Add Trust Tokens parameters to ResourceRequest.

This is the first of a series of two CLs expanding the Fetch API, when the runtime-enabled feature "TrustTokens" is enabled, to include a new experimental parameter `trustTokens` denoting a request to execute a Trust Tokens protocol step (https://github.com/wicg/trust-token-api) alongside the fetch at hand, by adding request headers and processing corresponding response headers. This is an experimental interface planned to be used in an origin trial. This CL implements the network service side of the data flow, by creating a Mojo struct representing the new Fetch parameter and adding a member of this type to ResourceRequest. The second, concurrent, CL (crrev.com/c/2036648) adds code to Blink to implement the JS binding and pass the data from the binding to the network::ResourceRequest field. Notes: - URLLoader will inspect requests' trust_token_params members and destinations, using these to make a decision about whether to execute Trust Tokens logic against the request. - The Mojo struct is "flat" (no pointer members) in order to be trivially copyable, since ResourceRequest requires this property of its members. serialization/deserialization of the mojom struct. Test: Expands URLRequestMojomTraits unit tests to test Bug: 1043118 Change-Id: Icc49ca2fe4a215330c8a9efdb36f4e050d41d05f Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2067803Reviewed-by: Robert Sesek <rsesek@chromium.org> Reviewed-by: Yutaka Hirano <yhirano@chromium.org> Commit-Queue: David Van Cleve <davidvc@chromium.org> Cr-Commit-Position: refs/heads/master@{#746043}

Add Trust Tokens parameters to ResourceRequest.
This is the first of a series of two CLs expanding the Fetch API, when the runtime-enabled feature "TrustTokens" is enabled, to include a new experimental parameter `trustTokens` denoting a request to execute a Trust Tokens protocol step (https://github.com/wicg/trust-token-api) alongside the fetch at hand, by adding request headers and processing corresponding response headers. This is an experimental interface planned to be used in an origin trial. This CL implements the network service side of the data flow, by creating a Mojo struct representing the new Fetch parameter and adding a member of this type to ResourceRequest. The second, concurrent, CL (crrev.com/c/2036648) adds code to Blink to implement the JS binding and pass the data from the binding to the network::ResourceRequest field. Notes: - URLLoader will inspect requests' trust_token_params members and destinations, using these to make a decision about whether to execute Trust Tokens logic against the request. - The Mojo struct is "flat" (no pointer members) in order to be trivially copyable, since ResourceRequest requires this property of its members. serialization/deserialization of the mojom struct. Test: Expands URLRequestMojomTraits unit tests to test Bug: 1043118 Change-Id: Icc49ca2fe4a215330c8a9efdb36f4e050d41d05f Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2067803Reviewed-by: Robert Sesek <rsesek@chromium.org> Reviewed-by: Yutaka Hirano <yhirano@chromium.org> Commit-Queue: David Van Cleve <davidvc@chromium.org> Cr-Commit-Position: refs/heads/master@{#746043}
37b80e37 · David Van Cleve · Commit Bot · 735b470f · 37b80e37 · 37b80e37
Commit 37b80e37 authored Mar 02, 2020 by David Van Cleve Committed by Commit Bot Mar 02, 2020
12 changed files
--- a/services/network/public/cpp/BUILD.gn
+++ b/services/network/public/cpp/BUILD.gn
@@ -166,6 +166,8 @@ jumbo_component("cpp_base") {
    "network_ipc_param_traits.h",
    "network_isolation_key_mojom_traits.cc",
    "network_isolation_key_mojom_traits.h",
+    "optional_trust_token_params.cc",
+    "optional_trust_token_params.h",
    "origin_policy.cc",
    "origin_policy.h",
    "p2p_param_traits.cc",
@@ -202,6 +204,7 @@ jumbo_component("cpp_base") {
    ":ip_address_mojom_support",
    "//services/network/public/mojom:data_pipe_interfaces",
    "//services/network/public/mojom:mutable_network_traffic_annotation_interface",
+    "//services/network/public/mojom:trust_tokens_interface",
