Add a Trust Tokens argument to Fetch's RequestInit.

This CL expands the Fetch API, when the runtime-enabled feature
"TrustTokens" is enabled, to include a new experimental parameter
`trustTokens` denoting a request to execute a Trust Tokens protocol step
(https://github.com/wicg/trust-token-api) alongside the fetch at hand,
by adding request headers and processing corresponding response
headers.

This is an experimental interface that will be used in an origin trial.
It only needs to support fetches from frames (i.e., it is OK from a
usability perspective for the origin trial if the parameter is not
populated when fetch is called from other settings).

The main parts of the CL are:
- as specified in the linked explainer, expand Fetch's RequestInit
dictionary with a new trustToken parameter, specifying a single Trust
Tokens protocol operation of token issuance, token redemption, or
request signing;
- add this data to blink::ResourceRequest and associated objects, so
that it gets copied to network::ResourceRequest in
blink::PopulateResourceRequest.

Test:
- Adds integration tests in //content to ensure that calling the API
results in the right ResourceRequest members being populated.

Change-Id: I5c5b0c0ed5450eeb80c19be856f62941e50ec0e1
Bug: 1043118
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2036648Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Reviewed-by: Yutaka Hirano <yhirano@chromium.org>
Commit-Queue: David Van Cleve <davidvc@chromium.org>
Cr-Commit-Position: refs/heads/master@{#749622}

