Network Service: Add x-frame-options headers support for network service

This CL adds x-frame-options headers support for network service. It is similar to what ChromeResourceDispatcherHostDelegate::OnResponseStarted() does which is for the case when network service is not enabled. Bug: 852877 Cq-Include-Trybots: luci.chromium.try:linux_mojo Change-Id: I0a66d6c4f8e91ee05baa00e918480653653b635b Reviewed-on: https://chromium-review.googlesource.com/1157524Reviewed-by: John Abd-El-Malek <jam@chromium.org> Reviewed-by: Matt Menke <mmenke@chromium.org> Commit-Queue: Jun Cai <juncai@chromium.org> Cr-Commit-Position: refs/heads/master@{#581975}

Network Service: Add x-frame-options headers support for network service
This CL adds x-frame-options headers support for network service. It is similar to what ChromeResourceDispatcherHostDelegate::OnResponseStarted() does which is for the case when network service is not enabled. Bug: 852877 Cq-Include-Trybots: luci.chromium.try:linux_mojo Change-Id: I0a66d6c4f8e91ee05baa00e918480653653b635b Reviewed-on: https://chromium-review.googlesource.com/1157524Reviewed-by: John Abd-El-Malek <jam@chromium.org> Reviewed-by: Matt Menke <mmenke@chromium.org> Commit-Queue: Jun Cai <juncai@chromium.org> Cr-Commit-Position: refs/heads/master@{#581975}
2eca8161 · Jun Cai · Commit Bot · 139bf442 · 2eca8161 · 2eca8161
Commit 2eca8161 authored Aug 10, 2018 by Jun Cai Committed by Commit Bot Aug 10, 2018
23 changed files
--- a/chrome/browser/plugins/plugin_response_interceptor_url_loader_throttle.cc
+++ b/chrome/browser/plugins/plugin_response_interceptor_url_loader_throttle.cc
@@ -28,15 +28,16 @@ PluginResponseInterceptorURLLoaderThrottle::

 void PluginResponseInterceptorURLLoaderThrottle::WillProcessResponse(
    const GURL& response_url,
-    const network::ResourceResponseHead& response_head,
+    network::ResourceResponseHead* response_head,
    bool* defer) {
-  if (content::download_utils::MustDownload(
-          response_url, response_head.headers.get(), response_head.mime_type)) {
+  if (content::download_utils::MustDownload(response_url,
+                                            response_head->headers.get(),
+                                            response_head->mime_type)) {
    return;
  }

  std::string extension_id = PluginUtils::GetExtensionIdForMimeType(
-      resource_context_, response_head.mime_type);
+      resource_context_, response_head->mime_type);
  if (extension_id.empty())
    return;

@@ -68,7 +69,7 @@ void PluginResponseInterceptorURLLoaderThrottle::WillProcessResponse(

  // Make a deep copy of ResourceResponseHead before passing it cross-thread.
  auto resource_response = base::MakeRefCounted<network::ResourceResponse>();
-  resource_response->head = response_head;
+  resource_response->head = *response_head;
  auto deep_copied_response = resource_response->DeepCopy();

  auto transferrable_loader = content::mojom::TransferrableURLLoader::New();
@@ -79,7 +80,7 @@ void PluginResponseInterceptorURLLoaderThrottle::WillProcessResponse(
  transferrable_loader->url_loader_client = std::move(original_client);
  transferrable_loader->head = std::move(deep_copied_response->head);

-  int64_t expected_content_size = response_head.content_length;
+  int64_t expected_content_size = response_head->content_length;
  bool embedded = resource_type_ != content::RESOURCE_TYPE_MAIN_FRAME;
  content::BrowserThread::PostTask(
      content::BrowserThread::UI, FROM_HERE,

