Skip to content

GitLab

T
tangled
Commit b347fd53 authored by Ken Buchanan's avatar Ken Buchanan Committed by Chromium LUCI CQ
Browse files
Options

[WebID] Fetch well-known file using browser URL loader factory 

The RenderFrameHost's URLLoaderFactory has CORB enabled which prevents
WebID from retrieving the .well-known/webid JSON from the IDP.

This changes WebID to use to the browser process factory.

Bug: 1141125
Change-Id: I18636fb2a155900fb6d2f2304b144aef0fa39032
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2618601Reviewed-by: default avatarŁukasz Anforowicz <lukasza@chromium.org>
Reviewed-by: default avatarMatt Menke <mmenke@chromium.org>
Commit-Queue: Ken Buchanan <kenrb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#842712}
parent c5a8110b
Hide whitespace changes
Inline Side-by-side
Showing with 15 additions and 14 deletions
content/browser/webid/federated_auth_request_impl.cc
View file @ b347fd53
...@@ -129,8 +129,7 @@ void FederatedAuthRequestImpl::OnWellKnownFetched( ...@@ -129,8 +129,7 @@ void FederatedAuthRequestImpl::OnWellKnownFetched(
} }
idp_endpoint_url_ = GURL(base::StringPiece(idp_endpoint)); idp_endpoint_url_ = GURL(base::StringPiece(idp_endpoint));
// TODO(kenrb): Do we have to check that this URL is same-origin with the // TODO(kenrb): This has to be same-origin with the provider.
// provider, or is that not a requirement?
// https://crbug.com/1141125 // https://crbug.com/1141125
if (!IdpUrlIsValid(idp_endpoint_url_)) { if (!IdpUrlIsValid(idp_endpoint_url_)) {
CompleteRequest(RequestIdTokenStatus::kError, ""); CompleteRequest(RequestIdTokenStatus::kError, "");
......
content/browser/webid/idp_network_request_manager.cc
View file @ b347fd53
...@@ -5,7 +5,6 @@ ...@@ -5,7 +5,6 @@
#include "content/browser/webid/idp_network_request_manager.h" #include "content/browser/webid/idp_network_request_manager.h"
#include "base/base64url.h" #include "base/base64url.h"
#include "content/public/browser/browser_context.h"
#include "content/public/browser/render_frame_host.h" #include "content/public/browser/render_frame_host.h"
#include "content/public/browser/storage_partition.h" #include "content/public/browser/storage_partition.h"
#include "mojo/public/cpp/bindings/remote.h" #include "mojo/public/cpp/bindings/remote.h"
...@@ -76,9 +75,7 @@ net::NetworkTrafficAnnotationTag CreateTrafficAnnotation() { ...@@ -76,9 +75,7 @@ net::NetworkTrafficAnnotationTag CreateTrafficAnnotation() {
scoped_refptr<network::SharedURLLoaderFactory> GetUrlLoaderFactory( scoped_refptr<network::SharedURLLoaderFactory> GetUrlLoaderFactory(
content::RenderFrameHost* host) { content::RenderFrameHost* host) {
return content::BrowserContext::GetDefaultStoragePartition( return host->GetStoragePartition()->GetURLLoaderFactoryForBrowserProcess();
host->GetBrowserContext())
->GetURLLoaderFactoryForBrowserProcess();
} }
} // namespace } // namespace
...@@ -107,8 +104,8 @@ void IdpNetworkRequestManager::FetchIDPWellKnown( ...@@ -107,8 +104,8 @@ void IdpNetworkRequestManager::FetchIDPWellKnown(
idp_well_known_callback_ = std::move(callback); idp_well_known_callback_ = std::move(callback);
const url::Origin& idp = url::Origin::Create(provider_); const url::Origin& idp_origin = url::Origin::Create(provider_);
GURL target_url = idp.GetURL().Resolve(kWellKnownFilePath); GURL target_url = idp_origin.GetURL().Resolve(kWellKnownFilePath);
net::NetworkTrafficAnnotationTag traffic_annotation = net::NetworkTrafficAnnotationTag traffic_annotation =
CreateTrafficAnnotation(); CreateTrafficAnnotation();
...@@ -124,18 +121,23 @@ void IdpNetworkRequestManager::FetchIDPWellKnown( ...@@ -124,18 +121,23 @@ void IdpNetworkRequestManager::FetchIDPWellKnown(
network::mojom::CredentialsMode::kInclude; network::mojom::CredentialsMode::kInclude;
resource_request->headers.SetHeader(net::HttpRequestHeaders::kAccept, resource_request->headers.SetHeader(net::HttpRequestHeaders::kAccept,
kAcceptMimeType); kAcceptMimeType);
// TODO(kenrb): Not following redirects is important for security because
// this bypasses CORB. Ensure there is a test added.
// https://crbug.com/1155312.
resource_request->redirect_mode = network::mojom::RedirectMode::kError;
resource_request->request_initiator = resource_request->request_initiator =
render_frame_host_->GetLastCommittedOrigin(); render_frame_host_->GetLastCommittedOrigin();
resource_request->trusted_params = network::ResourceRequest::TrustedParams();
resource_request->trusted_params->isolation_info =
net::IsolationInfo::Create(net::IsolationInfo::RequestType::kOther,
idp_origin, idp_origin, net::SiteForCookies());
url_loader_ = network::SimpleURLLoader::Create(std::move(resource_request), url_loader_ = network::SimpleURLLoader::Create(std::move(resource_request),
traffic_annotation); traffic_annotation);
// This creates a new URLLoaderFactory that matches the RP's factory for // Use the browser process URL loader factory because it has cross-origin
// the early uncredentialed request, which serves to minimize cross-site // read blocking disabled.
// tracking risk in the case that the flow does not proceed any further. auto loader_factory = GetUrlLoaderFactory(render_frame_host_);
mojo::Remote<network::mojom::URLLoaderFactory> loader_factory;
render_frame_host_->CreateNetworkServiceDefaultFactory(
loader_factory.BindNewPipeAndPassReceiver());
url_loader_->DownloadToString( url_loader_->DownloadToString(
loader_factory.get(), loader_factory.get(),
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment