Disable various reports and uploads during Isolated Prerender

Domain Reliability Uploads, Web Reports, Certificate Reporting, etc all
pose a risk of being a privacy leak in the context of an isolated
prerender.
They are all explicitly disabled.

Note: All of these are disabled by default so this CL doesn't change
any behavior, but it does make the impl much more future-proof.

Bug: 1096109
Change-Id: I3a4b8f30994ad00de79bdec18482e959f31a1c95
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2248757Reviewed-by: Tarun Bansal <tbansal@chromium.org>
Commit-Queue: Robert Ogden <robertogden@chromium.org>
Cr-Commit-Position: refs/heads/master@{#781438}

chrome/browser/BUILD.gn

@@ -1244,6 +1244,8 @@ static_library("browser") {
     "prerender/isolated/isolated_prerender_features.h",
     "prerender/isolated/isolated_prerender_from_string_url_loader.cc",
     "prerender/isolated/isolated_prerender_from_string_url_loader.h",
+    "prerender/isolated/isolated_prerender_network_context_client.cc",
+    "prerender/isolated/isolated_prerender_network_context_client.h",
     "prerender/isolated/isolated_prerender_params.cc",
     "prerender/isolated/isolated_prerender_params.h",
     "prerender/isolated/isolated_prerender_proxy_configurator.cc",

chrome/browser/prerender/isolated/isolated_prerender_browsertest.cc

@@ -19,10 +19,13 @@
 #include "build/build_config.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/chrome_notification_types.h"
+#include "chrome/browser/content_settings/host_content_settings_map_factory.h"
 #include "chrome/browser/data_reduction_proxy/data_reduction_proxy_chrome_settings.h"
 #include "chrome/browser/data_reduction_proxy/data_reduction_proxy_chrome_settings_factory.h"
 #include "chrome/browser/navigation_predictor/navigation_predictor_keyed_service.h"
 #include "chrome/browser/navigation_predictor/navigation_predictor_keyed_service_factory.h"
+#include "chrome/browser/net/profile_network_context_service.h"
+#include "chrome/browser/net/profile_network_context_service_factory.h"
 #include "chrome/browser/prerender/isolated/isolated_prerender_features.h"
 #include "chrome/browser/prerender/isolated/isolated_prerender_proxy_configurator.h"
 #include "chrome/browser/prerender/isolated/isolated_prerender_service.h"
@@ -36,11 +39,16 @@
 #include "chrome/browser/prerender/prerender_manager.h"
 #include "chrome/browser/prerender/prerender_manager_factory.h"
 #include "chrome/browser/profiles/profile.h"
+#include "chrome/browser/ssl/certificate_reporting_test_utils.h"
+#include "chrome/browser/ssl/ssl_browsertest_util.h"
 #include "chrome/browser/ui/browser.h"
+#include "chrome/browser/ui/browser_tabstrip.h"
 #include "chrome/browser/ui/tabs/tab_strip_model.h"
+#include "chrome/common/chrome_switches.h"
 #include "chrome/test/base/chrome_render_view_host_test_harness.h"
 #include "chrome/test/base/in_process_browser_test.h"
 #include "chrome/test/base/ui_test_utils.h"
+#include "components/content_settings/core/browser/host_content_settings_map.h"
 #include "components/data_reduction_proxy/core/browser/data_reduction_proxy_config_service_client_test_utils.h"
 #include "components/data_reduction_proxy/core/browser/data_reduction_proxy_settings.h"
 #include "components/data_reduction_proxy/core/common/data_reduction_proxy_features.h"
@@ -49,14 +57,21 @@
 #include "components/language/core/browser/pref_names.h"
 #include "components/prefs/pref_service.h"
 #include "components/prerender/common/prerender_final_status.h"
+#include "components/security_interstitials/content/security_interstitial_tab_helper.h"
+#include "components/security_interstitials/content/ssl_blocking_page.h"
+#include "components/security_interstitials/content/ssl_blocking_page_base.h"
+#include "components/security_interstitials/content/ssl_cert_reporter.h"
 #include "components/ukm/test_ukm_recorder.h"
+#include "components/variations/variations_params_manager.h"
 #include "content/public/browser/browser_task_traits.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/navigation_controller.h"
 #include "content/public/browser/navigation_entry.h"
 #include "content/public/browser/network_service_instance.h"
 #include "content/public/browser/notification_observer.h"
+#include "content/public/browser/storage_partition.h"
 #include "content/public/common/network_service_util.h"
+#include "content/public/common/page_type.h"
 #include "content/public/test/browser_test.h"
 #include "content/public/test/browser_test_base.h"
 #include "content/public/test/browser_test_utils.h"
@@ -64,12 +79,26 @@
 #include "mojo/public/cpp/bindings/pending_receiver.h"
 #include "mojo/public/cpp/bindings/receiver.h"
 #include "mojo/public/cpp/bindings/remote.h"
+#include "mojo/public/cpp/bindings/sync_call_restrictions.h"
+#include "net/cert/cert_database.h"
+#include "net/cert/cert_status_flags.h"
+#include "net/cert/x509_certificate.h"
+#include "net/cert/x509_util.h"
 #include "net/dns/mock_host_resolver.h"
 #include "net/http/http_util.h"
+#include "net/ssl/client_cert_identity_test_util.h"
+#include "net/ssl/client_cert_store.h"
+#include "net/ssl/ssl_config.h"
+#include "net/ssl/ssl_info.h"
+#include "net/ssl/ssl_server_config.h"
+#include "net/test/cert_test_util.h"
+#include "net/test/embedded_test_server/default_handlers.h"
 #include "net/test/embedded_test_server/embedded_test_server.h"
 #include "net/test/embedded_test_server/embedded_test_server_connection_listener.h"
 #include "net/test/embedded_test_server/http_request.h"
 #include "net/test/embedded_test_server/http_response.h"
+#include "net/test/test_certificate_data.h"
+#include "net/test/test_data_directory.h"
 #include "services/metrics/public/cpp/ukm_builders.h"
 #include "services/metrics/public/cpp/ukm_source.h"
 #include "services/network/public/cpp/network_quality_tracker.h"
@@ -204,8 +233,8 @@ class TestTabHelperObserver : public IsolatedPrerenderTabHelper::Observer {
     std::move(on_successful_prefetch_closure_).Run();
   }
 