--- a/chrome/browser/plugins/plugin_response_interceptor_url_loader_throttle.h
+++ b/chrome/browser/plugins/plugin_response_interceptor_url_loader_throttle.h
@@ -34,7 +34,7 @@ class PluginResponseInterceptorURLLoaderThrottle
 private:
  // content::URLLoaderThrottle overrides;
  void WillProcessResponse(const GURL& response_url,
-                           const network::ResourceResponseHead& response_head,
+                           network::ResourceResponseHead* response_head,
                           bool* defer) override;

  content::ResourceContext* const resource_context_;

--- a/chrome/common/google_url_loader_throttle.cc
+++ b/chrome/common/google_url_loader_throttle.cc
@@ -7,6 +7,10 @@
 #include "chrome/common/net/safe_search_util.h"
 #include "components/variations/net/variations_http_headers.h"

+#if BUILDFLAG(ENABLE_EXTENSIONS)
+#include "extensions/common/extension_urls.h"
+#endif
+
 GoogleURLLoaderThrottle::GoogleURLLoaderThrottle(
    bool is_off_the_record,
    bool force_safe_search,
@@ -64,3 +68,23 @@ void GoogleURLLoaderThrottle::WillRedirectRequest(
  if (!variations::ShouldAppendVariationHeaders(redirect_info.new_url))
    to_be_removed_headers->push_back(variations::kClientDataHeader);
 }
+
+#if BUILDFLAG(ENABLE_EXTENSIONS)
+void GoogleURLLoaderThrottle::WillProcessResponse(
+    const GURL& response_url,
+    network::ResourceResponseHead* response_head,
+    bool* defer) {
+  // Built-in additional protection for the chrome web store origin.
+  GURL webstore_url(extension_urls::GetWebstoreLaunchURL());
+  if (response_url.SchemeIsHTTPOrHTTPS() &&
+      response_url.DomainIs(webstore_url.host_piece())) {
+    if (response_head && response_head->headers &&
+        !response_head->headers->HasHeaderValue("x-frame-options", "deny") &&
+        !response_head->headers->HasHeaderValue("x-frame-options",
+                                                "sameorigin")) {
+      response_head->headers->RemoveHeader("x-frame-options");
+      response_head->headers->AddHeader("x-frame-options: sameorigin");
+    }
+  }
+}
+#endif
--- a/chrome/common/google_url_loader_throttle.h
+++ b/chrome/common/google_url_loader_throttle.h
@@ -6,6 +6,7 @@
 #define CHROME_COMMON_GOOGLE_URL_LOADER_THROTTLE_H_

 #include "content/public/common/url_loader_throttle.h"
+#include "extensions/buildflags/buildflags.h"

 // This class changes requests for Google-specific features (e.g. adding &
 // removing Varitaions headers, Safe Search & Restricted YouTube & restricting
@@ -31,6 +32,11 @@ class GoogleURLLoaderThrottle
      const network::ResourceResponseHead& response_head,
      bool* defer,
      std::vector<std::string>* to_be_removed_headers) override;
+#if BUILDFLAG(ENABLE_EXTENSIONS)
+  void WillProcessResponse(const GURL& response_url,
+                           network::ResourceResponseHead* response_head,
+                           bool* defer) override;
+#endif

  bool is_off_the_record_;
  bool force_safe_search_;

--- a/chrome/common/prerender_url_loader_throttle.cc
+++ b/chrome/common/prerender_url_loader_throttle.cc
@@ -182,7 +182,7 @@ void PrerenderURLLoaderThrottle::WillRedirectRequest(

 void PrerenderURLLoaderThrottle::WillProcessResponse(
    const GURL& response_url,
-    const network::ResourceResponseHead& response_head,
+    network::ResourceResponseHead* response_head,
    bool* defer) {
  if (mode_ != PREFETCH_ONLY)
    return;
@@ -190,7 +190,7 @@ void PrerenderURLLoaderThrottle::WillProcessResponse(
  bool is_main_resource = content::IsResourceTypeFrame(resource_type_);
  RecordPrefetchResponseReceived(histogram_prefix_, is_main_resource,
                                 true /* is_redirect */,
-                                 IsNoStoreResponse(response_head));
+                                 IsNoStoreResponse(*response_head));
  RecordPrefetchRedirectCount(histogram_prefix_, is_main_resource,
                              redirect_count_);
 }

