Sec-Metadata: Strings are quoted in structured headers.

So this patch adds quotes. See https://tools.ietf.org/html/draft-ietf-httpbis-header-structure-06#section-3.7 and https://github.com/mikewest/sec-metadata/commit/98f7c1253e8dd8a0e1606c2f443772b0c9d562b4. Bug: 843478 Change-Id: I29dfa3a87e3c65a1b64009e173faa6d0f41b40f4 Reviewed-on: https://chromium-review.googlesource.com/1109819 Commit-Queue: Mike West <mkwst@chromium.org> Reviewed-by: Camille Lamy <clamy@chromium.org> Reviewed-by: Andy Paicu <andypaicu@chromium.org> Cr-Commit-Position: refs/heads/master@{#569554}

Sec-Metadata: Strings are quoted in structured headers.
So this patch adds quotes. See https://tools.ietf.org/html/draft-ietf-httpbis-header-structure-06#section-3.7 and https://github.com/mikewest/sec-metadata/commit/98f7c1253e8dd8a0e1606c2f443772b0c9d562b4. Bug: 843478 Change-Id: I29dfa3a87e3c65a1b64009e173faa6d0f41b40f4 Reviewed-on: https://chromium-review.googlesource.com/1109819 Commit-Queue: Mike West <mkwst@chromium.org> Reviewed-by: Camille Lamy <clamy@chromium.org> Reviewed-by: Andy Paicu <andypaicu@chromium.org> Cr-Commit-Position: refs/heads/master@{#569554}
3d33f9c5 · Mike West · Commit Bot · 7928d736 · 3d33f9c5 · 3d33f9c5
Commit 3d33f9c5 authored Jun 22, 2018 by Mike West Committed by Commit Bot Jun 22, 2018
20 changed files
--- a/content/browser/frame_host/navigation_request.cc
+++ b/content/browser/frame_host/navigation_request.cc
@@ -207,7 +207,7 @@ void AddAdditionalRequestHeaders(
      }
    }
    std::string value = base::StringPrintf(
-        "cause=%s, destination=document, target=%s, site=%s",
+        "cause=\"%s\", destination=\"document\", target=\"%s\", site=\"%s\"",
        has_user_gesture ? "user-activated" : "forced",
        frame_tree_node->IsMainFrame() ? "top-level" : "nested",
        site_value.c_str());

--- a/third_party/WebKit/LayoutTests/external/wpt/fetch/sec-metadata/fetch.tentative.https.sub.html
+++ b/third_party/WebKit/LayoutTests/external/wpt/fetch/sec-metadata/fetch.tentative.https.sub.html
@@ -9,7 +9,7 @@
        .then(j => {
          assert_header_equals(j.header, {
            "cause": undefined,
-            "destination": "\"\"",
+            "destination": "",
            "target": "subresource",
            "site": "same-origin"
          });
@@ -22,7 +22,7 @@
        .then(j => {
          assert_header_equals(j.header, {
            "cause": undefined,
-            "destination": "\"\"",
+            "destination": "",
            "target": "subresource",
            "site": "same-site"
          });
@@ -35,7 +35,7 @@
        .then(j => {
          assert_header_equals(j.header, {
            "cause": undefined,
-            "destination": "\"\"",
+            "destination": "",
            "target": "subresource",
            "site": "cross-site"
          });

--- a/third_party/WebKit/LayoutTests/external/wpt/fetch/sec-metadata/resources/helper.js
+++ b/third_party/WebKit/LayoutTests/external/wpt/fetch/sec-metadata/resources/helper.js
@@ -2,6 +2,7 @@ function parse_metadata(value) {
  let result = {};
  value.split(',').forEach(item => {
    let parsed = item.trim().split('=');
+    parsed[1] = parsed[1].trim().replace(/^"|"$/g, '');
    result[parsed[0]] = parsed[1];
  });
  return result;

