1 // Copyright 2012 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/url_request/url_request.h"
6
7 #include <stdint.h>
8
9 #include <algorithm>
10 #include <iterator>
11 #include <limits>
12 #include <memory>
13 #include <optional>
14 #include <string_view>
15 #include <utility>
16
17 #include "base/base64url.h"
18 #include "base/compiler_specific.h"
19 #include "base/files/file_path.h"
20 #include "base/files/file_util.h"
21 #include "base/files/scoped_temp_dir.h"
22 #include "base/format_macros.h"
23 #include "base/functional/bind.h"
24 #include "base/functional/callback_helpers.h"
25 #include "base/location.h"
26 #include "base/memory/ptr_util.h"
27 #include "base/memory/raw_ptr.h"
28 #include "base/memory/weak_ptr.h"
29 #include "base/path_service.h"
30 #include "base/ranges/algorithm.h"
31 #include "base/run_loop.h"
32 #include "base/strings/escape.h"
33 #include "base/strings/strcat.h"
34 #include "base/strings/string_number_conversions.h"
35 #include "base/strings/string_split.h"
36 #include "base/strings/string_util.h"
37 #include "base/strings/stringprintf.h"
38 #include "base/strings/utf_string_conversions.h"
39 #include "base/task/single_thread_task_runner.h"
40 #include "base/test/bind.h"
41 #include "base/test/metrics/histogram_tester.h"
42 #include "base/test/scoped_feature_list.h"
43 #include "base/test/test_future.h"
44 #include "base/test/values_test_util.h"
45 #include "base/time/time.h"
46 #include "base/values.h"
47 #include "build/build_config.h"
48 #include "build/buildflag.h"
49 #include "crypto/sha2.h"
50 #include "net/base/chunked_upload_data_stream.h"
51 #include "net/base/directory_listing.h"
52 #include "net/base/elements_upload_data_stream.h"
53 #include "net/base/features.h"
54 #include "net/base/hash_value.h"
55 #include "net/base/ip_address.h"
56 #include "net/base/ip_endpoint.h"
57 #include "net/base/isolation_info.h"
58 #include "net/base/load_flags.h"
59 #include "net/base/load_timing_info.h"
60 #include "net/base/load_timing_info_test_util.h"
61 #include "net/base/net_errors.h"
62 #include "net/base/net_module.h"
63 #include "net/base/proxy_chain.h"
64 #include "net/base/proxy_server.h"
65 #include "net/base/proxy_string_util.h"
66 #include "net/base/request_priority.h"
67 #include "net/base/test_completion_callback.h"
68 #include "net/base/transport_info.h"
69 #include "net/base/upload_bytes_element_reader.h"
70 #include "net/base/upload_data_stream.h"
71 #include "net/base/upload_file_element_reader.h"
72 #include "net/base/url_util.h"
73 #include "net/cert/asn1_util.h"
74 #include "net/cert/caching_cert_verifier.h"
75 #include "net/cert/cert_net_fetcher.h"
76 #include "net/cert/cert_verifier.h"
77 #include "net/cert/coalescing_cert_verifier.h"
78 #include "net/cert/crl_set.h"
79 #include "net/cert/do_nothing_ct_verifier.h"
80 #include "net/cert/ev_root_ca_metadata.h"
81 #include "net/cert/mock_cert_verifier.h"
82 #include "net/cert/multi_log_ct_verifier.h"
83 #include "net/cert/signed_certificate_timestamp_and_status.h"
84 #include "net/cert/test_root_certs.h"
85 #include "net/cert/x509_util.h"
86 #include "net/cert_net/cert_net_fetcher_url_request.h"
87 #include "net/cookies/canonical_cookie_test_helpers.h"
88 #include "net/cookies/cookie_inclusion_status.h"
89 #include "net/cookies/cookie_monster.h"
90 #include "net/cookies/cookie_setting_override.h"
91 #include "net/cookies/cookie_store_test_helpers.h"
92 #include "net/cookies/test_cookie_access_delegate.h"
93 #include "net/disk_cache/disk_cache.h"
94 #include "net/dns/mock_host_resolver.h"
95 #include "net/dns/public/host_resolver_results.h"
96 #include "net/dns/public/secure_dns_policy.h"
97 #include "net/http/http_byte_range.h"
98 #include "net/http/http_cache.h"
99 #include "net/http/http_connection_info.h"
100 #include "net/http/http_network_layer.h"
101 #include "net/http/http_network_session.h"
102 #include "net/http/http_request_headers.h"
103 #include "net/http/http_response_headers.h"
104 #include "net/http/http_server_properties.h"
105 #include "net/http/http_transaction_test_util.h"
106 #include "net/http/http_util.h"
107 #include "net/http/transport_security_state.h"
108 #include "net/http/transport_security_state_source.h"
109 #include "net/log/file_net_log_observer.h"
110 #include "net/log/net_log.h"
111 #include "net/log/net_log_event_type.h"
112 #include "net/log/net_log_source.h"
113 #include "net/log/test_net_log.h"
114 #include "net/log/test_net_log_util.h"
115 #include "net/net_buildflags.h"
116 #include "net/proxy_resolution/configured_proxy_resolution_service.h"
117 #include "net/quic/mock_crypto_client_stream_factory.h"
118 #include "net/quic/quic_server_info.h"
119 #include "net/socket/read_buffering_stream_socket.h"
120 #include "net/socket/socket_test_util.h"
121 #include "net/socket/ssl_client_socket.h"
122 #include "net/ssl/client_cert_identity_test_util.h"
123 #include "net/ssl/ssl_connection_status_flags.h"
124 #include "net/ssl/ssl_private_key.h"
125 #include "net/ssl/ssl_server_config.h"
126 #include "net/ssl/test_ssl_config_service.h"
127 #include "net/test/cert_test_util.h"
128 #include "net/test/embedded_test_server/http_request.h"
129 #include "net/test/embedded_test_server/http_response.h"
130 #include "net/test/gtest_util.h"
131 #include "net/test/spawned_test_server/spawned_test_server.h"
132 #include "net/test/test_data_directory.h"
133 #include "net/test/test_with_task_environment.h"
134 #include "net/test/url_request/url_request_failed_job.h"
135 #include "net/test/url_request/url_request_mock_http_job.h"
136 #include "net/traffic_annotation/network_traffic_annotation_test_helper.h"
137 #include "net/url_request/redirect_util.h"
138 #include "net/url_request/referrer_policy.h"
139 #include "net/url_request/static_http_user_agent_settings.h"
140 #include "net/url_request/url_request_context.h"
141 #include "net/url_request/url_request_context_builder.h"
142 #include "net/url_request/url_request_filter.h"
143 #include "net/url_request/url_request_http_job.h"
144 #include "net/url_request/url_request_interceptor.h"
145 #include "net/url_request/url_request_redirect_job.h"
146 #include "net/url_request/url_request_test_job.h"
147 #include "net/url_request/url_request_test_util.h"
148 #include "net/url_request/websocket_handshake_userdata_key.h"
149 #include "testing/gmock/include/gmock/gmock-matchers.h"
150 #include "testing/gmock/include/gmock/gmock.h"
151 #include "testing/gtest/include/gtest/gtest.h"
152 #include "testing/platform_test.h"
153 #include "third_party/boringssl/src/include/openssl/ssl.h"
154 #include "url/url_constants.h"
155 #include "url/url_util.h"
156
157 #if BUILDFLAG(IS_WIN)
158 #include <objbase.h>
159
160 #include <windows.h>
161
162 #include <shlobj.h>
163 #include <wrl/client.h>
164
165 #include "base/win/scoped_com_initializer.h"
166 #endif
167
168 #if BUILDFLAG(IS_APPLE)
169 #include "base/mac/mac_util.h"
170 #endif
171
172 #if BUILDFLAG(ENABLE_REPORTING)
173 #include "net/network_error_logging/network_error_logging_service.h"
174 #include "net/network_error_logging/network_error_logging_test_util.h"
175 #endif // BUILDFLAG(ENABLE_REPORTING)
176
177 #if BUILDFLAG(ENABLE_WEBSOCKETS)
178 #include "net/websockets/websocket_test_util.h"
179 #endif // BUILDFLAG(ENABLE_WEBSOCKETS)
180
181 using net::test::IsError;
182 using net::test::IsOk;
183 using net::test_server::RegisterDefaultHandlers;
184 using testing::_;
185 using testing::AnyOf;
186 using testing::ElementsAre;
187 using testing::IsEmpty;
188 using testing::Optional;
189 using testing::UnorderedElementsAre;
190
191 using base::ASCIIToUTF16;
192 using base::Time;
193 using std::string;
194
195 namespace net {
196
197 namespace {
198
199 namespace test_default {
200 #include "net/http/transport_security_state_static_unittest_default.h"
201 }
202
203 const std::u16string kSecret(u"secret");
204 const std::u16string kUser(u"user");
205
206 const base::FilePath::CharType kTestFilePath[] =
207 FILE_PATH_LITERAL("net/data/url_request_unittest");
208
209 // Tests load timing information in the case a fresh connection was used, with
210 // no proxy.
TestLoadTimingNotReused(const LoadTimingInfo & load_timing_info,int connect_timing_flags)211 void TestLoadTimingNotReused(const LoadTimingInfo& load_timing_info,
212 int connect_timing_flags) {
213 EXPECT_FALSE(load_timing_info.socket_reused);
214 EXPECT_NE(NetLogSource::kInvalidId, load_timing_info.socket_log_id);
215
216 EXPECT_FALSE(load_timing_info.request_start_time.is_null());
217 EXPECT_FALSE(load_timing_info.request_start.is_null());
218
219 EXPECT_LE(load_timing_info.request_start,
220 load_timing_info.connect_timing.connect_start);
221 ExpectConnectTimingHasTimes(load_timing_info.connect_timing,
222 connect_timing_flags);
223 EXPECT_LE(load_timing_info.connect_timing.connect_end,
224 load_timing_info.send_start);
225 EXPECT_LE(load_timing_info.send_start, load_timing_info.send_end);
226 EXPECT_LE(load_timing_info.send_end, load_timing_info.receive_headers_start);
227 EXPECT_LE(load_timing_info.receive_headers_start,
228 load_timing_info.receive_headers_end);
229
230 EXPECT_TRUE(load_timing_info.proxy_resolve_start.is_null());
231 EXPECT_TRUE(load_timing_info.proxy_resolve_end.is_null());
232 }
233
234 // Same as above, but with proxy times.
TestLoadTimingNotReusedWithProxy(const LoadTimingInfo & load_timing_info,int connect_timing_flags)235 void TestLoadTimingNotReusedWithProxy(const LoadTimingInfo& load_timing_info,
236 int connect_timing_flags) {
237 EXPECT_FALSE(load_timing_info.socket_reused);
238 EXPECT_NE(NetLogSource::kInvalidId, load_timing_info.socket_log_id);
239
240 EXPECT_FALSE(load_timing_info.request_start_time.is_null());
241 EXPECT_FALSE(load_timing_info.request_start.is_null());
242
243 EXPECT_LE(load_timing_info.request_start,
244 load_timing_info.proxy_resolve_start);
245 EXPECT_LE(load_timing_info.proxy_resolve_start,
246 load_timing_info.proxy_resolve_end);
247 EXPECT_LE(load_timing_info.proxy_resolve_end,
248 load_timing_info.connect_timing.connect_start);
249 ExpectConnectTimingHasTimes(load_timing_info.connect_timing,
250 connect_timing_flags);
251 EXPECT_LE(load_timing_info.connect_timing.connect_end,
252 load_timing_info.send_start);
253 EXPECT_LE(load_timing_info.send_start, load_timing_info.send_end);
254 EXPECT_LE(load_timing_info.send_end, load_timing_info.receive_headers_start);
255 EXPECT_LE(load_timing_info.receive_headers_start,
256 load_timing_info.receive_headers_end);
257 }
258
259 // Same as above, but with a reused socket and proxy times.
TestLoadTimingReusedWithProxy(const LoadTimingInfo & load_timing_info)260 void TestLoadTimingReusedWithProxy(const LoadTimingInfo& load_timing_info) {
261 EXPECT_TRUE(load_timing_info.socket_reused);
262 EXPECT_NE(NetLogSource::kInvalidId, load_timing_info.socket_log_id);
263
264 EXPECT_FALSE(load_timing_info.request_start_time.is_null());
265 EXPECT_FALSE(load_timing_info.request_start.is_null());
266
267 ExpectConnectTimingHasNoTimes(load_timing_info.connect_timing);
268
269 EXPECT_LE(load_timing_info.request_start,
270 load_timing_info.proxy_resolve_start);
271 EXPECT_LE(load_timing_info.proxy_resolve_start,
272 load_timing_info.proxy_resolve_end);
273 EXPECT_LE(load_timing_info.proxy_resolve_end, load_timing_info.send_start);
274 EXPECT_LE(load_timing_info.send_start, load_timing_info.send_end);
275 EXPECT_LE(load_timing_info.send_end, load_timing_info.receive_headers_start);
276 EXPECT_LE(load_timing_info.receive_headers_start,
277 load_timing_info.receive_headers_end);
278 }
279
GetAllCookies(URLRequestContext * request_context)280 CookieList GetAllCookies(URLRequestContext* request_context) {
281 CookieList cookie_list;
282 base::RunLoop run_loop;
283 request_context->cookie_store()->GetAllCookiesAsync(
284 base::BindLambdaForTesting([&](const CookieList& cookies) {
285 cookie_list = cookies;
286 run_loop.Quit();
287 }));
288 run_loop.Run();
289 return cookie_list;
290 }
291
TestLoadTimingCacheHitNoNetwork(const LoadTimingInfo & load_timing_info)292 void TestLoadTimingCacheHitNoNetwork(const LoadTimingInfo& load_timing_info) {
293 EXPECT_FALSE(load_timing_info.socket_reused);
294 EXPECT_EQ(NetLogSource::kInvalidId, load_timing_info.socket_log_id);
295
296 EXPECT_FALSE(load_timing_info.request_start_time.is_null());
297 EXPECT_FALSE(load_timing_info.request_start.is_null());
298
299 ExpectConnectTimingHasNoTimes(load_timing_info.connect_timing);
300 EXPECT_LE(load_timing_info.request_start, load_timing_info.send_start);
301 EXPECT_LE(load_timing_info.send_start, load_timing_info.send_end);
302 EXPECT_LE(load_timing_info.send_end, load_timing_info.receive_headers_start);
303 EXPECT_LE(load_timing_info.receive_headers_start,
304 load_timing_info.receive_headers_end);
305
306 EXPECT_TRUE(load_timing_info.proxy_resolve_start.is_null());
307 EXPECT_TRUE(load_timing_info.proxy_resolve_end.is_null());
308 }
309
310 // Job that allows monitoring of its priority.
311 class PriorityMonitoringURLRequestJob : public URLRequestTestJob {
312 public:
313 // The latest priority of the job is always written to |request_priority_|.
PriorityMonitoringURLRequestJob(URLRequest * request,RequestPriority * request_priority)314 PriorityMonitoringURLRequestJob(URLRequest* request,
315 RequestPriority* request_priority)
316 : URLRequestTestJob(request), request_priority_(request_priority) {
317 *request_priority_ = DEFAULT_PRIORITY;
318 }
319
SetPriority(RequestPriority priority)320 void SetPriority(RequestPriority priority) override {
321 *request_priority_ = priority;
322 URLRequestTestJob::SetPriority(priority);
323 }
324
325 private:
326 const raw_ptr<RequestPriority> request_priority_;
327 };
328
329 // Do a case-insensitive search through |haystack| for |needle|.
ContainsString(const std::string & haystack,const char * needle)330 bool ContainsString(const std::string& haystack, const char* needle) {
331 std::string::const_iterator it =
332 base::ranges::search(haystack, std::string_view(needle),
333 base::CaseInsensitiveCompareASCII<char>());
334 return it != haystack.end();
335 }
336
CreateSimpleUploadData(const char * data)337 std::unique_ptr<UploadDataStream> CreateSimpleUploadData(const char* data) {
338 auto reader = std::make_unique<UploadBytesElementReader>(data, strlen(data));
339 return ElementsUploadDataStream::CreateWithReader(std::move(reader), 0);
340 }
341
342 // Verify that the SSLInfo of a successful SSL connection has valid values.
CheckSSLInfo(const SSLInfo & ssl_info)343 void CheckSSLInfo(const SSLInfo& ssl_info) {
344 // The cipher suite TLS_NULL_WITH_NULL_NULL (0) must not be negotiated.
345 uint16_t cipher_suite =
346 SSLConnectionStatusToCipherSuite(ssl_info.connection_status);
347 EXPECT_NE(0U, cipher_suite);
348 }
349
350 // A network delegate that allows the user to choose a subset of request stages
351 // to block in. When blocking, the delegate can do one of the following:
352 // * synchronously return a pre-specified error code, or
353 // * asynchronously return that value via an automatically called callback,
354 // or
355 // * block and wait for the user to do a callback.
356 // Additionally, the user may also specify a redirect URL -- then each request
357 // with the current URL different from the redirect target will be redirected
358 // to that target, in the on-before-URL-request stage, independent of whether
359 // the delegate blocks in ON_BEFORE_URL_REQUEST or not.
360 class BlockingNetworkDelegate : public TestNetworkDelegate {
361 public:
362 // Stages in which the delegate can block.
363 enum Stage {
364 NOT_BLOCKED = 0,
365 ON_BEFORE_URL_REQUEST = 1 << 0,
366 ON_BEFORE_SEND_HEADERS = 1 << 1,
367 ON_HEADERS_RECEIVED = 1 << 2,
368 };
369
370 // Behavior during blocked stages. During other stages, just
371 // returns OK or NetworkDelegate::AUTH_REQUIRED_RESPONSE_NO_ACTION.
372 enum BlockMode {
373 SYNCHRONOUS, // No callback, returns specified return values.
374 AUTO_CALLBACK, // |this| posts a task to run the callback using the
375 // specified return codes.
376 USER_CALLBACK, // User takes care of doing a callback. |retval_| and
377 // |auth_retval_| are ignored. In every blocking stage the
378 // message loop is quit.
379 };
380
381 // Creates a delegate which does not block at all.
382 explicit BlockingNetworkDelegate(BlockMode block_mode);
383
384 BlockingNetworkDelegate(const BlockingNetworkDelegate&) = delete;
385 BlockingNetworkDelegate& operator=(const BlockingNetworkDelegate&) = delete;
386
387 // Runs the message loop until the delegate blocks.
388 void RunUntilBlocked();
389
390 // For users to trigger a callback returning |response|.
391 // Side-effects: resets |stage_blocked_for_callback_| and stored callbacks.
392 // Only call if |block_mode_| == USER_CALLBACK.
393 void DoCallback(int response);
394
395 // Setters.
set_retval(int retval)396 void set_retval(int retval) {
397 ASSERT_NE(USER_CALLBACK, block_mode_);
398 ASSERT_NE(ERR_IO_PENDING, retval);
399 ASSERT_NE(OK, retval);
400 retval_ = retval;
401 }
set_redirect_url(const GURL & url)402 void set_redirect_url(const GURL& url) { redirect_url_ = url; }
403
set_block_on(int block_on)404 void set_block_on(int block_on) { block_on_ = block_on; }
405
406 // Allows the user to check in which state did we block.
stage_blocked_for_callback() const407 Stage stage_blocked_for_callback() const {
408 EXPECT_EQ(USER_CALLBACK, block_mode_);
409 return stage_blocked_for_callback_;
410 }
411
412 private:
413 void OnBlocked();
414
415 void RunCallback(int response, CompletionOnceCallback callback);
416
417 // TestNetworkDelegate implementation.
418 int OnBeforeURLRequest(URLRequest* request,
419 CompletionOnceCallback callback,
420 GURL* new_url) override;
421
422 int OnBeforeStartTransaction(
423 URLRequest* request,
424 const HttpRequestHeaders& headers,
425 OnBeforeStartTransactionCallback callback) override;
426
427 int OnHeadersReceived(
428 URLRequest* request,
429 CompletionOnceCallback callback,
430 const HttpResponseHeaders* original_response_headers,
431 scoped_refptr<HttpResponseHeaders>* override_response_headers,
432 const IPEndPoint& endpoint,
433 std::optional<GURL>* preserve_fragment_on_redirect_url) override;
434
435 // Resets the callbacks and |stage_blocked_for_callback_|.
436 void Reset();
437
438 // Checks whether we should block in |stage|. If yes, returns an error code
439 // and optionally sets up callback based on |block_mode_|. If no, returns OK.
440 int MaybeBlockStage(Stage stage, CompletionOnceCallback callback);
441
442 // Configuration parameters, can be adjusted by public methods:
443 const BlockMode block_mode_;
444
445 // Values returned on blocking stages when mode is SYNCHRONOUS or
446 // AUTO_CALLBACK. For USER_CALLBACK these are set automatically to IO_PENDING.
447 int retval_ = OK;
448
449 GURL redirect_url_; // Used if non-empty during OnBeforeURLRequest.
450 int block_on_ = 0; // Bit mask: in which stages to block.
451
452 // Internal variables, not set by not the user:
453 // Last blocked stage waiting for user callback (unused if |block_mode_| !=
454 // USER_CALLBACK).
455 Stage stage_blocked_for_callback_ = NOT_BLOCKED;
456
457 // Callback objects stored during blocking stages.
458 CompletionOnceCallback callback_;
459
460 // Closure to run to exit RunUntilBlocked().
461 base::OnceClosure on_blocked_;
462
463 base::WeakPtrFactory<BlockingNetworkDelegate> weak_factory_{this};
464 };
465
BlockingNetworkDelegate(BlockMode block_mode)466 BlockingNetworkDelegate::BlockingNetworkDelegate(BlockMode block_mode)
467 : block_mode_(block_mode) {}
468
RunUntilBlocked()469 void BlockingNetworkDelegate::RunUntilBlocked() {
470 base::RunLoop run_loop;
471 on_blocked_ = run_loop.QuitClosure();
472 run_loop.Run();
473 }
474
DoCallback(int response)475 void BlockingNetworkDelegate::DoCallback(int response) {
476 ASSERT_EQ(USER_CALLBACK, block_mode_);
477 ASSERT_NE(NOT_BLOCKED, stage_blocked_for_callback_);
478 CompletionOnceCallback callback = std::move(callback_);
479 Reset();
480
481 // |callback| may trigger completion of a request, so post it as a task, so
482 // it will run under a subsequent TestDelegate::RunUntilComplete() loop.
483 base::SingleThreadTaskRunner::GetCurrentDefault()->PostTask(
484 FROM_HERE, base::BindOnce(&BlockingNetworkDelegate::RunCallback,
485 weak_factory_.GetWeakPtr(), response,
486 std::move(callback)));
487 }
488
OnBlocked()489 void BlockingNetworkDelegate::OnBlocked() {
490 // If this fails due to |on_blocked_| being null then OnBlocked() was run by
491 // a RunLoop other than RunUntilBlocked(), indicating a bug in the calling
492 // test.
493 std::move(on_blocked_).Run();
494 }
495
RunCallback(int response,CompletionOnceCallback callback)496 void BlockingNetworkDelegate::RunCallback(int response,
497 CompletionOnceCallback callback) {
498 std::move(callback).Run(response);
499 }
500
OnBeforeURLRequest(URLRequest * request,CompletionOnceCallback callback,GURL * new_url)501 int BlockingNetworkDelegate::OnBeforeURLRequest(URLRequest* request,
502 CompletionOnceCallback callback,
503 GURL* new_url) {
504 if (redirect_url_ == request->url())
505 return OK; // We've already seen this request and redirected elsewhere.
506
507 // TestNetworkDelegate always completes synchronously.
508 CHECK_NE(ERR_IO_PENDING, TestNetworkDelegate::OnBeforeURLRequest(
509 request, base::NullCallback(), new_url));
510
511 if (!redirect_url_.is_empty())
512 *new_url = redirect_url_;
513
514 return MaybeBlockStage(ON_BEFORE_URL_REQUEST, std::move(callback));
515 }
516
OnBeforeStartTransaction(URLRequest * request,const HttpRequestHeaders & headers,OnBeforeStartTransactionCallback callback)517 int BlockingNetworkDelegate::OnBeforeStartTransaction(
518 URLRequest* request,
519 const HttpRequestHeaders& headers,
520 OnBeforeStartTransactionCallback callback) {
521 // TestNetworkDelegate always completes synchronously.
522 CHECK_NE(ERR_IO_PENDING, TestNetworkDelegate::OnBeforeStartTransaction(
523 request, headers, base::NullCallback()));
524
525 return MaybeBlockStage(
526 ON_BEFORE_SEND_HEADERS,
527 base::BindOnce(
528 [](OnBeforeStartTransactionCallback callback, int result) {
529 std::move(callback).Run(result, std::nullopt);
530 },
531 std::move(callback)));
532 }
533
OnHeadersReceived(URLRequest * request,CompletionOnceCallback callback,const HttpResponseHeaders * original_response_headers,scoped_refptr<HttpResponseHeaders> * override_response_headers,const IPEndPoint & endpoint,std::optional<GURL> * preserve_fragment_on_redirect_url)534 int BlockingNetworkDelegate::OnHeadersReceived(
535 URLRequest* request,
536 CompletionOnceCallback callback,
537 const HttpResponseHeaders* original_response_headers,
538 scoped_refptr<HttpResponseHeaders>* override_response_headers,
539 const IPEndPoint& endpoint,
540 std::optional<GURL>* preserve_fragment_on_redirect_url) {
541 // TestNetworkDelegate always completes synchronously.
542 CHECK_NE(ERR_IO_PENDING,
543 TestNetworkDelegate::OnHeadersReceived(
544 request, base::NullCallback(), original_response_headers,
545 override_response_headers, endpoint,
546 preserve_fragment_on_redirect_url));
547
548 return MaybeBlockStage(ON_HEADERS_RECEIVED, std::move(callback));
549 }
550
Reset()551 void BlockingNetworkDelegate::Reset() {
552 EXPECT_NE(NOT_BLOCKED, stage_blocked_for_callback_);
553 stage_blocked_for_callback_ = NOT_BLOCKED;
554 callback_.Reset();
555 }
556
MaybeBlockStage(BlockingNetworkDelegate::Stage stage,CompletionOnceCallback callback)557 int BlockingNetworkDelegate::MaybeBlockStage(
558 BlockingNetworkDelegate::Stage stage,
559 CompletionOnceCallback callback) {
560 // Check that the user has provided callback for the previous blocked stage.
561 EXPECT_EQ(NOT_BLOCKED, stage_blocked_for_callback_);
562
563 if ((block_on_ & stage) == 0) {
564 return OK;
565 }
566
567 switch (block_mode_) {
568 case SYNCHRONOUS:
569 EXPECT_NE(OK, retval_);
570 return retval_;
571
572 case AUTO_CALLBACK:
573 base::SingleThreadTaskRunner::GetCurrentDefault()->PostTask(
574 FROM_HERE, base::BindOnce(&BlockingNetworkDelegate::RunCallback,
575 weak_factory_.GetWeakPtr(), retval_,
576 std::move(callback)));
577 return ERR_IO_PENDING;
578
579 case USER_CALLBACK:
580 callback_ = std::move(callback);
581 stage_blocked_for_callback_ = stage;
582 // We may reach here via a callback prior to RunUntilBlocked(), so post
583 // a task to fetch and run the |on_blocked_| closure.
584 base::SingleThreadTaskRunner::GetCurrentDefault()->PostTask(
585 FROM_HERE, base::BindOnce(&BlockingNetworkDelegate::OnBlocked,
586 weak_factory_.GetWeakPtr()));
587 return ERR_IO_PENDING;
588 }
589 NOTREACHED();
590 return 0;
591 }
592
593 // OCSPErrorTestDelegate caches the SSLInfo passed to OnSSLCertificateError.
594 // This is needed because after the certificate failure, the URLRequest will
595 // retry the connection, and return a partial SSLInfo with a cached cert status.
596 // The partial SSLInfo does not have the OCSP information filled out.
597 class OCSPErrorTestDelegate : public TestDelegate {
598 public:
OnSSLCertificateError(URLRequest * request,int net_error,const SSLInfo & ssl_info,bool fatal)599 void OnSSLCertificateError(URLRequest* request,
600 int net_error,
601 const SSLInfo& ssl_info,
602 bool fatal) override {
603 ssl_info_ = ssl_info;
604 on_ssl_certificate_error_called_ = true;
605 TestDelegate::OnSSLCertificateError(request, net_error, ssl_info, fatal);
606 }
607
on_ssl_certificate_error_called()608 bool on_ssl_certificate_error_called() {
609 return on_ssl_certificate_error_called_;
610 }
611
ssl_info()612 SSLInfo ssl_info() { return ssl_info_; }
613
614 private:
615 bool on_ssl_certificate_error_called_ = false;
616 SSLInfo ssl_info_;
617 };
618
619 #if !BUILDFLAG(IS_IOS)
620 // Compute the root cert's SPKI hash on the fly, to avoid hardcoding it within
621 // tests.
GetTestRootCertSPKIHash(SHA256HashValue * root_hash)622 bool GetTestRootCertSPKIHash(SHA256HashValue* root_hash) {
623 scoped_refptr<X509Certificate> root_cert =
624 ImportCertFromFile(GetTestCertsDirectory(), "root_ca_cert.pem");
625 if (!root_cert)
626 return false;
627 std::string_view root_spki;
628 if (!asn1::ExtractSPKIFromDERCert(
629 x509_util::CryptoBufferAsStringPiece(root_cert->cert_buffer()),
630 &root_spki)) {
631 return false;
632 }
633 crypto::SHA256HashString(root_spki, root_hash, sizeof(SHA256HashValue));
634 return true;
635 }
636 #endif
637
638 } // namespace
639
640 // Inherit PlatformTest since we require the autorelease pool on Mac OS X.
641 class URLRequestTest : public PlatformTest, public WithTaskEnvironment {
642 public:
643 URLRequestTest() = default;
644
~URLRequestTest()645 ~URLRequestTest() override {
646 // URLRequestJobs may post clean-up tasks on destruction.
647 base::RunLoop().RunUntilIdle();
648
649 SetTransportSecurityStateSourceForTesting(nullptr);
650 }
651
SetUp()652 void SetUp() override {
653 auto context_builder = CreateTestURLRequestContextBuilder();
654 context_builder->set_net_log(NetLog::Get());
655 SetUpContextBuilder(*context_builder);
656 // We set the TestNetworkDelegate after calling SetUpContextBuilder as
657 // default_network_delegate() relies on this set up and we don't want to
658 // allow subclasses to break the assumption.
659 context_builder->set_network_delegate(
660 std::make_unique<TestNetworkDelegate>());
661 default_context_ = context_builder->Build();
662 PlatformTest::SetUp();
663 }
664
TearDown()665 void TearDown() override { default_context_.reset(); }
666
SetUpContextBuilder(URLRequestContextBuilder & builder)667 virtual void SetUpContextBuilder(URLRequestContextBuilder& builder) {}
668
default_network_delegate()669 TestNetworkDelegate& default_network_delegate() {
670 // This cast is safe because we provided a TestNetworkDelegate in SetUp().
671 return *static_cast<TestNetworkDelegate*>(
672 default_context_->network_delegate());
673 }
674
default_context() const675 URLRequestContext& default_context() const { return *default_context_; }
676
677 // Creates a temp test file and writes |data| to the file. The file will be
678 // deleted after the test completes.
CreateTestFile(const char * data,size_t data_size,base::FilePath * test_file)679 void CreateTestFile(const char* data,
680 size_t data_size,
681 base::FilePath* test_file) {
682 ASSERT_TRUE(temp_dir_.CreateUniqueTempDir());
683 // Get an absolute path since |temp_dir| can contain a symbolic link. As of
684 // now, Mac and Android bots return a path with a symbolic link.
685 base::FilePath absolute_temp_dir =
686 base::MakeAbsoluteFilePath(temp_dir_.GetPath());
687
688 ASSERT_TRUE(base::CreateTemporaryFileInDir(absolute_temp_dir, test_file));
689 ASSERT_TRUE(base::WriteFile(*test_file, std::string_view(data, data_size)));
690 }
691
692 static std::unique_ptr<ConfiguredProxyResolutionService>
CreateFixedProxyResolutionService(const std::string & proxy)693 CreateFixedProxyResolutionService(const std::string& proxy) {
694 return ConfiguredProxyResolutionService::CreateFixedForTest(
695 proxy, TRAFFIC_ANNOTATION_FOR_TESTS);
696 }
697
CreateFirstPartyRequest(const URLRequestContext & context,const GURL & url,URLRequest::Delegate * delegate)698 std::unique_ptr<URLRequest> CreateFirstPartyRequest(
699 const URLRequestContext& context,
700 const GURL& url,
701 URLRequest::Delegate* delegate) {
702 auto req = context.CreateRequest(url, DEFAULT_PRIORITY, delegate,
703 TRAFFIC_ANNOTATION_FOR_TESTS);
704 req->set_initiator(url::Origin::Create(url));
705 req->set_site_for_cookies(SiteForCookies::FromUrl(url));
706 return req;
707 }
708
709 protected:
710 RecordingNetLogObserver net_log_observer_;
711 std::unique_ptr<URLRequestContext> default_context_;
712 base::ScopedTempDir temp_dir_;
713 };
714
TEST_F(URLRequestTest,AboutBlankTest)715 TEST_F(URLRequestTest, AboutBlankTest) {
716 TestDelegate d;
717 {
718 std::unique_ptr<URLRequest> r(
719 default_context().CreateRequest(GURL("about:blank"), DEFAULT_PRIORITY,
720 &d, TRAFFIC_ANNOTATION_FOR_TESTS));
721
722 r->Start();
723 EXPECT_TRUE(r->is_pending());
724
725 d.RunUntilComplete();
726
727 EXPECT_TRUE(!r->is_pending());
728 EXPECT_FALSE(d.received_data_before_response());
729 EXPECT_EQ(d.bytes_received(), 0);
730 EXPECT_TRUE(r->GetResponseRemoteEndpoint().address().empty());
731 EXPECT_EQ(0, r->GetResponseRemoteEndpoint().port());
732 }
733 }
734
TEST_F(URLRequestTest,InvalidUrlTest)735 TEST_F(URLRequestTest, InvalidUrlTest) {
736 TestDelegate d;
737 {
738 std::unique_ptr<URLRequest> r(
739 default_context().CreateRequest(GURL("invalid url"), DEFAULT_PRIORITY,
740 &d, TRAFFIC_ANNOTATION_FOR_TESTS));
741
742 r->Start();
743 EXPECT_TRUE(r->is_pending());
744
745 d.RunUntilComplete();
746 EXPECT_TRUE(d.request_failed());
747 }
748 }
749
750 // Test that URLRequest rejects WS URLs by default.
TEST_F(URLRequestTest,WsUrlTest)751 TEST_F(URLRequestTest, WsUrlTest) {
752 const url::Origin kOrigin = url::Origin::Create(GURL("http://foo.test/"));
753
754 TestDelegate d;
755 std::unique_ptr<URLRequest> r(
756 default_context().CreateRequest(GURL("ws://foo.test/"), DEFAULT_PRIORITY,
757 &d, TRAFFIC_ANNOTATION_FOR_TESTS));
758 // This is not strictly necessary for this test, but used to trigger a DCHECK.
759 // See https://crbug.com/1245115.
760 r->set_isolation_info(
761 IsolationInfo::Create(IsolationInfo::RequestType::kMainFrame, kOrigin,
762 kOrigin, SiteForCookies::FromOrigin(kOrigin)));
763
764 r->Start();
765 d.RunUntilComplete();
766 EXPECT_TRUE(d.request_failed());
767 EXPECT_THAT(d.request_status(), IsError(ERR_UNKNOWN_URL_SCHEME));
768 }
769
770 // Test that URLRequest rejects WSS URLs by default.
TEST_F(URLRequestTest,WssUrlTest)771 TEST_F(URLRequestTest, WssUrlTest) {
772 const url::Origin kOrigin = url::Origin::Create(GURL("https://foo.test/"));
773
774 TestDelegate d;
775 std::unique_ptr<URLRequest> r(
776 default_context().CreateRequest(GURL("wss://foo.test/"), DEFAULT_PRIORITY,
777 &d, TRAFFIC_ANNOTATION_FOR_TESTS));
778 // This is not strictly necessary for this test, but used to trigger a DCHECK.
779 // See https://crbug.com/1245115.
780 r->set_isolation_info(
781 IsolationInfo::Create(IsolationInfo::RequestType::kMainFrame, kOrigin,
782 kOrigin, SiteForCookies::FromOrigin(kOrigin)));
783
784 r->Start();
785 d.RunUntilComplete();
786 EXPECT_TRUE(d.request_failed());
787 EXPECT_THAT(d.request_status(), IsError(ERR_UNKNOWN_URL_SCHEME));
788 }
789
TEST_F(URLRequestTest,InvalidReferrerTest)790 TEST_F(URLRequestTest, InvalidReferrerTest) {
791 default_network_delegate().set_cancel_request_with_policy_violating_referrer(
792 true);
793 TestDelegate d;
794 std::unique_ptr<URLRequest> req = default_context().CreateRequest(
795 GURL("http://localhost/"), DEFAULT_PRIORITY, &d,
796 TRAFFIC_ANNOTATION_FOR_TESTS);
797 req->SetReferrer("https://somewhere.com/");
798
799 req->Start();
800 d.RunUntilComplete();
801 EXPECT_TRUE(d.request_failed());
802 }
803
TEST_F(URLRequestTest,RecordsSameOriginReferrerHistogram)804 TEST_F(URLRequestTest, RecordsSameOriginReferrerHistogram) {
805 default_network_delegate().set_cancel_request_with_policy_violating_referrer(
806 false);
807 TestDelegate d;
808 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
809 GURL("http://google.com/"), DEFAULT_PRIORITY, &d,
810 TRAFFIC_ANNOTATION_FOR_TESTS));
811 req->SetReferrer("http://google.com");
812 req->set_referrer_policy(ReferrerPolicy::NEVER_CLEAR);
813
814 base::HistogramTester histograms;
815
816 req->Start();
817 d.RunUntilComplete();
818 histograms.ExpectUniqueSample(
819 "Net.URLRequest.ReferrerPolicyForRequest.SameOrigin",
820 static_cast<int>(ReferrerPolicy::NEVER_CLEAR), 1);
821 }
822
TEST_F(URLRequestTest,RecordsCrossOriginReferrerHistogram)823 TEST_F(URLRequestTest, RecordsCrossOriginReferrerHistogram) {
824 TestDelegate d;
825 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
826 GURL("http://google.com/"), DEFAULT_PRIORITY, &d,
827 TRAFFIC_ANNOTATION_FOR_TESTS));
828 req->SetReferrer("http://origin.com");
829
830 // Set a different policy just to make sure we aren't always logging the same
831 // policy.
832 req->set_referrer_policy(
833 ReferrerPolicy::CLEAR_ON_TRANSITION_FROM_SECURE_TO_INSECURE);
834
835 base::HistogramTester histograms;
836
837 req->Start();
838 d.RunUntilComplete();
839 histograms.ExpectUniqueSample(
840 "Net.URLRequest.ReferrerPolicyForRequest.CrossOrigin",
841 static_cast<int>(
842 ReferrerPolicy::CLEAR_ON_TRANSITION_FROM_SECURE_TO_INSECURE),
843 1);
844 }
845
TEST_F(URLRequestTest,RecordsReferrerHistogramAgainOnRedirect)846 TEST_F(URLRequestTest, RecordsReferrerHistogramAgainOnRedirect) {
847 auto context_builder = CreateTestURLRequestContextBuilder();
848 auto network_delegate = std::make_unique<BlockingNetworkDelegate>(
849 BlockingNetworkDelegate::SYNCHRONOUS);
850 network_delegate->set_redirect_url(GURL("http://redirect.com/"));
851 context_builder->set_network_delegate(std::move(network_delegate));
852 auto context = context_builder->Build();
853
854 TestDelegate d;
855 std::unique_ptr<URLRequest> req(
856 context->CreateRequest(GURL("http://google.com/"), DEFAULT_PRIORITY, &d,
857 TRAFFIC_ANNOTATION_FOR_TESTS));
858 req->SetReferrer("http://google.com");
859
860 req->set_referrer_policy(
861 ReferrerPolicy::CLEAR_ON_TRANSITION_FROM_SECURE_TO_INSECURE);
862
863 base::HistogramTester histograms;
864
865 req->Start();
866 d.RunUntilRedirect();
867 histograms.ExpectUniqueSample(
868 "Net.URLRequest.ReferrerPolicyForRequest.SameOrigin",
869 static_cast<int>(
870 ReferrerPolicy::CLEAR_ON_TRANSITION_FROM_SECURE_TO_INSECURE),
871 1);
872 req->FollowDeferredRedirect(/*removed_headers=*/std::nullopt,
873 /*modified_headers=*/std::nullopt);
874 d.RunUntilComplete();
875 histograms.ExpectUniqueSample(
876 "Net.URLRequest.ReferrerPolicyForRequest.CrossOrigin",
877 static_cast<int>(
878 ReferrerPolicy::CLEAR_ON_TRANSITION_FROM_SECURE_TO_INSECURE),
879 1);
880 }
881
TEST_F(URLRequestTest,RecordsReferrrerWithInformativePath)882 TEST_F(URLRequestTest, RecordsReferrrerWithInformativePath) {
883 auto context_builder = CreateTestURLRequestContextBuilder();
884 auto network_delegate = std::make_unique<BlockingNetworkDelegate>(
885 BlockingNetworkDelegate::SYNCHRONOUS);
886 network_delegate->set_cancel_request_with_policy_violating_referrer(true);
887 network_delegate->set_redirect_url(GURL("http://redirect.com/"));
888 context_builder->set_network_delegate(std::move(network_delegate));
889 auto context = context_builder->Build();
890
891 TestDelegate d;
892 std::unique_ptr<URLRequest> req(
893 context->CreateRequest(GURL("http://google.com/"), DEFAULT_PRIORITY, &d,
894 TRAFFIC_ANNOTATION_FOR_TESTS));
895
896 // Since this referrer is much more informative than the initiating origin,
897 // we should see the histograms' true buckets populated.
898 req->SetReferrer("http://google.com/very-informative-path");
899
900 base::HistogramTester histograms;
901
902 req->Start();
903 d.RunUntilRedirect();
904 histograms.ExpectUniqueSample(
905 "Net.URLRequest.ReferrerHasInformativePath.SameOrigin",
906 /* Check the count of the "true" bucket in the boolean histogram. */ true,
907 1);
908 req->FollowDeferredRedirect(/*removed_headers=*/std::nullopt,
909 /*modified_headers=*/std::nullopt);
910 d.RunUntilComplete();
911 histograms.ExpectUniqueSample(
912 "Net.URLRequest.ReferrerHasInformativePath.CrossOrigin", true, 1);
913 }
914
TEST_F(URLRequestTest,RecordsReferrerWithInformativeQuery)915 TEST_F(URLRequestTest, RecordsReferrerWithInformativeQuery) {
916 auto context_builder = CreateTestURLRequestContextBuilder();
917 auto network_delegate = std::make_unique<BlockingNetworkDelegate>(
918 BlockingNetworkDelegate::SYNCHRONOUS);
919 network_delegate->set_cancel_request_with_policy_violating_referrer(true);
920 network_delegate->set_redirect_url(GURL("http://redirect.com/"));
921 context_builder->set_network_delegate(std::move(network_delegate));
922 auto context = context_builder->Build();
923
924 TestDelegate d;
925 std::unique_ptr<URLRequest> req(
926 context->CreateRequest(GURL("http://google.com/"), DEFAULT_PRIORITY, &d,
927 TRAFFIC_ANNOTATION_FOR_TESTS));
928
929 // Since this referrer is much more informative than the initiating origin,
930 // we should see the histograms' true buckets populated.
931 req->SetReferrer("http://google.com/?very-informative-query");
932
933 base::HistogramTester histograms;
934
935 req->Start();
936 d.RunUntilRedirect();
937 histograms.ExpectUniqueSample(
938 "Net.URLRequest.ReferrerHasInformativePath.SameOrigin",
939 /* Check the count of the "true" bucket in the boolean histogram. */ true,
940 1);
941 req->FollowDeferredRedirect(/*removed_headers=*/std::nullopt,
942 /*modified_headers=*/std::nullopt);
943 d.RunUntilComplete();
944 histograms.ExpectUniqueSample(
945 "Net.URLRequest.ReferrerHasInformativePath.CrossOrigin", true, 1);
946 }
947
TEST_F(URLRequestTest,RecordsReferrerWithoutInformativePathOrQuery)948 TEST_F(URLRequestTest, RecordsReferrerWithoutInformativePathOrQuery) {
949 auto context_builder = CreateTestURLRequestContextBuilder();
950 auto network_delegate = std::make_unique<BlockingNetworkDelegate>(
951 BlockingNetworkDelegate::SYNCHRONOUS);
952 network_delegate->set_cancel_request_with_policy_violating_referrer(false);
953 network_delegate->set_redirect_url(GURL("http://origin.com/"));
954 context_builder->set_network_delegate(std::move(network_delegate));
955 auto context = context_builder->Build();
956
957 TestDelegate d;
958 std::unique_ptr<URLRequest> req(
959 context->CreateRequest(GURL("http://google.com/"), DEFAULT_PRIORITY, &d,
960 TRAFFIC_ANNOTATION_FOR_TESTS));
961
962 // Since this referrer _isn't_ more informative than the initiating origin,
963 // we should see the histograms' false buckets populated.
964 req->SetReferrer("http://origin.com");
965
966 base::HistogramTester histograms;
967
968 req->Start();
969 d.RunUntilRedirect();
970 histograms.ExpectUniqueSample(
971 "Net.URLRequest.ReferrerHasInformativePath.CrossOrigin", false, 1);
972 req->FollowDeferredRedirect(/*removed_headers=*/std::nullopt,
973 /*modified_headers=*/std::nullopt);
974 d.RunUntilComplete();
975 histograms.ExpectUniqueSample(
976 "Net.URLRequest.ReferrerHasInformativePath.SameOrigin", false, 1);
977 }
978
979 // A URLRequestInterceptor that allows setting the LoadTimingInfo value of the
980 // URLRequestJobs it creates.
981 class URLRequestInterceptorWithLoadTimingInfo : public URLRequestInterceptor {
982 public:
983 // Static getters for canned response header and data strings.
ok_data()984 static std::string ok_data() { return URLRequestTestJob::test_data_1(); }
985
ok_headers()986 static std::string ok_headers() { return URLRequestTestJob::test_headers(); }
987
988 URLRequestInterceptorWithLoadTimingInfo() = default;
989 ~URLRequestInterceptorWithLoadTimingInfo() override = default;
990
991 // URLRequestInterceptor implementation:
MaybeInterceptRequest(URLRequest * request) const992 std::unique_ptr<URLRequestJob> MaybeInterceptRequest(
993 URLRequest* request) const override {
994 std::unique_ptr<URLRequestTestJob> job =
995 std::make_unique<URLRequestTestJob>(request, ok_headers(), ok_data(),
996 true);
997 job->set_load_timing_info(main_request_load_timing_info_);
998 return job;
999 }
1000
set_main_request_load_timing_info(const LoadTimingInfo & main_request_load_timing_info)1001 void set_main_request_load_timing_info(
1002 const LoadTimingInfo& main_request_load_timing_info) {
1003 main_request_load_timing_info_ = main_request_load_timing_info;
1004 }
1005
1006 private:
1007 mutable LoadTimingInfo main_request_load_timing_info_;
1008 };
1009
1010 // These tests inject a MockURLRequestInterceptor
1011 class URLRequestLoadTimingTest : public URLRequestTest {
1012 public:
URLRequestLoadTimingTest()1013 URLRequestLoadTimingTest() {
1014 std::unique_ptr<URLRequestInterceptorWithLoadTimingInfo> interceptor =
1015 std::make_unique<URLRequestInterceptorWithLoadTimingInfo>();
1016 interceptor_ = interceptor.get();
1017 URLRequestFilter::GetInstance()->AddHostnameInterceptor(
1018 "http", "test_intercept", std::move(interceptor));
1019 }
1020
~URLRequestLoadTimingTest()1021 ~URLRequestLoadTimingTest() override {
1022 URLRequestFilter::GetInstance()->ClearHandlers();
1023 }
1024
interceptor() const1025 URLRequestInterceptorWithLoadTimingInfo* interceptor() const {
1026 return interceptor_;
1027 }
1028
1029 private:
1030 raw_ptr<URLRequestInterceptorWithLoadTimingInfo, DanglingUntriaged>
1031 interceptor_;
1032 };
1033
1034 // "Normal" LoadTimingInfo as returned by a job. Everything is in order, not
1035 // reused. |connect_time_flags| is used to indicate if there should be dns
1036 // or SSL times, and |used_proxy| is used for proxy times.
NormalLoadTimingInfo(base::TimeTicks now,int connect_time_flags,bool used_proxy)1037 LoadTimingInfo NormalLoadTimingInfo(base::TimeTicks now,
1038 int connect_time_flags,
1039 bool used_proxy) {
1040 LoadTimingInfo load_timing;
1041 load_timing.socket_log_id = 1;
1042
1043 if (used_proxy) {
1044 load_timing.proxy_resolve_start = now + base::Days(1);
1045 load_timing.proxy_resolve_end = now + base::Days(2);
1046 }
1047
1048 LoadTimingInfo::ConnectTiming& connect_timing = load_timing.connect_timing;
1049 if (connect_time_flags & CONNECT_TIMING_HAS_DNS_TIMES) {
1050 connect_timing.domain_lookup_start = now + base::Days(3);
1051 connect_timing.domain_lookup_end = now + base::Days(4);
1052 }
1053 connect_timing.connect_start = now + base::Days(5);
1054 if (connect_time_flags & CONNECT_TIMING_HAS_SSL_TIMES) {
1055 connect_timing.ssl_start = now + base::Days(6);
1056 connect_timing.ssl_end = now + base::Days(7);
1057 }
1058 connect_timing.connect_end = now + base::Days(8);
1059
1060 load_timing.send_start = now + base::Days(9);
1061 load_timing.send_end = now + base::Days(10);
1062 load_timing.receive_headers_start = now + base::Days(11);
1063 load_timing.receive_headers_end = now + base::Days(12);
1064 return load_timing;
1065 }
1066
1067 // Same as above, but in the case of a reused socket.
NormalLoadTimingInfoReused(base::TimeTicks now,bool used_proxy)1068 LoadTimingInfo NormalLoadTimingInfoReused(base::TimeTicks now,
1069 bool used_proxy) {
1070 LoadTimingInfo load_timing;
1071 load_timing.socket_log_id = 1;
1072 load_timing.socket_reused = true;
1073
1074 if (used_proxy) {
1075 load_timing.proxy_resolve_start = now + base::Days(1);
1076 load_timing.proxy_resolve_end = now + base::Days(2);
1077 }
1078
1079 load_timing.send_start = now + base::Days(9);
1080 load_timing.send_end = now + base::Days(10);
1081 load_timing.receive_headers_start = now + base::Days(11);
1082 load_timing.receive_headers_end = now + base::Days(12);
1083 return load_timing;
1084 }
1085
RunURLRequestInterceptorLoadTimingTest(const LoadTimingInfo & job_load_timing,const URLRequestContext & context,URLRequestInterceptorWithLoadTimingInfo * interceptor)1086 LoadTimingInfo RunURLRequestInterceptorLoadTimingTest(
1087 const LoadTimingInfo& job_load_timing,
1088 const URLRequestContext& context,
1089 URLRequestInterceptorWithLoadTimingInfo* interceptor) {
1090 interceptor->set_main_request_load_timing_info(job_load_timing);
1091 TestDelegate d;
1092 std::unique_ptr<URLRequest> req(
1093 context.CreateRequest(GURL("http://test_intercept/foo"), DEFAULT_PRIORITY,
1094 &d, TRAFFIC_ANNOTATION_FOR_TESTS));
1095 req->Start();
1096 d.RunUntilComplete();
1097
1098 LoadTimingInfo resulting_load_timing;
1099 req->GetLoadTimingInfo(&resulting_load_timing);
1100
1101 // None of these should be modified by the URLRequest.
1102 EXPECT_EQ(job_load_timing.socket_reused, resulting_load_timing.socket_reused);
1103 EXPECT_EQ(job_load_timing.socket_log_id, resulting_load_timing.socket_log_id);
1104 EXPECT_EQ(job_load_timing.send_start, resulting_load_timing.send_start);
1105 EXPECT_EQ(job_load_timing.send_end, resulting_load_timing.send_end);
1106 EXPECT_EQ(job_load_timing.receive_headers_start,
1107 resulting_load_timing.receive_headers_start);
1108 EXPECT_EQ(job_load_timing.receive_headers_end,
1109 resulting_load_timing.receive_headers_end);
1110 EXPECT_EQ(job_load_timing.push_start, resulting_load_timing.push_start);
1111 EXPECT_EQ(job_load_timing.push_end, resulting_load_timing.push_end);
1112
1113 return resulting_load_timing;
1114 }
1115
1116 // Basic test that the intercept + load timing tests work.
TEST_F(URLRequestLoadTimingTest,InterceptLoadTiming)1117 TEST_F(URLRequestLoadTimingTest, InterceptLoadTiming) {
1118 base::TimeTicks now = base::TimeTicks::Now();
1119 LoadTimingInfo job_load_timing =
1120 NormalLoadTimingInfo(now, CONNECT_TIMING_HAS_DNS_TIMES, false);
1121
1122 LoadTimingInfo load_timing_result = RunURLRequestInterceptorLoadTimingTest(
1123 job_load_timing, default_context(), interceptor());
1124
1125 // Nothing should have been changed by the URLRequest.
1126 EXPECT_EQ(job_load_timing.proxy_resolve_start,
1127 load_timing_result.proxy_resolve_start);
1128 EXPECT_EQ(job_load_timing.proxy_resolve_end,
1129 load_timing_result.proxy_resolve_end);
1130 EXPECT_EQ(job_load_timing.connect_timing.domain_lookup_start,
1131 load_timing_result.connect_timing.domain_lookup_start);
1132 EXPECT_EQ(job_load_timing.connect_timing.domain_lookup_end,
1133 load_timing_result.connect_timing.domain_lookup_end);
1134 EXPECT_EQ(job_load_timing.connect_timing.connect_start,
1135 load_timing_result.connect_timing.connect_start);
1136 EXPECT_EQ(job_load_timing.connect_timing.connect_end,
1137 load_timing_result.connect_timing.connect_end);
1138 EXPECT_EQ(job_load_timing.connect_timing.ssl_start,
1139 load_timing_result.connect_timing.ssl_start);
1140 EXPECT_EQ(job_load_timing.connect_timing.ssl_end,
1141 load_timing_result.connect_timing.ssl_end);
1142
1143 // Redundant sanity check.
1144 TestLoadTimingNotReused(load_timing_result, CONNECT_TIMING_HAS_DNS_TIMES);
1145 }
1146
1147 // Another basic test, with proxy and SSL times, but no DNS times.
TEST_F(URLRequestLoadTimingTest,InterceptLoadTimingProxy)1148 TEST_F(URLRequestLoadTimingTest, InterceptLoadTimingProxy) {
1149 base::TimeTicks now = base::TimeTicks::Now();
1150 LoadTimingInfo job_load_timing =
1151 NormalLoadTimingInfo(now, CONNECT_TIMING_HAS_SSL_TIMES, true);
1152
1153 LoadTimingInfo load_timing_result = RunURLRequestInterceptorLoadTimingTest(
1154 job_load_timing, default_context(), interceptor());
1155
1156 // Nothing should have been changed by the URLRequest.
1157 EXPECT_EQ(job_load_timing.proxy_resolve_start,
1158 load_timing_result.proxy_resolve_start);
1159 EXPECT_EQ(job_load_timing.proxy_resolve_end,
1160 load_timing_result.proxy_resolve_end);
1161 EXPECT_EQ(job_load_timing.connect_timing.domain_lookup_start,
1162 load_timing_result.connect_timing.domain_lookup_start);
1163 EXPECT_EQ(job_load_timing.connect_timing.domain_lookup_end,
1164 load_timing_result.connect_timing.domain_lookup_end);
1165 EXPECT_EQ(job_load_timing.connect_timing.connect_start,
1166 load_timing_result.connect_timing.connect_start);
1167 EXPECT_EQ(job_load_timing.connect_timing.connect_end,
1168 load_timing_result.connect_timing.connect_end);
1169 EXPECT_EQ(job_load_timing.connect_timing.ssl_start,
1170 load_timing_result.connect_timing.ssl_start);
1171 EXPECT_EQ(job_load_timing.connect_timing.ssl_end,
1172 load_timing_result.connect_timing.ssl_end);
1173
1174 // Redundant sanity check.
1175 TestLoadTimingNotReusedWithProxy(load_timing_result,
1176 CONNECT_TIMING_HAS_SSL_TIMES);
1177 }
1178
1179 // Make sure that URLRequest correctly adjusts proxy times when they're before
1180 // |request_start|, due to already having a connected socket. This happens in
1181 // the case of reusing a SPDY session. The connected socket is not considered
1182 // reused in this test (May be a preconnect).
1183 //
1184 // To mix things up from the test above, assumes DNS times but no SSL times.
TEST_F(URLRequestLoadTimingTest,InterceptLoadTimingEarlyProxyResolution)1185 TEST_F(URLRequestLoadTimingTest, InterceptLoadTimingEarlyProxyResolution) {
1186 base::TimeTicks now = base::TimeTicks::Now();
1187 LoadTimingInfo job_load_timing =
1188 NormalLoadTimingInfo(now, CONNECT_TIMING_HAS_DNS_TIMES, true);
1189 job_load_timing.proxy_resolve_start = now - base::Days(6);
1190 job_load_timing.proxy_resolve_end = now - base::Days(5);
1191 job_load_timing.connect_timing.domain_lookup_start = now - base::Days(4);
1192 job_load_timing.connect_timing.domain_lookup_end = now - base::Days(3);
1193 job_load_timing.connect_timing.connect_start = now - base::Days(2);
1194 job_load_timing.connect_timing.connect_end = now - base::Days(1);
1195
1196 LoadTimingInfo load_timing_result = RunURLRequestInterceptorLoadTimingTest(
1197 job_load_timing, default_context(), interceptor());
1198
1199 // Proxy times, connect times, and DNS times should all be replaced with
1200 // request_start.
1201 EXPECT_EQ(load_timing_result.request_start,
1202 load_timing_result.proxy_resolve_start);
1203 EXPECT_EQ(load_timing_result.request_start,
1204 load_timing_result.proxy_resolve_end);
1205 EXPECT_EQ(load_timing_result.request_start,
1206 load_timing_result.connect_timing.domain_lookup_start);
1207 EXPECT_EQ(load_timing_result.request_start,
1208 load_timing_result.connect_timing.domain_lookup_end);
1209 EXPECT_EQ(load_timing_result.request_start,
1210 load_timing_result.connect_timing.connect_start);
1211 EXPECT_EQ(load_timing_result.request_start,
1212 load_timing_result.connect_timing.connect_end);
1213
1214 // Other times should have been left null.
1215 TestLoadTimingNotReusedWithProxy(load_timing_result,
1216 CONNECT_TIMING_HAS_DNS_TIMES);
1217 }
1218
1219 // Same as above, but in the reused case.
TEST_F(URLRequestLoadTimingTest,InterceptLoadTimingEarlyProxyResolutionReused)1220 TEST_F(URLRequestLoadTimingTest,
1221 InterceptLoadTimingEarlyProxyResolutionReused) {
1222 base::TimeTicks now = base::TimeTicks::Now();
1223 LoadTimingInfo job_load_timing = NormalLoadTimingInfoReused(now, true);
1224 job_load_timing.proxy_resolve_start = now - base::Days(4);
1225 job_load_timing.proxy_resolve_end = now - base::Days(3);
1226
1227 LoadTimingInfo load_timing_result = RunURLRequestInterceptorLoadTimingTest(
1228 job_load_timing, default_context(), interceptor());
1229
1230 // Proxy times and connect times should all be replaced with request_start.
1231 EXPECT_EQ(load_timing_result.request_start,
1232 load_timing_result.proxy_resolve_start);
1233 EXPECT_EQ(load_timing_result.request_start,
1234 load_timing_result.proxy_resolve_end);
1235
1236 // Other times should have been left null.
1237 TestLoadTimingReusedWithProxy(load_timing_result);
1238 }
1239
1240 // Make sure that URLRequest correctly adjusts connect times when they're before
1241 // |request_start|, due to reusing a connected socket. The connected socket is
1242 // not considered reused in this test (May be a preconnect).
1243 //
1244 // To mix things up, the request has SSL times, but no DNS times.
TEST_F(URLRequestLoadTimingTest,InterceptLoadTimingEarlyConnect)1245 TEST_F(URLRequestLoadTimingTest, InterceptLoadTimingEarlyConnect) {
1246 base::TimeTicks now = base::TimeTicks::Now();
1247 LoadTimingInfo job_load_timing =
1248 NormalLoadTimingInfo(now, CONNECT_TIMING_HAS_SSL_TIMES, false);
1249 job_load_timing.connect_timing.connect_start = now - base::Days(1);
1250 job_load_timing.connect_timing.ssl_start = now - base::Days(2);
1251 job_load_timing.connect_timing.ssl_end = now - base::Days(3);
1252 job_load_timing.connect_timing.connect_end = now - base::Days(4);
1253
1254 LoadTimingInfo load_timing_result = RunURLRequestInterceptorLoadTimingTest(
1255 job_load_timing, default_context(), interceptor());
1256
1257 // Connect times, and SSL times should be replaced with request_start.
1258 EXPECT_EQ(load_timing_result.request_start,
1259 load_timing_result.connect_timing.connect_start);
1260 EXPECT_EQ(load_timing_result.request_start,
1261 load_timing_result.connect_timing.ssl_start);
1262 EXPECT_EQ(load_timing_result.request_start,
1263 load_timing_result.connect_timing.ssl_end);
1264 EXPECT_EQ(load_timing_result.request_start,
1265 load_timing_result.connect_timing.connect_end);
1266
1267 // Other times should have been left null.
1268 TestLoadTimingNotReused(load_timing_result, CONNECT_TIMING_HAS_SSL_TIMES);
1269 }
1270
1271 // Make sure that URLRequest correctly adjusts connect times when they're before
1272 // |request_start|, due to reusing a connected socket in the case that there
1273 // are also proxy times. The connected socket is not considered reused in this
1274 // test (May be a preconnect).
1275 //
1276 // In this test, there are no SSL or DNS times.
TEST_F(URLRequestLoadTimingTest,InterceptLoadTimingEarlyConnectWithProxy)1277 TEST_F(URLRequestLoadTimingTest, InterceptLoadTimingEarlyConnectWithProxy) {
1278 base::TimeTicks now = base::TimeTicks::Now();
1279 LoadTimingInfo job_load_timing =
1280 NormalLoadTimingInfo(now, CONNECT_TIMING_HAS_CONNECT_TIMES_ONLY, true);
1281 job_load_timing.connect_timing.connect_start = now - base::Days(1);
1282 job_load_timing.connect_timing.connect_end = now - base::Days(2);
1283
1284 LoadTimingInfo load_timing_result = RunURLRequestInterceptorLoadTimingTest(
1285 job_load_timing, default_context(), interceptor());
1286
1287 // Connect times should be replaced with proxy_resolve_end.
1288 EXPECT_EQ(load_timing_result.proxy_resolve_end,
1289 load_timing_result.connect_timing.connect_start);
1290 EXPECT_EQ(load_timing_result.proxy_resolve_end,
1291 load_timing_result.connect_timing.connect_end);
1292
1293 // Other times should have been left null.
1294 TestLoadTimingNotReusedWithProxy(load_timing_result,
1295 CONNECT_TIMING_HAS_CONNECT_TIMES_ONLY);
1296 }
1297
TEST_F(URLRequestTest,NetworkDelegateProxyError)1298 TEST_F(URLRequestTest, NetworkDelegateProxyError) {
1299 auto context_builder = CreateTestURLRequestContextBuilder();
1300 context_builder->set_proxy_resolution_service(
1301 CreateFixedProxyResolutionService("myproxy:70"));
1302 auto& network_delegate = *context_builder->set_network_delegate(
1303 std::make_unique<TestNetworkDelegate>());
1304 auto host_resolver = std::make_unique<MockHostResolver>();
1305 host_resolver->rules()->AddSimulatedTimeoutFailure("*");
1306 context_builder->set_host_resolver(std::move(host_resolver));
1307 auto context = context_builder->Build();
1308
1309 TestDelegate d;
1310 std::unique_ptr<URLRequest> req(
1311 context->CreateRequest(GURL("http://example.com"), DEFAULT_PRIORITY, &d,
1312 TRAFFIC_ANNOTATION_FOR_TESTS));
1313 req->set_method("GET");
1314
1315 req->Start();
1316 d.RunUntilComplete();
1317
1318 // Check we see a failed request.
1319 // The proxy chain should be set before failure.
1320 EXPECT_EQ(PacResultElementToProxyChain("PROXY myproxy:70"),
1321 req->proxy_chain());
1322 EXPECT_EQ(ERR_PROXY_CONNECTION_FAILED, d.request_status());
1323 EXPECT_THAT(req->response_info().resolve_error_info.error,
1324 IsError(ERR_DNS_TIMED_OUT));
1325
1326 EXPECT_EQ(1, network_delegate.error_count());
1327 EXPECT_THAT(network_delegate.last_error(),
1328 IsError(ERR_PROXY_CONNECTION_FAILED));
1329 EXPECT_EQ(1, network_delegate.completed_requests());
1330 }
1331
1332 // Test that when host resolution fails with `ERR_DNS_NAME_HTTPS_ONLY` for
1333 // "http://" requests, scheme is upgraded to "https://".
TEST_F(URLRequestTest,DnsNameHttpsOnlyErrorCausesSchemeUpgrade)1334 TEST_F(URLRequestTest, DnsNameHttpsOnlyErrorCausesSchemeUpgrade) {
1335 EmbeddedTestServer https_server(EmbeddedTestServer::TYPE_HTTPS);
1336 https_server.SetSSLConfig(EmbeddedTestServer::CERT_TEST_NAMES);
1337 RegisterDefaultHandlers(&https_server);
1338 ASSERT_TRUE(https_server.Start());
1339
1340 // Build an http URL that should be auto-upgraded to https.
1341 const std::string kHost = "foo.a.test"; // Covered by CERT_TEST_NAMES.
1342 const GURL https_url = https_server.GetURL(kHost, "/defaultresponse");
1343 GURL::Replacements replacements;
1344 replacements.SetSchemeStr(url::kHttpScheme);
1345 const GURL http_url = https_url.ReplaceComponents(replacements);
1346
1347 // Return `ERR_DNS_NAME_HTTPS_ONLY` for "http://" requests and an address for
1348 // "https://" requests. This simulates the HostResolver behavior for a domain
1349 // with an HTTPS DNS record.
1350 auto host_resolver = std::make_unique<MockHostResolver>();
1351 MockHostResolverBase::RuleResolver::RuleKey unencrypted_resolve_key;
1352 unencrypted_resolve_key.scheme = url::kHttpScheme;
1353 unencrypted_resolve_key.hostname_pattern = kHost;
1354 host_resolver->rules()->AddRule(std::move(unencrypted_resolve_key),
1355 ERR_DNS_NAME_HTTPS_ONLY);
1356 MockHostResolverBase::RuleResolver::RuleKey encrypted_resolve_key;
1357 encrypted_resolve_key.scheme = url::kHttpsScheme;
1358 encrypted_resolve_key.hostname_pattern = kHost;
1359 host_resolver->rules()->AddRule(std::move(encrypted_resolve_key),
1360 https_server.GetIPLiteralString());
1361 auto context_builder = CreateTestURLRequestContextBuilder();
1362 context_builder->set_host_resolver(std::move(host_resolver));
1363 auto& network_delegate = *context_builder->set_network_delegate(
1364 std::make_unique<TestNetworkDelegate>());
1365 auto context = context_builder->Build();
1366
1367 TestDelegate d;
1368 std::unique_ptr<URLRequest> req(context->CreateRequest(
1369 http_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
1370 EXPECT_FALSE(req->url().SchemeIsCryptographic());
1371
1372 // Note that there is no http server running, so the request should fail or
1373 // hang if its scheme is not upgraded to https.
1374 req->Start();
1375 d.RunUntilComplete();
1376
1377 EXPECT_EQ(d.received_redirect_count(), 1);
1378
1379 EXPECT_EQ(0, network_delegate.error_count());
1380 EXPECT_EQ(200, req->GetResponseCode());
1381 ASSERT_TRUE(req->response_headers());
1382 EXPECT_EQ(200, req->response_headers()->response_code());
1383
1384 // Observe that the scheme has been upgraded to https.
1385 EXPECT_TRUE(req->url().SchemeIsCryptographic());
1386 EXPECT_TRUE(req->url().SchemeIs(url::kHttpsScheme));
1387 }
1388
1389 // Test that DNS-based scheme upgrade supports deferred redirect.
TEST_F(URLRequestTest,DnsNameHttpsOnlyErrorCausesSchemeUpgradeDeferred)1390 TEST_F(URLRequestTest, DnsNameHttpsOnlyErrorCausesSchemeUpgradeDeferred) {
1391 EmbeddedTestServer https_server(EmbeddedTestServer::TYPE_HTTPS);
1392 https_server.SetSSLConfig(EmbeddedTestServer::CERT_TEST_NAMES);
1393 RegisterDefaultHandlers(&https_server);
1394 ASSERT_TRUE(https_server.Start());
1395
1396 // Build an http URL that should be auto-upgraded to https.
1397 const std::string kHost = "foo.a.test"; // Covered by CERT_TEST_NAMES.
1398 const GURL https_url = https_server.GetURL(kHost, "/defaultresponse");
1399 GURL::Replacements replacements;
1400 replacements.SetSchemeStr(url::kHttpScheme);
1401 const GURL http_url = https_url.ReplaceComponents(replacements);
1402
1403 // Return `ERR_DNS_NAME_HTTPS_ONLY` for "http://" requests and an address for
1404 // "https://" requests. This simulates the HostResolver behavior for a domain
1405 // with an HTTPS DNS record.
1406 auto host_resolver = std::make_unique<MockHostResolver>();
1407 MockHostResolverBase::RuleResolver::RuleKey unencrypted_resolve_key;
1408 unencrypted_resolve_key.scheme = url::kHttpScheme;
1409 unencrypted_resolve_key.hostname_pattern = kHost;
1410 host_resolver->rules()->AddRule(std::move(unencrypted_resolve_key),
1411 ERR_DNS_NAME_HTTPS_ONLY);
1412 MockHostResolverBase::RuleResolver::RuleKey encrypted_resolve_key;
1413 encrypted_resolve_key.scheme = url::kHttpsScheme;
1414 encrypted_resolve_key.hostname_pattern = kHost;
1415 host_resolver->rules()->AddRule(std::move(encrypted_resolve_key),
1416 https_server.GetIPLiteralString());
1417 auto context_builder = CreateTestURLRequestContextBuilder();
1418 context_builder->set_host_resolver(std::move(host_resolver));
1419 auto& network_delegate = *context_builder->set_network_delegate(
1420 std::make_unique<TestNetworkDelegate>());
1421 auto context = context_builder->Build();
1422
1423 TestDelegate d;
1424 std::unique_ptr<URLRequest> req(context->CreateRequest(
1425 http_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
1426 EXPECT_FALSE(req->url().SchemeIsCryptographic());
1427
1428 // Note that there is no http server running, so the request should fail or
1429 // hang if its scheme is not upgraded to https.
1430 req->Start();
1431 d.RunUntilRedirect();
1432
1433 EXPECT_EQ(d.received_redirect_count(), 1);
1434
1435 req->FollowDeferredRedirect(/*removed_headers=*/std::nullopt,
1436 /*modified_headers=*/std::nullopt);
1437 d.RunUntilComplete();
1438
1439 EXPECT_EQ(0, network_delegate.error_count());
1440 EXPECT_EQ(200, req->GetResponseCode());
1441 ASSERT_TRUE(req->response_headers());
1442 EXPECT_EQ(200, req->response_headers()->response_code());
1443
1444 // Observe that the scheme has been upgraded to https.
1445 EXPECT_TRUE(req->url().SchemeIsCryptographic());
1446 EXPECT_TRUE(req->url().SchemeIs(url::kHttpsScheme));
1447 }
1448
1449 #if BUILDFLAG(ENABLE_WEBSOCKETS)
1450 // Test that requests with "ws" scheme are upgraded to "wss" when DNS
1451 // indicates that the name is HTTPS-only.
TEST_F(URLRequestTest,DnsHttpsRecordPresentCausesWsSchemeUpgrade)1452 TEST_F(URLRequestTest, DnsHttpsRecordPresentCausesWsSchemeUpgrade) {
1453 EmbeddedTestServer https_server(EmbeddedTestServer::TYPE_HTTPS);
1454 https_server.SetSSLConfig(EmbeddedTestServer::CERT_TEST_NAMES);
1455 RegisterDefaultHandlers(&https_server);
1456 ASSERT_TRUE(https_server.Start());
1457
1458 // Build an http URL that should be auto-upgraded to https.
1459 const std::string kHost = "foo.a.test"; // Covered by CERT_TEST_NAMES.
1460 const GURL https_url = https_server.GetURL(kHost, "/defaultresponse");
1461 GURL::Replacements replacements;
1462 replacements.SetSchemeStr(url::kWsScheme);
1463 const GURL ws_url = https_url.ReplaceComponents(replacements);
1464
1465 auto host_resolver = std::make_unique<MockHostResolver>();
1466 MockHostResolverBase::RuleResolver::RuleKey unencrypted_resolve_key;
1467 unencrypted_resolve_key.scheme = url::kHttpScheme;
1468 unencrypted_resolve_key.hostname_pattern = kHost;
1469 host_resolver->rules()->AddRule(std::move(unencrypted_resolve_key),
1470 ERR_DNS_NAME_HTTPS_ONLY);
1471 MockHostResolverBase::RuleResolver::RuleKey encrypted_resolve_key;
1472 encrypted_resolve_key.scheme = url::kHttpsScheme;
1473 encrypted_resolve_key.hostname_pattern = kHost;
1474 host_resolver->rules()->AddRule(std::move(encrypted_resolve_key),
1475 https_server.GetIPLiteralString());
1476 auto context_builder = CreateTestURLRequestContextBuilder();
1477 context_builder->set_host_resolver(std::move(host_resolver));
1478 auto& network_delegate = *context_builder->set_network_delegate(
1479 std::make_unique<TestNetworkDelegate>());
1480 auto context = context_builder->Build();
1481
1482 TestDelegate d;
1483 std::unique_ptr<URLRequest> req(context->CreateRequest(
1484 ws_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS,
1485 /*is_for_websockets=*/true));
1486 EXPECT_FALSE(req->url().SchemeIsCryptographic());
1487
1488 HttpRequestHeaders headers = WebSocketCommonTestHeaders();
1489 req->SetExtraRequestHeaders(headers);
1490
1491 auto websocket_stream_create_helper =
1492 std::make_unique<TestWebSocketHandshakeStreamCreateHelper>();
1493 req->SetUserData(kWebSocketHandshakeUserDataKey,
1494 std::move(websocket_stream_create_helper));
1495
1496 // Note that there is no ws server running, so the request should fail or hang
1497 // if its scheme is not upgraded to wss.
1498 req->Start();
1499 d.RunUntilComplete();
1500
1501 EXPECT_EQ(d.received_redirect_count(), 1);
1502
1503 // Expect failure because test server is not set up to provide websocket
1504 // responses.
1505 EXPECT_EQ(network_delegate.error_count(), 1);
1506 EXPECT_EQ(network_delegate.last_error(), ERR_INVALID_RESPONSE);
1507
1508 // Observe that the scheme has been upgraded to wss.
1509 EXPECT_TRUE(req->url().SchemeIsCryptographic());
1510 EXPECT_TRUE(req->url().SchemeIs(url::kWssScheme));
1511 }
1512
1513 // Test that same-site requests with "wss" scheme retain the
1514 // `kStorageAccessGrantEligible` override, even if the initiator origin uses the
1515 // HTTPS version of the site.
TEST_F(URLRequestTest,WssRequestsAreEligibleForStorageAccess)1516 TEST_F(URLRequestTest, WssRequestsAreEligibleForStorageAccess) {
1517 EmbeddedTestServer https_server(EmbeddedTestServer::TYPE_HTTPS);
1518 https_server.SetSSLConfig(EmbeddedTestServer::CERT_TEST_NAMES);
1519 RegisterDefaultHandlers(&https_server);
1520 ASSERT_TRUE(https_server.Start());
1521
1522 const GURL https_url = https_server.GetURL("a.test", "/defaultresponse");
1523 GURL::Replacements replacements;
1524 replacements.SetSchemeStr(url::kWssScheme);
1525
1526 auto context_builder = CreateTestURLRequestContextBuilder();
1527 auto& network_delegate = *context_builder->set_network_delegate(
1528 std::make_unique<TestNetworkDelegate>());
1529 auto context = context_builder->Build();
1530
1531 TestDelegate d;
1532 std::unique_ptr<URLRequest> req(
1533 context->CreateRequest(https_url.ReplaceComponents(replacements),
1534 DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS,
1535 /*is_for_websockets=*/true));
1536
1537 req->SetExtraRequestHeaders(WebSocketCommonTestHeaders());
1538
1539 auto websocket_stream_create_helper =
1540 std::make_unique<TestWebSocketHandshakeStreamCreateHelper>();
1541 req->SetUserData(kWebSocketHandshakeUserDataKey,
1542 std::move(websocket_stream_create_helper));
1543
1544 req->set_has_storage_access(true);
1545 req->set_initiator(url::Origin::Create(https_url));
1546
1547 req->Start();
1548 d.RunUntilComplete();
1549
1550 // Expect failure because test server is not set up to provide websocket
1551 // responses.
1552 ASSERT_EQ(network_delegate.error_count(), 1);
1553 ASSERT_EQ(network_delegate.last_error(), ERR_INVALID_RESPONSE);
1554
1555 CookieSettingOverrides expected_overides;
1556 expected_overides.Put(CookieSettingOverride::kStorageAccessGrantEligible);
1557
1558 EXPECT_THAT(network_delegate.cookie_setting_overrides_records(),
1559 testing::ElementsAre(expected_overides, expected_overides));
1560 }
1561 #endif // BUILDFLAG(ENABLE_WEBSOCKETS)
1562
TEST_F(URLRequestTest,DnsHttpsRecordAbsentNoSchemeUpgrade)1563 TEST_F(URLRequestTest, DnsHttpsRecordAbsentNoSchemeUpgrade) {
1564 EmbeddedTestServer http_server(EmbeddedTestServer::TYPE_HTTP);
1565 RegisterDefaultHandlers(&http_server);
1566 ASSERT_TRUE(http_server.Start());
1567
1568 // Build an http URL that should be auto-upgraded to https.
1569 const std::string kHost = "foo.a.test"; // Covered by CERT_TEST_NAMES.
1570 const GURL http_url = http_server.GetURL(kHost, "/defaultresponse");
1571
1572 auto context_builder = CreateTestURLRequestContextBuilder();
1573 auto host_resolver = std::make_unique<MockHostResolver>();
1574 host_resolver->rules()->AddRule(kHost, http_server.GetIPLiteralString());
1575 context_builder->set_host_resolver(std::move(host_resolver));
1576 auto& network_delegate = *context_builder->set_network_delegate(
1577 std::make_unique<TestNetworkDelegate>());
1578 auto context = context_builder->Build();
1579
1580 TestDelegate d;
1581 std::unique_ptr<URLRequest> req(context->CreateRequest(
1582 http_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
1583 EXPECT_FALSE(req->url().SchemeIsCryptographic());
1584
1585 req->Start();
1586 d.RunUntilComplete();
1587
1588 EXPECT_EQ(d.received_redirect_count(), 0);
1589
1590 EXPECT_EQ(0, network_delegate.error_count());
1591 EXPECT_EQ(200, req->GetResponseCode());
1592 ASSERT_TRUE(req->response_headers());
1593 EXPECT_EQ(200, req->response_headers()->response_code());
1594
1595 // Observe that the scheme has not been upgraded.
