[COOP] access reporting [6/N] Plumb SourceLocation

All of this is put behind a flag disabled by default.
This is mostly based on the initial prototype:
https://chromium-review.googlesource.com/c/chromium/src/+/2223934/24

Capture, plumb and use the SourceLocation for COOP access reporting.

COOP access reporting:
[1/N] https://chromium-review.googlesource.com/c/chromium/src/+/2264294
[2/N] https://chromium-review.googlesource.com/c/chromium/src/+/2270185
[3/N] https://chromium-review.googlesource.com/c/chromium/src/+/2270472
[4/N] https://chromium-review.googlesource.com/c/chromium/src/+/2273120
[5/N] https://chromium-review.googlesource.com/c/chromium/src/+/2309433
[6/N] this patch.

Bug: chromium:1090273
Change-Id: I03047773f0353011b2a202b6792c900eac90c99a
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2308715Reviewed-by: Arthur Sonzogni <arthursonzogni@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Reviewed-by: Camille Lamy <clamy@chromium.org>
Reviewed-by: Pâris Meuleman <pmeuleman@chromium.org>
Commit-Queue: Arthur Sonzogni <arthursonzogni@chromium.org>
Cr-Commit-Position: refs/heads/master@{#791190}

content/browser/net/cross_origin_opener_policy_reporter.cc

@@ -13,22 +13,26 @@
 #include "content/public/browser/storage_partition.h"
 #include "services/network/public/cpp/features.h"
 #include "services/network/public/mojom/network_context.mojom.h"
+#include "services/network/public/mojom/source_location.mojom.h"
 #include "url/origin.h"
 
 namespace content {
 
 namespace {
 
+constexpr char kColumnNumber[] = "colno";
 constexpr char kDispositionEnforce[] = "enforce";
 constexpr char kDispositionReporting[] = "reporting";
 constexpr char kDisposition[] = "disposition";
 constexpr char kDocumentURI[] = "document-uri";
 constexpr char kEffectivePolicy[] = "effective-policy";
+constexpr char kLineNumber[] = "lineno";
 constexpr char kNavigationURI[] = "navigation-uri";
 constexpr char kProperty[] = "property";
 constexpr char kSameOriginAllowPopups[] = "same-origin-allow-popups";
 constexpr char kSameOriginPlusCoep[] = "same-origin-plus-coep";
 constexpr char kSameOrigin[] = "same-origin";
+constexpr char kSourceFile[] = "source-file";
 constexpr char kUnsafeNone[] = "unsafe-none";
 constexpr char kViolationTypeFromDocument[] = "navigation-from-document";
 constexpr char kViolationTypeToDocument[] = "navigation-to-document";
@@ -178,7 +182,8 @@ void CrossOriginOpenerPolicyReporter::QueueOpenerBreakageReport(
 
 void CrossOriginOpenerPolicyReporter::QueueAccessReport(
     network::mojom::CoopAccessReportType report_type,
-    const std::string& property) {
+    const std::string& property,
+    network::mojom::SourceLocationPtr source_location) {
   // Cross-Origin-Opener-Policy-Report-Only is not required to provide
   // endpoints.
   if (!coop_.report_only_reporting_endpoint)
@@ -196,9 +201,12 @@ void CrossOriginOpenerPolicyReporter::QueueAccessReport(
                      ToString(coop_.report_only_value));
   body.SetStringPath(kProperty, property);
   // TODO(arthursonzogni): Fill "blocked-window-url".
-  // TODO(arthursonzogni): Fill "source-file".
-  // TODO(arthursonzogni): Fill "line-no".
-  // TODO(arthursonzogni): Fill "col-no".
+  if (source_location->url != "" &&
+      report_type == network::mojom::CoopAccessReportType::kReportAccessFrom) {
+    body.SetStringPath(kSourceFile, source_location->url);
+    body.SetIntPath(kLineNumber, source_location->line);
+    body.SetIntPath(kColumnNumber, source_location->column);
+  }
   storage_partition_->GetNetworkContext()->QueueReport(
       "coop", endpoint, context_url_, base::nullopt, std::move(body));
 }

content/browser/net/cross_origin_opener_policy_reporter.h

@@ -12,6 +12,7 @@
 #include "content/public/browser/global_routing_id.h"
 #include "mojo/public/cpp/bindings/receiver_set.h"
 #include "services/network/public/mojom/cross_origin_opener_policy.mojom.h"
+#include "services/network/public/mojom/source_location.mojom-forward.h"
 #include "url/gurl.h"
 
 namespace content {
@@ -45,8 +46,10 @@ class CONTENT_EXPORT CrossOriginOpenerPolicyReporter final
   void QueueOpenerBreakageReport(const GURL& other_url,
                                  bool is_reported_from_document,
                                  bool is_report_only) final;
-  void QueueAccessReport(network::mojom::CoopAccessReportType report_type,
-                         const std::string& property) final;
+  void QueueAccessReport(
+      network::mojom::CoopAccessReportType report_type,
+      const std::string& property,
+      network::mojom::SourceLocationPtr source_location) final;
 
   // Returns the "previous" URL that is safe to expose.
   // Reference, "Next document URL for reporting" section:

services/network/public/mojom/cross_origin_opener_policy.mojom

@@ -6,6 +6,7 @@ module network.mojom;
 
 import "url/mojom/url.mojom";
 import "mojo/public/mojom/base/unguessable_token.mojom";
+import "services/network/public/mojom/source_location.mojom";
 
 enum CoopAccessReportType {
   kReportAccessFrom, // The reports are sent to the 'accessing window'.
@@ -32,7 +33,9 @@ interface CrossOriginOpenerPolicyReporter {
   // When two browsing contexts from different virtual browsing context groups
   // tries to access each other, a report it sent.
   // - |property| is the name of the access property (postMessage, open, ...).
-  QueueAccessReport(CoopAccessReportType report_type, string property);
+  // - |source_location| represents the line of code that triggered the access.
+  QueueAccessReport(CoopAccessReportType report_type, string property,
+                    SourceLocation source_location);
 
   // Connects a new pipe to this instance.
   Clone(pending_receiver<CrossOriginOpenerPolicyReporter> receiver);

third_party/blink/renderer/core/frame/dom_window.cc

@@ -473,10 +473,18 @@ void DOMWindow::ReportCoopAccess(v8::Isolate* isolate,
       continue;
     }
 
-    // TODO(arthursonzogni): Capture and send the SourceLocation.
     // TODO(arthursonzogni): Send the blocked-window-url.
 
-    it->reporter->QueueAccessReport(it->report_type, property_name);
+    auto location = SourceLocation::Capture(
+        ExecutionContext::From(isolate->GetCurrentContext()));
+    // TODO(arthursonzogni): Once implemented, use the SourceLocation typemape
+    // https://chromium-review.googlesource.com/c/chromium/src/+/2041657
+    auto source_location = network::mojom::blink::SourceLocation::New(
+        location->Url() ? location->Url() : "", location->LineNumber(),
+        location->ColumnNumber());
+
+    it->reporter->QueueAccessReport(it->report_type, property_name,
+                                    std::move(source_location));
 
     // TODO(arthursonzogni): In the access-from-coop case, dispatch a
     // reportingObserver event.

third_party/blink/web_tests/external/wpt/html/cross-origin-opener-policy/reporting/access-reporting/opener-accessed_openee-coop-ro.https-expected.txt

-This is a testharness.js-based test.
-FAIL Openee (COOP-RO+COEP) accesses opener. Report to openee promise_test: Unhandled rejection with value: object "TypeError: Cannot read property 'includes' of undefined"
-Harness: the test ran to completion.
-