[ServiceWorker] Forbid reusing resource if requests have different credentials mode

This CL is to fix the root cause for failures of service worker wpt
tests.

The test loads an url for an Image object with 'anonymous' crossOrigin
property at line227 of fetch-canvas-tainting-iframe.html, succeeds in
loading without tainting, and then it loads the url again for another
Image object with 'use-credentials' crossOrigin property at line234,
this is expected to result in loading error, but currently it results
in success. The root cause is that Memory Cache is reusing the first
time's response for the second time resource request, although these
two requests have different credentials mode.

BUG=735883
TEST=blink_tests
external/wpt/service-workers/service-worker/fetch-canvas-tainting.https.html
external/wpt/service-workers/service-worker/fetch-canvas-tainting-cache.https.html

Change-Id: I9acdcf3811b6dcd5ea2ffe858ec35f51f7f2cc3f
Reviewed-on: https://chromium-review.googlesource.com/567690Reviewed-by: Tsuyoshi Horo <horo@chromium.org>
Reviewed-by: Takeshi Yoshino <tyoshino@chromium.org>
Commit-Queue: Han Leon <leon.han@intel.com>
Cr-Commit-Position: refs/heads/master@{#486697}

third_party/WebKit/LayoutTests/TestExpectations

@@ -2478,11 +2478,6 @@ crbug.com/595993 external/wpt/service-workers/service-worker/request-end-to-end.
 crbug.com/595993 virtual/off-main-thread-fetch/external/wpt/service-workers/service-worker/request-end-to-end.https.html [ Failure ]
 crbug.com/595993 virtual/service-worker-script-streaming/external/wpt/service-workers/service-worker/request-end-to-end.https.html [ Failure ]
 
-crbug.com/735883 external/wpt/service-workers/service-worker/fetch-canvas-tainting.https.html [ Pass Failure ]
-crbug.com/735883 virtual/off-main-thread-fetch/external/wpt/service-workers/service-worker/fetch-canvas-tainting.https.html [ Pass Failure ]
-crbug.com/735883 external/wpt/service-workers/service-worker/fetch-canvas-tainting-cache.https.html [ Pass Failure ]
-crbug.com/735883 virtual/off-main-thread-fetch/external/wpt/service-workers/service-worker/fetch-canvas-tainting-cache.https.html [ Pass Failure ]
-
 crbug.com/619427 [ Mac Linux ] fast/overflow/overflow-height-float-not-removed-crash3.html [ Pass Failure ]
 
 crbug.com/667371 inspector/elements/styles-1/color-aware-property-value-edit.html [ Pass Failure ]

third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/fetch-canvas-tainting-cache.https-expected.txt

-This is a testharness.js-based test.
-FAIL Verify canvas tainting of fetched image in a Service Worker assert_equals: expected "finish" but got "failure:Result of url:https://web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?PNGIMAGE&mode=cors&url=https%3A%2F%2Fwww1.web-platform.test%3A8444%2Fservice-workers%2Fservice-worker%2Fresources%2Ffetch-access-control.py%3FPNGIMAGE%26ACAOrigin%3Dhttps%3A%2F%2Fweb-platform.test%3A8444&cache  cross_origin: use-credentials must be LOAD_ERROR but NOT_TAINTED"
-Harness: the test ran to completion.
-

third_party/WebKit/LayoutTests/external/wpt/service-workers/service-worker/fetch-canvas-tainting.https-expected.txt

-This is a testharness.js-based test.
-FAIL Verify canvas tainting of fetched image in a Service Worker assert_equals: expected "finish" but got "failure:Result of url:https://web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?PNGIMAGE&mode=cors&url=https%3A%2F%2Fwww1.web-platform.test%3A8444%2Fservice-workers%2Fservice-worker%2Fresources%2Ffetch-access-control.py%3FPNGIMAGE%26ACAOrigin%3Dhttps%3A%2F%2Fweb-platform.test%3A8444  cross_origin: use-credentials must be LOAD_ERROR but NOT_TAINTED"
-Harness: the test ran to completion.
-

third_party/WebKit/LayoutTests/platform/mac-mac10.11/virtual/off-main-thread-fetch/external/wpt/service-workers/service-worker/fetch-canvas-tainting.https-expected.txt

