expose `destination` value on `Request` objects.

Currently, frame is detected as iframe in `destination` which will be fixed in https://bugs.chromium.org/p/chromium/issues/detail?id=1019716. Bug: 1011724 Change-Id: I722bcbccac3bfc914844711fb6feb1e21f859a6f Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1886863Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Reviewed-by: Mike West <mkwst@chromium.org> Commit-Queue: Yifan Luo <lyf@google.com> Cr-Commit-Position: refs/heads/master@{#712500}

expose `destination` value on `Request` objects.
Currently, frame is detected as iframe in `destination` which will be fixed in https://bugs.chromium.org/p/chromium/issues/detail?id=1019716. Bug: 1011724 Change-Id: I722bcbccac3bfc914844711fb6feb1e21f859a6f Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1886863Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Reviewed-by: Mike West <mkwst@chromium.org> Commit-Queue: Yifan Luo <lyf@google.com> Cr-Commit-Position: refs/heads/master@{#712500}
fbfd83be · Yifan Luo · Commit Bot · c2ef32b4 · fbfd83be · fbfd83be
Commit fbfd83be authored Nov 05, 2019 by Yifan Luo Committed by Commit Bot Nov 05, 2019
17 changed files
--- a/content/browser/frame_host/navigation_request_browsertest.cc
+++ b/content/browser/frame_host/navigation_request_browsertest.cc
@@ -1209,7 +1209,7 @@ IN_PROC_BROWSER_TEST_F(NavigationRequestBrowserTest,
  EXPECT_EQ(2, installer.install_count());
  EXPECT_EQ(b_url, url_recorder.urls().back());
  EXPECT_EQ(2ul, url_recorder.urls().size());
-  EXPECT_EQ(blink::mojom::RequestContextType::LOCATION,
+  EXPECT_EQ(blink::mojom::RequestContextType::IFRAME,
            installer.navigation_throttle()->request_context_type());

  // Ditto for frame c navigation.
@@ -1218,7 +1218,7 @@ IN_PROC_BROWSER_TEST_F(NavigationRequestBrowserTest,
  EXPECT_EQ(3, installer.install_count());
  EXPECT_EQ(c_url, url_recorder.urls().back());
  EXPECT_EQ(3ul, url_recorder.urls().size());
-  EXPECT_EQ(blink::mojom::RequestContextType::LOCATION,
+  EXPECT_EQ(blink::mojom::RequestContextType::IFRAME,
            installer.navigation_throttle()->request_context_type());

  // Lets the final navigation finish so that we conclude running the

--- a/third_party/blink/renderer/core/fetch/request.idl
+++ b/third_party/blink/renderer/core/fetch/request.idl
@@ -6,7 +6,7 @@

 typedef (Request or USVString) RequestInfo;

-enum RequestDestination { "", "audio", "audioworklet", "document", "embed", "font", "image", "manifest", "object", "paintworklet", "report",
+enum RequestDestination { "", "audio", "audioworklet", "document", "embed", "font", "frame", "iframe", "image", "manifest", "object", "paintworklet", "report",
    "script", "sharedworker", "style",  "track", "video", "worker", "xslt" };
 enum RequestMode { "navigate", "same-origin", "no-cors", "cors" };
 enum RequestCredentials { "omit", "same-origin", "include" };

--- a/third_party/blink/renderer/core/loader/frame_loader.cc
+++ b/third_party/blink/renderer/core/loader/frame_loader.cc
@@ -662,8 +662,15 @@ void FrameLoader::StartNavigation(const FrameLoadRequest& passed_request,
  WebNavigationType navigation_type = DetermineNavigationType(
      frame_load_type, resource_request.HttpBody() || request.Form(),
      request.GetTriggeringEventInfo() != TriggeringEventInfo::kNotFromEvent);
-  resource_request.SetRequestContext(
-      DetermineRequestContextFromNavigationType(navigation_type));
+  mojom::RequestContextType request_context_type =
+      DetermineRequestContextFromNavigationType(navigation_type);
+
+  // TODO(lyf): handle `frame` context type. https://crbug.com/1019716
+  if (mojom::RequestContextType::LOCATION == request_context_type &&
+      !frame_->IsMainFrame()) {
+    request_context_type = mojom::RequestContextType::IFRAME;
+  }
+  resource_request.SetRequestContext(request_context_type);
  request.SetFrameType(frame_->IsMainFrame()
                           ? network::mojom::RequestContextFrameType::kTopLevel
                           : network::mojom::RequestContextFrameType::kNested);