content/child/runtime_features.cc

@@ -167,20 +167,20 @@ void SetRuntimeFeaturesFromChromiumFeatures() {
   // enabler function defined. Otherwise add the entry with string name
   // in the next list.
   const RuntimeFeatureToChromiumFeatureMap<void (*)(bool)>
-      blinkFeatureToBaseFeatureMapping[] = {
+      blinkFeatureToBaseFeatureMapping[] =
+  {
     // TODO(rodneyding): Sort features in alphabetical order
     {wf::EnableWebUsb, features::kWebUsb, kDisableOnly},
     {wf::EnableBlockingFocusWithoutUserActivation,
      blink::features::kBlockingFocusWithoutUserActivation, kEnableOnly},
-          {wf::EnableNotificationContentImage,
-           features::kNotificationContentImage, kDisableOnly},
+    {wf::EnableNotificationContentImage, features::kNotificationContentImage,
+     kDisableOnly},
     {wf::EnablePeriodicBackgroundSync, features::kPeriodicBackgroundSync,
      kEnableOnly},
     {wf::EnableWebXR, features::kWebXr, kUseFeatureState},
     {wf::EnableWebXRARModule, features::kWebXrArModule, kUseFeatureState},
     {wf::EnableWebXRHitTest, features::kWebXrHitTest, kUseFeatureState},
-          {wf::EnableWebXRIncubations, features::kWebXrIncubations,
-           kEnableOnly},
+    {wf::EnableWebXRIncubations, features::kWebXrIncubations, kEnableOnly},
     {wf::EnableUserActivationPostMessageTransfer,
      features::kUserActivationPostMessageTransfer, kUseFeatureState},
     {wf::EnableUserActivationSameOriginVisibility,
@@ -198,18 +198,15 @@ void SetRuntimeFeaturesFromChromiumFeatures() {
     {wf::EnablePaymentRequest, features::kWebPayments, kUseFeatureState},
     {wf::EnablePaymentHandlerMinimalUI, features::kWebPaymentsMinimalUI,
      kEnableOnly},
-          {wf::EnablePaymentApp, features::kServiceWorkerPaymentApps,
-           kEnableOnly},
+    {wf::EnablePaymentApp, features::kServiceWorkerPaymentApps, kEnableOnly},
     {wf::EnableCompositorTouchAction, features::kCompositorTouchAction,
      kEnableOnly},
-          {wf::EnableGenericSensorExtraClasses,
-           features::kGenericSensorExtraClasses, kEnableOnly},
+    {wf::EnableGenericSensorExtraClasses, features::kGenericSensorExtraClasses,
+     kEnableOnly},
     {wf::EnableMediaCastOverlayButton, media::kMediaCastOverlayButton,
      kUseFeatureState},
-          {wf::EnableBuiltInModuleAll, features::kBuiltInModuleAll,
-           kEnableOnly},
-          {wf::EnableBuiltInModuleInfra, features::kBuiltInModuleInfra,
-           kEnableOnly},
+    {wf::EnableBuiltInModuleAll, features::kBuiltInModuleAll, kEnableOnly},
+    {wf::EnableBuiltInModuleInfra, features::kBuiltInModuleInfra, kEnableOnly},
     {wf::EnableLazyInitializeMediaControls,
      features::kLazyInitializeMediaControls, kUseFeatureState},
     {wf::EnableMediaEngagementBypassAutoplayPolicies,
@@ -218,24 +215,21 @@ void SetRuntimeFeaturesFromChromiumFeatures() {
      media::kOverflowIconsForMediaControls, kUseFeatureState},
     {wf::EnableAllowActivationDelegationAttr,
      features::kAllowActivationDelegationAttr, kUseFeatureState},
-          {wf::EnableScriptStreamingOnPreload,
-           features::kScriptStreamingOnPreload, kUseFeatureState},
-          {wf::EnableLazyFrameLoading, features::kLazyFrameLoading,
+    {wf::EnableScriptStreamingOnPreload, features::kScriptStreamingOnPreload,
      kUseFeatureState},
+    {wf::EnableLazyFrameLoading, features::kLazyFrameLoading, kUseFeatureState},
     {wf::EnableLazyFrameVisibleLoadTimeMetrics,
      features::kLazyFrameVisibleLoadTimeMetrics, kUseFeatureState},
-          {wf::EnableLazyImageLoading, features::kLazyImageLoading,
-           kUseFeatureState},
+    {wf::EnableLazyImageLoading, features::kLazyImageLoading, kUseFeatureState},
     {wf::EnableLazyImageVisibleLoadTimeMetrics,
      features::kLazyImageVisibleLoadTimeMetrics, kUseFeatureState},
-          {wf::EnablePictureInPicture, media::kPictureInPicture,
-           kUseFeatureState},
