IsolatedWorldCSP: Plumb DOMWrapperWorld for ResourceLoaderOptions in

core/script and platform/loader/fetch. This is part of the work to enforce isolated world CSP for resource requests when the feature IsolatedWorldCSP is enabled and to correctly bypass the main world CSP otherwise. Note that it's possible that the plumbed DOMWrapperWorld might not always be completely correct (for example if it is plumbed asynchronously from the point which caused the resource request). However this is still better than the status quo where the CSP checks for isolated worlds are bypassed based on calling FrameFetchContext::ShouldBypassMainWorldCSP() which is often incorrect especially for redirects since we might be in a different different world by then. Further CLs will ensure the DOMWrapperWorld is plumbed for all ResourceLoaderOptions object. BUG=1099975 Change-Id: Idc902e8c6c2c8ee5e5a97ca58189a8b9476eab4c Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2341413Reviewed-by: Yutaka Hirano <yhirano@chromium.org> Commit-Queue: Karan Bhatia <karandeepb@chromium.org> Cr-Commit-Position: refs/heads/master@{#797192}

IsolatedWorldCSP: Plumb DOMWrapperWorld for ResourceLoaderOptions in
core/script and platform/loader/fetch. This is part of the work to enforce isolated world CSP for resource requests when the feature IsolatedWorldCSP is enabled and to correctly bypass the main world CSP otherwise. Note that it's possible that the plumbed DOMWrapperWorld might not always be completely correct (for example if it is plumbed asynchronously from the point which caused the resource request). However this is still better than the status quo where the CSP checks for isolated worlds are bypassed based on calling FrameFetchContext::ShouldBypassMainWorldCSP() which is often incorrect especially for redirects since we might be in a different different world by then. Further CLs will ensure the DOMWrapperWorld is plumbed for all ResourceLoaderOptions object. BUG=1099975 Change-Id: Idc902e8c6c2c8ee5e5a97ca58189a8b9476eab4c Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2341413Reviewed-by: Yutaka Hirano <yhirano@chromium.org> Commit-Queue: Karan Bhatia <karandeepb@chromium.org> Cr-Commit-Position: refs/heads/master@{#797192}
f2002569 · Karandeep Bhatia · Commit Bot · 4fe83f41 · f2002569 · f2002569
Commit f2002569 authored Aug 12, 2020 by Karandeep Bhatia Committed by Commit Bot Aug 12, 2020
13 changed files
--- a/third_party/blink/renderer/core/script/classic_pending_script.cc
+++ b/third_party/blink/renderer/core/script/classic_pending_script.cc
@@ -43,8 +43,9 @@ ClassicPendingScript* ClassicPendingScript::Fetch(
    const WTF::TextEncoding& encoding,
    ScriptElementBase* element,
    FetchParameters::DeferOption defer) {
+  ExecutionContext* context = element_document.GetExecutionContext();
  FetchParameters params(options.CreateFetchParameters(
-      url, element_document.GetExecutionContext()->GetSecurityOrigin(),
+      url, context->GetSecurityOrigin(), context->GetCurrentWorld(),
      cross_origin, encoding, defer));
  ClassicPendingScript* pending_script =

--- a/third_party/blink/renderer/core/script/document_write_intervention.cc
+++ b/third_party/blink/renderer/core/script/document_write_intervention.cc
@@ -220,10 +220,10 @@ void PossiblyFetchBlockedDocWriteScript(
  EmitErrorBlocked(resource->Url(), element_document);
+  ExecutionContext* context = element_document.GetExecutionContext();
  FetchParameters params(options.CreateFetchParameters(
-      resource->Url(),
+      resource->Url(), context->GetSecurityOrigin(), context->GetCurrentWorld(),
-      element_document.GetExecutionContext()->GetSecurityOrigin(), cross_origin,
+      cross_origin, resource->Encoding(), FetchParameters::kIdleLoad));
-      resource->Encoding(), FetchParameters::kIdleLoad));
  AddHeader(&params);
  ScriptResource::Fetch(params, element_document.Fetcher(), nullptr,
                        ScriptResource::kNoStreaming);

--- a/third_party/blink/renderer/platform/loader/fetch/fetch_parameters.cc
+++ b/third_party/blink/renderer/platform/loader/fetch/fetch_parameters.cc
@@ -44,11 +44,10 @@ FetchParameters::FetchParameters(ResourceRequest resource_request,
                                 scoped_refptr<const DOMWrapperWorld> world)
    : resource_request_(std::move(resource_request)),
      decoder_options_(TextResourceDecoderOptions::kPlainTextContent),
+      options_(std::move(world)),
      speculative_preload_type_(SpeculativePreloadType::kNotSpeculative),
      defer_(kNoDefer),
-      image_request_behavior_(kNone) {
+      image_request_behavior_(kNone) {}
-  options_.world = std::move(world);
-}
 FetchParameters::FetchParameters(ResourceRequest resource_request,
                                 const ResourceLoaderOptions& options)

