COEP on service worker is reflected on network interception for DevTools

ServiceWorkerDevTools agent host has a way to update loader factories
when network requests need to be intercepted by DevTools. This CL plumbs
the COEP value which is available after the main script is loaded if the
worker is new.

Bug: 1039613
Change-Id: I6c197855e7659508d799a40041c5300dd4067bbe
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2089542
Auto-Submit: Makoto Shimazu <shimazu@chromium.org>
Reviewed-by: Peter Marshall <petermarshall@chromium.org>
Reviewed-by: Hiroki Nakagawa <nhiroki@chromium.org>
Commit-Queue: Makoto Shimazu <shimazu@chromium.org>
Cr-Commit-Position: refs/heads/master@{#749179}

content/browser/devtools/service_worker_devtools_agent_host.cc

@@ -71,6 +71,8 @@ ServiceWorkerDevToolsAgentHost::ServiceWorkerDevToolsAgentHost(
     const GURL& url,
     const GURL& scope,
     bool is_installed_version,
+    base::Optional<network::CrossOriginEmbedderPolicy>
+        cross_origin_embedder_policy,
     const base::UnguessableToken& devtools_worker_token)
     : DevToolsAgentHostImpl(devtools_worker_token.ToString()),
       state_(WORKER_NOT_READY),
@@ -83,7 +85,8 @@ ServiceWorkerDevToolsAgentHost::ServiceWorkerDevToolsAgentHost(
       url_(url),
       scope_(scope),
       version_installed_time_(is_installed_version ? base::Time::Now()
-                                                   : base::Time()) {
+                                                   : base::Time()),
+      cross_origin_embedder_policy_(std::move(cross_origin_embedder_policy)) {
   NotifyCreated();
 }
 
@@ -173,6 +176,11 @@ void ServiceWorkerDevToolsAgentHost::WorkerReadyForInspection(
     UpdateIsAttached(true);
 }
 
+void ServiceWorkerDevToolsAgentHost::UpdateCrossOriginEmbedderPolicy(
+    network::CrossOriginEmbedderPolicy cross_origin_embedder_policy) {
+  cross_origin_embedder_policy_ = std::move(cross_origin_embedder_policy);
+}
+
 void ServiceWorkerDevToolsAgentHost::WorkerRestarted(int worker_process_id,
                                                      int worker_route_id) {
   DCHECK_EQ(WORKER_TERMINATED, state_);
@@ -206,13 +214,20 @@ void ServiceWorkerDevToolsAgentHost::UpdateLoaderFactories(
     return;
   }
   const url::Origin origin = url::Origin::Create(url_);
-  // TODO(https://crbug.com/1039613): Get the COEP for the service worker
-  // and pass it to each factory bundle.
+
+  // Use the default CrossOriginEmbedderPolicy if
+  // |cross_origin_embedder_policy_| is nullopt. It's acceptable because the
+  // factory bundles are updated with correct COEP value before any subresource
+  // requests in that case.
   auto script_bundle = EmbeddedWorkerInstance::CreateFactoryBundleOnUI(
-      rph, worker_route_id_, origin, network::CrossOriginEmbedderPolicy(),
+      rph, worker_route_id_, origin,
+      cross_origin_embedder_policy_ ? cross_origin_embedder_policy_.value()
+                                    : network::CrossOriginEmbedderPolicy(),
       ContentBrowserClient::URLLoaderFactoryType::kServiceWorkerScript);
   auto subresource_bundle = EmbeddedWorkerInstance::CreateFactoryBundleOnUI(
-      rph, worker_route_id_, origin, network::CrossOriginEmbedderPolicy(),
+      rph, worker_route_id_, origin,
+      cross_origin_embedder_policy_ ? cross_origin_embedder_policy_.value()
+                                    : network::CrossOriginEmbedderPolicy(),
       ContentBrowserClient::URLLoaderFactoryType::kServiceWorkerSubResource);
 
   if (ServiceWorkerContext::IsServiceWorkerOnUIEnabled()) {

content/browser/devtools/service_worker_devtools_agent_host.h

@@ -14,6 +14,7 @@
 #include "base/unguessable_token.h"
 #include "content/browser/devtools/devtools_agent_host_impl.h"
 #include "content/browser/devtools/service_worker_devtools_manager.h"
+#include "services/network/public/cpp/cross_origin_embedder_policy.h"
 #include "third_party/blink/public/mojom/devtools/devtools_agent.mojom.h"
 
 namespace content {
@@ -35,6 +36,8 @@ class ServiceWorkerDevToolsAgentHost : public DevToolsAgentHostImpl {
       const GURL& url,
       const GURL& scope,
       bool is_installed_version,
+      base::Optional<network::CrossOriginEmbedderPolicy>
+          cross_origin_embedder_policy,
       const base::UnguessableToken& devtools_worker_token);
 
