ES Modules: Set referrer for top-level module script in ModuleScriptLoader

Before this CL, referrer for top-level module script is set in BaseFetchContext::AddAdditionalRequestHeaders() using ExecutionContext::GetOutgoingReferrer(). This works for documents, but doesn't for workers because this execution context is corresponding to "module map settings object", not "fetch client settings object". To fix this, this CL sets the referrer for top-level module script using "fetch client settings object" in ModuleScriptLoader as the spec defines. Change-Id: I0878b13febdae4ee2dc56c998e7f2c100e9c1ba7 Bug: 842553 Reviewed-on: https://chromium-review.googlesource.com/1102236Reviewed-by: Kouhei Ueno <kouhei@chromium.org> Commit-Queue: Hiroki Nakagawa <nhiroki@chromium.org> Cr-Commit-Position: refs/heads/master@{#567937}

ES Modules: Set referrer for top-level module script in ModuleScriptLoader
Before this CL, referrer for top-level module script is set in BaseFetchContext::AddAdditionalRequestHeaders() using ExecutionContext::GetOutgoingReferrer(). This works for documents, but doesn't for workers because this execution context is corresponding to "module map settings object", not "fetch client settings object". To fix this, this CL sets the referrer for top-level module script using "fetch client settings object" in ModuleScriptLoader as the spec defines. Change-Id: I0878b13febdae4ee2dc56c998e7f2c100e9c1ba7 Bug: 842553 Reviewed-on: https://chromium-review.googlesource.com/1102236Reviewed-by: Kouhei Ueno <kouhei@chromium.org> Commit-Queue: Hiroki Nakagawa <nhiroki@chromium.org> Cr-Commit-Position: refs/heads/master@{#567937}
000b11bd · Hiroki Nakagawa · Commit Bot · df6364f8 · df6364f8 · 000b11bd
Commit 000b11bd authored Jun 18, 2018 by Hiroki Nakagawa Committed by Commit Bot Jun 18, 2018
9 changed files
--- a/third_party/WebKit/LayoutTests/external/wpt/workers/modules/dedicated-worker-import-referrer-expected.txt
+++ b/third_party/WebKit/LayoutTests/external/wpt/workers/modules/dedicated-worker-import-referrer-expected.txt
-This is a testharness.js-based test.
-FAIL Same-origin top-level module script loading with "no-referrer" referrer policy assert_equals: expected "" but got "http://web-platform.test:8001/workers/modules/resources/referrer-checker.py"
-FAIL Same-origin top-level module script loading with "origin" referrer policy assert_equals: expected "http://web-platform.test:8001/" but got "http://web-platform.test:8001/workers/modules/resources/referrer-checker.py"
-FAIL Same-origin top-level module script loading with "same-origin" referrer policy assert_equals: expected "http://web-platform.test:8001/workers/modules/resources/referrer-window.html" but got "http://web-platform.test:8001/workers/modules/resources/referrer-checker.py"
-PASS Same-origin static import with "no-referrer" referrer policy.
-PASS Same-origin static import with "origin" referrer policy.
-PASS Same-origin static import with "same-origin" referrer policy.
-PASS Cross-origin static import with "no-referrer" referrer policy.
-PASS Cross-origin static import with "origin" referrer policy.
-PASS Cross-origin static import with "same-origin" referrer policy.
-PASS Same-origin dynamic import with "no-referrer" referrer policy.
-PASS Same-origin dynamic import with "origin" referrer policy.
-PASS Same-origin dynamic import with "same-origin" referrer policy.
-PASS Cross-origin dynamic import with "no-referrer" referrer policy.
-PASS Cross-origin dynamic import with "origin" referrer policy.
-PASS Cross-origin dynamic import with "same-origin" referrer policy.
-Harness: the test ran to completion.
--- a/third_party/WebKit/LayoutTests/external/wpt/workers/modules/dedicated-worker-import-referrer.html
+++ b/third_party/WebKit/LayoutTests/external/wpt/workers/modules/dedicated-worker-import-referrer.html
@@ -104,7 +104,7 @@ import_referrer_test(
 import_referrer_test(
    { scriptURL: 'referrer-checker.py',
      windowReferrerPolicy: 'same-origin',
-      expectedReferrer: createURLString('resources/referrer-window.html') },
+      expectedReferrer: createURLString('resources/new-worker-window.html') },
    'Same-origin top-level module script loading with "same-origin" referrer ' +
        'policy');

--- a/third_party/blink/renderer/core/loader/link_loader.cc
+++ b/third_party/blink/renderer/core/loader/link_loader.cc
@@ -539,7 +539,7 @@ static void ModulePreloadIfNeeded(const LinkLoadParameters& params,
      params.href, destination,
      ScriptFetchOptions(params.nonce, integrity_metadata, params.integrity,
                         kNotParserInserted, credentials_mode),
-      Referrer::NoReferrer(), params.referrer_policy,
+      Referrer(Referrer::NoReferrer(), params.referrer_policy),
      TextPosition::MinimumPosition());
  // Step 10. "Fetch a single module script given url, settings object,

