Add `Sec-Fetch-Dest: empty` header for application cache.

`Sec-Fetch-Dest` header for both manifests and resources should be `empty` for the requests called from application cache according to step 4 and 18.3 of https://html.spec.whatwg.org/#application-cache-download-process: ``` 4. Let request be a new request whose url is manifest URL, client is null, destination is the empty string, referrer is "no-referrer", synchronous flag is set, credentials mode is "include", and whose use-URL-credentials flag is set. 18.3. Let request be a new request whose url is URL, client is null, destination is the empty string, origin is manifest URL's origin, referrer is "no-referrer", synchronous flag is set, credentials mode is "include", use-URL-credentials flag is set, and redirect mode is "manual". ``` Bug: 1024198 Change-Id: I6566cead95f995089685fc8eed9635d82e3d4d81 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1926478 Commit-Queue: Yifan Luo <lyf@google.com> Reviewed-by: Chase Phillips <cmp@chromium.org> Reviewed-by: Mike West <mkwst@chromium.org> Reviewed-by: Marijn Kruisselbrink <mek@chromium.org> Cr-Commit-Position: refs/heads/master@{#719137}

Add `Sec-Fetch-Dest: empty` header for application cache.
`Sec-Fetch-Dest` header for both manifests and resources should be `empty` for the requests called from application cache according to step 4 and 18.3 of https://html.spec.whatwg.org/#application-cache-download-process: ``` 4. Let request be a new request whose url is manifest URL, client is null, destination is the empty string, referrer is "no-referrer", synchronous flag is set, credentials mode is "include", and whose use-URL-credentials flag is set. 18.3. Let request be a new request whose url is URL, client is null, destination is the empty string, origin is manifest URL's origin, referrer is "no-referrer", synchronous flag is set, credentials mode is "include", use-URL-credentials flag is set, and redirect mode is "manual". ``` Bug: 1024198 Change-Id: I6566cead95f995089685fc8eed9635d82e3d4d81 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1926478 Commit-Queue: Yifan Luo <lyf@google.com> Reviewed-by: Chase Phillips <cmp@chromium.org> Reviewed-by: Mike West <mkwst@chromium.org> Reviewed-by: Marijn Kruisselbrink <mek@chromium.org> Cr-Commit-Position: refs/heads/master@{#719137}
8a0ae33c · Yifan Luo · Commit Bot · 2981143d · 8a0ae33c · 8a0ae33c
Commit 8a0ae33c authored Nov 26, 2019 by Yifan Luo Committed by Commit Bot Nov 26, 2019
4 changed files
--- a/content/browser/appcache/appcache_update_url_fetcher.cc
+++ b/content/browser/appcache/appcache_update_url_fetcher.cc
@@ -49,6 +49,7 @@ void AppCacheUpdateJob::URLFetcher::Start() {
  } else if (existing_response_headers_.get()) {
    AddConditionalHeaders(existing_response_headers_.get());
  }
+  request_->SetFetchMetadataHeaders();
  request_->Start();
 }

--- a/content/browser/appcache/appcache_update_url_loader_request.h
+++ b/content/browser/appcache/appcache_update_url_loader_request.h
@@ -88,6 +88,15 @@ class AppCacheUpdateJob::UpdateURLLoaderRequest
  // Returns net::ERR_ABORTED or any applicable net error.
  int Cancel();
+  // Set fetch metadata headers ( only `Sec-Fetch-Dest` for now ) for secure
+  // resources.
+  // TODO(lyf): Remove this function after moving `Sec-Fetch-Dest` to the
+  // network service.
+  void SetFetchMetadataHeaders() {
+    if (GetURL().SchemeIsCryptographic())
+      request_.headers.SetHeader("Sec-Fetch-Dest", "empty");
+  }
  // network::mojom::URLLoaderClient implementation.
  // These methods are called by the network loader.
  void OnReceiveResponse(

--- a/third_party/blink/web_tests/external/wpt/fetch/metadata/appcache.tentative.https.sub.html
+++ b/third_party/blink/web_tests/external/wpt/fetch/metadata/appcache.tentative.https.sub.html
@@ -8,16 +8,27 @@
 <body></body>
 <script>
  async_test(t => {
-    window.applicationCache.oncached = window.applicationCache.onnoupdate = window.applicationCache.onerror = t.step_func(e => {
+    const expected = {"site": "same-origin", "user": "", "mode": "no-cors", "dest": "empty"};
-        fetch("/fetch/metadata/resources/record-header.py?retrieve=true&file=appcache-manifest{{$id}}")
+    window.applicationCache.oncached = window.applicationCache.onnoupdate = window.applicationCache.onerror = t.step_func(async e => {
-          .then(t.step_func(response => response.text()))
+      try {
-          .then(t.step_func_done(text => assert_header_equals(text, {
+        let response = await fetch(
-            "site": "same-origin",
+            "/fetch/metadata/resources/record-header.py?retrieve=true&file=appcache-manifest{{$id}}");
-            "user": "",
+        let text = await response.text();
-            "mode": "no-cors",
+        assert_header_equals(text, expected, "Appcache manifest");
-            "dest": ""
-          })))
+        response = await fetch(
-          .catch(t.unreached_func("Fetching and verifying the results should succeed."));
+            "/fetch/metadata/resources/record-header.py?retrieve=true&file=appcache-resource{{$id}}");
-});
+        text = await response.text();
-}, "Appcache!");
+        assert_header_equals(text, expected, "Appcache resource");
+      } catch (e) {
+        t.step_func(e => {
+          if (e instanceof AssertionError) {
+            throw e;
+          }
+          assert_unreached(`Unhandled rejection with value: ${e}`);
+        });
+      }
+      t.done();
+    });
+  }, "Appcache!");
 </script>
--- a/third_party/blink/web_tests/external/wpt/fetch/metadata/resources/record-header.py
+++ b/third_party/blink/web_tests/external/wpt/fetch/metadata/resources/record-header.py
@@ -117,6 +117,20 @@ def main(request, response):
      response.headers.set("Content-Type", "application/javascript")
      return "self.postMessage('loaded');"
+    ## Return an appcache manifest
+    if key.startswith("appcache-manifest"):
+      response.headers.set("Content-Type", "text/cache-manifest")
+      return """CACHE MANIFEST
+/fetch/metadata/resources/record-header.py?file=appcache-resource%s
+NETWORK:
+*""" % key[17:]
+    ## Return an appcache resource
+    if key.startswith("appcache-resource"):
+      response.headers.set("Content-Type", "text/html")
+      return "<html>Appcache!</html>"
    ## Return a valid XSLT
    if key.startswith("xslt"):
      response.headers.set("Content-Type", "text/xsl")
@@ -128,4 +142,3 @@ def main(request, response):
    </xsl:copy>
  </xsl:template>
 </xsl:stylesheet>"""