Implement origin whitelist mechanism in CORSURLLoader.
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/f22c055e4bd497ee3cde9a220e662c4df2cae5ff commit f22c055e4bd497ee3cde9a220e662c4df2cae5ff Author: Takashi Toyoshima <toyoshim@chromium.org> Date: Wed Aug 15 09:34:59 2018 Remove unused WebSecurityPolicy::RemoveOriginAccessWhitelistEntry Though the interface is plumbed, only one layout test calls it for testing itself and there is no real user today. This interface was introduced in WebKit era, and chromium use of this interface was completely replaced by RemoveAllOriginAccessWhitelistEntriesForOrigin in https://chromium-review.googlesource.com/c/chromium/src/+/1105287. This is a trivial preparation for implementing origin whitelising for the Network Service. Bug: 870172 Change-Id: I4ff5a91d95dbb65fa30c471e77d44b7e2ad3a92a Reviewed-on: https://chromium-review.googlesource.com/1175581 Reviewed-by: Kent Tamura <tkent@chromium.org> Commit-Queue: Takashi Toyoshima <toyoshim@chromium.org> Cr-Commit-Position: refs/heads/master@{#583203} [modify] https://crrev.com/f22c055e4bd497ee3cde9a220e662c4df2cae5ff/content/shell/test_runner/test_runner.cc [modify] https://crrev.com/f22c055e4bd497ee3cde9a220e662c4df2cae5ff/third_party/WebKit/LayoutTests/TestExpectations [delete] https://crrev.com/c1b6d6a2b7a6e834bdeeca93269cfaffb123a086/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/origin-whitelisting-removal-expected.txt [delete] https://crrev.com/c1b6d6a2b7a6e834bdeeca93269cfaffb123a086/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/origin-whitelisting-removal.html [modify] https://crrev.com/f22c055e4bd497ee3cde9a220e662c4df2cae5ff/third_party/blink/public/web/web_security_policy.h [modify] https://crrev.com/f22c055e4bd497ee3cde9a220e662c4df2cae5ff/third_party/blink/renderer/core/exported/web_security_policy.cc
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/5f6c3a26dbf5cbaa41ade37ce53aca8de5088e46 commit 5f6c3a26dbf5cbaa41ade37ce53aca8de5088e46 Author: Takashi Toyoshima <toyoshim@chromium.org> Date: Thu Aug 16 04:03:13 2018 Remove unused WebSecurityPolicy::RemoveOriginAccessBlacklist* These public interfaces, RemoveOriginAccessBlacklist and RemoveORiginAccessBlacklistEntry, are not used today. Even also the internal method, SecurityPolicy::RemoveOriginAccessBlacklistEntry, is not used. Only SecurityPolicy::ResetOriginAccessBlacklists is used. Bug: 870172 Change-Id: I654153d3b7a2e3f7e9f5194540a2b8aee7f8d165 Reviewed-on: https://chromium-review.googlesource.com/1175647 Reviewed-by: Kent Tamura <tkent@chromium.org> Commit-Queue: Takashi Toyoshima <toyoshim@chromium.org> Cr-Commit-Position: refs/heads/master@{#583531} [modify] https://crrev.com/5f6c3a26dbf5cbaa41ade37ce53aca8de5088e46/third_party/blink/public/web/web_security_policy.h [modify] https://crrev.com/5f6c3a26dbf5cbaa41ade37ce53aca8de5088e46/third_party/blink/renderer/core/exported/web_security_policy.cc [modify] https://crrev.com/5f6c3a26dbf5cbaa41ade37ce53aca8de5088e46/third_party/blink/renderer/platform/weborigin/security_policy.cc [modify] https://crrev.com/5f6c3a26dbf5cbaa41ade37ce53aca8de5088e46/third_party/blink/renderer/platform/weborigin/security_policy.h
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/3eb6766f20800b89c8ca231b5e0afbc02c3edde8 commit 3eb6766f20800b89c8ca231b5e0afbc02c3edde8 Author: Takashi Toyoshima <toyoshim@chromium.org> Date: Thu Aug 16 07:47:53 2018 Remove unused SecurityPolicy::RemoveOriginAccessWhitelistEntry Now this interface is called only from a unit test, and it looks safe to replace it with ResetOriginAccessWhitelists in terms of what should be tested in the unit test. Bug: 870172 Change-Id: Ifd8362531394542537d762b7add4f565637ffd0d Reviewed-on: https://chromium-review.googlesource.com/1175655 Reviewed-by: Kent Tamura <tkent@chromium.org> Reviewed-by: Devlin <rdevlin.cronin@chromium.org> Commit-Queue: Takashi Toyoshima <toyoshim@chromium.org> Cr-Commit-Position: refs/heads/master@{#583577} [modify] https://crrev.com/3eb6766f20800b89c8ca231b5e0afbc02c3edde8/third_party/blink/renderer/platform/weborigin/security_policy.cc [modify] https://crrev.com/3eb6766f20800b89c8ca231b5e0afbc02c3edde8/third_party/blink/renderer/platform/weborigin/security_policy.h [modify] https://crrev.com/3eb6766f20800b89c8ca231b5e0afbc02c3edde8/third_party/blink/renderer/platform/weborigin/security_policy_test.cc
Issue 803770 has been merged into this issue.
