Reject resources with non-200 status code from Subresource Web Bundles

This fixes a crash bug when a Subresource Web Bundle had a 3xx response.
After this CL, non-200 responses in Subresource Web Bundles will result
in ERR_INVALID_WEB_BUNDLE.

Bug: 1127538
Change-Id: Ie03ca457477242ded92624e4c5274766bdc95378
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2428435Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Reviewed-by: Hayato Ito <hayato@chromium.org>
Commit-Queue: Kunihiko Sakamoto <ksakamoto@chromium.org>
Cr-Commit-Position: refs/heads/master@{#811092}

third_party/blink/renderer/platform/loader/fetch/url_loader/DEPS

@@ -4,6 +4,7 @@ specific_include_rules = {
     ],
     "web_bundle_subresource_loader.cc" : [
         "+components/web_package",
+        "+net/http/http_status_code.h",
     ],
     "web_bundle_subresource_loader_test.cc" : [
         "+components/web_package",

third_party/blink/renderer/platform/loader/fetch/url_loader/web_bundle_subresource_loader.cc

@@ -5,6 +5,7 @@
 #include "third_party/blink/renderer/platform/loader/fetch/url_loader/web_bundle_subresource_loader.h"
 
 #include "base/numerics/safe_conversions.h"
+#include "base/strings/string_number_conversions.h"
 #include "base/task/post_task.h"
 #include "components/web_package/web_bundle_parser.h"
 #include "components/web_package/web_bundle_utils.h"
@@ -12,6 +13,7 @@
 #include "mojo/public/cpp/system/data_pipe.h"
 #include "mojo/public/cpp/system/data_pipe_drainer.h"
 #include "mojo/public/cpp/system/data_pipe_producer.h"
+#include "net/http/http_status_code.h"
 #include "services/network/public/mojom/url_loader.mojom.h"
 #include "services/network/public/mojom/url_loader_factory.mojom.h"
 #include "third_party/blink/renderer/platform/scheduler/public/post_cross_thread_task.h"
@@ -377,6 +379,16 @@ class WebBundleSubresourceLoaderFactory
       loader->OnFail(net::ERR_INVALID_WEB_BUNDLE);
       return;
     }
+    // Currently we allow only net::HTTP_OK responses in bundles.
+    // TODO(crbug.com/990733): Revisit this once
+    // https://github.com/WICG/webpackage/issues/478 is resolved.
+    if (response->response_code != net::HTTP_OK) {
+      RunErrorCallback(WebBundleErrorType::kResponseParseError,
+                       "Invalid response code " +
+                           base::NumberToString(response->response_code));
+      loader->OnFail(net::ERR_INVALID_WEB_BUNDLE);
+      return;
+    }
 
     loader->OnResponse(web_package::CreateResourceResponse(response));
 

third_party/blink/renderer/platform/loader/fetch/url_loader/web_bundle_subresource_loader_test.cc

@@ -215,6 +215,28 @@ TEST_F(WebBundleSubresourceLoaderFactoryTest, ResourceNotFoundInBundle) {
       "https://example.com/no-such-resource is not found in the WebBundle.");
 }
 
+TEST_F(WebBundleSubresourceLoaderFactoryTest, RedirectResponseIsNotAllowed) {
+  web_package::test::WebBundleBuilder builder(kResourceUrl,
+                                              "" /* manifest_url */);
+  builder.AddExchange(kResourceUrl,
+                      {{":status", "301"}, {"location", kResourceUrl2}}, "");
+  builder.AddExchange(kResourceUrl2,
+                      {{":status", "200"}, {"content-type", "text/plain"}},
+                      "body");
+  WriteBundle(builder.CreateBundle());
+  FinishWritingBundle();
+
+  auto request = StartRequest(GURL(kResourceUrl));
+  request.client->RunUntilComplete();
+  RunUntilBundleError();
+
+  EXPECT_EQ(net::ERR_INVALID_WEB_BUNDLE,
+            request.client->completion_status().error_code);
+  EXPECT_EQ(last_bundle_error()->first,
+            WebBundleErrorType::kResponseParseError);
+  EXPECT_EQ(last_bundle_error()->second, "Invalid response code 301");
+}
+
 TEST_F(WebBundleSubresourceLoaderFactoryTest, StartRequestBeforeReadingBundle) {
   auto request = StartRequest(GURL(kResourceUrl));