chromium/src
0
Fork 0
Code Activity

Rename 'type' field to 'operation'.

Browse Source 
This CL is a step towards getting fetch API changes from the Private
State Token (PST, formerly known as TrustTokens) explainer. After
this CL fetch API will be as follows.

fetch('<issuer>/<issuance path>', {
  trustToken: {
    operation: 'token-request',
    issuer: <issuer>
  }
}).then(...)

Ultimately, we would like to be compatible with the explainer and have
the fetch API as follows.

fetch('<issuer>/<issuance path>', {
  privateToken: {
    type: 'private-state-token',
    version: 1,
    operation: 'token-request',
    issuer: <issuer>
  }
}).then(...)

This API creates room for supporting new type of tokens with backward
compatibility. It also supports having different versions of the PST coexist.

The edits in this CL stems from the the following two sources.

- In ./services/network/public/mojom/trust_tokens.mojom: Rename
  TrustTokenParams's 'type' field to 'operation'. Rename
  TrustTokenOperationResult's 'type' field to 'operation'.

- In ./thirdparty/blink/renderer/core/fetch/trust_token.idl: Rename
  'type' to 'operation'.

Bug: 1404729
Fixed: 1404730
Explainer: https://github.com/WICG/trust-token-api
Spec: https://wicg.github.io/trust-token-api/
Change-Id: I4742bd8e24c4437f35f6d2ccc08caf9dab7ae139
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4126918
Reviewed-by: Yoav Weiss <yoavweiss@chromium.org>
Reviewed-by: Matt Menke <mmenke@chromium.org>
Commit-Queue: Aykut Bulut <aykutb@google.com>
Reviewed-by: Russ Hamilton <behamilton@google.com>
Reviewed-by: Steven Valdez <svaldez@chromium.org>
Reviewed-by: Avi Drissman <avi@chromium.org>
Reviewed-by: Dominic Farolino <dom@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1094573}
This commit is contained in:
Aykut Bulut
2023-01-19 18:37:35 +00:00
committed by Chromium LUCI CQ
parent 25aee488fe
commit 832c80f7e1
48 changed files with 269 additions and 240 deletions
chrome/browser
browsing_data
browsing_data_model_browsertest.cc
k_anonymity_service
k_anonymity_service_client.cck_anonymity_trust_token_getter.cc
net
profile_network_context_service_browsertest.cctrust_token_usecounter_browsertest.cc
content/browser
devtools
devtools_trust_token_browsertest.cc
protocol
network_handler.cc
network
trust_token_browsertest.cctrust_token_origin_trial_browsertest.cctrust_token_parameters_browsertest.cc
renderer_host
render_frame_host_impl.cc
security_exploit_browsertest.cc
services/network
cors
cors_url_loader.cccors_url_loader_factory.cc
network_context_unittest.cc
public
cpp
optional_trust_token_params_unittest.ccurl_request_mojom_traits_unittest.cc
mojom
trust_tokens.mojom
test
trust_token_test_util.cctrust_token_test_util.h
trust_tokens
trust_token_request_helper_factory.cctrust_token_request_helper_factory_unittest.cctrust_token_request_issuance_helper.cctrust_token_request_redemption_helper.cctrust_token_request_signing_helper.cc
url_loader.cc
third_party/blink
public
devtools_protocol
browser_protocol.pdl
renderer
core
fetch
fetch_manager.ccrequest.cctrust_token.idltrust_token_to_mojom.cctrust_token_to_mojom.h
html
html_iframe_element.cctrust_token_attribute_parsing.cctrust_token_attribute_parsing_test.cc
inspector
inspector_network_agent.cc
xmlhttprequest
xml_http_request.cc
platform
loader
fetch
trust_token_params_conversion.cc
web_tests
http
tests
inspector-protocol
resources
iframe-request-trust-token.html
trust-tokens
no-console-warning-with-cookies-disabled.jstrust-token-params-fetch.js
loading
trust-tokens
trust-token-fetch.tentative.https.htmltrust-token-xhr.tentative.https.html
virtual
trust-tokens
http
tests
inspector-protocol
trust-tokens
trust-token-params-fetch-expected.txttrust-token-params-iframe-expected.txt
wpt_internal
trust-tokens
trust-token-api-e2e-iframe.https.htmltrust-token-api-e2e.https.htmltrust-token-api-rate-limiting.https.html

2
chrome/browser/browsing_data/browsing_data_model_browsertest.cc

@ -255,7 +255,7 @@ IN_PROC_BROWSER_TEST_F(BrowsingDataModelBrowserTest, TrustTokenIssuance) {
std::string command = content::JsReplace(R"(
(async () => {
try {
await fetch("/issue", {trustToken: {type: 'token-request'}});
await fetch("/issue", {trustToken: {operation: 'token-request'}});
return await document.hasPrivateToken($1, 'private-state-token');
} catch {
return false;

2
chrome/browser/k_anonymity_service/k_anonymity_service_client.cc

@ -342,7 +342,7 @@ void KAnonymityServiceClient::JoinSetSendRequest(
url::Origin::Create(GURL(features::kKAnonymityServiceAuthServer.Get()));
network::mojom::TrustTokenParamsPtr params =
network::mojom::TrustTokenParams::New();
params->type = network::mojom::TrustTokenOperationType::kRedemption;
params->operation = network::mojom::TrustTokenOperationType::kRedemption;
params->refresh_policy = network::mojom::TrustTokenRefreshPolicy::kRefresh;
params->custom_key_commitment = key_and_id.key_commitment;
params->custom_issuer = auth_origin;

2
chrome/browser/k_anonymity_service/k_anonymity_trust_token_getter.cc

@ -446,7 +446,7 @@ void KAnonymityTrustTokenGetter::FetchTrustToken() {
network::mojom::TrustTokenParamsPtr params =
network::mojom::TrustTokenParams::New();
params->type = network::mojom::TrustTokenOperationType::kIssuance;
params->operation = network::mojom::TrustTokenOperationType::kIssuance;
params->custom_key_commitment = key_commitment->key_and_id.key_commitment;
resource_request->trust_token_params = *params;
url_loader_ = network::SimpleURLLoader::Create(

2
chrome/browser/net/profile_network_context_service_browsertest.cc

@ -709,7 +709,7 @@ IN_PROC_BROWSER_TEST_F(ProfileNetworkContextTrustTokensBrowsertest,
std::string command = content::JsReplace(R"(
(async () => {
try {
await fetch("/issue", {trustToken: {type: 'token-request'}});
await fetch("/issue", {trustToken: {operation: 'token-request'}});
return await document.hasPrivateToken($1, 'private-state-token');
} catch {
return false;

20
chrome/browser/net/trust_token_usecounter_browsertest.cc

@ -51,7 +51,7 @@ IN_PROC_BROWSER_TEST_F(TrustTokenUseCountersBrowsertest, CountsFetchUse) {
std::string cmd = R"(
(async () => {
await fetch("/page404.html", {trustToken: {type: 'token-request'}});
await fetch("/page404.html", {trustToken: {operation: 'token-request'}});
} )(); )";
// We use EvalJs here, not ExecJs, because EvalJs waits for promises to
@ -82,7 +82,7 @@ IN_PROC_BROWSER_TEST_F(TrustTokenUseCountersBrowsertest, CountsXhrUse) {
let request = new XMLHttpRequest();
request.open('GET', '/page404.html');
request.setTrustToken({
type: 'token-request'
operation: 'token-request'
});
let promise = new Promise((res, rej) => {
request.onload = res; request.onerror = rej;
@ -120,12 +120,12 @@ IN_PROC_BROWSER_TEST_F(TrustTokenUseCountersBrowsertest, CountsIframeUse) {
// the latter triggers a load. It's also important to JsReplace the trustToken
// argument here, because iframe.trustToken expects a (properly escaped)
// JSON-encoded string as its value, not a JS object.
EXPECT_TRUE(ExecJs(web_contents,
JsReplace(
R"( const myFrame = document.getElementById("test");
EXPECT_TRUE(ExecJs(
web_contents, JsReplace(
R"( const myFrame = document.getElementById("test");
myFrame.trustToken = $1;
myFrame.src = $2;)",
R"({"type": "token-request"})", "/page404.html")));
R"({"operation": "token-request"})", "/page404.html")));
TestNavigationObserver load_observer(web_contents);
load_observer.Wait();
@ -150,12 +150,12 @@ IN_PROC_BROWSER_TEST_F(TrustTokenUseCountersBrowsertest, CountsIframeUseViaSetat
// the latter triggers a load. It's also important to JsReplace the trustToken
// argument here, because iframe.trustToken expects a (properly escaped)
// JSON-encoded string as its value, not a JS object.
EXPECT_TRUE(ExecJs(web_contents,
JsReplace(
R"( const myFrame = document.getElementById("test");
EXPECT_TRUE(ExecJs(
web_contents, JsReplace(
R"( const myFrame = document.getElementById("test");
myFrame.setAttribute('trustToken', $1);
myFrame.src = $2;)",
R"({"type": "token-request"})", "/page404.html")));
R"({"operation": "token-request"})", "/page404.html")));
TestNavigationObserver load_observer(web_contents);
load_observer.Wait();

