On Tue, Jul 11, 2017 at 5:20 PM, Martin Šrámek <
msr...@chromium.org> wrote:
> Hello folks!
>
> I have run into a peculiar problem when writing tests for the cache deletion
> in Clear-Site-Data.
>
> I can't test whether the cache is deleted, because I can't write into it in
> the first place. The reason is that content_shell --run-layout-test runs on
>
https://web-platform.test, which does not have a valid certificate; and in
> that case, we disable cache completely. My first guess, using the
> --ignore-certificate-errors flag, does not solve the problem.
Correct. --ignore-certificate-errors properly ignores errors, but the
//net stack is explicitly coded to not cache data for errors (and this
propagates to other things, like service workers). What you want is,
well, a not-errorful connection, which isn't unreasonable to do for a
lot of our test harnesses, and helps make sure we aren't shipping
giant footguns in the production code. But you caught up that thread
:)
>
> This problem was discussed on security-dev in the past, concluding that the
> flag can't make websites work to full extent, as if there was a valid
> certificate, because users tend to use it to shoot themselves in the foot.
> I'm not going to argue against that. However, could we make this possible at
> least for content_shell --run-layout-test?
I'd be nervous about adding it to content_shell, given how many
downstream consumers are now apparently using it to build their
(production) products on, seemingly.
From quickly scanning
https://cs.chromium.org/chromium/src/content/shell/app/shell_main_delegate.cc?rcl=07eb249cdc03c7ca1eceda2c755def72fcbcf5f5&l=161
it doesn't look like --run-layout-test affects profile initialization
(e.g. no good path to inject test dependencies in). I also suspect
it'd be pretty nasty to try to plumb this flag all the way down to the
IO thread initialization - as it's one of those "disable security"
flags that are generally to be avoided.
That said,
https://cs.chromium.org/chromium/src/chrome/common/chrome_switches.cc?rcl=07eb249cdc03c7ca1eceda2c755def72fcbcf5f5&l=492
tries to address the gap between the security/usability/risk side,
depending on what you're using for your test server, but that's in
//chrome (along with
https://cs.chromium.org/chromium/src/chrome/browser/ssl/ignore_errors_cert_verifier.h?rcl=07eb249cdc03c7ca1eceda2c755def72fcbcf5f5&l=21
) in part because it's generally unwise to ignore certificate errors
(and few of our tests need to). It wasn't plumbed into //content
because that sort of "giant dangerous footgun" was something we were
intentionally trying to limit spreading, but...