Skip to content

Commit

Permalink
Reland "Fetch: Plumb request initiator through passthrough service wo…
Browse files Browse the repository at this point in the history
…rkers."

This is a reland of da0a6501cf321579bd46a27ff9fba1bb8ea910bb

This CL also includes a change to mark the two WPT tests as requiring
long timeout durations.  On my fast build machine with an opt build
they take ~5 seconds each to complete and the default timeout is 10
seconds.  On slower bots with debug builds its highly likely that these
tests would be marked as timing out.  This change gives them a 60 second
timeout instead.

Original change's description:
> Fetch: Plumb request initiator through passthrough service workers.
>
> This CL contains essentially two changes:
>
> 1. The request initiator origin is plumbed through service workers
>    that do `fetch(evt.request)`.  In addition to plumbing, this
>    requires changes to how we validate navigation requests in the
>    CorsURLLoaderFactory.
> 2. Tracks the original destination of a request passed through a
>    service worker.  This is then used in the network service to force
>    SameSite=Lax cookies to treat the request as a main frame navigation
>    where appropriate.
>
> For more detailed information about these changes please see the
> internal design doc at:
>
> https://docs.google.com/document/d/1KZscujuV7bCFEnzJW-0DaCPU-I40RJimQKoCcI0umTQ/edit?usp=sharing
>
> In addition, there is some discussion of these features in the following
> spec issues:
>
> whatwg/fetch#1321
> whatwg/fetch#1327
>
> The test includes WPT tests that verify navigation headers and SameSite
> cookies.  Note, chrome has a couple expected failures in the SameSite
> cookie tests because of the "lax-allowing-unsafe" intervention that is
> currently enabled.  See:
>
> https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/web_tests/TestExpectations;l=4635;drc=e8133cbf2469adb99c6610483ab78bcfb8cc4c76
>
> Bug: 1115847,1241188
> Change-Id: I7e236fa20aeabb705aef40fcf8d5c36da6d2798c
> Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3115917
> Reviewed-by: Matt Menke <mmenke@chromium.org>
> Reviewed-by: Yutaka Hirano <yhirano@chromium.org>
> Reviewed-by: Nasko Oskov <nasko@chromium.org>
> Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org>
> Commit-Queue: Ben Kelly <wanderview@chromium.org>
> Cr-Commit-Position: refs/heads/main@{#936029}

Bug: 1115847,1241188
Change-Id: Ia26acbdd0d7ce6583d9a44f83ed086708657b8bd
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3251368
Reviewed-by: Matt Menke <mmenke@chromium.org>
Reviewed-by: Yutaka Hirano <yhirano@chromium.org>
Reviewed-by: Nasko Oskov <nasko@chromium.org>
Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org>
Auto-Submit: Ben Kelly <wanderview@chromium.org>
Commit-Queue: Ben Kelly <wanderview@chromium.org>
Cr-Commit-Position: refs/heads/main@{#936560}
  • Loading branch information
wanderview authored and chromium-wpt-export-bot committed Oct 29, 2021
1 parent ae80b50 commit 77752a0
Show file tree
Hide file tree
Showing 9 changed files with 856 additions and 1 deletion.
559 changes: 559 additions & 0 deletions service-workers/service-worker/navigation-headers.https.html

Large diffs are not rendered by default.