-  void OnPrefetchCompletedWithError(const GURL& url, int code) override {
-    std::pair<GURL, int> error_pair = {url, code};
+  void OnPrefetchCompletedWithError(const GURL& url, int error_code) override {
+    std::pair<GURL, int> error_pair = {url, error_code};
     auto it = expected_prefetch_errors_.find(error_pair);
     if (it != expected_prefetch_errors_.end()) {
       expected_prefetch_errors_.erase(it);
@@ -238,6 +267,44 @@ class TestTabHelperObserver : public IsolatedPrerenderTabHelper::Observer {
   base::OnceClosure on_nsp_finished_closure_;
 };
 
+// A stub ClientCertStore that returns a FakeClientCertIdentity.
+class ClientCertStoreStub : public net::ClientCertStore {
+ public:
+  explicit ClientCertStoreStub(net::ClientCertIdentityList list)
+      : list_(std::move(list)) {}
+
+  ~ClientCertStoreStub() override = default;
+
+  // net::ClientCertStore:
+  void GetClientCerts(const net::SSLCertRequestInfo& cert_request_info,
+                      ClientCertListCallback callback) override {
+    std::move(callback).Run(std::move(list_));
+  }
+
+ private:
+  net::ClientCertIdentityList list_;
+};
+
+std::unique_ptr<net::ClientCertStore> CreateCertStore() {
+  base::FilePath certs_dir = net::GetTestCertsDirectory();
+
+  net::ClientCertIdentityList cert_identity_list;
+
+  {
+    base::ScopedAllowBlockingForTesting allow_blocking;
+
+    std::unique_ptr<net::FakeClientCertIdentity> cert_identity =
+        net::FakeClientCertIdentity::CreateFromCertAndKeyFiles(
+            certs_dir, "client_1.pem", "client_1.pk8");
+    EXPECT_TRUE(cert_identity.get());
+    if (cert_identity)
+      cert_identity_list.push_back(std::move(cert_identity));
+  }
+
+  return std::unique_ptr<net::ClientCertStore>(
+      new ClientCertStoreStub(std::move(cert_identity_list)));
+}
+
 }  // namespace
 
