Portals: Add support for frame-src CSP directive.

This allows the portal host to honor the frame-src policy which can block attempts to load or navigate to certain origins. Bug: 958042 Change-Id: I906dfc5b5b9313eeefed5e72fb057ed02aa37870 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1584930Reviewed-by: Nasko Oskov <nasko@chromium.org> Reviewed-by: Andy Paicu <andypaicu@chromium.org> Commit-Queue: Lucas Gadani <lfg@chromium.org> Cr-Commit-Position: refs/heads/master@{#658404}

Portals: Add support for frame-src CSP directive.
This allows the portal host to honor the frame-src policy which can block attempts to load or navigate to certain origins. Bug: 958042 Change-Id: I906dfc5b5b9313eeefed5e72fb057ed02aa37870 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1584930Reviewed-by: Nasko Oskov <nasko@chromium.org> Reviewed-by: Andy Paicu <andypaicu@chromium.org> Commit-Queue: Lucas Gadani <lfg@chromium.org> Cr-Commit-Position: refs/heads/master@{#658404}
9d5bc5ec · Lucas Furukawa Gadani · Commit Bot · 48b51470 · 9d5bc5ec · 9d5bc5ec
Commit 9d5bc5ec authored May 10, 2019 by Lucas Furukawa Gadani Committed by Commit Bot May 10, 2019
4 changed files
--- a/content/browser/frame_host/navigation_request.cc
+++ b/content/browser/frame_host/navigation_request.cc
@@ -2242,6 +2242,17 @@ net::Error NavigationRequest::CheckContentSecurityPolicy(
  FrameTreeNode* parent_ftn = frame_tree_node()->parent();
  RenderFrameHostImpl* parent =
      parent_ftn ? parent_ftn->current_frame_host() : nullptr;
+  if (!parent && frame_tree_node()
+                     ->current_frame_host()
+                     ->GetRenderViewHost()
+                     ->GetDelegate()
+                     ->IsPortal()) {
+    parent = frame_tree_node()
+                 ->render_manager()
+                 ->GetOuterDelegateNode()
+                 ->current_frame_host()
+                 ->GetParent();
+  }

  // TODO(andypaicu,https://crbug.com/837627): the current_frame_host is the
  // wrong RenderFrameHost. We should be using the navigation initiator

--- a/third_party/blink/web_tests/external/wpt/portals/csp/frame-src.sub.html
+++ b/third_party/blink/web_tests/external/wpt/portals/csp/frame-src.sub.html
+<!doctype html>
+<title>Tests that portals respect the frame-src</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<body>
+</body>
+<script>
+  async_test(function(t) {
+    var w = window.open("resources/frame-src.sub.html?frame_src_policy=%27none%27");
+    w.onload = function() {
+      w.document.addEventListener("securitypolicyviolation",
+        t.step_func_done(function(e) {
+          assert_equals("frame-src", e.violatedDirective);
+      }));
+      var portal = w.document.createElement("portal");
+      portal.src = new URL("/portals/resources/simple-portal.html", location.href);
+      portal.onmessage = t.unreached_func("Portal should not load.");
+      w.document.body.appendChild(portal);
+    }
+  }, "Tests that a portal can't be loaded when it violates frame-src");
+
+  async_test(function(t) {
+    var w = window.open(`resources/frame-src.sub.html?frame_src_policy=http://{{hosts[][www]}}:{{ports[http][0]}}`);
+    w.onload = function() {
+      w.document.onsecuritypolicyviolation = t.unreached_func("Portal should load.");
+      var portal = w.document.createElement("portal");
+      portal.src = new URL("http://{{hosts[][www]}}:{{ports[http][0]}}/portals/resources/simple-portal.html", location.href);
+      portal.onmessage = t.step_func_done();
+      w.document.body.appendChild(portal);
+    }
+  }, "Tests that a portal can be loaded when the origin matches the frame-src CSP header.");
+  async_test(function(t) {
+
+    var w = window.open(`resources/frame-src.sub.html?frame_src_policy=http://{{hosts[][www]}}:{{ports[http][0]}}`);
+    w.onload = function() {
+      var portal = w.document.createElement("portal");
+      portal.src = new URL("http://{{hosts[alt][www]}}:{{ports[http][0]}}/portals/resources/simple-portal.html", location.href);
+      w.document.onsecuritypolicyviolation = t.step_func(function(e) {
+        w.document.onsecuritypolicyviolation = null;
+        assert_equals("frame-src", e.violatedDirective);
+        portal.src = new URL("http://{{hosts[][www]}}:{{ports[http][0]}}/portals/resources/simple-portal.html", location.href);
+        portal.onmessage = t.step_func_done();
+      });
+      w.document.body.appendChild(portal);
+    }
+  }, "Tests that a portal will fail to load on an origin different than the one specified in the frame-src CSP, but that it can be loaded when the origin matches the frame-src CSP.");
+</script>
--- a/third_party/blink/web_tests/external/wpt/portals/csp/resources/frame-src.sub.html
+++ b/third_party/blink/web_tests/external/wpt/portals/csp/resources/frame-src.sub.html
+<!doctype html>
+<body>
+  <h1>Content Security Policy header containing "frame-src {{GET[frame_src_policy]}}"</h1>
+</body>
--- a/third_party/blink/web_tests/external/wpt/portals/csp/resources/frame-src.sub.html.sub.headers
+++ b/third_party/blink/web_tests/external/wpt/portals/csp/resources/frame-src.sub.html.sub.headers
+Content-Type: text/html; charset=UTF-8
+Content-Security-Policy: frame-src {{GET[frame_src_policy]}}