CORB/CORS allowlist deprecation.

This CL removes the allowlist that has been hardcoded into Chromium source code. The deprecation has been announced on chromium-extension@ discussion list, and in the enterprise release notes. The CL introduces a new feature that will be used by the field-trial-param-based mechanism for distributing the allowlist. This can be used to retain extensions on the allowlist if for some reason they didn't migrate to the new security model in Chrome 87. Bug: 1124077 Change-Id: I96c1df1f5b08e177b74f8168b7bd4172c045b391 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2388709Reviewed-by: Charlie Reis <creis@chromium.org> Reviewed-by: Karan Bhatia <karandeepb@chromium.org> Commit-Queue: Łukasz Anforowicz <lukasza@chromium.org> Cr-Commit-Position: refs/heads/master@{#807240}

CORB/CORS allowlist deprecation.
This CL removes the allowlist that has been hardcoded into Chromium source code. The deprecation has been announced on chromium-extension@ discussion list, and in the enterprise release notes. The CL introduces a new feature that will be used by the field-trial-param-based mechanism for distributing the allowlist. This can be used to retain extensions on the allowlist if for some reason they didn't migrate to the new security model in Chrome 87. Bug: 1124077 Change-Id: I96c1df1f5b08e177b74f8168b7bd4172c045b391 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2388709Reviewed-by: Charlie Reis <creis@chromium.org> Reviewed-by: Karan Bhatia <karandeepb@chromium.org> Commit-Queue: Łukasz Anforowicz <lukasza@chromium.org> Cr-Commit-Position: refs/heads/master@{#807240}
9c698161 · Lukasz Anforowicz · Commit Bot · a185918d · 9c698161 · 9c698161
Commit 9c698161 authored Sep 15, 2020 by Lukasz Anforowicz Committed by Commit Bot Sep 15, 2020
5 changed files
--- a/chrome/browser/extensions/corb_and_cors_extension_browsertest.cc
+++ b/chrome/browser/extensions/corb_and_cors_extension_browsertest.cc
@@ -52,6 +52,7 @@
 #include "content/public/test/url_loader_interceptor.h"
 #include "extensions/browser/browsertest_util.h"
 #include "extensions/browser/url_loader_factory_manager.h"
+#include "extensions/common/extension_features.h"
 #include "extensions/test/test_extension_dir.h"
 #include "net/dns/mock_host_resolver.h"
 #include "net/test/embedded_test_server/controllable_http_response.h"
@@ -90,7 +91,7 @@ const char kCorsErrorWhenFetching[] = "error: TypeError: Failed to fetch";
 // The manifest.json used by tests uses |kExpectedKey| that will result in the
 // hash of extension id that is captured in |kExpectedHashedExtensionId|.
 // Knowing the hash constant helps with simulating distributing the hash via
-// field trial param (e.g. via CorbAllowlistAlsoAppliesToOorCorsParamName).
+// field trial param (e.g. via kCorbCorsAllowlistParamName).
 const char kExtensionKey[] =
    "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjzv7dI7Ygyh67VHE1DdidudpYf8PFf"
    "v8iucWvzO+3xpF/"
@@ -220,20 +221,23 @@ class CorbAndCorsExtensionBrowserTest
    }

    if (IsCorsForContentScriptsEnabled()) {
-      base::FieldTrialParams field_trial_params;
-      if (IsExtensionAllowlisted()) {
-        field_trial_params.emplace(
-            network::features::kCorbAllowlistAlsoAppliesToOorCorsParamName,
-            kExpectedHashedExtensionId);
-      }
      enabled_features.emplace_back(
          network::features::kCorbAllowlistAlsoAppliesToOorCors,
-          field_trial_params);
+          base::FieldTrialParams());
    } else {
      disabled_features.push_back(
          network::features::kCorbAllowlistAlsoAppliesToOorCors);
    }

+    if (IsExtensionAllowlisted()) {
+      base::FieldTrialParams field_trial_params;
+      field_trial_params.emplace(
+          extensions_features::kCorbCorsAllowlistParamName,
+          kExpectedHashedExtensionId);
+      enabled_features.emplace_back(extensions_features::kCorbCorsAllowlist,
+                                    field_trial_params);
+    }
+
    scoped_feature_list_.InitWithFeaturesAndParameters(enabled_features,
                                                       disabled_features);
  }
@@ -308,7 +312,6 @@ class CorbAndCorsExtensionBrowserTest
    extension_ = LoadExtension(dir_.UnpackedPath());
    DCHECK(extension_);