 // Occasional flakes on Windows (https://crbug.com/1045971).
@@ -255,6 +322,7 @@ class IsolatedPrerenderBrowserTest
   IsolatedPrerenderBrowserTest() {
     origin_server_ = std::make_unique<net::EmbeddedTestServer>(
         net::EmbeddedTestServer::TYPE_HTTPS);
+    origin_server_->SetSSLConfig(net::EmbeddedTestServer::CERT_TEST_NAMES);
     origin_server_->ServeFilesFromSourceDirectory("chrome/test/data");
     origin_server_->SetSSLConfig(net::EmbeddedTestServer::CERT_TEST_NAMES);
     origin_server_->RegisterRequestHandler(
@@ -264,6 +332,7 @@ class IsolatedPrerenderBrowserTest
 
     proxy_server_ = std::make_unique<net::EmbeddedTestServer>(
         net::EmbeddedTestServer::TYPE_HTTPS);
+    proxy_server_->SetSSLConfig(net::EmbeddedTestServer::CERT_TEST_NAMES);
     proxy_server_->ServeFilesFromSourceDirectory("chrome/test/data");
     proxy_server_->RegisterRequestHandler(
         base::BindRepeating(&IsolatedPrerenderBrowserTest::HandleProxyRequest,
@@ -315,8 +384,10 @@ class IsolatedPrerenderBrowserTest
 
     host_resolver()->AddRule("a.test", "127.0.0.1");
     host_resolver()->AddRule("badprobe.a.test", "127.0.0.1");
-    host_resolver()->AddRule("proxy.com", "127.0.0.1");
+    host_resolver()->AddRule("proxy.a.test", "127.0.0.1");
     host_resolver()->AddRule("insecure.com", "127.0.0.1");
+    host_resolver()->AddRule("a.test", "127.0.0.1");
+    host_resolver()->AddRule("b.test", "127.0.0.1");
   }
 
   void SetUpCommandLine(base::CommandLine* cmd) override {
@@ -491,7 +562,9 @@ class IsolatedPrerenderBrowserTest
     return origin_server_requests_;
   }
 
-  GURL GetProxyURL() const { return proxy_server_->GetURL("proxy.com", "/"); }
+  GURL GetProxyURL() const {
+    return proxy_server_->GetURL("proxy.a.test", "/");
+  }
 
   GURL GetInsecureURL(const std::string& path) {
     return http_server_->GetURL("insecure.com", path);
@@ -583,6 +656,7 @@ class IsolatedPrerenderBrowserTest
 
     GURL request_origin("https://" + request_line[1]);
     EXPECT_TRUE("a.test" == request_origin.host() ||
+                "b.test" == request_origin.host() ||
                 "badprobe.a.test" == request_origin.host());
 
     bool found_chrome_proxy_header = false;
@@ -1253,6 +1327,246 @@ IN_PROC_BROWSER_TEST_F(
           ukm::builders::PrefetchProxy_AfterSRPClick::kProbeLatencyMsName));
 }
 