24
content/browser/devtools/devtools_trust_token_browsertest.cc

@ -68,13 +68,13 @@ IN_PROC_BROWSER_TEST_F(DevToolsTrustTokenBrowsertest,
EXPECT_EQ("Success",
EvalJs(shell(), JsReplace(R"(fetch($1,
{ trustToken: { type: 'token-request' } })
{ trustToken: { operation: 'token-request' } })
.then(()=>'Success'); )",
server_.GetURL("a.test", "/issue"))));
EXPECT_EQ("Success",
EvalJs(shell(), JsReplace(R"(fetch($1,
{ trustToken: { type: 'token-redemption' } })
{ trustToken: { operation: 'token-redemption' } })
.then(()=>'Success'); )",
server_.GetURL("a.test", "/redeem"))));
@ -88,7 +88,7 @@ IN_PROC_BROWSER_TEST_F(DevToolsTrustTokenBrowsertest,
// 3) Issue another redemption, and verify its served from cache.
EXPECT_EQ("NoModificationAllowedError",
EvalJs(shell(), JsReplace(R"(fetch($1,
{ trustToken: { type: 'token-redemption' } })
{ trustToken: { operation: 'token-redemption' } })
.catch(err => err.name); )",
server_.GetURL("a.test", "/redeem"))));
@ -128,9 +128,9 @@ IN_PROC_BROWSER_TEST_F(DevToolsTrustTokenBrowsertest, FetchEndToEnd) {
// request.
std::string command = R"(
(async () => {
await fetch('/issue', {trustToken: {type: 'token-request'}});
await fetch('/redeem', {trustToken: {type: 'token-redemption'}});
await fetch('/sign', {trustToken: {type: 'send-redemption-record',
await fetch('/issue', {trustToken: {operation: 'token-request'}});
await fetch('/redeem', {trustToken: {operation: 'token-redemption'}});
await fetch('/sign', {trustToken: {operation: 'send-redemption-record',
issuers: [$1]}});
return 'Success'; })(); )";
@ -164,8 +164,8 @@ IN_PROC_BROWSER_TEST_F(DevToolsTrustTokenBrowsertest, IframeEndToEnd) {
// request.
std::string command = R"(
(async () => {
await fetch('/issue', {trustToken: {type: 'token-request'}});
await fetch('/redeem', {trustToken: {type: 'token-redemption'}});
await fetch('/issue', {trustToken: {operation: 'token-request'}});
await fetch('/redeem', {trustToken: {operation: 'token-redemption'}});
return 'Success'; })(); )";
// We use EvalJs here, not ExecJs, because EvalJs waits for promises to
@ -191,7 +191,7 @@ IN_PROC_BROWSER_TEST_F(DevToolsTrustTokenBrowsertest, IframeEndToEnd) {
};
execute_op_via_iframe("/sign", JsReplace(
R"({"type": "send-redemption-record",
R"({"operation": "send-redemption-record",
"issuers": [$1]})",
IssuanceOriginFromHost("a.test")));
@ -224,7 +224,7 @@ IN_PROC_BROWSER_TEST_F(DevToolsTrustTokenBrowsertest,
// 3) Request some Trust Tokens.
EXPECT_EQ("OperationError", EvalJs(shell(), R"(fetch('/issue',
{ trustToken: { type: 'token-request' } })
{ trustToken: { operation: 'token-request' } })
.then(()=>'Success').catch(err => err.name); )"));
// 4) Verify that we received an Trust Token operation failed event.
@ -251,7 +251,7 @@ IN_PROC_BROWSER_TEST_F(DevToolsTrustTokenBrowsertest, GetTrustTokens) {
// 4) Request some Trust Tokens.
std::string command = R"(
(async () => {
await fetch('/issue', {trustToken: {type: 'token-request'}});
await fetch('/issue', {trustToken: {operation: 'token-request'}});
return 'Success'; })(); )";
// We use EvalJs here, not ExecJs, because EvalJs waits for promises to
@ -275,7 +275,7 @@ IN_PROC_BROWSER_TEST_F(DevToolsTrustTokenBrowsertest, ClearTrustTokens) {
// 3) Request some Trust Tokens.
std::string command = R"(
(async () => {
await fetch('/issue', {trustToken: {type: 'token-request'}});
await fetch('/issue', {trustToken: {operation: 'token-request'}});
return 'Success'; })(); )";
// We use EvalJs here, not ExecJs, because EvalJs waits for promises to

8
content/browser/devtools/protocol/network_handler.cc

@ -2040,8 +2040,8 @@ Maybe<String> GetBlockedReasonFor(
}
String GetTrustTokenOperationType(
network::mojom::TrustTokenOperationType type) {
switch (type) {
network::mojom::TrustTokenOperationType operation) {
switch (operation) {
case network::mojom::TrustTokenOperationType::kIssuance:
return protocol::Network::TrustTokenOperationTypeEnum::Issuance;
case network::mojom::TrustTokenOperationType::kRedemption:
@ -2065,7 +2065,7 @@ std::unique_ptr<protocol::Network::TrustTokenParams> BuildTrustTokenParams(
const network::mojom::TrustTokenParams& params) {
auto protocol_params =
protocol::Network::TrustTokenParams::Create()
.SetType(GetTrustTokenOperationType(params.type))
.SetOperation(GetTrustTokenOperationType(params.operation))
.SetRefreshPolicy(GetTrustTokenRefreshPolicy(params.refresh_policy))
.Build();
@ -3199,7 +3199,7 @@ void NetworkHandler::OnTrustTokenOperationDone(
frontend()->TrustTokenOperationDone(
GetTrustTokenOperationStatus(result.status),
GetTrustTokenOperationType(result.type), devtools_request_id,
GetTrustTokenOperationType(result.operation), devtools_request_id,
std::move(top_level_origin), std::move(issuer),
result.issued_token_count);
}

