Add NOTREACHED for InitiatorLockCompatibility::kNoLock + fix unit tests.

This CL adds a NOTREACHED assertion to the InitiatorLockCompatibility::kNoLock case in CorsURLLoaderFactory::IsValidRequest (in preparation for calling mojo::ReportBadMessage and returning false in a follow-up CL). Presence of the new NOTREACHED assertion requires fixing unit tests, so that they more accurately simulate the behavior of the product code. In particular: - A DCHECK has been added to CorsURLLoaderTest::ResetFactory to help ensure that all tests use a non-nullopt |request_initiator_site_lock| when simulating a renderer-side factory. - CorsURLLoaderTest::SetUp started passing non-null default initiator to CorsURLLoaderTest::ResetFactory. https://example.com was chosen as the default, because it is the most commonly used URL in other tests. This necessitated changing some tests to use the matching scheme (https rather than http). - Some tests were forced to specify a non-nullopt network::ResourceRequest::request_initiator (this is no longer okay, because if kNoLock case cannot be reached after this CL, then kNoInitiator case would crash the test). - Tests that really had to use a nullopt |request_initiator| were switched to simulating a browser-side factory (one with a nullopt |request_initiator_site_lock| and with kBrowserProcessId). Fixed: 1115222 Change-Id: I8c6e6603ba4626cf5c306ae5ca286fe1f1fb48e5 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2350232 Commit-Queue: Łukasz Anforowicz <lukasza@chromium.org> Reviewed-by: Takashi Toyoshima <toyoshim@chromium.org> Cr-Commit-Position: refs/heads/master@{#798890}

Add NOTREACHED for InitiatorLockCompatibility::kNoLock + fix unit tests.
This CL adds a NOTREACHED assertion to the InitiatorLockCompatibility::kNoLock case in CorsURLLoaderFactory::IsValidRequest (in preparation for calling mojo::ReportBadMessage and returning false in a follow-up CL). Presence of the new NOTREACHED assertion requires fixing unit tests, so that they more accurately simulate the behavior of the product code. In particular: - A DCHECK has been added to CorsURLLoaderTest::ResetFactory to help ensure that all tests use a non-nullopt |request_initiator_site_lock| when simulating a renderer-side factory. - CorsURLLoaderTest::SetUp started passing non-null default initiator to CorsURLLoaderTest::ResetFactory. https://example.com was chosen as the default, because it is the most commonly used URL in other tests. This necessitated changing some tests to use the matching scheme (https rather than http). - Some tests were forced to specify a non-nullopt network::ResourceRequest::request_initiator (this is no longer okay, because if kNoLock case cannot be reached after this CL, then kNoInitiator case would crash the test). - Tests that really had to use a nullopt |request_initiator| were switched to simulating a browser-side factory (one with a nullopt |request_initiator_site_lock| and with kBrowserProcessId). Fixed: 1115222 Change-Id: I8c6e6603ba4626cf5c306ae5ca286fe1f1fb48e5 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2350232 Commit-Queue: Łukasz Anforowicz <lukasza@chromium.org> Reviewed-by: Takashi Toyoshima <toyoshim@chromium.org> Cr-Commit-Position: refs/heads/master@{#798890}
4e2773bd · Lukasz Anforowicz · Commit Bot · 03476cf7 · 4e2773bd · 4e2773bd
Commit 4e2773bd authored Aug 17, 2020 by Lukasz Anforowicz Committed by Commit Bot Aug 17, 2020
4 changed files
--- a/services/network/cors/cors_url_loader_factory.cc
+++ b/services/network/cors/cors_url_loader_factory.cc
@@ -387,11 +387,7 @@ bool CorsURLLoaderFactory::IsValidRequest(const ResourceRequest& request,
      // a renderer process.  Once issues blocking https://crbug.com/1114906 are
      // fixed, the case below should return |false| and call
      // mojo::ReportBadMessage.
-      //
-      // TODO(lukasza): https://crbug.com/1114906: Add NOTREACHED below, after
-      // tweaking unit tests to correctly simulate product behavior.  Broken
-      // tests: services_unittests: CorsURLLoader*Test and
-      // *RawRequestAccessControl*.
+      NOTREACHED();
      break;

    case InitiatorLockCompatibility::kNoInitiator:

--- a/services/network/cors/cors_url_loader_factory_unittest.cc
+++ b/services/network/cors/cors_url_loader_factory_unittest.cc
@@ -70,6 +70,8 @@ class CorsURLLoaderFactoryTest : public testing::Test {

    auto factory_params = network::mojom::URLLoaderFactoryParams::New();
    factory_params->process_id = kProcessId;
+    factory_params->request_initiator_site_lock =
+        url::Origin::Create(GURL("http://localhost"));
    auto resource_scheduler_client =
        base::MakeRefCounted<ResourceSchedulerClient>(
            kProcessId, kRouteId, &resource_scheduler_,

