Add credentials to non-CWS extension update checks.

This allows extensions to serve from locations that require HTTP auth. Bug: 1031500 Fixed: 1031500 Change-Id: Ied62b0f685f43bbac450147f16518db293fbaea9 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2071044 Commit-Queue: Martin Šrámek <msramek@chromium.org> Reviewed-by: Martin Šrámek <msramek@chromium.org> Reviewed-by: Sorin Jianu <sorin@chromium.org> Auto-Submit: Joshua Pawlicki <waffles@chromium.org> Cr-Commit-Position: refs/heads/master@{#745172}

Add credentials to non-CWS extension update checks.
This allows extensions to serve from locations that require HTTP auth. Bug: 1031500 Fixed: 1031500 Change-Id: Ied62b0f685f43bbac450147f16518db293fbaea9 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2071044 Commit-Queue: Martin Šrámek <msramek@chromium.org> Reviewed-by: Martin Šrámek <msramek@chromium.org> Reviewed-by: Sorin Jianu <sorin@chromium.org> Auto-Submit: Joshua Pawlicki <waffles@chromium.org> Cr-Commit-Position: refs/heads/master@{#745172}
dd827ebb · Joshua Pawlicki · Commit Bot · d6359cf4 · dd827ebb · dd827ebb
Commit dd827ebb authored Feb 27, 2020 by Joshua Pawlicki Committed by Commit Bot Feb 27, 2020
3 changed files
--- a/chrome/browser/extensions/updater/extension_updater_unittest.cc
+++ b/chrome/browser/extensions/updater/extension_updater_unittest.cc
@@ -1273,7 +1273,7 @@ class ExtensionUpdaterTest : public testing::Test {
    helper.test_url_loader_factory().SetInterceptor(base::BindLambdaForTesting(
        [&](const network::ResourceRequest& request) {
          EXPECT_TRUE(request.load_flags == kExpectedLoadFlags);
-          EXPECT_EQ(network::mojom::CredentialsMode::kOmit,
+          EXPECT_EQ(network::mojom::CredentialsMode::kInclude,
                    request.credentials_mode);
        }));
    for (int i = 0; i <= ExtensionDownloader::kMaxRetries; ++i) {
@@ -1326,6 +1326,64 @@ class ExtensionUpdaterTest : public testing::Test {
    Mock::VerifyAndClearExpectations(&delegate);
  }
+  void TestManifestCredentialsNonWebstore() {
+    NotificationsObserver observer;
+    ExtensionDownloaderTestHelper helper;
+    helper.downloader().manifests_queue_.set_backoff_policy(&kNoBackoffPolicy);
+    GURL kUpdateUrl("http://localhost/manifest1");
+    std::unique_ptr<ManifestFetchData> fetch(
+        CreateManifestFetchData(kUpdateUrl));
+    ManifestFetchData::PingData zeroDays(0, 0, true, 0);
+    fetch->AddExtension("1111", "1.0", &zeroDays, kEmptyUpdateUrlData,
+                        std::string(), std::string(),
+                        ManifestFetchData::FetchPriority::BACKGROUND);
+    helper.downloader().StartUpdateCheck(std::move(fetch));
+    RunUntilIdle();
+    helper.test_url_loader_factory().SetInterceptor(base::BindLambdaForTesting(
+        [&](const network::ResourceRequest& request) {
+          EXPECT_EQ(network::mojom::CredentialsMode::kInclude,
+                    request.credentials_mode);
+        }));
+    auto* request = helper.GetPendingRequest(0);
+    helper.test_url_loader_factory().SimulateResponseForPendingRequest(
+        request->request.url, network::URLLoaderCompletionStatus(net::OK),
+        network::CreateURLResponseHead(net::HTTP_INTERNAL_SERVER_ERROR), "");
+    RunUntilIdle();
+  }
+  void TestManifestCredentialsWebstore() {
+    NotificationsObserver observer;
+    ExtensionDownloaderTestHelper helper;
+    helper.downloader().manifests_queue_.set_backoff_policy(&kNoBackoffPolicy);
+    GURL kUpdateUrl(extension_urls::kChromeWebstoreUpdateURL);
+    std::unique_ptr<ManifestFetchData> fetch(
+        CreateManifestFetchData(kUpdateUrl));
+    ManifestFetchData::PingData zeroDays(0, 0, true, 0);
+    fetch->AddExtension("1111", "1.0", &zeroDays, kEmptyUpdateUrlData,
+                        std::string(), std::string(),
+                        ManifestFetchData::FetchPriority::BACKGROUND);
+    helper.downloader().StartUpdateCheck(std::move(fetch));
+    RunUntilIdle();
+    helper.test_url_loader_factory().SetInterceptor(base::BindLambdaForTesting(
+        [&](const network::ResourceRequest& request) {
+          EXPECT_EQ(network::mojom::CredentialsMode::kOmit,
+                    request.credentials_mode);
+        }));
+    auto* request = helper.GetPendingRequest(0);
+    helper.test_url_loader_factory().SimulateResponseForPendingRequest(
+        request->request.url, network::URLLoaderCompletionStatus(net::OK),
+        network::CreateURLResponseHead(net::HTTP_INTERNAL_SERVER_ERROR), "");
+    RunUntilIdle();
+  }
  void TestSingleExtensionDownloading(bool pending, bool retry, bool fail) {
    ExtensionUpdater::ScopedSkipScheduledCheckForTest skip_scheduled_checks;
    ExtensionDownloaderTestHelper helper;
@@ -2500,6 +2558,11 @@ TEST_F(ExtensionUpdaterTest, TestManifestFetchDataMerge) {
                    ManifestFetchData::FetchPriority::FOREGROUND);
 }
+TEST_F(ExtensionUpdaterTest, TestManifestFetchCredentials) {
+  TestManifestCredentialsWebstore();
+  TestManifestCredentialsNonWebstore();
+}
 // TODO(asargent) - (http://crbug.com/12780) add tests for:
 // -prodversionmin (shouldn't update if browser version too old)
 // -manifests & updates arriving out of order / interleaved