181
content/browser/network/trust_token_browsertest.cc

@ -159,9 +159,9 @@ IN_PROC_BROWSER_TEST_F(TrustTokenBrowsertest, FetchEndToEnd) {
std::string command = R"(
(async () => {
await fetch("/issue", {trustToken: {type: 'token-request'}});
await fetch("/redeem", {trustToken: {type: 'token-redemption'}});
await fetch("/sign", {trustToken: {type: 'send-redemption-record',
await fetch("/issue", {trustToken: {operation: 'token-request'}});
await fetch("/redeem", {trustToken: {operation: 'token-redemption'}});
await fetch("/sign", {trustToken: {operation: 'send-redemption-record',
issuers: [$1]}});
return "Success"; })(); )";
@ -190,7 +190,7 @@ IN_PROC_BROWSER_TEST_F(TrustTokenBrowsertest, XhrEndToEnd) {
let request = new XMLHttpRequest();
request.open('GET', '/issue');
request.setTrustToken({
type: 'token-request'
operation: 'token-request'
});
let promise = new Promise((res, rej) => {
request.onload = res; request.onerror = rej;
@ -201,7 +201,7 @@ IN_PROC_BROWSER_TEST_F(TrustTokenBrowsertest, XhrEndToEnd) {
request = new XMLHttpRequest();
request.open('GET', '/redeem');
request.setTrustToken({
type: 'token-redemption'
operation: 'token-redemption'
});
promise = new Promise((res, rej) => {
request.onload = res; request.onerror = rej;
@ -212,7 +212,7 @@ IN_PROC_BROWSER_TEST_F(TrustTokenBrowsertest, XhrEndToEnd) {
request = new XMLHttpRequest();
request.open('GET', '/sign');
request.setTrustToken({
type: 'send-redemption-record',
operation: 'send-redemption-record',
issuers: [$1]
});
promise = new Promise((res, rej) => {
@ -241,8 +241,8 @@ IN_PROC_BROWSER_TEST_F(TrustTokenBrowsertest, IframeSendRedemptionRecord) {
std::string command = R"(
(async () => {
await fetch("/issue", {trustToken: {type: 'token-request'}});
await fetch("/redeem", {trustToken: {type: 'token-redemption'}});
await fetch("/issue", {trustToken: {operation: 'token-request'}});
await fetch("/redeem", {trustToken: {operation: 'token-redemption'}});
return "Success";
})())";
@ -266,7 +266,7 @@ IN_PROC_BROWSER_TEST_F(TrustTokenBrowsertest, IframeSendRedemptionRecord) {
};
execute_op_via_iframe("/sign", JsReplace(
R"({"type": "send-redemption-record",
R"({"operation": "send-redemption-record",
"issuers": [$1]})",
IssuanceOriginFromHost("a.test")));
@ -333,7 +333,7 @@ IN_PROC_BROWSER_TEST_F(TrustTokenBrowsertest, HasTrustTokenAfterIssuance) {
std::string command = JsReplace(R"(
(async () => {
await fetch("/issue", {trustToken: {type: 'token-request'}});
await fetch("/issue", {trustToken: {operation: 'token-request'}});
return await document.hasPrivateToken($1, 'private-state-token');
})();)",
IssuanceOriginFromHost("a.test"));
@ -357,7 +357,7 @@ IN_PROC_BROWSER_TEST_F(TrustTokenBrowsertest,
// This sign operation will fail, because we don't have a redemption record in
// storage, a prerequisite. However, the failure shouldn't be fatal.
std::string command = JsReplace(R"((async () => {
await fetch("/sign", {trustToken: {type: 'send-redemption-record',
await fetch("/sign", {trustToken: {operation: 'send-redemption-record',
issuers: [$1]}});
return "Success";
})(); )",
@ -384,9 +384,9 @@ IN_PROC_BROWSER_TEST_F(TrustTokenBrowsertest, FetchEndToEndInIsolatedWorld) {
std::string command = R"(
(async () => {
await fetch("/issue", {trustToken: {type: 'token-request'}});
await fetch("/redeem", {trustToken: {type: 'token-redemption'}});
await fetch("/sign", {trustToken: {type: 'send-redemption-record',
await fetch("/issue", {trustToken: {operation: 'token-request'}});
await fetch("/redeem", {trustToken: {operation: 'token-redemption'}});
await fetch("/sign", {trustToken: {operation: 'send-redemption-record',
issuers: [$1]}});
return "Success"; })(); )";
@ -439,9 +439,9 @@ IN_PROC_BROWSER_TEST_F(TrustTokenBrowsertest, RecordsTimers) {
std::string command = R"(
(async () => {
await fetch("/issue", {trustToken: {type: 'token-request'}});
await fetch("/redeem", {trustToken: {type: 'token-redemption'}});
await fetch("/sign", {trustToken: {type: 'send-redemption-record',
await fetch("/issue", {trustToken: {operation: 'token-request'}});
await fetch("/redeem", {trustToken: {operation: 'token-redemption'}});
await fetch("/sign", {trustToken: {operation: 'send-redemption-record',
issuers: [$1]}});
return "Success"; })(); )";
@ -486,18 +486,19 @@ IN_PROC_BROWSER_TEST_F(TrustTokenBrowsertest, RecordsNetErrorCodes) {
ASSERT_TRUE(NavigateToURL(shell(), start_url));
EXPECT_THAT(
EvalJs(shell(), JsReplace(
R"(fetch($1, {trustToken: {type: 'token-request'}})
EvalJs(shell(),
JsReplace(
R"(fetch($1, {trustToken: {operation: 'token-request'}})
.then(() => "Unexpected success!")
.catch(err => err.message);)",
IssuanceOriginFromHost("no-cert-for-this.domain")))
IssuanceOriginFromHost("no-cert-for-this.domain")))
.ExtractString(),
HasSubstr("Failed to fetch"));
EXPECT_THAT(
EvalJs(shell(),
JsReplace(
R"(fetch($1, {trustToken: {type: 'send-redemption-record',
R"(fetch($1, {trustToken: {operation: 'send-redemption-record',
issuers: ['https://nonexistent-issuer.example']}})
.then(() => "Unexpected success!")
.catch(err => err.message);)",
@ -522,11 +523,12 @@ IN_PROC_BROWSER_TEST_F(TrustTokenBrowsertest, RecordsNetErrorCodes) {
// domain, so it should fail.
EXPECT_EQ(
"InvalidStateError",
EvalJs(shell(), JsReplace(
R"(fetch($1, {trustToken: {type: 'token-redemption'}})
EvalJs(shell(),
JsReplace(
R"(fetch($1, {trustToken: {operation: 'token-redemption'}})
.then(() => "Unexpected success!")
.catch(err => err.name);)",
IssuanceOriginFromHost("a.test"))));
IssuanceOriginFromHost("a.test"))));
content::FetchHistogramsFromChildProcesses();
@ -552,7 +554,7 @@ IN_PROC_BROWSER_TEST_F(TrustTokenBrowsertest, RecordsFetchFailureReasons) {
EXPECT_EQ("TypeError", EvalJs(shell(),
R"(fetch("/cross-site/b.test/issue", {
redirect: 'error',
trustToken: {type: 'token-request'}
trustToken: {operation: 'token-request'}
})
.then(() => "Unexpected success!")
.catch(err => err.name);)"));
@ -564,9 +566,10 @@ IN_PROC_BROWSER_TEST_F(TrustTokenBrowsertest, RecordsFetchFailureReasons) {
// Since issuance failed, there should be no tokens to redeem, so redemption
// should fail:
EXPECT_EQ("OperationError",
EvalJs(shell(),
R"(fetch("/redeem", {trustToken: {type: 'token-redemption'}})
EXPECT_EQ(
"OperationError",
EvalJs(shell(),
R"(fetch("/redeem", {trustToken: {operation: 'token-redemption'}})
.then(() => "Unexpected success!")
.catch(err => err.name);)"));
@ -587,7 +590,7 @@ IN_PROC_BROWSER_TEST_F(TrustTokenBrowsertest, RecordsFetchFailureReasons) {
GURL(IssuanceOriginFromHost("a.test")).Resolve("/issue");
EXPECT_THAT(EvalJs(shell(), JsReplace(R"(fetch($1, {
mode: 'no-cors',
trustToken: {type: 'token-request'}})
trustToken: {operation: 'token-request'}})
.then(() => "Unexpected success!")
.catch(err => err.message);)",
site_a_issuance_url))
@ -614,7 +617,7 @@ IN_PROC_BROWSER_TEST_F(TrustTokenBrowsertest, OperationsRequireSecureContext) {
// 1. Confirm that the Fetch interface doesn't work:
std::string command =
R"(fetch("/issue", {trustToken: {type: 'token-request'}})
R"(fetch("/issue", {trustToken: {operation: 'token-request'}})
.catch(error => error.message);)";
EXPECT_THAT(EvalJs(shell(), command).ExtractString(),
HasSubstr("secure context"));
@ -633,7 +636,7 @@ IN_PROC_BROWSER_TEST_F(TrustTokenBrowsertest, OperationsRequireSecureContext) {
R"( const myFrame = document.getElementById("test_iframe");
myFrame.trustToken = $1;
myFrame.src = $2;)",
R"({"type": "token-request"})", issuance_url)));
R"({"operation": "token-request"})", issuance_url)));
monitor.WaitForUrls();
EXPECT_THAT(monitor.GetRequestInfo(issuance_url),
Optional(Field(&network::ResourceRequest::trust_token_params,
@ -649,7 +652,7 @@ IN_PROC_BROWSER_TEST_F(TrustTokenBrowsertest, IssuanceRequiresKeys) {
EXPECT_TRUE(NavigateToURL(shell(), start_url));
std::string command = R"(
fetch('/issue', {trustToken: {type: 'token-request'}})
fetch('/issue', {trustToken: {operation: 'token-request'}})
.then(() => 'Success').catch(err => err.name); )";
// We use EvalJs here, not ExecJs, because EvalJs waits for promises to
@ -672,7 +675,7 @@ IN_PROC_BROWSER_TEST_F(TrustTokenBrowsertest,
ASSERT_TRUE(NavigateToURL(shell(), start_url));
EXPECT_EQ("OperationError", EvalJs(shell(), R"(fetch('/issue',
{ trustToken: { type: 'token-request' } })
{ trustToken: { operation: 'token-request' } })
.then(()=>'Success').catch(err => err.name); )"));
}
@ -687,7 +690,7 @@ IN_PROC_BROWSER_TEST_F(TrustTokenBrowsertest, CrossOriginIssuanceWorks) {
EXPECT_EQ(
"Success",
EvalJs(shell(), JsReplace(R"(
fetch($1, { trustToken: { type: 'token-request' } })
fetch($1, { trustToken: { operation: 'token-request' } })
.then(()=>'Success'); )",
server_.GetURL("sub1.b.test", "/issue"))));
}
@ -702,7 +705,7 @@ IN_PROC_BROWSER_TEST_F(TrustTokenBrowsertest, CrossSiteIssuanceWorks) {
// because it sets the port correctly.
EXPECT_EQ("Success",
EvalJs(shell(), JsReplace(R"(
fetch($1, { trustToken: { type: 'token-request' } })
fetch($1, { trustToken: { operation: 'token-request' } })
.then(()=>'Success'); )",
server_.GetURL("a.test", "/issue"))));
}
@ -734,7 +737,7 @@ IN_PROC_BROWSER_TEST_F(TrustTokenBrowsertest,
}
EXPECT_EQ("OperationError", EvalJs(shell(), R"(
fetch('/issue', { trustToken: { type: 'token-request' } })
fetch('/issue', { trustToken: { operation: 'token-request' } })
.then(() => 'Success').catch(error => error.name); )"));
}
@ -753,7 +756,7 @@ IN_PROC_BROWSER_TEST_F(
GURL start_url = server_.GetURL("a.test", "/title1.html");
ASSERT_TRUE(NavigateToURL(shell(), start_url));
std::string command = R"(fetch($1, {trustToken: {type: 'token-request'}})
std::string command = R"(fetch($1, {trustToken: {operation: 'token-request'}})
.then(() => "Success")
.catch(error => error.name);)";
@ -791,7 +794,7 @@ IN_PROC_BROWSER_TEST_F(
ASSERT_TRUE(NavigateToURL(shell(), start_url));
std::string command = R"(fetch($1, {mode: 'no-cors',
trustToken: {type: 'token-request'}})
trustToken: {operation: 'token-request'}})
.then(() => "Success")
.catch(error => error.name);)";
@ -825,7 +828,7 @@ IN_PROC_BROWSER_TEST_F(TrustTokenBrowsertest,
ASSERT_TRUE(NavigateToURL(shell(), file_url));
std::string command =
R"(fetch($1, {trustToken: {type: 'token-request'}})
R"(fetch($1, {trustToken: {operation: 'token-request'}})
.catch(error => error.name);)";
// We use EvalJs here, not ExecJs, because EvalJs waits for promises to
@ -850,7 +853,7 @@ IN_PROC_BROWSER_TEST_F(TrustTokenBrowsertest,
ASSERT_TRUE(NavigateToURL(shell(), start_url));
std::string command =
R"(fetch("/issue", {trustToken: {type: 'token-request'}})
R"(fetch("/issue", {trustToken: {operation: 'token-request'}})
.then(() => "Success")
.catch(error => error.name);)";
@ -863,7 +866,7 @@ IN_PROC_BROWSER_TEST_F(TrustTokenBrowsertest,
ASSERT_TRUE(NavigateToURL(shell(), file_url));
// Redemption from a page with a file:// top frame origin should fail.
command = R"(fetch($1, {trustToken: {type: 'token-redemption'}})
command = R"(fetch($1, {trustToken: {operation: 'token-redemption'}})
.catch(error => error.name);)";
EXPECT_EQ(
"InvalidStateError",
@ -923,7 +926,7 @@ IN_PROC_BROWSER_TEST_F(TrustTokenBrowsertest,
EXPECT_EQ("Success", EvalJs(root->child_at(0)->current_frame_host(),
JsReplace(R"(
fetch($1, {mode: 'no-cors',
trustToken: {type: 'token-request'}
trustToken: {operation: 'token-request'}
}).then(()=>'Success');)",
server_.GetURL("a.test", "/issue"))));
}
@ -941,7 +944,7 @@ IN_PROC_BROWSER_TEST_F(TrustTokenBrowsertest, IssuanceWithAbsentKeyFails) {
GURL start_url = server_.GetURL("a.test", "/title1.html");
ASSERT_TRUE(NavigateToURL(shell(), start_url));
std::string command = R"(fetch($1, {trustToken: {type: 'token-request'}})
std::string command = R"(fetch($1, {trustToken: {operation: 'token-request'}})
.then(() => "Success")
.catch(error => error.name);)";
EXPECT_EQ(
@ -978,7 +981,7 @@ IN_PROC_BROWSER_TEST_F(TrustTokenBrowsertest,
JsReplace(R"(
fetch($1, {mode: 'no-cors',
trustToken: {
type: 'send-redemption-record',
operation: 'send-redemption-record',
issuers: [
'https://issuer.example'
]}
@ -992,7 +995,7 @@ IN_PROC_BROWSER_TEST_F(TrustTokenBrowsertest, RedemptionRequiresKeys) {
EXPECT_EQ("InvalidStateError",
EvalJs(shell(), JsReplace(R"(fetch($1,
{ trustToken: { type: 'token-redemption' } })
{ trustToken: { operation: 'token-redemption' } })
.then(() => 'Success')
.catch(err => err.name); )",
server_.GetURL("a.test", "/redeem"))));
@ -1006,7 +1009,7 @@ IN_PROC_BROWSER_TEST_F(TrustTokenBrowsertest, RedemptionRequiresTokens) {
EXPECT_EQ("OperationError",
EvalJs(shell(), JsReplace(R"(fetch($1,
{ trustToken: { type: 'token-redemption' } })
{ trustToken: { operation: 'token-redemption' } })
.then(() => 'Success')
.catch(err => err.name); )",
server_.GetURL("a.test", "/redeem"))));
@ -1022,13 +1025,13 @@ IN_PROC_BROWSER_TEST_F(TrustTokenBrowsertest,
EXPECT_EQ("Success",
EvalJs(shell(), JsReplace(R"(fetch($1,
{ trustToken: { type: 'token-request' } })
{ trustToken: { operation: 'token-request' } })
.then(()=>'Success'); )",
server_.GetURL("a.test", "/issue"))));
EXPECT_EQ("OperationError",
EvalJs(shell(), JsReplace(R"(fetch($1,
{ trustToken: { type: 'token-redemption' } })
{ trustToken: { operation: 'token-redemption' } })
.then(() => 'Success')
.catch(err => err.name); )",
server_.GetURL("b.test", "/redeem"))));
@ -1044,13 +1047,13 @@ IN_PROC_BROWSER_TEST_F(TrustTokenBrowsertest,
ASSERT_TRUE(NavigateToURL(shell(), start_url));
EXPECT_EQ("Success", EvalJs(shell(), R"(fetch('/issue',
{ trustToken: { type: 'token-request' } })
{ trustToken: { operation: 'token-request' } })
.then(()=>'Success'); )"));
// Send a redemption request to the issuance endpoint, which should error out
// for the obvious reason that it isn't an issuance request:
EXPECT_EQ("OperationError", EvalJs(shell(), R"(fetch('/issue',
{ trustToken: { type: 'token-redemption' } })
{ trustToken: { operation: 'token-redemption' } })
.then(() => 'Success')
.catch(err => err.name); )"));
}
@ -1065,19 +1068,19 @@ IN_PROC_BROWSER_TEST_F(TrustTokenBrowsertest,
EXPECT_EQ("Success",
EvalJs(shell(), JsReplace(R"(fetch($1,
{ trustToken: { type: 'token-request' } })
{ trustToken: { operation: 'token-request' } })
.then(()=>'Success'); )",
server_.GetURL("a.test", "/issue"))));
EXPECT_EQ("Success",
EvalJs(shell(), JsReplace(R"(fetch($1,
{ trustToken: { type: 'token-redemption' } })
{ trustToken: { operation: 'token-redemption' } })
.then(()=>'Success'); )",
server_.GetURL("a.test", "/redeem"))));
EXPECT_EQ("NoModificationAllowedError",
EvalJs(shell(), JsReplace(R"(fetch($1,
{ trustToken: { type: 'token-redemption' } })
{ trustToken: { operation: 'token-redemption' } })
.catch(err => err.name); )",
server_.GetURL("a.test", "/redeem"))));
}
@ -1092,19 +1095,19 @@ IN_PROC_BROWSER_TEST_F(TrustTokenBrowsertest,
EXPECT_EQ("Success",
EvalJs(shell(), JsReplace(R"(fetch($1,
{ trustToken: { type: 'token-request' } })
{ trustToken: { operation: 'token-request' } })
.then(()=>'Success'); )",
server_.GetURL("a.test", "/issue"))));
EXPECT_EQ("Success",
EvalJs(shell(), JsReplace(R"(fetch($1,
{ trustToken: { type: 'token-redemption' } })
{ trustToken: { operation: 'token-redemption' } })
.then(()=>'Success'); )",
server_.GetURL("a.test", "/redeem"))));
EXPECT_EQ("Success",
EvalJs(shell(), JsReplace(R"(fetch($1,
{ trustToken: { type: 'token-redemption',
{ trustToken: { operation: 'token-redemption',
refreshPolicy: 'refresh' } })
.then(()=>'Success'); )",
server_.GetURL("a.test", "/redeem"))));
@ -1123,19 +1126,19 @@ IN_PROC_BROWSER_TEST_F(TrustTokenBrowsertest,
// succeed.
EXPECT_EQ("Success",
EvalJs(shell(), JsReplace(R"(fetch($1,
{ trustToken: { type: 'token-request' } })
{ trustToken: { operation: 'token-request' } })
.then(()=>'Success'); )",
server_.GetURL("b.test", "/issue"))));
EXPECT_EQ("Success",
EvalJs(shell(), JsReplace(R"(fetch($1,
{ trustToken: { type: 'token-redemption' } })
{ trustToken: { operation: 'token-redemption' } })
.then(()=>'Success'); )",
server_.GetURL("b.test", "/redeem"))));
EXPECT_EQ("Success",
EvalJs(shell(), JsReplace(R"(fetch($1,
{ trustToken: { type: 'token-redemption',
{ trustToken: { operation: 'token-redemption',
refreshPolicy: 'refresh' } })
.then(()=>'Success').catch(err => err.name); )",
server_.GetURL("b.test", "/redeem"))));
@ -1161,13 +1164,13 @@ IN_PROC_BROWSER_TEST_F(
// https://b.test:<PORT>.
EXPECT_EQ("Success",
EvalJs(shell(), JsReplace(R"(fetch($1,
{ trustToken: { type: 'token-request' } })
{ trustToken: { operation: 'token-request' } })
.then(()=>'Success'); )",
server_.GetURL("a.test", "/issue"))));
EXPECT_EQ("Success",
EvalJs(shell(), JsReplace(R"(fetch($1,
{ trustToken: { type: 'token-request' } })
{ trustToken: { operation: 'token-request' } })
.then(()=>'Success'); )",
server_.GetURL("b.test", "/issue"))));
@ -1175,13 +1178,13 @@ IN_PROC_BROWSER_TEST_F(
// that redirecting a request will renew the request's Trust Tokens state.
EXPECT_EQ("Success", EvalJs(shell(), R"(
fetch('/cross-site/b.test/redeem',
{ trustToken: { mode: 'cors', type: 'token-redemption' } })
{ trustToken: { mode: 'cors', operation: 'token-redemption' } })
.then(()=>'Success'); )"));
EXPECT_EQ("Success",
EvalJs(shell(), JsReplace(R"(
fetch('/sign',
{ trustToken: { type: 'send-redemption-record', issuers: [$1],
{ trustToken: { operation: 'send-redemption-record', issuers: [$1],
} }).then(()=>'Success');)",
IssuanceOriginFromHost("b.test"))));
@ -1196,7 +1199,7 @@ IN_PROC_BROWSER_TEST_F(
EXPECT_EQ("Success",
EvalJs(shell(), JsReplace(R"(
fetch('/sign',
{ trustToken: { type: 'send-redemption-record', issuers: [$1],
{ trustToken: { operation: 'send-redemption-record', issuers: [$1],
} }).then(()=>'Success');)",
IssuanceOriginFromHost("a.test"))));
@ -1224,7 +1227,7 @@ IN_PROC_BROWSER_TEST_F(
EXPECT_EQ("Success", EvalJs(shell(), R"(
fetch('/issue',
{ trustToken: { type: 'token-request' } })
{ trustToken: { operation: 'token-request' } })
.then(()=>'Success'); )"));
// `mode: 'no-cors'` on redemption has the effect that that redirecting a
@ -1232,13 +1235,13 @@ IN_PROC_BROWSER_TEST_F(
EXPECT_EQ("Success", EvalJs(shell(), R"(
fetch('/cross-site/b.test/redeem',
{ mode: 'no-cors',
trustToken: { type: 'token-redemption' } })
trustToken: { operation: 'token-redemption' } })
.then(()=>'Success'); )"));
EXPECT_EQ("Success",
EvalJs(shell(), JsReplace(R"(
fetch('/sign',
{ trustToken: { type: 'send-redemption-record', issuers: [$1]
{ trustToken: { operation: 'send-redemption-record', issuers: [$1]
} })
.then(()=>'Success'); )",
IssuanceOriginFromHost("a.test"))));
@ -1254,7 +1257,7 @@ IN_PROC_BROWSER_TEST_F(
EXPECT_EQ("Success",
EvalJs(shell(), JsReplace(R"(
fetch('/sign',
{ trustToken: { type: 'send-redemption-record', issuers: [$1]
{ trustToken: { operation: 'send-redemption-record', issuers: [$1]
} })
.then(()=>'Success'); )",
IssuanceOriginFromHost("b.test"))));
@ -1286,7 +1289,7 @@ IN_PROC_BROWSER_TEST_F(
EXPECT_EQ("Success", EvalJs(shell(), R"(
fetch('/issue',
{ trustToken: { type: 'token-request' } })
{ trustToken: { operation: 'token-request' } })
.then(()=>'Success'); )"));
// The redemption should succeed after the redirect, yielding an a.test
@ -1295,7 +1298,7 @@ IN_PROC_BROWSER_TEST_F(
EXPECT_EQ("Success", EvalJs(shell(), R"(
fetch('/cross-site/b.test/redeem',
{ mode: 'no-cors',
trustToken: { type: 'token-redemption' } })
trustToken: { operation: 'token-redemption' } })
.then(()=>'Success'); )"));
}
@ -1309,10 +1312,10 @@ IN_PROC_BROWSER_TEST_F(TrustTokenBrowsertest,
std::string command = R"(
(async () => {
try {
await fetch("/issue", {trustToken: {type: 'token-request'}});
await fetch("/redeem", {trustToken: {type: 'token-redemption'}});
await fetch("/issue", {trustToken: {operation: 'token-request'}});
await fetch("/redeem", {trustToken: {operation: 'token-redemption'}});
await fetch("/sign", {trustToken: {
type: 'send-redemption-record',
operation: 'send-redemption-record',
issuers: [$1]} // b.test, set below
});
return "Requests succeeded";
@ -1355,9 +1358,9 @@ IN_PROC_BROWSER_TEST_F(TrustTokenBrowsertest, FetchEndToEndWithServiceWorker) {
const std::string trust_token_fetch_snippet = R"(
(async () => {
if (navigator.serviceWorker.controller === null) return "NotServiceWorker";
await fetch("/issue", {trustToken: {type: 'token-request'}});
await fetch("/redeem", {trustToken: {type: 'token-redemption'}});
await fetch("/sign", {trustToken: {type: 'send-redemption-record',
await fetch("/issue", {trustToken: {operation: 'token-request'}});
await fetch("/redeem", {trustToken: {operation: 'token-redemption'}});
await fetch("/sign", {trustToken: {operation: 'send-redemption-record',
issuers: [$1]}});
return "TTSuccess"; })(); )";
@ -1387,30 +1390,48 @@ IN_PROC_BROWSER_TEST_F(TrustTokenBrowsertest, RedemptionLimit) {
// issue options.batch_size many tokens
EXPECT_EQ("Success",
EvalJs(shell(), JsReplace(R"(fetch($1,
{ trustToken: { type: 'token-request' } })
{ trustToken: { operation: 'token-request' } })
.then(()=>'Success'); )",
server_.GetURL("a.test", "/issue"))));
EXPECT_EQ("Success",
EvalJs(shell(), JsReplace(R"(fetch($1,
{ trustToken: { type: 'token-redemption' } })
{ trustToken: { operation: 'token-redemption' } })
.then(()=>'Success'); )",
server_.GetURL("a.test", "/redeem"))));
EXPECT_EQ("Success",
EvalJs(shell(), JsReplace(R"(fetch($1,
{ trustToken: { type: 'token-redemption',
{ trustToken: { operation: 'token-redemption',
refreshPolicy: 'refresh' } })
.then(()=>'Success'); )",
server_.GetURL("a.test", "/redeem"))));
// third redemption should fail
EXPECT_EQ("Error",
EvalJs(shell(), JsReplace(R"(fetch($1,
{ trustToken: { type: 'token-redemption',
{ trustToken: { operation: 'token-redemption',
refreshPolicy: 'refresh' } })
.then(()=>'Success')
.catch(()=>'Error'); )",
server_.GetURL("a.test", "/redeem"))));
}
// Check whether depreciated fetch API where 'type' refers to operation
// type fails.
IN_PROC_BROWSER_TEST_F(TrustTokenBrowsertest, CheckDepreciatedTypeField) {
ProvideRequestHandlerKeyCommitmentsToNetworkService({"a.test"});
GURL start_url = server_.GetURL("a.test", "/title1.html");
ASSERT_TRUE(NavigateToURL(shell(), start_url));
std::string command = R"(fetch(
"/issue", {trustToken: {type: 'token-request'}})
.then(()=>'Success')
.catch(error => error.message); )";
EXPECT_THAT(EvalJs(shell(), command).ExtractString(),
HasSubstr("Failed to read the 'operation'\
property from 'TrustToken': Required member is undefined."));
}
} // namespace content

