Remove cors_exempt_headers.h since we can move this to content/ now after r768695.

This makes it less error prone that an embedder would forget to call these methods on their profiles. e.g. WebLayer didn't do it correctly (see r769103).

The one behavior change is to stop calling content::UpdateCorsExemptHeader() for the system network contexts in chrome, cast, and weblayer. This shouldn't be needed because web pages don't request URLs through these network contexts.

Change-Id: I53d8aec24a6b129a1a711df6c8e6168068434807
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2203759
Commit-Queue: John Abd-El-Malek <jam@chromium.org>
Auto-Submit: John Abd-El-Malek <jam@chromium.org>
Reviewed-by: Takashi Toyoshima <toyoshim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#769998}

android_webview/browser/aw_browser_context.cc

@@ -48,11 +48,9 @@
 #include "components/safe_browsing/core/common/safe_browsing_prefs.h"
 #include "components/url_formatter/url_fixer.h"
 #include "components/user_prefs/user_prefs.h"
-#include "components/variations/net/variations_http_headers.h"
 #include "components/visitedlink/browser/visitedlink_writer.h"
 #include "content/public/browser/browser_task_traits.h"
 #include "content/public/browser/browser_thread.h"
-#include "content/public/browser/cors_exempt_headers.h"
 #include "content/public/browser/download_request_utils.h"
 #include "content/public/browser/ssl_host_state_delegate.h"
 #include "content/public/browser/storage_partition.h"
@@ -512,11 +510,6 @@ void AwBrowserContext::ConfigureNetworkContextParams(
   context_params->check_clear_text_permitted =
       AwContentBrowserClient::get_check_cleartext_permitted();
 
-  // Update the cors_exempt_header_list to include internally-added headers, to
-  // avoid triggering CORS checks.
-  content::UpdateCorsExemptHeader(context_params);
-  variations::UpdateCorsExemptHeaderForVariations(context_params);
-
   // Add proxy settings
   AwProxyConfigMonitor::GetInstance()->AddProxyToNetworkContextParams(
       context_params);

chrome/browser/net/system_network_context_manager.cc

@@ -46,7 +46,6 @@
 #include "components/version_info/version_info.h"
 #include "content/public/browser/browser_task_traits.h"
 #include "content/public/browser/browser_thread.h"
-#include "content/public/browser/cors_exempt_headers.h"
 #include "content/public/browser/network_context_client_base.h"
 #include "content/public/browser/network_service_instance.h"
 #include "content/public/common/content_features.h"
@@ -539,7 +538,6 @@ void SystemNetworkContextManager::AddSSLConfigToNetworkContextParams(
 void SystemNetworkContextManager::ConfigureDefaultNetworkContextParams(
     network::mojom::NetworkContextParams* network_context_params,
     network::mojom::CertVerifierCreationParams* cert_verifier_creation_params) {
-  content::UpdateCorsExemptHeader(network_context_params);
   variations::UpdateCorsExemptHeaderForVariations(network_context_params);
   GoogleURLLoaderThrottle::UpdateCorsExemptHeader(network_context_params);
 

chromecast/browser/cast_network_contexts.cc

@@ -19,7 +19,6 @@
 #include "components/variations/net/variations_http_headers.h"
 #include "content/public/browser/browser_context.h"
 #include "content/public/browser/browser_task_traits.h"
-#include "content/public/browser/cors_exempt_headers.h"
 #include "content/public/browser/network_service_instance.h"
 #include "content/public/browser/storage_partition.h"
 #include "mojo/public/cpp/bindings/pending_receiver.h"
@@ -151,8 +150,6 @@ void CastNetworkContexts::ConfigureNetworkContextParams(
 
   ConfigureDefaultNetworkContextParams(network_context_params);
 
-  content::UpdateCorsExemptHeader(network_context_params);
-
   // Copy of what's in ContentBrowserClient::CreateNetworkContext for now.
   network_context_params->accept_language = "en-us,en";
 }
@@ -209,7 +206,9 @@ void CastNetworkContexts::ConfigureDefaultNetworkContextParams(
 
   AddProxyToNetworkContextParams(network_context_params);
 