--- a/services/network/cors/cors_url_loader_unittest.cc
+++ b/services/network/cors/cors_url_loader_unittest.cc
@@ -179,7 +179,9 @@ class CorsURLLoaderTest : public testing::Test {
        network_context_remote_.BindNewPipeAndPassReceiver(),
        std::move(context_params));

-    ResetFactory(base::nullopt, kRendererProcessId);
+    const url::Origin default_initiator_origin =
+        url::Origin::Create(GURL("https://example.com"));
+    ResetFactory(default_initiator_origin, kRendererProcessId);
  }
  void SetUp() override { SetUp(mojom::NetworkContextParams::New()); }

@@ -350,6 +352,9 @@ class CorsURLLoaderTest : public testing::Test {
                    bool is_trusted,
                    bool ignore_isolated_world_origin,
                    bool skip_cors_enabled_scheme_check) {
+    if (process_id != mojom::kBrowserProcessId)
+      DCHECK(initiator.has_value());
+
    test_url_loader_factory_ = std::make_unique<TestURLLoaderFactory>();
    test_url_loader_factory_receiver_ =
        std::make_unique<mojo::Receiver<mojom::URLLoaderFactory>>(
@@ -470,8 +475,8 @@ TEST_F(CorsURLLoaderTest, NoCorsWithInvalidMethod) {
  ResourceRequest request;
  request.mode = mojom::RequestMode::kNoCors;
  request.credentials_mode = mojom::CredentialsMode::kInclude;
-  request.url = GURL("http://example.com/");
-  request.request_initiator = base::nullopt;
+  request.url = GURL("https://example.com/");
+  request.request_initiator = url::Origin::Create(request.url);
  request.method = "GET\r\nHost: other.example.com";

  BadMessageTestHelper bad_message_helper;
@@ -492,7 +497,7 @@ TEST_F(CorsURLLoaderTest, SameOriginWithoutInitiator) {
  ResourceRequest request;
  request.mode = mojom::RequestMode::kSameOrigin;
  request.credentials_mode = mojom::CredentialsMode::kInclude;
-  request.url = GURL("http://example.com/");
+  request.url = GURL("https://example.com/");
  request.request_initiator = base::nullopt;

  BadMessageTestHelper bad_message_helper;
@@ -510,10 +515,17 @@ TEST_F(CorsURLLoaderTest, SameOriginWithoutInitiator) {
 }

 TEST_F(CorsURLLoaderTest, NoCorsWithoutInitiator) {
+  // This test needs to simulate a factory used from the browser process,
+  // because only the browser process may start requests with no
+  // |request_initiator|.  A renderer process would have run into NOTREACHED and
+  // mojo::ReportBadMessage via InitiatorLockCompatibility::kNoInitiator case in
+  // CorsURLLoaderFactory::IsValidRequest.
+  ResetFactory(base::nullopt /* initiator */, mojom::kBrowserProcessId);
+
  ResourceRequest request;
  request.mode = mojom::RequestMode::kNoCors;
  request.credentials_mode = mojom::CredentialsMode::kInclude;
-  request.url = GURL("http://example.com/");
+  request.url = GURL("https://example.com/");
  request.request_initiator = base::nullopt;

  CreateLoaderAndStart(request);
@@ -533,7 +545,7 @@ TEST_F(CorsURLLoaderTest, CorsWithoutInitiator) {
  ResourceRequest request;
  request.mode = mojom::RequestMode::kCors;
  request.credentials_mode = mojom::CredentialsMode::kInclude;
-  request.url = GURL("http://example.com/");
+  request.url = GURL("https://example.com/");
  request.request_initiator = base::nullopt;

  BadMessageTestHelper bad_message_helper;
@@ -556,7 +568,7 @@ TEST_F(CorsURLLoaderTest, NavigateWithoutInitiator) {
  ResourceRequest request;
  request.mode = mojom::RequestMode::kNavigate;
  request.credentials_mode = mojom::CredentialsMode::kInclude;
-  request.url = GURL("http://example.com/");
+  request.url = GURL("https://example.com/");
  request.request_initiator = base::nullopt;

  CreateLoaderAndStart(request);
@@ -575,7 +587,7 @@ TEST_F(CorsURLLoaderTest, NavigateWithoutInitiator) {
 TEST_F(CorsURLLoaderTest, NavigationFromRenderer) {
  ResourceRequest request;
  request.mode = mojom::RequestMode::kNavigate;
-  request.url = GURL("http://example.com/");
+  request.url = GURL("https://example.com/");
  request.request_initiator = base::nullopt;