2
content/browser/network/trust_token_origin_trial_browsertest.cc

@ -36,7 +36,7 @@
//
// As an example, consider
//
// fetch("https://chromium.org", {trustToken: {type: 'token-request'}}),
// fetch("https://chromium.org", {trustToken: {operation: 'token-request'}}),
//
// a representative fetch with an associated Trust Tokens issuance operation.
// When Trust Tokens is completely disabled (e.g. "third-party origin trial"

2
content/browser/network/trust_token_parameters_browsertest.cc

@ -109,7 +109,7 @@ IN_PROC_BROWSER_TEST_P(TrustTokenParametersBrowsertest,
// In the iframe interface to private state tokens, we only accept the
// kSigning variant, i.e. the send-redemption-record operation.
if (expected_params_and_serialization.params->type !=
if (expected_params_and_serialization.params->operation !=
network::mojom::TrustTokenOperationType::kSigning) {
return;
}

2
content/browser/renderer_host/render_frame_host_impl.cc

@ -675,7 +675,7 @@ bool ParentNeedsTrustTokenPermissionsPolicy(
return false;
return network::DoesTrustTokenOperationRequirePermissionsPolicy(
begin_params.trust_token_params->type);
begin_params.trust_token_params->operation);
}
// Analyzes trusted sources of a frame's trust-token-redemption Permissions

