webview: Add top level origin to web messages in java

We are exploring the utility of platform specific APIs for WebView.
One issue we are running into is that we can't fully partition data
like Chrome because the web message only contains the source origin
but does not contain the top level origin.

Ideally we'd like to use the storage key for this but it has two
problems:
1. Third party storage partitioning isn't enabled for WebView
2. If we decide to make this part of the public API it would be
very specific

Solving this issue by introducing the top level origin and only
making it available internally for the moment.

Bug: 1493959
Change-Id: Iabba121e53026d5aeb857627e2ae7784c56f5619
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4949955
Reviewed-by: Peter Pakkenberg <pbirk@chromium.org>
Reviewed-by: Peter Beverloo <peter@chromium.org>
Reviewed-by: Scott Violet <sky@chromium.org>
Commit-Queue: Rupert Wiser <bewise@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1212672}

Author: Rupert Ben Wiser

android_webview/browser/js_java_interaction/aw_web_message_host_factory.cc

@@ -27,10 +27,12 @@ class AwWebMessageHost : public js_injection::WebMessageHost {
  public:
   AwWebMessageHost(js_injection::WebMessageReplyProxy* reply_proxy,
                    const base::android::ScopedJavaGlobalRef<jobject>& listener,
+                   const std::string& top_level_origin_string,
                    const std::string& origin_string,
                    bool is_main_frame)
       : reply_proxy_(reply_proxy),
         listener_(listener),
+        top_level_origin_string_(top_level_origin_string),
         origin_string_(origin_string),
         is_main_frame_(is_main_frame) {}
 
@@ -45,13 +47,15 @@ class AwWebMessageHost : public js_injection::WebMessageHost {
     Java_WebMessageListenerHolder_onPostMessage(
         env, listener_,
         content::android::ConvertWebMessagePayloadToJava(message->message),
+        base::android::ConvertUTF8ToJavaString(env, top_level_origin_string_),
         base::android::ConvertUTF8ToJavaString(env, origin_string_),
         is_main_frame_, jports, reply_proxy_.GetJavaPeer());
   }
 
  private:
   JsReplyProxy reply_proxy_;
   base::android::ScopedJavaGlobalRef<jobject> listener_;
+  const std::string top_level_origin_string_;
   const std::string origin_string_;
   const bool is_main_frame_;
 };
@@ -90,11 +94,12 @@ AwWebMessageHostFactory::GetWebMessageListenerInfo(
 }
 
 std::unique_ptr<js_injection::WebMessageHost>
-AwWebMessageHostFactory::CreateHost(const std::string& origin_string,
+AwWebMessageHostFactory::CreateHost(const std::string& top_level_origin_string,
+                                    const std::string& origin_string,
                                     bool is_main_frame,
                                     js_injection::WebMessageReplyProxy* proxy) {
-  return std::make_unique<AwWebMessageHost>(proxy, listener_, origin_string,
-                                            is_main_frame);
+  return std::make_unique<AwWebMessageHost>(
+      proxy, listener_, top_level_origin_string, origin_string, is_main_frame);
 }
 
 }  // namespace android_webview

android_webview/browser/js_java_interaction/aw_web_message_host_factory.h

@@ -34,6 +34,7 @@ class AwWebMessageHostFactory : public js_injection::WebMessageHostFactory {
 
   // js_injection::WebMessageConnection:
   std::unique_ptr<js_injection::WebMessageHost> CreateHost(
+      const std::string& top_level_origin_string,
       const std::string& origin_string,
       bool is_main_frame,
       js_injection::WebMessageReplyProxy* proxy) override;

android_webview/java/src/org/chromium/android_webview/WebMessageListener.java

@@ -17,14 +17,20 @@
 public interface WebMessageListener {
     /**
      * Receives postMessage information.
-     * @param payload      The message payload from JavaScript.
+     *
+     * @param payload The message payload from JavaScript.
+     * @param topLevelOrigin The origin of the top level frame where the message is from.
      * @param sourceOrigin The origin of the frame where the message is from.
-     * @param isMainFrame  If the message is from a main frame.
+     * @param isMainFrame If the message is from a main frame.
      * @param jsReplyProxy Used for reply message to the injected JavaScript object.
-     * @param ports        JavaScript code could post message with additional message ports. Receive
-     *                     ports to establish new communication channels. Could be empty array but
-     *                     won't be null.
+     * @param ports JavaScript code could post message with additional message ports. Receive ports
+     *     to establish new communication channels. Could be empty array but won't be null.
      */
-    void onPostMessage(MessagePayload payload, Uri sourceOrigin, boolean isMainFrame,
-            JsReplyProxy jsReplyProxy, MessagePort[] ports);
+    void onPostMessage(
+            MessagePayload payload,
+            Uri topLevelOrigin,
+            Uri sourceOrigin,
+            boolean isMainFrame,
+            JsReplyProxy jsReplyProxy,
+            MessagePort[] ports);
 }

android_webview/java/src/org/chromium/android_webview/WebMessageListenerHolder.java

@@ -29,12 +29,23 @@ public WebMessageListenerHolder(@NonNull WebMessageListener listener) {
     }
 