+    {wf::EnablePictureInPicture, media::kPictureInPicture, kUseFeatureState},
     {wf::EnableCacheInlineScriptCode, features::kCacheInlineScriptCode,
      kUseFeatureState},
     {wf::EnableExperimentalProductivityFeatures,
      features::kExperimentalProductivityFeatures, kEnableOnly},
-          {wf::EnableFeaturePolicyForSandbox,
-           features::kFeaturePolicyForSandbox, kEnableOnly},
+    {wf::EnableFeaturePolicyForSandbox, features::kFeaturePolicyForSandbox,
+     kEnableOnly},
     {wf::EnableAccessibilityExposeARIAAnnotations,
      features::kEnableAccessibilityExposeARIAAnnotations, kEnableOnly},
     {wf::EnableAccessibilityExposeDisplayNone,
@@ -245,23 +239,22 @@ void SetRuntimeFeaturesFromChromiumFeatures() {
     {wf::EnableAutoplayIgnoresWebAudio, media::kAutoplayIgnoreWebAudio,
      kUseFeatureState},
     {wf::EnablePortals, blink::features::kPortals, kEnableOnly},
-          {wf::EnableImplicitRootScroller,
-           blink::features::kImplicitRootScroller, kUseFeatureState},
+    {wf::EnableImplicitRootScroller, blink::features::kImplicitRootScroller,
+     kUseFeatureState},
     {wf::EnableCSSOMViewScrollCoordinates,
      blink::features::kCSSOMViewScrollCoordinates, kEnableOnly},
     {wf::EnableTextFragmentAnchor, blink::features::kTextFragmentAnchor,
      kUseFeatureState},
     {wf::EnableBackgroundFetch, features::kBackgroundFetch, kDisableOnly},
     {wf::EnableForcedColors, features::kForcedColors, kUseFeatureState},
-          {wf::EnableFractionalScrollOffsets,
-           features::kFractionalScrollOffsets, kUseFeatureState},
+    {wf::EnableFractionalScrollOffsets, features::kFractionalScrollOffsets,
+     kUseFeatureState},
     {wf::EnableGetDisplayMedia, blink::features::kRTCGetDisplayMedia,
      kUseFeatureState},
     {wf::EnableFallbackCursorMode, features::kFallbackCursorMode,
      kUseFeatureState},
     {wf::EnableSignedExchangePrefetchCacheForNavigations,
-           features::kSignedExchangePrefetchCacheForNavigations,
-           kUseFeatureState},
+     features::kSignedExchangePrefetchCacheForNavigations, kUseFeatureState},
     {wf::EnableSignedExchangeSubresourcePrefetch,
      features::kSignedExchangeSubresourcePrefetch, kUseFeatureState},
     {wf::EnableIdleDetection, features::kIdleDetection, kDisableOnly},
@@ -274,16 +267,14 @@ void SetRuntimeFeaturesFromChromiumFeatures() {
      kUseFeatureState},
     {wf::EnableMouseSubframeNoImplicitCapture,
      features::kMouseSubframeNoImplicitCapture, kUseFeatureState},
-          {wf::EnableCookieDeprecationMessages,
-           features::kCookieDeprecationMessages, kEnableOnly},
+    {wf::EnableCookieDeprecationMessages, features::kCookieDeprecationMessages,
+     kEnableOnly},
     {wf::EnableSameSiteByDefaultCookies,
      net::features::kSameSiteByDefaultCookies, kEnableOnly},
     {wf::EnableCookiesWithoutSameSiteMustBeSecure,
      net::features::kCookiesWithoutSameSiteMustBeSecure, kEnableOnly},
-          {wf::EnablePointerLockOptions, features::kPointerLockOptions,
-           kEnableOnly},
-          {wf::EnableDocumentPolicy, features::kDocumentPolicy,
-           kUseFeatureState},
+    {wf::EnablePointerLockOptions, features::kPointerLockOptions, kEnableOnly},
+    {wf::EnableDocumentPolicy, features::kDocumentPolicy, kUseFeatureState},
     {wf::EnableNeverSlowMode, features::kNeverSlowMode, kUseFeatureState},
     {wf::EnableShadowDOMV0, blink::features::kWebComponentsV0Enabled,
      kEnableOnly},
@@ -300,9 +291,9 @@ void SetRuntimeFeaturesFromChromiumFeatures() {
     {wf::EnablePercentBasedScrolling, features::kPercentBasedScrolling,
      kUseFeatureState},
 #if defined(OS_ANDROID)
-          {wf::EnableWebNfc,
-           features::kWebNfc, kDisableOnly},
+    {wf::EnableWebNfc, features::kWebNfc, kDisableOnly},
 #endif
+    {wf::EnableTrustTokens, network::features::kTrustTokens, kEnableOnly},
   };
   for (const auto& mapping : blinkFeatureToBaseFeatureMapping) {
     const bool featureEnabled =