4
content/browser/security_exploit_browsertest.cc

@ -1707,7 +1707,7 @@ IN_PROC_BROWSER_TEST_F(
// Prepare to intercept BeginNavigation mojo IPC. This has to be done before
// the test creates the RenderFrameHostImpl that is the target of the IPC.
auto params = network::mojom::TrustTokenParams::New();
params->type = network::mojom::TrustTokenOperationType::kRedemption;
params->operation = network::mojom::TrustTokenOperationType::kRedemption;
BeginNavigationTrustTokenParamsReplacer replacer(web_contents,
std::move(params));
@ -1753,7 +1753,7 @@ IN_PROC_BROWSER_TEST_F(
// Prepare to intercept BeginNavigation mojo IPC. This has to be done before
// the test creates the RenderFrameHostImpl that is the target of the IPC.
auto params = network::mojom::TrustTokenParams::New();
params->type = network::mojom::TrustTokenOperationType::kSigning;
params->operation = network::mojom::TrustTokenOperationType::kSigning;
BeginNavigationTrustTokenParamsReplacer replacer(web_contents,
std::move(params));

2
services/network/cors/cors_url_loader.cc

@ -934,7 +934,7 @@ void CorsURLLoader::StartNetworkRequest() {
void CorsURLLoader::HandleComplete(const URLLoaderCompletionStatus& status) {
if (request_.trust_token_params) {
HistogramTrustTokenOperationNetError(request_.trust_token_params->type,
HistogramTrustTokenOperationNetError(request_.trust_token_params->operation,
status.trust_token_operation_status,
status.error_code);
}

2
services/network/cors/cors_url_loader_factory.cc

@ -69,7 +69,7 @@ bool VerifyTrustTokenParamsIntegrityIfPresent(
if (trust_token_redemption_policy ==
mojom::TrustTokenRedemptionPolicy::kForbid &&
DoesTrustTokenOperationRequirePermissionsPolicy(
resource_request.trust_token_params->type)) {
resource_request.trust_token_params->operation)) {
// Got a request configured for Trust Tokens redemption or signing from
// a context in which this operation is prohibited.
mojo::ReportBadMessage(

4
services/network/network_context_unittest.cc

@ -7245,7 +7245,7 @@ TEST_F(NetworkContextExpectBadMessageTest,
ResourceRequest my_request;
my_request.trust_token_params =
OptionalTrustTokenParams(mojom::TrustTokenParams::New());
my_request.trust_token_params->type =
my_request.trust_token_params->operation =
mojom::TrustTokenOperationType::kRedemption;
auto factory_params = mojom::URLLoaderFactoryParams::New();
@ -7275,7 +7275,7 @@ TEST_F(NetworkContextExpectBadMessageTest,
ResourceRequest my_request;
my_request.trust_token_params =
OptionalTrustTokenParams(mojom::TrustTokenParams::New());
my_request.trust_token_params->type =
my_request.trust_token_params->operation =
mojom::TrustTokenOperationType::kSigning;
auto factory_params = mojom::URLLoaderFactoryParams::New();

9
services/network/public/cpp/optional_trust_token_params_unittest.cc

@ -80,14 +80,15 @@ TEST(OptionalTrustTokenParams, CopyAndMove) {
TEST(OptionalTrustTokenParams, Dereference) {
OptionalTrustTokenParams in = NonemptyTrustTokenParams();
EXPECT_EQ(in->type, mojom::TrustTokenOperationType::kRedemption);
EXPECT_EQ(in.as_ptr()->type, mojom::TrustTokenOperationType::kRedemption);
EXPECT_EQ(in.value().type, mojom::TrustTokenOperationType::kRedemption);
EXPECT_EQ(in->operation, mojom::TrustTokenOperationType::kRedemption);
EXPECT_EQ(in.as_ptr()->operation,
mojom::TrustTokenOperationType::kRedemption);
EXPECT_EQ(in.value().operation, mojom::TrustTokenOperationType::kRedemption);
}
TEST(OptionalTrustTokenParams, DereferenceEmpty) {
OptionalTrustTokenParams in = absl::nullopt;
EXPECT_CHECK_DEATH(std::ignore = in->type);
EXPECT_CHECK_DEATH(std::ignore = in->operation);
EXPECT_CHECK_DEATH(std::ignore = in.value());
EXPECT_EQ(in.as_ptr(), mojom::TrustTokenParamsPtr());
}

2
services/network/public/cpp/url_request_mojom_traits_unittest.cc

@ -119,7 +119,7 @@ TEST(URLRequestMojomTraitsTest, Roundtrips_ResourceRequest) {
original.trust_token_params = network::mojom::TrustTokenParams();
original.trust_token_params->issuers.push_back(
url::Origin::Create(GURL("https://issuer.com")));
original.trust_token_params->type =
original.trust_token_params->operation =
mojom::TrustTokenOperationType::kRedemption;
original.trust_token_params->include_timestamp_header = true;
original.trust_token_params->sign_request_data =

10
services/network/public/mojom/trust_tokens.mojom

@ -119,9 +119,9 @@ enum TrustTokenSignRequestData {
// operation.
struct TrustTokenParams {
// Required.
TrustTokenOperationType type;
TrustTokenOperationType operation;
// Required exactly when "type" is "kRedemption"; specifies whether the
// Required exactly when "operation" is "kRedemption"; specifies whether the
// caller wishes to use a cached Redemption Record (RR) if available or
// redeem a new token, evicting the RR currently stored.
TrustTokenRefreshPolicy refresh_policy = kUseCached;
@ -133,7 +133,7 @@ struct TrustTokenParams {
// "custom_issuer" specifies what issuer to use for this operation if set.
url.mojom.Origin? custom_issuer;
// The remaining members are used only when "type" is "kSigning": these
// The remaining members are used only when "operation" is "kSigning": these
// parameters specify the manner in which the outgoing request should be
// signed, including optionally specifying additional data to add in
// browser-provided request headers (for instance, a timestamp or custom
@ -296,10 +296,10 @@ struct FulfillTrustTokenIssuanceAnswer {
};
// TrustTokenOperationResult contains all the information required by
// DevTools. Which fields are set depend on |type| and |status|.
// DevTools. Which fields are set depend on |operation| and |status|.
struct TrustTokenOperationResult {
// Required.
TrustTokenOperationType type;
TrustTokenOperationType operation;
TrustTokenOperationStatus status;
// Shared among the different operation types.

14
services/network/test/trust_token_test_util.cc

@ -75,8 +75,8 @@ TrustTokenRequestHelperTest::ExecuteFinalizeAndWaitForResult(
return status;
}
std::string TrustTokenEnumToString(mojom::TrustTokenOperationType type) {
switch (type) {
std::string TrustTokenEnumToString(mojom::TrustTokenOperationType operation) {
switch (operation) {
case mojom::TrustTokenOperationType::kIssuance:
return "token-request";
case mojom::TrustTokenOperationType::kRedemption:
@ -128,10 +128,12 @@ TrustTokenTestParameters& TrustTokenTestParameters::operator=(
const TrustTokenTestParameters&) = default;
TrustTokenTestParameters::TrustTokenTestParameters(
network::mojom::TrustTokenOperationType type,
network::mojom::TrustTokenOperationType operation,
absl::optional<network::mojom::TrustTokenRefreshPolicy> refresh_policy,
absl::optional<std::vector<std::string>> issuer_specs)
: type(type), refresh_policy(refresh_policy), issuer_specs(issuer_specs) {}
: operation(operation),
refresh_policy(refresh_policy),
issuer_specs(issuer_specs) {}
TrustTokenParametersAndSerialization
SerializeTrustTokenParametersAndConstructExpectation(
@ -139,8 +141,8 @@ SerializeTrustTokenParametersAndConstructExpectation(
auto trust_token_params = mojom::TrustTokenParams::New();
base::Value parameters(base::Value::Type::DICTIONARY);
parameters.SetStringKey("type", TrustTokenEnumToString(input.type));
trust_token_params->type = input.type;
parameters.SetStringKey("operation", TrustTokenEnumToString(input.operation));
trust_token_params->operation = input.operation;
if (input.refresh_policy.has_value()) {
parameters.SetStringKey("refreshPolicy",

6
services/network/test/trust_token_test_util.h

@ -106,7 +106,7 @@ struct TrustTokenTestParameters final {
// TrustTokenTestParameters (when serialized, nullopt in an optional field
// will be omitted from the parameter's value):
TrustTokenTestParameters(
mojom::TrustTokenOperationType type,
mojom::TrustTokenOperationType operation,
absl::optional<mojom::TrustTokenRefreshPolicy> refresh_policy,
absl::optional<std::vector<std::string>> issuer_specs);
@ -115,7 +115,7 @@ struct TrustTokenTestParameters final {
TrustTokenTestParameters(const TrustTokenTestParameters&);
TrustTokenTestParameters& operator=(const TrustTokenTestParameters&);
mojom::TrustTokenOperationType type;
mojom::TrustTokenOperationType operation;
absl::optional<mojom::TrustTokenRefreshPolicy> refresh_policy;
// Because static initialization of GURLs/Origins isn't allowed in tests, use
// the string representation of the issuer origins and convert them to Origins
@ -126,7 +126,7 @@ struct TrustTokenTestParameters final {
// Serializes the value of a Trust Tokens enum parameter to its JS string
// representation. Must be kept in sync with the corresponding IDL enum
// definition.
std::string TrustTokenEnumToString(mojom::TrustTokenOperationType type);
std::string TrustTokenEnumToString(mojom::TrustTokenOperationType operation);
std::string TrustTokenEnumToString(mojom::TrustTokenRefreshPolicy policy);
std::string TrustTokenEnumToString(
mojom::TrustTokenSignRequestData sign_request_data);

