Origin isolation: remove origin trial support code

Fixed: 1148056 Change-Id: Id753248d13cf8332597b0c6592c9d8d9c43407ee Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2615478Reviewed-by: Alex Moshchuk <alexmos@chromium.org> Reviewed-by: Jeremy Roman <jbroman@chromium.org> Commit-Queue: Domenic Denicola <domenic@chromium.org> Cr-Commit-Position: refs/heads/master@{#841567}

Origin isolation: remove origin trial support code
Fixed: 1148056 Change-Id: Id753248d13cf8332597b0c6592c9d8d9c43407ee Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2615478Reviewed-by: Alex Moshchuk <alexmos@chromium.org> Reviewed-by: Jeremy Roman <jbroman@chromium.org> Commit-Queue: Domenic Denicola <domenic@chromium.org> Cr-Commit-Position: refs/heads/master@{#841567}
783245fc · Domenic Denicola · Chromium LUCI CQ · fa442f67 · 783245fc · 783245fc
Commit 783245fc authored Jan 08, 2021 by Domenic Denicola Committed by Chromium LUCI CQ Jan 08, 2021
18 changed files
--- a/content/browser/child_process_security_policy_impl.cc
+++ b/content/browser/child_process_security_policy_impl.cc
@@ -2171,9 +2171,6 @@ bool ChildProcessSecurityPolicyImpl::ShouldOriginGetOptInIsolation(
    const IsolationContext& isolation_context,
    const url::Origin& origin,
    bool origin_requests_isolation) {
-  // Note: we cannot check the feature flags and early-out here, because the
-  // origin trial might be active (in which case no feature flags are active).
  if (!IsolatedOriginUtil::IsValidOriginForOptInIsolation(origin))
    return false;

--- a/content/browser/renderer_host/navigation_request.cc
+++ b/content/browser/renderer_host/navigation_request.cc
@@ -116,7 +116,6 @@
 #include "services/network/public/mojom/web_sandbox_flags.mojom.h"
 #include "third_party/blink/public/common/blob/blob_utils.h"
 #include "third_party/blink/public/common/client_hints/client_hints.h"
-#include "third_party/blink/public/common/origin_trials/trial_token_validator.h"
 #include "third_party/blink/public/common/renderer_preferences/renderer_preferences.h"
 #include "third_party/blink/public/common/web_preferences/web_preferences.h"
 #include "third_party/blink/public/mojom/appcache/appcache.mojom.h"
@@ -2024,7 +2023,7 @@ void NavigationRequest::OnRequestRedirected(
 }
 void NavigationRequest::CheckForIsolationOptIn(const GURL& url) {
-  if (IsOptInIsolationRequested(url) == OptInIsolationCheckResult::NONE)
+  if (IsOptInIsolationRequested() == OptInIsolationCheckResult::NONE)
    return;
  auto* policy = ChildProcessSecurityPolicyImpl::GetInstance();
@@ -2068,7 +2067,7 @@ bool NavigationRequest::HasCommittingOrigin(const url::Origin& origin) {
 }
 NavigationRequest::OptInIsolationCheckResult
-NavigationRequest::IsOptInIsolationRequested(const GURL& url) {
+NavigationRequest::IsOptInIsolationRequested() {
  if (!response())
    return OptInIsolationCheckResult::NONE;
@@ -2088,17 +2087,9 @@ NavigationRequest::IsOptInIsolationRequested(const GURL& url) {
  if (requests_via_origin_policy)
    return OptInIsolationCheckResult::ORIGIN_POLICY;
-  // The header can be enabled via either a command-line flag or an origin
-  // trial.
-  blink::TrialTokenValidator validator;
-  const bool header_is_enabled =
-      base::FeatureList::IsEnabled(features::kOriginIsolationHeader) ||
-      (response()->headers && validator.RequestEnablesFeature(
-                                  url, response()->headers.get(),
-                                  "OriginIsolationHeader", base::Time::Now()));
  const bool requests_via_header =
-      header_is_enabled && response_head_->parsed_headers->origin_isolation;
+      base::FeatureList::IsEnabled(features::kOriginIsolationHeader) &&
+      response_head_->parsed_headers->origin_isolation;
  if (requests_via_header)
    return OptInIsolationCheckResult::HEADER;
@@ -2203,8 +2194,8 @@ void NavigationRequest::ProcessOriginIsolationEndResult() {
 }
 UrlInfo NavigationRequest::GetUrlInfo() {
-  return UrlInfo(GetURL(), IsOptInIsolationRequested(GetURL()) !=
+  return UrlInfo(
-                               OptInIsolationCheckResult::NONE);
+      GetURL(), IsOptInIsolationRequested() != OptInIsolationCheckResult::NONE);
 }
 void NavigationRequest::OnResponseStarted(
@@ -2453,7 +2444,7 @@ void NavigationRequest::OnResponseStarted(
    DCHECK(!response_should_be_rendered_);
  if (render_frame_host_)
-    DetermineOriginIsolationEndResult(IsOptInIsolationRequested(GetURL()));
+    DetermineOriginIsolationEndResult(IsOptInIsolationRequested());
  cross_origin_embedder_policy_ = cross_origin_embedder_policy;

--- a/content/browser/renderer_host/navigation_request.h
+++ b/content/browser/renderer_host/navigation_request.h
@@ -246,7 +246,7 @@ class CONTENT_EXPORT NavigationRequest
    HEADER,        // requested using the Origin-Isolation header
    ORIGIN_POLICY  // requested using origin policy
  };
-  OptInIsolationCheckResult IsOptInIsolationRequested(const GURL& url);
+  OptInIsolationCheckResult IsOptInIsolationRequested();
  // The origin isolation end result is determined early in the lifecycle of a
  // NavigationRequest, but used late. In particular, we want to trigger use

--- a/third_party/blink/renderer/platform/runtime_enabled_features.json5
+++ b/third_party/blink/renderer/platform/runtime_enabled_features.json5
@@ -1386,7 +1386,6 @@
    },
    {
      name: "OriginIsolationHeader",
-      origin_trial_feature_name: "OriginIsolationHeader",
      status: "experimental",
    },
    {

--- a/third_party/blink/web_tests/FlagExpectations/disable-site-isolation-trials
+++ b/third_party/blink/web_tests/FlagExpectations/disable-site-isolation-trials
@@ -27,4 +27,3 @@ crbug.com/1106413 external/wpt/webmessaging/multi-globals/broadcastchannel-incum
 # Opt-in origin isolation is intentionally disabled with --disable-site-isolation-trials.
 virtual/no-auto-wpt-origin-isolation/external/wpt/origin-isolation/* [ Skip ]
-virtual/no-auto-wpt-origin-isolation/wpt_internal/origin-isolation/* [ Skip ]
--- a/third_party/blink/web_tests/NeverFixTests
+++ b/third_party/blink/web_tests/NeverFixTests
@@ -1964,9 +1964,7 @@ http/tests/devtools/isolated-code-cache/cross-origin-test.js [ Skip ]
 # with site isolation enabled, we use a different virtual test suite than
 # not-site-per-process, named no-auto-wpt-origin-isolation.
 external/wpt/origin-isolation/* [ Skip ]
-wpt_internal/origin-isolation/* [ Skip ]
 virtual/no-auto-wpt-origin-isolation/external/wpt/origin-isolation/* [ Pass ]
-virtual/no-auto-wpt-origin-isolation/wpt_internal/origin-isolation/* [ Pass ]
 # ==== Tests incompatible with the default WPT Origin Isolation end here ==^^
 # Tests using testRunner.useUnfortunateSynchronousResizeMode occasionally fail on Win7,

--- a/third_party/blink/web_tests/VirtualTestSuites
+++ b/third_party/blink/web_tests/VirtualTestSuites
@@ -124,7 +124,6 @@
              "inspector-protocol/dom-snapshot",
              "media/stable",
              "webexposed",
-              "wpt_internal/origin-isolation",
              "compositing/filters"
              ],
    "args": ["--stable-release-mode",
@@ -518,8 +517,7 @@
  },
  {
    "prefix": "no-auto-wpt-origin-isolation",
-    "bases": ["external/wpt/origin-isolation",
+    "bases": ["external/wpt/origin-isolation"],
-              "wpt_internal/origin-isolation"],
    "args": ["--disable-auto-wpt-origin-isolation"]
  },
  {

--- a/third_party/blink/web_tests/wpt_internal/origin-isolation/README.md
+++ b/third_party/blink/web_tests/wpt_internal/origin-isolation/README.md
-# Origin Isolation Origin Trial Tests
-These tests are for the [Origin Isolation][1] feature, and supplement those in
-`external/wpt` to specifically test Chromium origin trial mechanisms.
-The abbreviation `oiot` means "first the `Origin-Trial` header, then the
-`Origin-Isolation` header". Conversely, `otoi` means "first the
-`Origin-Isolation` header, then the `Origin-Trial` header.
