Remove dup'ed code for RequestorOrigin and FirstPartyCookie
- Remove RequestorOrigin and FirstPartyCookie code in RenderFrameImpl
(except for PlzNavigate's main frame resource case)
- Most of the code now lives in FrameFetchContext
- Also fix TODO to initialize ResourceRequest::RequestorOrigin with null
Some implementation notes:
Before this change, the logic was like:
1. When ResourceFetcher populates an initial resource request
FetchContext::SetFirstPartyCookieAndRequestorOrigin was called in
PopulateResourceRequest, and this used to do:
if (!GetDocument())
return;
if (request.FirstPartyForCookies().IsNull()) {
request.SetFirstPartyForCookies(
GetDocument() ? GetDocument()->FirstPartyForCookies() // [A]
: SecurityOrigin::UrlWithUniqueSecurityOrigin()); // [B]
}
if (request.GetFrameType() == WebURLRequest::kFrameTypeNone &&
request.RequestorOrigin()->IsUnique()) {
request.SetRequestorOrigin(GetDocument()->IsSandboxed(kSandboxOrigin)
? SecurityOrigin::Create(document_->Url()) // [a]
: document_->GetSecurityOrigin()); // [b]
}
2. After that, FrameFetchContext::WillSendRequest does:
if (request.FirstPartyForCookies().IsEmpty()) {
if (request.GetFrameType() == blink::WebURLRequest::kFrameTypeTopLevel)
request.SetFirstPartyForCookies(request.Url()); // [C]
else
request.SetFirstPartyForCookies(
frame_->GetDocument().FirstPartyForCookies()); // [D]
}
WebDocument frame_document = frame_->GetDocument();
if (request.RequestorOrigin().IsUnique() &&
!frame_document.GetSecurityOrigin().IsUnique()) {
request.SetRequestorOrigin(frame_document.GetSecurityOrigin()); // [c]
}
This logic is also called on redirects.
Note that:
- [B] case is invalid as we return null-document case
- [C],[D],[c] happens only if document is null, and for initial
top-level frame request case this is always the case
- Therefore: [A][C][D] are the valid cases for first-party-cookie,
and [a][b][c] are for requestor-origin
After this change, FrameFetchContext::WillSendRequest does:
if (request.FirstPartyForCookies().IsNull()) {
if (request.GetFrameType() == WebURLRequest::kFrameTypeTopLevel) {
request.SetFirstPartyForCookies(request.Url()); // == [C] (document is null)
} else {
Document* document =
GetDocument() ? GetDocument() : GetFrame()->GetDocument();
request.SetFirstPartyForCookies(document->FirstPartyForCookies()); // == [A][D]
}
}
if (!request.RequestorOrigin()) {
if (request.GetFrameType() == WebURLRequest::kFrameTypeNone) {
Document* document = GetDocument();
request.SetRequestorOrigin(document->IsSandboxed(kSandboxOrigin)
? SecurityOrigin::Create(document->Url()) // [a]
: document->GetSecurityOrigin()); // [b]
} else {
request.SetRequestorOrigin(
GetFrame()->GetDocument()->GetSecurityOrigin()); // [c]
}
}
BUG=671533, 625969
Review-Url: https://codereview.chromium.org/2918653004
Cr-Commit-Position: refs/heads/master@{#478191}
7 files changed