Original file line number Diff line number Diff line change
Expand Up @@ -90,8 +90,12 @@ self.addEventListener('fetch', function(event) {
var request = event.request;
if (url) {
request = new Request(url, init);
} else if (params['change-request']) {
request = new Request(request, init);
}
fetch(request).then(function(response) {
const response_promise = params['navpreload'] ? event.preloadResponse
: fetch(request);
response_promise.then(function(response) {
var expectedType = params['expected_type'];
if (expectedType && response.type !== expectedType) {
// Resolve a JSON object with a failure instead of rejecting
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
Content-Type: text/javascript
Service-Worker-Allowed: /
12 changes: 12 additions & 0 deletions service-workers/service-worker/resources/form-poster.html
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
<!DOCTYPE html>
<meta name="referrer" content="origin">
<form method="POST" id="form"></form>
<script>
function onLoad() {
const params = new URLSearchParams(self.location.search);
const form = document.getElementById('form');
form.action = decodeURIComponent(params.get('target'));
form.submit();
}
self.addEventListener('load', onLoad);
</script>
10 changes: 10 additions & 0 deletions service-workers/service-worker/resources/location-setter.html
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
<!DOCTYPE html>
<meta name="referrer" content="origin">
<script>
function onLoad() {
const params = new URLSearchParams(self.location.search);
const target = decodeURIComponent(params.get('target'));
self.location = target;
}
self.addEventListener('load', onLoad);
</script>
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
def main(request, response):
response.status = (200, b"OK")
response.headers.set(b"Content-Type", b"text/html")
return b"""
<script>
self.addEventListener('load', evt => {
self.parent.postMessage({
origin: '%s',
referer: '%s',
'sec-fetch-site': '%s',
'sec-fetch-mode': '%s',
'sec-fetch-dest': '%s',
});
});
</script>""" % (request.headers.get(
b"origin", b"not set"), request.headers.get(b"referer", b"not set"),
request.headers.get(b"sec-fetch-site", b"not set"),
request.headers.get(b"sec-fetch-mode", b"not set"),
request.headers.get(b"sec-fetch-dest", b"not set"))
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
<!DOCTYPE html>
<meta charset="utf-8"/>
<script>
async function onLoad() {
const scope = self.origin + '/cookies/resources/postToParent.py?with-sw';
const script = './fetch-rewrite-worker.js';
const reg = await navigator.serviceWorker.register(script, { scope: scope });
await new Promise(resolve => {
const worker = reg.installing;
worker.addEventListener('statechange', evt => {
if (worker.state === 'activated') {
resolve();
}
});
});
if (reg.navigationPreload) {
await reg.navigationPreload.enable();
}
window.opener.postMessage({ type: 'SW-REGISTERED' }, '*');
}
self.addEventListener('load', onLoad);
</script>
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
<!DOCTYPE html>
<meta charset="utf-8"/>
<script>
async function onLoad() {
const scope = self.origin + '/cookies/resources/postToParent.py?with-sw';
const reg = await navigator.serviceWorker.getRegistration(scope);
await reg.unregister();
window.opener.postMessage({ type: 'SW-UNREGISTERED' }, '*');
}
self.addEventListener('load', onLoad);
</script>
216 changes: 216 additions & 0 deletions service-workers/service-worker/same-site-cookies.https.html
Original file line number Diff line number Diff line change
@@ -0,0 +1,216 @@
<!DOCTYPE html>
<meta charset="utf-8"/>
<meta name="timeout" content="long">
<title>Service Worker: Same-site cookie behavior</title>
<script src="/resources/testharness.js"></script>
<script src="/resources/testharnessreport.js"></script>
<script src="/common/get-host-info.sub.js"></script>
<script src="/service-workers/service-worker/resources/test-helpers.sub.js"></script>
<script src="/cookies/resources/cookie-helper.sub.js"></script>
<body>
<script>
'use strict';
async function unregister_service_worker(origin) {
const w = window.open(origin +
'/service-workers/service-worker/resources/same-site-cookies-unregister.html');
try {
await wait_for_message('SW-UNREGISTERED');
} finally {
w.close();
}
}

async function register_service_worker(origin) {
const w = window.open(origin +
'/service-workers/service-worker/resources/same-site-cookies-register.html');
try {
await wait_for_message('SW-REGISTERED');
} finally {
w.close();
}
}

async function run_test(t, origin, navaction, swaction, expected) {
const value = 'COOKIE_VALUE';
await resetSameSiteCookies(origin, value);
if (swaction === 'navpreload') {
assert_true('navigationPreload' in ServiceWorkerRegistration.prototype,
'navigation preload must be supported');
}
const sw_param = swaction === 'no-sw' ? 'no-sw' : 'with-sw';
let action_param = '';
if (swaction === 'fallback') {
action_param = '&ignore';
} else if (swaction !== 'no-sw') {
action_param = '&' + swaction;
}
const navpreload_param = swaction === 'navpreload' ? '&navpreload' : '';
const change_request_param = swaction === 'change-request' ? '&change-request' : '';
const target_string = origin + `/cookies/resources/postToParent.py?` +
`${sw_param}${action_param}`
const target_url = new URL(target_string);
if (navaction === 'window.open') {
const w = window.open(target_url);
t.add_cleanup(() => w.close());
} else if (navaction === 'form post') {
const poster_url =
`./resources/form-poster.html?target=${encodeURIComponent(target_url)}`;
const w = window.open(poster_url);
t.add_cleanup(() => w.close());
}
const result = await wait_for_message('COOKIES');
verifySameSiteCookieState(expected, value, result.data,
DomSameSiteStatus.SAME_SITE);
}

promise_test(async t => {
await register_service_worker(self.origin);
await register_service_worker(SECURE_SUBDOMAIN_ORIGIN);
await register_service_worker(SECURE_CROSS_SITE_ORIGIN);
}, 'Setup service workers');

promise_test(t => {
return run_test(t, self.origin, 'window.open', 'no-sw',
SameSiteStatus.STRICT);
}, 'same-origin, window.open with no service worker');

promise_test(t => {
return run_test(t, self.origin, 'window.open', 'fallback',
SameSiteStatus.STRICT);
}, 'same-origin, window.open with fallback');

promise_test(t => {
return run_test(t, self.origin, 'window.open', 'passthrough',
SameSiteStatus.STRICT);
}, 'same-origin, window.open with passthrough');

promise_test(t => {
return run_test(t, self.origin, 'window.open', 'change-request',
SameSiteStatus.STRICT);
}, 'same-origin, window.open with change-request');