-The tokens for the `Origin-Trial` header are generated using the commands
-    python tools/origin_trials/generate_token.py https://web-platform.test:8444 OriginIsolationHeader --expire-timestamp=2000000000
-    python tools/origin_trials/generate_token.py https://www.web-platform.test:8444 OriginIsolationHeader --expire-timestamp=2000000000
-[1]: https://github.com/WICG/origin-isolation
--- a/third_party/blink/web_tests/wpt_internal/origin-isolation/parent-oiot-child-oiot.sub.https.html
+++ b/third_party/blink/web_tests/wpt_internal/origin-isolation/parent-oiot-child-oiot.sub.https.html
-<!DOCTYPE html>
-<meta charset="utf-8">
-<title>Origin-Trial header before Origin-Isolation header in parent; OT after OI in child</title>
-<script src="/resources/testharness.js"></script>
-<script src="/resources/testharnessreport.js"></script>
-<!-- This file is a modification of parent-yes-child-yes-subdomain.sub.https.html from the external WPT suite. -->
-<div id="log"></div>
-<script type="module">
-import { sendWasmModule, setBothDocumentDomains } from "/origin-isolation/resources/helpers.mjs";
-import { insertIframe } from "./resources/helpers.mjs";
-let frameWindow;
-promise_setup(async () => {
-  frameWindow = await insertIframe("{{hosts[][www]}}", "oiot");
-});
-// Both request isolation, so the parent ends up in one origin-keyed agent
-// cluster (the base domain's origin), and the child ends up in a different
-// origin-keyed agent cluster (the www subdomain's origin).
-promise_test(async () => {
-  const whatHappened = await sendWasmModule(frameWindow);
-  assert_equals(whatHappened, "messageerror");
-}, "messageerror event must occur");
-promise_test(async () => {
-  await setBothDocumentDomains(frameWindow);
-  assert_throws_dom("SecurityError", DOMException, () => {
-    frameWindow.document;
-  });
-}, "setting document.domain must not give sync access");
-</script>
--- a/third_party/blink/web_tests/wpt_internal/origin-isolation/parent-oiot-child-oiot.sub.https.html.headers
+++ b/third_party/blink/web_tests/wpt_internal/origin-isolation/parent-oiot-child-oiot.sub.https.html.headers
-Origin-Agent-Cluster: ?1
-Origin-Trial: AkwBfk9Djiu2sKAuVhMLUQ3ldCM8nF0QD6eQpx7wWSnmhMs7udZelhv2iJfIjYuj5j77L3htLCv/dAuv/ttfUQEAAABmeyJvcmlnaW4iOiAiaHR0cHM6Ly93ZWItcGxhdGZvcm0udGVzdDo4NDQ0IiwgImZlYXR1cmUiOiAiT3JpZ2luSXNvbGF0aW9uSGVhZGVyIiwgImV4cGlyeSI6IDIwMDAwMDAwMDB9
--- a/third_party/blink/web_tests/wpt_internal/origin-isolation/parent-oiot-child-otoi.sub.https.html
+++ b/third_party/blink/web_tests/wpt_internal/origin-isolation/parent-oiot-child-otoi.sub.https.html
-<!DOCTYPE html>
-<meta charset="utf-8">
-<title>Origin-Trial header before Origin-Isolation header in parent; OT after OI in child</title>
-<script src="/resources/testharness.js"></script>
-<script src="/resources/testharnessreport.js"></script>
-<!-- This file is a modification of parent-yes-child-yes-subdomain.sub.https.html from the external WPT suite. -->
-<div id="log"></div>
-<script type="module">
-import { sendWasmModule, setBothDocumentDomains } from "/origin-isolation/resources/helpers.mjs";
-import { insertIframe } from "./resources/helpers.mjs";
-let frameWindow;
-promise_setup(async () => {
-  frameWindow = await insertIframe("{{hosts[][www]}}", "otoi");
-});
-// Both request isolation, so the parent ends up in one origin-keyed agent
-// cluster (the base domain's origin), and the child ends up in a different
-// origin-keyed agent cluster (the www subdomain's origin).
