Fill remote_endpoint of SignedExchange inner response

This field will be used for BlockInsecurePrivateNetworkRequests to calculate the frame's SecurityState. Currently this field is not set. So the test sxg-subresource-header-integrity-mismatch.tentative.html fails when BlockInsecurePrivateNetworkRequests is enabled. Bug: 1166050 Change-Id: Icf722e4ea06819daaf3f3c5be91408564871bc81 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2626673Reviewed-by: Arthur Hemery <ahemery@chromium.org> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Reviewed-by: Kunihiko Sakamoto <ksakamoto@chromium.org> Commit-Queue: Tsuyoshi Horo <horo@chromium.org> Cr-Commit-Position: refs/heads/master@{#843333}

Fill remote_endpoint of SignedExchange inner response
This field will be used for BlockInsecurePrivateNetworkRequests to calculate the frame's SecurityState. Currently this field is not set. So the test sxg-subresource-header-integrity-mismatch.tentative.html fails when BlockInsecurePrivateNetworkRequests is enabled. Bug: 1166050 Change-Id: Icf722e4ea06819daaf3f3c5be91408564871bc81 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2626673Reviewed-by: Arthur Hemery <ahemery@chromium.org> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Reviewed-by: Kunihiko Sakamoto <ksakamoto@chromium.org> Commit-Queue: Tsuyoshi Horo <horo@chromium.org> Cr-Commit-Position: refs/heads/master@{#843333}
83b1d531 · Tsuyoshi Horo · Chromium LUCI CQ · 6a5a7be8 · 83b1d531 · 83b1d531
Commit 83b1d531 authored Jan 14, 2021 by Tsuyoshi Horo Committed by Chromium LUCI CQ Jan 14, 2021
4 changed files
--- a/content/browser/web_package/signed_exchange_handler.cc
+++ b/content/browser/web_package/signed_exchange_handler.cc
@@ -173,6 +173,7 @@ SignedExchangeHandler::SignedExchangeHandler(
    std::unique_ptr<SignedExchangeCertFetcherFactory> cert_fetcher_factory,
    const net::NetworkIsolationKey& network_isolation_key,
    int load_flags,
+    const net::IPEndPoint& remote_endpoint,
    std::unique_ptr<blink::WebPackageRequestMatcher> request_matcher,
    std::unique_ptr<SignedExchangeDevToolsProxy> devtools_proxy,
    SignedExchangeReporter* reporter,
@@ -184,6 +185,7 @@ SignedExchangeHandler::SignedExchangeHandler(
      cert_fetcher_factory_(std::move(cert_fetcher_factory)),
      network_isolation_key_(network_isolation_key),
      load_flags_(load_flags),
+      remote_endpoint_(remote_endpoint),
      request_matcher_(std::move(request_matcher)),
      devtools_proxy_(std::move(devtools_proxy)),
      reporter_(reporter),
@@ -671,6 +673,7 @@ void SignedExchangeHandler::OnVerifyCert(
  response_head->load_timing.send_end = now;
  response_head->load_timing.receive_headers_end = now;
  response_head->content_length = response_head->headers->GetContentLength();
+  response_head->remote_endpoint = remote_endpoint_;
  auto body_stream = CreateResponseBodyStream();
  if (!body_stream) {

--- a/content/browser/web_package/signed_exchange_handler.h
+++ b/content/browser/web_package/signed_exchange_handler.h
@@ -17,6 +17,7 @@
 #include "content/common/content_export.h"
 #include "mojo/public/cpp/system/data_pipe.h"
 #include "net/base/io_buffer.h"
+#include "net/base/ip_endpoint.h"
 #include "net/base/network_isolation_key.h"
 #include "net/cert/cert_verifier.h"
 #include "net/cert/cert_verify_result.h"
@@ -97,6 +98,7 @@ class CONTENT_EXPORT SignedExchangeHandler {
      std::unique_ptr<SignedExchangeCertFetcherFactory> cert_fetcher_factory,
      const net::NetworkIsolationKey& network_isolation_key,
      int load_flags,
+      const net::IPEndPoint& remote_endpoint,
      std::unique_ptr<blink::WebPackageRequestMatcher> request_matcher,
      std::unique_ptr<SignedExchangeDevToolsProxy> devtools_proxy,
      SignedExchangeReporter* reporter,
@@ -169,7 +171,8 @@ class CONTENT_EXPORT SignedExchangeHandler {
  std::unique_ptr<SignedExchangeCertFetcherFactory> cert_fetcher_factory_;
  std::unique_ptr<SignedExchangeCertFetcher> cert_fetcher_;
  const net::NetworkIsolationKey network_isolation_key_;
-  const int load_flags_;
+  const int load_flags_ = 0;
+  const net::IPEndPoint remote_endpoint_;
  std::unique_ptr<SignedExchangeCertificateChain> unverified_cert_chain_;

--- a/content/browser/web_package/signed_exchange_handler_unittest.cc
+++ b/content/browser/web_package/signed_exchange_handler_unittest.cc
@@ -367,7 +367,7 @@ class SignedExchangeHandlerTest
        base::BindOnce(&SignedExchangeHandlerTest::OnHeaderFound,
                       base::Unretained(this)),
        std::move(cert_fetcher_factory_), network_isolation_key_,
-        net::LOAD_NORMAL,
+        net::LOAD_NORMAL, net::IPEndPoint(),
        std::make_unique<blink::WebPackageRequestMatcher>(
            net::HttpRequestHeaders(), std::string() /* accept_langs */),
        nullptr /* devtools_proxy */, nullptr /* reporter */,

--- a/content/browser/web_package/signed_exchange_loader.cc
+++ b/content/browser/web_package/signed_exchange_loader.cc
@@ -180,7 +180,7 @@ void SignedExchangeLoader::OnStartLoadingResponseBody(
      base::BindOnce(&SignedExchangeLoader::OnHTTPExchangeFound,
                     weak_factory_.GetWeakPtr()),
      std::move(cert_fetcher_factory), network_isolation_key_,
-      outer_request_.load_flags,
+      outer_request_.load_flags, outer_response_head_->remote_endpoint,
      std::make_unique<blink::WebPackageRequestMatcher>(outer_request_.headers,
                                                        accept_langs_),
      std::move(devtools_proxy_), reporter_.get(), frame_tree_node_id_);