Sec-Metadata: Strings are quoted in structured headers.

So this patch adds quotes.

See https://tools.ietf.org/html/draft-ietf-httpbis-header-structure-06#section-3.7
and https://github.com/mikewest/sec-metadata/commit/98f7c1253e8dd8a0e1606c2f443772b0c9d562b4.

Bug: 843478
Change-Id: I29dfa3a87e3c65a1b64009e173faa6d0f41b40f4
Reviewed-on: https://chromium-review.googlesource.com/1109819
Commit-Queue: Mike West <mkwst@chromium.org>
Reviewed-by: Camille Lamy <clamy@chromium.org>
Reviewed-by: Andy Paicu <andypaicu@chromium.org>
Cr-Commit-Position: refs/heads/master@{#569554}

content/browser/frame_host/navigation_request.cc

@@ -207,7 +207,7 @@ void AddAdditionalRequestHeaders(
       }
     }
     std::string value = base::StringPrintf(
-        "cause=%s, destination=document, target=%s, site=%s",
+        "cause=\"%s\", destination=\"document\", target=\"%s\", site=\"%s\"",
         has_user_gesture ? "user-activated" : "forced",
         frame_tree_node->IsMainFrame() ? "top-level" : "nested",
         site_value.c_str());

third_party/WebKit/LayoutTests/external/wpt/fetch/sec-metadata/fetch.tentative.https.sub.html

@@ -9,7 +9,7 @@
         .then(j => {
           assert_header_equals(j.header, {
             "cause": undefined,
-            "destination": "\"\"",
+            "destination": "",
             "target": "subresource",
             "site": "same-origin"
           });
@@ -22,7 +22,7 @@
         .then(j => {
           assert_header_equals(j.header, {
             "cause": undefined,
-            "destination": "\"\"",
+            "destination": "",
             "target": "subresource",
             "site": "same-site"
           });
@@ -35,7 +35,7 @@
         .then(j => {
           assert_header_equals(j.header, {
             "cause": undefined,
-            "destination": "\"\"",
+            "destination": "",
             "target": "subresource",
             "site": "cross-site"
           });

third_party/WebKit/LayoutTests/external/wpt/fetch/sec-metadata/resources/helper.js

@@ -2,6 +2,7 @@ function parse_metadata(value) {
   let result = {};
   value.split(',').forEach(item => {
     let parsed = item.trim().split('=');
+    parsed[1] = parsed[1].trim().replace(/^"|"$/g, '');
     result[parsed[0]] = parsed[1];
   });
   return result;

third_party/WebKit/LayoutTests/http/tests/navigation/form-targets-cross-site-frame-get-expected.txt

@@ -14,5 +14,5 @@ Http headers:
 HTTP_CONNECTION = keep-alive
 HTTP_HOST = localhost:8080
 HTTP_REFERER = http://127.0.0.1:8000/navigation/form-targets-cross-site-frame-get.html
-HTTP_SEC_METADATA = cause=forced, destination=document, target=nested, site=cross-site
+HTTP_SEC_METADATA = cause="forced", destination="document", target="nested", site="cross-site"
 HTTP_UPGRADE_INSECURE_REQUESTS = 1

third_party/WebKit/LayoutTests/http/tests/navigation/form-targets-cross-site-frame-no-referrer-expected.txt

@@ -15,5 +15,5 @@ HTTP_CACHE_CONTROL = max-age=0
 HTTP_CONNECTION = keep-alive
 HTTP_HOST = localhost:8080
 HTTP_ORIGIN = null
-HTTP_SEC_METADATA = cause=forced, destination=document, target=nested, site=cross-site
+HTTP_SEC_METADATA = cause="forced", destination="document", target="nested", site="cross-site"
 HTTP_UPGRADE_INSECURE_REQUESTS = 1

third_party/WebKit/LayoutTests/http/tests/navigation/form-targets-cross-site-frame-post-expected.txt

@@ -16,5 +16,5 @@ HTTP_CONNECTION = keep-alive
 HTTP_HOST = localhost:8080
 HTTP_ORIGIN = http://127.0.0.1:8000
 HTTP_REFERER = http://127.0.0.1:8000/navigation/form-targets-cross-site-frame-post.html
-HTTP_SEC_METADATA = cause=forced, destination=document, target=nested, site=cross-site
+HTTP_SEC_METADATA = cause="forced", destination="document", target="nested", site="cross-site"
 HTTP_UPGRADE_INSECURE_REQUESTS = 1

third_party/WebKit/LayoutTests/http/tests/navigation/form-with-enctype-targets-cross-site-frame-expected.txt

