OOR-CORS: Remove BlinkCORS related tests from ExtensionWebRequestApiTest

This patch modifies tests that see kOutOfBlinkCors feature flag, so to make them run only with OOR-CORS enabled. BlinkCors has already been deprecated and this is part of the work to remove the kOutOfBlinkCors feature work. Bug: 1053866 Change-Id: I59d3b9c42e61641053cc74aacc99493261ad51fb Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2368642 Commit-Queue: Takashi Toyoshima <toyoshim@chromium.org> Reviewed-by: Karan Bhatia <karandeepb@chromium.org> Cr-Commit-Position: refs/heads/master@{#800959}

OOR-CORS: Remove BlinkCORS related tests from ExtensionWebRequestApiTest
This patch modifies tests that see kOutOfBlinkCors feature flag, so to make them run only with OOR-CORS enabled. BlinkCors has already been deprecated and this is part of the work to remove the kOutOfBlinkCors feature work. Bug: 1053866 Change-Id: I59d3b9c42e61641053cc74aacc99493261ad51fb Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2368642 Commit-Queue: Takashi Toyoshima <toyoshim@chromium.org> Reviewed-by: Karan Bhatia <karandeepb@chromium.org> Cr-Commit-Position: refs/heads/master@{#800959}
cae1f823 · Takashi Toyoshima · Commit Bot · 61543f93 · cae1f823 · cae1f823
Commit cae1f823 authored Aug 24, 2020 by Takashi Toyoshima Committed by Commit Bot Aug 24, 2020
2 changed files
--- a/chrome/browser/extensions/api/web_request/web_request_apitest.cc
+++ b/chrome/browser/extensions/api/web_request/web_request_apitest.cc
@@ -60,7 +60,6 @@
 #include "chromeos/login/login_state/scoped_test_public_session_login_state.h"
 #include "components/embedder_support/switches.h"
 #include "components/google/core/common/google_switches.h"
-#include "components/policy/core/browser/browser_policy_connector.h"
 #include "components/policy/core/common/mock_configuration_policy_provider.h"
 #include "components/policy/policy_constants.h"
 #include "components/prefs/pref_service.h"
@@ -628,65 +627,12 @@ IN_PROC_BROWSER_TEST_F(ExtensionWebRequestApiTest,
      << message_;
 }
-enum class CorsMode {
+IN_PROC_BROWSER_TEST_F(ExtensionWebRequestApiTest,
-  kOutOfBlinkCors,
-  kBlinkCors,
-};
-class ExtensionWebRequestApiPolicyTest
-    : public ExtensionWebRequestApiTest,
-      public ::testing::WithParamInterface<CorsMode> {
- public:
-  const std::string& test_name() { return test_name_; }
- private:
-  void SetUpInProcessBrowserTestFixture() override {
-    EXPECT_CALL(provider_, IsInitializationComplete(testing::_))
-        .WillRepeatedly(testing::Return(true));
-    policy::BrowserPolicyConnector::SetPolicyProviderForTesting(&provider_);
-    switch (GetParam()) {
-      case CorsMode::kOutOfBlinkCors:
-        feature_list_.InitAndEnableFeature(network::features::kOutOfBlinkCors);
-        test_name_ += "?cors_mode=network_service";
-        break;
-      case CorsMode::kBlinkCors:
-        feature_list_.InitAndDisableFeature(network::features::kOutOfBlinkCors);
-        test_name_ += "?cors_mode=blink";
-        break;
-    }
-    ExtensionWebRequestApiTest::SetUpInProcessBrowserTestFixture();
-  }
-  void UpdatePolicy(const std::string& policy, base::Value value) {
-    policy::PolicyMap policy_map;
-    policy_map.Set(policy, policy::POLICY_LEVEL_MANDATORY,
-                   policy::POLICY_SCOPE_USER, policy::POLICY_SOURCE_CLOUD,
-                   std::move(value), nullptr);
-    provider_.UpdateChromePolicy(policy_map);
-  }
- private:
-  base::test::ScopedFeatureList feature_list_;
-  policy::MockConfigurationPolicyProvider provider_;
-  std::string test_name_ = "test_cors.html";
-};
-IN_PROC_BROWSER_TEST_P(ExtensionWebRequestApiPolicyTest,
                       WebRequestCORSWithExtraHeaders) {
  ASSERT_TRUE(StartEmbeddedTestServer());
