Add a feature which enables COOP by default.

This patch adds network::features::kCrossOriginOpenerPolicyByDefault,
which changes documents' default COOP from `unsafe-none` to
`same-origin-allow-popups`, as suggested by the proposal at
https://github.com/mikewest/coop-by-default/.

The feature is disabled by default, and should not (yet!) have any
impact on ordinary browsing.

Bug: 1139911
Change-Id: Ib97b51ee0ac7f76e2d67bb14ce47ba610cdb8d3e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2485492Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Reviewed-by: Arthur Sonzogni <arthursonzogni@chromium.org>
Commit-Queue: Mike West <mkwst@chromium.org>
Cr-Commit-Position: refs/heads/master@{#818813}

services/network/public/cpp/cross_origin_opener_policy_parser.cc

@@ -64,6 +64,9 @@ CrossOriginOpenerPolicy ParseCrossOriginOpenerPolicy(
     if (coop.value == mojom::CrossOriginOpenerPolicyValue::kSameOrigin &&
         coep.value == mojom::CrossOriginEmbedderPolicyValue::kRequireCorp)
       coop.value = mojom::CrossOriginOpenerPolicyValue::kSameOriginPlusCoep;
+  } else if (base::FeatureList::IsEnabled(
+                 features::kCrossOriginOpenerPolicyByDefault)) {
+    coop.value = mojom::CrossOriginOpenerPolicyValue::kSameOriginAllowPopups;
   }
   if (headers.GetNormalizedHeader(kCrossOriginOpenerPolicyHeaderReportOnly,
                                   &header_value)) {

services/network/public/cpp/cross_origin_opener_policy_parser_unittest.cc

@@ -206,4 +206,48 @@ TEST(CrossOriginOpenerPolicyTest, Parse) {
   }
 }
 
+TEST(CrossOriginOpenerPolicyTest, Default) {
+  base::test::ScopedFeatureList scoped_feature_list;
+  scoped_feature_list.InitAndEnableFeature(features::kCrossOriginOpenerPolicy);
+  network::CrossOriginEmbedderPolicy coep;
+
+  // If no COOP header is specified:
+  scoped_refptr<net::HttpResponseHeaders> headers(
+      new net::HttpResponseHeaders("HTTP/1.1 200 OK"));
+
+  // Then we have no policy enforced by default:
+  network::CrossOriginOpenerPolicy parsed_policy =
+      ParseCrossOriginOpenerPolicy(*headers, coep);
+  EXPECT_EQ(base::nullopt, parsed_policy.reporting_endpoint);
+  EXPECT_EQ(mojom::CrossOriginOpenerPolicyValue::kUnsafeNone,
+            parsed_policy.value);
+  EXPECT_EQ(base::nullopt, parsed_policy.report_only_reporting_endpoint);
+  EXPECT_EQ(mojom::CrossOriginOpenerPolicyValue::kUnsafeNone,
+            parsed_policy.report_only_value);
+}
+
+TEST(CrossOriginOpenerPolicyTest, DefaultWithCOOPByDefault) {
+  base::test::ScopedFeatureList scoped_feature_list;
+  scoped_feature_list.InitWithFeatures(
+      {features::kCrossOriginOpenerPolicy,
+       features::kCrossOriginOpenerPolicyByDefault},
+      {});
+  network::CrossOriginEmbedderPolicy coep;
+
+  // If no COOP header is specified:
+  scoped_refptr<net::HttpResponseHeaders> headers(
+      new net::HttpResponseHeaders("HTTP/1.1 200 OK"));
+
+  // Then we have `same-origin-allow-popups` as enforced by default, but no
+  // policy reported on by default:
+  network::CrossOriginOpenerPolicy parsed_policy =
+      ParseCrossOriginOpenerPolicy(*headers, coep);
+  EXPECT_EQ(base::nullopt, parsed_policy.reporting_endpoint);
+  EXPECT_EQ(mojom::CrossOriginOpenerPolicyValue::kSameOriginAllowPopups,
+            parsed_policy.value);
+  EXPECT_EQ(base::nullopt, parsed_policy.report_only_reporting_endpoint);
+  EXPECT_EQ(mojom::CrossOriginOpenerPolicyValue::kUnsafeNone,
+            parsed_policy.report_only_value);
+}
+
 }  // namespace network

services/network/public/cpp/features.cc

@@ -90,6 +90,11 @@ const base::Feature kCrossOriginOpenerPolicyReporting{
 const base::Feature kCrossOriginOpenerPolicyAccessReporting{
     "CrossOriginOpenerPolicyAccessReporting", base::FEATURE_ENABLED_BY_DEFAULT};
 
+// Shift's COOP's default from `unsafe-none` to `same-origin-allow-popups`.
+// https://github.com/mikewest/coop-by-default/
+const base::Feature kCrossOriginOpenerPolicyByDefault{
+    "CrossOriginOpenerPolicyByDefault", base::FEATURE_DISABLED_BY_DEFAULT};
+
 // Enables Cross-Origin Embedder Policy (COEP).
 // https://github.com/mikewest/corpp
 // Currently this feature is enabled for all platforms except WebView.

services/network/public/cpp/features.h

@@ -39,6 +39,8 @@ extern const base::Feature kCrossOriginOpenerPolicyReportingOriginTrial;
 COMPONENT_EXPORT(NETWORK_CPP)
 extern const base::Feature kCrossOriginOpenerPolicyAccessReporting;
 COMPONENT_EXPORT(NETWORK_CPP)
+extern const base::Feature kCrossOriginOpenerPolicyByDefault;
+COMPONENT_EXPORT(NETWORK_CPP)
 extern const base::Feature kCrossOriginEmbedderPolicy;
 COMPONENT_EXPORT(NETWORK_CPP)
 extern const base::Feature kCrossOriginIsolated;