Origin Policy: Implement 'redirect' behaviour.

Because: https://wicg.github.io/origin-policy/#monkey-patching-fetch, 3.4.2 #8 This addresses deferred feedback from https://crrev.com/c/1148395 Bug: 751996 Change-Id: Iac7756bf7c6b126711f002fd94b82bfd5fcae522 Reviewed-on: https://chromium-review.googlesource.com/1221146 Commit-Queue: Daniel Vogelheim <vogelheim@chromium.org> Reviewed-by: Alex Moshchuk <alexmos@chromium.org> Cr-Commit-Position: refs/heads/master@{#593626}

Origin Policy: Implement 'redirect' behaviour.
Because: https://wicg.github.io/origin-policy/#monkey-patching-fetch, 3.4.2 #8 This addresses deferred feedback from https://crrev.com/c/1148395 Bug: 751996 Change-Id: Iac7756bf7c6b126711f002fd94b82bfd5fcae522 Reviewed-on: https://chromium-review.googlesource.com/1221146 Commit-Queue: Daniel Vogelheim <vogelheim@chromium.org> Reviewed-by: Alex Moshchuk <alexmos@chromium.org> Cr-Commit-Position: refs/heads/master@{#593626}
54b092e5 · Daniel Vogelheim · Commit Bot · 158ba455 · 54b092e5 · 54b092e5
Commit 54b092e5 authored Sep 24, 2018 by Daniel Vogelheim Committed by Commit Bot Sep 24, 2018
15 changed files
--- a/chrome/test/data/origin_policy_browsertest/.well-known/origin-policy/policy-with-301redirect
+++ b/chrome/test/data/origin_policy_browsertest/.well-known/origin-policy/policy-with-301redirect
--- a/chrome/test/data/origin_policy_browsertest/.well-known/origin-policy/policy-with-301redirect.mock-http-headers
+++ b/chrome/test/data/origin_policy_browsertest/.well-known/origin-policy/policy-with-301redirect.mock-http-headers
+HTTP/1.0 301 Moved Permanently
+Location: /.well-known/origin-policy/example-policy
--- a/chrome/test/data/origin_policy_browsertest/.well-known/origin-policy/policy-with-302redirect
+++ b/chrome/test/data/origin_policy_browsertest/.well-known/origin-policy/policy-with-302redirect
--- a/chrome/test/data/origin_policy_browsertest/.well-known/origin-policy/policy-with-302redirect.mock-http-headers
+++ b/chrome/test/data/origin_policy_browsertest/.well-known/origin-policy/policy-with-302redirect.mock-http-headers
+HTTP/1.0 302 Found
+Location: /.well-known/origin-policy/example-policy
--- a/chrome/test/data/origin_policy_browsertest/.well-known/origin-policy/policy-with-307redirect
+++ b/chrome/test/data/origin_policy_browsertest/.well-known/origin-policy/policy-with-307redirect
--- a/chrome/test/data/origin_policy_browsertest/.well-known/origin-policy/policy-with-307redirect.mock-http-headers
+++ b/chrome/test/data/origin_policy_browsertest/.well-known/origin-policy/policy-with-307redirect.mock-http-headers
+HTTP/1.0 307 Temporary Redirect
+Location: /.well-known/origin-policy/example-policy
--- a/chrome/test/data/origin_policy_browsertest/page-policy-301redirect.html
+++ b/chrome/test/data/origin_policy_browsertest/page-policy-301redirect.html
+<html>
+<head>
+  <title>Page With Policy 301 Redirect</title>
+</head>
+<body>
+  <p>Page With Policy 301 Redirect</p>
+</body>
+</html>
--- a/chrome/test/data/origin_policy_browsertest/page-policy-301redirect.html.mock-http-headers
+++ b/chrome/test/data/origin_policy_browsertest/page-policy-301redirect.html.mock-http-headers
+HTTP/1.0 200 OK
+Content-Type: text/html
+Sec-Origin-Policy: policy-with-301redirect
--- a/chrome/test/data/origin_policy_browsertest/page-policy-302redirect.html
+++ b/chrome/test/data/origin_policy_browsertest/page-policy-302redirect.html
+<html>
+<head>
+  <title>Page With Policy 302 Redirect</title>
+</head>
+<body>
+  <p>Page With Policy 302 Redirect</p>
+</body>
+</html>
--- a/chrome/test/data/origin_policy_browsertest/page-policy-302redirect.html.mock-http-headers
+++ b/chrome/test/data/origin_policy_browsertest/page-policy-302redirect.html.mock-http-headers
+HTTP/1.0 200 OK