-promise_test(async () => {
-  const whatHappened = await sendWasmModule(frameWindow);
-  assert_equals(whatHappened, "messageerror");
-}, "messageerror event must occur");
-promise_test(async () => {
-  await setBothDocumentDomains(frameWindow);
-  assert_throws_dom("SecurityError", DOMException, () => {
-    frameWindow.document;
-  });
-}, "setting document.domain must not give sync access");
-</script>
--- a/third_party/blink/web_tests/wpt_internal/origin-isolation/parent-oiot-child-otoi.sub.https.html.headers
+++ b/third_party/blink/web_tests/wpt_internal/origin-isolation/parent-oiot-child-otoi.sub.https.html.headers
-Origin-Agent-Cluster: ?1
-Origin-Trial: AkwBfk9Djiu2sKAuVhMLUQ3ldCM8nF0QD6eQpx7wWSnmhMs7udZelhv2iJfIjYuj5j77L3htLCv/dAuv/ttfUQEAAABmeyJvcmlnaW4iOiAiaHR0cHM6Ly93ZWItcGxhdGZvcm0udGVzdDo4NDQ0IiwgImZlYXR1cmUiOiAiT3JpZ2luSXNvbGF0aW9uSGVhZGVyIiwgImV4cGlyeSI6IDIwMDAwMDAwMDB9
--- a/third_party/blink/web_tests/wpt_internal/origin-isolation/parent-otoi-child-oiot.sub.https.html
+++ b/third_party/blink/web_tests/wpt_internal/origin-isolation/parent-otoi-child-oiot.sub.https.html
-<!DOCTYPE html>
-<meta charset="utf-8">
-<title>Origin-Trial header before Origin-Isolation header in parent; OT after OI in child</title>
-<script src="/resources/testharness.js"></script>
-<script src="/resources/testharnessreport.js"></script>
-<!-- This file is a modification of parent-yes-child-yes-subdomain.sub.https.html from the external WPT suite. -->
-<div id="log"></div>
-<script type="module">
-import { sendWasmModule, setBothDocumentDomains } from "/origin-isolation/resources/helpers.mjs";
-import { insertIframe } from "./resources/helpers.mjs";
-let frameWindow;
-promise_setup(async () => {
-  frameWindow = await insertIframe("{{hosts[][www]}}", "oiot");
-});
-// Both request isolation, so the parent ends up in one origin-keyed agent
-// cluster (the base domain's origin), and the child ends up in a different
-// origin-keyed agent cluster (the www subdomain's origin).
-promise_test(async () => {
-  const whatHappened = await sendWasmModule(frameWindow);
-  assert_equals(whatHappened, "messageerror");
-}, "messageerror event must occur");
-promise_test(async () => {
-  await setBothDocumentDomains(frameWindow);
-  assert_throws_dom("SecurityError", DOMException, () => {
-    frameWindow.document;
-  });
-}, "setting document.domain must not give sync access");
-</script>
--- a/third_party/blink/web_tests/wpt_internal/origin-isolation/parent-otoi-child-oiot.sub.https.html.headers
+++ b/third_party/blink/web_tests/wpt_internal/origin-isolation/parent-otoi-child-oiot.sub.https.html.headers
-Origin-Trial: AkwBfk9Djiu2sKAuVhMLUQ3ldCM8nF0QD6eQpx7wWSnmhMs7udZelhv2iJfIjYuj5j77L3htLCv/dAuv/ttfUQEAAABmeyJvcmlnaW4iOiAiaHR0cHM6Ly93ZWItcGxhdGZvcm0udGVzdDo4NDQ0IiwgImZlYXR1cmUiOiAiT3JpZ2luSXNvbGF0aW9uSGVhZGVyIiwgImV4cGlyeSI6IDIwMDAwMDAwMDB9
-Origin-Agent-Cluster: ?1
--- a/third_party/blink/web_tests/wpt_internal/origin-isolation/parent-otoi-child-otoi.sub.https.html
+++ b/third_party/blink/web_tests/wpt_internal/origin-isolation/parent-otoi-child-otoi.sub.https.html
-<!DOCTYPE html>
-<meta charset="utf-8">
-<title>Origin-Trial header before Origin-Isolation header in parent; OT after OI in child</title>
-<script src="/resources/testharness.js"></script>
-<script src="/resources/testharnessreport.js"></script>
-<!-- This file is a modification of parent-yes-child-yes-subdomain.sub.https.html from the external WPT suite. -->
-<div id="log"></div>
-<script type="module">
-import { sendWasmModule, setBothDocumentDomains } from "/origin-isolation/resources/helpers.mjs";
-import { insertIframe } from "./resources/helpers.mjs";
-let frameWindow;
-promise_setup(async () => {
-  frameWindow = await insertIframe("{{hosts[][www]}}", "otoi");
-});
-// Both request isolation, so the parent ends up in one origin-keyed agent
-// cluster (the base domain's origin), and the child ends up in a different
-// origin-keyed agent cluster (the www subdomain's origin).
