Pass nonce in net::IsolationInfo when binding WebSocketConnector

This CL takes the nonce into account when creating a WebSocketConnector for shared and service workers. In this way, the IsolationInfo of a WebSocketConnector is populated correctly also if the worker is owned by an anonymous iframe. Anonymous iframes are implemented behind a flag, so this CL should have no effect unless that flag is enabled. Bug: 1226469 Change-Id: I3a8786f472be60c5ff2ac340baf34418c0cef504 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3138199 Reviewed-by: Arthur Sonzogni <arthursonzogni@chromium.org> Reviewed-by: Alex Gough <ajgo@chromium.org> Commit-Queue: Antonio Sartori <antoniosartori@chromium.org> Cr-Commit-Position: refs/heads/main@{#919750}
FairyWorld · Sep 9, 2021 · 88ef3fd · 88ef3fd
1 parent c870377
commit 88ef3fd
Show file tree

Hide file tree

Showing 5 changed files with 20 additions and 12 deletions.
diff --git a/content/browser/browser_interface_binders.cc b/content/browser/browser_interface_binders.cc
@@ -1187,6 +1187,8 @@ void PopulateSharedWorkerBinders(SharedWorkerHost* host, mojo::BinderMap* map) {
   map->Add<blink::mojom::FileSystemAccessManager>(
       BindWorkerReceiverForStorageKey(
           &RenderProcessHostImpl::BindFileSystemAccessManager, host));
+  map->Add<blink::mojom::WebSocketConnector>(BindWorkerReceiverForStorageKey(
+      &RenderProcessHostImpl::CreateWebSocketConnector, host));
 }
 
 void PopulateBinderMapWithContext(
@@ -1201,8 +1203,6 @@ void PopulateBinderMapWithContext(
       &RenderProcessHostImpl::CreatePaymentManagerForOrigin, host));
   map->Add<blink::mojom::PermissionService>(BindWorkerReceiverForOrigin(
       &RenderProcessHostImpl::CreatePermissionService, host));
-  map->Add<blink::mojom::WebSocketConnector>(BindWorkerReceiverForOrigin(
-      &RenderProcessHostImpl::CreateWebSocketConnector, host));
   map->Add<blink::mojom::BucketManagerHost>(BindWorkerReceiverForOrigin(
       &RenderProcessHostImpl::BindBucketManagerHost, host));
 
@@ -1298,8 +1298,6 @@ void PopulateBinderMapWithContext(
       &RenderProcessHostImpl::CreatePaymentManagerForOrigin, host));
   map->Add<blink::mojom::PermissionService>(BindServiceWorkerReceiverForOrigin(
       &RenderProcessHostImpl::CreatePermissionService, host));
-  map->Add<blink::mojom::WebSocketConnector>(BindServiceWorkerReceiverForOrigin(
-      &RenderProcessHostImpl::CreateWebSocketConnector, host));
   map->Add<network::mojom::RestrictedCookieManager>(
       BindServiceWorkerReceiverForOrigin(
           &RenderProcessHostImpl::BindRestrictedCookieManagerForServiceWorker,
@@ -1315,6 +1313,9 @@ void PopulateBinderMapWithContext(
   map->Add<blink::mojom::FileSystemAccessManager>(
       BindServiceWorkerReceiverForStorageKey(
           &RenderProcessHostImpl::BindFileSystemAccessManager, host));
+  map->Add<blink::mojom::WebSocketConnector>(
+      BindServiceWorkerReceiverForStorageKey(
+          &RenderProcessHostImpl::CreateWebSocketConnector, host));
 
   // RenderProcessHost binders taking a frame id and an origin
   map->Add<blink::mojom::LockManager>(

diff --git a/content/browser/renderer_host/render_process_host_impl.cc b/content/browser/renderer_host/render_process_host_impl.cc
@@ -2288,7 +2288,7 @@ void RenderProcessHostImpl::CreateNotificationService(
 }
 
 void RenderProcessHostImpl::CreateWebSocketConnector(
-    const url::Origin& origin,
+    const blink::StorageKey& storage_key,
     mojo::PendingReceiver<blink::mojom::WebSocketConnector> receiver) {
   // TODO(jam): is it ok to not send extraHeaders for sockets created from
   // shared and service workers?
@@ -2297,12 +2297,19 @@ void RenderProcessHostImpl::CreateWebSocketConnector(
   // frame, so the concept of "top-level frame" does not exist. Can use
   // (origin, origin, origin) for the IsolationInfo for requests because these
   // workers can only be created when the site has cookie access.
+  //
+  // TODO(https://crbug.com/1199077): We should consider using
+  // storage_key().top_frame_origin() instead once that is fully populated.
   mojo::MakeSelfOwnedReceiver(
       std::make_unique<WebSocketConnectorImpl>(
-          GetID(), MSG_ROUTING_NONE, origin,
-          net::IsolationInfo::Create(net::IsolationInfo::RequestType::kOther,
-                                     origin, origin,
-                                     net::SiteForCookies::FromOrigin(origin))),
+          GetID(), MSG_ROUTING_NONE, storage_key.origin(),
+          net::IsolationInfo::Create(
+              net::IsolationInfo::RequestType::kOther, storage_key.origin(),
+              storage_key.origin(),
+              net::SiteForCookies::FromOrigin(storage_key.origin()),
+              /*party_context=*/absl::nullopt,
+              storage_key.nonce().has_value() ? &storage_key.nonce().value()
+                                              : nullptr)),
       std::move(receiver));
 }
 

diff --git a/content/browser/renderer_host/render_process_host_impl.h b/content/browser/renderer_host/render_process_host_impl.h
@@ -650,7 +650,7 @@ class CONTENT_EXPORT RenderProcessHostImpl
   // websockets with a frame. Shared workers and service workers don't have to
   // do it because they don't have a frame.
   void CreateWebSocketConnector(
-      const url::Origin& origin,
+      const blink::StorageKey& storage_key,
       mojo::PendingReceiver<blink::mojom::WebSocketConnector> receiver)
       override;
 

diff --git a/content/public/browser/render_process_host.h b/content/public/browser/render_process_host.h
@@ -544,7 +544,7 @@ class CONTENT_EXPORT RenderProcessHost : public IPC::Sender,
       const url::Origin& origin,
       mojo::PendingReceiver<blink::mojom::NotificationService> receiver) = 0;
   virtual void CreateWebSocketConnector(
-      const url::Origin& origin,
+      const blink::StorageKey& storage_key,
       mojo::PendingReceiver<blink::mojom::WebSocketConnector> receiver) = 0;
 
   // Returns the current number of active views in this process.  Excludes

diff --git a/content/public/test/mock_render_process_host.h b/content/public/test/mock_render_process_host.h
@@ -231,7 +231,7 @@ class MockRenderProcessHost : public RenderProcessHost {
       mojo::PendingReceiver<blink::mojom::NotificationService> receiver)
       override {}
   void CreateWebSocketConnector(
-      const url::Origin& origin,
+      const blink::StorageKey& storage_key,
       mojo::PendingReceiver<blink::mojom::WebSocketConnector> receiver)
       override {}