@@ -16,5 +16,5 @@ HTTP_CONNECTION = keep-alive
 HTTP_HOST = localhost:8080
 HTTP_ORIGIN = http://127.0.0.1:8000
 HTTP_REFERER = http://127.0.0.1:8000/navigation/form-with-enctype-targets-cross-site-frame.html
-HTTP_SEC_METADATA = cause=forced, destination=document, target=nested, site=cross-site
+HTTP_SEC_METADATA = cause="forced", destination="document", target="nested", site="cross-site"
 HTTP_UPGRADE_INSECURE_REQUESTS = 1

third_party/WebKit/LayoutTests/http/tests/navigation/post-basic-expected.txt

@@ -11,7 +11,7 @@ HTTP_CONNECTION = keep-alive
 HTTP_HOST = 127.0.0.1:8000
 HTTP_ORIGIN = http://127.0.0.1:8000
 HTTP_REFERER = http://127.0.0.1:8000/navigation/resources/page-that-posts.html
-HTTP_SEC_METADATA = cause=forced, destination=document, target=top-level, site=same-origin
+HTTP_SEC_METADATA = cause="forced", destination="document", target="top-level", site="same-origin"
 HTTP_UPGRADE_INSECURE_REQUESTS = 1
 
 ============== Back Forward List ==============

third_party/WebKit/LayoutTests/http/tests/navigation/post-frames-expected.txt

@@ -18,7 +18,7 @@ HTTP_CONNECTION = keep-alive
 HTTP_HOST = 127.0.0.1:8000
 HTTP_ORIGIN = http://127.0.0.1:8000
 HTTP_REFERER = http://127.0.0.1:8000/navigation/resources/page-that-posts.html
-HTTP_SEC_METADATA = cause=forced, destination=document, target=nested, site=same-origin
+HTTP_SEC_METADATA = cause="forced", destination="document", target="nested", site="same-origin"
 HTTP_UPGRADE_INSECURE_REQUESTS = 1
 
 ============== Back Forward List ==============

third_party/WebKit/LayoutTests/http/tests/navigation/post-frames-goback1-expected.txt

@@ -18,7 +18,7 @@ HTTP_CONNECTION = keep-alive
 HTTP_HOST = 127.0.0.1:8000
 HTTP_ORIGIN = http://127.0.0.1:8000
 HTTP_REFERER = http://127.0.0.1:8000/navigation/post-frames-goback1.html
-HTTP_SEC_METADATA = cause=forced, destination=document, target=nested, site=same-origin
+HTTP_SEC_METADATA = cause="forced", destination="document", target="nested", site="same-origin"
 HTTP_UPGRADE_INSECURE_REQUESTS = 1
 
 ============== Back Forward List ==============

third_party/WebKit/LayoutTests/http/tests/navigation/post-goback1-expected.txt

@@ -11,7 +11,7 @@ HTTP_CONNECTION = keep-alive
 HTTP_HOST = 127.0.0.1:8000
 HTTP_ORIGIN = http://127.0.0.1:8000
 HTTP_REFERER = http://127.0.0.1:8000/navigation/resources/page-that-posts.html
-HTTP_SEC_METADATA = cause=forced, destination=document, target=top-level, site=same-origin
+HTTP_SEC_METADATA = cause="forced", destination="document", target="top-level", site="same-origin"
 HTTP_UPGRADE_INSECURE_REQUESTS = 1
 
 ============== Back Forward List ==============

third_party/WebKit/LayoutTests/http/tests/navigation/rename-subframe-goback-expected.txt

@@ -19,5 +19,5 @@ HTTP_CONNECTION = keep-alive
 HTTP_HOST = 127.0.0.1:8000
 HTTP_ORIGIN = http://127.0.0.1:8000
 HTTP_REFERER = http://127.0.0.1:8000/navigation/resources/page-that-posts.html
-HTTP_SEC_METADATA = cause=forced, destination=document, target=nested, site=same-origin
+HTTP_SEC_METADATA = cause="forced", destination="document", target="nested", site="same-origin"
 HTTP_UPGRADE_INSECURE_REQUESTS = 1

third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-leak-path-on-redirect-expected.txt

@@ -8,7 +8,7 @@ HTTP_CACHE_CONTROL = max-age=0
 HTTP_CONNECTION = keep-alive
 HTTP_HOST = 127.0.0.1:8000
 HTTP_REFERER = http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/form-action-leak-path-on-redirect.html
-HTTP_SEC_METADATA = cause=forced, destination=document, target=top-level, site=same-origin
+HTTP_SEC_METADATA = cause="forced", destination="document", target="top-level", site="same-origin"
 HTTP_UPGRADE_INSECURE_REQUESTS = 1
 
