Remove features::kCrossSiteDocumentBlocking...

Cross-Origin Read Blocking (CORB) was enabled by default in 68.0.3410.0.
Since this feature has shipped quite a while ago, it seems that now is a
good time to remove the code responsible for enabling/disabling the
feature.

Bug: 802835
Change-Id: I11b3058447607b31cb27a3e7dbc8db137411d7b8
Reviewed-on: https://chromium-review.googlesource.com/1228485Reviewed-by: Charlie Reis <creis@chromium.org>
Commit-Queue: Łukasz Anforowicz <lukasza@chromium.org>
Cr-Commit-Position: refs/heads/master@{#592840}

content/browser/loader/cross_site_document_blocking_browsertest.cc

@@ -936,40 +936,6 @@ IN_PROC_BROWSER_TEST_F(CrossSiteDocumentBlockingServiceWorkerTest,
   EXPECT_EQ("error: TypeError: Failed to fetch", response);
 }
 
-class CrossSiteDocumentBlockingKillSwitchTest
-    : public CrossSiteDocumentBlockingTest {
- public:
-  CrossSiteDocumentBlockingKillSwitchTest() {
-    // Simulate flipping both of the kill switches.
-    std::vector<base::Feature> disabled_features = {
-        features::kCrossSiteDocumentBlockingAlways,
-        features::kCrossSiteDocumentBlockingIfIsolating,
-    };
-    scoped_feature_list_.InitWithFeatures({}, disabled_features);
-  }
-
-  ~CrossSiteDocumentBlockingKillSwitchTest() override {}
-
- private:
-  base::test::ScopedFeatureList scoped_feature_list_;
-
-  DISALLOW_COPY_AND_ASSIGN(CrossSiteDocumentBlockingKillSwitchTest);
-};
-
-// After the kill switch is flipped, there should be no document blocking.
-IN_PROC_BROWSER_TEST_F(CrossSiteDocumentBlockingKillSwitchTest,
-                       NoBlockingWithKillSwitch) {
-  // Load a page that issues illegal cross-site document requests to bar.com.
-  embedded_test_server()->StartAcceptingConnections();
-  GURL foo_url("http://foo.com/cross_site_document_blocking/request.html");
-  EXPECT_TRUE(NavigateToURL(shell(), foo_url));
-
-  bool was_blocked;
-  ASSERT_TRUE(ExecuteScriptAndExtractBool(
-      shell(), "sendRequest(\"valid.html\");", &was_blocked));
-  EXPECT_FALSE(was_blocked);
-}
-
 // Test class to verify that --disable-web-security turns off CORB.  This
 // inherits from CrossSiteDocumentBlockingTest, so it runs in SitePerProcess.
 class CrossSiteDocumentBlockingDisableWebSecurityTest
@@ -1000,37 +966,6 @@ IN_PROC_BROWSER_TEST_F(CrossSiteDocumentBlockingDisableWebSecurityTest,
   EXPECT_FALSE(was_blocked);
 }
 
-// Test class to verify that kCrossSiteDocumentBlockingAlways does not take
-// precedence over --disable-web-security.  This inherits from
-// CrossSiteDocumentBlockingTest, so it runs in SitePerProcess.
-class CrossSiteDocumentBlockingDisableVsFeatureTest
-    : public CrossSiteDocumentBlockingDisableWebSecurityTest {
- public:
-  CrossSiteDocumentBlockingDisableVsFeatureTest() {
-    scoped_feature_list_.InitAndEnableFeature(
-        features::kCrossSiteDocumentBlockingAlways);
-  }
-  ~CrossSiteDocumentBlockingDisableVsFeatureTest() override {}
-
- private:
-  base::test::ScopedFeatureList scoped_feature_list_;
-
-  DISALLOW_COPY_AND_ASSIGN(CrossSiteDocumentBlockingDisableVsFeatureTest);
-};
-
-IN_PROC_BROWSER_TEST_F(CrossSiteDocumentBlockingDisableVsFeatureTest,
-                       DisableBlocking) {
-  // Load a page that issues illegal cross-site document requests.
-  embedded_test_server()->StartAcceptingConnections();
-  GURL foo_url("http://foo.com/cross_site_document_blocking/request.html");
-  EXPECT_TRUE(NavigateToURL(shell(), foo_url));
-
-  bool was_blocked;
-  ASSERT_TRUE(ExecuteScriptAndExtractBool(
-      shell(), "sendRequest(\"valid.html\");", &was_blocked));
-  EXPECT_FALSE(was_blocked);
-}
-
 // Test class to verify that documents are blocked for isolated origins as well.
 class CrossSiteDocumentBlockingIsolatedOriginTest
     : public CrossSiteDocumentBlockingTest {