content/test/BUILD.gn

@@ -1110,6 +1110,7 @@ test("content_browsertests") {
     "../test/browser_test_utils_browsertest.cc",
     "../test/content_browser_test_test.cc",
     "../test/top_frame_population_browsertest.cc",
+    "../test/trust_token_parameters_browsertest.cc",
     "../test/url_loader_interceptor_test.cc",
     "../test/webui_resource_browsertest.cc",
   ]

third_party/blink/public/platform/web_runtime_features.h

@@ -238,6 +238,8 @@ class WebRuntimeFeatures {
   BLINK_PLATFORM_EXPORT static void EnableSurfaceEmbeddingFeatures(bool);
   BLINK_PLATFORM_EXPORT static void EnableAcceleratedSmallCanvases(bool);
 
+  BLINK_PLATFORM_EXPORT static void EnableTrustTokens(bool);
+
  private:
   WebRuntimeFeatures();
 };

third_party/blink/renderer/bindings/idl_in_core.gni

@@ -231,6 +231,7 @@ static_idl_files_in_core = get_path_info(
           "//third_party/blink/renderer/core/fetch/request_init.idl",
           "//third_party/blink/renderer/core/fetch/response.idl",
           "//third_party/blink/renderer/core/fetch/response_init.idl",
+          "//third_party/blink/renderer/core/fetch/trust_token.idl",
           "//third_party/blink/renderer/core/fetch/testing/internals_fetch.idl",
           "//third_party/blink/renderer/core/fetch/testing/worker_internals_fetch.idl",
           "//third_party/blink/renderer/core/fetch/window_fetch.idl",

third_party/blink/renderer/core/core_idl_files.gni

@@ -661,6 +661,7 @@ core_dictionary_idl_files =
                     "events/wheel_event_init.idl",
                     "fetch/request_init.idl",
                     "fetch/response_init.idl",
+                    "fetch/trust_token.idl",
                     "fileapi/blob_property_bag.idl",
                     "fileapi/file_property_bag.idl",
                     "frame/navigator_ua_brand_version.idl",

third_party/blink/renderer/core/fetch/fetch_manager.cc

@@ -711,6 +711,7 @@ void FetchManager::Loader::PerformHTTPFetch(ExceptionState& exception_state) {
   request.SetRequestDestination(fetch_request_data_->Destination());
   request.SetHttpMethod(fetch_request_data_->Method());
   request.SetFetchWindowId(fetch_request_data_->WindowId());
+  request.SetTrustTokenParams(fetch_request_data_->TrustTokenParams());
 
   switch (fetch_request_data_->Mode()) {
     case RequestMode::kSameOrigin:

third_party/blink/renderer/core/fetch/fetch_request_data.cc

@@ -152,6 +152,7 @@ FetchRequestData* FetchRequestData::CloneExceptBody() {
   request->keepalive_ = keepalive_;
   request->is_history_navigation_ = is_history_navigation_;
   request->window_id_ = window_id_;
+  request->trust_token_params_ = trust_token_params_;
   return request;
 }
 

third_party/blink/renderer/core/fetch/fetch_request_data.h

@@ -12,8 +12,9 @@
 #include "mojo/public/cpp/bindings/remote.h"
 #include "services/network/public/mojom/fetch_api.mojom-blink-forward.h"
 #include "services/network/public/mojom/referrer_policy.mojom-blink-forward.h"
+#include "services/network/public/mojom/trust_tokens.mojom-blink.h"
 #include "services/network/public/mojom/url_loader_factory.mojom-blink.h"
-#include "third_party/blink/public/mojom/fetch/fetch_api_request.mojom-blink-forward.h"
+#include "third_party/blink/public/mojom/fetch/fetch_api_request.mojom-blink.h"
 #include "third_party/blink/public/platform/web_url_request.h"
 #include "third_party/blink/renderer/core/fetch/body_stream_buffer.h"
 #include "third_party/blink/renderer/platform/heap/handle.h"
@@ -124,6 +125,16 @@ class CORE_EXPORT FetchRequestData final
   const base::UnguessableToken& WindowId() const { return window_id_; }
   void SetWindowId(const base::UnguessableToken& id) { window_id_ = id; }
 
+  const base::Optional<network::mojom::blink::TrustTokenParams>&
+  TrustTokenParams() const {
+    return trust_token_params_;
+  }
+  void SetTrustTokenParams(
+      base::Optional<network::mojom::blink::TrustTokenParams>
+          trust_token_params) {
+    trust_token_params_ = std::move(trust_token_params);
+  }
+
   void Trace(Visitor*);
 
  private:
@@ -150,6 +161,7 @@ class CORE_EXPORT FetchRequestData final
   mojom::FetchCacheMode cache_mode_;
   network::mojom::RedirectMode redirect_;
   mojom::FetchImportanceMode importance_;
+  base::Optional<network::mojom::blink::TrustTokenParams> trust_token_params_;
   // FIXME: Support m_useURLCredentialsFlag;
   // FIXME: Support m_redirectCount;
   Tainting response_tainting_;