+IN_PROC_BROWSER_TEST_F(IsolatedPrerenderBrowserTest,
+                       DISABLE_ON_WIN_MAC_CHROMEOS(ClientCertDenied)) {
+  // Make the browser use the ClientCertStoreStub instead of the regular one.
+  ProfileNetworkContextServiceFactory::GetForContext(browser()->profile())
+      ->set_client_cert_store_factory_for_testing(
+          base::BindRepeating(&CreateCertStore));
+
+  SetDataSaverEnabled(true);
+  WaitForUpdatedCustomProxyConfig();
+
+  // Setup a test server that requires a client cert.
+  net::EmbeddedTestServer https_server(net::EmbeddedTestServer::TYPE_HTTPS);
+  net::SSLServerConfig ssl_config;
+  ssl_config.client_cert_type =
+      net::SSLServerConfig::ClientCertType::REQUIRE_CLIENT_CERT;
+  https_server.SetSSLConfig(net::EmbeddedTestServer::CERT_TEST_NAMES,
+                            ssl_config);
+  https_server.ServeFilesFromSourceDirectory("chrome/test/data");
+  ASSERT_TRUE(https_server.Start());
+
+  GURL client_cert_needed_page = https_server.GetURL("b.test", "/simple.html");
+
+  // Configure the normal profile to automatically satisfy the client cert
+  // request.
+  std::unique_ptr<base::DictionaryValue> setting =
+      std::make_unique<base::DictionaryValue>();
+  base::Value* filters = setting->SetKey("filters", base::ListValue());
+  filters->Append(base::DictionaryValue());
+  HostContentSettingsMapFactory::GetForProfile(browser()->profile())
+      ->SetWebsiteSettingDefaultScope(
+          client_cert_needed_page, GURL(),
+          ContentSettingsType::AUTO_SELECT_CERTIFICATE, std::string(),
+          std::move(setting));
+
+  // Navigating to the page should work just fine in the normal profile.
+  ui_test_utils::NavigateToURL(browser(), client_cert_needed_page);
+  content::NavigationEntry* entry =
+      GetWebContents()->GetController().GetLastCommittedEntry();
+  EXPECT_EQ(entry->GetPageType(), content::PAGE_TYPE_NORMAL);
+
+  // Prefetching the page should fail.
+  IsolatedPrerenderTabHelper* tab_helper =
+      IsolatedPrerenderTabHelper::FromWebContents(GetWebContents());
+
+  TestTabHelperObserver tab_helper_observer(tab_helper);
+  tab_helper_observer.SetExpectedPrefetchErrors(
+      {{client_cert_needed_page, net::ERR_SSL_CLIENT_AUTH_CERT_NEEDED}});
+
+  base::RunLoop run_loop;
+  tab_helper_observer.SetOnPrefetchErrorClosure(run_loop.QuitClosure());
+
+  GURL doc_url("https://www.google.com/search?q=test");
+  MakeNavigationPrediction(doc_url, {client_cert_needed_page});
+
+  // This run loop will quit when the prefetch response have been
+  // successfully done and processed with the expected error.
+  run_loop.Run();
+}
+
+class SSLReportingIsolatedPrerenderBrowserTest
+    : public IsolatedPrerenderBrowserTest {
+ public:
+  SSLReportingIsolatedPrerenderBrowserTest() {
+    // Certificate reports are only sent from official builds, unless this has
+    // been called.
+    CertReportHelper::SetFakeOfficialBuildForTesting();
+  }
+
+  void SetUpCommandLine(base::CommandLine* cmd) override {
+    IsolatedPrerenderBrowserTest::SetUpCommandLine(cmd);
+    cmd->RemoveSwitch("ignore-certificate-errors");
+
+    // CertReportHelper::ShouldReportCertificateError checks the value of this
+    // variation. Ensure reporting is enabled.
+    variations::testing::VariationParamsManager::AppendVariationParams(
+        "ReportCertificateErrors", "ShowAndPossiblySend",
+        {{"sendingThreshold", "1.0"}}, cmd);
+  }
+
+  security_interstitials::SecurityInterstitialPage* GetInterstitialPage(
+      content::WebContents* tab) {
+    security_interstitials::SecurityInterstitialTabHelper* helper =
+        security_interstitials::SecurityInterstitialTabHelper::FromWebContents(
+            tab);
+    if (!helper)
+      return nullptr;
+    return helper->GetBlockingPageForCurrentlyCommittedNavigationForTesting();
+  }
+};
+
+IN_PROC_BROWSER_TEST_F(
+    SSLReportingIsolatedPrerenderBrowserTest,
+    DISABLE_ON_WIN_MAC_CHROMEOS(NoIntersitialSSLErrorReporting)) {
+  SetDataSaverEnabled(true);
+  WaitForUpdatedCustomProxyConfig();
+
+  // Setup a test server that requires a client cert.
+  net::EmbeddedTestServer https_expired_server(
+      net::EmbeddedTestServer::TYPE_HTTPS);
+  https_expired_server.SetSSLConfig(net::EmbeddedTestServer::CERT_EXPIRED);
+  https_expired_server.ServeFilesFromSourceDirectory("chrome/test/data");
+  ASSERT_TRUE(https_expired_server.Start());
+
+  GURL safe_page = GetOriginServerURL("/simple.html");
+
+  // Opt in to sending reports for invalid certificate chains.
+  certificate_reporting_test_utils::SetCertReportingOptIn(
+      browser(), certificate_reporting_test_utils::EXTENDED_REPORTING_OPT_IN);
+
+  ui_test_utils::NavigateToURL(browser(), safe_page);
+
+  IsolatedPrerenderTabHelper* tab_helper =
