This issue has been automatically relabelled type=task because type=launch-owp issues are now officially deprecated. The deprecation is because they were creating confusion about how to get launch approvals, which should be instead done via type=launch issues.

We recommend this issue be used for implementation tracking (for public visibility), but if you already have an issue for that, you may mark this as duplicate.

For more details see here: https://docs.google.com/document/d/1JA6RohjtZQc26bTrGoIE_bSXGXUDQz8vc6G0n_sZJ2o/edit

For any questions, please contact owencm, sshruthi, larforge

 Issue 764518  has been merged into this issue.

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/0c2cad7cf9fa17ec81df8c056a43d931027bc522

commit 0c2cad7cf9fa17ec81df8c056a43d931027bc522
Author: dhausknecht <dhausknecht@google.com>
Date: Wed Oct 04 13:04:16 2017

feature OriginManifest added.

The intent to implement was announced on
https://groups.google.com/a/chromium.org/d/topic/blink-dev/mdkHs4jybG4/discussion

Bug: 751996
Change-Id: I6938ba02fdefa795d1d8a9e35fd94428f61f54d0
Reviewed-on: https://chromium-review.googlesource.com/680218
Commit-Queue: Daniel Hausknecht <dhausknecht@google.com>
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Cr-Commit-Position: refs/heads/master@{#506372}
[modify] https://crrev.com/0c2cad7cf9fa17ec81df8c056a43d931027bc522/content/child/runtime_features.cc
[modify] https://crrev.com/0c2cad7cf9fa17ec81df8c056a43d931027bc522/content/public/common/content_features.cc
[modify] https://crrev.com/0c2cad7cf9fa17ec81df8c056a43d931027bc522/content/public/common/content_features.h
[modify] https://crrev.com/0c2cad7cf9fa17ec81df8c056a43d931027bc522/third_party/WebKit/Source/platform/exported/WebRuntimeFeatures.cpp
[modify] https://crrev.com/0c2cad7cf9fa17ec81df8c056a43d931027bc522/third_party/WebKit/Source/platform/runtime_enabled_features.json5
[modify] https://crrev.com/0c2cad7cf9fa17ec81df8c056a43d931027bc522/third_party/WebKit/public/platform/WebRuntimeFeatures.h

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/482cd092acca0a8da45eff70ffb90d99e1097ec9

commit 482cd092acca0a8da45eff70ffb90d99e1097ec9
Author: dhausknecht <dhausknecht@google.com>
Date: Wed Oct 18 12:25:00 2017

Pass `ResourceResponseHead` when handling `URLLoaderThrottle::WillProcessResponse`.

This enables us to make decisions based on the actual response.
A direct application is to implement the response processing as part of the intent to implement of Origin Policy mechanism (https://groups.google.com/a/chromium.org/d/topic/blink-dev/mdkHs4jybG4/discussion).

Bug: 751996
Change-Id: I1a703c770ee8e7835577d3a159d01f2703349aa7
Reviewed-on: https://chromium-review.googlesource.com/708876
Reviewed-by: Mike West <mkwst@chromium.org>
Reviewed-by: Takashi Toyoshima <toyoshim@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Reviewed-by: Yuzhu Shen <yzshen@chromium.org>
Reviewed-by: Takeshi Yoshino <tyoshino@chromium.org>
Reviewed-by: Varun Khaneja <vakh@chromium.org>
Commit-Queue: Mike West <mkwst@chromium.org>
Cr-Commit-Position: refs/heads/master@{#509750}
[modify] https://crrev.com/482cd092acca0a8da45eff70ffb90d99e1097ec9/components/safe_browsing/browser/base_parallel_resource_throttle.cc
[modify] https://crrev.com/482cd092acca0a8da45eff70ffb90d99e1097ec9/components/safe_browsing/browser/browser_url_loader_throttle.cc
[modify] https://crrev.com/482cd092acca0a8da45eff70ffb90d99e1097ec9/components/safe_browsing/browser/browser_url_loader_throttle.h
[modify] https://crrev.com/482cd092acca0a8da45eff70ffb90d99e1097ec9/components/safe_browsing/renderer/renderer_url_loader_throttle.cc
[modify] https://crrev.com/482cd092acca0a8da45eff70ffb90d99e1097ec9/components/safe_browsing/renderer/renderer_url_loader_throttle.h
[modify] https://crrev.com/482cd092acca0a8da45eff70ffb90d99e1097ec9/content/common/throttling_url_loader.cc
[modify] https://crrev.com/482cd092acca0a8da45eff70ffb90d99e1097ec9/content/common/throttling_url_loader_unittest.cc
[modify] https://crrev.com/482cd092acca0a8da45eff70ffb90d99e1097ec9/content/public/common/url_loader_throttle.cc
[modify] https://crrev.com/482cd092acca0a8da45eff70ffb90d99e1097ec9/content/public/common/url_loader_throttle.h

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/9e0190d23863adcf5851a7741e9b73fae4aced0c

commit 9e0190d23863adcf5851a7741e9b73fae4aced0c
Author: dhausknecht <dhausknecht@google.com>
Date: Tue Oct 24 10:04:17 2017

Pass the response URL as `GURL` when handling `URLLoaderThrottle::WillProcessResponse`.

This enables us to make decisions based on the actual response.
A direct application is to implement the response processing as part of the intent to implement of Origin Policy mechanism (https://groups.google.com/a/chromium.org/d/topic/blink-dev/mdkHs4jybG4/discussion).