third_party/blink/renderer/core/fetch/request.cc

@@ -8,6 +8,7 @@
 #include "mojo/public/cpp/bindings/pending_remote.h"
 #include "services/network/public/cpp/request_destination.h"
 #include "services/network/public/cpp/request_mode.h"
+#include "services/network/public/mojom/trust_tokens.mojom-blink.h"
 #include "third_party/blink/public/common/blob/blob_utils.h"
 #include "third_party/blink/public/mojom/fetch/fetch_api_request.mojom-blink.h"
 #include "third_party/blink/public/platform/web_url_request.h"
@@ -28,6 +29,7 @@
 #include "third_party/blink/renderer/core/fetch/body_stream_buffer.h"
 #include "third_party/blink/renderer/core/fetch/fetch_manager.h"
 #include "third_party/blink/renderer/core/fetch/form_data_bytes_consumer.h"
+#include "third_party/blink/renderer/core/fetch/trust_token.h"
 #include "third_party/blink/renderer/core/fileapi/blob.h"
 #include "third_party/blink/renderer/core/fileapi/public_url_manager.h"
 #include "third_party/blink/renderer/core/frame/web_feature.h"
@@ -52,6 +54,106 @@
 
 namespace blink {
 
+namespace {
+// Converts an IDL trustToken object to its Mojo counterpart.
+// The elements of trustToken (and of TrustTokenParams) comprise:
+// - an operation type, always populated
+// - remaining elements partitioned into groups of parameters used for specific
+// operations.
+//
+// The method sets only |type| and the fields corresponding to the operation
+// specified by |type|, namely
+// - for issuance, no additional fields;
+// - for redemption, |refresh_policy|;
+// - for signing: |issuer|, |additional_signed_headers|, |sign_request_data|,
+// and |include_timestamp_header|.
+//
+// Performs some validity checking against inputs:
+// - for signing, |issuer| must be provided and must be a valid HTTP(S) URL.
+// If this validation fails, throws a TypeError against |exception_state| and
+// returns false.
+bool ConvertTrustTokenToMojom(const TrustToken& in,
+                              ExceptionState* exception_state,
+                              network::mojom::blink::TrustTokenParams* out) {
+  DCHECK(in.hasType());  // field is required in IDL
+  if (in.type() == "token-request") {
+    out->type = network::mojom::blink::TrustTokenOperationType::kIssuance;
+    return true;
+  }
+
+  if (in.type() == "srr-token-redemption") {
+    out->type = network::mojom::blink::TrustTokenOperationType::kRedemption;
+
+    CHECK(in.hasRefreshPolicy());  // default is defined
+    out->include_timestamp_header = in.includeTimestampHeader();
+
+    if (in.refreshPolicy() == "none") {
+      out->refresh_policy =
+          network::mojom::blink::TrustTokenRefreshPolicy::kUseCached;
+    } else if (in.refreshPolicy() == "refresh") {
+      out->refresh_policy =
+          network::mojom::blink::TrustTokenRefreshPolicy::kRefresh;
+    }
+    return true;
+  }
+
+  DCHECK_EQ(in.type(), "send-srr");  // final possible value of the input enum
+  out->type = network::mojom::blink::TrustTokenOperationType::kSigning;
+
+  if (in.hasSignRequestData()) {
+    if (in.signRequestData() == "omit") {
+      out->sign_request_data =
+          network::mojom::blink::TrustTokenSignRequestData::kOmit;
+    } else if (in.signRequestData() == "include") {
+      out->sign_request_data =
+          network::mojom::blink::TrustTokenSignRequestData::kInclude;
+    } else if (in.signRequestData() == "headers-only") {
+      out->sign_request_data =
+          network::mojom::blink::TrustTokenSignRequestData::kHeadersOnly;
+    }
+  }
+
+  if (in.hasAdditionalSignedHeaders()) {
+    out->additional_signed_headers = in.additionalSignedHeaders();
+  }
+
+  CHECK(in.hasIncludeTimestampHeader());  // default is defined
+  out->include_timestamp_header = in.includeTimestampHeader();
+
+  if (in.hasIssuer()) {
+    // Two conditions on the issuer:
+    // 1. HTTP or HTTPS (because much Trust Tokens protocol state is
+    // stored keyed by issuer origin, requiring HTTP or HTTPS is a way to ensure
+    // these origins serialize to unique values);
+    // 2. potentially trustworthy (a security requirement).
+    KURL parsed_url = KURL(in.issuer());
+    if (!parsed_url.ProtocolIsInHTTPFamily()) {
+      exception_state->ThrowTypeError(
+          "trustToken: operation type 'send-srr' requires that the 'issuer' "
+          "field parse to a HTTP(S) origin, but it did not: " +
+          in.issuer());
+      return false;
+    }
+    out->issuer = blink::SecurityOrigin::Create(parsed_url);
+    if (!out->issuer->IsPotentiallyTrustworthy()) {
+      exception_state->ThrowTypeError(
+          "trustToken: operation type 'send-srr' requires that the 'issuer' "
+          "field parse to a secure origin, but it did not: " +
+          in.issuer());
+      return false;
+    }
+  } else {
+    exception_state->ThrowTypeError(
+        "trustToken: operation type 'send-srr' requires that the 'issuer' "
+        "field "
+        "be present and parse to a secure HTTP(S) URL, but it was missing.");
+    return false;
+  }
+
+  return true;
+}
+}  // namespace
+
 FetchRequestData* CreateCopyOfFetchRequestDataForFetch(
     ScriptState* script_state,
     const FetchRequestData* original) {
@@ -83,6 +185,7 @@ FetchRequestData* CreateCopyOfFetchRequestDataForFetch(
     request->SetURLLoaderFactory(std::move(factory_clone));
   }
   request->SetWindowId(original->WindowId());
+  request->SetTrustTokenParams(original->TrustTokenParams());
   return request;
 }
 