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/1fa50e1a09717f28b209cbfcda728662a2dab16e commit 1fa50e1a09717f28b209cbfcda728662a2dab16e Author: Takashi Toyoshima <toyoshim@chromium.org> Date: Thu Aug 23 09:38:31 2018 OOR-CORS: Implement NetworkService port of OriginAccessEntry This patch implements NetworkService version of OriginAccessEntry in services/network/public/cpp/cors/ and makes existing blink::OriginAccessEntry just use the NetworkService version instead of having its own implementation. Motivation of this change is to use OriginAccessEntry::MatchesOrigin() in the NetworkService to provide origin access whitelisting. Bug: 870172 Cq-Include-Trybots: luci.chromium.try:linux_mojo Change-Id: I35d41addbab91813e11bdc4d8cfd74c644fb39d2 Reviewed-on: https://chromium-review.googlesource.com/1181142 Reviewed-by: Yutaka Hirano <yhirano@chromium.org> Reviewed-by: Kentaro Hara <haraken@chromium.org> Commit-Queue: Takashi Toyoshima <toyoshim@chromium.org> Cr-Commit-Position: refs/heads/master@{#585437} [modify] https://crrev.com/1fa50e1a09717f28b209cbfcda728662a2dab16e/services/network/public/cpp/BUILD.gn [add] https://crrev.com/1fa50e1a09717f28b209cbfcda728662a2dab16e/services/network/public/cpp/cors/origin_access_entry.cc [add] https://crrev.com/1fa50e1a09717f28b209cbfcda728662a2dab16e/services/network/public/cpp/cors/origin_access_entry.h [rename] https://crrev.com/1fa50e1a09717f28b209cbfcda728662a2dab16e/services/network/public/cpp/cors/origin_access_entry_unittest.cc [modify] https://crrev.com/1fa50e1a09717f28b209cbfcda728662a2dab16e/third_party/blink/renderer/core/dom/document.cc [modify] https://crrev.com/1fa50e1a09717f28b209cbfcda728662a2dab16e/third_party/blink/renderer/core/loader/base_fetch_context.cc [modify] https://crrev.com/1fa50e1a09717f28b209cbfcda728662a2dab16e/third_party/blink/renderer/modules/credentialmanager/credentials_container.cc [modify] https://crrev.com/1fa50e1a09717f28b209cbfcda728662a2dab16e/third_party/blink/renderer/platform/BUILD.gn [modify] https://crrev.com/1fa50e1a09717f28b209cbfcda728662a2dab16e/third_party/blink/renderer/platform/weborigin/DEPS [modify] https://crrev.com/1fa50e1a09717f28b209cbfcda728662a2dab16e/third_party/blink/renderer/platform/weborigin/origin_access_entry.cc [modify] https://crrev.com/1fa50e1a09717f28b209cbfcda728662a2dab16e/third_party/blink/renderer/platform/weborigin/origin_access_entry.h [modify] https://crrev.com/1fa50e1a09717f28b209cbfcda728662a2dab16e/third_party/blink/renderer/platform/weborigin/security_policy.cc
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/66e7d0de52aeef0f29ff2517f5852caaae4a881c commit 66e7d0de52aeef0f29ff2517f5852caaae4a881c Author: Takashi Toyoshima <toyoshim@chromium.org> Date: Tue Aug 28 09:20:10 2018 OOR-CORS: Introduce OriginAccessList to manage origin whitelisting This patches introduces OriginAccessList in the NetworkService to manage origin whitelisting in the NetworkService. Also the class is designed to be used even in Blink to unify existing whitelisting implementation in blink::SecurityPolicy. Bug: 870172 Cq-Include-Trybots: luci.chromium.try:linux_mojo Change-Id: If44cfadbbf88f5b55c8bc2b01c1ae87c7a6e0a74 Tbr: mkwst@chromium.org, rdevlin.cronin@chromium.org Reviewed-on: https://chromium-review.googlesource.com/1183203 Commit-Queue: Takashi Toyoshima <toyoshim@chromium.org> Reviewed-by: Daniel Cheng <dcheng@chromium.org> Reviewed-by: Kent Tamura <tkent@chromium.org> Reviewed-by: Yutaka Hirano <yhirano@chromium.org> Cr-Commit-Position: refs/heads/master@{#586623} [modify] https://crrev.com/66e7d0de52aeef0f29ff2517f5852caaae4a881c/chrome/renderer/extensions/chrome_extensions_dispatcher_delegate.cc [modify] https://crrev.com/66e7d0de52aeef0f29ff2517f5852caaae4a881c/content/shell/test_runner/test_runner.cc [modify] https://crrev.com/66e7d0de52aeef0f29ff2517f5852caaae4a881c/content/shell/test_runner/test_runner.h [modify] https://crrev.com/66e7d0de52aeef0f29ff2517f5852caaae4a881c/extensions/renderer/dispatcher.cc [modify] https://crrev.com/66e7d0de52aeef0f29ff2517f5852caaae4a881c/services/network/public/cpp/BUILD.gn [add] https://crrev.com/66e7d0de52aeef0f29ff2517f5852caaae4a881c/services/network/public/cpp/cors/origin_access_list.cc [add] https://crrev.com/66e7d0de52aeef0f29ff2517f5852caaae4a881c/services/network/public/cpp/cors/origin_access_list.h [add] https://crrev.com/66e7d0de52aeef0f29ff2517f5852caaae4a881c/services/network/public/cpp/cors/origin_access_list_unittest.cc [modify] https://crrev.com/66e7d0de52aeef0f29ff2517f5852caaae4a881c/services/network/public/mojom/BUILD.gn [modify] https://crrev.com/66e7d0de52aeef0f29ff2517f5852caaae4a881c/services/network/public/mojom/cors.mojom [add] https://crrev.com/66e7d0de52aeef0f29ff2517f5852caaae4a881c/services/network/public/mojom/cors_origin_pattern.mojom [modify] https://crrev.com/66e7d0de52aeef0f29ff2517f5852caaae4a881c/third_party/WebKit/LayoutTests/FlagExpectations/site-per-process [modify] https://crrev.com/66e7d0de52aeef0f29ff2517f5852caaae4a881c/third_party/WebKit/LayoutTests/http/tests/navigation/pushstate-whitelisted-at-blob-denied.html [modify] https://crrev.com/66e7d0de52aeef0f29ff2517f5852caaae4a881c/third_party/WebKit/LayoutTests/http/tests/navigation/pushstate-whitelisted-at-unique-origin-denied.php [modify] https://crrev.com/66e7d0de52aeef0f29ff2517f5852caaae4a881c/third_party/WebKit/LayoutTests/http/tests/navigation/pushstate-whitelisted-auth-denied.html [modify] https://crrev.com/66e7d0de52aeef0f29ff2517f5852caaae4a881c/third_party/WebKit/LayoutTests/http/tests/navigation/pushstate-whitelisted-denied.html [modify] https://crrev.com/66e7d0de52aeef0f29ff2517f5852caaae4a881c/third_party/WebKit/LayoutTests/http/tests/navigation/pushstate-whitelisted-in-blob-denied.html [modify] https://crrev.com/66e7d0de52aeef0f29ff2517f5852caaae4a881c/third_party/WebKit/LayoutTests/http/tests/security/isolatedWorld/cross-origin-xhr.html [modify] https://crrev.com/66e7d0de52aeef0f29ff2517f5852caaae4a881c/third_party/WebKit/LayoutTests/http/tests/security/local-image-from-remote-whitelisted-expected.txt [modify] https://crrev.com/66e7d0de52aeef0f29ff2517f5852caaae4a881c/third_party/WebKit/LayoutTests/http/tests/security/local-image-from-remote-whitelisted.html [modify] https://crrev.com/66e7d0de52aeef0f29ff2517f5852caaae4a881c/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/origin-whitelisting-all.html [modify] https://crrev.com/66e7d0de52aeef0f29ff2517f5852caaae4a881c/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/origin-whitelisting-exact-match.html [modify] https://crrev.com/66e7d0de52aeef0f29ff2517f5852caaae4a881c/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/origin-whitelisting-https.html [modify] https://crrev.com/66e7d0de52aeef0f29ff2517f5852caaae4a881c/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/origin-whitelisting-ip-addresses-with-subdomains.html [modify] https://crrev.com/66e7d0de52aeef0f29ff2517f5852caaae4a881c/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/origin-whitelisting-ip-addresses.html [modify] https://crrev.com/66e7d0de52aeef0f29ff2517f5852caaae4a881c/third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/origin-whitelisting-subdomains.html [modify] https://crrev.com/66e7d0de52aeef0f29ff2517f5852caaae4a881c/third_party/blink/public/web/web_security_policy.h [modify] https://crrev.com/66e7d0de52aeef0f29ff2517f5852caaae4a881c/third_party/blink/renderer/core/exported/web_security_policy.cc [modify] https://crrev.com/66e7d0de52aeef0f29ff2517f5852caaae4a881c/third_party/blink/renderer/platform/weborigin/DEPS [modify] https://crrev.com/66e7d0de52aeef0f29ff2517f5852caaae4a881c/third_party/blink/renderer/platform/weborigin/security_origin.cc [modify] https://crrev.com/66e7d0de52aeef0f29ff2517f5852caaae4a881c/third_party/blink/renderer/platform/weborigin/security_origin_test.cc [modify] https://crrev.com/66e7d0de52aeef0f29ff2517f5852caaae4a881c/third_party/blink/renderer/platform/weborigin/security_policy.cc [modify] https://crrev.com/66e7d0de52aeef0f29ff2517f5852caaae4a881c/third_party/blink/renderer/platform/weborigin/security_policy.h [modify] https://crrev.com/66e7d0de52aeef0f29ff2517f5852caaae4a881c/third_party/blink/renderer/platform/weborigin/security_policy_test.cc