--- a/chrome/common/prerender_url_loader_throttle.h
+++ b/chrome/common/prerender_url_loader_throttle.h
@@ -52,7 +52,7 @@ class PrerenderURLLoaderThrottle
      bool* defer,
      std::vector<std::string>* to_be_removed_headers) override;
  void WillProcessResponse(const GURL& response_url,
-                           const network::ResourceResponseHead& response_head,
+                           network::ResourceResponseHead* response_head,
                           bool* defer) override;

  void OnTimedOut();

--- a/components/safe_browsing/browser/base_parallel_resource_throttle.cc
+++ b/components/safe_browsing/browser/base_parallel_resource_throttle.cc
@@ -157,8 +157,9 @@ void BaseParallelResourceThrottle::WillProcessResponse(bool* defer) {
    return;
  }

+  network::ResourceResponseHead response_head;
  url_loader_throttle_holder_->throttle()->WillProcessResponse(
-      GURL(), network::ResourceResponseHead(), defer);
+      GURL(), &response_head, defer);
  if (!*defer)
    throttle_in_band_ = false;
 }

--- a/components/safe_browsing/browser/browser_url_loader_throttle.cc
+++ b/components/safe_browsing/browser/browser_url_loader_throttle.cc
@@ -88,7 +88,7 @@ void BrowserURLLoaderThrottle::WillRedirectRequest(

 void BrowserURLLoaderThrottle::WillProcessResponse(
    const GURL& response_url,
-    const network::ResourceResponseHead& response_head,
+    network::ResourceResponseHead* response_head,
    bool* defer) {
  if (blocked_) {
    // OnCheckUrlResult() has set |blocked_| to true and called

--- a/components/safe_browsing/browser/browser_url_loader_throttle.h
+++ b/components/safe_browsing/browser/browser_url_loader_throttle.h
@@ -49,7 +49,7 @@ class BrowserURLLoaderThrottle : public content::URLLoaderThrottle {
      bool* defer,
      std::vector<std::string>* to_be_removed_headers) override;
  void WillProcessResponse(const GURL& response_url,
-                           const network::ResourceResponseHead& response_head,
+                           network::ResourceResponseHead* response_head,
                           bool* defer) override;

 private:

--- a/components/safe_browsing/renderer/renderer_url_loader_throttle.cc
+++ b/components/safe_browsing/renderer/renderer_url_loader_throttle.cc
@@ -92,7 +92,7 @@ void RendererURLLoaderThrottle::WillRedirectRequest(

 void RendererURLLoaderThrottle::WillProcessResponse(
    const GURL& response_url,
-    const network::ResourceResponseHead& response_head,
+    network::ResourceResponseHead* response_head,
    bool* defer) {
  // If |blocked_| is true, the resource load has been canceled and there
  // shouldn't be such a notification.

--- a/components/safe_browsing/renderer/renderer_url_loader_throttle.h
+++ b/components/safe_browsing/renderer/renderer_url_loader_throttle.h
@@ -40,7 +40,7 @@ class RendererURLLoaderThrottle : public content::URLLoaderThrottle,
      bool* defer,
      std::vector<std::string>* to_be_removed_headers) override;
  void WillProcessResponse(const GURL& response_url,
-                           const network::ResourceResponseHead& response_head,
+                           network::ResourceResponseHead* response_head,
                           bool* defer) override;

  // mojom::UrlCheckNotifier implementation.