    "//url/ipc:url_ipc",
    "//url/mojom:url_mojom_gurl",
    "//url/mojom:url_mojom_origin",
@@ -253,6 +256,7 @@ source_set("tests") {
    "network_isolation_key_mojom_traits_unittest.cc",
    "network_mojom_traits_unittest.cc",
    "network_quality_tracker_unittest.cc",
+    "optional_trust_token_params_unittest.cc",
    "proxy_config_mojom_traits_unittest.cc",
    "simple_url_loader_unittest.cc",
    "site_for_cookies_mojom_traits_unittest.cc",

--- a/services/network/public/cpp/optional_trust_token_params.cc
+++ b/services/network/public/cpp/optional_trust_token_params.cc
+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+#include "services/network/public/cpp/optional_trust_token_params.h"
+namespace network {
+OptionalTrustTokenParams::OptionalTrustTokenParams() = default;
+OptionalTrustTokenParams::OptionalTrustTokenParams(base::nullopt_t) {}
+OptionalTrustTokenParams::OptionalTrustTokenParams(
+    mojom::TrustTokenParamsPtr ptr)
+    : ptr_(std::move(ptr)) {}
+OptionalTrustTokenParams::OptionalTrustTokenParams(
+    const mojom::TrustTokenParams& params)
+    : ptr_(params.Clone()) {}
+OptionalTrustTokenParams::OptionalTrustTokenParams(
+    const OptionalTrustTokenParams& other) {
+  ptr_ = other.as_ptr().Clone();
+}
+OptionalTrustTokenParams& OptionalTrustTokenParams::operator=(
+    const OptionalTrustTokenParams& other) {
+  ptr_ = other.as_ptr().Clone();
+  return *this;
+}
+OptionalTrustTokenParams::OptionalTrustTokenParams(
+    OptionalTrustTokenParams&& other) = default;
+OptionalTrustTokenParams& OptionalTrustTokenParams::operator=(
+    OptionalTrustTokenParams&& other) = default;
+OptionalTrustTokenParams::~OptionalTrustTokenParams() = default;
+bool OptionalTrustTokenParams::operator==(
+    const OptionalTrustTokenParams& other) const {
+  return mojo::Equals(ptr_, other.ptr_);
+}
+}  // namespace network
--- a/services/network/public/cpp/optional_trust_token_params.h
+++ b/services/network/public/cpp/optional_trust_token_params.h
+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+#ifndef SERVICES_NETWORK_PUBLIC_CPP_OPTIONAL_TRUST_TOKEN_PARAMS_H_
+#define SERVICES_NETWORK_PUBLIC_CPP_OPTIONAL_TRUST_TOKEN_PARAMS_H_
+#include "base/component_export.h"
+#include "base/optional.h"
+#include "services/network/public/mojom/trust_tokens.mojom.h"
+namespace network {
+// This class exists to wrap mojom::TrustTokenParamsPtr for use as a field in
+// network::ResourceRequest.
+//
+// Motivation:
+// 1. network::ResourceRequest has a requirement that all of
+// network::ResourceRequest's members be trivially copyable;
+// 2. Mojo struct pointers aren't, by default, trivially copyable;
+// 3. Mojo only knows, from its generated code, how to serialize and deserialize
+// struct pointers, not raw Mojo structs.
+//
+// One solution to this dilemma would be to manually define separate Mojo
+// StructTraits for the raw struct type (network::mojom::TrustTokenParams), but
+// this would add maintenance burden since it would require updating the traits
+// every time the structure's definition changes.
+//
+// Using this trivially-copyable wrapper class (where the copy constructor and
+// copy assignment operators use mojo::Clone) allows changing the format of the
+// Mojo struct without having to manually update the corresponding
+// serialization/deserialization code.
+class COMPONENT_EXPORT(NETWORK_CPP_BASE) OptionalTrustTokenParams {
+ public:
+  // The constructors Match base::Optional to the extent possible.
+  OptionalTrustTokenParams();
+  OptionalTrustTokenParams(base::nullopt_t);  // NOLINT
+  explicit OptionalTrustTokenParams(mojom::TrustTokenParamsPtr);
+  // Copy assignment uses mojo::Clone.
+  OptionalTrustTokenParams(const mojom::TrustTokenParams&);  // NOLINT
+  OptionalTrustTokenParams(const OptionalTrustTokenParams&);
+  OptionalTrustTokenParams& operator=(const OptionalTrustTokenParams&);
+  OptionalTrustTokenParams(OptionalTrustTokenParams&&);
+  OptionalTrustTokenParams& operator=(OptionalTrustTokenParams&&);
+  ~OptionalTrustTokenParams();
+  // This comparison operator wraps mojo::Equals.