  BadMessageTestHelper bad_message_helper;
@@ -593,7 +605,7 @@ TEST_F(CorsURLLoaderTest, NavigationFromRenderer) {
 }

 TEST_F(CorsURLLoaderTest, SameOriginRequest) {
-  const GURL url("http://example.com/foo.png");
+  const GURL url("https://example.com/foo.png");
  CreateLoaderAndStart(url.GetOrigin(), url, mojom::RequestMode::kSameOrigin);
  RunUntilCreateLoaderAndStartCalled();

@@ -610,8 +622,8 @@ TEST_F(CorsURLLoaderTest, SameOriginRequest) {
 }

 TEST_F(CorsURLLoaderTest, CrossOriginRequestWithNoCorsMode) {
-  const GURL origin("http://example.com");
-  const GURL url("http://other.com/foo.png");
+  const GURL origin("https://example.com");
+  const GURL url("http://other.example.com/foo.png");
  CreateLoaderAndStart(origin, url, mojom::RequestMode::kNoCors);
  RunUntilCreateLoaderAndStartCalled();

@@ -630,8 +642,8 @@ TEST_F(CorsURLLoaderTest, CrossOriginRequestWithNoCorsMode) {
 }

 TEST_F(CorsURLLoaderTest, CrossOriginRequestWithNoCorsModeAndPatchMethod) {
-  const GURL origin("http://example.com");
-  const GURL url("http://other.com/foo.png");
+  const GURL origin("https://example.com");
+  const GURL url("http://other.example.com/foo.png");
  ResourceRequest request;
  request.mode = mojom::RequestMode::kNoCors;
  request.credentials_mode = mojom::CredentialsMode::kInclude;
@@ -654,12 +666,12 @@ TEST_F(CorsURLLoaderTest, CrossOriginRequestWithNoCorsModeAndPatchMethod) {
  std::string origin_header;
  EXPECT_TRUE(GetRequest().headers.GetHeader(net::HttpRequestHeaders::kOrigin,
                                             &origin_header));
-  EXPECT_EQ(origin_header, "http://example.com");
+  EXPECT_EQ(origin_header, "https://example.com");
 }

 TEST_F(CorsURLLoaderTest, CrossOriginRequestFetchRequestModeSameOrigin) {
-  const GURL origin("http://example.com");
-  const GURL url("http://other.com/foo.png");
+  const GURL origin("https://example.com");
+  const GURL url("http://other.example.com/foo.png");
  CreateLoaderAndStart(origin, url, mojom::RequestMode::kSameOrigin);

  RunUntilComplete();
@@ -676,8 +688,8 @@ TEST_F(CorsURLLoaderTest, CrossOriginRequestFetchRequestModeSameOrigin) {
 }

 TEST_F(CorsURLLoaderTest, CrossOriginRequestWithCorsModeButMissingCorsHeader) {
-  const GURL origin("http://example.com");
-  const GURL url("http://other.com/foo.png");
+  const GURL origin("https://example.com");
+  const GURL url("http://other.example.com/foo.png");
  CreateLoaderAndStart(origin, url, mojom::RequestMode::kCors);
  RunUntilCreateLoaderAndStartCalled();

@@ -690,7 +702,7 @@ TEST_F(CorsURLLoaderTest, CrossOriginRequestWithCorsModeButMissingCorsHeader) {
  std::string origin_header;
  EXPECT_TRUE(GetRequest().headers.GetHeader(net::HttpRequestHeaders::kOrigin,
                                             &origin_header));
-  EXPECT_EQ(origin_header, "http://example.com");
+  EXPECT_EQ(origin_header, "https://example.com");
  EXPECT_FALSE(client().has_received_redirect());
  EXPECT_FALSE(client().has_received_response());
  EXPECT_EQ(net::ERR_FAILED, client().completion_status().error_code);
@@ -700,13 +712,13 @@ TEST_F(CorsURLLoaderTest, CrossOriginRequestWithCorsModeButMissingCorsHeader) {
 }

 TEST_F(CorsURLLoaderTest, CrossOriginRequestWithCorsMode) {
-  const GURL origin("http://example.com");
-  const GURL url("http://other.com/foo.png");
+  const GURL origin("https://example.com");
+  const GURL url("http://other.example.com/foo.png");
  CreateLoaderAndStart(origin, url, mojom::RequestMode::kCors);
  RunUntilCreateLoaderAndStartCalled();

  NotifyLoaderClientOnReceiveResponse(
-      {{"Access-Control-Allow-Origin", "http://example.com"}});
+      {{"Access-Control-Allow-Origin", "https://example.com"}});
  NotifyLoaderClientOnComplete(net::OK);