1596 EXPECT_EQ(http_url, req->url());
1597 EXPECT_FALSE(req->url().SchemeIsCryptographic());
1598 EXPECT_TRUE(req->url().SchemeIs(url::kHttpScheme));
1599 }
1600
TEST_F(URLRequestTest,SkipSecureDnsDisabledByDefault)1601 TEST_F(URLRequestTest, SkipSecureDnsDisabledByDefault) {
1602 auto context_builder = CreateTestURLRequestContextBuilder();
1603 auto host_resolver = std::make_unique<MockHostResolver>();
1604 host_resolver->rules()->AddRule("example.com", "127.0.0.1");
1605 context_builder->set_host_resolver(std::move(host_resolver));
1606 auto context = context_builder->Build();
1607
1608 TestDelegate d;
1609 std::unique_ptr<URLRequest> req(
1610 context->CreateRequest(GURL("http://example.com"), DEFAULT_PRIORITY, &d,
1611 TRAFFIC_ANNOTATION_FOR_TESTS));
1612 req->Start();
1613 d.RunUntilComplete();
1614
1615 EXPECT_EQ(SecureDnsPolicy::kAllow,
1616 static_cast<MockHostResolver*>(context->host_resolver())
1617 ->last_secure_dns_policy());
1618 }
1619
TEST_F(URLRequestTest,SkipSecureDnsEnabled)1620 TEST_F(URLRequestTest, SkipSecureDnsEnabled) {
1621 auto context_builder = CreateTestURLRequestContextBuilder();
1622 auto host_resolver = std::make_unique<MockHostResolver>();
1623 host_resolver->rules()->AddRule("example.com", "127.0.0.1");
1624 context_builder->set_host_resolver(std::move(host_resolver));
1625 auto context = context_builder->Build();
1626
1627 TestDelegate d;
1628 std::unique_ptr<URLRequest> req(
1629 context->CreateRequest(GURL("http://example.com"), DEFAULT_PRIORITY, &d,
1630 TRAFFIC_ANNOTATION_FOR_TESTS));
1631 req->SetSecureDnsPolicy(SecureDnsPolicy::kDisable);
1632 req->Start();
1633 d.RunUntilComplete();
1634
1635 EXPECT_EQ(SecureDnsPolicy::kDisable,
1636 static_cast<MockHostResolver*>(context->host_resolver())
1637 ->last_secure_dns_policy());
1638 }
1639
1640 // Make sure that NetworkDelegate::NotifyCompleted is called if
1641 // content is empty.
TEST_F(URLRequestTest,RequestCompletionForEmptyResponse)1642 TEST_F(URLRequestTest, RequestCompletionForEmptyResponse) {
1643 HttpTestServer test_server;
1644 ASSERT_TRUE(test_server.Start());
1645
1646 TestDelegate d;
1647 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
1648 test_server.GetURL("/nocontent"), DEFAULT_PRIORITY, &d,
1649 TRAFFIC_ANNOTATION_FOR_TESTS));
1650 req->Start();
1651 d.RunUntilComplete();
1652 EXPECT_THAT(d.request_status(), IsOk());
1653 EXPECT_EQ(204, req->GetResponseCode());
1654 EXPECT_EQ("", d.data_received());
1655 EXPECT_EQ(1, default_network_delegate().completed_requests());
1656 }
1657
1658 // Make sure that SetPriority actually sets the URLRequest's priority
1659 // correctly, both before and after start.
TEST_F(URLRequestTest,SetPriorityBasic)1660 TEST_F(URLRequestTest, SetPriorityBasic) {
1661 TestDelegate d;
1662 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
1663 GURL("http://test_intercept/foo"), DEFAULT_PRIORITY, &d,
1664 TRAFFIC_ANNOTATION_FOR_TESTS));
1665 EXPECT_EQ(DEFAULT_PRIORITY, req->priority());
1666
1667 req->SetPriority(LOW);
1668 EXPECT_EQ(LOW, req->priority());
1669
1670 req->Start();
1671 EXPECT_EQ(LOW, req->priority());
1672
1673 req->SetPriority(MEDIUM);
1674 EXPECT_EQ(MEDIUM, req->priority());
1675 }
1676
1677 // Make sure that URLRequest calls SetPriority on a job before calling
1678 // Start on it.
TEST_F(URLRequestTest,SetJobPriorityBeforeJobStart)1679 TEST_F(URLRequestTest, SetJobPriorityBeforeJobStart) {
1680 TestDelegate d;
1681 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
1682 GURL("http://test_intercept/foo"), DEFAULT_PRIORITY, &d,
1683 TRAFFIC_ANNOTATION_FOR_TESTS));
1684 EXPECT_EQ(DEFAULT_PRIORITY, req->priority());
1685
1686 RequestPriority job_priority;
1687 std::unique_ptr<URLRequestJob> job =
1688 std::make_unique<PriorityMonitoringURLRequestJob>(req.get(),
1689 &job_priority);
1690 TestScopedURLInterceptor interceptor(req->url(), std::move(job));
1691 EXPECT_EQ(DEFAULT_PRIORITY, job_priority);
1692
1693 req->SetPriority(LOW);
1694
1695 req->Start();
1696 EXPECT_EQ(LOW, job_priority);
1697 }
1698
1699 // Make sure that URLRequest passes on its priority updates to its
1700 // job.
TEST_F(URLRequestTest,SetJobPriority)1701 TEST_F(URLRequestTest, SetJobPriority) {
1702 TestDelegate d;
1703 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
1704 GURL("http://test_intercept/foo"), DEFAULT_PRIORITY, &d,
1705 TRAFFIC_ANNOTATION_FOR_TESTS));
1706
1707 RequestPriority job_priority;
1708 std::unique_ptr<URLRequestJob> job =
1709 std::make_unique<PriorityMonitoringURLRequestJob>(req.get(),
1710 &job_priority);
1711 TestScopedURLInterceptor interceptor(req->url(), std::move(job));
1712
1713 req->SetPriority(LOW);
1714 req->Start();
1715 EXPECT_EQ(LOW, job_priority);
1716
1717 req->SetPriority(MEDIUM);
1718 EXPECT_EQ(MEDIUM, req->priority());
1719 EXPECT_EQ(MEDIUM, job_priority);
1720 }
1721
1722 // Setting the IGNORE_LIMITS load flag should be okay if the priority
1723 // is MAXIMUM_PRIORITY.
TEST_F(URLRequestTest,PriorityIgnoreLimits)1724 TEST_F(URLRequestTest, PriorityIgnoreLimits) {
1725 TestDelegate d;
1726 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
1727 GURL("http://test_intercept/foo"), MAXIMUM_PRIORITY, &d,
1728 TRAFFIC_ANNOTATION_FOR_TESTS));
1729 EXPECT_EQ(MAXIMUM_PRIORITY, req->priority());
1730
1731 RequestPriority job_priority;
1732 std::unique_ptr<URLRequestJob> job =
1733 std::make_unique<PriorityMonitoringURLRequestJob>(req.get(),
1734 &job_priority);
1735 TestScopedURLInterceptor interceptor(req->url(), std::move(job));
1736
1737 req->SetLoadFlags(LOAD_IGNORE_LIMITS);
1738 EXPECT_EQ(MAXIMUM_PRIORITY, req->priority());
1739
1740 req->SetPriority(MAXIMUM_PRIORITY);
1741 EXPECT_EQ(MAXIMUM_PRIORITY, req->priority());
1742
1743 req->Start();
1744 EXPECT_EQ(MAXIMUM_PRIORITY, req->priority());
1745 EXPECT_EQ(MAXIMUM_PRIORITY, job_priority);
1746 }
1747
1748 // This test verifies that URLRequest::Delegate's OnConnected() callback is
1749 // never called if the request fails before connecting to a remote endpoint.
TEST_F(URLRequestTest,NotifyDelegateConnectedSkippedOnEarlyFailure)1750 TEST_F(URLRequestTest, NotifyDelegateConnectedSkippedOnEarlyFailure) {
1751 TestDelegate delegate;
1752
1753 // The request will never connect to anything because the URL is invalid.
1754 auto request =
1755 default_context().CreateRequest(GURL("invalid url"), DEFAULT_PRIORITY,
1756 &delegate, TRAFFIC_ANNOTATION_FOR_TESTS);
1757
1758 request->Start();
1759 delegate.RunUntilComplete();
1760
1761 EXPECT_THAT(delegate.transports(), IsEmpty());
1762 }
1763
1764 // This test verifies that URLRequest::Delegate's OnConnected() method
1765 // is called once for simple redirect-less requests.
TEST_F(URLRequestTest,OnConnected)1766 TEST_F(URLRequestTest, OnConnected) {
1767 HttpTestServer test_server;
1768 ASSERT_TRUE(test_server.Start());
1769
1770 TestDelegate delegate;
1771
1772 auto request = default_context().CreateRequest(test_server.GetURL("/echo"),
1773 DEFAULT_PRIORITY, &delegate,
1774 TRAFFIC_ANNOTATION_FOR_TESTS);
1775
1776 request->Start();
1777 delegate.RunUntilComplete();
1778
1779 TransportInfo expected_transport;
1780 expected_transport.endpoint =
1781 IPEndPoint(IPAddress::IPv4Localhost(), test_server.port());
1782 expected_transport.negotiated_protocol = kProtoUnknown;
1783 EXPECT_THAT(delegate.transports(), ElementsAre(expected_transport));
1784
1785 // Make sure URL_REQUEST_DELEGATE_CONNECTED is logged correctly.
1786 auto entries = net_log_observer_.GetEntries();
1787 size_t start_event_index = ExpectLogContainsSomewhere(
1788 entries, /*min_offset=*/0,
1789 NetLogEventType::URL_REQUEST_DELEGATE_CONNECTED, NetLogEventPhase::BEGIN);
1790 size_t end_event_index = ExpectLogContainsSomewhereAfter(
1791 entries, /*start_offset=*/start_event_index,
1792 NetLogEventType::URL_REQUEST_DELEGATE_CONNECTED, NetLogEventPhase::END);
1793 EXPECT_FALSE(LogContainsEntryWithTypeAfter(
1794 entries, end_event_index + 1,
1795 NetLogEventType::URL_REQUEST_DELEGATE_CONNECTED));
1796 ASSERT_LT(end_event_index, entries.size());
1797 EXPECT_FALSE(GetOptionalNetErrorCodeFromParams(entries[end_event_index]));
1798 }
1799
1800 // This test verifies that URLRequest::Delegate's OnConnected() method is
1801 // called after each redirect.
TEST_F(URLRequestTest,OnConnectedRedirect)1802 TEST_F(URLRequestTest, OnConnectedRedirect) {
1803 HttpTestServer test_server;
1804 ASSERT_TRUE(test_server.Start());
1805
1806 TestDelegate delegate;
1807
1808 // Fetch a page that redirects us once.
1809 GURL url = test_server.GetURL("/server-redirect?" +
1810 test_server.GetURL("/echo").spec());
1811 auto request = default_context().CreateRequest(
1812 url, DEFAULT_PRIORITY, &delegate, TRAFFIC_ANNOTATION_FOR_TESTS);
1813
1814 request->Start();
1815 delegate.RunUntilRedirect();
1816
1817 TransportInfo expected_transport;
1818 expected_transport.endpoint =
1819 IPEndPoint(IPAddress::IPv4Localhost(), test_server.port());
1820 expected_transport.negotiated_protocol = kProtoUnknown;
1821 EXPECT_THAT(delegate.transports(), ElementsAre(expected_transport));
1822
1823 request->FollowDeferredRedirect(/*removed_headers=*/{},
1824 /*modified_headers=*/{});
1825 delegate.RunUntilComplete();
1826
1827 EXPECT_THAT(delegate.transports(),
1828 ElementsAre(expected_transport, expected_transport));
1829 }
1830
1831 // This test verifies that when the URLRequest Delegate returns an error from
1832 // OnConnected(), the entire request fails with that error.
TEST_F(URLRequestTest,OnConnectedError)1833 TEST_F(URLRequestTest, OnConnectedError) {
1834 HttpTestServer test_server;
1835 ASSERT_TRUE(test_server.Start());
1836
1837 TestDelegate delegate;
1838 delegate.set_on_connected_result(ERR_NOT_IMPLEMENTED);
1839
1840 auto request = default_context().CreateRequest(test_server.GetURL("/echo"),
1841 DEFAULT_PRIORITY, &delegate,
1842 TRAFFIC_ANNOTATION_FOR_TESTS);
1843
1844 request->Start();
1845 delegate.RunUntilComplete();
1846
1847 TransportInfo expected_transport;
1848 expected_transport.endpoint =
1849 IPEndPoint(IPAddress::IPv4Localhost(), test_server.port());
1850 expected_transport.negotiated_protocol = kProtoUnknown;
1851 EXPECT_THAT(delegate.transports(), ElementsAre(expected_transport));
1852
1853 EXPECT_TRUE(delegate.request_failed());
1854 EXPECT_THAT(delegate.request_status(), IsError(ERR_NOT_IMPLEMENTED));
1855
1856 // Make sure URL_REQUEST_DELEGATE_CONNECTED is logged correctly.
1857 auto entries = net_log_observer_.GetEntries();
1858 size_t start_event_index = ExpectLogContainsSomewhere(
1859 entries, /*min_offset=*/0,
1860 NetLogEventType::URL_REQUEST_DELEGATE_CONNECTED, NetLogEventPhase::BEGIN);
1861 size_t end_event_index = ExpectLogContainsSomewhereAfter(
1862 entries, /*start_offset=*/start_event_index,
1863 NetLogEventType::URL_REQUEST_DELEGATE_CONNECTED, NetLogEventPhase::END);
1864 EXPECT_FALSE(LogContainsEntryWithTypeAfter(
1865 entries, end_event_index + 1,
1866 NetLogEventType::URL_REQUEST_DELEGATE_CONNECTED));
1867 ASSERT_LT(end_event_index, entries.size());
1868 EXPECT_EQ(ERR_NOT_IMPLEMENTED,
1869 GetOptionalNetErrorCodeFromParams(entries[end_event_index]));
1870 }
1871
TEST_F(URLRequestTest,OnConnectedAsync)1872 TEST_F(URLRequestTest, OnConnectedAsync) {
1873 HttpTestServer test_server;
1874 ASSERT_TRUE(test_server.Start());
1875
1876 TestDelegate d;
1877 d.set_on_connected_run_callback(true);
1878 d.set_on_connected_result(OK);
1879 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
1880 default_context(), test_server.GetURL("/defaultresponse"), &d);
1881 req->Start();
1882 d.RunUntilComplete();
1883 EXPECT_THAT(d.request_status(), IsOk());
1884
1885 // Make sure URL_REQUEST_DELEGATE_CONNECTED is logged correctly.
1886 auto entries = net_log_observer_.GetEntries();
1887 size_t start_event_index = ExpectLogContainsSomewhere(
1888 entries, /*min_offset=*/0,
1889 NetLogEventType::URL_REQUEST_DELEGATE_CONNECTED, NetLogEventPhase::BEGIN);
1890 size_t end_event_index = ExpectLogContainsSomewhereAfter(
1891 entries, /*start_offset=*/start_event_index,
1892 NetLogEventType::URL_REQUEST_DELEGATE_CONNECTED, NetLogEventPhase::END);
1893 EXPECT_FALSE(LogContainsEntryWithTypeAfter(
1894 entries, end_event_index + 1,
1895 NetLogEventType::URL_REQUEST_DELEGATE_CONNECTED));
1896 ASSERT_LT(end_event_index, entries.size());
1897 EXPECT_FALSE(GetOptionalNetErrorCodeFromParams(entries[end_event_index]));
1898 }
1899
TEST_F(URLRequestTest,OnConnectedAsyncError)1900 TEST_F(URLRequestTest, OnConnectedAsyncError) {
1901 HttpTestServer test_server;
1902 ASSERT_TRUE(test_server.Start());
1903
1904 TestDelegate d;
1905 d.set_on_connected_run_callback(true);
1906 d.set_on_connected_result(ERR_NOT_IMPLEMENTED);
1907 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
1908 default_context(), test_server.GetURL("/defaultresponse"), &d);
1909 req->Start();
1910 d.RunUntilComplete();
1911 EXPECT_THAT(d.request_status(), IsError(ERR_NOT_IMPLEMENTED));
1912
1913 // Make sure URL_REQUEST_DELEGATE_CONNECTED is logged correctly.
1914 auto entries = net_log_observer_.GetEntries();
1915 size_t start_event_index = ExpectLogContainsSomewhere(
1916 entries, /*min_offset=*/0,
1917 NetLogEventType::URL_REQUEST_DELEGATE_CONNECTED, NetLogEventPhase::BEGIN);
1918 size_t end_event_index = ExpectLogContainsSomewhereAfter(
1919 entries, /*start_offset=*/start_event_index,
1920 NetLogEventType::URL_REQUEST_DELEGATE_CONNECTED, NetLogEventPhase::END);
1921 EXPECT_FALSE(LogContainsEntryWithTypeAfter(
1922 entries, end_event_index + 1,
1923 NetLogEventType::URL_REQUEST_DELEGATE_CONNECTED));
1924 ASSERT_LT(end_event_index, entries.size());
1925 EXPECT_EQ(ERR_NOT_IMPLEMENTED,
1926 GetOptionalNetErrorCodeFromParams(entries[end_event_index]));
1927 }
1928
TEST_F(URLRequestTest,DelayedCookieCallback)1929 TEST_F(URLRequestTest, DelayedCookieCallback) {
1930 HttpTestServer test_server;
1931 ASSERT_TRUE(test_server.Start());
1932
1933 auto context_builder = CreateTestURLRequestContextBuilder();
1934 context_builder->SetCookieStore(std::make_unique<DelayedCookieMonster>());
1935 auto& network_delegate = *context_builder->set_network_delegate(
1936 std::make_unique<TestNetworkDelegate>());
1937 auto context = context_builder->Build();
1938
1939 // Set up a cookie.
1940 {
1941 TestDelegate d;
1942 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
1943 *context, test_server.GetURL("/set-cookie?CookieToNotSend=1"), &d);
1944 req->Start();
1945 d.RunUntilComplete();
1946 EXPECT_EQ(0, network_delegate.blocked_annotate_cookies_count());
1947 EXPECT_EQ(0, network_delegate.blocked_set_cookie_count());
1948 EXPECT_EQ(1, network_delegate.set_cookie_count());
1949 }
1950
1951 // Verify that the cookie is set.
1952 {
1953 TestDelegate d;
1954 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
1955 *context, test_server.GetURL("/echoheader?Cookie"), &d);
1956 req->Start();
1957 d.RunUntilComplete();
1958
1959 EXPECT_TRUE(d.data_received().find("CookieToNotSend=1") !=
1960 std::string::npos);
1961 EXPECT_EQ(0, network_delegate.blocked_annotate_cookies_count());
1962 EXPECT_EQ(0, network_delegate.blocked_set_cookie_count());
1963 }
1964 }
1965
TEST_F(URLRequestTest,DelayedCookieCallbackAsync)1966 TEST_F(URLRequestTest, DelayedCookieCallbackAsync) {
1967 HttpTestServer test_server;
1968 ASSERT_TRUE(test_server.Start());
1969
1970 // Add a secure cookie so we can try to set an insecure cookie and have
1971 // SetCanonicalCookie fail.
1972 GURL::Replacements replace_scheme;
1973 replace_scheme.SetSchemeStr("https");
1974 GURL url = test_server.base_url().ReplaceComponents(replace_scheme);
1975
1976 auto cookie1 = CanonicalCookie::CreateForTesting(
1977 url, "AlreadySetCookie=1;Secure", base::Time::Now());
1978 auto delayed_cm = std::make_unique<DelayedCookieMonster>();
1979 delayed_cm->SetCanonicalCookieAsync(std::move(cookie1), url,
1980 net::CookieOptions::MakeAllInclusive(),
1981 CookieStore::SetCookiesCallback());
1982
1983 auto cookie2 = CanonicalCookie::CreateForTesting(
1984 url, "AlreadySetCookie=1;Secure", base::Time::Now());
1985 auto cm = std::make_unique<CookieMonster>(nullptr, nullptr);
1986 cm->SetCanonicalCookieAsync(std::move(cookie2), url,
1987 net::CookieOptions::MakeAllInclusive(),
1988 CookieStore::SetCookiesCallback());
1989
1990 auto async_context_builder = CreateTestURLRequestContextBuilder();
1991 async_context_builder->SetCookieStore(std::move(delayed_cm));
1992 auto& async_filter_network_delegate =
1993 *async_context_builder->set_network_delegate(
1994 std::make_unique<FilteringTestNetworkDelegate>());
1995 auto async_context = async_context_builder->Build();
1996 async_filter_network_delegate.SetCookieFilter("CookieBlockedOnCanGetCookie");
1997 TestDelegate async_delegate;
1998
1999 auto sync_context_builder = CreateTestURLRequestContextBuilder();
2000 sync_context_builder->SetCookieStore(std::move(cm));
2001 auto& sync_filter_network_delegate =
2002 *sync_context_builder->set_network_delegate(
2003 std::make_unique<FilteringTestNetworkDelegate>());
2004 auto sync_context = sync_context_builder->Build();
2005 sync_filter_network_delegate.SetCookieFilter("CookieBlockedOnCanGetCookie");
2006 TestDelegate sync_delegate;
2007
2008 std::vector<std::string> cookie_lines(
2009 {// Fails in SetCanonicalCookie for trying to set a secure cookie
2010 // on an insecure host.
2011 "CookieNotSet=1;Secure",
2012 // Fail in FilteringTestNetworkDelegate::CanGetCookie.
2013 "CookieBlockedOnCanGetCookie=1",
2014 // Fails in SetCanonicalCookie for trying to overwrite a secure cookie
2015 // with an insecure cookie.
2016 "AlreadySetCookie=1",
2017 // Succeeds and added cookie to store. Delayed (which makes the callback
2018 // run asynchronously) in DelayedCookieMonster.
2019 "CookieSet=1"});
2020
2021 for (auto first_cookie_line : cookie_lines) {
2022 for (auto second_cookie_line : cookie_lines) {
2023 // Run with the delayed cookie monster.
2024 std::unique_ptr<URLRequest> request = CreateFirstPartyRequest(
2025 *async_context,
2026 test_server.GetURL("/set-cookie?" + first_cookie_line + "&" +
2027 second_cookie_line),
2028 &async_delegate);
2029
2030 request->Start();
2031 async_delegate.RunUntilComplete();
2032 EXPECT_THAT(async_delegate.request_status(), IsOk());
2033
2034 // Run with the regular cookie monster.
2035 request = CreateFirstPartyRequest(
2036 *sync_context,
2037 test_server.GetURL("/set-cookie?" + first_cookie_line + "&" +
2038 second_cookie_line),
2039 &sync_delegate);
2040
2041 request->Start();
2042 sync_delegate.RunUntilComplete();
2043 EXPECT_THAT(sync_delegate.request_status(), IsOk());
2044
2045 int expected_set_cookie_count = 0;
2046 int expected_blocked_cookie_count = 0;
2047
2048 // 2 calls to the delegate's OnCanSetCookie method are expected, even if
2049 // the cookies don't end up getting set.
2050 expected_set_cookie_count += 2;
2051
2052 if (first_cookie_line == "CookieBlockedOnCanGetCookie=1")
2053 ++expected_blocked_cookie_count;
2054 if (second_cookie_line == "CookieBlockedOnCanGetCookie=1")
2055 ++expected_blocked_cookie_count;
2056
2057 EXPECT_EQ(expected_set_cookie_count,
2058 async_filter_network_delegate.set_cookie_called_count());
2059 EXPECT_EQ(expected_blocked_cookie_count,
2060 async_filter_network_delegate.blocked_set_cookie_count());
2061
2062 EXPECT_EQ(expected_set_cookie_count,
2063 sync_filter_network_delegate.set_cookie_called_count());
2064 EXPECT_EQ(expected_blocked_cookie_count,
2065 sync_filter_network_delegate.blocked_set_cookie_count());
2066
2067 async_filter_network_delegate.ResetSetCookieCalledCount();
2068 async_filter_network_delegate.ResetBlockedSetCookieCount();
2069
2070 sync_filter_network_delegate.ResetSetCookieCalledCount();
2071 sync_filter_network_delegate.ResetBlockedSetCookieCount();
2072 }
2073 }
2074 }
2075
TEST_F(URLRequestTest,DoNotSendCookies)2076 TEST_F(URLRequestTest, DoNotSendCookies) {
2077 HttpTestServer test_server;
2078 ASSERT_TRUE(test_server.Start());
2079
2080 // Set up a cookie.
2081 {
2082 TestDelegate d;
2083 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
2084 default_context(), test_server.GetURL("/set-cookie?CookieToNotSend=1"),
2085 &d);
2086 req->Start();
2087 d.RunUntilComplete();
2088 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
2089 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
2090 }
2091
2092 // Verify that the cookie is set.
2093 {
2094 TestDelegate d;
2095 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
2096 default_context(), test_server.GetURL("/echoheader?Cookie"), &d);
2097 req->Start();
2098 d.RunUntilComplete();
2099
2100 EXPECT_TRUE(d.data_received().find("CookieToNotSend=1") !=
2101 std::string::npos);
2102 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
2103 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
2104 }
2105
2106 // Verify that the cookie isn't sent when credentials are not allowed.
2107 {
2108 TestDelegate d;
2109 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
2110 default_context(), test_server.GetURL("/echoheader?Cookie"), &d);
2111 req->set_allow_credentials(false);
2112 req->Start();
2113 d.RunUntilComplete();
2114
2115 EXPECT_TRUE(d.data_received().find("Cookie: CookieToNotSend=1") ==
2116 std::string::npos);
2117
2118 // When credentials are blocked, OnAnnotateAndMoveUserBlockedCookies() is
2119 // not invoked.
2120 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
2121 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
2122 }
2123 }
2124
TEST_F(URLRequestTest,DoNotSaveCookies)2125 TEST_F(URLRequestTest, DoNotSaveCookies) {
2126 HttpTestServer test_server;
2127 ASSERT_TRUE(test_server.Start());
2128
2129 // Set up a cookie.
2130 {
2131 TestDelegate d;
2132 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
2133 default_context(),
2134 test_server.GetURL("/set-cookie?CookieToNotUpdate=2"), &d);
2135 req->Start();
2136 d.RunUntilComplete();
2137
2138 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
2139 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
2140 EXPECT_EQ(1, default_network_delegate().set_cookie_count());
2141 }
2142
2143 // Try to set-up another cookie and update the previous cookie.
2144 {
2145 TestDelegate d;
2146 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
2147 default_context(),
2148 test_server.GetURL("/set-cookie?CookieToNotSave=1&CookieToNotUpdate=1"),
2149 &d);
2150 req->SetLoadFlags(LOAD_DO_NOT_SAVE_COOKIES);
2151 req->Start();
2152
2153 d.RunUntilComplete();
2154
2155 // LOAD_DO_NOT_SAVE_COOKIES does not trigger OnSetCookie.
2156 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
2157 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
2158 EXPECT_EQ(1, default_network_delegate().set_cookie_count());
2159 }
2160
2161 // Verify the cookies weren't saved or updated.
2162 {
2163 TestDelegate d;
2164 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
2165 default_context(), test_server.GetURL("/echoheader?Cookie"), &d);
2166 req->Start();
2167 d.RunUntilComplete();
2168
2169 EXPECT_TRUE(d.data_received().find("CookieToNotSave=1") ==
2170 std::string::npos);
2171 EXPECT_TRUE(d.data_received().find("CookieToNotUpdate=2") !=
2172 std::string::npos);
2173
2174 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
2175 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
2176 EXPECT_EQ(1, default_network_delegate().set_cookie_count());
2177 }
2178 }
2179
TEST_F(URLRequestTest,DoNotSendCookies_ViaPolicy)2180 TEST_F(URLRequestTest, DoNotSendCookies_ViaPolicy) {
2181 HttpTestServer test_server;
2182 ASSERT_TRUE(test_server.Start());
2183
2184 // Set up a cookie.
2185 {
2186 TestDelegate d;
2187 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
2188 default_context(), test_server.GetURL("/set-cookie?CookieToNotSend=1"),
2189 &d);
2190 req->Start();
2191 d.RunUntilComplete();
2192
2193 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
2194 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
2195 }
2196
2197 // Verify that the cookie is set.
2198 {
2199 TestDelegate d;
2200 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
2201 default_context(), test_server.GetURL("/echoheader?Cookie"), &d);
2202 req->Start();
2203 d.RunUntilComplete();
2204
2205 EXPECT_TRUE(d.data_received().find("CookieToNotSend=1") !=
2206 std::string::npos);
2207
2208 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
2209 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
2210 auto entries = net_log_observer_.GetEntries();
2211 for (const auto& entry : entries) {
2212 EXPECT_NE(entry.type,
2213 NetLogEventType::COOKIE_GET_BLOCKED_BY_NETWORK_DELEGATE);
2214 }
2215 }
2216
2217 // Verify that the cookie isn't sent.
2218 {
2219 TestDelegate d;
2220 default_network_delegate().set_cookie_options(
2221 TestNetworkDelegate::NO_GET_COOKIES);
2222 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
2223 default_context(), test_server.GetURL("/echoheader?Cookie"), &d);
2224 req->Start();
2225 d.RunUntilComplete();
2226
2227 EXPECT_TRUE(d.data_received().find("Cookie: CookieToNotSend=1") ==
2228 std::string::npos);
2229
2230 EXPECT_EQ(1, default_network_delegate().blocked_annotate_cookies_count());
2231 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
2232 auto entries = net_log_observer_.GetEntries();
2233 ExpectLogContainsSomewhereAfter(
2234 entries, 0, NetLogEventType::COOKIE_GET_BLOCKED_BY_NETWORK_DELEGATE,
2235 NetLogEventPhase::NONE);
2236 }
2237 }
2238
2239 // TODO(crbug.com/564656) This test is flaky on iOS.
2240 #if BUILDFLAG(IS_IOS)
2241 #define MAYBE_DoNotSaveCookies_ViaPolicy FLAKY_DoNotSaveCookies_ViaPolicy
2242 #else
2243 #define MAYBE_DoNotSaveCookies_ViaPolicy DoNotSaveCookies_ViaPolicy
2244 #endif
TEST_F(URLRequestTest,MAYBE_DoNotSaveCookies_ViaPolicy)2245 TEST_F(URLRequestTest, MAYBE_DoNotSaveCookies_ViaPolicy) {
2246 HttpTestServer test_server;
2247 ASSERT_TRUE(test_server.Start());
2248
2249 // Set up a cookie.
2250 {
2251 TestDelegate d;
2252 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
2253 default_context(),
2254 test_server.GetURL("/set-cookie?CookieToNotUpdate=2"), &d);
2255 req->Start();
2256 d.RunUntilComplete();
2257
2258 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
2259 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
2260 auto entries = net_log_observer_.GetEntries();
2261 for (const auto& entry : entries) {
2262 EXPECT_NE(entry.type,
2263 NetLogEventType::COOKIE_SET_BLOCKED_BY_NETWORK_DELEGATE);
2264 }
2265 }
2266
2267 // Try to set-up another cookie and update the previous cookie.
2268 {
2269 TestDelegate d;
2270 default_network_delegate().set_cookie_options(
2271 TestNetworkDelegate::NO_SET_COOKIE);
2272 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
2273 default_context(),
2274 test_server.GetURL("/set-cookie?CookieToNotSave=1&CookieToNotUpdate=1"),
2275 &d);
2276 req->Start();
2277
2278 d.RunUntilComplete();
2279
2280 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
2281 EXPECT_EQ(2, default_network_delegate().blocked_set_cookie_count());
2282 auto entries = net_log_observer_.GetEntries();
2283 ExpectLogContainsSomewhereAfter(
2284 entries, 0, NetLogEventType::COOKIE_SET_BLOCKED_BY_NETWORK_DELEGATE,
2285 NetLogEventPhase::NONE);
2286 }
2287
2288 // Verify the cookies weren't saved or updated.
2289 {
2290 TestDelegate d;
2291 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
2292 default_context(), test_server.GetURL("/echoheader?Cookie"), &d);
2293 req->Start();
2294 d.RunUntilComplete();
2295
2296 EXPECT_TRUE(d.data_received().find("CookieToNotSave=1") ==
2297 std::string::npos);
2298 EXPECT_TRUE(d.data_received().find("CookieToNotUpdate=2") !=
2299 std::string::npos);
2300
2301 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
2302 EXPECT_EQ(2, default_network_delegate().blocked_set_cookie_count());
2303 }
2304 }
2305
TEST_F(URLRequestTest,DoNotSaveEmptyCookies)2306 TEST_F(URLRequestTest, DoNotSaveEmptyCookies) {
2307 HttpTestServer test_server;
2308 ASSERT_TRUE(test_server.Start());
2309
2310 // Set up an empty cookie.
2311 {
2312 TestDelegate d;
2313 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
2314 default_context(), test_server.GetURL("/set-cookie"), &d);
2315 req->Start();
2316 d.RunUntilComplete();
2317
2318 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
2319 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
2320 EXPECT_EQ(0, default_network_delegate().set_cookie_count());
2321 }
2322 }
2323
TEST_F(URLRequestTest,DoNotSendCookies_ViaPolicy_Async)2324 TEST_F(URLRequestTest, DoNotSendCookies_ViaPolicy_Async) {
2325 HttpTestServer test_server;
2326 ASSERT_TRUE(test_server.Start());
2327
2328 // Set up a cookie.
2329 {
2330 TestDelegate d;
2331 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
2332 default_context(), test_server.GetURL("/set-cookie?CookieToNotSend=1"),
2333 &d);
2334 req->Start();
2335 d.RunUntilComplete();
2336
2337 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
2338 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
2339 }
2340
2341 // Verify that the cookie is set.
2342 {
2343 TestDelegate d;
2344 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
2345 default_context(), test_server.GetURL("/echoheader?Cookie"), &d);
2346 req->Start();
2347 d.RunUntilComplete();
2348
2349 EXPECT_TRUE(d.data_received().find("CookieToNotSend=1") !=
2350 std::string::npos);
2351
2352 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
2353 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
2354 }
2355
2356 // Verify that the cookie isn't sent.
2357 {
2358 TestDelegate d;
2359 default_network_delegate().set_cookie_options(
2360 TestNetworkDelegate::NO_GET_COOKIES);
2361 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
2362 default_context(), test_server.GetURL("/echoheader?Cookie"), &d);
2363 req->Start();
2364 d.RunUntilComplete();
2365
2366 EXPECT_TRUE(d.data_received().find("Cookie: CookieToNotSend=1") ==
2367 std::string::npos);
2368
2369 EXPECT_EQ(1, default_network_delegate().blocked_annotate_cookies_count());
2370 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
2371 }
2372 }
2373
TEST_F(URLRequestTest,DoNotSaveCookies_ViaPolicy_Async)2374 TEST_F(URLRequestTest, DoNotSaveCookies_ViaPolicy_Async) {
2375 HttpTestServer test_server;
2376 ASSERT_TRUE(test_server.Start());
2377
2378 // Set up a cookie.
2379 {
2380 TestDelegate d;
2381 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
2382 default_context(),
2383 test_server.GetURL("/set-cookie?CookieToNotUpdate=2"), &d);
2384 req->Start();
2385 d.RunUntilComplete();
2386
2387 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
2388 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
2389 }
2390
2391 // Try to set-up another cookie and update the previous cookie.
2392 {
2393 TestDelegate d;
2394 default_network_delegate().set_cookie_options(
2395 TestNetworkDelegate::NO_SET_COOKIE);
2396 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
2397 default_context(),
2398 test_server.GetURL("/set-cookie?CookieToNotSave=1&CookieToNotUpdate=1"),
2399 &d);
2400 req->Start();
2401
2402 d.RunUntilComplete();
2403
2404 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
2405 EXPECT_EQ(2, default_network_delegate().blocked_set_cookie_count());
2406 }
2407
2408 // Verify the cookies weren't saved or updated.
2409 {
2410 TestDelegate d;
2411 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
2412 default_context(), test_server.GetURL("/echoheader?Cookie"), &d);
2413 req->Start();
2414 d.RunUntilComplete();
2415
2416 EXPECT_TRUE(d.data_received().find("CookieToNotSave=1") ==
2417 std::string::npos);
2418 EXPECT_TRUE(d.data_received().find("CookieToNotUpdate=2") !=
2419 std::string::npos);
2420
2421 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
2422 EXPECT_EQ(2, default_network_delegate().blocked_set_cookie_count());
2423 }
2424 }
2425
2426 // Tests for SameSite cookies. The test param indicates whether the same-site
2427 // calculation considers redirect chains.
2428 class URLRequestSameSiteCookiesTest
2429 : public URLRequestTest,
2430 public ::testing::WithParamInterface<bool> {
2431 public:
URLRequestSameSiteCookiesTest()2432 URLRequestSameSiteCookiesTest() {
2433 if (DoesCookieSameSiteConsiderRedirectChain()) {
2434 feature_list_.InitAndEnableFeature(
2435 features::kCookieSameSiteConsidersRedirectChain);
2436 }
2437 }
2438
DoesCookieSameSiteConsiderRedirectChain()2439 bool DoesCookieSameSiteConsiderRedirectChain() { return GetParam(); }
2440
2441 private:
2442 base::test::ScopedFeatureList feature_list_;
2443 };
2444
TEST_P(URLRequestSameSiteCookiesTest,SameSiteCookies)2445 TEST_P(URLRequestSameSiteCookiesTest, SameSiteCookies) {
2446 HttpTestServer test_server;
2447 ASSERT_TRUE(test_server.Start());
2448
2449 const std::string kHost = "example.test";
2450 const std::string kSubHost = "subdomain.example.test";
2451 const std::string kCrossHost = "cross-origin.test";
2452 const url::Origin kOrigin =
2453 url::Origin::Create(test_server.GetURL(kHost, "/"));
2454 const url::Origin kSubOrigin =
2455 url::Origin::Create(test_server.GetURL(kSubHost, "/"));
2456 const url::Origin kCrossOrigin =
2457 url::Origin::Create(test_server.GetURL(kCrossHost, "/"));
2458 const SiteForCookies kSiteForCookies = SiteForCookies::FromOrigin(kOrigin);
2459 const SiteForCookies kCrossSiteForCookies =
2460 SiteForCookies::FromOrigin(kCrossOrigin);
2461
2462 // Set up two 'SameSite' cookies on 'example.test'
2463 {
2464 TestDelegate d;
2465 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
2466 default_context(),
2467 test_server.GetURL(kHost,
2468 "/set-cookie?StrictSameSiteCookie=1;SameSite=Strict&"
2469 "LaxSameSiteCookie=1;SameSite=Lax"),
2470 &d);
2471 req->set_site_for_cookies(kSiteForCookies);
2472 req->set_initiator(kOrigin);
2473 req->Start();
2474 d.RunUntilComplete();
2475 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
2476 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
2477 EXPECT_EQ(2, default_network_delegate().set_cookie_count());
2478 }
2479
2480 // Verify that both cookies are sent for same-site requests, whether they are
2481 // subresource requests, subframe navigations, or main frame navigations.
2482 for (IsolationInfo::RequestType request_type :
2483 {IsolationInfo::RequestType::kMainFrame,
2484 IsolationInfo::RequestType::kSubFrame,
2485 IsolationInfo::RequestType::kOther}) {
2486 TestDelegate d;
2487 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
2488 test_server.GetURL(kHost, "/echoheader?Cookie"), DEFAULT_PRIORITY, &d,
2489 TRAFFIC_ANNOTATION_FOR_TESTS));
2490 req->set_isolation_info(
2491 IsolationInfo::Create(request_type, kOrigin, kOrigin, kSiteForCookies));
2492 req->set_site_for_cookies(kSiteForCookies);
2493 req->set_initiator(kOrigin);
2494 req->Start();
2495 d.RunUntilComplete();
2496
2497 EXPECT_NE(std::string::npos,
2498 d.data_received().find("StrictSameSiteCookie=1"));
2499 EXPECT_NE(std::string::npos, d.data_received().find("LaxSameSiteCookie=1"));
2500 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
2501 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
2502 }
2503
2504 // Verify that both cookies are sent when the request has no initiator (can
2505 // happen for main frame browser-initiated navigations).
2506 {
2507 TestDelegate d;
2508 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
2509 test_server.GetURL(kHost, "/echoheader?Cookie"), DEFAULT_PRIORITY, &d,
2510 TRAFFIC_ANNOTATION_FOR_TESTS));
2511 req->set_site_for_cookies(kSiteForCookies);
2512 req->Start();
2513 d.RunUntilComplete();
2514
2515 EXPECT_NE(std::string::npos,
2516 d.data_received().find("StrictSameSiteCookie=1"));
2517 EXPECT_NE(std::string::npos, d.data_received().find("LaxSameSiteCookie=1"));
2518 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
2519 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
2520 }
2521
2522 // Verify that both cookies are sent for same-registrable-domain requests.
2523 {
2524 TestDelegate d;
2525 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
2526 test_server.GetURL(kHost, "/echoheader?Cookie"), DEFAULT_PRIORITY, &d,
2527 TRAFFIC_ANNOTATION_FOR_TESTS));
2528 req->set_site_for_cookies(
2529 SiteForCookies::FromUrl(test_server.GetURL(kSubHost, "/")));
2530 req->set_initiator(kSubOrigin);
2531 req->Start();
2532 d.RunUntilComplete();
2533
2534 EXPECT_NE(std::string::npos,
2535 d.data_received().find("StrictSameSiteCookie=1"));
2536 EXPECT_NE(std::string::npos, d.data_received().find("LaxSameSiteCookie=1"));
2537 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
2538 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
2539 }
2540
2541 // Verify that neither cookie is not sent for cross-site requests.
2542 {
2543 TestDelegate d;
2544 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
2545 test_server.GetURL(kHost, "/echoheader?Cookie"), DEFAULT_PRIORITY, &d,
2546 TRAFFIC_ANNOTATION_FOR_TESTS));
2547 req->set_site_for_cookies(kCrossSiteForCookies);
2548 req->set_initiator(kCrossOrigin);
2549 req->Start();
2550 d.RunUntilComplete();
2551
2552 EXPECT_EQ(std::string::npos,
2553 d.data_received().find("StrictSameSiteCookie=1"));
2554 EXPECT_EQ(std::string::npos, d.data_received().find("LaxSameSiteCookie=1"));
2555 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
2556 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
2557 }
2558
2559 // Verify that the lax cookie is sent for cross-site initiators when the
2560 // method is "safe" and the request is a main frame navigation.
2561 {
2562 TestDelegate d;
2563 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
2564 test_server.GetURL(kHost, "/echoheader?Cookie"), DEFAULT_PRIORITY, &d,
2565 TRAFFIC_ANNOTATION_FOR_TESTS));
2566 req->set_isolation_info(
2567 IsolationInfo::Create(IsolationInfo::RequestType::kMainFrame, kOrigin,
2568 kOrigin, kSiteForCookies));
2569 req->set_site_for_cookies(kSiteForCookies);
2570 req->set_initiator(kCrossOrigin);
2571 req->set_method("GET");
2572 req->Start();
2573 d.RunUntilComplete();
2574
2575 EXPECT_EQ(std::string::npos,
2576 d.data_received().find("StrictSameSiteCookie=1"));
2577 EXPECT_NE(std::string::npos, d.data_received().find("LaxSameSiteCookie=1"));
2578 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
2579 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
2580 }
2581
2582 // Verify that the lax cookie is sent for cross-site initiators when the
2583 // method is "safe" and the request is being forced to be considered as a
2584 // main frame navigation.
2585 {
2586 TestDelegate d;
2587 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
2588 test_server.GetURL(kHost, "/echoheader?Cookie"), DEFAULT_PRIORITY, &d,
2589 TRAFFIC_ANNOTATION_FOR_TESTS));
2590 req->set_isolation_info(IsolationInfo::Create(
2591 IsolationInfo::RequestType::kOther, kOrigin, kOrigin, kSiteForCookies));
2592 req->set_site_for_cookies(kSiteForCookies);
2593 req->set_initiator(kCrossOrigin);
2594 req->set_method("GET");
2595 req->set_force_main_frame_for_same_site_cookies(true);
2596 req->Start();
2597 d.RunUntilComplete();
2598
2599 EXPECT_EQ(std::string::npos,
2600 d.data_received().find("StrictSameSiteCookie=1"));
2601 EXPECT_NE(std::string::npos, d.data_received().find("LaxSameSiteCookie=1"));
2602 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
2603 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
2604 }
2605
2606 // Verify that neither cookie is sent for cross-site initiators when the
2607 // method is unsafe (e.g. POST), even if the request is a main frame
2608 // navigation.
2609 {
2610 TestDelegate d;
2611 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
2612 test_server.GetURL(kHost, "/echoheader?Cookie"), DEFAULT_PRIORITY, &d,
2613 TRAFFIC_ANNOTATION_FOR_TESTS));
2614 req->set_isolation_info(
2615 IsolationInfo::Create(IsolationInfo::RequestType::kMainFrame, kOrigin,
2616 kOrigin, kSiteForCookies));
2617 req->set_site_for_cookies(kSiteForCookies);
2618 req->set_initiator(kCrossOrigin);
2619 req->set_method("POST");
2620 req->Start();
2621 d.RunUntilComplete();
2622
2623 EXPECT_EQ(std::string::npos,
2624 d.data_received().find("StrictSameSiteCookie=1"));
2625 EXPECT_EQ(std::string::npos, d.data_received().find("LaxSameSiteCookie=1"));
2626 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
2627 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
2628 }
2629
2630 // Verify that neither cookie is sent for cross-site initiators when the
2631 // method is safe and the site-for-cookies is same-site, but the request is
2632 // not a main frame navigation.
2633 {
2634 TestDelegate d;
2635 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
2636 test_server.GetURL(kHost, "/echoheader?Cookie"), DEFAULT_PRIORITY, &d,
2637 TRAFFIC_ANNOTATION_FOR_TESTS));
2638 req->set_isolation_info(
2639 IsolationInfo::Create(IsolationInfo::RequestType::kSubFrame, kOrigin,
2640 kOrigin, kSiteForCookies));
2641 req->set_site_for_cookies(kSiteForCookies);
2642 req->set_initiator(kCrossOrigin);
2643 req->set_method("GET");
2644 req->Start();
2645 d.RunUntilComplete();
2646
2647 EXPECT_EQ(std::string::npos,
2648 d.data_received().find("StrictSameSiteCookie=1"));
2649 EXPECT_EQ(std::string::npos, d.data_received().find("LaxSameSiteCookie=1"));
2650 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
2651 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
2652
2653 // Check that the appropriate cookie inclusion status is set.
2654 ASSERT_EQ(2u, req->maybe_sent_cookies().size());
2655 CookieInclusionStatus expected_strict_status =
2656 CookieInclusionStatus::MakeFromReasonsForTesting(
2657 {CookieInclusionStatus::EXCLUDE_SAMESITE_STRICT});
2658 CookieInclusionStatus expected_lax_status =
2659 CookieInclusionStatus::MakeFromReasonsForTesting(
2660 {CookieInclusionStatus::EXCLUDE_SAMESITE_LAX});
2661 EXPECT_EQ(expected_strict_status,
2662 req->maybe_sent_cookies()[0].access_result.status);
2663 EXPECT_EQ(expected_lax_status,
2664 req->maybe_sent_cookies()[1].access_result.status);
2665 }
2666 }
2667
TEST_P(URLRequestSameSiteCookiesTest,SameSiteCookies_Redirect)2668 TEST_P(URLRequestSameSiteCookiesTest, SameSiteCookies_Redirect) {
2669 EmbeddedTestServer http_server;
2670 RegisterDefaultHandlers(&http_server);
2671 EmbeddedTestServer https_server(EmbeddedTestServer::TYPE_HTTPS);
2672 https_server.SetSSLConfig(EmbeddedTestServer::CERT_TEST_NAMES);
2673 RegisterDefaultHandlers(&https_server);
2674 ASSERT_TRUE(http_server.Start());
2675 ASSERT_TRUE(https_server.Start());
2676
2677 const std::string kHost = "foo.a.test";
2678 const std::string kSameSiteHost = "bar.a.test";
2679 const std::string kCrossSiteHost = "b.test";
2680 const url::Origin kOrigin =
2681 url::Origin::Create(https_server.GetURL(kHost, "/"));
2682 const url::Origin kHttpOrigin =
2683 url::Origin::Create(http_server.GetURL(kHost, "/"));
2684 const url::Origin kSameSiteOrigin =
2685 url::Origin::Create(https_server.GetURL(kSameSiteHost, "/"));
2686 const url::Origin kCrossSiteOrigin =
2687 url::Origin::Create(https_server.GetURL(kCrossSiteHost, "/"));
2688 const SiteForCookies kSiteForCookies = SiteForCookies::FromOrigin(kOrigin);
2689 const SiteForCookies kHttpSiteForCookies =
2690 SiteForCookies::FromOrigin(kHttpOrigin);
2691 const SiteForCookies kCrossSiteForCookies =
2692 SiteForCookies::FromOrigin(kCrossSiteOrigin);
2693
2694 // Set up two 'SameSite' cookies on foo.a.test
2695 {
2696 TestDelegate d;
2697 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
2698 default_context(),
2699 https_server.GetURL(
2700 kHost,
2701 "/set-cookie?StrictSameSiteCookie=1;SameSite=Strict&"
2702 "LaxSameSiteCookie=1;SameSite=Lax"),
2703 &d);
2704 req->set_site_for_cookies(kSiteForCookies);
2705 req->set_initiator(kOrigin);
2706 req->Start();
2707 d.RunUntilComplete();
2708 ASSERT_EQ(2u, GetAllCookies(&default_context()).size());
2709 }
2710
2711 // Verify that both cookies are sent for same-site, unredirected requests.
2712 {
2713 TestDelegate d;
2714 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
2715 https_server.GetURL(kHost, "/echoheader?Cookie"), DEFAULT_PRIORITY, &d,
2716 TRAFFIC_ANNOTATION_FOR_TESTS));
2717 req->set_site_for_cookies(kSiteForCookies);
2718 req->set_initiator(kOrigin);
2719 req->Start();
2720 d.RunUntilComplete();
2721
2722 EXPECT_EQ(1u, req->url_chain().size());
2723 EXPECT_NE(std::string::npos,
2724 d.data_received().find("StrictSameSiteCookie=1"));
2725 EXPECT_NE(std::string::npos, d.data_received().find("LaxSameSiteCookie=1"));
2726 }
2727
2728 // Verify that both cookies are sent for a same-origin redirected top level
2729 // navigation.
2730 {
2731 TestDelegate d;
2732 GURL url = https_server.GetURL(
2733 kHost, "/server-redirect?" +
2734 https_server.GetURL(kHost, "/echoheader?Cookie").spec());
2735 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
2736 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
2737 req->set_isolation_info(
2738 IsolationInfo::Create(IsolationInfo::RequestType::kMainFrame, kOrigin,
2739 kOrigin, kSiteForCookies));
2740 req->set_first_party_url_policy(
2741 RedirectInfo::FirstPartyURLPolicy::UPDATE_URL_ON_REDIRECT);
2742 req->set_site_for_cookies(kSiteForCookies);
2743 req->set_initiator(kOrigin);
2744 req->Start();
2745 d.RunUntilComplete();
2746
2747 EXPECT_EQ(2u, req->url_chain().size());
2748 EXPECT_NE(std::string::npos,
2749 d.data_received().find("StrictSameSiteCookie=1"));
2750 EXPECT_NE(std::string::npos, d.data_received().find("LaxSameSiteCookie=1"));
2751 }
2752
2753 // Verify that both cookies are sent for a same-site redirected top level
2754 // navigation.
2755 {
2756 TestDelegate d;
2757 GURL url = https_server.GetURL(
2758 kSameSiteHost,
2759 "/server-redirect?" +
2760 https_server.GetURL(kHost, "/echoheader?Cookie").spec());
2761 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
2762 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
2763 req->set_isolation_info(IsolationInfo::Create(
2764 IsolationInfo::RequestType::kMainFrame, kSameSiteOrigin,
2765 kSameSiteOrigin, kSiteForCookies));
2766 req->set_first_party_url_policy(
2767 RedirectInfo::FirstPartyURLPolicy::UPDATE_URL_ON_REDIRECT);
2768 req->set_site_for_cookies(kSiteForCookies);
2769 req->set_initiator(kOrigin);
2770 req->Start();
2771 d.RunUntilComplete();
2772
2773 EXPECT_EQ(2u, req->url_chain().size());
2774 EXPECT_NE(std::string::npos,
2775 d.data_received().find("StrictSameSiteCookie=1"));
2776 EXPECT_NE(std::string::npos, d.data_received().find("LaxSameSiteCookie=1"));
2777 }
2778
2779 // If redirect chains are considered:
2780 // Verify that the Strict cookie may or may not be sent for a cross-scheme
2781 // (same-registrable-domain) redirected top level navigation, depending on the
2782 // status of Schemeful Same-Site. The Lax cookie is sent regardless, because
2783 // this is a top-level navigation.
2784 //
2785 // If redirect chains are not considered:
2786 // Verify that both cookies are sent, because this is a top-level navigation.
2787 {
2788 base::test::ScopedFeatureList feature_list;
2789 feature_list.InitAndDisableFeature(features::kSchemefulSameSite);
2790 TestDelegate d;
2791 GURL url = http_server.GetURL(
2792 kHost, "/server-redirect?" +
2793 https_server.GetURL(kHost, "/echoheader?Cookie").spec());
2794 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
2795 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
2796 req->set_isolation_info(
2797 IsolationInfo::Create(IsolationInfo::RequestType::kMainFrame,
2798 kHttpOrigin, kHttpOrigin, kHttpSiteForCookies));
2799 req->set_first_party_url_policy(
2800 RedirectInfo::FirstPartyURLPolicy::UPDATE_URL_ON_REDIRECT);
2801 req->set_site_for_cookies(kHttpSiteForCookies);
2802 req->set_initiator(kOrigin);
2803 req->Start();
2804 d.RunUntilComplete();
2805
2806 EXPECT_EQ(2u, req->url_chain().size());
2807 EXPECT_NE(std::string::npos,
2808 d.data_received().find("StrictSameSiteCookie=1"));
2809 EXPECT_NE(std::string::npos, d.data_received().find("LaxSameSiteCookie=1"));
2810 }
2811 {
2812 base::test::ScopedFeatureList feature_list;
2813 feature_list.InitAndEnableFeature(features::kSchemefulSameSite);
2814 TestDelegate d;
2815 GURL url = http_server.GetURL(
2816 kHost, "/server-redirect?" +
2817 https_server.GetURL(kHost, "/echoheader?Cookie").spec());
2818 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
2819 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
2820 req->set_isolation_info(
2821 IsolationInfo::Create(IsolationInfo::RequestType::kMainFrame,
2822 kHttpOrigin, kHttpOrigin, kHttpSiteForCookies));
2823 req->set_first_party_url_policy(
2824 RedirectInfo::FirstPartyURLPolicy::UPDATE_URL_ON_REDIRECT);
2825 req->set_site_for_cookies(kHttpSiteForCookies);
2826 req->set_initiator(kOrigin);
2827 req->Start();
2828 d.RunUntilComplete();
2829
2830 EXPECT_EQ(2u, req->url_chain().size());
2831 EXPECT_EQ(
2832 DoesCookieSameSiteConsiderRedirectChain(),
2833 std::string::npos == d.data_received().find("StrictSameSiteCookie=1"));
2834 EXPECT_NE(std::string::npos, d.data_received().find("LaxSameSiteCookie=1"));
2835 }
2836
2837 // Verify that (depending on whether redirect chains are considered), the
2838 // Strict cookie is (not) sent for a cross-site redirected top level
2839 // navigation...
2840 {
2841 TestDelegate d;
2842 GURL url = https_server.GetURL(
2843 kCrossSiteHost,
2844 "/server-redirect?" +
2845 https_server.GetURL(kHost, "/echoheader?Cookie").spec());
2846 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
2847 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
2848 req->set_isolation_info(IsolationInfo::Create(
2849 IsolationInfo::RequestType::kMainFrame, kCrossSiteOrigin,
2850 kCrossSiteOrigin, kCrossSiteForCookies));
2851 req->set_first_party_url_policy(
2852 RedirectInfo::FirstPartyURLPolicy::UPDATE_URL_ON_REDIRECT);
2853 req->set_site_for_cookies(kCrossSiteForCookies);
2854 req->set_initiator(kOrigin);
2855 req->Start();
2856 d.RunUntilComplete();
2857
2858 EXPECT_EQ(2u, req->url_chain().size());
2859 EXPECT_EQ(
2860 DoesCookieSameSiteConsiderRedirectChain(),
2861 std::string::npos == d.data_received().find("StrictSameSiteCookie=1"));
2862 EXPECT_NE(std::string::npos, d.data_received().find("LaxSameSiteCookie=1"));
2863 }
2864 // ... even if the initial URL is same-site.
2865 {
2866 TestDelegate d;
2867 GURL middle_url = https_server.GetURL(
2868 kCrossSiteHost,
2869 "/server-redirect?" +
2870 https_server.GetURL(kHost, "/echoheader?Cookie").spec());
2871 GURL url =
2872 https_server.GetURL(kHost, "/server-redirect?" + middle_url.spec());
2873 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
2874 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
2875 req->set_isolation_info(
2876 IsolationInfo::Create(IsolationInfo::RequestType::kMainFrame, kOrigin,
2877 kOrigin, kSiteForCookies));
2878 req->set_first_party_url_policy(
2879 RedirectInfo::FirstPartyURLPolicy::UPDATE_URL_ON_REDIRECT);
2880 req->set_site_for_cookies(kSiteForCookies);
2881 req->set_initiator(kOrigin);
2882 req->Start();
2883 d.RunUntilComplete();
2884
2885 EXPECT_EQ(3u, req->url_chain().size());
2886 EXPECT_EQ(
2887 DoesCookieSameSiteConsiderRedirectChain(),
2888 std::string::npos == d.data_received().find("StrictSameSiteCookie=1"));
2889 EXPECT_NE(std::string::npos, d.data_received().find("LaxSameSiteCookie=1"));
2890 }
2891
2892 // Verify that (depending on whether redirect chains are considered), neither
2893 // (or both) SameSite cookie is sent for a cross-site redirected subresource
2894 // request...
2895 {
2896 TestDelegate d;
2897 GURL url = https_server.GetURL(
2898 kCrossSiteHost,
2899 "/server-redirect?" +
2900 https_server.GetURL(kHost, "/echoheader?Cookie").spec());
2901 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
2902 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
2903 req->set_isolation_info(IsolationInfo::Create(
2904 IsolationInfo::RequestType::kOther, kOrigin, kOrigin, kSiteForCookies));
2905 req->set_site_for_cookies(kSiteForCookies);
2906 req->set_initiator(kOrigin);
2907 req->Start();
2908 d.RunUntilComplete();
2909
2910 EXPECT_EQ(2u, req->url_chain().size());
2911 EXPECT_EQ(
2912 DoesCookieSameSiteConsiderRedirectChain(),
2913 std::string::npos == d.data_received().find("StrictSameSiteCookie=1"));
2914 EXPECT_EQ(
2915 DoesCookieSameSiteConsiderRedirectChain(),
2916 std::string::npos == d.data_received().find("LaxSameSiteCookie=1"));
2917 }
2918 // ... even if the initial URL is same-site.
2919 {
2920 TestDelegate d;
2921 GURL middle_url = https_server.GetURL(
2922 kCrossSiteHost,
2923 "/server-redirect?" +
2924 https_server.GetURL(kHost, "/echoheader?Cookie").spec());
2925 GURL url =
2926 https_server.GetURL(kHost, "/server-redirect?" + middle_url.spec());
2927 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
2928 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
2929 req->set_isolation_info(IsolationInfo::Create(
2930 IsolationInfo::RequestType::kOther, kOrigin, kOrigin, kSiteForCookies));
2931 req->set_site_for_cookies(kSiteForCookies);
2932 req->set_initiator(kOrigin);
2933 req->Start();
2934 d.RunUntilComplete();
2935
2936 EXPECT_EQ(3u, req->url_chain().size());
2937 EXPECT_EQ(
2938 DoesCookieSameSiteConsiderRedirectChain(),
2939 std::string::npos == d.data_received().find("StrictSameSiteCookie=1"));
2940 EXPECT_EQ(
2941 DoesCookieSameSiteConsiderRedirectChain(),
2942 std::string::npos == d.data_received().find("LaxSameSiteCookie=1"));
2943 }
2944 }
2945
TEST_P(URLRequestSameSiteCookiesTest,SettingSameSiteCookies)2946 TEST_P(URLRequestSameSiteCookiesTest, SettingSameSiteCookies) {
2947 HttpTestServer test_server;
2948 ASSERT_TRUE(test_server.Start());
2949
2950 const std::string kHost = "example.test";
2951 const std::string kSubHost = "subdomain.example.test";
2952 const std::string kCrossHost = "cross-origin.test";
2953 const url::Origin kOrigin =
2954 url::Origin::Create(test_server.GetURL(kHost, "/"));
2955 const url::Origin kSubOrigin =
2956 url::Origin::Create(test_server.GetURL(kSubHost, "/"));
2957 const url::Origin kCrossOrigin =
2958 url::Origin::Create(test_server.GetURL(kCrossHost, "/"));
2959 const SiteForCookies kSiteForCookies = SiteForCookies::FromOrigin(kOrigin);
2960 const SiteForCookies kCrossSiteForCookies =
2961 SiteForCookies::FromOrigin(kCrossOrigin);
2962
2963 int expected_cookies = 0;
2964
2965 {
2966 TestDelegate d;
2967 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
2968 test_server.GetURL(kHost,
2969 "/set-cookie?Strict1=1;SameSite=Strict&"
2970 "Lax1=1;SameSite=Lax"),
2971 DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
2972 req->set_site_for_cookies(kSiteForCookies);
2973 req->set_initiator(kOrigin);
2974
2975 // 'SameSite' cookies are settable from strict same-site contexts
2976 // (same-origin site_for_cookies, same-origin initiator), so this request
2977 // should result in two cookies being set.
2978 expected_cookies += 2;
2979
2980 req->Start();
2981 d.RunUntilComplete();
2982 EXPECT_EQ(expected_cookies,
2983 static_cast<int>(GetAllCookies(&default_context()).size()));
2984 EXPECT_EQ(expected_cookies, default_network_delegate().set_cookie_count());
2985 }
2986
2987 {
2988 TestDelegate d;
2989 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
2990 test_server.GetURL(kHost,
2991 "/set-cookie?Strict2=1;SameSite=Strict&"
2992 "Lax2=1;SameSite=Lax"),
2993 DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
2994 req->set_isolation_info(
2995 IsolationInfo::Create(IsolationInfo::RequestType::kMainFrame, kOrigin,
2996 kOrigin, kSiteForCookies));
2997 req->set_site_for_cookies(kSiteForCookies);
2998 req->set_initiator(kCrossOrigin);
2999
3000 // 'SameSite' cookies are settable from lax same-site contexts (same-origin
3001 // site_for_cookies, cross-site initiator, main frame navigation), so this
3002 // request should result in two cookies being set.
3003 expected_cookies += 2;
3004
3005 req->Start();
3006 d.RunUntilComplete();
3007 EXPECT_EQ(expected_cookies,
3008 static_cast<int>(GetAllCookies(&default_context()).size()));
3009 EXPECT_EQ(expected_cookies, default_network_delegate().set_cookie_count());
3010 }
3011
3012 {
3013 TestDelegate d;
3014 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
3015 test_server.GetURL(kHost,
3016 "/set-cookie?Strict3=1;SameSite=Strict&"
3017 "Lax3=1;SameSite=Lax"),
3018 DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
3019 req->set_isolation_info(
3020 IsolationInfo::Create(IsolationInfo::RequestType::kMainFrame,
3021 kSubOrigin, kSubOrigin, kSiteForCookies));
3022 req->set_site_for_cookies(
3023 SiteForCookies::FromUrl(test_server.GetURL(kSubHost, "/")));
3024 req->set_initiator(kCrossOrigin);
3025
3026 // 'SameSite' cookies are settable from lax same-site contexts (same-site
3027 // site_for_cookies, cross-site initiator, main frame navigation), so this
3028 // request should result in two cookies being set.
3029 expected_cookies += 2;
3030
3031 req->Start();
3032 d.RunUntilComplete();
3033 EXPECT_EQ(expected_cookies,
3034 static_cast<int>(GetAllCookies(&default_context()).size()));
3035 EXPECT_EQ(expected_cookies, default_network_delegate().set_cookie_count());
3036 }
3037
3038 {
3039 TestDelegate d;
3040 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
3041 test_server.GetURL(kHost,
3042 "/set-cookie?Strict4=1;SameSite=Strict&"
3043 "Lax4=1;SameSite=Lax"),
3044 DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
3045 req->set_site_for_cookies(
3046 SiteForCookies::FromUrl(test_server.GetURL(kSubHost, "/")));
3047
3048 // 'SameSite' cookies are settable from strict same-site contexts (same-site
3049 // site_for_cookies, no initiator), so this request should result in two
3050 // cookies being set.
3051 expected_cookies += 2;
3052
3053 req->Start();
3054 d.RunUntilComplete();
3055 EXPECT_EQ(expected_cookies,
3056 static_cast<int>(GetAllCookies(&default_context()).size()));
3057 EXPECT_EQ(expected_cookies, default_network_delegate().set_cookie_count());
3058 }
3059
3060 int expected_network_delegate_set_cookie_count;
3061 {
3062 TestDelegate d;
3063 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
3064 test_server.GetURL(kHost,
3065 "/set-cookie?Strict5=1;SameSite=Strict&"
3066 "Lax5=1;SameSite=Lax"),
3067 DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
3068 req->set_site_for_cookies(kCrossSiteForCookies);
3069 req->set_initiator(kCrossOrigin);
3070
3071 // 'SameSite' cookies are not settable from cross-site contexts, so this
3072 // should not result in any new cookies being set.
3073 expected_cookies += 0;
3074 // This counts the number of successful calls to CanSetCookie() when
3075 // attempting to set a cookie. The two cookies above were created and
3076 // attempted to be set, and were not rejected by the NetworkDelegate, so the
3077 // count here is 2 more than the number of cookies actually set.
3078 expected_network_delegate_set_cookie_count = expected_cookies + 2;
3079
3080 req->Start();
3081 d.RunUntilComplete();
3082 // This counts the number of cookies actually set.
3083 EXPECT_EQ(expected_cookies,
3084 static_cast<int>(GetAllCookies(&default_context()).size()));
3085 EXPECT_EQ(expected_network_delegate_set_cookie_count,
3086 default_network_delegate().set_cookie_count());
3087 }
3088
3089 {
3090 TestDelegate d;
3091 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
3092 test_server.GetURL(kHost,
3093 "/set-cookie?Strict6=1;SameSite=Strict&"
3094 "Lax6=1;SameSite=Lax"),
3095 DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
3096 req->set_isolation_info(
3097 IsolationInfo::Create(IsolationInfo::RequestType::kSubFrame, kOrigin,
3098 kOrigin, kSiteForCookies));
3099 req->set_site_for_cookies(kSiteForCookies);
3100 req->set_initiator(kCrossOrigin);
3101
3102 // Same-site site-for-cookies, cross-site initiator, non main frame
3103 // navigation -> context is considered cross-site so no SameSite cookies are
3104 // set.
3105 expected_cookies += 0;
3106 // This counts the number of successful calls to CanSetCookie() when
3107 // attempting to set a cookie. The two cookies above were created and
3108 // attempted to be set, and were not rejected by the NetworkDelegate, so the
3109 // count here is 2 more than the number of cookies actually set.
3110 expected_network_delegate_set_cookie_count += 2;
3111
3112 req->Start();
3113 d.RunUntilComplete();
3114 EXPECT_EQ(expected_cookies,
3115 static_cast<int>(GetAllCookies(&default_context()).size()));
3116 EXPECT_EQ(expected_network_delegate_set_cookie_count,
3117 default_network_delegate().set_cookie_count());
3118
3119 // Check that the appropriate cookie inclusion status is set.
3120 ASSERT_EQ(2u, req->maybe_stored_cookies().size());
3121 CookieInclusionStatus expected_strict_status =
3122 CookieInclusionStatus::MakeFromReasonsForTesting(
3123 {CookieInclusionStatus::EXCLUDE_SAMESITE_STRICT},
3124 {} /* warning_reasons */);
3125 CookieInclusionStatus expected_lax_status =
3126 CookieInclusionStatus::MakeFromReasonsForTesting(
3127 {CookieInclusionStatus::EXCLUDE_SAMESITE_LAX},
3128 {} /* warning_reasons */);
3129 EXPECT_EQ(expected_strict_status,
3130 req->maybe_stored_cookies()[0].access_result.status);
3131 EXPECT_EQ(expected_lax_status,
3132 req->maybe_stored_cookies()[1].access_result.status);
3133 }
3134
3135 {
3136 TestDelegate d;
3137 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
3138 test_server.GetURL(kHost,
3139 "/set-cookie?Strict7=1;SameSite=Strict&"
3140 "Lax7=1;SameSite=Lax"),
3141 DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
3142 req->set_isolation_info(IsolationInfo::Create(
3143 IsolationInfo::RequestType::kOther, kOrigin, kOrigin, kSiteForCookies));
3144 req->set_site_for_cookies(kSiteForCookies);
3145 req->set_initiator(kCrossOrigin);
3146 req->set_force_main_frame_for_same_site_cookies(true);
3147
3148 // 'SameSite' cookies are settable from lax same-site contexts (same-origin
3149 // site_for_cookies, cross-site initiator, main frame navigation), so this
3150 // request should result in two cookies being set.
3151 expected_cookies += 2;
3152 expected_network_delegate_set_cookie_count += 2;
3153
3154 req->Start();
3155 d.RunUntilComplete();
3156 EXPECT_EQ(expected_cookies,
3157 static_cast<int>(GetAllCookies(&default_context()).size()));
3158 EXPECT_EQ(expected_network_delegate_set_cookie_count,
3159 default_network_delegate().set_cookie_count());
3160 }
3161 }
3162
3163 // Tests special chrome:// scheme that is supposed to always attach SameSite
3164 // cookies if the requested site is secure.
TEST_P(URLRequestSameSiteCookiesTest,SameSiteCookiesSpecialScheme)3165 TEST_P(URLRequestSameSiteCookiesTest, SameSiteCookiesSpecialScheme) {
3166 url::ScopedSchemeRegistryForTests scoped_registry;
3167 url::AddStandardScheme("chrome", url::SchemeType::SCHEME_WITH_HOST);
3168
3169 EmbeddedTestServer https_test_server(EmbeddedTestServer::TYPE_HTTPS);
3170 RegisterDefaultHandlers(&https_test_server);
3171 ASSERT_TRUE(https_test_server.Start());
3172 EmbeddedTestServer http_test_server(EmbeddedTestServer::TYPE_HTTP);
3173 RegisterDefaultHandlers(&http_test_server);
3174 ASSERT_TRUE(http_test_server.Start());
3175 ASSERT_NE(https_test_server.port(), http_test_server.port());
3176 // Both hostnames should be 127.0.0.1 (so that we can use the same set of
3177 // cookies on both, for convenience).
3178 ASSERT_EQ(https_test_server.host_port_pair().host(),
3179 http_test_server.host_port_pair().host());
3180
3181 // Set up special schemes
3182 auto cad = std::make_unique<TestCookieAccessDelegate>();
3183 cad->SetIgnoreSameSiteRestrictionsScheme("chrome", true);
3184 auto cm = std::make_unique<CookieMonster>(nullptr, nullptr);
3185 cm->SetCookieAccessDelegate(std::move(cad));
3186
3187 auto context_builder = CreateTestURLRequestContextBuilder();
3188 context_builder->SetCookieStore(std::move(cm));
3189 auto context = context_builder->Build();
3190
3191 // SameSite cookies are not set for 'chrome' scheme if requested origin is not
3192 // secure.
3193 {
3194 TestDelegate d;
3195 std::unique_ptr<URLRequest> req(context->CreateRequest(
3196 http_test_server.GetURL(
3197 "/set-cookie?StrictSameSiteCookie=1;SameSite=Strict&"
3198 "LaxSameSiteCookie=1;SameSite=Lax"),
3199 DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
3200 req->set_site_for_cookies(
3201 SiteForCookies::FromUrl(GURL("chrome://whatever/")));
3202 req->Start();
3203 d.RunUntilComplete();
3204 EXPECT_EQ(0u, GetAllCookies(context.get()).size());
3205 }
3206
3207 // But they are set for 'chrome' scheme if the requested origin is secure.
3208 {
3209 TestDelegate d;
3210 std::unique_ptr<URLRequest> req(context->CreateRequest(
3211 https_test_server.GetURL(
3212 "/set-cookie?StrictSameSiteCookie=1;SameSite=Strict&"
3213 "LaxSameSiteCookie=1;SameSite=Lax"),
3214 DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
3215 req->set_site_for_cookies(
3216 SiteForCookies::FromUrl(GURL("chrome://whatever/")));
3217 req->Start();
3218 d.RunUntilComplete();
3219 CookieList cookies = GetAllCookies(context.get());
3220 EXPECT_EQ(2u, cookies.size());
3221 }
3222
3223 // Verify that they are both sent when the site_for_cookies scheme is
3224 // 'chrome' and the requested origin is secure.
3225 {
3226 TestDelegate d;
3227 std::unique_ptr<URLRequest> req(context->CreateRequest(
3228 https_test_server.GetURL("/echoheader?Cookie"), DEFAULT_PRIORITY, &d,
3229 TRAFFIC_ANNOTATION_FOR_TESTS));
3230 req->set_site_for_cookies(
3231 SiteForCookies::FromUrl(GURL("chrome://whatever/")));
3232 req->Start();
3233 d.RunUntilComplete();
3234 EXPECT_NE(std::string::npos,
3235 d.data_received().find("StrictSameSiteCookie=1"));
3236 EXPECT_NE(std::string::npos, d.data_received().find("LaxSameSiteCookie=1"));
3237 }
3238
3239 // Verify that they are not sent when the site_for_cookies scheme is
3240 // 'chrome' and the requested origin is not secure.
3241 {
3242 TestDelegate d;
3243 std::unique_ptr<URLRequest> req(context->CreateRequest(
3244 http_test_server.GetURL("/echoheader?Cookie"), DEFAULT_PRIORITY, &d,
3245 TRAFFIC_ANNOTATION_FOR_TESTS));
3246 req->set_site_for_cookies(
3247 SiteForCookies::FromUrl(GURL("chrome://whatever/")));
3248 req->Start();
3249 d.RunUntilComplete();
3250 EXPECT_EQ(std::string::npos,
3251 d.data_received().find("StrictSameSiteCookie"));
3252 EXPECT_EQ(std::string::npos, d.data_received().find("LaxSameSiteCookie"));
3253 }
3254 }
3255
TEST_P(URLRequestSameSiteCookiesTest,SettingSameSiteCookies_Redirect)3256 TEST_P(URLRequestSameSiteCookiesTest, SettingSameSiteCookies_Redirect) {
3257 EmbeddedTestServer http_server;
3258 RegisterDefaultHandlers(&http_server);
3259 EmbeddedTestServer https_server(EmbeddedTestServer::TYPE_HTTPS);
3260 https_server.SetSSLConfig(EmbeddedTestServer::CERT_TEST_NAMES);
3261 RegisterDefaultHandlers(&https_server);
3262 ASSERT_TRUE(http_server.Start());
3263 ASSERT_TRUE(https_server.Start());
3264
3265 auto& network_delegate = default_network_delegate();
3266
3267 const std::string kHost = "foo.a.test";
3268 const std::string kSameSiteHost = "bar.a.test";
3269 const std::string kCrossSiteHost = "b.test";
3270 const url::Origin kOrigin =
3271 url::Origin::Create(https_server.GetURL(kHost, "/"));
3272 const url::Origin kHttpOrigin =
3273 url::Origin::Create(http_server.GetURL(kHost, "/"));
3274 const url::Origin kSameSiteOrigin =
3275 url::Origin::Create(https_server.GetURL(kSameSiteHost, "/"));
3276 const url::Origin kCrossSiteOrigin =
3277 url::Origin::Create(https_server.GetURL(kCrossSiteHost, "/"));
3278 const SiteForCookies kSiteForCookies = SiteForCookies::FromOrigin(kOrigin);
3279 const SiteForCookies kHttpSiteForCookies =
3280 SiteForCookies::FromOrigin(kHttpOrigin);
3281 const SiteForCookies kCrossSiteForCookies =
3282 SiteForCookies::FromOrigin(kCrossSiteOrigin);
3283
3284 int expected_cookies = 0;
3285 int expected_set_cookie_count = 0;
3286
3287 // Verify that SameSite cookies can be set for a same-origin redirected
3288 // top-level navigation request.
3289 {
3290 TestDelegate d;
3291 GURL set_cookie_url = https_server.GetURL(
3292 kHost, "/set-cookie?Strict1=1;SameSite=Strict&Lax1=1;SameSite=Lax");
3293 GURL url =
3294 https_server.GetURL(kHost, "/server-redirect?" + set_cookie_url.spec());
3295 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
3296 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
3297 req->set_isolation_info(
3298 IsolationInfo::Create(IsolationInfo::RequestType::kMainFrame, kOrigin,
3299 kOrigin, kSiteForCookies));
3300 req->set_first_party_url_policy(
3301 RedirectInfo::FirstPartyURLPolicy::UPDATE_URL_ON_REDIRECT);
3302 req->set_site_for_cookies(kSiteForCookies);
3303 req->set_initiator(kOrigin);
3304
3305 expected_cookies += 2;
3306 expected_set_cookie_count += 2;
3307
3308 req->Start();
3309 d.RunUntilComplete();
3310 EXPECT_EQ(expected_cookies,
3311 static_cast<int>(GetAllCookies(&default_context()).size()));
3312 EXPECT_EQ(expected_set_cookie_count, network_delegate.set_cookie_count());
3313 }
3314
3315 // Verify that SameSite cookies can be set for a same-site redirected
3316 // top-level navigation request.
3317 {
3318 TestDelegate d;
3319 GURL set_cookie_url = https_server.GetURL(
3320 kHost, "/set-cookie?Strict2=1;SameSite=Strict&Lax2=1;SameSite=Lax");
3321 GURL url = https_server.GetURL(kSameSiteHost,
3322 "/server-redirect?" + set_cookie_url.spec());
3323 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
3324 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
3325 req->set_isolation_info(IsolationInfo::Create(
3326 IsolationInfo::RequestType::kMainFrame, kSameSiteOrigin,
3327 kSameSiteOrigin, kSiteForCookies));
3328 req->set_first_party_url_policy(
3329 RedirectInfo::FirstPartyURLPolicy::UPDATE_URL_ON_REDIRECT);
3330 req->set_site_for_cookies(kSiteForCookies);
3331 req->set_initiator(kSameSiteOrigin);
3332
3333 expected_cookies += 2;
3334 expected_set_cookie_count += 2;
3335
3336 req->Start();
3337 d.RunUntilComplete();
3338 EXPECT_EQ(expected_cookies,
3339 static_cast<int>(GetAllCookies(&default_context()).size()));
3340 EXPECT_EQ(expected_set_cookie_count, network_delegate.set_cookie_count());
3341 }
3342
3343 // Verify that SameSite cookies can be set for a cross-site redirected
3344 // top-level navigation request.
