diff options
| author | Michael BrĂ¼ning <michael.bruning@qt.io> | 2022-05-16 13:08:19 +0200 |
|---|---|---|
| committer | Michael BrĂ¼ning <michael.bruning@qt.io> | 2022-05-19 14:59:30 +0000 |
| commit | 51ec18becb7ae689cfd8cb947ea6c0afbb6ec545 (patch) | |
| tree | 6ad084084bcc04ef1cfd80762f4ced7396b1ca8a /chromium | |
| parent | 2ceec49c31b00b5f9b609d69ecf88250f8a020ac (diff) | |
Quick fix for regression in service workers by reverting backports
This backport causes a crash under certain circumstances. The issue
that was being fixed was not a high priority, so reverting until a
proper fix has been found.
This reverts commits 155c60b9db6b07e16dab7b105865d49ecad2fa84,
e67dc64220e00d27be338f507c0fb4872fecdaf1 as well as
6f1275cb40ffbc83dd7b216d554d2765c239144d.
Change-Id: Id8ce09cc7115991fa176c588103541a7a52fcd39
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Diffstat (limited to 'chromium')
27 files changed, 91 insertions, 421 deletions
diff --git a/chromium/content/browser/devtools/devtools_url_loader_interceptor.cc b/chromium/content/browser/devtools/devtools_url_loader_interceptor.cc index 5a7f6678c45..787aadeb9cb 100644 --- a/chromium/content/browser/devtools/devtools_url_loader_interceptor.cc +++ b/chromium/content/browser/devtools/devtools_url_loader_interceptor.cc @@ -1111,7 +1111,6 @@ void InterceptionJob::ProcessSetCookies(const net::HttpResponseHeaders& headers, create_loader_params_->request.url, create_loader_params_->request.site_for_cookies, create_loader_params_->request.request_initiator, - create_loader_params_->request.is_main_frame, (create_loader_params_->request.force_ignore_site_for_cookies || should_treat_as_first_party))); @@ -1259,7 +1258,7 @@ void InterceptionJob::FetchCookies( options.set_same_site_cookie_context( net::cookie_util::ComputeSameSiteContextForRequest( request.method, request.url, request.site_for_cookies, - request.request_initiator, request.is_main_frame, + request.request_initiator, (request.force_ignore_site_for_cookies || should_treat_as_first_party))); diff --git a/chromium/content/browser/loader/navigation_url_loader_impl.cc b/chromium/content/browser/loader/navigation_url_loader_impl.cc index 820c46e98bb..f54cfd9a610 100644 --- a/chromium/content/browser/loader/navigation_url_loader_impl.cc +++ b/chromium/content/browser/loader/navigation_url_loader_impl.cc @@ -196,7 +196,6 @@ std::unique_ptr<network::ResourceRequest> CreateResourceRequest( new_request->method = request_info->common_params->method; new_request->url = request_info->common_params->url; - new_request->navigation_redirect_chain.push_back(new_request->url); new_request->site_for_cookies = request_info->isolation_info.site_for_cookies(); new_request->force_ignore_site_for_cookies = @@ -744,8 +743,6 @@ void NavigationURLLoaderImpl::FollowRedirectInternal( resource_request_->referrer = GURL(redirect_info_.new_referrer); resource_request_->referrer_policy = redirect_info_.new_referrer_policy; resource_request_->previews_state = new_previews_state; - resource_request_->navigation_redirect_chain.push_back( - redirect_info_.new_url); url_chain_.push_back(redirect_info_.new_url); // Need to cache modified headers for |url_loader_| since it doesn't use diff --git a/chromium/content/common/background_fetch/background_fetch_types.cc b/chromium/content/common/background_fetch/background_fetch_types.cc index 71d138d9e03..7952ef89a2c 100644 --- a/chromium/content/common/background_fetch/background_fetch_types.cc +++ b/chromium/content/common/background_fetch/background_fetch_types.cc @@ -52,7 +52,6 @@ blink::mojom::FetchAPIRequestPtr BackgroundFetchSettledFetch::CloneRequest( request->mode, request->is_main_resource_load, request->destination, request->frame_type, request->url, request->method, request->headers, CloneSerializedBlob(request->blob), request->body, - request->request_initiator, request->navigation_redirect_chain, request->referrer.Clone(), request->credentials_mode, request->cache_mode, request->redirect_mode, request->integrity, request->priority, request->fetch_window_id, request->keepalive, request->is_reload, diff --git a/chromium/content/common/fetch/fetch_request_type_converters.cc b/chromium/content/common/fetch/fetch_request_type_converters.cc index a4941085ae7..0bc3104eb2e 100644 --- a/chromium/content/common/fetch/fetch_request_type_converters.cc +++ b/chromium/content/common/fetch/fetch_request_type_converters.cc @@ -27,8 +27,6 @@ blink::mojom::FetchAPIRequestPtr TypeConverter< // nullptr. if (input.request_body) output->body = input.request_body; - output->request_initiator = input.request_initiator; - output->navigation_redirect_chain = input.navigation_redirect_chain; output->referrer = blink::mojom::Referrer::New( input.referrer, blink::ReferrerUtils::NetToMojoReferrerPolicy(input.referrer_policy)); diff --git a/chromium/net/base/features.cc b/chromium/net/base/features.cc index 8df49276651..8c19303eceb 100644 --- a/chromium/net/base/features.cc +++ b/chromium/net/base/features.cc @@ -195,7 +195,5 @@ extern const base::FeatureParam<base::TimeDelta> kTimeoutTcpConnectAttemptMax( "TimeoutTcpConnectAttemptMax", base::TimeDelta::FromSeconds(30)); -const base::Feature kSameSiteCookiesBugfix1166211{ - "SameSiteCookiesBugfix1166211", base::FEATURE_ENABLED_BY_DEFAULT}; } // namespace features } // namespace net diff --git a/chromium/net/base/features.h b/chromium/net/base/features.h index f962c814b08..491b1e574f1 100644 --- a/chromium/net/base/features.h +++ b/chromium/net/base/features.h @@ -288,15 +288,6 @@ NET_EXPORT extern const base::FeatureParam<base::TimeDelta> NET_EXPORT extern const base::FeatureParam<base::TimeDelta> kTimeoutTcpConnectAttemptMax; -// Controls whether the fix for crbug.com/1166211 is enabled. When this is -// enabled, SameSite=Lax cookies may only be accessed for cross-site requests if -// they are top-level navigations. When it is disabled, the (incorrect) previous -// behavior that allows SameSite=Lax cookies on cross-site, non-top-level -// requests if all frame ancestors are same-site with the request URL is used -// instead. This fix is implemented behind a flag (kill switch) due to potential -// compatibility risk. -NET_EXPORT extern const base::Feature kSameSiteCookiesBugfix1166211; - } // namespace features } // namespace net diff --git a/chromium/net/cookies/cookie_util.cc b/chromium/net/cookies/cookie_util.cc index 1513b95fbe4..86735d1d510 100644 --- a/chromium/net/cookies/cookie_util.cc +++ b/chromium/net/cookies/cookie_util.cc @@ -80,49 +80,21 @@ bool SaturatedTimeFromUTCExploded(const base::Time::Exploded& exploded, return false; } -// This function consolidates the common logic for computing SameSite cookie -// access context in various situations (HTTP vs JS; get vs set). -// -// `is_http` is whether the current cookie access request is associated with a -// network request (as opposed to a non-HTTP API, i.e., JavaScript). -// -// `compute_schemefully` is whether the current