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/449e22adadca12253abd8580af2db21963753aec commit 449e22adadca12253abd8580af2db21963753aec Author: Takashi Toyoshima <toyoshim@chromium.org> Date: Wed Sep 05 05:49:26 2018 OOR-CORS: Add navigation and security tests to virtual LayoutTests suites There are some tests that call testRunner.addOriginAccessAllowListEntry even in navigation and security test directories. They are expected to call it to bypass renderer-side security checks, but let me run them in our outofblink-cors(-ns) virtual environments just in case. Also the security directory seems to contain many relevant tests that rely on CORS check on ResourceFetcher. Bug: 870172 , 870173, 879991 Cq-Include-Trybots: luci.chromium.try:linux_layout_tests_layout_ng;luci.chromium.try:linux_mojo Change-Id: I55c75b6766da6b98c7a2d816fbcfec555d181b68 Reviewed-on: https://chromium-review.googlesource.com/1193524 Reviewed-by: Yutaka Hirano <yhirano@chromium.org> Commit-Queue: Takashi Toyoshima <toyoshim@chromium.org> Cr-Commit-Position: refs/heads/master@{#588773} [modify] https://crrev.com/449e22adadca12253abd8580af2db21963753aec/third_party/WebKit/LayoutTests/FlagExpectations/enable-blink-features=HeapIncrementalMarkingStress [modify] https://crrev.com/449e22adadca12253abd8580af2db21963753aec/third_party/WebKit/LayoutTests/FlagExpectations/enable-blink-features=LayoutNG [modify] https://crrev.com/449e22adadca12253abd8580af2db21963753aec/third_party/WebKit/LayoutTests/FlagExpectations/enable-browser-side-navigation [modify] https://crrev.com/449e22adadca12253abd8580af2db21963753aec/third_party/WebKit/LayoutTests/FlagExpectations/enable-features=NetworkService [modify] https://crrev.com/449e22adadca12253abd8580af2db21963753aec/third_party/WebKit/LayoutTests/FlagExpectations/site-per-process [modify] https://crrev.com/449e22adadca12253abd8580af2db21963753aec/third_party/WebKit/LayoutTests/LeakExpectations [modify] https://crrev.com/449e22adadca12253abd8580af2db21963753aec/third_party/WebKit/LayoutTests/SlowTests [modify] https://crrev.com/449e22adadca12253abd8580af2db21963753aec/third_party/WebKit/LayoutTests/TestExpectations [modify] https://crrev.com/449e22adadca12253abd8580af2db21963753aec/third_party/WebKit/LayoutTests/VirtualTestSuites [add] https://crrev.com/449e22adadca12253abd8580af2db21963753aec/third_party/WebKit/LayoutTests/virtual/outofblink-cors-ns/http/tests/navigation/README.txt [add] https://crrev.com/449e22adadca12253abd8580af2db21963753aec/third_party/WebKit/LayoutTests/virtual/outofblink-cors-ns/http/tests/security/README.txt [add] https://crrev.com/449e22adadca12253abd8580af2db21963753aec/third_party/WebKit/LayoutTests/virtual/outofblink-cors/http/tests/navigation/README.txt [add] https://crrev.com/449e22adadca12253abd8580af2db21963753aec/third_party/WebKit/LayoutTests/virtual/outofblink-cors/http/tests/security/README.txt
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/c40dc576c1e54931630fa16e3e8a1be956ab479b commit c40dc576c1e54931630fa16e3e8a1be956ab479b Author: Takashi Toyoshima <toyoshim@chromium.org> Date: Wed Sep 05 06:47:32 2018 OOR-CORS: Use OriginAccessList in CORSURLLoaderFactory This makes CORSURLLoaderFactory use OriginAccessList to check the source origin and destination URL pairs in the allowed list. There is no caller in production code at this moment, but patch set to support the legacy path and NetworkService will follow respectively. Bug: 870172 Cq-Include-Trybots: luci.chromium.try:linux_mojo Change-Id: Iba37beb1d955edf05148ad9ac15731e64e58de1e Reviewed-on: https://chromium-review.googlesource.com/1196702 Commit-Queue: Takashi Toyoshima <toyoshim@chromium.org> Reviewed-by: Yutaka Hirano <yhirano@chromium.org> Cr-Commit-Position: refs/heads/master@{#588782} [modify] https://crrev.com/c40dc576c1e54931630fa16e3e8a1be956ab479b/content/browser/loader/resource_message_filter.cc [modify] https://crrev.com/c40dc576c1e54931630fa16e3e8a1be956ab479b/services/network/cors/cors_url_loader.cc [modify] https://crrev.com/c40dc576c1e54931630fa16e3e8a1be956ab479b/services/network/cors/cors_url_loader.h [modify] https://crrev.com/c40dc576c1e54931630fa16e3e8a1be956ab479b/services/network/cors/cors_url_loader_factory.cc [modify] https://crrev.com/c40dc576c1e54931630fa16e3e8a1be956ab479b/services/network/cors/cors_url_loader_factory.h [modify] https://crrev.com/c40dc576c1e54931630fa16e3e8a1be956ab479b/services/network/cors/cors_url_loader_unittest.cc [modify] https://crrev.com/c40dc576c1e54931630fa16e3e8a1be956ab479b/services/network/network_context.cc [modify] https://crrev.com/c40dc576c1e54931630fa16e3e8a1be956ab479b/services/network/public/cpp/cors/origin_access_list.h
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/621e2bf6a1c32aa78dca4d1c09fbbc1b80b54c07 commit 621e2bf6a1c32aa78dca4d1c09fbbc1b80b54c07 Author: Takashi Toyoshima <toyoshim@chromium.org> Date: Tue Sep 18 08:05:16 2018 OOR-CORS: Add SharedCorsOriginAccessList to the BorwserContext This patch adds SharedCorsOriginAccessList class to the public content interface, so that Chrome Extension can access the interface via BrowserContext. SharedCorsOriginAccessList is managed to be per BrowserContext, and shared among multiple ResourceMessageFilter instances so that all created CORSURLLoaderFactory for these filters can refer its shared single network::cors::OriginAccessList instance. Access lists will be modified via BrowserContext interface on the UI thread, but all accesses to the OriginAccessList should be on the IO thread. SharedCorsOriginAccessList cares for this thread restriction. Bug: 870172 Cq-Include-Trybots: luci.chromium.try:linux_mojo Change-Id: Iff894d8e1a831eb212fd00a8822a2c29ae9dcc2e Reviewed-on: https://chromium-review.googlesource.com/1196802 Commit-Queue: Takashi Toyoshima <toyoshim@chromium.org> Reviewed-by: Yutaka Hirano <yhirano@chromium.org> Reviewed-by: Matt Menke <mmenke@chromium.org> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Cr-Commit-Position: refs/heads/master@{#591968} [modify] https://crrev.com/621e2bf6a1c32aa78dca4d1c09fbbc1b80b54c07/content/browser/BUILD.gn [modify] https://crrev.com/621e2bf6a1c32aa78dca4d1c09fbbc1b80b54c07/content/browser/browser_context.cc [modify] https://crrev.com/621e2bf6a1c32aa78dca4d1c09fbbc1b80b54c07/content/browser/loader/resource_dispatcher_host_unittest.cc [modify] https://crrev.com/621e2bf6a1c32aa78dca4d1c09fbbc1b80b54c07/content/browser/loader/resource_message_filter.cc [modify] https://crrev.com/621e2bf6a1c32aa78dca4d1c09fbbc1b80b54c07/content/browser/loader/resource_message_filter.h [add] https://crrev.com/621e2bf6a1c32aa78dca4d1c09fbbc1b80b54c07/content/browser/loader/shared_cors_origin_access_list_impl.cc [add] https://crrev.com/621e2bf6a1c32aa78dca4d1c09fbbc1b80b54c07/content/browser/loader/shared_cors_origin_access_list_impl.h [modify] https://crrev.com/621e2bf6a1c32aa78dca4d1c09fbbc1b80b54c07/content/browser/loader/url_loader_factory_impl_unittest.cc [modify] https://crrev.com/621e2bf6a1c32aa78dca4d1c09fbbc1b80b54c07/content/browser/renderer_host/render_process_host_impl.cc [modify] https://crrev.com/621e2bf6a1c32aa78dca4d1c09fbbc1b80b54c07/content/public/browser/BUILD.gn [modify] https://crrev.com/621e2bf6a1c32aa78dca4d1c09fbbc1b80b54c07/content/public/browser/browser_context.h [add] https://crrev.com/621e2bf6a1c32aa78dca4d1c09fbbc1b80b54c07/content/public/browser/shared_cors_origin_access_list.h [modify] https://crrev.com/621e2bf6a1c32aa78dca4d1c09fbbc1b80b54c07/services/network/cors/cors_url_loader_factory.cc