TBR=vakh@chromium.org

Bug: 751996
Change-Id: I5ff9f617bffe13feb295d54be0a1ffb2fcebadaa
Reviewed-on: https://chromium-review.googlesource.com/709595
Commit-Queue: Mike West <mkwst@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Reviewed-by: Takashi Toyoshima <toyoshim@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Cr-Commit-Position: refs/heads/master@{#511074}
[modify] https://crrev.com/9e0190d23863adcf5851a7741e9b73fae4aced0c/components/safe_browsing/browser/base_parallel_resource_throttle.cc
[modify] https://crrev.com/9e0190d23863adcf5851a7741e9b73fae4aced0c/components/safe_browsing/browser/browser_url_loader_throttle.cc
[modify] https://crrev.com/9e0190d23863adcf5851a7741e9b73fae4aced0c/components/safe_browsing/browser/browser_url_loader_throttle.h
[modify] https://crrev.com/9e0190d23863adcf5851a7741e9b73fae4aced0c/components/safe_browsing/renderer/renderer_url_loader_throttle.cc
[modify] https://crrev.com/9e0190d23863adcf5851a7741e9b73fae4aced0c/components/safe_browsing/renderer/renderer_url_loader_throttle.h
[modify] https://crrev.com/9e0190d23863adcf5851a7741e9b73fae4aced0c/content/common/throttling_url_loader.cc
[modify] https://crrev.com/9e0190d23863adcf5851a7741e9b73fae4aced0c/content/common/throttling_url_loader.h
[modify] https://crrev.com/9e0190d23863adcf5851a7741e9b73fae4aced0c/content/common/throttling_url_loader_unittest.cc
[modify] https://crrev.com/9e0190d23863adcf5851a7741e9b73fae4aced0c/content/public/common/url_loader_throttle.cc
[modify] https://crrev.com/9e0190d23863adcf5851a7741e9b73fae4aced0c/content/public/common/url_loader_throttle.h

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/bab0b536bd0af24110a039aa5b8689c832389713

commit bab0b536bd0af24110a039aa5b8689c832389713
Author: dhausknecht <dhausknecht@google.com>
Date: Wed Oct 25 15:44:13 2017

Origin Manifest as a data structure added.

The class is added as part of the implementation of the Origin Manifest mechanism (https://groups.google.com/a/chromium.org/d/topic/blink-dev/mdkHs4jybG4/discussion).

This patch adds a modified version of third_party/WebKit/public/platform/WebContentSecurityPolicy.h but does not remove the original to not affect existing code at this stage.


Bug: 751996
Change-Id: Id90fa419652807f34c4baacce426dc808aa09c53
Reviewed-on: https://chromium-review.googlesource.com/725725
Reviewed-by: Mike West <mkwst@google.com>
Reviewed-by: Mike West <mkwst@chromium.org>
Commit-Queue: Mike West <mkwst@chromium.org>
Cr-Commit-Position: refs/heads/master@{#511474}
[modify] https://crrev.com/bab0b536bd0af24110a039aa5b8689c832389713/third_party/WebKit/common/BUILD.gn
[add] https://crrev.com/bab0b536bd0af24110a039aa5b8689c832389713/third_party/WebKit/common/origin_manifest/origin_manifest.cc
[add] https://crrev.com/bab0b536bd0af24110a039aa5b8689c832389713/third_party/WebKit/common/origin_manifest/origin_manifest.h
[add] https://crrev.com/bab0b536bd0af24110a039aa5b8689c832389713/third_party/WebKit/common/origin_manifest/origin_manifest_unittest.cc

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/c2c9154faf339d3d9629cd2fc0d035c09adc2389

commit c2c9154faf339d3d9629cd2fc0d035c09adc2389
Author: dhausknecht <dhausknecht@google.com>
Date: Fri Oct 27 14:29:57 2017

Origin Manifest parser

It simply generates a Origin Manifest object from a string.

The class is added as part of the implementation of the Origin Manifest mechanism (https://groups.google.com/a/chromium.org/d/topic/blink-dev/mdkHs4jybG4/discussion).
This patch requires patch https://chromium-review.googlesource.com/c/chromium/src/+/725725.

Bug: 751996
Change-Id: I04270c8043c29970e4ff104ecc2e225bfb557ac0
Reviewed-on: https://chromium-review.googlesource.com/732659
Commit-Queue: Daniel Hausknecht <dhausknecht@google.com>
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Cr-Commit-Position: refs/heads/master@{#512177}
[modify] https://crrev.com/c2c9154faf339d3d9629cd2fc0d035c09adc2389/content/browser/BUILD.gn
[add] https://crrev.com/c2c9154faf339d3d9629cd2fc0d035c09adc2389/content/browser/origin_manifest/origin_manifest_parser.cc
[add] https://crrev.com/c2c9154faf339d3d9629cd2fc0d035c09adc2389/content/browser/origin_manifest/origin_manifest_parser.h
[add] https://crrev.com/c2c9154faf339d3d9629cd2fc0d035c09adc2389/content/browser/origin_manifest/origin_manifest_parser_unittest.cc
[modify] https://crrev.com/c2c9154faf339d3d9629cd2fc0d035c09adc2389/content/test/BUILD.gn
[add] https://crrev.com/c2c9154faf339d3d9629cd2fc0d035c09adc2389/content/test/data/fuzzer_corpus/origin_manifest_parser_data/all.txt
[add] https://crrev.com/c2c9154faf339d3d9629cd2fc0d035c09adc2389/content/test/data/fuzzer_corpus/origin_manifest_parser_data/empty.txt
[add] https://crrev.com/c2c9154faf339d3d9629cd2fc0d035c09adc2389/content/test/data/fuzzer_dictionaries/origin_manifest_parser_fuzzer.dict
[modify] https://crrev.com/c2c9154faf339d3d9629cd2fc0d035c09adc2389/content/test/fuzzer/BUILD.gn
[add] https://crrev.com/c2c9154faf339d3d9629cd2fc0d035c09adc2389/content/test/fuzzer/origin_manifest_parser_fuzzer.cc

We're having a new go at this.