--- a/third_party/blink/web_tests/external/wpt/fetch/api/request/destination/fetch-destination-frame.https-expected.txt
+++ b/third_party/blink/web_tests/external/wpt/fetch/api/request/destination/fetch-destination-frame.https-expected.txt
+This is a testharness.js-based test.
+PASS Initialize global state
+FAIL frame fetches with a "frame" Request.destination assert_unreached: Wrong destination. Reached unreachable code
+Harness: the test ran to completion.
+
--- a/third_party/blink/web_tests/external/wpt/fetch/api/request/destination/fetch-destination-frame.https.html
+++ b/third_party/blink/web_tests/external/wpt/fetch/api/request/destination/fetch-destination-frame.https.html
+<!DOCTYPE html>
+<title>Fetch destination tests for resources with no load event</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="/common/get-host-info.sub.js"></script>
+<script src="/service-workers/service-worker/resources/test-helpers.sub.js"></script>
+<script>
+let frame;
+const kScope = 'resources/dummy.html?dest=frame';
+
+// Set up the service worker and the frame.
+promise_test(t => {
+    const kScript = 'resources/fetch-destination-worker-frame.js';
+    return service_worker_unregister_and_register(t, kScript, kScope)
+      .then(registration => {
+          add_completion_callback(() => {
+              registration.unregister();
+            });
+
+          return wait_for_state(t, registration.installing, 'activated');
+        });
+  }, 'Initialize global state');
+
+var waitOnMessageFromSW = async t => {
+    await new Promise((resolve, reject) => {
+        navigator.serviceWorker.onmessage = t.step_func(event => {
+            if (event.data == "PASS") {
+                resolve();
+            } else {
+                reject();
+            }
+        });
+    }).catch(() => {;
+        assert_unreached("Wrong destination.");
+    });
+    t.add_cleanup(() => { frame.contentWindow.navigator.serviceWorker.onmessage = null; });
+}
+
+// Document destination
+///////////////////////
+promise_test(async t => {
+    var f = document.createElement('frame');
+    frame = f;
+    f.className = 'test-frame';
+    f.src = kScope;
+    document.body.appendChild(f);
+    await waitOnMessageFromSW(t);
+    add_completion_callback(() => { f.remove(); });
+}, 'frame fetches with a "frame" Request.destination');
+
+</script>
--- a/third_party/blink/web_tests/external/wpt/fetch/api/request/destination/fetch-destination-iframe.https.html
+++ b/third_party/blink/web_tests/external/wpt/fetch/api/request/destination/fetch-destination-iframe.https.html
@@ -6,7 +6,7 @@
 <script src="/service-workers/service-worker/resources/test-helpers.sub.js"></script>
 <script>
 let frame;
-const kScope = 'resources/dummy.html?dest=document';
+const kScope = 'resources/dummy.html?dest=iframe';

 // Set up the service worker and the frame.
 promise_test(t => {
@@ -46,6 +46,6 @@ promise_test(async t => {
    document.body.appendChild(f);
    await waitOnMessageFromSW(t);
    add_completion_callback(() => { f.remove(); });
-}, 'iframe fetches with a "document" Request.destination');
+}, 'iframe fetches with a "iframe" Request.destination');

