[client hints] Remove explicit lifetimes behind FeaturePolicyForClientHints flag

Adding changes to client hint lifetimes <https://github.com/httpwg/http-extensions/commit/7d24ea40f02ba791c13e5fd70d6932079abf14cf> under the client hint feature policy flag. Bug: 1017166 Change-Id: Ia4d63777c4a4fcb150d4e854312851105fa0a11b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1919953Reviewed-by: Yoav Weiss <yoavweiss@chromium.org> Commit-Queue: Aaron Tagliaboschi <aarontag@chromium.org> Cr-Commit-Position: refs/heads/master@{#719162}

[client hints] Remove explicit lifetimes behind FeaturePolicyForClientHints flag
Adding changes to client hint lifetimes <https://github.com/httpwg/http-extensions/commit/7d24ea40f02ba791c13e5fd70d6932079abf14cf> under the client hint feature policy flag. Bug: 1017166 Change-Id: Ia4d63777c4a4fcb150d4e854312851105fa0a11b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1919953Reviewed-by: Yoav Weiss <yoavweiss@chromium.org> Commit-Queue: Aaron Tagliaboschi <aarontag@chromium.org> Cr-Commit-Position: refs/heads/master@{#719162}
57639811 · Aaron Tagliaboschi · Commit Bot · 2812e863 · 57639811 · 57639811
Commit 57639811 authored Nov 26, 2019 by Aaron Tagliaboschi Committed by Commit Bot Nov 26, 2019
4 changed files
--- a/third_party/blink/renderer/core/loader/document_loader.cc
+++ b/third_party/blink/renderer/core/loader/document_loader.cc
@@ -1765,9 +1765,8 @@ void DocumentLoader::ParseAndPersistClientHints(
    const ResourceResponse& response) {
  const KURL& url = response.CurrentRequestUrl();

-  // The accept-ch-lifetime header is honored only on the navigation responses
-  // from a top level frame or with an origin matching the origin of the top
-  // level frame.
+  // The accept-ch header is honored only on the navigation responses from a top
+  // level frame or with an origin matching the origin of the to level frame.
  if (!frame_->IsMainFrame()) {
    bool is_first_party_origin =
        frame_->Tree()
@@ -1779,15 +1778,31 @@ void DocumentLoader::ParseAndPersistClientHints(
      return;
  }

+  if (!response.HttpHeaderFields().Contains(http_names::kAcceptCH))
+    return;
+
  FrameClientHintsPreferencesContext hints_context(GetFrame());
+  // TODO(crbug.com/1017166): Kill ACHL header completely once feature ships.
  client_hints_preferences_.UpdateFromAcceptClientHintsLifetimeHeader(
      response.HttpHeaderField(http_names::kAcceptCHLifetime), url,
      &hints_context);
  client_hints_preferences_.UpdateFromAcceptClientHintsHeader(
      response.HttpHeaderField(http_names::kAcceptCH), url, &hints_context);

+  base::TimeDelta persist_duration;
+
+  // If the FeaturePolicyForClientHints feature is enabled, the lifetime
+  // should not expire. Setting the duration to "max" should essentially
+  // do the same thing.
+
+  if (RuntimeEnabledFeatures::FeaturePolicyForClientHintsEnabled()) {
+    persist_duration = base::TimeDelta::Max();
+  } else {
+    persist_duration = client_hints_preferences_.GetPersistDuration();
+  }
+
  // Notify content settings client of persistent client hints.
-  if (client_hints_preferences_.GetPersistDuration().InSeconds() <= 0)
+  if (persist_duration.InSeconds() <= 0)
    return;

  auto* settings_client = frame_->GetContentSettingsClient();
@@ -1799,8 +1814,8 @@ void DocumentLoader::ParseAndPersistClientHints(
  if (!settings_client->AllowScriptFromSource(allow_script, url))
    return;
  settings_client->PersistClientHints(
-      client_hints_preferences_.GetWebEnabledClientHints(),
-      client_hints_preferences_.GetPersistDuration(), url);
+      client_hints_preferences_.GetWebEnabledClientHints(), persist_duration,
+      url);
 }

 void DocumentLoader::InitializePrefetchedSignedExchangeManager() {

--- a/third_party/blink/renderer/core/loader/http_equiv.cc
+++ b/third_party/blink/renderer/core/loader/http_equiv.cc
@@ -57,8 +57,14 @@ bool AllowScriptFromSourceWithoutNotifying(

 // Notifies content settings client of persistent client hint headers.
 void NotifyPersistentClientHintsToContentSettingsClient(Document& document) {
-  base::TimeDelta persist_duration =
-      document.GetFrame()->GetClientHintsPreferences().GetPersistDuration();
+  base::TimeDelta persist_duration;
+  if (RuntimeEnabledFeatures::FeaturePolicyForClientHintsEnabled()) {
+    persist_duration = base::TimeDelta::Max();
+  } else {
+    persist_duration =
+        document.GetFrame()->GetClientHintsPreferences().GetPersistDuration();
+  }
+
  if (persist_duration.InSeconds() <= 0)
    return;