-    AllowlistExtensionIfNeeded(*extension_);
    return extension_;
  }

@@ -516,7 +519,6 @@ class CorbAndCorsExtensionBrowserTest
    extension_ = LoadExtension(dir_.UnpackedPath());
    DCHECK(extension_);

-    AllowlistExtensionIfNeeded(*extension_);
    return extension_;
  }

@@ -621,27 +623,6 @@ class CorbAndCorsExtensionBrowserTest
        browser()->profile(), extension_->id(), background_script);
  }

-  void AllowlistExtensionIfNeeded(const Extension& extension) {
-    // Sanity check that the field trial param (which has to be registered via
-    // ScopedFeatureList early) uses the right extension id hash.
-    EXPECT_EQ(kExpectedHashedExtensionId, extension.hashed_id().value());
-
-    if (IsCorsForContentScriptsEnabled()) {
-      // Allowlist has already been populated via field trial param (see the
-      // constructor of CrossOriginReadBlockingExtensionAllowlistingTest).
-      return;
-    }
-
-    // If field trial param cannot be used, fall back to allowlisting via
-    // URLLoaderFactoryManager's test support methods.
-    if (IsExtensionAllowlisted()) {
-      URLLoaderFactoryManager::AddExtensionToAllowlistForTesting(extension);
-    } else {
-      URLLoaderFactoryManager::RemoveExtensionFromAllowlistForTesting(
-          extension);
-    }
-  }
-
 protected:
  policy::MockConfigurationPolicyProvider policy_provider_;

@@ -1735,7 +1716,6 @@ IN_PROC_BROWSER_TEST_P(CorbAndCorsExtensionBrowserTest,
  dir_.WriteFile(FILE_PATH_LITERAL("page.html"), "<body>Hello World!</body>");
  const Extension* extension = LoadExtension(dir_.UnpackedPath());
  ASSERT_TRUE(extension);
-  AllowlistExtensionIfNeeded(*extension);

  // Navigate a foreground tab to an extension URL, so that from this tab we can
  // ask the background service worker to initiate test fetches.

--- a/extensions/browser/url_loader_factory_manager.cc
+++ b/extensions/browser/url_loader_factory_manager.cc
--- a/extensions/browser/url_loader_factory_manager.h
+++ b/extensions/browser/url_loader_factory_manager.h
@@ -97,10 +97,6 @@ class URLLoaderFactoryManager {
      bool is_for_isolated_world,
      network::mojom::URLLoaderFactoryParams* factory_params);

-  static void AddExtensionToAllowlistForTesting(const Extension& extension);
-  static void RemoveExtensionFromAllowlistForTesting(
-      const Extension& extension);
-
 private:
  // If |extension|'s manifest declares that it may inject JavaScript content
  // script into the |navigating_frame| / |navigation_target|, then

--- a/extensions/common/extension_features.cc
+++ b/extensions/common/extension_features.cc
@@ -63,4 +63,12 @@ const base::Feature kReturnScopesInGetAuthToken{
 const base::Feature kSelectedUserIdInGetAuthToken{
    "SelectedUserIdInGetAuthToken", base::FEATURE_DISABLED_BY_DEFAULT};

+// Feature used mostly for exposing a field-trial-param-based mechanism for
+// adding remaining strugglers to the CORB/CORS allowlist which has been
+// deprecated in Chrome 87.
+const base::Feature kCorbCorsAllowlist{"CorbCorsAllowlist",
+                                       base::FEATURE_DISABLED_BY_DEFAULT};
+const char kCorbCorsAllowlistParamName[] =
+    "CorbCorsAllowlistDeprecationParamName";
+
 }  // namespace extensions_features
--- a/extensions/common/extension_features.h
+++ b/extensions/common/extension_features.h
@@ -33,6 +33,9 @@ extern const base::Feature kReturnScopesInGetAuthToken;

 extern const base::Feature kSelectedUserIdInGetAuthToken;

+extern const base::Feature kCorbCorsAllowlist;
+extern const char kCorbCorsAllowlistParamName[];
+
 }  // namespace extensions_features

 #endif  // EXTENSIONS_COMMON_EXTENSION_FEATURES_H_