilComplete();
12325
12326 EXPECT_GT(GetTaggedBytes(tag_val1), old_traffic);
12327 }
12328 #endif
12329
12330 namespace {
12331
12332 class ReadBufferingListener
12333 : public test_server::EmbeddedTestServerConnectionListener {
12334 public:
12335 ReadBufferingListener() = default;
12336 ~ReadBufferingListener() override = default;
12337
BufferNextConnection(int buffer_size)12338 void BufferNextConnection(int buffer_size) { buffer_size_ = buffer_size; }
12339
AcceptedSocket(std::unique_ptr<StreamSocket> socket)12340 std::unique_ptr<StreamSocket> AcceptedSocket(
12341 std::unique_ptr<StreamSocket> socket) override {
12342 if (!buffer_size_) {
12343 return socket;
12344 }
12345 auto wrapped =
12346 std::make_unique<ReadBufferingStreamSocket>(std::move(socket));
12347 wrapped->BufferNextRead(buffer_size_);
12348 // Do not buffer subsequent connections, which may be a 0-RTT retry.
12349 buffer_size_ = 0;
12350 return wrapped;
12351 }
12352
ReadFromSocket(const StreamSocket & socket,int rv)12353 void ReadFromSocket(const StreamSocket& socket, int rv) override {}
12354
12355 private:
12356 int buffer_size_ = 0;
12357 };
12358
12359 // Provides a response to the 0RTT request indicating whether it was received
12360 // as early data, sending HTTP_TOO_EARLY if enabled.
12361 class ZeroRTTResponse : public test_server::BasicHttpResponse {
12362 public:
ZeroRTTResponse(bool zero_rtt,bool send_too_early)12363 ZeroRTTResponse(bool zero_rtt, bool send_too_early)
12364 : zero_rtt_(zero_rtt), send_too_early_(send_too_early) {}
12365
12366 ZeroRTTResponse(const ZeroRTTResponse&) = delete;
12367 ZeroRTTResponse& operator=(const ZeroRTTResponse&) = delete;
12368
12369 ~ZeroRTTResponse() override = default;
12370
SendResponse(base::WeakPtr<test_server::HttpResponseDelegate> delegate)12371 void SendResponse(
12372 base::WeakPtr<test_server::HttpResponseDelegate> delegate) override {
12373 AddCustomHeader("Vary", "Early-Data");
12374 set_content_type("text/plain");
12375 AddCustomHeader("Cache-Control", "no-cache");
12376 if (zero_rtt_) {
12377 if (send_too_early_)
12378 set_code(HTTP_TOO_EARLY);
12379 set_content("1");
12380 } else {
12381 set_content("0");
12382 }
12383
12384 // Since the EmbeddedTestServer doesn't keep the socket open by default,
12385 // it is explicitly kept alive to allow the remaining leg of the 0RTT
12386 // handshake to be received after the early data.
12387 delegate->SendResponseHeaders(code(), GetHttpReasonPhrase(code()),
12388 BuildHeaders());
12389 delegate->SendContents(content(), base::DoNothing());
12390 }
12391
12392 private:
12393 bool zero_rtt_;
12394 bool send_too_early_;
12395 };
12396
HandleZeroRTTRequest(const test_server::HttpRequest & request)12397 std::unique_ptr<test_server::HttpResponse> HandleZeroRTTRequest(
12398 const test_server::HttpRequest& request) {
12399 DCHECK(request.ssl_info);
12400
12401 if (request.GetURL().path() != "/zerortt")
12402 return nullptr;
12403 return std::make_unique<ZeroRTTResponse>(
12404 request.ssl_info->early_data_received, false);
12405 }
12406
12407 } // namespace
12408
12409 class HTTPSEarlyDataTest : public TestWithTaskEnvironment {
12410 public:
HTTPSEarlyDataTest()12411 HTTPSEarlyDataTest() : test_server_(net::EmbeddedTestServer::TYPE_HTTPS) {
12412 HttpNetworkSessionParams params;
12413 params.enable_early_data = true;
12414
12415 auto cert_verifier = std::make_unique<MockCertVerifier>();
12416 cert_verifier->set_default_result(OK);
12417
12418 SSLContextConfig config;
12419 config.version_max = SSL_PROTOCOL_VERSION_TLS1_3;
12420
12421 auto context_builder = CreateTestURLRequestContextBuilder();
12422 context_builder->set_http_network_session_params(params);
12423 context_builder->SetCertVerifier(std::move(cert_verifier));
12424 context_builder->set_ssl_config_service(
12425 std::make_unique<TestSSLConfigService>(config));
12426 context_ = context_builder->Build();
12427
12428 test_server_.SetSSLConfig(
12429 net::EmbeddedTestServer::CERT_OK,
12430 CreateSSLServerConfig(SSL_PROTOCOL_VERSION_TLS1_3));
12431 RegisterDefaultHandlers(&test_server_);
12432 test_server_.RegisterRequestHandler(
12433 base::BindRepeating(&HandleZeroRTTRequest));
12434 test_server_.SetConnectionListener(&listener_);
12435 }
12436
12437 ~HTTPSEarlyDataTest() override = default;
12438
context()12439 URLRequestContext& context() { return *context_; }
12440
CreateSSLServerConfig(uint16_t version)12441 static SSLServerConfig CreateSSLServerConfig(uint16_t version) {
12442 SSLServerConfig ssl_config;
12443 ssl_config.version_max = version;
12444 ssl_config.early_data_enabled = true;
12445 return ssl_config;
12446 }
12447
ResetSSLConfig(net::EmbeddedTestServer::ServerCertificate cert,uint16_t version)12448 void ResetSSLConfig(net::EmbeddedTestServer::ServerCertificate cert,
12449 uint16_t version) {
12450 SSLServerConfig ssl_config = CreateSSLServerConfig(version);
12451 test_server_.ResetSSLConfig(cert, ssl_config);
12452 }
12453
12454 protected:
12455 std::unique_ptr<URLRequestContext> context_;
12456
12457 ReadBufferingListener listener_;
12458 EmbeddedTestServer test_server_;
12459 };
12460
12461 // TLSEarlyDataTest tests that we handle early data correctly.
TEST_F(HTTPSEarlyDataTest,TLSEarlyDataTest)12462 TEST_F(HTTPSEarlyDataTest, TLSEarlyDataTest) {
12463 ASSERT_TRUE(test_server_.Start());
12464 context().http_transaction_factory()->GetSession()->ClearSSLSessionCache();
12465
12466 // kParamSize must be larger than any ClientHello sent by the client, but
12467 // smaller than the maximum amount of early data allowed by the server.
