Fix safe search policy not being applied on redirects.

This is another regression from r579953. The problem is that NetworkDelegate::OnBeforeURLRequest is called on the initial request and every redirect, while URLLoaderThrottle::WillStartRequest is only called on the original request and not redirects.

This cl doesn't fix the network service path, as we don't have a way to change the URL in a throttle on a redirect. It's meant to be as minimal to merge. Follow-up cls will add a test and fix this for network service path.

Bug: 899268
Change-Id: I1948ee74a57e6a36cfda165abd924900b4b8b1c4
Reviewed-on: https://chromium-review.googlesource.com/c/1338567Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Commit-Queue: John Abd-El-Malek <jam@chromium.org>
Cr-Commit-Position: refs/heads/master@{#608599}

chrome/browser/net/chrome_network_delegate.cc

@@ -31,6 +31,7 @@
 #include "chrome/browser/profiles/profile_manager.h"
 #include "chrome/browser/task_manager/task_manager_interface.h"
 #include "chrome/common/buildflags.h"
+#include "chrome/common/net/safe_search_util.h"
 #include "chrome/common/pref_names.h"
 #include "components/content_settings/core/browser/cookie_settings.h"
 #include "components/domain_reliability/monitor.h"
@@ -78,6 +79,19 @@ namespace {
 
 bool g_access_to_all_files_enabled = false;
 
+// Gets called when the extensions finish work on the URL. If the extensions
+// did not do a redirect (so |new_url| is empty) then we enforce the
+// SafeSearch parameters. Otherwise we will get called again after the
+// redirect and we enforce SafeSearch then.
+void ForceGoogleSafeSearchCallbackWrapper(net::CompletionOnceCallback callback,
+                                          net::URLRequest* request,
+                                          GURL* new_url,
+                                          int rv) {
+  if (rv == net::OK && new_url->is_empty())
+    safe_search_util::ForceGoogleSafeSearch(request->url(), new_url);
+  std::move(callback).Run(rv);
+}
+
 bool IsAccessAllowedInternal(const base::FilePath& path,
                              const base::FilePath& profile_path) {
   if (g_access_to_all_files_enabled)
@@ -198,8 +212,27 @@ int ChromeNetworkDelegate::OnBeforeURLRequest(
     net::CompletionOnceCallback callback,
     GURL* new_url) {
   extensions_delegate_->ForwardStartRequestStatus(request);
-  return extensions_delegate_->NotifyBeforeURLRequest(
-      request, std::move(callback), new_url);
+
+  // The non-redirect case is handled in GoogleURLLoaderThrottle.
+  bool force_safe_search =
+      (force_google_safe_search_ && force_google_safe_search_->GetValue() &&
+       request->is_redirecting());
+
+  net::CompletionOnceCallback wrapped_callback = std::move(callback);
+
+  if (force_safe_search) {
+    wrapped_callback = base::BindOnce(
+        &ForceGoogleSafeSearchCallbackWrapper, std::move(wrapped_callback),
+        base::Unretained(request), base::Unretained(new_url));
+  }
+
+  int rv = extensions_delegate_->NotifyBeforeURLRequest(
+      request, std::move(wrapped_callback), new_url);
+
+  if (force_safe_search && rv == net::OK && new_url->is_empty())
+    safe_search_util::ForceGoogleSafeSearch(request->url(), new_url);
+
+  return rv;
 }
 
 int ChromeNetworkDelegate::OnBeforeStartTransaction(

chrome/browser/net/chrome_network_delegate.h

@@ -19,6 +19,7 @@
 #include "build/build_config.h"
 #include "chrome/browser/net/reporting_permissions_checker.h"
 #include "components/domain_reliability/monitor.h"
+#include "components/prefs/pref_member.h"
 #include "net/base/network_delegate_impl.h"
 
 class ChromeExtensionsNetworkDelegate;
@@ -69,6 +70,11 @@ class ChromeNetworkDelegate : public net::NetworkDelegateImpl {
   // the header file. Here we just forward-declare it.
   void set_cookie_settings(content_settings::CookieSettings* cookie_settings);
 
+  void set_force_google_safe_search(
+      BooleanPrefMember* force_google_safe_search) {
+    force_google_safe_search_ = force_google_safe_search;
+  }
+
   void set_domain_reliability_monitor(
       std::unique_ptr<domain_reliability::DomainReliabilityMonitor> monitor) {
     domain_reliability_monitor_ = std::move(monitor);
@@ -166,6 +172,7 @@ class ChromeNetworkDelegate : public net::NetworkDelegateImpl {
   scoped_refptr<content_settings::CookieSettings> cookie_settings_;
 
   // Weak, owned by our owner.
+  BooleanPrefMember* force_google_safe_search_ = nullptr;
   std::unique_ptr<domain_reliability::DomainReliabilityMonitor>
       domain_reliability_monitor_;
   std::unique_ptr<ReportingPermissionsChecker> reporting_permissions_checker_;

chrome/browser/profiles/profile_io_data.cc

@@ -1009,6 +1009,8 @@ void ProfileIOData::Init(
     chrome_network_delegate->set_profile_path(profile_params_->path);
     chrome_network_delegate->set_cookie_settings(
         profile_params_->cookie_settings.get());
+    chrome_network_delegate->set_force_google_safe_search(
+        &force_google_safesearch_);
 
     chrome_network_delegate_unowned_ = chrome_network_delegate.get();
 

chrome/common/google_url_loader_throttle.cc

@@ -62,9 +62,25 @@ void GoogleURLLoaderThrottle::WillRedirectRequest(
     const network::ResourceResponseHead& /* response_head */,
     bool* /* defer */,
     std::vector<std::string>* to_be_removed_headers,
-    net::HttpRequestHeaders* /* modified_headers */) {
+    net::HttpRequestHeaders* modified_headers) {
   if (!variations::ShouldAppendVariationHeaders(redirect_info.new_url))
     to_be_removed_headers->push_back(variations::kClientDataHeader);
+
+  if (dynamic_params_.youtube_restrict >
+          safe_search_util::YOUTUBE_RESTRICT_OFF &&
+      dynamic_params_.youtube_restrict <
+          safe_search_util::YOUTUBE_RESTRICT_COUNT) {
+    safe_search_util::ForceYouTubeRestrict(
+        redirect_info.new_url, modified_headers,
+        static_cast<safe_search_util::YouTubeRestrictMode>(
+            dynamic_params_.youtube_restrict));
+  }
+
+  if (!dynamic_params_.allowed_domains_for_apps.empty() &&
+      redirect_info.new_url.DomainIs("google.com")) {
+    modified_headers->SetHeader(safe_search_util::kGoogleAppsAllowedDomains,
+                                dynamic_params_.allowed_domains_for_apps);
+  }
 }
 
 #if BUILDFLAG(ENABLE_EXTENSIONS)