This plumbs the has_storage_access bool from the WebSocket's
ExecutionContext to the network service machinery, so that a
Document's or Worker's Storage Access API opt-in is respected for
WebSocket connections. (Note that this bit is untrusted; a compromised
renderer cannot gain unauthorized access to unpartitioned cookies by
lying with this bit.)
This behavior is currently unspecified by the Storage Access API spec,
but we will engage there to specify it. In the meantime, web
developers expect the API to work this way (see
https://crbug.com/947413#c20).
I plan to add WPTs for this in a followup, but I'd like to land this
before branch cut if possible.
Bug: 1496832
Change-Id: I29e0e4b3a2fc6fb3faed8c80954aaee14499e449
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4982327
Reviewed-by: Johann Hofmann <johannhof@chromium.org>
Reviewed-by: Adam Rice <ricea@chromium.org>
Reviewed-by: Maks Orlovich <morlovich@chromium.org>
Commit-Queue: Chris Fredrickson <cfredric@chromium.org>
Reviewed-by: Ken Buchanan <kenrb@chromium.org>
Reviewed-by: Adam Langley <agl@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1218202}
This replaces DISALLOW_COPY_AND_ASSIGN with explicit constructor deletes
where a local script is able to detect its insertion place (~Foo() is
public => insert before this line).
This is incomplete as not all classes have a public ~Foo() declared, so
not all DISALLOW_COPY_AND_ASSIGN occurrences are replaced.
IWYU cleanup is left as a separate pass that is easier when these macros
go away.
Bug: 1010217
Change-Id: Iea478401b7580682c7b9f195f7af9cbbdb6ce315
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3167292
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Owners-Override: Daniel Cheng <dcheng@chromium.org>
Commit-Queue: Peter Boström <pbos@chromium.org>
Cr-Commit-Position: refs/heads/main@{#923194}
Similarly to the usual loading case, we should attach "null" instead of
"file://" as the origin header to WebSocket requests initiated by a file
origin (unless "-allow-file-access-from-files" is specified).
Bug: 1206736
Change-Id: Idb3a8c1ad56eb07ce5d897e2fb3fe246672a6be8
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2903375
Reviewed-by: Ryan Hamilton <rch@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Reviewed-by: Yoichi Osato <yoichio@chromium.org>
Commit-Queue: Yutaka Hirano <yhirano@chromium.org>
Auto-Submit: Yutaka Hirano <yhirano@chromium.org>
Cr-Commit-Position: refs/heads/master@{#884879}
With the expanded scope of the interface became apparent the previous
name was incorrect. AuthenticationAndCertificateObserver becomes
URLLoaderNetworkServiceObserver. This rename was largely done by
3 sed commands.
BUG=1173710
Change-Id: I29206a9bd14af9bcad495ae729314bb23da65006
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2733070
Reviewed-by: Dave Tapuska <dtapuska@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Owners-Override: Dave Tapuska <dtapuska@chromium.org>
Commit-Queue: Dave Tapuska <dtapuska@chromium.org>
Cr-Commit-Position: refs/heads/master@{#860409}
Add a new AuthenticationAndCertificateObserver mojo interface as
detailed in [1]. This interface is created to be bound by a frame or
a navigation request. The interface is still implemented in the
StoragePartitionImpl.
Rename AuthenticationHandler to WebSocketAuthenticationHandler so that
it is clear that interface is only for WebSockets.
Change WebSocket interface to take a bound
AuthenticationAndCertificateObserver and remove the passed in frame id.
[1] https://tinyurl.com/yshosfw9
Bug: 1173710
Change-Id: I55b1261d9a9ae8e996395747a93b5f214968b037
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2668748
Reviewed-by: Matt Menke <mmenke@chromium.org>
Reviewed-by: Reilly Grant <reillyg@chromium.org>
Reviewed-by: Matt Falkenhagen <falken@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Commit-Queue: Dave Tapuska <dtapuska@chromium.org>
Cr-Commit-Position: refs/heads/master@{#852278}
IsolationInfo merges NIK and SiteForCookies, to ensure they're
consistent, and conveniently also lets us distrust SiteForCookies
values provided by the renderer.
