Re-land: Fix Referer
for descendant module scripts and worklets
#18887
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This CL addresses a problem with SecurityPolicy::GenerateReferrer
when it comes to checking the same-origin-ness of a request. The
WebAppSec Referrer Policy Standard defines a same-origin request 1 as
one where the request's origin and current URL are same-origin with
each other. This comparison is done in "determine a request's referrer"
algorithm.
The analogous place in our implementation is
SecurityPolicy::GenerateReferrer. Before this CL, GenerateReferrer would
determine a request's same-origin-ness by comparing the origin of the
request's referrer string and the origin of the request's current URL.
Most of the time this was sufficient, as the request's referrer string
is almost always same-origin with the request's origin (initiator
in Blink). With descendant module scripts and worklets however, the
origin of the request's referrer string and request's origin (initiator)
could be different, which breaks the correctness of our GenerateReferrer
method.
This CL introduces a blink::SecurityOrigin parameter to the
GenerateReferrer method, so that correct same-origin comparisons can be
carried out. In all GenerateReferrer call-sites, an appropriate origin
is passed in.
The original CL 2 was reverted because the semantics of
SecurityPolicy::GenerateReferrer were not kept in sync with the similar
logic in net::URLRequestJob::ComputeReferrerForPolicy, which caused a
DumpWithoutCrashing bug seen in https://crbug.com/1000614, and request
cancellations. This reland updates the ComputeReferrerForPolicy logic
to match the corresponding Blink logic, and includes documentation
mentioning that changes to one section should be reflected in the other.
This CL also includes web platform tests for the scenario in the
aforementioned bug, which pass with this CL, as well as net unit tests
for RedirectInfo and URLRequestJob.
Bug: 786862
Change-Id: I1deeaae8191b07856c593ddb2486297344e0b846
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1786260
Commit-Queue: Dominic Farolino <dom@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Reviewed-by: Benoit L <lizeb@chromium.org>
Reviewed-by: Matt Menke <mmenke@chromium.org>
Reviewed-by: Andrey Kosyakov <caseq@chromium.org>
Reviewed-by: Yutaka Hirano <yhirano@chromium.org>
Reviewed-by: Kouhei Ueno <kouhei@chromium.org>
Reviewed-by: Tarun Bansal <tbansal@chromium.org>
Reviewed-by: Hiroki Nakagawa <nhiroki@chromium.org>
Cr-Commit-Position: refs/heads/master@{#695523}