-  ASSERT_TRUE(RunExtensionSubtest("webrequest", test_name())) << message_;
+  ASSERT_TRUE(RunExtensionSubtest("webrequest", "test_cors.html")) << message_;
 }
-INSTANTIATE_TEST_SUITE_P(Enabled,
-                         ExtensionWebRequestApiPolicyTest,
-                         testing::Values(CorsMode::kOutOfBlinkCors));
-INSTANTIATE_TEST_SUITE_P(Disabled,
-                         ExtensionWebRequestApiPolicyTest,
-                         testing::Values(CorsMode::kBlinkCors));
 IN_PROC_BROWSER_TEST_F(ExtensionWebRequestApiTest, WebRequestRedirects) {
  ASSERT_TRUE(StartEmbeddedTestServer());
  ASSERT_TRUE(RunExtensionSubtest("webrequest", "test_redirects.html"))

--- a/chrome/test/data/extensions/api_test/webrequest/test_cors.js
+++ b/chrome/test/data/extensions/api_test/webrequest/test_cors.js
@@ -7,18 +7,8 @@ const listeningUrlPattern = '*://cors.example.com/*';
 const params = (new URL(location.href)).searchParams;
 const BASE = 'extensions/api_test/webrequest/cors/';
-function getCorsMode() {
-  const name = 'cors_mode';
-  chrome.test.assertTrue(params.has(name));
-  const mode = params.get(name);
-  chrome.test.assertTrue(mode == 'blink' || mode == 'network_service');
-  return mode;
-}
 function setExpectationsForNonObservablePreflight() {
  // In this case the preflight request is not observable.
-  chrome.test.assertTrue(getCorsMode() == 'network_service');
  const url = getServerURL(BASE + 'accept', 'cors.example.com');
  const method = 'GET';
  const initiator = getServerURL('').slice(0, -1);
@@ -146,38 +136,27 @@ function setExpectationsForObservablePreflight(extraInfoSpec) {
  // should arrive, but we are not sure which comes first - that is essentially
  // racy, so we cannot have an expecation here.
-  let events;
+  // First, onBeforeRequest is called for the actual request, and then the
-  let eventsOrder;
+  // preflight request is made. As there is no 'access-control-allow-headers'
-  if (getCorsMode() == 'network_service') {
+  // header in the preflight response, the actual request fails whereas the
-    // When the CORS module is in the network process, onBeforeRequest is called
+  // preflight request succeeds.
-    // for the actual request first, and then the preflight request is made.
+  let events = [
-    // As there is no 'access-control-allow-headers' header in the preflight
+    { label: 'onBeforeRequest',
-    // response, the actual request fails whereas the preflight request
+      event: 'onBeforeRequest',
-    // succeeds.
+      details: {
-    events = [
+        url: url,
-      { label: 'onBeforeRequest',
+        method: 'GET',
-        event: 'onBeforeRequest',
+        initiator,
-        details: {
+        type: 'xmlhttprequest',
-          url: url,
+        frameUrl: 'unknown frame URL',
-          method: 'GET',
-          initiator,
-          type: 'xmlhttprequest',
-          frameUrl: 'unknown frame URL',
-        },
      },
-    ].concat(eventsForPreflight);
+    },
-    eventOrder = ['onBeforeRequest'].concat(eventOrderForPreflight);
+  ].concat(eventsForPreflight);
+  let eventOrder = ['onBeforeRequest'].concat(eventOrderForPreflight);
-    // We should see the cancellation of the actual request, but we cannot
-    // have that expecation here because we don't have an expecation on
+  // We should see the cancellation of the actual request, but we cannot
-    // the completion of the preflight request. See above.
+  // have that expecation here because we don't have an expecation on
-  } else {
+  // the completion of the preflight request. See above.
-    // In this case, the preflight request is made first, and blink will not
-    // make the actual request because of the lack of an
-    // 'access-control-allow-headers' header in the preflight response.