We do not yet use the SiteForCookies value in the IsolationInfo, as it
doesn't always match (yet). This CL will allow us to add DCHECKs to
make sure the values are always the same before we switch over.
This CL also fixes some net/ WebSocket unit tests that incorrectly
set up requests with NetworkIsolationKeys with different top frame and
frame origins, but a non-empty SiteForCookies values. This is exactly
the sort of inconsistency IsolationInfo is designed to catch.
Bug: 1060631
Change-Id: I1649493c267fb7d1c334daf8c9361c93a8721ecc
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2163626
Reviewed-by: Shivani Sharma <shivanisha@chromium.org>
Reviewed-by: Hiroki Nakagawa <nhiroki@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Reviewed-by: Adam Rice <ricea@chromium.org>
Commit-Queue: Matt Menke <mmenke@chromium.org>
Cr-Commit-Position: refs/heads/master@{#763844}
... And adjust computation and use of it to take advantage of the type;
with significant simplifications to Document::SiteForCookies,
RenderFrameHostImpl::ComputeSiteForCookiesInternal, and
RenderFrameMessageFilter::ValidateCookieAccessAt
A bunch of conversions still remain around settings and media/
things, for CL-side reasons (and also deps reasons for media/).
Bug: 577565
Change-Id: Ic294275b0d01cc8bc16cb815370992ecd9ccd99f
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1935254
Commit-Queue: Maksim Orlovich <morlovich@chromium.org>
Reviewed-by: Richard Coles <torne@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Reviewed-by: John Abd-El-Malek <jam@chromium.org>
Cr-Commit-Position: refs/heads/master@{#728991}
This reduces the number of preprocessor tokens in
content_browser_client.h from 1,335,281 to 754,474. Since this is a
widely included file, reducing build times a fair bit (see bug).
TBR=tsepez for content/browser/child_process_security_policy_*
Bug: 1014009
Change-Id: Id3c2de29f5b08cab80820d01aff722afeb1618e6
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1857126
Commit-Queue: Hans Wennborg <hans@chromium.org>
Reviewed-by: Richard Coles <torne@chromium.org>
Reviewed-by: Ken Rockot <rockot@google.com>
Reviewed-by: Nico Weber <thakis@chromium.org>
Reviewed-by: Camille Lamy <clamy@chromium.org>
Reviewed-by: Sami Kyöstilä <skyostil@chromium.org>
Cr-Commit-Position: refs/heads/master@{#706388}
This CL converts AuthenticationHandlerPtr to new Mojo types.
It updates CreateWebSocket from network_context.mojom and
methods and members with new Mojo types.
It also renames |binding_as_handshake_client_| to
|receiver_as_handshake_client_| from WebRequestProxyingWebSocket.
Bug: 955171, 978694
Change-Id: I211b7ed2f37fe18b4a60ba81839abf5f77548dba
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1772901
Commit-Queue: Julie Kim <jkim@igalia.com>
Reviewed-by: John Abd-El-Malek <jam@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Reviewed-by: Yutaka Hirano <yhirano@chromium.org>
Reviewed-by: Ken Rockot <rockot@google.com>
Cr-Commit-Position: refs/heads/master@{#691538}
This CL converts TrustedHeaderClientPtr and
TrustedHeaderClientRequest to new Mojo types.
It also updates OnLoaderCreated and CreateWebSocket
from network_context.mojom.
Bug: 955171, 978694
Change-Id: If288b38aa8efd7d2fd7f76f817ee2434e10e9edb
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1767298
Reviewed-by: Ken Rockot <rockot@google.com>
Reviewed-by: John Abd-El-Malek <jam@chromium.org>
Reviewed-by: Sam McNally <sammc@chromium.org>
Commit-Queue: Julie Kim <jkim@igalia.com>
Cr-Commit-Position: refs/heads/master@{#690957}
This CL converts WebSocketHandshakeClientPtr to new Mojo types.