26
services/network/trust_tokens/trust_token_request_helper_factory.cc

@ -57,11 +57,11 @@ base::StringPiece OutcomeToString(Outcome outcome) {
}
void LogOutcome(const net::NetLogWithSource& log,
mojom::TrustTokenOperationType type,
mojom::TrustTokenOperationType operation,
Outcome outcome) {
base::UmaHistogramEnumeration(
base::StrCat({"Net.TrustTokens.RequestHelperFactoryOutcome.",
internal::TrustTokenOperationTypeToString(type)}),
internal::TrustTokenOperationTypeToString(operation)}),
outcome);
log.EndEvent(net::NetLogEventType::TRUST_TOKEN_OPERATION_REQUESTED,
[outcome]() {
@ -94,10 +94,10 @@ void TrustTokenRequestHelperFactory::CreateTrustTokenHelperForRequest(
net_log.BeginEventWithIntParams(
net::NetLogEventType::TRUST_TOKEN_OPERATION_REQUESTED,
"Operation type (mojom.TrustTokenOperationType)",
static_cast<int>(params.type));
static_cast<int>(params.operation));
if (!authorizer_.Run()) {
LogOutcome(net_log, params.type, Outcome::kRejectedByAuthorizer);
LogOutcome(net_log, params.operation, Outcome::kRejectedByAuthorizer);
std::move(done).Run(mojom::TrustTokenOperationStatus::kUnauthorized);
return;
}
@ -105,7 +105,7 @@ void TrustTokenRequestHelperFactory::CreateTrustTokenHelperForRequest(
for (base::StringPiece header : TrustTokensRequestHeaders()) {
if (headers.HasHeader(header)) {
LogOutcome(
net_log, params.type,
net_log, params.operation,
Outcome::kRequestRejectedDueToBearingAnInternalTrustTokensHeader);
std::move(done).Run(mojom::TrustTokenOperationStatus::kInvalidArgument);
return;
@ -115,7 +115,7 @@ void TrustTokenRequestHelperFactory::CreateTrustTokenHelperForRequest(
absl::optional<SuitableTrustTokenOrigin> maybe_top_frame_origin =
SuitableTrustTokenOrigin::Create(top_frame_origin);
if (!maybe_top_frame_origin) {
LogOutcome(net_log, params.type, Outcome::kUnsuitableTopFrameOrigin);
LogOutcome(net_log, params.operation, Outcome::kUnsuitableTopFrameOrigin);
std::move(done).Run(mojom::TrustTokenOperationStatus::kFailedPrecondition);
return;
}
@ -135,11 +135,11 @@ void TrustTokenRequestHelperFactory::ConstructHelperUsingStore(
DCHECK(params);
auto metrics_recorder =
std::make_unique<TrustTokenOperationMetricsRecorder>(params->type);
std::make_unique<TrustTokenOperationMetricsRecorder>(params->operation);
switch (params->type) {
switch (params->operation) {
case mojom::TrustTokenOperationType::kIssuance: {
LogOutcome(net_log, params->type,
LogOutcome(net_log, params->operation,
Outcome::kSuccessfullyCreatedAnIssuanceHelper);
auto helper = std::make_unique<TrustTokenRequestIssuanceHelper>(
std::move(top_frame_origin), store, key_commitment_getter_,
@ -153,7 +153,7 @@ void TrustTokenRequestHelperFactory::ConstructHelperUsingStore(
}
case mojom::TrustTokenOperationType::kRedemption: {
LogOutcome(net_log, params->type,
LogOutcome(net_log, params->operation,
Outcome::kSuccessfullyCreatedARedemptionHelper);
auto helper = std::make_unique<TrustTokenRequestRedemptionHelper>(
std::move(top_frame_origin), params->refresh_policy, store,
@ -169,7 +169,7 @@ void TrustTokenRequestHelperFactory::ConstructHelperUsingStore(
case mojom::TrustTokenOperationType::kSigning: {
if (params->issuers.empty()) {
LogOutcome(net_log, params->type, Outcome::kEmptyIssuersParameter);
LogOutcome(net_log, params->operation, Outcome::kEmptyIssuersParameter);
std::move(done).Run(mojom::TrustTokenOperationStatus::kInvalidArgument);
return;
}
@ -180,7 +180,7 @@ void TrustTokenRequestHelperFactory::ConstructHelperUsingStore(
SuitableTrustTokenOrigin::Create(
std::move(potentially_unsuitable_issuer));
if (!maybe_issuer) {
LogOutcome(net_log, params->type,
LogOutcome(net_log, params->operation,
Outcome::kUnsuitableIssuerInIssuersParameter);
std::move(done).Run(
mojom::TrustTokenOperationStatus::kInvalidArgument);
@ -193,7 +193,7 @@ void TrustTokenRequestHelperFactory::ConstructHelperUsingStore(
TrustTokenRequestSigningHelper::Params signing_params(std::move(issuers),
top_frame_origin);
LogOutcome(net_log, params->type,
LogOutcome(net_log, params->operation,
Outcome::kSuccessfullyCreatedASigningHelper);
auto helper = std::make_unique<TrustTokenRequestSigningHelper>(
store, std::move(signing_params), std::move(net_log));

12
services/network/trust_tokens/trust_token_request_helper_factory_unittest.cc

@ -58,7 +58,7 @@ class TrustTokenRequestHelperFactoryTest : public ::testing::Test {
TrustTokenRequestHelperFactoryTest() {
suitable_request_ = CreateSuitableRequest();
suitable_params_ = mojom::TrustTokenParams::New();
suitable_params_->type = mojom::TrustTokenOperationType::kSigning;
suitable_params_->operation = mojom::TrustTokenOperationType::kSigning;
suitable_params_->issuers.push_back(
url::Origin::Create(GURL("https://issuer.example")));
}
@ -180,7 +180,7 @@ TEST_F(TrustTokenRequestHelperFactoryTest,
auto request = CreateSuitableRequest();
auto params = suitable_signing_params().Clone();
params->type = mojom::TrustTokenOperationType::kSigning;
params->operation = mojom::TrustTokenOperationType::kSigning;
params->issuers.clear();
EXPECT_EQ(CreateHelperAndWaitForResult(*request, *params).status(),
@ -213,7 +213,7 @@ TEST_F(TrustTokenRequestHelperFactoryTest,
auto request = CreateSuitableRequest();
auto params = suitable_signing_params().Clone();
params->type = mojom::TrustTokenOperationType::kSigning;
params->operation = mojom::TrustTokenOperationType::kSigning;
params->possibly_unsafe_additional_signing_data =
std::string(kTrustTokenAdditionalSigningDataMaxSizeBytes, 'a');
@ -225,7 +225,7 @@ TEST_F(TrustTokenRequestHelperFactoryTest,
TEST_F(TrustTokenRequestHelperFactoryTest, CreatesSigningHelper) {
base::HistogramTester histogram_tester;
auto params = suitable_signing_params().Clone();
params->type = mojom::TrustTokenOperationType::kSigning;
params->operation = mojom::TrustTokenOperationType::kSigning;
auto result = CreateHelperAndWaitForResult(suitable_request(), *params);
ASSERT_TRUE(result.ok());
@ -239,7 +239,7 @@ TEST_F(TrustTokenRequestHelperFactoryTest, CreatesSigningHelper) {
TEST_F(TrustTokenRequestHelperFactoryTest, CreatesIssuanceHelper) {
base::HistogramTester histogram_tester;
auto params = suitable_signing_params().Clone();
params->type = mojom::TrustTokenOperationType::kIssuance;
params->operation = mojom::TrustTokenOperationType::kIssuance;
auto result = CreateHelperAndWaitForResult(suitable_request(), *params);
ASSERT_TRUE(result.ok());
@ -253,7 +253,7 @@ TEST_F(TrustTokenRequestHelperFactoryTest, CreatesIssuanceHelper) {
TEST_F(TrustTokenRequestHelperFactoryTest, CreatesRedemptionHelper) {
base::HistogramTester histogram_tester;
auto params = suitable_signing_params().Clone();
params->type = mojom::TrustTokenOperationType::kRedemption;
params->operation = mojom::TrustTokenOperationType::kRedemption;
auto result = CreateHelperAndWaitForResult(suitable_request(), *params);
ASSERT_TRUE(result.ok());

2
services/network/trust_tokens/trust_token_request_issuance_helper.cc

@ -343,7 +343,7 @@ TrustTokenRequestIssuanceHelper::CollectOperationResultWithStatus(
mojom::TrustTokenOperationResultPtr operation_result =
mojom::TrustTokenOperationResult::New();
operation_result->status = status;
operation_result->type = mojom::TrustTokenOperationType::kIssuance;
operation_result->operation = mojom::TrustTokenOperationType::kIssuance;
operation_result->top_level_origin = top_level_origin_;
if (issuer_) {
operation_result->issuer = *issuer_;

2
services/network/trust_tokens/trust_token_request_redemption_helper.cc

@ -300,7 +300,7 @@ TrustTokenRequestRedemptionHelper::CollectOperationResultWithStatus(
mojom::TrustTokenOperationResultPtr operation_result =
mojom::TrustTokenOperationResult::New();
operation_result->status = status;
operation_result->type = mojom::TrustTokenOperationType::kRedemption;
operation_result->operation = mojom::TrustTokenOperationType::kRedemption;
operation_result->top_level_origin = top_level_origin_;
if (issuer_) {
operation_result->issuer = *issuer_;

2
services/network/trust_tokens/trust_token_request_signing_helper.cc

@ -206,7 +206,7 @@ TrustTokenRequestSigningHelper::CollectOperationResultWithStatus(
mojom::TrustTokenOperationResultPtr operation_result =
mojom::TrustTokenOperationResult::New();
operation_result->status = status;
operation_result->type = mojom::TrustTokenOperationType::kRedemption;
operation_result->operation = mojom::TrustTokenOperationType::kRedemption;
operation_result->top_level_origin = params_.toplevel;
return operation_result;
}

8
services/network/url_loader.cc

@ -922,7 +922,7 @@ void URLLoader::BeginTrustTokenOperationIfNecessaryAndThenScheduleStart(
// get the corresponding response header. It is okay to cache the results in
// case subsequent requests are made to the same URL in non-trust-token
// settings.
if (request.trust_token_params->type !=
if (request.trust_token_params->operation !=
mojom::TrustTokenOperationType::kSigning) {
url_request_->SetLoadFlags(url_request_->load_flags() |
net::LOAD_BYPASS_CACHE);
@ -938,11 +938,11 @@ void URLLoader::BeginTrustTokenOperationIfNecessaryAndThenScheduleStart(
url_request_->net_log(),
base::BindOnce(&URLLoader::OnDoneConstructingTrustTokenHelper,
weak_ptr_factory_.GetWeakPtr(),
request.trust_token_params->type));
request.trust_token_params->operation));
}
void URLLoader::OnDoneConstructingTrustTokenHelper(
mojom::TrustTokenOperationType type,
mojom::TrustTokenOperationType operation,
TrustTokenStatusOrRequestHelper status_or_helper) {
if (trust_token_observer_) {
const net::IsolationInfo& isolation_info = url_request_->isolation_info();
@ -973,7 +973,7 @@ void URLLoader::OnDoneConstructingTrustTokenHelper(
mojom::TrustTokenOperationResultPtr operation_result =
mojom::TrustTokenOperationResult::New();
operation_result->status = *trust_token_status_;
operation_result->type = type;
operation_result->operation = operation;
devtools_observer_->OnTrustTokenOperationDone(
devtools_request_id().value(), std::move(operation_result));
}

4
third_party/blink/public/devtools_protocol/browser_protocol.pdl vendored

@ -5271,9 +5271,9 @@ domain Network
# are specified in third_party/blink/renderer/core/fetch/trust_token.idl.
experimental type TrustTokenParams extends object
properties
TrustTokenOperationType type
TrustTokenOperationType operation
# Only set for "token-redemption" type and determine whether
# Only set for "token-redemption" operation and determine whether
# to request a fresh SRR or use a still valid cached SRR.
enum refreshPolicy
UseCached

2
third_party/blink/renderer/core/fetch/fetch_manager.cc vendored

@ -533,7 +533,7 @@ void FetchManager::Loader::DidFail(uint64_t identifier,
const ResourceError& error) {
if (fetch_request_data_ && fetch_request_data_->TrustTokenParams()) {
HistogramNetErrorForTrustTokensOperation(
fetch_request_data_->TrustTokenParams()->type, error.ErrorCode());
fetch_request_data_->TrustTokenParams()->operation, error.ErrorCode());
}
if (error.TrustTokenOperationError() !=