+  bool operator==(const OptionalTrustTokenParams&) const;
+  bool operator!=(const OptionalTrustTokenParams& rhs) const {
+    return !(*this == rhs);
+  }
+  explicit operator bool() const { return has_value(); }
+  bool has_value() const { return !!ptr_; }
+  mojom::TrustTokenParams& value() {
+    CHECK(has_value());
+    return *ptr_;
+  }
+  const mojom::TrustTokenParams& value() const {
+    CHECK(has_value());
+    return *ptr_;
+  }
+  const mojom::TrustTokenParams* operator->() const {
+    CHECK(has_value());
+    return ptr_.get();
+  }
+  mojom::TrustTokenParams* operator->() {
+    CHECK(has_value());
+    return ptr_.get();
+  }
+  // |as_ptr| returns null if this object is empty.
+  const mojom::TrustTokenParamsPtr& as_ptr() const { return ptr_; }
+  mojom::TrustTokenParamsPtr& as_ptr() { return ptr_; }
+ private:
+  mojom::TrustTokenParamsPtr ptr_;
+};
+}  // namespace network
+#endif  // SERVICES_NETWORK_PUBLIC_CPP_OPTIONAL_TRUST_TOKEN_PARAMS_H_
--- a/services/network/public/cpp/optional_trust_token_params_unittest.cc
+++ b/services/network/public/cpp/optional_trust_token_params_unittest.cc
+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+#include "services/network/public/cpp/optional_trust_token_params.h"
+#include "base/optional.h"
+#include "base/test/gtest_util.h"
+#include "mojo/public/cpp/bindings/struct_traits.h"
+#include "mojo/public/cpp/test_support/test_utils.h"
+#include "services/network/public/mojom/trust_tokens.mojom-shared.h"
+#include "testing/gtest/include/gtest/gtest.h"
+#include "url/gurl.h"
+#include "url/mojom/origin_mojom_traits.h"
+#include "url/origin.h"
+namespace network {
+namespace {
+// For tests that require a populated OptionalTrustTokenParams, use this helper
+// to avoid needing to update several tests every time the format of
+// mojom::TrustTokenParams (and, consequently, the signature to its constructor)
+// changes.
+OptionalTrustTokenParams NonemptyTrustTokenParams() {
+  return mojom::TrustTokenParams(
+      mojom::TrustTokenOperationType::kRedemption,
+      mojom::TrustTokenRefreshPolicy::kRefresh,
+      mojom::TrustTokenSignRequestData::kInclude,
+      /*include_timestamp_header=*/true,
+      url::Origin::Create(GURL("https://issuer.com")),
+      std::vector<std::string>{"some_header", "another_header"});
+}
+}  // namespace
+TEST(OptionalTrustTokenParams, Empty) {
+  EXPECT_EQ(OptionalTrustTokenParams(), OptionalTrustTokenParams());
+  EXPECT_FALSE(OptionalTrustTokenParams().has_value());
+  EXPECT_FALSE(OptionalTrustTokenParams(base::nullopt).has_value());
+  EXPECT_EQ(OptionalTrustTokenParams(base::nullopt),
+            OptionalTrustTokenParams());
+  EXPECT_NE(OptionalTrustTokenParams(), NonemptyTrustTokenParams());
+}
+TEST(OptionalTrustTokenParams, CopyAndMove) {
+  {
+    OptionalTrustTokenParams in = NonemptyTrustTokenParams();
+    EXPECT_TRUE(in.has_value());
+    EXPECT_EQ(in, OptionalTrustTokenParams(in));
+    OptionalTrustTokenParams assigned = in;
+    EXPECT_EQ(in, assigned);
+    OptionalTrustTokenParams moved(std::move(assigned));