12468 const int kParamSize = 4 * 1024;
12469 const GURL kUrl =
12470 test_server_.GetURL("/zerortt?" + std::string(kParamSize, 'a'));
12471
12472 {
12473 TestDelegate d;
12474 std::unique_ptr<URLRequest> r(context().CreateRequest(
12475 kUrl, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
12476 r->Start();
12477 EXPECT_TRUE(r->is_pending());
12478
12479 base::RunLoop().Run();
12480
12481 EXPECT_EQ(1, d.response_started_count());
12482
12483 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1_3,
12484 SSLConnectionStatusToVersion(r->ssl_info().connection_status));
12485 EXPECT_TRUE(r->ssl_info().unverified_cert.get());
12486 EXPECT_TRUE(test_server_.GetCertificate()->EqualsIncludingChain(
12487 r->ssl_info().cert.get()));
12488
12489 // The Early-Data header should be omitted in the initial request, and the
12490 // handler should return "0".
12491 EXPECT_EQ("0", d.data_received());
12492 }
12493
12494 context().http_transaction_factory()->GetSession()->CloseAllConnections(
12495 ERR_FAILED, "Very good reason");
12496
12497 // 0-RTT inherently involves a race condition: if the server responds with the
12498 // ServerHello before the client sends the HTTP request (the client may be
12499 // busy verifying a certificate), the client will send data over 1-RTT keys
12500 // rather than 0-RTT.
12501 //
12502 // This test ensures 0-RTT is sent if relevant by making the test server wait
12503 // for both the ClientHello and 0-RTT HTTP request before responding. We use
12504 // a ReadBufferingStreamSocket and enable buffering for the 0-RTT request. The
12505 // buffer size must be larger than the ClientHello but smaller than the
12506 // ClientHello combined with the HTTP request.
12507 listener_.BufferNextConnection(kParamSize);
12508
12509 {
12510 TestDelegate d;
12511 std::unique_ptr<URLRequest> r(context().CreateRequest(
12512 kUrl, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
12513
12514 r->Start();
12515 EXPECT_TRUE(r->is_pending());
12516
12517 base::RunLoop().Run();
12518
12519 EXPECT_EQ(1, d.response_started_count());
12520
12521 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1_3,
12522 SSLConnectionStatusToVersion(r->ssl_info().connection_status));
12523 EXPECT_TRUE(r->ssl_info().unverified_cert.get());
12524 EXPECT_TRUE(test_server_.GetCertificate()->EqualsIncludingChain(
12525 r->ssl_info().cert.get()));
12526
12527 // The Early-Data header should be a single '1' in the resumed request, and
12528 // the handler should return "1".
12529 EXPECT_EQ("1", d.data_received());
12530 }
12531 }
12532
12533 // TLSEarlyDataTest tests that we handle early data correctly for POST.
TEST_F(HTTPSEarlyDataTest,TLSEarlyDataPOSTTest)12534 TEST_F(HTTPSEarlyDataTest, TLSEarlyDataPOSTTest) {
12535 ASSERT_TRUE(test_server_.Start());
12536 context().http_transaction_factory()->GetSession()->ClearSSLSessionCache();
12537
12538 {
12539 TestDelegate d;
12540 std::unique_ptr<URLRequest> r(context().CreateRequest(
12541 test_server_.GetURL("/zerortt"), DEFAULT_PRIORITY, &d,
12542 TRAFFIC_ANNOTATION_FOR_TESTS));
12543 r->Start();
12544 EXPECT_TRUE(r->is_pending());
12545
12546 base::RunLoop().Run();
12547
12548 EXPECT_EQ(1, d.response_started_count());
12549
12550 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1_3,
12551 SSLConnectionStatusToVersion(r->ssl_info().connection_status));
12552 EXPECT_TRUE(r->ssl_info().unverified_cert.get());
12553 EXPECT_TRUE(test_server_.GetCertificate()->EqualsIncludingChain(
12554 r->ssl_info().cert.get()));
12555
12556 // The Early-Data header should be omitted in the initial request, and the
12557 // handler should return "0".
12558 EXPECT_EQ("0", d.data_received());
12559 }
12560
12561 context().http_transaction_factory()->GetSession()->CloseAllConnections(
12562 ERR_FAILED, "Very good reason");
12563
12564 {
12565 TestDelegate d;
12566 std::unique_ptr<URLRequest> r(context().CreateRequest(
12567 test_server_.GetURL("/zerortt"), DEFAULT_PRIORITY, &d,
12568 TRAFFIC_ANNOTATION_FOR_TESTS));
12569 r->set_method("POST");
12570 r->Start();
12571 EXPECT_TRUE(r->is_pending());
12572
12573 base::RunLoop().Run();
12574
12575 EXPECT_EQ(1, d.response_started_count());
12576
12577 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1_3,
12578 SSLConnectionStatusToVersion(r->ssl_info().connection_status));
12579 EXPECT_TRUE(r->ssl_info().unverified_cert.get());
12580 EXPECT_TRUE(test_server_.GetCertificate()->EqualsIncludingChain(
12581 r->ssl_info().cert.get()));
12582
12583 // The Early-Data header should be omitted in the request, since we don't
12584 // send POSTs over early data, and the handler should return "0".
12585 EXPECT_EQ("0", d.data_received());
12586 }
12587 }
12588
12589 // TLSEarlyDataTest tests that the 0-RTT is enabled for idempotent POST request.
TEST_F(HTTPSEarlyDataTest,TLSEarlyDataIdempotentPOSTTest)12590 TEST_F(HTTPSEarlyDataTest, TLSEarlyDataIdempotentPOSTTest) {
12591 ASSERT_TRUE(test_server_.Start());
12592 context().http_transaction_factory()->GetSession()->ClearSSLSessionCache();
12593 const int kParamSize = 4 * 1024;
12594 const GURL kUrl =
12595 test_server_.GetURL("/zerortt?" + std::string(kParamSize, 'a'));
12596
12597 {
12598 TestDelegate d;
12599 std::unique_ptr<URLRequest> r(context().CreateRequest(
12600 kUrl, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
12601 r->Start();
12602 EXPECT_TRUE(r->is_pending());
12603
12604 base::RunLoop().Run();
12605
12606 EXPECT_EQ(1, d.response_started_count());
12607
12608 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1_3,
12609 SSLConnectionStatusToVersion(r->ssl_info().connection_status));
12610 EXPECT_TRUE(r->ssl_info().unverified_cert.get());
12611 EXPECT_TRUE(test_server_.GetCertificate()->EqualsIncludingChain(
12612 r->ssl_info().cert.get()));
12613
12614 // The Early-Data header should be omitted in the initial request, and the
12615 // handler should return "0".
12616 EXPECT_EQ("0", d.data_received());
12617 }
12618
12619 context().http_transaction_factory()->GetSession()->CloseAllConnections(
12620 ERR_FAILED, "Very good reason");
12621 listener_.BufferNextConnection(kParamSize);
12622
12623 {
12624 TestDelegate d;
12625 std::unique_ptr<URLRequest> r(context().CreateRequest(
12626 kUrl, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
12627 r->set_method("POST");
12628 r->SetIdempotency(net::IDEMPOTENT);
12629 r->Start();
12630 EXPECT_TRUE(r->is_pending());
12631
12632 base::RunLoop().Run();
12633
12634 EXPECT_EQ(1, d.response_started_count());
12635
12636 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1_3,
12637 SSLConnectionStatusToVersion(r->ssl_info().connection_status));
12638 EXPECT_TRUE(r->ssl_info().unverified_cert.get());
12639 EXPECT_TRUE(test_server_.GetCertificate()->EqualsIncludingChain(
12640 r->ssl_info().cert.get()));
12641
12642 // The Early-Data header should be set since the request is set as an
12643 // idempotent POST request.