   // DevToolsAgentHost overrides.
@@ -50,6 +53,8 @@ class ServiceWorkerDevToolsAgentHost : public DevToolsAgentHostImpl {
   void WorkerReadyForInspection(
       mojo::PendingRemote<blink::mojom::DevToolsAgent> agent_remote,
       mojo::PendingReceiver<blink::mojom::DevToolsAgentHost> host_receiver);
+  void UpdateCrossOriginEmbedderPolicy(
+      network::CrossOriginEmbedderPolicy cross_origin_embedder_policy);
   void WorkerDestroyed();
   void WorkerVersionInstalled();
   void WorkerVersionDoomed();
@@ -97,6 +102,8 @@ class ServiceWorkerDevToolsAgentHost : public DevToolsAgentHostImpl {
   GURL scope_;
   base::Time version_installed_time_;
   base::Time version_doomed_time_;
+  base::Optional<network::CrossOriginEmbedderPolicy>
+      cross_origin_embedder_policy_;
 
   DISALLOW_COPY_AND_ASSIGN(ServiceWorkerDevToolsAgentHost);
 };

content/browser/devtools/service_worker_devtools_manager.cc

@@ -52,6 +52,8 @@ void ServiceWorkerDevToolsManager::WorkerCreated(
     const GURL& url,
     const GURL& scope,
     bool is_installed_version,
+    base::Optional<network::CrossOriginEmbedderPolicy>
+        cross_origin_embedder_policy,
     base::UnguessableToken* devtools_worker_token,
     bool* pause_on_start) {
   DCHECK_CURRENTLY_ON(BrowserThread::UI);
@@ -66,10 +68,10 @@ void ServiceWorkerDevToolsManager::WorkerCreated(
   if (it == terminated_hosts_.end()) {
     *devtools_worker_token = base::UnguessableToken::Create();
     scoped_refptr<ServiceWorkerDevToolsAgentHost> host =
-        new ServiceWorkerDevToolsAgentHost(worker_process_id, worker_route_id,
-                                           context, context_weak, version_id,
-                                           url, scope, is_installed_version,
-                                           *devtools_worker_token);
+        new ServiceWorkerDevToolsAgentHost(
+            worker_process_id, worker_route_id, context, context_weak,
+            version_id, url, scope, is_installed_version,
+            cross_origin_embedder_policy, *devtools_worker_token);
     live_hosts_[worker_id] = host;
     *pause_on_start = debug_service_worker_on_start_;
     for (auto& observer : observer_list_) {
@@ -107,6 +109,20 @@ void ServiceWorkerDevToolsManager::WorkerReadyForInspection(
     host->Inspect();
 }
 
+void ServiceWorkerDevToolsManager::UpdateCrossOriginEmbedderPolicy(
+    int worker_process_id,
+    int worker_route_id,
+    network::CrossOriginEmbedderPolicy cross_origin_embedder_policy) {
+  DCHECK_CURRENTLY_ON(BrowserThread::UI);
+  const WorkerId worker_id(worker_process_id, worker_route_id);
+  auto it = live_hosts_.find(worker_id);
+  if (it == live_hosts_.end())
+    return;
+  scoped_refptr<ServiceWorkerDevToolsAgentHost> host = it->second;
+  host->UpdateCrossOriginEmbedderPolicy(
+      std::move(cross_origin_embedder_policy));
+}
+
 void ServiceWorkerDevToolsManager::WorkerVersionInstalled(int worker_process_id,
                                                           int worker_route_id) {
   DCHECK_CURRENTLY_ON(BrowserThread::UI);