Prototype: https://chromium-review.googlesource.com/c/chromium/src/+/1052348
Design doc: https://docs.google.com/document/d/1J3pUFRRRhx1DA_8wLng2ahdfgqab-kJU7jw2_FNv19E/view

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/afe93f45fd9d076f401c590a51c902f30bcf0603

commit afe93f45fd9d076f401c590a51c902f30bcf0603
Author: Daniel Vogelheim <vogelheim@chromium.org>
Date: Fri Jun 22 12:09:01 2018

Origin Policy: Implement throttle and "plumbing" to the renderer.

This implements a throttle that will advertise origin policy
support to the server, and will request an policy if necessary.

(This CL doesn't do anything with the manifest yet. That is coming in
 subsequent CLs.)

Gated on --enable-features=OriginManifest.

Bug: 751996
Change-Id: I3ebfa834c29f3eb17568917d1eff83a9261529ac
Reviewed-on: https://chromium-review.googlesource.com/1088918
Commit-Queue: Daniel Vogelheim <vogelheim@chromium.org>
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Reviewed-by: Nick Harper <nharper@chromium.org>
Cr-Commit-Position: refs/heads/master@{#569582}
[modify] https://crrev.com/afe93f45fd9d076f401c590a51c902f30bcf0603/content/browser/BUILD.gn
[modify] https://crrev.com/afe93f45fd9d076f401c590a51c902f30bcf0603/content/browser/frame_host/navigation_handle_impl.cc
[modify] https://crrev.com/afe93f45fd9d076f401c590a51c902f30bcf0603/content/browser/frame_host/navigation_handle_impl.h
[modify] https://crrev.com/afe93f45fd9d076f401c590a51c902f30bcf0603/content/browser/frame_host/navigation_request.cc
[add] https://crrev.com/afe93f45fd9d076f401c590a51c902f30bcf0603/content/browser/frame_host/origin_policy_throttle.cc
[add] https://crrev.com/afe93f45fd9d076f401c590a51c902f30bcf0603/content/browser/frame_host/origin_policy_throttle.h
[add] https://crrev.com/afe93f45fd9d076f401c590a51c902f30bcf0603/content/browser/frame_host/origin_policy_throttle_unittest.cc
[modify] https://crrev.com/afe93f45fd9d076f401c590a51c902f30bcf0603/content/common/frame_messages.h
[modify] https://crrev.com/afe93f45fd9d076f401c590a51c902f30bcf0603/content/common/navigation_params.h
[modify] https://crrev.com/afe93f45fd9d076f401c590a51c902f30bcf0603/content/renderer/render_frame_impl.cc
[modify] https://crrev.com/afe93f45fd9d076f401c590a51c902f30bcf0603/content/test/BUILD.gn
[modify] https://crrev.com/afe93f45fd9d076f401c590a51c902f30bcf0603/net/http/http_request_headers.cc
[modify] https://crrev.com/afe93f45fd9d076f401c590a51c902f30bcf0603/net/http/http_request_headers.h
[modify] https://crrev.com/afe93f45fd9d076f401c590a51c902f30bcf0603/third_party/blink/public/platform/web_url_request.h
[modify] https://crrev.com/afe93f45fd9d076f401c590a51c902f30bcf0603/third_party/blink/renderer/platform/exported/web_url_request.cc
[modify] https://crrev.com/afe93f45fd9d076f401c590a51c902f30bcf0603/third_party/blink/renderer/platform/loader/fetch/resource_request.h
[modify] https://crrev.com/afe93f45fd9d076f401c590a51c902f30bcf0603/tools/traffic_annotation/summary/annotations.xml

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/00446508ac076d5be9199b8604eee464a4f2c605

commit 00446508ac076d5be9199b8604eee464a4f2c605
Author: Daniel Vogelheim <vogelheim@chromium.org>
Date: Tue Jun 26 08:52:32 2018

Origin Policy: Implement Origin Policy object and parser.

This implements a super simple subset of the currently spec-ed
format. The format is subject to change and hence format details
are encapsulated in the OriginPolicyParser class.

Bug: 751996
Change-Id: I72d49c83228d6c7debf15524748d93f5cd0c4ff1
Reviewed-on: https://chromium-review.googlesource.com/1090725
Reviewed-by: Mike West <mkwst@chromium.org>
Reviewed-by: Max Moroz <mmoroz@chromium.org>
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Commit-Queue: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#570349}
[modify] https://crrev.com/00446508ac076d5be9199b8604eee464a4f2c605/content/browser/BUILD.gn
[delete] https://crrev.com/5361078a2944c3b70c5092bebecbf042fb824fc0/content/browser/origin_manifest/origin_manifest_parser.cc
[delete] https://crrev.com/5361078a2944c3b70c5092bebecbf042fb824fc0/content/browser/origin_manifest/origin_manifest_parser.h
[delete] https://crrev.com/5361078a2944c3b70c5092bebecbf042fb824fc0/content/browser/origin_manifest/origin_manifest_parser_unittest.cc
[modify] https://crrev.com/00446508ac076d5be9199b8604eee464a4f2c605/content/test/BUILD.gn
[rename] https://crrev.com/00446508ac076d5be9199b8604eee464a4f2c605/content/test/data/fuzzer_corpus/origin_policy_parser_data/all.txt
[rename] https://crrev.com/00446508ac076d5be9199b8604eee464a4f2c605/content/test/data/fuzzer_corpus/origin_policy_parser_data/empty.txt
[rename] https://crrev.com/00446508ac076d5be9199b8604eee464a4f2c605/content/test/data/fuzzer_dictionaries/origin_policy_parser_fuzzer.dict
[modify] https://crrev.com/00446508ac076d5be9199b8604eee464a4f2c605/content/test/fuzzer/BUILD.gn
[rename] https://crrev.com/00446508ac076d5be9199b8604eee464a4f2c605/content/test/fuzzer/origin_policy_parser_fuzzer.cc
[modify] https://crrev.com/00446508ac076d5be9199b8604eee464a4f2c605/third_party/blink/common/BUILD.gn
[delete] https://crrev.com/5361078a2944c3b70c5092bebecbf042fb824fc0/third_party/blink/common/origin_manifest/origin_manifest.cc
[delete] https://crrev.com/5361078a2944c3b70c5092bebecbf042fb824fc0/third_party/blink/common/origin_manifest/origin_manifest_unittest.cc
[add] https://crrev.com/00446508ac076d5be9199b8604eee464a4f2c605/third_party/blink/common/origin_policy/origin_policy.cc
[add] https://crrev.com/00446508ac076d5be9199b8604eee464a4f2c605/third_party/blink/common/origin_policy/origin_policy_parser.cc
[add] https://crrev.com/00446508ac076d5be9199b8604eee464a4f2c605/third_party/blink/common/origin_policy/origin_policy_parser.h
[add] https://crrev.com/00446508ac076d5be9199b8604eee464a4f2c605/third_party/blink/common/origin_policy/origin_policy_unittest.cc
[modify] https://crrev.com/00446508ac076d5be9199b8604eee464a4f2c605/third_party/blink/public/common/BUILD.gn
[delete] https://crrev.com/5361078a2944c3b70c5092bebecbf042fb824fc0/third_party/blink/public/common/origin_manifest/origin_manifest.h
[add] https://crrev.com/00446508ac076d5be9199b8604eee464a4f2c605/third_party/blink/public/common/origin_policy/origin_policy.h