--- a/content/browser/web_package/signed_exchange_cert_fetcher_unittest.cc
+++ b/content/browser/web_package/signed_exchange_cert_fetcher_unittest.cc
@@ -49,7 +49,7 @@ class DeferringURLLoaderThrottle final : public URLLoaderThrottle {
  }

  void WillProcessResponse(const GURL& response_url_,
-                           const network::ResourceResponseHead& response_head,
+                           network::ResourceResponseHead* response_head,
                           bool* defer) override {
    will_process_response_called_ = true;
    *defer = true;

--- a/content/common/mime_sniffing_throttle.cc
+++ b/content/common/mime_sniffing_throttle.cc
@@ -15,23 +15,23 @@ MimeSniffingThrottle::~MimeSniffingThrottle() = default;

 void MimeSniffingThrottle::WillProcessResponse(
    const GURL& response_url,
-    const network::ResourceResponseHead& response_head,
+    network::ResourceResponseHead* response_head,
    bool* defer) {
  // No need to do mime sniffing again.
-  if (response_head.did_mime_sniff)
+  if (response_head->did_mime_sniff)
    return;

  bool blocked_sniffing_mime = false;
  std::string content_type_options;
-  if (response_head.headers &&
-      response_head.headers->GetNormalizedHeader("x-content-type-options",
-                                                 &content_type_options)) {
+  if (response_head->headers &&
+      response_head->headers->GetNormalizedHeader("x-content-type-options",
+                                                  &content_type_options)) {
    blocked_sniffing_mime =
        base::LowerCaseEqualsASCII(content_type_options, "nosniff");
  }

  if (!blocked_sniffing_mime &&
-      net::ShouldSniffMimeType(response_url, response_head.mime_type)) {
+      net::ShouldSniffMimeType(response_url, response_head->mime_type)) {
    // Pause the response until the mime type becomes ready.
    *defer = true;

@@ -42,7 +42,7 @@ void MimeSniffingThrottle::WillProcessResponse(
    MimeSniffingURLLoader* mime_sniffing_loader;
    std::tie(new_loader, new_loader_request, mime_sniffing_loader) =
        MimeSniffingURLLoader::CreateLoader(weak_factory_.GetWeakPtr(),
-                                            response_url, response_head);
+                                            response_url, *response_head);
    delegate_->InterceptResponse(std::move(new_loader),
                                 std::move(new_loader_request), &source_loader,
                                 &source_client_request);

--- a/content/common/mime_sniffing_throttle.h
+++ b/content/common/mime_sniffing_throttle.h
@@ -20,7 +20,7 @@ class CONTENT_EXPORT MimeSniffingThrottle : public URLLoaderThrottle {

  // Implements URLLoaderThrottle.
  void WillProcessResponse(const GURL& response_url,
-                           const network::ResourceResponseHead& response_head,
+                           network::ResourceResponseHead* response_head,
                           bool* defer) override;

  // Called from MimeSniffingURLLoader once mime type is ready.

--- a/content/common/mime_sniffing_throttle_unittest.cc
+++ b/content/common/mime_sniffing_throttle_unittest.cc
@@ -196,7 +196,7 @@ TEST_F(MimeSniffingThrottleTest, NoMimeTypeWithSniffableScheme) {

  network::ResourceResponseHead response_head;
  bool defer = false;
-  throttle->WillProcessResponse(GURL("https://example.com"), response_head,
+  throttle->WillProcessResponse(GURL("https://example.com"), &response_head,
                                &defer);
  EXPECT_TRUE(defer);
  EXPECT_TRUE(delegate->is_intercepted());
@@ -210,7 +210,7 @@ TEST_F(MimeSniffingThrottleTest, SniffableMimeTypeWithSniffableScheme) {
  network::ResourceResponseHead response_head;
  response_head.mime_type = "text/plain";
  bool defer = false;
-  throttle->WillProcessResponse(GURL("https://example.com"), response_head,
+  throttle->WillProcessResponse(GURL("https://example.com"), &response_head,
                                &defer);
  EXPECT_TRUE(defer);
  EXPECT_TRUE(delegate->is_intercepted());
@@ -224,7 +224,7 @@ TEST_F(MimeSniffingThrottleTest, NotSniffableMimeTypeWithSniffableScheme) {
  network::ResourceResponseHead response_head;
  response_head.mime_type = "text/javascript";
  bool defer = false;
-  throttle->WillProcessResponse(GURL("https://example.com"), response_head,
+  throttle->WillProcessResponse(GURL("https://example.com"), &response_head,
                                &defer);
  EXPECT_FALSE(defer);
  EXPECT_FALSE(delegate->is_intercepted());
@@ -237,7 +237,7 @@ TEST_F(MimeSniffingThrottleTest, NoMimeTypeWithNotSniffableScheme) {