+      IsolatedPrerenderTabHelper::FromWebContents(GetWebContents());
+
+  GURL eligible_link = https_expired_server.GetURL("b.test", "/simple.html");
+
+  TestTabHelperObserver tab_helper_observer(tab_helper);
+  // |ERR_ABORTED| is set by the IsolatedPrerenderNetworkContextClient.
+  tab_helper_observer.SetExpectedPrefetchErrors(
+      {{eligible_link, net::ERR_ABORTED}});
+
+  base::RunLoop prefetch_run_loop;
+  tab_helper_observer.SetOnPrefetchErrorClosure(
+      prefetch_run_loop.QuitClosure());
+
+  GURL doc_url("https://www.google.com/search?q=test");
+  MakeNavigationPrediction(doc_url, {eligible_link});
+
+  // This run loop stops when the prefetches completes with its error.
+  prefetch_run_loop.Run();
+
+  // No interstitial should be shown and so no report will be made.
+  EXPECT_FALSE(GetInterstitialPage(GetWebContents()));
+}
+
+class DomainReliabilityIsolatedPrerenderBrowserTest
+    : public IsolatedPrerenderBrowserTest {
+ public:
+  DomainReliabilityIsolatedPrerenderBrowserTest() = default;
+
+  void SetUp() override {
+    ProfileNetworkContextService::SetDiscardDomainReliabilityUploadsForTesting(
+        false);
+    IsolatedPrerenderBrowserTest::SetUp();
+  }
+
+  void SetUpCommandLine(base::CommandLine* cmd) override {
+    IsolatedPrerenderBrowserTest::SetUpCommandLine(cmd);
+    cmd->AppendSwitch(switches::kEnableDomainReliability);
+  }
+
+  network::mojom::NetworkContext* GetNormalNetworkContext() {
+    return content::BrowserContext::GetDefaultStoragePartition(
+               browser()->profile())
+        ->GetNetworkContext();
+  }
+
+  void RequestMonitor(const net::test_server::HttpRequest& request) {
+    requests_.push_back(request);
+    if (request.GetURL().path() == "/domainreliabilty-upload" &&
+        on_got_reliability_report_) {
+      std::move(on_got_reliability_report_).Run();
+    }
+  }
+
+ protected:
+  base::OnceClosure on_got_reliability_report_;
+  std::vector<net::test_server::HttpRequest> requests_;
+};
+
+IN_PROC_BROWSER_TEST_F(
+    DomainReliabilityIsolatedPrerenderBrowserTest,
+    DISABLE_ON_WIN_MAC_CHROMEOS(NoDomainReliabilityUploads)) {
+  SetDataSaverEnabled(true);
+  WaitForUpdatedCustomProxyConfig();
+
+  net::EmbeddedTestServer https_report_server(
+      net::EmbeddedTestServer::TYPE_HTTPS);
+  https_report_server.RegisterRequestMonitor(base::BindRepeating(
+      &DomainReliabilityIsolatedPrerenderBrowserTest::RequestMonitor,
+      base::Unretained(this)));
+  net::test_server::RegisterDefaultHandlers(&https_report_server);
+  ASSERT_TRUE(https_report_server.Start());
+
+  IsolatedPrerenderTabHelper* tab_helper =
+      IsolatedPrerenderTabHelper::FromWebContents(GetWebContents());
+
+  {
+    mojo::ScopedAllowSyncCallForTesting allow_sync_call;
+    GetNormalNetworkContext()->AddDomainReliabilityContextForTesting(
+        https_report_server.GetURL("a.test", "/").GetOrigin(),
+        https_report_server.GetURL("a.test", "/domainreliabilty-upload"));
+  }
+
+  // Do a prefetch which will fail.
+
+  // This url will cause the server to close the socket, resulting in a net
+  // error.
+  GURL error_url = https_report_server.GetURL("a.test", "/close-socket");
+
+  TestTabHelperObserver tab_helper_observer(tab_helper);
+  tab_helper_observer.SetExpectedPrefetchErrors(
+      {{error_url, net::ERR_EMPTY_RESPONSE}});
+
+  base::RunLoop prefetch_run_loop;
+  tab_helper_observer.SetOnPrefetchErrorClosure(
+      prefetch_run_loop.QuitClosure());
+
+  GURL doc_url("https://www.google.com/search?q=test");
+  MakeNavigationPrediction(doc_url, {error_url});
+
+  // This run loop will quit when all the prefetch responses have errored.
+  prefetch_run_loop.Run();
+
+  base::RunLoop report_run_loop;
+  on_got_reliability_report_ = report_run_loop.QuitClosure();
+
+  // Now navigate to the same page and expect that there will be a single domain
+  // reliability report, i.e.: this navigation and not one from the prefetch.
+  ui_test_utils::NavigateToURL(browser(), error_url);
+
+  {
+    mojo::ScopedAllowSyncCallForTesting allow_sync_call;
+    GetNormalNetworkContext()->ForceDomainReliabilityUploadsForTesting();
+  }
+
+  // This run loop will quit when the most recent navigation send its
+  // reliability report. By this time we expect that if the prefetch would have
+  // sent a report, it would have already done so.
+  report_run_loop.Run();
+
+  size_t found_reports = 0;
+  for (const net::test_server::HttpRequest& request : requests_) {
+    if (request.GetURL().path() == "/domainreliabilty-upload") {
+      found_reports++;
+    }
+  }
+  EXPECT_EQ(1U, found_reports);
+}
+
 class ProbingEnabledIsolatedPrerenderBrowserTest
     : public IsolatedPrerenderBrowserTest {
  public:

