Google Git
Sign in
chromium / chromium / src / cfcea24df99ff6ecfc7a6477ecaf013475bb6bf3
commitcfcea24df99ff6ecfc7a6477ecaf013475bb6bf3[log] [tgz]
authorXiaochen Zhou <xiaochenzh@chromium.org>Tue Jul 30 20:46:55 2024
committerChromium LUCI CQ <chromium-scoped@luci-project-accounts.iam.gserviceaccount.com>Tue Jul 30 20:46:55 2024
tree21f0745ac47d1f74ee3e5f94106a7b9d78fa7908
parent0cc2f20c21606899ebb2af331d1f3988994745eb [diff]
Fenced frames: Disable preload when network is revoked

Fenced frames(FF) can disable network access by invoking FF API:
window.fence.disableUntrustedNetwork().

After the network access is revoked, no preload requests are
allowed from FF.

There are two triggers for preload requests:

1. Via a response header, for example:
Link: </main.js>; rel="preload"; as="script"

2. From a link element, for example:
<link rel="preload" href="/main.js" as="script"/>

The first case has already been disabled for FF, regardless of FF's
network status. See crrev.com/c/3468236.

The second case is taken care of by the existing network status checks
in CorsURLLoaderFactory. This CL adds tests to verify this.

See: https://github.com/WICG/fenced-frame/blob/master/explainer/fenced_frames_with_local_unpartitioned_data_access.md#revoking-network-access

Bug: 1515599
Change-Id: I19f0d74e682a28bae56d2a5bf12e96b9c5e796e4
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5749322
Commit-Queue: Xiaochen Zhou <xiaochenzh@chromium.org>
Reviewed-by: Garrett Tanzer <gtanzer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1335078}
6 files changed
tree: 21f0745ac47d1f74ee3e5f94106a7b9d78fa7908
  1. android_webview/
  2. apps/
  3. ash/
  4. base/
  5. build/
  6. build_overrides/
  7. buildtools/
  8. cc/
  9. chrome/
  10. chromecast/
  11. chromeos/
  12. codelabs/
  13. components/
  14. content/
  15. courgette/
  16. crypto/
  17. dbus/
  18. device/
  19. docs/
  20. extensions/
  21. fuchsia_web/
  22. gin/
  23. google_apis/
  24. google_update/
  25. gpu/
  26. headless/
  27. infra/
  28. ios/
  29. ipc/
  30. media/
  31. mojo/
  32. native_client_sdk/
  33. net/
  34. pdf/
  35. ppapi/
  36. printing/
  37. remoting/
  38. rlz/
  39. sandbox/
  40. services/
  41. skia/
  42. sql/
  43. storage/
  44. styleguide/
  45. testing/
  46. third_party/
  47. tools/
  48. ui/
  49. url/
  50. webkit/
  51. clank
  52. internal
  53. ios_internal
  54. native_client
  55. signing_keys
  56. v8
  57. .clang-format
  58. .clang-tidy
  59. .clangd
  60. .eslintrc.js
  61. .git-blame-ignore-revs
  62. .gitallowed
  63. .gitattributes
  64. .gitignore
  65. .gitmodules
  66. .gn
  67. .mailmap
  68. .rustfmt.toml
  69. .vpython3
  70. .yapfignore
  71. ATL_OWNERS
  72. AUTHORS
  73. BUILD.gn
  74. CODE_OF_CONDUCT.md
  75. codereview.settings
  76. CPPLINT.cfg
  77. DEPS
  78. DIR_METADATA
  79. LICENSE
  80. LICENSE.chromium_os
  81. OWNERS
  82. PRESUBMIT.py
  83. PRESUBMIT_test.py
  84. PRESUBMIT_test_mocks.py
  85. README.md
  86. WATCHLISTS
README.md

Logo Chromium

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.

The project's web site is https://www.chromium.org.

To check out the source code locally, don't use git clone! Instead, follow the instructions on how to get the code.

Documentation in the source is rooted in docs/README.md.

Learn how to Get Around the Chromium Source Code Directory Structure.

For historical reasons, there are some small top level directories. Now the guidance is that new top level directories are for product (e.g. Chrome, Android WebView, Ash). Even if these products have multiple executables, the code should be in subdirectories of the product.

If you found a bug, please file it at https://crbug.com/new.