promise_test(t => {
return run_test(t, self.origin, 'window.open', 'navpreload',
SameSiteStatus.STRICT);
}, 'same-origin, window.open with navpreload');

promise_test(t => {
return run_test(t, SECURE_SUBDOMAIN_ORIGIN, 'window.open', 'no-sw',
SameSiteStatus.STRICT);
}, 'same-site, window.open with no service worker');

promise_test(t => {
return run_test(t, SECURE_SUBDOMAIN_ORIGIN, 'window.open', 'fallback',
SameSiteStatus.STRICT);
}, 'same-site, window.open with fallback');

promise_test(t => {
return run_test(t, SECURE_SUBDOMAIN_ORIGIN, 'window.open', 'passthrough',
SameSiteStatus.STRICT);
}, 'same-site, window.open with passthrough');

promise_test(t => {
return run_test(t, SECURE_SUBDOMAIN_ORIGIN, 'window.open', 'change-request',
SameSiteStatus.STRICT);
}, 'same-site, window.open with change-request');

promise_test(t => {
return run_test(t, SECURE_SUBDOMAIN_ORIGIN, 'window.open', 'navpreload',
SameSiteStatus.STRICT);
}, 'same-site, window.open with navpreload');

promise_test(t => {
return run_test(t, SECURE_CROSS_SITE_ORIGIN, 'window.open', 'no-sw',
SameSiteStatus.LAX);
}, 'cross-site, window.open with no service worker');

promise_test(t => {
return run_test(t, SECURE_CROSS_SITE_ORIGIN, 'window.open', 'fallback',
SameSiteStatus.LAX);
}, 'cross-site, window.open with fallback');

promise_test(t => {
return run_test(t, SECURE_CROSS_SITE_ORIGIN, 'window.open', 'passthrough',
SameSiteStatus.LAX);
}, 'cross-site, window.open with passthrough');

promise_test(t => {
return run_test(t, SECURE_CROSS_SITE_ORIGIN, 'window.open', 'change-request',
SameSiteStatus.STRICT);
}, 'cross-site, window.open with change-request');

promise_test(t => {
return run_test(t, SECURE_CROSS_SITE_ORIGIN, 'window.open', 'navpreload',
SameSiteStatus.LAX);
}, 'cross-site, window.open with navpreload');

//
// Form POST tests
//
promise_test(t => {
return run_test(t, self.origin, 'form post', 'no-sw', SameSiteStatus.STRICT);
}, 'same-origin, form post with no service worker');

promise_test(t => {
return run_test(t, self.origin, 'form post', 'fallback',
SameSiteStatus.STRICT);
}, 'same-origin, form post with fallback');

promise_test(t => {
return run_test(t, self.origin, 'form post', 'passthrough',
SameSiteStatus.STRICT);
}, 'same-origin, form post with passthrough');

promise_test(t => {
return run_test(t, self.origin, 'form post', 'change-request',
SameSiteStatus.STRICT);
}, 'same-origin, form post with change-request');

promise_test(t => {
return run_test(t, SECURE_SUBDOMAIN_ORIGIN, 'form post', 'no-sw',
SameSiteStatus.STRICT);
}, 'same-site, form post with no service worker');

promise_test(t => {
return run_test(t, SECURE_SUBDOMAIN_ORIGIN, 'form post', 'fallback',
SameSiteStatus.STRICT);
}, 'same-site, form post with fallback');

promise_test(t => {
return run_test(t, SECURE_SUBDOMAIN_ORIGIN, 'form post', 'passthrough',
SameSiteStatus.STRICT);
}, 'same-site, form post with passthrough');

promise_test(t => {
return run_test(t, SECURE_SUBDOMAIN_ORIGIN, 'form post', 'change-request',
SameSiteStatus.STRICT);
}, 'same-site, form post with change-request');

promise_test(t => {
return run_test(t, SECURE_CROSS_SITE_ORIGIN, 'form post', 'no-sw',
SameSiteStatus.CROSS_SITE);
}, 'cross-site, form post with no service worker');

promise_test(t => {
return run_test(t, SECURE_CROSS_SITE_ORIGIN, 'form post', 'fallback',
SameSiteStatus.CROSS_SITE);
}, 'cross-site, form post with fallback');

promise_test(t => {
return run_test(t, SECURE_CROSS_SITE_ORIGIN, 'form post', 'passthrough',
SameSiteStatus.CROSS_SITE);
}, 'cross-site, form post with passthrough');

promise_test(t => {
return run_test(t, SECURE_CROSS_SITE_ORIGIN, 'form post', 'change-request',
SameSiteStatus.STRICT);
}, 'cross-site, form post with change-request');

promise_test(async t => {
await unregister_service_worker(self.origin);
await unregister_service_worker(SECURE_SUBDOMAIN_ORIGIN);
await unregister_service_worker(SECURE_CROSS_SITE_ORIGIN);
}, 'Cleanup service workers');

</script>
</body>

0 comments on commit 77752a0

Please sign in to comment.