@@ -91,7 +194,7 @@ static bool AreAnyMembersPresent(const RequestInit* init) {
          init->hasReferrer() || init->hasReferrerPolicy() || init->hasMode() ||
          init->hasCredentials() || init->hasCache() || init->hasRedirect() ||
          init->hasIntegrity() || init->hasKeepalive() ||
-         init->hasImportance() || init->hasSignal();
+         init->hasImportance() || init->hasSignal() || init->hasTrustToken();
 }
 
 static BodyStreamBuffer* ExtractBody(ScriptState* script_state,
@@ -495,6 +598,19 @@ Request* Request::CreateRequestWithRequestOrString(
     signal = init->signal();
   }
 
+  if (init->hasTrustToken()) {
+    network::mojom::blink::TrustTokenParams params;
+    if (!ConvertTrustTokenToMojom(*init->trustToken(), &exception_state,
+                                  &params)) {
+      // Whenever parsing the trustToken argument fails, we expect a suitable
+      // exception to be thrown.
+      DCHECK(exception_state.HadException());
+      return nullptr;
+    }
+
+    request->SetTrustTokenParams(std::move(params));
+  }
+
   // "Let |r| be a new Request object associated with |request| and a new
   // Headers object whose guard is "request"."
   Request* r = Request::Create(script_state, request);

third_party/blink/renderer/core/fetch/request_init.idl

@@ -23,6 +23,7 @@ dictionary RequestInit {
     boolean keepalive;
     [RuntimeEnabled=PriorityHints] RequestImportance importance;
     AbortSignal? signal;
+    [RuntimeEnabled=TrustTokens, SecureContext] TrustToken trustToken;
     // TODO(domfarolino): add support for RequestInit window member.
     //any window; // can only be set to null
 };

third_party/blink/renderer/core/fetch/trust_token.idl

+// Copyright 2020 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+enum RefreshPolicy { "none", "refresh" };
+enum OperationType { "token-request", "send-srr", "srr-token-redemption" };
+enum SignRequestData { "omit", "include", "headers-only" };
+
+// A TrustToken object represents a request to execute a Trust Tokens protocol
+// operation (https://github.com/wicg/trust-token-api).
+dictionary TrustToken {
+  // |type| is the only required parameter; all other parameters are necessary
+  // only for certain operations.
+  required OperationType type;
+
+  // --- Parameters only for token redemption
+  // The following parameters are ignored unless |type| is
+  // "srr-token-redemption":
+  // 1. refreshPolicy
+  RefreshPolicy refreshPolicy = "none";
+
+  // --- Parameters only for request signing
+  // The following parameters are ignored unless |type| is "send-srr":
+  // 1. |issuer|
+  // 2. |additionalSignedHeaders|
+  // 3. |includeTimestampHeader|
+  // 4. |signRequestData|
+  //
+  // Additionally, |issuer| is required when |type| is "send-srr".
+  USVString issuer;
+  sequence<USVString> additionalSignedHeaders;
+  boolean includeTimestampHeader = false;
+  SignRequestData signRequestData = "omit";
+};

