PlzDedicatedWorker: Fix site-for-cookies.

When kPlzDedicatedWorker was enabled, requests for worker scripts made
in cross-origin iframes would incorrectly include same-site cookies.
This CL makes those requests use the site-for-cookies of the referring
frame instead.

If cross-site dedicated workers were supported, more work would be
needed to handle them correctly, but it doesn't look like that's the
case.

Bug: 1046435
Change-Id: I3dd90fd7d46af7f9cee840730a824b053cf137f1
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2040067
Commit-Queue: Matt Menke <mmenke@chromium.org>
Reviewed-by: Matt Falkenhagen <falken@chromium.org>
Reviewed-by: Hiroki Nakagawa <nhiroki@chromium.org>
Cr-Commit-Position: refs/heads/master@{#741105}

content/browser/worker_host/dedicated_worker_host.cc

@@ -199,6 +199,7 @@ void DedicatedWorkerHost::StartScriptLoad(
 
   WorkerScriptFetchInitiator::Start(
       worker_process_host_->GetID(), script_url, creator_render_frame_host,
+      nearest_ancestor_render_frame_host->ComputeSiteForCookies(),
       request_initiator_origin, network_isolation_key_, credentials_mode,
       std::move(outside_fetch_client_settings_object),
       blink::mojom::ResourceType::kWorker,

content/browser/worker_host/shared_worker_service_impl.cc

@@ -309,9 +309,14 @@ SharedWorkerHost* SharedWorkerServiceImpl::CreateWorker(
   // Cloning before std::move() so that the object can be used in two functions.
   auto cloned_outside_fetch_client_settings_object =
       outside_fetch_client_settings_object.Clone();
+  // TODO(mmenke): The site-for-cookies and NetworkIsolationKey arguments leak
+  // data across NetworkIsolationKeys and allow same-site cookies to be sent in
+  // cross-site contexts. Fix this.
   WorkerScriptFetchInitiator::Start(
       worker_process_host->GetID(), host->instance().url(),
-      creator_render_frame_host, host->instance().constructor_origin(),
+      creator_render_frame_host,
+      net::SiteForCookies::FromUrl(host->instance().url()),
+      host->instance().constructor_origin(),
       net::NetworkIsolationKey(origin, origin), credentials_mode,
       std::move(outside_fetch_client_settings_object),
       blink::mojom::ResourceType::kSharedWorker, service_worker_context_,

content/browser/worker_host/worker_script_fetch_initiator.cc

@@ -60,6 +60,7 @@ void WorkerScriptFetchInitiator::Start(
     int worker_process_id,
     const GURL& script_url,
     RenderFrameHost* creator_render_frame_host,
+    const net::SiteForCookies& site_for_cookies,
     const url::Origin& request_initiator,
     const net::NetworkIsolationKey& trusted_network_isolation_key,
     network::mojom::CredentialsMode credentials_mode,
@@ -122,7 +123,7 @@ void WorkerScriptFetchInitiator::Start(
 
   resource_request = std::make_unique<network::ResourceRequest>();
   resource_request->url = script_url;
-  resource_request->site_for_cookies = net::SiteForCookies::FromUrl(script_url);
+  resource_request->site_for_cookies = site_for_cookies;
   resource_request->request_initiator = request_initiator;
   resource_request->referrer = sanitized_referrer.url,
   resource_request->referrer_policy = Referrer::ReferrerPolicyForUrlRequest(

content/browser/worker_host/worker_script_fetch_initiator.h

@@ -26,6 +26,10 @@ namespace blink {
 class PendingURLLoaderFactoryBundle;
 }  // namespace blink
 
+namespace net {
+class SiteForCookies;
+}  // namespace net
+
 namespace network {
 class SharedURLLoaderFactory;
 }  // namespace network
@@ -61,6 +65,7 @@ class WorkerScriptFetchInitiator {
       int worker_process_id,
       const GURL& script_url,
       RenderFrameHost* creator_render_frame_host,
+      const net::SiteForCookies& site_for_cookies,
       const url::Origin& request_initiator,
       const net::NetworkIsolationKey& trusted_network_isolation_key,
       network::mojom::CredentialsMode credentials_mode,