--- a/extensions/browser/updater/extension_downloader.cc
+++ b/extensions/browser/updater/extension_downloader.cc
@@ -542,7 +542,7 @@ void ExtensionDownloader::CreateManifestLoader() {
          sender: "Extension Downloader"
          description:
            "Fetches information about an extension manifest (using its "
-            "update_url, which is usually Chrome WebStore) in order to update "
+            "update_url, which is usually Chrome Web Store) in order to update "
            "the extension."
          trigger:
            "An update timer indicates that it's time to update extensions, or "
@@ -550,12 +550,14 @@ void ExtensionDownloader::CreateManifestLoader() {
          data:
            "The extension id, version and install source (the cause of the "
            "update flow). The client's OS, architecture, language, Chromium "
-            "version, channel and a flag stating whether the request originated"
+            "version, channel and a flag stating whether the request "
-            "in the foreground or the background."
+            "originated in the foreground or the background. Authentication is "
+            "used only for non-Chrome-Web-Store update_urls."
          destination: WEBSITE
        }
        policy {
-          cookies_allowed: NO
+          cookies_allowed: YES
+          cookies_store: "user"
          setting:
            "This feature cannot be disabled. It is only enabled when the user "
            "has installed extensions."
@@ -571,9 +573,8 @@ void ExtensionDownloader::CreateManifestLoader() {
  auto resource_request = std::make_unique<network::ResourceRequest>();
  resource_request->url = active_request->full_url(),
  resource_request->load_flags = net::LOAD_DISABLE_CACHE;
-  resource_request->credentials_mode = network::mojom::CredentialsMode::kOmit;
-  // Send traffic-management headers to the webstore.
+  // Send traffic-management headers to the webstore, and omit credentials.
  // https://bugs.chromium.org/p/chromium/issues/detail?id=647516
  if (extension_urls::IsWebstoreUpdateUrl(active_request->full_url())) {
    resource_request->headers.SetHeader(kUpdateInteractivityHeader,
@@ -586,6 +587,11 @@ void ExtensionDownloader::CreateManifestLoader() {
        base::StringPrintf(
            "%s-%s", UpdateQueryParams::GetProdIdString(UpdateQueryParams::CRX),
            UpdateQueryParams::GetProdVersion().c_str()));
+    resource_request->credentials_mode = network::mojom::CredentialsMode::kOmit;
+  } else {
+    // Non-webstore sources may require HTTP auth.
+    resource_request->credentials_mode =
+        network::mojom::CredentialsMode::kInclude;
  }
  manifest_loader_ = network::SimpleURLLoader::Create(

--- a/tools/traffic_annotation/summary/annotations.xml
+++ b/tools/traffic_annotation/summary/annotations.xml
@@ -97,7 +97,7 @@ Refer to README.md for content description and update process.
 <item id="extension_blacklist" hash_code="59592717" type="0" content_hash_code="116742516" os_list="linux,windows" file_path="chrome/browser/extensions/blacklist_state_fetcher.cc"/>
 <item id="extension_crx_fetcher" hash_code="21145003" type="0" content_hash_code="79150319" os_list="linux,windows" file_path="extensions/browser/updater/extension_downloader.cc"/>
 <item id="extension_install_signer" hash_code="50464499" type="0" content_hash_code="88088656" os_list="linux,windows" file_path="chrome/browser/extensions/install_signer.cc"/>
- <item id="extension_manifest_fetcher" hash_code="5151071" type="0" content_hash_code="25187227" os_list="linux,windows" file_path="extensions/browser/updater/extension_downloader.cc"/>
+ <item id="extension_manifest_fetcher" hash_code="5151071" type="0" content_hash_code="75239211" os_list="linux,windows" file_path="extensions/browser/updater/extension_downloader.cc"/>
 <item id="external_policy_fetcher" hash_code="9459438" type="0" content_hash_code="64260484" os_list="linux,windows" file_path="components/policy/core/common/cloud/external_policy_data_fetcher.cc"/>
 <item id="family_info" hash_code="30913825" type="0" deprecated="2019-07-30" content_hash_code="25369370" file_path=""/>
 <item id="favicon_loader" hash_code="112189210" type="0" content_hash_code="70773116" os_list="linux,windows" file_path="content/renderer/loader/web_url_loader_impl.cc"/>