src/chrome/browser/content_settings/cookie_settings_unittest.cc

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "base/auto_reset.h"
   6 #include "base/message_loop/message_loop.h"
   7 #include "base/prefs/pref_service.h"
   8 #include "chrome/browser/content_settings/cookie_settings.h"
   9 #include "chrome/common/pref_names.h"
  10 #include "chrome/test/base/testing_profile.h"
  11 #include "components/content_settings/core/common/content_settings_pattern.h"
  12 #include "content/public/test/test_browser_thread.h"
  13 #include "net/base/static_cookie_policy.h"
  14 #include "testing/gtest/include/gtest/gtest.h"
  15 #include "url/gurl.h"
  16
  17 using content::BrowserThread;
  18
  19 namespace {
  20
  21 class CookieSettingsTest : public testing::Test {
  22  public:
  23   CookieSettingsTest()
  24       : ui_thread_(BrowserThread::UI, &message_loop_),
  25         cookie_settings_(CookieSettings::Factory::GetForProfile(&profile_)
  26                              .get()),
  27         kBlockedSite("http://ads.thirdparty.com"),
  28         kAllowedSite("http://good.allays.com"),
  29         kFirstPartySite("http://cool.things.com"),
  30         kBlockedFirstPartySite("http://no.thirdparties.com"),
  31         kExtensionURL("chrome-extension://deadbeef"),
  32         kHttpsSite("https://example.com"),
  33         kAllHttpsSitesPattern(ContentSettingsPattern::FromString("https://*")) {
  34   }
  35
  36  protected:
  37   base::MessageLoop message_loop_;
  38   content::TestBrowserThread ui_thread_;
  39   TestingProfile profile_;
  40   CookieSettings* cookie_settings_;
  41   const GURL kBlockedSite;
  42   const GURL kAllowedSite;
  43   const GURL kFirstPartySite;
  44   const GURL kBlockedFirstPartySite;
  45   const GURL kExtensionURL;
  46   const GURL kHttpsSite;
  47   ContentSettingsPattern kAllHttpsSitesPattern;
  48 };
  49
  50 TEST_F(CookieSettingsTest, CookiesBlockSingle) {
  51   cookie_settings_->SetCookieSetting(
  52       ContentSettingsPattern::FromURL(kBlockedSite),
  53       ContentSettingsPattern::Wildcard(),
  54       CONTENT_SETTING_BLOCK);
  55   EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
  56       kBlockedSite, kBlockedSite));
  57 }
  58
  59 TEST_F(CookieSettingsTest, CookiesBlockThirdParty) {
  60   profile_.GetPrefs()->SetBoolean(prefs::kBlockThirdPartyCookies, true);
  61   EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
  62       kBlockedSite, kFirstPartySite));
  63   EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kBlockedSite));
  64   EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(
  65       kBlockedSite, kFirstPartySite));
  66 }
  67
  68 TEST_F(CookieSettingsTest, CookiesAllowThirdParty) {
  69   EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
  70       kBlockedSite, kFirstPartySite));
  71   EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
  72       kBlockedSite, kFirstPartySite));
  73   EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kBlockedSite));
  74 }
  75
  76 TEST_F(CookieSettingsTest, CookiesExplicitBlockSingleThirdParty) {
  77   cookie_settings_->SetCookieSetting(
  78       ContentSettingsPattern::FromURL(kBlockedSite),
  79       ContentSettingsPattern::Wildcard(),
  80       CONTENT_SETTING_BLOCK);
  81   EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
  82       kBlockedSite, kFirstPartySite));
  83   EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(
  84       kBlockedSite, kFirstPartySite));
  85   EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
  86       kAllowedSite, kFirstPartySite));
  87 }
  88