chrome/browser/prerender/isolated/isolated_prerender_network_context_client.cc

+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/prerender/isolated/isolated_prerender_network_context_client.h"
+
+#include <memory>
+
+#include "mojo/public/cpp/bindings/remote.h"
+
+IsolatedPrerenderNetworkContextClient::IsolatedPrerenderNetworkContextClient() =
+    default;
+IsolatedPrerenderNetworkContextClient::
+    ~IsolatedPrerenderNetworkContextClient() = default;
+
+void IsolatedPrerenderNetworkContextClient::OnAuthRequired(
+    const base::Optional<base::UnguessableToken>& window_id,
+    int32_t process_id,
+    int32_t routing_id,
+    uint32_t request_id,
+    const GURL& url,
+    bool first_auth_attempt,
+    const net::AuthChallengeInfo& auth_info,
+    network::mojom::URLResponseHeadPtr head,
+    mojo::PendingRemote<network::mojom::AuthChallengeResponder>
+        auth_challenge_responder) {
+  mojo::Remote<network::mojom::AuthChallengeResponder>
+      auth_challenge_responder_remote(std::move(auth_challenge_responder));
+  auth_challenge_responder_remote->OnAuthCredentials(base::nullopt);
+}
+
+void IsolatedPrerenderNetworkContextClient::OnCertificateRequested(
+    const base::Optional<base::UnguessableToken>& window_id,
+    int32_t process_id,
+    int32_t routing_id,
+    uint32_t request_id,
+    const scoped_refptr<net::SSLCertRequestInfo>& cert_info,
+    mojo::PendingRemote<network::mojom::ClientCertificateResponder>
+        cert_responder_remote) {
+  mojo::Remote<network::mojom::ClientCertificateResponder> cert_responder(
+      std::move(cert_responder_remote));
+  cert_responder->CancelRequest();
+}
+
+void IsolatedPrerenderNetworkContextClient::OnSSLCertificateError(
+    int32_t process_id,
+    int32_t routing_id,
+    const GURL& url,
+    int net_error,
+    const net::SSLInfo& ssl_info,
+    bool fatal,
+    OnSSLCertificateErrorCallback response) {
+  std::move(response).Run(net::ERR_ABORTED);
+}
+
+void IsolatedPrerenderNetworkContextClient::OnFileUploadRequested(
+    int32_t process_id,
+    bool async,
+    const std::vector<base::FilePath>& file_paths,
+    OnFileUploadRequestedCallback callback) {
+  std::move(callback).Run(net::ERR_ACCESS_DENIED, std::vector<base::File>());
+}
+
+void IsolatedPrerenderNetworkContextClient::OnCanSendReportingReports(
+    const std::vector<url::Origin>& origins,
+    OnCanSendReportingReportsCallback callback) {
+  std::move(callback).Run(std::vector<url::Origin>());
+}
+
+void IsolatedPrerenderNetworkContextClient::OnCanSendDomainReliabilityUpload(
+    const GURL& origin,
+    OnCanSendDomainReliabilityUploadCallback callback) {
+  std::move(callback).Run(false);
+}
+
+void IsolatedPrerenderNetworkContextClient::OnClearSiteData(
+    int32_t process_id,
+    int32_t routing_id,
+    const GURL& url,
+    const std::string& header_value,
+    int load_flags,
+    OnClearSiteDataCallback callback) {
+  std::move(callback).Run();
+}
+
+#if defined(OS_ANDROID)
+void IsolatedPrerenderNetworkContextClient::OnGenerateHttpNegotiateAuthToken(
+    const std::string& server_auth_token,
+    bool can_delegate,
+    const std::string& auth_negotiate_android_account_type,
+    const std::string& spn,
+    OnGenerateHttpNegotiateAuthTokenCallback callback) {
+  std::move(callback).Run(net::ERR_FAILED, server_auth_token);
+}
+#endif
+
+#if defined(OS_CHROMEOS)
+void IsolatedPrerenderNetworkContextClient::OnTrustAnchorUsed() {}
+#endif

