| // Copyright 2019 The Chromium Authors |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "content/browser/url_loader_factory_params_helper.h" |
| |
| #include <optional> |
| #include <string_view> |
| |
| #include "base/command_line.h" |
| #include "base/containers/lru_cache.h" |
| #include "base/no_destructor.h" |
| #include "content/browser/devtools/network_service_devtools_observer.h" |
| #include "content/browser/renderer_host/frame_tree_node.h" |
| #include "content/browser/renderer_host/navigation_request.h" |
| #include "content/browser/renderer_host/render_frame_host_impl.h" |
| #include "content/browser/storage_partition_impl.h" |
| #include "content/public/browser/content_browser_client.h" |
| #include "content/public/browser/render_process_host.h" |
| #include "content/public/browser/render_view_host.h" |
| #include "content/public/browser/runtime_feature_state/runtime_feature_state_document_data.h" |
| #include "content/public/common/content_client.h" |
| #include "content/public/common/content_switches.h" |
| #include "content/public/common/url_constants.h" |
| #include "net/base/features.h" |
| #include "net/base/isolation_info.h" |
| #include "net/cookies/cookie_setting_override.h" |
| #include "services/network/public/cpp/is_potentially_trustworthy.h" |
| #include "services/network/public/mojom/cross_origin_embedder_policy.mojom.h" |
| #include "services/network/public/mojom/device_bound_sessions.mojom.h" |
| #include "services/network/public/mojom/early_hints.mojom.h" |
| #include "services/network/public/mojom/network_context.mojom.h" |
| #include "services/network/public/mojom/shared_dictionary_access_observer.mojom.h" |
| #include "services/network/public/mojom/url_loader.mojom-shared.h" |
| #include "third_party/blink/public/common/tokens/tokens.h" |
| #include "third_party/blink/public/common/web_preferences/web_preferences.h" |
| |
| namespace content { |
| |
| namespace { |
| |
| // Helper used by the public URLLoaderFactoryParamsHelper::Create... methods. |
| // |
| // |origin| is the origin that will use the URLLoaderFactory. |
| // |origin| is typically the same as the origin in |
| // network::ResourceRequest::request_initiator, except when |
| // |is_for_isolated_world|. See also the doc comment for |
| // extensions::URLLoaderFactoryManager::CreateFactory. |
| network::mojom::URLLoaderFactoryParamsPtr CreateParams( |
| RenderProcessHost* process, |
| const url::Origin& origin, |
| const url::Origin& request_initiator_origin_lock, |
| bool is_trusted, |
| const std::optional<blink::LocalFrameToken>& top_frame_token, |
| const net::IsolationInfo& isolation_info, |
| network::mojom::ClientSecurityStatePtr client_security_state, |
| mojo::PendingRemote<network::mojom::CrossOriginEmbedderPolicyReporter> |
| coep_reporter, |
| mojo::PendingRemote<network::mojom::DocumentIsolationPolicyReporter> |
| dip_reporter, |
| bool allow_universal_access_from_file_urls, |
| bool is_for_isolated_world, |
| mojo::PendingRemote<network::mojom::CookieAccessObserver> cookie_observer, |
| mojo::PendingRemote<network::mojom::TrustTokenAccessObserver> |
| trust_token_observer, |
| mojo::PendingRemote<network::mojom::SharedDictionaryAccessObserver> |
| shared_dictionary_observer, |
| mojo::PendingRemote<network::mojom::URLLoaderNetworkServiceObserver> |
| url_loader_network_observer, |
| mojo::PendingRemote<network::mojom::DevToolsObserver> devtools_observer, |
| mojo::PendingRemote<network::mojom::DeviceBoundSessionAccessObserver> |
| device_bound_session_observer, |
| network::mojom::TrustTokenOperationPolicyVerdict |
| trust_token_issuance_policy, |
