Worker: Set ResourceRequest::upgrade_if_insecure_ for PlzDedicatedWorker and PlzSharedWorker

Before this CL, ResourceRequest for browser-initiated worker script loading
(PlzDedicatedWorker and PlzSharedWorker) always doesn't set the
|upgrade_if_insecure_| flag, and upgrade-insecure-requests handing completely
doesn't work. To fix it, this CL plumbs the flag from outside
FetchClientSettingsObject in a renderer process to the request created in the
browser process.

upgrade-insecure-requests handling works only when the browser-initiated request
is redirected from a secure context to an insecure context. For non-redirect
case where the request is directly sent to an insecure context from a secure
context, upgrade-insecure-requests handling doesn't work because of
https://crbug.com/917532

Note that this removes expectation files for virtual/omt-worker-fetch, but some
tests are still suppressed by another expectation files for non-virtual.

Bug: 906991, 917532, 987491
Change-Id: I690db42609133390fc6dc4aae150e0d94eab3199
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1715899
Commit-Queue: Hiroki Nakagawa <nhiroki@chromium.org>
Reviewed-by: Hiroshige Hayashizaki <hiroshige@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Cr-Commit-Position: refs/heads/master@{#682634}

content/browser/service_worker/service_worker_single_script_update_checker.cc

@@ -174,6 +174,11 @@ ServiceWorkerSingleScriptUpdateChecker::ServiceWorkerSingleScriptUpdateChecker(
     resource_request.resource_type = static_cast<int>(ResourceType::kScript);
   }
 
+  // Upgrade the request to an a priori authenticated URL, if appropriate.
+  // https://w3c.github.io/webappsec-upgrade-insecure-requests/#upgrade-request
+  // TODO(https://crbug.com/987491): Set |ResourceRequest::upgrade_if_insecure_|
+  // appropriately.
+
   // TODO(https://crbug.com/824647): Support ES modules. Use "cors" as a mode
   // for service worker served as modules, and "omit" as a credentials mode:
   // https://html.spec.whatwg.org/C/#fetch-a-single-module-script

content/browser/worker_host/worker_script_fetch_initiator.cc

@@ -170,6 +170,12 @@ void WorkerScriptFetchInitiator::Start(
       break;
   }
 
+  // Upgrade the request to an a priori authenticated URL, if appropriate.
+  // https://w3c.github.io/webappsec-upgrade-insecure-requests/#upgrade-request
+  resource_request->upgrade_if_insecure =
+      outside_fetch_client_settings_object->insecure_requests_policy ==
+      blink::mojom::InsecureRequestsPolicy::kUpgrade;
+
   AddAdditionalRequestHeaders(resource_request.get(), browser_context);
 
   // When navigation on UI is enabled, service worker and appcache work on the

content/renderer/worker/dedicated_worker_host_factory_client.cc

@@ -47,6 +47,7 @@ void DedicatedWorkerHostFactoryClient::CreateWorkerHost(
     const blink::WebSecurityOrigin& fetch_client_security_origin,
     network::mojom::ReferrerPolicy fetch_client_referrer_policy,
     const blink::WebURL& fetch_client_outgoing_referrer,
+    const blink::WebInsecureRequestPolicy fetch_client_insecure_request_policy,
     mojo::ScopedMessagePipeHandle blob_url_token) {
   DCHECK(blink::features::IsPlzDedicatedWorkerEnabled());
   blink::mojom::DedicatedWorkerHostFactoryClientPtr client_ptr;
@@ -58,6 +59,10 @@ void DedicatedWorkerHostFactoryClient::CreateWorkerHost(
       fetch_client_referrer_policy;
   outside_fetch_client_settings_object->outgoing_referrer =
       fetch_client_outgoing_referrer;
+  outside_fetch_client_settings_object->insecure_requests_policy =
+      fetch_client_insecure_request_policy & blink::kUpgradeInsecureRequests
+          ? blink::mojom::InsecureRequestsPolicy::kUpgrade
+          : blink::mojom::InsecureRequestsPolicy::kDoNotUpgrade;
 
   factory_->CreateWorkerHostAndStartScriptLoad(
       script_url, script_origin, credentials_mode,

content/renderer/worker/dedicated_worker_host_factory_client.h

@@ -49,6 +49,8 @@ class DedicatedWorkerHostFactoryClient final
       const blink::WebSecurityOrigin& fetch_client_security_origin,
       network::mojom::ReferrerPolicy fetch_client_referrer_policy,
       const blink::WebURL& fetch_client_outgoing_referrer,
+      const blink::WebInsecureRequestPolicy
+          fetch_client_insecure_request_policy,
       mojo::ScopedMessagePipeHandle blob_url_token) override;
   scoped_refptr<blink::WebWorkerFetchContext> CloneWorkerFetchContext(
       blink::WebWorkerFetchContext* web_worker_fetch_context,

third_party/blink/public/mojom/loader/fetch_client_settings_object.mojom

@@ -7,6 +7,12 @@ module blink.mojom;
 import "url/mojom/url.mojom";
 import "services/network/public/mojom/referrer_policy.mojom";
 
