[WebID] Fetch well-known file using browser URL loader factory

The RenderFrameHost's URLLoaderFactory has CORB enabled which prevents
WebID from retrieving the .well-known/webid JSON from the IDP.

This changes WebID to use to the browser process factory.

Bug: 1141125
Change-Id: I18636fb2a155900fb6d2f2304b144aef0fa39032
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2618601Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org>
Reviewed-by: Matt Menke <mmenke@chromium.org>
Commit-Queue: Ken Buchanan <kenrb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#842712}

content/browser/webid/federated_auth_request_impl.cc

@@ -129,8 +129,7 @@ void FederatedAuthRequestImpl::OnWellKnownFetched(
   }
 
   idp_endpoint_url_ = GURL(base::StringPiece(idp_endpoint));
-  // TODO(kenrb): Do we have to check that this URL is same-origin with the
-  // provider, or is that not a requirement?
+  // TODO(kenrb): This has to be same-origin with the provider.
   // https://crbug.com/1141125
   if (!IdpUrlIsValid(idp_endpoint_url_)) {
     CompleteRequest(RequestIdTokenStatus::kError, "");

content/browser/webid/idp_network_request_manager.cc

@@ -5,7 +5,6 @@
 #include "content/browser/webid/idp_network_request_manager.h"
 
 #include "base/base64url.h"
-#include "content/public/browser/browser_context.h"
 #include "content/public/browser/render_frame_host.h"
 #include "content/public/browser/storage_partition.h"
 #include "mojo/public/cpp/bindings/remote.h"
@@ -76,9 +75,7 @@ net::NetworkTrafficAnnotationTag CreateTrafficAnnotation() {
 
 scoped_refptr<network::SharedURLLoaderFactory> GetUrlLoaderFactory(
     content::RenderFrameHost* host) {
-  return content::BrowserContext::GetDefaultStoragePartition(
-             host->GetBrowserContext())
-      ->GetURLLoaderFactoryForBrowserProcess();
+  return host->GetStoragePartition()->GetURLLoaderFactoryForBrowserProcess();
 }
 
 }  // namespace
@@ -107,8 +104,8 @@ void IdpNetworkRequestManager::FetchIDPWellKnown(
 
   idp_well_known_callback_ = std::move(callback);
 
-  const url::Origin& idp = url::Origin::Create(provider_);
-  GURL target_url = idp.GetURL().Resolve(kWellKnownFilePath);
+  const url::Origin& idp_origin = url::Origin::Create(provider_);
+  GURL target_url = idp_origin.GetURL().Resolve(kWellKnownFilePath);
 
   net::NetworkTrafficAnnotationTag traffic_annotation =
       CreateTrafficAnnotation();
@@ -124,18 +121,23 @@ void IdpNetworkRequestManager::FetchIDPWellKnown(
       network::mojom::CredentialsMode::kInclude;
   resource_request->headers.SetHeader(net::HttpRequestHeaders::kAccept,
                                       kAcceptMimeType);
+  // TODO(kenrb): Not following redirects is important for security because
+  // this bypasses CORB. Ensure there is a test added.
+  // https://crbug.com/1155312.
+  resource_request->redirect_mode = network::mojom::RedirectMode::kError;
   resource_request->request_initiator =
       render_frame_host_->GetLastCommittedOrigin();
+  resource_request->trusted_params = network::ResourceRequest::TrustedParams();
+  resource_request->trusted_params->isolation_info =
+      net::IsolationInfo::Create(net::IsolationInfo::RequestType::kOther,
+                                 idp_origin, idp_origin, net::SiteForCookies());
 
   url_loader_ = network::SimpleURLLoader::Create(std::move(resource_request),
                                                  traffic_annotation);
 
-  // This creates a new URLLoaderFactory that matches the RP's factory for
-  // the early uncredentialed request, which serves to minimize cross-site
-  // tracking risk in the case that the flow does not proceed any further.
-  mojo::Remote<network::mojom::URLLoaderFactory> loader_factory;
-  render_frame_host_->CreateNetworkServiceDefaultFactory(
-      loader_factory.BindNewPipeAndPassReceiver());
+  // Use the browser process URL loader factory because it has cross-origin
+  // read blocking disabled.
+  auto loader_factory = GetUrlLoaderFactory(render_frame_host_);
 
   url_loader_->DownloadToString(
       loader_factory.get(),