-This is a testharness.js-based test.
-FAIL Verify canvas tainting of fetched image in a Service Worker assert_equals: expected "finish" but got "failure:Result of url:https://web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?PNGIMAGE&mode=cors&url=https%3A%2F%2Fwww1.web-platform.test%3A8444%2Fservice-workers%2Fservice-worker%2Fresources%2Ffetch-access-control.py%3FPNGIMAGE%26ACAOrigin%3Dhttps%3A%2F%2Fweb-platform.test%3A8444  cross_origin: use-credentials must be LOAD_ERROR but NOT_TAINTED"
-Harness: the test ran to completion.
-

third_party/WebKit/LayoutTests/platform/mac-mac10.9/virtual/off-main-thread-fetch/external/wpt/service-workers/service-worker/fetch-canvas-tainting-cache.https-expected.txt

-This is a testharness.js-based test.
-FAIL Verify canvas tainting of fetched image in a Service Worker assert_equals: expected "finish" but got "failure:Result of url:https://www1.web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?PNGIMAGE&mode=cors&credentials=same-origin&url=https%3A%2F%2Fwww1.web-platform.test%3A8444%2Fservice-workers%2Fservice-worker%2Fresources%2Ffetch-access-control.py%3FPNGIMAGE%26ACAOrigin%3Dhttps%3A%2F%2Fweb-platform.test%3A8444&cache  cross_origin:  must be TAINTED but NOT_TAINTED"
-Harness: the test ran to completion.
-

third_party/WebKit/LayoutTests/platform/mac-retina/virtual/off-main-thread-fetch/external/wpt/service-workers/service-worker/fetch-canvas-tainting.https-expected.txt

-This is a testharness.js-based test.
-FAIL Verify canvas tainting of fetched image in a Service Worker assert_equals: expected "finish" but got "failure:Result of url:https://web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?PNGIMAGE&mode=cors&url=https%3A%2F%2Fwww1.web-platform.test%3A8444%2Fservice-workers%2Fservice-worker%2Fresources%2Ffetch-access-control.py%3FPNGIMAGE%26ACAOrigin%3Dhttps%3A%2F%2Fweb-platform.test%3A8444  cross_origin: use-credentials must be LOAD_ERROR but NOT_TAINTED"
-Harness: the test ran to completion.
-

third_party/WebKit/LayoutTests/platform/mac/virtual/off-main-thread-fetch/external/wpt/service-workers/service-worker/fetch-canvas-tainting.https-expected.txt

-This is a testharness.js-based test.
-FAIL Verify canvas tainting of fetched image in a Service Worker assert_equals: expected "finish" but got "failure:Result of url:https://www1.web-platform.test:8444/service-workers/service-worker/resources/fetch-access-control.py?PNGIMAGE&mode=cors&credentials=same-origin&url=https%3A%2F%2Fwww1.web-platform.test%3A8444%2Fservice-workers%2Fservice-worker%2Fresources%2Ffetch-access-control.py%3FPNGIMAGE%26ACAOrigin%3Dhttps%3A%2F%2Fweb-platform.test%3A8444  cross_origin:  must be TAINTED but NOT_TAINTED"
-Harness: the test ran to completion.
-

third_party/WebKit/Source/platform/loader/fetch/MemoryCacheCorrectnessTest.cpp

@@ -61,7 +61,6 @@ class MemoryCacheCorrectnessTest : public ::testing::Test {
     if (response.Url().IsNull())
       response.SetURL(KURL(kParsedURLString, kResourceURL));
     ResourceRequest request(response.Url());
-    request.SetFetchCredentialsMode(WebURLRequest::kFetchCredentialsModeOmit);
     MockResource* resource = MockResource::Create(request);
     resource->SetResponse(response);
     resource->Finish();
@@ -353,7 +352,6 @@ TEST_F(MemoryCacheCorrectnessTest, FreshWithFreshRedirect) {
   KURL redirect_target_url(kParsedURLString, kRedirectTargetUrlString);
 
   ResourceRequest request(redirect_url);
-  request.SetFetchCredentialsMode(WebURLRequest::kFetchCredentialsModeOmit);
   MockResource* first_resource = MockResource::Create(request);
 
   ResourceResponse fresh301_response;
@@ -431,7 +429,7 @@ TEST_F(MemoryCacheCorrectnessTest, FreshWithStaleRedirect) {
 TEST_F(MemoryCacheCorrectnessTest, PostToSameURLTwice) {
   ResourceRequest request1(KURL(kParsedURLString, kResourceURL));
   request1.SetHTTPMethod(HTTPNames::POST);
-  RawResource* resource1 = RawResource::Create(request1, Resource::kRaw);
+  RawResource* resource1 = RawResource::CreateForTest(request1, Resource::kRaw);
   resource1->SetStatus(ResourceStatus::kPending);
   GetMemoryCache()->Add(resource1);
 