computation is for a -// schemeful_context, i.e. whether scheme should be considered when comparing -// two sites. -// -// See documentation of `ComputeSameSiteContextForRequest` for explanations of -// other parameters. ContextType ComputeSameSiteContext(const GURL& url, const SiteForCookies& site_for_cookies, const base::Optional<url::Origin>& initiator, - bool is_http, - bool is_main_frame_navigation, bool compute_schemefully) { - bool site_for_cookies_is_same_site = - site_for_cookies.IsFirstPartyWithSchemefulMode(url, compute_schemefully); - - // If the request is a main frame navigation, site_for_cookies must either be - // null (for opaque origins, e.g., data: origins) or same-site with the - // request URL (both schemefully and schemelessly), and the URL cannot be - // ws/wss (these schemes are not navigable). - DCHECK(!is_main_frame_navigation || site_for_cookies_is_same_site || - site_for_cookies.IsNull()); - DCHECK(!is_main_frame_navigation || !url.SchemeIsWSOrWSS()); - - if (site_for_cookies_is_same_site) { + if (site_for_cookies.IsFirstPartyWithSchemefulMode(url, + compute_schemefully)) { // Create a SiteForCookies object from the initiator so that we can reuse // IsFirstPartyWithSchemefulMode(). if (!initiator || SiteForCookies::FromOrigin(initiator.value()) .IsFirstPartyWithSchemefulMode(url, compute_schemefully)) { return ContextType::SAME_SITE_STRICT; - } - // Preserve old behavior if the bugfix is disabled. - if (!base::FeatureList::IsEnabled(features::kSameSiteCookiesBugfix1166211)) - return ContextType::SAME_SITE_LAX; - - if (!is_http || is_main_frame_navigation) + } else { return ContextType::SAME_SITE_LAX; + } } return ContextType::CROSS_SITE; } @@ -130,26 +102,23 @@ ContextType ComputeSameSiteContext(const GURL& url, CookieOptions::SameSiteCookieContext ComputeSameSiteContextForSet( const GURL& url, const SiteForCookies& site_for_cookies, - const base::Optional<url::Origin>& initiator, - bool is_http, - bool is_main_frame_navigation) { - CookieOptions::SameSiteCookieContext same_site_context; + bool force_ignore_site_for_cookies) { + if (force_ignore_site_for_cookies) + return CookieOptions::SameSiteCookieContext::MakeInclusiveForSet(); - same_site_context.set_context(ComputeSameSiteContext( - url, site_for_cookies, initiator, is_http, is_main_frame_navigation, - false /* compute_schemefully */)); - same_site_context.set_schemeful_context(ComputeSameSiteContext( - url, site_for_cookies, initiator, is_http, is_main_frame_navigation, - true /* compute_schemefully */)); + // Schemeless check + if (!site_for_cookies.IsFirstPartyWithSchemefulMode(url, false)) { + return CookieOptions::SameSiteCookieContext(ContextType::CROSS_SITE, + ContextType::CROSS_SITE); + } - // Setting any SameSite={Strict,Lax} cookie only requires a LAX context, so - // normalize any strictly same-site contexts to Lax for cookie writes. - if (same_site_context.context() == ContextType::SAME_SITE_STRICT) - same_site_context.set_context(ContextType::SAME_SITE_LAX); - if (same_site_context.schemeful_context() == ContextType::SAME_SITE_STRICT) - same_site_context.set_schemeful_context(ContextType::SAME_SITE_LAX); + // Schemeful check + if (!site_for_cookies.IsFirstPartyWithSchemefulMode(url, true)) { + return CookieOptions::SameSiteCookieContext(ContextType::SAME_SITE_LAX, + ContextType::CROSS_SITE); + } - return same_site_context; + return CookieOptions::SameSiteCookieContext::MakeInclusiveForSet(); } } // namespace @@ -491,24 +460,22 @@ CookieOptions::SameSiteCookieContext ComputeSameSiteContextForRequest( const GURL& url, const SiteForCookies& site_for_cookies, const base::Optional<url::Origin>& initiator, - bool is_main_frame_navigation, bool force_ignore_site_for_cookies) { - // Set SameSiteCookieiContext according to the rules laid out in - // https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis: + // Set SameSiteCookieMode according to the rules laid out in + // https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-02: // // * Include both "strict" and "lax" same-site cookies if the request's // |url|, |initiator|, and |site_for_cookies| all have the same // registrable domain. Note: this also covers the case of a request // without an initiator (only happens for browser-initiated main frame - // navigations). If computing schemefully, the schemes must also match. + // navigations). // // * Include only "lax" same-site cookies if the request's |URL| and // |site_for_cookies| have the same registrable domain, _and_ the - // request's |http_method| is "safe" ("GET" or "HEAD"), and the request - // is a main frame navigation. + // request's |http_method| is "safe" ("GET" or "HEAD"). // - // This case should occur only for cross-site requests which - // target a top-level browsing context, with a "safe" method. + // This case should generally occur only for cross-site requests which + // target a top-level browsing context. // // * Include both "strict" and "lax" same-site cookies if the request is // tagged with a flag allowing it. @@ -524,12 +491,10 @@ CookieOptions::SameSiteCookieContext ComputeSameSiteContextForRequest( CookieOptions::SameSiteCookieContext same_site_context; - same_site_context.set_context(ComputeSameSiteContext( - url, site_for_cookies, initiator, true /* is_http */, - is_main_frame_navigation, false /* compute_schemefully */)); - same_site_context.set_schemeful_context(ComputeSameSiteContext( - url, site_for_cookies, initiator, true /* is_http */, - is_main_frame_navigation, true /* compute_schemefully */)); + same_site_context.set_context( + ComputeSameSiteContext(url, site_for_cookies, initiator, false)); + same_site_context.set_schemeful_context( + ComputeSameSiteContext(url, site_for_cookies, initiator, true)); // If the method is safe, the context is Lax. Otherwise, make a note that // the method is unsafe. @@ -556,12 +521,10 @@ ComputeSameSiteContextForScriptGet(const GURL& url, CookieOptions::SameSiteCookieContext same_site_context; - same_site_context.set_context(ComputeSameSiteContext( - url, site_for_cookies, initiator, false /* is_http */, - false /* is_main_frame_navigation */, false /* compute_schemefully */)); - same_site_context.set_schemeful_context(ComputeSameSiteContext( - url, site_for_cookies, initiator, false /* is_http */, - false /* is_main_frame_navigation */, true /* compute_schemefully */)); + same_site_context.set_context( + ComputeSameSiteContext(url, site_for_cookies, initiator, false)); + same_site_context.set_schemeful_context( + ComputeSameSiteContext(url, site_for_cookies, initiator, true)); return same_site_context; } @@ -570,39 +533,20 @@ CookieOptions::SameSiteCookieContext ComputeSameSiteContextForResponse( const GURL& url, const SiteForCookies& site_for_cookies, const base::Optional<url::Origin>& initiator, - bool is_main_frame_navigation, bool force_ignore_site_for_cookies) { - if (force_ignore_site_for_cookies) - return CookieOptions::SameSiteCookieContext::MakeInclusiveForSet(); - - if (is_main_frame_navigation && !site_for_cookies.IsNull()) { - // If the request is a main frame navigation, site_for_cookies must either - // be null (for opaque origins, e.g., data: origins) or same-site with the - // request URL (both schemefully and schemelessly), and the URL cannot be - // ws/wss (these schemes are not navigable). - DCHECK(site_for_cookies.IsFirstPartyWithSchemefulMode(url, true)); - DCHECK(!url.SchemeIsWSOrWSS()); - return CookieOptions::SameSiteCookieContext::MakeInclusiveForSet(); - } + // |initiator| is here in case it'll be decided to ignore |site_for_cookies| + // for entirely browser-side requests (see https://crbug.com/958335). - return ComputeSameSiteContextForSet(url, site_for_cookies, initiator, - true /* is_http */, - is_main_frame_navigation); + return ComputeSameSiteContextForSet(url, site_for_cookies, + force_ignore_site_for_cookies); } CookieOptions::SameSiteCookieContext ComputeSameSiteContextForScriptSet( const GURL& url, const SiteForCookies& site_for_cookies, bool force_ignore_site_for_cookies) { - if (force_ignore_site_for_cookies) - return CookieOptions::SameSiteCookieContext::MakeInclusiveForSet(); - - // It doesn't matter what initiator origin we pass here. Either way, the - // context will be considered same-site iff the site_for_cookies is same-site - // with the url. - return ComputeSameSiteContextForSet( - url, site_for_cookies, base::nullopt /* initiator */, false /* is_http */, - false /* is_main_frame_navigation */); + return ComputeSameSiteContextForSet(url, site_for_cookies, + force_ignore_site_for_cookies); } CookieOptions::SameSiteCookieContext ComputeSameSiteContextForSubresource( diff --git a/chromium/net/cookies/cookie_util.h b/chromium/net/cookies/cookie_util.h index c9db31a9769..b2b7992d03b 100644 --- a/chromium/net/cookies/cookie_util.h +++ b/chromium/net/cookies/cookie_util.h @@ -131,29 +131,25 @@ NET_EXPORT void ParseRequestCookieLine(const std::string& header_value, NET_EXPORT std::string SerializeRequestCookieLine( const ParsedRequestCookies& parsed_cookies); -// Determines which of the cookies for `url` can be accessed, with respect to -// the SameSite attribute. This applies to looking up existing cookies for HTTP -// requests. For looking up cookies for non-HTTP APIs (i.e., JavaScript), see -// ComputeSameSiteContextForScriptGet. For setting new cookies, see -// ComputeSameSiteContextForResponse and ComputeSameSiteContextForScriptSet. +// Determines which of the cookies for |url| can be accessed, with respect to +// the SameSite attribute. This applies to looking up existing cookies; for +// setting new ones, see ComputeSameSiteContextForResponse and +// ComputeSameSiteContextForScriptSet. // -// `site_for_cookies` is the currently navigated to site that should be +// |site_for_cookies| is the currently navigated to site that should be // considered "first-party" for cookies. // -// `initiator` is the origin ultimately responsible for getting the request -// issued. It may be different from `site_for_cookies`. +// |initiator| is the origin ultimately responsible for getting the request +// issued; it may be different from |site_for_cookies| in that it may be some +// other website that caused the navigation to |site_for_cookies| to occur. // -// base::nullopt for `initiator` denotes that the navigation was initiated by +// base::nullopt for |initiator| denotes that the navigation was initiated by // the user directly interacting with the browser UI, e.g. entering a URL // or selecting a bookmark. // -// `is_main_frame_navigation` is whether the request is for a navigation that -// targets the main frame or top-level browsing context. These requests may -// sometimes send SameSite=Lax cookies but not SameSite=Strict cookies. -// -// If `force_ignore_site_for_cookies` is specified, all SameSite cookies will be +// If |force_ignore_site_for_cookies| is specified, all SameSite cookies will be // attached, i.e. this will return SAME_SITE_STRICT. This flag is set to true -// when the `site_for_cookies` is a chrome:// URL embedding a secure origin, +// when the |site_for_cookies| is a chrome:// URL embedding a secure origin, // among other scenarios. // This is *not* set when the *initiator* is chrome-extension://, // which is intentional, since it would be bad to let an extension arbitrarily @@ -161,7 +157,7 @@ NET_EXPORT std::string SerializeRequestCookieLine( // // See also documentation for corresponding methods on net::URLRequest. // -// `http_method` is used to enforce the requirement that, in a context that's +// |http_method| is used to enforce the requirement that, in a context that's // lax same-site but not strict same-site, SameSite=lax cookies be only sent // when the method is "safe" in the RFC7231 section 4.2.1 sense. NET_EXPORT CookieOptions::SameSiteCookieContext @@ -169,38 +165,33 @@ ComputeSameSiteContextForRequest(const std::string& http_method, const GURL& url, const SiteForCookies& site_for_cookies, const base::Optional<url::Origin>& initiator, - bool is_main_frame_navigation, bool force_ignore_site_for_cookies); -// As above, but applying for scripts. `initiator` here should be the initiator +// As above, but applying for scripts. |initiator| here should be the initiator // used when fetching the document. -// If `force_ignore_site_for_cookies` is true, this returns SAME_SITE_STRICT. +// If |force_ignore_site_for_cookies| is true, this returns SAME_SITE_STRICT. NET_EXPORT CookieOptions::SameSiteCookieContext ComputeSameSiteContextForScriptGet(const GURL& url, const SiteForCookies& site_for_cookies, const base::Optional<url::Origin>& initiator, bool force_ignore_site_for_cookies); -// Determines which of the cookies for `url` can be set from a network response +// Determines which of the cookies for |url| can be set from a network response, // with respect to the SameSite attribute. This will only return CROSS_SITE or // SAME_SITE_LAX (cookie sets of SameSite=strict cookies are permitted in same // contexts that sets of SameSite=lax cookies are). -// `is_main_frame_navigation` is whether the request was for a navigation that -// targets the main frame or top-level browsing context. Both SameSite=Lax and -// SameSite=Strict cookies may be set by any main frame navigation. -// If `force_ignore_site_for_cookies` is true, this returns SAME_SITE_LAX. +// If |force_ignore_site_for_cookies| is true, this returns SAME_SITE_LAX. NET_EXPORT CookieOptions::SameSiteCookieContext ComputeSameSiteContextForResponse(const GURL& url, const SiteForCookies& site_for_cookies, const base::Optional<url::Origin>& initiator, - bool is_main_frame_navigation, bool force_ignore_site_for_cookies); -// Determines which of the cookies for `url` can be set from a script context, +// Determines which of the cookies for |url| can be set from a script context, // with respect to the SameSite attribute. This will only return CROSS_SITE or // SAME_SITE_LAX (cookie sets of