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/a12ecf4815e2d168b4f63f07e59032f754a4e4f4 commit a12ecf4815e2d168b4f63f07e59032f754a4e4f4 Author: Takashi Toyoshima <toyoshim@chromium.org> Date: Tue Sep 25 07:46:01 2018 OOR-CORS: Add access list interfaces in NetworkService With this patch, NetworkContext has interfaces to manage the allow / block lists to make the NetworkContext consistent with Blink side lists. Also with this and previous changes, now callers can call BrowserContext interface to manage the lists regardless of NetworkService availability. Bug: 870172 Cq-Include-Trybots: luci.chromium.try:linux_mojo Change-Id: Id79b2c718000c8c1c7afe844145cbe6a6710facc Reviewed-on: https://chromium-review.googlesource.com/1195216 Commit-Queue: Takashi Toyoshima <toyoshim@chromium.org> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Reviewed-by: Yutaka Hirano <yhirano@chromium.org> Cr-Commit-Position: refs/heads/master@{#593851} [modify] https://crrev.com/a12ecf4815e2d168b4f63f07e59032f754a4e4f4/content/browser/browser_context.cc [modify] https://crrev.com/a12ecf4815e2d168b4f63f07e59032f754a4e4f4/content/browser/loader/resource_message_filter.cc [modify] https://crrev.com/a12ecf4815e2d168b4f63f07e59032f754a4e4f4/content/browser/loader/resource_message_filter.h [modify] https://crrev.com/a12ecf4815e2d168b4f63f07e59032f754a4e4f4/content/browser/loader/shared_cors_origin_access_list_impl.cc [modify] https://crrev.com/a12ecf4815e2d168b4f63f07e59032f754a4e4f4/content/browser/loader/shared_cors_origin_access_list_impl.h [modify] https://crrev.com/a12ecf4815e2d168b4f63f07e59032f754a4e4f4/content/public/browser/browser_context.h [modify] https://crrev.com/a12ecf4815e2d168b4f63f07e59032f754a4e4f4/content/public/browser/shared_cors_origin_access_list.h [modify] https://crrev.com/a12ecf4815e2d168b4f63f07e59032f754a4e4f4/services/network/cors/cors_url_loader.cc [modify] https://crrev.com/a12ecf4815e2d168b4f63f07e59032f754a4e4f4/services/network/cors/cors_url_loader_factory.cc [modify] https://crrev.com/a12ecf4815e2d168b4f63f07e59032f754a4e4f4/services/network/network_context.cc [modify] https://crrev.com/a12ecf4815e2d168b4f63f07e59032f754a4e4f4/services/network/network_context.h [modify] https://crrev.com/a12ecf4815e2d168b4f63f07e59032f754a4e4f4/services/network/public/mojom/network_context.mojom [modify] https://crrev.com/a12ecf4815e2d168b4f63f07e59032f754a4e4f4/services/network/test/test_network_context.h
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/750c90904c84ce832e8339bd5d2bb6b9949e00ec commit 750c90904c84ce832e8339bd5d2bb6b9949e00ec Author: Takashi Toyoshima <toyoshim@chromium.org> Date: Mon Oct 01 08:52:55 2018 OOR-CORS: Run origin-whitelisting-* equivalent tests in browser_tests Since these tests are not for web platform features, and it's a little difficult to change configurations for browser process and NetworkService from blink layout tests, these tests will run as a content_browsertests if OOR-CORS is enabled. Bug: 870172 Cq-Include-Trybots: luci.chromium.try:linux_mojo Change-Id: I7d483708b30e220fd7a79db813c8818db310f85c Reviewed-on: https://chromium-review.googlesource.com/1213102 Commit-Queue: Takashi Toyoshima <toyoshim@chromium.org> Reviewed-by: Yutaka Hirano <yhirano@chromium.org> Cr-Commit-Position: refs/heads/master@{#595408} [add] https://crrev.com/750c90904c84ce832e8339bd5d2bb6b9949e00ec/content/browser/loader/cors_origin_access_list_browsertest.cc [modify] https://crrev.com/750c90904c84ce832e8339bd5d2bb6b9949e00ec/content/test/BUILD.gn [add] https://crrev.com/750c90904c84ce832e8339bd5d2bb6b9949e00ec/content/test/data/loader/cors_origin_access_list_test.html [add] https://crrev.com/750c90904c84ce832e8339bd5d2bb6b9949e00ec/content/test/data/loader/get.txt [modify] https://crrev.com/750c90904c84ce832e8339bd5d2bb6b9949e00ec/third_party/WebKit/LayoutTests/NeverFixTests [modify] https://crrev.com/750c90904c84ce832e8339bd5d2bb6b9949e00ec/third_party/WebKit/LayoutTests/TestExpectations