--- a/third_party/blink/renderer/platform/loader/fetch/memory_cache_test.cc
+++ b/third_party/blink/renderer/platform/loader/fetch/memory_cache_test.cc
@@ -88,7 +88,9 @@ class MemoryCacheTest : public testing::Test {
    FakeResource(const char* url, ResourceType type)
        : FakeResource(KURL(url), type) {}
    FakeResource(const KURL& url, ResourceType type)
-        : FakeResource(ResourceRequest(url), type, ResourceLoaderOptions()) {}
+        : FakeResource(ResourceRequest(url),
+                       type,
+                       ResourceLoaderOptions(nullptr /* world */)) {}
    FakeResource(const ResourceRequest& request,
                 ResourceType type,
                 const ResourceLoaderOptions& options)

--- a/third_party/blink/renderer/platform/loader/fetch/raw_resource.h
+++ b/third_party/blink/renderer/platform/loader/fetch/raw_resource.h
@@ -65,7 +65,7 @@ class PLATFORM_EXPORT RawResource final : public Resource {
  // Exposed for testing
  static RawResource* CreateForTest(const ResourceRequest& request,
                                    ResourceType type) {
-    ResourceLoaderOptions options;
+    ResourceLoaderOptions options(nullptr /* world */);
    return MakeGarbageCollected<RawResource>(request, type, options);
  }
  static RawResource* CreateForTest(const KURL& url,

--- a/third_party/blink/renderer/platform/loader/fetch/resource_fetcher_test.cc
+++ b/third_party/blink/renderer/platform/loader/fetch/resource_fetcher_test.cc
@@ -464,7 +464,7 @@ TEST_F(ResourceFetcherTest, MAYBE_DontReuseMediaDataUrl) {
  auto* fetcher = CreateFetcher();
  ResourceRequest request(KURL("data:text/html,foo"));
  request.SetRequestContext(mojom::RequestContextType::VIDEO);
-  ResourceLoaderOptions options;
+  ResourceLoaderOptions options(nullptr /* world */);
  options.data_buffering_policy = kDoNotBufferData;
  options.initiator_info.name = fetch_initiator_type_names::kInternal;
  FetchParameters fetch_params(std::move(request), options);

--- a/third_party/blink/renderer/platform/loader/fetch/resource_loader_options.cc
+++ b/third_party/blink/renderer/platform/loader/fetch/resource_loader_options.cc
@@ -30,11 +30,14 @@
 #include "third_party/blink/renderer/platform/loader/fetch/resource_loader_options.h"
+#include <utility>
 #include "services/network/public/mojom/url_loader_factory.mojom-blink.h"
 namespace blink {
-ResourceLoaderOptions::ResourceLoaderOptions()
+ResourceLoaderOptions::ResourceLoaderOptions(
+    scoped_refptr<const DOMWrapperWorld> world)
    : data_buffering_policy(kBufferData),
      content_security_policy_option(network::mojom::CSPDisposition::CHECK),
      request_initiator_context(kDocumentContext),
@@ -42,7 +45,8 @@ ResourceLoaderOptions::ResourceLoaderOptions()
      cors_handling_by_resource_fetcher(kEnableCorsHandlingByResourceFetcher),
      cors_flag(false),
      parser_disposition(kParserInserted),
-      cache_aware_loading_enabled(kNotCacheAwareLoadingEnabled) {}
+      cache_aware_loading_enabled(kNotCacheAwareLoadingEnabled),
+      world(std::move(world)) {}
 ResourceLoaderOptions::ResourceLoaderOptions(
    const ResourceLoaderOptions& other) = default;

--- a/third_party/blink/renderer/platform/loader/fetch/resource_loader_options.h
+++ b/third_party/blink/renderer/platform/loader/fetch/resource_loader_options.h
@@ -88,7 +88,10 @@ struct PLATFORM_EXPORT ResourceLoaderOptions {
  // resource_loader_options.cc because they require the full definition of
  // URLLoaderFactory for |url_loader_factory| data member, and we'd like
  // to avoid to include huge url_loader_factory.mojom-blink.h.
-  ResourceLoaderOptions();
+  // TODO(crbug.com/896041): Make |world| non-optional by plumbing it for all
+  // requests.
+  explicit ResourceLoaderOptions(
+      scoped_refptr<const DOMWrapperWorld> world = nullptr);
  ResourceLoaderOptions(const ResourceLoaderOptions& other);
  ResourceLoaderOptions& operator=(const ResourceLoaderOptions& other);
  ~ResourceLoaderOptions();
@@ -118,7 +121,8 @@ struct PLATFORM_EXPORT ResourceLoaderOptions {
  CacheAwareLoadingEnabled cache_aware_loading_enabled;
  // The world in which this request initiated. This will be used for CSP checks
-  // if specified. If unspecified, the CSP bound to the FetchContext is used.
+  // if specified. If null, the CSP bound to the FetchContext is used.
+  // TODO(crbug.com/896041): Rename to |world_for_csp|.
  scoped_refptr<const DOMWrapperWorld> world;
  // If not null, this URLLoaderFactory should be used to load this resource

