Signed Exchange: Disallow HEAD request method

As per the Loading Signed Exchanges spec [1], this patch makes
SignedExchangeEnvelope::Parse() fail if the exchange's request method is
not "GET".

[1] https://wicg.github.io/webpackage/loading.html#parse-cbor-headers

Bug: 803774
Change-Id: I4729403f3dae5038bae702b0359e1b98f9a11233
Reviewed-on: https://chromium-review.googlesource.com/c/1350017Reviewed-by: Kouhei Ueno <kouhei@chromium.org>
Reviewed-by: Tsuyoshi Horo <horo@chromium.org>
Commit-Queue: Kunihiko Sakamoto <ksakamoto@chromium.org>
Cr-Commit-Position: refs/heads/master@{#610767}

content/browser/web_package/signed_exchange_envelope.cc

@@ -89,20 +89,14 @@ bool ParseRequestMap(const cbor::Value& value,
     return false;
   }
   base::StringPiece method_str = method_iter->second.GetBytestringAsString();
-  // 3. If exchange’s request method is not safe (Section 4.2.1 of [RFC7231])
-  // or not cacheable (Section 4.2.3 of [RFC7231]), return “invalid”.
-  // [spec text]
-  //
-  // Note: Per [RFC7231],
-  //       Safe methods are "GET", "HEAD", "OPTIONS", and "TRACE".
-  //       Cachable methods are "GET", "HEAD", and "POST",
-  //       and we only allow methods that satisfy both.
-  if (method_str != "GET" && method_str != "HEAD") {
+  // https://wicg.github.io/webpackage/loading.html#parse-cbor-headers
+  // If any of the following is true, return a failure:
+  // - ...
+  // - headers[0][`:method`] is not `GET`. [spec text]
+  if (method_str != "GET") {
     signed_exchange_utils::ReportErrorAndTraceEvent(
-        devtools_proxy,
-        base::StringPrintf(
-            "Request method is not safe or not cacheable. method: %s",
-            method_str.as_string().c_str()));
+        devtools_proxy, base::StringPrintf("Request method must be GET, but %s",
+                                           method_str.as_string().c_str()));
     return false;
   }
   out->set_request_method(method_str);

third_party/blink/web_tests/external/wpt/signed-exchange/resources/generate-test-sxgs.sh

@@ -38,6 +38,22 @@ gen-signedexchange \
   -o sxg-location.sxg \
   -miRecordSize 100
 
+# Request method is HEAD.
+gen-signedexchange \
+  -version 1b2 \
+  -method HEAD \
+  -uri $inner_url_origin/signed-exchange/resources/inner-url.html \
+  -status 200 \
+  -content sxg-location.html \
+  -certificate $certfile \
+  -certUrl $cert_url_origin/signed-exchange/resources/$certfile.cbor \
+  -validityUrl $inner_url_origin/signed-exchange/resources/resource.validity.msg \
+  -privateKey $keyfile \
+  -date 2018-04-01T00:00:00Z \
+  -expire 168h \
+  -o sxg-head-request.sxg \
+  -miRecordSize 100
+
 # validityUrl is different origin from request URL.
 gen-signedexchange \
   -version 1b2 \

third_party/blink/web_tests/external/wpt/signed-exchange/resources/sxg-head-request.sxg.headers

+Content-Type: application/signed-exchange;v=b2

third_party/blink/web_tests/external/wpt/signed-exchange/sxg-head-request.tentative.html

+<!DOCTYPE html>
+<title>Loading SignedHTTPExchange with HEAD request method must fail</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="./resources/sxg-util.js"></script>
+<body>
+<script>
+promise_test(async (t) => {
+  const sxgUrl = get_host_info().HTTPS_ORIGIN + '/signed-exchange/resources/sxg-head-request.sxg';
+  const message = await openSXGInIframeAndWaitForMessage(t, sxgUrl);
+  assert_equals(message.location, innerURLOrigin() + '/signed-exchange/resources/inner-url.html');
+  assert_true(message.is_fallback);
+}, 'Loading SignedHTTPExchange with HEAD request method must fail');
+
+</script>
+</body>