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/00bb30371b2623cc289e36478a87925074aee87c commit 00bb30371b2623cc289e36478a87925074aee87c Author: Takashi Toyoshima <toyoshim@chromium.org> Date: Mon Nov 05 05:50:14 2018 OOR-CORS: Factor out allow/block list calculation logic This patch factors out allow/block list calculation logic into cors_util so that browser side list management code can reuse the same logic. Also this patch fixes some wrong tests, and refines access list management APIs among network::OriginAccessList, and blink::(Web)SecurityPolicy so that developers are not confused. Bug: 870172 Change-Id: I781b258e2f0ec7ad70065beda0f6eb96923cc690 Reviewed-on: https://chromium-review.googlesource.com/c/1309389 Reviewed-by: Devlin <rdevlin.cronin@chromium.org> Reviewed-by: Yutaka Hirano <yhirano@chromium.org> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Commit-Queue: Takashi Toyoshima <toyoshim@chromium.org> Cr-Commit-Position: refs/heads/master@{#605259} [modify] https://crrev.com/00bb30371b2623cc289e36478a87925074aee87c/content/shell/test_runner/test_runner.cc [modify] https://crrev.com/00bb30371b2623cc289e36478a87925074aee87c/extensions/common/BUILD.gn [modify] https://crrev.com/00bb30371b2623cc289e36478a87925074aee87c/extensions/common/DEPS [add] https://crrev.com/00bb30371b2623cc289e36478a87925074aee87c/extensions/common/cors_util.cc [add] https://crrev.com/00bb30371b2623cc289e36478a87925074aee87c/extensions/common/cors_util.h [modify] https://crrev.com/00bb30371b2623cc289e36478a87925074aee87c/extensions/renderer/dispatcher.cc [modify] https://crrev.com/00bb30371b2623cc289e36478a87925074aee87c/services/network/cors/cors_url_loader_unittest.cc [modify] https://crrev.com/00bb30371b2623cc289e36478a87925074aee87c/services/network/public/cpp/cors/origin_access_list.cc [modify] https://crrev.com/00bb30371b2623cc289e36478a87925074aee87c/services/network/public/cpp/cors/origin_access_list.h [modify] https://crrev.com/00bb30371b2623cc289e36478a87925074aee87c/services/network/public/cpp/cors/origin_access_list_unittest.cc [modify] https://crrev.com/00bb30371b2623cc289e36478a87925074aee87c/third_party/blink/public/web/web_security_policy.h [modify] https://crrev.com/00bb30371b2623cc289e36478a87925074aee87c/third_party/blink/renderer/core/exported/web_security_policy.cc [modify] https://crrev.com/00bb30371b2623cc289e36478a87925074aee87c/third_party/blink/renderer/platform/weborigin/security_origin_test.cc [modify] https://crrev.com/00bb30371b2623cc289e36478a87925074aee87c/third_party/blink/renderer/platform/weborigin/security_policy.cc [modify] https://crrev.com/00bb30371b2623cc289e36478a87925074aee87c/third_party/blink/renderer/platform/weborigin/security_policy.h [modify] https://crrev.com/00bb30371b2623cc289e36478a87925074aee87c/third_party/blink/renderer/platform/weborigin/security_policy_test.cc
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/e2d39810b3c6fc4791ed064d3d05b147b9a84c98 commit e2d39810b3c6fc4791ed064d3d05b147b9a84c98 Author: Takashi Toyoshima <toyoshim@chromium.org> Date: Thu Nov 08 05:54:17 2018 OOR-CORS: Move chrome specific origin permission code to ExtensionsClient Now Chrome specific origin permissions are handled in extensions::DispatcherDelegate implementation in chrome/renderer/extensions. To share this code with new callers in browser process, this change moves the method to ExtensionsClient so that browser side callers can call it. Bug: 870172 Change-Id: I0a55bd41b0eccb3450c7b6b32bc1fa5105ac3856 Reviewed-on: https://chromium-review.googlesource.com/c/1314018 Reviewed-by: Devlin <rdevlin.cronin@chromium.org> Commit-Queue: Takashi Toyoshima <toyoshim@chromium.org> Cr-Commit-Position: refs/heads/master@{#606361} [modify] https://crrev.com/e2d39810b3c6fc4791ed064d3d05b147b9a84c98/chrome/common/extensions/chrome_extensions_client.cc [modify] https://crrev.com/e2d39810b3c6fc4791ed064d3d05b147b9a84c98/chrome/common/extensions/chrome_extensions_client.h [modify] https://crrev.com/e2d39810b3c6fc4791ed064d3d05b147b9a84c98/chrome/renderer/BUILD.gn [modify] https://crrev.com/e2d39810b3c6fc4791ed064d3d05b147b9a84c98/chrome/renderer/extensions/chrome_extensions_dispatcher_delegate.cc [modify] https://crrev.com/e2d39810b3c6fc4791ed064d3d05b147b9a84c98/chrome/renderer/extensions/chrome_extensions_dispatcher_delegate.h [modify] https://crrev.com/e2d39810b3c6fc4791ed064d3d05b147b9a84c98/extensions/common/extensions_client.cc [modify] https://crrev.com/e2d39810b3c6fc4791ed064d3d05b147b9a84c98/extensions/common/extensions_client.h [modify] https://crrev.com/e2d39810b3c6fc4791ed064d3d05b147b9a84c98/extensions/renderer/dispatcher.cc [modify] https://crrev.com/e2d39810b3c6fc4791ed064d3d05b147b9a84c98/extensions/renderer/dispatcher_delegate.h
