Pass nonce in net::IsolationInfo for shared workers subresources

This CL takes the nonce into account when creating the net::IsolationInfo for subresource requests initiated by shared workers. In this way, the IsolationInfo is populated correctly also if the shared worker is owned by an anonymous iframe. Anonymous iframes are implemented behind a flag, so this CL should have no effect unless that flag is enabled. Bug: 1226469 Change-Id: I9b3a621c6272399751a6774671bd4ac49c58e3aa Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3141440 Commit-Queue: Antonio Sartori <antoniosartori@chromium.org> Reviewed-by: Ben Kelly <wanderview@chromium.org> Cr-Commit-Position: refs/heads/main@{#919784}
FairyWorld · Sep 9, 2021 · eda1e70 · eda1e70
1 parent 256de9b
commit eda1e70
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 1 deletion.
diff --git a/content/browser/worker_host/shared_worker_host.cc b/content/browser/worker_host/shared_worker_host.cc
@@ -377,8 +377,15 @@ SharedWorkerHost::CreateNetworkFactoryParamsForSubresources() {
       URLLoaderFactoryParamsHelper::CreateForWorker(
           GetProcessHost(), origin,
           net::IsolationInfo::Create(net::IsolationInfo::RequestType::kOther,
+                                     // TODO(https://crbug.com/1147281): We
+                                     // should pass the top_level_site from
+                                     // `GetStorageKey()` instead.
                                      origin, origin,
-                                     net::SiteForCookies::FromOrigin(origin)),
+                                     net::SiteForCookies::FromOrigin(origin),
+                                     /*party_context=*/absl::nullopt,
+                                     GetStorageKey().nonce().has_value()
+                                         ? &GetStorageKey().nonce().value()
+                                         : nullptr),
           std::move(coep_reporter),
           /*url_loader_network_observer=*/mojo::NullRemote(),
           /*devtools_observer=*/mojo::NullRemote(),

diff --git a/content/browser/worker_host/shared_worker_host_unittest.cc b/content/browser/worker_host/shared_worker_host_unittest.cc
@@ -12,6 +12,7 @@
 #include "base/macros.h"
 #include "base/memory/ptr_util.h"
 #include "base/run_loop.h"
+#include "base/unguessable_token.h"
 #include "content/browser/appcache/chrome_appcache_service.h"
 #include "content/browser/navigation_subresource_loader_params.h"
 #include "content/browser/renderer_host/render_process_host_impl.h"
@@ -33,6 +34,7 @@
 #include "services/network/public/cpp/cross_origin_embedder_policy.h"
 #include "services/network/public/cpp/features.h"
 #include "services/network/public/cpp/not_implemented_url_loader_factory.h"
+#include "testing/gmock/include/gmock/gmock-matchers.h"
 #include "testing/gtest/include/gtest/gtest.h"
 #include "third_party/blink/public/common/messaging/message_port_channel.h"
 #include "third_party/blink/public/common/messaging/message_port_descriptor.h"
@@ -349,4 +351,34 @@ TEST_F(SharedWorkerHostTest, OnContextClosed) {
   EXPECT_FALSE(host);
 }
 
+TEST_F(SharedWorkerHostTest, CreateNetworkFactoryParamsForSubresources) {
+  base::WeakPtr<SharedWorkerHost> host = CreateHost();
+  network::mojom::URLLoaderFactoryParamsPtr params =
+      host->CreateNetworkFactoryParamsForSubresources();
+  EXPECT_EQ(host->GetStorageKey().origin(),
+            params->isolation_info.frame_origin());
+  EXPECT_FALSE(params->isolation_info.nonce().has_value());
+}
+
+TEST_F(SharedWorkerHostTest,
+       CreateNetworkFactoryParamsForSubresourcesWithNonce) {
+  base::UnguessableToken nonce = base::UnguessableToken::Create();
+  SharedWorkerInstance instance(
+      kWorkerUrl, blink::mojom::ScriptType::kClassic,
+      network::mojom::CredentialsMode::kSameOrigin, "name",
+      blink::StorageKey::CreateWithNonce(url::Origin::Create(kWorkerUrl),
+                                         nonce),
+      network::mojom::IPAddressSpace::kPublic,
+      blink::mojom::SharedWorkerCreationContextType::kSecure);
+  auto host = std::make_unique<SharedWorkerHost>(
+      &service_, instance, site_instance_,
+      std::vector<network::mojom::ContentSecurityPolicyPtr>(),
+      network::CrossOriginEmbedderPolicy());
+  network::mojom::URLLoaderFactoryParamsPtr params =
+      host->CreateNetworkFactoryParamsForSubresources();
+  EXPECT_EQ(url::Origin::Create(kWorkerUrl),
+            params->isolation_info.frame_origin());
+  EXPECT_THAT(params->isolation_info.nonce(), testing::Optional(nonce));
+}
+
 }  // namespace content