Base `Sec-Fetch-Site` checks on the per-NetworkContext OriginAccessList.

After https://crrev.com/c/2566090, the per-NetworkContext
OriginAccessList and the per-factory OriginAccessList cover the same
permissions.  This means that there is no need to maintain both - to
prepare for the removal of `factory_bound_access_patterns`, this CL
switches `SetSecFetchSiteHeader` checks to be based on the
per-NetworkContext OriginAccessList.

Bug: 936310
Change-Id: I33a8631f2ec2dea110ed6ad12bec672e6b564a76
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2587394
Commit-Queue: Łukasz Anforowicz <lukasza@chromium.org>
Reviewed-by: Takashi Toyoshima <toyoshim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#846452}

services/network/sec_header_helpers.cc

@@ -72,10 +72,10 @@ SecFetchSiteValue SecFetchSiteHeaderValue(const GURL& target_url,
   return SecFetchSiteValue::kCrossSite;
 }
 
-void SetSecFetchSiteHeader(
-    net::URLRequest* request,
-    const GURL* pending_redirect_url,
-    const mojom::URLLoaderFactoryParams& factory_params) {
+void SetSecFetchSiteHeader(net::URLRequest* request,
+                           const GURL* pending_redirect_url,
+                           const mojom::URLLoaderFactoryParams& factory_params,
+                           const cors::OriginAccessList* origin_access_list) {
   SecFetchSiteValue header_value;
   url::Origin initiator = GetTrustworthyInitiator(
       factory_params.request_initiator_origin_lock, request->initiator());
@@ -86,14 +86,9 @@ void SetSecFetchSiteHeader(
   // `Sec-Fetch-Site: cross-site`. Other requests default to `kSameOrigin`,
   // and walk through the request's URL chain to calculate the
   // correct value.
-  if (factory_params.unsafe_non_webby_initiator) {
-    cors::OriginAccessList origin_access_list;
-    origin_access_list.SetAllowListForOrigin(
-        factory_params.factory_bound_access_patterns->source_origin,
-        factory_params.factory_bound_access_patterns->allow_patterns);
-    if (origin_access_list.CheckAccessState(
-            factory_params.factory_bound_access_patterns->source_origin,
-            request->url()) == cors::OriginAccessList::AccessState::kAllowed) {
+  if (factory_params.unsafe_non_webby_initiator && origin_access_list) {
+    if (origin_access_list->CheckAccessState(initiator, request->url()) ==
+        cors::OriginAccessList::AccessState::kAllowed) {
       header_value = SecFetchSiteValue::kNoOrigin;
     } else {
       header_value = SecFetchSiteValue::kCrossSite;
@@ -155,7 +150,8 @@ void SetFetchMetadataHeaders(
     bool has_user_activation,
     network::mojom::RequestDestination dest,
     const GURL* pending_redirect_url,
-    const mojom::URLLoaderFactoryParams& factory_params) {
+    const mojom::URLLoaderFactoryParams& factory_params,
+    const cors::OriginAccessList* origin_access_list) {
   DCHECK(request);
   DCHECK_NE(0u, request->url_chain().size());
 
@@ -165,7 +161,8 @@ void SetFetchMetadataHeaders(
   if (!IsUrlPotentiallyTrustworthy(target_url))
     return;
 
-  SetSecFetchSiteHeader(request, pending_redirect_url, factory_params);
+  SetSecFetchSiteHeader(request, pending_redirect_url, factory_params,
+                        origin_access_list);
   SetSecFetchModeHeader(request, mode);
   SetSecFetchUserHeader(request, has_user_activation);
   SetSecFetchDestHeader(request, dest);

services/network/sec_header_helpers.h

@@ -15,6 +15,10 @@ class URLRequest;
 
 namespace network {
 
+namespace cors {
+class OriginAccessList;
+}  // namespace cors
+
 namespace mojom {
 class URLLoaderFactoryParams;
 }  // namespace mojom
@@ -36,7 +40,8 @@ void SetFetchMetadataHeaders(
     bool has_user_activation,
     network::mojom::RequestDestination dest,
     const GURL* pending_redirect_url,
-    const mojom::URLLoaderFactoryParams& factory_params);
+    const mojom::URLLoaderFactoryParams& factory_params,
+    const cors::OriginAccessList* origin_access_list);
 
 // Removes any sec-ch- or sec-fetch- prefixed request headers on the |request|
 // if the |pending_redirect_url| is not trustworthy and the current url is.