chrome/browser/prerender/isolated/isolated_prerender_network_context_client.h

+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROME_BROWSER_PRERENDER_ISOLATED_ISOLATED_PRERENDER_NETWORK_CONTEXT_CLIENT_H_
+#define CHROME_BROWSER_PRERENDER_ISOLATED_ISOLATED_PRERENDER_NETWORK_CONTEXT_CLIENT_H_
+
+#include "build/build_config.h"
+#include "mojo/public/cpp/bindings/pending_remote.h"
+#include "services/network/public/mojom/network_context.mojom.h"
+
+// This is a NetworkContextClient that purposely does nothing so that no extra
+// network traffic can occur during an Isolated Prerender, potentially causing a
+// privacy leak to the user.
+class IsolatedPrerenderNetworkContextClient
+    : public network::mojom::NetworkContextClient {
+ public:
+  IsolatedPrerenderNetworkContextClient();
+  ~IsolatedPrerenderNetworkContextClient() override;
+
+  // network::mojom::NetworkContextClient implementation:
+  void OnAuthRequired(
+      const base::Optional<base::UnguessableToken>& window_id,
+      int32_t process_id,
+      int32_t routing_id,
+      uint32_t request_id,
+      const GURL& url,
+      bool first_auth_attempt,
+      const net::AuthChallengeInfo& auth_info,
+      network::mojom::URLResponseHeadPtr head,
+      mojo::PendingRemote<network::mojom::AuthChallengeResponder>
+          auth_challenge_responder) override;
+  void OnCertificateRequested(
+      const base::Optional<base::UnguessableToken>& window_id,
+      int32_t process_id,
+      int32_t routing_id,
+      uint32_t request_id,
+      const scoped_refptr<net::SSLCertRequestInfo>& cert_info,
+      mojo::PendingRemote<network::mojom::ClientCertificateResponder>
+          cert_responder) override;
+  void OnSSLCertificateError(int32_t process_id,
+                             int32_t routing_id,
+                             const GURL& url,
+                             int net_error,
+                             const net::SSLInfo& ssl_info,
+                             bool fatal,
+                             OnSSLCertificateErrorCallback response) override;
+  void OnFileUploadRequested(int32_t process_id,
+                             bool async,
+                             const std::vector<base::FilePath>& file_paths,
+                             OnFileUploadRequestedCallback callback) override;
+  void OnCanSendReportingReports(
+      const std::vector<url::Origin>& origins,
+      OnCanSendReportingReportsCallback callback) override;
+  void OnCanSendDomainReliabilityUpload(
+      const GURL& origin,
+      OnCanSendDomainReliabilityUploadCallback callback) override;
+  void OnClearSiteData(int32_t process_id,
+                       int32_t routing_id,
+                       const GURL& url,
+                       const std::string& header_value,
+                       int load_flags,
+                       OnClearSiteDataCallback callback) override;
+#if defined(OS_ANDROID)
+  void OnGenerateHttpNegotiateAuthToken(
+      const std::string& server_auth_token,
+      bool can_delegate,
+      const std::string& auth_negotiate_android_account_type,
+      const std::string& spn,
+      OnGenerateHttpNegotiateAuthTokenCallback callback) override;
+#endif
+#if defined(OS_CHROMEOS)
+  void OnTrustAnchorUsed() override;
+#endif
+};
+
+#endif  // CHROME_BROWSER_PRERENDER_ISOLATED_ISOLATED_PRERENDER_NETWORK_CONTEXT_CLIENT_H_