-  network_context_params->cors_exempt_header_list = cors_exempt_headers_list_;
+  network_context_params->cors_exempt_header_list.insert(
+      network_context_params->cors_exempt_header_list.end(),
+      cors_exempt_headers_list_.begin(), cors_exempt_headers_list_.end());
 }
 
 network::mojom::NetworkContextParamsPtr
@@ -217,7 +216,6 @@ CastNetworkContexts::CreateSystemNetworkContextParams() {
   network::mojom::NetworkContextParamsPtr network_context_params =
       network::mojom::NetworkContextParams::New();
   ConfigureDefaultNetworkContextParams(network_context_params.get());
-  content::UpdateCorsExemptHeader(network_context_params.get());
 
   network_context_params->context_name = std::string("system");
 

content/browser/storage_partition_impl.cc

@@ -37,6 +37,7 @@
 #include "components/services/storage/public/mojom/indexed_db_control.mojom.h"
 #include "components/services/storage/public/mojom/storage_service.mojom.h"
 #include "components/services/storage/storage_service_impl.h"
+#include "components/variations/net/variations_http_headers.h"
 #include "content/browser/background_fetch/background_fetch_context.h"
 #include "content/browser/blob_storage/blob_registry_wrapper.h"
 #include "content/browser/blob_storage/chrome_blob_storage_context.h"
@@ -70,7 +71,6 @@
 #include "content/public/browser/browser_task_traits.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/content_browser_client.h"
-#include "content/public/browser/cors_exempt_headers.h"
 #include "content/public/browser/dom_storage_context.h"
 #include "content/public/browser/login_delegate.h"
 #include "content/public/browser/native_file_system_entry_factory.h"
@@ -81,6 +81,7 @@
 #include "content/public/browser/storage_notification_service.h"
 #include "content/public/browser/storage_usage_info.h"
 #include "content/public/common/content_client.h"
+#include "content/public/common/content_constants.h"
 #include "content/public/common/content_features.h"
 #include "content/public/common/content_switches.h"
 #include "mojo/public/cpp/bindings/callback_helpers.h"
@@ -2384,6 +2385,15 @@ void StoragePartitionImpl::InitNetworkContext() {
   context_params->cert_verifier_creation_params =
       std::move(cert_verifier_creation_params);
 
+  // This mechanisms should be used only for legacy internal headers. You can
+  // find a recommended alternative approach on URLRequest::cors_exempt_headers
+  // at services/network/public/mojom/url_loader.mojom.
+  context_params->cors_exempt_header_list.push_back(
+      kCorsExemptPurposeHeaderName);
+  context_params->cors_exempt_header_list.push_back(
+      kCorsExemptRequestedWithHeaderName);
+  variations::UpdateCorsExemptHeaderForVariations(context_params.get());
+
   network_context_.reset();
   GetNetworkService()->CreateNetworkContext(
       network_context_.BindNewPipeAndPassReceiver(), std::move(context_params));

content/public/browser/BUILD.gn

@@ -130,8 +130,6 @@ jumbo_source_set("browser_sources") {
     "cookie_access_details.cc",
     "cookie_access_details.h",
     "cookie_store_factory.h",
-    "cors_exempt_headers.cc",
-    "cors_exempt_headers.h",
     "cors_origin_pattern_setter.cc",
     "cors_origin_pattern_setter.h",
     "dedicated_worker_id.h",

content/public/browser/cors_exempt_headers.cc

-// Copyright 2019 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "content/public/browser/cors_exempt_headers.h"
-
-#include "content/public/common/content_constants.h"
-
-namespace content {
-
-void UpdateCorsExemptHeader(network::mojom::NetworkContextParams* params) {
-  // Note: This mechanism will be deprecated in the near future. You can find
-  // a recommended alternative approach on URLRequest::cors_exempt_headers at
-  // services/network/public/mojom/url_loader.mojom.
-  params->cors_exempt_header_list.push_back(kCorsExemptPurposeHeaderName);
-  params->cors_exempt_header_list.push_back(kCorsExemptRequestedWithHeaderName);
-}
-
-}  // namespace content

content/public/browser/cors_exempt_headers.h

-// Copyright 2019 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef CONTENT_PUBLIC_BROWSER_CORS_EXEMPT_HEADERS_H_
-#define CONTENT_PUBLIC_BROWSER_CORS_EXEMPT_HEADERS_H_
-
-#include "content/common/content_export.h"
-#include "services/network/public/mojom/network_context.mojom.h"
-
-namespace content {
-
-// Updates |cors_exempt_header_list| field of the given |param| to register
-// headers that are used in content for special purpose and should not be
-// blocked by CORS checks.
-CONTENT_EXPORT void UpdateCorsExemptHeader(
-    network::mojom::NetworkContextParams* params);
-
-}  // namespace content
-
-#endif  // CONTENT_PUBLIC_BROWSER_CORS_EXEMPT_HEADERS_H_