12644 EXPECT_EQ("1", d.data_received());
12645 }
12646 }
12647
12648 // TLSEarlyDataTest tests that the 0-RTT is disabled for non-idempotent request.
TEST_F(HTTPSEarlyDataTest,TLSEarlyDataNonIdempotentRequestTest)12649 TEST_F(HTTPSEarlyDataTest, TLSEarlyDataNonIdempotentRequestTest) {
12650 ASSERT_TRUE(test_server_.Start());
12651 context().http_transaction_factory()->GetSession()->ClearSSLSessionCache();
12652
12653 {
12654 TestDelegate d;
12655 std::unique_ptr<URLRequest> r(context().CreateRequest(
12656 test_server_.GetURL("/zerortt"), DEFAULT_PRIORITY, &d,
12657 TRAFFIC_ANNOTATION_FOR_TESTS));
12658 r->Start();
12659 EXPECT_TRUE(r->is_pending());
12660
12661 base::RunLoop().Run();
12662
12663 EXPECT_EQ(1, d.response_started_count());
12664
12665 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1_3,
12666 SSLConnectionStatusToVersion(r->ssl_info().connection_status));
12667 EXPECT_TRUE(r->ssl_info().unverified_cert.get());
12668 EXPECT_TRUE(test_server_.GetCertificate()->EqualsIncludingChain(
12669 r->ssl_info().cert.get()));
12670
12671 // The Early-Data header should be omitted in the initial request, and the
12672 // handler should return "0".
12673 EXPECT_EQ("0", d.data_received());
12674 }
12675
12676 context().http_transaction_factory()->GetSession()->CloseAllConnections(
12677 ERR_FAILED, "Very good reason");
12678
12679 {
12680 TestDelegate d;
12681 std::unique_ptr<URLRequest> r(context().CreateRequest(
12682 test_server_.GetURL("/zerortt"), DEFAULT_PRIORITY, &d,
12683 TRAFFIC_ANNOTATION_FOR_TESTS));
12684 // Sets the GET request as not idempotent.
12685 r->SetIdempotency(net::NOT_IDEMPOTENT);
12686 r->Start();
12687 EXPECT_TRUE(r->is_pending());
12688
12689 base::RunLoop().Run();
12690
12691 EXPECT_EQ(1, d.response_started_count());
12692
12693 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1_3,
12694 SSLConnectionStatusToVersion(r->ssl_info().connection_status));
12695 EXPECT_TRUE(r->ssl_info().unverified_cert.get());
12696 EXPECT_TRUE(test_server_.GetCertificate()->EqualsIncludingChain(
12697 r->ssl_info().cert.get()));
12698
12699 // The Early-Data header should be omitted in the initial request even
12700 // though it is a GET request, since the request is set as not idempotent.
12701 EXPECT_EQ("0", d.data_received());
12702 }
12703 }
12704
HandleTooEarly(bool * sent_425,const test_server::HttpRequest & request)12705 std::unique_ptr<test_server::HttpResponse> HandleTooEarly(
12706 bool* sent_425,
12707 const test_server::HttpRequest& request) {
12708 DCHECK(request.ssl_info);
12709
12710 if (request.GetURL().path() != "/tooearly")
12711 return nullptr;
12712 if (request.ssl_info->early_data_received)
12713 *sent_425 = true;
12714 return std::make_unique<ZeroRTTResponse>(
12715 request.ssl_info->early_data_received, true);
12716 }
12717
12718 // Test that we handle 425 (Too Early) correctly.
TEST_F(HTTPSEarlyDataTest,TLSEarlyDataTooEarlyTest)12719 TEST_F(HTTPSEarlyDataTest, TLSEarlyDataTooEarlyTest) {
12720 bool sent_425 = false;
12721 test_server_.RegisterRequestHandler(
12722 base::BindRepeating(&HandleTooEarly, base::Unretained(&sent_425)));
12723 ASSERT_TRUE(test_server_.Start());
12724 context().http_transaction_factory()->GetSession()->ClearSSLSessionCache();
12725
12726 // kParamSize must be larger than any ClientHello sent by the client, but
12727 // smaller than the maximum amount of early data allowed by the server.
12728 const int kParamSize = 4 * 1024;
12729 const GURL kUrl =
12730 test_server_.GetURL("/tooearly?" + std::string(kParamSize, 'a'));
12731
12732 {
12733 TestDelegate d;
12734 std::unique_ptr<URLRequest> r(context().CreateRequest(
12735 kUrl, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
12736 r->Start();
12737 EXPECT_TRUE(r->is_pending());
12738
12739 d.RunUntilComplete();
12740
12741 EXPECT_EQ(1, d.response_started_count());
12742
12743 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1_3,
12744 SSLConnectionStatusToVersion(r->ssl_info().connection_status));
12745 EXPECT_TRUE(r->ssl_info().unverified_cert.get());
12746 EXPECT_TRUE(test_server_.GetCertificate()->EqualsIncludingChain(
12747 r->ssl_info().cert.get()));
12748
12749 // The Early-Data header should be omitted in the initial request, and the
12750 // handler should return "0".
12751 EXPECT_EQ("0", d.data_received());
12752 EXPECT_FALSE(sent_425);
12753 }
12754
12755 context().http_transaction_factory()->GetSession()->CloseAllConnections(
12756 ERR_FAILED, "Very good reason");
12757
12758 // 0-RTT inherently involves a race condition: if the server responds with the
12759 // ServerHello before the client sends the HTTP request (the client may be
12760 // busy verifying a certificate), the client will send data over 1-RTT keys
12761 // rather than 0-RTT.
12762 //
12763 // This test ensures 0-RTT is sent if relevant by making the test server wait
12764 // for both the ClientHello and 0-RTT HTTP request before responding. We use
12765 // a ReadBufferingStreamSocket and enable buffering for the 0-RTT request. The
12766 // buffer size must be larger than the ClientHello but smaller than the
12767 // ClientHello combined with the HTTP request.
12768 //
12769 // We must buffer exactly one connection because the HTTP 425 response will
12770 // trigger a retry, potentially on a new connection.
12771 listener_.BufferNextConnection(kParamSize);
12772
12773 {
12774 TestDelegate d;
12775 std::unique_ptr<URLRequest> r(context().CreateRequest(
12776 kUrl, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
12777
12778 r->Start();
12779 EXPECT_TRUE(r->is_pending());
12780
12781 d.RunUntilComplete();
12782
12783 EXPECT_EQ(1, d.response_started_count());
12784
12785 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1_3,
12786 SSLConnectionStatusToVersion(r->ssl_info().connection_status));
12787 EXPECT_TRUE(r->ssl_info().unverified_cert.get());
12788 EXPECT_TRUE(test_server_.GetCertificate()->EqualsIncludingChain(
12789 r->ssl_info().cert.get()));
12790
12791 // The resumption request will encounter a 425 error and retry without early
12792 // data, and the handler should return "0".