 ============== Back Forward List ==============

third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-allowed-expected.txt

@@ -10,7 +10,7 @@ HTTP_CONNECTION = keep-alive
 HTTP_HOST = 127.0.0.1:8000
 HTTP_ORIGIN = http://127.0.0.1:8000
 HTTP_REFERER = http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/form-action-src-allowed.html
-HTTP_SEC_METADATA = cause=forced, destination=document, target=top-level, site=same-origin
+HTTP_SEC_METADATA = cause="forced", destination="document", target="top-level", site="same-origin"
 HTTP_UPGRADE_INSECURE_REQUESTS = 1
 
 ============== Back Forward List ==============

third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-allowed-with-redirect-expected.txt

@@ -8,7 +8,7 @@ HTTP_CACHE_CONTROL = max-age=0
 HTTP_CONNECTION = keep-alive
 HTTP_HOST = 127.0.0.1:8000
 HTTP_REFERER = http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/form-action-src-allowed-with-redirect.html
-HTTP_SEC_METADATA = cause=forced, destination=document, target=top-level, site=same-origin
+HTTP_SEC_METADATA = cause="forced", destination="document", target="top-level", site="same-origin"
 HTTP_UPGRADE_INSECURE_REQUESTS = 1
 
 ============== Back Forward List ==============

third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-default-ignored-expected.txt

@@ -10,7 +10,7 @@ HTTP_CONNECTION = keep-alive
 HTTP_HOST = 127.0.0.1:8000
 HTTP_ORIGIN = http://127.0.0.1:8000
 HTTP_REFERER = http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/form-action-src-default-ignored.html
-HTTP_SEC_METADATA = cause=forced, destination=document, target=top-level, site=same-origin
+HTTP_SEC_METADATA = cause="forced", destination="document", target="top-level", site="same-origin"
 HTTP_UPGRADE_INSECURE_REQUESTS = 1
 
 ============== Back Forward List ==============

third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-default-ignored-with-redirect-expected.txt

@@ -8,7 +8,7 @@ HTTP_CACHE_CONTROL = max-age=0
 HTTP_CONNECTION = keep-alive
 HTTP_HOST = 127.0.0.1:8000
 HTTP_REFERER = http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/form-action-src-default-ignored-with-redirect.html
-HTTP_SEC_METADATA = cause=forced, destination=document, target=top-level, site=same-origin
+HTTP_SEC_METADATA = cause="forced", destination="document", target="top-level", site="same-origin"
 HTTP_UPGRADE_INSECURE_REQUESTS = 1
 
 ============== Back Forward List ==============

third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-get-allowed-expected.txt

@@ -8,7 +8,7 @@ Http headers:
 HTTP_CONNECTION = keep-alive
 HTTP_HOST = 127.0.0.1:8000
 HTTP_REFERER = http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/form-action-src-get-allowed.html
-HTTP_SEC_METADATA = cause=forced, destination=document, target=top-level, site=same-origin
+HTTP_SEC_METADATA = cause="forced", destination="document", target="top-level", site="same-origin"
 HTTP_UPGRADE_INSECURE_REQUESTS = 1
 
 ============== Back Forward List ==============

third_party/WebKit/LayoutTests/http/tests/security/contentSecurityPolicy/1.1/form-action-src-get-allowed-with-redirect-expected.txt

@@ -8,7 +8,7 @@ HTTP_CACHE_CONTROL = max-age=0
 HTTP_CONNECTION = keep-alive
 HTTP_HOST = 127.0.0.1:8000
 HTTP_REFERER = http://127.0.0.1:8000/security/contentSecurityPolicy/1.1/form-action-src-get-allowed-with-redirect.html
-HTTP_SEC_METADATA = cause=forced, destination=document, target=top-level, site=same-origin
+HTTP_SEC_METADATA = cause="forced", destination="document", target="top-level", site="same-origin"
 HTTP_UPGRADE_INSECURE_REQUESTS = 1
 
 ============== Back Forward List ==============

third_party/blink/renderer/core/loader/base_fetch_context.cc

@@ -40,7 +40,7 @@ const char* GetDestinationFromContext(WebURLRequest::RequestContext context) {
     case WebURLRequest::kRequestContextXMLHttpRequest:
     case WebURLRequest::kRequestContextSubresource:
     case WebURLRequest::kRequestContextPrefetch:
-      return "\"\"";
+      return "";
     case WebURLRequest::kRequestContextCSPReport:
       return "report";
     case WebURLRequest::kRequestContextAudio:
@@ -131,8 +131,8 @@ void BaseFetchContext::AddAdditionalRequestHeaders(ResourceRequest& request,
         }
       }
 
-      String value =
-          String::Format("destination=%s, target=subresource, site=%s",
+      String value = String::Format(
+          "destination=\"%s\", target=\"subresource\", site=\"%s\"",
           destination_value, site_value);
       request.AddHTTPHeaderField("Sec-Metadata", AtomicString(value));
     }