Set the Virtual URL when a HTTPS Server Preview is shown

Setting the virtual URL means that all UI surfaces will use the
"original" URL, that is, the origin URL where the content came from.
This should not affect any security features of Chrome, which should
be using the loaded URL, not the virtual one. Security-related UI that
are impacted are addressed as follows:
* Site Settings - explicitly disabled when a preview is shown
* Permissions Dialog - explicitly denied in r1260082

Adds virtual URL testing to HTTPS Previews browser tests and one
additional test for navigation actions.

Bug: 881938
Change-Id: I6e6f2e2a3ef267d61c18295f019d307adc9756bb
Reviewed-on: https://chromium-review.googlesource.com/c/1217351
Commit-Queue: Robert Ogden <robertogden@chromium.org>
Reviewed-by: Charlie Reis <creis@chromium.org>
Reviewed-by: Tarun Bansal <tbansal@chromium.org>
Cr-Commit-Position: refs/heads/master@{#599279}

chrome/browser/chrome_content_browser_client.cc

@@ -80,6 +80,7 @@
 #include "chrome/browser/prerender/prerender_message_filter.h"
 #include "chrome/browser/prerender/prerender_util.h"
 #include "chrome/browser/previews/previews_lite_page_decider.h"
+#include "chrome/browser/previews/previews_lite_page_navigation_throttle.h"
 #include "chrome/browser/profiles/chrome_browser_main_extra_parts_profiles.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/profiles/profile_io_data.h"
@@ -3263,6 +3264,11 @@ void ChromeContentBrowserClient::BrowserURLHandlerCreated(
   // chrome: & friends.
   handler->AddHandlerPair(&ChromeContentBrowserClient::HandleWebUI,
                           &ChromeContentBrowserClient::HandleWebUIReverse);
+
+  // Handler to rewrite Preview's Server Lite Page, to show the original URL to
+  // the user.
+  handler->AddHandlerPair(&HandlePreviewsLitePageURLRewrite,
+                          &HandlePreviewsLitePageURLRewriteReverse);
 }
 
 base::FilePath ChromeContentBrowserClient::GetDefaultDownloadDirectory() {

chrome/browser/previews/android/previews_android_bridge.cc

@@ -50,6 +50,9 @@ PreviewsAndroidBridge::GetOriginalHost(
       content::WebContents::FromJavaWebContents(j_web_contents);
   if (!web_contents)
     return base::android::ScopedJavaLocalRef<jstring>();
+
+  // TODO(crbug.com/894881): Add the Lite Pages URL rewriting during a pending
+  // navigation.
   return base::android::ScopedJavaLocalRef<jstring>(
       base::android::ConvertUTF8ToJavaString(
           env, web_contents->GetVisibleURL().host()));

chrome/browser/previews/previews_lite_page_navigation_throttle.cc

@@ -18,6 +18,7 @@
 #include "base/strings/string_util.h"
 #include "base/task/post_task.h"
 #include "base/time/time.h"
+#include "build/build_config.h"
 #include "chrome/browser/browser_process.h"
 #include "chrome/browser/net/spdyproxy/data_reduction_proxy_chrome_settings.h"
 #include "chrome/browser/net/spdyproxy/data_reduction_proxy_chrome_settings_factory.h"
@@ -152,6 +153,25 @@ class WebContentsLifetimeHelper
   base::WeakPtrFactory<WebContentsLifetimeHelper> weak_factory_;
 };
 
+bool HandlePreviewsLitePageURLRewrite(
+    GURL* url,
+    content::BrowserContext* browser_context) {
+  // Don't change the |url|, just register our interest in reversing it before
+  // it is displayed to the user in |HandlePreviewsLitePageURLRewriteReverse|.
+  return !!PreviewsLitePageNavigationThrottle::GetOriginalURL(*url, nullptr);
+}
+
+bool HandlePreviewsLitePageURLRewriteReverse(
+    GURL* url,
+    content::BrowserContext* browser_context) {
+  std::string original_url;
+  if (PreviewsLitePageNavigationThrottle::GetOriginalURL(*url, &original_url)) {
+    *url = GURL(original_url);
+    return true;
+  }
+  return false;
+}
+
 PreviewsLitePageNavigationThrottle::PreviewsLitePageNavigationThrottle(
     content::NavigationHandle* handle,
     PreviewsLitePageNavigationThrottleManager* manager)
@@ -256,7 +276,6 @@ bool PreviewsLitePageNavigationThrottle::GetOriginalURL(
 GURL PreviewsLitePageNavigationThrottle::GetPreviewsURLForURL(
     const GURL& original_url) {
   DCHECK(original_url.is_valid());
-  DCHECK(!IsPreviewsDomain(original_url));
 
   std::string origin_hash = base::ToLowerASCII(base32::Base32Encode(
       crypto::SHA256HashString(
@@ -275,6 +294,7 @@ GURL PreviewsLitePageNavigationThrottle::GetPreviewsURLForURL(
 }
 
 GURL PreviewsLitePageNavigationThrottle::GetPreviewsURL() const {
+  DCHECK(!IsPreviewsDomain(navigation_handle()->GetURL()));
   return GetPreviewsURLForURL(navigation_handle()->GetURL());
 }
 

chrome/browser/previews/previews_lite_page_navigation_throttle.h

@@ -11,8 +11,25 @@
 
 namespace content {
 struct OpenURLParams;
+class BrowserContext;
 }
 
+// If the given URL is a LitePage Preview URL, this returns true but does not
+// change the |url|. This will set |update_virtual_url_with_url| on
+// NavigationEntry so that |HandlePreviewsLitePageURLRewriteReverse| is called
+// when the navigation finishes.
+// Note: This means the virtual URL will not be set during the navigation load.
+// This is handled separately in UI on Android.
+bool HandlePreviewsLitePageURLRewrite(GURL* url,
+                                      content::BrowserContext* browser_context);
+
+// Handles translating the given Lite Page URL to the original URL. Returns true
+// if the given |url| was a preview, otherwise returns false and does not change
+// |url|.
+bool HandlePreviewsLitePageURLRewriteReverse(
+    GURL* url,
+    content::BrowserContext* browser_context);
+
 // This class does the actual decision making about when to serve a Lite Page
 // Server Preview, and the legwork to trigger the Preview navigation. When a
 // Preview is triggered, it will cancel the incoming navigation and PostTask a