12793 EXPECT_EQ("0", d.data_received());
12794 EXPECT_TRUE(sent_425);
12795 }
12796 }
12797
12798 // TLSEarlyDataRejectTest tests that we gracefully handle an early data reject
12799 // and retry without early data.
TEST_F(HTTPSEarlyDataTest,TLSEarlyDataRejectTest)12800 TEST_F(HTTPSEarlyDataTest, TLSEarlyDataRejectTest) {
12801 ASSERT_TRUE(test_server_.Start());
12802 context().http_transaction_factory()->GetSession()->ClearSSLSessionCache();
12803
12804 {
12805 TestDelegate d;
12806 std::unique_ptr<URLRequest> r(context().CreateRequest(
12807 test_server_.GetURL("/zerortt"), DEFAULT_PRIORITY, &d,
12808 TRAFFIC_ANNOTATION_FOR_TESTS));
12809
12810 r->Start();
12811 EXPECT_TRUE(r->is_pending());
12812
12813 d.RunUntilComplete();
12814
12815 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1_3,
12816 SSLConnectionStatusToVersion(r->ssl_info().connection_status));
12817 EXPECT_TRUE(r->ssl_info().unverified_cert.get());
12818 EXPECT_TRUE(test_server_.GetCertificate()->EqualsIncludingChain(
12819 r->ssl_info().cert.get()));
12820
12821 // The Early-Data header should be omitted in the initial request, and the
12822 // handler should return "0".
12823 EXPECT_EQ("0", d.data_received());
12824 }
12825
12826 context().http_transaction_factory()->GetSession()->CloseAllConnections(
12827 ERR_FAILED, "Very good reason");
12828
12829 // The certificate in the resumption is changed to confirm that the
12830 // certificate change is observed.
12831 scoped_refptr<X509Certificate> old_cert = test_server_.GetCertificate();
12832 ResetSSLConfig(net::EmbeddedTestServer::CERT_EXPIRED,
12833 SSL_PROTOCOL_VERSION_TLS1_3);
12834
12835 {
12836 TestDelegate d;
12837 std::unique_ptr<URLRequest> r(context().CreateRequest(
12838 test_server_.GetURL("/zerortt"), DEFAULT_PRIORITY, &d,
12839 TRAFFIC_ANNOTATION_FOR_TESTS));
12840
12841 r->Start();
12842 EXPECT_TRUE(r->is_pending());
12843
12844 d.RunUntilComplete();
12845
12846 EXPECT_EQ(1, d.response_started_count());
12847
12848 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1_3,
12849 SSLConnectionStatusToVersion(r->ssl_info().connection_status));
12850 EXPECT_TRUE(r->ssl_info().unverified_cert.get());
12851 EXPECT_TRUE(test_server_.GetCertificate()->EqualsIncludingChain(
12852 r->ssl_info().cert.get()));
12853 EXPECT_FALSE(old_cert->EqualsIncludingChain(r->ssl_info().cert.get()));
12854
12855 // The Early-Data header should be omitted in the rejected request, and the
12856 // handler should return "0".
12857 EXPECT_EQ("0", d.data_received());
12858 }
12859 }
12860
12861 // TLSEarlyDataTLS12RejectTest tests that we gracefully handle an early data
12862 // reject from a TLS 1.2 server and retry without early data.
TEST_F(HTTPSEarlyDataTest,TLSEarlyDataTLS12RejectTest)12863 TEST_F(HTTPSEarlyDataTest, TLSEarlyDataTLS12RejectTest) {
12864 ASSERT_TRUE(test_server_.Start());
12865 context().http_transaction_factory()->GetSession()->ClearSSLSessionCache();
12866
12867 {
12868 TestDelegate d;
12869 std::unique_ptr<URLRequest> r(context().CreateRequest(
12870 test_server_.GetURL("/zerortt"), DEFAULT_PRIORITY, &d,
12871 TRAFFIC_ANNOTATION_FOR_TESTS));
12872
12873 r->Start();
12874 EXPECT_TRUE(r->is_pending());
12875
12876 d.RunUntilComplete();
12877
12878 EXPECT_EQ(1, d.response_started_count());
12879
12880 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1_3,
12881 SSLConnectionStatusToVersion(r->ssl_info().connection_status));
12882 EXPECT_TRUE(r->ssl_info().unverified_cert.get());
12883 EXPECT_TRUE(test_server_.GetCertificate()->EqualsIncludingChain(
12884 r->ssl_info().cert.get()));
12885
12886 // The Early-Data header should be omitted in the initial request, and the
12887 // handler should return "0".
12888 EXPECT_EQ("0", d.data_received());
12889 }
12890
12891 context().http_transaction_factory()->GetSession()->CloseAllConnections(
12892 ERR_FAILED, "Very good reason");
12893
12894 // The certificate in the resumption is changed to confirm that the
12895 // certificate change is observed.
12896 scoped_refptr<X509Certificate> old_cert = test_server_.GetCertificate();
12897 ResetSSLConfig(net::EmbeddedTestServer::CERT_EXPIRED,
12898 SSL_PROTOCOL_VERSION_TLS1_2);
12899
12900 {
12901 TestDelegate d;
12902 std::unique_ptr<URLRequest> r(context().CreateRequest(
12903 test_server_.GetURL("/zerortt"), DEFAULT_PRIORITY, &d,
12904 TRAFFIC_ANNOTATION_FOR_TESTS));
12905
12906 r->Start();
12907 EXPECT_TRUE(r->is_pending());
12908
12909 d.RunUntilComplete();
12910
12911 EXPECT_EQ(1, d.response_started_count());
12912
12913 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1_2,
12914 SSLConnectionStatusToVersion(r->ssl_info().connection_status));
12915 EXPECT_TRUE(r->ssl_info().unverified_cert.get());
12916 EXPECT_TRUE(test_server_.GetCertificate()->EqualsIncludingChain(
12917 r->ssl_info().cert.get()));
12918 EXPECT_FALSE(old_cert->EqualsIncludingChain(r->ssl_info().cert.get()));
12919
12920 // The Early-Data header should be omitted in the rejected request, and the
12921 // handler should return "0".
12922 EXPECT_EQ("0", d.data_received());
12923 }
12924 }
12925
12926 // Tests that AuthChallengeInfo is available on the request.