-    events = eventsForPreflight;
-    eventOrder = eventOrderForPreflight;
-  }
  expect(
      events,
@@ -217,15 +196,14 @@ function registerRequestHeaderInjectionListeners(extraInfoSpec) {
      beforeSendHeadersListener, {urls: [listeningUrlPattern]}, extraInfoSpec);
  // If the 'x-foo' header is injected by |beforeSendHeadersListener| without
-  // 'extraHeaders' and with OOR-CORS being enabled, it triggers CORS
+  // 'extraHeaders', it triggers CORS preflight, and the response for the
-  // preflight, and the response for the preflight OPTIONS request is expected
+  // preflight OPTIONS request is expected to have the
-  // to have the 'Access-Control-Allow-Headers: x-foo' header to pass the
+  // 'Access-Control-Allow-Headers: x-foo' header to pass the security checks.
-  // security checks. Since the mock-http-headers for the target URL does not
+  // Since the mock-http-headers for the target URL does not provide the
-  // provide the required header, the request fails in the CORS preflight.
+  // required header, the request fails in the CORS preflight. Otherwises,
-  // Otherwises, modified headers are not observed by CORS implementations, and
+  // modified headers are not observed by CORS implementations, and do not
-  // do not trigger the CORS preflight.
+  // trigger the CORS preflight.
-  const triggerPreflight = !extraInfoSpec.includes('extraHeaders') &&
+  const triggerPreflight = !extraInfoSpec.includes('extraHeaders');
-      getCorsMode() == 'network_service';
  const event = triggerPreflight ? chrome.webRequest.onErrorOccurred :
                                   chrome.webRequest.onCompleted;
@@ -248,11 +226,10 @@ function registerResponseHeaderInjectionListeners(extraInfoSpec) {
  chrome.webRequest.onHeadersReceived.addListener(
      headersReceivedListener, {urls: [listeningUrlPattern]}, extraInfoSpec);
-  // If the 'extraHeaders' is not specified and OOR-CORS is enabled, Chrome
+  // If the 'extraHeaders' is not specified, Chrome detects CORS failures
-  // detects CORS failures before |headerReceivedListener| is called and injects
+  // before |headerReceivedListener| is called and injects fake headers to
-  // fake headers to deceive the CORS checks.
+  // deceive the CORS checks.
-  const canInjectFakeCorsResponse = extraInfoSpec.includes('extraHeaders') ||
+  const canInjectFakeCorsResponse = extraInfoSpec.includes('extraHeaders');
-      getCorsMode() == 'blink';
  const event = canInjectFakeCorsResponse ? chrome.webRequest.onCompleted :
                                            chrome.webRequest.onErrorOccurred;
@@ -420,38 +397,20 @@ function setExpectationsForSuccessfulPreflight() {
      },
    },
  ];
-  let eventOrder;
+  let eventOrder = [
-  if (getCorsMode() == 'network_service') {
+    'onBeforeRequest',
-    eventOrder = [
+    'onBeforeRequest-P',
-      'onBeforeRequest',
+    'onBeforeSendHeaders-P',
-      'onBeforeRequest-P',
+    'onSendHeaders-P',
-      'onBeforeSendHeaders-P',
+    'onHeadersReceived-P',
-      'onSendHeaders-P',
+    'onResponseStarted-P',
-      'onHeadersReceived-P',
+    'onCompleted-P',
-      'onResponseStarted-P',
+    'onBeforeSendHeaders',
-      'onCompleted-P',
+    'onSendHeaders',
-      'onBeforeSendHeaders',
+    'onHeadersReceived',
-      'onSendHeaders',
+    'onResponseStarted',
-      'onHeadersReceived',
+    'onCompleted',
-      'onResponseStarted',
+  ];
-      'onCompleted',
-    ];
-  } else {
-    eventOrder = [
-      'onBeforeRequest-P',
-      'onBeforeSendHeaders-P',
-      'onSendHeaders-P',
-      'onHeadersReceived-P',
-      'onResponseStarted-P',
-      'onCompleted-P',
-      'onBeforeRequest',
-      'onBeforeSendHeaders',
-      'onSendHeaders',
-      'onHeadersReceived',
-      'onResponseStarted',
-      'onCompleted',
-    ];
-  }
  expect(
      events,
      [eventOrder],
@@ -485,10 +444,7 @@ function registerPreflightBlockingListener() {
          hasSeenPreflightError = true;
        }
-        // We see an error event for the actual request only when OOR-CORS
+        if (details.method === 'GET') {
-        // is enabled; otherwise the CORS module in blink doesn't make a network
-        // request for the actual request.
