Ship the `Sec-Fetch-{Mode,Site,User}` request headers.

Spec: https://mikewest.github.io/sec-metadata/ Intent to Ship: https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/yQgJlq5PEOQ/erexYRWHBgAJ Bug: 843478 Change-Id: Iae3bbaa9c908f9f8f281cd97ba94b1601556cb93 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1547515 Commit-Queue: Mike West <mkwst@chromium.org> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Cr-Commit-Position: refs/heads/master@{#652776}

Ship the `Sec-Fetch-{Mode,Site,User}` request headers.
Spec: https://mikewest.github.io/sec-metadata/ Intent to Ship: https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/yQgJlq5PEOQ/erexYRWHBgAJ Bug: 843478 Change-Id: Iae3bbaa9c908f9f8f281cd97ba94b1601556cb93 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1547515 Commit-Queue: Mike West <mkwst@chromium.org> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Cr-Commit-Position: refs/heads/master@{#652776}
40365c5d · Mike West · Commit Bot · baec9138 · 40365c5d · 40365c5d
Commit 40365c5d authored Apr 20, 2019 by Mike West Committed by Commit Bot Apr 20, 2019
11 changed files
--- a/services/network/public/cpp/features.cc
+++ b/services/network/public/cpp/features.cc
@@ -61,7 +61,7 @@ const base::Feature kEnforceRequestInitiatorLockForCorb{
 // Implementation of https://mikewest.github.io/sec-metadata/
 const base::Feature kFetchMetadata{"FetchMetadata",
-                                   base::FEATURE_DISABLED_BY_DEFAULT};
+                                   base::FEATURE_ENABLED_BY_DEFAULT};
 // The `Sec-Fetch-Dest` header is split out from the main "FetchMetadata"
 // feature so we can ship the broader feature without this specifific bit

--- a/third_party/blink/renderer/platform/runtime_enabled_features.json5
+++ b/third_party/blink/renderer/platform/runtime_enabled_features.json5
@@ -549,7 +549,7 @@
    },
    {
      name: "FetchMetadata",
-      status: "experimental"
+      status: "stable"
    },
    {
      name: "FetchMetadataDestination",

--- a/third_party/blink/web_tests/virtual/stable/http/tests/navigation/form-targets-cross-site-frame-get-expected.txt
+++ b/third_party/blink/web_tests/virtual/stable/http/tests/navigation/form-targets-cross-site-frame-get-expected.txt
@@ -14,4 +14,6 @@ Http headers:
 HTTP_CONNECTION = keep-alive
 HTTP_HOST = localhost:8080
 HTTP_REFERER = http://127.0.0.1:8000/navigation/form-targets-cross-site-frame-get.html
+HTTP_SEC_FETCH_MODE = nested-navigate
+HTTP_SEC_FETCH_SITE = cross-site
 HTTP_UPGRADE_INSECURE_REQUESTS = 1
--- a/third_party/blink/web_tests/virtual/stable/http/tests/navigation/form-targets-cross-site-frame-no-referrer-expected.txt
+++ b/third_party/blink/web_tests/virtual/stable/http/tests/navigation/form-targets-cross-site-frame-no-referrer-expected.txt
@@ -15,4 +15,6 @@ HTTP_CACHE_CONTROL = max-age=0
 HTTP_CONNECTION = keep-alive
 HTTP_HOST = localhost:8080
 HTTP_ORIGIN = null
+HTTP_SEC_FETCH_MODE = nested-navigate
+HTTP_SEC_FETCH_SITE = cross-site
 HTTP_UPGRADE_INSECURE_REQUESTS = 1
--- a/third_party/blink/web_tests/virtual/stable/http/tests/navigation/form-targets-cross-site-frame-post-expected.txt
+++ b/third_party/blink/web_tests/virtual/stable/http/tests/navigation/form-targets-cross-site-frame-post-expected.txt
@@ -16,4 +16,6 @@ HTTP_CONNECTION = keep-alive
 HTTP_HOST = localhost:8080
 HTTP_ORIGIN = http://127.0.0.1:8000
 HTTP_REFERER = http://127.0.0.1:8000/navigation/form-targets-cross-site-frame-post.html
+HTTP_SEC_FETCH_MODE = nested-navigate
+HTTP_SEC_FETCH_SITE = cross-site
 HTTP_UPGRADE_INSECURE_REQUESTS = 1
--- a/third_party/blink/web_tests/virtual/stable/http/tests/navigation/form-with-enctype-targets-cross-site-frame-expected.txt
+++ b/third_party/blink/web_tests/virtual/stable/http/tests/navigation/form-with-enctype-targets-cross-site-frame-expected.txt
@@ -16,4 +16,6 @@ HTTP_CONNECTION = keep-alive
 HTTP_HOST = localhost:8080
 HTTP_ORIGIN = http://127.0.0.1:8000
 HTTP_REFERER = http://127.0.0.1:8000/navigation/form-with-enctype-targets-cross-site-frame.html
+HTTP_SEC_FETCH_MODE = nested-navigate
+HTTP_SEC_FETCH_SITE = cross-site
 HTTP_UPGRADE_INSECURE_REQUESTS = 1
--- a/third_party/blink/web_tests/virtual/stable/http/tests/navigation/post-basic-expected.txt
+++ b/third_party/blink/web_tests/virtual/stable/http/tests/navigation/post-basic-expected.txt
@@ -12,6 +12,8 @@ HTTP_CONNECTION = keep-alive
 HTTP_HOST = 127.0.0.1:8000
 HTTP_ORIGIN = http://127.0.0.1:8000
 HTTP_REFERER = http://127.0.0.1:8000/navigation/resources/page-that-posts.html
+HTTP_SEC_FETCH_MODE = navigate
+HTTP_SEC_FETCH_SITE = same-origin
 HTTP_UPGRADE_INSECURE_REQUESTS = 1
 ============== Back Forward List ==============

