Do not allow to load non-keepalive requests when detached

It was not allowed before, but I loosened the restriction in order to support "keepalive" requests. Let's recover the restriction for other requests. Bug: 735963, 735456 Change-Id: I7fd31838afd7426ea211bf98fd9266f950f149cd Reviewed-on: https://chromium-review.googlesource.com/544746 Commit-Queue: Yutaka Hirano <yhirano@chromium.org> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Cr-Commit-Position: refs/heads/master@{#481850}

Do not allow to load non-keepalive requests when detached
It was not allowed before, but I loosened the restriction in order to support "keepalive" requests. Let's recover the restriction for other requests. Bug: 735963, 735456 Change-Id: I7fd31838afd7426ea211bf98fd9266f950f149cd Reviewed-on: https://chromium-review.googlesource.com/544746 Commit-Queue: Yutaka Hirano <yhirano@chromium.org> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Cr-Commit-Position: refs/heads/master@{#481850}
507dde45 · Yutaka Hirano · Commit Bot · 94931d94 · 507dde45 · 507dde45
Commit 507dde45 authored Jun 23, 2017 by Yutaka Hirano Committed by Commit Bot Jun 23, 2017
4 changed files
--- a/third_party/WebKit/Source/core/loader/BaseFetchContext.cpp
+++ b/third_party/WebKit/Source/core/loader/BaseFetchContext.cpp
@@ -161,6 +161,9 @@ ResourceRequestBlockedReason BaseFetchContext::CanRequestInternal(
    SecurityViolationReportingPolicy reporting_policy,
    FetchParameters::OriginRestriction origin_restriction,
    ResourceRequest::RedirectStatus redirect_status) const {
+  if (IsDetached() && !resource_request.GetKeepalive())
+    return ResourceRequestBlockedReason::kOther;
  if (ShouldBlockRequestByInspector(resource_request))
    return ResourceRequestBlockedReason::kInspector;

--- a/third_party/WebKit/Source/core/loader/BaseFetchContextTest.cpp
+++ b/third_party/WebKit/Source/core/loader/BaseFetchContextTest.cpp
@@ -77,6 +77,9 @@ class MockBaseFetchContext final : public BaseFetchContext {
  }
  const KURL& Url() const override { return execution_context_->Url(); }
+  SecurityOrigin* GetSecurityOrigin() const override {
+    return execution_context_->GetSecurityOrigin();
+  }
  const SecurityOrigin* GetParentSecurityOrigin() const override {
    return nullptr;
  }
@@ -94,8 +97,12 @@ class MockBaseFetchContext final : public BaseFetchContext {
    BaseFetchContext::Trace(visitor);
  }
+  bool IsDetached() const override { return is_detached_; }
+  void SetIsDetached(bool is_detached) { is_detached_ = is_detached; }
 private:
  Member<ExecutionContext> execution_context_;
+  bool is_detached_ = false;
 };
 class BaseFetchContextTest : public ::testing::Test {
@@ -108,7 +115,7 @@ class BaseFetchContextTest : public ::testing::Test {
  }
  Persistent<ExecutionContext> execution_context_;
-  Persistent<BaseFetchContext> fetch_context_;
+  Persistent<MockBaseFetchContext> fetch_context_;
 };
 TEST_F(BaseFetchContextTest, SetIsExternalRequestForPublicContext) {
@@ -299,4 +306,37 @@ TEST_F(BaseFetchContextTest, AllowResponseChecksReportedAndEnforcedCSP) {
  EXPECT_EQ(2u, policy->violation_reports_sent_.size());
 }
+TEST_F(BaseFetchContextTest, CanRequestWhenDetached) {
+  KURL url(KURL(), "http://www.example.com/");
+  ResourceRequest request(url);
+  ResourceRequest keepalive_request(url);
+  keepalive_request.SetKeepalive(true);
+  EXPECT_EQ(ResourceRequestBlockedReason::kNone,
+            fetch_context_->CanRequest(
+                Resource::kRaw, request, url, ResourceLoaderOptions(),
+                SecurityViolationReportingPolicy::kSuppressReporting,
+                FetchParameters::kNoOriginRestriction));
+  EXPECT_EQ(ResourceRequestBlockedReason::kNone,
+            fetch_context_->CanRequest(
+                Resource::kRaw, keepalive_request, url, ResourceLoaderOptions(),
+                SecurityViolationReportingPolicy::kSuppressReporting,
+                FetchParameters::kNoOriginRestriction));
+  fetch_context_->SetIsDetached(true);
+  EXPECT_EQ(ResourceRequestBlockedReason::kOther,
+            fetch_context_->CanRequest(
+                Resource::kRaw, request, url, ResourceLoaderOptions(),
+                SecurityViolationReportingPolicy::kSuppressReporting,
+                FetchParameters::kNoOriginRestriction));
+  EXPECT_EQ(ResourceRequestBlockedReason::kNone,
+            fetch_context_->CanRequest(
+                Resource::kRaw, keepalive_request, url, ResourceLoaderOptions(),
+                SecurityViolationReportingPolicy::kSuppressReporting,
+                FetchParameters::kNoOriginRestriction));
+}
 }  // namespace blink
--- a/third_party/WebKit/Source/core/loader/FrameFetchContext.h
+++ b/third_party/WebKit/Source/core/loader/FrameFetchContext.h
@@ -156,6 +156,8 @@ class CORE_EXPORT FrameFetchContext final : public BaseFetchContext {
  std::unique_ptr<WebURLLoader> CreateURLLoader(
      const ResourceRequest&) override;
+  bool IsDetached() const override { return frozen_state_; }
  FetchContext* Detach() override;
  DECLARE_VIRTUAL_TRACE();
@@ -210,8 +212,6 @@ class CORE_EXPORT FrameFetchContext final : public BaseFetchContext {
  ClientHintsPreferences GetClientHintsPreferences() const;
  float GetDevicePixelRatio() const;
-  bool IsDetached() const { return frozen_state_; }
  Member<DocumentLoader> document_loader_;
  Member<Document> document_;

--- a/third_party/WebKit/Source/platform/loader/fetch/FetchContext.h
+++ b/third_party/WebKit/Source/platform/loader/fetch/FetchContext.h
@@ -213,6 +213,8 @@ class PLATFORM_EXPORT FetchContext
    return nullptr;
  }
+  virtual bool IsDetached() const { return false; }
  // Called when the underlying context is detached. Note that some
  // FetchContexts continue working after detached (e.g., for fetch() operations
  // with "keepalive" specified).