+// https://w3c.github.io/webappsec-upgrade-insecure-requests/#insecure-requests-policy
+enum InsecureRequestsPolicy {
+  kDoNotUpgrade,
+  kUpgrade,
+};
+
 // This is equivalent to blink::FetchClientSettingsObject. This struct is always
 // created by the renderer process, and forwarded to the worker's renderer
 // process or used in the browser process.
@@ -16,4 +22,5 @@ import "services/network/public/mojom/referrer_policy.mojom";
 struct FetchClientSettingsObject {
   network.mojom.ReferrerPolicy referrer_policy;
   url.mojom.Url outgoing_referrer;
+  InsecureRequestsPolicy insecure_requests_policy;
 };

third_party/blink/public/platform/web_dedicated_worker_host_factory_client.h

@@ -9,6 +9,7 @@
 #include "mojo/public/cpp/system/message_pipe.h"
 #include "services/network/public/mojom/fetch_api.mojom-shared.h"
 #include "services/network/public/mojom/referrer_policy.mojom-shared.h"
+#include "third_party/blink/public/platform/web_insecure_request_policy.h"
 
 namespace base {
 class SingleThreadTaskRunner;
@@ -41,6 +42,8 @@ class WebDedicatedWorkerHostFactoryClient {
       const blink::WebSecurityOrigin& fetch_client_security_origin,
       network::mojom::ReferrerPolicy fetch_client_referrer_policy,
       const blink::WebURL& fetch_client_outgoing_referrer,
+      const blink::WebInsecureRequestPolicy
+          fetch_client_insecure_request_policy,
       mojo::ScopedMessagePipeHandle blob_url_token) = 0;
 
   // Clones the given WebWorkerFetchContext for nested workers.

third_party/blink/renderer/core/workers/dedicated_worker.cc

@@ -248,6 +248,7 @@ void DedicatedWorker::Start() {
             outside_fetch_client_settings_object_->GetSecurityOrigin()),
         outside_fetch_client_settings_object_->GetReferrerPolicy(),
         KURL(outside_fetch_client_settings_object_->GetOutgoingReferrer()),
+        outside_fetch_client_settings_object_->GetInsecureRequestsPolicy(),
         blob_url_token.PassInterface().PassHandle());
     // Continue in OnScriptLoadStarted() or OnScriptLoadStartFailed().
     return;

third_party/blink/renderer/core/workers/shared_worker_client_holder.cc

@@ -113,11 +113,18 @@ void SharedWorkerClientHolder::Connect(
               ->GetProperties()
               .GetFetchClientSettingsObject());
 
+  mojom::InsecureRequestsPolicy insecure_requests_policy =
+      outside_fetch_client_settings_object->GetInsecureRequestsPolicy() &
+              kUpgradeInsecureRequests
+          ? mojom::InsecureRequestsPolicy::kUpgrade
+          : mojom::InsecureRequestsPolicy::kDoNotUpgrade;
+
   connector_->Connect(
       std::move(info),
       mojom::blink::FetchClientSettingsObject::New(
           outside_fetch_client_settings_object->GetReferrerPolicy(),
-          KURL(outside_fetch_client_settings_object->GetOutgoingReferrer())),
+          KURL(outside_fetch_client_settings_object->GetOutgoingReferrer()),
+          insecure_requests_policy),
       std::move(client_ptr),
       worker->GetExecutionContext()->IsSecureContext()
           ? mojom::SharedWorkerCreationContextType::kSecure

third_party/blink/web_tests/virtual/omt-worker-fetch/external/wpt/upgrade-insecure-requests/module-worker-redirect-upgrade.https-expected.txt

-This is a testharness.js-based test.
-PASS secure/same-origin => secure/same-origin worker
-FAIL insecure/same-origin => secure/same-origin worker promise_test: Unhandled rejection with value: object "SecurityError: Failed to construct 'Worker': Script at 'http://web-platform.test:8444/upgrade-insecure-requests/support/redirect-cors.py?location=https%3A%2F%2Fweb-platform.test%3A8444%2Fcommon%2Fsecurity-features%2Fsubresource%2Fworker.py' cannot be accessed from origin 'https://web-platform.test:8444'."
-FAIL secure/same-origin => insecure/same-origin worker promise_test: Unhandled rejection with value: object "[object Event]"
-FAIL insecure/same-origin => insecure/same-origin worker promise_test: Unhandled rejection with value: object "SecurityError: Failed to construct 'Worker': Script at 'http://web-platform.test:8444/upgrade-insecure-requests/support/redirect-cors.py?location=http%3A%2F%2Fweb-platform.test%3A8444%2Fcommon%2Fsecurity-features%2Fsubresource%2Fworker.py' cannot be accessed from origin 'https://web-platform.test:8444'."
-Harness: the test ran to completion.
-

third_party/blink/web_tests/virtual/omt-worker-fetch/external/wpt/upgrade-insecure-requests/worker-redirect-upgrade.https-expected.txt

-This is a testharness.js-based test.
-PASS secure/same-origin => secure/same-origin worker
-FAIL insecure/same-origin => secure/same-origin worker promise_test: Unhandled rejection with value: object "SecurityError: Failed to construct 'Worker': Script at 'http://web-platform.test:8444/upgrade-insecure-requests/support/redirect-cors.py?location=https%3A%2F%2Fweb-platform.test%3A8444%2Fcommon%2Fsecurity-features%2Fsubresource%2Fworker.py' cannot be accessed from origin 'https://web-platform.test:8444'."
-FAIL secure/same-origin => insecure/same-origin worker promise_test: Unhandled rejection with value: object "[object Event]"
-FAIL insecure/same-origin => insecure/same-origin worker promise_test: Unhandled rejection with value: object "SecurityError: Failed to construct 'Worker': Script at 'http://web-platform.test:8444/upgrade-insecure-requests/support/redirect-cors.py?location=http%3A%2F%2Fweb-platform.test%3A8444%2Fcommon%2Fsecurity-features%2Fsubresource%2Fworker.py' cannot be accessed from origin 'https://web-platform.test:8444'."
-Harness: the test ran to completion.
-