content/browser/loader/cross_site_document_resource_handler.cc

@@ -26,9 +26,9 @@
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/content_browser_client.h"
 #include "content/public/browser/resource_context.h"
-#include "content/public/browser/site_isolation_policy.h"
 #include "content/public/browser/web_contents.h"
 #include "content/public/common/content_client.h"
+#include "content/public/common/content_switches.h"
 #include "net/base/io_buffer.h"
 #include "net/base/mime_sniffer.h"
 #include "net/url_request/url_request.h"
@@ -590,26 +590,10 @@ bool CrossSiteDocumentResourceHandler::ShouldBlockBasedOnHeaders(
   if (analyzer_->ShouldAllow())
     return false;
 
-  // Check if the response's site needs to have its documents protected.  By
-  // default, this will usually return false.
-  // TODO(creis): This check can go away once the logic here is made fully
-  // backward compatible and we can enforce it always, regardless of Site
-  // Isolation policy.
-  switch (SiteIsolationPolicy::IsCrossSiteDocumentBlockingEnabled()) {
-    case SiteIsolationPolicy::XSDB_ENABLED_UNCONDITIONALLY:
-      break;
-    case SiteIsolationPolicy::XSDB_ENABLED_IF_ISOLATED: {
-      url::Origin target_origin = url::Origin::Create(request()->url());
-      if (!SiteIsolationPolicy::UseDedicatedProcessesForAllSites() &&
-          !ChildProcessSecurityPolicyImpl::GetInstance()->IsIsolatedOrigin(
-              target_origin)) {
-        return false;
-      }
-      break;
-    }
-    case SiteIsolationPolicy::XSDB_DISABLED:
-      return false;
-  }
+  // --disable-web-security also disables Cross-Origin Read Blocking (CORB).
+  if (base::CommandLine::ForCurrentProcess()->HasSwitch(
+          switches::kDisableWebSecurity))
+    return false;
 
   // Only block if this is a request made from a renderer process.
   const ResourceRequestInfoImpl* info = GetRequestInfo();

content/public/browser/site_isolation_policy.cc

@@ -46,48 +46,17 @@ bool SiteIsolationPolicy::UseDedicatedProcessesForAllSites() {
          GetContentClient()->browser()->ShouldEnableStrictSiteIsolation();
 }
 
-// static
-SiteIsolationPolicy::CrossSiteDocumentBlockingEnabledState
-SiteIsolationPolicy::IsCrossSiteDocumentBlockingEnabled() {
-  // --disable-web-security also disables cross-origin response blocking (CORB).
-  if (base::CommandLine::ForCurrentProcess()->HasSwitch(
-          switches::kDisableWebSecurity)) {
-    return XSDB_DISABLED;
-  }
-
-  if (base::FeatureList::IsEnabled(
-          ::features::kCrossSiteDocumentBlockingAlways)) {
-    return XSDB_ENABLED_UNCONDITIONALLY;
-  }
-
-  if (base::FeatureList::IsEnabled(
-          ::features::kCrossSiteDocumentBlockingIfIsolating)) {
-    return XSDB_ENABLED_IF_ISOLATED;
-  }
-
-  return XSDB_DISABLED;
-}
-
 // static
 void SiteIsolationPolicy::PopulateURLLoaderFactoryParamsPtrForCORB(
     network::mojom::URLLoaderFactoryParams* params) {
-  switch (IsCrossSiteDocumentBlockingEnabled()) {
-    case SiteIsolationPolicy::XSDB_ENABLED_UNCONDITIONALLY:
-      params->is_corb_enabled = true;
-      break;
-    case SiteIsolationPolicy::XSDB_ENABLED_IF_ISOLATED: {
-      // TODO(lukasza): Take isolate-origins into account as well.
-      params->is_corb_enabled = UseDedicatedProcessesForAllSites();
-      break;
-    }
-    case SiteIsolationPolicy::XSDB_DISABLED:
-      params->is_corb_enabled = false;
-      break;
-  }
-
-  if (!params->is_corb_enabled)
+  // --disable-web-security also disables Cross-Origin Read Blocking (CORB).
+  if (base::CommandLine::ForCurrentProcess()->HasSwitch(
+          switches::kDisableWebSecurity)) {
+    params->is_corb_enabled = false;
     return;
+  }
 