3345 {
3346 TestDelegate d;
3347 GURL set_cookie_url = https_server.GetURL(
3348 kHost, "/set-cookie?Strict3=1;SameSite=Strict&Lax3=1;SameSite=Lax");
3349 GURL url = https_server.GetURL(kCrossSiteHost,
3350 "/server-redirect?" + set_cookie_url.spec());
3351 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
3352 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
3353 req->set_isolation_info(IsolationInfo::Create(
3354 IsolationInfo::RequestType::kMainFrame, kCrossSiteOrigin,
3355 kCrossSiteOrigin, kCrossSiteForCookies));
3356 req->set_first_party_url_policy(
3357 RedirectInfo::FirstPartyURLPolicy::UPDATE_URL_ON_REDIRECT);
3358 req->set_site_for_cookies(kCrossSiteForCookies);
3359 req->set_initiator(kCrossSiteOrigin);
3360
3361 expected_cookies += 2;
3362 expected_set_cookie_count += 2;
3363
3364 req->Start();
3365 d.RunUntilComplete();
3366 EXPECT_EQ(expected_cookies,
3367 static_cast<int>(GetAllCookies(&default_context()).size()));
3368 EXPECT_EQ(expected_set_cookie_count, network_delegate.set_cookie_count());
3369 }
3370
3371 // Verify that SameSite cookies can be set for a same-origin redirected
3372 // subresource request.
3373 {
3374 TestDelegate d;
3375 GURL set_cookie_url = https_server.GetURL(
3376 kHost, "/set-cookie?Strict4=1;SameSite=Strict&Lax4=1;SameSite=Lax");
3377 GURL url =
3378 https_server.GetURL(kHost, "/server-redirect?" + set_cookie_url.spec());
3379 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
3380 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
3381 req->set_isolation_info(IsolationInfo::Create(
3382 IsolationInfo::RequestType::kOther, kOrigin, kOrigin, kSiteForCookies));
3383 req->set_site_for_cookies(kSiteForCookies);
3384 req->set_initiator(kOrigin);
3385
3386 expected_cookies += 2;
3387 expected_set_cookie_count += 2;
3388
3389 req->Start();
3390 d.RunUntilComplete();
3391 EXPECT_EQ(expected_cookies,
3392 static_cast<int>(GetAllCookies(&default_context()).size()));
3393 EXPECT_EQ(expected_set_cookie_count, network_delegate.set_cookie_count());
3394 }
3395
3396 // Verify that SameSite cookies can be set for a same-site redirected
3397 // subresource request.
3398 {
3399 TestDelegate d;
3400 GURL set_cookie_url = https_server.GetURL(
3401 kHost, "/set-cookie?Strict5=1;SameSite=Strict&Lax5=1;SameSite=Lax");
3402 GURL url = https_server.GetURL(kSameSiteHost,
3403 "/server-redirect?" + set_cookie_url.spec());
3404 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
3405 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
3406 req->set_isolation_info(IsolationInfo::Create(
3407 IsolationInfo::RequestType::kOther, kSameSiteOrigin, kSameSiteOrigin,
3408 kSiteForCookies));
3409 req->set_site_for_cookies(kSiteForCookies);
3410 req->set_initiator(kSameSiteOrigin);
3411
3412 expected_cookies += 2;
3413 expected_set_cookie_count += 2;
3414
3415 req->Start();
3416 d.RunUntilComplete();
3417 EXPECT_EQ(expected_cookies,
3418 static_cast<int>(GetAllCookies(&default_context()).size()));
3419 EXPECT_EQ(expected_set_cookie_count, network_delegate.set_cookie_count());
3420 }
3421
3422 // Verify that (depending on whether redirect chains are considered) SameSite
3423 // cookies can/cannot be set for a cross-site redirected subresource request,
3424 // even if the site-for-cookies and initiator are same-site, ...
3425 {
3426 TestDelegate d;
3427 GURL set_cookie_url = https_server.GetURL(
3428 kHost, "/set-cookie?Strict6=1;SameSite=Strict&Lax6=1;SameSite=Lax");
3429 GURL url = https_server.GetURL(kCrossSiteHost,
3430 "/server-redirect?" + set_cookie_url.spec());
3431 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
3432 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
3433 req->set_isolation_info(IsolationInfo::Create(
3434 IsolationInfo::RequestType::kOther, kOrigin, kOrigin, kSiteForCookies));
3435 req->set_site_for_cookies(kSiteForCookies);
3436 req->set_initiator(kOrigin);
3437
3438 expected_cookies += DoesCookieSameSiteConsiderRedirectChain() ? 0 : 2;
3439 expected_set_cookie_count += 2;
3440
3441 req->Start();
3442 d.RunUntilComplete();
3443 EXPECT_EQ(expected_cookies,
3444 static_cast<int>(GetAllCookies(&default_context()).size()));
3445 EXPECT_EQ(expected_set_cookie_count, network_delegate.set_cookie_count());
3446 }
3447 // ... even if the initial URL is same-site.
3448 {
3449 TestDelegate d;
3450 GURL set_cookie_url = https_server.GetURL(
3451 kHost, "/set-cookie?Strict7=1;SameSite=Strict&Lax7=1;SameSite=Lax");
3452 GURL middle_url = https_server.GetURL(
3453 kCrossSiteHost, "/server-redirect?" + set_cookie_url.spec());
3454 GURL url =
3455 https_server.GetURL(kHost, "/server-redirect?" + middle_url.spec());
3456 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
3457 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
3458 req->set_isolation_info(IsolationInfo::Create(
3459 IsolationInfo::RequestType::kOther, kOrigin, kOrigin, kSiteForCookies));
3460 req->set_site_for_cookies(kSiteForCookies);
3461 req->set_initiator(kOrigin);
3462
3463 expected_cookies += DoesCookieSameSiteConsiderRedirectChain() ? 0 : 2;
3464 expected_set_cookie_count += 2;
3465
3466 req->Start();
3467 d.RunUntilComplete();
3468 EXPECT_EQ(expected_cookies,
3469 static_cast<int>(GetAllCookies(&default_context()).size()));
3470 EXPECT_EQ(expected_set_cookie_count, network_delegate.set_cookie_count());
3471 }
3472
3473 // Verify that SameSite cookies may or may not be set for a cross-scheme
3474 // (same-registrable-domain) redirected subresource request, depending on the
3475 // status of Schemeful Same-Site and whether redirect chains are considered.
3476 {
3477 base::test::ScopedFeatureList feature_list;
3478 feature_list.InitAndDisableFeature(features::kSchemefulSameSite);
3479 TestDelegate d;
3480 GURL set_cookie_url = https_server.GetURL(
3481 kHost, "/set-cookie?Strict8=1;SameSite=Strict&Lax8=1;SameSite=Lax");
3482 GURL url =
3483 http_server.GetURL(kHost, "/server-redirect?" + set_cookie_url.spec());
3484 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
3485 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
3486 req->set_isolation_info(
3487 IsolationInfo::Create(IsolationInfo::RequestType::kOther, kHttpOrigin,
3488 kHttpOrigin, kHttpSiteForCookies));
3489 req->set_first_party_url_policy(
3490 RedirectInfo::FirstPartyURLPolicy::UPDATE_URL_ON_REDIRECT);
3491 req->set_site_for_cookies(kHttpSiteForCookies);
3492 req->set_initiator(kOrigin);
3493
3494 expected_cookies += 2;
3495 expected_set_cookie_count += 2;
3496
3497 req->Start();
3498 d.RunUntilComplete();
3499 EXPECT_EQ(expected_cookies,
3500 static_cast<int>(GetAllCookies(&default_context()).size()));
3501 EXPECT_EQ(expected_set_cookie_count, network_delegate.set_cookie_count());
3502 }
3503 {
3504 base::test::ScopedFeatureList feature_list;
3505 feature_list.InitAndEnableFeature(features::kSchemefulSameSite);
3506 TestDelegate d;
3507 GURL set_cookie_url = https_server.GetURL(
3508 kHost, "/set-cookie?Strict9=1;SameSite=Strict&Lax9=1;SameSite=Lax");
3509 GURL url =
3510 http_server.GetURL(kHost, "/server-redirect?" + set_cookie_url.spec());
3511 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
3512 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
3513 req->set_isolation_info(
3514 IsolationInfo::Create(IsolationInfo::RequestType::kOther, kHttpOrigin,
3515 kHttpOrigin, kHttpSiteForCookies));
3516 req->set_first_party_url_policy(
3517 RedirectInfo::FirstPartyURLPolicy::UPDATE_URL_ON_REDIRECT);
3518 req->set_site_for_cookies(kHttpSiteForCookies);
3519 req->set_initiator(kOrigin);
3520
3521 expected_cookies += DoesCookieSameSiteConsiderRedirectChain() ? 0 : 2;
3522 expected_set_cookie_count += 2;
3523
3524 req->Start();
3525 d.RunUntilComplete();
3526 EXPECT_EQ(expected_cookies,
3527 static_cast<int>(GetAllCookies(&default_context()).size()));
3528 EXPECT_EQ(expected_set_cookie_count, network_delegate.set_cookie_count());
3529 }
3530 }
3531
3532 INSTANTIATE_TEST_SUITE_P(/* no label */,
3533 URLRequestSameSiteCookiesTest,
3534 ::testing::Bool());
3535
TEST_F(URLRequestTest,PartitionedCookiesRedirect)3536 TEST_F(URLRequestTest, PartitionedCookiesRedirect) {
3537 EmbeddedTestServer https_server(EmbeddedTestServer::TYPE_HTTPS);
3538 https_server.SetSSLConfig(EmbeddedTestServer::CERT_TEST_NAMES);
3539 RegisterDefaultHandlers(&https_server);
3540 ASSERT_TRUE(https_server.Start());
3541
3542 const std::string kHost = "a.test";
3543 const std::string kCrossSiteHost = "b.test";
3544
3545 const GURL create_cookie_url = https_server.GetURL(kHost, "/");
3546
3547 auto context_builder = CreateTestURLRequestContextBuilder();
3548 context_builder->SetCookieStore(
3549 std::make_unique<CookieMonster>(nullptr, nullptr));
3550 auto context = context_builder->Build();
3551 auto& cm = *static_cast<CookieMonster*>(context->cookie_store());
3552
3553 // Set partitioned cookie with same-site partitionkey.
3554 {
3555 auto same_site_partitioned_cookie = CanonicalCookie::CreateForTesting(
3556 create_cookie_url, "samesite_partitioned=1;Secure;Partitioned",
3557 base::Time::Now(), std::nullopt,
3558 CookiePartitionKey::FromURLForTesting(create_cookie_url));
3559 ASSERT_TRUE(same_site_partitioned_cookie);
3560 ASSERT_TRUE(same_site_partitioned_cookie->IsPartitioned());
3561 base::test::TestFuture<CookieAccessResult> future;
3562 cm.SetCanonicalCookieAsync(
3563 std::move(same_site_partitioned_cookie), create_cookie_url,
3564 CookieOptions::MakeAllInclusive(), future.GetCallback());
3565 ASSERT_TRUE(future.Get().status.IsInclude());
3566 }
3567
3568 // Set a partitioned cookie with a cross-site partition key.
3569 // In the redirect below from site B to A, this cookie's partition key is site
3570 // B it should not be sent in the redirected request.
3571 {
3572 auto cross_site_partitioned_cookie = CanonicalCookie::CreateForTesting(
3573 create_cookie_url, "xsite_partitioned=1;Secure;Partitioned",
3574 base::Time::Now(), std::nullopt,
3575 CookiePartitionKey::FromURLForTesting(
3576 https_server.GetURL(kCrossSiteHost, "/")));
3577 ASSERT_TRUE(cross_site_partitioned_cookie);
3578 ASSERT_TRUE(cross_site_partitioned_cookie->IsPartitioned());
3579 base::test::TestFuture<CookieAccessResult> future;
3580 cm.SetCanonicalCookieAsync(
3581 std::move(cross_site_partitioned_cookie), create_cookie_url,
3582 CookieOptions::MakeAllInclusive(), future.GetCallback());
3583 ASSERT_TRUE(future.Get().status.IsInclude());
3584 }
3585
3586 const auto kCrossSiteOrigin =
3587 url::Origin::Create(https_server.GetURL(kCrossSiteHost, "/"));
3588 const auto kCrossSiteSiteForCookies =
3589 SiteForCookies::FromOrigin(kCrossSiteOrigin);
3590
3591 // Test that when a request is redirected that the partitioned cookies
3592 // attached to the redirected request match the partition key of the new
3593 // request.
3594 TestDelegate d;
3595 GURL url = https_server.GetURL(
3596 kCrossSiteHost,
3597 "/server-redirect?" +
3598 https_server.GetURL(kHost, "/echoheader?Cookie").spec());
3599 std::unique_ptr<URLRequest> req = context->CreateRequest(
3600 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS);
3601 req->set_isolation_info(IsolationInfo::Create(
3602 IsolationInfo::RequestType::kMainFrame, kCrossSiteOrigin,
3603 kCrossSiteOrigin, kCrossSiteSiteForCookies));
3604 req->set_first_party_url_policy(
3605 RedirectInfo::FirstPartyURLPolicy::UPDATE_URL_ON_REDIRECT);
3606 req->set_site_for_cookies(kCrossSiteSiteForCookies);
3607 req->set_initiator(kCrossSiteOrigin);
3608 req->Start();
3609 d.RunUntilComplete();
3610
3611 EXPECT_EQ(2u, req->url_chain().size());
3612 EXPECT_NE(std::string::npos,
3613 d.data_received().find("samesite_partitioned=1"));
3614 EXPECT_EQ(std::string::npos, d.data_received().find("xsite_partitioned=1"));
3615 }
3616
3617 // Tests that __Secure- cookies can't be set on non-secure origins.
TEST_F(URLRequestTest,SecureCookiePrefixOnNonsecureOrigin)3618 TEST_F(URLRequestTest, SecureCookiePrefixOnNonsecureOrigin) {
3619 EmbeddedTestServer http_server;
3620 RegisterDefaultHandlers(&http_server);
3621 EmbeddedTestServer https_server(EmbeddedTestServer::TYPE_HTTPS);
3622 https_server.SetSSLConfig(EmbeddedTestServer::CERT_TEST_NAMES);
3623 RegisterDefaultHandlers(&https_server);
3624 ASSERT_TRUE(http_server.Start());
3625 ASSERT_TRUE(https_server.Start());
3626
3627 // Try to set a Secure __Secure- cookie on http://a.test (non-secure origin).
3628 {
3629 TestDelegate d;
3630 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
3631 default_context(),
3632 http_server.GetURL("a.test",
3633 "/set-cookie?__Secure-nonsecure-origin=1;Secure&"
3634 "cookienotsecure=1"),
3635 &d);
3636 req->Start();
3637 d.RunUntilComplete();
3638 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
3639 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
3640 }
3641
3642 // Verify that the __Secure- cookie was not set by checking cookies for
3643 // https://a.test (secure origin).
3644 {
3645 TestDelegate d;
3646 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
3647 default_context(), https_server.GetURL("a.test", "/echoheader?Cookie"),
3648 &d);
3649 req->Start();
3650 d.RunUntilComplete();
3651
3652 EXPECT_EQ(d.data_received().find("__Secure-nonsecure-origin=1"),
3653 std::string::npos);
3654 EXPECT_NE(d.data_received().find("cookienotsecure=1"), std::string::npos);
3655 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
3656 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
3657 }
3658 }
3659
TEST_F(URLRequestTest,SecureCookiePrefixNonsecure)3660 TEST_F(URLRequestTest, SecureCookiePrefixNonsecure) {
3661 EmbeddedTestServer https_server(EmbeddedTestServer::TYPE_HTTPS);
3662 RegisterDefaultHandlers(&https_server);
3663 ASSERT_TRUE(https_server.Start());
3664
3665 // Try to set a non-Secure __Secure- cookie.
3666 {
3667 TestDelegate d;
3668 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
3669 default_context(), https_server.GetURL("/set-cookie?__Secure-foo=1"),
3670 &d);
3671 req->Start();
3672 d.RunUntilComplete();
3673 EXPECT_EQ(0, default_network_delegate().set_cookie_count());
3674 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
3675 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
3676 }
3677
3678 // Verify that the cookie is not set.
3679 {
3680 TestDelegate d;
3681 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
3682 default_context(), https_server.GetURL("/echoheader?Cookie"), &d);
3683 req->Start();
3684 d.RunUntilComplete();
3685
3686 EXPECT_EQ(d.data_received().find("__Secure-foo=1"), std::string::npos);
3687 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
3688 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
3689 }
3690 }
3691
TEST_F(URLRequestTest,SecureCookiePrefixSecure)3692 TEST_F(URLRequestTest, SecureCookiePrefixSecure) {
3693 EmbeddedTestServer https_server(EmbeddedTestServer::TYPE_HTTPS);
3694 RegisterDefaultHandlers(&https_server);
3695 ASSERT_TRUE(https_server.Start());
3696
3697 // Try to set a Secure __Secure- cookie.
3698 {
3699 TestDelegate d;
3700 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
3701 default_context(),
3702 https_server.GetURL("/set-cookie?__Secure-bar=1;Secure"), &d);
3703 req->Start();
3704 d.RunUntilComplete();
3705 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
3706 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
3707 }
3708
3709 // Verify that the cookie is set.
3710 {
3711 TestDelegate d;
3712 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
3713 default_context(), https_server.GetURL("/echoheader?Cookie"), &d);
3714 req->Start();
3715 d.RunUntilComplete();
3716
3717 EXPECT_NE(d.data_received().find("__Secure-bar=1"), std::string::npos);
3718 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
3719 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
3720 }
3721 }
3722
3723 // Tests that secure cookies can't be set on non-secure origins if strict secure
3724 // cookies are enabled.
TEST_F(URLRequestTest,StrictSecureCookiesOnNonsecureOrigin)3725 TEST_F(URLRequestTest, StrictSecureCookiesOnNonsecureOrigin) {
3726 EmbeddedTestServer http_server;
3727 RegisterDefaultHandlers(&http_server);
3728 EmbeddedTestServer https_server(EmbeddedTestServer::TYPE_HTTPS);
3729 https_server.SetSSLConfig(EmbeddedTestServer::CERT_TEST_NAMES);
3730 RegisterDefaultHandlers(&https_server);
3731 ASSERT_TRUE(http_server.Start());
3732 ASSERT_TRUE(https_server.Start());
3733
3734 // Try to set a Secure cookie and a non-Secure cookie from a nonsecure origin.
3735 {
3736 TestDelegate d;
3737 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
3738 default_context(),
3739 http_server.GetURL("a.test",
3740 "/set-cookie?nonsecure-origin=1;Secure&"
3741 "cookienotsecure=1"),
3742 &d);
3743 req->Start();
3744 d.RunUntilComplete();
3745 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
3746 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
3747 }
3748
3749 // Verify that the Secure cookie was not set.
3750 {
3751 TestDelegate d;
3752 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
3753 default_context(), https_server.GetURL("a.test", "/echoheader?Cookie"),
3754 &d);
3755 req->Start();
3756 d.RunUntilComplete();
3757
3758 EXPECT_EQ(d.data_received().find("nonsecure-origin=1"), std::string::npos);
3759 EXPECT_NE(d.data_received().find("cookienotsecure=1"), std::string::npos);
3760 EXPECT_EQ(0, default_network_delegate().blocked_annotate_cookies_count());
3761 EXPECT_EQ(0, default_network_delegate().blocked_set_cookie_count());
3762 }
3763 }
3764
3765 // FixedDateNetworkDelegate swaps out the server's HTTP Date response header
3766 // value for the `fixed_date_` member.
3767 class FixedDateNetworkDelegate : public TestNetworkDelegate {
3768 public:
FixedDateNetworkDelegate(std::string_view fixed_date)3769 explicit FixedDateNetworkDelegate(std::string_view fixed_date)
3770 : fixed_date_(fixed_date) {}
3771
3772 FixedDateNetworkDelegate(const FixedDateNetworkDelegate&) = delete;
3773 FixedDateNetworkDelegate& operator=(const FixedDateNetworkDelegate&) = delete;
3774
3775 ~FixedDateNetworkDelegate() override = default;
3776
set_fixed_date(std::string_view fixed_date)3777 void set_fixed_date(std::string_view fixed_date) {
3778 fixed_date_ = static_cast<std::string>(fixed_date);
3779 }
3780
3781 // NetworkDelegate implementation
3782 int OnHeadersReceived(
3783 URLRequest* request,
3784 CompletionOnceCallback callback,
3785 const HttpResponseHeaders* original_response_headers,
3786 scoped_refptr<HttpResponseHeaders>* override_response_headers,
3787 const IPEndPoint& endpoint,
3788 std::optional<GURL>* preserve_fragment_on_redirect_url) override;
3789
3790 private:
3791 std::string fixed_date_;
3792 };
3793
OnHeadersReceived(URLRequest * request,CompletionOnceCallback callback,const HttpResponseHeaders * original_response_headers,scoped_refptr<HttpResponseHeaders> * override_response_headers,const IPEndPoint & endpoint,std::optional<GURL> * preserve_fragment_on_redirect_url)3794 int FixedDateNetworkDelegate::OnHeadersReceived(
3795 URLRequest* request,
3796 CompletionOnceCallback callback,
3797 const HttpResponseHeaders* original_response_headers,
3798 scoped_refptr<HttpResponseHeaders>* override_response_headers,
3799 const IPEndPoint& endpoint,
3800 std::optional<GURL>* preserve_fragment_on_redirect_url) {
3801 *override_response_headers = base::MakeRefCounted<HttpResponseHeaders>(
3802 original_response_headers->raw_headers());
3803
3804 (*override_response_headers)->SetHeader("Date", fixed_date_);
3805
3806 return TestNetworkDelegate::OnHeadersReceived(
3807 request, std::move(callback), original_response_headers,
3808 override_response_headers, endpoint, preserve_fragment_on_redirect_url);
3809 }
3810
3811 // Test that cookie expiration times are adjusted for server/client clock
3812 // skew and that we handle incorrect timezone specifier "UTC" in HTTP Date
3813 // headers by defaulting to GMT. (crbug.com/135131)
TEST_F(URLRequestTest,AcceptClockSkewCookieWithWrongDateTimezone)3814 TEST_F(URLRequestTest, AcceptClockSkewCookieWithWrongDateTimezone) {
3815 HttpTestServer test_server;
3816 ASSERT_TRUE(test_server.Start());
3817
3818 auto context_builder = CreateTestURLRequestContextBuilder();
3819 auto& network_delegate = *context_builder->set_network_delegate(
3820 std::make_unique<FixedDateNetworkDelegate>("04-Jan-2004 04:09:25 UTC"));
3821 auto context = context_builder->Build();
3822
3823 // Set up an expired cookie.
3824 {
3825 TestDelegate d;
3826 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
3827 *context,
3828 test_server.GetURL(
3829 "/set-cookie?StillGood=1;expires=Mon,18-Apr-1977,22:50:13,GMT"),
3830 &d);
3831 req->Start();
3832 d.RunUntilComplete();
3833 }
3834 // Verify that the cookie is not set.
3835 {
3836 TestDelegate d;
3837 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
3838 *context, test_server.GetURL("/echoheader?Cookie"), &d);
3839 req->Start();
3840 d.RunUntilComplete();
3841
3842 EXPECT_TRUE(d.data_received().find("StillGood=1") == std::string::npos);
3843 }
3844 // Set up a cookie with clock skew and "UTC" HTTP Date timezone specifier.
3845 {
3846 TestDelegate d;
3847 network_delegate.set_fixed_date("18-Apr-1977 22:49:13 UTC");
3848 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
3849 *context,
3850 test_server.GetURL(
3851 "/set-cookie?StillGood=1;expires=Mon,18-Apr-1977,22:50:13,GMT"),
3852 &d);
3853 req->Start();
3854 d.RunUntilComplete();
3855 }
3856 // Verify that the cookie is set.
3857 {
3858 TestDelegate d;
3859 std::unique_ptr<URLRequest> req = CreateFirstPartyRequest(
3860 *context, test_server.GetURL("/echoheader?Cookie"), &d);
3861 req->Start();
3862 d.RunUntilComplete();
3863
3864 EXPECT_TRUE(d.data_received().find("StillGood=1") != std::string::npos);
3865 }
3866 }
3867
3868 // Check that it is impossible to change the referrer in the extra headers of
3869 // an URLRequest.
TEST_F(URLRequestTest,DoNotOverrideReferrer)3870 TEST_F(URLRequestTest, DoNotOverrideReferrer) {
3871 HttpTestServer test_server;
3872 ASSERT_TRUE(test_server.Start());
3873
3874 // If extra headers contain referer and the request contains a referer,
3875 // only the latter shall be respected.
3876 {
3877 TestDelegate d;
3878 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
3879 test_server.GetURL("/echoheader?Referer"), DEFAULT_PRIORITY, &d,
3880 TRAFFIC_ANNOTATION_FOR_TESTS));
3881 req->SetReferrer("http://foo.com/");
3882
3883 HttpRequestHeaders headers;
3884 headers.SetHeader(HttpRequestHeaders::kReferer, "http://bar.com/");
3885 req->SetExtraRequestHeaders(headers);
3886
3887 req->Start();
3888 d.RunUntilComplete();
3889
3890 EXPECT_EQ("http://foo.com/", d.data_received());
3891 }
3892
3893 // If extra headers contain a referer but the request does not, no referer
3894 // shall be sent in the header.
3895 {
3896 TestDelegate d;
3897 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
3898 test_server.GetURL("/echoheader?Referer"), DEFAULT_PRIORITY, &d,
3899 TRAFFIC_ANNOTATION_FOR_TESTS));
3900
3901 HttpRequestHeaders headers;
3902 headers.SetHeader(HttpRequestHeaders::kReferer, "http://bar.com/");
3903 req->SetExtraRequestHeaders(headers);
3904 req->SetLoadFlags(LOAD_VALIDATE_CACHE);
3905
3906 req->Start();
3907 d.RunUntilComplete();
3908
3909 EXPECT_EQ("None", d.data_received());
3910 }
3911 }
3912
3913 class URLRequestTestHTTP : public URLRequestTest {
3914 public:
3915 const url::Origin origin1_;
3916 const url::Origin origin2_;
3917 const IsolationInfo isolation_info1_;
3918 const IsolationInfo isolation_info2_;
3919
URLRequestTestHTTP()3920 URLRequestTestHTTP()
3921 : origin1_(url::Origin::Create(GURL("https://foo.test/"))),
3922 origin2_(url::Origin::Create(GURL("https://bar.test/"))),
3923 isolation_info1_(IsolationInfo::CreateForInternalRequest(origin1_)),
3924 isolation_info2_(IsolationInfo::CreateForInternalRequest(origin2_)),
3925 test_server_(base::FilePath(kTestFilePath)) {
3926 }
3927
3928 protected:
3929 // ProtocolHandler for the scheme that's unsafe to redirect to.
3930 class NET_EXPORT UnsafeRedirectProtocolHandler
3931 : public URLRequestJobFactory::ProtocolHandler {
3932 public:
3933 UnsafeRedirectProtocolHandler() = default;
3934
3935 UnsafeRedirectProtocolHandler(const UnsafeRedirectProtocolHandler&) =
3936 delete;
3937 UnsafeRedirectProtocolHandler& operator=(
3938 const UnsafeRedirectProtocolHandler&) = delete;
3939
3940 ~UnsafeRedirectProtocolHandler() override = default;
3941
3942 // URLRequestJobFactory::ProtocolHandler implementation:
3943
CreateJob(URLRequest * request) const3944 std::unique_ptr<URLRequestJob> CreateJob(
3945 URLRequest* request) const override {
3946 NOTREACHED();
3947 return nullptr;
3948 }
3949
IsSafeRedirectTarget(const GURL & location) const3950 bool IsSafeRedirectTarget(const GURL& location) const override {
3951 return false;
3952 }
3953 };
3954
3955 // URLRequestTest interface:
SetUpContextBuilder(URLRequestContextBuilder & builder)3956 void SetUpContextBuilder(URLRequestContextBuilder& builder) override {
3957 // Add support for an unsafe scheme to the default URLRequestContext.
3958 builder.SetProtocolHandler(
3959 "unsafe", std::make_unique<UnsafeRedirectProtocolHandler>());
3960 }
3961
3962 // Requests |redirect_url|, which must return a HTTP 3xx redirect.
3963 // |request_method| is the method to use for the initial request.
3964 // |redirect_method| is the method that is expected to be used for the second
3965 // request, after redirection.
3966 // If |include_data| is true, data is uploaded with the request. The
3967 // response body is expected to match it exactly, if and only if
3968 // |request_method| == |redirect_method|.
HTTPRedirectMethodTest(const GURL & redirect_url,const std::string & request_method,const std::string & redirect_method,bool include_data)3969 void HTTPRedirectMethodTest(const GURL& redirect_url,
3970 const std::string& request_method,
3971 const std::string& redirect_method,
3972 bool include_data) {
3973 static const char kData[] = "hello world";
3974 TestDelegate d;
3975 std::unique_ptr<URLRequest> req =
3976 CreateFirstPartyRequest(default_context(), redirect_url, &d);
3977 req->set_method(request_method);
3978 if (include_data) {
3979 req->set_upload(CreateSimpleUploadData(kData));
3980 HttpRequestHeaders headers;
3981 headers.SetHeader(HttpRequestHeaders::kContentLength,
3982 base::NumberToString(std::size(kData) - 1));
3983 headers.SetHeader(HttpRequestHeaders::kContentType, "text/plain");
3984 req->SetExtraRequestHeaders(headers);
3985 }
3986 req->Start();
3987 d.RunUntilComplete();
3988 EXPECT_EQ(redirect_method, req->method());
3989 EXPECT_EQ(OK, d.request_status());
3990 if (include_data) {
3991 if (request_method == redirect_method) {
3992 EXPECT_TRUE(req->extra_request_headers().HasHeader(
3993 HttpRequestHeaders::kContentLength));
3994 EXPECT_TRUE(req->extra_request_headers().HasHeader(
3995 HttpRequestHeaders::kContentType));
3996 EXPECT_EQ(kData, d.data_received());
3997 } else {
3998 EXPECT_FALSE(req->extra_request_headers().HasHeader(
3999 HttpRequestHeaders::kContentLength));
4000 EXPECT_FALSE(req->extra_request_headers().HasHeader(
4001 HttpRequestHeaders::kContentType));
4002 EXPECT_NE(kData, d.data_received());
4003 }
4004 }
4005 if (HasFailure())
4006 LOG(WARNING) << "Request method was: " << request_method;
4007 }
4008
4009 // Requests |redirect_url|, which must return a HTTP 3xx redirect. It's also
4010 // used as the initial origin.
4011 // |request_method| is the method to use for the initial request.
4012 // |redirect_method| is the method that is expected to be used for the second
4013 // request, after redirection.
4014 // |expected_origin_value| is the expected value for the Origin header after
4015 // redirection. If empty, expects that there will be no Origin header.
HTTPRedirectOriginHeaderTest(const GURL & redirect_url,const std::string & request_method,const std::string & redirect_method,const std::string & expected_origin_value)4016 void HTTPRedirectOriginHeaderTest(const GURL& redirect_url,
4017 const std::string& request_method,
4018 const std::string& redirect_method,
4019 const std::string& expected_origin_value) {
4020 TestDelegate d;
4021 std::unique_ptr<URLRequest> req =
4022 CreateFirstPartyRequest(default_context(), redirect_url, &d);
4023 req->set_method(request_method);
4024 req->SetExtraRequestHeaderByName(
4025 HttpRequestHeaders::kOrigin,
4026 redirect_url.DeprecatedGetOriginAsURL().spec(), false);
4027 req->Start();
4028
4029 d.RunUntilComplete();
4030
4031 EXPECT_EQ(redirect_method, req->method());
4032 // Note that there is no check for request success here because, for
4033 // purposes of testing, the request very well may fail. For example, if the
4034 // test redirects to an HTTPS server from an HTTP origin, thus it is cross
4035 // origin, there is not an HTTPS server in this unit test framework, so the
4036 // request would fail. However, that's fine, as long as the request headers
4037 // are in order and pass the checks below.
4038 if (expected_origin_value.empty()) {
4039 EXPECT_FALSE(
4040 req->extra_request_headers().HasHeader(HttpRequestHeaders::kOrigin));
4041 } else {
4042 std::string origin_header;
4043 EXPECT_TRUE(req->extra_request_headers().GetHeader(
4044 HttpRequestHeaders::kOrigin, &origin_header));
4045 EXPECT_EQ(expected_origin_value, origin_header);
4046 }
4047 }
4048
HTTPUploadDataOperationTest(const std::string & method)4049 void HTTPUploadDataOperationTest(const std::string& method) {
4050 const int kMsgSize = 20000; // multiple of 10
4051 const int kIterations = 50;
4052 auto uploadBytes = std::make_unique<char[]>(kMsgSize + 1);
4053 char* ptr = uploadBytes.get();
4054 char marker = 'a';
4055 for (int idx = 0; idx < kMsgSize / 10; idx++) {
4056 memcpy(ptr, "----------", 10);
4057 ptr += 10;
4058 if (idx % 100 == 0) {
4059 ptr--;
4060 *ptr++ = marker;
4061 if (++marker > 'z')
4062 marker = 'a';
4063 }
4064 }
4065 uploadBytes[kMsgSize] = '\0';
4066
4067 for (int i = 0; i < kIterations; ++i) {
4068 TestDelegate d;
4069 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
4070 test_server_.GetURL("/echo"), DEFAULT_PRIORITY, &d,
4071 TRAFFIC_ANNOTATION_FOR_TESTS));
4072 r->set_method(method);
4073
4074 r->set_upload(CreateSimpleUploadData(uploadBytes.get()));
4075
4076 r->Start();
4077 EXPECT_TRUE(r->is_pending());
4078
4079 d.RunUntilComplete();
4080
4081 ASSERT_EQ(1, d.response_started_count())
4082 << "request failed. Error: " << d.request_status();
4083
4084 EXPECT_FALSE(d.received_data_before_response());
4085 EXPECT_EQ(std::string_view(uploadBytes.get(), kMsgSize),
4086 d.data_received());
4087 }
4088 }
4089
http_test_server()4090 HttpTestServer* http_test_server() { return &test_server_; }
4091
4092 private:
4093 base::test::ScopedFeatureList feature_list_;
4094
4095 HttpTestServer test_server_;
4096 };
4097
4098 namespace {
4099
HandleRedirectConnect(const test_server::HttpRequest & request)4100 std::unique_ptr<test_server::HttpResponse> HandleRedirectConnect(
4101 const test_server::HttpRequest& request) {
4102 if (request.headers.find("Host") == request.headers.end() ||
4103 request.headers.at("Host") != "www.redirect.com" ||
4104 request.method != test_server::METHOD_CONNECT) {
4105 return nullptr;
4106 }
4107
4108 auto http_response = std::make_unique<test_server::BasicHttpResponse>();
4109 http_response->set_code(HTTP_FOUND);
4110 http_response->AddCustomHeader("Location",
4111 "http://www.destination.com/foo.js");
4112 return std::move(http_response);
4113 }
4114
4115 } // namespace
4116
4117 // In this unit test, we're using the HTTPTestServer as a proxy server and
4118 // issuing a CONNECT request with the magic host name "www.redirect.com".
4119 // The EmbeddedTestServer will return a 302 response, which we should not
4120 // follow.
TEST_F(URLRequestTestHTTP,ProxyTunnelRedirectTest)4121 TEST_F(URLRequestTestHTTP, ProxyTunnelRedirectTest) {
4122 http_test_server()->RegisterRequestHandler(
4123 base::BindRepeating(&HandleRedirectConnect));
4124 ASSERT_TRUE(http_test_server()->Start());
4125
4126 auto context_builder = CreateTestURLRequestContextBuilder();
4127 context_builder->set_proxy_resolution_service(
4128 CreateFixedProxyResolutionService(
4129 http_test_server()->host_port_pair().ToString()));
4130 auto context = context_builder->Build();
4131
4132 TestDelegate d;
4133 {
4134 std::unique_ptr<URLRequest> r(context->CreateRequest(
4135 GURL("https://www.redirect.com/"), DEFAULT_PRIORITY, &d,
4136 TRAFFIC_ANNOTATION_FOR_TESTS));
4137 r->Start();
4138 EXPECT_TRUE(r->is_pending());
4139
4140 d.RunUntilComplete();
4141
4142 // The proxy chain should be set before failure.
4143 EXPECT_EQ(ProxyChain(ProxyServer::SCHEME_HTTP,
4144 http_test_server()->host_port_pair()),
4145 r->proxy_chain());
4146 EXPECT_EQ(ERR_TUNNEL_CONNECTION_FAILED, d.request_status());
4147 EXPECT_EQ(1, d.response_started_count());
4148 // We should not have followed the redirect.
4149 EXPECT_EQ(0, d.received_redirect_count());
4150 }
4151 }
4152
4153 // This is the same as the previous test, but checks that the network delegate
4154 // registers the error.
TEST_F(URLRequestTestHTTP,NetworkDelegateTunnelConnectionFailed)4155 TEST_F(URLRequestTestHTTP, NetworkDelegateTunnelConnectionFailed) {
4156 ASSERT_TRUE(http_test_server()->Start());
4157
4158 auto context_builder = CreateTestURLRequestContextBuilder();
4159 context_builder->set_proxy_resolution_service(
4160 CreateFixedProxyResolutionService(
4161 http_test_server()->host_port_pair().ToString()));
4162 auto& network_delegate = *context_builder->set_network_delegate(
4163 std::make_unique<TestNetworkDelegate>());
4164 auto context = context_builder->Build();
4165
4166 TestDelegate d;
4167 {
4168 std::unique_ptr<URLRequest> r(context->CreateRequest(
4169 GURL("https://www.redirect.com/"), DEFAULT_PRIORITY, &d,
4170 TRAFFIC_ANNOTATION_FOR_TESTS));
4171 r->Start();
4172 EXPECT_TRUE(r->is_pending());
4173
4174 d.RunUntilComplete();
4175
4176 // The proxy chain should be set before failure.
4177 EXPECT_EQ(ProxyChain(ProxyServer::SCHEME_HTTP,
4178 http_test_server()->host_port_pair()),
4179 r->proxy_chain());
4180 EXPECT_EQ(1, d.response_started_count());
4181 EXPECT_EQ(ERR_TUNNEL_CONNECTION_FAILED, d.request_status());
4182 // We should not have followed the redirect.
4183 EXPECT_EQ(0, d.received_redirect_count());
4184
4185 EXPECT_EQ(1, network_delegate.error_count());
4186 EXPECT_THAT(network_delegate.last_error(),
4187 IsError(ERR_TUNNEL_CONNECTION_FAILED));
4188 }
4189 }
4190
4191 // Tests that we can block and asynchronously return OK in various stages.
TEST_F(URLRequestTestHTTP,NetworkDelegateBlockAsynchronously)4192 TEST_F(URLRequestTestHTTP, NetworkDelegateBlockAsynchronously) {
4193 static const BlockingNetworkDelegate::Stage blocking_stages[] = {
4194 BlockingNetworkDelegate::ON_BEFORE_URL_REQUEST,
4195 BlockingNetworkDelegate::ON_BEFORE_SEND_HEADERS,
4196 BlockingNetworkDelegate::ON_HEADERS_RECEIVED};
4197
4198 ASSERT_TRUE(http_test_server()->Start());
4199
4200 TestDelegate d;
4201 auto context_builder = CreateTestURLRequestContextBuilder();
4202 auto& network_delegate = *context_builder->set_network_delegate(
4203 std::make_unique<BlockingNetworkDelegate>(
4204 BlockingNetworkDelegate::USER_CALLBACK));
4205 network_delegate.set_block_on(
4206 BlockingNetworkDelegate::ON_BEFORE_URL_REQUEST |
4207 BlockingNetworkDelegate::ON_BEFORE_SEND_HEADERS |
4208 BlockingNetworkDelegate::ON_HEADERS_RECEIVED);
4209 auto context = context_builder->Build();
4210
4211 {
4212 std::unique_ptr<URLRequest> r(context->CreateRequest(
4213 http_test_server()->GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d,
4214 TRAFFIC_ANNOTATION_FOR_TESTS));
4215
4216 r->Start();
4217 for (auto stage : blocking_stages) {
4218 network_delegate.RunUntilBlocked();
4219 EXPECT_EQ(stage, network_delegate.stage_blocked_for_callback());
4220 network_delegate.DoCallback(OK);
4221 }
4222 d.RunUntilComplete();
4223 EXPECT_EQ(200, r->GetResponseCode());
4224 EXPECT_EQ(OK, d.request_status());
4225 EXPECT_EQ(1, network_delegate.created_requests());
4226 EXPECT_EQ(0, network_delegate.destroyed_requests());
4227 }
4228 EXPECT_EQ(1, network_delegate.destroyed_requests());
4229 }
4230
4231 // Tests that the network delegate can block and cancel a request.
TEST_F(URLRequestTestHTTP,NetworkDelegateCancelRequest)4232 TEST_F(URLRequestTestHTTP, NetworkDelegateCancelRequest) {
4233 ASSERT_TRUE(http_test_server()->Start());
4234
4235 TestDelegate d;
4236 auto context_builder = CreateTestURLRequestContextBuilder();
4237 context_builder->set_proxy_resolution_service(
4238 CreateFixedProxyResolutionService(
4239 http_test_server()->host_port_pair().ToString()));
4240 auto& network_delegate = *context_builder->set_network_delegate(
4241 std::make_unique<BlockingNetworkDelegate>(
4242 BlockingNetworkDelegate::AUTO_CALLBACK));
4243 auto context = context_builder->Build();
4244
4245 network_delegate.set_block_on(BlockingNetworkDelegate::ON_BEFORE_URL_REQUEST);
4246 network_delegate.set_retval(ERR_EMPTY_RESPONSE);
4247 {
4248 std::unique_ptr<URLRequest> r(context->CreateRequest(
4249 http_test_server()->GetURL("/"), DEFAULT_PRIORITY, &d,
4250 TRAFFIC_ANNOTATION_FOR_TESTS));
4251
4252 r->Start();
4253 d.RunUntilComplete();
4254
4255 // The proxy chain is not set before cancellation.
4256 EXPECT_FALSE(r->proxy_chain().IsValid());
4257 EXPECT_EQ(ERR_EMPTY_RESPONSE, d.request_status());
4258 EXPECT_EQ(1, network_delegate.created_requests());
4259 EXPECT_EQ(0, network_delegate.destroyed_requests());
4260 }
4261 EXPECT_EQ(1, network_delegate.destroyed_requests());
4262 }
4263
4264 // Helper function for NetworkDelegateCancelRequestAsynchronously and
4265 // NetworkDelegateCancelRequestSynchronously. Sets up a blocking network
4266 // delegate operating in |block_mode| and a request for |url|. It blocks the
4267 // request in |stage| and cancels it with ERR_BLOCKED_BY_CLIENT.
NetworkDelegateCancelRequest(BlockingNetworkDelegate::BlockMode block_mode,BlockingNetworkDelegate::Stage stage,const GURL & url)4268 void NetworkDelegateCancelRequest(BlockingNetworkDelegate::BlockMode block_mode,
4269 BlockingNetworkDelegate::Stage stage,
4270 const GURL& url) {
4271 TestDelegate d;
4272 auto context_builder = CreateTestURLRequestContextBuilder();
4273 auto& network_delegate = *context_builder->set_network_delegate(
4274 std::make_unique<BlockingNetworkDelegate>(block_mode));
4275 network_delegate.set_retval(ERR_BLOCKED_BY_CLIENT);
4276 network_delegate.set_block_on(stage);
4277
4278 auto context = context_builder->Build();
4279 {
4280 std::unique_ptr<URLRequest> r(context->CreateRequest(
4281 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
4282
4283 r->Start();
4284 d.RunUntilComplete();
4285
4286 // The proxy chain is not set before cancellation.
4287 if (stage == BlockingNetworkDelegate::ON_BEFORE_URL_REQUEST ||
4288 stage == BlockingNetworkDelegate::ON_BEFORE_SEND_HEADERS) {
4289 EXPECT_FALSE(r->proxy_chain().IsValid());
4290 } else if (stage == BlockingNetworkDelegate::ON_HEADERS_RECEIVED) {
4291 EXPECT_TRUE(r->proxy_chain().is_direct());
4292 } else {
4293 NOTREACHED();
4294 }
4295 EXPECT_EQ(ERR_BLOCKED_BY_CLIENT, d.request_status());
4296 EXPECT_EQ(1, network_delegate.created_requests());
4297 EXPECT_EQ(0, network_delegate.destroyed_requests());
4298 }
4299 EXPECT_EQ(1, network_delegate.destroyed_requests());
4300 }
4301
4302 // The following 3 tests check that the network delegate can cancel a request
4303 // synchronously in various stages of the request.
TEST_F(URLRequestTestHTTP,NetworkDelegateCancelRequestSynchronously1)4304 TEST_F(URLRequestTestHTTP, NetworkDelegateCancelRequestSynchronously1) {
4305 ASSERT_TRUE(http_test_server()->Start());
4306 NetworkDelegateCancelRequest(BlockingNetworkDelegate::SYNCHRONOUS,
4307 BlockingNetworkDelegate::ON_BEFORE_URL_REQUEST,
4308 http_test_server()->GetURL("/"));
4309 }
4310
TEST_F(URLRequestTestHTTP,NetworkDelegateCancelRequestSynchronously2)4311 TEST_F(URLRequestTestHTTP, NetworkDelegateCancelRequestSynchronously2) {
4312 ASSERT_TRUE(http_test_server()->Start());
4313 NetworkDelegateCancelRequest(BlockingNetworkDelegate::SYNCHRONOUS,
4314 BlockingNetworkDelegate::ON_BEFORE_SEND_HEADERS,
4315 http_test_server()->GetURL("/"));
4316 }
4317
TEST_F(URLRequestTestHTTP,NetworkDelegateCancelRequestSynchronously3)4318 TEST_F(URLRequestTestHTTP, NetworkDelegateCancelRequestSynchronously3) {
4319 ASSERT_TRUE(http_test_server()->Start());
4320 NetworkDelegateCancelRequest(BlockingNetworkDelegate::SYNCHRONOUS,
4321 BlockingNetworkDelegate::ON_HEADERS_RECEIVED,
4322 http_test_server()->GetURL("/"));
4323 }
4324
4325 // The following 3 tests check that the network delegate can cancel a request
4326 // asynchronously in various stages of the request.
TEST_F(URLRequestTestHTTP,NetworkDelegateCancelRequestAsynchronously1)4327 TEST_F(URLRequestTestHTTP, NetworkDelegateCancelRequestAsynchronously1) {
4328 ASSERT_TRUE(http_test_server()->Start());
4329 NetworkDelegateCancelRequest(BlockingNetworkDelegate::AUTO_CALLBACK,
4330 BlockingNetworkDelegate::ON_BEFORE_URL_REQUEST,
4331 http_test_server()->GetURL("/"));
4332 }
4333
TEST_F(URLRequestTestHTTP,NetworkDelegateCancelRequestAsynchronously2)4334 TEST_F(URLRequestTestHTTP, NetworkDelegateCancelRequestAsynchronously2) {
4335 ASSERT_TRUE(http_test_server()->Start());
4336 NetworkDelegateCancelRequest(BlockingNetworkDelegate::AUTO_CALLBACK,
4337 BlockingNetworkDelegate::ON_BEFORE_SEND_HEADERS,
4338 http_test_server()->GetURL("/"));
4339 }
4340
TEST_F(URLRequestTestHTTP,NetworkDelegateCancelRequestAsynchronously3)4341 TEST_F(URLRequestTestHTTP, NetworkDelegateCancelRequestAsynchronously3) {
4342 ASSERT_TRUE(http_test_server()->Start());
4343 NetworkDelegateCancelRequest(BlockingNetworkDelegate::AUTO_CALLBACK,
4344 BlockingNetworkDelegate::ON_HEADERS_RECEIVED,
4345 http_test_server()->GetURL("/"));
4346 }
4347
4348 // Tests that the network delegate can block and redirect a request to a new
4349 // URL.
TEST_F(URLRequestTestHTTP,NetworkDelegateRedirectRequest)4350 TEST_F(URLRequestTestHTTP, NetworkDelegateRedirectRequest) {
4351 ASSERT_TRUE(http_test_server()->Start());
4352
4353 TestDelegate d;
4354 auto context_builder = CreateTestURLRequestContextBuilder();
4355 context_builder->set_proxy_resolution_service(
4356 CreateFixedProxyResolutionService(
4357 http_test_server()->host_port_pair().ToString()));
4358 auto& network_delegate = *context_builder->set_network_delegate(
4359 std::make_unique<BlockingNetworkDelegate>(
4360 BlockingNetworkDelegate::AUTO_CALLBACK));
4361 auto context = context_builder->Build();
4362
4363 GURL redirect_url("http://does.not.resolve.test/simple.html");
4364 network_delegate.set_redirect_url(redirect_url);
4365 {
4366 GURL original_url("http://does.not.resolve.test/defaultresponse");
4367 std::unique_ptr<URLRequest> r(context->CreateRequest(
4368 original_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
4369
4370 // Quit after hitting the redirect, so can check the headers.
4371 r->Start();
4372 d.RunUntilRedirect();
4373
4374 // Check headers from URLRequestJob.
4375 EXPECT_EQ(307, r->GetResponseCode());
4376 EXPECT_EQ(307, r->response_headers()->response_code());
4377 std::string location;
4378 ASSERT_TRUE(
4379 r->response_headers()->EnumerateHeader(nullptr, "Location", &location));
4380 EXPECT_EQ(redirect_url, GURL(location));
4381
4382 // Let the request finish.
4383 r->FollowDeferredRedirect(std::nullopt /* removed_headers */,
4384 std::nullopt /* modified_headers */);
4385 d.RunUntilComplete();
4386 EXPECT_EQ(OK, d.request_status());
4387 EXPECT_EQ(ProxyChain(ProxyServer::SCHEME_HTTP,
4388 http_test_server()->host_port_pair()),
4389 r->proxy_chain());
4390 EXPECT_EQ(OK, d.request_status());
4391 EXPECT_EQ(redirect_url, r->url());
4392 EXPECT_EQ(original_url, r->original_url());
4393 EXPECT_EQ(2U, r->url_chain().size());
4394 EXPECT_EQ(1, network_delegate.created_requests());
4395 EXPECT_EQ(0, network_delegate.destroyed_requests());
4396 }
4397 EXPECT_EQ(1, network_delegate.destroyed_requests());
4398 }
4399
4400 // Tests that the network delegate can block and redirect a request to a new
4401 // URL by setting a redirect_url and returning in OnBeforeURLRequest directly.
TEST_F(URLRequestTestHTTP,NetworkDelegateRedirectRequestSynchronously)4402 TEST_F(URLRequestTestHTTP, NetworkDelegateRedirectRequestSynchronously) {
4403 ASSERT_TRUE(http_test_server()->Start());
4404
4405 TestDelegate d;
4406 auto context_builder = CreateTestURLRequestContextBuilder();
4407 context_builder->set_proxy_resolution_service(
4408 CreateFixedProxyResolutionService(
4409 http_test_server()->host_port_pair().ToString()));
4410 auto& network_delegate = *context_builder->set_network_delegate(
4411 std::make_unique<BlockingNetworkDelegate>(
4412 BlockingNetworkDelegate::SYNCHRONOUS));
4413 auto context = context_builder->Build();
4414
4415 GURL redirect_url("http://does.not.resolve.test/simple.html");
4416 network_delegate.set_redirect_url(redirect_url);
4417 {
4418 GURL original_url("http://does.not.resolve.test/defaultresponse");
4419 std::unique_ptr<URLRequest> r(context->CreateRequest(
4420 original_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
4421
4422 // Quit after hitting the redirect, so can check the headers.
4423 r->Start();
4424 d.RunUntilRedirect();
4425
4426 // Check headers from URLRequestJob.
4427 EXPECT_EQ(307, r->GetResponseCode());
4428 EXPECT_EQ(307, r->response_headers()->response_code());
4429 std::string location;
4430 ASSERT_TRUE(
4431 r->response_headers()->EnumerateHeader(nullptr, "Location", &location));
4432 EXPECT_EQ(redirect_url, GURL(location));
4433
4434 // Let the request finish.
4435 r->FollowDeferredRedirect(std::nullopt /* removed_headers */,
4436 std::nullopt /* modified_headers */);
4437 d.RunUntilComplete();
4438
4439 EXPECT_EQ(OK, d.request_status());
4440 EXPECT_EQ(ProxyChain(ProxyServer::SCHEME_HTTP,
4441 http_test_server()->host_port_pair()),
4442 r->proxy_chain());
4443 EXPECT_EQ(OK, d.request_status());
4444 EXPECT_EQ(redirect_url, r->url());
4445 EXPECT_EQ(original_url, r->original_url());
4446 EXPECT_EQ(2U, r->url_chain().size());
4447 EXPECT_EQ(1, network_delegate.created_requests());
4448 EXPECT_EQ(0, network_delegate.destroyed_requests());
4449 }
4450 EXPECT_EQ(1, network_delegate.destroyed_requests());
4451 }
4452
4453 // Tests that redirects caused by the network delegate preserve POST data.
TEST_F(URLRequestTestHTTP,NetworkDelegateRedirectRequestPost)4454 TEST_F(URLRequestTestHTTP, NetworkDelegateRedirectRequestPost) {
4455 ASSERT_TRUE(http_test_server()->Start());
4456
4457 const char kData[] = "hello world";
4458
4459 TestDelegate d;
4460 auto context_builder = CreateTestURLRequestContextBuilder();
4461 auto& network_delegate = *context_builder->set_network_delegate(
4462 std::make_unique<BlockingNetworkDelegate>(
4463 BlockingNetworkDelegate::AUTO_CALLBACK));
4464 network_delegate.set_block_on(BlockingNetworkDelegate::ON_BEFORE_URL_REQUEST);
4465 GURL redirect_url(http_test_server()->GetURL("/echo"));
4466 network_delegate.set_redirect_url(redirect_url);
4467
4468 auto context = context_builder->Build();
4469
4470 {
4471 GURL original_url(http_test_server()->GetURL("/defaultresponse"));
4472 std::unique_ptr<URLRequest> r(context->CreateRequest(
4473 original_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
4474 r->set_method("POST");
4475 r->set_upload(CreateSimpleUploadData(kData));
4476 HttpRequestHeaders headers;
4477 headers.SetHeader(HttpRequestHeaders::kContentLength,
4478 base::NumberToString(std::size(kData) - 1));
4479 r->SetExtraRequestHeaders(headers);
4480
4481 // Quit after hitting the redirect, so can check the headers.
4482 r->Start();
4483 d.RunUntilRedirect();
4484
4485 // Check headers from URLRequestJob.
4486 EXPECT_EQ(307, r->GetResponseCode());
4487 EXPECT_EQ(307, r->response_headers()->response_code());
4488 std::string location;
4489 ASSERT_TRUE(
4490 r->response_headers()->EnumerateHeader(nullptr, "Location", &location));
4491 EXPECT_EQ(redirect_url, GURL(location));
4492
4493 // Let the request finish.
4494 r->FollowDeferredRedirect(std::nullopt /* removed_headers */,
4495 std::nullopt /* modified_headers */);
4496 d.RunUntilComplete();
4497
4498 EXPECT_EQ(OK, d.request_status());
4499 EXPECT_EQ(redirect_url, r->url());
4500 EXPECT_EQ(original_url, r->original_url());
4501 EXPECT_EQ(2U, r->url_chain().size());
4502 EXPECT_EQ(1, network_delegate.created_requests());
4503 EXPECT_EQ(0, network_delegate.destroyed_requests());
4504 EXPECT_EQ("POST", r->method());
4505 EXPECT_EQ(kData, d.data_received());
4506 }
4507 EXPECT_EQ(1, network_delegate.destroyed_requests());
4508 }
4509
4510 // Tests that the network delegate can block and redirect a request to a new
4511 // URL during OnHeadersReceived.
TEST_F(URLRequestTestHTTP,NetworkDelegateRedirectRequestOnHeadersReceived)4512 TEST_F(URLRequestTestHTTP, NetworkDelegateRedirectRequestOnHeadersReceived) {
4513 ASSERT_TRUE(http_test_server()->Start());
4514
4515 TestDelegate d;
4516 auto context_builder = CreateTestURLRequestContextBuilder();
4517 context_builder->set_proxy_resolution_service(
4518 CreateFixedProxyResolutionService(
4519 http_test_server()->host_port_pair().ToString()));
4520 auto& network_delegate = *context_builder->set_network_delegate(
4521 std::make_unique<BlockingNetworkDelegate>(
4522 BlockingNetworkDelegate::AUTO_CALLBACK));
4523 auto context = context_builder->Build();
4524
4525 network_delegate.set_block_on(BlockingNetworkDelegate::ON_HEADERS_RECEIVED);
4526 GURL redirect_url("http://does.not.resolve.test/simple.html");
4527 network_delegate.set_redirect_on_headers_received_url(redirect_url);
4528 {
4529 GURL original_url("http://does.not.resolve.test/defaultresponse");
4530 std::unique_ptr<URLRequest> r(context->CreateRequest(
4531 original_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
4532
4533 r->Start();
4534 d.RunUntilComplete();
4535
4536 EXPECT_EQ(OK, d.request_status());
4537 EXPECT_EQ(ProxyChain(ProxyServer::SCHEME_HTTP,
4538 http_test_server()->host_port_pair()),
4539 r->proxy_chain());
4540 EXPECT_EQ(OK, d.request_status());
4541 EXPECT_EQ(redirect_url, r->url());
4542 EXPECT_EQ(original_url, r->original_url());
4543 EXPECT_EQ(2U, r->url_chain().size());
4544 EXPECT_EQ(2, network_delegate.created_requests());
4545 EXPECT_EQ(0, network_delegate.destroyed_requests());
4546 }
4547 EXPECT_EQ(1, network_delegate.destroyed_requests());
4548 }
4549
4550 // Tests that the network delegate can synchronously complete OnAuthRequired
4551 // by taking no action. This indicates that the NetworkDelegate does not want to
4552 // handle the challenge, and is passing the buck along to the
4553 // URLRequest::Delegate.
TEST_F(URLRequestTestHTTP,NetworkDelegateOnAuthRequiredSyncNoAction)4554 TEST_F(URLRequestTestHTTP, NetworkDelegateOnAuthRequiredSyncNoAction) {
4555 ASSERT_TRUE(http_test_server()->Start());
4556
4557 TestDelegate d;
4558 auto context_builder = CreateTestURLRequestContextBuilder();
4559 auto& network_delegate = *context_builder->set_network_delegate(
4560 std::make_unique<BlockingNetworkDelegate>(
4561 BlockingNetworkDelegate::SYNCHRONOUS));
4562 auto context = context_builder->Build();
4563
4564 d.set_credentials(AuthCredentials(kUser, kSecret));
4565
4566 {
4567 GURL url(http_test_server()->GetURL("/auth-basic"));
4568 std::unique_ptr<URLRequest> r(context->CreateRequest(
4569 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
4570 r->Start();
4571
4572 d.RunUntilComplete();
4573
4574 EXPECT_EQ(OK, d.request_status());
4575 EXPECT_EQ(200, r->GetResponseCode());
4576 EXPECT_TRUE(d.auth_required_called());
4577 EXPECT_EQ(1, network_delegate.created_requests());
4578 EXPECT_EQ(0, network_delegate.destroyed_requests());
4579 }
4580 EXPECT_EQ(1, network_delegate.destroyed_requests());
4581 }
4582
4583 // Tests that NetworkDelegate header overrides from the 401 response do not
4584 // affect the 200 response. This is a regression test for
4585 // https://crbug.com/801237.
TEST_F(URLRequestTestHTTP,NetworkDelegateOverrideHeadersWithAuth)4586 TEST_F(URLRequestTestHTTP, NetworkDelegateOverrideHeadersWithAuth) {
4587 ASSERT_TRUE(http_test_server()->Start());
4588
4589 TestDelegate d;
4590 d.set_credentials(AuthCredentials(kUser, kSecret));
4591 default_network_delegate().set_add_header_to_first_response(true);
4592
4593 {
4594 GURL url(http_test_server()->GetURL("/auth-basic"));
4595 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
4596 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
4597 r->Start();
4598
4599 d.RunUntilComplete();
4600
4601 EXPECT_EQ(OK, d.request_status());
4602 EXPECT_EQ(200, r->GetResponseCode());
4603 EXPECT_TRUE(d.auth_required_called());
4604 EXPECT_FALSE(r->response_headers()->HasHeader("X-Network-Delegate"));
4605 }
4606
4607 {
4608 GURL url(http_test_server()->GetURL("/defaultresponse"));
4609 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
4610 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
4611 r->Start();
4612
4613 d.RunUntilComplete();
4614
4615 // Check that set_add_header_to_first_response normally adds a header.
4616 EXPECT_EQ(OK, d.request_status());
4617 EXPECT_EQ(200, r->GetResponseCode());
4618 EXPECT_TRUE(r->response_headers()->HasHeader("X-Network-Delegate"));
4619 }
4620 }
4621
4622 // Tests that we can handle when a network request was canceled while we were
4623 // waiting for the network delegate.
4624 // Part 1: Request is cancelled while waiting for OnBeforeURLRequest callback.
TEST_F(URLRequestTestHTTP,NetworkDelegateCancelWhileWaiting1)4625 TEST_F(URLRequestTestHTTP, NetworkDelegateCancelWhileWaiting1) {
4626 ASSERT_TRUE(http_test_server()->Start());
4627
4628 TestDelegate d;
4629 auto context_builder = CreateTestURLRequestContextBuilder();
4630 auto& network_delegate = *context_builder->set_network_delegate(
4631 std::make_unique<BlockingNetworkDelegate>(
4632 BlockingNetworkDelegate::USER_CALLBACK));
4633 network_delegate.set_block_on(BlockingNetworkDelegate::ON_BEFORE_URL_REQUEST);
4634 auto context = context_builder->Build();
4635
4636 {
4637 std::unique_ptr<URLRequest> r(context->CreateRequest(
4638 http_test_server()->GetURL("/"), DEFAULT_PRIORITY, &d,
4639 TRAFFIC_ANNOTATION_FOR_TESTS));
4640
4641 r->Start();
4642 network_delegate.RunUntilBlocked();
4643 EXPECT_EQ(BlockingNetworkDelegate::ON_BEFORE_URL_REQUEST,
4644 network_delegate.stage_blocked_for_callback());
4645 EXPECT_EQ(0, network_delegate.completed_requests());
4646 // Cancel before callback.
4647 r->Cancel();
4648 // Ensure that network delegate is notified.
4649 EXPECT_EQ(1, network_delegate.completed_requests());
4650 EXPECT_EQ(1, network_delegate.canceled_requests());
4651 EXPECT_EQ(1, network_delegate.created_requests());
4652 EXPECT_EQ(0, network_delegate.destroyed_requests());
4653 }
4654 EXPECT_EQ(1, network_delegate.destroyed_requests());
4655 }
4656
4657 // Tests that we can handle when a network request was canceled while we were
4658 // waiting for the network delegate.
4659 // Part 2: Request is cancelled while waiting for OnBeforeStartTransaction
4660 // callback.
TEST_F(URLRequestTestHTTP,NetworkDelegateCancelWhileWaiting2)4661 TEST_F(URLRequestTestHTTP, NetworkDelegateCancelWhileWaiting2) {
4662 ASSERT_TRUE(http_test_server()->Start());
4663
4664 TestDelegate d;
4665 auto context_builder = CreateTestURLRequestContextBuilder();
4666 auto& network_delegate = *context_builder->set_network_delegate(
4667 std::make_unique<BlockingNetworkDelegate>(
4668 BlockingNetworkDelegate::USER_CALLBACK));
4669 network_delegate.set_block_on(
4670 BlockingNetworkDelegate::ON_BEFORE_SEND_HEADERS);
4671 auto context = context_builder->Build();
4672
4673 {
4674 std::unique_ptr<URLRequest> r(context->CreateRequest(
4675 http_test_server()->GetURL("/"), DEFAULT_PRIORITY, &d,
4676 TRAFFIC_ANNOTATION_FOR_TESTS));
4677
4678 r->Start();
4679 network_delegate.RunUntilBlocked();
4680 EXPECT_EQ(BlockingNetworkDelegate::ON_BEFORE_SEND_HEADERS,
4681 network_delegate.stage_blocked_for_callback());
4682 EXPECT_EQ(0, network_delegate.completed_requests());
4683 // Cancel before callback.
4684 r->Cancel();
4685 // Ensure that network delegate is notified.
4686 EXPECT_EQ(1, network_delegate.completed_requests());
4687 EXPECT_EQ(1, network_delegate.canceled_requests());
4688 EXPECT_EQ(1, network_delegate.created_requests());
4689 EXPECT_EQ(0, network_delegate.destroyed_requests());
4690 }
4691 EXPECT_EQ(1, network_delegate.destroyed_requests());
4692 }
4693
4694 // Tests that we can handle when a network request was canceled while we were
4695 // waiting for the network delegate.
4696 // Part 3: Request is cancelled while waiting for OnHeadersReceived callback.
TEST_F(URLRequestTestHTTP,NetworkDelegateCancelWhileWaiting3)4697 TEST_F(URLRequestTestHTTP, NetworkDelegateCancelWhileWaiting3) {
4698 ASSERT_TRUE(http_test_server()->Start());
4699
4700 TestDelegate d;
4701 auto context_builder = CreateTestURLRequestContextBuilder();
4702 auto& network_delegate = *context_builder->set_network_delegate(
4703 std::make_unique<BlockingNetworkDelegate>(
4704 BlockingNetworkDelegate::USER_CALLBACK));
4705 network_delegate.set_block_on(BlockingNetworkDelegate::ON_HEADERS_RECEIVED);
4706 auto context = context_builder->Build();
4707
4708 {
4709 std::unique_ptr<URLRequest> r(context->CreateRequest(
4710 http_test_server()->GetURL("/"), DEFAULT_PRIORITY, &d,
4711 TRAFFIC_ANNOTATION_FOR_TESTS));
4712
4713 r->Start();
4714 network_delegate.RunUntilBlocked();
4715 EXPECT_EQ(BlockingNetworkDelegate::ON_HEADERS_RECEIVED,
4716 network_delegate.stage_blocked_for_callback());
4717 EXPECT_EQ(0, network_delegate.completed_requests());
4718 // Cancel before callback.
4719 r->Cancel();
4720 // Ensure that network delegate is notified.
4721 EXPECT_EQ(1, network_delegate.completed_requests());
4722 EXPECT_EQ(1, network_delegate.canceled_requests());
4723 EXPECT_EQ(1, network_delegate.created_requests());
4724 EXPECT_EQ(0, network_delegate.destroyed_requests());
4725 }
4726 EXPECT_EQ(1, network_delegate.destroyed_requests());
4727 }
4728
4729 namespace {
4730
HandleServerAuthConnect(const test_server::HttpRequest & request)4731 std::unique_ptr<test_server::HttpResponse> HandleServerAuthConnect(
4732 const test_server::HttpRequest& request) {
4733 if (request.headers.find("Host") == request.headers.end() ||
4734 request.headers.at("Host") != "www.server-auth.com" ||
4735 request.method != test_server::METHOD_CONNECT) {
4736 return nullptr;
4737 }
4738
4739 auto http_response = std::make_unique<test_server::BasicHttpResponse>();
4740 http_response->set_code(HTTP_UNAUTHORIZED);
4741 http_response->AddCustomHeader("WWW-Authenticate",
4742 "Basic realm=\"WallyWorld\"");
4743 return http_response;
4744 }
4745
4746 } // namespace
4747
4748 // In this unit test, we're using the EmbeddedTestServer as a proxy server and
4749 // issuing a CONNECT request with the magic host name "www.server-auth.com".
4750 // The EmbeddedTestServer will return a 401 response, which we should balk at.
TEST_F(URLRequestTestHTTP,UnexpectedServerAuthTest)4751 TEST_F(URLRequestTestHTTP, UnexpectedServerAuthTest) {
4752 http_test_server()->RegisterRequestHandler(
4753 base::BindRepeating(&HandleServerAuthConnect));
4754 ASSERT_TRUE(http_test_server()->Start());
4755
4756 auto context_builder = CreateTestURLRequestContextBuilder();
4757 context_builder->set_proxy_resolution_service(
4758 CreateFixedProxyResolutionService(
4759 http_test_server()->host_port_pair().ToString()));
4760 auto context = context_builder->Build();
4761
4762 TestDelegate d;
4763 {
4764 std::unique_ptr<URLRequest> r(context->CreateRequest(
4765 GURL("https://www.server-auth.com/"), DEFAULT_PRIORITY, &d,
4766 TRAFFIC_ANNOTATION_FOR_TESTS));
4767
4768 r->Start();
4769 EXPECT_TRUE(r->is_pending());
4770
4771 d.RunUntilComplete();
4772
4773 // The proxy chain should be set before failure.
4774 EXPECT_EQ(ProxyChain(ProxyServer::SCHEME_HTTP,
4775 http_test_server()->host_port_pair()),
4776 r->proxy_chain());
4777 EXPECT_EQ(ERR_TUNNEL_CONNECTION_FAILED, d.request_status());
4778 }
4779 }
4780
TEST_F(URLRequestTestHTTP,GetTest_NoCache)4781 TEST_F(URLRequestTestHTTP, GetTest_NoCache) {
4782 ASSERT_TRUE(http_test_server()->Start());
4783
4784 TestDelegate d;
4785 {
4786 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
4787 http_test_server()->GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d,
4788 TRAFFIC_ANNOTATION_FOR_TESTS));
4789
4790 r->Start();
4791 EXPECT_TRUE(r->is_pending());
4792
4793 d.RunUntilComplete();
4794
4795 EXPECT_EQ(1, d.response_started_count());
4796 EXPECT_FALSE(d.received_data_before_response());
4797 EXPECT_NE(0, d.bytes_received());
4798 EXPECT_EQ(http_test_server()->host_port_pair().host(),
4799 r->GetResponseRemoteEndpoint().ToStringWithoutPort());
4800 EXPECT_EQ(http_test_server()->host_port_pair().port(),
4801 r->GetResponseRemoteEndpoint().port());
4802
4803 // TODO(eroman): Add back the NetLog tests...
4804 }
4805 }
4806
TEST_F(URLRequestTestHTTP,GetTest)4807 TEST_F(URLRequestTestHTTP, GetTest) {
4808 ASSERT_TRUE(http_test_server()->Start());
4809
4810 TestDelegate d;
4811 {
4812 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
4813 http_test_server()->GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d,
4814 TRAFFIC_ANNOTATION_FOR_TESTS));
4815
4816 r->Start();
4817 EXPECT_TRUE(r->is_pending());
4818
4819 d.RunUntilComplete();
4820
4821 EXPECT_EQ(1, d.response_started_count());
4822 EXPECT_FALSE(d.received_data_before_response());
4823 EXPECT_NE(0, d.bytes_received());
4824 EXPECT_EQ(http_test_server()->host_port_pair().host(),
4825 r->GetResponseRemoteEndpoint().ToStringWithoutPort());
4826 EXPECT_EQ(http_test_server()->host_port_pair().port(),
4827 r->GetResponseRemoteEndpoint().port());
4828 }
4829 }
4830
TEST_F(URLRequestTestHTTP,GetTestLoadTiming)4831 TEST_F(URLRequestTestHTTP, GetTestLoadTiming) {
4832 ASSERT_TRUE(http_test_server()->Start());
4833
4834 TestDelegate d;
4835 {
4836 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
4837 http_test_server()->GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d,
4838 TRAFFIC_ANNOTATION_FOR_TESTS));
4839
4840 r->Start();
4841 EXPECT_TRUE(r->is_pending());
4842
4843 d.RunUntilComplete();
4844
4845 LoadTimingInfo load_timing_info;
4846 r->GetLoadTimingInfo(&load_timing_info);
4847 TestLoadTimingNotReused(load_timing_info, CONNECT_TIMING_HAS_DNS_TIMES);
4848
4849 EXPECT_EQ(1, d.response_started_count());
4850 EXPECT_FALSE(d.received_data_before_response());
4851 EXPECT_NE(0, d.bytes_received());
4852 EXPECT_EQ(http_test_server()->host_port_pair().host(),
4853 r->GetResponseRemoteEndpoint().ToStringWithoutPort());
4854 EXPECT_EQ(http_test_server()->host_port_pair().port(),
4855 r->GetResponseRemoteEndpoint().port());
4856 }
4857 }
4858
4859 namespace {
4860
4861 // Sends the correct Content-Length matching the compressed length.
4862 const char kZippedContentLengthCompressed[] = "C";
4863 // Sends an incorrect Content-Length matching the uncompressed length.
4864 const char kZippedContentLengthUncompressed[] = "U";
4865 // Sends an incorrect Content-Length shorter than the compressed length.
4866 const char kZippedContentLengthShort[] = "S";
4867 // Sends an incorrect Content-Length between the compressed and uncompressed
4868 // lengths.
4869 const char kZippedContentLengthMedium[] = "M";
4870 // Sends an incorrect Content-Length larger than both compressed and
4871 // uncompressed lengths.
4872 const char kZippedContentLengthLong[] = "L";
4873
4874 // Sends |compressed_content| which, when decoded with deflate, should have
4875 // length |uncompressed_length|. The Content-Length header will be sent based on
4876 // which of the constants above is sent in the query string.
HandleZippedRequest(const std::string & compressed_content,size_t uncompressed_length,const test_server::HttpRequest & request)4877 std::unique_ptr<test_server::HttpResponse> HandleZippedRequest(
4878 const std::string& compressed_content,
4879 size_t uncompressed_length,
4880 const test_server::HttpRequest& request) {
4881 GURL url = request.GetURL();
4882 if (url.path_piece() != "/compressedfiles/BullRunSpeech.txt")
4883 return nullptr;
4884
4885 size_t length;
4886 if (url.query_piece() == kZippedContentLengthCompressed) {
4887 length = compressed_content.size();
4888 } else if (url.query_piece() == kZippedContentLengthUncompressed) {
4889 length = uncompressed_length;
4890 } else if (url.query_piece() == kZippedContentLengthShort) {
4891 length = compressed_content.size() / 2;
4892 } else if (url.query_piece() == kZippedContentLengthMedium) {
4893 length = (compressed_content.size() + uncompressed_length) / 2;
4894 } else if (url.query_piece() == kZippedContentLengthLong) {
4895 length = compressed_content.size() + uncompressed_length;
4896 } else {
4897 return nullptr;
4898 }
4899
4900 std::string headers = "HTTP/1.1 200 OK\r\n";
4901 headers += "Content-Encoding: deflate\r\n";
4902 base::StringAppendF(&headers, "Content-Length: %zu\r\n", length);
4903 return std::make_unique<test_server::RawHttpResponse>(headers,
4904 compressed_content);
4905 }
4906
4907 } // namespace
4908
TEST_F(URLRequestTestHTTP,GetZippedTest)4909 TEST_F(URLRequestTestHTTP, GetZippedTest) {
4910 base::FilePath file_path;
4911 base::PathService::Get(base::DIR_SRC_TEST_DATA_ROOT, &file_path);
4912 file_path = file_path.Append(kTestFilePath);
4913 std::string expected_content, compressed_content;
4914 ASSERT_TRUE(base::ReadFileToString(
4915 file_path.Append(FILE_PATH_LITERAL("BullRunSpeech.txt")),
4916 &expected_content));
4917 // This file is the output of the Python zlib.compress function on
4918 // |expected_content|.
4919 ASSERT_TRUE(base::ReadFileToString(
4920 file_path.Append(FILE_PATH_LITERAL("BullRunSpeech.txt.deflate")),
4921 &compressed_content));
4922
4923 http_test_server()->RegisterRequestHandler(base::BindRepeating(
4924 &HandleZippedRequest, compressed_content, expected_content.size()));
4925 ASSERT_TRUE(http_test_server()->Start());
4926
4927 static const struct {
4928 const char* parameter;
4929 bool expect_success;
4930 } kTests[] = {
4931 // Sending the compressed Content-Length is correct.
4932 {kZippedContentLengthCompressed, true},
4933 // Sending the uncompressed Content-Length is incorrect, but we accept it
4934 // to workaround some broken servers.
4935 {kZippedContentLengthUncompressed, true},
4936 // Sending too long of Content-Length is rejected.
4937 {kZippedContentLengthLong, false},
4938 {kZippedContentLengthMedium, false},
4939 // Sending too short of Content-Length successfully fetches a response
4940 // body, but it will be truncated.
4941 {kZippedContentLengthShort, true},
4942 };
4943
4944 for (const auto& test : kTests) {
4945 SCOPED_TRACE(test.parameter);
4946 TestDelegate d;
4947 std::string test_file = base::StringPrintf(
4948 "/compressedfiles/BullRunSpeech.txt?%s", test.parameter);
4949
4950 auto context_builder = CreateTestURLRequestContextBuilder();
4951 context_builder->set_network_delegate(
4952 std::make_unique<TestNetworkDelegate>());
4953 auto context = context_builder->Build();
4954
4955 std::unique_ptr<URLRequest> r(context->CreateRequest(
4956 http_test_server()->GetURL(test_file), DEFAULT_PRIORITY, &d,
4957 TRAFFIC_ANNOTATION_FOR_TESTS));
4958 r->Start();
4959 EXPECT_TRUE(r->is_pending());
4960
4961 d.RunUntilComplete();
4962
4963 EXPECT_EQ(1, d.response_started_count());
4964 EXPECT_FALSE(d.received_data_before_response());
4965 VLOG(1) << " Received " << d.bytes_received() << " bytes"
4966 << " error = " << d.request_status();
4967 if (test.expect_success) {
4968 EXPECT_EQ(OK, d.request_status())
4969 << " Parameter = \"" << test_file << "\"";
4970 if (strcmp(test.parameter, kZippedContentLengthShort) == 0) {
4971 // When content length is smaller than both compressed length and
4972 // uncompressed length, HttpStreamParser might not read the full
4973 // response body.
4974 EXPECT_EQ(expected_content.substr(0, d.data_received().size()),
4975 d.data_received());
4976 } else {
4977 EXPECT_EQ(expected_content, d.data_received());
4978 }
4979 } else {
4980 EXPECT_EQ(ERR_CONTENT_LENGTH_MISMATCH, d.request_status())
4981 << " Parameter = \"" << test_file << "\"";
4982 }
4983 }
4984 }
4985
TEST_F(URLRequestTestHTTP,RedirectLoadTiming)4986 TEST_F(URLRequestTestHTTP, RedirectLoadTiming) {
4987 ASSERT_TRUE(http_test_server()->Start());
4988
4989 GURL destination_url = http_test_server()->GetURL("/");
4990 GURL original_url =
4991 http_test_server()->GetURL("/server-redirect?" + destination_url.spec());
4992 TestDelegate d;
4993 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
4994 original_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
4995 req->Start();
4996 d.RunUntilComplete();
4997
4998 EXPECT_EQ(1, d.response_started_count());
4999 EXPECT_EQ(1, d.received_redirect_count());
5000 EXPECT_EQ(destination_url, req->url());
5001 EXPECT_EQ(original_url, req->original_url());
5002 ASSERT_EQ(2U, req->url_chain().size());
5003 EXPECT_EQ(original_url, req->url_chain()[0]);
5004 EXPECT_EQ(destination_url, req->url_chain()[1]);
5005
5006 LoadTimingInfo load_timing_info_before_redirect;
5007 EXPECT_TRUE(default_network_delegate().GetLoadTimingInfoBeforeRedirect(
5008 &load_timing_info_before_redirect));
5009 TestLoadTimingNotReused(load_timing_info_before_redirect,
5010 CONNECT_TIMING_HAS_DNS_TIMES);
5011
5012 LoadTimingInfo load_timing_info;
5013 req->GetLoadTimingInfo(&load_timing_info);
5014 TestLoadTimingNotReused(load_timing_info, CONNECT_TIMING_HAS_DNS_TIMES);
5015
5016 // Check that a new socket was used on redirect, since the server does not
5017 // supposed keep-alive sockets, and that the times before the redirect are
5018 // before the ones recorded for the second request.