 </script>
--- a/third_party/blink/web_tests/external/wpt/fetch/api/request/destination/resources/fetch-destination-worker-frame.js
+++ b/third_party/blink/web_tests/external/wpt/fetch/api/request/destination/resources/fetch-destination-worker-frame.js
+self.addEventListener('fetch', function(event) {
+    if (event.request.url.includes('dummy')) {
+        event.waitUntil(async function() {
+            let destination = new URL(event.request.url).searchParams.get("dest");
+            let clients = await self.clients.matchAll({"includeUncontrolled": true});
+            clients.forEach(function(client) {
+                if (client.url.includes("fetch-destination-frame")) {
+                    if (event.request.destination == destination) {
+                        client.postMessage("PASS");
+                    } else {
+                        client.postMessage("FAIL");
+                    }
+                }
+            })
+        }());
+    }
+    event.respondWith(fetch(event.request));
+});
+
+
--- a/third_party/blink/web_tests/external/wpt/interfaces/fetch.idl
+++ b/third_party/blink/web_tests/external/wpt/interfaces/fetch.idl
@@ -70,7 +70,7 @@ dictionary RequestInit {
  any window; // can only be set to null
 };

-enum RequestDestination { "", "audio", "audioworklet", "document", "embed", "font", "image", "manifest", "object", "paintworklet", "report", "script", "sharedworker", "style",  "track", "video", "worker", "xslt" };
+enum RequestDestination { "", "audio", "audioworklet", "document", "embed", "font", "frame", "iframe", "image", "manifest", "object", "paintworklet", "report", "script", "sharedworker", "style",  "track", "video", "worker", "xslt" };
 enum RequestMode { "navigate", "same-origin", "no-cors", "cors" };
 enum RequestCredentials { "omit", "same-origin", "include" };
 enum RequestCache { "default", "no-store", "reload", "no-cache", "force-cache", "only-if-cached" };