chrome/browser/prerender/isolated/isolated_prerender_tab_helper.cc

@@ -17,6 +17,7 @@
 #include "chrome/browser/navigation_predictor/navigation_predictor_keyed_service_factory.h"
 #include "chrome/browser/net/prediction_options.h"
 #include "chrome/browser/prerender/isolated/isolated_prerender_features.h"
+#include "chrome/browser/prerender/isolated/isolated_prerender_network_context_client.h"
 #include "chrome/browser/prerender/isolated/isolated_prerender_params.h"
 #include "chrome/browser/prerender/isolated/isolated_prerender_proxy_configurator.h"
 #include "chrome/browser/prerender/isolated/isolated_prerender_service.h"
@@ -39,6 +40,7 @@
 #include "content/public/browser/storage_partition.h"
 #include "content/public/browser/web_contents.h"
 #include "content/public/common/content_constants.h"
+#include "mojo/public/cpp/bindings/self_owned_receiver.h"
 #include "net/base/isolation_info.h"
 #include "net/base/load_flags.h"
 #include "net/base/net_errors.h"
@@ -508,6 +510,11 @@ void IsolatedPrerenderTabHelper::OnPrefetchComplete(
 
   if (page_->url_loader_->NetError() != net::OK) {
     OnPrefetchStatusUpdate(url, PrefetchStatus::kPrefetchFailedNetError);
+
+    for (auto& observer : observer_list_) {
+      observer.OnPrefetchCompletedWithError(url,
+                                            page_->url_loader_->NetError());
+    }
   }
 
   if (page_->url_loader_->NetError() == net::OK && body &&
@@ -926,10 +933,24 @@ void IsolatedPrerenderTabHelper::CreateIsolatedURLLoaderFactory() {
   isolated_prerender_service->proxy_configurator()->AddCustomProxyConfigClient(
       std::move(config_client));
 
+  // Explicitly disallow network service features which could cause a privacy
+  // leak.
+  context_params->enable_certificate_reporting = false;
+  context_params->enable_expect_ct_reporting = false;
+  context_params->enable_domain_reliability = false;
+
   content::GetNetworkService()->CreateNetworkContext(
       page_->isolated_network_context_.BindNewPipeAndPassReceiver(),
       std::move(context_params));
 
+  // Configure a context client to ensure Web Reports and other privacy leak
+  // surfaces won't be enabled.
+  mojo::PendingRemote<network::mojom::NetworkContextClient> client_remote;
+  mojo::MakeSelfOwnedReceiver(
+      std::make_unique<IsolatedPrerenderNetworkContextClient>(),
+      client_remote.InitWithNewPipeAndPassReceiver());
+  page_->isolated_network_context_->SetClient(std::move(client_remote));
+
   mojo::PendingRemote<network::mojom::URLLoaderFactory> isolated_factory_remote;
 
   CreateNewURLLoaderFactory(

chrome/browser/prerender/isolated/isolated_prerender_tab_helper.h

@@ -57,9 +57,11 @@ class IsolatedPrerenderTabHelper
     // Called when a prefetch for |url| is completed successfully.
     virtual void OnPrefetchCompletedSuccessfully(const GURL& url) {}
 
-    // Called when a prefetch for |url| is completed with an HTTP error code
-    // (non-2XX).
-    virtual void OnPrefetchCompletedWithError(const GURL& url, int code) {}
+    // Called when a prefetch for |url| is completed with an error code.
+    // Negative values for |error_code| are a net::Error and positive values are
+    // a HTTP error code.
+    virtual void OnPrefetchCompletedWithError(const GURL& url, int error_code) {
+    }
 
     // Called when a NoStatePrefetch finishes loading.
     virtual void OnNoStatePrefetchFinished() {}