xref: /external/chromium_org/chrome/browser/content_settings/cookie_settings_unittest.cc

// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "base/auto_reset.h"
#include "base/message_loop/message_loop.h"
#include "base/prefs/pref_service.h"
#include "chrome/browser/content_settings/cookie_settings.h"
#include "chrome/common/pref_names.h"
#include "chrome/test/base/testing_profile.h"
#include "components/content_settings/core/common/content_settings_pattern.h"
#include "content/public/test/test_browser_thread.h"
#include "net/base/static_cookie_policy.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "url/gurl.h"

using content::BrowserThread;

namespace {

class CookieSettingsTest : public testing::Test {
 public:
  CookieSettingsTest()
      : ui_thread_(BrowserThread::UI, &message_loop_),
        cookie_settings_(CookieSettings::Factory::GetForProfile(&profile_)
                             .get()),
        kBlockedSite("http://ads.thirdparty.com"),
        kAllowedSite("http://good.allays.com"),
        kFirstPartySite("http://cool.things.com"),
        kBlockedFirstPartySite("http://no.thirdparties.com"),
        kExtensionURL("chrome-extension://deadbeef"),
        kHttpsSite("https://example.com"),
        kAllHttpsSitesPattern(ContentSettingsPattern::FromString("https://*")) {
  }

 protected:
  base::MessageLoop message_loop_;
  content::TestBrowserThread ui_thread_;
  TestingProfile profile_;
  CookieSettings* cookie_settings_;
  const GURL kBlockedSite;
  const GURL kAllowedSite;
  const GURL kFirstPartySite;
  const GURL kBlockedFirstPartySite;
  const GURL kExtensionURL;
  const GURL kHttpsSite;
  ContentSettingsPattern kAllHttpsSitesPattern;
};

TEST_F(CookieSettingsTest, CookiesBlockSingle) {
  cookie_settings_->SetCookieSetting(
      ContentSettingsPattern::FromURL(kBlockedSite),
      ContentSettingsPattern::Wildcard(),
      CONTENT_SETTING_BLOCK);
  EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
      kBlockedSite, kBlockedSite));
}

TEST_F(CookieSettingsTest, CookiesBlockThirdParty) {
  profile_.GetPrefs()->SetBoolean(prefs::kBlockThirdPartyCookies, true);
  EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
      kBlockedSite, kFirstPartySite));
  EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kBlockedSite));
  EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(
      kBlockedSite, kFirstPartySite));
}

TEST_F(CookieSettingsTest, CookiesAllowThirdParty) {
  EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
      kBlockedSite, kFirstPartySite));
  EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
      kBlockedSite, kFirstPartySite));
  EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kBlockedSite));
}

TEST_F(CookieSettingsTest, CookiesExplicitBlockSingleThirdParty) {
  cookie_settings_->SetCookieSetting(
      ContentSettingsPattern::FromURL(kBlockedSite),
      ContentSettingsPattern::Wildcard(),
      CONTENT_SETTING_BLOCK);
  EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
      kBlockedSite, kFirstPartySite));
  EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(
      kBlockedSite, kFirstPartySite));
  EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
      kAllowedSite, kFirstPartySite));
}

TEST_F(CookieSettingsTest, CookiesExplicitSessionOnly) {
  cookie_settings_->SetCookieSetting(
      ContentSettingsPattern::FromURL(kBlockedSite),
      ContentSettingsPattern::Wildcard(),
      CONTENT_SETTING_SESSION_ONLY);
  EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
      kBlockedSite, kFirstPartySite));
  EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
      kBlockedSite, kFirstPartySite));
  EXPECT_TRUE(cookie_settings_->IsCookieSessionOnly(kBlockedSite));

  profile_.GetPrefs()->SetBoolean(prefs::kBlockThirdPartyCookies, true);
  EXPECT_TRUE(cookie_settings_->
              IsReadingCookieAllowed(kBlockedSite, kFirstPartySite));
  EXPECT_TRUE(cookie_settings_->
              IsSettingCookieAllowed(kBlockedSite, kFirstPartySite));
  EXPECT_TRUE(cookie_settings_->IsCookieSessionOnly(kBlockedSite));
}

TEST_F(CookieSettingsTest, CookiesThirdPartyBlockedExplicitAllow) {
  cookie_settings_->SetCookieSetting(
      ContentSettingsPattern::FromURL(kAllowedSite),
      ContentSettingsPattern::Wildcard(),
      CONTENT_SETTING_ALLOW);
  profile_.GetPrefs()->SetBoolean(prefs::kBlockThirdPartyCookies, true);
  EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
      kAllowedSite, kFirstPartySite));
  EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
      kAllowedSite, kFirstPartySite));
  EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kAllowedSite));

  // Extensions should always be allowed to use cookies.
  EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
      kAllowedSite, kExtensionURL));
  EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
      kAllowedSite, kExtensionURL));
}

TEST_F(CookieSettingsTest, CookiesThirdPartyBlockedAllSitesAllowed) {
  cookie_settings_->SetCookieSetting(
      ContentSettingsPattern::FromURL(kAllowedSite),
      ContentSettingsPattern::Wildcard(),
      CONTENT_SETTING_ALLOW);
  profile_.GetPrefs()->SetBoolean(prefs::kBlockThirdPartyCookies, true);
  // As an example for a pattern that matches all hosts but not all origins,
  // match all HTTPS sites.
  cookie_settings_->SetCookieSetting(
      kAllHttpsSitesPattern,
      ContentSettingsPattern::Wildcard(),
      CONTENT_SETTING_ALLOW);
  cookie_settings_->SetDefaultCookieSetting(CONTENT_SETTING_SESSION_ONLY);