--- a/third_party/blink/renderer/platform/loader/fetch/script_fetch_options.cc
+++ b/third_party/blink/renderer/platform/loader/fetch/script_fetch_options.cc
@@ -4,6 +4,8 @@
 #include "third_party/blink/renderer/platform/loader/fetch/script_fetch_options.h"
+#include <utility>
 #include "third_party/blink/renderer/platform/weborigin/kurl.h"
 #include "third_party/blink/renderer/platform/weborigin/security_origin.h"
@@ -13,6 +15,7 @@ namespace blink {
 FetchParameters ScriptFetchOptions::CreateFetchParameters(
    const KURL& url,
    const SecurityOrigin* security_origin,
+    scoped_refptr<const DOMWrapperWorld> world_for_csp,
    CrossOriginAttributeValue cross_origin,
    const WTF::TextEncoding& encoding,
    FetchParameters::DeferOption defer) const {
@@ -21,7 +24,7 @@ FetchParameters ScriptFetchOptions::CreateFetchParameters(
  ResourceRequest resource_request(url);
  // Step 1. ... "script", ... [spec text]
-  ResourceLoaderOptions resource_loader_options;
+  ResourceLoaderOptions resource_loader_options(std::move(world_for_csp));
  resource_loader_options.initiator_info.name = "script";
  resource_loader_options.reject_coep_unsafe_none = reject_coep_unsafe_none_;
  FetchParameters params(std::move(resource_request), resource_loader_options);

--- a/third_party/blink/renderer/platform/loader/fetch/script_fetch_options.h
+++ b/third_party/blink/renderer/platform/loader/fetch/script_fetch_options.h
@@ -19,6 +19,7 @@
 namespace blink {
+class DOMWrapperWorld;
 class KURL;
 class SecurityOrigin;
@@ -82,11 +83,13 @@ class PLATFORM_EXPORT ScriptFetchOptions final {
  // https://html.spec.whatwg.org/C/#fetch-a-classic-script
  // Steps 1 and 3.
-  FetchParameters CreateFetchParameters(const KURL&,
+  FetchParameters CreateFetchParameters(
-                                        const SecurityOrigin*,
+      const KURL&,
-                                        CrossOriginAttributeValue,
+      const SecurityOrigin*,
-                                        const WTF::TextEncoding&,
+      scoped_refptr<const DOMWrapperWorld> world,
-                                        FetchParameters::DeferOption) const;
+      CrossOriginAttributeValue,
+      const WTF::TextEncoding&,
+      FetchParameters::DeferOption) const;
 private:
  // https://html.spec.whatwg.org/C/#concept-script-fetch-options-nonce

--- a/third_party/blink/renderer/platform/loader/fetch/url_loader/worker_main_script_loader.h
+++ b/third_party/blink/renderer/platform/loader/fetch/url_loader/worker_main_script_loader.h
@@ -109,7 +109,7 @@ class PLATFORM_EXPORT WorkerMainScriptLoader final
  Member<ResourceLoadObserver> resource_load_observer_;
  ResourceRequest initial_request_;
-  ResourceLoaderOptions resource_loader_options_;
+  ResourceLoaderOptions resource_loader_options_{nullptr /* world */};
  KURL initial_request_url_;
  KURL last_request_url_;
  ResourceResponse resource_response_;

--- a/third_party/blink/renderer/platform/loader/fetch/url_loader/worker_main_script_loader_unittest.cc
+++ b/third_party/blink/renderer/platform/loader/fetch/url_loader/worker_main_script_loader_unittest.cc
@@ -232,7 +232,8 @@ class WorkerMainScriptLoaderTest : public testing::Test {
    request.SetRequestContext(mojom::RequestContextType::SHARED_WORKER);
    request.SetRequestDestination(
        network::mojom::RequestDestination::kSharedWorker);
-    FetchParameters fetch_params(std::move(request), ResourceLoaderOptions());
+    FetchParameters fetch_params(std::move(request),
+                                 ResourceLoaderOptions(nullptr /* world */));
    WorkerMainScriptLoader* worker_main_script_loader =
        MakeGarbageCollected<WorkerMainScriptLoader>();
    worker_main_script_loader->Start(

--- a/third_party/blink/renderer/platform/loader/testing/mock_resource.cc
+++ b/third_party/blink/renderer/platform/loader/testing/mock_resource.cc
@@ -37,7 +37,7 @@ MockResource* MockResource::Fetch(FetchParameters& params,
 MockResource::MockResource(const KURL& url)
    : MockResource(ResourceRequest(url)) {}
 MockResource::MockResource(const ResourceRequest& request)
-    : MockResource(request, ResourceLoaderOptions()) {}
+    : MockResource(request, ResourceLoaderOptions(nullptr /* world */)) {}
 MockResource::MockResource(const ResourceRequest& request,
                           const ResourceLoaderOptions& options)
    : Resource(request, ResourceType::kMock, options) {}