Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fenced frames: Local network access.
Fenced frames are only allowed in secure context. So the tests are all in secure contexts. 1. Subresource fetch: Fenced frame's IP address space is set to `kPublic` in order to make it subject to local network access check. web_tests/external/wpt/fetch/local-network-access/ fetch.https.window.js is replicated and replaced iframes with fenced frames. All test cases are passing with the same behaviors as iframes. 2. Document fetch: Fenced frame's document fetch initiator can only be the parent. Fenced frames can only be navigated in two ways: 1. Directly by their parent, and never by another frame at a distance via `window.location` or `window.open`; in this case the `ClientSecurityState` needs to come from the parent. 2. By themselves; in this case the `ClientSecurityState` also needs to come from its embedder/parent. The ClientSecurityState of its parent is supplied to the NavigationURLLoader. web_tests/external/wpt/fetch/local-network-access/ iframe.tentative.https.window.js is replicated and replaced iframes with fenced frames. All test cases have the same results as the iframe test expectations, except one: treat-as-public-address to local (same-origin): no preflight required - Iframe: the request is made without preflight. The nested iframe is loaded successfully. - Fenced frame: a preflight is made, and gets blocked. See a. below. I changed the test expectation for this test only. (PASS for iframe, but FAIL for fenced frame) Here are some noteworthy things we observed for document fetch. The following only applies to embedder-initiated navigations (i.e., the initial navigation of the frame): a. Fenced frame's document fetch's preflight request is always sent with `Origin: null`. This applies to embedder-initiated navigations (i.e., the initial navigation of the frame). I think this affects the outcome of Local Network Access check algorithm. https://source.chromium.org/chromium/chromium/src/+/main:content/browser/fenced_frame/fenced_frame.cc;l=119-126?q=fencedframe::n&ss=chromium%2Fchromium%2Fsrc A `null` origin implies LocalNetworkAccessChecker::is_potentially_trustworthy_same_origin_ will always be false. b. For testing purposes, we tried manually overriding the initiator origin with a real origin and found that the preflight request still failed. This is because the credentials mode of the navigation is `'include'`, which prevents `Access-Control-Allow-Origin: '*'` from working, which iframes equivalently suffer from: https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/web_tests/external/wpt/fetch/local-network-access/iframe.tentative.https.window-expected.txt?q=%22FAIL%20%22%20f:third_party%2Fblink%2Fweb_tests%2Fexternal%2Fwpt%2Ffetch%2Flocal-network-access%2Fiframe.tentative.https.window-expected.txt. Bug: 1420626 Change-Id: I74c97369d235e1725c650bfe87f29372992cb56b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4532557 Reviewed-by: Titouan Rigoudy <titouan@chromium.org> Reviewed-by: Alex Moshchuk <alexmos@chromium.org> Reviewed-by: Weizhong Xia <weizhong@google.com> Commit-Queue: Xiaochen Zhou <xiaochenzh@chromium.org> Cr-Commit-Position: refs/heads/main@{#1154027}
- Loading branch information