| network::mojom::TrustTokenOperationPolicyVerdict |
| trust_token_redemption_policy, |
| net::CookieSettingOverrides cookie_setting_overrides, |
| std::string_view debug_tag, |
| bool require_cross_site_request_for_cookies, |
| bool is_for_service_worker) { |
| DCHECK(process); |
| |
| network::mojom::URLLoaderFactoryParamsPtr params = |
| network::mojom::URLLoaderFactoryParams::New(); |
| |
| params->process_id = process->GetDeprecatedID(); |
| params->request_initiator_origin_lock = request_initiator_origin_lock; |
| |
| params->is_trusted = is_trusted; |
| if (top_frame_token) |
| params->top_frame_id = top_frame_token.value().value(); |
| params->isolation_info = isolation_info; |
| |
| params->disable_web_security = |
| base::CommandLine::ForCurrentProcess()->HasSwitch( |
| switches::kDisableWebSecurity); |
| params->client_security_state = std::move(client_security_state); |
| params->coep_reporter = std::move(coep_reporter); |
| params->dip_reporter = std::move(dip_reporter); |
| |
| if (params->disable_web_security) { |
| // --disable-web-security also disables Opaque Response Blocking (ORB). |
| params->is_orb_enabled = false; |
| } else if (allow_universal_access_from_file_urls && |
| origin.scheme() == url::kFileScheme) { |
| // allow_universal_access_from_file_urls disables ORB (via |
| // `is_orb_enabled`) and CORS (via `disable_web_security`) for requests |
| // made from a file: |origin|. |
| params->is_orb_enabled = false; |
| params->disable_web_security = true; |
| } else { |
| params->is_orb_enabled = true; |
| } |
| |
| params->trust_token_issuance_policy = trust_token_issuance_policy; |
| params->trust_token_redemption_policy = trust_token_redemption_policy; |
| |
| GetContentClient()->browser()->OverrideURLLoaderFactoryParams( |
| process->GetBrowserContext(), origin, is_for_isolated_world, |
| is_for_service_worker, params.get()); |
| |
| params->cookie_observer = std::move(cookie_observer); |
| params->trust_token_observer = std::move(trust_token_observer); |
| params->shared_dictionary_observer = std::move(shared_dictionary_observer); |
| params->url_loader_network_observer = std::move(url_loader_network_observer); |
| params->devtools_observer = std::move(devtools_observer); |
| params->device_bound_session_observer = |
| std::move(device_bound_session_observer); |
| |
| params->cookie_setting_overrides = cookie_setting_overrides; |
| |
| params->debug_tag = std::string(debug_tag); |
| |
| params->require_cross_site_request_for_cookies = |
| require_cross_site_request_for_cookies; |
| |
| if (URLLoaderFactoryParamsHelper::IsMainFrameOriginRecentlyAccessed( |
| isolation_info)) { |
| params->is_main_frame_origin_recently_accessed = true; |
| } |
| |
| return params; |
| } |
| |
| base::LRUCacheSet<url::Origin>& GetRecentlyAccessedOriginSet() { |
| static base::NoDestructor<base::LRUCacheSet<url::Origin>> origin_set( |
| net::features::kRecentlyAccessedOriginCacheSize.Get()); |
| return *origin_set; |
| } |
| |
| } // namespace |
| |
| // static |
| network::mojom::URLLoaderFactoryParamsPtr |
| URLLoaderFactoryParamsHelper::CreateForFrame( |
| RenderFrameHostImpl* frame, |
| const url::Origin& frame_origin, |
| const net::IsolationInfo& isolation_info, |
| network::mojom::ClientSecurityStatePtr client_security_state, |
| mojo::PendingRemote<network::mojom::CrossOriginEmbedderPolicyReporter> |
| coep_reporter, |
| mojo::PendingRemote<network::mojom::DocumentIsolationPolicyReporter> |
| dip_reporter, |
| RenderProcessHost* process, |
| network::mojom::TrustTokenOperationPolicyVerdict |
| trust_token_issuance_policy, |
| network::mojom::TrustTokenOperationPolicyVerdict |
