1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "base/auto_reset.h"
6 #include "base/command_line.h"
7 #include "base/message_loop/message_loop.h"
8 #include "base/prefs/pref_service.h"
9 #include "chrome/browser/content_settings/cookie_settings.h"
10 #include "chrome/common/chrome_switches.h"
11 #include "chrome/common/content_settings_pattern.h"
12 #include "chrome/common/pref_names.h"
13 #include "chrome/test/base/testing_profile.h"
14 #include "content/public/test/test_browser_thread.h"
15 #include "net/base/static_cookie_policy.h"
16 #include "testing/gtest/include/gtest/gtest.h"
17 #include "url/gurl.h"
18
19 using content::BrowserThread;
20
21 namespace {
22
23 class CookieSettingsTest : public testing::Test {
24 public:
CookieSettingsTest()25 CookieSettingsTest()
26 : ui_thread_(BrowserThread::UI, &message_loop_),
27 cookie_settings_(CookieSettings::Factory::GetForProfile(&profile_)
28 .get()),
29 kBlockedSite("http://ads.thirdparty.com"),
30 kAllowedSite("http://good.allays.com"),
31 kFirstPartySite("http://cool.things.com"),
32 kBlockedFirstPartySite("http://no.thirdparties.com"),
33 kExtensionURL("chrome-extension://deadbeef"),
34 kHttpsSite("https://example.com"),
35 kAllHttpsSitesPattern(ContentSettingsPattern::FromString("https://*")) {
36 }
37
38 protected:
39 base::MessageLoop message_loop_;
40 content::TestBrowserThread ui_thread_;
41 TestingProfile profile_;
42 CookieSettings* cookie_settings_;
43 const GURL kBlockedSite;
44 const GURL kAllowedSite;
45 const GURL kFirstPartySite;
46 const GURL kBlockedFirstPartySite;
47 const GURL kExtensionURL;
48 const GURL kHttpsSite;
49 ContentSettingsPattern kAllHttpsSitesPattern;
50 };
51
TEST_F(CookieSettingsTest,CookiesBlockSingle)52 TEST_F(CookieSettingsTest, CookiesBlockSingle) {
53 cookie_settings_->SetCookieSetting(
54 ContentSettingsPattern::FromURL(kBlockedSite),
55 ContentSettingsPattern::Wildcard(),
56 CONTENT_SETTING_BLOCK);
57 EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
58 kBlockedSite, kBlockedSite));
59 }
60
TEST_F(CookieSettingsTest,CookiesBlockThirdParty)61 TEST_F(CookieSettingsTest, CookiesBlockThirdParty) {
62 profile_.GetPrefs()->SetBoolean(prefs::kBlockThirdPartyCookies, true);
63 EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
64 kBlockedSite, kFirstPartySite));
65 EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kBlockedSite));
66 EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(
67 kBlockedSite, kFirstPartySite));
68 }
69
TEST_F(CookieSettingsTest,CookiesAllowThirdParty)70 TEST_F(CookieSettingsTest, CookiesAllowThirdParty) {
71 EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
72 kBlockedSite, kFirstPartySite));
73 EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
74 kBlockedSite, kFirstPartySite));
75 EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kBlockedSite));
76 }
77
TEST_F(CookieSettingsTest,CookiesExplicitBlockSingleThirdParty)78 TEST_F(CookieSettingsTest, CookiesExplicitBlockSingleThirdParty) {
79 cookie_settings_->SetCookieSetting(
80 ContentSettingsPattern::FromURL(kBlockedSite),
81 ContentSettingsPattern::Wildcard(),
82 CONTENT_SETTING_BLOCK);
83 EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
84 kBlockedSite, kFirstPartySite));
85 EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(
86 kBlockedSite, kFirstPartySite));
87 EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
88 kAllowedSite, kFirstPartySite));
89 }
90
TEST_F(CookieSettingsTest,CookiesExplicitSessionOnly)91 TEST_F(CookieSettingsTest, CookiesExplicitSessionOnly) {
92 cookie_settings_->SetCookieSetting(