5019 EXPECT_NE(load_timing_info_before_redirect.socket_log_id,
5020 load_timing_info.socket_log_id);
5021 EXPECT_LE(load_timing_info_before_redirect.receive_headers_end,
5022 load_timing_info.connect_timing.connect_start);
5023 }
5024
TEST_F(URLRequestTestHTTP,MultipleRedirectTest)5025 TEST_F(URLRequestTestHTTP, MultipleRedirectTest) {
5026 ASSERT_TRUE(http_test_server()->Start());
5027
5028 GURL destination_url = http_test_server()->GetURL("/");
5029 GURL middle_redirect_url =
5030 http_test_server()->GetURL("/server-redirect?" + destination_url.spec());
5031 GURL original_url = http_test_server()->GetURL("/server-redirect?" +
5032 middle_redirect_url.spec());
5033 TestDelegate d;
5034 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
5035 original_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
5036 req->Start();
5037 d.RunUntilComplete();
5038
5039 EXPECT_EQ(1, d.response_started_count());
5040 EXPECT_EQ(2, d.received_redirect_count());
5041 EXPECT_EQ(destination_url, req->url());
5042 EXPECT_EQ(original_url, req->original_url());
5043 ASSERT_EQ(3U, req->url_chain().size());
5044 EXPECT_EQ(original_url, req->url_chain()[0]);
5045 EXPECT_EQ(middle_redirect_url, req->url_chain()[1]);
5046 EXPECT_EQ(destination_url, req->url_chain()[2]);
5047 }
5048
5049 // This is a regression test for https://crbug.com/942073.
TEST_F(URLRequestTestHTTP,RedirectEscaping)5050 TEST_F(URLRequestTestHTTP, RedirectEscaping) {
5051 ASSERT_TRUE(http_test_server()->Start());
5052
5053 // Assemble the destination URL as a string so it is not escaped by GURL.
5054 GURL destination_base = http_test_server()->GetURL("/defaultresponse");
5055 // Add a URL fragment of U+2603 unescaped, U+2603 escaped, and then a UTF-8
5056 // encoding error.
5057 std::string destination_url =
5058 destination_base.spec() + "#\xE2\x98\x83_%E2%98%83_\xE0\xE0";
5059 // Redirect resolution should percent-escape bytes and preserve the UTF-8
5060 // error at the end.
5061 std::string destination_escaped =
5062 destination_base.spec() + "#%E2%98%83_%E2%98%83_%E0%E0";
5063 GURL original_url = http_test_server()->GetURL(
5064 "/server-redirect?" +
5065 base::EscapeQueryParamValue(destination_url, false));
5066 TestDelegate d;
5067 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
5068 original_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
5069 req->Start();
5070 d.RunUntilComplete();
5071
5072 EXPECT_EQ(1, d.response_started_count());
5073 EXPECT_EQ(1, d.received_redirect_count());
5074 EXPECT_EQ(destination_escaped, req->url().spec());
5075 EXPECT_EQ(original_url, req->original_url());
5076 ASSERT_EQ(2U, req->url_chain().size());
5077 EXPECT_EQ(original_url, req->url_chain()[0]);
5078 EXPECT_EQ(destination_escaped, req->url_chain()[1].spec());
5079 }
5080
5081 // First and second pieces of information logged by delegates to URLRequests.
5082 const char kFirstDelegateInfo[] = "Wonderful delegate";
5083 const char16_t kFirstDelegateInfo16[] = u"Wonderful delegate";
5084 const char kSecondDelegateInfo[] = "Exciting delegate";
5085 const char16_t kSecondDelegateInfo16[] = u"Exciting delegate";
5086
5087 // Logs delegate information to a URLRequest. The first string is logged
5088 // synchronously on Start(), using DELEGATE_INFO_DEBUG_ONLY. The second is
5089 // logged asynchronously, using DELEGATE_INFO_DISPLAY_TO_USER. Then
5090 // another asynchronous call is used to clear the delegate information
5091 // before calling a callback. The object then deletes itself.
5092 class AsyncDelegateLogger : public base::RefCounted<AsyncDelegateLogger> {
5093 public:
5094 using Callback = base::OnceCallback<void()>;
5095
5096 AsyncDelegateLogger(const AsyncDelegateLogger&) = delete;
5097 AsyncDelegateLogger& operator=(const AsyncDelegateLogger&) = delete;
5098
5099 // Each time delegate information is added to the URLRequest, the resulting
5100 // load state is checked. The expected load state after each request is
5101 // passed in as an argument.
Run(URLRequest * url_request,LoadState expected_first_load_state,LoadState expected_second_load_state,LoadState expected_third_load_state,Callback callback)5102 static void Run(URLRequest* url_request,
5103 LoadState expected_first_load_state,
5104 LoadState expected_second_load_state,
5105 LoadState expected_third_load_state,
5106 Callback callback) {
5107 // base::MakeRefCounted<AsyncDelegateLogger> is unavailable here, since the
5108 // constructor of AsyncDelegateLogger is private.
5109 auto logger = base::WrapRefCounted(new AsyncDelegateLogger(
5110 url_request, expected_first_load_state, expected_second_load_state,
5111 expected_third_load_state, std::move(callback)));
5112 logger->Start();
5113 }
5114
5115 // Checks that the log entries, starting with log_position, contain the
5116 // DELEGATE_INFO NetLog events that an AsyncDelegateLogger should have
5117 // recorded. Returns the index of entry after the expected number of
5118 // events this logged, or entries.size() if there aren't enough entries.
CheckDelegateInfo(const std::vector<NetLogEntry> & entries,size_t log_position)5119 static size_t CheckDelegateInfo(const std::vector<NetLogEntry>& entries,
5120 size_t log_position) {
5121 // There should be 4 DELEGATE_INFO events: Two begins and two ends.
5122 if (log_position + 3 >= entries.size()) {
5123 ADD_FAILURE() << "Not enough log entries";
5124 return entries.size();
5125 }
5126 std::string delegate_info;
5127 EXPECT_EQ(NetLogEventType::DELEGATE_INFO, entries[log_position].type);
5128 EXPECT_EQ(NetLogEventPhase::BEGIN, entries[log_position].phase);
5129 EXPECT_EQ(
5130 kFirstDelegateInfo,
5131 GetStringValueFromParams(entries[log_position], "delegate_blocked_by"));
5132
5133 ++log_position;
5134 EXPECT_EQ(NetLogEventType::DELEGATE_INFO, entries[log_position].type);
5135 EXPECT_EQ(NetLogEventPhase::END, entries[log_position].phase);
5136
5137 ++log_position;
5138 EXPECT_EQ(NetLogEventType::DELEGATE_INFO, entries[log_position].type);
5139 EXPECT_EQ(NetLogEventPhase::BEGIN, entries[log_position].phase);
5140 EXPECT_EQ(
5141 kSecondDelegateInfo,
5142 GetStringValueFromParams(entries[log_position], "delegate_blocked_by"));
5143
5144 ++log_position;
5145 EXPECT_EQ(NetLogEventType::DELEGATE_INFO, entries[log_position].type);
5146 EXPECT_EQ(NetLogEventPhase::END, entries[log_position].phase);
5147
5148 return log_position + 1;
5149 }
5150
5151 private:
5152 friend class base::RefCounted<AsyncDelegateLogger>;
5153
AsyncDelegateLogger(URLRequest * url_request,LoadState expected_first_load_state,LoadState expected_second_load_state,LoadState expected_third_load_state,Callback callback)5154 AsyncDelegateLogger(URLRequest* url_request,
5155 LoadState expected_first_load_state,
5156 LoadState expected_second_load_state,
5157 LoadState expected_third_load_state,
5158 Callback callback)
5159 : url_request_(url_request),
5160 expected_first_load_state_(expected_first_load_state),
5161 expected_second_load_state_(expected_second_load_state),
5162 expected_third_load_state_(expected_third_load_state),
5163 callback_(std::move(callback)) {}
5164
5165 ~AsyncDelegateLogger() = default;
5166
Start()5167 void Start() {
5168 url_request_->LogBlockedBy(kFirstDelegateInfo);
5169 LoadStateWithParam load_state = url_request_->GetLoadState();
5170 EXPECT_EQ(expected_first_load_state_, load_state.state);
5171 EXPECT_NE(kFirstDelegateInfo16, load_state.param);
5172 base::SingleThreadTaskRunner::GetCurrentDefault()->PostTask(
5173 FROM_HERE,
5174 base::BindOnce(&AsyncDelegateLogger::LogSecondDelegate, this));
5175 }
5176
LogSecondDelegate()5177 void LogSecondDelegate() {
5178 url_request_->LogAndReportBlockedBy(kSecondDelegateInfo);
5179 LoadStateWithParam load_state = url_request_->GetLoadState();
5180 EXPECT_EQ(expected_second_load_state_, load_state.state);
5181 if (expected_second_load_state_ == LOAD_STATE_WAITING_FOR_DELEGATE) {
5182 EXPECT_EQ(kSecondDelegateInfo16, load_state.param);
5183 } else {
5184 EXPECT_NE(kSecondDelegateInfo16, load_state.param);
5185 }
5186 base::SingleThreadTaskRunner::GetCurrentDefault()->PostTask(
5187 FROM_HERE, base::BindOnce(&AsyncDelegateLogger::LogComplete, this));
5188 }
5189
LogComplete()5190 void LogComplete() {
5191 url_request_->LogUnblocked();
5192 LoadStateWithParam load_state = url_request_->GetLoadState();
5193 EXPECT_EQ(expected_third_load_state_, load_state.state);
5194 if (expected_second_load_state_ == LOAD_STATE_WAITING_FOR_DELEGATE)
5195 EXPECT_EQ(std::u16string(), load_state.param);
5196 std::move(callback_).Run();
5197 }
5198
5199 raw_ptr<URLRequest> url_request_;
5200 const int expected_first_load_state_;
5201 const int expected_second_load_state_;
5202 const int expected_third_load_state_;
5203 Callback callback_;
5204 };
5205
5206 // NetworkDelegate that logs delegate information before a request is started,
5207 // before headers are sent, when headers are read, and when auth information
5208 // is requested. Uses AsyncDelegateLogger.
5209 class AsyncLoggingNetworkDelegate : public TestNetworkDelegate {
5210 public:
5211 AsyncLoggingNetworkDelegate() = default;
5212
5213 AsyncLoggingNetworkDelegate(const AsyncLoggingNetworkDelegate&) = delete;
5214 AsyncLoggingNetworkDelegate& operator=(const AsyncLoggingNetworkDelegate&) =
5215 delete;
5216
5217 ~AsyncLoggingNetworkDelegate() override = default;
5218
5219 // NetworkDelegate implementation.
OnBeforeURLRequest(URLRequest * request,CompletionOnceCallback callback,GURL * new_url)5220 int OnBeforeURLRequest(URLRequest* request,
5221 CompletionOnceCallback callback,
5222 GURL* new_url) override {
5223 // TestNetworkDelegate always completes synchronously.
5224 CHECK_NE(ERR_IO_PENDING, TestNetworkDelegate::OnBeforeURLRequest(
5225 request, base::NullCallback(), new_url));
5226 return RunCallbackAsynchronously(request, std::move(callback));
5227 }
5228
OnBeforeStartTransaction(URLRequest * request,const HttpRequestHeaders & headers,OnBeforeStartTransactionCallback callback)5229 int OnBeforeStartTransaction(
5230 URLRequest* request,
5231 const HttpRequestHeaders& headers,
5232 OnBeforeStartTransactionCallback callback) override {
5233 // TestNetworkDelegate always completes synchronously.
5234 CHECK_NE(ERR_IO_PENDING, TestNetworkDelegate::OnBeforeStartTransaction(
5235 request, headers, base::NullCallback()));
5236 return RunCallbackAsynchronously(
5237 request, base::BindOnce(
5238 [](OnBeforeStartTransactionCallback callback, int result) {
5239 std::move(callback).Run(result, std::nullopt);
5240 },
5241 std::move(callback)));
5242 }
5243
OnHeadersReceived(URLRequest * request,CompletionOnceCallback callback,const HttpResponseHeaders * original_response_headers,scoped_refptr<HttpResponseHeaders> * override_response_headers,const IPEndPoint & endpoint,std::optional<GURL> * preserve_fragment_on_redirect_url)5244 int OnHeadersReceived(
5245 URLRequest* request,
5246 CompletionOnceCallback callback,
5247 const HttpResponseHeaders* original_response_headers,
5248 scoped_refptr<HttpResponseHeaders>* override_response_headers,
5249 const IPEndPoint& endpoint,
5250 std::optional<GURL>* preserve_fragment_on_redirect_url) override {
5251 // TestNetworkDelegate always completes synchronously.
5252 CHECK_NE(ERR_IO_PENDING,
5253 TestNetworkDelegate::OnHeadersReceived(
5254 request, base::NullCallback(), original_response_headers,
5255 override_response_headers, endpoint,
5256 preserve_fragment_on_redirect_url));
5257 return RunCallbackAsynchronously(request, std::move(callback));
5258 }
5259
5260 private:
RunCallbackAsynchronously(URLRequest * request,CompletionOnceCallback callback)5261 static int RunCallbackAsynchronously(URLRequest* request,
5262 CompletionOnceCallback callback) {
5263 AsyncDelegateLogger::Run(request, LOAD_STATE_WAITING_FOR_DELEGATE,
5264 LOAD_STATE_WAITING_FOR_DELEGATE,
5265 LOAD_STATE_WAITING_FOR_DELEGATE,
5266 base::BindOnce(std::move(callback), OK));
5267 return ERR_IO_PENDING;
5268 }
5269 };
5270
5271 // URLRequest::Delegate that logs delegate information when the headers
5272 // are received, when each read completes, and during redirects. Uses
5273 // AsyncDelegateLogger. Can optionally cancel a request in any phase.
5274 //
5275 // Inherits from TestDelegate to reuse the TestDelegate code to handle
5276 // advancing to the next step in most cases, as well as cancellation.
5277 class AsyncLoggingUrlRequestDelegate : public TestDelegate {
5278 public:
5279 enum CancelStage {
5280 NO_CANCEL = 0,
5281 CANCEL_ON_RECEIVED_REDIRECT,
5282 CANCEL_ON_RESPONSE_STARTED,
5283 CANCEL_ON_READ_COMPLETED
5284 };
5285
AsyncLoggingUrlRequestDelegate(CancelStage cancel_stage)5286 explicit AsyncLoggingUrlRequestDelegate(CancelStage cancel_stage)
5287 : cancel_stage_(cancel_stage) {
5288 if (cancel_stage == CANCEL_ON_RECEIVED_REDIRECT)
5289 set_cancel_in_received_redirect(true);
5290 else if (cancel_stage == CANCEL_ON_RESPONSE_STARTED)
5291 set_cancel_in_response_started(true);
5292 else if (cancel_stage == CANCEL_ON_READ_COMPLETED)
5293 set_cancel_in_received_data(true);
5294 }
5295
5296 AsyncLoggingUrlRequestDelegate(const AsyncLoggingUrlRequestDelegate&) =
5297 delete;
5298 AsyncLoggingUrlRequestDelegate& operator=(
5299 const AsyncLoggingUrlRequestDelegate&) = delete;
5300
5301 ~AsyncLoggingUrlRequestDelegate() override = default;
5302
5303 // URLRequest::Delegate implementation:
OnReceivedRedirect(URLRequest * request,const RedirectInfo & redirect_info,bool * defer_redirect)5304 void OnReceivedRedirect(URLRequest* request,
5305 const RedirectInfo& redirect_info,
5306 bool* defer_redirect) override {
5307 *defer_redirect = true;
5308 AsyncDelegateLogger::Run(
5309 request, LOAD_STATE_WAITING_FOR_DELEGATE,
5310 LOAD_STATE_WAITING_FOR_DELEGATE, LOAD_STATE_WAITING_FOR_DELEGATE,
5311 base::BindOnce(
5312 &AsyncLoggingUrlRequestDelegate::OnReceivedRedirectLoggingComplete,
5313 base::Unretained(this), request, redirect_info));
5314 }
5315
OnResponseStarted(URLRequest * request,int net_error)5316 void OnResponseStarted(URLRequest* request, int net_error) override {
5317 AsyncDelegateLogger::Run(
5318 request, LOAD_STATE_WAITING_FOR_DELEGATE,
5319 LOAD_STATE_WAITING_FOR_DELEGATE, LOAD_STATE_WAITING_FOR_DELEGATE,
5320 base::BindOnce(
5321 &AsyncLoggingUrlRequestDelegate::OnResponseStartedLoggingComplete,
5322 base::Unretained(this), request, net_error));
5323 }
5324
OnReadCompleted(URLRequest * request,int bytes_read)5325 void OnReadCompleted(URLRequest* request, int bytes_read) override {
5326 AsyncDelegateLogger::Run(
5327 request, LOAD_STATE_IDLE, LOAD_STATE_IDLE, LOAD_STATE_IDLE,
5328 base::BindOnce(
5329 &AsyncLoggingUrlRequestDelegate::AfterReadCompletedLoggingComplete,
5330 base::Unretained(this), request, bytes_read));
5331 }
5332
5333 private:
OnReceivedRedirectLoggingComplete(URLRequest * request,const RedirectInfo & redirect_info)5334 void OnReceivedRedirectLoggingComplete(URLRequest* request,
5335 const RedirectInfo& redirect_info) {
5336 bool defer_redirect = false;
5337 TestDelegate::OnReceivedRedirect(request, redirect_info, &defer_redirect);
5338 // FollowDeferredRedirect should not be called after cancellation.
5339 if (cancel_stage_ == CANCEL_ON_RECEIVED_REDIRECT)
5340 return;
5341 if (!defer_redirect) {
5342 request->FollowDeferredRedirect(std::nullopt /* removed_headers */,
5343 std::nullopt /* modified_headers */);
5344 }
5345 }
5346
OnResponseStartedLoggingComplete(URLRequest * request,int net_error)5347 void OnResponseStartedLoggingComplete(URLRequest* request, int net_error) {
5348 // The parent class continues the request.
5349 TestDelegate::OnResponseStarted(request, net_error);
5350 }
5351
AfterReadCompletedLoggingComplete(URLRequest * request,int bytes_read)5352 void AfterReadCompletedLoggingComplete(URLRequest* request, int bytes_read) {
5353 // The parent class continues the request.
5354 TestDelegate::OnReadCompleted(request, bytes_read);
5355 }
5356
5357 const CancelStage cancel_stage_;
5358 };
5359
5360 // Tests handling of delegate info before a request starts.
TEST_F(URLRequestTestHTTP,DelegateInfoBeforeStart)5361 TEST_F(URLRequestTestHTTP, DelegateInfoBeforeStart) {
5362 ASSERT_TRUE(http_test_server()->Start());
5363
5364 TestDelegate request_delegate;
5365 auto context_builder = CreateTestURLRequestContextBuilder();
5366 context_builder->set_net_log(NetLog::Get());
5367 auto context = context_builder->Build();
5368
5369 {
5370 std::unique_ptr<URLRequest> r(context->CreateRequest(
5371 http_test_server()->GetURL("/defaultresponse"), DEFAULT_PRIORITY,
5372 &request_delegate, TRAFFIC_ANNOTATION_FOR_TESTS));
5373 LoadStateWithParam load_state = r->GetLoadState();
5374 EXPECT_EQ(LOAD_STATE_IDLE, load_state.state);
5375 EXPECT_EQ(std::u16string(), load_state.param);
5376
5377 AsyncDelegateLogger::Run(
5378 r.get(), LOAD_STATE_WAITING_FOR_DELEGATE,
5379 LOAD_STATE_WAITING_FOR_DELEGATE, LOAD_STATE_IDLE,
5380 base::BindOnce(&URLRequest::Start, base::Unretained(r.get())));
5381
5382 request_delegate.RunUntilComplete();
5383
5384 EXPECT_EQ(200, r->GetResponseCode());
5385 EXPECT_EQ(OK, request_delegate.request_status());
5386 }
5387
5388 auto entries = net_log_observer_.GetEntries();
5389 size_t log_position = ExpectLogContainsSomewhereAfter(
5390 entries, 0, NetLogEventType::DELEGATE_INFO, NetLogEventPhase::BEGIN);
5391
5392 log_position = AsyncDelegateLogger::CheckDelegateInfo(entries, log_position);
5393
5394 // Nothing else should add any delegate info to the request.
5395 EXPECT_FALSE(LogContainsEntryWithTypeAfter(entries, log_position + 1,
5396 NetLogEventType::DELEGATE_INFO));
5397 }
5398
5399 // Tests handling of delegate info from a network delegate.
TEST_F(URLRequestTestHTTP,NetworkDelegateInfo)5400 TEST_F(URLRequestTestHTTP, NetworkDelegateInfo) {
5401 ASSERT_TRUE(http_test_server()->Start());
5402
5403 TestDelegate request_delegate;
5404 auto context_builder = CreateTestURLRequestContextBuilder();
5405 auto& network_delegate = *context_builder->set_network_delegate(
5406 std::make_unique<AsyncLoggingNetworkDelegate>());
5407 context_builder->set_net_log(NetLog::Get());
5408 auto context = context_builder->Build();
5409
5410 {
5411 std::unique_ptr<URLRequest> r(context->CreateRequest(
5412 http_test_server()->GetURL("/simple.html"), DEFAULT_PRIORITY,
5413 &request_delegate, TRAFFIC_ANNOTATION_FOR_TESTS));
5414 LoadStateWithParam load_state = r->GetLoadState();
5415 EXPECT_EQ(LOAD_STATE_IDLE, load_state.state);
5416 EXPECT_EQ(std::u16string(), load_state.param);
5417
5418 r->Start();
5419 request_delegate.RunUntilComplete();
5420
5421 EXPECT_EQ(200, r->GetResponseCode());
5422 EXPECT_EQ(OK, request_delegate.request_status());
5423 EXPECT_EQ(1, network_delegate.created_requests());
5424 EXPECT_EQ(0, network_delegate.destroyed_requests());
5425 }
5426 EXPECT_EQ(1, network_delegate.destroyed_requests());
5427
5428 size_t log_position = 0;
5429 auto entries = net_log_observer_.GetEntries();
5430 static const NetLogEventType kExpectedEvents[] = {
5431 NetLogEventType::NETWORK_DELEGATE_BEFORE_URL_REQUEST,
5432 NetLogEventType::NETWORK_DELEGATE_BEFORE_START_TRANSACTION,
5433 NetLogEventType::NETWORK_DELEGATE_HEADERS_RECEIVED,
5434 };
5435 for (NetLogEventType event : kExpectedEvents) {
5436 SCOPED_TRACE(NetLogEventTypeToString(event));
5437 log_position = ExpectLogContainsSomewhereAfter(
5438 entries, log_position + 1, event, NetLogEventPhase::BEGIN);
5439
5440 log_position =
5441 AsyncDelegateLogger::CheckDelegateInfo(entries, log_position + 1);
5442
5443 ASSERT_LT(log_position, entries.size());
5444 EXPECT_EQ(event, entries[log_position].type);
5445 EXPECT_EQ(NetLogEventPhase::END, entries[log_position].phase);
5446 }
5447
5448 EXPECT_FALSE(LogContainsEntryWithTypeAfter(entries, log_position + 1,
5449 NetLogEventType::DELEGATE_INFO));
5450 }
5451
5452 // Tests handling of delegate info from a network delegate in the case of an
5453 // HTTP redirect.
TEST_F(URLRequestTestHTTP,NetworkDelegateInfoRedirect)5454 TEST_F(URLRequestTestHTTP, NetworkDelegateInfoRedirect) {
5455 ASSERT_TRUE(http_test_server()->Start());
5456
5457 TestDelegate request_delegate;
5458 auto context_builder = CreateTestURLRequestContextBuilder();
5459 auto& network_delegate = *context_builder->set_network_delegate(
5460 std::make_unique<AsyncLoggingNetworkDelegate>());
5461 auto context = context_builder->Build();
5462
5463 {
5464 std::unique_ptr<URLRequest> r(context->CreateRequest(
5465 http_test_server()->GetURL("/server-redirect?simple.html"),
5466 DEFAULT_PRIORITY, &request_delegate, TRAFFIC_ANNOTATION_FOR_TESTS));
5467 LoadStateWithParam load_state = r->GetLoadState();
5468 EXPECT_EQ(LOAD_STATE_IDLE, load_state.state);
5469 EXPECT_EQ(std::u16string(), load_state.param);
5470
5471 r->Start();
5472 request_delegate.RunUntilComplete();
5473
5474 EXPECT_EQ(200, r->GetResponseCode());
5475 EXPECT_EQ(OK, request_delegate.request_status());
5476 EXPECT_EQ(2, network_delegate.created_requests());
5477 EXPECT_EQ(0, network_delegate.destroyed_requests());
5478 }
5479 EXPECT_EQ(1, network_delegate.destroyed_requests());
5480
5481 size_t log_position = 0;
5482 auto entries = net_log_observer_.GetEntries();
5483 static const NetLogEventType kExpectedEvents[] = {
5484 NetLogEventType::NETWORK_DELEGATE_BEFORE_URL_REQUEST,
5485 NetLogEventType::NETWORK_DELEGATE_BEFORE_START_TRANSACTION,
5486 NetLogEventType::NETWORK_DELEGATE_HEADERS_RECEIVED,
5487 };
5488 for (NetLogEventType event : kExpectedEvents) {
5489 SCOPED_TRACE(NetLogEventTypeToString(event));
5490 log_position = ExpectLogContainsSomewhereAfter(
5491 entries, log_position + 1, event, NetLogEventPhase::BEGIN);
5492
5493 log_position =
5494 AsyncDelegateLogger::CheckDelegateInfo(entries, log_position + 1);
5495
5496 ASSERT_LT(log_position, entries.size());
5497 EXPECT_EQ(event, entries[log_position].type);
5498 EXPECT_EQ(NetLogEventPhase::END, entries[log_position].phase);
5499 }
5500
5501 // The URLRequest::Delegate then gets informed about the redirect.
5502 log_position = ExpectLogContainsSomewhereAfter(
5503 entries, log_position + 1,
5504 NetLogEventType::URL_REQUEST_DELEGATE_RECEIVED_REDIRECT,
5505 NetLogEventPhase::BEGIN);
5506
5507 // The NetworkDelegate logged information in the same three events as before.
5508 for (NetLogEventType event : kExpectedEvents) {
5509 SCOPED_TRACE(NetLogEventTypeToString(event));
5510 log_position = ExpectLogContainsSomewhereAfter(
5511 entries, log_position + 1, event, NetLogEventPhase::BEGIN);
5512
5513 log_position =
5514 AsyncDelegateLogger::CheckDelegateInfo(entries, log_position + 1);
5515
5516 ASSERT_LT(log_position, entries.size());
5517 EXPECT_EQ(event, entries[log_position].type);
5518 EXPECT_EQ(NetLogEventPhase::END, entries[log_position].phase);
5519 }
5520
5521 EXPECT_FALSE(LogContainsEntryWithTypeAfter(entries, log_position + 1,
5522 NetLogEventType::DELEGATE_INFO));
5523 }
5524
5525 // Tests handling of delegate info from a URLRequest::Delegate.
TEST_F(URLRequestTestHTTP,URLRequestDelegateInfo)5526 TEST_F(URLRequestTestHTTP, URLRequestDelegateInfo) {
5527 ASSERT_TRUE(http_test_server()->Start());
5528
5529 AsyncLoggingUrlRequestDelegate request_delegate(
5530 AsyncLoggingUrlRequestDelegate::NO_CANCEL);
5531 auto context_builder = CreateTestURLRequestContextBuilder();
5532 context_builder->set_net_log(NetLog::Get());
5533 auto context = context_builder->Build();
5534
5535 {
5536 // A chunked response with delays between chunks is used to make sure that
5537 // attempts by the URLRequest delegate to log information while reading the
5538 // body are ignored. Since they are ignored, this test is robust against
5539 // the possibility of multiple reads being combined in the unlikely event
5540 // that it occurs.
5541 std::unique_ptr<URLRequest> r(context->CreateRequest(
5542 http_test_server()->GetURL("/chunked?waitBetweenChunks=20"),
5543 DEFAULT_PRIORITY, &request_delegate, TRAFFIC_ANNOTATION_FOR_TESTS));
5544 LoadStateWithParam load_state = r->GetLoadState();
5545 r->Start();
5546 request_delegate.RunUntilComplete();
5547
5548 EXPECT_EQ(200, r->GetResponseCode());
5549 EXPECT_EQ(OK, request_delegate.request_status());
5550 }
5551
5552 auto entries = net_log_observer_.GetEntries();
5553
5554 size_t log_position = 0;
5555
5556 // The delegate info should only have been logged on header complete. Other
5557 // times it should silently be ignored.
5558 log_position = ExpectLogContainsSomewhereAfter(
5559 entries, log_position + 1,
5560 NetLogEventType::URL_REQUEST_DELEGATE_RESPONSE_STARTED,
5561 NetLogEventPhase::BEGIN);
5562
5563 log_position =
5564 AsyncDelegateLogger::CheckDelegateInfo(entries, log_position + 1);
5565
5566 ASSERT_LT(log_position, entries.size());
5567 EXPECT_EQ(NetLogEventType::URL_REQUEST_DELEGATE_RESPONSE_STARTED,
5568 entries[log_position].type);
5569 EXPECT_EQ(NetLogEventPhase::END, entries[log_position].phase);
5570
5571 EXPECT_FALSE(LogContainsEntryWithTypeAfter(entries, log_position + 1,
5572 NetLogEventType::DELEGATE_INFO));
5573 EXPECT_FALSE(LogContainsEntryWithTypeAfter(
5574 entries, log_position + 1,
5575 NetLogEventType::URL_REQUEST_DELEGATE_RESPONSE_STARTED));
5576 }
5577
5578 // Tests handling of delegate info from a URLRequest::Delegate in the case of
5579 // an HTTP redirect.
TEST_F(URLRequestTestHTTP,URLRequestDelegateInfoOnRedirect)5580 TEST_F(URLRequestTestHTTP, URLRequestDelegateInfoOnRedirect) {
5581 ASSERT_TRUE(http_test_server()->Start());
5582
5583 AsyncLoggingUrlRequestDelegate request_delegate(
5584 AsyncLoggingUrlRequestDelegate::NO_CANCEL);
5585 auto context_builder = CreateTestURLRequestContextBuilder();
5586 context_builder->set_net_log(NetLog::Get());
5587 auto context = context_builder->Build();
5588
5589 {
5590 std::unique_ptr<URLRequest> r(context->CreateRequest(
5591 http_test_server()->GetURL("/server-redirect?simple.html"),
5592 DEFAULT_PRIORITY, &request_delegate, TRAFFIC_ANNOTATION_FOR_TESTS));
5593 LoadStateWithParam load_state = r->GetLoadState();
5594 r->Start();
5595 request_delegate.RunUntilComplete();
5596
5597 EXPECT_EQ(200, r->GetResponseCode());
5598 EXPECT_EQ(OK, request_delegate.request_status());
5599 }
5600
5601 auto entries = net_log_observer_.GetEntries();
5602
5603 // Delegate info should only have been logged in OnReceivedRedirect and
5604 // OnResponseStarted.
5605 size_t log_position = 0;
5606 static const NetLogEventType kExpectedEvents[] = {
5607 NetLogEventType::URL_REQUEST_DELEGATE_RECEIVED_REDIRECT,
5608 NetLogEventType::URL_REQUEST_DELEGATE_RESPONSE_STARTED,
5609 };
5610 for (NetLogEventType event : kExpectedEvents) {
5611 SCOPED_TRACE(NetLogEventTypeToString(event));
5612 log_position = ExpectLogContainsSomewhereAfter(entries, log_position, event,
5613 NetLogEventPhase::BEGIN);
5614
5615 log_position =
5616 AsyncDelegateLogger::CheckDelegateInfo(entries, log_position + 1);
5617
5618 ASSERT_LT(log_position, entries.size());
5619 EXPECT_EQ(event, entries[log_position].type);
5620 EXPECT_EQ(NetLogEventPhase::END, entries[log_position].phase);
5621 }
5622
5623 EXPECT_FALSE(LogContainsEntryWithTypeAfter(entries, log_position + 1,
5624 NetLogEventType::DELEGATE_INFO));
5625 }
5626
5627 // Tests handling of delegate info from a URLRequest::Delegate in the case of
5628 // an HTTP redirect, with cancellation at various points.
TEST_F(URLRequestTestHTTP,URLRequestDelegateOnRedirectCancelled)5629 TEST_F(URLRequestTestHTTP, URLRequestDelegateOnRedirectCancelled) {
5630 ASSERT_TRUE(http_test_server()->Start());
5631
5632 const AsyncLoggingUrlRequestDelegate::CancelStage kCancelStages[] = {
5633 AsyncLoggingUrlRequestDelegate::CANCEL_ON_RECEIVED_REDIRECT,
5634 AsyncLoggingUrlRequestDelegate::CANCEL_ON_RESPONSE_STARTED,
5635 AsyncLoggingUrlRequestDelegate::CANCEL_ON_READ_COMPLETED,
5636 };
5637
5638 for (auto cancel_stage : kCancelStages) {
5639 AsyncLoggingUrlRequestDelegate request_delegate(cancel_stage);
5640 RecordingNetLogObserver net_log_observer;
5641 auto context_builder = CreateTestURLRequestContextBuilder();
5642 context_builder->set_net_log(NetLog::Get());
5643 auto context = context_builder->Build();
5644
5645 {
5646 std::unique_ptr<URLRequest> r(context->CreateRequest(
5647 http_test_server()->GetURL("/server-redirect?simple.html"),
5648 DEFAULT_PRIORITY, &request_delegate, TRAFFIC_ANNOTATION_FOR_TESTS));
5649 LoadStateWithParam load_state = r->GetLoadState();
5650 r->Start();
5651 request_delegate.RunUntilComplete();
5652 EXPECT_EQ(ERR_ABORTED, request_delegate.request_status());
5653
5654 // Spin the message loop to run AsyncDelegateLogger task(s) posted after
5655 // the |request_delegate| completion task.
5656 base::RunLoop().RunUntilIdle();
5657 }
5658
5659 auto entries = net_log_observer.GetEntries();
5660
5661 // Delegate info is always logged in both OnReceivedRedirect and
5662 // OnResponseStarted. In the CANCEL_ON_RECEIVED_REDIRECT, the
5663 // OnResponseStarted delegate call is after cancellation, but logging is
5664 // still currently supported in that call.
5665 size_t log_position = 0;
5666 static const NetLogEventType kExpectedEvents[] = {
5667 NetLogEventType::URL_REQUEST_DELEGATE_RECEIVED_REDIRECT,
5668 NetLogEventType::URL_REQUEST_DELEGATE_RESPONSE_STARTED,
5669 };
5670 for (NetLogEventType event : kExpectedEvents) {
5671 SCOPED_TRACE(NetLogEventTypeToString(event));
5672 log_position = ExpectLogContainsSomewhereAfter(
5673 entries, log_position, event, NetLogEventPhase::BEGIN);
5674
5675 log_position =
5676 AsyncDelegateLogger::CheckDelegateInfo(entries, log_position + 1);
5677
5678 ASSERT_LT(log_position, entries.size());
5679 EXPECT_EQ(event, entries[log_position].type);
5680 EXPECT_EQ(NetLogEventPhase::END, entries[log_position].phase);
5681 }
5682
5683 EXPECT_FALSE(LogContainsEntryWithTypeAfter(entries, log_position + 1,
5684 NetLogEventType::DELEGATE_INFO));
5685 }
5686 }
5687
5688 namespace {
5689
5690 const char kExtraHeader[] = "Allow-Snafu";
5691 const char kExtraValue[] = "fubar";
5692
5693 class RedirectWithAdditionalHeadersDelegate : public TestDelegate {
OnReceivedRedirect(URLRequest * request,const RedirectInfo & redirect_info,bool * defer_redirect)5694 void OnReceivedRedirect(URLRequest* request,
5695 const RedirectInfo& redirect_info,
5696 bool* defer_redirect) override {
5697 TestDelegate::OnReceivedRedirect(request, redirect_info, defer_redirect);
5698 request->SetExtraRequestHeaderByName(kExtraHeader, kExtraValue, false);
5699 }
5700 };
5701
5702 } // namespace
5703
TEST_F(URLRequestTestHTTP,RedirectWithAdditionalHeadersTest)5704 TEST_F(URLRequestTestHTTP, RedirectWithAdditionalHeadersTest) {
5705 ASSERT_TRUE(http_test_server()->Start());
5706
5707 GURL destination_url =
5708 http_test_server()->GetURL("/echoheader?" + std::string(kExtraHeader));
5709 GURL original_url =
5710 http_test_server()->GetURL("/server-redirect?" + destination_url.spec());
5711 RedirectWithAdditionalHeadersDelegate d;
5712 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
5713 original_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
5714 req->Start();
5715 d.RunUntilComplete();
5716
5717 std::string value;
5718 const HttpRequestHeaders& headers = req->extra_request_headers();
5719 EXPECT_TRUE(headers.GetHeader(kExtraHeader, &value));
5720 EXPECT_EQ(kExtraValue, value);
5721 EXPECT_FALSE(req->is_pending());
5722 EXPECT_FALSE(req->is_redirecting());
5723 EXPECT_EQ(kExtraValue, d.data_received());
5724 }
5725
5726 namespace {
5727
5728 const char kExtraHeaderToRemove[] = "To-Be-Removed";
5729
5730 class RedirectWithHeaderRemovalDelegate : public TestDelegate {
OnReceivedRedirect(URLRequest * request,const RedirectInfo & redirect_info,bool * defer_redirect)5731 void OnReceivedRedirect(URLRequest* request,
5732 const RedirectInfo& redirect_info,
5733 bool* defer_redirect) override {
5734 TestDelegate::OnReceivedRedirect(request, redirect_info, defer_redirect);
5735 request->RemoveRequestHeaderByName(kExtraHeaderToRemove);
5736 }
5737 };
5738
5739 } // namespace
5740
TEST_F(URLRequestTestHTTP,RedirectWithHeaderRemovalTest)5741 TEST_F(URLRequestTestHTTP, RedirectWithHeaderRemovalTest) {
5742 ASSERT_TRUE(http_test_server()->Start());
5743
5744 GURL destination_url = http_test_server()->GetURL(
5745 "/echoheader?" + std::string(kExtraHeaderToRemove));
5746 GURL original_url =
5747 http_test_server()->GetURL("/server-redirect?" + destination_url.spec());
5748 RedirectWithHeaderRemovalDelegate d;
5749 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
5750 original_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
5751 req->SetExtraRequestHeaderByName(kExtraHeaderToRemove, "dummy", false);
5752 req->Start();
5753 d.RunUntilComplete();
5754
5755 std::string value;
5756 const HttpRequestHeaders& headers = req->extra_request_headers();
5757 EXPECT_FALSE(headers.GetHeader(kExtraHeaderToRemove, &value));
5758 EXPECT_FALSE(req->is_pending());
5759 EXPECT_FALSE(req->is_redirecting());
5760 EXPECT_EQ("None", d.data_received());
5761 }
5762
TEST_F(URLRequestTestHTTP,CancelAfterStart)5763 TEST_F(URLRequestTestHTTP, CancelAfterStart) {
5764 TestDelegate d;
5765 {
5766 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
5767 GURL("http://www.google.com/"), DEFAULT_PRIORITY, &d,
5768 TRAFFIC_ANNOTATION_FOR_TESTS));
5769
5770 r->Start();
5771 EXPECT_TRUE(r->is_pending());
5772
5773 r->Cancel();
5774
5775 d.RunUntilComplete();
5776
5777 // We expect to receive OnResponseStarted even though the request has been
5778 // cancelled.
5779 EXPECT_EQ(1, d.response_started_count());
5780 EXPECT_EQ(0, d.bytes_received());
5781 EXPECT_FALSE(d.received_data_before_response());
5782 }
5783 }
5784
TEST_F(URLRequestTestHTTP,CancelInResponseStarted)5785 TEST_F(URLRequestTestHTTP, CancelInResponseStarted) {
5786 ASSERT_TRUE(http_test_server()->Start());
5787
5788 TestDelegate d;
5789 {
5790 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
5791 http_test_server()->GetURL("/"), DEFAULT_PRIORITY, &d,
5792 TRAFFIC_ANNOTATION_FOR_TESTS));
5793
5794 d.set_cancel_in_response_started(true);
5795
5796 r->Start();
5797 EXPECT_TRUE(r->is_pending());
5798
5799 d.RunUntilComplete();
5800
5801 EXPECT_EQ(1, d.response_started_count());
5802 EXPECT_EQ(0, d.bytes_received());
5803 EXPECT_FALSE(d.received_data_before_response());
5804 EXPECT_EQ(ERR_ABORTED, d.request_status());
5805 }
5806 }
5807
TEST_F(URLRequestTestHTTP,CancelOnDataReceived)5808 TEST_F(URLRequestTestHTTP, CancelOnDataReceived) {
5809 ASSERT_TRUE(http_test_server()->Start());
5810
5811 TestDelegate d;
5812 {
5813 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
5814 http_test_server()->GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d,
5815 TRAFFIC_ANNOTATION_FOR_TESTS));
5816
5817 d.set_cancel_in_received_data(true);
5818
5819 r->Start();
5820 EXPECT_TRUE(r->is_pending());
5821
5822 d.RunUntilComplete();
5823
5824 EXPECT_EQ(1, d.response_started_count());
5825 EXPECT_NE(0, d.received_bytes_count());
5826 EXPECT_FALSE(d.received_data_before_response());
5827 EXPECT_EQ(ERR_ABORTED, d.request_status());
5828 }
5829 }
5830
TEST_F(URLRequestTestHTTP,CancelDuringEofRead)5831 TEST_F(URLRequestTestHTTP, CancelDuringEofRead) {
5832 ASSERT_TRUE(http_test_server()->Start());
5833
5834 TestDelegate d;
5835 {
5836 // This returns an empty response (With headers).
5837 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
5838 http_test_server()->GetURL("/"), DEFAULT_PRIORITY, &d,
5839 TRAFFIC_ANNOTATION_FOR_TESTS));
5840
5841 d.set_cancel_in_received_data(true);
5842
5843 r->Start();
5844 EXPECT_TRUE(r->is_pending());
5845
5846 d.RunUntilComplete();
5847
5848 EXPECT_EQ(1, d.response_started_count());
5849 EXPECT_EQ(0, d.received_bytes_count());
5850 EXPECT_FALSE(d.received_data_before_response());
5851 EXPECT_EQ(ERR_ABORTED, d.request_status());
5852 }
5853 }
5854
TEST_F(URLRequestTestHTTP,CancelByDestroyingAfterStart)5855 TEST_F(URLRequestTestHTTP, CancelByDestroyingAfterStart) {
5856 ASSERT_TRUE(http_test_server()->Start());
5857
5858 TestDelegate d;
5859 {
5860 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
5861 http_test_server()->GetURL("/"), DEFAULT_PRIORITY, &d,
5862 TRAFFIC_ANNOTATION_FOR_TESTS));
5863
5864 r->Start();
5865 EXPECT_TRUE(r->is_pending());
5866
5867 // The request will be implicitly canceled when it is destroyed. The
5868 // test delegate must not post a quit message when this happens because
5869 // this test doesn't actually have a message loop. The quit message would
5870 // get put on this thread's message queue and the next test would exit
5871 // early, causing problems.
5872 d.set_on_complete(base::DoNothing());
5873 }
5874 // expect things to just cleanup properly.
5875
5876 // we won't actually get a received response here because we've never run the
5877 // message loop
5878 EXPECT_FALSE(d.received_data_before_response());
5879 EXPECT_EQ(0, d.bytes_received());
5880 }
5881
TEST_F(URLRequestTestHTTP,CancelWhileReadingFromCache)5882 TEST_F(URLRequestTestHTTP, CancelWhileReadingFromCache) {
5883 ASSERT_TRUE(http_test_server()->Start());
5884
5885 // populate cache
5886 {
5887 TestDelegate d;
5888 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
5889 http_test_server()->GetURL("/cachetime"), DEFAULT_PRIORITY, &d,
5890 TRAFFIC_ANNOTATION_FOR_TESTS));
5891 r->Start();
5892 d.RunUntilComplete();
5893 EXPECT_EQ(OK, d.request_status());
5894 }
5895
5896 // cancel read from cache (see bug 990242)
5897 {
5898 TestDelegate d;
5899 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
5900 http_test_server()->GetURL("/cachetime"), DEFAULT_PRIORITY, &d,
5901 TRAFFIC_ANNOTATION_FOR_TESTS));
5902 r->Start();
5903 r->Cancel();
5904 d.RunUntilComplete();
5905
5906 EXPECT_EQ(ERR_ABORTED, d.request_status());
5907 EXPECT_EQ(1, d.response_started_count());
5908 EXPECT_EQ(0, d.bytes_received());
5909 EXPECT_FALSE(d.received_data_before_response());
5910 }
5911 }
5912
TEST_F(URLRequestTestHTTP,PostTest)5913 TEST_F(URLRequestTestHTTP, PostTest) {
5914 ASSERT_TRUE(http_test_server()->Start());
5915 HTTPUploadDataOperationTest("POST");
5916 }
5917
TEST_F(URLRequestTestHTTP,PutTest)5918 TEST_F(URLRequestTestHTTP, PutTest) {
5919 ASSERT_TRUE(http_test_server()->Start());
5920 HTTPUploadDataOperationTest("PUT");
5921 }
5922
TEST_F(URLRequestTestHTTP,PostEmptyTest)5923 TEST_F(URLRequestTestHTTP, PostEmptyTest) {
5924 ASSERT_TRUE(http_test_server()->Start());
5925
5926 TestDelegate d;
5927 {
5928 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
5929 http_test_server()->GetURL("/echo"), DEFAULT_PRIORITY, &d,
5930 TRAFFIC_ANNOTATION_FOR_TESTS));
5931 r->set_method("POST");
5932
5933 r->Start();
5934 EXPECT_TRUE(r->is_pending());
5935
5936 d.RunUntilComplete();
5937
5938 ASSERT_EQ(1, d.response_started_count())
5939 << "request failed. Error: " << d.request_status();
5940
5941 EXPECT_FALSE(d.received_data_before_response());
5942 EXPECT_TRUE(d.data_received().empty());
5943 }
5944 }
5945
TEST_F(URLRequestTestHTTP,PostFileTest)5946 TEST_F(URLRequestTestHTTP, PostFileTest) {
5947 ASSERT_TRUE(http_test_server()->Start());
5948
5949 TestDelegate d;
5950 {
5951 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
5952 http_test_server()->GetURL("/echo"), DEFAULT_PRIORITY, &d,
5953 TRAFFIC_ANNOTATION_FOR_TESTS));
5954 r->set_method("POST");
5955
5956 base::FilePath dir;
5957 base::PathService::Get(base::DIR_EXE, &dir);
5958 base::SetCurrentDirectory(dir);
5959
5960 std::vector<std::unique_ptr<UploadElementReader>> element_readers;
5961
5962 base::FilePath path;
5963 base::PathService::Get(base::DIR_SRC_TEST_DATA_ROOT, &path);
5964 path = path.Append(kTestFilePath);
5965 path = path.Append(FILE_PATH_LITERAL("with-headers.html"));
5966 element_readers.push_back(std::make_unique<UploadFileElementReader>(
5967 base::SingleThreadTaskRunner::GetCurrentDefault().get(), path, 0,
5968 std::numeric_limits<uint64_t>::max(), base::Time()));
5969 r->set_upload(std::make_unique<ElementsUploadDataStream>(
5970 std::move(element_readers), 0));
5971
5972 r->Start();
5973 EXPECT_TRUE(r->is_pending());
5974
5975 d.RunUntilComplete();
5976
5977 int64_t size64 = 0;
5978 ASSERT_EQ(true, base::GetFileSize(path, &size64));
5979 ASSERT_LE(size64, std::numeric_limits<int>::max());
5980 int size = static_cast<int>(size64);
5981 auto buf = std::make_unique<char[]>(size);
5982
5983 ASSERT_EQ(size, base::ReadFile(path, buf.get(), size));
5984
5985 ASSERT_EQ(1, d.response_started_count())
5986 << "request failed. Error: " << d.request_status();
5987
5988 EXPECT_FALSE(d.received_data_before_response());
5989
5990 EXPECT_EQ(size, d.bytes_received());
5991 EXPECT_EQ(std::string(&buf[0], size), d.data_received());
5992 }
5993 }
5994
TEST_F(URLRequestTestHTTP,PostUnreadableFileTest)5995 TEST_F(URLRequestTestHTTP, PostUnreadableFileTest) {
5996 ASSERT_TRUE(http_test_server()->Start());
5997
5998 TestDelegate d;
5999 {
6000 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
6001 http_test_server()->GetURL("/echo"), DEFAULT_PRIORITY, &d,
6002 TRAFFIC_ANNOTATION_FOR_TESTS));
6003 r->set_method("POST");
6004
6005 std::vector<std::unique_ptr<UploadElementReader>> element_readers;
6006
6007 element_readers.push_back(std::make_unique<UploadFileElementReader>(
6008 base::SingleThreadTaskRunner::GetCurrentDefault().get(),
6009 base::FilePath(FILE_PATH_LITERAL(
6010 "c:\\path\\to\\non\\existant\\file.randomness.12345")),
6011 0, std::numeric_limits<uint64_t>::max(), base::Time()));
6012 r->set_upload(std::make_unique<ElementsUploadDataStream>(
6013 std::move(element_readers), 0));
6014
6015 r->Start();
6016 EXPECT_TRUE(r->is_pending());
6017
6018 d.RunUntilComplete();
6019
6020 EXPECT_TRUE(d.request_failed());
6021 EXPECT_FALSE(d.received_data_before_response());
6022 EXPECT_EQ(0, d.bytes_received());
6023 EXPECT_EQ(ERR_FILE_NOT_FOUND, d.request_status());
6024 }
6025 }
6026
6027 namespace {
6028
6029 // Adds a standard set of data to an upload for chunked upload integration
6030 // tests.
AddDataToUpload(ChunkedUploadDataStream::Writer * writer)6031 void AddDataToUpload(ChunkedUploadDataStream::Writer* writer) {
6032 writer->AppendData("a", 1, false);
6033 writer->AppendData("bcd", 3, false);
6034 writer->AppendData("this is a longer chunk than before.", 35, false);
6035 writer->AppendData("\r\n\r\n", 4, false);
6036 writer->AppendData("0", 1, false);
6037 writer->AppendData("2323", 4, true);
6038 }
6039
6040 // Checks that the upload data added in AddChunksToUpload() was echoed back from
6041 // the server.
VerifyReceivedDataMatchesChunks(URLRequest * r,TestDelegate * d)6042 void VerifyReceivedDataMatchesChunks(URLRequest* r, TestDelegate* d) {
6043 // This should match the chunks sent by AddChunksToUpload().
6044 const std::string expected_data =
6045 "abcdthis is a longer chunk than before.\r\n\r\n02323";
6046
6047 ASSERT_EQ(1, d->response_started_count())
6048 << "request failed. Error: " << d->request_status();
6049
6050 EXPECT_FALSE(d->received_data_before_response());
6051
6052 EXPECT_EQ(expected_data.size(), static_cast<size_t>(d->bytes_received()));
6053 EXPECT_EQ(expected_data, d->data_received());
6054 }
6055
6056 } // namespace
6057
TEST_F(URLRequestTestHTTP,TestPostChunkedDataBeforeStart)6058 TEST_F(URLRequestTestHTTP, TestPostChunkedDataBeforeStart) {
6059 ASSERT_TRUE(http_test_server()->Start());
6060
6061 TestDelegate d;
6062 {
6063 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
6064 http_test_server()->GetURL("/echo"), DEFAULT_PRIORITY, &d,
6065 TRAFFIC_ANNOTATION_FOR_TESTS));
6066 auto upload_data_stream = std::make_unique<ChunkedUploadDataStream>(0);
6067 std::unique_ptr<ChunkedUploadDataStream::Writer> writer =
6068 upload_data_stream->CreateWriter();
6069 r->set_upload(std::move(upload_data_stream));
6070 r->set_method("POST");
6071 AddDataToUpload(writer.get());
6072 r->Start();
6073 EXPECT_TRUE(r->is_pending());
6074
6075 d.RunUntilComplete();
6076
6077 VerifyReceivedDataMatchesChunks(r.get(), &d);
6078 }
6079 }
6080
TEST_F(URLRequestTestHTTP,TestPostChunkedDataJustAfterStart)6081 TEST_F(URLRequestTestHTTP, TestPostChunkedDataJustAfterStart) {
6082 ASSERT_TRUE(http_test_server()->Start());
6083
6084 TestDelegate d;
6085 {
6086 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
6087 http_test_server()->GetURL("/echo"), DEFAULT_PRIORITY, &d,
6088 TRAFFIC_ANNOTATION_FOR_TESTS));
6089 auto upload_data_stream = std::make_unique<ChunkedUploadDataStream>(0);
6090 std::unique_ptr<ChunkedUploadDataStream::Writer> writer =
6091 upload_data_stream->CreateWriter();
6092 r->set_upload(std::move(upload_data_stream));
6093 r->set_method("POST");
6094 r->Start();
6095 EXPECT_TRUE(r->is_pending());
6096 AddDataToUpload(writer.get());
6097 d.RunUntilComplete();
6098
6099 VerifyReceivedDataMatchesChunks(r.get(), &d);
6100 }
6101 }
6102
TEST_F(URLRequestTestHTTP,TestPostChunkedDataAfterStart)6103 TEST_F(URLRequestTestHTTP, TestPostChunkedDataAfterStart) {
6104 ASSERT_TRUE(http_test_server()->Start());
6105
6106 TestDelegate d;
6107 {
6108 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
6109 http_test_server()->GetURL("/echo"), DEFAULT_PRIORITY, &d,
6110 TRAFFIC_ANNOTATION_FOR_TESTS));
6111 auto upload_data_stream = std::make_unique<ChunkedUploadDataStream>(0);
6112 std::unique_ptr<ChunkedUploadDataStream::Writer> writer =
6113 upload_data_stream->CreateWriter();
6114 r->set_upload(std::move(upload_data_stream));
6115 r->set_method("POST");
6116 r->Start();
6117 EXPECT_TRUE(r->is_pending());
6118
6119 // Pump messages until we start sending headers..
6120 base::RunLoop().RunUntilIdle();
6121
6122 // And now wait for completion.
6123 base::RunLoop run_loop;
6124 d.set_on_complete(run_loop.QuitClosure());
6125 AddDataToUpload(writer.get());
6126 run_loop.Run();
6127
6128 VerifyReceivedDataMatchesChunks(r.get(), &d);
6129 }
6130 }
6131
TEST_F(URLRequestTestHTTP,ResponseHeadersTest)6132 TEST_F(URLRequestTestHTTP, ResponseHeadersTest) {
6133 ASSERT_TRUE(http_test_server()->Start());
6134
6135 TestDelegate d;
6136 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
6137 http_test_server()->GetURL("/with-headers.html"), DEFAULT_PRIORITY, &d,
6138 TRAFFIC_ANNOTATION_FOR_TESTS));
6139 req->Start();
6140 d.RunUntilComplete();
6141
6142 const HttpResponseHeaders* headers = req->response_headers();
6143
6144 // Simple sanity check that response_info() accesses the same data.
6145 EXPECT_EQ(headers, req->response_info().headers.get());
6146
6147 std::string header;
6148 EXPECT_TRUE(headers->GetNormalizedHeader("cache-control", &header));
6149 EXPECT_EQ("private", header);
6150
6151 header.clear();
6152 EXPECT_TRUE(headers->GetNormalizedHeader("content-type", &header));
6153 EXPECT_EQ("text/html; charset=ISO-8859-1", header);
6154
6155 // The response has two "X-Multiple-Entries" headers.
6156 // This verfies our output has them concatenated together.
6157 header.clear();
6158 EXPECT_TRUE(headers->GetNormalizedHeader("x-multiple-entries", &header));
6159 EXPECT_EQ("a, b", header);
6160 }
6161
6162 // TODO(svaldez): iOS tests are flaky with EmbeddedTestServer and transport
6163 // security state. (see http://crbug.com/550977).
6164 #if !BUILDFLAG(IS_IOS)
TEST_F(URLRequestTestHTTP,ProcessSTS)6165 TEST_F(URLRequestTestHTTP, ProcessSTS) {
6166 EmbeddedTestServer https_test_server(net::EmbeddedTestServer::TYPE_HTTPS);
6167 https_test_server.SetSSLConfig(
6168 net::EmbeddedTestServer::CERT_COMMON_NAME_IS_DOMAIN);
6169 https_test_server.ServeFilesFromSourceDirectory(
6170 base::FilePath(kTestFilePath));
6171 ASSERT_TRUE(https_test_server.Start());
6172
6173 std::string test_server_hostname = https_test_server.GetURL("/").host();
6174 TestDelegate d;
6175 std::unique_ptr<URLRequest> request(default_context().CreateRequest(
6176 https_test_server.GetURL("/hsts-headers.html"), DEFAULT_PRIORITY, &d,
6177 TRAFFIC_ANNOTATION_FOR_TESTS));
6178 request->Start();
6179 d.RunUntilComplete();
6180
6181 TransportSecurityState* security_state =
6182 default_context().transport_security_state();
6183 TransportSecurityState::STSState sts_state;
6184 TransportSecurityState::PKPState pkp_state;
6185 EXPECT_TRUE(
6186 security_state->GetDynamicSTSState(test_server_hostname, &sts_state));
6187 EXPECT_FALSE(
6188 security_state->GetDynamicPKPState(test_server_hostname, &pkp_state));
6189 EXPECT_EQ(TransportSecurityState::STSState::MODE_FORCE_HTTPS,
6190 sts_state.upgrade_mode);
6191 EXPECT_TRUE(sts_state.include_subdomains);
6192 EXPECT_FALSE(pkp_state.include_subdomains);
6193 #if BUILDFLAG(IS_ANDROID)
6194 // Android's CertVerifyProc does not (yet) handle pins.
6195 #else
6196 EXPECT_FALSE(pkp_state.HasPublicKeyPins());
6197 #endif
6198 }
6199
TEST_F(URLRequestTestHTTP,STSNotProcessedOnIP)6200 TEST_F(URLRequestTestHTTP, STSNotProcessedOnIP) {
6201 EmbeddedTestServer https_test_server(net::EmbeddedTestServer::TYPE_HTTPS);
6202 https_test_server.ServeFilesFromSourceDirectory(
6203 base::FilePath(kTestFilePath));
6204 ASSERT_TRUE(https_test_server.Start());
6205 // Make sure this test fails if the test server is changed to not
6206 // listen on an IP by default.
6207 ASSERT_TRUE(https_test_server.GetURL("/").HostIsIPAddress());
6208 std::string test_server_hostname = https_test_server.GetURL("/").host();
6209
6210 TestDelegate d;
6211 std::unique_ptr<URLRequest> request(default_context().CreateRequest(
6212 https_test_server.GetURL("/hsts-headers.html"), DEFAULT_PRIORITY, &d,
6213 TRAFFIC_ANNOTATION_FOR_TESTS));
6214 request->Start();
6215 d.RunUntilComplete();
6216 TransportSecurityState* security_state =
6217 default_context().transport_security_state();
6218 TransportSecurityState::STSState sts_state;
6219 EXPECT_FALSE(
6220 security_state->GetDynamicSTSState(test_server_hostname, &sts_state));
6221 }
6222
TEST_F(URLRequestTestHTTP,PKPBypassRecorded)6223 TEST_F(URLRequestTestHTTP, PKPBypassRecorded) {
6224 base::test::ScopedFeatureList scoped_feature_list_;
6225 scoped_feature_list_.InitAndEnableFeature(
6226 net::features::kStaticKeyPinningEnforcement);
6227 EmbeddedTestServer https_test_server(net::EmbeddedTestServer::TYPE_HTTPS);
6228 https_test_server.SetSSLConfig(
6229 net::EmbeddedTestServer::CERT_COMMON_NAME_IS_DOMAIN);
6230 https_test_server.ServeFilesFromSourceDirectory(
6231 base::FilePath(kTestFilePath));
6232 ASSERT_TRUE(https_test_server.Start());
6233
6234 // Set up a MockCertVerifier to be a local root that violates the pin
6235 scoped_refptr<X509Certificate> cert = https_test_server.GetCertificate();
6236 ASSERT_TRUE(cert);
6237
6238 CertVerifyResult verify_result;
6239 verify_result.verified_cert = cert;
6240 verify_result.is_issued_by_known_root = false;
6241 HashValue hash;
6242 ASSERT_TRUE(
6243 hash.FromString("sha256/1111111111111111111111111111111111111111111="));
6244 verify_result.public_key_hashes.push_back(hash);
6245 auto cert_verifier = std::make_unique<MockCertVerifier>();
6246 cert_verifier->AddResultForCert(cert.get(), verify_result, OK);
6247
6248 std::string test_server_hostname = "www.example.org";
6249
6250 SetTransportSecurityStateSourceForTesting(&test_default::kHSTSSource);
6251
6252 auto context_builder = CreateTestURLRequestContextBuilder();
6253 context_builder->SetCertVerifier(std::move(cert_verifier));
6254 auto context = context_builder->Build();
6255 context->transport_security_state()->EnableStaticPinsForTesting();
6256 context->transport_security_state()->SetPinningListAlwaysTimelyForTesting(
6257 true);
6258
6259 TestDelegate d;
6260 std::unique_ptr<URLRequest> request(context->CreateRequest(
6261 https_test_server.GetURL(test_server_hostname, "/simple.html"),
6262 DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
6263 request->set_isolation_info(IsolationInfo::CreateTransient());
6264 request->Start();
6265 d.RunUntilComplete();
6266
6267 // Check that the request succeeded and that PKP was bypassed.
6268 EXPECT_EQ(OK, d.request_status());
6269 TransportSecurityState::PKPState pkp_state;
6270 EXPECT_TRUE(context->transport_security_state()->GetStaticPKPState(
6271 test_server_hostname, &pkp_state));
6272 EXPECT_TRUE(pkp_state.HasPublicKeyPins());
6273 EXPECT_TRUE(request->ssl_info().pkp_bypassed);
6274 }
6275
TEST_F(URLRequestTestHTTP,ProcessSTSOnce)6276 TEST_F(URLRequestTestHTTP, ProcessSTSOnce) {
6277 EmbeddedTestServer https_test_server(net::EmbeddedTestServer::TYPE_HTTPS);
6278 https_test_server.SetSSLConfig(
6279 net::EmbeddedTestServer::CERT_COMMON_NAME_IS_DOMAIN);
6280 https_test_server.ServeFilesFromSourceDirectory(
6281 base::FilePath(kTestFilePath));
6282 ASSERT_TRUE(https_test_server.Start());
6283
6284 std::string test_server_hostname = https_test_server.GetURL("/").host();
6285
6286 TestDelegate d;
6287 std::unique_ptr<URLRequest> request(default_context().CreateRequest(
6288 https_test_server.GetURL("/hsts-multiple-headers.html"), DEFAULT_PRIORITY,
6289 &d, TRAFFIC_ANNOTATION_FOR_TESTS));
6290 request->Start();
6291 d.RunUntilComplete();
6292
6293 // We should have set parameters from the first header, not the second.
6294 TransportSecurityState* security_state =
6295 default_context().transport_security_state();
6296 TransportSecurityState::STSState sts_state;
6297 EXPECT_TRUE(
6298 security_state->GetDynamicSTSState(test_server_hostname, &sts_state));
6299 EXPECT_EQ(TransportSecurityState::STSState::MODE_FORCE_HTTPS,
6300 sts_state.upgrade_mode);
6301 EXPECT_FALSE(sts_state.include_subdomains);
6302 EXPECT_FALSE(sts_state.include_subdomains);
6303 }
6304
6305 #endif // !BUILDFLAG(IS_IOS)
6306
6307 #if BUILDFLAG(ENABLE_REPORTING)
6308
TEST_F(URLRequestTestHTTP,NetworkErrorLogging_DontReportIfNetworkNotAccessed)6309 TEST_F(URLRequestTestHTTP, NetworkErrorLogging_DontReportIfNetworkNotAccessed) {
6310 EmbeddedTestServer https_test_server(net::EmbeddedTestServer::TYPE_HTTPS);
6311 RegisterDefaultHandlers(&https_test_server);
6312 ASSERT_TRUE(https_test_server.Start());
6313 GURL request_url = https_test_server.GetURL("/cachetime");
6314
6315 auto context_builder = CreateTestURLRequestContextBuilder();
6316 context_builder->set_network_error_logging_enabled(true);
6317 auto& nel_service = *context_builder->SetNetworkErrorLoggingServiceForTesting(
6318 std::make_unique<TestNetworkErrorLoggingService>());
6319 auto context = context_builder->Build();
6320
6321 // Populate the cache.
6322 TestDelegate d;
6323 std::unique_ptr<URLRequest> request(context->CreateRequest(
6324 request_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
6325 request->set_isolation_info(isolation_info1_);
6326 request->Start();
6327 d.RunUntilComplete();
6328
6329 ASSERT_EQ(1u, nel_service.errors().size());
6330 const TestNetworkErrorLoggingService::RequestDetails& error =
6331 nel_service.errors()[0];
6332 EXPECT_EQ(request_url, error.uri);
6333 EXPECT_EQ(200, error.status_code);
6334 EXPECT_EQ(OK, error.type);
6335
6336 request = context->CreateRequest(request_url, DEFAULT_PRIORITY, &d,
6337 TRAFFIC_ANNOTATION_FOR_TESTS);
6338 request->set_isolation_info(isolation_info1_);
6339 request->Start();
6340 d.RunUntilComplete();
6341
6342 EXPECT_FALSE(request->response_info().network_accessed);
6343 EXPECT_TRUE(request->response_info().was_cached);
6344 // No additional NEL report was generated.
6345 EXPECT_EQ(1u, nel_service.errors().size());
6346 }
6347
TEST_F(URLRequestTestHTTP,NetworkErrorLogging_BasicSuccess)6348 TEST_F(URLRequestTestHTTP, NetworkErrorLogging_BasicSuccess) {
6349 EmbeddedTestServer https_test_server(net::EmbeddedTestServer::TYPE_HTTPS);
6350 https_test_server.ServeFilesFromSourceDirectory(
6351 base::FilePath(kTestFilePath));
6352 ASSERT_TRUE(https_test_server.Start());
6353 GURL request_url = https_test_server.GetURL("/simple.html");
6354
6355 auto context_builder = CreateTestURLRequestContextBuilder();
6356 context_builder->set_network_error_logging_enabled(true);
6357 auto& nel_service = *context_builder->SetNetworkErrorLoggingServiceForTesting(
6358 std::make_unique<TestNetworkErrorLoggingService>());
6359 auto context = context_builder->Build();
6360
6361 TestDelegate d;
6362 std::unique_ptr<URLRequest> request(context->CreateRequest(
6363 request_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
6364 request->Start();
6365 d.RunUntilComplete();
6366
6367 ASSERT_EQ(1u, nel_service.errors().size());
6368 const TestNetworkErrorLoggingService::RequestDetails& error =
6369 nel_service.errors()[0];
6370 EXPECT_EQ(request_url, error.uri);
6371 EXPECT_EQ(200, error.status_code);
6372 EXPECT_EQ(OK, error.type);
6373 }
6374
TEST_F(URLRequestTestHTTP,NetworkErrorLogging_BasicError)6375 TEST_F(URLRequestTestHTTP, NetworkErrorLogging_BasicError) {
6376 EmbeddedTestServer https_test_server(net::EmbeddedTestServer::TYPE_HTTPS);
6377 RegisterDefaultHandlers(&https_test_server);
6378 ASSERT_TRUE(https_test_server.Start());
6379 GURL request_url = https_test_server.GetURL("/close-socket");
6380
6381 auto context_builder = CreateTestURLRequestContextBuilder();
6382 context_builder->set_network_error_logging_enabled(true);
6383 auto& nel_service = *context_builder->SetNetworkErrorLoggingServiceForTesting(
6384 std::make_unique<TestNetworkErrorLoggingService>());
6385 auto context = context_builder->Build();
6386
6387 TestDelegate d;
6388 std::unique_ptr<URLRequest> request(context->CreateRequest(
6389 request_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
6390 request->Start();
6391 d.RunUntilComplete();
6392
6393 ASSERT_EQ(1u, nel_service.errors().size());
6394 const TestNetworkErrorLoggingService::RequestDetails& error =
6395 nel_service.errors()[0];
6396 EXPECT_EQ(request_url, error.uri);
6397 EXPECT_EQ(0, error.status_code);
6398 EXPECT_EQ(ERR_EMPTY_RESPONSE, error.type);
6399 }
6400
TEST_F(URLRequestTestHTTP,NetworkErrorLogging_Redirect)6401 TEST_F(URLRequestTestHTTP, NetworkErrorLogging_Redirect) {
6402 EmbeddedTestServer https_test_server(net::EmbeddedTestServer::TYPE_HTTPS);
6403 https_test_server.ServeFilesFromSourceDirectory(
6404 base::FilePath(kTestFilePath));
6405 ASSERT_TRUE(https_test_server.Start());
6406 GURL request_url = https_test_server.GetURL("/redirect-test.html");
6407 GURL redirect_url = https_test_server.GetURL("/with-headers.html");
6408
6409 auto context_builder = CreateTestURLRequestContextBuilder();
6410 context_builder->set_network_error_logging_enabled(true);
6411 auto& nel_service = *context_builder->SetNetworkErrorLoggingServiceForTesting(
6412 std::make_unique<TestNetworkErrorLoggingService>());
6413 auto context = context_builder->Build();
6414
6415 TestDelegate d;
6416 std::unique_ptr<URLRequest> request(context->CreateRequest(
6417 request_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
6418 request->Start();
6419 d.RunUntilComplete();
6420
6421 ASSERT_EQ(2u, nel_service.errors().size());
6422 const TestNetworkErrorLoggingService::RequestDetails& error1 =
6423 nel_service.errors()[0];
6424 EXPECT_EQ(request_url, error1.uri);
6425 EXPECT_EQ(302, error1.status_code);
6426 EXPECT_EQ(OK, error1.type);
6427 const TestNetworkErrorLoggingService::RequestDetails& error2 =
6428 nel_service.errors()[1];
6429 EXPECT_EQ(redirect_url, error2.uri);
6430 EXPECT_EQ(200, error2.status_code);
6431 EXPECT_EQ(OK, error2.type);
6432 }
6433
TEST_F(URLRequestTestHTTP,NetworkErrorLogging_RedirectWithoutLocationHeader)6434 TEST_F(URLRequestTestHTTP, NetworkErrorLogging_RedirectWithoutLocationHeader) {
6435 EmbeddedTestServer https_test_server(net::EmbeddedTestServer::TYPE_HTTPS);
6436 https_test_server.ServeFilesFromSourceDirectory(
6437 base::FilePath(kTestFilePath));
6438 ASSERT_TRUE(https_test_server.Start());
6439 GURL request_url = https_test_server.GetURL("/308-without-location-header");
6440
6441 auto context_builder = CreateTestURLRequestContextBuilder();
6442 context_builder->set_network_error_logging_enabled(true);
6443 auto& nel_service = *context_builder->SetNetworkErrorLoggingServiceForTesting(
6444 std::make_unique<TestNetworkErrorLoggingService>());
6445 auto context = context_builder->Build();
6446
6447 TestDelegate d;
6448 std::unique_ptr<URLRequest> request(context->CreateRequest(
6449 request_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
6450 request->Start();
6451 d.RunUntilComplete();
6452
6453 ASSERT_EQ(1u, nel_service.errors().size());
6454 const TestNetworkErrorLoggingService::RequestDetails& error =
6455 nel_service.errors()[0];
6456 EXPECT_EQ(request_url, error.uri);
6457 EXPECT_EQ(308, error.status_code);
6458 // The body of the response was successfully read.
6459 EXPECT_EQ(OK, error.type);
6460 }
6461
TEST_F(URLRequestTestHTTP,NetworkErrorLogging_Auth)6462 TEST_F(URLRequestTestHTTP, NetworkErrorLogging_Auth) {
6463 EmbeddedTestServer https_test_server(net::EmbeddedTestServer::TYPE_HTTPS);
6464 RegisterDefaultHandlers(&https_test_server);
6465 ASSERT_TRUE(https_test_server.Start());
6466 GURL request_url = https_test_server.GetURL("/auth-basic");
6467
6468 auto context_builder = CreateTestURLRequestContextBuilder();
6469 context_builder->set_network_error_logging_enabled(true);
6470 auto& nel_service = *context_builder->SetNetworkErrorLoggingServiceForTesting(
6471 std::make_unique<TestNetworkErrorLoggingService>());
6472 auto context = context_builder->Build();
6473
6474 TestDelegate d;
6475 d.set_credentials(AuthCredentials(kUser, kSecret));
6476 std::unique_ptr<URLRequest> request(context->CreateRequest(
6477 request_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
6478 request->Start();
6479 d.RunUntilComplete();
6480
6481 ASSERT_EQ(2u, nel_service.errors().size());
6482 const TestNetworkErrorLoggingService::RequestDetails& error1 =
6483 nel_service.errors()[0];
6484 EXPECT_EQ(request_url, error1.uri);
6485 EXPECT_EQ(401, error1.status_code);
6486 EXPECT_EQ(OK, error1.type);
6487 const TestNetworkErrorLoggingService::RequestDetails& error2 =
6488 nel_service.errors()[1];
6489 EXPECT_EQ(request_url, error2.uri);
6490 EXPECT_EQ(200, error2.status_code);
6491 EXPECT_EQ(OK, error2.type);
6492 }
6493
TEST_F(URLRequestTestHTTP,NetworkErrorLogging_304Response)6494 TEST_F(URLRequestTestHTTP, NetworkErrorLogging_304Response) {
6495 EmbeddedTestServer https_test_server(net::EmbeddedTestServer::TYPE_HTTPS);
6496 RegisterDefaultHandlers(&https_test_server);
6497 ASSERT_TRUE(https_test_server.Start());
6498 GURL request_url = https_test_server.GetURL("/auth-basic");
6499
6500 auto context_builder = CreateTestURLRequestContextBuilder();
6501 context_builder->set_network_error_logging_enabled(true);
6502 auto& nel_service = *context_builder->SetNetworkErrorLoggingServiceForTesting(
6503 std::make_unique<TestNetworkErrorLoggingService>());
6504 auto context = context_builder->Build();
6505
6506 // populate the cache
6507 {
6508 TestDelegate d;
6509 d.set_credentials(AuthCredentials(kUser, kSecret));
6510 std::unique_ptr<URLRequest> r(context->CreateRequest(
6511 request_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
6512 r->set_isolation_info(isolation_info1_);
6513 r->Start();
6514 d.RunUntilComplete();
6515 }
6516 ASSERT_EQ(2u, nel_service.errors().size());
6517 const TestNetworkErrorLoggingService::RequestDetails& error1 =
6518 nel_service.errors()[0];
6519 EXPECT_EQ(request_url, error1.uri);
6520 EXPECT_EQ(401, error1.status_code);
6521 EXPECT_EQ(OK, error1.type);
6522 const TestNetworkErrorLoggingService::RequestDetails& error2 =
6523 nel_service.errors()[1];
6524 EXPECT_EQ(request_url, error2.uri);
6525 EXPECT_EQ(200, error2.status_code);
6526 EXPECT_EQ(OK, error2.type);
6527
6528 // repeat request with end-to-end validation. since auth-basic results in a
6529 // cachable page, we expect this test to result in a 304. in which case, the
6530 // response should be fetched from the cache.
6531 {
6532 TestDelegate d;
6533 d.set_credentials(AuthCredentials(kUser, kSecret));
6534 std::unique_ptr<URLRequest> r(context->CreateRequest(
6535 request_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
6536 r->SetLoadFlags(LOAD_VALIDATE_CACHE);
6537 r->set_isolation_info(isolation_info1_);
6538 r->Start();
6539 d.RunUntilComplete();
6540
6541 // Should be the same cached document.
6542 EXPECT_TRUE(r->was_cached());
6543 }
6544 ASSERT_EQ(3u, nel_service.errors().size());
6545 const TestNetworkErrorLoggingService::RequestDetails& error3 =
6546 nel_service.errors()[2];
6547 EXPECT_EQ(request_url, error3.uri);
6548 EXPECT_EQ(304, error3.status_code);
6549 EXPECT_EQ(OK, error3.type);
6550 }
6551
TEST_F(URLRequestTestHTTP,NetworkErrorLogging_CancelInResponseStarted)6552 TEST_F(URLRequestTestHTTP, NetworkErrorLogging_CancelInResponseStarted) {
6553 EmbeddedTestServer https_test_server(net::EmbeddedTestServer::TYPE_HTTPS);
6554 https_test_server.ServeFilesFromSourceDirectory(
6555 base::FilePath(kTestFilePath));
6556 ASSERT_TRUE(https_test_server.Start());
6557 GURL request_url = https_test_server.GetURL("/simple.html");
6558
6559 auto context_builder = CreateTestURLRequestContextBuilder();
6560 context_builder->set_network_error_logging_enabled(true);
6561 auto& nel_service = *context_builder->SetNetworkErrorLoggingServiceForTesting(
6562 std::make_unique<TestNetworkErrorLoggingService>());
6563 auto context = context_builder->Build();
6564
6565 TestDelegate d;
6566 d.set_cancel_in_response_started(true);
6567 std::unique_ptr<URLRequest> request(context->CreateRequest(
6568 request_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
6569 request->Start();
6570 d.RunUntilComplete();
6571
6572 ASSERT_EQ(1u, nel_service.errors().size());
6573 const TestNetworkErrorLoggingService::RequestDetails& error =
6574 nel_service.errors()[0];
6575 EXPECT_EQ(request_url, error.uri);
6576 EXPECT_EQ(200, error.status_code);
6577 // Headers were received and the body should have been read but was not.
6578 EXPECT_EQ(ERR_ABORTED, error.type);
6579 }
6580
TEST_F(URLRequestTestHTTP,NetworkErrorLogging_CancelOnDataReceived)6581 TEST_F(URLRequestTestHTTP, NetworkErrorLogging_CancelOnDataReceived) {
6582 EmbeddedTestServer https_test_server(net::EmbeddedTestServer::TYPE_HTTPS);
6583 https_test_server.ServeFilesFromSourceDirectory(
6584 base::FilePath(kTestFilePath));
6585 ASSERT_TRUE(https_test_server.Start());
6586 GURL request_url = https_test_server.GetURL("/simple.html");
6587
6588 auto context_builder = CreateTestURLRequestContextBuilder();
6589 context_builder->set_network_error_logging_enabled(true);
6590 auto& nel_service = *context_builder->SetNetworkErrorLoggingServiceForTesting(
6591 std::make_unique<TestNetworkErrorLoggingService>());
6592 auto context = context_builder->Build();
6593
6594 TestDelegate d;
6595 d.set_cancel_in_received_data(true);
6596 std::unique_ptr<URLRequest> request(context->CreateRequest(
6597 request_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
6598 request->Start();
6599 d.RunUntilComplete();
6600
6601 ASSERT_EQ(1u, nel_service.errors().size());
6602 const TestNetworkErrorLoggingService::RequestDetails& error =
6603 nel_service.errors()[0];
6604 EXPECT_EQ(request_url, error.uri);
6605 EXPECT_EQ(200, error.status_code);
6606 // Data was received but the body was not completely read.
6607 EXPECT_EQ(ERR_ABORTED, error.type);
6608 }
6609
TEST_F(URLRequestTestHTTP,NetworkErrorLogging_CancelRedirect)6610 TEST_F(URLRequestTestHTTP, NetworkErrorLogging_CancelRedirect) {
6611 EmbeddedTestServer https_test_server(net::EmbeddedTestServer::TYPE_HTTPS);
6612 https_test_server.ServeFilesFromSourceDirectory(
6613 base::FilePath(kTestFilePath));
6614 ASSERT_TRUE(https_test_server.Start());
6615 GURL request_url = https_test_server.GetURL("/redirect-test.html");
6616
6617 auto context_builder = CreateTestURLRequestContextBuilder();
6618 context_builder->set_network_error_logging_enabled(true);
6619 auto& nel_service = *context_builder->SetNetworkErrorLoggingServiceForTesting(
6620 std::make_unique<TestNetworkErrorLoggingService>());
6621 auto context = context_builder->Build();
6622
6623 TestDelegate d;
6624 d.set_cancel_in_received_redirect(true);
6625 std::unique_ptr<URLRequest> request(context->CreateRequest(
6626 request_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
6627 request->Start();
6628 d.RunUntilComplete();
6629
6630 ASSERT_EQ(1u, nel_service.errors().size());
6631 const TestNetworkErrorLoggingService::RequestDetails& error =
6632 nel_service.errors()[0];
6633 EXPECT_EQ(request_url, error.uri);
6634 EXPECT_EQ(302, error.status_code);
6635 // A valid HTTP response was received, even though the request was cancelled.