+Content-Type: text/html
+Sec-Origin-Policy: policy-with-302redirect
--- a/chrome/test/data/origin_policy_browsertest/page-policy-307redirect.html
+++ b/chrome/test/data/origin_policy_browsertest/page-policy-307redirect.html
+<html>
+<head>
+  <title>Page With Policy 307 Redirect</title>
+</head>
+<body>
+  <p>Page With Policy 307 Redirect</p>
+</body>
+</html>
--- a/chrome/test/data/origin_policy_browsertest/page-policy-307redirect.html.mock-http-headers
+++ b/chrome/test/data/origin_policy_browsertest/page-policy-307redirect.html.mock-http-headers
+HTTP/1.0 200 OK
+Content-Type: text/html
+Sec-Origin-Policy: policy-with-307redirect
--- a/chrome/test/origin_policy/origin_policy_browsertest.cc
+++ b/chrome/test/origin_policy/origin_policy_browsertest.cc
@@ -76,4 +76,19 @@ IN_PROC_BROWSER_TEST_F(OriginPolicyBrowserTest, ErrorCantDownloadPolicy) {
            NavigateToAndReturnTitle("/page-policy-missing.html"));
 }
+IN_PROC_BROWSER_TEST_F(OriginPolicyBrowserTest, ErrorPolicy301Redirect) {
+  EXPECT_EQ(base::ASCIIToUTF16(kErrorInterstitialTitle),
+            NavigateToAndReturnTitle("/page-policy-301redirect.html"));
+}
+IN_PROC_BROWSER_TEST_F(OriginPolicyBrowserTest, ErrorPolicy302Redirect) {
+  EXPECT_EQ(base::ASCIIToUTF16(kErrorInterstitialTitle),
+            NavigateToAndReturnTitle("/page-policy-302redirect.html"));
+}
+IN_PROC_BROWSER_TEST_F(OriginPolicyBrowserTest, ErrorPolicy307Redirect) {
+  EXPECT_EQ(base::ASCIIToUTF16(kErrorInterstitialTitle),
+            NavigateToAndReturnTitle("/page-policy-307redirect.html"));
+}
 }  // namespace content
--- a/content/browser/frame_host/origin_policy_throttle.cc
+++ b/content/browser/frame_host/origin_policy_throttle.cc
@@ -37,8 +37,7 @@ namespace content {
 bool OriginPolicyThrottle::ShouldRequestOriginPolicy(
    const GURL& url,
    std::string* request_version) {
-  DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
+  DCHECK_CURRENTLY_ON(BrowserThread::UI);
  bool origin_policy_enabled =
      base::FeatureList::IsEnabled(features::kOriginPolicy) ||
      base::CommandLine::ForCurrentProcess()->HasSwitch(
@@ -61,7 +60,7 @@ bool OriginPolicyThrottle::ShouldRequestOriginPolicy(
 // static
 std::unique_ptr<NavigationThrottle>
 OriginPolicyThrottle::MaybeCreateThrottleFor(NavigationHandle* handle) {
-  DCHECK_CURRENTLY_ON(content::BrowserThread::UI);
+  DCHECK_CURRENTLY_ON(BrowserThread::UI);
  DCHECK(handle);
  // We use presence of the origin policy request header to determine
@@ -146,7 +145,9 @@ OriginPolicyThrottle::WillProcessResponse() {
  FetchCallback done =
      base::BindOnce(&OriginPolicyThrottle::OnTheGloriousPolicyHasArrived,
                     base::Unretained(this));
-  FetchPolicy(policy, std::move(done));
+  RedirectCallback redirect = base::BindRepeating(
+      &OriginPolicyThrottle::OnRedirect, base::Unretained(this));
+  FetchPolicy(policy, std::move(done), std::move(redirect));
  return NavigationThrottle::DEFER;
 }
@@ -173,7 +174,9 @@ const url::Origin OriginPolicyThrottle::GetRequestOrigin() {
  return url::Origin::Create(navigation_handle()->GetURL());
 }
-void OriginPolicyThrottle::FetchPolicy(const GURL& url, FetchCallback done) {
+void OriginPolicyThrottle::FetchPolicy(const GURL& url,
+                                       FetchCallback done,
+                                       RedirectCallback redirect) {
  // Create the traffic annotation
  net::NetworkTrafficAnnotationTag traffic_annotation =
      net::DefineNetworkTrafficAnnotation("origin_policy_loader", R"(
@@ -197,26 +200,22 @@ void OriginPolicyThrottle::FetchPolicy(const GURL& url, FetchCallback done) {
          policy_exception_justification:
            "Not implemented, considered not useful."})");
-  // Create the SimpleURLLoader for the policy.