SameSite=strict cookies are permitted in same // contexts that sets of SameSite=lax cookies are). -// If `force_ignore_site_for_cookies` is true, this returns SAME_SITE_LAX. +// If |force_ignore_site_for_cookies| is true, this returns SAME_SITE_LAX. NET_EXPORT CookieOptions::SameSiteCookieContext ComputeSameSiteContextForScriptSet(const GURL& url, const SiteForCookies& site_for_cookies, diff --git a/chromium/net/url_request/url_request.cc b/chromium/net/url_request/url_request.cc index 32f6a8c86d9..5d442abc276 100644 --- a/chromium/net/url_request/url_request.cc +++ b/chromium/net/url_request/url_request.cc @@ -433,23 +433,6 @@ void URLRequest::SetDefaultCookiePolicyToBlock() { g_default_can_use_cookies = false; } -void URLRequest::SetURLChain(const std::vector<GURL>& url_chain) { - DCHECK(!job_); - DCHECK(!is_pending_); - DCHECK_EQ(url_chain_.size(), 1u); - - if (url_chain.size() < 2) - return; - - // In most cases the current request URL will match the last URL in the - // explicitly set URL chain. In some cases, however, a throttle will modify - // the request URL resulting in a different request URL. We handle this by - // using previous values from the explicitly set URL chain, but with the - // request URL as the final entry in the chain. - url_chain_.insert(url_chain_.begin(), url_chain.begin(), - url_chain.begin() + url_chain.size() - 1); -} - void URLRequest::set_site_for_cookies(const SiteForCookies& site_for_cookies) { DCHECK(!is_pending_); site_for_cookies_ = site_for_cookies; @@ -553,7 +536,6 @@ URLRequest::URLRequest(const GURL& url, NetLogSourceType::URL_REQUEST)), url_chain_(1, url), force_ignore_site_for_cookies_(false), - force_main_frame_for_same_site_cookies_(false), method_("GET"), referrer_policy_( ReferrerPolicy::CLEAR_ON_TRANSITION_FROM_SECURE_TO_INSECURE), diff --git a/chromium/net/url_request/url_request.h b/chromium/net/url_request/url_request.h index 543747e3056..a49c992742d 100644 --- a/chromium/net/url_request/url_request.h +++ b/chromium/net/url_request/url_request.h @@ -227,19 +227,6 @@ class NET_EXPORT URLRequest : public base::SupportsUserData { const std::vector<GURL>& url_chain() const { return url_chain_; } const GURL& url() const { return url_chain_.back(); } - // Explicitly set the URL chain for this request. This can be used to - // indicate a chain of redirects that happen at a layer above the network - // service; e.g. navigation redirects. - // - // Note, the last entry in the new `url_chain` will be ignored. Instead - // the request will preserve its current URL. This is done since the higher - // layer providing the explicit `url_chain` may not be aware of modifications - // to the request URL by throttles. - // - // This method should only be called on new requests that have a single - // entry in their existing `url_chain_`. - void SetURLChain(const std::vector<GURL>& url_chain); - // The URL that should be consulted for the third-party cookie blocking // policy, as defined in Section 2.1.1 and 2.1.2 of // https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site. @@ -279,16 +266,6 @@ class NET_EXPORT URLRequest : public base::SupportsUserData { force_ignore_site_for_cookies_ = attach; } - // Indicates if the request should be treated as a main frame navigation for - // SameSite cookie computations. This flag overrides the IsolationInfo - // request type associated with fetches from a service worker context. - bool force_main_frame_for_same_site_cookies() const { - return force_main_frame_for_same_site_cookies_; - } - void set_force_main_frame_for_same_site_cookies(bool value) { - force_main_frame_for_same_site_cookies_ = value; - } - // The first-party URL policy to apply when updating the first party URL // during redirects. The first-party URL policy may only be changed before // Start() is called. @@ -875,7 +852,6 @@ class NET_EXPORT URLRequest : public base::SupportsUserData { IsolationInfo isolation_info_; bool force_ignore_site_for_cookies_; - bool force_main_frame_for_same_site_cookies_; base::Optional<url::Origin> initiator_; GURL delegate_redirect_url_; std::string method_; // "GET", "POST", etc. Should be all uppercase. diff --git a/chromium/net/url_request/url_request_http_job.cc b/chromium/net/url_request/url_request_http_job.cc index 9526cafce26..5cdc19e1f13 100644 --- a/chromium/net/url_request/url_request_http_job.cc +++ b/chromium/net/url_request/url_request_http_job.cc @@ -585,15 +585,10 @@ void URLRequestHttpJob::AddCookieHeaderAndStart() { request_->site_for_cookies())) { force_ignore_site_for_cookies = true; } - bool is_main_frame_navigation = - IsolationInfo::RedirectMode::kUpdateTopFrame == - request_->isolation_info().redirect_mode() || - request_->force_main_frame_for_same_site_cookies(); options.set_same_site_cookie_context( net::cookie_util::ComputeSameSiteContextForRequest( request_->method(), request_->url(), request_->site_for_cookies(), - request_->initiator(), is_main_frame_navigation, - force_ignore_site_for_cookies)); + request_->initiator(), force_ignore_site_for_cookies)); static_cast<CookieMonster*>(cookie_store)->GetCookieListWithOptionsAsyncAndFiltered( request_->url(), request_->site_for_cookies(), options, base::BindOnce(&URLRequestHttpJob::SetCookieHeaderAndStart, @@ -733,12 +728,10 @@ void URLRequestHttpJob::SaveCookiesAndNotifyHeadersComplete(int result) { request_->url(), request_->site_for_cookies())) { force_ignore_site_for_cookies = true; } - bool is_main_frame_navigation = IsolationInfo::RedirectMode::kUpdateTopFrame == - request_->isolation_info().redirect_mode(); options.set_same_site_cookie_context( net::cookie_util::ComputeSameSiteContextForResponse( request_->url(), request_->site_for_cookies(), request_->initiator(), - is_main_frame_navigation, force_ignore_site_for_cookies)); + force_ignore_site_for_cookies)); options.set_return_excluded_cookies(); diff --git a/chromium/services/network/cors/cors_url_loader.cc b/chromium/services/network/cors/cors_url_loader.cc index 7606ceb59fb..266520702c0 100644 --- a/chromium/services/network/cors/cors_url_loader.cc +++ b/chromium/services/network/cors/cors_url_loader.cc @@ -129,18 +129,6 @@ void CorsURLLoader::FollowRedirect( const net::HttpRequestHeaders& modified_headers, const net::HttpRequestHeaders& modified_cors_exempt_headers, const base::Optional<GURL>& new_url) { - // If this is a navigation from a renderer, then its a service worker - // passthrough of a navigation request. Since this case uses manual - // redirect mode FollowRedirect() should never be called. - if (process_id_ != mojom::kBrowserProcessId && - request_.mode == mojom::RequestMode::kNavigate) { - mojo::ReportBadMessage( - "CorsURLLoader: navigate from non-browser-process should not call " - "FollowRedirect"); - HandleComplete(URLLoaderCompletionStatus(net::ERR_FAILED)); - return; - } - if (!network_loader_ || !deferred_redirect_url_) { HandleComplete(URLLoaderCompletionStatus(net::ERR_FAILED)); return; diff --git