93 ContentSettingsPattern::FromURL(kBlockedSite),
94 ContentSettingsPattern::Wildcard(),
95 CONTENT_SETTING_SESSION_ONLY);
96 EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
97 kBlockedSite, kFirstPartySite));
98 EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
99 kBlockedSite, kFirstPartySite));
100 EXPECT_TRUE(cookie_settings_->IsCookieSessionOnly(kBlockedSite));
101
102 profile_.GetPrefs()->SetBoolean(prefs::kBlockThirdPartyCookies, true);
103 EXPECT_TRUE(cookie_settings_->
104 IsReadingCookieAllowed(kBlockedSite, kFirstPartySite));
105 EXPECT_TRUE(cookie_settings_->
106 IsSettingCookieAllowed(kBlockedSite, kFirstPartySite));
107 EXPECT_TRUE(cookie_settings_->IsCookieSessionOnly(kBlockedSite));
108 }
109
TEST_F(CookieSettingsTest,CookiesThirdPartyBlockedExplicitAllow)110 TEST_F(CookieSettingsTest, CookiesThirdPartyBlockedExplicitAllow) {
111 cookie_settings_->SetCookieSetting(
112 ContentSettingsPattern::FromURL(kAllowedSite),
113 ContentSettingsPattern::Wildcard(),
114 CONTENT_SETTING_ALLOW);
115 profile_.GetPrefs()->SetBoolean(prefs::kBlockThirdPartyCookies, true);
116 EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
117 kAllowedSite, kFirstPartySite));
118 EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
119 kAllowedSite, kFirstPartySite));
120 EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kAllowedSite));
121
122 // Extensions should always be allowed to use cookies.
123 EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
124 kAllowedSite, kExtensionURL));
125 EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
126 kAllowedSite, kExtensionURL));
127
128 // Extensions should always be allowed to use cookies.
129 EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
130 kAllowedSite, kExtensionURL));
131 EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
132 kAllowedSite, kExtensionURL));
133 }
134
TEST_F(CookieSettingsTest,CookiesThirdPartyBlockedAllSitesAllowed)135 TEST_F(CookieSettingsTest, CookiesThirdPartyBlockedAllSitesAllowed) {
136 cookie_settings_->SetCookieSetting(
137 ContentSettingsPattern::FromURL(kAllowedSite),
138 ContentSettingsPattern::Wildcard(),
139 CONTENT_SETTING_ALLOW);
140 profile_.GetPrefs()->SetBoolean(prefs::kBlockThirdPartyCookies, true);
141 // As an example for a pattern that matches all hosts but not all origins,
142 // match all HTTPS sites.
143 cookie_settings_->SetCookieSetting(
144 kAllHttpsSitesPattern,
145 ContentSettingsPattern::Wildcard(),
146 CONTENT_SETTING_ALLOW);
147 cookie_settings_->SetDefaultCookieSetting(CONTENT_SETTING_SESSION_ONLY);
148
149 // |kAllowedSite| should be allowed.
150 EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
151 kAllowedSite, kBlockedSite));
152 EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
153 kAllowedSite, kBlockedSite));
154 EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kAllowedSite));
155
156 // HTTPS sites should be allowed in a first-party context.
157 EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
158 kHttpsSite, kHttpsSite));
159 EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
160 kHttpsSite, kHttpsSite));
161 EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kAllowedSite));
162
163 // HTTP sites should be allowed, but session-only.
164 EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
165 kFirstPartySite, kFirstPartySite));
166 EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
167 kFirstPartySite, kFirstPartySite));
168 EXPECT_TRUE(cookie_settings_->IsCookieSessionOnly(kFirstPartySite));
169
170 // Third-party cookies should be blocked.