+    EXPECT_EQ(in, moved);
+    OptionalTrustTokenParams move_assigned = std::move(moved);
+    EXPECT_EQ(in, move_assigned);
+  }
+  {
+    const OptionalTrustTokenParams const_in = NonemptyTrustTokenParams();
+    EXPECT_TRUE(const_in.has_value());
+    EXPECT_EQ(const_in, OptionalTrustTokenParams(const_in));
+    const OptionalTrustTokenParams assigned = const_in;
+    EXPECT_EQ(const_in, assigned);
+    OptionalTrustTokenParams moved(std::move(assigned));
+    EXPECT_EQ(const_in, moved);
+    OptionalTrustTokenParams move_assigned = std::move(moved);
+    EXPECT_EQ(const_in, move_assigned);
+  }
+}
+TEST(OptionalTrustTokenParams, Dereference) {
+  OptionalTrustTokenParams in = NonemptyTrustTokenParams();
+  EXPECT_EQ(in->type, mojom::TrustTokenOperationType::kRedemption);
+  EXPECT_EQ(in.as_ptr()->type, mojom::TrustTokenOperationType::kRedemption);
+  EXPECT_EQ(in.value().type, mojom::TrustTokenOperationType::kRedemption);
+}
+TEST(OptionalTrustTokenParams, DereferenceEmpty) {
+  OptionalTrustTokenParams in = base::nullopt;
+  EXPECT_CHECK_DEATH(ignore_result(in->type));
+  EXPECT_CHECK_DEATH(ignore_result(in.value()));
+  EXPECT_EQ(in.as_ptr(), mojom::TrustTokenParamsPtr());
+}
+}  // namespace network
--- a/services/network/public/cpp/resource_request.cc
+++ b/services/network/public/cpp/resource_request.cc
@@ -78,7 +78,8 @@ bool ResourceRequest::EqualsForTesting(const ResourceRequest& request) const {
             request.is_signed_exchange_prefetch_cache_enabled &&
         obey_origin_policy == request.obey_origin_policy &&
         trusted_params == trusted_params &&
-         recursive_prefetch_token == request.recursive_prefetch_token;
+         recursive_prefetch_token == request.recursive_prefetch_token &&
+         trust_token_params == request.trust_token_params;
 }
 bool ResourceRequest::SendsCookies() const {

--- a/services/network/public/cpp/resource_request.h
+++ b/services/network/public/cpp/resource_request.h
@@ -17,10 +17,12 @@
 #include "net/cookies/site_for_cookies.h"
 #include "net/http/http_request_headers.h"
 #include "net/url_request/url_request.h"
+#include "services/network/public/cpp/optional_trust_token_params.h"
 #include "services/network/public/cpp/resource_request_body.h"
 #include "services/network/public/mojom/cors.mojom-shared.h"
 #include "services/network/public/mojom/fetch_api.mojom-shared.h"
 #include "services/network/public/mojom/referrer_policy.mojom-shared.h"
+#include "services/network/public/mojom/trust_tokens.mojom.h"
 #include "url/gurl.h"
 #include "url/origin.h"
@@ -112,6 +114,10 @@ struct COMPONENT_EXPORT(NETWORK_CPP_BASE) ResourceRequest {
  bool obey_origin_policy = false;
  base::Optional<base::UnguessableToken> recursive_prefetch_token;
  base::Optional<TrustedParams> trusted_params;
+  // |trust_token_params| uses a custom base::Optional-like type to make the
+  // field trivially copyable; see OptionalTrustTokenParams's definition for
+  // more context.
+  OptionalTrustTokenParams trust_token_params;
 };
 // This does not accept |kDefault| referrer policy.

