Portals: XFO sameorigin now traverses the portal hierarchy.

This allows portals to support XFO sameorigin policies. Bug: 1083329 Change-Id: I922fd762ed643c1381706145aa3a017254456ff7 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2216537 Commit-Queue: Lucas Gadani <lfg@chromium.org> Reviewed-by: Arthur Sonzogni <arthursonzogni@chromium.org> Cr-Commit-Position: refs/heads/master@{#776135}

Portals: XFO sameorigin now traverses the portal hierarchy.
This allows portals to support XFO sameorigin policies. Bug: 1083329 Change-Id: I922fd762ed643c1381706145aa3a017254456ff7 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2216537 Commit-Queue: Lucas Gadani <lfg@chromium.org> Reviewed-by: Arthur Sonzogni <arthursonzogni@chromium.org> Cr-Commit-Position: refs/heads/master@{#776135}
9703ac7b · Lucas Gadani · Commit Bot · ba95aee6 · 9703ac7b · 9703ac7b
Commit 9703ac7b authored Jun 08, 2020 by Lucas Gadani Committed by Commit Bot Jun 08, 2020
4 changed files
--- a/content/browser/frame_host/ancestor_throttle.cc
+++ b/content/browser/frame_host/ancestor_throttle.cc
@@ -305,7 +305,8 @@ AncestorThrottle::CheckResult AncestorThrottle::EvaluateXFrameOptions(
    case HeaderDisposition::SAMEORIGIN: {
      // Block the request when any ancestor is not same-origin.
-      RenderFrameHostImpl* parent = request->GetParentFrame();
+      RenderFrameHostImpl* parent = ParentForAncestorThrottle(
+          request->frame_tree_node()->current_frame_host());
      url::Origin current_origin =
          url::Origin::Create(navigation_handle()->GetURL());
      while (parent) {
@@ -327,7 +328,7 @@ AncestorThrottle::CheckResult AncestorThrottle::EvaluateXFrameOptions(
          return CheckResult::BLOCK;
        }
-        parent = parent->GetParent();
+        parent = ParentForAncestorThrottle(parent);
      }
      RecordXFrameOptionsUsage(XFrameOptionsHistogram::SAMEORIGIN);
      return CheckResult::PROCEED;

--- a/third_party/blink/web_tests/external/wpt/portals/xfo/portals-xfo-sameorigin.html
+++ b/third_party/blink/web_tests/external/wpt/portals/xfo/portals-xfo-sameorigin.html
+<!DOCTYPE html>
+<meta name="timeout" content="long">
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<body>
+<script>
+async_test(t => {
+  assert_implements("HTMLPortalElement" in self);
+  var portal = document.createElement('portal');
+  portal.src = get_host_info().HTTP_REMOTE_HOST + "/portals/xfo/resources/xfo-sameorigin.asis";
+  portal.onmessage = t.unreached_func("should not have received a message");
+  document.body.appendChild(portal);
+  t.add_cleanup(() => portal.remove());
+  t.step_timeout(() => t.done(), 2000);
+}, "`XFO: SAMEORIGIN` blocks cross-origin portals.");
+</script>
+</body>
--- a/third_party/blink/web_tests/external/wpt/portals/xfo/resources/xfo-deny.asis
+++ b/third_party/blink/web_tests/external/wpt/portals/xfo/resources/xfo-deny.asis
@@ -4,5 +4,5 @@ X-Frame-Options: DENY
 <!DOCTYPE html>
 <script>
-window.portalHost.postMessage('loaded');
+window.portalHost.postMessage('loaded', '*');
 </script>
--- a/third_party/blink/web_tests/external/wpt/portals/xfo/resources/xfo-sameorigin.asis
+++ b/third_party/blink/web_tests/external/wpt/portals/xfo/resources/xfo-sameorigin.asis
+HTTP/1.1 200 OK
+Content-Type: text/html
+X-Frame-Options: SAMEORIGIN
+<!DOCTYPE html>
+<script>
+window.portalHost.postMessage('loaded', '*');
+</script>