-        if (details.method === 'GET' || getCorsMode() == 'blink') {
          chrome.webRequest.onErrorOccurred.removeListener(onErrorOccurred);
          chrome.test.assertTrue(hasSeenPreflightError);
          done();
@@ -512,29 +468,21 @@ function registerPreflightRedirectingListener() {
        }
      }, {urls: [url]}, ['blocking', 'extraHeaders']);
-  if (getCorsMode() == 'network_service') {
+  // We see failures on both the preflight and the actual request.
-    // When CORS is implemented in the network service, we see failures on both
+  const done = callbackPass(() => {});
-    // the preflight and the actual request.
+  let hasSeenPreflightError = false;
-    const done = callbackPass(() => {});
+  chrome.webRequest.onErrorOccurred.addListener(
-    let hasSeenPreflightError = false;
+      function onErrorOccurred(details) {
-    chrome.webRequest.onErrorOccurred.addListener(
+        if (details.method === 'OPTIONS') {
-        function onErrorOccurred(details) {
+          hasSeenPreflightError = true;
-          if (details.method === 'OPTIONS') {
+        }
-            hasSeenPreflightError = true;
-          }
-          if (details.method === 'GET') {
+        if (details.method === 'GET') {
-            chrome.webRequest.onErrorOccurred.removeListener(onErrorOccurred);
+          chrome.webRequest.onErrorOccurred.removeListener(onErrorOccurred);
-            chrome.test.assertTrue(hasSeenPreflightError);
+          chrome.test.assertTrue(hasSeenPreflightError);
-            done();
+          done();
-          }
+        }
-        }, {urls: [url]});
+      }, {urls: [url]});
-  } else {
-    // In this case we see no completion events nor error events - The renderer
-    // cancels the preflight request in the redirect handling logic, and
-    // WebRequestProxyingURLLoaderFactory suppresses events in such a case.
-    // See https://crbug.com/1014816.
-  }
 }
 function registerOnBeforeRequestAndOnErrorOcurredListeners() {
@@ -542,7 +490,7 @@ function registerOnBeforeRequestAndOnErrorOcurredListeners() {
  const onBeforeRequestCalledForPreflight = callbackPass(() => {});
  // onBeforeRequest doesn't have "extraHeaders", but it sees a preflight
-  // even when OOR-CORS is enabled, because onErrorOccurred has "extraHeaders".
+  // because onErrorOccurred has "extraHeaders".
  chrome.webRequest.onBeforeRequest.addListener((details) => {
    if (details.method === 'OPTIONS') {
      onBeforeRequestCalledForPreflight();
@@ -557,13 +505,9 @@ function registerOnBeforeRequestAndOnErrorOcurredListeners() {
 runTests([
  function testOriginHeader() {
    // Register two sets of listener. One with extraHeaders and the second one
-    // without it.
+    // without it. The Origin header is invisible if the extraHeaders is not
-    // If OOR-CORS is enabled, the Origin header is invisible if the
+    // specified.
-    // extraHeaders is not specified.
+    registerOriginListeners([], ['origin'], ['requestHeaders']);
-    if (getCorsMode() == 'network_service')
-      registerOriginListeners([], ['origin'], ['requestHeaders']);
-    else
-      registerOriginListeners(['origin'], [], ['requestHeaders']);
    registerOriginListeners(['origin'], [], ['requestHeaders', 'extraHeaders']);
    // Wait for the navigation to complete.
@@ -602,11 +546,7 @@ runTests([
        'extensions/api_test/webrequest/cors/fetch.html?path=reject'));
  },
  function testCorsPreflightWithoutExtraHeaders() {
-    if (getCorsMode() == 'network_service') {
+    setExpectationsForNonObservablePreflight();
-      setExpectationsForNonObservablePreflight();
-    } else {
-      setExpectationsForObservablePreflight([]);
-    }
    navigateAndWait(getServerURL(
        BASE + 'fetch.html?path=accept&with-preflight'));
  },