[fuchsia] Implement "unsafely_treat_insecure_origins_as_secure" handling

Bug: 1023510 Change-Id: Iaa28b3b7eb61add4708a94fdca86e1def919c35b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2545878Reviewed-by: Wez <wez@chromium.org> Reviewed-by: David Dorwin <ddorwin@chromium.org> Commit-Queue: Fabrice de Gans-Riberi <fdegans@chromium.org> Cr-Commit-Position: refs/heads/master@{#831918}

[fuchsia] Implement "unsafely_treat_insecure_origins_as_secure" handling
Bug: 1023510 Change-Id: Iaa28b3b7eb61add4708a94fdca86e1def919c35b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2545878Reviewed-by: Wez <wez@chromium.org> Reviewed-by: David Dorwin <ddorwin@chromium.org> Commit-Queue: Fabrice de Gans-Riberi <fdegans@chromium.org> Cr-Commit-Position: refs/heads/master@{#831918}
5c9a336a · Fabrice de Gans-Riberi · Chromium LUCI CQ · 2219d4a5 · 5c9a336a · 5c9a336a
Commit 5c9a336a authored Nov 30, 2020 by Fabrice de Gans-Riberi Committed by Chromium LUCI CQ Nov 30, 2020
3 changed files
--- a/fuchsia/engine/browser/web_engine_content_browser_client.cc
+++ b/fuchsia/engine/browser/web_engine_content_browser_client.cc
@@ -30,6 +30,7 @@
 #include "fuchsia/engine/switches.h"
 #include "media/base/media_switches.h"
 #include "services/metrics/public/cpp/ukm_source_id.h"
+#include "services/network/public/cpp/network_switches.h"
 #include "services/network/public/mojom/network_service.mojom.h"
 #include "third_party/blink/public/mojom/webpreferences/web_preferences.mojom.h"

@@ -186,6 +187,7 @@ void WebEngineContentBrowserClient::AppendExtraCommandLineSwitches(
      switches::kForceProtectedVideoOutputBuffers,
      switches::kMaxDecodedImageSizeMb,
      switches::kPlayreadyKeySystem,
+      network::switches::kUnsafelyTreatInsecureOriginAsSecure,
      switches::kUseOverlaysForVideo,
  };


--- a/fuchsia/engine/context_provider_impl.cc
+++ b/fuchsia/engine/context_provider_impl.cc
@@ -56,6 +56,7 @@
 #include "net/http/http_util.h"
 #include "sandbox/policy/fuchsia/sandbox_policy_fuchsia.h"
 #include "services/network/public/cpp/features.h"
+#include "services/network/public/cpp/network_switches.h"
 #include "third_party/blink/public/common/switches.h"
 #include "third_party/widevine/cdm/widevine_cdm_common.h"
 #include "ui/gfx/switches.h"
@@ -565,15 +566,17 @@ void ContextProviderImpl::Create(
    const std::vector<std::string>& insecure_origins =
        params.unsafely_treat_insecure_origins_as_secure();
    for (auto origin : insecure_origins) {
-      if (origin == switches::kAllowRunningInsecureContent)
+      if (origin == switches::kAllowRunningInsecureContent) {
        launch_command.AppendSwitch(switches::kAllowRunningInsecureContent);
-      if (origin == kDisableMixedContentAutoupgradeOrigin) {
+      } else if (origin == kDisableMixedContentAutoupgradeOrigin) {
        AppendFeature(switches::kDisableFeatures,
                      kMixedContentAutoupgradeFeatureName, &launch_command);
+      } else {
+        // Pass the rest of the list to the Context process.
+        AppendFeature(network::switches::kUnsafelyTreatInsecureOriginAsSecure,
+                      origin, &launch_command);
      }
    }
-    // TODO(crbug.com/1023510): Pass the rest of the list to the Context
-    // process.
  }

  if (params.has_cors_exempt_headers()) {

--- a/fuchsia/engine/context_provider_impl_unittest.cc
+++ b/fuchsia/engine/context_provider_impl_unittest.cc
@@ -36,6 +36,8 @@
 #include "fuchsia/engine/context_provider_impl.h"
 #include "fuchsia/engine/fake_context.h"
 #include "fuchsia/engine/switches.h"
+#include "services/network/public/cpp/network_switches.h"
+#include "testing/gmock/include/gmock/gmock.h"
 #include "testing/gtest/include/gtest/gtest.h"
 #include "testing/multiprocess_func_list.h"

@@ -517,3 +519,43 @@ TEST(ContextProviderImplConfigTest, WithConfigWithWronglyTypedCommandLineArgs) {

  loop.Run();
 }
+
+// Tests that unsafely_treat_insecure_origins_as_secure properly adds the right
+// command-line arguments to the Context process.
+TEST(ContextProviderImplParamsTest, WithInsecureOriginsAsSecure) {
+  const base::test::SingleThreadTaskEnvironment task_environment_{
+      base::test::SingleThreadTaskEnvironment::MainThreadType::IO};
+
+  base::RunLoop loop;
+  ContextProviderImpl context_provider;
+  context_provider.SetLaunchCallbackForTest(
+      base::BindLambdaForTesting([&](const base::CommandLine& command,
+                                     const base::LaunchOptions& options) {
+        EXPECT_TRUE(command.HasSwitch(switches::kAllowRunningInsecureContent));
+        EXPECT_THAT(command.GetSwitchValueASCII(switches::kDisableFeatures),
+                    testing::HasSubstr("AutoupgradeMixedContent"));
+        EXPECT_EQ(command.GetSwitchValueASCII(
+                      network::switches::kUnsafelyTreatInsecureOriginAsSecure),
+                  "http://example.com");
+        loop.Quit();
+        return base::Process();
+      }));
+
+  fuchsia::web::ContextPtr context;
+  context.set_error_handler([&loop](zx_status_t status) {
+    ZX_LOG(ERROR, status);
+    ADD_FAILURE();
+    loop.Quit();
+  });
+
+  fuchsia::web::CreateContextParams create_params = BuildCreateContextParams();
+  std::vector<std::string> insecure_origins;
+  insecure_origins.push_back(switches::kAllowRunningInsecureContent);
+  insecure_origins.push_back("disable-mixed-content-autoupgrade");
+  insecure_origins.push_back("http://example.com");
+  create_params.set_unsafely_treat_insecure_origins_as_secure(
+      std::move(insecure_origins));
+  context_provider.Create(std::move(create_params), context.NewRequest());
+
+  loop.Run();
+}