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/032c0af48ceb01edc86b509b63b05bbcbed6c4d3

commit 032c0af48ceb01edc86b509b63b05bbcbed6c4d3
Author: Daniel Vogelheim <vogelheim@chromium.org>
Date: Tue Jun 26 20:34:58 2018

Origin Policy: Change naming consistently to Origin Policy.

Bug: 751996
Change-Id: Ibd6624f9ee940f25d09287433d924e1223793365
Reviewed-on: https://chromium-review.googlesource.com/1111997
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Commit-Queue: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#570518}
[modify] https://crrev.com/032c0af48ceb01edc86b509b63b05bbcbed6c4d3/content/browser/frame_host/origin_policy_throttle.cc
[modify] https://crrev.com/032c0af48ceb01edc86b509b63b05bbcbed6c4d3/content/browser/frame_host/origin_policy_throttle_unittest.cc
[modify] https://crrev.com/032c0af48ceb01edc86b509b63b05bbcbed6c4d3/content/child/runtime_features.cc
[modify] https://crrev.com/032c0af48ceb01edc86b509b63b05bbcbed6c4d3/content/public/common/content_features.cc
[modify] https://crrev.com/032c0af48ceb01edc86b509b63b05bbcbed6c4d3/content/public/common/content_features.h
[modify] https://crrev.com/032c0af48ceb01edc86b509b63b05bbcbed6c4d3/third_party/blink/public/platform/web_runtime_features.h
[modify] https://crrev.com/032c0af48ceb01edc86b509b63b05bbcbed6c4d3/third_party/blink/renderer/platform/exported/web_runtime_features.cc
[modify] https://crrev.com/032c0af48ceb01edc86b509b63b05bbcbed6c4d3/third_party/blink/renderer/platform/runtime_enabled_features.json5

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/21c8eab6670f1b472856fa54ffdc0aeb46b060e1

commit 21c8eab6670f1b472856fa54ffdc0aeb46b060e1
Author: Daniel Vogelheim <vogelheim@chromium.org>
Date: Fri Jul 06 11:29:22 2018

Origin Policy: Update policy format.

Bug: 751996
Change-Id: I7c4133c85bf5c726cf872a9c4dd33d07d364ff50
Reviewed-on: https://chromium-review.googlesource.com/1122129
Commit-Queue: Daniel Vogelheim <vogelheim@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Cr-Commit-Position: refs/heads/master@{#572941}
[modify] https://crrev.com/21c8eab6670f1b472856fa54ffdc0aeb46b060e1/third_party/blink/common/origin_policy/origin_policy.cc
[modify] https://crrev.com/21c8eab6670f1b472856fa54ffdc0aeb46b060e1/third_party/blink/common/origin_policy/origin_policy_parser.cc
[modify] https://crrev.com/21c8eab6670f1b472856fa54ffdc0aeb46b060e1/third_party/blink/common/origin_policy/origin_policy_parser.h
[modify] https://crrev.com/21c8eab6670f1b472856fa54ffdc0aeb46b060e1/third_party/blink/common/origin_policy/origin_policy_unittest.cc
[modify] https://crrev.com/21c8eab6670f1b472856fa54ffdc0aeb46b060e1/third_party/blink/public/common/origin_policy/origin_policy.h

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/14ba5ae3baefccdb5a2622c9189d68cb249f50fa

commit 14ba5ae3baefccdb5a2622c9189d68cb249f50fa
Author: Daniel Vogelheim <vogelheim@chromium.org>
Date: Mon Jul 09 11:39:54 2018

Origin Policy: Add OWNERS.

Bug: 751996
Change-Id: Iba7e18048a0b2319ec011c68f3a7fac4854795f5
Reviewed-on: https://chromium-review.googlesource.com/1127169
Reviewed-by: Mike West <mkwst@chromium.org>
Commit-Queue: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#573272}
[add] https://crrev.com/14ba5ae3baefccdb5a2622c9189d68cb249f50fa/third_party/blink/common/origin_policy/OWNERS
[add] https://crrev.com/14ba5ae3baefccdb5a2622c9189d68cb249f50fa/third_party/blink/public/common/origin_policy/OWNERS

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/80c658c16ee9238f6dbbd72a40837def39659f85

commit 80c658c16ee9238f6dbbd72a40837def39659f85
Author: Daniel Vogelheim <vogelheim@chromium.org>
Date: Fri Jul 20 15:41:26 2018

Origin Policy: Apply CSP of an active origin policy.

