From 440e07d632fb5018952706ad41c00fec26105fbd Mon Sep 17 00:00:00 2001 From: Ben Kelly Date: Thu, 28 Oct 2021 17:03:36 -0700 Subject: [PATCH] Reland "Fetch: Plumb request initiator through passthrough service workers." MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is a reland of da0a6501cf321579bd46a27ff9fba1bb8ea910bb Original change's description: > Fetch: Plumb request initiator through passthrough service workers. > > This CL contains essentially two changes: > > 1. The request initiator origin is plumbed through service workers > that do `fetch(evt.request)`. In addition to plumbing, this > requires changes to how we validate navigation requests in the > CorsURLLoaderFactory. > 2. Tracks the original destination of a request passed through a > service worker. This is then used in the network service to force > SameSite=Lax cookies to treat the request as a main frame navigation > where appropriate. > > For more detailed information about these changes please see the > internal design doc at: > > https://docs.google.com/document/d/1KZscujuV7bCFEnzJW-0DaCPU-I40RJimQKoCcI0umTQ/edit?usp=sharing > > In addition, there is some discussion of these features in the following > spec issues: > > https://github.com/whatwg/fetch/issues/1321 > https://github.com/whatwg/fetch/issues/1327 > > The test includes WPT tests that verify navigation headers and SameSite > cookies. Note, chrome has a couple expected failures in the SameSite > cookie tests because of the "lax-allowing-unsafe" intervention that is > currently enabled. See: > > https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/web_tests/TestExpectations;l=4635;drc=e8133cbf2469adb99c6610483ab78bcfb8cc4c76 > > Bug: 1115847,1241188 > Change-Id: I7e236fa20aeabb705aef40fcf8d5c36da6d2798c > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3115917 > Reviewed-by: Matt Menke > Reviewed-by: Yutaka Hirano > Reviewed-by: Nasko Oskov > Reviewed-by: Ɓukasz Anforowicz > Commit-Queue: Ben Kelly > Cr-Commit-Position: refs/heads/main@{#936029} Bug: 1115847,1241188 Change-Id: Ia26acbdd0d7ce6583d9a44f83ed086708657b8bd --- .../navigation-headers.https.html | 559 ++++++++++++++++++ .../resources/fetch-rewrite-worker.js | 6 +- .../resources/fetch-rewrite-worker.js.headers | 2 + .../service-worker/resources/form-poster.html | 12 + .../resources/location-setter.html | 10 + .../resources/navigation-headers-server.py | 19 + .../resources/same-site-cookies-register.html | 22 + .../same-site-cookies-unregister.html | 11 + .../same-site-cookies.https.html | 216 +++++++ 9 files changed, 856 insertions(+), 1 deletion(-) create mode 100644 service-workers/service-worker/navigation-headers.https.html create mode 100644 service-workers/service-worker/resources/fetch-rewrite-worker.js.headers create mode 100644 service-workers/service-worker/resources/form-poster.html create mode 100644 service-workers/service-worker/resources/location-setter.html create mode 100644 service-workers/service-worker/resources/navigation-headers-server.py create mode 100644 service-workers/service-worker/resources/same-site-cookies-register.html create mode 100644 service-workers/service-worker/resources/same-site-cookies-unregister.html create mode 100644 service-workers/service-worker/same-site-cookies.https.html diff --git a/service-workers/service-worker/navigation-headers.https.html b/service-workers/service-worker/navigation-headers.https.html new file mode 100644 index 000000000000000..b2c6b7ac379644e --- /dev/null +++ b/service-workers/service-worker/navigation-headers.https.html @@ -0,0 +1,559 @@ + + + +Service Worker: Navigation Post Request Origin Header + + + + + + + diff --git a/service-workers/service-worker/resources/fetch-rewrite-worker.js b/service-workers/service-worker/resources/fetch-rewrite-worker.js index 4631e83e0ceaab5..20a80665270ddb7 100644 --- a/service-workers/service-worker/resources/fetch-rewrite-worker.js +++ b/service-workers/service-worker/resources/fetch-rewrite-worker.js @@ -90,8 +90,12 @@ self.addEventListener('fetch', function(event) { var request = event.request; if (url) { request = new Request(url, init); + } else if (params['change-request']) { + request = new Request(request, init); } - fetch(request).then(function(response) { + const response_promise = params['navpreload'] ? event.preloadResponse + : fetch(request); + response_promise.then(function(response) { var expectedType = params['expected_type']; if (expectedType && response.type !== expectedType) { // Resolve a JSON object with a failure instead of rejecting diff --git a/service-workers/service-worker/resources/fetch-rewrite-worker.js.headers b/service-workers/service-worker/resources/fetch-rewrite-worker.js.headers new file mode 100644 index 000000000000000..123053b38c66a06 --- /dev/null +++ b/service-workers/service-worker/resources/fetch-rewrite-worker.js.headers @@ -0,0 +1,2 @@ +Content-Type: text/javascript +Service-Worker-Allowed: / diff --git a/service-workers/service-worker/resources/form-poster.html b/service-workers/service-worker/resources/form-poster.html new file mode 100644 index 000000000000000..5d56fde19a8e4f0 --- /dev/null +++ b/service-workers/service-worker/resources/form-poster.html @@ -0,0 +1,12 @@ + + +
+ diff --git a/service-workers/service-worker/resources/location-setter.html b/service-workers/service-worker/resources/location-setter.html new file mode 100644 index 000000000000000..fae18e8066550ad --- /dev/null +++ b/service-workers/service-worker/resources/location-setter.html @@ -0,0 +1,10 @@ + + + diff --git a/service-workers/service-worker/resources/navigation-headers-server.py b/service-workers/service-worker/resources/navigation-headers-server.py new file mode 100644 index 000000000000000..5b2e044f8b52a15 --- /dev/null +++ b/service-workers/service-worker/resources/navigation-headers-server.py @@ -0,0 +1,19 @@ +def main(request, response): + response.status = (200, b"OK") + response.headers.set(b"Content-Type", b"text/html") + return b""" + """ % (request.headers.get( + b"origin", b"not set"), request.headers.get(b"referer", b"not set"), + request.headers.get(b"sec-fetch-site", b"not set"), + request.headers.get(b"sec-fetch-mode", b"not set"), + request.headers.get(b"sec-fetch-dest", b"not set")) diff --git a/service-workers/service-worker/resources/same-site-cookies-register.html b/service-workers/service-worker/resources/same-site-cookies-register.html new file mode 100644 index 000000000000000..084f0a08a8e64c4 --- /dev/null +++ b/service-workers/service-worker/resources/same-site-cookies-register.html @@ -0,0 +1,22 @@ + + + diff --git a/service-workers/service-worker/resources/same-site-cookies-unregister.html b/service-workers/service-worker/resources/same-site-cookies-unregister.html new file mode 100644 index 000000000000000..cca3620b61e73c1 --- /dev/null +++ b/service-workers/service-worker/resources/same-site-cookies-unregister.html @@ -0,0 +1,11 @@ + + + diff --git a/service-workers/service-worker/same-site-cookies.https.html b/service-workers/service-worker/same-site-cookies.https.html new file mode 100644 index 000000000000000..7003903408f8f73 --- /dev/null +++ b/service-workers/service-worker/same-site-cookies.https.html @@ -0,0 +1,216 @@ + + + +Service Worker: Same-site cookie behavior + + + + + + + +