Have FetchManager use SecurityOrigin::CanReadContent

...instead of IsSameSchemeHostPort. This is observable when fetch()
is called on an extension that has a permission to the destination URL.

Bug: 1010030
Change-Id: I2f5a3bdc0e73493df9737b260e4557c72db9fbde
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1846428
Commit-Queue: Yutaka Hirano <yhirano@chromium.org>
Reviewed-by: Karan Bhatia <karandeepb@chromium.org>
Reviewed-by: Takashi Toyoshima <toyoshim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#705840}

chrome/browser/extensions/fetch_apitest.cc

@@ -220,6 +220,30 @@ IN_PROC_BROWSER_TEST_F(ExtensionFetchTest,
   EXPECT_EQ("TypeError: Failed to fetch", fetch_result);
 }
 
+IN_PROC_BROWSER_TEST_F(ExtensionFetchTest, FetchResponseType) {
+  const std::string script = base::StringPrintf(
+      "fetch(%s).then(function(response) {\n"
+      "  window.domAutomationController.send(response.type);\n"
+      "}).catch(function(err) {\n"
+      "  window.domAutomationController.send(String(err));\n"
+      "});\n",
+      GetQuotedTestServerURL("example.com", "/extensions/test_file.txt")
+          .data());
+  TestExtensionDir dir;
+  dir.WriteManifestWithSingleQuotes(
+      "{"
+      "'background': {'scripts': ['bg.js']},"
+      "'manifest_version': 2,"
+      "'name': 'FetchResponseType',"
+      "'permissions': ['http://example.com/*'],"
+      "'version': '1'"
+      "}");
+  const Extension* extension = WriteFilesAndLoadTestExtension(&dir);
+  ASSERT_TRUE(extension);
+
+  EXPECT_EQ("basic", ExecuteScriptInBackgroundPage(extension->id(), script));
+}
+
 }  // namespace
 
 }  // namespace extensions

third_party/blink/renderer/core/fetch/fetch_manager.cc

@@ -350,8 +350,8 @@ void FetchManager::Loader::DidReceiveResponse(
           return;
       }
     }
-  } else if (!SecurityOrigin::Create(response.CurrentRequestUrl())
-                  ->IsSameSchemeHostPort(fetch_request_data_->Origin().get())) {
+  } else if (!fetch_request_data_->Origin()->CanReadContent(
+                 response.CurrentRequestUrl())) {
     // Recompute the tainting if the request was redirected to a different
     // origin.
     switch (fetch_request_data_->Mode()) {
@@ -562,23 +562,16 @@ void FetchManager::Loader::Start(ExceptionState& exception_state) {
     return;
   }
 
+  const KURL& url = fetch_request_data_->Url();
   // "- |request|'s url's origin is same origin with |request|'s origin,
   //    |request|'s tainted origin flag is unset, and the CORS flag is unset"
   // Note tainted origin flag is always unset here.
   // Note we don't support to call this method with |CORS flag|
   // "- |request|'s current URL's scheme is |data|"
   // "- |request|'s mode is |navigate| or |websocket|".
-  bool is_target_same_origin_as_initiator =
-      SecurityOrigin::Create(fetch_request_data_->Url())
-          ->IsSameSchemeHostPort(fetch_request_data_->Origin().get());
-  bool is_target_same_origin_as_isolated_world =
-      fetch_request_data_->IsolatedWorldOrigin() &&
-      SecurityOrigin::Create(fetch_request_data_->Url())
-          ->IsSameSchemeHostPort(
-              fetch_request_data_->IsolatedWorldOrigin().get());
-  if (is_target_same_origin_as_initiator ||
-      is_target_same_origin_as_isolated_world ||
-      fetch_request_data_->Url().ProtocolIsData() ||
+  if (fetch_request_data_->Origin()->CanReadContent(url) ||
+      (fetch_request_data_->IsolatedWorldOrigin() &&
+       fetch_request_data_->IsolatedWorldOrigin()->CanReadContent(url)) ||
       network::IsNavigationRequestMode(fetch_request_data_->Mode())) {
     // "The result of performing a scheme fetch using request."
     PerformSchemeFetch(exception_state);