It updates CreateWebSocket from network_context.mojom
and Connect from websocket_connector.mojom and methods
and members which implements them.
Bug: 955171, 978694
Change-Id: I8b64aa95a38a4a50bcfd71de1a4f0a207db6f4a7
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1761885
Reviewed-by: John Abd-El-Malek <jam@chromium.org>
Reviewed-by: Yutaka Hirano <yhirano@chromium.org>
Reviewed-by: Ken Rockot <rockot@google.com>
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Commit-Queue: Julie Kim <jkim@igalia.com>
Cr-Commit-Position: refs/heads/master@{#689384}
Instead, give it as an argument of
mojom.WebSocketHandshakeClient.OnConnectionEstablished.
This is a follow up CL for
https://chromium-review.googlesource.com/c/chromium/src/+/1728917.
Passing the mojo::InterfaceRequest<WebSocketClient> at
OnConnectionEstablished is less error prone because
1) It is unable to bind the implementation before that, and
2) It is now clear that we should detect connection errors on
|handshake_client| until the connection is established, and
|client| after that.
Bug: 989406, 967524
Change-Id: Id9a7f184b678303d5b0ef8ad3b8637056a495933
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1728534
Commit-Queue: Yutaka Hirano <yhirano@chromium.org>
Reviewed-by: Yoichi Osato <yoichio@chromium.org>
Reviewed-by: Adam Rice <ricea@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Reviewed-by: Ken Rockot <rockot@google.com>
Cr-Commit-Position: refs/heads/master@{#684215}
...in order to remove the unnecessary overhead on the browser process
when downloading / uploading payloads. With this CL, both
mojom::WebSocket and mojom::WebSocketClient only pass though the proxy
interface implemented in extensions/browser/api/web_request.
With this CL,
1) NetworkContext::CreateWebSocket takes additional parameters. This
makes the state transition in network::WebSocket a bit simpler.
2) blink::mojom::WebSocketConnector is introduced.
mojom::WebSocketConnector::Connector corresponds to
mojom::WebSocket::AddChannelRequest.
3) mojom::WebSocket is passed as a parameter of
mojom::WebSocketHandshakeClient::OnConnectionEstablished.
4) Instead of mojom::WebSocket, the extensions module now receives
a function to initiate a WebSocket opening handshake.
5) ContentBrowserClient::WillCreateWebSocket is split into three:
WillInterceptWebSocket, GetWebSocketOptions and CreateWebSocket. This
incurs an additional thread hop, but it will be fixed once the
extensions module for WebSocket is moved to the UI thread.
This improves [1] in my environment.
Without the change: 318MB/s
With the change : 389MB/s
1: third_party/blink/perf_tests/websocket/receive-arraybuffer-1MBx100.html
Bug: 865001, 967524, 942989
Change-Id: I3b7e4b9f478f7b41138c1de5ffd89f2d4d278bd7
Cq-Include-Trybots: luci.chromium.try:linux-chromeos-dbg
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1680459
Commit-Queue: Yutaka Hirano <yhirano@chromium.org>
Reviewed-by: Ken Rockot <rockot@google.com>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Reviewed-by: Yoichi Osato <yoichio@chromium.org>
Reviewed-by: Adam Rice <ricea@chromium.org>
Reviewed-by: Richard Coles <torne@chromium.org>
Cr-Commit-Position: refs/heads/master@{#674747}
A previous CL
(https://chromium-review.googlesource.com/c/chromium/src/+/1570471)
plumbed a net error out of net/ when an SSL error occurs. This CL
plumbs the net error up to SSLErrorHandler, so that a net error
doesn't have to be reconstructed out of a cert status. The end goal is
to make it so that MapCertStatusToNetError is used to synthesize a net
error code when the net stack didn't treat the cert error as an error,
rather than to convert a cert status to an error code even when there
was an actual error.