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/6957907c26e9d77216a7a86b19d6f1909fedea07 commit 6957907c26e9d77216a7a86b19d6f1909fedea07 Author: Takashi Toyoshima <toyoshim@chromium.org> Date: Mon Nov 19 07:10:50 2018 OOR-CORS: Origin access list support for Chrome Extensions This patch makes Chrome Extensions to call BrowserContext functions to have right permission access lists in all relevant processes including NetworkService that also has CORS checks. Since NetworkService is accessed over mojo, all operations need to be asynchronous. This requires that PermissionsUpdater take a completion callback to let callers know its completion. PermissionsUpdater now relies on a private helper class that outlives it to handle the asynchronous completion. Bug: 870172 Cq-Include-Trybots: luci.chromium.try:linux_mojo Change-Id: I1c0642f162a0a71034c2529262150dbf4a1e4da8 Reviewed-on: https://chromium-review.googlesource.com/c/1186382 Commit-Queue: Takashi Toyoshima <toyoshim@chromium.org> Reviewed-by: Devlin <rdevlin.cronin@chromium.org> Reviewed-by: Ćukasz Anforowicz <lukasza@chromium.org> Cr-Commit-Position: refs/heads/master@{#609194} [modify] https://crrev.com/6957907c26e9d77216a7a86b19d6f1909fedea07/chrome/browser/extensions/api/developer_private/developer_private_api.cc [modify] https://crrev.com/6957907c26e9d77216a7a86b19d6f1909fedea07/chrome/browser/extensions/api/developer_private/developer_private_api.h [modify] https://crrev.com/6957907c26e9d77216a7a86b19d6f1909fedea07/chrome/browser/extensions/api/developer_private/developer_private_api_unittest.cc [modify] https://crrev.com/6957907c26e9d77216a7a86b19d6f1909fedea07/chrome/browser/extensions/api/developer_private/extension_info_generator_unittest.cc [modify] https://crrev.com/6957907c26e9d77216a7a86b19d6f1909fedea07/chrome/browser/extensions/api/permissions/permissions_api.cc [modify] https://crrev.com/6957907c26e9d77216a7a86b19d6f1909fedea07/chrome/browser/extensions/api/permissions/permissions_api.h [modify] https://crrev.com/6957907c26e9d77216a7a86b19d6f1909fedea07/chrome/browser/extensions/api/permissions/permissions_api_unittest.cc [modify] https://crrev.com/6957907c26e9d77216a7a86b19d6f1909fedea07/chrome/browser/extensions/extension_context_menu_model_unittest.cc [modify] https://crrev.com/6957907c26e9d77216a7a86b19d6f1909fedea07/chrome/browser/extensions/extension_service_unittest.cc [modify] https://crrev.com/6957907c26e9d77216a7a86b19d6f1909fedea07/chrome/browser/extensions/permission_messages_unittest.cc [add] https://crrev.com/6957907c26e9d77216a7a86b19d6f1909fedea07/chrome/browser/extensions/permissions_test_util.cc [add] https://crrev.com/6957907c26e9d77216a7a86b19d6f1909fedea07/chrome/browser/extensions/permissions_test_util.h [modify] https://crrev.com/6957907c26e9d77216a7a86b19d6f1909fedea07/chrome/browser/extensions/permissions_updater.cc [modify] https://crrev.com/6957907c26e9d77216a7a86b19d6f1909fedea07/chrome/browser/extensions/permissions_updater.h [modify] https://crrev.com/6957907c26e9d77216a7a86b19d6f1909fedea07/chrome/browser/extensions/permissions_updater_unittest.cc [modify] https://crrev.com/6957907c26e9d77216a7a86b19d6f1909fedea07/chrome/browser/extensions/scripting_permissions_modifier.cc [modify] https://crrev.com/6957907c26e9d77216a7a86b19d6f1909fedea07/chrome/browser/extensions/scripting_permissions_modifier_unittest.cc [modify] https://crrev.com/6957907c26e9d77216a7a86b19d6f1909fedea07/chrome/test/BUILD.gn [modify] https://crrev.com/6957907c26e9d77216a7a86b19d6f1909fedea07/extensions/browser/renderer_startup_helper.cc [modify] https://crrev.com/6957907c26e9d77216a7a86b19d6f1909fedea07/extensions/renderer/dispatcher.cc
Comment 1 by yhirano@chromium.org
, Aug 2