--- a/third_party/WebKit/LayoutTests/http/tests/navigation/form-targets-cross-site-frame-get-expected.txt
+++ b/third_party/WebKit/LayoutTests/http/tests/navigation/form-targets-cross-site-frame-get-expected.txt
@@ -14,5 +14,5 @@ Http headers:
 HTTP_CONNECTION = keep-alive
 HTTP_HOST = localhost:8080
 HTTP_REFERER = http://127.0.0.1:8000/navigation/form-targets-cross-site-frame-get.html
-HTTP_SEC_METADATA = cause=forced, destination=document, target=nested, site=cross-site
+HTTP_SEC_METADATA = cause="forced", destination="document", target="nested", site="cross-site"
 HTTP_UPGRADE_INSECURE_REQUESTS = 1
--- a/third_party/WebKit/LayoutTests/http/tests/navigation/form-targets-cross-site-frame-no-referrer-expected.txt
+++ b/third_party/WebKit/LayoutTests/http/tests/navigation/form-targets-cross-site-frame-no-referrer-expected.txt
@@ -15,5 +15,5 @@ HTTP_CACHE_CONTROL = max-age=0
 HTTP_CONNECTION = keep-alive
 HTTP_HOST = localhost:8080
 HTTP_ORIGIN = null
-HTTP_SEC_METADATA = cause=forced, destination=document, target=nested, site=cross-site
+HTTP_SEC_METADATA = cause="forced", destination="document", target="nested", site="cross-site"
 HTTP_UPGRADE_INSECURE_REQUESTS = 1
--- a/third_party/WebKit/LayoutTests/http/tests/navigation/form-targets-cross-site-frame-post-expected.txt
+++ b/third_party/WebKit/LayoutTests/http/tests/navigation/form-targets-cross-site-frame-post-expected.txt
@@ -16,5 +16,5 @@ HTTP_CONNECTION = keep-alive
 HTTP_HOST = localhost:8080
 HTTP_ORIGIN = http://127.0.0.1:8000
 HTTP_REFERER = http://127.0.0.1:8000/navigation/form-targets-cross-site-frame-post.html
-HTTP_SEC_METADATA = cause=forced, destination=document, target=nested, site=cross-site
+HTTP_SEC_METADATA = cause="forced", destination="document", target="nested", site="cross-site"
 HTTP_UPGRADE_INSECURE_REQUESTS = 1
--- a/third_party/WebKit/LayoutTests/http/tests/navigation/form-with-enctype-targets-cross-site-frame-expected.txt
+++ b/third_party/WebKit/LayoutTests/http/tests/navigation/form-with-enctype-targets-cross-site-frame-expected.txt
@@ -16,5 +16,5 @@ HTTP_CONNECTION = keep-alive
 HTTP_HOST = localhost:8080
 HTTP_ORIGIN = http://127.0.0.1:8000
 HTTP_REFERER = http://127.0.0.1:8000/navigation/form-with-enctype-targets-cross-site-frame.html
-HTTP_SEC_METADATA = cause=forced, destination=document, target=nested, site=cross-site
+HTTP_SEC_METADATA = cause="forced", destination="document", target="nested", site="cross-site"
 HTTP_UPGRADE_INSECURE_REQUESTS = 1
--- a/third_party/WebKit/LayoutTests/http/tests/navigation/post-basic-expected.txt
+++ b/third_party/WebKit/LayoutTests/http/tests/navigation/post-basic-expected.txt
@@ -11,7 +11,7 @@ HTTP_CONNECTION = keep-alive
 HTTP_HOST = 127.0.0.1:8000
 HTTP_ORIGIN = http://127.0.0.1:8000
 HTTP_REFERER = http://127.0.0.1:8000/navigation/resources/page-that-posts.html
-HTTP_SEC_METADATA = cause=forced, destination=document, target=top-level, site=same-origin
+HTTP_SEC_METADATA = cause="forced", destination="document", target="top-level", site="same-origin"
 HTTP_UPGRADE_INSECURE_REQUESTS = 1
 ============== Back Forward List ==============

--- a/third_party/WebKit/LayoutTests/http/tests/navigation/post-frames-expected.txt
+++ b/third_party/WebKit/LayoutTests/http/tests/navigation/post-frames-expected.txt
@@ -18,7 +18,7 @@ HTTP_CONNECTION = keep-alive
 HTTP_HOST = 127.0.0.1:8000
 HTTP_ORIGIN = http://127.0.0.1:8000
 HTTP_REFERER = http://127.0.0.1:8000/navigation/resources/page-that-posts.html
-HTTP_SEC_METADATA = cause=forced, destination=document, target=nested, site=same-origin
+HTTP_SEC_METADATA = cause="forced", destination="document", target="nested", site="same-origin"
 HTTP_UPGRADE_INSECURE_REQUESTS = 1
 ============== Back Forward List ==============