Gated on --enable-features=OriginPolicy (via the test in OriginPolicyThrottle).

Bug: 751996
Change-Id: I433e406fe400f86f0b677752908839da7d3d9345
Reviewed-on: https://chromium-review.googlesource.com/1111960
Reviewed-by: Mike West <mkwst@chromium.org>
Reviewed-by: Andy Paicu <andypaicu@chromium.org>
Commit-Queue: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#576875}
[modify] https://crrev.com/80c658c16ee9238f6dbbd72a40837def39659f85/third_party/blink/public/platform/web_content_security_policy.h
[modify] https://crrev.com/80c658c16ee9238f6dbbd72a40837def39659f85/third_party/blink/renderer/core/frame/csp/content_security_policy.cc
[modify] https://crrev.com/80c658c16ee9238f6dbbd72a40837def39659f85/third_party/blink/renderer/core/frame/csp/content_security_policy.h
[modify] https://crrev.com/80c658c16ee9238f6dbbd72a40837def39659f85/third_party/blink/renderer/core/frame/csp/content_security_policy_fuzzer.cc
[modify] https://crrev.com/80c658c16ee9238f6dbbd72a40837def39659f85/third_party/blink/renderer/core/loader/document_loader.cc
[modify] https://crrev.com/80c658c16ee9238f6dbbd72a40837def39659f85/third_party/blink/renderer/platform/network/content_security_policy_parsers.cc
[modify] https://crrev.com/80c658c16ee9238f6dbbd72a40837def39659f85/third_party/blink/renderer/platform/network/content_security_policy_parsers.h

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/9dfc5c40977beb69f5426ac41024d61762b5fd73

commit 9dfc5c40977beb69f5426ac41024d61762b5fd73
Author: Daniel Vogelheim <vogelheim@chromium.org>
Date: Fri Jul 27 21:38:23 2018

Origin Policy: Use existing URLLoaderFactory.

This follows post-commit feedback on
https://chromium-review.googlesource.com/1088918

Bug: 751996
Change-Id: I230c4ff13122d7977ee6f2901cd08a25f67466a5
Reviewed-on: https://chromium-review.googlesource.com/1148395
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Reviewed-by: Matt Menke <mmenke@chromium.org>
Commit-Queue: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#578810}
[modify] https://crrev.com/9dfc5c40977beb69f5426ac41024d61762b5fd73/content/browser/frame_host/origin_policy_throttle.cc
[modify] https://crrev.com/9dfc5c40977beb69f5426ac41024d61762b5fd73/content/browser/frame_host/origin_policy_throttle.h

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/7ac92ce348786c6a8f2bebc15f1b8e82572a6e99

commit 7ac92ce348786c6a8f2bebc15f1b8e82572a6e99
Author: Daniel Vogelheim <vogelheim@chromium.org>
Date: Mon Aug 06 15:26:26 2018

Origin Policy: Web Platform Tests for Origin Policy w/ CSP.

These tests follow the format currently under discussion here:
https://github.com/WICG/origin-policy/pull/39

Bug: 751996
Change-Id: Ief33c794498cb3ed84dac670ecff4ddc366b9592
Reviewed-on: https://chromium-review.googlesource.com/1130531
Reviewed-by: Mike West <mkwst@chromium.org>
Commit-Queue: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#580876}
[modify] https://crrev.com/7ac92ce348786c6a8f2bebc15f1b8e82572a6e99/third_party/WebKit/LayoutTests/TestExpectations
[modify] https://crrev.com/7ac92ce348786c6a8f2bebc15f1b8e82572a6e99/third_party/WebKit/LayoutTests/VirtualTestSuites
[add] https://crrev.com/7ac92ce348786c6a8f2bebc15f1b8e82572a6e99/third_party/WebKit/LayoutTests/external/wpt/.well-known/origin-policy/policy-csp-1
[add] https://crrev.com/7ac92ce348786c6a8f2bebc15f1b8e82572a6e99/third_party/WebKit/LayoutTests/external/wpt/.well-known/origin-policy/policy-csp-2
[add] https://crrev.com/7ac92ce348786c6a8f2bebc15f1b8e82572a6e99/third_party/WebKit/LayoutTests/external/wpt/.well-known/origin-policy/policy-noimg
[add] https://crrev.com/7ac92ce348786c6a8f2bebc15f1b8e82572a6e99/third_party/WebKit/LayoutTests/external/wpt/origin-policy/origin-policy-single-report.https.tentative.html
[add] https://crrev.com/7ac92ce348786c6a8f2bebc15f1b8e82572a6e99/third_party/WebKit/LayoutTests/external/wpt/origin-policy/origin-policy-single-report.https.tentative.html.headers
[add] https://crrev.com/7ac92ce348786c6a8f2bebc15f1b8e82572a6e99/third_party/WebKit/LayoutTests/external/wpt/origin-policy/origin-policy.https.tentative.html
[add] https://crrev.com/7ac92ce348786c6a8f2bebc15f1b8e82572a6e99/third_party/WebKit/LayoutTests/external/wpt/origin-policy/sec-origin-policy-header.html.py
[add] https://crrev.com/7ac92ce348786c6a8f2bebc15f1b8e82572a6e99/third_party/WebKit/LayoutTests/virtual/origin-policy/external/wpt/origin-policy/README.txt

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/1750253666ca1752dd98aeb3986c1f2d9781c813

commit 1750253666ca1752dd98aeb3986c1f2d9781c813
Author: Daniel Vogelheim <vogelheim@chromium.org>
Date: Thu Aug 16 16:14:24 2018

Origin Policy: Cleanup: Remove runtime-enabled switch.

The previous implementation used both a --feature-enabled and a
--runtime-feature-enabled switch, initializing the latter based on the former,
presumably because it had components in both browser and Blink.
That's redundant.