| trust_token_redemption_policy, |
| net::CookieSettingOverrides cookie_setting_overrides, |
| std::string_view debug_tag) { |
| return CreateParams( |
| process, |
| frame_origin, // origin |
| frame_origin, // request_initiator_origin_lock |
| false, // is_trusted |
| frame->GetTopFrameToken(), isolation_info, |
| std::move(client_security_state), std::move(coep_reporter), |
| std::move(dip_reporter), |
| frame->GetOrCreateWebPreferences().allow_universal_access_from_file_urls, |
| false, // is_for_isolated_world |
| frame->CreateCookieAccessObserver( |
| CookieAccessDetails::Source::kNonNavigation), |
| frame->CreateTrustTokenAccessObserver(), |
| frame->CreateSharedDictionaryAccessObserver(), |
| frame->CreateURLLoaderNetworkObserver(), |
| NetworkServiceDevToolsObserver::MakeSelfOwned(frame->frame_tree_node()), |
| frame->CreateDeviceBoundSessionObserver(), trust_token_issuance_policy, |
| trust_token_redemption_policy, cookie_setting_overrides, debug_tag, |
| /*require_cross_site_request_for_cookies=*/false, |
| /*is_for_service_worker=*/false); |
| } |
| |
| // static |
| network::mojom::URLLoaderFactoryParamsPtr |
| URLLoaderFactoryParamsHelper::CreateForIsolatedWorld( |
| RenderFrameHostImpl* frame, |
| const url::Origin& isolated_world_origin, |
| const url::Origin& main_world_origin, |
| const net::IsolationInfo& isolation_info, |
| network::mojom::ClientSecurityStatePtr client_security_state, |
| network::mojom::TrustTokenOperationPolicyVerdict |
| trust_token_issuance_policy, |
| network::mojom::TrustTokenOperationPolicyVerdict |
| trust_token_redemption_policy, |
| net::CookieSettingOverrides cookie_setting_overrides) { |
| return CreateParams( |
| frame->GetProcess(), |
| isolated_world_origin, // origin |
| main_world_origin, // request_initiator_origin_lock |
| false, // is_trusted |
| frame->GetTopFrameToken(), isolation_info, |
| std::move(client_security_state), |
| mojo::NullRemote(), // coep_reporter |
| mojo::NullRemote(), // dip_reporter |
| frame->GetOrCreateWebPreferences().allow_universal_access_from_file_urls, |
| true, // is_for_isolated_world |
| frame->CreateCookieAccessObserver( |
| CookieAccessDetails::Source::kNonNavigation), |
| frame->CreateTrustTokenAccessObserver(), |
| frame->CreateSharedDictionaryAccessObserver(), |
| frame->CreateURLLoaderNetworkObserver(), |
| NetworkServiceDevToolsObserver::MakeSelfOwned(frame->frame_tree_node()), |
| frame->CreateDeviceBoundSessionObserver(), trust_token_issuance_policy, |
| trust_token_redemption_policy, cookie_setting_overrides, |
| "ParamHelper::CreateForIsolatedWorld", |
| /*require_cross_site_request_for_cookies=*/false, |
| /*is_for_service_worker=*/false); |
| } |
| |
| network::mojom::URLLoaderFactoryParamsPtr |
| URLLoaderFactoryParamsHelper::CreateForPrefetch( |
| RenderFrameHostImpl* frame, |
| network::mojom::ClientSecurityStatePtr client_security_state, |
| net::CookieSettingOverrides cookie_setting_overrides) { |
| // The factory client |is_trusted| to control the |network_isolation_key| in |
| // each separate request (rather than forcing the client to use the key |
| // specified in URLLoaderFactoryParams). |
| const url::Origin& frame_origin = frame->GetLastCommittedOrigin(); |
| return CreateParams( |
| frame->GetProcess(), |
| frame_origin, // origin |
| frame_origin, // request_initiator_origin_lock |
| true, // is_trusted |
| frame->GetTopFrameToken(), |
| net::IsolationInfo(), // isolation_info |
| std::move(client_security_state), |
| mojo::NullRemote(), // coep_reporter |
| mojo::NullRemote(), // dip_reporter |
| frame->GetOrCreateWebPreferences().allow_universal_access_from_file_urls, |