171 EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
172 kFirstPartySite, kBlockedSite));
173 EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(
174 kFirstPartySite, kBlockedSite));
175 EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
176 kHttpsSite, kBlockedSite));
177 EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(
178 kHttpsSite, kBlockedSite));
179 }
180
TEST_F(CookieSettingsTest,CookiesBlockEverything)181 TEST_F(CookieSettingsTest, CookiesBlockEverything) {
182 cookie_settings_->SetDefaultCookieSetting(CONTENT_SETTING_BLOCK);
183
184 EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
185 kFirstPartySite, kFirstPartySite));
186 EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(
187 kFirstPartySite, kFirstPartySite));
188 EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(
189 kAllowedSite, kFirstPartySite));
190 }
191
TEST_F(CookieSettingsTest,CookiesBlockEverythingExceptAllowed)192 TEST_F(CookieSettingsTest, CookiesBlockEverythingExceptAllowed) {
193 cookie_settings_->SetDefaultCookieSetting(CONTENT_SETTING_BLOCK);
194 cookie_settings_->SetCookieSetting(
195 ContentSettingsPattern::FromURL(kAllowedSite),
196 ContentSettingsPattern::Wildcard(),
197 CONTENT_SETTING_ALLOW);
198 EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
199 kFirstPartySite, kFirstPartySite));
200 EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(
201 kFirstPartySite, kFirstPartySite));
202 EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
203 kAllowedSite, kFirstPartySite));
204 EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
205 kAllowedSite, kFirstPartySite));
206 EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
207 kAllowedSite, kAllowedSite));
208 EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
209 kAllowedSite, kAllowedSite));
210 EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kAllowedSite));
211 }
212
TEST_F(CookieSettingsTest,CookiesBlockSingleFirstParty)213 TEST_F(CookieSettingsTest, CookiesBlockSingleFirstParty) {
214 cookie_settings_->SetCookieSetting(
215 ContentSettingsPattern::FromURL(kAllowedSite),
216 ContentSettingsPattern::FromURL(kFirstPartySite),
217 CONTENT_SETTING_ALLOW);
218 cookie_settings_->SetCookieSetting(
219 ContentSettingsPattern::FromURL(kAllowedSite),
220 ContentSettingsPattern::FromURL(kBlockedFirstPartySite),
221 CONTENT_SETTING_BLOCK);
222
223 EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
224 kAllowedSite, kFirstPartySite));
225 EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
226 kAllowedSite, kFirstPartySite));
227 EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kAllowedSite));
228
229 EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
230 kAllowedSite, kBlockedFirstPartySite));
231 EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(
232 kAllowedSite, kBlockedFirstPartySite));
233
234 cookie_settings_->SetDefaultCookieSetting(CONTENT_SETTING_BLOCK);
235
236 EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
237 kAllowedSite, kFirstPartySite));
238 EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
239 kAllowedSite, kFirstPartySite));
240 EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kAllowedSite));
241
242 EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
243 kAllowedSite, kBlockedFirstPartySite));
244 EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(
245 kAllowedSite, kBlockedFirstPartySite));
246
247 cookie_settings_->ResetCookieSetting(
248 ContentSettingsPattern::FromURL(kAllowedSite),
249 ContentSettingsPattern::FromURL(kFirstPartySite));
250
251 EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
252 kAllowedSite, kFirstPartySite));
253 EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(
254 kAllowedSite, kFirstPartySite));
255 }
256
TEST_F(CookieSettingsTest,ExtensionsRegularSettings)257 TEST_F(CookieSettingsTest, ExtensionsRegularSettings) {
258 cookie_settings_->SetCookieSetting(
259 ContentSettingsPattern::FromURL(kBlockedSite),
260 ContentSettingsPattern::Wildcard(),
261 CONTENT_SETTING_BLOCK);
262
263 // Regular cookie settings also apply to extensions.
264 EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
265 kBlockedSite, kExtensionURL));
266 }
267
TEST_F(CookieSettingsTest,ExtensionsOwnCookies)268 TEST_F(CookieSettingsTest, ExtensionsOwnCookies) {
269 cookie_settings_->SetDefaultCookieSetting(CONTENT_SETTING_BLOCK);
270
271 // Extensions can always use cookies (and site data) in their own origin.
272 EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
273 kExtensionURL, kExtensionURL));
274 }
275
TEST_F(CookieSettingsTest,ExtensionsThirdParty)276 TEST_F(CookieSettingsTest, ExtensionsThirdParty) {
277 profile_.GetPrefs()->SetBoolean(prefs::kBlockThirdPartyCookies, true);
278
279 // XHRs stemming from extensions are exempt from third-party cookie blocking
280 // rules (as the first party is always the extension's security origin).
281 EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
282 kBlockedSite, kExtensionURL));
283 }
284
285 } // namespace
286