  RunUntilComplete();
@@ -720,8 +732,8 @@ TEST_F(CorsURLLoaderTest, CrossOriginRequestWithCorsMode) {

 TEST_F(CorsURLLoaderTest,
       CrossOriginRequestFetchRequestWithCorsModeButMismatchedCorsHeader) {
-  const GURL origin("http://example.com");
-  const GURL url("http://other.com/foo.png");
+  const GURL origin("https://example.com");
+  const GURL url("http://other.example.com/foo.png");
  CreateLoaderAndStart(origin, url, mojom::RequestMode::kCors);
  RunUntilCreateLoaderAndStartCalled();

@@ -793,14 +805,14 @@ TEST_F(CorsURLLoaderTest, CorsEnabledSameCustomSchemeRequest) {
 }

 TEST_F(CorsURLLoaderTest, StripUsernameAndPassword) {
-  const GURL origin("http://example.com");
-  const GURL url("http://foo:bar@other.com/foo.png");
-  std::string stripped_url = "http://other.com/foo.png";
+  const GURL origin("https://example.com");
+  const GURL url("http://foo:bar@other.example.com/foo.png");
+  std::string stripped_url = "http://other.example.com/foo.png";
  CreateLoaderAndStart(origin, url, mojom::RequestMode::kCors);
  RunUntilCreateLoaderAndStartCalled();

  NotifyLoaderClientOnReceiveResponse(
-      {{"Access-Control-Allow-Origin", "http://example.com"}});
+      {{"Access-Control-Allow-Origin", "https://example.com"}});
  NotifyLoaderClientOnComplete(net::OK);

  RunUntilComplete();
@@ -1229,11 +1241,6 @@ TEST_F(CorsURLLoaderTest, RedirectInfoShouldBeUsed) {
 // assumptions about whether these need to be updated in CorsURLLoader.
 TEST_F(CorsURLLoaderTest,
       InterceptedRedirectChangesIsolationInfoAndSiteForCookies) {
-  auto params = network::mojom::URLLoaderFactoryParams::New();
-  ResetFactory(base::nullopt, kRendererProcessId, true /* is_trusted */,
-               params->ignore_isolated_world_origin,
-               false /* skip_cors_enabled_scheme_check */);
-
  const GURL url("https://example.com/foo.png");
  const url::Origin url_origin = url::Origin::Create(url);
  const net::SiteForCookies url_site_for_cookies =
@@ -1244,6 +1251,11 @@ TEST_F(CorsURLLoaderTest,
  const net::SiteForCookies new_url_site_for_cookies =
      net::SiteForCookies::FromOrigin(new_url_origin);

+  auto params = network::mojom::URLLoaderFactoryParams::New();
+  ResetFactory(url_origin, kRendererProcessId, true /* is_trusted */,
+               params->ignore_isolated_world_origin,
+               false /* skip_cors_enabled_scheme_check */);
+
  ResourceRequest request;
  request.mode = mojom::RequestMode::kCors;
  request.credentials_mode = mojom::CredentialsMode::kOmit;
@@ -1371,8 +1383,8 @@ TEST_F(CorsURLLoaderTest, CorsExemptHeaderRemovalOnCrossOriginRedirects) {
  RunUntilCreateLoaderAndStartCalled();
  EXPECT_EQ(1, num_created_loaders());

-  NotifyLoaderClientOnReceiveRedirect(
-      CreateRedirectInfo(301, "GET", GURL("https://google.com/bar.png")));
+  NotifyLoaderClientOnReceiveRedirect(CreateRedirectInfo(
+      301, "GET", GURL("https://other.example.com/bar.png")));
  RunUntilRedirectReceived();

  EXPECT_TRUE(IsNetworkLoaderStarted());
@@ -1393,6 +1405,7 @@ TEST_F(CorsURLLoaderTest, CorsExemptHeaderRemovalOnCrossOriginRedirects) {
 TEST_F(CorsURLLoaderTest, CorsExemptHeaderModificationOnRedirects) {
  ResourceRequest request;
  request.url = GURL("https://example.com/foo.png");
+  request.request_initiator = url::Origin::Create(request.url);
  request.cors_exempt_headers.SetHeader(kTestCorsExemptHeader, "test-value");
  CreateLoaderAndStart(request);
  RunUntilCreateLoaderAndStartCalled();
@@ -1426,8 +1439,8 @@ TEST_F(CorsURLLoaderTest, CorsExemptHeaderModificationOnRedirects) {
 // OriginAccessListTest, but this test intends to verify if CorsURlLoader calls
 // the list properly.
 TEST_F(CorsURLLoaderTest, OriginAccessList_Allowed) {
-  const GURL origin("http://example.com");
-  const GURL url("http://other.com/foo.png");
+  const GURL origin("https://example.com");
+  const GURL url("http://other.example.com/foo.png");