Bug: 937529
Change-Id: I553061794e4efa7d40e62e0931ed0e7b908ecfd6
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1574627
Commit-Queue: Emily Stark <estark@chromium.org>
Reviewed-by: Reilly Grant <reillyg@chromium.org>
Reviewed-by: Avi Drissman <avi@chromium.org>
Reviewed-by: Ryan Sleevi <rsleevi@chromium.org>
Reviewed-by: Carlos IL <carlosil@chromium.org>
Cr-Commit-Position: refs/heads/master@{#654918}
Although we previously implemented cookie blocking in
http://crrev.com/c/1507286, this design did not correctly handle the
case where the application has decided to block only third party cookies
and the request redirects (such that it changes first-party-ness).
After the previous CL landed, we realized the design to use load_flags
had a significant consequence: this can subtly affect HTTP
authentication, since the load_flags opt the request into "privacy
mode", and net layer may pool this into a socket with other requests in
privacy mode. This might lead to putting requests we don't trust with
credentials into an already-authenticated socket (which would have
security consequences).
This mostly reverts the previous CL (because of the aforementioned
problems with load_flags) and instead propagates WebView's cookie policy
into the NetworkService via URLLoader options (and, new
WebSocket options). The NetworkServiceNetworkDelegate checks these
settings and either blocks or allows cookies.
Design: http://go/wv-ns-cookie-apis#heading=h.2h285wvuvqal
Bug: 941337, 941260
Test: $ run_webview_instrumentation_test_apk \
Test: --enable-features=NetworkService,NetworkServiceInProcess \
Test: -f CookieManagerTest.*
Test: $ out/Default/services_unittests --gtest_filter=URLLoaderTest.* \
Test: :NetworkContextTest.*Cookies
Cq-Include-Trybots: luci.chromium.try:android_mojo
Change-Id: I533886347441ae369b925574f344dd65801509e5
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1542726
Commit-Queue: Nate Fischer <ntfschr@chromium.org>
Reviewed-by: Matt Menke <mmenke@chromium.org>
Reviewed-by: Richard Coles <torne@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Reviewed-by: John Abd-El-Malek <jam@chromium.org>
Cr-Commit-Position: refs/heads/master@{#646986}
Convert the URL to be checked from a WebSocket URL to an HTTP URL before
checking if cookie data from this origin can be shared with the
renderer. This is necessary because a page will never have a WebSocket
URL as its origin, but they are considered equivalent for permission
checks.
Also add a test that the Set-Cookie header is exposed to the inspector
protocol when it should be, and not otherwise.
BUG=924972
Change-Id: Ic760bdec9caf1f1871ae64a57ea7fc0bf3c012ec
Reviewed-on: https://chromium-review.googlesource.com/c/1458401
Commit-Queue: Adam Rice <ricea@chromium.org>
Reviewed-by: Yutaka Hirano <yhirano@chromium.org>
Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org>
Cr-Commit-Position: refs/heads/master@{#631638}
The browser includes cookie headers in those it sends to the renderer if
DevTools is open. Add a check that the renderer has access to cookie
data for that origin.
This CL only changes the non-network-service codepath. The network
service code path will changed in a followup CL.
BUG=924972
Change-Id: Iaa9cd66ab805fa59a61b9f4ae192b4ef94c79962
Reviewed-on: https://chromium-review.googlesource.com/c/1439461
Reviewed-by: Yutaka Hirano <yhirano@chromium.org>
Commit-Queue: Adam Rice <ricea@chromium.org>
Cr-Commit-Position: refs/heads/master@{#629154}
net::WebSocketChannel and various related classes use std::string to
represent request headers. This CL changes them to HttpRequestHeaders.
Bug: 721400
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_mojo
Change-Id: Id730779b36f3a319a61b44516bd3e8389ebdfc23
Reviewed-on: https://chromium-review.googlesource.com/1065713
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Reviewed-by: Adam Rice <ricea@chromium.org>
Commit-Queue: Yutaka Hirano <yhirano@chromium.org>
Cr-Commit-Position: refs/heads/master@{#560888}
This updates documentation and comments. It also fixes one instance of
code in media_router_bindings.js.