--- a/third_party/blink/renderer/core/loader/link_loader_test.cc
+++ b/third_party/blink/renderer/core/loader/link_loader_test.cc
@@ -478,8 +478,7 @@ class ModulePreloadTestModulator final : public DummyModulator {
    EXPECT_EQ(kNotParserInserted, request.Options().ParserState());
    EXPECT_EQ(params_->expected_credentials_mode,
              request.Options().CredentialsMode());
-    EXPECT_EQ(AtomicString(), request.GetReferrer());
+    EXPECT_EQ(Referrer::NoReferrer(), request.GetReferrer().referrer);
-    EXPECT_EQ(params_->referrer_policy, request.GetReferrerPolicy());
    EXPECT_EQ(params_->integrity,
              request.Options().GetIntegrityAttributeValue());
  }

--- a/third_party/blink/renderer/core/loader/modulescript/module_script_fetch_request.h
+++ b/third_party/blink/renderer/core/loader/modulescript/module_script_fetch_request.h
@@ -24,37 +24,32 @@ class ModuleScriptFetchRequest final {
  ModuleScriptFetchRequest(const KURL& url,
                           WebURLRequest::RequestContext destination,
                           const ScriptFetchOptions& options,
-                           const String& referrer,
+                           const Referrer& referrer,
-                           ReferrerPolicy referrer_policy,
                           const TextPosition& referrer_position)
      : url_(url),
        destination_(destination),
        options_(options),
        referrer_(referrer),
-        referrer_policy_(referrer_policy),
        referrer_position_(referrer_position) {}
  static ModuleScriptFetchRequest CreateForTest(const KURL& url) {
-    return ModuleScriptFetchRequest(
+    return ModuleScriptFetchRequest(url, WebURLRequest::kRequestContextScript,
-        url, WebURLRequest::kRequestContextScript, ScriptFetchOptions(),
+                                    ScriptFetchOptions(), Referrer(),
-        Referrer::NoReferrer(), kReferrerPolicyDefault,
+                                    TextPosition::MinimumPosition());
-        TextPosition::MinimumPosition());
  }
  ~ModuleScriptFetchRequest() = default;
  const KURL& Url() const { return url_; }
  WebURLRequest::RequestContext Destination() const { return destination_; }
  const ScriptFetchOptions& Options() const { return options_; }
-  const AtomicString& GetReferrer() const { return referrer_; }
+  const Referrer& GetReferrer() const { return referrer_; }
-  ReferrerPolicy GetReferrerPolicy() const { return referrer_policy_; }
  const TextPosition& GetReferrerPosition() const { return referrer_position_; }
 private:
  const KURL url_;
  const WebURLRequest::RequestContext destination_;
  const ScriptFetchOptions options_;
-  const AtomicString referrer_;
+  const Referrer referrer_;
-  const ReferrerPolicy referrer_policy_;
  const TextPosition referrer_position_;
 };

--- a/third_party/blink/renderer/core/loader/modulescript/module_script_loader.cc
+++ b/third_party/blink/renderer/core/loader/modulescript/module_script_loader.cc
@@ -125,7 +125,7 @@ void ModuleScriptLoader::FetchInternal(
  if (level == ModuleGraphLevel::kDependentModuleFetch) {
    options.initiator_info.imported_module_referrer =
-        module_request.GetReferrer();
+        module_request.GetReferrer().referrer;
    options.initiator_info.position = module_request.GetReferrerPosition();
  }
@@ -150,12 +150,8 @@ void ModuleScriptLoader::FetchInternal(
      options_.CredentialsMode());
  // Step 5. "... referrer is referrer, ..." [spec text]
-  if (!module_request.GetReferrer().IsNull()) {
+  fetch_params.MutableResourceRequest().SetHTTPReferrer(
-    fetch_params.MutableResourceRequest().SetHTTPReferrer(
+      module_request.GetReferrer());
-        SecurityPolicy::GenerateReferrer(module_request.GetReferrerPolicy(),
-                                         module_request.Url(),
-                                         module_request.GetReferrer()));
-  }
  // Step 5. "... and client is fetch client settings object." [spec text]
  // -> set by ResourceFetcher