--- a/third_party/WebKit/LayoutTests/http/tests/navigation/post-frames-goback1-expected.txt
+++ b/third_party/WebKit/LayoutTests/http/tests/navigation/post-frames-goback1-expected.txt
@@ -18,7 +18,7 @@ HTTP_CONNECTION = keep-alive
 HTTP_HOST = 127.0.0.1:8000
 HTTP_ORIGIN = http://127.0.0.1:8000
 HTTP_REFERER = http://127.0.0.1:8000/navigation/post-frames-goback1.html
-HTTP_SEC_METADATA = cause=forced, destination=document, target=nested, site=same-origin
+HTTP_SEC_METADATA = cause="forced", destination="document", target="nested", site="same-origin"
 HTTP_UPGRADE_INSECURE_REQUESTS = 1
 ============== Back Forward List ==============

--- a/third_party/WebKit/LayoutTests/http/tests/navigation/post-goback1-expected.txt
+++ b/third_party/WebKit/LayoutTests/http/tests/navigation/post-goback1-expected.txt
@@ -11,7 +11,7 @@ HTTP_CONNECTION = keep-alive
 HTTP_HOST = 127.0.0.1:8000
 HTTP_ORIGIN = http://127.0.0.1:8000
 HTTP_REFERER = http://127.0.0.1:8000/navigation/resources/page-that-posts.html
-HTTP_SEC_METADATA = cause=forced, destination=document, target=top-level, site=same-origin
+HTTP_SEC_METADATA = cause="forced", destination="document", target="top-level", site="same-origin"
 HTTP_UPGRADE_INSECURE_REQUESTS = 1
 ============== Back Forward List ==============

--- a/third_party/WebKit/LayoutTests/http/tests/navigation/rename-subframe-goback-expected.txt
+++ b/third_party/WebKit/LayoutTests/http/tests/navigation/rename-subframe-goback-expected.txt
@@ -19,5 +19,5 @@ HTTP_CONNECTION = keep-alive
 HTTP_HOST = 127.0.0.1:8000
 HTTP_ORIGIN = http://127.0.0.1:8000
 HTTP_REFERER = http://127.0.0.1:8000/navigation/resources/page-that-posts.html
-HTTP_SEC_METADATA = cause=forced, destination=document, target=nested, site=same-origin
+HTTP_SEC_METADATA = cause="forced", destination="document", target="nested", site="same-origin"
 HTTP_UPGRADE_INSECURE_REQUESTS = 1
--- a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-leak-path-on-redirect-expected.txt
+++ b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-leak-path-on-redirect-expected.txt
@@ -8,7 +8,7 @@ HTTP_CACHE_CONTROL = max-age=0
 HTTP_CONNECTION = keep-alive
 HTTP_HOST = 127.0.0.1:8000
 HTTP_REFERER = http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/form-action-leak-path-on-redirect.html
-HTTP_SEC_METADATA = cause=forced, destination=document, target=top-level, site=same-origin
+HTTP_SEC_METADATA = cause="forced", destination="document", target="top-level", site="same-origin"
 HTTP_UPGRADE_INSECURE_REQUESTS = 1
 ============== Back Forward List ==============

--- a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-allowed-expected.txt
+++ b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-allowed-expected.txt
@@ -10,7 +10,7 @@ HTTP_CONNECTION = keep-alive
 HTTP_HOST = 127.0.0.1:8000
 HTTP_ORIGIN = http://127.0.0.1:8000
 HTTP_REFERER = http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/form-action-src-allowed.html
-HTTP_SEC_METADATA = cause=forced, destination=document, target=top-level, site=same-origin
+HTTP_SEC_METADATA = cause="forced", destination="document", target="top-level", site="same-origin"
 HTTP_UPGRADE_INSECURE_REQUESTS = 1
 ============== Back Forward List ==============