--- a/services/network/public/cpp/url_request_mojom_traits.cc
+++ b/services/network/public/cpp/url_request_mojom_traits.cc
@@ -14,6 +14,7 @@
 #include "services/network/public/cpp/http_request_headers_mojom_traits.h"
 #include "services/network/public/cpp/network_ipc_param_traits.h"
 #include "services/network/public/cpp/resource_request_body.h"
+#include "services/network/public/mojom/trust_tokens.mojom.h"
 #include "services/network/public/mojom/url_loader.mojom-shared.h"
 #include "url/mojom/origin_mojom_traits.h"
 #include "url/mojom/url_gurl_mojom_traits.h"
@@ -190,7 +191,8 @@ bool StructTraits<
          &out->custom_proxy_post_cache_headers) ||
      !data.ReadFetchWindowId(&out->fetch_window_id) ||
      !data.ReadDevtoolsRequestId(&out->devtools_request_id) ||
-      !data.ReadRecursivePrefetchToken(&out->recursive_prefetch_token)) {
+      !data.ReadRecursivePrefetchToken(&out->recursive_prefetch_token) ||
+      !data.ReadTrustTokenParams(&out->trust_token_params.as_ptr())) {
    return false;
  }

--- a/services/network/public/cpp/url_request_mojom_traits.h
+++ b/services/network/public/cpp/url_request_mojom_traits.h
@@ -25,6 +25,7 @@
 #include "services/network/public/cpp/site_for_cookies_mojom_traits.h"
 #include "services/network/public/mojom/chunked_data_pipe_getter.mojom.h"
 #include "services/network/public/mojom/data_pipe_getter.mojom.h"
+#include "services/network/public/mojom/trust_tokens.mojom.h"
 #include "services/network/public/mojom/url_loader.mojom-shared.h"
 namespace mojo {
@@ -253,6 +254,10 @@ struct COMPONENT_EXPORT(NETWORK_CPP_BASE)
      const network::ResourceRequest& request) {
    return request.recursive_prefetch_token;
  }
+  static const network::mojom::TrustTokenParamsPtr& trust_token_params(
+      const network::ResourceRequest& request) {
+    return request.trust_token_params.as_ptr();
+  }
  static bool Read(network::mojom::URLRequestDataView data,
                   network::ResourceRequest* out);

--- a/services/network/public/cpp/url_request_mojom_traits_unittest.cc
+++ b/services/network/public/cpp/url_request_mojom_traits_unittest.cc
@@ -9,6 +9,7 @@
 #include "mojo/public/cpp/test_support/test_utils.h"
 #include "services/network/public/cpp/http_request_headers_mojom_traits.h"
 #include "services/network/public/cpp/network_ipc_param_traits.h"
+#include "services/network/public/cpp/optional_trust_token_params.h"
 #include "services/network/public/mojom/url_loader.mojom.h"
 #include "testing/gtest/include/gtest/gtest.h"
 #include "url/mojom/origin_mojom_traits.h"
@@ -98,6 +99,17 @@ TEST(URLRequestMojomTraitsTest, Roundtrips_ResourceRequest) {
      mojom::UpdateNetworkIsolationKeyOnRedirect::kUpdateTopFrameAndFrameOrigin;
  original.trusted_params->disable_secure_dns = true;
+  original.trust_token_params = network::mojom::TrustTokenParams();
+  original.trust_token_params->issuer =
+      url::Origin::Create(GURL("https://issuer.com"));
+  original.trust_token_params->type =
+      mojom::TrustTokenOperationType::kRedemption;
+  original.trust_token_params->include_timestamp_header = true;
+  original.trust_token_params->sign_request_data =
+      mojom::TrustTokenSignRequestData::kInclude;
+  original.trust_token_params->additional_signed_headers.push_back(
+      "some_header");
  network::ResourceRequest copied;
  EXPECT_TRUE(mojo::test::SerializeAndDeserialize<mojom::URLRequest>(&original,
                                                                     &copied));

--- a/services/network/public/mojom/BUILD.gn
+++ b/services/network/public/mojom/BUILD.gn
@@ -68,6 +68,20 @@ mojom("mutable_network_traffic_annotation_interface") {
  ]
 }
+# These interfaces are put in their own target to avoid a circular dependency,
+# which comes from the fact that the typemap for url_loader.mojom
+# (ResourceRequestBody) uses these interfaces.
+mojom("trust_tokens_interface") {
+  generate_java = true
+  sources = [ "trust_tokens.mojom" ]
+  public_deps = [ "//url/mojom:url_mojom_origin" ]
+  if (!is_ios) {
+    export_class_attribute_blink = "BLINK_PLATFORM_EXPORT"
+    export_define_blink = "BLINK_PLATFORM_IMPLEMENTATION=1"
+    export_header_blink = "third_party/blink/public/platform/web_common.h"
+  }
+}
 # This target is split from "mojom" target as the lazy serialization may
 # cause problems. See https://crbug.com/822732.
 mojom("websocket_mojom") {
@@ -145,6 +159,7 @@ mojom("mojom") {
    ":mojom_ip_address",
    ":mojom_network_isolation_key",
    ":mutable_network_traffic_annotation_interface",
+    ":trust_tokens_interface",
    ":websocket_mojom",
    "//components/content_settings/core/common:mojo_bindings",
    "//mojo/public/mojom/base",

--- a/services/network/public/mojom/trust_tokens.mojom
+++ b/services/network/public/mojom/trust_tokens.mojom
+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+module network.mojom;
+import "url/mojom/origin.mojom";
+// Trust Tokens operation parameterization
+//
+// This file specifies Mojo objects related to Trust Tokens protocol operations
+// (https://github.com/wicg/trust-token-api). The operations generally involve
+// checking stored state, attaching a request header, and processing a
+// corresponding response header. Operation parameters are provided via Fetch
+// and other Web Platform APIs.