  89 TEST_F(CookieSettingsTest, CookiesExplicitSessionOnly) {
  90   cookie_settings_->SetCookieSetting(
  91       ContentSettingsPattern::FromURL(kBlockedSite),
  92       ContentSettingsPattern::Wildcard(),
  93       CONTENT_SETTING_SESSION_ONLY);
  94   EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
  95       kBlockedSite, kFirstPartySite));
  96   EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
  97       kBlockedSite, kFirstPartySite));
  98   EXPECT_TRUE(cookie_settings_->IsCookieSessionOnly(kBlockedSite));
  99
 100   profile_.GetPrefs()->SetBoolean(prefs::kBlockThirdPartyCookies, true);
 101   EXPECT_TRUE(cookie_settings_->
 102               IsReadingCookieAllowed(kBlockedSite, kFirstPartySite));
 103   EXPECT_TRUE(cookie_settings_->
 104               IsSettingCookieAllowed(kBlockedSite, kFirstPartySite));
 105   EXPECT_TRUE(cookie_settings_->IsCookieSessionOnly(kBlockedSite));
 106 }
 107
 108 TEST_F(CookieSettingsTest, CookiesThirdPartyBlockedExplicitAllow) {
 109   cookie_settings_->SetCookieSetting(
 110       ContentSettingsPattern::FromURL(kAllowedSite),
 111       ContentSettingsPattern::Wildcard(),
 112       CONTENT_SETTING_ALLOW);
 113   profile_.GetPrefs()->SetBoolean(prefs::kBlockThirdPartyCookies, true);
 114   EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
 115       kAllowedSite, kFirstPartySite));
 116   EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
 117       kAllowedSite, kFirstPartySite));
 118   EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kAllowedSite));
 119
 120   // Extensions should always be allowed to use cookies.
 121   EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
 122       kAllowedSite, kExtensionURL));
 123   EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
 124       kAllowedSite, kExtensionURL));
 125 }
 126
 127 TEST_F(CookieSettingsTest, CookiesThirdPartyBlockedAllSitesAllowed) {
 128   cookie_settings_->SetCookieSetting(
 129       ContentSettingsPattern::FromURL(kAllowedSite),
 130       ContentSettingsPattern::Wildcard(),
 131       CONTENT_SETTING_ALLOW);
 132   profile_.GetPrefs()->SetBoolean(prefs::kBlockThirdPartyCookies, true);
 133   // As an example for a pattern that matches all hosts but not all origins,
 134   // match all HTTPS sites.
 135   cookie_settings_->SetCookieSetting(
 136       kAllHttpsSitesPattern,
 137       ContentSettingsPattern::Wildcard(),
 138       CONTENT_SETTING_ALLOW);
 139   cookie_settings_->SetDefaultCookieSetting(CONTENT_SETTING_SESSION_ONLY);
 140
 141   // |kAllowedSite| should be allowed.
 142   EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
 143       kAllowedSite, kBlockedSite));
 144   EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
 145       kAllowedSite, kBlockedSite));
 146   EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kAllowedSite));
 147
 148   // HTTPS sites should be allowed in a first-party context.
 149   EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
 150       kHttpsSite, kHttpsSite));
 151   EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
 152       kHttpsSite, kHttpsSite));
 153   EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kAllowedSite));
 154
 155   // HTTP sites should be allowed, but session-only.
 156   EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
 157       kFirstPartySite, kFirstPartySite));
 158   EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
 159       kFirstPartySite, kFirstPartySite));
 160   EXPECT_TRUE(cookie_settings_->IsCookieSessionOnly(kFirstPartySite));
 161
 162   // Third-party cookies should be blocked.