--- a/third_party/blink/renderer/core/loader/modulescript/module_tree_linker.cc
+++ b/third_party/blink/renderer/core/loader/modulescript/module_tree_linker.cc
@@ -12,6 +12,7 @@
 #include "third_party/blink/renderer/platform/bindings/v8_throw_exception.h"
 #include "third_party/blink/renderer/platform/loader/fetch/resource_loading_log.h"
 #include "third_party/blink/renderer/platform/runtime_enabled_features.h"
+#include "third_party/blink/renderer/platform/weborigin/security_policy.h"
 #include "third_party/blink/renderer/platform/wtf/vector.h"
 #include "v8/include/v8.h"
@@ -182,8 +183,10 @@ void ModuleTreeLinker::FetchRoot(const KURL& original_url,
  // Step 2. Perform the internal module script graph fetching procedure given
  // ... with the top-level module fetch flag set. ...
  ModuleScriptFetchRequest request(
-      url, destination_, options, Referrer::NoReferrer(),
+      url, destination_, options,
-      fetch_client_settings_object_.GetReferrerPolicy(),
+      SecurityPolicy::GenerateReferrer(
+          fetch_client_settings_object_.GetReferrerPolicy(), url,
+          fetch_client_settings_object_.GetOutgoingReferrer()),
      TextPosition::MinimumPosition());
  InitiateInternalModuleScriptGraphFetching(
@@ -373,8 +376,11 @@ void ModuleTreeLinker::FetchDescendants(ModuleScript* module_script) {
    // [FD] Step 7. ... perform the internal module script graph fetching
    // procedure given ... with the top-level module fetch flag unset. ...
    ModuleScriptFetchRequest request(
-        urls[i], destination_, options, module_script->BaseURL().GetString(),
+        urls[i], destination_, options,
-        fetch_client_settings_object_.GetReferrerPolicy(), positions[i]);
+        SecurityPolicy::GenerateReferrer(
+            fetch_client_settings_object_.GetReferrerPolicy(), urls[i],
+            module_script->BaseURL().GetString()),
+        positions[i]);
    InitiateInternalModuleScriptGraphFetching(
        request, ModuleGraphLevel::kDependentModuleFetch);
  }

--- a/third_party/blink/renderer/core/script/fetch_client_settings_object_snapshot.cc
+++ b/third_party/blink/renderer/core/script/fetch_client_settings_object_snapshot.cc
@@ -11,13 +11,15 @@ namespace blink {
 FetchClientSettingsObjectSnapshot::FetchClientSettingsObjectSnapshot(
    ExecutionContext& execution_context)
    : FetchClientSettingsObjectSnapshot(execution_context.GetSecurityOrigin(),
-                                        execution_context.GetReferrerPolicy()) {
+                                        execution_context.GetReferrerPolicy(),
-}
+                                        execution_context.OutgoingReferrer()) {}
 FetchClientSettingsObjectSnapshot::FetchClientSettingsObjectSnapshot(
    const scoped_refptr<const SecurityOrigin> security_origin,
-    ReferrerPolicy referrer_policy)
+    ReferrerPolicy referrer_policy,
+    const String& outgoing_referrer)
    : security_origin_(std::move(security_origin)),
-      referrer_policy_(referrer_policy) {}
+      referrer_policy_(referrer_policy),
+      outgoing_referrer_(outgoing_referrer) {}
 }  // namespace blink
--- a/third_party/blink/renderer/core/script/fetch_client_settings_object_snapshot.h
+++ b/third_party/blink/renderer/core/script/fetch_client_settings_object_snapshot.h
@@ -35,7 +35,8 @@ class CORE_EXPORT FetchClientSettingsObjectSnapshot final {
  explicit FetchClientSettingsObjectSnapshot(ExecutionContext&);
  FetchClientSettingsObjectSnapshot(
      const scoped_refptr<const SecurityOrigin> security_origin,
-      ReferrerPolicy referrer_policy);
+      ReferrerPolicy referrer_policy,
+      const String& outgoing_referrer);
  virtual ~FetchClientSettingsObjectSnapshot() = default;
@@ -50,16 +51,22 @@ class CORE_EXPORT FetchClientSettingsObjectSnapshot final {
  // https://html.spec.whatwg.org/multipage/webappapis.html#concept-settings-object-referrer-policy
  ReferrerPolicy GetReferrerPolicy() const { return referrer_policy_; }
+  // "referrerURL" used in the "Determine request's Referrer" algorithm:
+  // https://w3c.github.io/webappsec-referrer-policy/#determine-requests-referrer
+  const String& GetOutgoingReferrer() const { return outgoing_referrer_; }
  // Makes an copy of this instance. This is typically used for cross-thread
  // communication in CrossThreadCopier.
  FetchClientSettingsObjectSnapshot IsolatedCopy() const {
    return FetchClientSettingsObjectSnapshot(security_origin_->IsolatedCopy(),
-                                             referrer_policy_);
+                                             referrer_policy_,
+                                             outgoing_referrer_.IsolatedCopy());
  }
 private:
  const scoped_refptr<const SecurityOrigin> security_origin_;
  const ReferrerPolicy referrer_policy_;
+  const String outgoing_referrer_;
 };
 template <>