--- a/third_party/blink/web_tests/http/tests/security/mixedContent/insecure-frame-in-data-iframe-in-main-frame-blocked-expected.txt
+++ b/third_party/blink/web_tests/http/tests/security/mixedContent/insecure-frame-in-data-iframe-in-main-frame-blocked-expected.txt
-CONSOLE ERROR: line 1: Mixed Content: The page at 'https://127.0.0.1:8443/security/mixedContent/resources/frame-with-data-url-frame-with-frame.html' was loaded over HTTPS, but requested an insecure resource 'http://example.test:8080/security/mixedContent/resources/boring.html'. This request has been blocked; the content must be served over HTTPS.
+CONSOLE ERROR: line 1: Mixed Content: The page at 'https://127.0.0.1:8443/security/mixedContent/resources/frame-with-data-url-frame-with-frame.html' was loaded over HTTPS, but requested an insecure frame 'http://example.test:8080/security/mixedContent/resources/boring.html'. This request has been blocked; the content must be served over HTTPS.
 This test opens a window that loads a data: iframe that loads an insecure frame, and that the frame is still blocked.
--- a/third_party/blink/web_tests/http/tests/security/mixedContent/insecure-iframe-in-iframe-expected.txt
+++ b/third_party/blink/web_tests/http/tests/security/mixedContent/insecure-iframe-in-iframe-expected.txt
-CONSOLE WARNING: line 8: Mixed Content: The page at 'https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-frame.html' was loaded over HTTPS, but requested an insecure resource 'http://example.test:8080/security/mixedContent/resources/boring.html'. This content should also be served over HTTPS.
+CONSOLE WARNING: line 8: Mixed Content: The page at 'https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-frame.html' was loaded over HTTPS, but requested an insecure frame 'http://example.test:8080/security/mixedContent/resources/boring.html'. This content should also be served over HTTPS.
 This test loads a secure iframe that loads an insecure iframe. We should get a mixed content callback becase the child frame is HTTPS.
--- a/third_party/blink/web_tests/http/tests/security/mixedContent/insecure-iframe-in-main-frame-allowed-expected.txt
+++ b/third_party/blink/web_tests/http/tests/security/mixedContent/insecure-iframe-in-main-frame-allowed-expected.txt
-CONSOLE WARNING: line 9: Mixed Content: The page at 'https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-iframe.html' was loaded over HTTPS, but requested an insecure resource 'http://example.test:8080/security/mixedContent/resources/boring.html'. This content should also be served over HTTPS.
+CONSOLE WARNING: line 9: Mixed Content: The page at 'https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-iframe.html' was loaded over HTTPS, but requested an insecure frame 'http://example.test:8080/security/mixedContent/resources/boring.html'. This content should also be served over HTTPS.
 This test opens a window that loads an insecure iframe. We should trigger a mixed content callback even though we've set the preference to block this, because we've overriden the preference via a web permission client callback.
--- a/third_party/blink/web_tests/http/tests/security/mixedContent/insecure-iframe-in-main-frame-blocked-expected.txt
+++ b/third_party/blink/web_tests/http/tests/security/mixedContent/insecure-iframe-in-main-frame-blocked-expected.txt
-CONSOLE ERROR: line 9: Mixed Content: The page at 'https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-iframe.html' was loaded over HTTPS, but requested an insecure resource 'http://example.test:8080/security/mixedContent/resources/boring.html'. This request has been blocked; the content must be served over HTTPS.
+CONSOLE ERROR: line 9: Mixed Content: The page at 'https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-iframe.html' was loaded over HTTPS, but requested an insecure frame 'http://example.test:8080/security/mixedContent/resources/boring.html'. This request has been blocked; the content must be served over HTTPS.
 This test opens a window that loads an insecure iframe. We should not trigger a mixed content callback even though the main frame in the window is HTTPS and is displaying insecure content, because we've set the preference to block this.
--- a/third_party/blink/web_tests/http/tests/security/mixedContent/insecure-iframe-in-main-frame-expected.txt
+++ b/third_party/blink/web_tests/http/tests/security/mixedContent/insecure-iframe-in-main-frame-expected.txt
-CONSOLE WARNING: line 8: Mixed Content: The page at 'https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-frame.html' was loaded over HTTPS, but requested an insecure resource 'http://example.test:8080/security/mixedContent/resources/boring.html'. This content should also be served over HTTPS.
+CONSOLE WARNING: line 8: Mixed Content: The page at 'https://127.0.0.1:8443/security/mixedContent/resources/frame-with-insecure-frame.html' was loaded over HTTPS, but requested an insecure frame 'http://example.test:8080/security/mixedContent/resources/boring.html'. This content should also be served over HTTPS.
 This test opens a window that loads an insecure iframe. We should trigger a mixed content callback because the main frame in the window is HTTPS but is running insecure content.

 ============== Back Forward List ==============

--- a/third_party/blink/web_tests/http/tests/security/mixedContent/insecure-iframe-with-hsts.https-expected.txt
+++ b/third_party/blink/web_tests/http/tests/security/mixedContent/insecure-iframe-with-hsts.https-expected.txt
@@ -5,7 +5,7 @@ main frame - didFinishLoadForFrame
 frame "<!--framePath //<!--frame0-->-->" - didReceiveTitle: 
 frame "<!--framePath //<!--frame0-->-->" - BeginNavigation request to 'http://hsts-example.test:8443/security/resources/hsts.php', http method GET
 frame "<!--framePath //<!--frame0-->-->" - DidStartNavigation
-CONSOLE ERROR: line 18: Mixed Content: The page at 'https://127.0.0.1:8443/security/mixedContent/insecure-iframe-with-hsts.https.html' was loaded over HTTPS, but requested an insecure resource 'http://hsts-example.test:8443/security/resources/hsts.php'. This request has been blocked; the content must be served over HTTPS.
+CONSOLE ERROR: line 18: Mixed Content: The page at 'https://127.0.0.1:8443/security/mixedContent/insecure-iframe-with-hsts.https.html' was loaded over HTTPS, but requested an insecure frame 'http://hsts-example.test:8443/security/resources/hsts.php'. This request has been blocked; the content must be served over HTTPS.
 frame "<!--framePath //<!--frame0-->-->" - didFailProvisionalLoadWithError
 This is a testharness.js-based test.
 PASS HSTS does not bypass MIX.

