Signed Exchange: Preserve URL fragment

This patch makes SignedExchangeLoader propagate URL fragment from outer request URL to redirect (inner) URL. Bug: 865852 Change-Id: Ib4000508464a4d0cf82c4757aca05c0d670ed647 Reviewed-on: https://chromium-review.googlesource.com/1146410 Commit-Queue: Kunihiko Sakamoto <ksakamoto@chromium.org> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Cr-Commit-Position: refs/heads/master@{#577116}

Signed Exchange: Preserve URL fragment
This patch makes SignedExchangeLoader propagate URL fragment from outer request URL to redirect (inner) URL. Bug: 865852 Change-Id: Ib4000508464a4d0cf82c4757aca05c0d670ed647 Reviewed-on: https://chromium-review.googlesource.com/1146410 Commit-Queue: Kunihiko Sakamoto <ksakamoto@chromium.org> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Cr-Commit-Position: refs/heads/master@{#577116}
e43057b3 · Kunihiko Sakamoto · Commit Bot · 27d9265a · e43057b3 · e43057b3
Commit e43057b3 authored Jul 23, 2018 by Kunihiko Sakamoto Committed by Commit Bot Jul 23, 2018
4 changed files
--- a/content/browser/web_package/signed_exchange_loader.cc
+++ b/content/browser/web_package/signed_exchange_loader.cc
@@ -30,9 +30,18 @@ namespace content {

 namespace {

-net::RedirectInfo CreateRedirectInfo(const GURL& new_url) {
+net::RedirectInfo CreateRedirectInfo(const GURL& new_url,
+                                     const GURL& outer_request_url) {
  net::RedirectInfo redirect_info;
-  redirect_info.new_url = new_url;
+  if (outer_request_url.has_ref()) {
+    // Propagate ref fragment from the outer request URL.
+    url::Replacements<char> replacements;
+    base::StringPiece ref = outer_request_url.ref_piece();
+    replacements.SetRef(ref.data(), url::Component(0, ref.length()));
+    redirect_info.new_url = new_url.ReplaceComponents(replacements);
+  } else {
+    redirect_info.new_url = new_url;
+  }
  redirect_info.new_method = "GET";
  redirect_info.status_code = 302;
  redirect_info.new_site_for_cookies = redirect_info.new_url;
@@ -92,7 +101,8 @@ SignedExchangeLoader::SignedExchangeLoader(
    scoped_refptr<network::SharedURLLoaderFactory> url_loader_factory,
    URLLoaderThrottlesGetter url_loader_throttles_getter,
    scoped_refptr<net::URLRequestContextGetter> request_context_getter)
-    : outer_response_timing_info_(
+    : outer_request_url_(outer_request_url),
+      outer_response_timing_info_(
          std::make_unique<ResponseTimingInfo>(outer_response)),
      outer_response_(outer_response),
      forwarding_client_(std::move(forwarding_client)),
@@ -107,6 +117,7 @@ SignedExchangeLoader::SignedExchangeLoader(
      request_context_getter_(std::move(request_context_getter)),
      weak_factory_(this) {
  DCHECK(signed_exchange_utils::IsSignedExchangeHandlingEnabled());
+  DCHECK(outer_request_url_.is_valid());

  // https://wicg.github.io/webpackage/draft-yasskin-http-origin-signed-responses.html#privacy-considerations
  // This can be difficult to determine when the exchange is being loaded from
@@ -288,7 +299,7 @@ void SignedExchangeLoader::OnHTTPExchangeFound(
  // TODO(https://crbug.com/803774): Handle no-GET request_method as a error.
  DCHECK(outer_response_timing_info_);
  forwarding_client_->OnReceiveRedirect(
-      CreateRedirectInfo(request_url),
+      CreateRedirectInfo(request_url, outer_request_url_),
      std::move(outer_response_timing_info_)->CreateRedirectResponseHead());
  forwarding_client_.reset();


--- a/content/browser/web_package/signed_exchange_loader.h
+++ b/content/browser/web_package/signed_exchange_loader.h
@@ -107,6 +107,8 @@ class SignedExchangeLoader final : public network::mojom::URLLoaderClient,

  void FinishReadingBody(int result);

+  const GURL outer_request_url_;
+
  // This timing info is used to create a dummy redirect response.
  std::unique_ptr<const ResponseTimingInfo> outer_response_timing_info_;


--- a/third_party/WebKit/LayoutTests/http/tests/loading/sxg/sxg-location-fragment.html
+++ b/third_party/WebKit/LayoutTests/http/tests/loading/sxg/sxg-location-fragment.html
+<!DOCTYPE html>
+<title>Navigating to a Signed Exchange should preserve URL fragment</title>
+<script src="../../resources/testharness.js"></script>
+<script src="../../resources/testharnessreport.js"></script>
+<script src="./resources/sxg-util.js"></script>
+<body>
+<script>
+promise_test(async (t) => {
+  await waitUntilDidFinishLoadForFrame;
+
+  // The timestamp of the test SXG file is "Apr 1 2018 00:00 UTC" and valid
+  // until "Apr 8 2018 00:00 UTC".
+  await setSignedExchangeVerificationTime(new Date("Apr 1 2018 00:01 UTC"));
+
+  const event = await new Promise(async (resolve, reject) => {
+    // We can't catch the network error on iframe. So we use the timer.
+    t.step_timeout(() => reject('timeout'), 1000);
+
+    const frame =
+        await withIframe('resources/sxg-location.sxg#fragment', 'sxg_iframe');
+    const channel = new MessageChannel();
+    channel.port1.onmessage = resolve;
+    frame.contentWindow.postMessage(
+        {port: channel.port2}, '*', [channel.port2]);
+  });
+  assert_equals(event.data.location, 'https://127.0.0.1:8443/test.html#fragment');
+}, 'Navigating to a Signed Exchange should preserve URL fragment');
+
+</script>
+</body>
--- a/third_party/WebKit/LayoutTests/virtual/sxg-origin-trial/http/tests/loading/sxg/sxg-location-fragment-expected.txt
+++ b/third_party/WebKit/LayoutTests/virtual/sxg-origin-trial/http/tests/loading/sxg/sxg-location-fragment-expected.txt
+main frame - didStartProvisionalLoadForFrame
+main frame - didCommitLoadForFrame
+main frame - didReceiveTitle: Navigating to a Signed Exchange should preserve URL fragment
+main frame - didFinishDocumentLoadForFrame
+main frame - didHandleOnloadEventsForFrame
+main frame - didFinishLoadForFrame
+frame "sxg_iframe" - didReceiveTitle: 
+frame "sxg_iframe" - didStartProvisionalLoadForFrame
+frame "sxg_iframe" - didFailProvisionalLoadWithError
+This is a testharness.js-based test.
+FAIL Navigating to a Signed Exchange should preserve URL fragment promise_test: Unhandled rejection with value: "timeout"
+Harness: the test ran to completion.
+