--- a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-allowed-with-redirect-expected.txt
+++ b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-allowed-with-redirect-expected.txt
@@ -8,7 +8,7 @@ HTTP_CACHE_CONTROL = max-age=0
 HTTP_CONNECTION = keep-alive
 HTTP_HOST = 127.0.0.1:8000
 HTTP_REFERER = http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/form-action-src-allowed-with-redirect.html
-HTTP_SEC_METADATA = cause=forced, destination=document, target=top-level, site=same-origin
+HTTP_SEC_METADATA = cause="forced", destination="document", target="top-level", site="same-origin"
 HTTP_UPGRADE_INSECURE_REQUESTS = 1
 ============== Back Forward List ==============

--- a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-default-ignored-expected.txt
+++ b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-default-ignored-expected.txt
@@ -10,7 +10,7 @@ HTTP_CONNECTION = keep-alive
 HTTP_HOST = 127.0.0.1:8000
 HTTP_ORIGIN = http://127.0.0.1:8000
 HTTP_REFERER = http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/form-action-src-default-ignored.html
-HTTP_SEC_METADATA = cause=forced, destination=document, target=top-level, site=same-origin
+HTTP_SEC_METADATA = cause="forced", destination="document", target="top-level", site="same-origin"
 HTTP_UPGRADE_INSECURE_REQUESTS = 1
 ============== Back Forward List ==============

--- a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-default-ignored-with-redirect-expected.txt
+++ b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-default-ignored-with-redirect-expected.txt
@@ -8,7 +8,7 @@ HTTP_CACHE_CONTROL = max-age=0
 HTTP_CONNECTION = keep-alive
 HTTP_HOST = 127.0.0.1:8000
 HTTP_REFERER = http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/form-action-src-default-ignored-with-redirect.html
-HTTP_SEC_METADATA = cause=forced, destination=document, target=top-level, site=same-origin
+HTTP_SEC_METADATA = cause="forced", destination="document", target="top-level", site="same-origin"
 HTTP_UPGRADE_INSECURE_REQUESTS = 1
 ============== Back Forward List ==============

--- a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-get-allowed-expected.txt
+++ b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-get-allowed-expected.txt
@@ -8,7 +8,7 @@ Http headers:
 HTTP_CONNECTION = keep-alive
 HTTP_HOST = 127.0.0.1:8000
 HTTP_REFERER = http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/form-action-src-get-allowed.html
-HTTP_SEC_METADATA = cause=forced, destination=document, target=top-level, site=same-origin
+HTTP_SEC_METADATA = cause="forced", destination="document", target="top-level", site="same-origin"
 HTTP_UPGRADE_INSECURE_REQUESTS = 1
 ============== Back Forward List ==============

--- a/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-get-allowed-with-redirect-expected.txt
+++ b/third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-get-allowed-with-redirect-expected.txt
@@ -8,7 +8,7 @@ HTTP_CACHE_CONTROL = max-age=0
 HTTP_CONNECTION = keep-alive
 HTTP_HOST = 127.0.0.1:8000
 HTTP_REFERER = http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/form-action-src-get-allowed-with-redirect.html
-HTTP_SEC_METADATA = cause=forced, destination=document, target=top-level, site=same-origin
+HTTP_SEC_METADATA = cause="forced", destination="document", target="top-level", site="same-origin"
 HTTP_UPGRADE_INSECURE_REQUESTS = 1
 ============== Back Forward List ==============

--- a/third_party/blink/renderer/core/loader/base_fetch_context.cc
+++ b/third_party/blink/renderer/core/loader/base_fetch_context.cc
@@ -40,7 +40,7 @@ const char* GetDestinationFromContext(WebURLRequest::RequestContext context) {
    case WebURLRequest::kRequestContextXMLHttpRequest:
    case WebURLRequest::kRequestContextSubresource:
    case WebURLRequest::kRequestContextPrefetch:
-      return "\"\"";
+      return "";
    case WebURLRequest::kRequestContextCSPReport:
      return "report";
    case WebURLRequest::kRequestContextAudio:
@@ -131,9 +131,9 @@ void BaseFetchContext::AddAdditionalRequestHeaders(ResourceRequest& request,
        }
      }
-      String value =
+      String value = String::Format(
-          String::Format("destination=%s, target=subresource, site=%s",
+          "destination=\"%s\", target=\"subresource\", site=\"%s\"",
-                         destination_value, site_value);
+          destination_value, site_value);
      request.AddHTTPHeaderField("Sec-Metadata", AtomicString(value));
    }
  }