a/chromium/services/network/cors/cors_url_loader_factory.cc b/chromium/services/network/cors/cors_url_loader_factory.cc index dfc110d0596..60f73825b80 100644 --- a/chromium/services/network/cors/cors_url_loader_factory.cc +++ b/chromium/services/network/cors/cors_url_loader_factory.cc @@ -379,76 +379,18 @@ bool CorsURLLoaderFactory::IsValidRequest(const ResourceRequest& request, return false; } - // The `force_main_frame_for_same_site_cookies` should only be set when a - // service worker passes through a navigation request. In this case the - // mode must be `kNavigate` and the destination must be empty. - if (request.original_destination == mojom::RequestDestination::kDocument && - (request.mode != mojom::RequestMode::kNavigate || - request.destination != mojom::RequestDestination::kEmpty)) { - mojo::ReportBadMessage( - "CorsURLLoaderFactory: original_destination is unexpectedly set to " - "kDocument"); - return false; - } - - // Validate that a navigation redirect chain is not sent for a non-navigation - // request. - if (!request.navigation_redirect_chain.empty() && - request.mode != mojom::RequestMode::kNavigate) { - mojo::ReportBadMessage( - "CorsURLLoaderFactory: navigation redirect chain set for a " - "non-navigation"); - return false; - } - - // By default we compare the `request_initiator` to the lock below. This is - // overridden for renderer navigations, however. - base::Optional<url::Origin> origin_to_validate = request.request_initiator; - // Ensure that renderer requests are covered either by CORS or CORB. if (process_id_ != mojom::kBrowserProcessId) { switch (request.mode) { case mojom::RequestMode::kNavigate: - // A navigation request from a renderer can legally occur when a service - // worker passes it through from its `FetchEvent.request` to `fetch()`. - // In this case it is making a navigation request on behalf of the - // original initiator. Since that initiator may be cross-origin, its - // possible the request's initiator will not match our lock. - // - // To make this operation safe we instead compare the request URL origin - // against the initiator lock. We can do this since service workers - // should only ever handle same-origin navigations. - // - // With this approach its possible the initiator could be spoofed by the - // renderer. However, since we have validated the request URL they can - // only every lie to the origin that they have already compromised. It - // does not allow an attacker to target other arbitrary origins. - origin_to_validate = url::Origin::Create(request.url); - - // We further validate the navigation request by ensuring it has the - // correct redirect mode. This avoids an attacker attempting to - // craft a navigation that is then automatically followed to a separate - // target origin. With manual mode the redirect will instead be - // processed as an opaque redirect response that is passed back to the - // renderer and navigation code. The redirected requested must be - // sent anew and go through this validation again. - if (request.redirect_mode != mojom::RedirectMode::kManual) { - mojo::ReportBadMessage( - "CorsURLLoaderFactory: navigate from non-browser-process with " - "redirect_mode set to 'follow'"); - return false; - } - - // Validate that a navigation redirect chain is always provided for a - // navigation request. - if (request.navigation_redirect_chain.empty()) { - mojo::ReportBadMessage( - "CorsURLLoaderFactory: navigate from non-browser-process without " - "a redirect chain provided"); - return false; - } - - break; + // Only the browser process can initiate navigations. This helps ensure + // that a malicious/compromised renderer cannot bypass CORB by issuing + // kNavigate, rather than kNoCors requests. (CORB should apply only to + // no-cors requests as tracked in https://crbug.com/953315 and as + // captured in https://fetch.spec.whatwg.org/#main-fetch). + mojo::ReportBadMessage( + "CorsURLLoaderFactory: navigate from non-browser-process"); + return false; case mojom::RequestMode::kSameOrigin: case mojom::RequestMode::kCors: @@ -462,11 +404,11 @@ bool CorsURLLoaderFactory::IsValidRequest(const ResourceRequest& request, } } - // Depending on the type of request, compare either `request_initiator` or - // `request.url` to `request_initiator_origin_lock_`. + // Compare |request_initiator| and |request_initiator_origin_lock_|. InitiatorLockCompatibility initiator_lock_compatibility = - VerifyRequestInitiatorLockWithPluginCheck( - process_id_, request_initiator_origin_lock_, origin_to_validate); + VerifyRequestInitiatorLockWithPluginCheck(process_id_, + request_initiator_origin_lock_, + request.request_initiator); UMA_HISTOGRAM_ENUMERATION( "NetworkService.URLLoader.RequestInitiatorOriginLockCompatibility", initiator_lock_compatibility); @@ -495,6 +437,7 @@ bool CorsURLLoaderFactory::IsValidRequest(const ResourceRequest& request, case InitiatorLockCompatibility::kIncorrectLock: // Requests from the renderer need to always specify a correct initiator. + NOTREACHED(); if (base::FeatureList::IsEnabled( features::kRequestInitiatorSiteLockEnfocement)) { url::debug::ScopedOriginCrashKey initiator_lock_crash_key( diff --git a/chromium/services/network/public/cpp/resource_request.h b/chromium/services/network/public/cpp/resource_request.h index 144a3942421..000ff16bbd6 100644 --- a/chromium/services/network/public/cpp/resource_request.h +++ b/chromium/services/network/public/cpp/resource_request.h @@ -78,11 +78,6 @@ struct COMPONENT_EXPORT(NETWORK_CPP_BASE) ResourceRequest { base::Optional<url::Origin> request_initiator; base::Optional<url::Origin> isolated_world_origin; - - // The chain of URLs seen during navigation redirects. This should only - // contain values if the mode is `RedirectMode::kNavigate`. - std::vector<GURL> navigation_redirect_chain; - GURL referrer; net::ReferrerPolicy referrer_policy = net::ReferrerPolicy::NEVER_CLEAR; net::HttpRequestHeaders headers; @@ -103,8 +98,6 @@ struct COMPONENT_EXPORT(NETWORK_CPP_BASE) ResourceRequest { mojom::RedirectMode redirect_mode = mojom::RedirectMode::kFollow; std::string fetch_integrity; mojom::RequestDestination destination = mojom::RequestDestination::kEmpty; - mojom::RequestDestination original_destination = - mojom::RequestDestination::kEmpty; scoped_refptr<ResourceRequestBody> request_body; bool keepalive = false; bool has_user_gesture = false; diff --git a/chromium/services/network/public/cpp/url_request_mojom_traits.cc b/chromium/services/network/public/cpp/url_request_mojom_traits.cc index 6f7283a2687..d45b19b8f61 100644 --- a/chromium/services/network/public/cpp/url_request_mojom_traits.cc +++ b/chromium/services/network/public/cpp/url_request_mojom_traits.cc @@ -202,8 +202,7 @@ bool StructTraits< !data.ReadThrottlingProfileId(&out->throttling_profile_id) || !data.ReadFetchWindowId(&out->fetch_window_id) || !data.ReadDevtoolsRequestId(&out->devtools_request_id) || - !data.ReadRecursivePrefetchToken(&out->recursive_prefetch_token) || - !data.ReadNavigationRedirectChain(&out->navigation_redirect_chain)) { + !data.ReadRecursivePrefetchToken(&out->recursive_prefetch_token)) { // Note