-promise_test(async () => {
-  const whatHappened = await sendWasmModule(frameWindow);
-  assert_equals(whatHappened, "messageerror");
-}, "messageerror event must occur");
-promise_test(async () => {
-  await setBothDocumentDomains(frameWindow);
-  assert_throws_dom("SecurityError", DOMException, () => {
-    frameWindow.document;
-  });
-}, "setting document.domain must not give sync access");
-</script>
--- a/third_party/blink/web_tests/wpt_internal/origin-isolation/parent-otoi-child-otoi.sub.https.html.headers
+++ b/third_party/blink/web_tests/wpt_internal/origin-isolation/parent-otoi-child-otoi.sub.https.html.headers
-Origin-Trial: AkwBfk9Djiu2sKAuVhMLUQ3ldCM8nF0QD6eQpx7wWSnmhMs7udZelhv2iJfIjYuj5j77L3htLCv/dAuv/ttfUQEAAABmeyJvcmlnaW4iOiAiaHR0cHM6Ly93ZWItcGxhdGZvcm0udGVzdDo4NDQ0IiwgImZlYXR1cmUiOiAiT3JpZ2luSXNvbGF0aW9uSGVhZGVyIiwgImV4cGlyeSI6IDIwMDAwMDAwMDB9
-Origin-Agent-Cluster: ?1
--- a/third_party/blink/web_tests/wpt_internal/origin-isolation/resources/helpers.mjs
+++ b/third_party/blink/web_tests/wpt_internal/origin-isolation/resources/helpers.mjs
-export function insertIframe(hostname, headerOrder) {
-  const url = new URL("send-headers.py", import.meta.url);
-  url.hostname = hostname;
-  url.searchParams.set("headerOrder", headerOrder);
-  const iframe = document.createElement("iframe");
-  iframe.src = url.href;
-  return new Promise((resolve, reject) => {
-    iframe.onload = () => resolve(iframe.contentWindow);
-    iframe.onerror = () => reject(new Error(`Could not load ${iframe.src}`));
-    document.body.append(iframe);
-  });
-}
--- a/third_party/blink/web_tests/wpt_internal/origin-isolation/resources/send-headers.py
+++ b/third_party/blink/web_tests/wpt_internal/origin-isolation/resources/send-headers.py
-def main(request, response):
-    """Send a response with the Origin-Agent-Cluster and Origin-Trial headers, in
-    the order specified by the "headerOrder" query parameter, which can be
-    either "oiot" or "otoi" (see ../README.md).
-    The response will listen for message and messageerror events and echo them
-    back to the parent. See external/wpt's
-    /origin-isolation/resources/helpers.mjs for how these handlers are used.
-    """
-    token = "ArQvBL/jhDJ62HaUm/ak0dIUYDjZAfeCQTXwa92cOrHZbL7R+bhb3qrVO2pHWkgJPgvIzvLX5m3wfaUJfOKY0Q4AAABqeyJvcmlnaW4iOiAiaHR0cHM6Ly93d3cud2ViLXBsYXRmb3JtLnRlc3Q6ODQ0NCIsICJmZWF0dXJlIjogIk9yaWdpbklzb2xhdGlvbkhlYWRlciIsICJleHBpcnkiOiAyMDAwMDAwMDAwfQ=="
-    header_order = request.GET.first(b"headerOrder")
-    if header_order == b"otoi":
-        response.headers.set(b"Origin-Trial", token)
-        response.headers.set(b"Origin-Agent-Cluster", b"?1")
-    elif header_order == b"oiot":
-        response.headers.set(b"Origin-Agent-Cluster", b"?1")
-        response.headers.set(b"Origin-Trial", token)
-    else:
-        raise AssertionError("Invalid headerOrder")
-    response.headers.set(b"Content-Type", b"text/html")
-    return """
-    <!DOCTYPE html>
-    <meta charset="utf-8">
-    <title>Helper page for origin isolation tests</title>
-    <script type="module">
-    window.onmessage = e => {
-      if (e.data.constructor === WebAssembly.Module) {
-        parent.postMessage("WebAssembly.Module message received", "*");
-      } else if (e.data.command === "set document.domain") {
-        document.domain = e.data.newDocumentDomain;
-        parent.postMessage("document.domain is set", "*");
-      }
-    };
-    window.onmessageerror = () => {
-      parent.postMessage("messageerror", "*");
-    };
-    </script>
-    """