  network::ResourceResponseHead response_head;
  bool defer = false;
-  throttle->WillProcessResponse(GURL("wss://example.com"), response_head,
+  throttle->WillProcessResponse(GURL("wss://example.com"), &response_head,
                                &defer);
  EXPECT_FALSE(defer);
  EXPECT_FALSE(delegate->is_intercepted());
@@ -251,7 +251,7 @@ TEST_F(MimeSniffingThrottleTest, SniffableMimeTypeWithNotSniffableScheme) {
  network::ResourceResponseHead response_head;
  response_head.mime_type = "text/plain";
  bool defer = false;
-  throttle->WillProcessResponse(GURL("wss://example.com"), response_head,
+  throttle->WillProcessResponse(GURL("wss://example.com"), &response_head,
                                &defer);
  EXPECT_FALSE(defer);
  EXPECT_FALSE(delegate->is_intercepted());
@@ -265,7 +265,7 @@ TEST_F(MimeSniffingThrottleTest, NotSniffableMimeTypeWithNotSniffableScheme) {
  network::ResourceResponseHead response_head;
  response_head.mime_type = "text/javascript";
  bool defer = false;
-  throttle->WillProcessResponse(GURL("wss://example.com"), response_head,
+  throttle->WillProcessResponse(GURL("wss://example.com"), &response_head,
                                &defer);
  EXPECT_FALSE(defer);
  EXPECT_FALSE(delegate->is_intercepted());
@@ -280,7 +280,7 @@ TEST_F(MimeSniffingThrottleTest, SniffableButAlreadySniffed) {
  response_head.mime_type = "text/plain";
  response_head.did_mime_sniff = true;
  bool defer = false;
-  throttle->WillProcessResponse(GURL("https://example.com"), response_head,
+  throttle->WillProcessResponse(GURL("https://example.com"), &response_head,
                                &defer);
  EXPECT_FALSE(defer);
  EXPECT_FALSE(delegate->is_intercepted());
@@ -294,7 +294,7 @@ TEST_F(MimeSniffingThrottleTest, NoBody) {
  GURL response_url("https://example.com");
  network::ResourceResponseHead response_head;
  bool defer = false;
-  throttle->WillProcessResponse(response_url, response_head, &defer);
+  throttle->WillProcessResponse(response_url, &response_head, &defer);
  EXPECT_TRUE(defer);
  EXPECT_TRUE(delegate->is_intercepted());

@@ -317,7 +317,7 @@ TEST_F(MimeSniffingThrottleTest, Body_PlainText) {
  GURL response_url("https://example.com");
  network::ResourceResponseHead response_head;
  bool defer = false;
-  throttle->WillProcessResponse(response_url, response_head, &defer);
+  throttle->WillProcessResponse(response_url, &response_head, &defer);
  EXPECT_TRUE(defer);
  EXPECT_TRUE(delegate->is_intercepted());

@@ -340,7 +340,7 @@ TEST_F(MimeSniffingThrottleTest, Body_Docx) {
  GURL response_url("https://example.com/hogehoge.docx");
  network::ResourceResponseHead response_head;
  bool defer = false;
-  throttle->WillProcessResponse(response_url, response_head, &defer);
+  throttle->WillProcessResponse(response_url, &response_head, &defer);
  EXPECT_TRUE(defer);
  EXPECT_TRUE(delegate->is_intercepted());