that data.ReadTrustTokenParams is temporarily handled below. return false; } @@ -243,7 +242,6 @@ bool StructTraits< out->is_signed_exchange_prefetch_cache_enabled = data.is_signed_exchange_prefetch_cache_enabled(); out->obey_origin_policy = data.obey_origin_policy(); - out->original_destination = data.original_destination(); return true; } diff --git a/chromium/services/network/public/cpp/url_request_mojom_traits.h b/chromium/services/network/public/cpp/url_request_mojom_traits.h index df94670c006..ea302870d45 100644 --- a/chromium/services/network/public/cpp/url_request_mojom_traits.h +++ b/chromium/services/network/public/cpp/url_request_mojom_traits.h @@ -109,10 +109,6 @@ struct COMPONENT_EXPORT(NETWORK_CPP_BASE) const network::ResourceRequest& request) { return request.request_initiator; } - static const std::vector<GURL> navigation_redirect_chain( - const network::ResourceRequest& request) { - return request.navigation_redirect_chain; - } static const base::Optional<url::Origin>& isolated_world_origin( const network::ResourceRequest& request) { return request.isolated_world_origin; @@ -252,10 +248,6 @@ struct COMPONENT_EXPORT(NETWORK_CPP_BASE) static bool obey_origin_policy(const network::ResourceRequest& request) { return request.obey_origin_policy; } - static network::mojom::RequestDestination original_destination( - const network::ResourceRequest& request) { - return request.original_destination; - } static const base::Optional<network::ResourceRequest::TrustedParams>& trusted_params(const network::ResourceRequest& request) { return request.trusted_params; diff --git a/chromium/services/network/public/mojom/url_loader.mojom b/chromium/services/network/public/mojom/url_loader.mojom index 72af370c1eb..ef862c8aefc 100644 --- a/chromium/services/network/public/mojom/url_loader.mojom +++ b/chromium/services/network/public/mojom/url_loader.mojom @@ -165,15 +165,6 @@ struct URLRequest { // - URLLoaderFactoryParams::request_initiator_origin_lock url.mojom.Origin? request_initiator; - // The chain of URLs seen during navigation redirects. This should only - // contain values if the mode is `RedirectMode::kNavigate`. This list - // will contain the initial network request URL, but not URLs from previous - // state in the DOM. For example, if a frame has URL A and sets its location - // to URL B, then the redirect chain will begin with URL B. The chain also - // includes the current request URL, however, it will not reflect any changes - // made by throttles. - array<url.mojom.Url> navigation_redirect_chain; - // If this is a subresource request initiated from an isolated world (e.g. // from a content script of a Chrome Extension), then // |isolated_world_origin| indicates the origin of the isolated world. @@ -395,10 +386,6 @@ struct URLRequest { // Spec: https://wicg.github.io/origin-policy/ bool obey_origin_policy; - // The original destination of a request that was passed through by a service - // worker. - RequestDestination original_destination; - // Setting these from an untrusted URLLoader will cause the request to fail. TrustedUrlRequestParams? trusted_params; diff --git a/chromium/services/network/url_loader.cc b/chromium/services/network/url_loader.cc index 30c6473442e..36b67163922 100644 --- a/chromium/services/network/url_loader.cc +++ b/chromium/services/network/url_loader.cc @@ -537,10 +537,6 @@ URLLoader::URLLoader( url_request_->set_site_for_cookies(request.site_for_cookies); url_request_->set_force_ignore_site_for_cookies( request.force_ignore_site_for_cookies); - if (!request.navigation_redirect_chain.empty()) { - DCHECK_EQ(request.mode, mojom::RequestMode::kNavigate); - url_request_->SetURLChain(request.navigation_redirect_chain); - } url_request_->SetReferrer(request.referrer.GetAsReferrer().spec()); url_request_->set_referrer_policy(request.referrer_policy); url_request_->set_upgrade_if_insecure(request.upgrade_if_insecure); @@ -564,18 +560,6 @@ URLLoader::URLLoader( if (url_request_context_->require_network_isolation_key()) DCHECK(!url_request_->isolation_info().IsEmpty()); - // When a service worker forwards a navigation request it uses the - // service worker's IsolationInfo. This causes the cookie code to fail - // to send SameSite=Lax cookies for main-frame navigations passed through - // a service worker. To fix this we check to see if the original destination - // of the request was a main frame document and then set a flag indicating - // SameSite cookies should treat it as a main frame navigation. - if (request.mode == mojom::RequestMode::kNavigate && - request.destination == mojom::RequestDestination::kEmpty && - request.original_destination == mojom::RequestDestination::kDocument) { - url_request_->set_force_main_frame_for_same_site_cookies(true); - } - if (factory_params_->disable_secure_dns) { url_request_->SetDisableSecureDns(true); } else if (request.trusted_params) { diff --git a/chromium/third_party/blink/public/mojom/fetch/fetch_api_request.mojom b/chromium/third_party/blink/public/mojom/fetch/fetch_api_request.mojom index abeb1ad152b..903ebd4fe48 100644 --- a/chromium/third_party/blink/public/mojom/fetch/fetch_api_request.mojom +++ b/chromium/third_party/blink/public/mojom/fetch/fetch_api_request.mojom @@ -14,7 +14,6 @@ import "services/network/public/mojom/url_loader.mojom"; import "third_party/blink/public/mojom/blob/serialized_blob.mojom"; import "third_party/blink/public/mojom/loader/request_context_frame_type.mojom"; import "third_party/blink/public/mojom/loader/referrer.mojom"; -import "url/mojom/origin.mojom"; import "url/mojom/url.mojom"; @@ -183,23 +182,6 @@ struct FetchAPIRequest { SerializedBlob? blob; FetchAPIRequestBody? body; - // `request_initiator` indicates the origin that initiated the request. See - // also `network::ResourceRequest::request_initiator`, and the doc comment - // for `request_initiator` in services/network/public/mojom/url_request.mojom. - // - // Note that the origin may be missing for browser-initiated navigations - // (e.g. ones initiated from the Omnibox). - url.mojom.Origin? request_initiator; - - // The chain of URLs seen during navigation redirects. This should only - // contain values if the mode is `RedirectMode::kNavigate`. This list - // will contain the initial network request URL, but not URLs from previous - // state in the DOM. For example, if a frame has URL A and sets its location - // to URL B, then the redirect chain will begin with URL B. The chain also - // includes the current request URL, however, it will not reflect any changes - // made by throttles. - array<url.mojom.Url> navigation_redirect_chain; - Referrer? referrer; network.mojom.CredentialsMode credentials_mode = network.mojom.CredentialsMode.kOmit; diff --git a/chromium/third_party/blink/renderer/core/fetch/fetch_manager.cc