Tbr: markdown change
Bug: 835446
Change-Id: Iae247c318cf9547d4d536a1a04c0f7a9cf65eb14
Reviewed-on: https://chromium-review.googlesource.com/1062345
Commit-Queue: Robert Sesek <rsesek@chromium.org>
Reviewed-by: Ken Rockot <rockot@chromium.org>
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Cr-Commit-Position: refs/heads/master@{#559600}
This is a preparation CL for the off-main-thread WebSocket.
After this CL, DedicatedWorkerHost is created from RenderFrameHostImpl, not from
RendererInterfaceBinders, so that DedicatedWorkerHost can get its parent frame's
id. This may not work for nested workers, but probably we can add an interface
for creating DedicatedWorkerHost to DedicatedWorkerHost for that case.
<Motivation>
DedicatedWorkerHost needs to know the parent frame id in order to share a user
decision on the SSL certificate warning interstitial among the parent document
and dedicated workers. When the off-main-thread WebSocket is disabled, the
decision is naturally shared among them because the dedicated workers depend on
their parent document's loader. Once the off-main-thread WebSocket is enabled,
the dedicated workers need to annotate requests as permitted using their parent
frame's id.
<Notes>
This CL renames private WebSocketManager::CreateWebSocket() overloaded by public
CreateWebSocket() to DoCreateWebSocketInternal() because the overload makes
base::BindRepeating() confused.
Bug: 825740
Change-Id: I9c2b07bea60cce315b94a4776b1d163e4330a208
Reviewed-on: https://chromium-review.googlesource.com/1025497
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Reviewed-by: Matt Falkenhagen <falken@chromium.org>
Reviewed-by: Yutaka Hirano <yhirano@chromium.org>
Commit-Queue: Hiroki Nakagawa <nhiroki@chromium.org>
Cr-Commit-Position: refs/heads/master@{#554280}
It no longer defines base::MakeUnique, so it should only be included
where base::WrapUnique is used.
Generated by:
for x in `git grep -l '#include "base/memory/ptr_util.h"' content`; do \
grep -q WrapUnique "$x" || sed -i -e \
'/^#include "base\/memory\/ptr_util\.h"$/d' "$x"; done
Bug: 755727
Tbr: mkwst@chromium.org
Change-Id: Ie2a34ff8f0fe83491185cd9f1a0aa52aa21829bb
Reviewed-on: https://chromium-review.googlesource.com/1005834
Reviewed-by: Jeremy Roman <jbroman@chromium.org>
Reviewed-by: John Abd-El-Malek <jam@chromium.org>
Commit-Queue: Jeremy Roman <jbroman@chromium.org>
Cr-Commit-Position: refs/heads/master@{#549918}
This CL introduces WebSocket throttling on network::WebSocketFactory by
moving some logic from content/browser/websockets to services/network.
Bug: 721400
Cq-Include-Trybots: master.tryserver.chromium.linux:linux_mojo
Change-Id: Ie007765411d95d1854fc0271652d599e5ccbcd0c
Reviewed-on: https://chromium-review.googlesource.com/979872
Commit-Queue: Yutaka Hirano <yhirano@chromium.org>
Reviewed-by: Adam Rice <ricea@chromium.org>
Cr-Commit-Position: refs/heads/master@{#545766}
Previously network::WebSocket objects were stored as raw pointers
in a set and deleted manually. Use a set<unique_ptr<WebSocket>,
UniquePtrComparator> instead, making ownership explicit and reducing the
risk of leaking.
Change-Id: I0337551d8fd073341241723538cf9864eb206c87
Reviewed-on: https://chromium-review.googlesource.com/978282
Reviewed-by: Yutaka Hirano <yhirano@chromium.org>
Commit-Queue: Adam Rice <ricea@chromium.org>
Cr-Commit-Position: refs/heads/master@{#545728}