The current implementation uses the browser switch. All Blink-resident parts
of the code act on whether they receive a policy or not (which would be always
false if the browser switch isn't set).

Bug: 751996
Change-Id: I81f10cc888fd7c29c6c93e727526863216ca6f02
Reviewed-on: https://chromium-review.googlesource.com/1165351
Reviewed-by: Mike West <mkwst@chromium.org>
Reviewed-by: Kentaro Hara <haraken@chromium.org>
Commit-Queue: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#583679}
[modify] https://crrev.com/1750253666ca1752dd98aeb3986c1f2d9781c813/content/child/runtime_features.cc
[modify] https://crrev.com/1750253666ca1752dd98aeb3986c1f2d9781c813/third_party/blink/public/platform/web_runtime_features.h
[modify] https://crrev.com/1750253666ca1752dd98aeb3986c1f2d9781c813/third_party/blink/renderer/platform/exported/web_runtime_features.cc
[modify] https://crrev.com/1750253666ca1752dd98aeb3986c1f2d9781c813/third_party/blink/renderer/platform/runtime_enabled_features.json5

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/a37c70083bc2b3dadee8b464b98ed99b8f77ceea

commit a37c70083bc2b3dadee8b464b98ed99b8f77ceea
Author: Daniel Vogelheim <vogelheim@chromium.org>
Date: Thu Sep 06 11:47:10 2018

Origin Policy: Enable w/ --enable-experimental-web-platform-features.

(Follow-up to cl 1165351.)

Bug: 751996
Change-Id: I37b57e239dced37fc5390d5db4b42cdc8be7466d
Reviewed-on: https://chromium-review.googlesource.com/1177607
Commit-Queue: Daniel Vogelheim <vogelheim@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Cr-Commit-Position: refs/heads/master@{#589138}
[modify] https://crrev.com/a37c70083bc2b3dadee8b464b98ed99b8f77ceea/content/browser/frame_host/origin_policy_throttle.cc

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/6008f57f7632c8a7020ace0be8b2230eda00c080

commit 6008f57f7632c8a7020ace0be8b2230eda00c080
Author: Daniel Vogelheim <vogelheim@chromium.org>
Date: Mon Sep 24 14:35:14 2018

Origin Policy: Show an error interstitial if the policy fails to load.

The functionality is behind a flag. The interstitial content is
preliminary and will be replaced in a subsequent CL with something more
suitable for the public.

Bug: 751996
Change-Id: I0a7cf6fec4a9ceaea10adac6ed2fcd1c7ccac799
Reviewed-on: https://chromium-review.googlesource.com/1204170
Reviewed-by: Jochen Eisinger <jochen@chromium.org>
Reviewed-by: Camille Lamy <clamy@chromium.org>
Reviewed-by: Alexei Svitkine <asvitkine@chromium.org>
Reviewed-by: Carlos IL <carlosil@chromium.org>
Commit-Queue: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#593531}
[modify] https://crrev.com/6008f57f7632c8a7020ace0be8b2230eda00c080/chrome/browser/chrome_content_browser_client.cc
[modify] https://crrev.com/6008f57f7632c8a7020ace0be8b2230eda00c080/chrome/browser/chrome_content_browser_client.h
[modify] https://crrev.com/6008f57f7632c8a7020ace0be8b2230eda00c080/chrome/test/BUILD.gn
[add] https://crrev.com/6008f57f7632c8a7020ace0be8b2230eda00c080/chrome/test/data/origin_policy_browsertest/.well-known/origin-policy/example-policy
[add] https://crrev.com/6008f57f7632c8a7020ace0be8b2230eda00c080/chrome/test/data/origin_policy_browsertest/OWNERS
[add] https://crrev.com/6008f57f7632c8a7020ace0be8b2230eda00c080/chrome/test/data/origin_policy_browsertest/README.md
[add] https://crrev.com/6008f57f7632c8a7020ace0be8b2230eda00c080/chrome/test/data/origin_policy_browsertest/page-policy-missing.html
[add] https://crrev.com/6008f57f7632c8a7020ace0be8b2230eda00c080/chrome/test/data/origin_policy_browsertest/page-policy-missing.html.mock-http-headers
[add] https://crrev.com/6008f57f7632c8a7020ace0be8b2230eda00c080/chrome/test/data/origin_policy_browsertest/page-with-policy.html
[add] https://crrev.com/6008f57f7632c8a7020ace0be8b2230eda00c080/chrome/test/data/origin_policy_browsertest/page-with-policy.html.mock-http-headers
[add] https://crrev.com/6008f57f7632c8a7020ace0be8b2230eda00c080/chrome/test/data/origin_policy_browsertest/page-without-policy.html
[add] https://crrev.com/6008f57f7632c8a7020ace0be8b2230eda00c080/chrome/test/data/origin_policy_browsertest/page-without-policy.html.mock-http-headers
[add] https://crrev.com/6008f57f7632c8a7020ace0be8b2230eda00c080/chrome/test/origin_policy/OWNERS
[add] https://crrev.com/6008f57f7632c8a7020ace0be8b2230eda00c080/chrome/test/origin_policy/origin_policy_browsertest.cc
[modify] https://crrev.com/6008f57f7632c8a7020ace0be8b2230eda00c080/components/resources/security_interstitials_resources.grdp
[modify] https://crrev.com/6008f57f7632c8a7020ace0be8b2230eda00c080/components/security_interstitials/content/BUILD.gn
[modify] https://crrev.com/6008f57f7632c8a7020ace0be8b2230eda00c080/components/security_interstitials/content/DEPS
[add] https://crrev.com/6008f57f7632c8a7020ace0be8b2230eda00c080/components/security_interstitials/content/origin_policy_ui.cc
[add] https://crrev.com/6008f57f7632c8a7020ace0be8b2230eda00c080/components/security_interstitials/content/origin_policy_ui.h
[modify] https://crrev.com/6008f57f7632c8a7020ace0be8b2230eda00c080/components/security_interstitials/core/BUILD.gn
[add] https://crrev.com/6008f57f7632c8a7020ace0be8b2230eda00c080/components/security_interstitials/core/browser/resources/interstitial_origin_policy.html
[modify] https://crrev.com/6008f57f7632c8a7020ace0be8b2230eda00c080/content/browser/frame_host/origin_policy_throttle.cc
[modify] https://crrev.com/6008f57f7632c8a7020ace0be8b2230eda00c080/content/browser/frame_host/origin_policy_throttle.h
[modify] https://crrev.com/6008f57f7632c8a7020ace0be8b2230eda00c080/content/public/browser/BUILD.gn
[modify] https://crrev.com/6008f57f7632c8a7020ace0be8b2230eda00c080/content/public/browser/content_browser_client.cc
[modify] https://crrev.com/6008f57f7632c8a7020ace0be8b2230eda00c080/content/public/browser/content_browser_client.h
[add] https://crrev.com/6008f57f7632c8a7020ace0be8b2230eda00c080/content/public/browser/origin_policy_error_reason.h