TEST_F(URLRequestTestHTTP,AuthChallengeInfo)12927 TEST_F(URLRequestTestHTTP, AuthChallengeInfo) {
12928 ASSERT_TRUE(http_test_server()->Start());
12929 GURL url(http_test_server()->GetURL("/auth-basic"));
12930
12931 TestDelegate delegate;
12932
12933 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
12934 url, DEFAULT_PRIORITY, &delegate, TRAFFIC_ANNOTATION_FOR_TESTS));
12935 r->Start();
12936 delegate.RunUntilComplete();
12937 ASSERT_TRUE(r->auth_challenge_info().has_value());
12938 EXPECT_FALSE(r->auth_challenge_info()->is_proxy);
12939 EXPECT_EQ(url::SchemeHostPort(url), r->auth_challenge_info()->challenger);
12940 EXPECT_EQ("basic", r->auth_challenge_info()->scheme);
12941 EXPECT_EQ("testrealm", r->auth_challenge_info()->realm);
12942 EXPECT_EQ("Basic realm=\"testrealm\"", r->auth_challenge_info()->challenge);
12943 EXPECT_EQ("/auth-basic", r->auth_challenge_info()->path);
12944 }
12945
TEST_F(URLRequestTestHTTP,ConnectNoSupported)12946 TEST_F(URLRequestTestHTTP, ConnectNoSupported) {
12947 ASSERT_TRUE(http_test_server()->Start());
12948 TestDelegate delegate;
12949 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
12950 http_test_server()->GetURL("/"), DEFAULT_PRIORITY, &delegate,
12951 TRAFFIC_ANNOTATION_FOR_TESTS));
12952 r->set_method("CONNECT");
12953 r->Start();
12954 delegate.RunUntilComplete();
12955 EXPECT_EQ(ERR_METHOD_NOT_SUPPORTED, delegate.request_status());
12956 }
12957
12958 class URLRequestDnsAliasTest : public TestWithTaskEnvironment {
12959 protected:
URLRequestDnsAliasTest()12960 URLRequestDnsAliasTest() {
12961 auto context_builder = CreateTestURLRequestContextBuilder();
12962 context_builder->set_host_resolver(std::make_unique<MockHostResolver>());
12963 context_ = context_builder->Build();
12964 }
12965
context()12966 URLRequestContext& context() { return *context_; }
host_resolver()12967 MockHostResolver& host_resolver() {
12968 // This cast is safe because we provided a MockHostResolver in the ctor.
12969 return *static_cast<MockHostResolver*>(context_->host_resolver());
12970 }
12971
SetUp()12972 void SetUp() override { ASSERT_TRUE(test_server_.Start()); }
12973
12974 std::unique_ptr<URLRequestContext> context_;
12975 TestDelegate test_delegate_;
12976 EmbeddedTestServer test_server_;
12977 };
12978
TEST_F(URLRequestDnsAliasTest,WithDnsAliases)12979 TEST_F(URLRequestDnsAliasTest, WithDnsAliases) {
12980 GURL url(test_server_.GetURL("www.example.test", "/echo"));
12981 std::vector<std::string> aliases({"alias1", "alias2", "host"});
12982 host_resolver().rules()->AddIPLiteralRuleWithDnsAliases(
12983 "www.example.test", "127.0.0.1", std::move(aliases));
12984
12985 std::unique_ptr<URLRequest> request(context().CreateRequest(
12986 url, DEFAULT_PRIORITY, &test_delegate_, TRAFFIC_ANNOTATION_FOR_TESTS));
12987
12988 request->Start();
12989
12990 test_delegate_.RunUntilComplete();
12991 EXPECT_THAT(test_delegate_.request_status(), IsOk());
12992 EXPECT_THAT(request->response_info().dns_aliases,
12993 testing::ElementsAre("alias1", "alias2", "host"));
12994 }
12995
TEST_F(URLRequestDnsAliasTest,NoAdditionalDnsAliases)12996 TEST_F(URLRequestDnsAliasTest, NoAdditionalDnsAliases) {
12997 GURL url(test_server_.GetURL("www.example.test", "/echo"));
12998 host_resolver().rules()->AddIPLiteralRuleWithDnsAliases(
12999 "www.example.test", "127.0.0.1", /*dns_aliases=*/std::set<std::string>());
13000
13001 std::unique_ptr<URLRequest> request(context().CreateRequest(
13002 url, DEFAULT_PRIORITY, &test_delegate_, TRAFFIC_ANNOTATION_FOR_TESTS));
13003
13004 request->Start();
13005
13006 test_delegate_.RunUntilComplete();
13007 EXPECT_THAT(test_delegate_.request_status(), IsOk());
13008 EXPECT_THAT(request->response_info().dns_aliases,
13009 testing::ElementsAre("www.example.test"));
13010 }
13011
TEST_F(URLRequestTest,SetURLChain)13012 TEST_F(URLRequestTest, SetURLChain) {
13013 TestDelegate d;
13014 {
13015 GURL original_url("http://localhost");
13016 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
13017 original_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
13018 EXPECT_EQ(r->url_chain().size(), 1u);
13019 EXPECT_EQ(r->url_chain()[0], original_url);
13020
13021 const std::vector<GURL> url_chain = {
13022 GURL("http://foo.test"),
13023 GURL("http://bar.test"),
13024 GURL("http://baz.test"),
13025 };
13026
13027 r->SetURLChain(url_chain);
13028
13029 EXPECT_EQ(r->url_chain().size(), 3u);
13030 EXPECT_EQ(r->url_chain()[0], url_chain[0]);
13031 EXPECT_EQ(r->url_chain()[1], url_chain[1]);
13032 EXPECT_EQ(r->url_chain()[2], original_url);
13033 }
13034 }
13035
TEST_F(URLRequestTest,SetIsolationInfoFromNak)13036 TEST_F(URLRequestTest, SetIsolationInfoFromNak) {
13037 TestDelegate d;
13038 SchemefulSite site_a = SchemefulSite(GURL("https://a.com/"));
13039 SchemefulSite site_b = SchemefulSite(GURL("https://b.com/"));
13040 base::UnguessableToken nak_nonce = base::UnguessableToken::Create();
13041 auto populated_cross_site_nak = NetworkAnonymizationKey::CreateFromParts(
13042 site_a, /*is_cross_site=*/true, nak_nonce);
13043 IsolationInfo expected_isolation_info_populated_cross_site_nak =
13044 IsolationInfo::Create(IsolationInfo::RequestType::kOther,
13045 url::Origin::Create(GURL("https://a.com/")),
13046 url::Origin(), SiteForCookies(), nak_nonce);
13047
13048 auto populated_same_site_nak = NetworkAnonymizationKey::CreateFromParts(
13049 site_a, /*is_cross_site=*/false, nak_nonce);
13050 IsolationInfo expected_isolation_info_populated_same_site_nak =
13051 IsolationInfo::Create(IsolationInfo::RequestType::kOther,
13052 url::Origin::Create(GURL("https://a.com/")),
13053 url::Origin::Create(GURL("https://a.com/")),
13054 SiteForCookies(), nak_nonce);
13055
13056 NetworkAnonymizationKey empty_nak;
13057 GURL original_url("http://localhost");
13058 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
13059 original_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
13060
13061 r->set_isolation_info_from_network_anonymization_key(
13062 populated_cross_site_nak);
13063 r->SetLoadFlags(LOAD_DISABLE_CACHE);
13064 r->set_allow_credentials(false);
13065 EXPECT_TRUE(r->is_created_from_network_anonymization_key());
13066 EXPECT_EQ(r->isolation_info().network_anonymization_key(),
13067 populated_cross_site_nak);
13068 EXPECT_EQ(
13069 r->isolation_info().top_frame_origin(),
13070 expected_isolation_info_populated_cross_site_nak.top_frame_origin());
13071 // The cross-site bit in the NAK causes the IsolationInfo's NIK to have, an
13072 // anonymous origin, but the bit is not enough to reconstruct a different
13073 // frame_site.