b/chromium/third_party/blink/renderer/core/fetch/fetch_manager.cc index 5fd962266bd..df680aa38a4 100644 --- a/chromium/third_party/blink/renderer/core/fetch/fetch_manager.cc +++ b/chromium/third_party/blink/renderer/core/fetch/fetch_manager.cc @@ -694,8 +694,6 @@ void FetchManager::Loader::PerformHTTPFetch() { // FIXME: Support body. ResourceRequest request(fetch_request_data_->Url()); request.SetRequestorOrigin(fetch_request_data_->Origin()); - request.SetNavigationRedirectChain( - fetch_request_data_->NavigationRedirectChain()); request.SetIsolatedWorldOrigin(fetch_request_data_->IsolatedWorldOrigin()); request.SetRequestContext(fetch_request_data_->Context()); request.SetRequestDestination(fetch_request_data_->Destination()); @@ -703,7 +701,21 @@ void FetchManager::Loader::PerformHTTPFetch() { request.SetFetchWindowId(fetch_request_data_->WindowId()); request.SetTrustTokenParams(fetch_request_data_->TrustTokenParams()); - request.SetMode(fetch_request_data_->Mode()); + switch (fetch_request_data_->Mode()) { + case RequestMode::kSameOrigin: + case RequestMode::kNoCors: + case RequestMode::kCors: + case RequestMode::kCorsWithForcedPreflight: + request.SetMode(fetch_request_data_->Mode()); + break; + case RequestMode::kNavigate: + // NetworkService (i.e. CorsURLLoaderFactory::IsSane) rejects kNavigate + // requests coming from renderers, so using kSameOrigin here. + // TODO(lukasza): Tweak CorsURLLoaderFactory::IsSane to accept kNavigate + // if request_initiator and the target are same-origin. + request.SetMode(RequestMode::kSameOrigin); + break; + } request.SetCredentialsMode(fetch_request_data_->Credentials()); for (const auto& header : fetch_request_data_->HeaderList()->List()) { @@ -751,8 +763,6 @@ void FetchManager::Loader::PerformHTTPFetch() { UseCounter::Count(execution_context_, mojom::WebFeature::kFetchKeepalive); } - request.SetOriginalDestination(fetch_request_data_->OriginalDestination()); - // "3. Append `Host`, ..." // FIXME: Implement this when the spec is fixed. diff --git a/chromium/third_party/blink/renderer/core/fetch/fetch_request_data.cc b/chromium/third_party/blink/renderer/core/fetch/fetch_request_data.cc index 2ff6d006ece..13b45b398b4 100644 --- a/chromium/third_party/blink/renderer/core/fetch/fetch_request_data.cc +++ b/chromium/third_party/blink/renderer/core/fetch/fetch_request_data.cc @@ -161,10 +161,6 @@ FetchRequestData* FetchRequestData::Create( // we deprecate SetContext. request->SetDestination(fetch_api_request->destination); - if (fetch_api_request->request_initiator) - request->SetOrigin(fetch_api_request->request_initiator); - request->SetNavigationRedirectChain( - fetch_api_request->navigation_redirect_chain); request->SetReferrerString(AtomicString(Referrer::NoReferrer())); if (fetch_api_request->referrer) { if (!fetch_api_request->referrer->url.IsEmpty()) { @@ -185,7 +181,6 @@ FetchRequestData* FetchRequestData::Create( fetch_api_request->priority)); if (fetch_api_request->fetch_window_id) request->SetWindowId(fetch_api_request->fetch_window_id.value()); - return request; } @@ -195,7 +190,6 @@ FetchRequestData* FetchRequestData::CloneExceptBody() { request->method_ = method_; request->header_list_ = header_list_->Clone(); request->origin_ = origin_; - request->navigation_redirect_chain_ = navigation_redirect_chain_; request->isolated_world_origin_ = isolated_world_origin_; request->context_ = context_; request->destination_ = destination_; @@ -210,7 +204,6 @@ FetchRequestData* FetchRequestData::CloneExceptBody() { request->integrity_ = integrity_; request->priority_ = priority_; request->importance_ = importance_; - request->original_destination_ = original_destination_; request->keepalive_ = keepalive_; request->is_history_navigation_ = is_history_navigation_; request->window_id_ = window_id_; diff --git a/chromium/third_party/blink/renderer/core/fetch/fetch_request_data.h b/chromium/third_party/blink/renderer/core/fetch/fetch_request_data.h index 295fd986d7b..682cfdc1686 100644 --- a/chromium/third_party/blink/renderer/core/fetch/fetch_request_data.h +++ b/chromium/third_party/blink/renderer/core/fetch/fetch_request_data.h @@ -64,12 +64,6 @@ class CORE_EXPORT FetchRequestData final void SetOrigin(scoped_refptr<const SecurityOrigin> origin) { origin_ = std::move(origin); } - const WTF::Vector<KURL>& NavigationRedirectChain() const { - return navigation_redirect_chain_; - } - void SetNavigationRedirectChain(const WTF::Vector<KURL>& value) { - navigation_redirect_chain_ = value; - } scoped_refptr<const SecurityOrigin> IsolatedWorldOrigin() const { return isolated_world_origin_; } @@ -117,15 +111,6 @@ class CORE_EXPORT FetchRequestData final void SetIntegrity(const String& integrity) { integrity_ = integrity; } ResourceLoadPriority Priority() const { return priority_; } void SetPriority(ResourceLoadPriority priority) { priority_ = priority; } - - // The original destination of a request passed through by a service worker. - void SetOriginalDestination(network::mojom::RequestDestination value) { - original_destination_ = value; - } - network::mojom::RequestDestination OriginalDestination() const { - return original_destination_; - } - bool Keepalive() const { return keepalive_; } void SetKeepalive(bool b) { keepalive_ = b; } bool IsHistoryNavigation() const { return is_history_navigation_; } @@ -172,7 +157,6 @@ class CORE_EXPORT FetchRequestData final mojom::RequestContextType context_; network::mojom::RequestDestination destination_; scoped_refptr<const SecurityOrigin> origin_; - WTF::Vector<KURL> navigation_redirect_chain_; scoped_refptr<const SecurityOrigin> isolated_world_origin_; // FIXME: Support m_forceOriginHeaderFlag; AtomicString referrer_string_; @@ -195,8 +179,6 @@ class CORE_EXPORT FetchRequestData final String mime_type_; String integrity_; ResourceLoadPriority priority_; - network::mojom::RequestDestination original_destination_ = - network::mojom::RequestDestination::kEmpty; bool keepalive_; bool is_history_navigation_ = false; // A specific factory that should be used for this request instead of whatever diff --git a/chromium/third_party/blink/renderer/core/fetch/request.cc b/chromium/third_party/blink/renderer/core/fetch/request.cc index c53cb946a9d..3f45de671ed 100644 --- a/chromium/third_party/blink/renderer/core/fetch/request.cc +++ b/chromium/third_party/blink/renderer/core/fetch/request.cc @@ -71,9 +71,7 @@ FetchRequestData* CreateCopyOfFetchRequestDataForFetch( request->SetURL(original->Url()); request->SetMethod(original->Method()); request->SetHeaderList(original->HeaderList()->Clone()); - request->SetOrigin(original->Origin() ? original->Origin() - : context->GetSecurityOrigin()); - request->SetNavigationRedirectChain(original->NavigationRedirectChain()); + request->SetOrigin(context->GetSecurityOrigin()); // FIXME: Set client. DOMWrapperWorld& world = script_state->World(); if (world.IsIsolatedWorld()) { @@ -100,18 +98,6 @@ FetchRequestData* CreateCopyOfFetchRequestDataForFetch( } request->SetWindowId(original->WindowId()); request->SetTrustTokenParams(original->TrustTokenParams()); - - // When a new request is created from another the destination is always reset - // to be `kEmpty`. In order to facilitate some later checks when a service - // worker forwards a navigation request we want to keep track of the - // destination of the original request. Therefore record the original - // request's destination if its non-empty, otherwise just carry forward - // whatever "original destination" value was already set. - if (original->Destination() != network::mojom::RequestDestination::kEmpty) - request->SetOriginalDestination(original->Destination()); - else - request->SetOriginalDestination(original->OriginalDestination()); - return request; } @@ -327,10 +313,6 @@ Request* Request::CreateRequestWithRequestOrString( // "If any of |init|'s members are present, then:" if (AreAnyMembersPresent(init)) { - request->SetOrigin(execution_context->GetSecurityOrigin()); - request->SetOriginalDestination(network::mojom::RequestDestination::kEmpty); - request->SetNavigationRedirectChain(Vector<KURL>()); - // "If |request|'s |mode| is "navigate", then set it to "same-origin". if (request->Mode() == network::mojom::RequestMode::kNavigate) request->SetMode(network::mojom::RequestMode::kSameOrigin); @@ -984,7 +966,6 @@ mojom::blink::FetchAPIRequestPtr Request::CreateFetchAPIRequest() const { fetch_api_request->integrity = request_->Integrity(); fetch_api_request->is_history_navigation = request_->IsHistoryNavigation(); fetch_api_request->destination = request_->Destination(); - fetch_api_request->request_initiator = request_->Origin(); // Strip off the fragment part of URL. So far, all callers expect the fragment // to be excluded. diff --git a/chromium/third_party/blink/renderer/modules/cache_storage/inspector_cache_storage_agent.cc b/chromium/third_party/blink/renderer/modules/cache_storage/inspector_cache_storage_agent.cc index e122d3f686e..1ab8e2f4570 100644 --- a/chromium/third_party/blink/renderer/modules/cache_storage/inspector_cache_storage_agent.cc +++ b/chromium/third_party/blink/renderer/modules/cache_storage/inspector_cache_storage_agent.cc @@ -263,8 +263,7 @@ class ResponsesAccumulator : public RefCounted<ResponsesAccumulator> { auto request_clone_without_body = mojom::blink::FetchAPIRequest::New( request->mode, request->is_main_resource_load, request->destination, request->frame_type, request->url, request->method, request->headers, - nullptr /* blob */, ResourceRequestBody(), request->request_initiator, - request->navigation_redirect_chain, request->referrer.Clone(), + nullptr /* blob */, ResourceRequestBody(), request->referrer.Clone(), request->credentials_mode, request->cache_mode, request->redirect_mode, request->integrity, request->priority, request->fetch_window_id, request->keepalive, request->is_reload, diff --git a/chromium/third_party/blink/renderer/platform/loader/fetch/resource_request.cc b/chromium/third_party/blink/renderer/platform/loader/fetch/resource_request.cc index 8ffc7645180..305d2a7f5ec 100644 --- a/chromium/third_party/blink/renderer/platform/loader/fetch/resource_request.cc +++ b/chromium/third_party/blink/renderer/platform/loader/fetch/resource_request.cc @@ -77,8 +77,7 @@ ResourceRequestHead::ResourceRequestHead(const KURL& url) referrer_policy_(network::mojom::ReferrerPolicy::kDefault), is_external_request_(false), cors_preflight_policy_( - network::mojom::CorsPreflightPolicy::kConsiderPreflight), - original_destination_(network::mojom::RequestDestination::kEmpty) {} + network::mojom::CorsPreflightPolicy::kConsiderPreflight) {} ResourceRequestHead::ResourceRequestHead(const ResourceRequestHead&) = default; diff --git a/chromium/third_party/blink/renderer/platform/loader/fetch/resource_request.h b/chromium/third_party/blink/renderer/platform/loader/fetch/resource_request.h index 4946c7cb619..7630c3dafe1 100644 --- a/chromium/third_party/blink/renderer/platform/loader/fetch/resource_request.h +++ b/chromium/third_party/blink/renderer/platform/loader/fetch/resource_request.h @@ -136,15 +136,6 @@ class PLATFORM_EXPORT ResourceRequestHead { requestor_origin_ = std::move(origin); } - // The chain of URLs seen during navigation redirects. This should only - // contain values if the mode is `RedirectMode::kNavigate`. - const WTF::Vector<KURL>& NavigationRedirectChain() const { - return navigation_redirect_chain_; - } - void SetNavigationRedirectChain(const WTF::Vector<KURL>& value) { - navigation_redirect_chain_ = value; - } - // The origin of the isolated world - set if this is a fetch/XHR initiated by // an isolated world. const scoped_refptr<const SecurityOrigin>& IsolatedWorldOrigin() const { @@ -479,14 +470,6 @@ class PLATFORM_EXPORT ResourceRequestHead { return allowHTTP1ForStreamingUpload_; } - // The original destination of a request passed through by a service worker. - network::mojom::RequestDestination GetOriginalDestination() const { - return original_destination_; - } - void SetOriginalDestination(network::mojom::RequestDestination value) { - original_destination_ = value; - } - private: const CacheControlHeader& GetCacheControlHeader() const; @@ -500,7 +483,6 @@ class PLATFORM_EXPORT ResourceRequestHead { scoped_refptr<const SecurityOrigin> top_frame_origin_; scoped_refptr<const SecurityOrigin> requestor_origin_; - WTF::Vector<KURL> navigation_redirect_chain_; scoped_refptr<const SecurityOrigin> isolated_world_origin_; AtomicString http_method_; @@ -561,8 +543,6 @@ class PLATFORM_EXPORT ResourceRequestHead { base::UnguessableToken fetch_window_id_; - network::mojom::RequestDestination original_destination_; - uint64_t inspector_id_ = 0; bool is_from_origin_dirty_style_sheet_ = false; diff --git a/chromium/third_party/blink/renderer/platform/loader/fetch/url_loader/request_conversion.cc b/chromium/third_party/blink/renderer/platform/loader/fetch/url_loader/request_conversion.cc index d42dd6600df..b1050ececf3 100644 --- a/chromium/third_party/blink/renderer/platform/loader/fetch/url_loader/request_conversion.cc +++ b/chromium/third_party/blink/renderer/platform/loader/fetch/url_loader/request_conversion.cc @@ -263,13 +263,6 @@ void PopulateResourceRequest(const ResourceRequestHead& src, } else { dest->request_initiator = src.RequestorOrigin()->ToUrlOrigin(); } - - DCHECK(dest->navigation_redirect_chain.empty()); - dest->navigation_redirect_chain.reserve(src.NavigationRedirectChain().size()); - for (const auto& url : src.NavigationRedirectChain()) { - dest->navigation_redirect_chain.push_back(url); - } - if (src.IsolatedWorldOrigin()) { dest->isolated_world_origin = src.IsolatedWorldOrigin()->ToUrlOrigin(); } @@ -383,8 +376,6 @@ void PopulateResourceRequest(const ResourceRequestHead& src, dest->headers.SetHeaderIfMissing(net::HttpRequestHeaders::kAccept, network::kDefaultAcceptHeaderValue); } - - dest->original_destination = src.GetOriginalDestination(); } } // namespace blink |