@@ -167,6 +173,9 @@ void HttpEquiv::ProcessHttpEquivAcceptCHLifetime(Document& document,
  if (!frame)
    return;

+  if (RuntimeEnabledFeatures::FeaturePolicyForClientHintsEnabled())
+    return;
+
  UseCounter::Count(document, WebFeature::kClientHintsMetaAcceptCHLifetime);
  FrameClientHintsPreferencesContext hints_context(frame);
  frame->GetClientHintsPreferences().UpdateFromAcceptClientHintsLifetimeHeader(

--- a/third_party/blink/web_tests/external/wpt/client-hints/accept_ch.tentative.https.html
+++ b/third_party/blink/web_tests/external/wpt/client-hints/accept_ch.tentative.https.html
@@ -12,16 +12,14 @@ in this web page, and two in the other web pages.
 <script>

 // This test fetches resources/accept_ch.html. The response headers to
-// that webpage contains only the Accept-CH header. Due to the missing
-// Accept-CH-Lifetime header, the user-agent should not persist origin
-// preferences for the client hints specified in Accept-CH header.
+// that webpage contains only the Accept-CH header. These preferences should be
+// stored so that the next request to the same origin is sent with the
+// requested client hint headers.

-// Next, to verify that the origin preferences were not persisted by the user
-// agent, this test fetches resources/do_not_expect_client_hints_headers.html
-// in a new window. Fetching of
-// resources/do_not_expect_client_hints_headers.html
-// verifies that the user agent does not send the client hints in the request
-// headers.
+// Next, to verify that the origin preferences were persisted by the user
+// agent, this test fetches resources/expect_client_hints_headers.html in a new
+// window. Fetching of resources/expect_client_hints_headers.html verifies that
+// the user agent does send the client hints in the request headers.

 // Test is marked as tentative until https://github.com/whatwg/fetch/issues/726
 // is resolved.
@@ -39,7 +37,7 @@ promise_test(t => {

 async_test(t => {
  window.addEventListener('message', t.step_func(function(e) {
-    if(!e.source.location.pathname.includes("do_not_expect_client_hints_headers.html")) {
+    if(!e.source.location.pathname.includes("expect_client_hints_headers.html")) {
      return;
    }
    if(typeof e.data != "string")
@@ -47,12 +45,12 @@ async_test(t => {
    assert_equals(e.data, "PASS");
    t.done();
  }));
-}, "Loading of resources/do_not_expect_client_hints_headers.html did not finish.");
+}, "Loading of resources/expect_client_hints_headers.html did not finish.");

 function acceptChLoaded() {
  // Open a new window. Verify that the user agent does not attach the client
  // hints.
-  var verify_win = window.open("resources/do_not_expect_client_hints_headers.html");
+  var verify_win = window.open("resources/expect_client_hints_headers.html");
  assert_not_equals(verify_win, null, "Popup windows not allowed?");
 }


--- a/third_party/blink/web_tests/external/wpt/client-hints/http_equiv_accept_ch.tentative.https.html
+++ b/third_party/blink/web_tests/external/wpt/client-hints/http_equiv_accept_ch.tentative.https.html
@@ -12,16 +12,15 @@

 <script>

-// This test contains accept-ch http-equiv header. Due to the missing
-// Accept-CH-Lifetime header, the user-agent should not persist origin
-// preferences for the client hints specified in Accept-CH header.
+// This test contains accept-ch http-equiv header. The user-agent should
+// persist origin preferences for the client hints specified in Accept-CH
+// header.

-// Next, to verify that the origin preferences were not persisted by the user
+// Next, to verify that the origin preferences were persisted by the user
 // agent, this test fetches resources/do_not_expect_client_hints_headers.html
 // in a new window. Fetching of
-// resources/do_not_expect_client_hints_headers.html
-// verifies that the user agent does not send the client hints in the request
-// headers.
+// resources/do_not_expect_client_hints_headers.html verifies that the user
+// agent does not send the client hints in the request headers.

 // Test is marked as tentative until https://github.com/whatwg/fetch/issues/726
 // is resolved.
@@ -37,12 +36,12 @@ promise_test(t => {
 // Verify that the browser does not attach client hints on resources in a
 // different navigation. This verifies that the client hint preferences were
 // not persisted for the origin.
-window.open("resources/do_not_expect_client_hints_headers.html");
+window.open("resources/expect_client_hints_headers.html");
 async_test(t => {
  window.addEventListener('message', t.step_func_done(e => {
    assert_equals(e.data, 'PASS');
  }));
-}, "Loading of resources/do_not_expect_client_hints_headers.html did not finish.");
+}, "Loading of resources/expect_client_hints_headers.html did not finish.");

 </script>
 </body>