13074 EXPECT_FALSE(r->isolation_info().IsEqualForTesting(
13075 expected_isolation_info_populated_cross_site_nak));
13076
13077 r->set_isolation_info_from_network_anonymization_key(populated_same_site_nak);
13078 EXPECT_TRUE(r->is_created_from_network_anonymization_key());
13079 EXPECT_EQ(r->isolation_info().network_anonymization_key(),
13080 populated_same_site_nak);
13081 EXPECT_TRUE(r->isolation_info().IsEqualForTesting(
13082 expected_isolation_info_populated_same_site_nak));
13083
13084 r->set_isolation_info_from_network_anonymization_key(empty_nak);
13085 EXPECT_TRUE(r->is_created_from_network_anonymization_key());
13086 EXPECT_EQ(r->isolation_info().network_anonymization_key(), empty_nak);
13087 EXPECT_TRUE(r->isolation_info().IsEqualForTesting(net::IsolationInfo()));
13088 r->Start();
13089 d.RunUntilComplete();
13090 }
13091
TEST_F(URLRequestTest,CookiePartitionKey)13092 TEST_F(URLRequestTest, CookiePartitionKey) {
13093 const url::Origin kOrigin = url::Origin::Create(GURL("http://foo.test/"));
13094
13095 { // Partitioned cookies disabled.
13096 base::test::ScopedFeatureList feature_list;
13097 feature_list.InitAndDisableFeature(features::kPartitionedCookies);
13098 TestDelegate d;
13099 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
13100 GURL("ws://foo.test/"), DEFAULT_PRIORITY, &d,
13101 TRAFFIC_ANNOTATION_FOR_TESTS));
13102 r->set_isolation_info(
13103 IsolationInfo::Create(IsolationInfo::RequestType::kMainFrame, kOrigin,
13104 kOrigin, SiteForCookies::FromOrigin(kOrigin)));
13105 EXPECT_FALSE(r->cookie_partition_key());
13106 }
13107
13108 { // Partitioned cookies enabled.
13109 base::test::ScopedFeatureList feature_list;
13110 feature_list.InitAndEnableFeature(features::kPartitionedCookies);
13111 TestDelegate d;
13112 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
13113 GURL("ws://foo.test/"), DEFAULT_PRIORITY, &d,
13114 TRAFFIC_ANNOTATION_FOR_TESTS));
13115 r->set_isolation_info(
13116 IsolationInfo::Create(IsolationInfo::RequestType::kMainFrame, kOrigin,
13117 kOrigin, SiteForCookies::FromOrigin(kOrigin)));
13118 EXPECT_TRUE(r->cookie_partition_key());
13119 EXPECT_EQ(r->cookie_partition_key()->site(), SchemefulSite(kOrigin));
13120 }
13121 }
13122
13123 class URLRequestMaybeAsyncFirstPartySetsTest
13124 : public URLRequestTest,
13125 public testing::WithParamInterface<bool> {
13126 public:
URLRequestMaybeAsyncFirstPartySetsTest()13127 URLRequestMaybeAsyncFirstPartySetsTest() { CHECK(test_server_.Start()); }
13128
CreateCookieStore()13129 std::unique_ptr<CookieStore> CreateCookieStore() {
13130 auto cookie_monster = std::make_unique<CookieMonster>(/*store=*/nullptr,
13131 /*net_log=*/nullptr);
13132 auto cookie_access_delegate = std::make_unique<TestCookieAccessDelegate>();
13133 cookie_access_delegate->set_invoke_callbacks_asynchronously(
13134 invoke_callbacks_asynchronously());
13135 cookie_monster->SetCookieAccessDelegate(std::move(cookie_access_delegate));
13136 return cookie_monster;
13137 }
13138
invoke_callbacks_asynchronously()13139 bool invoke_callbacks_asynchronously() { return GetParam(); }
13140
test_server()13141 HttpTestServer& test_server() { return test_server_; }
13142
13143 private:
13144 HttpTestServer test_server_;
13145 };
13146
TEST_P(URLRequestMaybeAsyncFirstPartySetsTest,SimpleRequest)13147 TEST_P(URLRequestMaybeAsyncFirstPartySetsTest, SimpleRequest) {
13148 const std::string kHost = "example.test";
13149 const url::Origin kOrigin =
13150 url::Origin::Create(test_server().GetURL(kHost, "/"));
13151 const SiteForCookies kSiteForCookies = SiteForCookies::FromOrigin(kOrigin);
13152
13153 auto context_builder = CreateTestURLRequestContextBuilder();
13154 context_builder->SetCookieStore(CreateCookieStore());
13155 auto context = context_builder->Build();
13156
13157 TestDelegate d;
13158 std::unique_ptr<URLRequest> req(context->CreateRequest(
13159 test_server().GetURL(kHost, "/echo"), DEFAULT_PRIORITY, &d,
13160 TRAFFIC_ANNOTATION_FOR_TESTS));
13161 req->set_isolation_info(
13162 IsolationInfo::Create(IsolationInfo::RequestType::kMainFrame, kOrigin,
13163 kOrigin, kSiteForCookies));
13164 req->Start();
13165 d.RunUntilComplete();
13166
13167 EXPECT_EQ(d.data_received(), "Echo");
13168 EXPECT_THAT(d.request_status(), IsOk());
13169 EXPECT_EQ(req->GetResponseCode(), 200);
13170 }
13171
TEST_P(URLRequestMaybeAsyncFirstPartySetsTest,SingleRedirect)13172 TEST_P(URLRequestMaybeAsyncFirstPartySetsTest, SingleRedirect) {
13173 const std::string kHost = "example.test";
13174 const url::Origin kOrigin =
13175 url::Origin::Create(test_server().GetURL(kHost, "/"));
13176 const SiteForCookies kSiteForCookies = SiteForCookies::FromOrigin(kOrigin);
13177
13178 auto context_builder = CreateTestURLRequestContextBuilder();
13179 context_builder->SetCookieStore(CreateCookieStore());
13180 auto context = context_builder->Build();
13181
13182 TestDelegate d;
13183 std::unique_ptr<URLRequest> req(context->CreateRequest(
13184 test_server().GetURL(kHost,
13185 base::StrCat({
13186 "/server-redirect?",
13187 test_server().GetURL(kHost, "/echo").spec(),
13188 })),
13189 DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
13190 req->set_isolation_info(
13191 IsolationInfo::Create(IsolationInfo::RequestType::kMainFrame, kOrigin,
13192 kOrigin, kSiteForCookies));
13193 req->Start();
13194 d.RunUntilComplete();
13195
13196 EXPECT_EQ(d.data_received(), "Echo");
13197 EXPECT_THAT(d.request_status(), IsOk());
13198 EXPECT_EQ(req->GetResponseCode(), 200);
13199 }
13200
13201 INSTANTIATE_TEST_SUITE_P(,
13202 URLRequestMaybeAsyncFirstPartySetsTest,
13203 testing::Bool());
13204
13205 class PartitionConnectionsByNetworkAnonymizationKey : public URLRequestTest {
13206 public:
PartitionConnectionsByNetworkAnonymizationKey()13207 PartitionConnectionsByNetworkAnonymizationKey() {
13208 scoped_feature_list_.InitWithFeatures(
13209 {net::features::kPartitionConnectionsByNetworkIsolationKey,
13210 net::features::kPartitionSSLSessionsByNetworkIsolationKey},
13211 {});
13212 }
13213 const SchemefulSite kTestSiteA = SchemefulSite(GURL("http://a.test/"));
13214 const SchemefulSite kTestSiteB = SchemefulSite(GURL("http://b.test/"));
13215 const SchemefulSite kTestSiteC = SchemefulSite(GURL("http://c.test/"));
13216 const base::UnguessableToken kNonceA = base::UnguessableToken::Create();
13217 const base::UnguessableToken kNonceB = base::UnguessableToken::Create();
13218
13219 private:
13220 base::test::ScopedFeatureList scoped_feature_list_;
13221 };
13222
TEST_F(PartitionConnectionsByNetworkAnonymizationKey,DifferentTopFrameSitesNeverShareConnections)13223 TEST_F(PartitionConnectionsByNetworkAnonymizationKey,
13224 DifferentTopFrameSitesNeverShareConnections) {
13225 // Start server
13226 EmbeddedTestServer test_server(EmbeddedTestServer::TYPE_HTTPS);
13227 RegisterDefaultHandlers(&test_server);
13228 ASSERT_TRUE(test_server.Start());
13229 const auto original_url = test_server.GetURL("/echo");
13230 const auto network_anonymization_key1 =
13231 NetworkAnonymizationKey::CreateSameSite(kTestSiteA);
13232 const auto network_anonymization_key2 =
13233 NetworkAnonymizationKey::CreateSameSite(kTestSiteB);
13234
13235 // Create a request from first party `kTestSiteA`.
13236 {
13237 TestDelegate d;
13238 std::unique_ptr<URLRequest> r1(default_context().CreateRequest(
13239 original_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
13240 r1->set_isolation_info_from_network_anonymization_key(
13241 network_anonymization_key1);
13242 r1->SetLoadFlags(LOAD_DISABLE_CACHE);
13243 r1->set_allow_credentials(false);
13244
13245 // Verify NetworkAnonymizationKey is set correctly
13246 EXPECT_TRUE(r1->is_created_from_network_anonymization_key());
13247 EXPECT_EQ(r1->isolation_info().network_anonymization_key(),
13248 network_anonymization_key1);
13249 // Run request
13250 r1->Start();
13251 d.RunUntilComplete();
13252
13253 // Verify request started with a full handshake
13254 EXPECT_THAT(d.request_status(), IsOk());
13255 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, r1->ssl_info().handshake_type);
13256 }
13257
13258 // Create a request from first party `kTestSiteB`. This request should never
13259 // share a key with r1 regardless of the NIK/NAK key schemes.
13260 {
13261 TestDelegate d;
13262 // Create request and create IsolationInfo from
13263 // `network_anonymization_key2`
13264 std::unique_ptr<URLRequest> r2(default_context().CreateRequest(
13265 original_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
13266 r2->set_isolation_info_from_network_anonymization_key(
13267 network_anonymization_key2);
13268 r2->SetLoadFlags(LOAD_DISABLE_CACHE);
13269 r2->set_allow_credentials(false);
13270
13271 // Verify NetworkAnonymizationKey is set correctly.
13272 EXPECT_TRUE(r2->is_created_from_network_anonymization_key());
13273 EXPECT_EQ(r2->isolation_info().network_anonymization_key(),
13274 network_anonymization_key2);
13275 // Run request
13276 r2->Start();
13277 d.RunUntilComplete();
13278
13279 // Verify request started with a full handshake
13280 EXPECT_EQ(1, d.response_started_count());
13281 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, r2->ssl_info().handshake_type);
13282 }
13283 }
13284
TEST_F(PartitionConnectionsByNetworkAnonymizationKey,FirstPartyIsSeparatedFromCrossSiteFrames)13285 TEST_F(PartitionConnectionsByNetworkAnonymizationKey,
13286 FirstPartyIsSeparatedFromCrossSiteFrames) {
13287 // Start server
13288 EmbeddedTestServer test_server(EmbeddedTestServer::TYPE_HTTPS);
13289 RegisterDefaultHandlers(&test_server);
13290 ASSERT_TRUE(test_server.Start());
13291 const auto original_url = test_server.GetURL("/echo");
13292 const auto network_anonymization_key1 =
13293 NetworkAnonymizationKey::CreateSameSite(kTestSiteA);
13294 const auto network_anonymization_key2 =
13295 NetworkAnonymizationKey::CreateCrossSite(kTestSiteA);
13296
13297 // Create a request from first party `kTestSiteA`.
13298 {
13299 TestDelegate d;
13300 std::unique_ptr<URLRequest> r1(default_context().CreateRequest(
13301 original_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
13302 r1->set_isolation_info_from_network_anonymization_key(
13303 network_anonymization_key1);
13304 r1->SetLoadFlags(LOAD_DISABLE_CACHE);
13305 r1->set_allow_credentials(false);
13306
13307 // Verify NetworkAnonymizationKey is set correctly
13308 EXPECT_TRUE(r1->is_created_from_network_anonymization_key());
13309 EXPECT_EQ(r1->isolation_info().network_anonymization_key(),
13310 network_anonymization_key1);
13311 // Run request
13312 r1->Start();
13313 d.RunUntilComplete();
13314 // Verify request started with a full handshake
13315 EXPECT_THAT(d.request_status(), IsOk());
13316 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, r1->ssl_info().handshake_type);
13317 }
13318
13319 // Create a request from third party `kTestSiteB` embedded in `kTestSiteA`.
13320 // This request should share a key with r1 when NetworkAnonymizationKey is in
13321 // double keyed scheme and should not share a key with r1 when
13322 // NetworkAnonymizationKey is triple keyed or in cross site flag scheme.
13323 {
13324 TestDelegate d;
13325 std::unique_ptr<URLRequest> r2(default_context().CreateRequest(
13326 original_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
13327 r2->set_isolation_info_from_network_anonymization_key(
13328 network_anonymization_key2);
13329 r2->SetLoadFlags(LOAD_DISABLE_CACHE);
13330 r2->set_allow_credentials(false);
13331
13332 // Verify NetworkAnonymizationKey is set correctly.