  // Adds an entry to allow the cross origin request beyond the CORS
  // rules.
@@ -1456,10 +1469,10 @@ TEST_F(CorsURLLoaderTest, OriginAccessList_Allowed) {
 // ResourceRequest::isolated_world_origin when consulting OriginAccessList.
 TEST_F(CorsURLLoaderTest, OriginAccessList_IsolatedWorldOrigin) {
  const url::Origin main_world_origin =
-      url::Origin::Create(GURL("http://main-world.com"));
+      url::Origin::Create(GURL("http://main-world.example.com"));
  const url::Origin isolated_world_origin =
-      url::Origin::Create(GURL("http://isolated-world.com"));
-  const GURL url("http://other.com/foo.png");
+      url::Origin::Create(GURL("http://isolated-world.example.com"));
+  const GURL url("http://other.example.com/foo.png");

  ResetFactory(main_world_origin, kRendererProcessId, false /* trusted */,
               false /* ignore_isolated_world_origin */,
@@ -1497,13 +1510,13 @@ TEST_F(CorsURLLoaderTest, OriginAccessList_IsolatedWorldOrigin) {
 // after redirects.
 TEST_F(CorsURLLoaderTest, OriginAccessList_IsolatedWorldOrigin_Redirect) {
  const url::Origin main_world_origin =
-      url::Origin::Create(GURL("http://main-world.com"));
+      url::Origin::Create(GURL("http://main-world.example.com"));
  const url::Origin isolated_world_origin =
-      url::Origin::Create(GURL("http://isolated-world.com"));
-  const GURL url("http://other.com/foo.png");
+      url::Origin::Create(GURL("http://isolated-world.example.com"));
+  const GURL url("http://other.example.com/foo.png");
  // |new_url| is same-origin as |url| to avoid tainting the response
  // in CorsURLLoader::OnReceiveRedirect.
-  const GURL new_url("http://other.com/bar.png");
+  const GURL new_url("http://other.example.com/bar.png");

  ResetFactory(main_world_origin, kRendererProcessId, false /* trusted */,
               false /* ignore_isolated_world_origin */,
@@ -1554,10 +1567,10 @@ TEST_F(CorsURLLoaderTest, OriginAccessList_IsolatedWorldOrigin_Redirect) {
 // when URLLoaderFactoryParams::ignore_isolated_world_origin is set to true.
 TEST_F(CorsURLLoaderTest, OriginAccessList_IsolatedWorldOriginIgnored) {
  const url::Origin main_world_origin =
-      url::Origin::Create(GURL("http://main-world.com"));
+      url::Origin::Create(GURL("http://main-world.example.com"));
  const url::Origin isolated_world_origin =
-      url::Origin::Create(GURL("http://isolated-world.com"));
-  const GURL url("http://other.com/foo.png");
+      url::Origin::Create(GURL("http://isolated-world.example.com"));
+  const GURL url("http://other.example.com/foo.png");

  ResetFactory(main_world_origin, kRendererProcessId, false /* trusted */,
               true /* ignore_isolated_world_origin */,
@@ -1590,8 +1603,8 @@ TEST_F(CorsURLLoaderTest, OriginAccessList_IsolatedWorldOriginIgnored) {

 // Check if higher-priority block list wins.
 TEST_F(CorsURLLoaderTest, OriginAccessList_Blocked) {
-  const GURL origin("http://example.com");
-  const GURL url("http://other.com/foo.png");
+  const GURL origin("https://example.com");
+  const GURL url("http://other.example.com/foo.png");

  AddAllowListEntryForOrigin(url::Origin::Create(origin), url.scheme(),
                             url.host(),
@@ -1618,8 +1631,8 @@ TEST_F(CorsURLLoaderTest, OriginAccessList_Blocked) {
 // per-URLLoaderFactory list. This test verifies if per-URLLoaderFactory list
 // works.
 TEST_F(CorsURLLoaderTest, OriginAccessList_AllowedByFactoryList) {
-  const GURL origin("http://example.com");
-  const GURL url("http://other.com/foo.png");
+  const GURL origin("https://example.com");
+  const GURL url("http://other.example.com/foo.png");

  AddFactoryBoundAllowListEntryForOrigin(
      url::Origin::Create(origin), url.scheme(), url.host(),
@@ -1644,8 +1657,8 @@ TEST_F(CorsURLLoaderTest, OriginAccessList_AllowedByFactoryList) {