+  params->is_corb_enabled = true;
   params->corb_detachable_resource_type = RESOURCE_TYPE_PREFETCH;
   params->corb_excluded_resource_type = RESOURCE_TYPE_PLUGIN_RESOURCE;
 

content/public/browser/site_isolation_policy.h

@@ -33,15 +33,6 @@ class CONTENT_EXPORT SiteIsolationPolicy {
   // Returns true if every site should be placed in a dedicated process.
   static bool UseDedicatedProcessesForAllSites();
 
-  // Returns whether cross-site document responses can be blocked.
-  enum CrossSiteDocumentBlockingEnabledState {
-    XSDB_ENABLED_UNCONDITIONALLY,
-    XSDB_ENABLED_IF_ISOLATED,
-    XSDB_DISABLED,
-  };
-  static CrossSiteDocumentBlockingEnabledState
-  IsCrossSiteDocumentBlockingEnabled();
-
   // Populates CORB-related (Cross-Origin Read Blocking related) parts of the
   // URLLoaderFactoryParams depending on the current Site Isolation policy.
   static void PopulateURLLoaderFactoryParamsPtrForCORB(

content/public/common/content_features.cc

@@ -110,16 +110,6 @@ const base::Feature kCompositeOpaqueScrollers{"CompositeOpaqueScrollers",
 const base::Feature kCompositorTouchAction{"CompositorTouchAction",
                                            base::FEATURE_DISABLED_BY_DEFAULT};
 
-// Enables blocking cross-site document responses (not paying attention to
-// whether a site isolation mode is also enabled).
-const base::Feature kCrossSiteDocumentBlockingAlways{
-    "CrossSiteDocumentBlockingAlways", base::FEATURE_ENABLED_BY_DEFAULT};
-
-// Enables blocking cross-site document responses if one of site isolation modes
-// is (e.g. site-per-process or isolate-origins) is enabled.
-const base::Feature kCrossSiteDocumentBlockingIfIsolating{
-    "CrossSiteDocumentBlockingIfIsolating", base::FEATURE_ENABLED_BY_DEFAULT};
-
 // Enables specification of a target element in the fragment identifier
 // via a CSS selector.
 const base::Feature kCSSFragmentIdentifiers{"CSSFragmentIdentifiers",

content/public/common/content_features.h

@@ -35,8 +35,6 @@ CONTENT_EXPORT extern const base::Feature kCanvas2DImageChromium;
 CONTENT_EXPORT extern const base::Feature kCompositeOpaqueFixedPosition;
 CONTENT_EXPORT extern const base::Feature kCompositeOpaqueScrollers;
 CONTENT_EXPORT extern const base::Feature kCompositorTouchAction;
-CONTENT_EXPORT extern const base::Feature kCrossSiteDocumentBlockingAlways;
-CONTENT_EXPORT extern const base::Feature kCrossSiteDocumentBlockingIfIsolating;
 CONTENT_EXPORT extern const base::Feature kCSSFragmentIdentifiers;
 CONTENT_EXPORT extern const base::Feature kDataSaverHoldback;
 CONTENT_EXPORT extern const base::Feature kExperimentalProductivityFeatures;