6
third_party/blink/renderer/core/fetch/request.cc vendored

@ -590,8 +590,8 @@ Request* Request::CreateRequestWithRequestOrString(
return nullptr;
}
if ((params.type == TrustTokenOperationType::kRedemption ||
params.type == TrustTokenOperationType::kSigning) &&
if ((params.operation == TrustTokenOperationType::kRedemption ||
params.operation == TrustTokenOperationType::kSigning) &&
!execution_context->IsFeatureEnabled(
mojom::blink::PermissionsPolicyFeature::kTrustTokenRedemption)) {
exception_state.ThrowTypeError(
@ -602,7 +602,7 @@ Request* Request::CreateRequestWithRequestOrString(
return nullptr;
}
if (params.type == TrustTokenOperationType::kIssuance &&
if (params.operation == TrustTokenOperationType::kIssuance &&
!IsTrustTokenIssuanceAvailableInExecutionContext(*execution_context)) {
exception_state.ThrowTypeError(
"trustToken: Issuance ('token-request') is disabled except in "

10
third_party/blink/renderer/core/fetch/trust_token.idl vendored

@ -9,20 +9,20 @@ enum SignRequestData { "omit", "include", "headers-only" };
// A TrustToken object represents a request to execute a Trust Tokens protocol
// operation (https://github.com/wicg/trust-token-api).
dictionary TrustToken {
// |type| is the only required parameter; all other parameters are necessary
// |operation| is the only required parameter; all other parameters are necessary
// only for certain operations.
required OperationType type;
required OperationType operation;
// --- Parameters only for token redemption
// The following parameters are ignored unless |type| is
// The following parameters are ignored unless |operation| is
// "token-redemption":
// 1. refreshPolicy
RefreshPolicy refreshPolicy = "none";
// --- Parameters only for request signing
// The following parameters are ignored unless |type| is "send-redemption-record":
// The following parameters are ignored unless |operation| is "send-redemption-record":
// 1. |issuers|
//
// Additionally, |issuers| must be nonempty when |type| is "send-redemption-record".
// Additionally, |issuers| must be nonempty when |operation| is "send-redemption-record".
sequence<USVString> issuers;
};

15
third_party/blink/renderer/core/fetch/trust_token_to_mojom.cc vendored

@ -13,14 +13,15 @@ using RefreshPolicy = V8RefreshPolicy::Enum;
bool ConvertTrustTokenToMojom(const TrustToken& in,
ExceptionState* exception_state,
network::mojom::blink::TrustTokenParams* out) {
DCHECK(in.hasType()); // field is required in IDL
if (in.type().AsEnum() == OperationType::kTokenRequest) {
out->type = network::mojom::blink::TrustTokenOperationType::kIssuance;
DCHECK(in.hasOperation()); // field is required in IDL
if (in.operation().AsEnum() == OperationType::kTokenRequest) {
out->operation = network::mojom::blink::TrustTokenOperationType::kIssuance;
return true;
}
if (in.type().AsEnum() == OperationType::kTokenRedemption) {
out->type = network::mojom::blink::TrustTokenOperationType::kRedemption;
if (in.operation().AsEnum() == OperationType::kTokenRedemption) {
out->operation =
network::mojom::blink::TrustTokenOperationType::kRedemption;
DCHECK(in.hasRefreshPolicy()); // default is defined
@ -35,8 +36,8 @@ bool ConvertTrustTokenToMojom(const TrustToken& in,
}
// The final possible value of the type enum.
DCHECK_EQ(in.type().AsEnum(), OperationType::kSendRedemptionRecord);
out->type = network::mojom::blink::TrustTokenOperationType::kSigning;
DCHECK_EQ(in.operation().AsEnum(), OperationType::kSendRedemptionRecord);
out->operation = network::mojom::blink::TrustTokenOperationType::kSigning;
if (in.hasIssuers() && !in.issuers().empty()) {
for (const String& issuer : in.issuers()) {

4
third_party/blink/renderer/core/fetch/trust_token_to_mojom.h vendored

@ -19,8 +19,8 @@ class DOMException;
// - remaining elements partitioned into groups of parameters used for specific
// operations.
//
// The method sets only |type| and the fields corresponding to the operation
// specified by |type|, namely
// The method sets only |operation| and the fields corresponding to the
// operation specified by |operation|, namely
// - for issuance, no additional fields;
// - for redemption, |refresh_policy|;
// - for signing: |issuer|, |additional_signed_headers|, |sign_request_data|,

2
third_party/blink/renderer/core/html/html_iframe_element.cc vendored

@ -512,7 +512,7 @@ HTMLIFrameElement::ConstructTrustTokenParams() const {
// Only the send-redemption-record (the kSigning variant) operation is
// valid in the iframe context.
if (parsed_params->type !=
if (parsed_params->operation !=
network::mojom::blink::TrustTokenOperationType::kSigning) {
GetDocument().AddConsoleMessage(MakeGarbageCollected<ConsoleMessage>(
mojom::blink::ConsoleMessageSource::kOther,

13
third_party/blink/renderer/core/html/trust_token_attribute_parsing.cc vendored

@ -15,7 +15,8 @@ namespace blink {
namespace internal {
namespace {
bool ParseType(const String& in, network::mojom::TrustTokenOperationType* out) {
bool ParseOperation(const String& in,
network::mojom::TrustTokenOperationType* out) {
if (in == "token-request") {
*out = network::mojom::TrustTokenOperationType::kIssuance;
return true;
@ -54,12 +55,14 @@ network::mojom::blink::TrustTokenParamsPtr TrustTokenParamsFromJson(
auto ret = network::mojom::blink::TrustTokenParams::New();
// |type| is required.
String type;
if (!object->GetString("type", &type))
// |operation| is required.
String operation;
if (!object->GetString("operation", &operation)) {
return nullptr;
if (!ParseType(type, &ret->type))
}
if (!ParseOperation(operation, &ret->operation)) {
return nullptr;
}
// |refreshPolicy| is optional.
if (JSONValue* refresh_policy = object->Get("refreshPolicy")) {

30
third_party/blink/renderer/core/html/trust_token_attribute_parsing_test.cc vendored

@ -19,7 +19,7 @@ namespace {
network::mojom::blink::TrustTokenParamsPtr NetworkParamsToBlinkParams(
network::mojom::TrustTokenParamsPtr params) {
auto ret = network::mojom::blink::TrustTokenParams::New();
ret->type = params->type;
ret->operation = params->operation;
ret->refresh_policy = params->refresh_policy;
for (const url::Origin& issuer : params->issuers) {
ret->issuers.push_back(SecurityOrigin::CreateFromUrlOrigin(issuer));
@ -72,7 +72,7 @@ TEST_P(TrustTokenAttributeParsingSuccess, Roundtrip) {
// well with the "issuers" field's members' type of
// scoped_refptr<blink::SecurityOrigin>: in particular, the method does an
// address-to-address comparison of the pointers.
EXPECT_EQ(result->type, expectation->type);
EXPECT_EQ(result->operation, expectation->operation);
EXPECT_EQ(result->refresh_policy, expectation->refresh_policy);
EXPECT_EQ(result->issuers.size(), expectation->issuers.size());
@ -93,7 +93,7 @@ TEST(TrustTokenAttributeParsing, NotADictionary) {
ASSERT_FALSE(TrustTokenParamsFromJson(std::move(json)));
}
TEST(TrustTokenAttributeParsing, MissingType) {
TEST(TrustTokenAttributeParsing, MissingOperation) {
auto json = ParseJSON(R"(
{ }
)");
@ -101,17 +101,17 @@ TEST(TrustTokenAttributeParsing, MissingType) {
ASSERT_FALSE(TrustTokenParamsFromJson(std::move(json)));
}
TEST(TrustTokenAttributeParsing, TypeUnsafeType) {
TEST(TrustTokenAttributeParsing, TypeUnsafeOperation) {
auto json = ParseJSON(R"(
{ "type": 3 }
{ "operation": 3 }
)");
ASSERT_TRUE(json);
ASSERT_FALSE(TrustTokenParamsFromJson(std::move(json)));
}
TEST(TrustTokenAttributeParsing, InvalidType) {
TEST(TrustTokenAttributeParsing, InvalidOperation) {
auto json = ParseJSON(R"(
{ "type": "not a valid type" }
{ "operation": "not a valid type" }
)");
ASSERT_TRUE(json);
ASSERT_FALSE(TrustTokenParamsFromJson(std::move(json)));
@ -119,7 +119,7 @@ TEST(TrustTokenAttributeParsing, InvalidType) {
TEST(TrustTokenAttributeParsing, TypeUnsafeRefreshPolicy) {
auto json = ParseJSON(R"(
{ "type": "token-request",
{ "operation": "token-request",
"refreshPolicy": 3 }
)");
ASSERT_TRUE(json);
@ -128,7 +128,7 @@ TEST(TrustTokenAttributeParsing, TypeUnsafeRefreshPolicy) {
TEST(TrustTokenAttributeParsing, InvalidRefreshPolicy) {
auto json = ParseJSON(R"(
{ "type": "token-request",
{ "operation": "token-request",
"refreshPolicy": "not a valid refresh policy" }
)");
ASSERT_TRUE(json);
@ -137,7 +137,7 @@ TEST(TrustTokenAttributeParsing, InvalidRefreshPolicy) {
TEST(TrustTokenAttributeParsing, NonListIssuers) {
auto json = ParseJSON(R"(
{ "type": "token-request",
{ "operation": "token-request",
"issuers": 3 }
)");
ASSERT_TRUE(json);
@ -146,7 +146,7 @@ TEST(TrustTokenAttributeParsing, NonListIssuers) {
TEST(TrustTokenAttributeParsing, EmptyIssuers) {
auto json = ParseJSON(R"(
{ "type": "token-request",
{ "operation": "token-request",
"issuers": [] }
)");
ASSERT_TRUE(json);
@ -156,7 +156,7 @@ TEST(TrustTokenAttributeParsing, EmptyIssuers) {
TEST(TrustTokenAttributeParsing, WrongListTypeIssuers) {
JSONParseError err;
auto json = ParseJSON(R"(
{ "type": "token-request",
{ "operation": "token-request",
"issuers": [1995] }
)",
&err);
@ -168,7 +168,7 @@ TEST(TrustTokenAttributeParsing, WrongListTypeIssuers) {
TEST(TrustTokenAttributeParsing, NonUrlIssuer) {
JSONParseError err;
auto json = ParseJSON(R"(
{ "type": "token-request",
{ "operation": "token-request",
"issuers": ["https://ok.test", "not a URL"] }
)",
&err);
@ -180,7 +180,7 @@ TEST(TrustTokenAttributeParsing, NonUrlIssuer) {
// trustworthy origin.
TEST(TrustTokenAttributeParsing, InsecureIssuer) {
auto json = ParseJSON(R"(
{ "type": "token-request",
{ "operation": "token-request",
"issuers": ["https://trustworthy.example",
"http://not-potentially-trustworthy.example"] }
)");
@ -192,7 +192,7 @@ TEST(TrustTokenAttributeParsing, InsecureIssuer) {
// HTTPS origin.
TEST(TrustTokenAttributeParsing, NonHttpNonHttpsIssuer) {
auto json = ParseJSON(R"(
{ "type": "token-request",
{ "operation": "token-request",
"issuers": ["https://ok.test", "file:///"] }
)");
ASSERT_TRUE(json);