| false, // is_for_isolated_world |
| frame->CreateCookieAccessObserver( |
| CookieAccessDetails::Source::kNonNavigation), |
| frame->CreateTrustTokenAccessObserver(), |
| frame->CreateSharedDictionaryAccessObserver(), |
| frame->CreateURLLoaderNetworkObserver(), |
| NetworkServiceDevToolsObserver::MakeSelfOwned(frame->frame_tree_node()), |
| frame->CreateDeviceBoundSessionObserver(), |
| network::mojom::TrustTokenOperationPolicyVerdict::kForbid, |
| network::mojom::TrustTokenOperationPolicyVerdict::kForbid, |
| cookie_setting_overrides, "ParamHelper::CreateForPrefetch", |
| /*require_cross_site_request_for_cookies=*/false, |
| /*is_for_service_worker=*/false); |
| } |
| |
| // static |
| // TODO(crbug.com/40190528): make sure client_security_state is no longer |
| // nullptr anywhere. |
| // TODO(crbug.com/40247160): Investigate whether to support cookie setting |
| // overrides (hardcoded empty set used for now). |
| network::mojom::URLLoaderFactoryParamsPtr |
| URLLoaderFactoryParamsHelper::CreateForWorker( |
| RenderProcessHost* process, |
| const url::Origin& request_initiator, |
| const net::IsolationInfo& isolation_info, |
| mojo::PendingRemote<network::mojom::CrossOriginEmbedderPolicyReporter> |
| coep_reporter, |
| mojo::PendingRemote<network::mojom::DocumentIsolationPolicyReporter> |
| dip_reporter, |
| mojo::PendingRemote<network::mojom::URLLoaderNetworkServiceObserver> |
| url_loader_network_observer, |
| mojo::PendingRemote<network::mojom::DevToolsObserver> devtools_observer, |
| network::mojom::ClientSecurityStatePtr client_security_state, |
| std::string_view debug_tag, |
| bool require_cross_site_request_for_cookies, |
| bool is_for_service_worker) { |
| return CreateParams( |
| process, |
| request_initiator, // origin |
| request_initiator, // request_initiator_origin_lock |
| false, // is_trusted |
| std::nullopt, // top_frame_token |
| isolation_info, std::move(client_security_state), |
| std::move(coep_reporter), std::move(dip_reporter), |
| false, // allow_universal_access_from_file_urls |
| false, // is_for_isolated_world |
| static_cast<StoragePartitionImpl*>(process->GetStoragePartition()) |
| ->CreateCookieAccessObserverForServiceWorker(), |
| static_cast<StoragePartitionImpl*>(process->GetStoragePartition()) |
| ->CreateTrustTokenAccessObserverForServiceWorker(), |
| static_cast<StoragePartitionImpl*>(process->GetStoragePartition()) |
| ->CreateSharedDictionaryAccessObserverForServiceWorker(), |
| std::move(url_loader_network_observer), std::move(devtools_observer), |
| static_cast<StoragePartitionImpl*>(process->GetStoragePartition()) |
| ->CreateDeviceBoundSessionObserverForServiceWorker(), |
| // Trust Token redemption and signing operations require the Permissions |
| // Policy. It seems Permissions Policy in worker contexts |
| // is currently an open issue (as of 06/21/2022): |
| // https://github.com/w3c/webappsec-permissions-policy/issues/207. |
| network::mojom::TrustTokenOperationPolicyVerdict::kPotentiallyPermit, |
| network::mojom::TrustTokenOperationPolicyVerdict::kPotentiallyPermit, |
| net::CookieSettingOverrides(), debug_tag, |
| require_cross_site_request_for_cookies, is_for_service_worker); |
| } |
| |
| // static |
| // TODO(crbug.com/40247160): Investigate whether to support cookie setting |
| // overrides (hardcoded empty set used for now). |
| network::mojom::URLLoaderFactoryParamsPtr |
| URLLoaderFactoryParamsHelper::CreateForEarlyHintsPreload( |
| RenderProcessHost* process, |
| const url::Origin& tentative_origin, |
| NavigationRequest& navigation_request, |
| const network::mojom::EarlyHints& early_hints, |