+  // Create and configure the SimpleURLLoader for the policy.
  std::unique_ptr<network::ResourceRequest> policy_request =
      std::make_unique<network::ResourceRequest>();
  policy_request->url = url;
  policy_request->request_initiator = url::Origin::Create(url);
-  policy_request->fetch_credentials_mode =
-      network::mojom::FetchCredentialsMode::kOmit;
-  policy_request->fetch_redirect_mode =
-      network::mojom::FetchRedirectMode::kError;
  policy_request->load_flags = net::LOAD_DO_NOT_SEND_COOKIES |
                               net::LOAD_DO_NOT_SAVE_COOKIES |
                               net::LOAD_DO_NOT_SEND_AUTH_DATA;
  url_loader_ = network::SimpleURLLoader::Create(std::move(policy_request),
                                                 traffic_annotation);
+  url_loader_->SetOnRedirectCallback(std::move(redirect));
  // Obtain the URLLoaderFactory from the NavigationHandle.
  SiteInstance* site_instance = navigation_handle()->GetStartingSiteInstance();
-  content::StoragePartition* storage_partition =
+  StoragePartition* storage_partition = BrowserContext::GetStoragePartition(
-      BrowserContext::GetStoragePartition(site_instance->GetBrowserContext(),
+      site_instance->GetBrowserContext(), site_instance);
-                                          site_instance);
  scoped_refptr<network::SharedURLLoaderFactory> url_loader_factory =
      storage_partition->GetURLLoaderFactoryForBrowserProcess();
@@ -249,6 +248,15 @@ void OriginPolicyThrottle::OnTheGloriousPolicyHasArrived(
  Resume();
 }
+void OriginPolicyThrottle::OnRedirect(
+    const net::RedirectInfo& redirect_info,
+    const network::ResourceResponseHead& response_head,
+    std::vector<std::string>* to_be_removed_headers) {
+  // Fail hard if the policy response follows a redirect.
+  url_loader_.reset();  // Cancel the request while it's ongoing.
+  CancelNavigation(OriginPolicyErrorReason::kPolicyShouldNotRedirect);
+}
 void OriginPolicyThrottle::CancelNavigation(OriginPolicyErrorReason reason) {
  base::Optional<std::string> error_page =
      GetContentClient()->browser()->GetOriginPolicyErrorPage(

--- a/content/browser/frame_host/origin_policy_throttle.h
+++ b/content/browser/frame_host/origin_policy_throttle.h
@@ -19,7 +19,11 @@ class GURL;
 namespace url {
 class Origin;
 }
+namespace net {
+struct RedirectInfo;
+}  // namespace net
 namespace network {
+struct ResourceResponseHead;
 class SimpleURLLoader;
 }  // namespace network
@@ -64,15 +68,24 @@ class CONTENT_EXPORT OriginPolicyThrottle : public NavigationThrottle {
 private:
  using FetchCallback = base::OnceCallback<void(std::unique_ptr<std::string>)>;
+  using RedirectCallback =
+      base::RepeatingCallback<void(const net::RedirectInfo&,
+                                   const network::ResourceResponseHead&,
+                                   std::vector<std::string>*)>;
  explicit OriginPolicyThrottle(NavigationHandle* handle);
  static KnownVersionMap& GetKnownVersions();
  const url::Origin GetRequestOrigin();
-  void FetchPolicy(const GURL& url, FetchCallback done);
+  void FetchPolicy(const GURL& url,
+                   FetchCallback done,
+                   RedirectCallback redirect);
  void OnTheGloriousPolicyHasArrived(
      std::unique_ptr<std::string> policy_content);
+  void OnRedirect(const net::RedirectInfo& redirect_info,
+                  const network::ResourceResponseHead& response_head,
+                  std::vector<std::string>* to_be_removed_headers);
  void CancelNavigation(OriginPolicyErrorReason reason);
  // We may need the SimpleURLLoader to download the policy. The loader must