third_party/blink/renderer/platform/exported/web_runtime_features.cc

@@ -667,4 +667,8 @@ void WebRuntimeFeatures::EnableAcceleratedSmallCanvases(bool enable) {
   RuntimeEnabledFeatures::SetAcceleratedSmallCanvasesEnabled(enable);
 }
 
+void WebRuntimeFeatures::EnableTrustTokens(bool enable) {
+  RuntimeEnabledFeatures::SetTrustTokensEnabled(enable);
+}
+
 }  // namespace blink

third_party/blink/renderer/platform/loader/fetch/resource_request.h

@@ -39,6 +39,7 @@
 #include "services/network/public/mojom/cors.mojom-blink-forward.h"
 #include "services/network/public/mojom/fetch_api.mojom-blink-forward.h"
 #include "services/network/public/mojom/ip_address_space.mojom-blink-forward.h"
+#include "services/network/public/mojom/trust_tokens.mojom-blink.h"
 #include "third_party/blink/public/mojom/fetch/fetch_api_request.mojom-blink-forward.h"
 #include "third_party/blink/public/platform/resource_request_blocked_reason.h"
 #include "third_party/blink/public/platform/web_url_request.h"
@@ -440,6 +441,15 @@ class PLATFORM_EXPORT ResourceRequestHead {
         prefetch_maybe_for_top_level_navigation;
   }
 
+  const base::Optional<network::mojom::blink::TrustTokenParams>&
+  TrustTokenParams() const {
+    return trust_token_params_;
+  }
+  void SetTrustTokenParams(
+      base::Optional<network::mojom::blink::TrustTokenParams> params) {
+    trust_token_params_ = std::move(params);
+  }
+
   // Whether either RequestorOrigin or IsolatedWorldOrigin can display the
   // |url|,
   bool CanDisplay(const KURL&) const;
@@ -494,6 +504,7 @@ class PLATFORM_EXPORT ResourceRequestHead {
   bool is_external_request_;
   network::mojom::CorsPreflightPolicy cors_preflight_policy_;
   RedirectStatus redirect_status_;
+  base::Optional<network::mojom::blink::TrustTokenParams> trust_token_params_;
 
   base::Optional<String> suggested_filename_;
 

third_party/blink/renderer/platform/loader/fetch/url_loader/request_conversion.cc

@@ -11,10 +11,13 @@
 #include "net/http/http_request_headers.h"
 #include "net/http/http_util.h"
 #include "services/network/public/cpp/constants.h"
+#include "services/network/public/cpp/optional_trust_token_params.h"
 #include "services/network/public/cpp/resource_request.h"
 #include "services/network/public/cpp/resource_request_body.h"
 #include "services/network/public/mojom/data_pipe_getter.mojom-blink.h"
 #include "services/network/public/mojom/data_pipe_getter.mojom.h"
+#include "services/network/public/mojom/trust_tokens.mojom-blink.h"
+#include "services/network/public/mojom/trust_tokens.mojom.h"
 #include "third_party/blink/public/mojom/blob/blob.mojom.h"
 #include "third_party/blink/public/mojom/fetch/fetch_api_request.mojom-shared.h"
 #include "third_party/blink/public/mojom/loader/resource_load_info.mojom-shared.h"
@@ -173,6 +176,30 @@ mojom::ResourceType RequestContextToResourceType(
   }
 }
 