| mojo::PendingRemote<network::mojom::CookieAccessObserver> cookie_observer, |
| mojo::PendingRemote<network::mojom::TrustTokenAccessObserver> |
| trust_token_observer, |
| mojo::PendingRemote<network::mojom::SharedDictionaryAccessObserver> |
| shared_dictionary_observer, |
| mojo::PendingRemote<network::mojom::DeviceBoundSessionAccessObserver> |
| device_bound_session_observer) { |
| // TODO(crbug.com/40188470): Consider not using the speculative |
| // RenderFrameHostImpl to create URLLoaderNetworkServiceObserver. |
| // In general we should avoid using speculative RenderFrameHostImpl |
| // to fill URLLoaderFactoryParams because some parameters can be calculated |
| // only after the RenderFrameHostImpl is committed. |
| // See also the design doc linked from the bug entry. It describes options |
| // to create the observer without RenderFrameHostImpl. |
| mojo::PendingRemote<network::mojom::URLLoaderNetworkServiceObserver> |
| url_loader_network_observer = navigation_request.frame_tree_node() |
| ->current_frame_host() |
| ->CreateURLLoaderNetworkObserver(); |
| |
| auto isolation_info = net::IsolationInfo::Create( |
| net::IsolationInfo::RequestType::kOther, |
| /*top_frame_origin=*/tentative_origin, /*frame_origin=*/tentative_origin, |
| net::SiteForCookies::FromOrigin(tentative_origin)); |
| |
| // TODO(https://issues.chromium.org/issues/336754077): |
| // Support Document-Isolation-Policy in early hints headers instead of passing |
| // a default DocumentIsolationPolicy. |
| network::mojom::ClientSecurityStatePtr client_security_state = |
| network::mojom::ClientSecurityState::New( |
| early_hints.headers->cross_origin_embedder_policy, |
| network::IsOriginPotentiallyTrustworthy(tentative_origin), |
| early_hints.ip_address_space, |
| network::mojom::PrivateNetworkRequestPolicy::kBlock, |
| network::DocumentIsolationPolicy()); |
| |
| return CreateParams( |
| process, /*origin=*/tentative_origin, |
| /*request_initiator_origin_lock=*/tentative_origin, |
| /*is_trusted=*/false, /*top_frame_token=*/std::nullopt, isolation_info, |
| std::move(client_security_state), |
| /*coep_reporter=*/mojo::NullRemote(), |
| /*dip_reporter=*/mojo::NullRemote(), |
| /*allow_universal_access_from_file_urls=*/false, |
| /*is_for_isolated_world=*/false, std::move(cookie_observer), |
| std::move(trust_token_observer), std::move(shared_dictionary_observer), |
| std::move(url_loader_network_observer), |
| /*devtools_observer=*/mojo::NullRemote(), |
| std::move(device_bound_session_observer), |
| network::mojom::TrustTokenOperationPolicyVerdict::kForbid, |
| network::mojom::TrustTokenOperationPolicyVerdict::kForbid, |
| net::CookieSettingOverrides(), "ParamHelper::CreateForEarlyHintsPreload", |
| /*require_cross_site_request_for_cookies=*/false, |
| /*is_for_service_worker=*/false); |
| } |
| |
| // static |
| void URLLoaderFactoryParamsHelper::OnMainFrameNavigation(url::Origin origin) { |
| if (base::FeatureList::IsEnabled( |
| net::features::kUpdateIsMainFrameOriginRecentlyAccessed)) { |
| GetRecentlyAccessedOriginSet().Put(std::move(origin)); |
| } |
| } |
| |
| // static |
| bool URLLoaderFactoryParamsHelper::IsMainFrameOriginRecentlyAccessed( |
| const net::IsolationInfo& isolation_info) { |
| if (!base::FeatureList::IsEnabled( |
| net::features::kUpdateIsMainFrameOriginRecentlyAccessed)) { |
| return false; |
| } |
| |
| const std::optional<url::Origin> top_frame_origin = |
| isolation_info.top_frame_origin(); |
| if (!top_frame_origin) { |
| return false; |
| } |
| |
| auto& origin_set = GetRecentlyAccessedOriginSet(); |
| return origin_set.Peek(top_frame_origin.value()) != origin_set.end(); |
| } |
| |
| } // namespace content |