  // |kAllowedSite| should be allowed.
  EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
      kAllowedSite, kBlockedSite));
  EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
      kAllowedSite, kBlockedSite));
  EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kAllowedSite));

  // HTTPS sites should be allowed in a first-party context.
  EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
      kHttpsSite, kHttpsSite));
  EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
      kHttpsSite, kHttpsSite));
  EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kAllowedSite));

  // HTTP sites should be allowed, but session-only.
  EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
      kFirstPartySite, kFirstPartySite));
  EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
      kFirstPartySite, kFirstPartySite));
  EXPECT_TRUE(cookie_settings_->IsCookieSessionOnly(kFirstPartySite));

  // Third-party cookies should be blocked.
  EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
      kFirstPartySite, kBlockedSite));
  EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(
      kFirstPartySite, kBlockedSite));
  EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
      kHttpsSite, kBlockedSite));
  EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(
      kHttpsSite, kBlockedSite));
}

TEST_F(CookieSettingsTest, CookiesBlockEverything) {
  cookie_settings_->SetDefaultCookieSetting(CONTENT_SETTING_BLOCK);

  EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
      kFirstPartySite, kFirstPartySite));
  EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(
      kFirstPartySite, kFirstPartySite));
  EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(
      kAllowedSite, kFirstPartySite));
}

TEST_F(CookieSettingsTest, CookiesBlockEverythingExceptAllowed) {
  cookie_settings_->SetDefaultCookieSetting(CONTENT_SETTING_BLOCK);
  cookie_settings_->SetCookieSetting(
      ContentSettingsPattern::FromURL(kAllowedSite),
      ContentSettingsPattern::Wildcard(),
      CONTENT_SETTING_ALLOW);
  EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
      kFirstPartySite, kFirstPartySite));
  EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(
      kFirstPartySite, kFirstPartySite));
  EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
      kAllowedSite, kFirstPartySite));
  EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
      kAllowedSite, kFirstPartySite));
  EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
      kAllowedSite, kAllowedSite));
  EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
      kAllowedSite, kAllowedSite));
  EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kAllowedSite));
}

TEST_F(CookieSettingsTest, CookiesBlockSingleFirstParty) {
  cookie_settings_->SetCookieSetting(
      ContentSettingsPattern::FromURL(kAllowedSite),
      ContentSettingsPattern::FromURL(kFirstPartySite),
      CONTENT_SETTING_ALLOW);
  cookie_settings_->SetCookieSetting(
      ContentSettingsPattern::FromURL(kAllowedSite),
      ContentSettingsPattern::FromURL(kBlockedFirstPartySite),
      CONTENT_SETTING_BLOCK);

  EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
      kAllowedSite, kFirstPartySite));
  EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
      kAllowedSite, kFirstPartySite));
  EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kAllowedSite));

  EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
      kAllowedSite, kBlockedFirstPartySite));
  EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(
      kAllowedSite, kBlockedFirstPartySite));

  cookie_settings_->SetDefaultCookieSetting(CONTENT_SETTING_BLOCK);

  EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
      kAllowedSite, kFirstPartySite));
  EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
      kAllowedSite, kFirstPartySite));
  EXPECT_FALSE(cookie_settings_->IsCookieSessionOnly(kAllowedSite));

  EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
      kAllowedSite, kBlockedFirstPartySite));
  EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(
      kAllowedSite, kBlockedFirstPartySite));

  cookie_settings_->ResetCookieSetting(
      ContentSettingsPattern::FromURL(kAllowedSite),
      ContentSettingsPattern::FromURL(kFirstPartySite));

  EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
      kAllowedSite, kFirstPartySite));
  EXPECT_FALSE(cookie_settings_->IsSettingCookieAllowed(
      kAllowedSite, kFirstPartySite));
}

TEST_F(CookieSettingsTest, ExtensionsRegularSettings) {
  cookie_settings_->SetCookieSetting(
      ContentSettingsPattern::FromURL(kBlockedSite),
      ContentSettingsPattern::Wildcard(),
      CONTENT_SETTING_BLOCK);

  // Regular cookie settings also apply to extensions.
  EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
      kBlockedSite, kExtensionURL));
}

TEST_F(CookieSettingsTest, ExtensionsOwnCookies) {
  cookie_settings_->SetDefaultCookieSetting(CONTENT_SETTING_BLOCK);

#if defined(ENABLE_EXTENSIONS)
  // Extensions can always use cookies (and site data) in their own origin.
  EXPECT_TRUE(cookie_settings_->IsReadingCookieAllowed(
      kExtensionURL, kExtensionURL));
#else
  // Except if extensions are disabled. Then the extension-specific checks do
  // not exist and the default setting is to block.
  EXPECT_FALSE(cookie_settings_->IsReadingCookieAllowed(
      kExtensionURL, kExtensionURL));
#endif
}

TEST_F(CookieSettingsTest, ExtensionsThirdParty) {
  profile_.GetPrefs()->SetBoolean(prefs::kBlockThirdPartyCookies, true);

  // XHRs stemming from extensions are exempt from third-party cookie blocking
  // rules (as the first party is always the extension's security origin).
  EXPECT_TRUE(cookie_settings_->IsSettingCookieAllowed(
      kBlockedSite, kExtensionURL));
}

}  // namespace