content/shell/browser/shell_content_browser_client.cc

@@ -21,7 +21,6 @@
 #include "base/threading/sequence_local_storage_slot.h"
 #include "build/build_config.h"
 #include "content/public/browser/client_certificate_delegate.h"
-#include "content/public/browser/cors_exempt_headers.h"
 #include "content/public/browser/login_delegate.h"
 #include "content/public/browser/navigation_throttle.h"
 #include "content/public/browser/network_service_instance.h"
@@ -409,7 +408,6 @@ void ShellContentBrowserClient::ConfigureNetworkContextParamsForShell(
     BrowserContext* context,
     network::mojom::NetworkContextParams* context_params,
     network::mojom::CertVerifierCreationParams* cert_verifier_creation_params) {
-  UpdateCorsExemptHeader(context_params);
   context_params->allow_any_cors_exempt_header_for_browser =
       allow_any_cors_exempt_header_for_browser_;
   context_params->user_agent = GetUserAgent();

fuchsia/engine/browser/web_engine_content_browser_client.cc

@@ -11,7 +11,6 @@
 #include "base/stl_util.h"
 #include "base/strings/string_split.h"
 #include "components/version_info/version_info.h"
-#include "content/public/browser/cors_exempt_headers.h"
 #include "content/public/browser/devtools_manager_delegate.h"
 #include "content/public/browser/network_service_instance.h"
 #include "content/public/common/user_agent.h"
@@ -206,8 +205,4 @@ void WebEngineContentBrowserClient::ConfigureNetworkContextParams(
   // starting with the headers passed in via
   // |CreateContextParams.cors_exempt_headers|.
   network_context_params->cors_exempt_header_list = cors_exempt_headers_;
-
-  // Exempt the minimal headers needed for CORS preflight checks (Purpose,
-  // X-Requested-With).
-  content::UpdateCorsExemptHeader(network_context_params);
 }

headless/lib/browser/headless_request_context_manager.cc

@@ -9,7 +9,6 @@
 #include "base/threading/thread_task_runner_handle.h"
 #include "build/build_config.h"
 #include "content/public/browser/browser_task_traits.h"
-#include "content/public/browser/cors_exempt_headers.h"
 #include "content/public/browser/network_service_instance.h"
 #include "content/public/browser/resource_context.h"
 #include "headless/app/headless_shell_switches.h"
@@ -273,7 +272,6 @@ void HeadlessRequestContextManager::ConfigureNetworkContextParamsInternal(
   } else {
     proxy_config_monitor_->AddToNetworkContextParams(context_params);
   }
-  content::UpdateCorsExemptHeader(context_params);
 }
 
 }  // namespace headless

weblayer/browser/content_browser_client_impl.cc

@@ -30,10 +30,8 @@
 #include "components/security_interstitials/content/ssl_error_handler.h"
 #include "components/security_interstitials/content/ssl_error_navigation_throttle.h"
 #include "components/strings/grit/components_locale_settings.h"
-#include "components/variations/net/variations_http_headers.h"
 #include "components/variations/service/variations_service.h"
 #include "content/public/browser/browser_context.h"
-#include "content/public/browser/cors_exempt_headers.h"
 #include "content/public/browser/devtools_manager_delegate.h"
 #include "content/public/browser/generated_code_cache_settings.h"
 #include "content/public/browser/navigation_handle.h"
@@ -333,8 +331,6 @@ void ContentBrowserClientImpl::ConfigureNetworkContextParams(
         proxy_config,
         net::DefineNetworkTrafficAnnotation("undefined", "Nothing here yet."));
   }
-  content::UpdateCorsExemptHeader(context_params);
-  variations::UpdateCorsExemptHeaderForVariations(context_params);
 }
 
 void ContentBrowserClientImpl::OnNetworkServiceCreated(

weblayer/browser/system_network_context_manager.cc

@@ -6,7 +6,6 @@
 
 #include "build/build_config.h"
 #include "components/variations/net/variations_http_headers.h"
-#include "content/public/browser/cors_exempt_headers.h"
 #include "content/public/browser/network_service_instance.h"
 #include "services/network/public/cpp/shared_url_loader_factory.h"
 
@@ -54,7 +53,6 @@ SystemNetworkContextManager::CreateDefaultNetworkContextParams(
       network::mojom::NetworkContextParams::New();
   ConfigureDefaultNetworkContextParams(network_context_params.get(),
                                        user_agent);
-  content::UpdateCorsExemptHeader(network_context_params.get());
   variations::UpdateCorsExemptHeaderForVariations(network_context_params.get());
   return network_context_params;
 }