6636 EXPECT_EQ(OK, error.type);
6637 }
6638
6639 #endif // BUILDFLAG(ENABLE_REPORTING)
6640
TEST_F(URLRequestTestHTTP,ContentTypeNormalizationTest)6641 TEST_F(URLRequestTestHTTP, ContentTypeNormalizationTest) {
6642 ASSERT_TRUE(http_test_server()->Start());
6643
6644 TestDelegate d;
6645 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
6646 http_test_server()->GetURL("/content-type-normalization.html"),
6647 DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
6648 req->Start();
6649 d.RunUntilComplete();
6650
6651 std::string mime_type;
6652 req->GetMimeType(&mime_type);
6653 EXPECT_EQ("text/html", mime_type);
6654
6655 std::string charset;
6656 req->GetCharset(&charset);
6657 EXPECT_EQ("utf-8", charset);
6658 req->Cancel();
6659 }
6660
TEST_F(URLRequestTestHTTP,FileRedirect)6661 TEST_F(URLRequestTestHTTP, FileRedirect) {
6662 ASSERT_TRUE(http_test_server()->Start());
6663
6664 TestDelegate d;
6665 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
6666 http_test_server()->GetURL("/redirect-to-file.html"), DEFAULT_PRIORITY,
6667 &d, TRAFFIC_ANNOTATION_FOR_TESTS));
6668 req->Start();
6669 d.RunUntilComplete();
6670
6671 EXPECT_EQ(ERR_UNKNOWN_URL_SCHEME, d.request_status());
6672 EXPECT_EQ(1, d.received_redirect_count());
6673 }
6674
TEST_F(URLRequestTestHTTP,DataRedirect)6675 TEST_F(URLRequestTestHTTP, DataRedirect) {
6676 ASSERT_TRUE(http_test_server()->Start());
6677
6678 TestDelegate d;
6679 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
6680 http_test_server()->GetURL("/redirect-to-data.html"), DEFAULT_PRIORITY,
6681 &d, TRAFFIC_ANNOTATION_FOR_TESTS));
6682 req->Start();
6683 d.RunUntilComplete();
6684
6685 EXPECT_EQ(ERR_UNKNOWN_URL_SCHEME, d.request_status());
6686 EXPECT_EQ(1, d.received_redirect_count());
6687 }
6688
TEST_F(URLRequestTestHTTP,RestrictUnsafeRedirect)6689 TEST_F(URLRequestTestHTTP, RestrictUnsafeRedirect) {
6690 ASSERT_TRUE(http_test_server()->Start());
6691
6692 TestDelegate d;
6693 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
6694 http_test_server()->GetURL(
6695 "/server-redirect?unsafe://here-there-be-dragons"),
6696 DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
6697 req->Start();
6698 d.RunUntilComplete();
6699
6700 EXPECT_EQ(ERR_UNSAFE_REDIRECT, d.request_status());
6701
6702 // The redirect should have been rejected before reporting it to the
6703 // caller. See https://crbug.com/723796
6704 EXPECT_EQ(0, d.received_redirect_count());
6705 }
6706
6707 // Test that redirects to invalid URLs are rejected. See
6708 // https://crbug.com/462272.
TEST_F(URLRequestTestHTTP,RedirectToInvalidURL)6709 TEST_F(URLRequestTestHTTP, RedirectToInvalidURL) {
6710 ASSERT_TRUE(http_test_server()->Start());
6711
6712 TestDelegate d;
6713 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
6714 http_test_server()->GetURL("/redirect-to-invalid-url.html"),
6715 DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
6716 req->Start();
6717 d.RunUntilComplete();
6718
6719 EXPECT_EQ(1, d.response_started_count());
6720 EXPECT_EQ(ERR_INVALID_REDIRECT, d.request_status());
6721
6722 // The redirect should have been rejected before reporting it to the caller.
6723 EXPECT_EQ(0, d.received_redirect_count());
6724 }
6725
6726 // Make sure redirects are cached, despite not reading their bodies.
TEST_F(URLRequestTestHTTP,CacheRedirect)6727 TEST_F(URLRequestTestHTTP, CacheRedirect) {
6728 ASSERT_TRUE(http_test_server()->Start());
6729 GURL redirect_url =
6730 http_test_server()->GetURL("/redirect302-to-echo-cacheable");
6731
6732 {
6733 TestDelegate d;
6734 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
6735 redirect_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
6736 req->set_isolation_info(isolation_info1_);
6737 req->Start();
6738 d.RunUntilComplete();
6739 EXPECT_EQ(OK, d.request_status());
6740 EXPECT_EQ(1, d.received_redirect_count());
6741 EXPECT_EQ(http_test_server()->GetURL("/echo"), req->url());
6742 }
6743
6744 {
6745 TestDelegate d;
6746 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
6747 redirect_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
6748 req->set_isolation_info(isolation_info1_);
6749 req->Start();
6750 d.RunUntilRedirect();
6751
6752 EXPECT_EQ(1, d.received_redirect_count());
6753 EXPECT_EQ(0, d.response_started_count());
6754 EXPECT_TRUE(req->was_cached());
6755
6756 req->FollowDeferredRedirect(std::nullopt /* removed_headers */,
6757 std::nullopt /* modified_headers */);
6758 d.RunUntilComplete();
6759 EXPECT_EQ(1, d.received_redirect_count());
6760 EXPECT_EQ(1, d.response_started_count());
6761 EXPECT_EQ(OK, d.request_status());
6762 EXPECT_EQ(http_test_server()->GetURL("/echo"), req->url());
6763 }
6764 }
6765
6766 // Make sure a request isn't cached when a NetworkDelegate forces a redirect
6767 // when the headers are read, since the body won't have been read.
TEST_F(URLRequestTestHTTP,NoCacheOnNetworkDelegateRedirect)6768 TEST_F(URLRequestTestHTTP, NoCacheOnNetworkDelegateRedirect) {
6769 ASSERT_TRUE(http_test_server()->Start());
6770 // URL that is normally cached.
6771 GURL initial_url = http_test_server()->GetURL("/cachetime");
6772
6773 {
6774 // Set up the TestNetworkDelegate tp force a redirect.
6775 GURL redirect_to_url = http_test_server()->GetURL("/echo");
6776 default_network_delegate().set_redirect_on_headers_received_url(
6777 redirect_to_url);
6778
6779 TestDelegate d;
6780 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
6781 initial_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
6782 req->Start();
6783 d.RunUntilComplete();
6784 EXPECT_EQ(OK, d.request_status());
6785 EXPECT_EQ(1, d.received_redirect_count());
6786 EXPECT_EQ(redirect_to_url, req->url());
6787 }
6788
6789 {
6790 TestDelegate d;
6791 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
6792 initial_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
6793 req->Start();
6794 d.RunUntilComplete();
6795
6796 EXPECT_EQ(OK, d.request_status());
6797 EXPECT_FALSE(req->was_cached());
6798 EXPECT_EQ(0, d.received_redirect_count());
6799 EXPECT_EQ(initial_url, req->url());
6800 }
6801 }
6802
6803 // Check that |preserve_fragment_on_redirect_url| is respected.
TEST_F(URLRequestTestHTTP,PreserveFragmentOnRedirectUrl)6804 TEST_F(URLRequestTestHTTP, PreserveFragmentOnRedirectUrl) {
6805 ASSERT_TRUE(http_test_server()->Start());
6806
6807 GURL original_url(http_test_server()->GetURL("/original#fragment1"));
6808 GURL preserve_fragement_url(http_test_server()->GetURL("/echo"));
6809
6810 default_network_delegate().set_redirect_on_headers_received_url(
6811 preserve_fragement_url);
6812 default_network_delegate().set_preserve_fragment_on_redirect_url(
6813 preserve_fragement_url);
6814
6815 TestDelegate d;
6816 {
6817 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
6818 original_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
6819
6820 r->Start();
6821 d.RunUntilComplete();
6822
6823 EXPECT_EQ(2U, r->url_chain().size());
6824 EXPECT_EQ(OK, d.request_status());
6825 EXPECT_EQ(original_url, r->original_url());
6826 EXPECT_EQ(preserve_fragement_url, r->url());
6827 }
6828 }
6829
6830 // Check that |preserve_fragment_on_redirect_url| has no effect when it doesn't
6831 // match the URL being redirected to.
TEST_F(URLRequestTestHTTP,PreserveFragmentOnRedirectUrlMismatch)6832 TEST_F(URLRequestTestHTTP, PreserveFragmentOnRedirectUrlMismatch) {
6833 ASSERT_TRUE(http_test_server()->Start());
6834
6835 GURL original_url(http_test_server()->GetURL("/original#fragment1"));
6836 GURL preserve_fragement_url(http_test_server()->GetURL("/echo#fragment2"));
6837 GURL redirect_url(http_test_server()->GetURL("/echo"));
6838 GURL expected_url(http_test_server()->GetURL("/echo#fragment1"));
6839
6840 default_network_delegate().set_redirect_on_headers_received_url(redirect_url);
6841 default_network_delegate().set_preserve_fragment_on_redirect_url(
6842 preserve_fragement_url);
6843
6844 TestDelegate d;
6845 {
6846 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
6847 original_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
6848
6849 r->Start();
6850 d.RunUntilComplete();
6851
6852 EXPECT_EQ(2U, r->url_chain().size());
6853 EXPECT_EQ(OK, d.request_status());
6854 EXPECT_EQ(original_url, r->original_url());
6855 EXPECT_EQ(expected_url, r->url());
6856 }
6857 }
6858
6859 // When a URLRequestRedirectJob is created, the redirection must be followed and
6860 // the reference fragment of the target URL must not be modified.
TEST_F(URLRequestTestHTTP,RedirectJobWithReferenceFragment)6861 TEST_F(URLRequestTestHTTP, RedirectJobWithReferenceFragment) {
6862 ASSERT_TRUE(http_test_server()->Start());
6863
6864 GURL original_url(
6865 http_test_server()->GetURL("/original#should-not-be-appended"));
6866 GURL redirect_url(http_test_server()->GetURL("/echo"));
6867
6868 TestDelegate d;
6869 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
6870 original_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
6871
6872 std::unique_ptr<URLRequestRedirectJob> job =
6873 std::make_unique<URLRequestRedirectJob>(
6874 r.get(), redirect_url, RedirectUtil::ResponseCode::REDIRECT_302_FOUND,
6875 "Very Good Reason");
6876 TestScopedURLInterceptor interceptor(r->url(), std::move(job));
6877
6878 r->Start();
6879 d.RunUntilComplete();
6880
6881 EXPECT_EQ(OK, d.request_status());
6882 EXPECT_EQ(original_url, r->original_url());
6883 EXPECT_EQ(redirect_url, r->url());
6884 }
6885
TEST_F(URLRequestTestHTTP,UnsupportedReferrerScheme)6886 TEST_F(URLRequestTestHTTP, UnsupportedReferrerScheme) {
6887 ASSERT_TRUE(http_test_server()->Start());
6888
6889 const std::string referrer("foobar://totally.legit.referrer");
6890 TestDelegate d;
6891 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
6892 http_test_server()->GetURL("/echoheader?Referer"), DEFAULT_PRIORITY, &d,
6893 TRAFFIC_ANNOTATION_FOR_TESTS));
6894 req->SetReferrer(referrer);
6895 req->Start();
6896 d.RunUntilComplete();
6897
6898 EXPECT_EQ(std::string("None"), d.data_received());
6899 }
6900
TEST_F(URLRequestTestHTTP,NoUserPassInReferrer)6901 TEST_F(URLRequestTestHTTP, NoUserPassInReferrer) {
6902 ASSERT_TRUE(http_test_server()->Start());
6903
6904 TestDelegate d;
6905 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
6906 http_test_server()->GetURL("/echoheader?Referer"), DEFAULT_PRIORITY, &d,
6907 TRAFFIC_ANNOTATION_FOR_TESTS));
6908 req->SetReferrer("http://user:[email protected]/");
6909 req->Start();
6910 d.RunUntilComplete();
6911
6912 EXPECT_EQ(std::string("http://foo.com/"), d.data_received());
6913 }
6914
TEST_F(URLRequestTestHTTP,NoFragmentInReferrer)6915 TEST_F(URLRequestTestHTTP, NoFragmentInReferrer) {
6916 ASSERT_TRUE(http_test_server()->Start());
6917
6918 TestDelegate d;
6919 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
6920 http_test_server()->GetURL("/echoheader?Referer"), DEFAULT_PRIORITY, &d,
6921 TRAFFIC_ANNOTATION_FOR_TESTS));
6922 req->SetReferrer("http://foo.com/test#fragment");
6923 req->Start();
6924 d.RunUntilComplete();
6925
6926 EXPECT_EQ(std::string("http://foo.com/test"), d.data_received());
6927 }
6928
TEST_F(URLRequestTestHTTP,EmptyReferrerAfterValidReferrer)6929 TEST_F(URLRequestTestHTTP, EmptyReferrerAfterValidReferrer) {
6930 ASSERT_TRUE(http_test_server()->Start());
6931
6932 TestDelegate d;
6933 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
6934 http_test_server()->GetURL("/echoheader?Referer"), DEFAULT_PRIORITY, &d,
6935 TRAFFIC_ANNOTATION_FOR_TESTS));
6936 req->SetReferrer("http://foo.com/test#fragment");
6937 req->SetReferrer("");
6938 req->Start();
6939 d.RunUntilComplete();
6940
6941 EXPECT_EQ(std::string("None"), d.data_received());
6942 }
6943
TEST_F(URLRequestTestHTTP,CapRefererHeaderLength)6944 TEST_F(URLRequestTestHTTP, CapRefererHeaderLength) {
6945 ASSERT_TRUE(http_test_server()->Start());
6946
6947 // Verify that referrers over 4k are stripped to an origin, and referrers at
6948 // or under 4k are unmodified.
6949 {
6950 std::string original_header = "http://example.com/";
6951 original_header.resize(4097, 'a');
6952
6953 TestDelegate d;
6954 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
6955 http_test_server()->GetURL("/echoheader?Referer"), DEFAULT_PRIORITY, &d,
6956 TRAFFIC_ANNOTATION_FOR_TESTS));
6957 req->SetReferrer(original_header);
6958 req->Start();
6959 d.RunUntilComplete();
6960
6961 // The request's referrer will be stripped since (1) there will be a
6962 // mismatch between the request's referrer and the output of
6963 // URLRequestJob::ComputeReferrerForPolicy and (2) the delegate, when
6964 // offered the opportunity to cancel the request for this reason, will
6965 // decline.
6966 EXPECT_EQ("None", d.data_received());
6967 }
6968 {
6969 std::string original_header = "http://example.com/";
6970 original_header.resize(4096, 'a');
6971
6972 TestDelegate d;
6973 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
6974 http_test_server()->GetURL("/echoheader?Referer"), DEFAULT_PRIORITY, &d,
6975 TRAFFIC_ANNOTATION_FOR_TESTS));
6976 req->SetReferrer(original_header);
6977 req->Start();
6978 d.RunUntilComplete();
6979
6980 EXPECT_EQ(original_header, d.data_received());
6981 }
6982 {
6983 std::string original_header = "http://example.com/";
6984 original_header.resize(4095, 'a');
6985
6986 TestDelegate d;
6987 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
6988 http_test_server()->GetURL("/echoheader?Referer"), DEFAULT_PRIORITY, &d,
6989 TRAFFIC_ANNOTATION_FOR_TESTS));
6990 req->SetReferrer(original_header);
6991 req->Start();
6992 d.RunUntilComplete();
6993
6994 EXPECT_EQ(original_header, d.data_received());
6995 }
6996 }
6997
TEST_F(URLRequestTestHTTP,CancelRedirect)6998 TEST_F(URLRequestTestHTTP, CancelRedirect) {
6999 ASSERT_TRUE(http_test_server()->Start());
7000
7001 TestDelegate d;
7002 {
7003 d.set_cancel_in_received_redirect(true);
7004 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
7005 http_test_server()->GetURL("/redirect-test.html"), DEFAULT_PRIORITY, &d,
7006 TRAFFIC_ANNOTATION_FOR_TESTS));
7007 req->Start();
7008 d.RunUntilComplete();
7009
7010 EXPECT_EQ(1, d.response_started_count());
7011 EXPECT_EQ(0, d.bytes_received());
7012 EXPECT_FALSE(d.received_data_before_response());
7013 EXPECT_EQ(ERR_ABORTED, d.request_status());
7014 }
7015 }
7016
TEST_F(URLRequestTestHTTP,DeferredRedirect)7017 TEST_F(URLRequestTestHTTP, DeferredRedirect) {
7018 ASSERT_TRUE(http_test_server()->Start());
7019
7020 TestDelegate d;
7021 {
7022 GURL test_url(http_test_server()->GetURL("/redirect-test.html"));
7023 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
7024 test_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
7025
7026 req->Start();
7027 d.RunUntilRedirect();
7028
7029 EXPECT_EQ(1, d.received_redirect_count());
7030
7031 req->FollowDeferredRedirect(std::nullopt /* removed_headers */,
7032 std::nullopt /* modified_headers */);
7033 d.RunUntilComplete();
7034
7035 EXPECT_EQ(1, d.response_started_count());
7036 EXPECT_FALSE(d.received_data_before_response());
7037 EXPECT_EQ(OK, d.request_status());
7038
7039 base::FilePath path;
7040 base::PathService::Get(base::DIR_SRC_TEST_DATA_ROOT, &path);
7041 path = path.Append(kTestFilePath);
7042 path = path.Append(FILE_PATH_LITERAL("with-headers.html"));
7043
7044 std::string contents;
7045 EXPECT_TRUE(base::ReadFileToString(path, &contents));
7046 EXPECT_EQ(contents, d.data_received());
7047 }
7048 }
7049
TEST_F(URLRequestTestHTTP,DeferredRedirect_ModifiedHeaders)7050 TEST_F(URLRequestTestHTTP, DeferredRedirect_ModifiedHeaders) {
7051 test_server::HttpRequest http_request;
7052 int num_observed_requests = 0;
7053 http_test_server()->RegisterRequestMonitor(
7054 base::BindLambdaForTesting([&](const test_server::HttpRequest& request) {
7055 http_request = request;
7056 ++num_observed_requests;
7057 }));
7058 ASSERT_TRUE(http_test_server()->Start());
7059
7060 TestDelegate d;
7061 {
7062 GURL test_url(http_test_server()->GetURL("/redirect-test.html"));
7063 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
7064 test_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
7065
7066 // Set initial headers for the request.
7067 req->SetExtraRequestHeaderByName("Header1", "Value1", true /* overwrite */);
7068 req->SetExtraRequestHeaderByName("Header2", "Value2", true /* overwrite */);
7069
7070 req->Start();
7071 d.RunUntilRedirect();
7072
7073 // Initial request should only have initial headers.
7074 EXPECT_EQ(1, d.received_redirect_count());
7075 EXPECT_EQ(1, num_observed_requests);
7076 EXPECT_EQ("Value1", http_request.headers["Header1"]);
7077 EXPECT_EQ("Value2", http_request.headers["Header2"]);
7078 EXPECT_EQ(0u, http_request.headers.count("Header3"));
7079
7080 // Overwrite Header2 and add Header3.
7081 net::HttpRequestHeaders modified_headers;
7082 modified_headers.SetHeader("Header2", "");
7083 modified_headers.SetHeader("Header3", "Value3");
7084
7085 req->FollowDeferredRedirect(std::nullopt /* removed_headers */,
7086 modified_headers);
7087 d.RunUntilComplete();
7088
7089 EXPECT_EQ(1, d.response_started_count());
7090 EXPECT_FALSE(d.received_data_before_response());
7091 EXPECT_EQ(OK, d.request_status());
7092
7093 // Redirected request should also have modified headers.
7094 EXPECT_EQ(2, num_observed_requests);
7095 EXPECT_EQ("Value1", http_request.headers["Header1"]);
7096 EXPECT_EQ(1u, http_request.headers.count("Header2"));
7097 EXPECT_EQ("", http_request.headers["Header2"]);
7098 EXPECT_EQ("Value3", http_request.headers["Header3"]);
7099 }
7100 }
7101
TEST_F(URLRequestTestHTTP,DeferredRedirect_RemovedHeaders)7102 TEST_F(URLRequestTestHTTP, DeferredRedirect_RemovedHeaders) {
7103 test_server::HttpRequest http_request;
7104 int num_observed_requests = 0;
7105 http_test_server()->RegisterRequestMonitor(
7106 base::BindLambdaForTesting([&](const test_server::HttpRequest& request) {
7107 http_request = request;
7108 ++num_observed_requests;
7109 }));
7110 ASSERT_TRUE(http_test_server()->Start());
7111
7112 TestDelegate d;
7113 {
7114 GURL test_url(http_test_server()->GetURL("/redirect-test.html"));
7115 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
7116 test_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
7117
7118 // Set initial headers for the request.
7119 req->SetExtraRequestHeaderByName("Header1", "Value1", true /* overwrite */);
7120 req->SetExtraRequestHeaderByName("Header2", "Value2", true /* overwrite */);
7121
7122 req->Start();
7123 d.RunUntilRedirect();
7124
7125 // Initial request should have initial headers.
7126 EXPECT_EQ(1, d.received_redirect_count());
7127 EXPECT_EQ(1, num_observed_requests);
7128 EXPECT_EQ("Value1", http_request.headers["Header1"]);
7129 EXPECT_EQ("Value2", http_request.headers["Header2"]);
7130
7131 // Keep Header1 and remove Header2.
7132 std::vector<std::string> removed_headers({"Header2"});
7133 req->FollowDeferredRedirect(removed_headers,
7134 std::nullopt /* modified_headers */);
7135 d.RunUntilComplete();
7136
7137 EXPECT_EQ(1, d.response_started_count());
7138 EXPECT_FALSE(d.received_data_before_response());
7139 EXPECT_EQ(OK, d.request_status());
7140
7141 // Redirected request should have modified headers.
7142 EXPECT_EQ(2, num_observed_requests);
7143 EXPECT_EQ("Value1", http_request.headers["Header1"]);
7144 EXPECT_EQ(0u, http_request.headers.count("Header2"));
7145 }
7146 }
7147
TEST_F(URLRequestTestHTTP,CancelDeferredRedirect)7148 TEST_F(URLRequestTestHTTP, CancelDeferredRedirect) {
7149 ASSERT_TRUE(http_test_server()->Start());
7150
7151 TestDelegate d;
7152 {
7153 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
7154 http_test_server()->GetURL("/redirect-test.html"), DEFAULT_PRIORITY, &d,
7155 TRAFFIC_ANNOTATION_FOR_TESTS));
7156 req->Start();
7157 d.RunUntilRedirect();
7158
7159 EXPECT_EQ(1, d.received_redirect_count());
7160
7161 req->Cancel();
7162 d.RunUntilComplete();
7163
7164 EXPECT_EQ(1, d.response_started_count());
7165 EXPECT_EQ(0, d.bytes_received());
7166 EXPECT_FALSE(d.received_data_before_response());
7167 EXPECT_EQ(ERR_ABORTED, d.request_status());
7168 }
7169 }
7170
TEST_F(URLRequestTestHTTP,VaryHeader)7171 TEST_F(URLRequestTestHTTP, VaryHeader) {
7172 ASSERT_TRUE(http_test_server()->Start());
7173
7174 // Populate the cache.
7175 {
7176 TestDelegate d;
7177 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
7178 http_test_server()->GetURL("/echoheadercache?foo"), DEFAULT_PRIORITY,
7179 &d, TRAFFIC_ANNOTATION_FOR_TESTS));
7180 HttpRequestHeaders headers;
7181 headers.SetHeader("foo", "1");
7182 req->SetExtraRequestHeaders(headers);
7183 req->set_isolation_info(isolation_info1_);
7184 req->Start();
7185 d.RunUntilComplete();
7186
7187 LoadTimingInfo load_timing_info;
7188 req->GetLoadTimingInfo(&load_timing_info);
7189 TestLoadTimingNotReused(load_timing_info, CONNECT_TIMING_HAS_DNS_TIMES);
7190 }
7191
7192 // Expect a cache hit.
7193 {
7194 TestDelegate d;
7195 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
7196 http_test_server()->GetURL("/echoheadercache?foo"), DEFAULT_PRIORITY,
7197 &d, TRAFFIC_ANNOTATION_FOR_TESTS));
7198 HttpRequestHeaders headers;
7199 headers.SetHeader("foo", "1");
7200 req->SetExtraRequestHeaders(headers);
7201 req->set_isolation_info(isolation_info1_);
7202 req->Start();
7203 d.RunUntilComplete();
7204
7205 EXPECT_TRUE(req->was_cached());
7206
7207 LoadTimingInfo load_timing_info;
7208 req->GetLoadTimingInfo(&load_timing_info);
7209 TestLoadTimingCacheHitNoNetwork(load_timing_info);
7210 }
7211
7212 // Expect a cache miss.
7213 {
7214 TestDelegate d;
7215 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
7216 http_test_server()->GetURL("/echoheadercache?foo"), DEFAULT_PRIORITY,
7217 &d, TRAFFIC_ANNOTATION_FOR_TESTS));
7218 HttpRequestHeaders headers;
7219 headers.SetHeader("foo", "2");
7220 req->SetExtraRequestHeaders(headers);
7221 req->set_isolation_info(isolation_info1_);
7222 req->Start();
7223 d.RunUntilComplete();
7224
7225 EXPECT_FALSE(req->was_cached());
7226
7227 LoadTimingInfo load_timing_info;
7228 req->GetLoadTimingInfo(&load_timing_info);
7229 TestLoadTimingNotReused(load_timing_info, CONNECT_TIMING_HAS_DNS_TIMES);
7230 }
7231 }
7232
TEST_F(URLRequestTestHTTP,BasicAuth)7233 TEST_F(URLRequestTestHTTP, BasicAuth) {
7234 ASSERT_TRUE(http_test_server()->Start());
7235
7236 // populate the cache
7237 {
7238 TestDelegate d;
7239 d.set_credentials(AuthCredentials(kUser, kSecret));
7240
7241 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
7242 http_test_server()->GetURL("/auth-basic"), DEFAULT_PRIORITY, &d,
7243 TRAFFIC_ANNOTATION_FOR_TESTS));
7244 r->set_isolation_info(isolation_info1_);
7245 r->Start();
7246
7247 d.RunUntilComplete();
7248
7249 EXPECT_TRUE(d.data_received().find("user/secret") != std::string::npos);
7250 }
7251
7252 // repeat request with end-to-end validation. since auth-basic results in a
7253 // cachable page, we expect this test to result in a 304. in which case, the
7254 // response should be fetched from the cache.
7255 {
7256 TestDelegate d;
7257 d.set_credentials(AuthCredentials(kUser, kSecret));
7258
7259 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
7260 http_test_server()->GetURL("/auth-basic"), DEFAULT_PRIORITY, &d,
7261 TRAFFIC_ANNOTATION_FOR_TESTS));
7262 r->SetLoadFlags(LOAD_VALIDATE_CACHE);
7263 r->set_isolation_info(isolation_info1_);
7264 r->Start();
7265
7266 d.RunUntilComplete();
7267
7268 EXPECT_TRUE(d.data_received().find("user/secret") != std::string::npos);
7269
7270 // Should be the same cached document.
7271 EXPECT_TRUE(r->was_cached());
7272 }
7273 }
7274
7275 // Check that Set-Cookie headers in 401 responses are respected.
7276 // http://crbug.com/6450
TEST_F(URLRequestTestHTTP,BasicAuthWithCookies)7277 TEST_F(URLRequestTestHTTP, BasicAuthWithCookies) {
7278 ASSERT_TRUE(http_test_server()->Start());
7279
7280 GURL url_requiring_auth =
7281 http_test_server()->GetURL("/auth-basic?set-cookie-if-challenged");
7282
7283 // Request a page that will give a 401 containing a Set-Cookie header.
7284 // Verify that when the transaction is restarted, it includes the new cookie.
7285 TestDelegate d;
7286 d.set_credentials(AuthCredentials(kUser, kSecret));
7287
7288 std::unique_ptr<URLRequest> r =
7289 CreateFirstPartyRequest(default_context(), url_requiring_auth, &d);
7290 r->Start();
7291
7292 d.RunUntilComplete();
7293
7294 EXPECT_TRUE(d.data_received().find("user/secret") != std::string::npos);
7295
7296 // Make sure we sent the cookie in the restarted transaction.
7297 EXPECT_TRUE(d.data_received().find("Cookie: got_challenged=true") !=
7298 std::string::npos);
7299 }
7300
7301 // Same test as above, except this time the restart is initiated earlier
7302 // (without user intervention since identity is embedded in the URL).
TEST_F(URLRequestTestHTTP,BasicAuthWithCredentialsWithCookies)7303 TEST_F(URLRequestTestHTTP, BasicAuthWithCredentialsWithCookies) {
7304 ASSERT_TRUE(http_test_server()->Start());
7305 GURL url_requiring_auth =
7306 http_test_server()->GetURL("/auth-basic?set-cookie-if-challenged");
7307 GURL::Replacements replacements;
7308 replacements.SetUsernameStr("user2");
7309 replacements.SetPasswordStr("secret");
7310 GURL url_with_identity = url_requiring_auth.ReplaceComponents(replacements);
7311
7312 TestDelegate d;
7313
7314 std::unique_ptr<URLRequest> r =
7315 CreateFirstPartyRequest(default_context(), url_with_identity, &d);
7316 r->Start();
7317
7318 d.RunUntilComplete();
7319
7320 EXPECT_TRUE(d.data_received().find("user2/secret") != std::string::npos);
7321
7322 // Make sure we sent the cookie in the restarted transaction.
7323 EXPECT_TRUE(d.data_received().find("Cookie: got_challenged=true") !=
7324 std::string::npos);
7325 }
7326
TEST_F(URLRequestTestHTTP,BasicAuthWithCookiesCancelAuth)7327 TEST_F(URLRequestTestHTTP, BasicAuthWithCookiesCancelAuth) {
7328 ASSERT_TRUE(http_test_server()->Start());
7329
7330 GURL url_requiring_auth =
7331 http_test_server()->GetURL("/auth-basic?set-cookie-if-challenged");
7332
7333 // Request a page that will give a 401 containing a Set-Cookie header.
7334 // Verify that cookies are set before credentials are provided, and then
7335 // cancelling auth does not result in setting the cookies again.
7336 TestDelegate d;
7337
7338 EXPECT_TRUE(GetAllCookies(&default_context()).empty());
7339
7340 std::unique_ptr<URLRequest> r =
7341 CreateFirstPartyRequest(default_context(), url_requiring_auth, &d);
7342 r->Start();
7343 d.RunUntilAuthRequired();
7344
7345 // Cookie should have been set.
7346 EXPECT_EQ(1, default_network_delegate().set_cookie_count());
7347 CookieList cookies = GetAllCookies(&default_context());
7348 ASSERT_EQ(1u, cookies.size());
7349 EXPECT_EQ("got_challenged", cookies[0].Name());
7350 EXPECT_EQ("true", cookies[0].Value());
7351
7352 // Delete cookie.
7353 default_context().cookie_store()->DeleteAllAsync(
7354 CookieStore::DeleteCallback());
7355
7356 // Cancel auth and continue the request.
7357 r->CancelAuth();
7358 d.RunUntilComplete();
7359 ASSERT_TRUE(r->response_headers());
7360 EXPECT_EQ(401, r->response_headers()->response_code());
7361
7362 // Cookie should not have been set again.
7363 EXPECT_TRUE(GetAllCookies(&default_context()).empty());
7364 EXPECT_EQ(1, default_network_delegate().set_cookie_count());
7365 }
7366
7367 // Tests the IsolationInfo is updated approiately on redirect.
TEST_F(URLRequestTestHTTP,IsolationInfoUpdatedOnRedirect)7368 TEST_F(URLRequestTestHTTP, IsolationInfoUpdatedOnRedirect) {
7369 base::test::ScopedFeatureList feature_list;
7370 feature_list.InitAndEnableFeature(
7371 net::features::kSplitCacheByNetworkIsolationKey);
7372
7373 ASSERT_TRUE(http_test_server()->Start());
7374
7375 GURL redirect_url =
7376 http_test_server()->GetURL("redirected.test", "/cachetime");
7377 GURL original_url = http_test_server()->GetURL(
7378 "original.test", "/server-redirect?" + redirect_url.spec());
7379
7380 url::Origin original_origin = url::Origin::Create(original_url);
7381 url::Origin redirect_origin = url::Origin::Create(redirect_url);
7382
7383 // Since transient IsolationInfos use opaque origins, need to create a single
7384 // consistent transient origin one for be used as the original and updated
7385 // info in the same test case.
7386 IsolationInfo transient_isolation_info = IsolationInfo::CreateTransient();
7387
7388 const struct {
7389 IsolationInfo info_before_redirect;
7390 IsolationInfo expected_info_after_redirect;
7391 } kTestCases[] = {
7392 {IsolationInfo(), IsolationInfo()},
7393 {IsolationInfo::Create(IsolationInfo::RequestType::kMainFrame,
7394 original_origin, original_origin,
7395 SiteForCookies()),
7396 IsolationInfo::Create(IsolationInfo::RequestType::kMainFrame,
7397 redirect_origin, redirect_origin,
7398 SiteForCookies::FromOrigin(redirect_origin))},
7399 {IsolationInfo::Create(IsolationInfo::RequestType::kSubFrame,
7400 original_origin, original_origin,
7401 SiteForCookies::FromOrigin(original_origin)),
7402 IsolationInfo::Create(IsolationInfo::RequestType::kSubFrame,
7403 original_origin, redirect_origin,
7404 SiteForCookies::FromOrigin(original_origin))},
7405 {IsolationInfo::Create(IsolationInfo::RequestType::kOther,
7406 original_origin, original_origin,
7407 SiteForCookies()),
7408 IsolationInfo::Create(IsolationInfo::RequestType::kOther,
7409 original_origin, original_origin,
7410 SiteForCookies())},
7411 {transient_isolation_info, transient_isolation_info},
7412 };
7413
7414 for (const auto& test_case : kTestCases) {
7415 // Populate the cache, using the expected final IsolationInfo.
7416 {
7417 TestDelegate d;
7418
7419 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
7420 redirect_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
7421 r->set_isolation_info(test_case.expected_info_after_redirect);
7422 r->Start();
7423 d.RunUntilComplete();
7424 EXPECT_THAT(d.request_status(), IsOk());
7425 }
7426
7427 // Send a request using the initial IsolationInfo that should be redirected
7428 // to the cached url, and should use the cached entry if the NIK was
7429 // updated, except in the case the IsolationInfo's NIK was empty.
7430 {
7431 TestDelegate d;
7432
7433 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
7434 original_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
7435 r->set_isolation_info(test_case.info_before_redirect);
7436 r->Start();
7437 d.RunUntilComplete();
7438 EXPECT_THAT(d.request_status(), IsOk());
7439 EXPECT_EQ(redirect_url, r->url());
7440
7441 EXPECT_EQ(!test_case.expected_info_after_redirect.network_isolation_key()
7442 .IsTransient(),
7443 r->was_cached());
7444 EXPECT_EQ(test_case.expected_info_after_redirect.request_type(),
7445 r->isolation_info().request_type());
7446 EXPECT_EQ(test_case.expected_info_after_redirect.top_frame_origin(),
7447 r->isolation_info().top_frame_origin());
7448 EXPECT_EQ(test_case.expected_info_after_redirect.frame_origin(),
7449 r->isolation_info().frame_origin());
7450 EXPECT_EQ(test_case.expected_info_after_redirect.network_isolation_key(),
7451 r->isolation_info().network_isolation_key());
7452 EXPECT_TRUE(test_case.expected_info_after_redirect.site_for_cookies()
7453 .IsEquivalent(r->isolation_info().site_for_cookies()));
7454 }
7455 }
7456 }
7457
7458 // Tests that |key_auth_cache_by_network_anonymization_key| is respected.
TEST_F(URLRequestTestHTTP,AuthWithNetworkAnonymizationKey)7459 TEST_F(URLRequestTestHTTP, AuthWithNetworkAnonymizationKey) {
7460 ASSERT_TRUE(http_test_server()->Start());
7461
7462 for (bool key_auth_cache_by_network_anonymization_key : {false, true}) {
7463 auto context_builder = CreateTestURLRequestContextBuilder();
7464 HttpNetworkSessionParams network_session_params;
7465 network_session_params
7466 .key_auth_cache_server_entries_by_network_anonymization_key =
7467 key_auth_cache_by_network_anonymization_key;
7468 context_builder->set_http_network_session_params(network_session_params);
7469 auto context = context_builder->Build();
7470
7471 // Populate the auth cache using one NetworkAnonymizationKey.
7472 {
7473 TestDelegate d;
7474 GURL url(base::StringPrintf(
7475 "http://%s:%s@%s/auth-basic", base::UTF16ToASCII(kUser).c_str(),
7476 base::UTF16ToASCII(kSecret).c_str(),
7477 http_test_server()->host_port_pair().ToString().c_str()));
7478
7479 std::unique_ptr<URLRequest> r(context->CreateRequest(
7480 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
7481 r->SetLoadFlags(LOAD_BYPASS_CACHE);
7482 r->set_isolation_info(isolation_info1_);
7483 r->Start();
7484
7485 d.RunUntilComplete();
7486 EXPECT_THAT(d.request_status(), IsOk());
7487 ASSERT_TRUE(r->response_headers());
7488 EXPECT_EQ(200, r->response_headers()->response_code());
7489 EXPECT_TRUE(d.data_received().find("user/secret") != std::string::npos);
7490 }
7491
7492 // Make a request with another NetworkAnonymizationKey. This may or may not
7493 // use the cached auth credentials, depending on whether or not the
7494 // HttpAuthCache is configured to respect the NetworkAnonymizationKey.
7495 {
7496 TestDelegate d;
7497
7498 std::unique_ptr<URLRequest> r(context->CreateRequest(
7499 http_test_server()->GetURL("/auth-basic"), DEFAULT_PRIORITY, &d,
7500 TRAFFIC_ANNOTATION_FOR_TESTS));
7501 r->SetLoadFlags(LOAD_BYPASS_CACHE);
7502 r->set_isolation_info(isolation_info2_);
7503 r->Start();
7504
7505 d.RunUntilComplete();
7506
7507 EXPECT_THAT(d.request_status(), IsOk());
7508 ASSERT_TRUE(r->response_headers());
7509 if (key_auth_cache_by_network_anonymization_key) {
7510 EXPECT_EQ(401, r->response_headers()->response_code());
7511 } else {
7512 EXPECT_EQ(200, r->response_headers()->response_code());
7513 }
7514
7515 EXPECT_EQ(!key_auth_cache_by_network_anonymization_key,
7516 d.data_received().find("user/secret") != std::string::npos);
7517 }
7518 }
7519 }
7520
TEST_F(URLRequestTest,ReportCookieActivity)7521 TEST_F(URLRequestTest, ReportCookieActivity) {
7522 HttpTestServer test_server;
7523 ASSERT_TRUE(test_server.Start());
7524
7525 RecordingNetLogObserver net_log_observer;
7526 auto context_builder = CreateTestURLRequestContextBuilder();
7527 auto& network_delegate = *context_builder->set_network_delegate(
7528 std::make_unique<FilteringTestNetworkDelegate>());
7529 network_delegate.SetCookieFilter("not_stored_cookie");
7530 network_delegate.set_block_annotate_cookies();
7531 context_builder->set_net_log(net::NetLog::Get());
7532 auto context = context_builder->Build();
7533 // Make sure cookies blocked from being stored are caught, and those that are
7534 // accepted are reported as well.
7535 GURL set_cookie_test_url = test_server.GetURL(
7536 "/set-cookie?not_stored_cookie=true&"
7537 "stored_cookie=tasty"
7538 "&path_cookie=narrow;path=/set-cookie");
7539 {
7540 TestDelegate d;
7541 std::unique_ptr<URLRequest> req =
7542 CreateFirstPartyRequest(*context, set_cookie_test_url, &d);
7543 req->Start();
7544 d.RunUntilComplete();
7545
7546 ASSERT_EQ(3u, req->maybe_stored_cookies().size());
7547 EXPECT_EQ("not_stored_cookie",
7548 req->maybe_stored_cookies()[0].cookie->Name());
7549 EXPECT_TRUE(req->maybe_stored_cookies()[0]
7550 .access_result.status.HasExactlyExclusionReasonsForTesting(
7551 {CookieInclusionStatus::EXCLUDE_USER_PREFERENCES}));
7552 EXPECT_EQ("stored_cookie", req->maybe_stored_cookies()[1].cookie->Name());
7553 EXPECT_TRUE(
7554 req->maybe_stored_cookies()[1].access_result.status.IsInclude());
7555 EXPECT_EQ("stored_cookie", req->maybe_stored_cookies()[1].cookie->Name());
7556 EXPECT_TRUE(
7557 req->maybe_stored_cookies()[2].access_result.status.IsInclude());
7558 EXPECT_EQ("path_cookie", req->maybe_stored_cookies()[2].cookie->Name());
7559 auto entries = net_log_observer.GetEntriesWithType(
7560 NetLogEventType::COOKIE_INCLUSION_STATUS);
7561 EXPECT_EQ(3u, entries.size());
7562 EXPECT_EQ("{\"domain\":\"" + set_cookie_test_url.host() +
7563 "\",\"name\":\"not_stored_cookie\",\"operation\":\"store\","
7564 "\"path\":\"/\",\"status\":\"EXCLUDE_USER_PREFERENCES, "
7565 "DO_NOT_WARN, NO_EXEMPTION\"}",
7566 SerializeNetLogValueToJson(entries[0].params));
7567 EXPECT_EQ(
7568 "{\"domain\":\"" + set_cookie_test_url.host() +
7569 "\",\"name\":\"stored_cookie\",\"operation\":\"store\","
7570 "\"path\":\"/\",\"status\":\"INCLUDE, DO_NOT_WARN, NO_EXEMPTION\"}",
7571 SerializeNetLogValueToJson(entries[1].params));
7572 EXPECT_EQ("{\"domain\":\"" + set_cookie_test_url.host() +
7573 "\",\"name\":\"path_cookie\",\"operation\":\"store\","
7574 "\"path\":\"/set-cookie\",\"status\":\"INCLUDE, DO_NOT_WARN, "
7575 "NO_EXEMPTION\"}",
7576 SerializeNetLogValueToJson(entries[2].params));
7577 net_log_observer.Clear();
7578 }
7579 {
7580 TestDelegate d;
7581 // Make sure cookies blocked from being sent are caught.
7582 GURL test_url = test_server.GetURL("/echoheader?Cookie");
7583 std::unique_ptr<URLRequest> req =
7584 CreateFirstPartyRequest(*context, test_url, &d);
7585 req->Start();
7586 d.RunUntilComplete();
7587
7588 EXPECT_TRUE(d.data_received().find("stored_cookie=tasty") ==
7589 std::string::npos);
7590
7591 ASSERT_EQ(2u, req->maybe_sent_cookies().size());
7592 EXPECT_EQ("path_cookie", req->maybe_sent_cookies()[0].cookie.Name());
7593 EXPECT_TRUE(
7594 req->maybe_sent_cookies()[0]
7595 .access_result.status.HasExactlyExclusionReasonsForTesting(
7596 {net::CookieInclusionStatus::EXCLUDE_NOT_ON_PATH,
7597 net::CookieInclusionStatus::EXCLUDE_USER_PREFERENCES}));
7598 EXPECT_EQ("stored_cookie", req->maybe_sent_cookies()[1].cookie.Name());
7599 EXPECT_TRUE(
7600 req->maybe_sent_cookies()[1]
7601 .access_result.status.HasExactlyExclusionReasonsForTesting(
7602 {net::CookieInclusionStatus::EXCLUDE_USER_PREFERENCES}));
7603 auto entries = net_log_observer.GetEntriesWithType(
7604 NetLogEventType::COOKIE_INCLUSION_STATUS);
7605 EXPECT_EQ(2u, entries.size());
7606 EXPECT_EQ("{\"domain\":\"" + set_cookie_test_url.host() +
7607 "\",\"name\":\"path_cookie\",\"operation\":\"send\",\"path\":"
7608 "\"/set-cookie\",\"status\":\"EXCLUDE_NOT_ON_PATH, "
7609 "EXCLUDE_USER_PREFERENCES, DO_NOT_WARN, NO_EXEMPTION\"}",
7610 SerializeNetLogValueToJson(entries[0].params));
7611 EXPECT_EQ(
7612 "{\"domain\":\"" + set_cookie_test_url.host() +
7613 "\",\"name\":\"stored_cookie\",\"operation\":\"send\",\"path\":\"/"
7614 "\",\"status\":\"EXCLUDE_USER_PREFERENCES, DO_NOT_WARN, "
7615 "NO_EXEMPTION\"}",
7616 SerializeNetLogValueToJson(entries[1].params));
7617 net_log_observer.Clear();
7618 }
7619 {
7620 TestDelegate d;
7621 // Ensure that the log does not contain cookie names when not set to collect
7622 // sensitive data.
7623 net_log_observer.SetObserverCaptureMode(NetLogCaptureMode::kDefault);
7624
7625 GURL test_url = test_server.GetURL("/echoheader?Cookie");
7626 std::unique_ptr<URLRequest> req =
7627 CreateFirstPartyRequest(*context, test_url, &d);
7628 req->Start();
7629 d.RunUntilComplete();
7630
7631 auto entries = net_log_observer.GetEntriesWithType(
7632 NetLogEventType::COOKIE_INCLUSION_STATUS);
7633 EXPECT_EQ(2u, entries.size());
7634
7635 // Ensure that the potentially-sensitive |name|, |domain|, and |path| fields
7636 // are omitted, but other fields are logged as expected.
7637 EXPECT_EQ(
7638 "{\"operation\":\"send\",\"status\":\"EXCLUDE_NOT_ON_PATH, "
7639 "EXCLUDE_USER_PREFERENCES, DO_NOT_WARN, NO_EXEMPTION\"}",
7640 SerializeNetLogValueToJson(entries[0].params));
7641 EXPECT_EQ(
7642 "{\"operation\":\"send\",\"status\":\"EXCLUDE_USER_PREFERENCES, "
7643 "DO_NOT_WARN, NO_EXEMPTION\"}",
7644 SerializeNetLogValueToJson(entries[1].params));
7645
7646 net_log_observer.Clear();
7647 net_log_observer.SetObserverCaptureMode(
7648 NetLogCaptureMode::kIncludeSensitive);
7649 }
7650
7651 network_delegate.unset_block_annotate_cookies();
7652 {
7653 // Now with sending cookies re-enabled, it should actually be sent.
7654 TestDelegate d;
7655 GURL test_url = test_server.GetURL("/echoheader?Cookie");
7656 std::unique_ptr<URLRequest> req =
7657 CreateFirstPartyRequest(*context, test_url, &d);
7658 req->Start();
7659 d.RunUntilComplete();
7660
7661 EXPECT_TRUE(d.data_received().find("stored_cookie=tasty") !=
7662 std::string::npos);
7663
7664 ASSERT_EQ(2u, req->maybe_sent_cookies().size());
7665 EXPECT_EQ("path_cookie", req->maybe_sent_cookies()[0].cookie.Name());
7666 EXPECT_TRUE(req->maybe_sent_cookies()[0]
7667 .access_result.status.HasExactlyExclusionReasonsForTesting(
7668 {net::CookieInclusionStatus::EXCLUDE_NOT_ON_PATH}));
7669 EXPECT_EQ("stored_cookie", req->maybe_sent_cookies()[1].cookie.Name());
7670 EXPECT_TRUE(req->maybe_sent_cookies()[1].access_result.status.IsInclude());
7671 auto entries = net_log_observer.GetEntriesWithType(
7672 NetLogEventType::COOKIE_INCLUSION_STATUS);
7673 EXPECT_EQ(2u, entries.size());
7674 EXPECT_EQ(
7675 "{\"domain\":\"" + set_cookie_test_url.host() +
7676 "\",\"name\":\"path_cookie\",\"operation\":\"send\",\"path\":\"/"
7677 "set-cookie\",\"status\":\"EXCLUDE_NOT_ON_PATH, DO_NOT_WARN, "
7678 "NO_EXEMPTION\"}",
7679 SerializeNetLogValueToJson(entries[0].params));
7680 EXPECT_EQ(
7681 "{\"domain\":\"" + set_cookie_test_url.host() +
7682 "\",\"name\":\"stored_cookie\",\"operation\":\"send\","
7683 "\"path\":\"/\",\"status\":\"INCLUDE, DO_NOT_WARN, NO_EXEMPTION\"}",
7684 SerializeNetLogValueToJson(entries[1].params));
7685 net_log_observer.Clear();
7686 }
7687 }
7688
7689 // Test that the SameSite-by-default CookieInclusionStatus warnings do not get
7690 // set if the cookie would have been rejected for other reasons.
7691 // Regression test for https://crbug.com/1027318.
TEST_F(URLRequestTest,NoCookieInclusionStatusWarningIfWouldBeExcludedAnyway)7692 TEST_F(URLRequestTest, NoCookieInclusionStatusWarningIfWouldBeExcludedAnyway) {
7693 HttpTestServer test_server;
7694 ASSERT_TRUE(test_server.Start());
7695
7696 auto context_builder = CreateTestURLRequestContextBuilder();
7697 auto& network_delegate = *context_builder->set_network_delegate(
7698 std::make_unique<FilteringTestNetworkDelegate>());
7699 network_delegate.SetCookieFilter("blockeduserpreference");
7700 context_builder->SetCookieStore(
7701 std::make_unique<CookieMonster>(nullptr, nullptr));
7702 auto context = context_builder->Build();
7703 auto& cm = *static_cast<CookieMonster*>(context->cookie_store());
7704
7705 // Set cookies
7706 {
7707 // Attempt to set some cookies in a cross-site context without a SameSite
7708 // attribute. They should all be blocked. Only the one that would have been
7709 // included had it not been for the new SameSite features should have a
7710 // warning attached.
7711 TestDelegate d;
7712 GURL test_url = test_server.GetURL("this.example",
7713 "/set-cookie?blockeduserpreference=true&"
7714 "unspecifiedsamesite=1&"
7715 "invalidsecure=1;Secure");
7716 GURL cross_site_url = test_server.GetURL("other.example", "/");
7717 std::unique_ptr<URLRequest> req(context->CreateRequest(
7718 test_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
7719 req->set_site_for_cookies(
7720 net::SiteForCookies::FromUrl(cross_site_url)); // cross-site context
7721 req->Start();
7722 d.RunUntilComplete();
7723
7724 ASSERT_EQ(3u, req->maybe_stored_cookies().size());
7725
7726 // Cookie blocked by user preferences is not warned about.
7727 EXPECT_EQ("blockeduserpreference",
7728 req->maybe_stored_cookies()[0].cookie->Name());
7729 // It doesn't pick up the EXCLUDE_UNSPECIFIED_TREATED_AS_LAX because it
7730 // doesn't even make it to the cookie store (it is filtered out beforehand).
7731 EXPECT_TRUE(req->maybe_stored_cookies()[0]
7732 .access_result.status.HasExactlyExclusionReasonsForTesting(
7733 {CookieInclusionStatus::EXCLUDE_USER_PREFERENCES}));
7734 EXPECT_FALSE(
7735 req->maybe_stored_cookies()[0].access_result.status.ShouldWarn());
7736
7737 // Cookie that would be included had it not been for the new SameSite rules
7738 // is warned about.
7739 EXPECT_EQ("unspecifiedsamesite",
7740 req->maybe_stored_cookies()[1].cookie->Name());
7741 EXPECT_TRUE(req->maybe_stored_cookies()[1]
7742 .access_result.status.HasExactlyExclusionReasonsForTesting(
7743 {CookieInclusionStatus::
7744 EXCLUDE_SAMESITE_UNSPECIFIED_TREATED_AS_LAX}));
7745 EXPECT_TRUE(req->maybe_stored_cookies()[1]
7746 .access_result.status.HasExactlyWarningReasonsForTesting(
7747 {CookieInclusionStatus::
7748 WARN_SAMESITE_UNSPECIFIED_CROSS_SITE_CONTEXT}));
7749
7750 // Cookie that is blocked because of invalid Secure attribute is not warned
7751 // about.
7752 EXPECT_EQ("invalidsecure", req->maybe_stored_cookies()[2].cookie->Name());
7753 EXPECT_TRUE(req->maybe_stored_cookies()[2]
7754 .access_result.status.HasExactlyExclusionReasonsForTesting(
7755 {CookieInclusionStatus::EXCLUDE_SECURE_ONLY,
7756 CookieInclusionStatus::
7757 EXCLUDE_SAMESITE_UNSPECIFIED_TREATED_AS_LAX}));
7758 EXPECT_TRUE(req->maybe_stored_cookies()[2]
7759 .access_result.status.HasExactlyWarningReasonsForTesting(
7760 {CookieInclusionStatus::
7761 WARN_TENTATIVELY_ALLOWING_SECURE_SOURCE_SCHEME}));
7762 }
7763
7764 // Get cookies (blocked by user preference)
7765 network_delegate.set_block_annotate_cookies();
7766 {
7767 GURL url = test_server.GetURL("/");
7768 auto cookie1 = CanonicalCookie::CreateForTesting(url, "cookienosamesite=1",
7769 base::Time::Now());
7770 base::RunLoop run_loop;
7771 CookieAccessResult access_result;
7772 cm.SetCanonicalCookieAsync(
7773 std::move(cookie1), url, CookieOptions::MakeAllInclusive(),
7774 base::BindLambdaForTesting([&](CookieAccessResult result) {
7775 access_result = result;
7776 run_loop.Quit();
7777 }));
7778 run_loop.Run();
7779 EXPECT_TRUE(access_result.status.IsInclude());
7780
7781 TestDelegate d;
7782 GURL test_url = test_server.GetURL("/echoheader?Cookie");
7783 std::unique_ptr<URLRequest> req(context->CreateRequest(
7784 test_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
7785 GURL cross_site_url = test_server.GetURL("other.example", "/");
7786 req->set_site_for_cookies(
7787 net::SiteForCookies::FromUrl(cross_site_url)); // cross-site context
7788 req->Start();
7789 d.RunUntilComplete();
7790
7791 // No cookies were sent with the request because getting cookies is blocked.
7792 EXPECT_EQ("None", d.data_received());
7793 ASSERT_EQ(1u, req->maybe_sent_cookies().size());
7794 EXPECT_EQ("cookienosamesite", req->maybe_sent_cookies()[0].cookie.Name());
7795 EXPECT_TRUE(req->maybe_sent_cookies()[0]
7796 .access_result.status.HasExactlyExclusionReasonsForTesting(
7797 {CookieInclusionStatus::EXCLUDE_USER_PREFERENCES,
7798 CookieInclusionStatus::
7799 EXCLUDE_SAMESITE_UNSPECIFIED_TREATED_AS_LAX}));
7800 // Cookie should not be warned about because it was blocked because of user
7801 // preferences.
7802 EXPECT_FALSE(
7803 req->maybe_sent_cookies()[0].access_result.status.ShouldWarn());
7804 }
7805 network_delegate.unset_block_annotate_cookies();
7806
7807 // Get cookies
7808 {
7809 GURL url = test_server.GetURL("/");
7810 auto cookie2 = CanonicalCookie::CreateForTesting(
7811 url, "cookiewithpath=1;path=/foo", base::Time::Now());
7812 base::RunLoop run_loop;
7813 // Note: cookie1 from the previous testcase is still in the cookie store.
7814 CookieAccessResult access_result;
7815 cm.SetCanonicalCookieAsync(
7816 std::move(cookie2), url, CookieOptions::MakeAllInclusive(),
7817 base::BindLambdaForTesting([&](CookieAccessResult result) {
7818 access_result = result;
7819 run_loop.Quit();
7820 }));
7821 run_loop.Run();
7822 EXPECT_TRUE(access_result.status.IsInclude());
7823
7824 TestDelegate d;
7825 GURL test_url = test_server.GetURL("/echoheader?Cookie");
7826 std::unique_ptr<URLRequest> req(context->CreateRequest(
7827 test_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
7828 GURL cross_site_url = test_server.GetURL("other.example", "/");
7829 req->set_site_for_cookies(
7830 net::SiteForCookies::FromUrl(cross_site_url)); // cross-site context
7831 req->Start();
7832 d.RunUntilComplete();
7833
7834 // No cookies were sent with the request because they don't specify SameSite
7835 // and the request is cross-site.
7836 EXPECT_EQ("None", d.data_received());
7837 ASSERT_EQ(2u, req->maybe_sent_cookies().size());
7838 // Cookie excluded for other reasons is not warned about.
7839 // Note: this cookie is first because the cookies are sorted by path length
7840 // with longest first. See CookieSorter() in cookie_monster.cc.
7841 EXPECT_EQ("cookiewithpath", req->maybe_sent_cookies()[0].cookie.Name());
7842 EXPECT_TRUE(req->maybe_sent_cookies()[0]
7843 .access_result.status.HasExactlyExclusionReasonsForTesting(
7844 {CookieInclusionStatus::EXCLUDE_NOT_ON_PATH,
7845 CookieInclusionStatus::
7846 EXCLUDE_SAMESITE_UNSPECIFIED_TREATED_AS_LAX}));
7847 EXPECT_FALSE(
7848 req->maybe_sent_cookies()[0].access_result.status.ShouldWarn());
7849 // Cookie that was only blocked because of unspecified SameSite should be
7850 // warned about.
7851 EXPECT_EQ("cookienosamesite", req->maybe_sent_cookies()[1].cookie.Name());
7852 EXPECT_TRUE(req->maybe_sent_cookies()[1]
7853 .access_result.status.HasExactlyExclusionReasonsForTesting(
7854 {CookieInclusionStatus::
7855 EXCLUDE_SAMESITE_UNSPECIFIED_TREATED_AS_LAX}));
7856 EXPECT_TRUE(req->maybe_sent_cookies()[1]
7857 .access_result.status.HasExactlyWarningReasonsForTesting(
7858 {CookieInclusionStatus::
7859 WARN_SAMESITE_UNSPECIFIED_CROSS_SITE_CONTEXT}));
7860 }
7861 }
7862
TEST_F(URLRequestTestHTTP,AuthChallengeCancelCookieCollect)7863 TEST_F(URLRequestTestHTTP, AuthChallengeCancelCookieCollect) {
7864 ASSERT_TRUE(http_test_server()->Start());
7865 GURL url_requiring_auth =
7866 http_test_server()->GetURL("/auth-basic?set-cookie-if-challenged");
7867
7868 auto context_builder = CreateTestURLRequestContextBuilder();
7869 auto filtering_network_delegate =
7870 std::make_unique<FilteringTestNetworkDelegate>();
7871 filtering_network_delegate->SetCookieFilter("got_challenged");
7872 context_builder->set_network_delegate(std::move(filtering_network_delegate));
7873 auto context = context_builder->Build();
7874
7875 TestDelegate delegate;
7876
7877 std::unique_ptr<URLRequest> request =
7878 CreateFirstPartyRequest(*context, url_requiring_auth, &delegate);
7879 request->Start();
7880
7881 delegate.RunUntilAuthRequired();
7882 ASSERT_EQ(1u, request->maybe_stored_cookies().size());
7883 EXPECT_TRUE(request->maybe_stored_cookies()[0]
7884 .access_result.status.HasExactlyExclusionReasonsForTesting(
7885 {net::CookieInclusionStatus::EXCLUDE_USER_PREFERENCES}));
7886 EXPECT_EQ("got_challenged=true",
7887 request->maybe_stored_cookies()[0].cookie_string);
7888
7889 // This shouldn't DCHECK-fail.
7890 request->CancelAuth();
7891 delegate.RunUntilComplete();
7892 }
7893
TEST_F(URLRequestTestHTTP,AuthChallengeWithFilteredCookies)7894 TEST_F(URLRequestTestHTTP, AuthChallengeWithFilteredCookies) {
7895 ASSERT_TRUE(http_test_server()->Start());
7896
7897 GURL url_requiring_auth =
7898 http_test_server()->GetURL("/auth-basic?set-cookie-if-challenged");
7899 GURL url_requiring_auth_wo_cookies =
7900 http_test_server()->GetURL("/auth-basic");
7901 // Check maybe_stored_cookies is populated first round trip, and cleared on
7902 // the second.
7903 {
7904 auto context_builder = CreateTestURLRequestContextBuilder();
7905 auto& filtering_network_delegate = *context_builder->set_network_delegate(
7906 std::make_unique<FilteringTestNetworkDelegate>());
7907 filtering_network_delegate.SetCookieFilter("got_challenged");
7908 auto context = context_builder->Build();
7909
7910 TestDelegate delegate;
7911
7912 std::unique_ptr<URLRequest> request =
7913 CreateFirstPartyRequest(*context, url_requiring_auth, &delegate);
7914 request->Start();
7915
7916 delegate.RunUntilAuthRequired();
7917 // Make sure it was blocked once.
7918 EXPECT_EQ(1, filtering_network_delegate.blocked_set_cookie_count());
7919
7920 // The number of cookies blocked from the most recent round trip.
7921 ASSERT_EQ(1u, request->maybe_stored_cookies().size());
7922 EXPECT_TRUE(
7923 request->maybe_stored_cookies()
7924 .front()
7925 .access_result.status.HasExactlyExclusionReasonsForTesting(
7926 {net::CookieInclusionStatus::EXCLUDE_USER_PREFERENCES}));
7927
7928 // Now check the second round trip
7929 request->SetAuth(AuthCredentials(kUser, kSecret));
7930 delegate.RunUntilComplete();
7931 EXPECT_THAT(delegate.request_status(), IsOk());
7932
7933 // There are DCHECKs in URLRequestHttpJob that would fail if
7934 // maybe_sent_cookies and maybe_stored_cookies were not cleared properly.
7935
7936 // Make sure the cookie was actually filtered and not sent.
7937 EXPECT_EQ(std::string::npos,
7938 delegate.data_received().find("Cookie: got_challenged=true"));
7939
7940 // The number of cookies that most recent round trip tried to set.
7941 ASSERT_EQ(0u, request->maybe_stored_cookies().size());
7942 }
7943
7944 // Check maybe_sent_cookies on first round trip (and cleared for the second).
7945 {
7946 auto context_builder = CreateTestURLRequestContextBuilder();
7947 auto& filtering_network_delegate = *context_builder->set_network_delegate(
7948 std::make_unique<FilteringTestNetworkDelegate>());
7949 filtering_network_delegate.set_block_annotate_cookies();
7950 context_builder->SetCookieStore(
7951 std::make_unique<CookieMonster>(nullptr, nullptr));
7952 auto context = context_builder->Build();
7953
7954 auto* cm = static_cast<CookieMonster*>(context->cookie_store());
7955 auto another_cookie = CanonicalCookie::CreateForTesting(
7956 url_requiring_auth_wo_cookies, "another_cookie=true",
7957 base::Time::Now());
7958 cm->SetCanonicalCookieAsync(std::move(another_cookie),
7959 url_requiring_auth_wo_cookies,
7960 net::CookieOptions::MakeAllInclusive(),
7961 CookieStore::SetCookiesCallback());
7962
7963 TestDelegate delegate;
7964
7965 std::unique_ptr<URLRequest> request = CreateFirstPartyRequest(
7966 *context, url_requiring_auth_wo_cookies, &delegate);
7967 request->Start();
7968
7969 delegate.RunUntilAuthRequired();
7970
7971 ASSERT_EQ(1u, request->maybe_sent_cookies().size());
7972 EXPECT_EQ("another_cookie",
7973 request->maybe_sent_cookies().front().cookie.Name());
7974 EXPECT_EQ("true", request->maybe_sent_cookies().front().cookie.Value());
7975 EXPECT_TRUE(
7976 request->maybe_sent_cookies()
7977 .front()
7978 .access_result.status.HasExactlyExclusionReasonsForTesting(
7979 {net::CookieInclusionStatus::EXCLUDE_USER_PREFERENCES}));
7980
7981 // Check maybe_sent_cookies on second roundtrip.
7982 request->set_maybe_sent_cookies({});
7983 cm->DeleteAllAsync(CookieStore::DeleteCallback());
7984 auto one_more_cookie = CanonicalCookie::CreateForTesting(
7985 url_requiring_auth_wo_cookies, "one_more_cookie=true",
7986 base::Time::Now());
7987 cm->SetCanonicalCookieAsync(std::move(one_more_cookie),
7988 url_requiring_auth_wo_cookies,
7989 net::CookieOptions::MakeAllInclusive(),
7990 CookieStore::SetCookiesCallback());
7991
7992 request->SetAuth(AuthCredentials(kUser, kSecret));
7993 delegate.RunUntilComplete();
7994 EXPECT_THAT(delegate.request_status(), IsOk());
7995
7996 // There are DCHECKs in URLRequestHttpJob that would fail if
7997 // maybe_sent_cookies and maybe_stored_cookies were not cleared properly.
7998
7999 // Make sure the cookie was actually filtered.
8000 EXPECT_EQ(std::string::npos,
8001 delegate.data_received().find("Cookie: one_more_cookie=true"));
8002 // got_challenged was set after the first request and blocked on the second,
8003 // so it should only have been blocked this time
8004 EXPECT_EQ(2, filtering_network_delegate.blocked_annotate_cookies_count());
8005
8006 // // The number of cookies blocked from the most recent round trip.
8007 ASSERT_EQ(1u, request->maybe_sent_cookies().size());
8008 EXPECT_EQ("one_more_cookie",
8009 request->maybe_sent_cookies().front().cookie.Name());
8010 EXPECT_TRUE(
8011 request->maybe_sent_cookies()
8012 .front()
8013 .access_result.status.HasExactlyExclusionReasonsForTesting(
8014 {net::CookieInclusionStatus::EXCLUDE_USER_PREFERENCES}));
8015 }
8016 }
8017
8018 // Tests that load timing works as expected with auth and the cache.
TEST_F(URLRequestTestHTTP,BasicAuthLoadTiming)8019 TEST_F(URLRequestTestHTTP, BasicAuthLoadTiming) {
8020 ASSERT_TRUE(http_test_server()->Start());
8021
8022 // populate the cache
8023 {
8024 TestDelegate d;
8025
8026 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
8027 http_test_server()->GetURL("/auth-basic"), DEFAULT_PRIORITY, &d,
8028 TRAFFIC_ANNOTATION_FOR_TESTS));
8029 r->set_isolation_info(isolation_info1_);
8030 r->Start();
8031 d.RunUntilAuthRequired();
8032
8033 LoadTimingInfo load_timing_info_before_auth;
8034 r->GetLoadTimingInfo(&load_timing_info_before_auth);
8035 TestLoadTimingNotReused(load_timing_info_before_auth,
8036 CONNECT_TIMING_HAS_DNS_TIMES);
8037
8038 r->SetAuth(AuthCredentials(kUser, kSecret));
8039 d.RunUntilComplete();
8040
8041 EXPECT_TRUE(d.data_received().find("user/secret") != std::string::npos);
8042 LoadTimingInfo load_timing_info;
8043 r->GetLoadTimingInfo(&load_timing_info);
8044 // The test server does not support keep alive sockets, so the second
8045 // request with auth should use a new socket.
8046 TestLoadTimingNotReused(load_timing_info, CONNECT_TIMING_HAS_DNS_TIMES);
8047 EXPECT_NE(load_timing_info_before_auth.socket_log_id,
8048 load_timing_info.socket_log_id);
8049 EXPECT_LE(load_timing_info_before_auth.receive_headers_end,
8050 load_timing_info.connect_timing.connect_start);
8051 }
8052
8053 // Repeat request with end-to-end validation. Since auth-basic results in a
8054 // cachable page, we expect this test to result in a 304. In which case, the
8055 // response should be fetched from the cache.
8056 {
8057 TestDelegate d;
8058 d.set_credentials(AuthCredentials(kUser, kSecret));
8059
8060 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
8061 http_test_server()->GetURL("/auth-basic"), DEFAULT_PRIORITY, &d,
8062 TRAFFIC_ANNOTATION_FOR_TESTS));
8063 r->SetLoadFlags(LOAD_VALIDATE_CACHE);
8064 r->set_isolation_info(isolation_info1_);
8065 r->Start();
8066
8067 d.RunUntilComplete();
8068
8069 EXPECT_TRUE(d.data_received().find("user/secret") != std::string::npos);
8070
8071 // Should be the same cached document.
8072 EXPECT_TRUE(r->was_cached());
8073
8074 // Since there was a request that went over the wire, the load timing
8075 // information should include connection times.
8076 LoadTimingInfo load_timing_info;
8077 r->GetLoadTimingInfo(&load_timing_info);
8078 TestLoadTimingNotReused(load_timing_info, CONNECT_TIMING_HAS_DNS_TIMES);
8079 }
8080 }
8081
8082 // In this test, we do a POST which the server will 302 redirect.
8083 // The subsequent transaction should use GET, and should not send the
8084 // Content-Type header.
8085 // http://code.google.com/p/chromium/issues/detail?id=843
TEST_F(URLRequestTestHTTP,Post302RedirectGet)8086 TEST_F(URLRequestTestHTTP, Post302RedirectGet) {
8087 ASSERT_TRUE(http_test_server()->Start());
8088
8089 const char kData[] = "hello world";
8090
8091 TestDelegate d;
8092 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
8093 http_test_server()->GetURL("/redirect-to-echoall"), DEFAULT_PRIORITY, &d,
8094 TRAFFIC_ANNOTATION_FOR_TESTS));
8095 req->set_method("POST");
8096 req->set_upload(CreateSimpleUploadData(kData));
8097
8098 // Set headers (some of which are specific to the POST).
8099 HttpRequestHeaders headers;
8100 headers.SetHeader("Content-Type",
8101 "multipart/form-data;"
8102 "boundary=----WebKitFormBoundaryAADeAA+NAAWMAAwZ");
8103 headers.SetHeader("Accept",
8104 "text/xml,application/xml,application/xhtml+xml,"
8105 "text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5");
8106 headers.SetHeader("Accept-Language", "en-US,en");
8107 headers.SetHeader("Accept-Charset", "ISO-8859-1,*,utf-8");
8108 headers.SetHeader("Content-Length", "11");
8109 headers.SetHeader("Origin", "http://localhost:1337/");
8110 req->SetExtraRequestHeaders(headers);
8111 req->Start();
8112 d.RunUntilComplete();
8113
8114 std::string mime_type;
8115 req->GetMimeType(&mime_type);
8116 EXPECT_EQ("text/html", mime_type);
8117
8118 const std::string& data = d.data_received();
8119
8120 // Check that the post-specific headers were stripped:
8121 EXPECT_FALSE(ContainsString(data, "Content-Length:"));
8122 EXPECT_FALSE(ContainsString(data, "Content-Type:"));
8123 EXPECT_FALSE(ContainsString(data, "Origin:"));
8124
8125 // These extra request headers should not have been stripped.
8126 EXPECT_TRUE(ContainsString(data, "Accept:"));
8127 EXPECT_TRUE(ContainsString(data, "Accept-Language:"));
8128 EXPECT_TRUE(ContainsString(data, "Accept-Charset:"));
8129 }
8130
8131 // The following tests check that we handle mutating the request for HTTP
8132 // redirects as expected.
8133 // See https://crbug.com/56373, https://crbug.com/102130, and
8134 // https://crbug.com/465517.
8135
TEST_F(URLRequestTestHTTP,Redirect301Tests)8136 TEST_F(URLRequestTestHTTP, Redirect301Tests) {
8137 ASSERT_TRUE(http_test_server()->Start());
8138
8139 const GURL url = http_test_server()->GetURL("/redirect301-to-echo");
8140 const GURL https_redirect_url =
8141 http_test_server()->GetURL("/redirect301-to-https");
8142
8143 HTTPRedirectMethodTest(url, "POST", "GET", true);
8144 HTTPRedirectMethodTest(url, "PUT", "PUT", true);
8145 HTTPRedirectMethodTest(url, "HEAD", "HEAD", false);
8146
8147 HTTPRedirectOriginHeaderTest(url, "GET", "GET",
8148 url.DeprecatedGetOriginAsURL().spec());
8149 HTTPRedirectOriginHeaderTest(https_redirect_url, "GET", "GET", "null");
8150 HTTPRedirectOriginHeaderTest(url, "POST", "GET", std::string());
8151 HTTPRedirectOriginHeaderTest(https_redirect_url, "POST", "GET",
8152 std::string());
8153 HTTPRedirectOriginHeaderTest(url, "PUT", "PUT",
8154 url.DeprecatedGetOriginAsURL().spec());
8155 HTTPRedirectOriginHeaderTest(https_redirect_url, "PUT", "PUT", "null");
8156 }
8157
TEST_F(URLRequestTestHTTP,Redirect302Tests)8158 TEST_F(URLRequestTestHTTP, Redirect302Tests) {
8159 ASSERT_TRUE(http_test_server()->Start());
8160
8161 const GURL url = http_test_server()->GetURL("/redirect302-to-echo");
8162 const GURL https_redirect_url =
8163 http_test_server()->GetURL("/redirect302-to-https");
8164
8165 HTTPRedirectMethodTest(url, "POST", "GET", true);
8166 HTTPRedirectMethodTest(url, "PUT", "PUT", true);
8167 HTTPRedirectMethodTest(url, "HEAD", "HEAD", false);
8168
8169 HTTPRedirectOriginHeaderTest(url, "GET", "GET",
8170 url.DeprecatedGetOriginAsURL().spec());
8171 HTTPRedirectOriginHeaderTest(https_redirect_url, "GET", "GET", "null");
8172 HTTPRedirectOriginHeaderTest(url, "POST", "GET", std::string());
8173 HTTPRedirectOriginHeaderTest(https_redirect_url, "POST", "GET",
8174 std::string());
8175 HTTPRedirectOriginHeaderTest(url, "PUT", "PUT",
8176 url.DeprecatedGetOriginAsURL().spec());
8177 HTTPRedirectOriginHeaderTest(https_redirect_url, "PUT", "PUT", "null");
8178 }
8179
TEST_F(URLRequestTestHTTP,Redirect303Tests)8180 TEST_F(URLRequestTestHTTP, Redirect303Tests) {
8181 ASSERT_TRUE(http_test_server()->Start());
8182
8183 const GURL url = http_test_server()->GetURL("/redirect303-to-echo");
8184 const GURL https_redirect_url =
8185 http_test_server()->GetURL("/redirect303-to-https");
8186
8187 HTTPRedirectMethodTest(url, "POST", "GET", true);
8188 HTTPRedirectMethodTest(url, "PUT", "GET", true);
8189 HTTPRedirectMethodTest(url, "HEAD", "HEAD", false);
8190
8191 HTTPRedirectOriginHeaderTest(url, "DELETE", "GET", std::string());
8192 HTTPRedirectOriginHeaderTest(https_redirect_url, "DELETE", "GET",
8193 std::string());
8194 HTTPRedirectOriginHeaderTest(url, "GET", "GET",
8195 url.DeprecatedGetOriginAsURL().spec());
8196 HTTPRedirectOriginHeaderTest(https_redirect_url, "GET", "GET", "null");
8197 HTTPRedirectOriginHeaderTest(url, "HEAD", "HEAD",
8198 url.DeprecatedGetOriginAsURL().spec());
8199 HTTPRedirectOriginHeaderTest(https_redirect_url, "HEAD", "HEAD", "null");
8200 HTTPRedirectOriginHeaderTest(url, "OPTIONS", "GET", std::string());
8201 HTTPRedirectOriginHeaderTest(https_redirect_url, "OPTIONS", "GET",
8202 std::string());
8203 HTTPRedirectOriginHeaderTest(url, "POST", "GET", std::string());
8204 HTTPRedirectOriginHeaderTest(https_redirect_url, "POST", "GET",
8205 std::string());
8206 HTTPRedirectOriginHeaderTest(url, "PUT", "GET", std::string());
8207 HTTPRedirectOriginHeaderTest(https_redirect_url, "PUT", "GET", std::string());
8208 }
8209
TEST_F(URLRequestTestHTTP,Redirect307Tests)8210 TEST_F(URLRequestTestHTTP, Redirect307Tests) {
8211 ASSERT_TRUE(http_test_server()->Start());
8212
8213 const GURL url = http_test_server()->GetURL("/redirect307-to-echo");
8214 const GURL https_redirect_url =
8215 http_test_server()->GetURL("/redirect307-to-https");
8216
8217 HTTPRedirectMethodTest(url, "POST", "POST", true);
8218 HTTPRedirectMethodTest(url, "PUT", "PUT", true);
8219 HTTPRedirectMethodTest(url, "HEAD", "HEAD", false);
8220
8221 HTTPRedirectOriginHeaderTest(url, "GET", "GET",
8222 url.DeprecatedGetOriginAsURL().spec());
8223 HTTPRedirectOriginHeaderTest(https_redirect_url, "GET", "GET", "null");
8224 HTTPRedirectOriginHeaderTest(url, "POST", "POST",
8225 url.DeprecatedGetOriginAsURL().spec());
8226 HTTPRedirectOriginHeaderTest(https_redirect_url, "POST", "POST", "null");
8227 HTTPRedirectOriginHeaderTest(url, "PUT", "PUT",
8228 url.DeprecatedGetOriginAsURL().spec());
8229 HTTPRedirectOriginHeaderTest(https_redirect_url, "PUT", "PUT", "null");
8230 }
8231
TEST_F(URLRequestTestHTTP,Redirect308Tests)8232 TEST_F(URLRequestTestHTTP, Redirect308Tests) {
8233 ASSERT_TRUE(http_test_server()->Start());
8234
8235 const GURL url = http_test_server()->GetURL("/redirect308-to-echo");
8236 const GURL https_redirect_url =
8237 http_test_server()->GetURL("/redirect308-to-https");
8238
8239 HTTPRedirectMethodTest(url, "POST", "POST", true);
8240 HTTPRedirectMethodTest(url, "PUT", "PUT", true);
8241 HTTPRedirectMethodTest(url, "HEAD", "HEAD", false);
8242
8243 HTTPRedirectOriginHeaderTest(url, "GET", "GET",
8244 url.DeprecatedGetOriginAsURL().spec());
8245 HTTPRedirectOriginHeaderTest(https_redirect_url, "GET", "GET", "null");
8246 HTTPRedirectOriginHeaderTest(url, "POST", "POST",
8247 url.DeprecatedGetOriginAsURL().spec());
8248 HTTPRedirectOriginHeaderTest(https_redirect_url, "POST", "POST", "null");
8249 HTTPRedirectOriginHeaderTest(url, "PUT", "PUT",
8250 url.DeprecatedGetOriginAsURL().spec());
8251 HTTPRedirectOriginHeaderTest(https_redirect_url, "PUT", "PUT", "null");
8252 }
8253
8254 // Make sure that 308 responses without bodies are not treated as redirects.
8255 // Certain legacy apis that pre-date the response code expect this behavior
8256 // (Like Google Drive).
TEST_F(URLRequestTestHTTP,NoRedirectOn308WithoutLocationHeader)8257 TEST_F(URLRequestTestHTTP, NoRedirectOn308WithoutLocationHeader) {
8258 ASSERT_TRUE(http_test_server()->Start());
8259
8260 TestDelegate d;
8261 const GURL url = http_test_server()->GetURL("/308-without-location-header");
8262
8263 std::unique_ptr<URLRequest> request(default_context().CreateRequest(
8264 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
8265
8266 request->Start();
8267 d.RunUntilComplete();
8268 EXPECT_EQ(OK, d.request_status());
8269 EXPECT_EQ(0, d.received_redirect_count());
8270 EXPECT_EQ(308, request->response_headers()->response_code());
8271 EXPECT_EQ("This is not a redirect.", d.data_received());
8272 }
8273
TEST_F(URLRequestTestHTTP,Redirect302PreserveReferenceFragment)8274 TEST_F(URLRequestTestHTTP, Redirect302PreserveReferenceFragment) {
8275 ASSERT_TRUE(http_test_server()->Start());
8276
8277 GURL original_url(
8278 http_test_server()->GetURL("/redirect302-to-echo#fragment"));
8279 GURL expected_url(http_test_server()->GetURL("/echo#fragment"));
8280
8281 TestDelegate d;
8282 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
8283 original_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
8284
8285 r->Start();
8286 d.RunUntilComplete();
8287
8288 EXPECT_EQ(2U, r->url_chain().size());
8289 EXPECT_EQ(OK, d.request_status());
8290 EXPECT_EQ(original_url, r->original_url());
8291 EXPECT_EQ(expected_url, r->url());
8292 }
8293
TEST_F(URLRequestTestHTTP,RedirectWithFilteredCookies)8294 TEST_F(URLRequestTestHTTP, RedirectWithFilteredCookies) {
8295 ASSERT_TRUE(http_test_server()->Start());
8296
8297 // FilteringTestNetworkDelegate filters by name, so the names of the two
8298 // cookies have to be the same. The values have been set to different strings
8299 // (the value of the server-redirect cookies is "true" and set-cookie is
8300 // "other") to differentiate between the two round trips.
