[Security] Ignore COOP on subframes.

The Cross-Origin-Opener-Policy header should not be taken into consideration when doing subframe navigations. This is enforced by this patch. Bug: 1018655 Change-Id: Icd2846c5992fb795b955101dec91950e5e7008cc Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2087716 Commit-Queue: Arthur Hemery <ahemery@chromium.org> Reviewed-by: Camille Lamy <clamy@chromium.org> Reviewed-by: Arthur Sonzogni <arthursonzogni@chromium.org> Cr-Commit-Position: refs/heads/master@{#747322}

[Security] Ignore COOP on subframes.
The Cross-Origin-Opener-Policy header should not be taken into consideration when doing subframe navigations. This is enforced by this patch. Bug: 1018655 Change-Id: Icd2846c5992fb795b955101dec91950e5e7008cc Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2087716 Commit-Queue: Arthur Hemery <ahemery@chromium.org> Reviewed-by: Camille Lamy <clamy@chromium.org> Reviewed-by: Arthur Sonzogni <arthursonzogni@chromium.org> Cr-Commit-Position: refs/heads/master@{#747322}
0c09c518 · Arthur Hemery · Commit Bot · 5b49806a · 0c09c518 · 0c09c518
Commit 0c09c518 authored Mar 05, 2020 by Arthur Hemery Committed by Commit Bot Mar 05, 2020
2 changed files
--- a/content/browser/cross_origin_opener_policy_browsertest.cc
+++ b/content/browser/cross_origin_opener_policy_browsertest.cc
@@ -10,6 +10,7 @@
 #include "content/public/test/content_browser_test.h"
 #include "content/public/test/content_browser_test_utils.h"
 #include "content/shell/browser/shell.h"
+#include "content/test/content_browser_test_utils_internal.h"
 #include "net/dns/mock_host_resolver.h"
 #include "services/network/public/cpp/features.h"
 #include "services/network/public/mojom/cross_origin_opener_policy.mojom.h"
@@ -282,4 +283,32 @@ IN_PROC_BROWSER_TEST_F(CrossOriginOpenerPolicyBrowserTest,
            network::mojom::CrossOriginOpenerPolicy::kUnsafeNone);
 }
+IN_PROC_BROWSER_TEST_F(CrossOriginOpenerPolicyBrowserTest,
+                       CoopIsIgnoredOnIframes) {
+  GURL starting_page(
+      https_server()->GetURL("a.com", "/cross_site_iframe_factory.html?a(b)"));
+  GURL iframe_navigation_url(https_server()->GetURL(
+      "b.com", "/cross-origin-opener-policy_same-origin.html"));
+  EXPECT_TRUE(NavigateToURL(shell(), starting_page));
+  RenderFrameHostImpl* main_rfh = current_frame_host();
+  FrameTreeNode* iframe_ftn = main_rfh->child_at(0);
+  RenderFrameHostImpl* iframe_rfh = iframe_ftn->current_frame_host();
+  SiteInstanceImpl* non_coop_iframe_site_instance =
+      iframe_rfh->GetSiteInstance();
+  // Navigate the iframe same-origin to a document with the COOP header. The
+  // header must be ignored in iframes.
+  NavigateFrameToURL(iframe_ftn, iframe_navigation_url);
+  iframe_rfh = iframe_ftn->current_frame_host();
+  // We expect the navigation to have used the same SiteInstance that was used
+  // in the first place since they are same origin and COOP is ignored.
+  EXPECT_EQ(iframe_rfh->GetLastCommittedURL(), iframe_navigation_url);
+  EXPECT_EQ(iframe_rfh->GetSiteInstance(), non_coop_iframe_site_instance);
+  EXPECT_EQ(iframe_rfh->cross_origin_opener_policy(),
+            network::mojom::CrossOriginOpenerPolicy::kSameOrigin);
+}
 }  // namespace content
--- a/content/browser/frame_host/render_frame_host_manager.cc
+++ b/content/browser/frame_host/render_frame_host_manager.cc
@@ -2363,7 +2363,7 @@ RenderFrameHostManager::GetSiteInstanceForNavigationRequest(
                       mojom::NavigationType::RELOAD_ORIGINAL_REQUEST_URL;
  bool cross_origin_policy_swap =
-      request->response() &&
+      request->response() && frame_tree_node_->IsMainFrame() &&
      ShouldSwapBrowsingInstanceForCrossOriginOpenerPolicy(
          render_frame_host_->cross_origin_opener_policy(),
          render_frame_host_->cross_origin_embedder_policy().value,