+enum TrustTokenOperationType {
+  // In "issuance," clients send locally-generated blinded tokens and receive
+  // tokens signed by an issuing server.
+  kIssuance,
+  // In "redemption", clients exchange single-use server-signed tokens for
+  // multi-use Signed Redemption Records.
+  kRedemption,
+  // The "signing" operation involves attaching Signed Redemption Records to
+  // outgoing requests, and potentially signing the requests with a key bound to
+  // the attached SRR, to represent trust from the issuer.
+  kSigning,
+};
+// TrustTokenRefreshPolicy specifies, during redemption, whether to respect or
+// ignore cached Signed Redemption Records.
+enum TrustTokenRefreshPolicy {
+  // If there's a valid SRR already stored, return early and don't attempt to
+  // redeem a token for a new SRR.
+  kUseCached,
+  // Even there's a valid SRR already stored, attempt to redeem a token for a
+  // new SRR, overwriting the stored SRR.
+  kRefresh,
+};
+// TrustTokenSignRequestData specifies how to construct a request signature (or
+// none) during the "signed redemption record attachment and request signing"
+// protocol step.
+enum TrustTokenSignRequestData {
+  // Just attach a Signed Redemption Record (SRR), not an additional signature
+  // over request data.
+  kOmit,
+  // In addition to an SRR, attach a signature over a canonical request data
+  // structure comprising  a collection of request headers and some additional
+  // metadata (see the explainer).
+  kHeadersOnly,
+  // In addition to an SRR, attach a signature over a canonical request data
+  // structure comprising a collection of request headers, some additional
+  // contents of the request, and some additional metadata (see the explainer).
+  kInclude,
+};
+// Struct TrustTokenParams specifies a requested Trust Tokens protocol
+// operation.
+struct TrustTokenParams {
+  // Required.
+  TrustTokenOperationType type;
+  // Required exactly when "type" is "kRedemption"; specifies whether the
+  // caller wishes to use a cached Signed Redemption Record (SRR) if available
+  // or redeem a new token, evicting the SRR currently stored.
+  TrustTokenRefreshPolicy refresh_policy = kUseCached;
+  // "sign_request_data", "include_timestamp_header", "issuer", and
+  // "additional_signed_headers" are used only when "type" is "kSigning":
+  // these parameters specify the manner in which the outgoing request should
+  // be signed.
+  TrustTokenSignRequestData sign_request_data = kOmit;
+  bool include_timestamp_header = false;
+  url.mojom.Origin? issuer;
+  array<string> additional_signed_headers;
+};
--- a/services/network/public/mojom/url_loader.mojom
+++ b/services/network/public/mojom/url_loader.mojom
@@ -17,6 +17,7 @@ import "services/network/public/mojom/http_request_headers.mojom";
 import "services/network/public/mojom/network_isolation_key.mojom";
 import "services/network/public/mojom/network_param.mojom";
 import "services/network/public/mojom/site_for_cookies.mojom";
+import "services/network/public/mojom/trust_tokens.mojom";
 import "services/network/public/mojom/url_response_head.mojom";
 import "url/mojom/origin.mojom";
 import "url/mojom/url.mojom";
@@ -396,6 +397,11 @@ struct URLRequest {
  // response headers. For more information on these requests see
  // https://github.com/w3c/resource-hints/issues/77.
  mojo_base.mojom.UnguessableToken? recursive_prefetch_token;
+  // Set when Trust Tokens (https://github.com/wicg/trust-token-api) is enabled
+  // and the request has set the trustToken Fetch parameter, denoting that it
+  // wishes to execute a Trust Tokens protocol operation.
+  TrustTokenParams? trust_token_params;
 };
 // URLRequestBody represents body (i.e. upload data) of a HTTP request.