DevTools: apply User-Agent override when performing a CORS preflight

Change-Id: Iab48be6f9588bd1ce118892823323dfeae67abb8 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2320996 Commit-Queue: Andrey Kosyakov <caseq@chromium.org> Reviewed-by: Yutaka Hirano <yhirano@chromium.org> Cr-Commit-Position: refs/heads/master@{#792364}

DevTools: apply User-Agent override when performing a CORS preflight
Change-Id: Iab48be6f9588bd1ce118892823323dfeae67abb8 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2320996 Commit-Queue: Andrey Kosyakov <caseq@chromium.org> Reviewed-by: Yutaka Hirano <yhirano@chromium.org> Cr-Commit-Position: refs/heads/master@{#792364}
b1a9f297 · Andrey Kosyakov · Commit Bot · 68035f6b · b1a9f297 · b1a9f297
Commit b1a9f297 authored Jul 28, 2020 by Andrey Kosyakov Committed by Commit Bot Jul 28, 2020
3 changed files
--- a/services/network/cors/preflight_controller.cc
+++ b/services/network/cors/preflight_controller.cc
@@ -123,6 +123,17 @@ std::unique_ptr<ResourceRequest> CreatePreflightRequest(
      net::HttpRequestHeaders::kOrigin,
      (tainted ? url::Origin() : *request.request_initiator).Serialize());
+  // We normally set User-Agent down in the network stack, but the DevTools
+  // emulation override is applied on a higher level (renderer or browser),
+  // so copy User-Agent from the original request, if present.
+  // TODO(caseq, morlovich): do the same for client hints.
+  std::string user_agent;
+  if (request.headers.GetHeader(net::HttpRequestHeaders::kUserAgent,
+                                &user_agent)) {
+    preflight_request->headers.SetHeader(net::HttpRequestHeaders::kUserAgent,
+                                         user_agent);
+  }
  // Additional headers that the algorithm in the spec does not require, but
  // it's better that CORS preflight requests have them.
  preflight_request->headers.SetHeader("Sec-Fetch-Mode", "cors");

--- a/third_party/blink/web_tests/http/tests/inspector-protocol/emulation/user-agent-override-cors-preflight-expected.txt
+++ b/third_party/blink/web_tests/http/tests/inspector-protocol/emulation/user-agent-override-cors-preflight-expected.txt
+Tests emulation of the user agent for CORS preflight requests.
+navigator.userAgent: Nutri-Matic Drinks Dispenser
+Access-Control-Request-Headers: x-devtools-test
+User-Agent: Nutri-Matic Drinks Dispenser
--- a/third_party/blink/web_tests/http/tests/inspector-protocol/emulation/user-agent-override-cors-preflight.js
+++ b/third_party/blink/web_tests/http/tests/inspector-protocol/emulation/user-agent-override-cors-preflight.js
+(async function(testRunner) {
+  const {session, dp} = await testRunner.startBlank('Tests emulation of the user agent for CORS preflight requests.');
+  await dp.Network.enable();
+  await dp.Emulation.setUserAgentOverride({userAgent: 'Nutri-Matic Drinks Dispenser'});
+  testRunner.log('navigator.userAgent: ' + await session.evaluate('navigator.userAgent'));
+  const url = 'http://localhost:8000/inspector-protocol/network/resources/cors-return-post.php';
+  session.evaluate(`
+      fetch("${url}", {method: 'POST', headers: {'X-DevTools-Test': 'foo'}, body: 'test'})
+  `);
+  const {headers} = (await dp.Network.onceRequestWillBeSentExtraInfo()).params;
+  const headers_to_dump = [
+    'Access-Control-Request-Headers',
+    'User-Agent'
+  ];
+  for (const h of headers_to_dump)
+    testRunner.log(`${h}: ${headers[h]}`);
+  testRunner.completeTest();
+})