8301 GURL redirect_to(
8302 http_test_server()->GetURL("/set-cookie?server-redirect=other"));
8303
8304 GURL original_url(http_test_server()->GetURL("/server-redirect-with-cookie?" +
8305 redirect_to.spec()));
8306
8307 GURL original_url_wo_cookie(
8308 http_test_server()->GetURL("/server-redirect?" + redirect_to.spec()));
8309 // Check maybe_stored_cookies on first round trip.
8310 {
8311 auto context_builder = CreateTestURLRequestContextBuilder();
8312 auto& filtering_network_delegate = *context_builder->set_network_delegate(
8313 std::make_unique<FilteringTestNetworkDelegate>());
8314 filtering_network_delegate.SetCookieFilter(
8315 "server-redirect"); // Filter the cookie server-redirect sets.
8316 auto context = context_builder->Build();
8317
8318 TestDelegate delegate;
8319 std::unique_ptr<URLRequest> request =
8320 CreateFirstPartyRequest(*context, original_url, &delegate);
8321
8322 request->Start();
8323 delegate.RunUntilRedirect();
8324
8325 // Make sure it was blocked once.
8326 EXPECT_EQ(1, filtering_network_delegate.blocked_set_cookie_count());
8327
8328 // The number of cookies blocked from the most recent round trip.
8329 ASSERT_EQ(1u, request->maybe_stored_cookies().size());
8330 EXPECT_EQ("server-redirect",
8331 request->maybe_stored_cookies().front().cookie->Name());
8332 EXPECT_EQ("true", request->maybe_stored_cookies().front().cookie->Value());
8333 EXPECT_TRUE(
8334 request->maybe_stored_cookies()
8335 .front()
8336 .access_result.status.HasExactlyExclusionReasonsForTesting(
8337 {net::CookieInclusionStatus::EXCLUDE_USER_PREFERENCES}));
8338
8339 // Check maybe_stored_cookies on second round trip (and clearing from the
8340 // first).
8341 request->FollowDeferredRedirect(std::nullopt, std::nullopt);
8342 delegate.RunUntilComplete();
8343 EXPECT_THAT(delegate.request_status(), IsOk());
8344
8345 // There are DCHECKs in URLRequestHttpJob that would fail if
8346 // maybe_sent_cookies and maybe_stored_cookies we not cleared properly.
8347
8348 // Make sure it was blocked twice.
8349 EXPECT_EQ(2, filtering_network_delegate.blocked_set_cookie_count());
8350
8351 // The number of cookies blocked from the most recent round trip.
8352 ASSERT_EQ(1u, request->maybe_stored_cookies().size());
8353 EXPECT_EQ("server-redirect",
8354 request->maybe_stored_cookies().front().cookie->Name());
8355 EXPECT_EQ("other", request->maybe_stored_cookies().front().cookie->Value());
8356 EXPECT_TRUE(
8357 request->maybe_stored_cookies()
8358 .front()
8359 .access_result.status.HasExactlyExclusionReasonsForTesting(
8360 {net::CookieInclusionStatus::EXCLUDE_USER_PREFERENCES}));
8361 }
8362
8363 // Check maybe_sent_cookies on first round trip.
8364 {
8365 auto context_builder = CreateTestURLRequestContextBuilder();
8366 auto& filtering_network_delegate = *context_builder->set_network_delegate(
8367 std::make_unique<FilteringTestNetworkDelegate>());
8368 filtering_network_delegate.set_block_annotate_cookies();
8369 context_builder->SetCookieStore(
8370 std::make_unique<CookieMonster>(nullptr, nullptr));
8371 auto context = context_builder->Build();
8372
8373 auto* cm = static_cast<CookieMonster*>(context->cookie_store());
8374 auto another_cookie = CanonicalCookie::CreateForTesting(
8375 original_url, "another_cookie=true", base::Time::Now());
8376 cm->SetCanonicalCookieAsync(std::move(another_cookie), original_url,
8377 net::CookieOptions::MakeAllInclusive(),
8378 CookieStore::SetCookiesCallback());
8379
8380 TestDelegate delegate;
8381 std::unique_ptr<URLRequest> request =
8382 CreateFirstPartyRequest(*context, original_url_wo_cookie, &delegate);
8383 request->Start();
8384
8385 delegate.RunUntilRedirect();
8386
8387 ASSERT_EQ(1u, request->maybe_sent_cookies().size());
8388 EXPECT_EQ("another_cookie",
8389 request->maybe_sent_cookies().front().cookie.Name());
8390 EXPECT_TRUE(
8391 request->maybe_sent_cookies()
8392 .front()
8393 .access_result.status.HasExactlyExclusionReasonsForTesting(
8394 {net::CookieInclusionStatus::EXCLUDE_USER_PREFERENCES}));
8395
8396 // Check maybe_sent_cookies on second round trip
8397 request->set_maybe_sent_cookies({});
8398 cm->DeleteAllAsync(CookieStore::DeleteCallback());
8399 auto one_more_cookie = CanonicalCookie::CreateForTesting(
8400 original_url_wo_cookie, "one_more_cookie=true", base::Time::Now());
8401 cm->SetCanonicalCookieAsync(std::move(one_more_cookie),
8402 original_url_wo_cookie,
8403 net::CookieOptions::MakeAllInclusive(),
8404 CookieStore::SetCookiesCallback());
8405
8406 request->FollowDeferredRedirect(std::nullopt, std::nullopt);
8407 delegate.RunUntilComplete();
8408 EXPECT_THAT(delegate.request_status(), IsOk());
8409
8410 // There are DCHECKs in URLRequestHttpJob that would fail if
8411 // maybe_sent_cookies and maybe_stored_cookies we not cleared properly.
8412
8413 EXPECT_EQ(2, filtering_network_delegate.blocked_annotate_cookies_count());
8414
8415 // The number of cookies blocked from the most recent round trip.
8416 ASSERT_EQ(1u, request->maybe_sent_cookies().size());
8417 EXPECT_EQ("one_more_cookie",
8418 request->maybe_sent_cookies().front().cookie.Name());
8419 EXPECT_EQ("true", request->maybe_sent_cookies().front().cookie.Value());
8420 EXPECT_TRUE(
8421 request->maybe_sent_cookies()
8422 .front()
8423 .access_result.status.HasExactlyExclusionReasonsForTesting(
8424 {net::CookieInclusionStatus::EXCLUDE_USER_PREFERENCES}));
8425 }
8426 }
8427
TEST_F(URLRequestTestHTTP,RedirectPreserveFirstPartyURL)8428 TEST_F(URLRequestTestHTTP, RedirectPreserveFirstPartyURL) {
8429 ASSERT_TRUE(http_test_server()->Start());
8430
8431 GURL url(http_test_server()->GetURL("/redirect302-to-echo"));
8432 GURL first_party_url("http://example.com");
8433
8434 TestDelegate d;
8435 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
8436 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
8437 r->set_site_for_cookies(SiteForCookies::FromUrl(first_party_url));
8438
8439 r->Start();
8440 d.RunUntilComplete();
8441
8442 EXPECT_EQ(2U, r->url_chain().size());
8443 EXPECT_EQ(OK, d.request_status());
8444 EXPECT_TRUE(SiteForCookies::FromUrl(first_party_url)
8445 .IsEquivalent(r->site_for_cookies()));
8446 }
8447
TEST_F(URLRequestTestHTTP,RedirectUpdateFirstPartyURL)8448 TEST_F(URLRequestTestHTTP, RedirectUpdateFirstPartyURL) {
8449 ASSERT_TRUE(http_test_server()->Start());
8450
8451 GURL url(http_test_server()->GetURL("/redirect302-to-echo"));
8452 GURL original_first_party_url("http://example.com");
8453 GURL expected_first_party_url(http_test_server()->GetURL("/echo"));
8454
8455 TestDelegate d;
8456
8457 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
8458 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
8459 r->set_site_for_cookies(SiteForCookies::FromUrl(original_first_party_url));
8460 r->set_first_party_url_policy(
8461 RedirectInfo::FirstPartyURLPolicy::UPDATE_URL_ON_REDIRECT);
8462
8463 r->Start();
8464 d.RunUntilComplete();
8465
8466 EXPECT_EQ(2U, r->url_chain().size());
8467 EXPECT_EQ(OK, d.request_status());
8468 EXPECT_TRUE(SiteForCookies::FromUrl(expected_first_party_url)
8469 .IsEquivalent(r->site_for_cookies()));
8470 }
8471
TEST_F(URLRequestTestHTTP,InterceptPost302RedirectGet)8472 TEST_F(URLRequestTestHTTP, InterceptPost302RedirectGet) {
8473 ASSERT_TRUE(http_test_server()->Start());
8474
8475 const char kData[] = "hello world";
8476
8477 TestDelegate d;
8478 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
8479 http_test_server()->GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d,
8480 TRAFFIC_ANNOTATION_FOR_TESTS));
8481 req->set_method("POST");
8482 req->set_upload(CreateSimpleUploadData(kData));
8483 HttpRequestHeaders headers;
8484 headers.SetHeader(HttpRequestHeaders::kContentLength,
8485 base::NumberToString(std::size(kData) - 1));
8486 req->SetExtraRequestHeaders(headers);
8487
8488 std::unique_ptr<URLRequestRedirectJob> job =
8489 std::make_unique<URLRequestRedirectJob>(
8490 req.get(), http_test_server()->GetURL("/echo"),
8491 RedirectUtil::ResponseCode::REDIRECT_302_FOUND, "Very Good Reason");
8492 TestScopedURLInterceptor interceptor(req->url(), std::move(job));
8493
8494 req->Start();
8495 d.RunUntilComplete();
8496 EXPECT_EQ("GET", req->method());
8497 }
8498
TEST_F(URLRequestTestHTTP,InterceptPost307RedirectPost)8499 TEST_F(URLRequestTestHTTP, InterceptPost307RedirectPost) {
8500 ASSERT_TRUE(http_test_server()->Start());
8501
8502 const char kData[] = "hello world";
8503
8504 TestDelegate d;
8505 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
8506 http_test_server()->GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d,
8507 TRAFFIC_ANNOTATION_FOR_TESTS));
8508 req->set_method("POST");
8509 req->set_upload(CreateSimpleUploadData(kData));
8510 HttpRequestHeaders headers;
8511 headers.SetHeader(HttpRequestHeaders::kContentLength,
8512 base::NumberToString(std::size(kData) - 1));
8513 req->SetExtraRequestHeaders(headers);
8514
8515 std::unique_ptr<URLRequestRedirectJob> job =
8516 std::make_unique<URLRequestRedirectJob>(
8517 req.get(), http_test_server()->GetURL("/echo"),
8518 RedirectUtil::ResponseCode::REDIRECT_307_TEMPORARY_REDIRECT,
8519 "Very Good Reason");
8520 TestScopedURLInterceptor interceptor(req->url(), std::move(job));
8521
8522 req->Start();
8523 d.RunUntilComplete();
8524 EXPECT_EQ("POST", req->method());
8525 EXPECT_EQ(kData, d.data_received());
8526 }
8527
8528 // Check that default A-L header is sent.
TEST_F(URLRequestTestHTTP,DefaultAcceptLanguage)8529 TEST_F(URLRequestTestHTTP, DefaultAcceptLanguage) {
8530 ASSERT_TRUE(http_test_server()->Start());
8531
8532 auto context_builder = CreateTestURLRequestContextBuilder();
8533 context_builder->set_http_user_agent_settings(
8534 std::make_unique<StaticHttpUserAgentSettings>("en", std::string()));
8535 auto context = context_builder->Build();
8536
8537 TestDelegate d;
8538 std::unique_ptr<URLRequest> req(context->CreateRequest(
8539 http_test_server()->GetURL("/echoheader?Accept-Language"),
8540 DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
8541 req->Start();
8542 d.RunUntilComplete();
8543 EXPECT_EQ("en", d.data_received());
8544 }
8545
8546 // Check that an empty A-L header is not sent. http://crbug.com/77365.
TEST_F(URLRequestTestHTTP,EmptyAcceptLanguage)8547 TEST_F(URLRequestTestHTTP, EmptyAcceptLanguage) {
8548 ASSERT_TRUE(http_test_server()->Start());
8549
8550 auto context_builder = CreateTestURLRequestContextBuilder();
8551 context_builder->set_http_user_agent_settings(
8552 std::make_unique<StaticHttpUserAgentSettings>(std::string(),
8553 std::string()));
8554 auto context = context_builder->Build();
8555
8556 TestDelegate d;
8557 std::unique_ptr<URLRequest> req(context->CreateRequest(
8558 http_test_server()->GetURL("/echoheader?Accept-Language"),
8559 DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
8560 req->Start();
8561 d.RunUntilComplete();
8562 EXPECT_EQ("None", d.data_received());
8563 }
8564
8565 // Check that if request overrides the A-L header, the default is not appended.
8566 // See http://crbug.com/20894
TEST_F(URLRequestTestHTTP,OverrideAcceptLanguage)8567 TEST_F(URLRequestTestHTTP, OverrideAcceptLanguage) {
8568 ASSERT_TRUE(http_test_server()->Start());
8569
8570 TestDelegate d;
8571 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
8572 http_test_server()->GetURL("/echoheader?Accept-Language"),
8573 DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
8574 HttpRequestHeaders headers;
8575 headers.SetHeader(HttpRequestHeaders::kAcceptLanguage, "ru");
8576 req->SetExtraRequestHeaders(headers);
8577 req->Start();
8578 d.RunUntilComplete();
8579 EXPECT_EQ(std::string("ru"), d.data_received());
8580 }
8581
8582 // Check that default A-E header is sent.
TEST_F(URLRequestTestHTTP,DefaultAcceptEncoding)8583 TEST_F(URLRequestTestHTTP, DefaultAcceptEncoding) {
8584 ASSERT_TRUE(http_test_server()->Start());
8585
8586 TestDelegate d;
8587 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
8588 http_test_server()->GetURL("/echoheader?Accept-Encoding"),
8589 DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
8590 HttpRequestHeaders headers;
8591 req->SetExtraRequestHeaders(headers);
8592 req->Start();
8593 d.RunUntilComplete();
8594 EXPECT_TRUE(ContainsString(d.data_received(), "gzip"));
8595 }
8596
8597 // Check that it's possible to override the default A-E header.
TEST_F(URLRequestTestHTTP,DefaultAcceptEncodingOverriden)8598 TEST_F(URLRequestTestHTTP, DefaultAcceptEncodingOverriden) {
8599 ASSERT_TRUE(http_test_server()->Start());
8600
8601 struct {
8602 base::flat_set<net::SourceStream::SourceType> accepted_types;
8603 const char* expected_accept_encoding;
8604 } tests[] = {{{net::SourceStream::SourceType::TYPE_DEFLATE}, "deflate"},
8605 {{}, "None"},
8606 {{net::SourceStream::SourceType::TYPE_GZIP}, "gzip"},
8607 {{net::SourceStream::SourceType::TYPE_GZIP,
8608 net::SourceStream::SourceType::TYPE_DEFLATE},
8609 "gzip, deflate"}};
8610 for (auto test : tests) {
8611 TestDelegate d;
8612 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
8613 http_test_server()->GetURL("/echoheader?Accept-Encoding"),
8614 DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
8615 req->set_accepted_stream_types(test.accepted_types);
8616 req->Start();
8617 d.RunUntilComplete();
8618 EXPECT_STRCASEEQ(d.data_received().c_str(), test.expected_accept_encoding);
8619 }
8620 }
8621
8622 // Check that if request overrides the A-E header, the default is not appended.
8623 // See http://crbug.com/47381
TEST_F(URLRequestTestHTTP,OverrideAcceptEncoding)8624 TEST_F(URLRequestTestHTTP, OverrideAcceptEncoding) {
8625 ASSERT_TRUE(http_test_server()->Start());
8626
8627 TestDelegate d;
8628 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
8629 http_test_server()->GetURL("/echoheader?Accept-Encoding"),
8630 DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
8631 HttpRequestHeaders headers;
8632 headers.SetHeader(HttpRequestHeaders::kAcceptEncoding, "identity");
8633 req->SetExtraRequestHeaders(headers);
8634 req->Start();
8635 d.RunUntilComplete();
8636 EXPECT_FALSE(ContainsString(d.data_received(), "gzip"));
8637 EXPECT_TRUE(ContainsString(d.data_received(), "identity"));
8638 }
8639
8640 // Check that setting the A-C header sends the proper header.
TEST_F(URLRequestTestHTTP,SetAcceptCharset)8641 TEST_F(URLRequestTestHTTP, SetAcceptCharset) {
8642 ASSERT_TRUE(http_test_server()->Start());
8643
8644 TestDelegate d;
8645 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
8646 http_test_server()->GetURL("/echoheader?Accept-Charset"),
8647 DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
8648 HttpRequestHeaders headers;
8649 headers.SetHeader(HttpRequestHeaders::kAcceptCharset, "koi-8r");
8650 req->SetExtraRequestHeaders(headers);
8651 req->Start();
8652 d.RunUntilComplete();
8653 EXPECT_EQ(std::string("koi-8r"), d.data_received());
8654 }
8655
8656 // Check that default User-Agent header is sent.
TEST_F(URLRequestTestHTTP,DefaultUserAgent)8657 TEST_F(URLRequestTestHTTP, DefaultUserAgent) {
8658 ASSERT_TRUE(http_test_server()->Start());
8659
8660 TestDelegate d;
8661 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
8662 http_test_server()->GetURL("/echoheader?User-Agent"), DEFAULT_PRIORITY,
8663 &d, TRAFFIC_ANNOTATION_FOR_TESTS));
8664 req->Start();
8665 d.RunUntilComplete();
8666 EXPECT_EQ(default_context().http_user_agent_settings()->GetUserAgent(),
8667 d.data_received());
8668 }
8669
8670 // Check that if request overrides the User-Agent header,
8671 // the default is not appended.
8672 // TODO(crbug.com/564656) This test is flaky on iOS.
8673 #if BUILDFLAG(IS_IOS)
8674 #define MAYBE_OverrideUserAgent FLAKY_OverrideUserAgent
8675 #else
8676 #define MAYBE_OverrideUserAgent OverrideUserAgent
8677 #endif
TEST_F(URLRequestTestHTTP,MAYBE_OverrideUserAgent)8678 TEST_F(URLRequestTestHTTP, MAYBE_OverrideUserAgent) {
8679 ASSERT_TRUE(http_test_server()->Start());
8680
8681 TestDelegate d;
8682 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
8683 http_test_server()->GetURL("/echoheader?User-Agent"), DEFAULT_PRIORITY,
8684 &d, TRAFFIC_ANNOTATION_FOR_TESTS));
8685 HttpRequestHeaders headers;
8686 headers.SetHeader(HttpRequestHeaders::kUserAgent, "Lynx (textmode)");
8687 req->SetExtraRequestHeaders(headers);
8688 req->Start();
8689 d.RunUntilComplete();
8690 EXPECT_EQ(std::string("Lynx (textmode)"), d.data_received());
8691 }
8692
8693 // Check that a NULL HttpUserAgentSettings causes the corresponding empty
8694 // User-Agent header to be sent but does not send the Accept-Language and
8695 // Accept-Charset headers.
TEST_F(URLRequestTestHTTP,EmptyHttpUserAgentSettings)8696 TEST_F(URLRequestTestHTTP, EmptyHttpUserAgentSettings) {
8697 ASSERT_TRUE(http_test_server()->Start());
8698
8699 auto context_builder = CreateTestURLRequestContextBuilder();
8700 context_builder->set_http_user_agent_settings(nullptr);
8701 auto context = context_builder->Build();
8702
8703 struct {
8704 const char* request;
8705 const char* expected_response;
8706 } tests[] = {{"/echoheader?Accept-Language", "None"},
8707 {"/echoheader?Accept-Charset", "None"},
8708 {"/echoheader?User-Agent", ""}};
8709
8710 for (const auto& test : tests) {
8711 TestDelegate d;
8712 std::unique_ptr<URLRequest> req(context->CreateRequest(
8713 http_test_server()->GetURL(test.request), DEFAULT_PRIORITY, &d,
8714 TRAFFIC_ANNOTATION_FOR_TESTS));
8715 req->Start();
8716 d.RunUntilComplete();
8717 EXPECT_EQ(test.expected_response, d.data_received())
8718 << " Request = \"" << test.request << "\"";
8719 }
8720 }
8721
8722 // Make sure that URLRequest passes on its priority updates to
8723 // newly-created jobs after the first one.
TEST_F(URLRequestTestHTTP,SetSubsequentJobPriority)8724 TEST_F(URLRequestTestHTTP, SetSubsequentJobPriority) {
8725 GURL initial_url("http://foo.test/");
8726 GURL redirect_url("http://bar.test/");
8727
8728 TestDelegate d;
8729 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
8730 initial_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
8731 EXPECT_EQ(DEFAULT_PRIORITY, req->priority());
8732
8733 std::unique_ptr<URLRequestRedirectJob> redirect_job =
8734 std::make_unique<URLRequestRedirectJob>(
8735 req.get(), redirect_url,
8736 RedirectUtil::ResponseCode::REDIRECT_302_FOUND, "Very Good Reason");
8737 auto interceptor = std::make_unique<TestScopedURLInterceptor>(
8738 initial_url, std::move(redirect_job));
8739
8740 req->SetPriority(LOW);
8741 req->Start();
8742 EXPECT_TRUE(req->is_pending());
8743 d.RunUntilRedirect();
8744 interceptor.reset();
8745
8746 RequestPriority job_priority;
8747 std::unique_ptr<URLRequestJob> job =
8748 std::make_unique<PriorityMonitoringURLRequestJob>(req.get(),
8749 &job_priority);
8750 interceptor =
8751 std::make_unique<TestScopedURLInterceptor>(redirect_url, std::move(job));
8752
8753 // Should trigger |job| to be started.
8754 req->FollowDeferredRedirect(std::nullopt /* removed_headers */,
8755 std::nullopt /* modified_headers */);
8756 d.RunUntilComplete();
8757 EXPECT_EQ(LOW, job_priority);
8758 }
8759
8760 // Check that creating a network request while entering/exiting suspend mode
8761 // fails as it should. This is the only case where an HttpTransactionFactory
8762 // does not return an HttpTransaction.
TEST_F(URLRequestTestHTTP,NetworkSuspendTest)8763 TEST_F(URLRequestTestHTTP, NetworkSuspendTest) {
8764 auto context_builder = CreateTestURLRequestContextBuilder();
8765 context_builder->SetCreateHttpTransactionFactoryCallback(
8766 base::BindOnce([](HttpNetworkSession* session) {
8767 // Create a new HttpNetworkLayer that thinks it's suspended.
8768 auto network_layer = std::make_unique<HttpNetworkLayer>(session);
8769 network_layer->OnSuspend();
8770 std::unique_ptr<HttpTransactionFactory> factory =
8771 std::make_unique<HttpCache>(std::move(network_layer),
8772 HttpCache::DefaultBackend::InMemory(0));
8773 return factory;
8774 }));
8775 auto context = context_builder->Build();
8776
8777 TestDelegate d;
8778 std::unique_ptr<URLRequest> req(
8779 context->CreateRequest(GURL("http://127.0.0.1/"), DEFAULT_PRIORITY, &d,
8780 TRAFFIC_ANNOTATION_FOR_TESTS));
8781 req->Start();
8782 d.RunUntilComplete();
8783
8784 EXPECT_TRUE(d.request_failed());
8785 EXPECT_EQ(ERR_NETWORK_IO_SUSPENDED, d.request_status());
8786 }
8787
8788 namespace {
8789
8790 // HttpTransactionFactory that synchronously fails to create transactions.
8791 class FailingHttpTransactionFactory : public HttpTransactionFactory {
8792 public:
FailingHttpTransactionFactory(HttpNetworkSession * network_session)8793 explicit FailingHttpTransactionFactory(HttpNetworkSession* network_session)
8794 : network_session_(network_session) {}
8795
8796 FailingHttpTransactionFactory(const FailingHttpTransactionFactory&) = delete;
8797 FailingHttpTransactionFactory& operator=(
8798 const FailingHttpTransactionFactory&) = delete;
8799
8800 ~FailingHttpTransactionFactory() override = default;
8801
8802 // HttpTransactionFactory methods:
CreateTransaction(RequestPriority priority,std::unique_ptr<HttpTransaction> * trans)8803 int CreateTransaction(RequestPriority priority,
8804 std::unique_ptr<HttpTransaction>* trans) override {
8805 return ERR_FAILED;
8806 }
8807
GetCache()8808 HttpCache* GetCache() override { return nullptr; }
8809
GetSession()8810 HttpNetworkSession* GetSession() override { return network_session_; }
8811
8812 private:
8813 raw_ptr<HttpNetworkSession> network_session_;
8814 };
8815
8816 } // namespace
8817
8818 // Check that when a request that fails to create an HttpTransaction can be
8819 // cancelled while the failure notification is pending, and doesn't send two
8820 // failure notifications.
8821 //
8822 // This currently only happens when in suspend mode and there's no cache, but
8823 // just use a special HttpTransactionFactory, to avoid depending on those
8824 // behaviors.
TEST_F(URLRequestTestHTTP,NetworkCancelAfterCreateTransactionFailsTest)8825 TEST_F(URLRequestTestHTTP, NetworkCancelAfterCreateTransactionFailsTest) {
8826 auto context_builder = CreateTestURLRequestContextBuilder();
8827 context_builder->SetCreateHttpTransactionFactoryCallback(
8828 base::BindOnce([](HttpNetworkSession* session) {
8829 std::unique_ptr<HttpTransactionFactory> factory =
8830 std::make_unique<FailingHttpTransactionFactory>(session);
8831 return factory;
8832 }));
8833 auto& network_delegate = *context_builder->set_network_delegate(
8834 std::make_unique<TestNetworkDelegate>());
8835 auto context = context_builder->Build();
8836
8837 TestDelegate d;
8838 std::unique_ptr<URLRequest> req(
8839 context->CreateRequest(GURL("http://127.0.0.1/"), DEFAULT_PRIORITY, &d,
8840 TRAFFIC_ANNOTATION_FOR_TESTS));
8841 // Don't send cookies (Collecting cookies is asynchronous, and need request to
8842 // try to create an HttpNetworkTransaction synchronously on start).
8843 req->set_allow_credentials(false);
8844 req->Start();
8845 req->Cancel();
8846 d.RunUntilComplete();
8847 // Run pending error task, if there is one.
8848 base::RunLoop().RunUntilIdle();
8849
8850 EXPECT_TRUE(d.request_failed());
8851 EXPECT_EQ(1, d.response_started_count());
8852 EXPECT_EQ(ERR_ABORTED, d.request_status());
8853
8854 // NetworkDelegate should see the cancellation, but not the error.
8855 EXPECT_EQ(1, network_delegate.canceled_requests());
8856 EXPECT_EQ(0, network_delegate.error_count());
8857 }
8858
TEST_F(URLRequestTestHTTP,NetworkAccessedSetOnNetworkRequest)8859 TEST_F(URLRequestTestHTTP, NetworkAccessedSetOnNetworkRequest) {
8860 ASSERT_TRUE(http_test_server()->Start());
8861
8862 TestDelegate d;
8863 GURL test_url(http_test_server()->GetURL("/"));
8864 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
8865 test_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
8866
8867 req->Start();
8868 d.RunUntilComplete();
8869
8870 EXPECT_TRUE(req->response_info().network_accessed);
8871 }
8872
TEST_F(URLRequestTestHTTP,NetworkAccessedClearOnCachedResponse)8873 TEST_F(URLRequestTestHTTP, NetworkAccessedClearOnCachedResponse) {
8874 ASSERT_TRUE(http_test_server()->Start());
8875
8876 // Populate the cache.
8877 TestDelegate d;
8878 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
8879 http_test_server()->GetURL("/cachetime"), DEFAULT_PRIORITY, &d,
8880 TRAFFIC_ANNOTATION_FOR_TESTS));
8881 req->set_isolation_info(isolation_info1_);
8882 req->Start();
8883 d.RunUntilComplete();
8884
8885 EXPECT_EQ(OK, d.request_status());
8886 EXPECT_TRUE(req->response_info().network_accessed);
8887 EXPECT_FALSE(req->response_info().was_cached);
8888
8889 req = default_context().CreateRequest(
8890 http_test_server()->GetURL("/cachetime"), DEFAULT_PRIORITY, &d,
8891 TRAFFIC_ANNOTATION_FOR_TESTS);
8892 req->set_isolation_info(isolation_info1_);
8893 req->Start();
8894 d.RunUntilComplete();
8895
8896 EXPECT_EQ(OK, d.request_status());
8897 EXPECT_FALSE(req->response_info().network_accessed);
8898 EXPECT_TRUE(req->response_info().was_cached);
8899 }
8900
TEST_F(URLRequestTestHTTP,NetworkAccessedClearOnLoadOnlyFromCache)8901 TEST_F(URLRequestTestHTTP, NetworkAccessedClearOnLoadOnlyFromCache) {
8902 ASSERT_TRUE(http_test_server()->Start());
8903
8904 TestDelegate d;
8905 GURL test_url(http_test_server()->GetURL("/"));
8906 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
8907 test_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
8908 req->SetLoadFlags(LOAD_ONLY_FROM_CACHE | LOAD_SKIP_CACHE_VALIDATION);
8909
8910 req->Start();
8911 d.RunUntilComplete();
8912
8913 EXPECT_FALSE(req->response_info().network_accessed);
8914 }
8915
8916 // Test that a single job with a THROTTLED priority completes
8917 // correctly in the absence of contention.
TEST_F(URLRequestTestHTTP,ThrottledPriority)8918 TEST_F(URLRequestTestHTTP, ThrottledPriority) {
8919 ASSERT_TRUE(http_test_server()->Start());
8920
8921 TestDelegate d;
8922 GURL test_url(http_test_server()->GetURL("/"));
8923 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
8924 test_url, THROTTLED, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
8925 req->Start();
8926 d.RunUntilComplete();
8927
8928 EXPECT_EQ(OK, d.request_status());
8929 }
8930
TEST_F(URLRequestTestHTTP,RawBodyBytesNoContentEncoding)8931 TEST_F(URLRequestTestHTTP, RawBodyBytesNoContentEncoding) {
8932 ASSERT_TRUE(http_test_server()->Start());
8933
8934 TestDelegate d;
8935 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
8936 http_test_server()->GetURL("/simple.html"), DEFAULT_PRIORITY, &d,
8937 TRAFFIC_ANNOTATION_FOR_TESTS));
8938 req->Start();
8939 d.RunUntilComplete();
8940
8941 EXPECT_EQ(5, req->GetRawBodyBytes());
8942 }
8943
TEST_F(URLRequestTestHTTP,RawBodyBytesGzipEncoding)8944 TEST_F(URLRequestTestHTTP, RawBodyBytesGzipEncoding) {
8945 ASSERT_TRUE(http_test_server()->Start());
8946
8947 TestDelegate d;
8948 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
8949 http_test_server()->GetURL("/gzip-encoded"), DEFAULT_PRIORITY, &d,
8950 TRAFFIC_ANNOTATION_FOR_TESTS));
8951 req->Start();
8952 d.RunUntilComplete();
8953
8954 EXPECT_EQ(30, req->GetRawBodyBytes());
8955 }
8956
8957 // Check that if NetworkDelegate::OnBeforeStartTransaction returns an error,
8958 // the delegate isn't called back synchronously.
TEST_F(URLRequestTestHTTP,TesBeforeStartTransactionFails)8959 TEST_F(URLRequestTestHTTP, TesBeforeStartTransactionFails) {
8960 ASSERT_TRUE(http_test_server()->Start());
8961 default_network_delegate().set_before_start_transaction_fails();
8962
8963 TestDelegate d;
8964 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
8965 http_test_server()->GetURL("/"), DEFAULT_PRIORITY, &d,
8966 TRAFFIC_ANNOTATION_FOR_TESTS));
8967 req->Start();
8968 DCHECK(!d.response_completed());
8969 d.RunUntilComplete();
8970 DCHECK(d.response_completed());
8971 EXPECT_EQ(ERR_FAILED, d.request_status());
8972 }
8973
8974 class URLRequestTestReferrerPolicy : public URLRequestTest {
8975 public:
8976 URLRequestTestReferrerPolicy() = default;
8977
InstantiateSameOriginServers(net::EmbeddedTestServer::Type type)8978 void InstantiateSameOriginServers(net::EmbeddedTestServer::Type type) {
8979 origin_server_ = std::make_unique<EmbeddedTestServer>(type);
8980 RegisterDefaultHandlers(origin_server_.get());
8981 ASSERT_TRUE(origin_server_->Start());
8982 }
8983
InstantiateCrossOriginServers(net::EmbeddedTestServer::Type origin_type,net::EmbeddedTestServer::Type dest_type)8984 void InstantiateCrossOriginServers(net::EmbeddedTestServer::Type origin_type,
8985 net::EmbeddedTestServer::Type dest_type) {
8986 origin_server_ = std::make_unique<EmbeddedTestServer>(origin_type);
8987 RegisterDefaultHandlers(origin_server_.get());
8988 ASSERT_TRUE(origin_server_->Start());
8989
8990 destination_server_ = std::make_unique<EmbeddedTestServer>(dest_type);
8991 RegisterDefaultHandlers(destination_server_.get());
8992 ASSERT_TRUE(destination_server_->Start());
8993 }
8994
VerifyReferrerAfterRedirect(ReferrerPolicy policy,const GURL & referrer,const GURL & expected)8995 void VerifyReferrerAfterRedirect(ReferrerPolicy policy,
8996 const GURL& referrer,
8997 const GURL& expected) {
8998 // Create and execute the request: we'll only have a |destination_server_|
8999 // if the origins are meant to be distinct. Otherwise, we'll use the
9000 // |origin_server_| for both endpoints.
9001 GURL destination_url =
9002 destination_server_ ? destination_server_->GetURL("/echoheader?Referer")
9003 : origin_server_->GetURL("/echoheader?Referer");
9004 GURL origin_url =
9005 origin_server_->GetURL("/server-redirect?" + destination_url.spec());
9006
9007 TestDelegate d;
9008 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
9009 origin_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
9010 req->set_referrer_policy(policy);
9011 req->SetReferrer(referrer.spec());
9012 req->Start();
9013 d.RunUntilComplete();
9014
9015 EXPECT_EQ(1, d.response_started_count());
9016 EXPECT_EQ(1, d.received_redirect_count());
9017 EXPECT_EQ(destination_url, req->url());
9018 EXPECT_EQ(OK, d.request_status());
9019 EXPECT_EQ(200, req->response_headers()->response_code());
9020
9021 EXPECT_EQ(expected.spec(), req->referrer());
9022 if (expected.is_empty())
9023 EXPECT_EQ("None", d.data_received());
9024 else
9025 EXPECT_EQ(expected.spec(), d.data_received());
9026 }
9027
origin_server() const9028 EmbeddedTestServer* origin_server() const { return origin_server_.get(); }
9029
9030 private:
9031 std::unique_ptr<EmbeddedTestServer> origin_server_;
9032 std::unique_ptr<EmbeddedTestServer> destination_server_;
9033 };
9034
TEST_F(URLRequestTestReferrerPolicy,HTTPToSameOriginHTTP)9035 TEST_F(URLRequestTestReferrerPolicy, HTTPToSameOriginHTTP) {
9036 InstantiateSameOriginServers(net::EmbeddedTestServer::TYPE_HTTP);
9037
9038 GURL referrer = origin_server()->GetURL("/path/to/file.html");
9039 VerifyReferrerAfterRedirect(
9040 ReferrerPolicy::CLEAR_ON_TRANSITION_FROM_SECURE_TO_INSECURE, referrer,
9041 referrer);
9042
9043 VerifyReferrerAfterRedirect(
9044 ReferrerPolicy::REDUCE_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN, referrer,
9045 referrer);
9046
9047 VerifyReferrerAfterRedirect(
9048 ReferrerPolicy::ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN, referrer,
9049 referrer);
9050
9051 VerifyReferrerAfterRedirect(ReferrerPolicy::NEVER_CLEAR, referrer, referrer);
9052
9053 // The original referrer set on the request is expected to obey the referrer
9054 // policy and already be stripped to the origin; thus this test case just
9055 // checks that this policy doesn't cause the referrer to change when following
9056 // a redirect.
9057 VerifyReferrerAfterRedirect(ReferrerPolicy::ORIGIN,
9058 referrer.DeprecatedGetOriginAsURL(),
9059 referrer.DeprecatedGetOriginAsURL());
9060
9061 VerifyReferrerAfterRedirect(ReferrerPolicy::CLEAR_ON_TRANSITION_CROSS_ORIGIN,
9062 referrer, referrer);
9063
9064 // The original referrer set on the request is expected to obey the referrer
9065 // policy and already be stripped to the origin; thus this test case just
9066 // checks that this policy doesn't cause the referrer to change when following
9067 // a redirect.
9068 VerifyReferrerAfterRedirect(
9069 ReferrerPolicy::ORIGIN_CLEAR_ON_TRANSITION_FROM_SECURE_TO_INSECURE,
9070 referrer.DeprecatedGetOriginAsURL(), referrer.DeprecatedGetOriginAsURL());
9071
9072 VerifyReferrerAfterRedirect(ReferrerPolicy::NO_REFERRER, GURL(), GURL());
9073 }
9074
TEST_F(URLRequestTestReferrerPolicy,HTTPToCrossOriginHTTP)9075 TEST_F(URLRequestTestReferrerPolicy, HTTPToCrossOriginHTTP) {
9076 InstantiateCrossOriginServers(net::EmbeddedTestServer::TYPE_HTTP,
9077 net::EmbeddedTestServer::TYPE_HTTP);
9078 GURL referrer = origin_server()->GetURL("/path/to/file.html");
9079
9080 VerifyReferrerAfterRedirect(
9081 ReferrerPolicy::CLEAR_ON_TRANSITION_FROM_SECURE_TO_INSECURE, referrer,
9082 referrer);
9083
9084 VerifyReferrerAfterRedirect(
9085 ReferrerPolicy::REDUCE_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN, referrer,
9086 referrer.DeprecatedGetOriginAsURL());
9087
9088 VerifyReferrerAfterRedirect(
9089 ReferrerPolicy::ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN, referrer,
9090 referrer.DeprecatedGetOriginAsURL());
9091
9092 VerifyReferrerAfterRedirect(ReferrerPolicy::NEVER_CLEAR, referrer, referrer);
9093
9094 // The original referrer set on the request is expected to obey the referrer
9095 // policy and already be stripped to the origin; thus this test case just
9096 // checks that this policy doesn't cause the referrer to change when following
9097 // a redirect.
9098 VerifyReferrerAfterRedirect(ReferrerPolicy::ORIGIN,
9099 referrer.DeprecatedGetOriginAsURL(),
9100 referrer.DeprecatedGetOriginAsURL());
9101
9102 VerifyReferrerAfterRedirect(ReferrerPolicy::CLEAR_ON_TRANSITION_CROSS_ORIGIN,
9103 referrer, GURL());
9104
9105 // The original referrer set on the request is expected to obey the referrer
9106 // policy and already be stripped to the origin; thus this test case just
9107 // checks that this policy doesn't cause the referrer to change when following
9108 // a redirect.
9109 VerifyReferrerAfterRedirect(
9110 ReferrerPolicy::ORIGIN_CLEAR_ON_TRANSITION_FROM_SECURE_TO_INSECURE,
9111 referrer.DeprecatedGetOriginAsURL(), referrer.DeprecatedGetOriginAsURL());
9112
9113 VerifyReferrerAfterRedirect(ReferrerPolicy::NO_REFERRER, GURL(), GURL());
9114 }
9115
TEST_F(URLRequestTestReferrerPolicy,HTTPSToSameOriginHTTPS)9116 TEST_F(URLRequestTestReferrerPolicy, HTTPSToSameOriginHTTPS) {
9117 InstantiateSameOriginServers(net::EmbeddedTestServer::TYPE_HTTPS);
9118 GURL referrer = origin_server()->GetURL("/path/to/file.html");
9119
9120 VerifyReferrerAfterRedirect(
9121 ReferrerPolicy::CLEAR_ON_TRANSITION_FROM_SECURE_TO_INSECURE, referrer,
9122 referrer);
9123
9124 VerifyReferrerAfterRedirect(
9125 ReferrerPolicy::REDUCE_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN, referrer,
9126 referrer);
9127
9128 VerifyReferrerAfterRedirect(
9129 ReferrerPolicy::ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN, referrer,
9130 referrer);
9131
9132 VerifyReferrerAfterRedirect(ReferrerPolicy::NEVER_CLEAR, referrer, referrer);
9133
9134 // The original referrer set on the request is expected to obey the referrer
9135 // policy and already be stripped to the origin; thus this test case just
9136 // checks that this policy doesn't cause the referrer to change when following
9137 // a redirect.
9138 VerifyReferrerAfterRedirect(ReferrerPolicy::ORIGIN,
9139 referrer.DeprecatedGetOriginAsURL(),
9140 referrer.DeprecatedGetOriginAsURL());
9141
9142 VerifyReferrerAfterRedirect(ReferrerPolicy::CLEAR_ON_TRANSITION_CROSS_ORIGIN,
9143 referrer, referrer);
9144
9145 // The original referrer set on the request is expected to obey the referrer
9146 // policy and already be stripped to the origin; thus this test case just
9147 // checks that this policy doesn't cause the referrer to change when following
9148 // a redirect.
9149 VerifyReferrerAfterRedirect(
9150 ReferrerPolicy::ORIGIN_CLEAR_ON_TRANSITION_FROM_SECURE_TO_INSECURE,
9151 referrer.DeprecatedGetOriginAsURL(), referrer.DeprecatedGetOriginAsURL());
9152
9153 VerifyReferrerAfterRedirect(ReferrerPolicy::NO_REFERRER, GURL(), GURL());
9154 }
9155
TEST_F(URLRequestTestReferrerPolicy,HTTPSToCrossOriginHTTPS)9156 TEST_F(URLRequestTestReferrerPolicy, HTTPSToCrossOriginHTTPS) {
9157 InstantiateCrossOriginServers(net::EmbeddedTestServer::TYPE_HTTPS,
9158 net::EmbeddedTestServer::TYPE_HTTPS);
9159 GURL referrer = origin_server()->GetURL("/path/to/file.html");
9160
9161 VerifyReferrerAfterRedirect(
9162 ReferrerPolicy::CLEAR_ON_TRANSITION_FROM_SECURE_TO_INSECURE, referrer,
9163 referrer);
9164
9165 VerifyReferrerAfterRedirect(
9166 ReferrerPolicy::REDUCE_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN, referrer,
9167 origin_server()->GetURL("/"));
9168
9169 VerifyReferrerAfterRedirect(
9170 ReferrerPolicy::ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN, referrer,
9171 origin_server()->GetURL("/"));
9172
9173 VerifyReferrerAfterRedirect(ReferrerPolicy::NEVER_CLEAR, referrer, referrer);
9174
9175 // The original referrer set on the request is expected to obey the referrer
9176 // policy and already be stripped to the origin; thus this test case just
9177 // checks that this policy doesn't cause the referrer to change when following
9178 // a redirect.
9179 VerifyReferrerAfterRedirect(ReferrerPolicy::ORIGIN,
9180 referrer.DeprecatedGetOriginAsURL(),
9181 referrer.DeprecatedGetOriginAsURL());
9182
9183 VerifyReferrerAfterRedirect(ReferrerPolicy::CLEAR_ON_TRANSITION_CROSS_ORIGIN,
9184 referrer, GURL());
9185
9186 // The original referrer set on the request is expected to obey the referrer
9187 // policy and already be stripped to the origin; thus this test case just
9188 // checks that this policy doesn't cause the referrer to change when following
9189 // a redirect.
9190 VerifyReferrerAfterRedirect(
9191 ReferrerPolicy::ORIGIN_CLEAR_ON_TRANSITION_FROM_SECURE_TO_INSECURE,
9192 referrer.DeprecatedGetOriginAsURL(), referrer.DeprecatedGetOriginAsURL());
9193
9194 VerifyReferrerAfterRedirect(ReferrerPolicy::NO_REFERRER, GURL(), GURL());
9195 }
9196
TEST_F(URLRequestTestReferrerPolicy,HTTPToHTTPS)9197 TEST_F(URLRequestTestReferrerPolicy, HTTPToHTTPS) {
9198 InstantiateCrossOriginServers(net::EmbeddedTestServer::TYPE_HTTP,
9199 net::EmbeddedTestServer::TYPE_HTTPS);
9200 GURL referrer = origin_server()->GetURL("/path/to/file.html");
9201
9202 VerifyReferrerAfterRedirect(
9203 ReferrerPolicy::CLEAR_ON_TRANSITION_FROM_SECURE_TO_INSECURE, referrer,
9204 referrer);
9205
9206 VerifyReferrerAfterRedirect(
9207 ReferrerPolicy::REDUCE_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN, referrer,
9208 origin_server()->GetURL("/"));
9209
9210 VerifyReferrerAfterRedirect(
9211 ReferrerPolicy::ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN, referrer,
9212 origin_server()->GetURL("/"));
9213
9214 VerifyReferrerAfterRedirect(ReferrerPolicy::NEVER_CLEAR, referrer, referrer);
9215
9216 // The original referrer set on the request is expected to obey the referrer
9217 // policy and already be stripped to the origin; thus this test case just
9218 // checks that this policy doesn't cause the referrer to change when following
9219 // a redirect.
9220 VerifyReferrerAfterRedirect(ReferrerPolicy::ORIGIN,
9221 referrer.DeprecatedGetOriginAsURL(),
9222 referrer.DeprecatedGetOriginAsURL());
9223
9224 VerifyReferrerAfterRedirect(ReferrerPolicy::CLEAR_ON_TRANSITION_CROSS_ORIGIN,
9225 referrer, GURL());
9226
9227 // The original referrer set on the request is expected to obey the referrer
9228 // policy and already be stripped to the origin; thus this test case just
9229 // checks that this policy doesn't cause the referrer to change when following
9230 // a redirect.
9231 VerifyReferrerAfterRedirect(
9232 ReferrerPolicy::ORIGIN_CLEAR_ON_TRANSITION_FROM_SECURE_TO_INSECURE,
9233 referrer.DeprecatedGetOriginAsURL(), referrer.DeprecatedGetOriginAsURL());
9234
9235 VerifyReferrerAfterRedirect(ReferrerPolicy::NO_REFERRER, GURL(), GURL());
9236 }
9237
TEST_F(URLRequestTestReferrerPolicy,HTTPSToHTTP)9238 TEST_F(URLRequestTestReferrerPolicy, HTTPSToHTTP) {
9239 InstantiateCrossOriginServers(net::EmbeddedTestServer::TYPE_HTTPS,
9240 net::EmbeddedTestServer::TYPE_HTTP);
9241 GURL referrer = origin_server()->GetURL("/path/to/file.html");
9242
9243 VerifyReferrerAfterRedirect(
9244 ReferrerPolicy::CLEAR_ON_TRANSITION_FROM_SECURE_TO_INSECURE, referrer,
9245 GURL());
9246
9247 VerifyReferrerAfterRedirect(
9248 ReferrerPolicy::REDUCE_GRANULARITY_ON_TRANSITION_CROSS_ORIGIN, referrer,
9249 GURL());
9250
9251 VerifyReferrerAfterRedirect(
9252 ReferrerPolicy::ORIGIN_ONLY_ON_TRANSITION_CROSS_ORIGIN, referrer,
9253 origin_server()->GetURL("/"));
9254
9255 VerifyReferrerAfterRedirect(ReferrerPolicy::NEVER_CLEAR, referrer, referrer);
9256
9257 // The original referrer set on the request is expected to obey the referrer
9258 // policy and already be stripped to the origin; thus this test case just
9259 // checks that this policy doesn't cause the referrer to change when following
9260 // a redirect.
9261 VerifyReferrerAfterRedirect(ReferrerPolicy::ORIGIN,
9262 referrer.DeprecatedGetOriginAsURL(),
9263 referrer.DeprecatedGetOriginAsURL());
9264
9265 VerifyReferrerAfterRedirect(ReferrerPolicy::CLEAR_ON_TRANSITION_CROSS_ORIGIN,
9266 referrer, GURL());
9267
9268 // The original referrer set on the request is expected to obey the referrer
9269 // policy and already be stripped to the origin, though it should be
9270 // subsequently cleared during the downgrading redirect.
9271 VerifyReferrerAfterRedirect(
9272 ReferrerPolicy::ORIGIN_CLEAR_ON_TRANSITION_FROM_SECURE_TO_INSECURE,
9273 referrer.DeprecatedGetOriginAsURL(), GURL());
9274
9275 VerifyReferrerAfterRedirect(ReferrerPolicy::NO_REFERRER, GURL(), GURL());
9276 }
9277
9278 class HTTPSRequestTest : public TestWithTaskEnvironment {
9279 public:
HTTPSRequestTest()9280 HTTPSRequestTest() {
9281 auto context_builder = CreateTestURLRequestContextBuilder();
9282 default_context_ = context_builder->Build();
9283 }
~HTTPSRequestTest()9284 ~HTTPSRequestTest() override {
9285 SetTransportSecurityStateSourceForTesting(nullptr);
9286 }
9287
default_context()9288 URLRequestContext& default_context() { return *default_context_; }
9289
9290 private:
9291 std::unique_ptr<URLRequestContext> default_context_;
9292 };
9293
TEST_F(HTTPSRequestTest,HTTPSGetTest)9294 TEST_F(HTTPSRequestTest, HTTPSGetTest) {
9295 EmbeddedTestServer test_server(net::EmbeddedTestServer::TYPE_HTTPS);
9296 RegisterDefaultHandlers(&test_server);
9297 ASSERT_TRUE(test_server.Start());
9298
9299 TestDelegate d;
9300 {
9301 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
9302 test_server.GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d,
9303 TRAFFIC_ANNOTATION_FOR_TESTS));
9304 r->Start();
9305 EXPECT_TRUE(r->is_pending());
9306
9307 d.RunUntilComplete();
9308
9309 EXPECT_EQ(1, d.response_started_count());
9310 EXPECT_FALSE(d.received_data_before_response());
9311 EXPECT_NE(0, d.bytes_received());
9312 CheckSSLInfo(r->ssl_info());
9313 EXPECT_EQ(test_server.host_port_pair().host(),
9314 r->GetResponseRemoteEndpoint().ToStringWithoutPort());
9315 EXPECT_EQ(test_server.host_port_pair().port(),
9316 r->GetResponseRemoteEndpoint().port());
9317 }
9318 }
9319
TEST_F(HTTPSRequestTest,HTTPSMismatchedTest)9320 TEST_F(HTTPSRequestTest, HTTPSMismatchedTest) {
9321 EmbeddedTestServer test_server(net::EmbeddedTestServer::TYPE_HTTPS);
9322 test_server.SetSSLConfig(net::EmbeddedTestServer::CERT_MISMATCHED_NAME);
9323 RegisterDefaultHandlers(&test_server);
9324 ASSERT_TRUE(test_server.Start());
9325
9326 bool err_allowed = true;
9327 for (int i = 0; i < 2; i++, err_allowed = !err_allowed) {
9328 TestDelegate d;
9329 {
9330 d.set_allow_certificate_errors(err_allowed);
9331 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
9332 test_server.GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d,
9333 TRAFFIC_ANNOTATION_FOR_TESTS));
9334
9335 r->Start();
9336 EXPECT_TRUE(r->is_pending());
9337
9338 d.RunUntilComplete();
9339
9340 EXPECT_EQ(1, d.response_started_count());
9341 EXPECT_FALSE(d.received_data_before_response());
9342 EXPECT_TRUE(d.have_certificate_errors());
9343 if (err_allowed) {
9344 EXPECT_NE(0, d.bytes_received());
9345 CheckSSLInfo(r->ssl_info());
9346 } else {
9347 EXPECT_EQ(0, d.bytes_received());
9348 }
9349 }
9350 }
9351 }
9352
TEST_F(HTTPSRequestTest,HTTPSExpiredTest)9353 TEST_F(HTTPSRequestTest, HTTPSExpiredTest) {
9354 EmbeddedTestServer test_server(net::EmbeddedTestServer::TYPE_HTTPS);
9355 test_server.SetSSLConfig(net::EmbeddedTestServer::CERT_EXPIRED);
9356 RegisterDefaultHandlers(&test_server);
9357 ASSERT_TRUE(test_server.Start());
9358
9359 // Iterate from false to true, just so that we do the opposite of the
9360 // previous test in order to increase test coverage.
9361 bool err_allowed = false;
9362 for (int i = 0; i < 2; i++, err_allowed = !err_allowed) {
9363 TestDelegate d;
9364 {
9365 d.set_allow_certificate_errors(err_allowed);
9366 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
9367 test_server.GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d,
9368 TRAFFIC_ANNOTATION_FOR_TESTS));
9369
9370 r->Start();
9371 EXPECT_TRUE(r->is_pending());
9372
9373 d.RunUntilComplete();
9374
9375 EXPECT_EQ(1, d.response_started_count());
9376 EXPECT_FALSE(d.received_data_before_response());
9377 EXPECT_TRUE(d.have_certificate_errors());
9378 if (err_allowed) {
9379 EXPECT_NE(0, d.bytes_received());
9380 CheckSSLInfo(r->ssl_info());
9381 } else {
9382 EXPECT_EQ(0, d.bytes_received());
9383 }
9384 }
9385 }
9386 }
9387
9388 // A TestDelegate used to test that an appropriate net error code is provided
9389 // when an SSL certificate error occurs.
9390 class SSLNetErrorTestDelegate : public TestDelegate {
9391 public:
OnSSLCertificateError(URLRequest * request,int net_error,const SSLInfo & ssl_info,bool fatal)9392 void OnSSLCertificateError(URLRequest* request,
9393 int net_error,
9394 const SSLInfo& ssl_info,
9395 bool fatal) override {
9396 net_error_ = net_error;
9397 on_ssl_certificate_error_called_ = true;
9398 TestDelegate::OnSSLCertificateError(request, net_error, ssl_info, fatal);
9399 }
9400
on_ssl_certificate_error_called()9401 bool on_ssl_certificate_error_called() {
9402 return on_ssl_certificate_error_called_;
9403 }
9404
net_error()9405 int net_error() { return net_error_; }
9406
9407 private:
9408 bool on_ssl_certificate_error_called_ = false;
9409 int net_error_ = net::OK;
9410 };
9411
9412 // Tests that the URLRequest::Delegate receives an appropriate net error code
9413 // when an SSL certificate error occurs.
TEST_F(HTTPSRequestTest,SSLNetErrorReportedToDelegate)9414 TEST_F(HTTPSRequestTest, SSLNetErrorReportedToDelegate) {
9415 EmbeddedTestServer test_server(net::EmbeddedTestServer::TYPE_HTTPS);
9416 test_server.SetSSLConfig(net::EmbeddedTestServer::CERT_EXPIRED);
9417 RegisterDefaultHandlers(&test_server);
9418 ASSERT_TRUE(test_server.Start());
9419
9420 SSLNetErrorTestDelegate d;
9421 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
9422 test_server.GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d,
9423 TRAFFIC_ANNOTATION_FOR_TESTS));
9424 r->Start();
9425 EXPECT_TRUE(r->is_pending());
9426 d.RunUntilComplete();
9427
9428 EXPECT_TRUE(d.on_ssl_certificate_error_called());
9429 EXPECT_EQ(net::ERR_CERT_DATE_INVALID, d.net_error());
9430 }
9431
9432 // TODO(svaldez): iOS tests are flaky with EmbeddedTestServer and transport
9433 // security state. (see http://crbug.com/550977).
9434 #if !BUILDFLAG(IS_IOS)
9435 // This tests that a load of a domain with preloaded HSTS and HPKP with a
9436 // certificate error sets the |certificate_errors_are_fatal| flag correctly.
9437 // This flag will cause the interstitial to be fatal.
TEST_F(HTTPSRequestTest,HTTPSPreloadedHSTSTest)9438 TEST_F(HTTPSRequestTest, HTTPSPreloadedHSTSTest) {
9439 SetTransportSecurityStateSourceForTesting(&test_default::kHSTSSource);
9440
9441 EmbeddedTestServer test_server(net::EmbeddedTestServer::TYPE_HTTPS);
9442 test_server.SetSSLConfig(net::EmbeddedTestServer::CERT_MISMATCHED_NAME);
9443 test_server.ServeFilesFromSourceDirectory("net/data/ssl");
9444 ASSERT_TRUE(test_server.Start());
9445
9446 // We require that the URL be hsts-hpkp-preloaded.test. This is a test domain
9447 // that has a preloaded HSTS+HPKP entry in the TransportSecurityState. This
9448 // means that we have to use a MockHostResolver in order to direct
9449 // hsts-hpkp-preloaded.test to the testserver.
9450
9451 auto host_resolver = std::make_unique<MockHostResolver>();
9452 host_resolver->rules()->AddRule("hsts-hpkp-preloaded.test",
9453 test_server.GetIPLiteralString());
9454 auto context_builder = CreateTestURLRequestContextBuilder();
9455 context_builder->set_host_resolver(std::move(host_resolver));
9456 auto context = context_builder->Build();
9457
9458 TestDelegate d;
9459 std::unique_ptr<URLRequest> r(context->CreateRequest(
9460 GURL(base::StringPrintf("https://hsts-hpkp-preloaded.test:%d",
9461 test_server.host_port_pair().port())),
9462 DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
9463
9464 r->Start();
9465 EXPECT_TRUE(r->is_pending());
9466
9467 d.RunUntilComplete();
9468
9469 EXPECT_EQ(1, d.response_started_count());
9470 EXPECT_FALSE(d.received_data_before_response());
9471 EXPECT_TRUE(d.have_certificate_errors());
9472 EXPECT_TRUE(d.certificate_errors_are_fatal());
9473 }
9474
9475 // This tests that cached HTTPS page loads do not cause any updates to the
9476 // TransportSecurityState.
TEST_F(HTTPSRequestTest,HTTPSErrorsNoClobberTSSTest)9477 TEST_F(HTTPSRequestTest, HTTPSErrorsNoClobberTSSTest) {
9478 base::test::ScopedFeatureList scoped_feature_list_;
9479 scoped_feature_list_.InitAndEnableFeature(
9480 net::features::kStaticKeyPinningEnforcement);
9481 SetTransportSecurityStateSourceForTesting(&test_default::kHSTSSource);
9482
9483 // The actual problem -- CERT_MISMATCHED_NAME in this case -- doesn't
9484 // matter. It just has to be any error.
9485 EmbeddedTestServer test_server(net::EmbeddedTestServer::TYPE_HTTPS);
9486 test_server.SetSSLConfig(net::EmbeddedTestServer::CERT_MISMATCHED_NAME);
9487 test_server.ServeFilesFromSourceDirectory("net/data/ssl");
9488 ASSERT_TRUE(test_server.Start());
9489
9490 // We require that the URL be hsts-hpkp-preloaded.test. This is a test domain
9491 // that has a preloaded HSTS+HPKP entry in the TransportSecurityState. This
9492 // means that we have to use a MockHostResolver in order to direct
9493 // hsts-hpkp-preloaded.test to the testserver.
9494
9495 auto host_resolver = std::make_unique<MockHostResolver>();
9496 host_resolver->rules()->AddRule("hsts-hpkp-preloaded.test",
9497 test_server.GetIPLiteralString());
9498 auto context_builder = CreateTestURLRequestContextBuilder();
9499 context_builder->set_host_resolver(std::move(host_resolver));
9500 auto context = context_builder->Build();
9501 ASSERT_TRUE(context->transport_security_state());
9502 TransportSecurityState& transport_security_state =
9503 *context->transport_security_state();
9504
9505 transport_security_state.EnableStaticPinsForTesting();
9506 transport_security_state.SetPinningListAlwaysTimelyForTesting(true);
9507
9508 TransportSecurityState::STSState static_sts_state;
9509 TransportSecurityState::PKPState static_pkp_state;
9510 EXPECT_TRUE(transport_security_state.GetStaticSTSState(
9511 "hsts-hpkp-preloaded.test", &static_sts_state));
9512 EXPECT_TRUE(transport_security_state.GetStaticPKPState(
9513 "hsts-hpkp-preloaded.test", &static_pkp_state));
9514
9515 TransportSecurityState::STSState dynamic_sts_state;
9516 TransportSecurityState::PKPState dynamic_pkp_state;
9517 EXPECT_FALSE(transport_security_state.GetDynamicSTSState(
9518 "hsts-hpkp-preloaded.test", &dynamic_sts_state));
9519 EXPECT_FALSE(transport_security_state.GetDynamicPKPState(
9520 "hsts-hpkp-preloaded.test", &dynamic_pkp_state));
9521
9522 TestDelegate d;
9523 std::unique_ptr<URLRequest> r(context->CreateRequest(
9524 GURL(base::StringPrintf("https://hsts-hpkp-preloaded.test:%d",
9525 test_server.host_port_pair().port())),
9526 DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
9527
9528 r->Start();
9529 EXPECT_TRUE(r->is_pending());
9530
9531 d.RunUntilComplete();
9532
9533 EXPECT_EQ(1, d.response_started_count());
9534 EXPECT_FALSE(d.received_data_before_response());
9535 EXPECT_TRUE(d.have_certificate_errors());
9536 EXPECT_TRUE(d.certificate_errors_are_fatal());
9537
9538 // Get a fresh copy of the states, and check that they haven't changed.
9539 TransportSecurityState::STSState new_static_sts_state;
9540 TransportSecurityState::PKPState new_static_pkp_state;
9541 EXPECT_TRUE(transport_security_state.GetStaticSTSState(
9542 "hsts-hpkp-preloaded.test", &new_static_sts_state));
9543 EXPECT_TRUE(transport_security_state.GetStaticPKPState(
9544 "hsts-hpkp-preloaded.test", &new_static_pkp_state));
9545 TransportSecurityState::STSState new_dynamic_sts_state;
9546 TransportSecurityState::PKPState new_dynamic_pkp_state;
9547 EXPECT_FALSE(transport_security_state.GetDynamicSTSState(
9548 "hsts-hpkp-preloaded.test", &new_dynamic_sts_state));
9549 EXPECT_FALSE(transport_security_state.GetDynamicPKPState(
9550 "hsts-hpkp-preloaded.test", &new_dynamic_pkp_state));
9551
9552 EXPECT_EQ(new_static_sts_state.upgrade_mode, static_sts_state.upgrade_mode);
9553 EXPECT_EQ(new_static_sts_state.include_subdomains,
9554 static_sts_state.include_subdomains);
9555 EXPECT_EQ(new_static_pkp_state.include_subdomains,
9556 static_pkp_state.include_subdomains);
9557 EXPECT_EQ(new_static_pkp_state.spki_hashes, static_pkp_state.spki_hashes);
9558 EXPECT_EQ(new_static_pkp_state.bad_spki_hashes,
9559 static_pkp_state.bad_spki_hashes);
9560 }
9561
9562 // Make sure HSTS preserves a POST request's method and body.
TEST_F(HTTPSRequestTest,HSTSPreservesPosts)9563 TEST_F(HTTPSRequestTest, HSTSPreservesPosts) {
9564 static const char kData[] = "hello world";
9565
9566 EmbeddedTestServer test_server(net::EmbeddedTestServer::TYPE_HTTPS);
9567 RegisterDefaultHandlers(&test_server);
9568 ASSERT_TRUE(test_server.Start());
9569
9570 // Per spec, TransportSecurityState expects a domain name, rather than an IP
9571 // address, so a MockHostResolver is needed to redirect www.somewhere.com to
9572 // the EmbeddedTestServer.
9573 auto host_resolver = std::make_unique<MockHostResolver>();
9574 host_resolver->rules()->AddRule("www.somewhere.com",
9575 test_server.GetIPLiteralString());
9576
9577 auto context_builder = CreateTestURLRequestContextBuilder();
9578 context_builder->set_host_resolver(std::move(host_resolver));
9579 auto& network_delegate = *context_builder->set_network_delegate(
9580 std::make_unique<TestNetworkDelegate>());
9581 auto context = context_builder->Build();
9582 ASSERT_TRUE(context->transport_security_state());
9583 TransportSecurityState& transport_security_state =
9584 *context->transport_security_state();
9585 // Force https for www.somewhere.com.
9586 base::Time expiry = base::Time::Now() + base::Days(1000);
9587 bool include_subdomains = false;
9588 transport_security_state.AddHSTS("www.somewhere.com", expiry,
9589 include_subdomains);
9590
9591 TestDelegate d;
9592 // Navigating to https://www.somewhere.com instead of https://127.0.0.1 will
9593 // cause a certificate error. Ignore the error.
9594 d.set_allow_certificate_errors(true);
9595
9596 std::unique_ptr<URLRequest> req(context->CreateRequest(
9597 GURL(base::StringPrintf("http://www.somewhere.com:%d/echo",
9598 test_server.host_port_pair().port())),
9599 DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
9600 req->set_method("POST");
9601 req->set_upload(CreateSimpleUploadData(kData));
9602
9603 req->Start();
9604 d.RunUntilComplete();
9605
9606 EXPECT_EQ("https", req->url().scheme());
9607 EXPECT_EQ("POST", req->method());
9608 EXPECT_EQ(kData, d.data_received());
9609
9610 LoadTimingInfo load_timing_info;
9611 network_delegate.GetLoadTimingInfoBeforeRedirect(&load_timing_info);
9612 // LoadTimingInfo of HSTS redirects is similar to that of network cache hits
9613 TestLoadTimingCacheHitNoNetwork(load_timing_info);
9614 }
9615
9616 // Make sure that the CORS headers are added to cross-origin HSTS redirects.
TEST_F(HTTPSRequestTest,HSTSCrossOriginAddHeaders)9617 TEST_F(HTTPSRequestTest, HSTSCrossOriginAddHeaders) {
9618 static const char kOriginHeaderValue[] = "http://www.example.com";
9619
9620 EmbeddedTestServer test_server(net::EmbeddedTestServer::TYPE_HTTPS);
9621 test_server.ServeFilesFromSourceDirectory("net/data/ssl");
9622 ASSERT_TRUE(test_server.Start());
9623
9624 auto cert_verifier = std::make_unique<MockCertVerifier>();
9625 cert_verifier->set_default_result(OK);
9626
9627 auto context_builder = CreateTestURLRequestContextBuilder();
9628 context_builder->SetCertVerifier(std::move(cert_verifier));
9629 auto context = context_builder->Build();
9630 ASSERT_TRUE(context->transport_security_state());
9631 TransportSecurityState& transport_security_state =
9632 *context->transport_security_state();
9633 base::Time expiry = base::Time::Now() + base::Days(1);
9634 bool include_subdomains = false;
9635 transport_security_state.AddHSTS("example.net", expiry, include_subdomains);
9636
9637 GURL hsts_http_url(base::StringPrintf("http://example.net:%d/somehstssite",
9638 test_server.host_port_pair().port()));
9639 GURL::Replacements replacements;
9640 replacements.SetSchemeStr("https");
9641 GURL hsts_https_url = hsts_http_url.ReplaceComponents(replacements);
9642
9643 TestDelegate d;
9644
9645 std::unique_ptr<URLRequest> req(context->CreateRequest(
9646 hsts_http_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
9647 // Set Origin header to simulate a cross-origin request.
9648 HttpRequestHeaders request_headers;
9649 request_headers.SetHeader("Origin", kOriginHeaderValue);
9650 req->SetExtraRequestHeaders(request_headers);
9651
9652 req->Start();
9653 d.RunUntilRedirect();
9654
9655 EXPECT_EQ(1, d.received_redirect_count());
9656
9657 const HttpResponseHeaders* headers = req->response_headers();
9658 std::string redirect_location;
9659 EXPECT_TRUE(
9660 headers->EnumerateHeader(nullptr, "Location", &redirect_location));
9661 EXPECT_EQ(hsts_https_url.spec(), redirect_location);
9662
9663 std::string received_cors_header;
9664 EXPECT_TRUE(headers->EnumerateHeader(nullptr, "Access-Control-Allow-Origin",
9665 &received_cors_header));
9666 EXPECT_EQ(kOriginHeaderValue, received_cors_header);
9667
9668 std::string received_corp_header;
9669 EXPECT_TRUE(headers->EnumerateHeader(nullptr, "Cross-Origin-Resource-Policy",
9670 &received_corp_header));
9671 EXPECT_EQ("Cross-Origin", received_corp_header);
9672 }
9673
9674 namespace {
9675
9676 class SSLClientAuthTestDelegate : public TestDelegate {
9677 public:
SSLClientAuthTestDelegate()9678 SSLClientAuthTestDelegate() { set_on_complete(base::DoNothing()); }
OnCertificateRequested(URLRequest * request,SSLCertRequestInfo * cert_request_info)9679 void OnCertificateRequested(URLRequest* request,
9680 SSLCertRequestInfo* cert_request_info) override {
9681 on_certificate_requested_count_++;
9682 std::move(on_certificate_requested_).Run();
9683 }
RunUntilCertificateRequested()9684 void RunUntilCertificateRequested() {
9685 base::RunLoop run_loop;
9686 on_certificate_requested_ = run_loop.QuitClosure();
9687 run_loop.Run();
9688 }
on_certificate_requested_count()9689 int on_certificate_requested_count() {
9690 return on_certificate_requested_count_;
9691 }
9692
9693 private:
9694 int on_certificate_requested_count_ = 0;
9695 base::OnceClosure on_certificate_requested_;
9696 };
9697
9698 class TestSSLPrivateKey : public SSLPrivateKey {
9699 public:
TestSSLPrivateKey(scoped_refptr<SSLPrivateKey> key)9700 explicit TestSSLPrivateKey(scoped_refptr<SSLPrivateKey> key)
9701 : key_(std::move(key)) {}
9702
set_fail_signing(bool fail_signing)9703 void set_fail_signing(bool fail_signing) { fail_signing_ = fail_signing; }
sign_count() const9704 int sign_count() const { return sign_count_; }
9705
GetProviderName()9706 std::string GetProviderName() override { return key_->GetProviderName(); }
GetAlgorithmPreferences()9707 std::vector<uint16_t> GetAlgorithmPreferences() override {
9708 return key_->GetAlgorithmPreferences();
9709 }
Sign(uint16_t algorithm,base::span<const uint8_t> input,SignCallback callback)9710 void Sign(uint16_t algorithm,
9711 base::span<const uint8_t> input,
9712 SignCallback callback) override {
9713 sign_count_++;
9714 if (fail_signing_) {
9715 base::SingleThreadTaskRunner::GetCurrentDefault()->PostTask(
9716 FROM_HERE, base::BindOnce(std::move(callback),
9717 ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED,
9718 std::vector<uint8_t>()));
9719 } else {
9720 key_->Sign(algorithm, input, std::move(callback));
9721 }
9722 }
9723
9724 private:
9725 ~TestSSLPrivateKey() override = default;
9726
9727 scoped_refptr<SSLPrivateKey> key_;
9728 bool fail_signing_ = false;
9729 int sign_count_ = 0;
9730 };
9731
9732 } // namespace
9733
9734 // TODO(davidben): Test the rest of the code. Specifically,
9735 // - Filtering which certificates to select.
9736 // - Getting a certificate request in an SSL renegotiation sending the
9737 // HTTP request.
TEST_F(HTTPSRequestTest,ClientAuthNoCertificate)9738 TEST_F(HTTPSRequestTest, ClientAuthNoCertificate) {
9739 EmbeddedTestServer test_server(net::EmbeddedTestServer::TYPE_HTTPS);
9740 net::SSLServerConfig ssl_config;
9741 ssl_config.client_cert_type =
9742 SSLServerConfig::ClientCertType::OPTIONAL_CLIENT_CERT;
9743 test_server.SetSSLConfig(EmbeddedTestServer::CERT_OK, ssl_config);
9744 RegisterDefaultHandlers(&test_server);
9745 ASSERT_TRUE(test_server.Start());
9746
9747 SSLClientAuthTestDelegate d;
9748 {
9749 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
9750 test_server.GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d,
9751 TRAFFIC_ANNOTATION_FOR_TESTS));
9752
9753 r->Start();
9754 EXPECT_TRUE(r->is_pending());
9755
9756 d.RunUntilCertificateRequested();
9757 EXPECT_TRUE(r->is_pending());
9758
9759 EXPECT_EQ(1, d.on_certificate_requested_count());
9760 EXPECT_FALSE(d.received_data_before_response());
9761 EXPECT_EQ(0, d.bytes_received());
9762
9763 // Send no certificate.
9764 // TODO(davidben): Get temporary client cert import (with keys) working on
9765 // all platforms so we can test sending a cert as well.
9766 r->ContinueWithCertificate(nullptr, nullptr);
9767
9768 d.RunUntilComplete();
9769
9770 EXPECT_EQ(OK, d.request_status());
9771 EXPECT_EQ(1, d.response_started_count());
9772 EXPECT_FALSE(d.received_data_before_response());
9773 EXPECT_NE(0, d.bytes_received());
9774 }
9775 }
9776
TEST_F(HTTPSRequestTest,ClientAuth)9777 TEST_F(HTTPSRequestTest, ClientAuth) {
9778 std::unique_ptr<FakeClientCertIdentity> identity =
9779 FakeClientCertIdentity::CreateFromCertAndKeyFiles(
9780 GetTestCertsDirectory(), "client_1.pem", "client_1.pk8");
9781 ASSERT_TRUE(identity);
9782 scoped_refptr<TestSSLPrivateKey> private_key =
9783 base::MakeRefCounted<TestSSLPrivateKey>(identity->ssl_private_key());
9784
9785 EmbeddedTestServer test_server(net::EmbeddedTestServer::TYPE_HTTPS);
9786 net::SSLServerConfig ssl_config;
9787 ssl_config.client_cert_type =
9788 SSLServerConfig::ClientCertType::REQUIRE_CLIENT_CERT;
9789 test_server.SetSSLConfig(EmbeddedTestServer::CERT_OK, ssl_config);
9790 RegisterDefaultHandlers(&test_server);
9791 ASSERT_TRUE(test_server.Start());
9792
9793 {
9794 SSLClientAuthTestDelegate d;
9795 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
9796 test_server.GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d,
9797 TRAFFIC_ANNOTATION_FOR_TESTS));
9798
9799 r->Start();
9800 EXPECT_TRUE(r->is_pending());
9801
9802 d.RunUntilCertificateRequested();
9803 EXPECT_TRUE(r->is_pending());
9804
9805 EXPECT_EQ(1, d.on_certificate_requested_count());
9806 EXPECT_FALSE(d.received_data_before_response());
9807 EXPECT_EQ(0, d.bytes_received());
9808
9809 // Send a certificate.
9810 r->ContinueWithCertificate(identity->certificate(), private_key);
9811
9812 d.RunUntilComplete();
9813
9814 EXPECT_EQ(OK, d.request_status());
9815 EXPECT_EQ(1, d.response_started_count());
9816 EXPECT_FALSE(d.received_data_before_response());
9817 EXPECT_NE(0, d.bytes_received());
9818
9819 // The private key should have been used.
9820 EXPECT_EQ(1, private_key->sign_count());
9821 }
9822
9823 // Close all connections and clear the session cache to force a new handshake.
9824 default_context()
9825 .http_transaction_factory()
9826 ->GetSession()
9827 ->CloseAllConnections(ERR_FAILED, "Very good reason");
9828 default_context()
9829 .http_transaction_factory()
9830 ->GetSession()
9831 ->ClearSSLSessionCache();
9832
9833 // Connecting again should not call OnCertificateRequested. The identity is
9834 // taken from the client auth cache.
9835 {
9836 SSLClientAuthTestDelegate d;
9837 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
9838 test_server.GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d,
9839 TRAFFIC_ANNOTATION_FOR_TESTS));
9840
9841 r->Start();
9842 EXPECT_TRUE(r->is_pending());
9843
9844 d.RunUntilComplete();
9845
9846 EXPECT_EQ(OK, d.request_status());
9847 EXPECT_EQ(0, d.on_certificate_requested_count());
9848 EXPECT_FALSE(d.received_data_before_response());
9849 EXPECT_EQ(1, d.response_started_count());
9850 EXPECT_FALSE(d.received_data_before_response());
9851 EXPECT_NE(0, d.bytes_received());
9852
9853 // The private key should have been used.
9854 EXPECT_EQ(2, private_key->sign_count());
9855 }
9856 }
9857
9858 // Test that private keys that fail to sign anything get evicted from the cache.
TEST_F(HTTPSRequestTest,ClientAuthFailSigning)9859 TEST_F(HTTPSRequestTest, ClientAuthFailSigning) {
9860 std::unique_ptr<FakeClientCertIdentity> identity =
9861 FakeClientCertIdentity::CreateFromCertAndKeyFiles(
9862 GetTestCertsDirectory(), "client_1.pem", "client_1.pk8");
9863 ASSERT_TRUE(identity);
9864 scoped_refptr<TestSSLPrivateKey> private_key =
9865 base::MakeRefCounted<TestSSLPrivateKey>(identity->ssl_private_key());
9866 private_key->set_fail_signing(true);
9867
9868 EmbeddedTestServer test_server(net::EmbeddedTestServer::TYPE_HTTPS);
9869 net::SSLServerConfig ssl_config;
9870 ssl_config.client_cert_type =
9871 SSLServerConfig::ClientCertType::REQUIRE_CLIENT_CERT;
9872 test_server.SetSSLConfig(EmbeddedTestServer::CERT_OK, ssl_config);
9873 RegisterDefaultHandlers(&test_server);
9874 ASSERT_TRUE(test_server.Start());
9875
9876 {
9877 SSLClientAuthTestDelegate d;
9878 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
9879 test_server.GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d,
9880 TRAFFIC_ANNOTATION_FOR_TESTS));
9881
9882 r->Start();
9883 EXPECT_TRUE(r->is_pending());
9884
9885 d.RunUntilCertificateRequested();
9886 EXPECT_TRUE(r->is_pending());
9887
9888 EXPECT_EQ(1, d.on_certificate_requested_count());
9889 EXPECT_FALSE(d.received_data_before_response());
9890 EXPECT_EQ(0, d.bytes_received());
9891
9892 // Send a certificate.
9893 r->ContinueWithCertificate(identity->certificate(), private_key);
9894 d.RunUntilComplete();
9895
9896 // The private key cannot sign anything, so we report an error.
9897 EXPECT_EQ(ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED, d.request_status());
9898 EXPECT_EQ(1, d.response_started_count());
9899 EXPECT_FALSE(d.received_data_before_response());
9900 EXPECT_EQ(0, d.bytes_received());
9901
9902 // The private key should have been used.
9903 EXPECT_EQ(1, private_key->sign_count());
9904 }
9905
9906 // Close all connections and clear the session cache to force a new handshake.
9907 default_context()
9908 .http_transaction_factory()
9909 ->GetSession()
9910 ->CloseAllConnections(ERR_FAILED, "Very good reason");
9911 default_context()
9912 .http_transaction_factory()
9913 ->GetSession()
9914 ->ClearSSLSessionCache();
9915
9916 // The bad identity should have been evicted from the cache, so connecting
9917 // again should call OnCertificateRequested again.
