fetch: Use a derived origin for file- and opaque-initiated requests

Currently, fetch's request_conversion.cc swaps out the initiators from files and opaque origins, replacing the initiator with a new opaque origin. Switching this to derive an opaque origin will preserve precursor information so that subsequent decisions can be based on, for instance, whether a request came from a file (or whether a request came from an opaque frame with an HTTPS precursor). Bug: 794098 Change-Id: I4f3d6d85e60afd9dda283a54501459705d52d958 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2242635Reviewed-by: Yutaka Hirano <yhirano@chromium.org> Reviewed-by: Charlie Harrison <csharrison@chromium.org> Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org> Commit-Queue: David Van Cleve <davidvc@chromium.org> Cr-Commit-Position: refs/heads/master@{#784257}

fetch: Use a derived origin for file- and opaque-initiated requests
Currently, fetch's request_conversion.cc swaps out the initiators from files and opaque origins, replacing the initiator with a new opaque origin. Switching this to derive an opaque origin will preserve precursor information so that subsequent decisions can be based on, for instance, whether a request came from a file (or whether a request came from an opaque frame with an HTTPS precursor). Bug: 794098 Change-Id: I4f3d6d85e60afd9dda283a54501459705d52d958 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2242635Reviewed-by: Yutaka Hirano <yhirano@chromium.org> Reviewed-by: Charlie Harrison <csharrison@chromium.org> Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org> Commit-Queue: David Van Cleve <davidvc@chromium.org> Cr-Commit-Position: refs/heads/master@{#784257}
8e374850 · David Van Cleve · Commit Bot · 2b10184a · 8e374850 · 8e374850
Commit 8e374850 authored Jul 01, 2020 by David Van Cleve Committed by Commit Bot Jul 01, 2020
3 changed files
--- a/content/browser/loader/derived_origin_in_fetch_browsertest.cc
+++ b/content/browser/loader/derived_origin_in_fetch_browsertest.cc
+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "base/optional.h"
+#include "content/public/common/content_switches.h"
+#include "content/public/test/browser_test.h"
+#include "content/public/test/content_browser_test.h"
+#include "content/public/test/content_browser_test_utils.h"
+#include "content/public/test/url_loader_monitor.h"
+#include "content/shell/browser/shell.h"
+#include "services/network/public/cpp/resource_request.h"
+#include "testing/gtest/include/gtest/gtest.h"
+#include "url/gurl.h"
+#include "url/origin.h"
+
+namespace content {
+
+using DerivedOriginInFetchBrowserTest = ContentBrowserTest;
+
+// A fetch originating in a context with a file:/// origin should have its
+// initiator derived from the originating context's origin.
+IN_PROC_BROWSER_TEST_F(DerivedOriginInFetchBrowserTest,
+                       FetchFromFileOriginProducesDerivedOrigin) {
+  // The request will be intercepted, so this page doesn't need to exist:
+  GURL destination("https://destination.irrelevant");
+  // This needs to be created before navigating to the source page.
+  URLLoaderMonitor monitor({destination});
+
+  GURL starting_file_url = GetTestUrl(/*dir=*/nullptr, "title1.html");
+  ASSERT_TRUE(starting_file_url.SchemeIsFile());
+  ASSERT_TRUE(NavigateToURL(shell(), starting_file_url));
+
+  EXPECT_TRUE(ExecJs(shell(), JsReplace("fetch($1);", destination)));
+  monitor.WaitForUrls();
+  base::Optional<network::ResourceRequest> request =
+      monitor.GetRequestInfo(destination);
+
+  ASSERT_TRUE(request);
+  const base::Optional<url::Origin>& initiator = request->request_initiator;
+  ASSERT_TRUE(initiator);
+  EXPECT_TRUE(initiator->CanBeDerivedFrom(starting_file_url));
+}
+
+}  // namespace content
--- a/content/test/BUILD.gn
+++ b/content/test/BUILD.gn
@@ -988,6 +988,7 @@ test("content_browsertests") {
    "../browser/loader/cors_file_origin_browsertest.cc",
    "../browser/loader/cors_preflight_cache_browsertest.cc",
    "../browser/loader/cross_site_document_blocking_browsertest.cc",
+    "../browser/loader/derived_origin_in_fetch_browsertest.cc",
    "../browser/loader/file_url_loader_factory_browsertest.cc",
    "../browser/loader/loader_browsertest.cc",
    "../browser/loader/prefetch_browsertest.cc",

--- a/third_party/blink/renderer/platform/loader/fetch/url_loader/request_conversion.cc
+++ b/third_party/blink/renderer/platform/loader/fetch/url_loader/request_conversion.cc
@@ -254,10 +254,12 @@ void PopulateResourceRequest(const ResourceRequestHead& src,
  dest->is_revalidating = src.IsRevalidating();
  if (src.RequestorOrigin()->ToString() == "null") {
    // "file:" origin is treated like an opaque unique origin when
-    // allow-file-access-from-files is not specified. Such origin is not
-    // opaque (i.e., IsOpaque() returns false) but still serializes to
-    // "null".
-    dest->request_initiator = url::Origin();
+    // allow-file-access-from-files is not specified. Such origin is not opaque
+    // (i.e., IsOpaque() returns false) but still serializes to "null". Derive a
+    // new opaque origin so that downstream consumers can make use of the
+    // origin's precursor.
+    dest->request_initiator =
+        src.RequestorOrigin()->DeriveNewOpaqueOrigin()->ToUrlOrigin();
  } else {
    dest->request_initiator = src.RequestorOrigin()->ToUrlOrigin();
  }