+// Converts a mojom::blink TrustTokenParams object to its non-Blink counterpart
+// by copying all fields.
+network::OptionalTrustTokenParams ConvertTrustTokenParams(
+    const base::Optional<network::mojom::blink::TrustTokenParams>& maybe_in) {
+  if (!maybe_in)
+    return base::nullopt;
+  const network::mojom::blink::TrustTokenParams& in = *maybe_in;
+
+  network::mojom::TrustTokenParamsPtr out =
+      network::mojom::TrustTokenParams::New();
+  out->type = in.type;
+  out->refresh_policy = in.refresh_policy;
+  out->sign_request_data = in.sign_request_data;
+  out->include_timestamp_header = in.include_timestamp_header;
+  // Optional value:
+  if (in.issuer)
+    out->issuer = in.issuer->ToUrlOrigin();
+  for (const String& additional_header : in.additional_signed_headers) {
+    out->additional_signed_headers.push_back(additional_header.Latin1());
+  }
+
+  return network::OptionalTrustTokenParams(std::move(out));
+}
+
 }  // namespace
 
 void PopulateResourceRequestBody(const EncodedFormData& src,
@@ -307,6 +334,7 @@ void PopulateResourceRequest(const ResourceRequest& src,
   // longer used in a network delegate. https://crbug.com/842233
   dest->previews_state = static_cast<int>(src.GetPreviewsState());
   dest->throttling_profile_id = src.GetDevToolsToken();
+  dest->trust_token_params = ConvertTrustTokenParams(src.TrustTokenParams());
 
   if (base::UnguessableToken window_id = src.GetFetchWindowId())
     dest->fetch_window_id = base::make_optional(window_id);

third_party/blink/renderer/platform/runtime_enabled_features.json5

@@ -1700,6 +1700,10 @@
       name: "TrustedDOMTypes",
       status: "experimental",
     },
+    {
+      name: "TrustTokens",
+      status: "test",
+    },
     {
       name: "UnclosedFormControlIsInvalid",
       status: "experimental",

third_party/blink/web_tests/external/wpt/trust-tokens/trust-token-parameter-validation.tentative.https.html

+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>JavaScript: the Trust Token API Fetch method correctly validates its parameters</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script>
+  'use strict';
+
+  test(() => {
+    assert_throws_js(TypeError, () => {
+      new Request('https://example.com', {
+        trustToken: {}
+      });
+    });
+  }, 'Trust Tokens fetches require present `type` values.');
+
+  test(() => {
+    assert_throws_js(TypeError, () => {
+      new Request('https://example.com', {
+        trustToken: {
+          type: "invalid"
+        }
+      });
+    });
+  }, 'Trust Tokens fetches require valid `type` values.');
+
+  test(() => {
+    assert_throws_js(TypeError, () => {
+      new Request('https://example.com', {
+        trustToken: {
+          type: "token-request",
+          signRequestData: "not a member of the signRequestData enum"
+        }
+      });
+    });
+  }, 'Trust Tokens fetches require valid `signRequestData` values, if provided.');
+
+  test(() => {
+    assert_throws_js(TypeError, () => {
+      new Request('https://example.com', {
+        trustToken: {
+          type: "token-request",
+          refreshPolicy: "not a member of the refreshPolicy enum",
+        }
+      });
+    });
+  }, 'Trust Tokens fetches require valid `refreshPolicy:` values, if provided.');
+
+  test(() => {
+    assert_throws_js(TypeError, () => {
+      new Request('https://example.com', {
+        trustToken: {
+          type: "send-srr",
+          issuer: "not a valid URL"
+        }
+      });
+    });
+  }, 'Trust Tokens fetches require valid issuer URLs, if provided.');
+
+  test(() => {
+    assert_throws_js(TypeError, () => {
+      new Request('https://example.com', {
+        trustToken: {
+          type: "send-srr",
+          issuer: "http://not-secure.com"
+        }
+      });
+    });
+  }, 'Trust Tokens fetches require secure issuer URLs, if provided.');
+
+  test(() => {
+    new Request('https://example.com', {
+      trustToken: {
+        type: "send-srr",
+        issuer: "http://localhost"
+      }
+    });
+  }, 'Since localhost URLs are potentially trustworthy, setting an issuer to localhost should succeed.');
+</script>