9918 {
9919 SSLClientAuthTestDelegate d;
9920 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
9921 test_server.GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d,
9922 TRAFFIC_ANNOTATION_FOR_TESTS));
9923
9924 r->Start();
9925 EXPECT_TRUE(r->is_pending());
9926
9927 d.RunUntilCertificateRequested();
9928 EXPECT_TRUE(r->is_pending());
9929
9930 EXPECT_EQ(1, d.on_certificate_requested_count());
9931 EXPECT_FALSE(d.received_data_before_response());
9932 EXPECT_EQ(0, d.bytes_received());
9933
9934 // There should have been no additional uses of the private key.
9935 EXPECT_EQ(1, private_key->sign_count());
9936 }
9937 }
9938
9939 // Test that cached private keys that fail to sign anything trigger a
9940 // retry. This is so we handle unplugged smartcards
9941 // gracefully. https://crbug.com/813022.
TEST_F(HTTPSRequestTest,ClientAuthFailSigningRetry)9942 TEST_F(HTTPSRequestTest, ClientAuthFailSigningRetry) {
9943 std::unique_ptr<FakeClientCertIdentity> identity =
9944 FakeClientCertIdentity::CreateFromCertAndKeyFiles(
9945 GetTestCertsDirectory(), "client_1.pem", "client_1.pk8");
9946 ASSERT_TRUE(identity);
9947 scoped_refptr<TestSSLPrivateKey> private_key =
9948 base::MakeRefCounted<TestSSLPrivateKey>(identity->ssl_private_key());
9949
9950 EmbeddedTestServer test_server(net::EmbeddedTestServer::TYPE_HTTPS);
9951 net::SSLServerConfig ssl_config;
9952 ssl_config.client_cert_type =
9953 SSLServerConfig::ClientCertType::REQUIRE_CLIENT_CERT;
9954 test_server.SetSSLConfig(EmbeddedTestServer::CERT_OK, ssl_config);
9955 RegisterDefaultHandlers(&test_server);
9956 ASSERT_TRUE(test_server.Start());
9957
9958 // Connect with a client certificate to put it in the client auth cache.
9959 {
9960 SSLClientAuthTestDelegate d;
9961 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
9962 test_server.GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d,
9963 TRAFFIC_ANNOTATION_FOR_TESTS));
9964
9965 r->Start();
9966 EXPECT_TRUE(r->is_pending());
9967
9968 d.RunUntilCertificateRequested();
9969 EXPECT_TRUE(r->is_pending());
9970
9971 EXPECT_EQ(1, d.on_certificate_requested_count());
9972 EXPECT_FALSE(d.received_data_before_response());
9973 EXPECT_EQ(0, d.bytes_received());
9974
9975 r->ContinueWithCertificate(identity->certificate(), private_key);
9976 d.RunUntilComplete();
9977
9978 EXPECT_EQ(OK, d.request_status());
9979 EXPECT_EQ(1, d.response_started_count());
9980 EXPECT_FALSE(d.received_data_before_response());
9981 EXPECT_NE(0, d.bytes_received());
9982
9983 // The private key should have been used.
9984 EXPECT_EQ(1, private_key->sign_count());
9985 }
9986
9987 // Close all connections and clear the session cache to force a new handshake.
9988 default_context()
9989 .http_transaction_factory()
9990 ->GetSession()
9991 ->CloseAllConnections(ERR_FAILED, "Very good reason");
9992 default_context()
9993 .http_transaction_factory()
9994 ->GetSession()
9995 ->ClearSSLSessionCache();
9996
9997 // Cause the private key to fail. Connecting again should attempt to use it,
9998 // notice the failure, and then request a new identity via
9999 // OnCertificateRequested.
10000 private_key->set_fail_signing(true);
10001
10002 {
10003 SSLClientAuthTestDelegate d;
10004 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
10005 test_server.GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d,
10006 TRAFFIC_ANNOTATION_FOR_TESTS));
10007
10008 r->Start();
10009 EXPECT_TRUE(r->is_pending());
10010
10011 d.RunUntilCertificateRequested();
10012 EXPECT_TRUE(r->is_pending());
10013
10014 // There was an additional signing call on the private key (the one which
10015 // failed).
10016 EXPECT_EQ(2, private_key->sign_count());
10017
10018 // That caused another OnCertificateRequested call.
10019 EXPECT_EQ(1, d.on_certificate_requested_count());
10020 EXPECT_FALSE(d.received_data_before_response());
10021 EXPECT_EQ(0, d.bytes_received());
10022 }
10023 }
10024
TEST_F(HTTPSRequestTest,ResumeTest)10025 TEST_F(HTTPSRequestTest, ResumeTest) {
10026 // Test that we attempt resume sessions when making two connections to the
10027 // same host.
10028 EmbeddedTestServer test_server(EmbeddedTestServer::TYPE_HTTPS);
10029 RegisterDefaultHandlers(&test_server);
10030 ASSERT_TRUE(test_server.Start());
10031 const auto url = test_server.GetURL("/");
10032
10033 default_context()
10034 .http_transaction_factory()
10035 ->GetSession()
10036 ->ClearSSLSessionCache();
10037
10038 {
10039 TestDelegate d;
10040 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
10041 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
10042
10043 r->Start();
10044 EXPECT_TRUE(r->is_pending());
10045
10046 d.RunUntilComplete();
10047
10048 EXPECT_EQ(1, d.response_started_count());
10049 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, r->ssl_info().handshake_type);
10050 }
10051
10052 reinterpret_cast<HttpCache*>(default_context().http_transaction_factory())
10053 ->CloseAllConnections(ERR_FAILED, "Very good reason");
10054
10055 {
10056 TestDelegate d;
10057 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
10058 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
10059
10060 r->Start();
10061 EXPECT_TRUE(r->is_pending());
10062
10063 d.RunUntilComplete();
10064
10065 EXPECT_EQ(1, d.response_started_count());
10066 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, r->ssl_info().handshake_type);
10067 }
10068 }
10069
10070 // Test that sessions aren't resumed across URLRequestContexts.
TEST_F(HTTPSRequestTest,SSLSessionCacheShardTest)10071 TEST_F(HTTPSRequestTest, SSLSessionCacheShardTest) {
10072 // Start a server.
10073 EmbeddedTestServer test_server(EmbeddedTestServer::TYPE_HTTPS);
10074 RegisterDefaultHandlers(&test_server);
10075 ASSERT_TRUE(test_server.Start());
10076 const auto url = test_server.GetURL("/");
10077
10078 // Connect to the server once. This will add an entry to the session cache.
10079 {
10080 TestDelegate d;
10081 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
10082 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
10083
10084 r->Start();
10085 EXPECT_TRUE(r->is_pending());
10086
10087 d.RunUntilComplete();
10088
10089 EXPECT_EQ(1, d.response_started_count());
10090 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, r->ssl_info().handshake_type);
10091 }
10092
10093 // Clear the socket pools and connect again. This should resume the previous
10094 // session.
10095 default_context()
10096 .http_transaction_factory()
10097 ->GetSession()
10098 ->CloseAllConnections(ERR_FAILED, /*net_log_reason_utf8=*/"");
10099
10100 {
10101 TestDelegate d;
10102 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
10103 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
10104
10105 r->Start();
10106 EXPECT_TRUE(r->is_pending());
10107
10108 d.RunUntilComplete();
10109
10110 EXPECT_EQ(1, d.response_started_count());
10111 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, r->ssl_info().handshake_type);
10112 }
10113
10114 // Now fetch on a new URLRequestContext. This should not resume the session.
10115 auto context_builder = CreateTestURLRequestContextBuilder();
10116 auto other_context = context_builder->Build();
10117
10118 {
10119 TestDelegate d;
10120 std::unique_ptr<URLRequest> r(other_context->CreateRequest(
10121 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
10122
10123 r->Start();
10124 EXPECT_TRUE(r->is_pending());
10125
10126 d.RunUntilComplete();
10127
10128 EXPECT_EQ(1, d.response_started_count());
10129 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, r->ssl_info().handshake_type);
10130 }
10131 }
10132
10133 // Test that sessions started with privacy mode enabled cannot be resumed when
10134 // it is disabled, and vice versa.
TEST_F(HTTPSRequestTest,NoSessionResumptionBetweenPrivacyModes)10135 TEST_F(HTTPSRequestTest, NoSessionResumptionBetweenPrivacyModes) {
10136 // Start a server.
10137 EmbeddedTestServer test_server(EmbeddedTestServer::TYPE_HTTPS);
10138 RegisterDefaultHandlers(&test_server);
10139 ASSERT_TRUE(test_server.Start());
10140 const auto url = test_server.GetURL("/");
10141
10142 auto ConnectAndCheckHandshake = [this, url](bool allow_credentials,
10143 auto expected_handshake) {
10144 // Construct request and indirectly set the privacy mode.
10145 TestDelegate d;
10146 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
10147 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
10148 r->set_allow_credentials(allow_credentials);
10149
10150 // Start the request and check the SSL handshake type.
10151 r->Start();
10152 EXPECT_TRUE(r->is_pending());
10153 d.RunUntilComplete();
10154 EXPECT_EQ(1, d.response_started_count());
10155 EXPECT_EQ(expected_handshake, r->ssl_info().handshake_type);
10156 };
10157
10158 // Exhaustively check all pairs of privacy mode values. Note that we are using
10159 // allow_credentials to indirectly enable/disable privacy mode.
10160 const bool kAllowCredentialsValues[] = {false, true};
10161 for (const auto allow_creds_1 : kAllowCredentialsValues) {
10162 for (const auto allow_creds_2 : kAllowCredentialsValues) {
10163 SCOPED_TRACE(base::StringPrintf("allow_creds_1=%d, allow_creds_2=%d",
10164 allow_creds_1, allow_creds_2));
10165
10166 // The session cache starts off empty, so we expect a full handshake.
10167 ConnectAndCheckHandshake(allow_creds_1, SSLInfo::HANDSHAKE_FULL);
10168
10169 // The second handshake depends on whether we are using the same session
10170 // cache as the first request.
10171 ConnectAndCheckHandshake(allow_creds_2, allow_creds_1 == allow_creds_2
10172 ? SSLInfo::HANDSHAKE_RESUME
10173 : SSLInfo::HANDSHAKE_FULL);
10174 // Flush both session caches.
10175 auto* network_session =
10176 default_context().http_transaction_factory()->GetSession();
10177 network_session->ClearSSLSessionCache();
10178 }
10179 }
10180 }
10181
10182 class HTTPSFallbackTest : public TestWithTaskEnvironment {
10183 public:
HTTPSFallbackTest()10184 HTTPSFallbackTest() {
10185 auto context_builder = CreateTestURLRequestContextBuilder();
10186 context_builder->set_ssl_config_service(
10187 std::make_unique<TestSSLConfigService>(SSLContextConfig()));
10188 context_ = context_builder->Build();
10189 }
10190 ~HTTPSFallbackTest() override = default;
10191
10192 protected:
DoFallbackTest(const SSLServerConfig & ssl_config)10193 void DoFallbackTest(const SSLServerConfig& ssl_config) {
10194 DCHECK(!request_);
10195 delegate_.set_allow_certificate_errors(true);
10196
10197 EmbeddedTestServer test_server(EmbeddedTestServer::TYPE_HTTPS);
10198 test_server.SetSSLConfig(EmbeddedTestServer::CERT_OK, ssl_config);
10199 ASSERT_TRUE(test_server.Start());
10200
10201 request_ =
10202 context_->CreateRequest(test_server.GetURL("/"), DEFAULT_PRIORITY,
10203 &delegate_, TRAFFIC_ANNOTATION_FOR_TESTS);
10204 request_->Start();
10205
10206 delegate_.RunUntilComplete();
10207 }
10208
ExpectConnection(int version)10209 void ExpectConnection(int version) {
10210 EXPECT_EQ(1, delegate_.response_started_count());
10211 EXPECT_NE(0, delegate_.bytes_received());
10212 EXPECT_EQ(version, SSLConnectionStatusToVersion(
10213 request_->ssl_info().connection_status));
10214 }
10215
ExpectFailure(int error)10216 void ExpectFailure(int error) {
10217 EXPECT_EQ(1, delegate_.response_started_count());
10218 EXPECT_EQ(error, delegate_.request_status());
10219 }
10220
10221 private:
10222 TestDelegate delegate_;
10223 std::unique_ptr<URLRequestContext> context_;
10224 std::unique_ptr<URLRequest> request_;
10225 };
10226
10227 // Tests the TLS 1.0 fallback doesn't happen.
TEST_F(HTTPSFallbackTest,TLSv1NoFallback)10228 TEST_F(HTTPSFallbackTest, TLSv1NoFallback) {
10229 net::SSLServerConfig ssl_config;
10230 ssl_config.client_hello_callback_for_testing =
10231 base::BindRepeating([](const SSL_CLIENT_HELLO* client_hello) {
10232 // Reject ClientHellos with version >= TLS 1.1.
10233 return client_hello->version <= TLS1_VERSION;
10234 });
10235
10236 ASSERT_NO_FATAL_FAILURE(DoFallbackTest(ssl_config));
10237 ExpectFailure(ERR_SSL_VERSION_OR_CIPHER_MISMATCH);
10238 }
10239
10240 // Tests the TLS 1.1 fallback doesn't happen.
TEST_F(HTTPSFallbackTest,TLSv1_1NoFallback)10241 TEST_F(HTTPSFallbackTest, TLSv1_1NoFallback) {
10242 net::SSLServerConfig ssl_config;
10243 ssl_config.client_hello_callback_for_testing =
10244 base::BindRepeating([](const SSL_CLIENT_HELLO* client_hello) {
10245 // Reject ClientHellos with version >= TLS 1.2.
10246 return client_hello->version <= TLS1_1_VERSION;
10247 });
10248
10249 ASSERT_NO_FATAL_FAILURE(DoFallbackTest(ssl_config));
10250 ExpectFailure(ERR_SSL_VERSION_OR_CIPHER_MISMATCH);
10251 }
10252
10253 // Tests the TLS 1.2 fallback doesn't happen.
TEST_F(HTTPSFallbackTest,TLSv1_2NoFallback)10254 TEST_F(HTTPSFallbackTest, TLSv1_2NoFallback) {
10255 net::SSLServerConfig ssl_config;
10256 ssl_config.client_hello_callback_for_testing =
10257 base::BindRepeating([](const SSL_CLIENT_HELLO* client_hello) {
10258 // Reject ClientHellos with a supported_versions extension. TLS 1.3 is
10259 // signaled via an extension rather than the legacy version field.
10260 const uint8_t* data;
10261 size_t len;
10262 return !SSL_early_callback_ctx_extension_get(
10263 client_hello, TLSEXT_TYPE_supported_versions, &data, &len);
10264 });
10265
10266 ASSERT_NO_FATAL_FAILURE(DoFallbackTest(ssl_config));
10267 ExpectFailure(ERR_SSL_VERSION_OR_CIPHER_MISMATCH);
10268 }
10269
10270 class HTTPSSessionTest : public TestWithTaskEnvironment {
10271 public:
HTTPSSessionTest()10272 HTTPSSessionTest() {
10273 auto context_builder = CreateTestURLRequestContextBuilder();
10274 context_builder->SetCertVerifier(std::make_unique<MockCertVerifier>());
10275 default_context_ = context_builder->Build();
10276
10277 default_cert_verifier().set_default_result(OK);
10278 }
10279 ~HTTPSSessionTest() override = default;
10280
default_context()10281 URLRequestContext& default_context() { return *default_context_; }
default_cert_verifier()10282 MockCertVerifier& default_cert_verifier() {
10283 // This cast is safe because we provided a MockCertVerifier in the ctor.
10284 return *static_cast<MockCertVerifier*>(default_context_->cert_verifier());
10285 }
10286
10287 private:
10288 std::unique_ptr<URLRequestContext> default_context_;
10289 };
10290
10291 // Tests that session resumption is not attempted if an invalid certificate
10292 // is presented.
TEST_F(HTTPSSessionTest,DontResumeSessionsForInvalidCertificates)10293 TEST_F(HTTPSSessionTest, DontResumeSessionsForInvalidCertificates) {
10294 EmbeddedTestServer test_server(EmbeddedTestServer::TYPE_HTTPS);
10295 RegisterDefaultHandlers(&test_server);
10296 ASSERT_TRUE(test_server.Start());
10297 const auto url = test_server.GetURL("/");
10298
10299 default_context()
10300 .http_transaction_factory()
10301 ->GetSession()
10302 ->ClearSSLSessionCache();
10303
10304 // Simulate the certificate being expired and attempt a connection.
10305 default_cert_verifier().set_default_result(ERR_CERT_DATE_INVALID);
10306 {
10307 TestDelegate d;
10308 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
10309 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
10310
10311 r->Start();
10312 EXPECT_TRUE(r->is_pending());
10313
10314 d.RunUntilComplete();
10315
10316 EXPECT_EQ(1, d.response_started_count());
10317 }
10318
10319 reinterpret_cast<HttpCache*>(default_context().http_transaction_factory())
10320 ->CloseAllConnections(ERR_FAILED, "Very good reason");
10321
10322 // Now change the certificate to be acceptable (so that the response is
10323 // loaded), and ensure that no session id is presented to the peer.
10324 default_cert_verifier().set_default_result(OK);
10325 {
10326 TestDelegate d;
10327 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
10328 url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
10329
10330 r->Start();
10331 EXPECT_TRUE(r->is_pending());
10332
10333 d.RunUntilComplete();
10334
10335 EXPECT_EQ(1, d.response_started_count());
10336 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, r->ssl_info().handshake_type);
10337 }
10338 }
10339
10340 // Interceptor to check that secure DNS has been disabled. Secure DNS should be
10341 // disabled for any network fetch triggered during certificate verification as
10342 // it could cause a deadlock.
10343 class SecureDnsInterceptor : public net::URLRequestInterceptor {
10344 public:
10345 SecureDnsInterceptor() = default;
10346 ~SecureDnsInterceptor() override = default;
10347
10348 private:
10349 // URLRequestInterceptor implementation:
MaybeInterceptRequest(net::URLRequest * request) const10350 std::unique_ptr<net::URLRequestJob> MaybeInterceptRequest(
10351 net::URLRequest* request) const override {
10352 EXPECT_EQ(SecureDnsPolicy::kDisable, request->secure_dns_policy());
10353 return nullptr;
10354 }
10355 };
10356
10357 class HTTPSCertNetFetchingTest : public HTTPSRequestTest {
10358 public:
10359 HTTPSCertNetFetchingTest() = default;
10360
SetUp()10361 void SetUp() override {
10362 cert_net_fetcher_ = base::MakeRefCounted<CertNetFetcherURLRequest>();
10363 auto cert_verifier =
10364 CertVerifier::CreateDefaultWithoutCaching(cert_net_fetcher_);
10365 updatable_cert_verifier_ = cert_verifier.get();
10366
10367 auto context_builder = CreateTestURLRequestContextBuilder();
10368 context_builder->SetCertVerifier(std::make_unique<CachingCertVerifier>(
10369 std::make_unique<CoalescingCertVerifier>(std::move(cert_verifier))));
10370 context_ = context_builder->Build();
10371
10372 net::URLRequestFilter::GetInstance()->AddHostnameInterceptor(
10373 "http", "127.0.0.1", std::make_unique<SecureDnsInterceptor>());
10374
10375 cert_net_fetcher_->SetURLRequestContext(context_.get());
10376 context_->cert_verifier()->SetConfig(GetCertVerifierConfig());
10377 }
10378
TearDown()10379 void TearDown() override {
10380 cert_net_fetcher_->Shutdown();
10381 net::URLRequestFilter::GetInstance()->ClearHandlers();
10382 }
10383
DoConnectionWithDelegate(std::string_view hostname,const EmbeddedTestServer::ServerCertificateConfig & cert_config,TestDelegate * delegate,SSLInfo * out_ssl_info)10384 void DoConnectionWithDelegate(
10385 std::string_view hostname,
10386 const EmbeddedTestServer::ServerCertificateConfig& cert_config,
10387 TestDelegate* delegate,
10388 SSLInfo* out_ssl_info) {
10389 // Always overwrite |out_ssl_info|.
10390 out_ssl_info->Reset();
10391
10392 EmbeddedTestServer test_server(EmbeddedTestServer::TYPE_HTTPS);
10393 test_server.SetSSLConfig(cert_config);
10394 RegisterDefaultHandlers(&test_server);
10395 ASSERT_TRUE(test_server.Start());
10396
10397 delegate->set_allow_certificate_errors(true);
10398 std::unique_ptr<URLRequest> r(context_->CreateRequest(
10399 test_server.GetURL(hostname, "/"), DEFAULT_PRIORITY, delegate,
10400 TRAFFIC_ANNOTATION_FOR_TESTS));
10401 r->Start();
10402
10403 delegate->RunUntilComplete();
10404 EXPECT_EQ(1, delegate->response_started_count());
10405
10406 *out_ssl_info = r->ssl_info();
10407 }
10408
DoConnectionWithDelegate(const EmbeddedTestServer::ServerCertificateConfig & cert_config,TestDelegate * delegate,SSLInfo * out_ssl_info)10409 void DoConnectionWithDelegate(
10410 const EmbeddedTestServer::ServerCertificateConfig& cert_config,
10411 TestDelegate* delegate,
10412 SSLInfo* out_ssl_info) {
10413 DoConnectionWithDelegate("127.0.0.1", cert_config, delegate, out_ssl_info);
10414 }
10415
DoConnection(std::string_view hostname,const EmbeddedTestServer::ServerCertificateConfig & cert_config,CertStatus * out_cert_status)10416 void DoConnection(
10417 std::string_view hostname,
10418 const EmbeddedTestServer::ServerCertificateConfig& cert_config,
10419 CertStatus* out_cert_status) {
10420 // Always overwrite |out_cert_status|.
10421 *out_cert_status = 0;
10422
10423 TestDelegate d;
10424 SSLInfo ssl_info;
10425 ASSERT_NO_FATAL_FAILURE(
10426 DoConnectionWithDelegate(hostname, cert_config, &d, &ssl_info));
10427
10428 *out_cert_status = ssl_info.cert_status;
10429 }
10430
DoConnection(const EmbeddedTestServer::ServerCertificateConfig & cert_config,CertStatus * out_cert_status)10431 void DoConnection(
10432 const EmbeddedTestServer::ServerCertificateConfig& cert_config,
10433 CertStatus* out_cert_status) {
10434 DoConnection("127.0.0.1", cert_config, out_cert_status);
10435 }
10436
10437 protected:
10438 // GetCertVerifierConfig() configures the URLRequestContext that will be used
10439 // for making connections to the testserver. This can be overridden in test
10440 // subclasses for different behaviour.
GetCertVerifierConfig()10441 virtual CertVerifier::Config GetCertVerifierConfig() {
10442 CertVerifier::Config config;
10443 return config;
10444 }
10445
UpdateCertVerifier(scoped_refptr<CRLSet> crl_set)10446 void UpdateCertVerifier(scoped_refptr<CRLSet> crl_set) {
10447 net::CertVerifyProc::ImplParams params;
10448 params.crl_set = std::move(crl_set);
10449 updatable_cert_verifier_->UpdateVerifyProcData(cert_net_fetcher_, params,
10450 {});
10451 }
10452
10453 scoped_refptr<CertNetFetcherURLRequest> cert_net_fetcher_;
10454 std::unique_ptr<URLRequestContext> context_;
10455 raw_ptr<CertVerifierWithUpdatableProc> updatable_cert_verifier_;
10456 };
10457
10458 // The test EV policy OID used for generated certs.
10459 static const char kEVTestCertPolicy[] = "1.3.6.1.4.1.11129.2.4.1";
10460
10461 class HTTPSEVTest : public HTTPSCertNetFetchingTest {
10462 public:
SetUp()10463 void SetUp() override {
10464 HTTPSCertNetFetchingTest::SetUp();
10465
10466 scoped_refptr<X509Certificate> root_cert =
10467 ImportCertFromFile(GetTestCertsDirectory(), "root_ca_cert.pem");
10468 ASSERT_TRUE(root_cert);
10469
10470 ev_test_policy_ = std::make_unique<ScopedTestEVPolicy>(
10471 EVRootCAMetadata::GetInstance(),
10472 X509Certificate::CalculateFingerprint256(root_cert->cert_buffer()),
10473 kEVTestCertPolicy);
10474 }
10475
TearDown()10476 void TearDown() override { HTTPSCertNetFetchingTest::TearDown(); }
10477
10478 private:
10479 std::unique_ptr<ScopedTestEVPolicy> ev_test_policy_;
10480 };
10481
10482 class HTTPSOCSPTest : public HTTPSCertNetFetchingTest {
10483 public:
GetCertVerifierConfig()10484 CertVerifier::Config GetCertVerifierConfig() override {
10485 CertVerifier::Config config;
10486 config.enable_rev_checking = true;
10487 return config;
10488 }
10489 };
10490
UsingBuiltinCertVerifier()10491 static bool UsingBuiltinCertVerifier() {
10492 #if BUILDFLAG(IS_FUCHSIA) || BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) || \
10493 BUILDFLAG(CHROME_ROOT_STORE_SUPPORTED)
10494 return true;
10495 #else
10496 return false;
10497 #endif
10498 }
10499
10500 // SystemSupportsHardFailRevocationChecking returns true iff the current
10501 // operating system supports revocation checking and can distinguish between
10502 // situations where a given certificate lacks any revocation information (eg:
10503 // no CRLDistributionPoints and no OCSP Responder AuthorityInfoAccess) and when
10504 // revocation information cannot be obtained (eg: the CRL was unreachable).
10505 // If it does not, then tests which rely on 'hard fail' behaviour should be
10506 // skipped.
SystemSupportsHardFailRevocationChecking()10507 static bool SystemSupportsHardFailRevocationChecking() {
10508 return UsingBuiltinCertVerifier();
10509 }
10510
10511 // SystemUsesChromiumEVMetadata returns true iff the current operating system
10512 // uses Chromium's EV metadata (i.e. EVRootCAMetadata). If it does not, then
10513 // several tests are effected because our testing EV certificate won't be
10514 // recognised as EV.
SystemUsesChromiumEVMetadata()10515 static bool SystemUsesChromiumEVMetadata() {
10516 #if defined(PLATFORM_USES_CHROMIUM_EV_METADATA)
10517 return true;
10518 #else
10519 return false;
10520 #endif
10521 }
10522
SystemSupportsOCSP()10523 static bool SystemSupportsOCSP() {
10524 #if BUILDFLAG(IS_ANDROID)
10525 // Unsupported, see http://crbug.com/117478.
10526 return false;
10527 #else
10528 return true;
10529 #endif
10530 }
10531
SystemSupportsOCSPStapling()10532 static bool SystemSupportsOCSPStapling() {
10533 if (UsingBuiltinCertVerifier())
10534 return true;
10535 #if BUILDFLAG(IS_ANDROID)
10536 return false;
10537 #else
10538 return true;
10539 #endif
10540 }
10541
SystemSupportsCRLSets()10542 static bool SystemSupportsCRLSets() {
10543 if (UsingBuiltinCertVerifier())
10544 return true;
10545 #if BUILDFLAG(IS_ANDROID)
10546 return false;
10547 #else
10548 return true;
10549 #endif
10550 }
10551
TEST_F(HTTPSEVTest,EVCheckNoOCSP)10552 TEST_F(HTTPSEVTest, EVCheckNoOCSP) {
10553 if (!SystemUsesChromiumEVMetadata()) {
10554 LOG(WARNING) << "Skipping test because system doesn't support EV";
10555 return;
10556 }
10557 EmbeddedTestServer::ServerCertificateConfig cert_config;
10558 cert_config.policy_oids = {kEVTestCertPolicy};
10559
10560 CertStatus cert_status;
10561 DoConnection(cert_config, &cert_status);
10562
10563 EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS);
10564
10565 EXPECT_EQ(SystemUsesChromiumEVMetadata(),
10566 static_cast<bool>(cert_status & CERT_STATUS_IS_EV));
10567
10568 EXPECT_FALSE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
10569 }
10570
TEST_F(HTTPSOCSPTest,Valid)10571 TEST_F(HTTPSOCSPTest, Valid) {
10572 if (!SystemSupportsOCSP()) {
10573 LOG(WARNING) << "Skipping test because system doesn't support OCSP";
10574 return;
10575 }
10576
10577 EmbeddedTestServer::ServerCertificateConfig cert_config;
10578 cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig(
10579 {{bssl::OCSPRevocationStatus::GOOD,
10580 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}});
10581
10582 CertStatus cert_status;
10583 DoConnection(cert_config, &cert_status);
10584
10585 EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS);
10586
10587 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
10588 }
10589
TEST_F(HTTPSOCSPTest,Revoked)10590 TEST_F(HTTPSOCSPTest, Revoked) {
10591 if (!SystemSupportsOCSP()) {
10592 LOG(WARNING) << "Skipping test because system doesn't support OCSP";
10593 return;
10594 }
10595
10596 EmbeddedTestServer::ServerCertificateConfig cert_config;
10597 cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig(
10598 {{bssl::OCSPRevocationStatus::REVOKED,
10599 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}});
10600
10601 CertStatus cert_status;
10602 DoConnection(cert_config, &cert_status);
10603
10604 EXPECT_EQ(CERT_STATUS_REVOKED, cert_status & CERT_STATUS_ALL_ERRORS);
10605 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV);
10606 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
10607 }
10608
TEST_F(HTTPSOCSPTest,Invalid)10609 TEST_F(HTTPSOCSPTest, Invalid) {
10610 if (!SystemSupportsOCSP()) {
10611 LOG(WARNING) << "Skipping test because system doesn't support OCSP";
10612 return;
10613 }
10614
10615 EmbeddedTestServer::ServerCertificateConfig cert_config;
10616 cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig(
10617 EmbeddedTestServer::OCSPConfig::ResponseType::kInvalidResponse);
10618
10619 CertStatus cert_status;
10620 DoConnection(cert_config, &cert_status);
10621
10622 // Without a positive OCSP response, we shouldn't show the EV status, but also
10623 // should not show any revocation checking errors.
10624 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV);
10625 EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS);
10626 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
10627 }
10628
TEST_F(HTTPSOCSPTest,IntermediateValid)10629 TEST_F(HTTPSOCSPTest, IntermediateValid) {
10630 if (!SystemSupportsOCSP()) {
10631 LOG(WARNING) << "Skipping test because system doesn't support OCSP";
10632 return;
10633 }
10634
10635 EmbeddedTestServer::ServerCertificateConfig cert_config;
10636 cert_config.intermediate = EmbeddedTestServer::IntermediateType::kInHandshake;
10637 cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig(
10638 {{bssl::OCSPRevocationStatus::GOOD,
10639 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}});
10640 cert_config.intermediate_ocsp_config = EmbeddedTestServer::OCSPConfig(
10641 {{bssl::OCSPRevocationStatus::GOOD,
10642 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}});
10643
10644 CertStatus cert_status;
10645 DoConnection(cert_config, &cert_status);
10646
10647 EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS);
10648
10649 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
10650 }
10651
TEST_F(HTTPSOCSPTest,IntermediateResponseOldButStillValid)10652 TEST_F(HTTPSOCSPTest, IntermediateResponseOldButStillValid) {
10653 if (!SystemSupportsOCSP()) {
10654 LOG(WARNING) << "Skipping test because system doesn't support OCSP";
10655 return;
10656 }
10657
10658 EmbeddedTestServer::ServerCertificateConfig cert_config;
10659 cert_config.intermediate = EmbeddedTestServer::IntermediateType::kInHandshake;
10660 cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig(
10661 {{bssl::OCSPRevocationStatus::GOOD,
10662 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}});
10663 // Use an OCSP response for the intermediate that would be too old for a leaf
10664 // cert, but is still valid for an intermediate.
10665 cert_config.intermediate_ocsp_config = EmbeddedTestServer::OCSPConfig(
10666 {{bssl::OCSPRevocationStatus::REVOKED,
10667 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kLong}});
10668
10669 CertStatus cert_status;
10670 DoConnection(cert_config, &cert_status);
10671
10672 EXPECT_EQ(CERT_STATUS_REVOKED, cert_status & CERT_STATUS_ALL_ERRORS);
10673 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
10674 }
10675
TEST_F(HTTPSOCSPTest,IntermediateResponseTooOldKnownRoot)10676 TEST_F(HTTPSOCSPTest, IntermediateResponseTooOldKnownRoot) {
10677 if (!SystemSupportsOCSP()) {
10678 LOG(WARNING) << "Skipping test because system doesn't support OCSP";
10679 return;
10680 }
10681
10682 scoped_refptr<X509Certificate> root_cert =
10683 ImportCertFromFile(GetTestCertsDirectory(), "root_ca_cert.pem");
10684 ASSERT_TRUE(root_cert);
10685 ScopedTestKnownRoot scoped_known_root(root_cert.get());
10686
10687 EmbeddedTestServer::ServerCertificateConfig cert_config;
10688 cert_config.intermediate = EmbeddedTestServer::IntermediateType::kInHandshake;
10689 cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig(
10690 {{bssl::OCSPRevocationStatus::GOOD,
10691 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}});
10692 cert_config.intermediate_ocsp_config = EmbeddedTestServer::OCSPConfig(
10693 {{bssl::OCSPRevocationStatus::REVOKED,
10694 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kLonger}});
10695 cert_config.dns_names = {"example.com"};
10696
10697 CertStatus cert_status;
10698 DoConnection("example.com", cert_config, &cert_status);
10699
10700 if (UsingBuiltinCertVerifier()) {
10701 // The intermediate certificate is marked as a known root and has an OCSP
10702 // response indicating REVOKED status, but the response is too old
10703 // according to the Baseline Requirements, thus the response should be
10704 // ignored and the verification succeeds.
10705 EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS);
10706 } else {
10707 EXPECT_EQ(CERT_STATUS_REVOKED, cert_status & CERT_STATUS_ALL_ERRORS);
10708 }
10709 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
10710 }
10711
TEST_F(HTTPSOCSPTest,IntermediateResponseTooOld)10712 TEST_F(HTTPSOCSPTest, IntermediateResponseTooOld) {
10713 if (!SystemSupportsOCSP()) {
10714 LOG(WARNING) << "Skipping test because system doesn't support OCSP";
10715 return;
10716 }
10717
10718 EmbeddedTestServer::ServerCertificateConfig cert_config;
10719 cert_config.intermediate = EmbeddedTestServer::IntermediateType::kInHandshake;
10720 cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig(
10721 {{bssl::OCSPRevocationStatus::GOOD,
10722 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}});
10723 cert_config.intermediate_ocsp_config = EmbeddedTestServer::OCSPConfig(
10724 {{bssl::OCSPRevocationStatus::REVOKED,
10725 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kLonger}});
10726
10727 CertStatus cert_status;
10728 DoConnection(cert_config, &cert_status);
10729
10730 // The test root is not a known root, therefore the Baseline Requirements
10731 // limits on maximum age of a response do not apply and the intermediate OCSP
10732 // response indicating revoked is honored.
10733 EXPECT_EQ(CERT_STATUS_REVOKED, cert_status & CERT_STATUS_ALL_ERRORS);
10734 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
10735 }
10736
TEST_F(HTTPSOCSPTest,IntermediateRevoked)10737 TEST_F(HTTPSOCSPTest, IntermediateRevoked) {
10738 if (!SystemSupportsOCSP()) {
10739 LOG(WARNING) << "Skipping test because system doesn't support OCSP";
10740 return;
10741 }
10742
10743 EmbeddedTestServer::ServerCertificateConfig cert_config;
10744 cert_config.intermediate = EmbeddedTestServer::IntermediateType::kInHandshake;
10745 cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig(
10746 {{bssl::OCSPRevocationStatus::GOOD,
10747 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}});
10748 cert_config.intermediate_ocsp_config = EmbeddedTestServer::OCSPConfig(
10749 {{bssl::OCSPRevocationStatus::REVOKED,
10750 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}});
10751
10752 CertStatus cert_status;
10753 DoConnection(cert_config, &cert_status);
10754
10755 EXPECT_EQ(CERT_STATUS_REVOKED, cert_status & CERT_STATUS_ALL_ERRORS);
10756 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
10757 }
10758
TEST_F(HTTPSOCSPTest,ValidStapled)10759 TEST_F(HTTPSOCSPTest, ValidStapled) {
10760 if (!SystemSupportsOCSPStapling()) {
10761 LOG(WARNING)
10762 << "Skipping test because system doesn't support OCSP stapling";
10763 return;
10764 }
10765
10766 EmbeddedTestServer::ServerCertificateConfig cert_config;
10767
10768 // AIA OCSP url is included, but does not return a successful ocsp response.
10769 cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig(
10770 EmbeddedTestServer::OCSPConfig::ResponseType::kTryLater);
10771
10772 cert_config.stapled_ocsp_config = EmbeddedTestServer::OCSPConfig(
10773 {{bssl::OCSPRevocationStatus::GOOD,
10774 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}});
10775
10776 CertStatus cert_status;
10777 DoConnection(cert_config, &cert_status);
10778
10779 EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS);
10780 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
10781 }
10782
TEST_F(HTTPSOCSPTest,RevokedStapled)10783 TEST_F(HTTPSOCSPTest, RevokedStapled) {
10784 if (!SystemSupportsOCSPStapling()) {
10785 LOG(WARNING)
10786 << "Skipping test because system doesn't support OCSP stapling";
10787 return;
10788 }
10789
10790 EmbeddedTestServer::ServerCertificateConfig cert_config;
10791
10792 // AIA OCSP url is included, but does not return a successful ocsp response.
10793 cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig(
10794 EmbeddedTestServer::OCSPConfig::ResponseType::kTryLater);
10795
10796 cert_config.stapled_ocsp_config = EmbeddedTestServer::OCSPConfig(
10797 {{bssl::OCSPRevocationStatus::REVOKED,
10798 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}});
10799
10800 CertStatus cert_status;
10801 DoConnection(cert_config, &cert_status);
10802
10803 EXPECT_EQ(CERT_STATUS_REVOKED, cert_status & CERT_STATUS_ALL_ERRORS);
10804 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
10805 }
10806
TEST_F(HTTPSOCSPTest,OldStapledAndInvalidAIA)10807 TEST_F(HTTPSOCSPTest, OldStapledAndInvalidAIA) {
10808 if (!SystemSupportsOCSPStapling()) {
10809 LOG(WARNING)
10810 << "Skipping test because system doesn't support OCSP stapling";
10811 return;
10812 }
10813
10814 EmbeddedTestServer::ServerCertificateConfig cert_config;
10815
10816 // Stapled response indicates good, but is too old.
10817 cert_config.stapled_ocsp_config = EmbeddedTestServer::OCSPConfig(
10818 {{bssl::OCSPRevocationStatus::GOOD,
10819 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kOld}});
10820
10821 // AIA OCSP url is included, but does not return a successful ocsp response.
10822 cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig(
10823 EmbeddedTestServer::OCSPConfig::ResponseType::kTryLater);
10824
10825 CertStatus cert_status;
10826 DoConnection(cert_config, &cert_status);
10827
10828 EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS);
10829 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
10830 }
10831
TEST_F(HTTPSOCSPTest,OldStapledButValidAIA)10832 TEST_F(HTTPSOCSPTest, OldStapledButValidAIA) {
10833 if (!SystemSupportsOCSPStapling()) {
10834 LOG(WARNING)
10835 << "Skipping test because system doesn't support OCSP stapling";
10836 return;
10837 }
10838
10839 EmbeddedTestServer::ServerCertificateConfig cert_config;
10840
10841 // Stapled response indicates good, but response is too old.
10842 cert_config.stapled_ocsp_config = EmbeddedTestServer::OCSPConfig(
10843 {{bssl::OCSPRevocationStatus::GOOD,
10844 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kOld}});
10845
10846 // AIA OCSP url is included, and returns a successful ocsp response.
10847 cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig(
10848 {{bssl::OCSPRevocationStatus::GOOD,
10849 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}});
10850
10851 CertStatus cert_status;
10852 DoConnection(cert_config, &cert_status);
10853
10854 EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS);
10855 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
10856 }
10857
10858 static const struct OCSPVerifyTestData {
10859 EmbeddedTestServer::OCSPConfig ocsp_config;
10860 bssl::OCSPVerifyResult::ResponseStatus expected_response_status;
10861 // |expected_cert_status| is only used if |expected_response_status| is
10862 // PROVIDED.
10863 bssl::OCSPRevocationStatus expected_cert_status;
10864 } kOCSPVerifyData[] = {
10865 // 0
10866 {EmbeddedTestServer::OCSPConfig(
10867 {{bssl::OCSPRevocationStatus::GOOD,
10868 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}},
10869 EmbeddedTestServer::OCSPConfig::Produced::kValid),
10870 bssl::OCSPVerifyResult::PROVIDED, bssl::OCSPRevocationStatus::GOOD},
10871
10872 // 1
10873 {EmbeddedTestServer::OCSPConfig(
10874 {{bssl::OCSPRevocationStatus::GOOD,
10875 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kOld}},
10876 EmbeddedTestServer::OCSPConfig::Produced::kValid),
10877 bssl::OCSPVerifyResult::INVALID_DATE, bssl::OCSPRevocationStatus::UNKNOWN},
10878
10879 // 2
10880 {EmbeddedTestServer::OCSPConfig(
10881 {{bssl::OCSPRevocationStatus::GOOD,
10882 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kEarly}},
10883 EmbeddedTestServer::OCSPConfig::Produced::kValid),
10884 bssl::OCSPVerifyResult::INVALID_DATE, bssl::OCSPRevocationStatus::UNKNOWN},
10885
10886 // 3
10887 {EmbeddedTestServer::OCSPConfig(
10888 {{bssl::OCSPRevocationStatus::GOOD,
10889 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kLong}},
10890 EmbeddedTestServer::OCSPConfig::Produced::kValid),
10891 bssl::OCSPVerifyResult::INVALID_DATE, bssl::OCSPRevocationStatus::UNKNOWN},
10892
10893 // 4
10894 {EmbeddedTestServer::OCSPConfig(
10895 EmbeddedTestServer::OCSPConfig::ResponseType::kTryLater),
10896 bssl::OCSPVerifyResult::ERROR_RESPONSE,
10897 bssl::OCSPRevocationStatus::UNKNOWN},
10898
10899 // 5
10900 {EmbeddedTestServer::OCSPConfig(
10901 EmbeddedTestServer::OCSPConfig::ResponseType::kInvalidResponse),
10902 bssl::OCSPVerifyResult::PARSE_RESPONSE_ERROR,
10903 bssl::OCSPRevocationStatus::UNKNOWN},
10904
10905 // 6
10906 {EmbeddedTestServer::OCSPConfig(
10907 EmbeddedTestServer::OCSPConfig::ResponseType::kInvalidResponseData),
10908 bssl::OCSPVerifyResult::PARSE_RESPONSE_DATA_ERROR,
10909 bssl::OCSPRevocationStatus::UNKNOWN},
10910
10911 // 7
10912 {EmbeddedTestServer::OCSPConfig(
10913 {{bssl::OCSPRevocationStatus::REVOKED,
10914 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kEarly}},
10915 EmbeddedTestServer::OCSPConfig::Produced::kValid),
10916 bssl::OCSPVerifyResult::INVALID_DATE, bssl::OCSPRevocationStatus::UNKNOWN},
10917
10918 // 8
10919 {EmbeddedTestServer::OCSPConfig(
10920 {{bssl::OCSPRevocationStatus::UNKNOWN,
10921 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}},
10922 EmbeddedTestServer::OCSPConfig::Produced::kValid),
10923 bssl::OCSPVerifyResult::PROVIDED, bssl::OCSPRevocationStatus::UNKNOWN},
10924
10925 // 9
10926 {EmbeddedTestServer::OCSPConfig(
10927 {{bssl::OCSPRevocationStatus::UNKNOWN,
10928 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kOld}},
10929 EmbeddedTestServer::OCSPConfig::Produced::kValid),
10930 bssl::OCSPVerifyResult::INVALID_DATE, bssl::OCSPRevocationStatus::UNKNOWN},
10931
10932 // 10
10933 {EmbeddedTestServer::OCSPConfig(
10934 {{bssl::OCSPRevocationStatus::UNKNOWN,
10935 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kEarly}},
10936 EmbeddedTestServer::OCSPConfig::Produced::kValid),
10937 bssl::OCSPVerifyResult::INVALID_DATE, bssl::OCSPRevocationStatus::UNKNOWN},
10938
10939 // 11
10940 {EmbeddedTestServer::OCSPConfig(
10941 {{bssl::OCSPRevocationStatus::GOOD,
10942 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}},
10943 EmbeddedTestServer::OCSPConfig::Produced::kBeforeCert),
10944 bssl::OCSPVerifyResult::BAD_PRODUCED_AT,
10945 bssl::OCSPRevocationStatus::UNKNOWN},
10946
10947 // 12
10948 {EmbeddedTestServer::OCSPConfig(
10949 {{bssl::OCSPRevocationStatus::GOOD,
10950 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}},
10951 EmbeddedTestServer::OCSPConfig::Produced::kAfterCert),
10952 bssl::OCSPVerifyResult::BAD_PRODUCED_AT,
10953 bssl::OCSPRevocationStatus::UNKNOWN},
10954
10955 // 13
10956 {EmbeddedTestServer::OCSPConfig(
10957 {{bssl::OCSPRevocationStatus::GOOD,
10958 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kOld},
10959 {bssl::OCSPRevocationStatus::GOOD,
10960 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}},
10961 EmbeddedTestServer::OCSPConfig::Produced::kValid),
10962 bssl::OCSPVerifyResult::PROVIDED, bssl::OCSPRevocationStatus::GOOD},
10963
10964 // 14
10965 {EmbeddedTestServer::OCSPConfig(
10966 {{bssl::OCSPRevocationStatus::GOOD,
10967 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kEarly},
10968 {bssl::OCSPRevocationStatus::GOOD,
10969 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}},
10970 EmbeddedTestServer::OCSPConfig::Produced::kValid),
10971 bssl::OCSPVerifyResult::PROVIDED, bssl::OCSPRevocationStatus::GOOD},
10972
10973 // 15
10974 {EmbeddedTestServer::OCSPConfig(
10975 {{bssl::OCSPRevocationStatus::GOOD,
10976 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kLong},
10977 {bssl::OCSPRevocationStatus::GOOD,
10978 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}},
10979 EmbeddedTestServer::OCSPConfig::Produced::kValid),
10980 bssl::OCSPVerifyResult::PROVIDED, bssl::OCSPRevocationStatus::GOOD},
10981
10982 // 16
10983 {EmbeddedTestServer::OCSPConfig(
10984 {{bssl::OCSPRevocationStatus::GOOD,
10985 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kEarly},
10986 {bssl::OCSPRevocationStatus::GOOD,
10987 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kOld},
10988 {bssl::OCSPRevocationStatus::GOOD,
10989 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kLong}},
10990 EmbeddedTestServer::OCSPConfig::Produced::kValid),
10991 bssl::OCSPVerifyResult::INVALID_DATE, bssl::OCSPRevocationStatus::UNKNOWN},
10992
10993 // 17
10994 {EmbeddedTestServer::OCSPConfig(
10995 {{bssl::OCSPRevocationStatus::UNKNOWN,
10996 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid},
10997 {bssl::OCSPRevocationStatus::REVOKED,
10998 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid},
10999 {bssl::OCSPRevocationStatus::GOOD,
11000 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}},
11001 EmbeddedTestServer::OCSPConfig::Produced::kValid),
11002 bssl::OCSPVerifyResult::PROVIDED, bssl::OCSPRevocationStatus::REVOKED},
11003
11004 // 18
11005 {EmbeddedTestServer::OCSPConfig(
11006 {{bssl::OCSPRevocationStatus::UNKNOWN,
11007 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid},
11008 {bssl::OCSPRevocationStatus::GOOD,
11009 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}},
11010 EmbeddedTestServer::OCSPConfig::Produced::kValid),
11011 bssl::OCSPVerifyResult::PROVIDED, bssl::OCSPRevocationStatus::UNKNOWN},
11012
11013 // 19
11014 {EmbeddedTestServer::OCSPConfig(
11015 {{bssl::OCSPRevocationStatus::UNKNOWN,
11016 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid},
11017 {bssl::OCSPRevocationStatus::REVOKED,
11018 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kLong},
11019 {bssl::OCSPRevocationStatus::GOOD,
11020 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}},
11021 EmbeddedTestServer::OCSPConfig::Produced::kValid),
11022 bssl::OCSPVerifyResult::PROVIDED, bssl::OCSPRevocationStatus::UNKNOWN},
11023
11024 // 20
11025 {EmbeddedTestServer::OCSPConfig(
11026 {{bssl::OCSPRevocationStatus::GOOD,
11027 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid,
11028 EmbeddedTestServer::OCSPConfig::SingleResponse::Serial::kMismatch}},
11029 EmbeddedTestServer::OCSPConfig::Produced::kValid),
11030 bssl::OCSPVerifyResult::NO_MATCHING_RESPONSE,
11031 bssl::OCSPRevocationStatus::UNKNOWN},
11032
11033 // 21
11034 {EmbeddedTestServer::OCSPConfig(
11035 {{bssl::OCSPRevocationStatus::GOOD,
11036 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kEarly,
11037 EmbeddedTestServer::OCSPConfig::SingleResponse::Serial::kMismatch}},
11038 EmbeddedTestServer::OCSPConfig::Produced::kValid),
11039 bssl::OCSPVerifyResult::NO_MATCHING_RESPONSE,
11040 bssl::OCSPRevocationStatus::UNKNOWN},
11041
11042 // 22
11043 {EmbeddedTestServer::OCSPConfig(
11044 {{bssl::OCSPRevocationStatus::REVOKED,
11045 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}},
11046 EmbeddedTestServer::OCSPConfig::Produced::kValid),
11047 bssl::OCSPVerifyResult::PROVIDED, bssl::OCSPRevocationStatus::REVOKED},
11048
11049 // 23
11050 {EmbeddedTestServer::OCSPConfig(
11051 {{bssl::OCSPRevocationStatus::REVOKED,
11052 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kOld}},
11053 EmbeddedTestServer::OCSPConfig::Produced::kValid),
11054 bssl::OCSPVerifyResult::INVALID_DATE, bssl::OCSPRevocationStatus::UNKNOWN},
11055
11056 // 24
11057 {EmbeddedTestServer::OCSPConfig(
11058 {{bssl::OCSPRevocationStatus::REVOKED,
11059 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kLong}},
11060 EmbeddedTestServer::OCSPConfig::Produced::kValid),
11061 bssl::OCSPVerifyResult::INVALID_DATE, bssl::OCSPRevocationStatus::UNKNOWN},
11062 };
11063
11064 class HTTPSOCSPVerifyTest
11065 : public HTTPSOCSPTest,
11066 public testing::WithParamInterface<OCSPVerifyTestData> {};
11067
TEST_P(HTTPSOCSPVerifyTest,VerifyResult)11068 TEST_P(HTTPSOCSPVerifyTest, VerifyResult) {
11069 OCSPVerifyTestData test = GetParam();
11070
11071 scoped_refptr<X509Certificate> root_cert =
11072 ImportCertFromFile(GetTestCertsDirectory(), "root_ca_cert.pem");
11073 ASSERT_TRUE(root_cert);
11074 ScopedTestKnownRoot scoped_known_root(root_cert.get());
11075
11076 EmbeddedTestServer::ServerCertificateConfig cert_config;
11077 cert_config.stapled_ocsp_config = test.ocsp_config;
11078 cert_config.dns_names = {"example.com"};
11079
11080 SSLInfo ssl_info;
11081 OCSPErrorTestDelegate delegate;
11082 ASSERT_NO_FATAL_FAILURE(DoConnectionWithDelegate("example.com", cert_config,
11083 &delegate, &ssl_info));
11084
11085 // The SSLInfo must be extracted from |delegate| on error, due to how
11086 // URLRequest caches certificate errors.
11087 if (delegate.have_certificate_errors()) {
11088 ASSERT_TRUE(delegate.on_ssl_certificate_error_called());
11089 ssl_info = delegate.ssl_info();
11090 }
11091
11092 EXPECT_EQ(test.expected_response_status,
11093 ssl_info.ocsp_result.response_status);
11094
11095 if (test.expected_response_status == bssl::OCSPVerifyResult::PROVIDED) {
11096 EXPECT_EQ(test.expected_cert_status,
11097 ssl_info.ocsp_result.revocation_status);
11098 }
11099 }
11100
11101 INSTANTIATE_TEST_SUITE_P(OCSPVerify,
11102 HTTPSOCSPVerifyTest,
11103 testing::ValuesIn(kOCSPVerifyData));
11104
11105 class HTTPSAIATest : public HTTPSCertNetFetchingTest {};
11106
TEST_F(HTTPSAIATest,AIAFetching)11107 TEST_F(HTTPSAIATest, AIAFetching) {
11108 EmbeddedTestServer test_server(EmbeddedTestServer::TYPE_HTTPS);
11109 EmbeddedTestServer::ServerCertificateConfig cert_config;
11110 cert_config.intermediate = EmbeddedTestServer::IntermediateType::kByAIA;
11111 test_server.SetSSLConfig(cert_config);
11112 RegisterDefaultHandlers(&test_server);
11113 ASSERT_TRUE(test_server.Start());
11114
11115 TestDelegate d;
11116 d.set_allow_certificate_errors(true);
11117 std::unique_ptr<URLRequest> r(context_->CreateRequest(
11118 test_server.GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d,
11119 TRAFFIC_ANNOTATION_FOR_TESTS));
11120
11121 r->Start();
11122 EXPECT_TRUE(r->is_pending());
11123
11124 d.RunUntilComplete();
11125
11126 EXPECT_EQ(1, d.response_started_count());
11127
11128 CertStatus cert_status = r->ssl_info().cert_status;
11129 EXPECT_EQ(OK, d.request_status());
11130 EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS);
11131 ASSERT_TRUE(r->ssl_info().cert);
11132 EXPECT_EQ(2u, r->ssl_info().cert->intermediate_buffers().size());
11133 ASSERT_TRUE(r->ssl_info().unverified_cert);
11134 EXPECT_EQ(0u, r->ssl_info().unverified_cert->intermediate_buffers().size());
11135 }
11136
11137 class HTTPSHardFailTest : public HTTPSOCSPTest {
11138 protected:
GetCertVerifierConfig()11139 CertVerifier::Config GetCertVerifierConfig() override {
11140 CertVerifier::Config config;
11141 config.require_rev_checking_local_anchors = true;
11142 return config;
11143 }
11144 };
11145
TEST_F(HTTPSHardFailTest,Valid)11146 TEST_F(HTTPSHardFailTest, Valid) {
11147 if (!SystemSupportsOCSP()) {
11148 LOG(WARNING) << "Skipping test because system doesn't support OCSP";
11149 return;
11150 }
11151
11152 if (!SystemSupportsHardFailRevocationChecking()) {
11153 LOG(WARNING) << "Skipping test because system doesn't support hard fail "
11154 << "revocation checking";
11155 return;
11156 }
11157
11158 EmbeddedTestServer::ServerCertificateConfig cert_config;
11159 cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig(
11160 {{bssl::OCSPRevocationStatus::GOOD,
11161 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}});
11162
11163 CertStatus cert_status;
11164 DoConnection(cert_config, &cert_status);
11165
11166 EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS);
11167 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
11168 }
11169
TEST_F(HTTPSHardFailTest,Revoked)11170 TEST_F(HTTPSHardFailTest, Revoked) {
11171 if (!SystemSupportsOCSP()) {
11172 LOG(WARNING) << "Skipping test because system doesn't support OCSP";
11173 return;
11174 }
11175
11176 if (!SystemSupportsHardFailRevocationChecking()) {
11177 LOG(WARNING) << "Skipping test because system doesn't support hard fail "
11178 << "revocation checking";
11179 return;
11180 }
11181
11182 EmbeddedTestServer::ServerCertificateConfig cert_config;
11183 cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig(
11184 {{bssl::OCSPRevocationStatus::REVOKED,
11185 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}});
11186
11187 CertStatus cert_status;
11188 DoConnection(cert_config, &cert_status);
11189
11190 EXPECT_EQ(CERT_STATUS_REVOKED, cert_status & CERT_STATUS_ALL_ERRORS);
11191 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV);
11192 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
11193 }
11194
TEST_F(HTTPSHardFailTest,FailsOnOCSPInvalid)11195 TEST_F(HTTPSHardFailTest, FailsOnOCSPInvalid) {
11196 if (!SystemSupportsOCSP()) {
11197 LOG(WARNING) << "Skipping test because system doesn't support OCSP";
11198 return;
11199 }
11200
11201 if (!SystemSupportsHardFailRevocationChecking()) {
11202 LOG(WARNING) << "Skipping test because system doesn't support hard fail "
11203 << "revocation checking";
11204 return;
11205 }
11206
11207 EmbeddedTestServer::ServerCertificateConfig cert_config;
11208 cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig(
11209 EmbeddedTestServer::OCSPConfig::ResponseType::kInvalidResponse);
11210
11211 CertStatus cert_status;
11212 DoConnection(cert_config, &cert_status);
11213
11214 EXPECT_EQ(CERT_STATUS_UNABLE_TO_CHECK_REVOCATION,
11215 cert_status & CERT_STATUS_ALL_ERRORS);
11216 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
11217 }
11218
TEST_F(HTTPSHardFailTest,IntermediateResponseOldButStillValid)11219 TEST_F(HTTPSHardFailTest, IntermediateResponseOldButStillValid) {
11220 if (!SystemSupportsOCSP()) {
11221 LOG(WARNING) << "Skipping test because system doesn't support OCSP";
11222 return;
11223 }
11224
11225 if (!SystemSupportsHardFailRevocationChecking()) {
11226 LOG(WARNING) << "Skipping test because system doesn't support hard fail "
11227 << "revocation checking";
11228 return;
11229 }
11230
11231 EmbeddedTestServer::ServerCertificateConfig cert_config;
11232 cert_config.intermediate = EmbeddedTestServer::IntermediateType::kInHandshake;
11233 cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig(
11234 {{bssl::OCSPRevocationStatus::GOOD,
11235 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}});
11236 // Use an OCSP response for the intermediate that would be too old for a leaf
11237 // cert, but is still valid for an intermediate.
11238 cert_config.intermediate_ocsp_config = EmbeddedTestServer::OCSPConfig(
11239 {{bssl::OCSPRevocationStatus::GOOD,
11240 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kLong}});
11241
11242 CertStatus cert_status;
11243 DoConnection(cert_config, &cert_status);
11244
11245 EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS);
11246 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
11247 }
11248
TEST_F(HTTPSHardFailTest,IntermediateResponseTooOld)11249 TEST_F(HTTPSHardFailTest, IntermediateResponseTooOld) {
11250 if (!SystemSupportsOCSP()) {
11251 LOG(WARNING) << "Skipping test because system doesn't support OCSP";
11252 return;
11253 }
11254
11255 if (!SystemSupportsHardFailRevocationChecking()) {
11256 LOG(WARNING) << "Skipping test because system doesn't support hard fail "
11257 << "revocation checking";
11258 return;
11259 }
11260
11261 EmbeddedTestServer::ServerCertificateConfig cert_config;
11262 cert_config.intermediate = EmbeddedTestServer::IntermediateType::kInHandshake;
11263 cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig(
11264 {{bssl::OCSPRevocationStatus::GOOD,
11265 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}});
11266 // Use an OCSP response for the intermediate that is too old according to
11267 // BRs, but is fine for a locally trusted root.
11268 cert_config.intermediate_ocsp_config = EmbeddedTestServer::OCSPConfig(
11269 {{bssl::OCSPRevocationStatus::GOOD,
11270 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kLonger}});
11271
11272 CertStatus cert_status;
11273 DoConnection(cert_config, &cert_status);
11274
11275 EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS);
11276 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
11277 }
11278
TEST_F(HTTPSHardFailTest,ValidStapled)11279 TEST_F(HTTPSHardFailTest, ValidStapled) {
11280 if (!SystemSupportsOCSPStapling()) {
11281 LOG(WARNING)
11282 << "Skipping test because system doesn't support OCSP stapling";
11283 return;
11284 }
11285
11286 if (!SystemSupportsHardFailRevocationChecking()) {
11287 LOG(WARNING) << "Skipping test because system doesn't support hard fail "
11288 << "revocation checking";
11289 return;
11290 }
11291
11292 EmbeddedTestServer::ServerCertificateConfig cert_config;
11293
11294 // AIA OCSP url is included, but does not return a successful ocsp response.
11295 cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig(
11296 EmbeddedTestServer::OCSPConfig::ResponseType::kTryLater);
11297
11298 cert_config.stapled_ocsp_config = EmbeddedTestServer::OCSPConfig(
11299 {{bssl::OCSPRevocationStatus::GOOD,
11300 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}});
11301
11302 CertStatus cert_status;
11303 DoConnection(cert_config, &cert_status);
11304
11305 EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS);
11306 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
11307 }
11308
TEST_F(HTTPSHardFailTest,RevokedStapled)11309 TEST_F(HTTPSHardFailTest, RevokedStapled) {
11310 if (!SystemSupportsOCSPStapling()) {
11311 LOG(WARNING)
11312 << "Skipping test because system doesn't support OCSP stapling";
11313 return;
11314 }
11315
11316 if (!SystemSupportsHardFailRevocationChecking()) {
11317 LOG(WARNING) << "Skipping test because system doesn't support hard fail "
11318 << "revocation checking";
11319 return;
11320 }
11321
11322 EmbeddedTestServer::ServerCertificateConfig cert_config;
11323
11324 // AIA OCSP url is included, but does not return a successful ocsp response.
11325 cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig(
11326 EmbeddedTestServer::OCSPConfig::ResponseType::kTryLater);
11327
11328 cert_config.stapled_ocsp_config = EmbeddedTestServer::OCSPConfig(
11329 {{bssl::OCSPRevocationStatus::REVOKED,
11330 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}});
11331
11332 CertStatus cert_status;
11333 DoConnection(cert_config, &cert_status);
11334
11335 EXPECT_EQ(CERT_STATUS_REVOKED, cert_status & CERT_STATUS_ALL_ERRORS);
11336 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
11337 }
11338
TEST_F(HTTPSHardFailTest,OldStapledAndInvalidAIA)11339 TEST_F(HTTPSHardFailTest, OldStapledAndInvalidAIA) {
11340 if (!SystemSupportsOCSPStapling()) {
11341 LOG(WARNING)
11342 << "Skipping test because system doesn't support OCSP stapling";
11343 return;
11344 }
11345
11346 if (!SystemSupportsHardFailRevocationChecking()) {
11347 LOG(WARNING) << "Skipping test because system doesn't support hard fail "
11348 << "revocation checking";
11349 return;
11350 }
11351
11352 EmbeddedTestServer::ServerCertificateConfig cert_config;
11353
11354 // Stapled response indicates good, but is too old.
11355 cert_config.stapled_ocsp_config = EmbeddedTestServer::OCSPConfig(
11356 {{bssl::OCSPRevocationStatus::GOOD,
11357 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kOld}});
11358
11359 // AIA OCSP url is included, but does not return a successful ocsp response.
11360 cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig(
11361 EmbeddedTestServer::OCSPConfig::ResponseType::kTryLater);
11362
11363 CertStatus cert_status;
11364 DoConnection(cert_config, &cert_status);
11365
11366 EXPECT_EQ(CERT_STATUS_UNABLE_TO_CHECK_REVOCATION,
11367 cert_status & CERT_STATUS_ALL_ERRORS);
11368 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
11369 }
11370
TEST_F(HTTPSHardFailTest,OldStapledButValidAIA)11371 TEST_F(HTTPSHardFailTest, OldStapledButValidAIA) {
11372 if (!SystemSupportsOCSPStapling()) {
11373 LOG(WARNING)
11374 << "Skipping test because system doesn't support OCSP stapling";
11375 return;
11376 }
11377
11378 if (!SystemSupportsHardFailRevocationChecking()) {
11379 LOG(WARNING) << "Skipping test because system doesn't support hard fail "
11380 << "revocation checking";
11381 return;
11382 }
11383
11384 EmbeddedTestServer::ServerCertificateConfig cert_config;
11385
11386 // Stapled response indicates good, but response is too old.
11387 cert_config.stapled_ocsp_config = EmbeddedTestServer::OCSPConfig(
11388 {{bssl::OCSPRevocationStatus::GOOD,
11389 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kOld}});
11390
11391 // AIA OCSP url is included, and returns a successful ocsp response.
11392 cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig(
11393 {{bssl::OCSPRevocationStatus::GOOD,
11394 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}});
11395
11396 CertStatus cert_status;
11397 DoConnection(cert_config, &cert_status);
11398
11399 EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS);
11400 EXPECT_TRUE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
11401 }
11402
11403 class HTTPSCRLSetTest : public HTTPSCertNetFetchingTest {};
11404
TEST_F(HTTPSCRLSetTest,ExpiredCRLSet)11405 TEST_F(HTTPSCRLSetTest, ExpiredCRLSet) {
11406 EmbeddedTestServer::ServerCertificateConfig cert_config;
11407 cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig(
11408 EmbeddedTestServer::OCSPConfig::ResponseType::kInvalidResponse);
11409
11410 UpdateCertVerifier(CRLSet::ExpiredCRLSetForTesting());
11411
11412 CertStatus cert_status;
11413 DoConnection(cert_config, &cert_status);
11414
11415 // If we're not trying EV verification then, even if the CRLSet has expired,
11416 // we don't fall back to online revocation checks.
11417 EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS);
11418 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV);
11419 EXPECT_FALSE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
11420 }
11421
TEST_F(HTTPSCRLSetTest,ExpiredCRLSetAndRevoked)11422 TEST_F(HTTPSCRLSetTest, ExpiredCRLSetAndRevoked) {
11423 // Test that when online revocation checking is disabled, and the leaf
11424 // certificate is not EV, that no revocation checking actually happens.
11425 if (!SystemSupportsOCSP()) {
11426 LOG(WARNING) << "Skipping test because system doesn't support OCSP";
11427 return;
11428 }
11429
11430 EmbeddedTestServer::ServerCertificateConfig cert_config;
11431 cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig(
11432 {{bssl::OCSPRevocationStatus::REVOKED,
11433 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}});
11434
11435 UpdateCertVerifier(CRLSet::ExpiredCRLSetForTesting());
11436
11437 CertStatus cert_status;
11438 DoConnection(cert_config, &cert_status);
11439
11440 EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS);
11441
11442 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV);
11443 EXPECT_FALSE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
11444 }
11445
TEST_F(HTTPSCRLSetTest,CRLSetRevoked)11446 TEST_F(HTTPSCRLSetTest, CRLSetRevoked) {
11447 if (!SystemSupportsCRLSets()) {
11448 LOG(WARNING) << "Skipping test because system doesn't support CRLSets";
11449 return;
11450 }
11451
11452 EmbeddedTestServer test_server(EmbeddedTestServer::TYPE_HTTPS);
11453 EmbeddedTestServer::ServerCertificateConfig cert_config;
11454 cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig(
11455 {{bssl::OCSPRevocationStatus::GOOD,
11456 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}});
11457 test_server.SetSSLConfig(cert_config);
11458 RegisterDefaultHandlers(&test_server);
11459 ASSERT_TRUE(test_server.Start());
11460
11461 CertVerifier::Config cert_verifier_config = GetCertVerifierConfig();
11462 SHA256HashValue root_cert_spki_hash;
11463 ASSERT_TRUE(GetTestRootCertSPKIHash(&root_cert_spki_hash));
11464 auto crl_set =
11465 CRLSet::ForTesting(false, &root_cert_spki_hash,
11466 test_server.GetCertificate()->serial_number(), "", {});
11467 ASSERT_TRUE(crl_set);
11468 UpdateCertVerifier(crl_set);
11469
11470 TestDelegate d;
11471 d.set_allow_certificate_errors(true);
11472 std::unique_ptr<URLRequest> r(context_->CreateRequest(
11473 test_server.GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d,
11474 TRAFFIC_ANNOTATION_FOR_TESTS));
11475 r->Start();
11476 EXPECT_TRUE(r->is_pending());
11477 d.RunUntilComplete();
11478 EXPECT_EQ(1, d.response_started_count());
11479 CertStatus cert_status = r->ssl_info().cert_status;
11480
11481 // If the certificate is recorded as revoked in the CRLSet, that should be
11482 // reflected without online revocation checking.
11483 EXPECT_EQ(CERT_STATUS_REVOKED, cert_status & CERT_STATUS_ALL_ERRORS);
11484 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV);
11485 EXPECT_FALSE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
11486 }
11487
TEST_F(HTTPSCRLSetTest,CRLSetRevokedBySubject)11488 TEST_F(HTTPSCRLSetTest, CRLSetRevokedBySubject) {
11489 if (!SystemSupportsCRLSets()) {
11490 LOG(WARNING) << "Skipping test because system doesn't support CRLSets";
11491 return;
11492 }
11493
11494 EmbeddedTestServer test_server(EmbeddedTestServer::TYPE_HTTPS);
11495 EmbeddedTestServer::ServerCertificateConfig cert_config;
11496 cert_config.ocsp_config = EmbeddedTestServer::OCSPConfig(
11497 {{bssl::OCSPRevocationStatus::GOOD,
11498 EmbeddedTestServer::OCSPConfig::SingleResponse::Date::kValid}});
11499 test_server.SetSSLConfig(cert_config);
11500 RegisterDefaultHandlers(&test_server);
11501 ASSERT_TRUE(test_server.Start());
11502
11503 std::string common_name = test_server.GetCertificate()->subject().common_name;
11504
11505 {
11506 auto crl_set = CRLSet::ForTesting(false, nullptr, "", common_name, {});
11507 ASSERT_TRUE(crl_set);
11508 UpdateCertVerifier(crl_set);
11509
11510 TestDelegate d;
11511 d.set_allow_certificate_errors(true);
11512 std::unique_ptr<URLRequest> r(context_->CreateRequest(
11513 test_server.GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d,
11514 TRAFFIC_ANNOTATION_FOR_TESTS));
11515 r->Start();
11516 EXPECT_TRUE(r->is_pending());
11517 d.RunUntilComplete();
11518 EXPECT_EQ(1, d.response_started_count());
11519 CertStatus cert_status = r->ssl_info().cert_status;
11520
11521 // If the certificate is recorded as revoked in the CRLSet, that should be
11522 // reflected without online revocation checking.
11523 EXPECT_EQ(CERT_STATUS_REVOKED, cert_status & CERT_STATUS_ALL_ERRORS);
11524 EXPECT_FALSE(cert_status & CERT_STATUS_IS_EV);
11525 EXPECT_FALSE(cert_status & CERT_STATUS_REV_CHECKING_ENABLED);
11526 }
11527
11528 HashValue spki_hash_value;
11529 ASSERT_TRUE(x509_util::CalculateSha256SpkiHash(
11530 test_server.GetCertificate()->cert_buffer(), &spki_hash_value));
11531 std::string spki_hash(spki_hash_value.data(),
11532 spki_hash_value.data() + spki_hash_value.size());
11533 {
11534 auto crl_set =
11535 CRLSet::ForTesting(false, nullptr, "", common_name, {spki_hash});
11536 ASSERT_TRUE(crl_set);
11537 UpdateCertVerifier(crl_set);
11538
11539 TestDelegate d;
11540 d.set_allow_certificate_errors(true);
11541 std::unique_ptr<URLRequest> r(context_->CreateRequest(
11542 test_server.GetURL("/defaultresponse"), DEFAULT_PRIORITY, &d,
11543 TRAFFIC_ANNOTATION_FOR_TESTS));
11544 r->Start();
11545 EXPECT_TRUE(r->is_pending());
11546 d.RunUntilComplete();
11547 EXPECT_EQ(1, d.response_started_count());
11548 CertStatus cert_status = r->ssl_info().cert_status;
11549
11550 // When the correct SPKI hash is specified in
11551 // |acceptable_spki_hashes_for_cn|, the connection should succeed even
11552 // though the subject is listed in the CRLSet.
11553 EXPECT_EQ(0u, cert_status & CERT_STATUS_ALL_ERRORS);
11554 }
11555 }
11556
11557 using HTTPSLocalCRLSetTest = TestWithTaskEnvironment;
11558
11559 // Use a real CertVerifier to attempt to connect to the TestServer, and ensure
11560 // that when a CRLSet is provided that marks a given SPKI (the TestServer's
11561 // root SPKI) as known for interception, that it's adequately flagged.
TEST_F(HTTPSLocalCRLSetTest,KnownInterceptionBlocked)11562 TEST_F(HTTPSLocalCRLSetTest, KnownInterceptionBlocked) {
11563 auto cert_verifier = CertVerifier::CreateDefaultWithoutCaching(
11564 /*cert_net_fetcher=*/nullptr);
11565 CertVerifierWithUpdatableProc* updatable_cert_verifier_ = cert_verifier.get();
11566
11567 auto context_builder = CreateTestURLRequestContextBuilder();
11568 context_builder->SetCertVerifier(std::make_unique<CachingCertVerifier>(
11569 std::make_unique<CoalescingCertVerifier>(std::move(cert_verifier))));
11570 auto context = context_builder->Build();
11571
11572 // Verify the connection succeeds without being flagged.
11573 EmbeddedTestServer https_server(EmbeddedTestServer::TYPE_HTTPS);
11574 RegisterDefaultHandlers(&https_server);
11575 https_server.SetSSLConfig(EmbeddedTestServer::CERT_OK_BY_INTERMEDIATE);
11576 ASSERT_TRUE(https_server.Start());
11577
11578 {
11579 TestDelegate d;
11580 std::unique_ptr<URLRequest> req(
11581 context->CreateRequest(https_server.GetURL("/"), DEFAULT_PRIORITY, &d,
11582 TRAFFIC_ANNOTATION_FOR_TESTS));
11583 req->Start();
11584 d.RunUntilComplete();
11585
11586 EXPECT_EQ(1, d.response_started_count());
11587 EXPECT_FALSE(d.request_failed());
11588 EXPECT_FALSE(d.have_certificate_errors());
11589 EXPECT_FALSE(req->ssl_info().cert_status &
11590 CERT_STATUS_KNOWN_INTERCEPTION_BLOCKED);
11591 }
11592
11593 // Configure a CRL that will mark |root_ca_cert| as a blocked interception
11594 // root.
11595 std::string crl_set_bytes;
11596 net::CertVerifyProc::ImplParams params;
11597 ASSERT_TRUE(
11598 base::ReadFileToString(GetTestCertsDirectory().AppendASCII(
11599 "crlset_blocked_interception_by_root.raw"),
11600 &crl_set_bytes));
11601 ASSERT_TRUE(CRLSet::Parse(crl_set_bytes, ¶ms.crl_set));
11602
11603 updatable_cert_verifier_->UpdateVerifyProcData(
11604 /*cert_net_fetcher=*/nullptr, params, {});
11605
11606 // Verify the connection fails as being a known interception root.
11607 {
11608 TestDelegate d;
11609 d.set_allow_certificate_errors(true);
11610 std::unique_ptr<URLRequest> req(
11611 context->CreateRequest(https_server.GetURL("/"), DEFAULT_PRIORITY, &d,
11612 TRAFFIC_ANNOTATION_FOR_TESTS));
11613 req->Start();
11614 d.RunUntilComplete();
11615
11616 EXPECT_EQ(1, d.response_started_count());
11617 EXPECT_FALSE(d.request_failed());
11618 if (SystemSupportsCRLSets()) {
11619 EXPECT_TRUE(d.have_certificate_errors());
11620 EXPECT_FALSE(d.certificate_errors_are_fatal());
11621 EXPECT_EQ(ERR_CERT_KNOWN_INTERCEPTION_BLOCKED, d.certificate_net_error());
11622 EXPECT_TRUE(req->ssl_info().cert_status &
11623 CERT_STATUS_KNOWN_INTERCEPTION_BLOCKED);
11624 } else {
11625 EXPECT_FALSE(d.have_certificate_errors());
11626 EXPECT_TRUE(req->ssl_info().cert_status &
11627 CERT_STATUS_KNOWN_INTERCEPTION_DETECTED);
11628 }
11629 }
11630 }
11631
TEST_F(HTTPSLocalCRLSetTest,InterceptionBlockedAllowOverrideOnHSTS)11632 TEST_F(HTTPSLocalCRLSetTest, InterceptionBlockedAllowOverrideOnHSTS) {
11633 constexpr char kHSTSHost[] = "include-subdomains-hsts-preloaded.test";
11634 constexpr char kHSTSSubdomainWithKnownInterception[] =
11635 "www.include-subdomains-hsts-preloaded.test";
11636
11637 EmbeddedTestServer https_server(net::EmbeddedTestServer::TYPE_HTTPS);
11638 https_server.SetSSLConfig(net::EmbeddedTestServer::CERT_OK_BY_INTERMEDIATE);
11639 https_server.ServeFilesFromSourceDirectory(base::FilePath(kTestFilePath));
11640 ASSERT_TRUE(https_server.Start());
11641
11642 // Configure the CertVerifier to simulate:
11643 // - For the test server host, that the certificate is issued by an
11644 // unknown authority; this SHOULD NOT be a fatal error when signaled
11645 // to the delegate.
11646 // - For |kHSTSHost|, that the certificate is issued by an unknown
11647 // authority; this SHOULD be a fatal error.
11648 // Combined, these two states represent the baseline: non-fatal for non-HSTS
11649 // hosts, fatal for HSTS host.
11650 // - For |kHSTSSubdomainWithKnownInterception|, that the certificate is
11651 // issued by a known interception cert. This SHOULD be an error, but
11652 // SHOULD NOT be a fatal error
11653 auto cert_verifier = std::make_unique<MockCertVerifier>();
11654
11655 scoped_refptr<X509Certificate> cert = https_server.GetCertificate();
11656 ASSERT_TRUE(cert);
11657
11658 HashValue filler_hash;
11659 ASSERT_TRUE(filler_hash.FromString(
11660 "sha256/3333333333333333333333333333333333333333333="));
11661
11662 CertVerifyResult fake_result;
11663 fake_result.verified_cert = cert;
11664 fake_result.is_issued_by_known_root = false;
11665
11666 // Configure for the test server's default host.
11667 CertVerifyResult test_result = fake_result;
11668 test_result.public_key_hashes.push_back(filler_hash);
11669 test_result.cert_status |= CERT_STATUS_AUTHORITY_INVALID;
11670 cert_verifier->AddResultForCertAndHost(
11671 cert.get(), https_server.host_port_pair().host(), test_result,
11672 ERR_CERT_AUTHORITY_INVALID);
11673
11674 // Configure for kHSTSHost.
11675 CertVerifyResult sts_base_result = fake_result;
11676 sts_base_result.public_key_hashes.push_back(filler_hash);
11677 sts_base_result.cert_status |= CERT_STATUS_AUTHORITY_INVALID;
11678 cert_verifier->AddResultForCertAndHost(cert.get(), kHSTSHost, sts_base_result,
11679 ERR_CERT_AUTHORITY_INVALID);
11680
11681 // Configure for kHSTSSubdomainWithKnownInterception
11682 CertVerifyResult sts_sub_result = fake_result;
11683 SHA256HashValue root_hash;
11684 ASSERT_TRUE(GetTestRootCertSPKIHash(&root_hash));
11685 sts_sub_result.public_key_hashes.push_back(HashValue(root_hash));
11686 sts_sub_result.cert_status |=
11687 CERT_STATUS_REVOKED | CERT_STATUS_KNOWN_INTERCEPTION_BLOCKED;
11688 cert_verifier->AddResultForCertAndHost(
11689 cert.get(), kHSTSSubdomainWithKnownInterception, sts_sub_result,
11690 ERR_CERT_KNOWN_INTERCEPTION_BLOCKED);
11691
11692 // Configure the initial context.
11693 auto context_builder = CreateTestURLRequestContextBuilder();
11694 context_builder->SetCertVerifier(std::move(cert_verifier));
11695 auto context = context_builder->Build();
11696
11697 // Enable preloaded HSTS for |kHSTSHost|.