@@ -363,7 +363,7 @@ TEST_F(MimeSniffingThrottleTest, Body_PNG) {
  GURL response_url("https://example.com/hogehoge.docx");
  network::ResourceResponseHead response_head;
  bool defer = false;
-  throttle->WillProcessResponse(response_url, response_head, &defer);
+  throttle->WillProcessResponse(response_url, &response_head, &defer);
  EXPECT_TRUE(defer);
  EXPECT_TRUE(delegate->is_intercepted());

@@ -386,7 +386,7 @@ TEST_F(MimeSniffingThrottleTest, Body_LongPlainText) {
  GURL response_url("https://example.com");
  network::ResourceResponseHead response_head;
  bool defer = false;
-  throttle->WillProcessResponse(response_url, response_head, &defer);
+  throttle->WillProcessResponse(response_url, &response_head, &defer);
  EXPECT_TRUE(defer);
  EXPECT_TRUE(delegate->is_intercepted());

@@ -434,7 +434,7 @@ TEST_F(MimeSniffingThrottleTest, Abort_NoBodyPipe) {
  GURL response_url("https://example.com");
  network::ResourceResponseHead response_head;
  bool defer = false;
-  throttle->WillProcessResponse(response_url, response_head, &defer);
+  throttle->WillProcessResponse(response_url, &response_head, &defer);
  EXPECT_TRUE(defer);
  EXPECT_TRUE(delegate->is_intercepted());


--- a/content/common/throttling_url_loader.cc
+++ b/content/common/throttling_url_loader.cc
@@ -384,12 +384,13 @@ void ThrottlingURLLoader::OnReceiveResponse(
  DCHECK(!loader_completed_);
  DCHECK(deferring_throttles_.empty());

+  network::ResourceResponseHead response_head_copy = response_head;
  if (!throttles_.empty()) {
    bool deferred = false;
    for (auto& entry : throttles_) {
      auto* throttle = entry.throttle.get();
      bool throttle_deferred = false;
-      throttle->WillProcessResponse(response_url_, response_head,
+      throttle->WillProcessResponse(response_url_, &response_head_copy,
                                    &throttle_deferred);
      if (!HandleThrottleResult(throttle, throttle_deferred, &deferred))
        return;
@@ -397,13 +398,13 @@ void ThrottlingURLLoader::OnReceiveResponse(

    if (deferred) {
      deferred_stage_ = DEFERRED_RESPONSE;
-      response_info_ = std::make_unique<ResponseInfo>(response_head);
+      response_info_ = std::make_unique<ResponseInfo>(response_head_copy);
      client_binding_.PauseIncomingMethodCallProcessing();
      return;
    }
  }

-  forwarding_client_->OnReceiveResponse(response_head);
+  forwarding_client_->OnReceiveResponse(response_head_copy);
 }

 void ThrottlingURLLoader::OnReceiveRedirect(

--- a/content/common/throttling_url_loader_unittest.cc
+++ b/content/common/throttling_url_loader_unittest.cc
@@ -259,7 +259,7 @@ class TestURLLoaderThrottle : public URLLoaderThrottle {
  }

  void WillProcessResponse(const GURL& response_url,
-                           const network::ResourceResponseHead& response_head,
+                           network::ResourceResponseHead* response_head,
                           bool* defer) override {
    will_process_response_called_++;
    if (will_process_response_callback_)

--- a/content/public/common/url_loader_throttle.cc
+++ b/content/public/common/url_loader_throttle.cc
@@ -41,7 +41,7 @@ void URLLoaderThrottle::WillRedirectRequest(

 void URLLoaderThrottle::WillProcessResponse(
    const GURL& response_url,
-    const network::ResourceResponseHead& response_head,
+    network::ResourceResponseHead* response_head,
    bool* defer) {}

