Pass nonce in net::IsolationInfo for shared workers subresources
This CL takes the nonce into account when creating the
net::IsolationInfo for subresource requests initiated by shared
workers. In this way, the IsolationInfo is populated correctly also
if the shared worker is owned by an anonymous iframe.
Anonymous iframes are implemented behind a flag, so this CL should have
no effect unless that flag is enabled.
Bug: 1226469
Change-Id: I9b3a621c6272399751a6774671bd4ac49c58e3aa
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3141440
Commit-Queue: Antonio Sartori <antoniosartori@chromium.org>
Reviewed-by: Ben Kelly <wanderview@chromium.org>
Cr-Commit-Position: refs/heads/main@{#919784}
diff --git a/content/browser/worker_host/shared_worker_host.cc b/content/browser/worker_host/shared_worker_host.cc
index 19c2c6fd..b6effd1 100644
--- a/content/browser/worker_host/shared_worker_host.cc
+++ b/content/browser/worker_host/shared_worker_host.cc
@@ -377,8 +377,15 @@
URLLoaderFactoryParamsHelper::CreateForWorker(
GetProcessHost(), origin,
net::IsolationInfo::Create(net::IsolationInfo::RequestType::kOther,
+ // TODO(https://crbug.com/1147281): We
+ // should pass the top_level_site from
+ // `GetStorageKey()` instead.
origin, origin,
- net::SiteForCookies::FromOrigin(origin)),
+ net::SiteForCookies::FromOrigin(origin),
+ /*party_context=*/absl::nullopt,
+ GetStorageKey().nonce().has_value()
+ ? &GetStorageKey().nonce().value()
+ : nullptr),
std::move(coep_reporter),
/*url_loader_network_observer=*/mojo::NullRemote(),
/*devtools_observer=*/mojo::NullRemote(),
diff --git a/content/browser/worker_host/shared_worker_host_unittest.cc b/content/browser/worker_host/shared_worker_host_unittest.cc
index 9289d5c..700459f 100644
--- a/content/browser/worker_host/shared_worker_host_unittest.cc
+++ b/content/browser/worker_host/shared_worker_host_unittest.cc
@@ -12,6 +12,7 @@
#include "base/macros.h"
#include "base/memory/ptr_util.h"
#include "base/run_loop.h"
+#include "base/unguessable_token.h"
#include "content/browser/appcache/chrome_appcache_service.h"
#include "content/browser/navigation_subresource_loader_params.h"
#include "content/browser/renderer_host/render_process_host_impl.h"
@@ -33,6 +34,7 @@
#include "services/network/public/cpp/cross_origin_embedder_policy.h"
#include "services/network/public/cpp/features.h"
#include "services/network/public/cpp/not_implemented_url_loader_factory.h"
+#include "testing/gmock/include/gmock/gmock-matchers.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "third_party/blink/public/common/messaging/message_port_channel.h"
#include "third_party/blink/public/common/messaging/message_port_descriptor.h"
@@ -349,4 +351,34 @@
EXPECT_FALSE(host);
}
+TEST_F(SharedWorkerHostTest, CreateNetworkFactoryParamsForSubresources) {
+ base::WeakPtr<SharedWorkerHost> host = CreateHost();
+ network::mojom::URLLoaderFactoryParamsPtr params =
+ host->CreateNetworkFactoryParamsForSubresources();
+ EXPECT_EQ(host->GetStorageKey().origin(),
+ params->isolation_info.frame_origin());
+ EXPECT_FALSE(params->isolation_info.nonce().has_value());
+}
+
+TEST_F(SharedWorkerHostTest,
+ CreateNetworkFactoryParamsForSubresourcesWithNonce) {
+ base::UnguessableToken nonce = base::UnguessableToken::Create();
+ SharedWorkerInstance instance(
+ kWorkerUrl, blink::mojom::ScriptType::kClassic,
+ network::mojom::CredentialsMode::kSameOrigin, "name",
+ blink::StorageKey::CreateWithNonce(url::Origin::Create(kWorkerUrl),
+ nonce),
+ network::mojom::IPAddressSpace::kPublic,
+ blink::mojom::SharedWorkerCreationContextType::kSecure);
+ auto host = std::make_unique<SharedWorkerHost>(
+ &service_, instance, site_instance_,
+ std::vector<network::mojom::ContentSecurityPolicyPtr>(),
+ network::CrossOriginEmbedderPolicy());
+ network::mojom::URLLoaderFactoryParamsPtr params =
+ host->CreateNetworkFactoryParamsForSubresources();
+ EXPECT_EQ(url::Origin::Create(kWorkerUrl),
+ params->isolation_info.frame_origin());
+ EXPECT_THAT(params->isolation_info.nonce(), testing::Optional(nonce));
+}
+
} // namespace content