 // Checks if CorsURLLoader can respect the per-NetworkContext block list.
 TEST_F(CorsURLLoaderTest, OriginAccessList_AllowedByFactoryListButBlocked) {
-  const GURL origin("http://example.com");
-  const GURL url("http://other.com/foo.png");
+  const GURL origin("https://example.com");
+  const GURL url("http://other.example.com/foo.png");

  AddFactoryBoundAllowListEntryForOrigin(
      url::Origin::Create(origin), url.scheme(), url.host(),
@@ -1670,8 +1683,8 @@ TEST_F(CorsURLLoaderTest, OriginAccessList_AllowedByFactoryListButBlocked) {

 // Tests if OriginAccessList is actually used to decide response tainting.
 TEST_F(CorsURLLoaderTest, OriginAccessList_NoCors) {
-  const GURL origin("http://example.com");
-  const GURL url("http://other.com/foo.png");
+  const GURL origin("https://example.com");
+  const GURL url("http://other.example.com/foo.png");

  // Adds an entry to allow the cross origin request without using
  // CORS.
@@ -1697,8 +1710,8 @@ TEST_F(CorsURLLoaderTest, OriginAccessList_NoCors) {
 }

 TEST_F(CorsURLLoaderTest, OriginAccessList_POST) {
-  const GURL origin("http://example.com");
-  const GURL url("http://other.com/foo.png");
+  const GURL origin("https://example.com");
+  const GURL url("http://other.example.com/foo.png");

  // Adds an entry to allow the cross origin request beyond the CORS
  // rules.
@@ -1965,9 +1978,10 @@ TEST_F(CorsURLLoaderTest, RequestWithHostHeaderFails) {
  request.mode = mojom::RequestMode::kCors;
  request.credentials_mode = mojom::CredentialsMode::kOmit;
  request.method = net::HttpRequestHeaders::kGetMethod;
-  request.url = GURL("https://foo.test/path");
-  request.request_initiator = url::Origin::Create(GURL("https://foo.test"));
-  request.headers.SetHeader(net::HttpRequestHeaders::kHost, "bar.test");
+  request.url = GURL("https://example.com/path");
+  request.request_initiator = url::Origin::Create(GURL("https://example.com"));
+  request.headers.SetHeader(net::HttpRequestHeaders::kHost,
+                            "other.example.com");
  CreateLoaderAndStart(request);

  RunUntilComplete();
@@ -1982,8 +1996,8 @@ TEST_F(CorsURLLoaderTest, RequestWithProxyAuthorizationHeaderFails) {
  request.mode = mojom::RequestMode::kCors;
  request.credentials_mode = mojom::CredentialsMode::kOmit;
  request.method = net::HttpRequestHeaders::kGetMethod;
-  request.url = GURL("https://foo.test/path");
-  request.request_initiator = url::Origin::Create(GURL("https://foo.test"));
+  request.url = GURL("https://example.com/path");
+  request.request_initiator = url::Origin::Create(GURL("https://example.com"));
  request.headers.SetHeader(net::HttpRequestHeaders::kProxyAuthorization,
                            "Basic Zm9vOmJhcg==");
  CreateLoaderAndStart(request);
@@ -2001,8 +2015,8 @@ TEST_F(CorsURLLoaderTest, NoConcerningRequestHeadersLoggedCorrectly) {
  ResourceRequest request;
  request.mode = mojom::RequestMode::kNoCors;
  request.credentials_mode = mojom::CredentialsMode::kInclude;
-  request.url = GURL("http://example.com/");
-  request.request_initiator = base::nullopt;
+  request.url = GURL("https://example.com/");
+  request.request_initiator = url::Origin::Create(GURL("https://example.com"));
  request.headers.SetHeader("Not", "Concerning");
  request.headers.SetHeader("Totally", "Fine");

@@ -2031,8 +2045,8 @@ TEST_F(CorsURLLoaderTest, ConcerningRequestHeadersLoggedCorrectly) {
  ResourceRequest request;
  request.mode = mojom::RequestMode::kNoCors;
  request.credentials_mode = mojom::CredentialsMode::kInclude;
-  request.url = GURL("http://example.com/");
-  request.request_initiator = base::nullopt;
+  request.url = GURL("https://example.com/");
+  request.request_initiator = url::Origin::Create(GURL("https://example.com"));
  request.headers.SetHeader(net::HttpRequestHeaders::kConnection, "Close");
  request.headers.SetHeader(net::HttpRequestHeaders::kCookie, "BadIdea=true");

@@ -2065,7 +2079,8 @@ TEST_F(CorsURLLoaderTest, ConcerningRequestHeadersLoggedCorrectly) {
 }