--- a/third_party/blink/web_tests/virtual/stable/http/tests/navigation/post-frames-expected.txt
+++ b/third_party/blink/web_tests/virtual/stable/http/tests/navigation/post-frames-expected.txt
@@ -17,6 +17,8 @@ HTTP_CONNECTION = keep-alive
 HTTP_HOST = 127.0.0.1:8000
 HTTP_ORIGIN = http://127.0.0.1:8000
 HTTP_REFERER = http://127.0.0.1:8000/navigation/resources/page-that-posts.html
+HTTP_SEC_FETCH_MODE = nested-navigate
+HTTP_SEC_FETCH_SITE = same-origin
 HTTP_UPGRADE_INSECURE_REQUESTS = 1
 ============== Back Forward List ==============

--- a/third_party/blink/web_tests/virtual/stable/http/tests/navigation/post-frames-goback1-expected.txt
+++ b/third_party/blink/web_tests/virtual/stable/http/tests/navigation/post-frames-goback1-expected.txt
@@ -16,6 +16,8 @@ HTTP_CONNECTION = keep-alive
 HTTP_HOST = 127.0.0.1:8000
 HTTP_ORIGIN = http://127.0.0.1:8000
 HTTP_REFERER = http://127.0.0.1:8000/navigation/post-frames-goback1.html
+HTTP_SEC_FETCH_MODE = nested-navigate
+HTTP_SEC_FETCH_SITE = same-origin
 HTTP_UPGRADE_INSECURE_REQUESTS = 1
 ============== Back Forward List ==============

--- a/third_party/blink/web_tests/virtual/stable/http/tests/navigation/post-goback1-expected.txt
+++ b/third_party/blink/web_tests/virtual/stable/http/tests/navigation/post-goback1-expected.txt
@@ -12,6 +12,8 @@ HTTP_CONNECTION = keep-alive
 HTTP_HOST = 127.0.0.1:8000
 HTTP_ORIGIN = http://127.0.0.1:8000
 HTTP_REFERER = http://127.0.0.1:8000/navigation/resources/page-that-posts.html
+HTTP_SEC_FETCH_MODE = navigate
+HTTP_SEC_FETCH_SITE = same-origin
 HTTP_UPGRADE_INSECURE_REQUESTS = 1
 ============== Back Forward List ==============

--- a/third_party/blink/web_tests/virtual/stable/http/tests/navigation/rename-subframe-goback-expected.txt
+++ b/third_party/blink/web_tests/virtual/stable/http/tests/navigation/rename-subframe-goback-expected.txt
@@ -20,4 +20,6 @@ HTTP_CONNECTION = keep-alive
 HTTP_HOST = 127.0.0.1:8000
 HTTP_ORIGIN = http://127.0.0.1:8000
 HTTP_REFERER = http://127.0.0.1:8000/navigation/resources/page-that-posts.html
+HTTP_SEC_FETCH_MODE = nested-navigate
+HTTP_SEC_FETCH_SITE = same-origin
 HTTP_UPGRADE_INSECURE_REQUESTS = 1