IsolatedWorldCSP: Remove BaseFetchContext::ShouldBypassMainWorldCSP.

https://chromium-review.googlesource.com/c/chromium/src/+/2354566
plumbed DOMWrapperWorld for all resource requests. Hence we no longer
need to look at the current world to see if the main world CSP should be
bypassed in CSP checks in fetch context. Instead we can rely on the CSP
associated with the plumbed DOMWrapperWorld. This is more accurate as it
prevents incorrectly bypassing or not bypassing the CSP when
BaseFetchContext::ShouldBypassMainWorldCSP is called asynchronously from
the point the request is initiated.

BUG=1099975

Change-Id: I6cb782dab25e3b418f5b9be79578b3b7d0e50b06
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2317030Reviewed-by: Yutaka Hirano <yhirano@chromium.org>
Reviewed-by: Dominic Farolino <dom@chromium.org>
Commit-Queue: Karan Bhatia <karandeepb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#798240}

third_party/blink/renderer/core/loader/base_fetch_context.cc

@@ -112,9 +112,8 @@ BaseFetchContext::CheckCSPForRequestInternal(
     const KURL& url_before_redirects,
     ResourceRequest::RedirectStatus redirect_status,
     ContentSecurityPolicy::CheckHeaderType check_header_type) const {
-  if (ShouldBypassMainWorldCSP() ||
-      options.content_security_policy_option ==
-          network::mojom::CSPDisposition::DO_NOT_CHECK) {
+  if (options.content_security_policy_option ==
+      network::mojom::CSPDisposition::DO_NOT_CHECK) {
     return base::nullopt;
   }
 

third_party/blink/renderer/core/loader/base_fetch_context.h

@@ -101,10 +101,6 @@ class CORE_EXPORT BaseFetchContext : public FetchContext {
   virtual const ContentSecurityPolicy* GetContentSecurityPolicyForWorld(
       const DOMWrapperWorld* world) const = 0;
 
-  // TODO(crbug.com/1099975) Remove this method once a DOMWrapperWorld is set
-  // for all requests.
-  virtual bool ShouldBypassMainWorldCSP() const = 0;
-
   virtual bool IsSVGImageChromeClient() const = 0;
   virtual bool ShouldBlockFetchByMixedContentCheck(
       mojom::blink::RequestContextType request_context,

third_party/blink/renderer/core/loader/base_fetch_context_test.cc

@@ -78,7 +78,6 @@ class MockBaseFetchContext final : public BaseFetchContext {
       const DOMWrapperWorld* world) const override {
     return GetContentSecurityPolicy();
   }
-  bool ShouldBypassMainWorldCSP() const override { return false; }
   bool IsSVGImageChromeClient() const override { return false; }
   void CountUsage(WebFeature) const override {}
   void CountDeprecation(WebFeature) const override {}

third_party/blink/renderer/core/loader/frame_fetch_context.cc

@@ -764,13 +764,6 @@ FrameFetchContext::GetContentSecurityPolicyForWorld(
       world);
 }
 
-bool FrameFetchContext::ShouldBypassMainWorldCSP() const {
-  if (GetResourceFetcherProperties().IsDetached())
-    return false;
-
-  return ContentSecurityPolicy::ShouldBypassMainWorld(GetFrame()->DomWindow());
-}
-
 bool FrameFetchContext::IsSVGImageChromeClient() const {
   if (GetResourceFetcherProperties().IsDetached())
     return frozen_state_->is_svg_image_chrome_client;

third_party/blink/renderer/core/loader/frame_fetch_context.h

@@ -148,7 +148,6 @@ class CORE_EXPORT FrameFetchContext final : public BaseFetchContext {
                                ResourceType) const override;
   const ContentSecurityPolicy* GetContentSecurityPolicyForWorld(
       const DOMWrapperWorld* world) const override;
-  bool ShouldBypassMainWorldCSP() const override;
   bool IsSVGImageChromeClient() const override;
   void CountUsage(WebFeature) const override;
   void CountDeprecation(WebFeature) const override;

third_party/blink/renderer/core/loader/worker_fetch_context.cc

@@ -113,13 +113,6 @@ WorkerFetchContext::GetContentSecurityPolicyForWorld(
   return GetContentSecurityPolicy();
 }
 
-bool WorkerFetchContext::ShouldBypassMainWorldCSP() const {
-  // This method was introduced to bypass the page's CSP while running the
-  // script from an isolated world (ex: Chrome extensions). But worker threads
-  // doesn't have any isolated world. So we can just return false.
-  return false;
-}
-
 bool WorkerFetchContext::IsSVGImageChromeClient() const {
   return false;
 }

third_party/blink/renderer/core/loader/worker_fetch_context.h

@@ -56,7 +56,6 @@ class WorkerFetchContext final : public BaseFetchContext {
                                ResourceType) const override;
   const ContentSecurityPolicy* GetContentSecurityPolicyForWorld(
       const DOMWrapperWorld* world) const override;
-  bool ShouldBypassMainWorldCSP() const override;
   bool IsSVGImageChromeClient() const override;
   void CountUsage(WebFeature) const override;
   void CountDeprecation(WebFeature) const override;