 TEST_F(CorsURLLoaderTest, SetHostHeaderOnRedirectFails) {
-  CreateLoaderAndStart(GURL("http://foo.test/"), GURL("http://foo.test/path"),
+  CreateLoaderAndStart(GURL("https://example.com/"),
+                       GURL("https://example.com/path"),
                       mojom::RequestMode::kCors);
  RunUntilCreateLoaderAndStartCalled();

@@ -2093,7 +2108,8 @@ TEST_F(CorsURLLoaderTest, SetHostHeaderOnRedirectFails) {
 }

 TEST_F(CorsURLLoaderTest, SetProxyAuthorizationHeaderOnRedirectFails) {
-  CreateLoaderAndStart(GURL("http://foo.test/"), GURL("http://foo.test/path"),
+  CreateLoaderAndStart(GURL("https://example.com/"),
+                       GURL("https://example.com/path"),
                       mojom::RequestMode::kCors);
  RunUntilCreateLoaderAndStartCalled();

@@ -2122,10 +2138,17 @@ TEST_F(CorsURLLoaderTest, SetProxyAuthorizationHeaderOnRedirectFails) {
 }

 TEST_F(CorsURLLoaderTest, SameOriginCredentialsModeWithoutInitiator) {
+  // This test needs to simulate a factory used from the browser process,
+  // because only the browser process may start requests with no
+  // |request_initiator|.  A renderer process would have run into NOTREACHED and
+  // mojo::ReportBadMessage via InitiatorLockCompatibility::kNoInitiator case in
+  // CorsURLLoaderFactory::IsValidRequest.
+  ResetFactory(base::nullopt /* initiator */, mojom::kBrowserProcessId);
+
  ResourceRequest request;
  request.mode = mojom::RequestMode::kNoCors;
  request.credentials_mode = mojom::CredentialsMode::kSameOrigin;
-  request.url = GURL("http://example.com/");
+  request.url = GURL("https://example.com/");
  request.request_initiator = base::nullopt;

  BadMessageTestHelper bad_message_helper;
@@ -2148,7 +2171,7 @@ TEST_F(CorsURLLoaderTest, SameOriginCredentialsModeOnNavigation) {
  ResourceRequest request;
  request.mode = mojom::RequestMode::kNavigate;
  request.credentials_mode = mojom::CredentialsMode::kSameOrigin;
-  request.url = GURL("http://example.com/");
+  request.url = GURL("https://example.com/");
  request.request_initiator = url::Origin::Create(request.url);

  BadMessageTestHelper bad_message_helper;
@@ -2172,7 +2195,7 @@ TEST_F(CorsURLLoaderTest, OmitCredentialsModeOnNavigation) {
  ResourceRequest request;
  request.mode = mojom::RequestMode::kNavigate;
  request.credentials_mode = mojom::CredentialsMode::kOmit;
-  request.url = GURL("http://example.com/");
+  request.url = GURL("https://example.com/");
  request.request_initiator = url::Origin::Create(request.url);

  BadMessageTestHelper bad_message_helper;
@@ -2193,11 +2216,13 @@ TEST_F(CorsURLLoaderTest, OmitCredentialsModeOnNavigation) {
 // Make sure than when a request is failed due to having |trusted_params| set
 // and being sent to an untrusted URLLoaderFactory, no CORS request is made.
 TEST_F(CorsURLLoaderTest, TrustedParamsWithUntrustedFactoryFailsBeforeCORS) {
+  url::Origin initiator = url::Origin::Create(GURL("https://example.com"));
+
  // Run the test with a trusted URLLoaderFactory as well, to make sure a CORS
  // request is in fact made when using a trusted factory.
  for (bool is_trusted : {false, true}) {
    bool ignore_isolated_world_origin = true;  // This is the default.
-    ResetFactory(base::nullopt, kRendererProcessId, is_trusted,
+    ResetFactory(initiator, kRendererProcessId, is_trusted,
                 ignore_isolated_world_origin,
                 false /* skip_cors_enabled_scheme_check */);

@@ -2207,8 +2232,8 @@ TEST_F(CorsURLLoaderTest, TrustedParamsWithUntrustedFactoryFailsBeforeCORS) {
    request.mode = mojom::RequestMode::kCors;
    request.credentials_mode = mojom::CredentialsMode::kOmit;
    request.method = net::HttpRequestHeaders::kGetMethod;
-    request.url = GURL("http://other.com/foo.png");
-    request.request_initiator = url::Origin::Create(GURL("http://example.com"));
+    request.url = GURL("http://other.example.com/foo.png");
+    request.request_initiator = initiator;
    request.trusted_params = ResourceRequest::TrustedParams();
    CreateLoaderAndStart(request);