services/network/sec_header_helpers_unittest.cc

@@ -9,6 +9,7 @@
 #include "net/url_request/url_request.h"
 #include "net/url_request/url_request_context.h"
 #include "net/url_request/url_request_test_util.h"
+#include "services/network/public/cpp/cors/origin_access_list.h"
 #include "services/network/public/mojom/cors_origin_pattern.mojom.h"
 #include "services/network/public/mojom/fetch_api.mojom.h"
 #include "services/network/public/mojom/network_context.mojom.h"
@@ -20,6 +21,7 @@ namespace {
 
 constexpr char kSecureSite[] = "https://site.tld";
 constexpr char kInsecureSite[] = "http://othersite.tld";
+constexpr char kPrivilegedInitiator[] = "https://chrome-extension.example.com";
 
 constexpr char kKnownSecChHeader[] = "Sec-CH-UA";
 constexpr char kKnownSecFetchSiteHeader[] = "Sec-Fetch-Site";
@@ -41,8 +43,11 @@ class SecHeaderHelpersTest : public PlatformTest {
       : task_environment_(base::test::TaskEnvironment::MainThreadType::IO),
         url_request_(context_.CreateRequest(GURL(kSecureSite),
                                             net::DEFAULT_PRIORITY,
-                                            /*request_delegate=*/nullptr,
-                                            TRAFFIC_ANNOTATION_FOR_TESTS)) {}
+                                            /*delegate=*/nullptr,
+                                            TRAFFIC_ANNOTATION_FOR_TESTS)) {
+    url_request_->set_initiator(
+        url::Origin::Create(GURL(kPrivilegedInitiator)));
+  }
 
   net::URLRequest* url_request() const { return url_request_.get(); }
 
@@ -164,14 +169,13 @@ TEST_F(SecHeaderHelpersTest, UnprivilegedRequestOnExtension) {
 
   network::mojom::URLLoaderFactoryParams params;
   params.unsafe_non_webby_initiator = true;
-  params.factory_bound_access_patterns =
-      network::mojom::CorsOriginAccessPatterns::New();
-  params.factory_bound_access_patterns->source_origin =
-      url::Origin::Create(url);
-
-  SetFetchMetadataHeaders(
-      current_url_request, network::mojom::RequestMode::kCors, false,
-      network::mojom::RequestDestination::kIframe, &url, params);
+
+  cors::OriginAccessList origin_access_list;  // empty in this test
+
+  SetFetchMetadataHeaders(current_url_request,
+                          network::mojom::RequestMode::kCors, false,
+                          network::mojom::RequestDestination::kIframe, &url,
+                          params, &origin_access_list);
   ASSERT_EQ(3, static_cast<int>(current_url_request->extra_request_headers()
                                     .GetHeaderVector()
                                     .size()));
@@ -198,19 +202,21 @@ TEST_F(SecHeaderHelpersTest, PrivilegedRequestOnExtension) {
 
   network::mojom::URLLoaderFactoryParams params;
   params.unsafe_non_webby_initiator = true;
-  params.factory_bound_access_patterns =
-      network::mojom::CorsOriginAccessPatterns::New();
-  params.factory_bound_access_patterns->source_origin =
-      url::Origin::Create(url);
-  params.factory_bound_access_patterns->allow_patterns.push_back(
-      mojom::CorsOriginPattern::New(
-          url.scheme(), url.host(), 0,
-          mojom::CorsDomainMatchMode::kDisallowSubdomains,
-          mojom::CorsPortMatchMode::kAllowAnyPort,
-          mojom::CorsOriginAccessMatchPriority::kDefaultPriority));
-  SetFetchMetadataHeaders(
-      current_url_request, network::mojom::RequestMode::kCors, true,
-      network::mojom::RequestDestination::kEmbed, &url, params);
+
+  cors::OriginAccessList origin_access_list;
+  origin_access_list.AddAllowListEntryForOrigin(
+      url::Origin::Create(GURL(kPrivilegedInitiator)),  // source_origin
+      url.scheme(),                                     // protocol
+      url.host(),                                       // domain
+      0,                                                // port
+      mojom::CorsDomainMatchMode::kDisallowSubdomains,
+      mojom::CorsPortMatchMode::kAllowAnyPort,
+      mojom::CorsOriginAccessMatchPriority::kDefaultPriority);
+
+  SetFetchMetadataHeaders(current_url_request,
+                          network::mojom::RequestMode::kCors, true,
+                          network::mojom::RequestDestination::kEmbed, &url,
+                          params, &origin_access_list);
 
   ASSERT_EQ(4, static_cast<int>(current_url_request->extra_request_headers()
                                     .GetHeaderVector()

services/network/url_loader.cc

@@ -610,7 +610,7 @@ URLLoader::URLLoader(
 
   SetFetchMetadataHeaders(url_request_.get(), request_mode_,
                           has_user_activation_, request_destination_, nullptr,
-                          *factory_params_);
+                          *factory_params_, origin_access_list_);
 
   if (request.update_first_party_url_on_redirect) {
     url_request_->set_first_party_url_policy(
@@ -1143,7 +1143,8 @@ void URLLoader::OnReceivedRedirect(net::URLRequest* url_request,
   MaybeRemoveSecHeaders(url_request_.get(), redirect_info.new_url);
   SetFetchMetadataHeaders(url_request_.get(), request_mode_,
                           has_user_activation_, request_destination_,
-                          &redirect_info.new_url, *factory_params_);
+                          &redirect_info.new_url, *factory_params_,
+                          origin_access_list_);
 
   url_loader_client_->OnReceiveRedirect(redirect_info, std::move(response));
 }