content/browser/devtools/service_worker_devtools_manager.h

@@ -16,6 +16,7 @@
 #include "base/observer_list.h"
 #include "base/unguessable_token.h"
 #include "content/common/content_export.h"
+#include "services/network/public/cpp/cross_origin_embedder_policy.h"
 #include "services/network/public/mojom/url_response_head.mojom-forward.h"
 #include "third_party/blink/public/mojom/devtools/devtools_agent.mojom.h"
 #include "url/gurl.h"
@@ -66,6 +67,8 @@ class CONTENT_EXPORT ServiceWorkerDevToolsManager {
                      const GURL& url,
                      const GURL& scope,
                      bool is_installed_version,
+                     base::Optional<network::CrossOriginEmbedderPolicy>
+                         cross_origin_embedder_policy,
                      base::UnguessableToken* devtools_worker_token,
                      bool* pause_on_start);
   void WorkerReadyForInspection(
@@ -73,6 +76,10 @@ class CONTENT_EXPORT ServiceWorkerDevToolsManager {
       int worker_route_id,
       mojo::PendingRemote<blink::mojom::DevToolsAgent> agent_remote,
       mojo::PendingReceiver<blink::mojom::DevToolsAgentHost> host_receiver);
+  void UpdateCrossOriginEmbedderPolicy(
+      int worker_process_id,
+      int worker_route_id,
+      network::CrossOriginEmbedderPolicy cross_origin_embedder_policy);
   void WorkerVersionInstalled(int worker_process_id, int worker_route_id);
   void WorkerVersionDoomed(int worker_process_id, int worker_route_id);
   void WorkerDestroyed(int worker_process_id, int worker_route_id);

content/browser/service_worker/embedded_worker_instance.cc

@@ -76,6 +76,16 @@ void NotifyWorkerReadyForInspectionOnUI(
       std::move(host_receiver));
 }
 
+void NotifyUpdateCrossOriginEmbedderPolicyOnUI(
+    int worker_process_id,
+    int worker_route_id,
+    network::CrossOriginEmbedderPolicy cross_origin_embedder_policy) {
+  DCHECK_CURRENTLY_ON(BrowserThread::UI);
+  ServiceWorkerDevToolsManager::GetInstance()->UpdateCrossOriginEmbedderPolicy(
+      worker_process_id, worker_route_id,
+      std::move(cross_origin_embedder_policy));
+}
+
 void NotifyWorkerDestroyedOnUI(int worker_process_id, int worker_route_id) {
   DCHECK_CURRENTLY_ON(BrowserThread::UI);
   ServiceWorkerDevToolsManager::GetInstance()->WorkerDestroyed(
@@ -197,8 +207,8 @@ void SetupOnUIThread(
   ServiceWorkerDevToolsManager::GetInstance()->WorkerCreated(
       process_id, routing_id, context, weak_context,
       params->service_worker_version_id, params->script_url, params->scope,
-      params->is_installed, &params->devtools_worker_token,
-      &params->wait_for_debugger);
+      params->is_installed, cross_origin_embedder_policy,
+      &params->devtools_worker_token, &params->wait_for_debugger);
   params->service_worker_route_id = routing_id;
   // Create DevToolsProxy here to ensure that the WorkerCreated() call is
   // balanced by DevToolsProxy's destructor calling WorkerDestroyed().
@@ -340,6 +350,21 @@ class EmbeddedWorkerInstance::DevToolsProxy {
     }
   }
 
+  void NotifyUpdateCrossOriginEmbedderPolicy(
+      network::CrossOriginEmbedderPolicy cross_origin_embedder_policy) {
+    DCHECK_CURRENTLY_ON(ServiceWorkerContext::GetCoreThreadId());
+    if (ServiceWorkerContext::IsServiceWorkerOnUIEnabled()) {
+      NotifyUpdateCrossOriginEmbedderPolicyOnUI(
+          process_id_, agent_route_id_,
+          std::move(cross_origin_embedder_policy));
+    } else {
+      ui_task_runner_->PostTask(
+          FROM_HERE, base::BindOnce(NotifyUpdateCrossOriginEmbedderPolicyOnUI,
+                                    process_id_, agent_route_id_,
+                                    std::move(cross_origin_embedder_policy)));
+    }
+  }
+
   void NotifyWorkerVersionInstalled() {
     DCHECK_CURRENTLY_ON(ServiceWorkerContext::GetCoreThreadId());
     if (ServiceWorkerContext::IsServiceWorkerOnUIEnabled()) {
@@ -906,12 +931,18 @@ void EmbeddedWorkerInstance::OnScriptLoaded() {
   if (!inflight_start_task_)
     return;
 
+  // COEP could be nullopt if it's in unittests.
+  // TODO(shimazu): Set COEP in the failing unit tests.
+  if (devtools_proxy_ && owner_version_->cross_origin_embedder_policy()) {
+    devtools_proxy_->NotifyUpdateCrossOriginEmbedderPolicy(
+        owner_version_->cross_origin_embedder_policy().value());
+  }
+
   // Renderer side has started to launch the worker thread.
   starting_phase_ = SCRIPT_LOADED;
   owner_version_->OnMainScriptLoaded();
 
   BindCacheStorageInternal();
-  // |this| may be destroyed by the callback.
 }
 
 void EmbeddedWorkerInstance::OnWorkerVersionInstalled() {