@@ -2227,7 +2252,7 @@ TEST_F(CorsURLLoaderTest, TrustedParamsWithUntrustedFactoryFailsBeforeCORS) {
    } else {
      RunUntilCreateLoaderAndStartCalled();
      NotifyLoaderClientOnReceiveResponse(
-          {{"Access-Control-Allow-Origin", "http://example.com"}});
+          {{"Access-Control-Allow-Origin", "https://example.com"}});
      NotifyLoaderClientOnComplete(net::OK);

      RunUntilComplete();
@@ -2245,7 +2270,9 @@ TEST_F(CorsURLLoaderTest, TrustedParamsWithUntrustedFactoryFailsBeforeCORS) {
 // Test that when a request has LOAD_RESTRICTED_PREFETCH and a
 // NetworkIsolationKey, CorsURLLoaderFactory does not reject the request.
 TEST_F(CorsURLLoaderTest, RestrictedPrefetchSucceedsWithNIK) {
-  ResetFactory(base::nullopt, kRendererProcessId, true /* is_trusted */,
+  url::Origin initiator = url::Origin::Create(GURL("https://example.com"));
+
+  ResetFactory(initiator, kRendererProcessId, true /* is_trusted */,
               true /* ignore_isolated_world_origin */,
               false /* skip_cors_enabled_scheme_check */);

@@ -2255,8 +2282,8 @@ TEST_F(CorsURLLoaderTest, RestrictedPrefetchSucceedsWithNIK) {
  request.mode = mojom::RequestMode::kCors;
  request.credentials_mode = mojom::CredentialsMode::kOmit;
  request.method = net::HttpRequestHeaders::kGetMethod;
-  request.url = GURL("http://other.com/foo.png");
-  request.request_initiator = url::Origin::Create(GURL("http://example.com"));
+  request.url = GURL("http://other.example.com/foo.png");
+  request.request_initiator = initiator;
  request.load_flags |= net::LOAD_RESTRICTED_PREFETCH;
  request.trusted_params = ResourceRequest::TrustedParams();

@@ -2270,7 +2297,7 @@ TEST_F(CorsURLLoaderTest, RestrictedPrefetchSucceedsWithNIK) {
  RunUntilCreateLoaderAndStartCalled();

  NotifyLoaderClientOnReceiveResponse(
-      {{"Access-Control-Allow-Origin", "http://example.com"}});
+      {{"Access-Control-Allow-Origin", "https://example.com"}});
  NotifyLoaderClientOnComplete(net::OK);

  RunUntilComplete();
@@ -2287,7 +2314,8 @@ TEST_F(CorsURLLoaderTest, RestrictedPrefetchSucceedsWithNIK) {
 // because the LOAD_RESTRICTED_PREFETCH flag must only appear on requests that
 // make use of their TrustedParams' |isolation_info|.
 TEST_F(CorsURLLoaderTest, RestrictedPrefetchFailsWithoutNIK) {
-  ResetFactory(base::nullopt, kRendererProcessId, true /* is_trusted */,
+  url::Origin initiator = url::Origin::Create(GURL("https://example.com"));
+  ResetFactory(initiator, kRendererProcessId, true /* is_trusted */,
               true /* ignore_isolated_world_origin */,
               false /* skip_cors_enabled_scheme_check */);

@@ -2297,8 +2325,8 @@ TEST_F(CorsURLLoaderTest, RestrictedPrefetchFailsWithoutNIK) {
  request.mode = mojom::RequestMode::kCors;
  request.credentials_mode = mojom::CredentialsMode::kOmit;
  request.method = net::HttpRequestHeaders::kGetMethod;
-  request.url = GURL("http://other.com/foo.png");
-  request.request_initiator = url::Origin::Create(GURL("http://example.com"));
+  request.url = GURL("http://other.example.com/foo.png");
+  request.request_initiator = initiator;
  request.load_flags |= net::LOAD_RESTRICTED_PREFETCH;
  request.trusted_params = ResourceRequest::TrustedParams();


--- a/services/network/network_service_unittest.cc
+++ b/services/network/network_service_unittest.cc
@@ -935,6 +935,8 @@ class NetworkServiceTestWithService : public testing::Test {
    mojom::URLLoaderFactoryParamsPtr params =
        mojom::URLLoaderFactoryParams::New();
    params->process_id = process_id;
+    params->request_initiator_site_lock =
+        url::Origin::Create(GURL("https://initiator.example.com"));
    params->is_corb_enabled = false;
    network_context_->CreateURLLoaderFactory(
        loader_factory.BindNewPipeAndPassReceiver(), std::move(params));