 163   EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
 164       kFirstPartySite, kBlockedSite));
 165   EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(
 166       kFirstPartySite, kBlockedSite));
 167   EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
 168       kHttpsSite, kBlockedSite));
 169   EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(
 170       kHttpsSite, kBlockedSite));
 171 }
 172
 173 TEST_F(CookieSettingsTest, CookiesBlockEverything) {
 174   cookie_settings_->SetDefaultCookieSetting(CONTENT_SETTING_BLOCK);
 175
 176   EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
 177       kFirstPartySite, kFirstPartySite));
 178   EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(
 179       kFirstPartySite, kFirstPartySite));
 180   EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(
 181       kAllowedSite, kFirstPartySite));
 182 }
 183
 184 TEST_F(CookieSettingsTest, CookiesBlockEverythingExceptAllowed) {
 185   cookie_settings_->SetDefaultCookieSetting(CONTENT_SETTING_BLOCK);
 186   cookie_settings_->SetCookieSetting(
 187       ContentSettingsPattern::FromURL(kAllowedSite),
 188       ContentSettingsPattern::Wildcard(),
 189       CONTENT_SETTING_ALLOW);
 190   EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
 191       kFirstPartySite, kFirstPartySite));
 192   EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(
 193       kFirstPartySite, kFirstPartySite));
 194   EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
 195       kAllowedSite, kFirstPartySite));
 196   EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
 197       kAllowedSite, kFirstPartySite));
 198   EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
 199       kAllowedSite, kAllowedSite));
 200   EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
 201       kAllowedSite, kAllowedSite));
 202   EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kAllowedSite));
 203 }
 204
 205 TEST_F(CookieSettingsTest, CookiesBlockSingleFirstParty) {
 206   cookie_settings_->SetCookieSetting(
 207       ContentSettingsPattern::FromURL(kAllowedSite),
 208       ContentSettingsPattern::FromURL(kFirstPartySite),
 209       CONTENT_SETTING_ALLOW);
 210   cookie_settings_->SetCookieSetting(
 211       ContentSettingsPattern::FromURL(kAllowedSite),
 212       ContentSettingsPattern::FromURL(kBlockedFirstPartySite),
 213       CONTENT_SETTING_BLOCK);
 214
 215   EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
 216       kAllowedSite, kFirstPartySite));
 217   EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
 218       kAllowedSite, kFirstPartySite));
 219   EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kAllowedSite));
 220
 221   EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
 222       kAllowedSite, kBlockedFirstPartySite));
 223   EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(
 224       kAllowedSite, kBlockedFirstPartySite));
 225
 226   cookie_settings_->SetDefaultCookieSetting(CONTENT_SETTING_BLOCK);
 227
 228   EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
 229       kAllowedSite, kFirstPartySite));
 230   EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
 231       kAllowedSite, kFirstPartySite));
 232   EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kAllowedSite));
 233
 234   EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
 235       kAllowedSite, kBlockedFirstPartySite));
 236   EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(
 237       kAllowedSite, kBlockedFirstPartySite));
 238
 239   cookie_settings_->ResetCookieSetting(
 240       ContentSettingsPattern::FromURL(kAllowedSite),
 241       ContentSettingsPattern::FromURL(kFirstPartySite));
 242
 243   EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
 244       kAllowedSite, kFirstPartySite));
 245   EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(
 246       kAllowedSite, kFirstPartySite));
 247 }
 248
 249 TEST_F(CookieSettingsTest, ExtensionsRegularSettings) {
 250   cookie_settings_->SetCookieSetting(
 251       ContentSettingsPattern::FromURL(kBlockedSite),
 252       ContentSettingsPattern::Wildcard(),
 253       CONTENT_SETTING_BLOCK);
 254
 255   // Regular cookie settings also apply to extensions.
 256   EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
 257       kBlockedSite, kExtensionURL));
 258 }
 259
 260 TEST_F(CookieSettingsTest, ExtensionsOwnCookies) {
 261   cookie_settings_->SetDefaultCookieSetting(CONTENT_SETTING_BLOCK);
 262
 263 #if defined(ENABLE_EXTENSIONS)
 264   // Extensions can always use cookies (and site data) in their own origin.
 265   EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
 266       kExtensionURL, kExtensionURL));
 267 #else
 268   // Except if extensions are disabled. Then the extension-specific checks do
 269   // not exist and the default setting is to block.
 270   EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
 271       kExtensionURL, kExtensionURL));
 272 #endif
 273 }
 274
 275 TEST_F(CookieSettingsTest, ExtensionsThirdParty) {
 276   profile_.GetPrefs()->SetBoolean(prefs::kBlockThirdPartyCookies, true);
 277
 278   // XHRs stemming from extensions are exempt from third-party cookie blocking
 279   // rules (as the first party is always the extension's security origin).
 280   EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
 281       kBlockedSite, kExtensionURL));
 282 }
 283
 284 }  // namespace