--- a/third_party/blink/web_tests/http/tests/security/mixedContent/nonwebby-scheme-in-iframe-allowed.https-expected.txt
+++ b/third_party/blink/web_tests/http/tests/security/mixedContent/nonwebby-scheme-in-iframe-allowed.https-expected.txt
-CONSOLE WARNING: line 16: Mixed Content: The page at 'https://127.0.0.1:8443/security/mixedContent/nonwebby-scheme-in-iframe-allowed.https.html' was loaded over HTTPS, but requested an insecure resource 'nonwebbyscheme://this-will-fail-but-no-mixed-content-error-should-appear'. This content should also be served over HTTPS.
+CONSOLE WARNING: line 16: Mixed Content: The page at 'https://127.0.0.1:8443/security/mixedContent/nonwebby-scheme-in-iframe-allowed.https.html' was loaded over HTTPS, but requested an insecure frame 'nonwebbyscheme://this-will-fail-but-no-mixed-content-error-should-appear'. This content should also be served over HTTPS.
 This tests that non-webby URLs are not blocked as mixed content. The test passes if a mixed content warning is displayed and the load proceeds. The test fails if a mixed content error is displayed, and the load is blocked.

 --------

--- a/third_party/blink/web_tests/http/tests/security/mixedContent/redirect-http-to-https-iframe-in-main-frame-expected.txt
+++ b/third_party/blink/web_tests/http/tests/security/mixedContent/redirect-http-to-https-iframe-in-main-frame-expected.txt
-CONSOLE WARNING: line 8: Mixed Content: The page at 'https://127.0.0.1:8443/security/mixedContent/resources/frame-with-redirect-http-to-https-frame.html' was loaded over HTTPS, but requested an insecure resource 'http://example.test:8080/security/resources/redir.php?url=https://127.0.0.1:8443/security/mixedContent/resources/boring.html'. This content should also be served over HTTPS.
+CONSOLE WARNING: line 8: Mixed Content: The page at 'https://127.0.0.1:8443/security/mixedContent/resources/frame-with-redirect-http-to-https-frame.html' was loaded over HTTPS, but requested an insecure frame 'http://example.test:8080/security/resources/redir.php?url=https://127.0.0.1:8443/security/mixedContent/resources/boring.html'. This content should also be served over HTTPS.
 This test opens a window that loads an insecure iframe (via a tricky redirect). We should trigger a mixed content callback because the main frame in the window is HTTPS but is running content that can be controlled by an active network attacker.
--- a/third_party/blink/web_tests/http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame-expected.txt
+++ b/third_party/blink/web_tests/http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame-expected.txt
-CONSOLE WARNING: line 8: Mixed Content: The page at 'https://127.0.0.1:8443/security/mixedContent/resources/frame-with-redirect-http-to-https-frame.html' was loaded over HTTPS, but requested an insecure resource 'http://example.test:8080/security/resources/redir.php?url=https://127.0.0.1:8443/security/mixedContent/resources/boring.html'. This content should also be served over HTTPS.
+CONSOLE WARNING: line 8: Mixed Content: The page at 'https://127.0.0.1:8443/security/mixedContent/resources/frame-with-redirect-http-to-https-frame.html' was loaded over HTTPS, but requested an insecure frame 'http://example.test:8080/security/resources/redir.php?url=https://127.0.0.1:8443/security/mixedContent/resources/boring.html'. This content should also be served over HTTPS.
 This test opens a window that loads an insecure iframe (via a tricky redirect). We should trigger a mixed content callback because the main frame in the window is HTTPS but is running content that can be controlled by an active network attacker.