13333 EXPECT_TRUE(r2->is_created_from_network_anonymization_key());
13334 EXPECT_EQ(r2->isolation_info().network_anonymization_key(),
13335 network_anonymization_key2);
13336 // Run request
13337 r2->Start();
13338 d.RunUntilComplete();
13339
13340 EXPECT_THAT(d.request_status(), IsOk());
13341 // We should not share a connection with r1.
13342 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, r2->ssl_info().handshake_type);
13343 }
13344 }
13345
TEST_F(PartitionConnectionsByNetworkAnonymizationKey,DifferentCrossSiteFramesAreSeparatedOnlyWhenNetworkAnonymizationKeyIsTripleKeyed)13346 TEST_F(
13347 PartitionConnectionsByNetworkAnonymizationKey,
13348 DifferentCrossSiteFramesAreSeparatedOnlyWhenNetworkAnonymizationKeyIsTripleKeyed) {
13349 // Start server
13350 EmbeddedTestServer test_server(EmbeddedTestServer::TYPE_HTTPS);
13351 RegisterDefaultHandlers(&test_server);
13352 ASSERT_TRUE(test_server.Start());
13353 const auto original_url = test_server.GetURL("/echo");
13354 const auto network_anonymization_key1 =
13355 NetworkAnonymizationKey::CreateCrossSite(kTestSiteA);
13356 const auto network_anonymization_key2 =
13357 NetworkAnonymizationKey::CreateCrossSite(kTestSiteA);
13358
13359 // Create a request from first party `kTestSiteA`.
13360 {
13361 TestDelegate d;
13362 std::unique_ptr<URLRequest> r1(default_context().CreateRequest(
13363 original_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
13364 r1->set_isolation_info_from_network_anonymization_key(
13365 network_anonymization_key1);
13366 r1->SetLoadFlags(LOAD_DISABLE_CACHE);
13367 r1->set_allow_credentials(false);
13368
13369 // Verify NetworkAnonymizationKey is set correctly
13370 EXPECT_TRUE(r1->is_created_from_network_anonymization_key());
13371 EXPECT_EQ(r1->isolation_info().network_anonymization_key(),
13372 network_anonymization_key1);
13373 // Run request
13374 r1->Start();
13375 d.RunUntilComplete();
13376 // Verify request started with a full handshake
13377 EXPECT_THAT(d.request_status(), IsOk());
13378 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, r1->ssl_info().handshake_type);
13379 }
13380
13381 // Create a request from third party `kTestSiteB` embedded in `kTestSiteA`.
13382 // This request should share a key with r1 when NetworkAnonymizationKey is in
13383 // double keyed scheme and should not share a key with r1 when
13384 // NetworkAnonymizationKey is triple keyed or in cross site flag scheme.
13385 {
13386 TestDelegate d;
13387 // Create request and create IsolationInfo from
13388 // `network_anonymization_key2`
13389 std::unique_ptr<URLRequest> r2(default_context().CreateRequest(
13390 original_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
13391 r2->set_isolation_info_from_network_anonymization_key(
13392 network_anonymization_key2);
13393 r2->SetLoadFlags(LOAD_DISABLE_CACHE);
13394 r2->set_allow_credentials(false);
13395
13396 // Verify NetworkAnonymizationKey is set correctly.
13397 EXPECT_TRUE(r2->is_created_from_network_anonymization_key());
13398 EXPECT_EQ(r2->isolation_info().network_anonymization_key(),
13399 network_anonymization_key2);
13400 // Run request
13401 r2->Start();
13402 d.RunUntilComplete();
13403
13404 EXPECT_THAT(d.request_status(), IsOk());
13405 // We should share a connection with r1
13406 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, r2->ssl_info().handshake_type);
13407 }
13408 }
13409
TEST_F(PartitionConnectionsByNetworkAnonymizationKey,DifferentNoncesAreAlwaysSeparated)13410 TEST_F(PartitionConnectionsByNetworkAnonymizationKey,
13411 DifferentNoncesAreAlwaysSeparated) {
13412 // Start server
13413 EmbeddedTestServer test_server(EmbeddedTestServer::TYPE_HTTPS);
13414 RegisterDefaultHandlers(&test_server);
13415 ASSERT_TRUE(test_server.Start());
13416 const auto original_url = test_server.GetURL("/echo");
13417 const auto network_anonymization_key1 =
13418 NetworkAnonymizationKey::CreateFromParts(
13419 kTestSiteA, /*is_cross_site=*/false, kNonceA);
13420 const auto network_anonymization_key2 =
13421 NetworkAnonymizationKey::CreateFromParts(
13422 kTestSiteA, /*is_cross_site=*/false, kNonceB);
13423
13424 // Create a request from first party `kTestSiteA`.
13425 {
13426 TestDelegate d;
13427 std::unique_ptr<URLRequest> r1(default_context().CreateRequest(
13428 original_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
13429 r1->set_isolation_info_from_network_anonymization_key(
13430 network_anonymization_key1);
13431 r1->SetLoadFlags(LOAD_DISABLE_CACHE);
13432 r1->set_allow_credentials(false);
13433
13434 // Verify NetworkAnonymizationKey is set correctly
13435 EXPECT_TRUE(r1->is_created_from_network_anonymization_key());
13436 EXPECT_EQ(r1->isolation_info().network_anonymization_key(),
13437 network_anonymization_key1);
13438 // Run request
13439 r1->Start();
13440 d.RunUntilComplete();
13441 // Verify request started with a full handshake
13442 EXPECT_THAT(d.request_status(), IsOk());
13443 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, r1->ssl_info().handshake_type);
13444 }
13445
13446 // Create a request from third party `kTestSiteB` embedded in `kTestSiteA`.
13447 // This request should share a key with r1 when NetworkAnonymizationKey is in
13448 // double keyed scheme and should not share a key with r1 when
13449 // NetworkAnonymizationKey is triple keyed or in cross site flag scheme.
13450 {
13451 TestDelegate d;
13452 // Create request and create IsolationInfo from
13453 // `network_anonymization_key2`
13454 std::unique_ptr<URLRequest> r2(default_context().CreateRequest(
13455 original_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
13456 r2->set_isolation_info_from_network_anonymization_key(
13457 network_anonymization_key2);
13458 r2->SetLoadFlags(LOAD_DISABLE_CACHE);
13459 r2->set_allow_credentials(false);
13460
13461 // Verify NetworkAnonymizationKey is set correctly.
13462 EXPECT_TRUE(r2->is_created_from_network_anonymization_key());
13463 EXPECT_EQ(r2->isolation_info().network_anonymization_key(),
13464 network_anonymization_key2);
13465 // Run request
13466 r2->Start();
13467 d.RunUntilComplete();
13468
13469 EXPECT_THAT(d.request_status(), IsOk());
13470 // Connections where the NetworkAnonymizationKey has different nonces should
13471 // always be separated regardless of scheme
13472 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, r2->ssl_info().handshake_type);
13473 }
13474 }
13475
13476 } // namespace net
13477