 URLLoaderThrottle::URLLoaderThrottle() {}

--- a/content/public/common/url_loader_throttle.h
+++ b/content/public/common/url_loader_throttle.h
@@ -109,10 +109,9 @@ class CONTENT_EXPORT URLLoaderThrottle {

  // Called when the response headers and meta data are available.
  // TODO(776312): Migrate this URL to ResourceResponseHead.
-  virtual void WillProcessResponse(
-      const GURL& response_url,
-      const network::ResourceResponseHead& response_head,
-      bool* defer);
+  virtual void WillProcessResponse(const GURL& response_url,
+                                   network::ResourceResponseHead* response_head,
+                                   bool* defer);

  void set_delegate(Delegate* delegate) { delegate_ = delegate; }


--- a/extensions/renderer/extension_url_loader_throttle.cc
+++ b/extensions/renderer/extension_url_loader_throttle.cc
@@ -43,9 +43,9 @@ void ExtensionURLLoaderThrottle::WillRedirectRequest(

 void ExtensionURLLoaderThrottle::WillProcessResponse(
    const GURL& response_url,
-    const network::ResourceResponseHead& response_head,
+    network::ResourceResponseHead* response_head,
    bool* defer) {
-  manager_->WillProcessResponse(response_url, response_head);
+  manager_->WillProcessResponse(response_url, *response_head);
 }

 void ExtensionURLLoaderThrottle::DetachFromCurrentSequence() {}

--- a/extensions/renderer/extension_url_loader_throttle.h
+++ b/extensions/renderer/extension_url_loader_throttle.h
@@ -34,7 +34,7 @@ class ExtensionURLLoaderThrottle : public content::URLLoaderThrottle {
      bool* defer,
      std::vector<std::string>* to_be_removed_request_headers) override;
  void WillProcessResponse(const GURL& response_url,
-                           const network::ResourceResponseHead& response_head,
+                           network::ResourceResponseHead* response_head,
                           bool* defer) override;

 private:

--- a/extensions/renderer/guest_view/mime_handler_view/mime_handler_view_container.cc
+++ b/extensions/renderer/guest_view/mime_handler_view/mime_handler_view_container.cc
@@ -138,7 +138,7 @@ class MimeHandlerViewContainer::PluginResourceThrottle
 private:
  // content::URLLoaderThrottle overrides;
  void WillProcessResponse(const GURL& response_url,
-                           const network::ResourceResponseHead& response_head,
+                           network::ResourceResponseHead* response_head,
                           bool* defer) override {
    network::mojom::URLLoaderPtr dummy_new_loader;
    mojo::MakeRequest(&dummy_new_loader);
@@ -158,7 +158,7 @@ class MimeHandlerViewContainer::PluginResourceThrottle

    // Make a deep copy of ResourceResponseHead before passing it cross-thread.
    auto resource_response = base::MakeRefCounted<network::ResourceResponse>();
-    resource_response->head = response_head;
+    resource_response->head = *response_head;
    auto deep_copied_response = resource_response->DeepCopy();
    transferrable_loader->head = std::move(deep_copied_response->head);
    container_->SetEmbeddedLoader(std::move(transferrable_loader));

--- a/testing/buildbot/filters/mojo.fyi.network_browser_tests.filter
+++ b/testing/buildbot/filters/mojo.fyi.network_browser_tests.filter
@@ -231,11 +231,6 @@
 # about an origin.
 -ReportingBrowserTest.TestReportingHeadersProcessed

-# Add magic x-frame-options headers to web store requests
-# https://crbug.com/852877
-ExtensionWebstorePrivateApiTest.FrameErrorPageBlocked
-ExtensionWebstorePrivateApiTest.FrameWebstorePageBlocked
-
 # NOTE: if adding an exclusion for an existing failure (e.g. additional test for
 # feature X that is already not working), please add it beside the existing
 # failures. Otherwise please reach out to network-service-dev@.