11698 ASSERT_TRUE(context->transport_security_state());
11699 TransportSecurityState& security_state = *context->transport_security_state();
11700 security_state.EnableStaticPinsForTesting();
11701 security_state.SetPinningListAlwaysTimelyForTesting(true);
11702 SetTransportSecurityStateSourceForTesting(&test_default::kHSTSSource);
11703
11704 // Connect to the test server and see the certificate error flagged, but
11705 // not fatal.
11706 {
11707 TestDelegate d;
11708 std::unique_ptr<URLRequest> req(
11709 context->CreateRequest(https_server.GetURL("/"), DEFAULT_PRIORITY, &d,
11710 TRAFFIC_ANNOTATION_FOR_TESTS));
11711 req->Start();
11712 d.RunUntilComplete();
11713
11714 EXPECT_EQ(1, d.response_started_count());
11715 EXPECT_TRUE(d.request_failed());
11716 EXPECT_TRUE(d.have_certificate_errors());
11717 EXPECT_FALSE(d.certificate_errors_are_fatal());
11718 EXPECT_FALSE(req->ssl_info().cert_status &
11719 CERT_STATUS_KNOWN_INTERCEPTION_BLOCKED);
11720 }
11721
11722 // Connect to kHSTSHost and see the certificate errors are flagged, and are
11723 // fatal.
11724 {
11725 TestDelegate d;
11726 std::unique_ptr<URLRequest> req(context->CreateRequest(
11727 https_server.GetURL(kHSTSHost, "/"), DEFAULT_PRIORITY, &d,
11728 TRAFFIC_ANNOTATION_FOR_TESTS));
11729 req->Start();
11730 d.RunUntilComplete();
11731
11732 EXPECT_EQ(1, d.response_started_count());
11733 EXPECT_TRUE(d.request_failed());
11734 EXPECT_TRUE(d.have_certificate_errors());
11735 EXPECT_TRUE(d.certificate_errors_are_fatal());
11736 EXPECT_FALSE(req->ssl_info().cert_status &
11737 CERT_STATUS_KNOWN_INTERCEPTION_BLOCKED);
11738 }
11739
11740 // Verify the connection fails as being a known interception root.
11741 {
11742 TestDelegate d;
11743 d.set_allow_certificate_errors(true);
11744 std::unique_ptr<URLRequest> req(context->CreateRequest(
11745 https_server.GetURL(kHSTSSubdomainWithKnownInterception, "/"),
11746 DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
11747 req->Start();
11748 d.RunUntilComplete();
11749
11750 EXPECT_EQ(1, d.response_started_count());
11751 EXPECT_FALSE(d.request_failed());
11752 EXPECT_TRUE(d.have_certificate_errors());
11753 EXPECT_FALSE(d.certificate_errors_are_fatal());
11754 EXPECT_EQ(ERR_CERT_KNOWN_INTERCEPTION_BLOCKED, d.certificate_net_error());
11755 EXPECT_TRUE(req->ssl_info().cert_status &
11756 CERT_STATUS_KNOWN_INTERCEPTION_BLOCKED);
11757 }
11758 }
11759 #endif // !BUILDFLAG(IS_IOS)
11760
TEST_F(URLRequestTest,NetworkAccessedSetOnHostResolutionFailure)11761 TEST_F(URLRequestTest, NetworkAccessedSetOnHostResolutionFailure) {
11762 auto context_builder = CreateTestURLRequestContextBuilder();
11763 auto host_resolver = std::make_unique<MockHostResolver>();
11764 host_resolver->rules()->AddSimulatedTimeoutFailure("*");
11765 context_builder->set_host_resolver(std::move(host_resolver));
11766 auto context = context_builder->Build();
11767
11768 TestDelegate d;
11769 std::unique_ptr<URLRequest> req(context->CreateRequest(
11770 GURL("http://test_intercept/foo"), DEFAULT_PRIORITY, &d,
11771 TRAFFIC_ANNOTATION_FOR_TESTS));
11772
11773 EXPECT_FALSE(req->response_info().network_accessed);
11774
11775 req->Start();
11776 d.RunUntilComplete();
11777 EXPECT_TRUE(req->response_info().network_accessed);
11778 EXPECT_THAT(req->response_info().resolve_error_info.error,
11779 IsError(ERR_DNS_TIMED_OUT));
11780 }
11781
11782 // Test that URLRequest is canceled correctly.
11783 // See http://crbug.com/508900
TEST_F(URLRequestTest,URLRequestRedirectJobCancelRequest)11784 TEST_F(URLRequestTest, URLRequestRedirectJobCancelRequest) {
11785 TestDelegate d;
11786 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
11787 GURL("http://not-a-real-domain/"), DEFAULT_PRIORITY, &d,
11788 TRAFFIC_ANNOTATION_FOR_TESTS));
11789
11790 std::unique_ptr<URLRequestRedirectJob> job =
11791 std::make_unique<URLRequestRedirectJob>(
11792 req.get(), GURL("http://this-should-never-be-navigated-to/"),
11793 RedirectUtil::ResponseCode::REDIRECT_307_TEMPORARY_REDIRECT,
11794 "Jumbo shrimp");
11795 TestScopedURLInterceptor interceptor(req->url(), std::move(job));
11796
11797 req->Start();
11798 req->Cancel();
11799 d.RunUntilComplete();
11800 EXPECT_EQ(ERR_ABORTED, d.request_status());
11801 EXPECT_EQ(0, d.received_redirect_count());
11802 }
11803
11804 #if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_ANDROID) || BUILDFLAG(IS_CHROMEOS)
11805 #define MAYBE_HeadersCallbacks DISABLED_HeadersCallbacks
11806 #else
11807 #define MAYBE_HeadersCallbacks HeadersCallbacks
11808 #endif
TEST_F(URLRequestTestHTTP,MAYBE_HeadersCallbacks)11809 TEST_F(URLRequestTestHTTP, MAYBE_HeadersCallbacks) {
11810 ASSERT_TRUE(http_test_server()->Start());
11811 GURL url(http_test_server()->GetURL("/cachetime"));
11812 TestDelegate delegate;
11813 HttpRequestHeaders extra_headers;
11814 extra_headers.SetHeader("X-Foo", "bar");
11815
11816 {
11817 HttpRawRequestHeaders raw_req_headers;
11818 scoped_refptr<const HttpResponseHeaders> raw_resp_headers;
11819
11820 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
11821 url, DEFAULT_PRIORITY, &delegate, TRAFFIC_ANNOTATION_FOR_TESTS));
11822 r->SetExtraRequestHeaders(extra_headers);
11823 r->SetRequestHeadersCallback(base::BindRepeating(
11824 &HttpRawRequestHeaders::Assign, base::Unretained(&raw_req_headers)));
11825 r->SetResponseHeadersCallback(base::BindRepeating(
11826 [](scoped_refptr<const HttpResponseHeaders>* left,
11827 scoped_refptr<const HttpResponseHeaders> right) { *left = right; },
11828 base::Unretained(&raw_resp_headers)));
11829 r->set_isolation_info(isolation_info1_);
11830 r->Start();
11831 delegate.RunUntilComplete();
11832 EXPECT_FALSE(raw_req_headers.headers().empty());
11833 std::string value;
11834 EXPECT_TRUE(raw_req_headers.FindHeaderForTest("X-Foo", &value));
11835 EXPECT_EQ("bar", value);
11836 EXPECT_TRUE(raw_req_headers.FindHeaderForTest("Accept-Encoding", &value));
11837 EXPECT_EQ("gzip, deflate", value);
11838 EXPECT_TRUE(raw_req_headers.FindHeaderForTest("Connection", &value));
11839 EXPECT_TRUE(raw_req_headers.FindHeaderForTest("Host", &value));
11840 EXPECT_EQ("GET /cachetime HTTP/1.1\r\n", raw_req_headers.request_line());
11841 EXPECT_EQ(raw_resp_headers.get(), r->response_headers());
11842 }
11843 {
11844 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
11845 url, DEFAULT_PRIORITY, &delegate, TRAFFIC_ANNOTATION_FOR_TESTS));
11846 r->SetExtraRequestHeaders(extra_headers);
11847 r->SetRequestHeadersCallback(base::BindRepeating([](HttpRawRequestHeaders) {
11848 FAIL() << "Callback should not be called unless request is sent";
11849 }));
11850 r->SetResponseHeadersCallback(
11851 base::BindRepeating([](scoped_refptr<const HttpResponseHeaders>) {
11852 FAIL() << "Callback should not be called unless request is sent";
11853 }));
11854 r->set_isolation_info(isolation_info1_);
11855 r->Start();
11856 delegate.RunUntilComplete();
11857 EXPECT_TRUE(r->was_cached());
11858 }
11859 }
11860
TEST_F(URLRequestTestHTTP,HeadersCallbacksWithRedirect)11861 TEST_F(URLRequestTestHTTP, HeadersCallbacksWithRedirect) {
11862 ASSERT_TRUE(http_test_server()->Start());
11863 HttpRawRequestHeaders raw_req_headers;
11864 scoped_refptr<const HttpResponseHeaders> raw_resp_headers;
11865
11866 TestDelegate delegate;
11867 HttpRequestHeaders extra_headers;
11868 extra_headers.SetHeader("X-Foo", "bar");
11869 GURL url(http_test_server()->GetURL("/redirect-test.html"));
11870 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
11871 url, DEFAULT_PRIORITY, &delegate, TRAFFIC_ANNOTATION_FOR_TESTS));
11872 r->SetExtraRequestHeaders(extra_headers);
11873 r->SetRequestHeadersCallback(base::BindRepeating(
11874 &HttpRawRequestHeaders::Assign, base::Unretained(&raw_req_headers)));
11875 r->SetResponseHeadersCallback(base::BindRepeating(
11876 [](scoped_refptr<const HttpResponseHeaders>* left,
11877 scoped_refptr<const HttpResponseHeaders> right) { *left = right; },
11878 base::Unretained(&raw_resp_headers)));
11879 r->Start();
11880 delegate.RunUntilRedirect();
11881
11882 ASSERT_EQ(1, delegate.received_redirect_count());
11883 std::string value;
11884 EXPECT_TRUE(raw_req_headers.FindHeaderForTest("X-Foo", &value));
11885 EXPECT_EQ("bar", value);
11886 EXPECT_TRUE(raw_req_headers.FindHeaderForTest("Accept-Encoding", &value));
11887 EXPECT_EQ("gzip, deflate", value);
11888 EXPECT_EQ(1, delegate.received_redirect_count());
11889 EXPECT_EQ("GET /redirect-test.html HTTP/1.1\r\n",
11890 raw_req_headers.request_line());
11891 EXPECT_TRUE(raw_resp_headers->HasHeader("Location"));
11892 EXPECT_EQ(302, raw_resp_headers->response_code());
11893 EXPECT_EQ("Redirect", raw_resp_headers->GetStatusText());
11894
11895 raw_req_headers = HttpRawRequestHeaders();
11896 raw_resp_headers = nullptr;
11897 r->FollowDeferredRedirect(std::nullopt /* removed_headers */,
11898 std::nullopt /* modified_headers */);
11899 delegate.RunUntilComplete();
11900 EXPECT_TRUE(raw_req_headers.FindHeaderForTest("X-Foo", &value));
11901 EXPECT_EQ("bar", value);
11902 EXPECT_TRUE(raw_req_headers.FindHeaderForTest("Accept-Encoding", &value));
11903 EXPECT_EQ("gzip, deflate", value);
11904 EXPECT_EQ("GET /with-headers.html HTTP/1.1\r\n",
11905 raw_req_headers.request_line());
11906 EXPECT_EQ(r->response_headers(), raw_resp_headers.get());
11907 }
11908
TEST_F(URLRequestTest,HeadersCallbacksConnectFailed)11909 TEST_F(URLRequestTest, HeadersCallbacksConnectFailed) {
11910 TestDelegate request_delegate;
11911
11912 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
11913 GURL("http://127.0.0.1:9/"), DEFAULT_PRIORITY, &request_delegate,
11914 TRAFFIC_ANNOTATION_FOR_TESTS));
11915 r->SetRequestHeadersCallback(
11916 base::BindRepeating([](net::HttpRawRequestHeaders) {
11917 FAIL() << "Callback should not be called unless request is sent";
11918 }));
11919 r->SetResponseHeadersCallback(
11920 base::BindRepeating([](scoped_refptr<const net::HttpResponseHeaders>) {
11921 FAIL() << "Callback should not be called unless request is sent";
11922 }));
11923 r->Start();
11924 request_delegate.RunUntilComplete();
11925 EXPECT_FALSE(r->is_pending());
11926 }
11927
TEST_F(URLRequestTestHTTP,HeadersCallbacksAuthRetry)11928 TEST_F(URLRequestTestHTTP, HeadersCallbacksAuthRetry) {
11929 ASSERT_TRUE(http_test_server()->Start());
11930 GURL url(http_test_server()->GetURL("/auth-basic"));
11931
11932 TestDelegate delegate;
11933
11934 delegate.set_credentials(AuthCredentials(kUser, kSecret));
11935 HttpRequestHeaders extra_headers;
11936 extra_headers.SetHeader("X-Foo", "bar");
11937
11938 using ReqHeadersVector = std::vector<std::unique_ptr<HttpRawRequestHeaders>>;
11939 ReqHeadersVector raw_req_headers;
11940
11941 using RespHeadersVector =
11942 std::vector<scoped_refptr<const HttpResponseHeaders>>;
11943 RespHeadersVector raw_resp_headers;
11944
11945 auto req_headers_callback = base::BindRepeating(
11946 [](ReqHeadersVector* vec, HttpRawRequestHeaders headers) {
11947 vec->emplace_back(
11948 std::make_unique<HttpRawRequestHeaders>(std::move(headers)));
11949 },
11950 &raw_req_headers);
11951 auto resp_headers_callback = base::BindRepeating(
11952 [](RespHeadersVector* vec,
11953 scoped_refptr<const HttpResponseHeaders> headers) {
11954 vec->push_back(headers);
11955 },
11956 &raw_resp_headers);
11957 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
11958 url, DEFAULT_PRIORITY, &delegate, TRAFFIC_ANNOTATION_FOR_TESTS));
11959 r->SetExtraRequestHeaders(extra_headers);
11960 r->SetRequestHeadersCallback(req_headers_callback);
11961 r->SetResponseHeadersCallback(resp_headers_callback);
11962 r->set_isolation_info(isolation_info1_);
11963 r->Start();
11964 delegate.RunUntilComplete();
11965 EXPECT_FALSE(r->is_pending());
11966 ASSERT_EQ(raw_req_headers.size(), 2u);
11967 ASSERT_EQ(raw_resp_headers.size(), 2u);
11968 std::string value;
11969 EXPECT_FALSE(raw_req_headers[0]->FindHeaderForTest("Authorization", &value));
11970 EXPECT_TRUE(raw_req_headers[0]->FindHeaderForTest("X-Foo", &value));
11971 EXPECT_EQ("bar", value);
11972 EXPECT_TRUE(raw_req_headers[1]->FindHeaderForTest("Authorization", &value));
11973 EXPECT_TRUE(raw_req_headers[1]->FindHeaderForTest("X-Foo", &value));
11974 EXPECT_EQ("bar", value);
11975 EXPECT_EQ(raw_resp_headers[1], r->response_headers());
11976 EXPECT_NE(raw_resp_headers[0], raw_resp_headers[1]);
11977 EXPECT_EQ(401, raw_resp_headers[0]->response_code());
11978 EXPECT_EQ("Unauthorized", raw_resp_headers[0]->GetStatusText());
11979
11980 std::unique_ptr<URLRequest> r2(default_context().CreateRequest(
11981 url, DEFAULT_PRIORITY, &delegate, TRAFFIC_ANNOTATION_FOR_TESTS));
11982 r2->SetExtraRequestHeaders(extra_headers);
11983 r2->SetRequestHeadersCallback(req_headers_callback);
11984 r2->SetResponseHeadersCallback(resp_headers_callback);
11985 r2->SetLoadFlags(LOAD_VALIDATE_CACHE);
11986 r2->set_isolation_info(isolation_info1_);
11987 r2->Start();
11988 delegate.RunUntilComplete();
11989 EXPECT_FALSE(r2->is_pending());
11990 ASSERT_EQ(raw_req_headers.size(), 3u);
11991 ASSERT_EQ(raw_resp_headers.size(), 3u);
11992 EXPECT_TRUE(raw_req_headers[2]->FindHeaderForTest("If-None-Match", &value));
11993 EXPECT_NE(raw_resp_headers[2].get(), r2->response_headers());
11994 EXPECT_EQ(304, raw_resp_headers[2]->response_code());
11995 EXPECT_EQ("Not Modified", raw_resp_headers[2]->GetStatusText());
11996 }
11997
TEST_F(URLRequestTest,UpgradeIfInsecureFlagSet)11998 TEST_F(URLRequestTest, UpgradeIfInsecureFlagSet) {
11999 TestDelegate d;
12000 const GURL kOriginalUrl("https://original.test");
12001 const GURL kRedirectUrl("http://redirect.test");
12002 auto context_builder = CreateTestURLRequestContextBuilder();
12003 auto& network_delegate = *context_builder->set_network_delegate(
12004 std::make_unique<BlockingNetworkDelegate>(
12005 BlockingNetworkDelegate::SYNCHRONOUS));
12006 network_delegate.set_redirect_url(kRedirectUrl);
12007 auto context = context_builder->Build();
12008
12009 std::unique_ptr<URLRequest> r(context->CreateRequest(
12010 kOriginalUrl, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
12011 r->set_upgrade_if_insecure(true);
12012 r->Start();
12013 d.RunUntilRedirect();
12014 GURL::Replacements replacements;
12015 // Check that the redirect URL was upgraded to HTTPS since upgrade_if_insecure
12016 // was set.
12017 replacements.SetSchemeStr("https");
12018 EXPECT_EQ(kRedirectUrl.ReplaceComponents(replacements),
12019 d.redirect_info().new_url);
12020 EXPECT_TRUE(d.redirect_info().insecure_scheme_was_upgraded);
12021 }
12022
TEST_F(URLRequestTest,UpgradeIfInsecureFlagSetExplicitPort80)12023 TEST_F(URLRequestTest, UpgradeIfInsecureFlagSetExplicitPort80) {
12024 TestDelegate d;
12025 const GURL kOriginalUrl("https://original.test");
12026 const GURL kRedirectUrl("http://redirect.test:80");
12027 auto context_builder = CreateTestURLRequestContextBuilder();
12028 auto& network_delegate = *context_builder->set_network_delegate(
12029 std::make_unique<BlockingNetworkDelegate>(
12030 BlockingNetworkDelegate::SYNCHRONOUS));
12031 network_delegate.set_redirect_url(kRedirectUrl);
12032 auto context = context_builder->Build();
12033
12034 std::unique_ptr<URLRequest> r(context->CreateRequest(
12035 kOriginalUrl, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
12036 r->set_upgrade_if_insecure(true);
12037 r->Start();
12038 d.RunUntilRedirect();
12039 GURL::Replacements replacements;
12040 // The URL host should have not been changed.
12041 EXPECT_EQ(d.redirect_info().new_url.host(), kRedirectUrl.host());
12042 // The scheme should now be https, and the effective port should now be 443.
12043 EXPECT_TRUE(d.redirect_info().new_url.SchemeIs("https"));
12044 EXPECT_EQ(d.redirect_info().new_url.EffectiveIntPort(), 443);
12045 EXPECT_TRUE(d.redirect_info().insecure_scheme_was_upgraded);
12046 }
12047
TEST_F(URLRequestTest,UpgradeIfInsecureFlagSetNonStandardPort)12048 TEST_F(URLRequestTest, UpgradeIfInsecureFlagSetNonStandardPort) {
12049 TestDelegate d;
12050 const GURL kOriginalUrl("https://original.test");
12051 const GURL kRedirectUrl("http://redirect.test:1234");
12052 auto context_builder = CreateTestURLRequestContextBuilder();
12053 auto& network_delegate = *context_builder->set_network_delegate(
12054 std::make_unique<BlockingNetworkDelegate>(
12055 BlockingNetworkDelegate::SYNCHRONOUS));
12056 network_delegate.set_redirect_url(kRedirectUrl);
12057 auto context = context_builder->Build();
12058
12059 std::unique_ptr<URLRequest> r(context->CreateRequest(
12060 kOriginalUrl, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
12061 r->set_upgrade_if_insecure(true);
12062 r->Start();
12063 d.RunUntilRedirect();
12064 GURL::Replacements replacements;
12065 // Check that the redirect URL was upgraded to HTTPS since upgrade_if_insecure
12066 // was set, nonstandard port should not have been modified.
12067 replacements.SetSchemeStr("https");
12068 EXPECT_EQ(kRedirectUrl.ReplaceComponents(replacements),
12069 d.redirect_info().new_url);
12070 EXPECT_TRUE(d.redirect_info().insecure_scheme_was_upgraded);
12071 }
12072
TEST_F(URLRequestTest,UpgradeIfInsecureFlagNotSet)12073 TEST_F(URLRequestTest, UpgradeIfInsecureFlagNotSet) {
12074 TestDelegate d;
12075 const GURL kOriginalUrl("https://original.test");
12076 const GURL kRedirectUrl("http://redirect.test");
12077 auto context_builder = CreateTestURLRequestContextBuilder();
12078 auto& network_delegate = *context_builder->set_network_delegate(
12079 std::make_unique<BlockingNetworkDelegate>(
12080 BlockingNetworkDelegate::SYNCHRONOUS));
12081 network_delegate.set_redirect_url(kRedirectUrl);
12082 auto context = context_builder->Build();
12083
12084 std::unique_ptr<URLRequest> r(context->CreateRequest(
12085 kOriginalUrl, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
12086 r->set_upgrade_if_insecure(false);
12087 r->Start();
12088 d.RunUntilRedirect();
12089 // The redirect URL should not be changed if the upgrade_if_insecure flag is
12090 // not set.
12091 EXPECT_EQ(kRedirectUrl, d.redirect_info().new_url);
12092 EXPECT_FALSE(d.redirect_info().insecure_scheme_was_upgraded);
12093 }
12094
12095 // Test that URLRequests get properly tagged.
12096 #if BUILDFLAG(IS_ANDROID)
TEST_F(URLRequestTestHTTP,TestTagging)12097 TEST_F(URLRequestTestHTTP, TestTagging) {
12098 if (!CanGetTaggedBytes()) {
12099 DVLOG(0) << "Skipping test - GetTaggedBytes unsupported.";
12100 return;
12101 }
12102
12103 ASSERT_TRUE(http_test_server()->Start());
12104
12105 // The tag under which the system reports untagged traffic.
12106 static const int32_t UNTAGGED_TAG = 0;
12107
12108 uint64_t old_traffic = GetTaggedBytes(UNTAGGED_TAG);
12109
12110 // Untagged traffic should be tagged with tag UNTAGGED_TAG.
12111 TestDelegate delegate;
12112 std::unique_ptr<URLRequest> req(default_context().CreateRequest(
12113 http_test_server()->GetURL("/"), DEFAULT_PRIORITY, &delegate,
12114 TRAFFIC_ANNOTATION_FOR_TESTS));
12115 EXPECT_EQ(SocketTag(), req->socket_tag());
12116 req->Start();
12117 delegate.RunUntilComplete();
12118
12119 EXPECT_GT(GetTaggedBytes(UNTAGGED_TAG), old_traffic);
12120
12121 int32_t tag_val1 = 0x12345678;
12122 SocketTag tag1(SocketTag::UNSET_UID, tag_val1);
12123 old_traffic = GetTaggedBytes(tag_val1);
12124
12125 // Test specific tag value.
12126 req = default_context().CreateRequest(http_test_server()->GetURL("/"),
12127 DEFAULT_PRIORITY, &delegate,
12128 TRAFFIC_ANNOTATION_FOR_TESTS);
12129 req->set_socket_tag(tag1);
12130 EXPECT_EQ(tag1, req->socket_tag());
12131 req->Start();
12132 delegate.RunUntilComplete();
12133
12134 EXPECT_GT(GetTaggedBytes(tag_val1), old_traffic);
12135 }
12136 #endif
12137
12138 namespace {
12139
12140 class ReadBufferingListener
12141 : public test_server::EmbeddedTestServerConnectionListener {
12142 public:
12143 ReadBufferingListener() = default;
12144 ~ReadBufferingListener() override = default;
12145
BufferNextConnection(int buffer_size)12146 void BufferNextConnection(int buffer_size) { buffer_size_ = buffer_size; }
12147
AcceptedSocket(std::unique_ptr<StreamSocket> socket)12148 std::unique_ptr<StreamSocket> AcceptedSocket(
12149 std::unique_ptr<StreamSocket> socket) override {
12150 if (!buffer_size_) {
12151 return socket;
12152 }
12153 auto wrapped =
12154 std::make_unique<ReadBufferingStreamSocket>(std::move(socket));
12155 wrapped->BufferNextRead(buffer_size_);
12156 // Do not buffer subsequent connections, which may be a 0-RTT retry.
12157 buffer_size_ = 0;
12158 return wrapped;
12159 }
12160
ReadFromSocket(const StreamSocket & socket,int rv)12161 void ReadFromSocket(const StreamSocket& socket, int rv) override {}
12162
12163 private:
12164 int buffer_size_ = 0;
12165 };
12166
12167 // Provides a response to the 0RTT request indicating whether it was received
12168 // as early data, sending HTTP_TOO_EARLY if enabled.
12169 class ZeroRTTResponse : public test_server::BasicHttpResponse {
12170 public:
ZeroRTTResponse(bool zero_rtt,bool send_too_early)12171 ZeroRTTResponse(bool zero_rtt, bool send_too_early)
12172 : zero_rtt_(zero_rtt), send_too_early_(send_too_early) {}
12173
12174 ZeroRTTResponse(const ZeroRTTResponse&) = delete;
12175 ZeroRTTResponse& operator=(const ZeroRTTResponse&) = delete;
12176
12177 ~ZeroRTTResponse() override = default;
12178
SendResponse(base::WeakPtr<test_server::HttpResponseDelegate> delegate)12179 void SendResponse(
12180 base::WeakPtr<test_server::HttpResponseDelegate> delegate) override {
12181 AddCustomHeader("Vary", "Early-Data");
12182 set_content_type("text/plain");
12183 AddCustomHeader("Cache-Control", "no-cache");
12184 if (zero_rtt_) {
12185 if (send_too_early_)
12186 set_code(HTTP_TOO_EARLY);
12187 set_content("1");
12188 } else {
12189 set_content("0");
12190 }
12191
12192 // Since the EmbeddedTestServer doesn't keep the socket open by default,
12193 // it is explicitly kept alive to allow the remaining leg of the 0RTT
12194 // handshake to be received after the early data.
12195 delegate->SendResponseHeaders(code(), GetHttpReasonPhrase(code()),
12196 BuildHeaders());
12197 delegate->SendContents(content(), base::DoNothing());
12198 }
12199
12200 private:
12201 bool zero_rtt_;
12202 bool send_too_early_;
12203 };
12204
HandleZeroRTTRequest(const test_server::HttpRequest & request)12205 std::unique_ptr<test_server::HttpResponse> HandleZeroRTTRequest(
12206 const test_server::HttpRequest& request) {
12207 DCHECK(request.ssl_info);
12208
12209 if (request.GetURL().path() != "/zerortt")
12210 return nullptr;
12211 return std::make_unique<ZeroRTTResponse>(
12212 request.ssl_info->early_data_received, false);
12213 }
12214
12215 } // namespace
12216
12217 class HTTPSEarlyDataTest : public TestWithTaskEnvironment {
12218 public:
HTTPSEarlyDataTest()12219 HTTPSEarlyDataTest() : test_server_(net::EmbeddedTestServer::TYPE_HTTPS) {
12220 HttpNetworkSessionParams params;
12221 params.enable_early_data = true;
12222
12223 auto cert_verifier = std::make_unique<MockCertVerifier>();
12224 cert_verifier->set_default_result(OK);
12225
12226 SSLContextConfig config;
12227 config.version_max = SSL_PROTOCOL_VERSION_TLS1_3;
12228
12229 auto context_builder = CreateTestURLRequestContextBuilder();
12230 context_builder->set_http_network_session_params(params);
12231 context_builder->SetCertVerifier(std::move(cert_verifier));
12232 context_builder->set_ssl_config_service(
12233 std::make_unique<TestSSLConfigService>(config));
12234 context_ = context_builder->Build();
12235
12236 test_server_.SetSSLConfig(
12237 net::EmbeddedTestServer::CERT_OK,
12238 CreateSSLServerConfig(SSL_PROTOCOL_VERSION_TLS1_3));
12239 RegisterDefaultHandlers(&test_server_);
12240 test_server_.RegisterRequestHandler(
12241 base::BindRepeating(&HandleZeroRTTRequest));
12242 test_server_.SetConnectionListener(&listener_);
12243 }
12244
12245 ~HTTPSEarlyDataTest() override = default;
12246
context()12247 URLRequestContext& context() { return *context_; }
12248
CreateSSLServerConfig(uint16_t version)12249 static SSLServerConfig CreateSSLServerConfig(uint16_t version) {
12250 SSLServerConfig ssl_config;
12251 ssl_config.version_max = version;
12252 ssl_config.early_data_enabled = true;
12253 return ssl_config;
12254 }
12255
ResetSSLConfig(net::EmbeddedTestServer::ServerCertificate cert,uint16_t version)12256 void ResetSSLConfig(net::EmbeddedTestServer::ServerCertificate cert,
12257 uint16_t version) {
12258 SSLServerConfig ssl_config = CreateSSLServerConfig(version);
12259 test_server_.ResetSSLConfig(cert, ssl_config);
12260 }
12261
12262 protected:
12263 std::unique_ptr<URLRequestContext> context_;
12264
12265 ReadBufferingListener listener_;
12266 EmbeddedTestServer test_server_;
12267 };
12268
12269 // TLSEarlyDataTest tests that we handle early data correctly.
TEST_F(HTTPSEarlyDataTest,TLSEarlyDataTest)12270 TEST_F(HTTPSEarlyDataTest, TLSEarlyDataTest) {
12271 ASSERT_TRUE(test_server_.Start());
12272 context().http_transaction_factory()->GetSession()->ClearSSLSessionCache();
12273
12274 // kParamSize must be larger than any ClientHello sent by the client, but
12275 // smaller than the maximum amount of early data allowed by the server.
12276 const int kParamSize = 4 * 1024;
12277 const GURL kUrl =
12278 test_server_.GetURL("/zerortt?" + std::string(kParamSize, 'a'));
12279
12280 {
12281 TestDelegate d;
12282 std::unique_ptr<URLRequest> r(context().CreateRequest(
12283 kUrl, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
12284 r->Start();
12285 EXPECT_TRUE(r->is_pending());
12286
12287 d.RunUntilComplete();
12288
12289 EXPECT_EQ(1, d.response_started_count());
12290
12291 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1_3,
12292 SSLConnectionStatusToVersion(r->ssl_info().connection_status));
12293 EXPECT_TRUE(r->ssl_info().unverified_cert.get());
12294 EXPECT_TRUE(test_server_.GetCertificate()->EqualsIncludingChain(
12295 r->ssl_info().cert.get()));
12296
12297 // The Early-Data header should be omitted in the initial request, and the
12298 // handler should return "0".
12299 EXPECT_EQ("0", d.data_received());
12300 }
12301
12302 context().http_transaction_factory()->GetSession()->CloseAllConnections(
12303 ERR_FAILED, "Very good reason");
12304
12305 // 0-RTT inherently involves a race condition: if the server responds with the
12306 // ServerHello before the client sends the HTTP request (the client may be
12307 // busy verifying a certificate), the client will send data over 1-RTT keys
12308 // rather than 0-RTT.
12309 //
12310 // This test ensures 0-RTT is sent if relevant by making the test server wait
12311 // for both the ClientHello and 0-RTT HTTP request before responding. We use
12312 // a ReadBufferingStreamSocket and enable buffering for the 0-RTT request. The
12313 // buffer size must be larger than the ClientHello but smaller than the
12314 // ClientHello combined with the HTTP request.
12315 listener_.BufferNextConnection(kParamSize);
12316
12317 {
12318 TestDelegate d;
12319 std::unique_ptr<URLRequest> r(context().CreateRequest(
12320 kUrl, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
12321
12322 r->Start();
12323 EXPECT_TRUE(r->is_pending());
12324
12325 d.RunUntilComplete();
12326
12327 EXPECT_EQ(1, d.response_started_count());
12328
12329 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1_3,
12330 SSLConnectionStatusToVersion(r->ssl_info().connection_status));
12331 EXPECT_TRUE(r->ssl_info().unverified_cert.get());
12332 EXPECT_TRUE(test_server_.GetCertificate()->EqualsIncludingChain(
12333 r->ssl_info().cert.get()));
12334
12335 // The Early-Data header should be a single '1' in the resumed request, and
12336 // the handler should return "1".
12337 EXPECT_EQ("1", d.data_received());
12338 }
12339 }
12340
12341 // TLSEarlyDataTest tests that we handle early data correctly for POST.
TEST_F(HTTPSEarlyDataTest,TLSEarlyDataPOSTTest)12342 TEST_F(HTTPSEarlyDataTest, TLSEarlyDataPOSTTest) {
12343 ASSERT_TRUE(test_server_.Start());
12344 context().http_transaction_factory()->GetSession()->ClearSSLSessionCache();
12345
12346 {
12347 TestDelegate d;
12348 std::unique_ptr<URLRequest> r(context().CreateRequest(
12349 test_server_.GetURL("/zerortt"), DEFAULT_PRIORITY, &d,
12350 TRAFFIC_ANNOTATION_FOR_TESTS));
12351 r->Start();
12352 EXPECT_TRUE(r->is_pending());
12353
12354 d.RunUntilComplete();
12355
12356 EXPECT_EQ(1, d.response_started_count());
12357
12358 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1_3,
12359 SSLConnectionStatusToVersion(r->ssl_info().connection_status));
12360 EXPECT_TRUE(r->ssl_info().unverified_cert.get());
12361 EXPECT_TRUE(test_server_.GetCertificate()->EqualsIncludingChain(
12362 r->ssl_info().cert.get()));
12363
12364 // The Early-Data header should be omitted in the initial request, and the
12365 // handler should return "0".
12366 EXPECT_EQ("0", d.data_received());
12367 }
12368
12369 context().http_transaction_factory()->GetSession()->CloseAllConnections(
12370 ERR_FAILED, "Very good reason");
12371
12372 {
12373 TestDelegate d;
12374 std::unique_ptr<URLRequest> r(context().CreateRequest(
12375 test_server_.GetURL("/zerortt"), DEFAULT_PRIORITY, &d,
12376 TRAFFIC_ANNOTATION_FOR_TESTS));
12377 r->set_method("POST");
12378 r->Start();
12379 EXPECT_TRUE(r->is_pending());
12380
12381 d.RunUntilComplete();
12382
12383 EXPECT_EQ(1, d.response_started_count());
12384
12385 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1_3,
12386 SSLConnectionStatusToVersion(r->ssl_info().connection_status));
12387 EXPECT_TRUE(r->ssl_info().unverified_cert.get());
12388 EXPECT_TRUE(test_server_.GetCertificate()->EqualsIncludingChain(
12389 r->ssl_info().cert.get()));
12390
12391 // The Early-Data header should be omitted in the request, since we don't
12392 // send POSTs over early data, and the handler should return "0".
12393 EXPECT_EQ("0", d.data_received());
12394 }
12395 }
12396
12397 // TLSEarlyDataTest tests that the 0-RTT is enabled for idempotent POST request.
TEST_F(HTTPSEarlyDataTest,TLSEarlyDataIdempotentPOSTTest)12398 TEST_F(HTTPSEarlyDataTest, TLSEarlyDataIdempotentPOSTTest) {
12399 ASSERT_TRUE(test_server_.Start());
12400 context().http_transaction_factory()->GetSession()->ClearSSLSessionCache();
12401 const int kParamSize = 4 * 1024;
12402 const GURL kUrl =
12403 test_server_.GetURL("/zerortt?" + std::string(kParamSize, 'a'));
12404
12405 {
12406 TestDelegate d;
12407 std::unique_ptr<URLRequest> r(context().CreateRequest(
12408 kUrl, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
12409 r->Start();
12410 EXPECT_TRUE(r->is_pending());
12411
12412 d.RunUntilComplete();
12413
12414 EXPECT_EQ(1, d.response_started_count());
12415
12416 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1_3,
12417 SSLConnectionStatusToVersion(r->ssl_info().connection_status));
12418 EXPECT_TRUE(r->ssl_info().unverified_cert.get());
12419 EXPECT_TRUE(test_server_.GetCertificate()->EqualsIncludingChain(
12420 r->ssl_info().cert.get()));
12421
12422 // The Early-Data header should be omitted in the initial request, and the
12423 // handler should return "0".
12424 EXPECT_EQ("0", d.data_received());
12425 }
12426
12427 context().http_transaction_factory()->GetSession()->CloseAllConnections(
12428 ERR_FAILED, "Very good reason");
12429 listener_.BufferNextConnection(kParamSize);
12430
12431 {
12432 TestDelegate d;
12433 std::unique_ptr<URLRequest> r(context().CreateRequest(
12434 kUrl, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
12435 r->set_method("POST");
12436 r->SetIdempotency(net::IDEMPOTENT);
12437 r->Start();
12438 EXPECT_TRUE(r->is_pending());
12439
12440 d.RunUntilComplete();
12441
12442 EXPECT_EQ(1, d.response_started_count());
12443
12444 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1_3,
12445 SSLConnectionStatusToVersion(r->ssl_info().connection_status));
12446 EXPECT_TRUE(r->ssl_info().unverified_cert.get());
12447 EXPECT_TRUE(test_server_.GetCertificate()->EqualsIncludingChain(
12448 r->ssl_info().cert.get()));
12449
12450 // The Early-Data header should be set since the request is set as an
12451 // idempotent POST request.
12452 EXPECT_EQ("1", d.data_received());
12453 }
12454 }
12455
12456 // TLSEarlyDataTest tests that the 0-RTT is disabled for non-idempotent request.
TEST_F(HTTPSEarlyDataTest,TLSEarlyDataNonIdempotentRequestTest)12457 TEST_F(HTTPSEarlyDataTest, TLSEarlyDataNonIdempotentRequestTest) {
12458 ASSERT_TRUE(test_server_.Start());
12459 context().http_transaction_factory()->GetSession()->ClearSSLSessionCache();
12460
12461 {
12462 TestDelegate d;
12463 std::unique_ptr<URLRequest> r(context().CreateRequest(
12464 test_server_.GetURL("/zerortt"), DEFAULT_PRIORITY, &d,
12465 TRAFFIC_ANNOTATION_FOR_TESTS));
12466 r->Start();
12467 EXPECT_TRUE(r->is_pending());
12468
12469 d.RunUntilComplete();
12470
12471 EXPECT_EQ(1, d.response_started_count());
12472
12473 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1_3,
12474 SSLConnectionStatusToVersion(r->ssl_info().connection_status));
12475 EXPECT_TRUE(r->ssl_info().unverified_cert.get());
12476 EXPECT_TRUE(test_server_.GetCertificate()->EqualsIncludingChain(
12477 r->ssl_info().cert.get()));
12478
12479 // The Early-Data header should be omitted in the initial request, and the
12480 // handler should return "0".
12481 EXPECT_EQ("0", d.data_received());
12482 }
12483
12484 context().http_transaction_factory()->GetSession()->CloseAllConnections(
12485 ERR_FAILED, "Very good reason");
12486
12487 {
12488 TestDelegate d;
12489 std::unique_ptr<URLRequest> r(context().CreateRequest(
12490 test_server_.GetURL("/zerortt"), DEFAULT_PRIORITY, &d,
12491 TRAFFIC_ANNOTATION_FOR_TESTS));
12492 // Sets the GET request as not idempotent.
12493 r->SetIdempotency(net::NOT_IDEMPOTENT);
12494 r->Start();
12495 EXPECT_TRUE(r->is_pending());
12496
12497 d.RunUntilComplete();
12498
12499 EXPECT_EQ(1, d.response_started_count());
12500
12501 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1_3,
12502 SSLConnectionStatusToVersion(r->ssl_info().connection_status));
12503 EXPECT_TRUE(r->ssl_info().unverified_cert.get());
12504 EXPECT_TRUE(test_server_.GetCertificate()->EqualsIncludingChain(
12505 r->ssl_info().cert.get()));
12506
12507 // The Early-Data header should be omitted in the initial request even
12508 // though it is a GET request, since the request is set as not idempotent.
12509 EXPECT_EQ("0", d.data_received());
12510 }
12511 }
12512
HandleTooEarly(bool * sent_425,const test_server::HttpRequest & request)12513 std::unique_ptr<test_server::HttpResponse> HandleTooEarly(
12514 bool* sent_425,
12515 const test_server::HttpRequest& request) {
12516 DCHECK(request.ssl_info);
12517
12518 if (request.GetURL().path() != "/tooearly")
12519 return nullptr;
12520 if (request.ssl_info->early_data_received)
12521 *sent_425 = true;
12522 return std::make_unique<ZeroRTTResponse>(
12523 request.ssl_info->early_data_received, true);
12524 }
12525
12526 // Test that we handle 425 (Too Early) correctly.
TEST_F(HTTPSEarlyDataTest,TLSEarlyDataTooEarlyTest)12527 TEST_F(HTTPSEarlyDataTest, TLSEarlyDataTooEarlyTest) {
12528 bool sent_425 = false;
12529 test_server_.RegisterRequestHandler(
12530 base::BindRepeating(&HandleTooEarly, base::Unretained(&sent_425)));
12531 ASSERT_TRUE(test_server_.Start());
12532 context().http_transaction_factory()->GetSession()->ClearSSLSessionCache();
12533
12534 // kParamSize must be larger than any ClientHello sent by the client, but
12535 // smaller than the maximum amount of early data allowed by the server.
12536 const int kParamSize = 4 * 1024;
12537 const GURL kUrl =
12538 test_server_.GetURL("/tooearly?" + std::string(kParamSize, 'a'));
12539
12540 {
12541 TestDelegate d;
12542 std::unique_ptr<URLRequest> r(context().CreateRequest(
12543 kUrl, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
12544 r->Start();
12545 EXPECT_TRUE(r->is_pending());
12546
12547 d.RunUntilComplete();
12548
12549 EXPECT_EQ(1, d.response_started_count());
12550
12551 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1_3,
12552 SSLConnectionStatusToVersion(r->ssl_info().connection_status));
12553 EXPECT_TRUE(r->ssl_info().unverified_cert.get());
12554 EXPECT_TRUE(test_server_.GetCertificate()->EqualsIncludingChain(
12555 r->ssl_info().cert.get()));
12556
12557 // The Early-Data header should be omitted in the initial request, and the
12558 // handler should return "0".
12559 EXPECT_EQ("0", d.data_received());
12560 EXPECT_FALSE(sent_425);
12561 }
12562
12563 context().http_transaction_factory()->GetSession()->CloseAllConnections(
12564 ERR_FAILED, "Very good reason");
12565
12566 // 0-RTT inherently involves a race condition: if the server responds with the
12567 // ServerHello before the client sends the HTTP request (the client may be
12568 // busy verifying a certificate), the client will send data over 1-RTT keys
12569 // rather than 0-RTT.
12570 //
12571 // This test ensures 0-RTT is sent if relevant by making the test server wait
12572 // for both the ClientHello and 0-RTT HTTP request before responding. We use
12573 // a ReadBufferingStreamSocket and enable buffering for the 0-RTT request. The
12574 // buffer size must be larger than the ClientHello but smaller than the
12575 // ClientHello combined with the HTTP request.
12576 //
12577 // We must buffer exactly one connection because the HTTP 425 response will
12578 // trigger a retry, potentially on a new connection.
12579 listener_.BufferNextConnection(kParamSize);
12580
12581 {
12582 TestDelegate d;
12583 std::unique_ptr<URLRequest> r(context().CreateRequest(
12584 kUrl, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
12585
12586 r->Start();
12587 EXPECT_TRUE(r->is_pending());
12588
12589 d.RunUntilComplete();
12590
12591 EXPECT_EQ(1, d.response_started_count());
12592
12593 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1_3,
12594 SSLConnectionStatusToVersion(r->ssl_info().connection_status));
12595 EXPECT_TRUE(r->ssl_info().unverified_cert.get());
12596 EXPECT_TRUE(test_server_.GetCertificate()->EqualsIncludingChain(
12597 r->ssl_info().cert.get()));
12598
12599 // The resumption request will encounter a 425 error and retry without early
12600 // data, and the handler should return "0".
12601 EXPECT_EQ("0", d.data_received());
12602 EXPECT_TRUE(sent_425);
12603 }
12604 }
12605
12606 // TLSEarlyDataRejectTest tests that we gracefully handle an early data reject
12607 // and retry without early data.
TEST_F(HTTPSEarlyDataTest,TLSEarlyDataRejectTest)12608 TEST_F(HTTPSEarlyDataTest, TLSEarlyDataRejectTest) {
12609 ASSERT_TRUE(test_server_.Start());
12610 context().http_transaction_factory()->GetSession()->ClearSSLSessionCache();
12611
12612 {
12613 TestDelegate d;
12614 std::unique_ptr<URLRequest> r(context().CreateRequest(
12615 test_server_.GetURL("/zerortt"), DEFAULT_PRIORITY, &d,
12616 TRAFFIC_ANNOTATION_FOR_TESTS));
12617
12618 r->Start();
12619 EXPECT_TRUE(r->is_pending());
12620
12621 d.RunUntilComplete();
12622
12623 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1_3,
12624 SSLConnectionStatusToVersion(r->ssl_info().connection_status));
12625 EXPECT_TRUE(r->ssl_info().unverified_cert.get());
12626 EXPECT_TRUE(test_server_.GetCertificate()->EqualsIncludingChain(
12627 r->ssl_info().cert.get()));
12628
12629 // The Early-Data header should be omitted in the initial request, and the
12630 // handler should return "0".
12631 EXPECT_EQ("0", d.data_received());
12632 }
12633
12634 context().http_transaction_factory()->GetSession()->CloseAllConnections(
12635 ERR_FAILED, "Very good reason");
12636
12637 // The certificate in the resumption is changed to confirm that the
12638 // certificate change is observed.
12639 scoped_refptr<X509Certificate> old_cert = test_server_.GetCertificate();
12640 ResetSSLConfig(net::EmbeddedTestServer::CERT_EXPIRED,
12641 SSL_PROTOCOL_VERSION_TLS1_3);
12642
12643 {
12644 TestDelegate d;
12645 std::unique_ptr<URLRequest> r(context().CreateRequest(
12646 test_server_.GetURL("/zerortt"), DEFAULT_PRIORITY, &d,
12647 TRAFFIC_ANNOTATION_FOR_TESTS));
12648
12649 r->Start();
12650 EXPECT_TRUE(r->is_pending());
12651
12652 d.RunUntilComplete();
12653
12654 EXPECT_EQ(1, d.response_started_count());
12655
12656 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1_3,
12657 SSLConnectionStatusToVersion(r->ssl_info().connection_status));
12658 EXPECT_TRUE(r->ssl_info().unverified_cert.get());
12659 EXPECT_TRUE(test_server_.GetCertificate()->EqualsIncludingChain(
12660 r->ssl_info().cert.get()));
12661 EXPECT_FALSE(old_cert->EqualsIncludingChain(r->ssl_info().cert.get()));
12662
12663 // The Early-Data header should be omitted in the rejected request, and the
12664 // handler should return "0".
12665 EXPECT_EQ("0", d.data_received());
12666 }
12667 }
12668
12669 // TLSEarlyDataTLS12RejectTest tests that we gracefully handle an early data
12670 // reject from a TLS 1.2 server and retry without early data.
TEST_F(HTTPSEarlyDataTest,TLSEarlyDataTLS12RejectTest)12671 TEST_F(HTTPSEarlyDataTest, TLSEarlyDataTLS12RejectTest) {
12672 ASSERT_TRUE(test_server_.Start());
12673 context().http_transaction_factory()->GetSession()->ClearSSLSessionCache();
12674
12675 {
12676 TestDelegate d;
12677 std::unique_ptr<URLRequest> r(context().CreateRequest(
12678 test_server_.GetURL("/zerortt"), DEFAULT_PRIORITY, &d,
12679 TRAFFIC_ANNOTATION_FOR_TESTS));
12680
12681 r->Start();
12682 EXPECT_TRUE(r->is_pending());
12683
12684 d.RunUntilComplete();
12685
12686 EXPECT_EQ(1, d.response_started_count());
12687
12688 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1_3,
12689 SSLConnectionStatusToVersion(r->ssl_info().connection_status));
12690 EXPECT_TRUE(r->ssl_info().unverified_cert.get());
12691 EXPECT_TRUE(test_server_.GetCertificate()->EqualsIncludingChain(
12692 r->ssl_info().cert.get()));
12693
12694 // The Early-Data header should be omitted in the initial request, and the
12695 // handler should return "0".
12696 EXPECT_EQ("0", d.data_received());
12697 }
12698
12699 context().http_transaction_factory()->GetSession()->CloseAllConnections(
12700 ERR_FAILED, "Very good reason");
12701
12702 // The certificate in the resumption is changed to confirm that the
12703 // certificate change is observed.
12704 scoped_refptr<X509Certificate> old_cert = test_server_.GetCertificate();
12705 ResetSSLConfig(net::EmbeddedTestServer::CERT_EXPIRED,
12706 SSL_PROTOCOL_VERSION_TLS1_2);
12707
12708 {
12709 TestDelegate d;
12710 std::unique_ptr<URLRequest> r(context().CreateRequest(
12711 test_server_.GetURL("/zerortt"), DEFAULT_PRIORITY, &d,
12712 TRAFFIC_ANNOTATION_FOR_TESTS));
12713
12714 r->Start();
12715 EXPECT_TRUE(r->is_pending());
12716
12717 d.RunUntilComplete();
12718
12719 EXPECT_EQ(1, d.response_started_count());
12720
12721 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1_2,
12722 SSLConnectionStatusToVersion(r->ssl_info().connection_status));
12723 EXPECT_TRUE(r->ssl_info().unverified_cert.get());
12724 EXPECT_TRUE(test_server_.GetCertificate()->EqualsIncludingChain(
12725 r->ssl_info().cert.get()));
12726 EXPECT_FALSE(old_cert->EqualsIncludingChain(r->ssl_info().cert.get()));
12727
12728 // The Early-Data header should be omitted in the rejected request, and the
12729 // handler should return "0".
12730 EXPECT_EQ("0", d.data_received());
12731 }
12732 }
12733
12734 // Tests that AuthChallengeInfo is available on the request.
TEST_F(URLRequestTestHTTP,AuthChallengeInfo)12735 TEST_F(URLRequestTestHTTP, AuthChallengeInfo) {
12736 ASSERT_TRUE(http_test_server()->Start());
12737 GURL url(http_test_server()->GetURL("/auth-basic"));
12738
12739 TestDelegate delegate;
12740
12741 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
12742 url, DEFAULT_PRIORITY, &delegate, TRAFFIC_ANNOTATION_FOR_TESTS));
12743 r->Start();
12744 delegate.RunUntilComplete();
12745 ASSERT_TRUE(r->auth_challenge_info().has_value());
12746 EXPECT_FALSE(r->auth_challenge_info()->is_proxy);
12747 EXPECT_EQ(url::SchemeHostPort(url), r->auth_challenge_info()->challenger);
12748 EXPECT_EQ("basic", r->auth_challenge_info()->scheme);
12749 EXPECT_EQ("testrealm", r->auth_challenge_info()->realm);
12750 EXPECT_EQ("Basic realm=\"testrealm\"", r->auth_challenge_info()->challenge);
12751 EXPECT_EQ("/auth-basic", r->auth_challenge_info()->path);
12752 }
12753
TEST_F(URLRequestTestHTTP,ConnectNoSupported)12754 TEST_F(URLRequestTestHTTP, ConnectNoSupported) {
12755 ASSERT_TRUE(http_test_server()->Start());
12756 TestDelegate delegate;
12757 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
12758 http_test_server()->GetURL("/"), DEFAULT_PRIORITY, &delegate,
12759 TRAFFIC_ANNOTATION_FOR_TESTS));
12760 r->set_method("CONNECT");
12761 r->Start();
12762 delegate.RunUntilComplete();
12763 EXPECT_EQ(ERR_METHOD_NOT_SUPPORTED, delegate.request_status());
12764 }
12765
12766 class URLRequestDnsAliasTest : public TestWithTaskEnvironment {
12767 protected:
URLRequestDnsAliasTest()12768 URLRequestDnsAliasTest() {
12769 auto context_builder = CreateTestURLRequestContextBuilder();
12770 context_builder->set_host_resolver(std::make_unique<MockHostResolver>());
12771 context_ = context_builder->Build();
12772 }
12773
context()12774 URLRequestContext& context() { return *context_; }
host_resolver()12775 MockHostResolver& host_resolver() {
12776 // This cast is safe because we provided a MockHostResolver in the ctor.
12777 return *static_cast<MockHostResolver*>(context_->host_resolver());
12778 }
12779
SetUp()12780 void SetUp() override { ASSERT_TRUE(test_server_.Start()); }
12781
12782 std::unique_ptr<URLRequestContext> context_;
12783 TestDelegate test_delegate_;
12784 EmbeddedTestServer test_server_;
12785 };
12786
TEST_F(URLRequestDnsAliasTest,WithDnsAliases)12787 TEST_F(URLRequestDnsAliasTest, WithDnsAliases) {
12788 GURL url(test_server_.GetURL("www.example.test", "/echo"));
12789 std::vector<std::string> aliases({"alias1", "alias2", "host"});
12790 host_resolver().rules()->AddIPLiteralRuleWithDnsAliases(
12791 "www.example.test", "127.0.0.1", std::move(aliases));
12792
12793 std::unique_ptr<URLRequest> request(context().CreateRequest(
12794 url, DEFAULT_PRIORITY, &test_delegate_, TRAFFIC_ANNOTATION_FOR_TESTS));
12795
12796 request->Start();
12797
12798 test_delegate_.RunUntilComplete();
12799 EXPECT_THAT(test_delegate_.request_status(), IsOk());
12800 EXPECT_THAT(request->response_info().dns_aliases,
12801 testing::ElementsAre("alias1", "alias2", "host"));
12802 }
12803
TEST_F(URLRequestDnsAliasTest,NoAdditionalDnsAliases)12804 TEST_F(URLRequestDnsAliasTest, NoAdditionalDnsAliases) {
12805 GURL url(test_server_.GetURL("www.example.test", "/echo"));
12806 host_resolver().rules()->AddIPLiteralRuleWithDnsAliases(
12807 "www.example.test", "127.0.0.1", /*dns_aliases=*/std::set<std::string>());
12808
12809 std::unique_ptr<URLRequest> request(context().CreateRequest(
12810 url, DEFAULT_PRIORITY, &test_delegate_, TRAFFIC_ANNOTATION_FOR_TESTS));
12811
12812 request->Start();
12813
12814 test_delegate_.RunUntilComplete();
12815 EXPECT_THAT(test_delegate_.request_status(), IsOk());
12816 EXPECT_THAT(request->response_info().dns_aliases,
12817 testing::ElementsAre("www.example.test"));
12818 }
12819
TEST_F(URLRequestTest,SetURLChain)12820 TEST_F(URLRequestTest, SetURLChain) {
12821 TestDelegate d;
12822 {
12823 GURL original_url("http://localhost");
12824 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
12825 original_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
12826 EXPECT_EQ(r->url_chain().size(), 1u);
12827 EXPECT_EQ(r->url_chain()[0], original_url);
12828
12829 const std::vector<GURL> url_chain = {
12830 GURL("http://foo.test"),
12831 GURL("http://bar.test"),
12832 GURL("http://baz.test"),
12833 };
12834
12835 r->SetURLChain(url_chain);
12836
12837 EXPECT_EQ(r->url_chain().size(), 3u);
12838 EXPECT_EQ(r->url_chain()[0], url_chain[0]);
12839 EXPECT_EQ(r->url_chain()[1], url_chain[1]);
12840 EXPECT_EQ(r->url_chain()[2], original_url);
12841 }
12842 }
12843
TEST_F(URLRequestTest,SetIsolationInfoFromNak)12844 TEST_F(URLRequestTest, SetIsolationInfoFromNak) {
12845 TestDelegate d;
12846 SchemefulSite site_a = SchemefulSite(GURL("https://a.com/"));
12847 SchemefulSite site_b = SchemefulSite(GURL("https://b.com/"));
12848 base::UnguessableToken nak_nonce = base::UnguessableToken::Create();
12849 auto populated_cross_site_nak = NetworkAnonymizationKey::CreateFromParts(
12850 site_a, /*is_cross_site=*/true, nak_nonce);
12851 IsolationInfo expected_isolation_info_populated_cross_site_nak =
12852 IsolationInfo::Create(IsolationInfo::RequestType::kOther,
12853 url::Origin::Create(GURL("https://a.com/")),
12854 url::Origin(), SiteForCookies(), nak_nonce);
12855
12856 auto populated_same_site_nak = NetworkAnonymizationKey::CreateFromParts(
12857 site_a, /*is_cross_site=*/false, nak_nonce);
12858 IsolationInfo expected_isolation_info_populated_same_site_nak =
12859 IsolationInfo::Create(IsolationInfo::RequestType::kOther,
12860 url::Origin::Create(GURL("https://a.com/")),
12861 url::Origin::Create(GURL("https://a.com/")),
12862 SiteForCookies(), nak_nonce);
12863
12864 NetworkAnonymizationKey empty_nak;
12865 GURL original_url("http://localhost");
12866 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
12867 original_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
12868
12869 r->set_isolation_info_from_network_anonymization_key(
12870 populated_cross_site_nak);
12871 r->SetLoadFlags(LOAD_DISABLE_CACHE);
12872 r->set_allow_credentials(false);
12873 EXPECT_TRUE(r->is_created_from_network_anonymization_key());
12874 EXPECT_EQ(r->isolation_info().network_anonymization_key(),
12875 populated_cross_site_nak);
12876 EXPECT_EQ(
12877 r->isolation_info().top_frame_origin(),
12878 expected_isolation_info_populated_cross_site_nak.top_frame_origin());
12879 // The cross-site bit in the NAK causes the IsolationInfo's NIK to have, an
12880 // anonymous origin, but the bit is not enough to reconstruct a different
12881 // frame_site.
12882 EXPECT_FALSE(r->isolation_info().IsEqualForTesting(
12883 expected_isolation_info_populated_cross_site_nak));
12884
12885 r->set_isolation_info_from_network_anonymization_key(populated_same_site_nak);
12886 EXPECT_TRUE(r->is_created_from_network_anonymization_key());
12887 EXPECT_EQ(r->isolation_info().network_anonymization_key(),
12888 populated_same_site_nak);
12889 EXPECT_TRUE(r->isolation_info().IsEqualForTesting(
12890 expected_isolation_info_populated_same_site_nak));
12891
12892 r->set_isolation_info_from_network_anonymization_key(empty_nak);
12893 EXPECT_TRUE(r->is_created_from_network_anonymization_key());
12894 EXPECT_EQ(r->isolation_info().network_anonymization_key(), empty_nak);
12895 EXPECT_TRUE(r->isolation_info().IsEqualForTesting(net::IsolationInfo()));
12896 r->Start();
12897 d.RunUntilComplete();
12898 }
12899
TEST_F(URLRequestTest,CookiePartitionKey)12900 TEST_F(URLRequestTest, CookiePartitionKey) {
12901 base::test::ScopedFeatureList feature_list;
12902 feature_list.InitAndEnableFeature(
12903 features::kAncestorChainBitEnabledInPartitionedCookies);
12904
12905 const url::Origin kOrigin = url::Origin::Create(GURL("http://foo.test/"));
12906 const url::Origin kCrossSiteOrigin =
12907 url::Origin::Create(GURL("http://b.test/"));
12908
12909 struct {
12910 const GURL request_url;
12911 IsolationInfo::RequestType request_type;
12912 const url::Origin frame_origin;
12913 const SiteForCookies site_for_cookies;
12914 const url::Origin initiator;
12915 bool expected_third_party;
12916 // If present, change the initiator
12917 std::optional<GURL> change_initator = std::nullopt;
12918
12919 } cases[]{
12920 // Request from the main frame: first party partitioned
12921 {GURL("ws://foo.test/"), IsolationInfo::RequestType::kMainFrame, kOrigin,
12922 SiteForCookies::FromOrigin(kOrigin), kOrigin, false},
12923 // Request from the main frame with 3rd party initiator: first party
12924 // partitioned
12925 {GURL("ws://foo.test/"), IsolationInfo::RequestType::kMainFrame, kOrigin,
12926 SiteForCookies::FromOrigin(kOrigin), kOrigin, false,
12927 GURL("ws://b.test/")},
12928 // Request from first party subframe to cross-site subframe: third party
12929 // partitioned
12930 {GURL("ws://foo.test/"), IsolationInfo::RequestType::kSubFrame, kOrigin,
12931 SiteForCookies(), kCrossSiteOrigin, true},
12932 // Request from cross-site subframe: third party partitioned
12933 {GURL("ws://b.test/"), IsolationInfo::RequestType::kSubFrame,
12934 kCrossSiteOrigin, SiteForCookies(), kCrossSiteOrigin, true},
12935 // Request from cross-site subframe with 1st party initiator: third party
12936 // partitioned
12937 {GURL("ws://b.test/"), IsolationInfo::RequestType::kSubFrame,
12938 kCrossSiteOrigin, SiteForCookies(), kCrossSiteOrigin, true,
12939 GURL("ws://foo.test/")},
12940 // Check that mismatch between request initiator and SiteForCookies: third
12941 // party partitioned
12942 {GURL("ws://b.test/"), IsolationInfo::RequestType::kSubFrame,
12943 kCrossSiteOrigin, SiteForCookies::FromOrigin(kOrigin), kCrossSiteOrigin,
12944 true},
12945 // Request from first party subframe with null SiteForCookies indicating
12946 // A1->B->A2 embed: third party partitioned.
12947 {GURL("ws://foo.test/"), IsolationInfo::RequestType::kSubFrame, kOrigin,
12948 SiteForCookies(), kOrigin, true},
12949 };
12950
12951 for (const auto& tc : cases) {
12952 TestDelegate d;
12953 std::unique_ptr<URLRequest> r(default_context().CreateRequest(
12954 tc.request_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
12955
12956 r->set_isolation_info(IsolationInfo::Create(
12957 tc.request_type, kOrigin, tc.frame_origin, tc.site_for_cookies));
12958
12959 if (tc.change_initator.has_value()) {
12960 r->set_initiator(url::Origin::Create(tc.change_initator.value()));
12961 }
12962 EXPECT_TRUE(r->cookie_partition_key().has_value());
12963 EXPECT_EQ(r->cookie_partition_key()->site(), SchemefulSite(kOrigin));
12964 EXPECT_EQ(r->cookie_partition_key()->IsThirdParty(),
12965 tc.expected_third_party);
12966 }
12967 }
12968
12969 class URLRequestMaybeAsyncFirstPartySetsTest
12970 : public URLRequestTest,
12971 public testing::WithParamInterface<bool> {
12972 public:
URLRequestMaybeAsyncFirstPartySetsTest()12973 URLRequestMaybeAsyncFirstPartySetsTest() { CHECK(test_server_.Start()); }
12974
CreateCookieStore()12975 std::unique_ptr<CookieStore> CreateCookieStore() {
12976 auto cookie_monster = std::make_unique<CookieMonster>(/*store=*/nullptr,
12977 /*net_log=*/nullptr);
12978 auto cookie_access_delegate = std::make_unique<TestCookieAccessDelegate>();
12979 cookie_access_delegate->set_invoke_callbacks_asynchronously(
12980 invoke_callbacks_asynchronously());
12981 cookie_monster->SetCookieAccessDelegate(std::move(cookie_access_delegate));
12982 return cookie_monster;
12983 }
12984
invoke_callbacks_asynchronously()12985 bool invoke_callbacks_asynchronously() { return GetParam(); }
12986
test_server()12987 HttpTestServer& test_server() { return test_server_; }
12988
12989 private:
12990 HttpTestServer test_server_;
12991 };
12992
TEST_P(URLRequestMaybeAsyncFirstPartySetsTest,SimpleRequest)12993 TEST_P(URLRequestMaybeAsyncFirstPartySetsTest, SimpleRequest) {
12994 const std::string kHost = "example.test";
12995 const url::Origin kOrigin =
12996 url::Origin::Create(test_server().GetURL(kHost, "/"));
12997 const SiteForCookies kSiteForCookies = SiteForCookies::FromOrigin(kOrigin);
12998
12999 auto context_builder = CreateTestURLRequestContextBuilder();
13000 context_builder->SetCookieStore(CreateCookieStore());
13001 auto context = context_builder->Build();
13002
13003 TestDelegate d;
13004 std::unique_ptr<URLRequest> req(context->CreateRequest(
13005 test_server().GetURL(kHost, "/echo"), DEFAULT_PRIORITY, &d,
13006 TRAFFIC_ANNOTATION_FOR_TESTS));
13007 req->set_isolation_info(
13008 IsolationInfo::Create(IsolationInfo::RequestType::kMainFrame, kOrigin,
13009 kOrigin, kSiteForCookies));
13010 req->Start();
13011 d.RunUntilComplete();
13012
13013 EXPECT_EQ(d.data_received(), "Echo");
13014 EXPECT_THAT(d.request_status(), IsOk());
13015 EXPECT_EQ(req->GetResponseCode(), 200);
13016 }
13017
TEST_P(URLRequestMaybeAsyncFirstPartySetsTest,SingleRedirect)13018 TEST_P(URLRequestMaybeAsyncFirstPartySetsTest, SingleRedirect) {
13019 const std::string kHost = "example.test";
13020 const url::Origin kOrigin =
13021 url::Origin::Create(test_server().GetURL(kHost, "/"));
13022 const SiteForCookies kSiteForCookies = SiteForCookies::FromOrigin(kOrigin);
13023
13024 auto context_builder = CreateTestURLRequestContextBuilder();
13025 context_builder->SetCookieStore(CreateCookieStore());
13026 auto context = context_builder->Build();
13027
13028 TestDelegate d;
13029 std::unique_ptr<URLRequest> req(context->CreateRequest(
13030 test_server().GetURL(kHost,
13031 base::StrCat({
13032 "/server-redirect?",
13033 test_server().GetURL(kHost, "/echo").spec(),
13034 })),
13035 DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
13036 req->set_isolation_info(
13037 IsolationInfo::Create(IsolationInfo::RequestType::kMainFrame, kOrigin,
13038 kOrigin, kSiteForCookies));
13039 req->Start();
13040 d.RunUntilComplete();
13041
13042 EXPECT_EQ(d.data_received(), "Echo");
13043 EXPECT_THAT(d.request_status(), IsOk());
13044 EXPECT_EQ(req->GetResponseCode(), 200);
13045 }
13046
13047 INSTANTIATE_TEST_SUITE_P(,
13048 URLRequestMaybeAsyncFirstPartySetsTest,
13049 testing::Bool());
13050
13051 class PartitionConnectionsByNetworkAnonymizationKey : public URLRequestTest {
13052 public:
PartitionConnectionsByNetworkAnonymizationKey()13053 PartitionConnectionsByNetworkAnonymizationKey() {
13054 scoped_feature_list_.InitWithFeatures(
13055 {net::features::kPartitionConnectionsByNetworkIsolationKey,
13056 net::features::kPartitionSSLSessionsByNetworkIsolationKey},
13057 {});
13058 }
13059 const SchemefulSite kTestSiteA = SchemefulSite(GURL("http://a.test/"));
13060 const SchemefulSite kTestSiteB = SchemefulSite(GURL("http://b.test/"));
13061 const SchemefulSite kTestSiteC = SchemefulSite(GURL("http://c.test/"));
13062 const base::UnguessableToken kNonceA = base::UnguessableToken::Create();
13063 const base::UnguessableToken kNonceB = base::UnguessableToken::Create();
13064
13065 private:
13066 base::test::ScopedFeatureList scoped_feature_list_;
13067 };
13068
TEST_F(PartitionConnectionsByNetworkAnonymizationKey,DifferentTopFrameSitesNeverShareConnections)13069 TEST_F(PartitionConnectionsByNetworkAnonymizationKey,
13070 DifferentTopFrameSitesNeverShareConnections) {
13071 // Start server
13072 EmbeddedTestServer test_server(EmbeddedTestServer::TYPE_HTTPS);
13073 RegisterDefaultHandlers(&test_server);
13074 ASSERT_TRUE(test_server.Start());
13075 const auto original_url = test_server.GetURL("/echo");
13076 const auto network_anonymization_key1 =
13077 NetworkAnonymizationKey::CreateSameSite(kTestSiteA);
13078 const auto network_anonymization_key2 =
13079 NetworkAnonymizationKey::CreateSameSite(kTestSiteB);
13080
13081 // Create a request from first party `kTestSiteA`.
13082 {
13083 TestDelegate d;
13084 std::unique_ptr<URLRequest> r1(default_context().CreateRequest(
13085 original_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
13086 r1->set_isolation_info_from_network_anonymization_key(
13087 network_anonymization_key1);
13088 r1->SetLoadFlags(LOAD_DISABLE_CACHE);
13089 r1->set_allow_credentials(false);
13090
13091 // Verify NetworkAnonymizationKey is set correctly
13092 EXPECT_TRUE(r1->is_created_from_network_anonymization_key());
13093 EXPECT_EQ(r1->isolation_info().network_anonymization_key(),
13094 network_anonymization_key1);
13095 // Run request
13096 r1->Start();
13097 d.RunUntilComplete();
13098
13099 // Verify request started with a full handshake
13100 EXPECT_THAT(d.request_status(), IsOk());
13101 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, r1->ssl_info().handshake_type);
13102 }
13103
13104 // Create a request from first party `kTestSiteB`. This request should never
13105 // share a key with r1 regardless of the NIK/NAK key schemes.
13106 {
13107 TestDelegate d;
13108 // Create request and create IsolationInfo from
13109 // `network_anonymization_key2`
13110 std::unique_ptr<URLRequest> r2(default_context().CreateRequest(
13111 original_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
13112 r2->set_isolation_info_from_network_anonymization_key(
13113 network_anonymization_key2);
13114 r2->SetLoadFlags(LOAD_DISABLE_CACHE);
13115 r2->set_allow_credentials(false);
13116
13117 // Verify NetworkAnonymizationKey is set correctly.
13118 EXPECT_TRUE(r2->is_created_from_network_anonymization_key());
13119 EXPECT_EQ(r2->isolation_info().network_anonymization_key(),
13120 network_anonymization_key2);
13121 // Run request
13122 r2->Start();
13123 d.RunUntilComplete();
13124
13125 // Verify request started with a full handshake
13126 EXPECT_EQ(1, d.response_started_count());
13127 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, r2->ssl_info().handshake_type);
13128 }
13129 }
13130
TEST_F(PartitionConnectionsByNetworkAnonymizationKey,FirstPartyIsSeparatedFromCrossSiteFrames)13131 TEST_F(PartitionConnectionsByNetworkAnonymizationKey,
13132 FirstPartyIsSeparatedFromCrossSiteFrames) {
13133 // Start server
13134 EmbeddedTestServer test_server(EmbeddedTestServer::TYPE_HTTPS);
13135 RegisterDefaultHandlers(&test_server);
13136 ASSERT_TRUE(test_server.Start());
13137 const auto original_url = test_server.GetURL("/echo");
13138 const auto network_anonymization_key1 =
13139 NetworkAnonymizationKey::CreateSameSite(kTestSiteA);
13140 const auto network_anonymization_key2 =
13141 NetworkAnonymizationKey::CreateCrossSite(kTestSiteA);
13142
13143 // Create a request from first party `kTestSiteA`.
13144 {
13145 TestDelegate d;
13146 std::unique_ptr<URLRequest> r1(default_context().CreateRequest(
13147 original_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
13148 r1->set_isolation_info_from_network_anonymization_key(
13149 network_anonymization_key1);
13150 r1->SetLoadFlags(LOAD_DISABLE_CACHE);
13151 r1->set_allow_credentials(false);
13152
13153 // Verify NetworkAnonymizationKey is set correctly
13154 EXPECT_TRUE(r1->is_created_from_network_anonymization_key());
13155 EXPECT_EQ(r1->isolation_info().network_anonymization_key(),
13156 network_anonymization_key1);
13157 // Run request
13158 r1->Start();
13159 d.RunUntilComplete();
13160 // Verify request started with a full handshake
13161 EXPECT_THAT(d.request_status(), IsOk());
13162 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, r1->ssl_info().handshake_type);
13163 }
13164
13165 // Create a request from third party `kTestSiteB` embedded in `kTestSiteA`.
13166 // This request should share a key with r1 when NetworkAnonymizationKey is in
13167 // double keyed scheme and should not share a key with r1 when
13168 // NetworkAnonymizationKey is triple keyed or in cross site flag scheme.
13169 {
13170 TestDelegate d;
13171 std::unique_ptr<URLRequest> r2(default_context().CreateRequest(
13172 original_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
13173 r2->set_isolation_info_from_network_anonymization_key(
13174 network_anonymization_key2);
13175 r2->SetLoadFlags(LOAD_DISABLE_CACHE);
13176 r2->set_allow_credentials(false);
13177
13178 // Verify NetworkAnonymizationKey is set correctly.
13179 EXPECT_TRUE(r2->is_created_from_network_anonymization_key());
13180 EXPECT_EQ(r2->isolation_info().network_anonymization_key(),
13181 network_anonymization_key2);
13182 // Run request
13183 r2->Start();
13184 d.RunUntilComplete();
13185
13186 EXPECT_THAT(d.request_status(), IsOk());
13187 // We should not share a connection with r1.
13188 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, r2->ssl_info().handshake_type);
13189 }
13190 }
13191
TEST_F(PartitionConnectionsByNetworkAnonymizationKey,DifferentCrossSiteFramesAreSeparatedOnlyWhenNetworkAnonymizationKeyIsTripleKeyed)13192 TEST_F(
13193 PartitionConnectionsByNetworkAnonymizationKey,
13194 DifferentCrossSiteFramesAreSeparatedOnlyWhenNetworkAnonymizationKeyIsTripleKeyed) {
13195 // Start server
13196 EmbeddedTestServer test_server(EmbeddedTestServer::TYPE_HTTPS);
13197 RegisterDefaultHandlers(&test_server);
13198 ASSERT_TRUE(test_server.Start());
13199 const auto original_url = test_server.GetURL("/echo");
13200 const auto network_anonymization_key1 =
13201 NetworkAnonymizationKey::CreateCrossSite(kTestSiteA);
13202 const auto network_anonymization_key2 =
13203 NetworkAnonymizationKey::CreateCrossSite(kTestSiteA);
13204
13205 // Create a request from first party `kTestSiteA`.
13206 {
13207 TestDelegate d;
13208 std::unique_ptr<URLRequest> r1(default_context().CreateRequest(
13209 original_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
13210 r1->set_isolation_info_from_network_anonymization_key(
13211 network_anonymization_key1);
13212 r1->SetLoadFlags(LOAD_DISABLE_CACHE);
13213 r1->set_allow_credentials(false);
13214
13215 // Verify NetworkAnonymizationKey is set correctly
13216 EXPECT_TRUE(r1->is_created_from_network_anonymization_key());
13217 EXPECT_EQ(r1->isolation_info().network_anonymization_key(),
13218 network_anonymization_key1);
13219 // Run request
13220 r1->Start();
13221 d.RunUntilComplete();
13222 // Verify request started with a full handshake
13223 EXPECT_THAT(d.request_status(), IsOk());
13224 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, r1->ssl_info().handshake_type);
13225 }
13226
13227 // Create a request from third party `kTestSiteB` embedded in `kTestSiteA`.
13228 // This request should share a key with r1 when NetworkAnonymizationKey is in
13229 // double keyed scheme and should not share a key with r1 when
13230 // NetworkAnonymizationKey is triple keyed or in cross site flag scheme.
13231 {
13232 TestDelegate d;
13233 // Create request and create IsolationInfo from
13234 // `network_anonymization_key2`
13235 std::unique_ptr<URLRequest> r2(default_context().CreateRequest(
13236 original_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
13237 r2->set_isolation_info_from_network_anonymization_key(
13238 network_anonymization_key2);
13239 r2->SetLoadFlags(LOAD_DISABLE_CACHE);
13240 r2->set_allow_credentials(false);
13241
13242 // Verify NetworkAnonymizationKey is set correctly.
13243 EXPECT_TRUE(r2->is_created_from_network_anonymization_key());
13244 EXPECT_EQ(r2->isolation_info().network_anonymization_key(),
13245 network_anonymization_key2);
13246 // Run request
13247 r2->Start();
13248 d.RunUntilComplete();
13249
13250 EXPECT_THAT(d.request_status(), IsOk());
13251 // We should share a connection with r1
13252 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, r2->ssl_info().handshake_type);
13253 }
13254 }
13255
TEST_F(PartitionConnectionsByNetworkAnonymizationKey,DifferentNoncesAreAlwaysSeparated)13256 TEST_F(PartitionConnectionsByNetworkAnonymizationKey,
13257 DifferentNoncesAreAlwaysSeparated) {
13258 // Start server
13259 EmbeddedTestServer test_server(EmbeddedTestServer::TYPE_HTTPS);
13260 RegisterDefaultHandlers(&test_server);
13261 ASSERT_TRUE(test_server.Start());
13262 const auto original_url = test_server.GetURL("/echo");
13263 const auto network_anonymization_key1 =
13264 NetworkAnonymizationKey::CreateFromParts(
13265 kTestSiteA, /*is_cross_site=*/false, kNonceA);
13266 const auto network_anonymization_key2 =
13267 NetworkAnonymizationKey::CreateFromParts(
13268 kTestSiteA, /*is_cross_site=*/false, kNonceB);
13269
13270 // Create a request from first party `kTestSiteA`.
13271 {
13272 TestDelegate d;
13273 std::unique_ptr<URLRequest> r1(default_context().CreateRequest(
13274 original_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
13275 r1->set_isolation_info_from_network_anonymization_key(
13276 network_anonymization_key1);
13277 r1->SetLoadFlags(LOAD_DISABLE_CACHE);
13278 r1->set_allow_credentials(false);
13279
13280 // Verify NetworkAnonymizationKey is set correctly
13281 EXPECT_TRUE(r1->is_created_from_network_anonymization_key());
13282 EXPECT_EQ(r1->isolation_info().network_anonymization_key(),
13283 network_anonymization_key1);
13284 // Run request
13285 r1->Start();
13286 d.RunUntilComplete();
13287 // Verify request started with a full handshake
13288 EXPECT_THAT(d.request_status(), IsOk());
13289 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, r1->ssl_info().handshake_type);
13290 }
13291
13292 // Create a request from third party `kTestSiteB` embedded in `kTestSiteA`.
13293 // This request should share a key with r1 when NetworkAnonymizationKey is in
13294 // double keyed scheme and should not share a key with r1 when
13295 // NetworkAnonymizationKey is triple keyed or in cross site flag scheme.
13296 {
13297 TestDelegate d;
13298 // Create request and create IsolationInfo from
13299 // `network_anonymization_key2`
13300 std::unique_ptr<URLRequest> r2(default_context().CreateRequest(
13301 original_url, DEFAULT_PRIORITY, &d, TRAFFIC_ANNOTATION_FOR_TESTS));
13302 r2->set_isolation_info_from_network_anonymization_key(
13303 network_anonymization_key2);
13304 r2->SetLoadFlags(LOAD_DISABLE_CACHE);
13305 r2->set_allow_credentials(false);
13306
13307 // Verify NetworkAnonymizationKey is set correctly.
13308 EXPECT_TRUE(r2->is_created_from_network_anonymization_key());
13309 EXPECT_EQ(r2->isolation_info().network_anonymization_key(),
13310 network_anonymization_key2);
13311 // Run request
13312 r2->Start();
13313 d.RunUntilComplete();
13314
13315 EXPECT_THAT(d.request_status(), IsOk());
13316 // Connections where the NetworkAnonymizationKey has different nonces should
13317 // always be separated regardless of scheme
13318 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, r2->ssl_info().handshake_type);
13319 }
13320 }
13321
13322 } // namespace net
13323