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/54b092e560faf79a534d76524dec8fd20a962377

commit 54b092e560faf79a534d76524dec8fd20a962377
Author: Daniel Vogelheim <vogelheim@chromium.org>
Date: Mon Sep 24 19:20:21 2018

Origin Policy: Implement 'redirect' behaviour.

Because: https://wicg.github.io/origin-policy/#monkey-patching-fetch, 3.4.2 #8

This addresses deferred feedback from https://crrev.com/c/1148395

Bug: 751996
Change-Id: Iac7756bf7c6b126711f002fd94b82bfd5fcae522
Reviewed-on: https://chromium-review.googlesource.com/1221146
Commit-Queue: Daniel Vogelheim <vogelheim@chromium.org>
Reviewed-by: Alex Moshchuk <alexmos@chromium.org>
Cr-Commit-Position: refs/heads/master@{#593626}
[add] https://crrev.com/54b092e560faf79a534d76524dec8fd20a962377/chrome/test/data/origin_policy_browsertest/.well-known/origin-policy/policy-with-301redirect
[add] https://crrev.com/54b092e560faf79a534d76524dec8fd20a962377/chrome/test/data/origin_policy_browsertest/.well-known/origin-policy/policy-with-301redirect.mock-http-headers
[add] https://crrev.com/54b092e560faf79a534d76524dec8fd20a962377/chrome/test/data/origin_policy_browsertest/.well-known/origin-policy/policy-with-302redirect
[add] https://crrev.com/54b092e560faf79a534d76524dec8fd20a962377/chrome/test/data/origin_policy_browsertest/.well-known/origin-policy/policy-with-302redirect.mock-http-headers
[add] https://crrev.com/54b092e560faf79a534d76524dec8fd20a962377/chrome/test/data/origin_policy_browsertest/.well-known/origin-policy/policy-with-307redirect
[add] https://crrev.com/54b092e560faf79a534d76524dec8fd20a962377/chrome/test/data/origin_policy_browsertest/.well-known/origin-policy/policy-with-307redirect.mock-http-headers
[add] https://crrev.com/54b092e560faf79a534d76524dec8fd20a962377/chrome/test/data/origin_policy_browsertest/page-policy-301redirect.html
[add] https://crrev.com/54b092e560faf79a534d76524dec8fd20a962377/chrome/test/data/origin_policy_browsertest/page-policy-301redirect.html.mock-http-headers
[add] https://crrev.com/54b092e560faf79a534d76524dec8fd20a962377/chrome/test/data/origin_policy_browsertest/page-policy-302redirect.html
[add] https://crrev.com/54b092e560faf79a534d76524dec8fd20a962377/chrome/test/data/origin_policy_browsertest/page-policy-302redirect.html.mock-http-headers
[add] https://crrev.com/54b092e560faf79a534d76524dec8fd20a962377/chrome/test/data/origin_policy_browsertest/page-policy-307redirect.html
[add] https://crrev.com/54b092e560faf79a534d76524dec8fd20a962377/chrome/test/data/origin_policy_browsertest/page-policy-307redirect.html.mock-http-headers
[modify] https://crrev.com/54b092e560faf79a534d76524dec8fd20a962377/chrome/test/origin_policy/origin_policy_browsertest.cc
[modify] https://crrev.com/54b092e560faf79a534d76524dec8fd20a962377/content/browser/frame_host/origin_policy_throttle.cc
[modify] https://crrev.com/54b092e560faf79a534d76524dec8fd20a962377/content/browser/frame_host/origin_policy_throttle.h

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/5421fc28c90bd861efe078b397cc14af008fed78

commit 5421fc28c90bd861efe078b397cc14af008fed78
Author: Daniel Vogelheim <vogelheim@chromium.org>
Date: Mon Nov 12 16:19:10 2018

[Origin Policy] Change request header default to "0".

Change the client header announcing OP capability to use the value "0". This
is meant to mitigate an apparently reasonably common bug where the header value
is blindly copied into the request (as observed in the referenced bug).

Bug: 751996,  901477 
Change-Id: I85c67cfdad3d15fc8e76e62bf1f84323faa1f790
Reviewed-on: https://chromium-review.googlesource.com/c/1328982
Reviewed-by: Mike West <mkwst@chromium.org>
Reviewed-by: Camille Lamy <clamy@chromium.org>
Commit-Queue: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#607246}
[modify] https://crrev.com/5421fc28c90bd861efe078b397cc14af008fed78/content/browser/frame_host/origin_policy_throttle.cc
[modify] https://crrev.com/5421fc28c90bd861efe078b397cc14af008fed78/content/browser/frame_host/origin_policy_throttle_unittest.cc

The following revision refers to this bug: 
https://chromium.googlesource.com/chromium/src.git/+/8c355c981eaec984dba844f43ab228308d62cc7a

Commit: 8c355c981eaec984dba844f43ab228308d62cc7a
Author: vogelheim@chromium.org
Commiter: vogelheim@chromium.org
Date: 2018-11-15 16:23:32 +0000 UTC

[Origin Policy] Change request header default to "0".