@@ -491,7 +489,6 @@ TEST_F(MemoryCacheCorrectnessTest, 302RedirectExplicitlyFreshMaxAge) {
   KURL redirect_target_url(kParsedURLString, kRedirectTargetUrlString);
 
   ResourceRequest request(redirect_url);
-  request.SetFetchCredentialsMode(WebURLRequest::kFetchCredentialsModeOmit);
   MockResource* first_resource = MockResource::Create(request);
 
   ResourceResponse fresh302_response;
@@ -532,7 +529,6 @@ TEST_F(MemoryCacheCorrectnessTest, 302RedirectExplicitlyFreshExpires) {
   KURL redirect_target_url(kParsedURLString, kRedirectTargetUrlString);
 
   ResourceRequest request(redirect_url);
-  request.SetFetchCredentialsMode(WebURLRequest::kFetchCredentialsModeOmit);
   MockResource* first_resource = MockResource::Create(request);
 
   ResourceResponse fresh302_response;

third_party/WebKit/Source/platform/loader/fetch/RawResource.h

@@ -52,14 +52,13 @@ class PLATFORM_EXPORT RawResource final : public Resource {
   static RawResource* FetchManifest(FetchParameters&, ResourceFetcher*);
 
   // Exposed for testing
-  static RawResource* Create(ResourceRequest request, Type type) {
-    request.SetFetchCredentialsMode(WebURLRequest::kFetchCredentialsModeOmit);
+  static RawResource* CreateForTest(ResourceRequest request, Type type) {
     ResourceLoaderOptions options;
     return new RawResource(request, type, options);
   }
   static RawResource* CreateForTest(const KURL& url, Type type) {
     ResourceRequest request(url);
-    return Create(request, type);
+    return CreateForTest(request, type);
   }
   static RawResource* CreateForTest(const char* url, Type type) {
     return CreateForTest(KURL(kParsedURLString, url), type);

third_party/WebKit/Source/platform/loader/fetch/RawResourceTest.cpp

@@ -111,7 +111,8 @@ TEST_F(RawResourceTest, DontIgnoreAcceptForCacheReuse) {
   ResourceRequest jpeg_request;
   jpeg_request.SetHTTPAccept("image/jpeg");
 
-  RawResource* jpeg_resource(RawResource::Create(jpeg_request, Resource::kRaw));
+  RawResource* jpeg_resource(
+      RawResource::CreateForTest(jpeg_request, Resource::kRaw));
 
   ResourceRequest png_request;
   png_request.SetHTTPAccept("image/png");
@@ -579,7 +580,7 @@ TEST_F(RawResourceTest,
   ResourceRequest request("data:text/html,");
   request.SetHTTPHeaderField(
       HTTPNames::X_DevTools_Emulate_Network_Conditions_Client_Id, "Foo");
-  Resource* raw = RawResource::Create(request, Resource::kRaw);
+  Resource* raw = RawResource::CreateForTest(request, Resource::kRaw);
   EXPECT_TRUE(
       raw->CanReuse(FetchParameters(ResourceRequest("data:text/html,"))));
 }

third_party/WebKit/Source/platform/loader/fetch/Resource.cpp

@@ -893,7 +893,9 @@ bool Resource::CanReuse(const FetchParameters& params) const {
   if (existing_was_with_fetcher_cors_suppressed)
     return new_mode != WebURLRequest::kFetchRequestModeCORS;
 
-  return existing_mode == new_mode;
+  return existing_mode == new_mode &&
+         new_request.GetFetchCredentialsMode() ==
+             resource_request_.GetFetchCredentialsMode();
 }
 
 void Resource::Prune() {

third_party/WebKit/Source/platform/loader/fetch/ResourceTest.cpp

@@ -125,7 +125,7 @@ TEST(ResourceTest, Vary) {
   ResourceRequest old_request(url);
   old_request.SetHTTPHeaderField(HTTPNames::User_Agent, "something");
   old_request.SetHTTPHeaderField(HTTPNames::Referer, "http://foo.com");
-  resource = RawResource::Create(old_request, Resource::kRaw);
+  resource = RawResource::CreateForTest(old_request, Resource::kRaw);
   resource->ResponseReceived(response, nullptr);
   resource->Finish();