6
third_party/blink/renderer/core/inspector/inspector_network_agent.cc vendored

@ -617,8 +617,8 @@ std::unique_ptr<protocol::Network::WebSocketFrame> WebSocketMessageToProtocol(
}
String GetTrustTokenOperationType(
network::mojom::TrustTokenOperationType type) {
switch (type) {
network::mojom::TrustTokenOperationType operation) {
switch (operation) {
case network::mojom::TrustTokenOperationType::kIssuance:
return protocol::Network::TrustTokenOperationTypeEnum::Issuance;
case network::mojom::TrustTokenOperationType::kRedemption:
@ -642,7 +642,7 @@ std::unique_ptr<protocol::Network::TrustTokenParams> BuildTrustTokenParams(
const network::mojom::blink::TrustTokenParams& params) {
auto protocol_params =
protocol::Network::TrustTokenParams::create()
.setType(GetTrustTokenOperationType(params.type))
.setOperation(GetTrustTokenOperationType(params.operation))
.setRefreshPolicy(GetTrustTokenRefreshPolicy(params.refresh_policy))
.build();

7
third_party/blink/renderer/core/xmlhttprequest/xml_http_request.cc vendored

@ -1435,9 +1435,10 @@ void XMLHttpRequest::setTrustToken(const TrustToken* trust_token,
}
bool operation_requires_permissions_policy =
params->type ==
params->operation ==
network::mojom::blink::TrustTokenOperationType::kRedemption ||
params->type == network::mojom::blink::TrustTokenOperationType::kSigning;
params->operation ==
network::mojom::blink::TrustTokenOperationType::kSigning;
if (operation_requires_permissions_policy &&
!GetExecutionContext()->IsFeatureEnabled(
mojom::blink::PermissionsPolicyFeature::kTrustTokenRedemption)) {
@ -1448,7 +1449,7 @@ void XMLHttpRequest::setTrustToken(const TrustToken* trust_token,
return;
}
if (params->type ==
if (params->operation ==
network::mojom::blink::TrustTokenOperationType::kIssuance &&
!IsTrustTokenIssuanceAvailableInExecutionContext(
*GetExecutionContext())) {

2
third_party/blink/renderer/platform/loader/fetch/trust_token_params_conversion.cc vendored

@ -16,7 +16,7 @@ network::OptionalTrustTokenParams ConvertTrustTokenParams(
network::mojom::TrustTokenParamsPtr out =
network::mojom::TrustTokenParams::New();
out->type = in.type;
out->operation = in.operation;
out->refresh_policy = in.refresh_policy;
out->sign_request_data = in.sign_request_data;
out->include_timestamp_header = in.include_timestamp_header;

2
third_party/blink/web_tests/http/tests/inspector-protocol/resources/iframe-request-trust-token.html vendored

@ -1 +1 @@
<iframe src="https://issuer.example" trusttoken="{&#x22;type&#x22;: &#x22;send-redemption-record&#x22;, &#x22;issuers&#x22;: [&#x22;https://issuer.example&#x22;] }"></iframe>
<iframe src="https://issuer.example" trusttoken="{&#x22;operation&#x22;: &#x22;send-redemption-record&#x22;, &#x22;issuers&#x22;: [&#x22;https://issuer.example&#x22;] }"></iframe>

2
third_party/blink/web_tests/http/tests/inspector-protocol/trust-tokens/no-console-warning-with-cookies-disabled.js vendored

@ -18,7 +18,7 @@
await session.evaluate(`testRunner.setBlockThirdPartyCookies(true);`);
const obtainedError = await session.evaluateAsync(`
fetch('/issue', {trustToken:{type:'token-request'}}).catch((e)=>e.toString());
fetch('/issue', {trustToken:{operation:'token-request'}}).catch((e)=>e.toString());
`);
testRunner.log(`Trust Tokens operation concluded with expected failure, throwing exception "${obtainedError}".`);

6
third_party/blink/web_tests/http/tests/inspector-protocol/trust-tokens/trust-token-params-fetch.js vendored

@ -9,7 +9,7 @@
const issuanceRequest = `
fetch('https://trusttoken.test', {
trustToken: {
type: 'token-request'
operation: 'token-request'
}
});
`;
@ -17,7 +17,7 @@
const redemptionRequest = `
fetch('https://trusttoken.test', {
trustToken: {
type: 'token-redemption'
operation: 'token-redemption'
}
});
`;
@ -25,7 +25,7 @@
const signingRequest = `
fetch('https://destination.test', {
trustToken: {
type: 'send-redemption-record',
operation: 'send-redemption-record',
issuers: ['https://issuer.test']
}
});

6
third_party/blink/web_tests/http/tests/loading/trust-tokens/trust-token-fetch.tentative.https.html vendored

@ -15,7 +15,7 @@
});
return fetch('https://trusttoken.test', {
trustToken: {
type: 'token-request'
operation: 'token-request'
}
});
})(), 'Trust Token issuance should error.'),
@ -28,7 +28,7 @@
});
return fetch('https://trusttoken.test', {
trustToken: {
type: 'token-redemption'
operation: 'token-redemption'
}
});
})(), 'Trust Token redemption should error.'),
@ -41,7 +41,7 @@
});
return fetch('https://destination.test', {
trustToken: {
type: 'send-redemption-record',
operation: 'send-redemption-record',
issuers: ['https://issuer.test']
}
});

6
third_party/blink/web_tests/http/tests/loading/trust-tokens/trust-token-xhr.tentative.https.html vendored

@ -12,7 +12,7 @@
let request = new XMLHttpRequest();
request.open('GET', 'https://trusttoken.test');
request.setTrustToken({
type: 'token-request'
operation: 'token-request'
});
request.onerror = t.step_func(() => {
assert_equals(request.trustTokenOperationError.name, "InvalidStateError");
@ -27,7 +27,7 @@
let request = new XMLHttpRequest();
request.open('GET', 'https://trusttoken.test');
request.setTrustToken({
type: 'token-redemption'
operation: 'token-redemption'
});
request.onerror = t.step_func(() => {
assert_equals(request.trustTokenOperationError.name, "InvalidStateError");
@ -42,7 +42,7 @@
let request = new XMLHttpRequest();
request.open('GET', 'https://destination.test');
request.setTrustToken({
type: 'send-redemption-record',
operation: 'send-redemption-record',
issuers: ['https://issuer.test']
});
request.onerror = t.step_func(() => {

12
third_party/blink/web_tests/virtual/trust-tokens/http/tests/inspector-protocol/trust-tokens/trust-token-params-fetch-expected.txt vendored

@ -2,26 +2,26 @@ Check that TrustTokenParams are included in the basic Trust Token operations on
Sending request:
fetch('https://trusttoken.test', {
trustToken: {
type: 'token-request'
operation: 'token-request'
}
});
Included trustTokenParams in request: {"type":"Issuance","refreshPolicy":"UseCached"}
Included trustTokenParams in request: {"operation":"Issuance","refreshPolicy":"UseCached"}
Sending request:
fetch('https://trusttoken.test', {
trustToken: {
type: 'token-redemption'
operation: 'token-redemption'
}
});
Included trustTokenParams in request: {"type":"Redemption","refreshPolicy":"UseCached"}
Included trustTokenParams in request: {"operation":"Redemption","refreshPolicy":"UseCached"}
Sending request:
fetch('https://destination.test', {
trustToken: {
type: 'send-redemption-record',
operation: 'send-redemption-record',
issuers: ['https://issuer.test']
}
});
Included trustTokenParams in request: {"type":"Signing","refreshPolicy":"UseCached","issuers":["https://issuer.test"]}
Included trustTokenParams in request: {"operation":"Signing","refreshPolicy":"UseCached","issuers":["https://issuer.test"]}

2
third_party/blink/web_tests/virtual/trust-tokens/http/tests/inspector-protocol/trust-tokens/trust-token-params-iframe-expected.txt vendored

@ -1,4 +1,4 @@
Check that TrustTokenParams are included when an iframe requests a trust token'
Main frame navigation not expected to contain trustTokenParams.
Included trustTokenParams in request: {"type":"Signing","refreshPolicy":"UseCached","issuers":["https://issuer.example"]}
Included trustTokenParams in request: {"operation":"Signing","refreshPolicy":"UseCached","issuers":["https://issuer.example"]}

8
third_party/blink/web_tests/wpt_internal/trust-tokens/trust-token-api-e2e-iframe.https.html vendored

@ -11,7 +11,7 @@
promise_test(function () {
return fetch('/wpt_internal/trust-tokens/resources/trust_token_issuance.py', {
trustToken: { type: 'token-request' }
trustToken: { operation: 'token-request' }
}).then(function (response) {
assert_equals(response.status, 200);
assert_equals(response.headers.get('Sec-Trust-Token'), null);
@ -20,7 +20,7 @@
promise_test(function () {
return fetch('/wpt_internal/trust-tokens/resources/trust_token_redemption.py', {
trustToken: { type: 'token-redemption' }
trustToken: { operation: 'token-redemption' }
}).then(function (response) {
assert_equals(response.status, 200);
assert_equals(response.headers.get('Sec-Trust-Token'), null);
@ -31,7 +31,7 @@
const host_info = get_host_info();
const frame = document.createElement('iframe');
frame.src = '/wpt_internal/trust-tokens/resources/trust_token_send_redemption_record.py';
frame.trustToken = JSON.stringify({ type: 'send-redemption-record', issuers: [host_info.ORIGIN] });
frame.trustToken = JSON.stringify({ operation: 'send-redemption-record', issuers: [host_info.ORIGIN] });
document.body.appendChild(frame);
return new Promise(resolve => {
@ -41,4 +41,4 @@
});
}, 'Trust token RR succeeds using iframes.');
</script>
</body>
</body>

6
third_party/blink/web_tests/wpt_internal/trust-tokens/trust-token-api-e2e.https.html vendored

@ -9,7 +9,7 @@
promise_test(function () {
return fetch('/wpt_internal/trust-tokens/resources/trust_token_issuance.py', {
trustToken: { type: 'token-request' }
trustToken: { operation: 'token-request' }
}).then(function (response) {
assert_equals(response.status, 200);
assert_equals(response.headers.get('Sec-Trust-Token'), null);
@ -18,7 +18,7 @@
promise_test(function () {
return fetch('/wpt_internal/trust-tokens/resources/trust_token_redemption.py', {
trustToken: { type: 'token-redemption' }
trustToken: { operation: 'token-redemption' }
}).then(function (response) {
assert_equals(response.status, 200);
assert_equals(response.headers.get('Sec-Trust-Token'), null);
@ -29,7 +29,7 @@
const host_info = get_host_info();
return fetch('/wpt_internal/trust-tokens/resources/trust_token_send_redemption_record.py', {
trustToken: {
type: 'send-redemption-record',
operation: 'send-redemption-record',
issuers: [host_info.ORIGIN]
}
}).then(function (response) {

6
third_party/blink/web_tests/wpt_internal/trust-tokens/trust-token-api-rate-limiting.https.html vendored

@ -9,13 +9,13 @@
function issue_token() {
return fetch('/wpt_internal/trust-tokens/resources/trust_token_issuance.py', {
trustToken: { type: 'token-request' }
trustToken: { operation: 'token-request' }
});
}
function redeem_token() {
return fetch('/wpt_internal/trust-tokens/resources/trust_token_redemption.py', {
trustToken: { type: 'token-redemption', refreshPolicy: "refresh" }
trustToken: { operation: 'token-redemption', refreshPolicy: "refresh" }
});
}
@ -38,4 +38,4 @@
}, 'Token redemption is rate limited.');
</script>
</script>