Change the client header announcing OP capability to use the value "0". This
is meant to mitigate an apparently reasonably common bug where the header value
is blindly copied into the request (as observed in the referenced bug).

Bug: 751996,  901477 
Change-Id: I85c67cfdad3d15fc8e76e62bf1f84323faa1f790
Reviewed-on: https://chromium-review.googlesource.com/c/1328982
Reviewed-by: Mike West <mkwst@chromium.org>
Reviewed-by: Camille Lamy <clamy@chromium.org>
Commit-Queue: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#607246}(cherry picked from commit 5421fc28c90bd861efe078b397cc14af008fed78)
Reviewed-on: https://chromium-review.googlesource.com/c/1338103
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/branch-heads/3578@{#690}
Cr-Branched-From: 4226ddf99103e493d7afb23a4c7902ee496108b6-refs/heads/master@{#599034}

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/8c355c981eaec984dba844f43ab228308d62cc7a

commit 8c355c981eaec984dba844f43ab228308d62cc7a
Author: Daniel Vogelheim <vogelheim@chromium.org>
Date: Thu Nov 15 16:23:32 2018

[Origin Policy] Change request header default to "0".

Change the client header announcing OP capability to use the value "0". This
is meant to mitigate an apparently reasonably common bug where the header value
is blindly copied into the request (as observed in the referenced bug).

Bug: 751996,  901477 
Change-Id: I85c67cfdad3d15fc8e76e62bf1f84323faa1f790
Reviewed-on: https://chromium-review.googlesource.com/c/1328982
Reviewed-by: Mike West <mkwst@chromium.org>
Reviewed-by: Camille Lamy <clamy@chromium.org>
Commit-Queue: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#607246}(cherry picked from commit 5421fc28c90bd861efe078b397cc14af008fed78)
Reviewed-on: https://chromium-review.googlesource.com/c/1338103
Reviewed-by: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/branch-heads/3578@{#690}
Cr-Branched-From: 4226ddf99103e493d7afb23a4c7902ee496108b6-refs/heads/master@{#599034}
[modify] https://crrev.com/8c355c981eaec984dba844f43ab228308d62cc7a/content/browser/frame_host/origin_policy_throttle.cc
[modify] https://crrev.com/8c355c981eaec984dba844f43ab228308d62cc7a/content/browser/frame_host/origin_policy_throttle_unittest.cc

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/7e618744354e3faee1b8ee8d4b75537784a668c7

commit 7e618744354e3faee1b8ee8d4b75537784a668c7
Author: Daniel Vogelheim <vogelheim@chromium.org>
Date: Mon Nov 19 16:50:15 2018

Origin Policy: Add support for Feature Policy.

Bug: 751996
Change-Id: I969cd67059c6105f468dc56efe01c8de8869565b
Reviewed-on: https://chromium-review.googlesource.com/c/1202202
Commit-Queue: Daniel Vogelheim <vogelheim@chromium.org>
Reviewed-by: Mike West <mkwst@chromium.org>
Cr-Commit-Position: refs/heads/master@{#609331}
[add] https://crrev.com/7e618744354e3faee1b8ee8d4b75537784a668c7/third_party/WebKit/LayoutTests/external/wpt/.well-known/origin-policy/policy-features
[add] https://crrev.com/7e618744354e3faee1b8ee8d4b75537784a668c7/third_party/WebKit/LayoutTests/external/wpt/origin-policy/origin-policy-features.https.tentative.html
[add] https://crrev.com/7e618744354e3faee1b8ee8d4b75537784a668c7/third_party/WebKit/LayoutTests/external/wpt/origin-policy/origin-policy-features.https.tentative.html.headers
[modify] https://crrev.com/7e618744354e3faee1b8ee8d4b75537784a668c7/third_party/blink/common/origin_policy/origin_policy_parser.cc
[modify] https://crrev.com/7e618744354e3faee1b8ee8d4b75537784a668c7/third_party/blink/common/origin_policy/origin_policy_parser.h
[modify] https://crrev.com/7e618744354e3faee1b8ee8d4b75537784a668c7/third_party/blink/common/origin_policy/origin_policy_unittest.cc
[modify] https://crrev.com/7e618744354e3faee1b8ee8d4b75537784a668c7/third_party/blink/public/common/origin_policy/origin_policy.h
[modify] https://crrev.com/7e618744354e3faee1b8ee8d4b75537784a668c7/third_party/blink/renderer/core/loader/document_loader.cc

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/c0162c1b508aadbf4b98d39793e68e681db6b028

commit c0162c1b508aadbf4b98d39793e68e681db6b028
Author: Daniel Vogelheim <vogelheim@chromium.org>
Date: Thu Nov 29 10:35:16 2018

[Origin Policy] Updated, less flippant Origin Policy Interstitial text.

Bug: 751996,  901477 
Change-Id: Ia150dc83158bae7db8160bddf0377328ff1b2b11
Reviewed-on: https://chromium-review.googlesource.com/c/1344131
Reviewed-by: Carlos IL <carlosil@chromium.org>
Commit-Queue: Daniel Vogelheim <vogelheim@chromium.org>
Cr-Commit-Position: refs/heads/master@{#612133}
[modify] https://crrev.com/c0162c1b508aadbf4b98d39793e68e681db6b028/chrome/test/origin_policy/origin_policy_browsertest.cc
[modify] https://crrev.com/c0162c1b508aadbf4b98d39793e68e681db6b028/components/security_interstitials/core/browser/resources/interstitial_origin_policy.html