     @CalledByNative
-    public void onPostMessage(MessagePayload payload, String sourceOrigin, boolean isMainFrame,
-            MessagePort[] ports, JsReplyProxy replyProxy) {
-        AwThreadUtils.postToCurrentLooper(() -> {
-            mListener.onPostMessage(
-                    payload, Uri.parse(sourceOrigin), isMainFrame, replyProxy, ports);
-        });
+    public void onPostMessage(
+            MessagePayload payload,
+            String topLevelOrigin,
+            String sourceOrigin,
+            boolean isMainFrame,
+            MessagePort[] ports,
+            JsReplyProxy replyProxy) {
+        AwThreadUtils.postToCurrentLooper(
+                () -> {
+                    mListener.onPostMessage(
+                            payload,
+                            Uri.parse(topLevelOrigin),
+                            Uri.parse(sourceOrigin),
+                            isMainFrame,
+                            replyProxy,
+                            ports);
+                });
     }
 
     public WebMessageListener getListener() {

android_webview/javatests/src/org/chromium/android_webview/test/AwSupervisedUserTest.java

@@ -229,8 +229,13 @@ private static class IFrameLoadedListener implements WebMessageListener {
         private volatile String mResult;
 
         @Override
-        public void onPostMessage(MessagePayload payload, Uri sourceOrigin, boolean isMainFrame,
-                JsReplyProxy replyProxy, MessagePort[] ports) {
+        public void onPostMessage(
+                MessagePayload payload,
+                Uri topLevelOrigin,
+                Uri sourceOrigin,
+                boolean isMainFrame,
+                JsReplyProxy replyProxy,
+                MessagePort[] ports) {
             mResult = payload.getAsString();
             mCallbackHelper.notifyCalled();
         }

android_webview/javatests/src/org/chromium/android_webview/test/JsJavaInteractionTest.java

@@ -86,14 +86,21 @@ private static class TestWebMessageListener implements WebMessageListener {
 
         public static class Data {
             private MessagePayload mPayload;
+            public Uri mTopLevelOrigin;
             public Uri mSourceOrigin;
             public boolean mIsMainFrame;
             public JsReplyProxy mReplyProxy;
             public MessagePort[] mPorts;
 
-            public Data(MessagePayload payload, Uri sourceOrigin, boolean isMainFrame,
-                    JsReplyProxy replyProxy, MessagePort[] ports) {
+            public Data(
+                    MessagePayload payload,
+                    Uri topLevelOrigin,
+                    Uri sourceOrigin,
+                    boolean isMainFrame,
+                    JsReplyProxy replyProxy,
+                    MessagePort[] ports) {
                 mPayload = payload;
+                mTopLevelOrigin = topLevelOrigin;
                 mSourceOrigin = sourceOrigin;
                 mIsMainFrame = isMainFrame;
                 mReplyProxy = replyProxy;
@@ -110,9 +117,16 @@ public byte[] getAsArrayBuffer() {
         }
 
         @Override
-        public void onPostMessage(MessagePayload payload, Uri sourceOrigin, boolean isMainFrame,
-                JsReplyProxy replyProxy, MessagePort[] ports) {
-            mQueue.add(new Data(payload, sourceOrigin, isMainFrame, replyProxy, ports));
+        public void onPostMessage(
+                MessagePayload payload,
+                Uri topLevelOrigin,
+                Uri sourceOrigin,
+                boolean isMainFrame,
+                JsReplyProxy replyProxy,
+                MessagePort[] ports) {
+            mQueue.add(
+                    new Data(
+                            payload, topLevelOrigin, sourceOrigin, isMainFrame, replyProxy, ports));
         }
 
         public Data waitForOnPostMessage() throws Exception {
@@ -145,6 +159,7 @@ public void testPostMessageSimple() throws Throwable {
 
         TestWebMessageListener.Data data = mListener.waitForOnPostMessage();
 
+        assertUrlHasOrigin(url, data.mTopLevelOrigin);
         assertUrlHasOrigin(url, data.mSourceOrigin);
         Assert.assertEquals(HELLO, data.getAsString());
         Assert.assertTrue(data.mIsMainFrame);
@@ -232,13 +247,20 @@ public void testPostMessageFromIframeWorks() throws Throwable {
         final String frameUrl = mTestServer.getURL(POST_MESSAGE_SIMPLE_HTML);
         final String html = createCrossOriginAccessTestPageHtml(frameUrl);
 
+        final String baseUrl = "http://www.google.com";
         // Load a cross origin iframe page.
-        mActivityTestRule.loadDataWithBaseUrlSync(mAwContents,
-                mContentsClient.getOnPageFinishedHelper(), html, "text/html", false,
-                "http://www.google.com", null);
+        mActivityTestRule.loadDataWithBaseUrlSync(
+                mAwContents,
+                mContentsClient.getOnPageFinishedHelper(),
+                html,
+                "text/html",
+                false,
+                baseUrl,
+                null);
 
         TestWebMessageListener.Data data = mListener.waitForOnPostMessage();
 
+        assertUrlHasOrigin(baseUrl, data.mTopLevelOrigin);
         assertUrlHasOrigin(frameUrl, data.mSourceOrigin);
         Assert.assertEquals(HELLO, data.getAsString());
         Assert.assertFalse(data.mIsMainFrame);
@@ -1431,6 +1453,11 @@ private String loadUrlFromPath(String path) throws Exception {
     }
 
     private static void assertUrlHasOrigin(final String url, final Uri origin) {
+        Assert.assertEquals("The origin URI must not contain a path", "", origin.getPath());
+        Assert.assertEquals("The origin URI must not contain any queries", null, origin.getQuery());
+        Assert.assertEquals(
+                "The origin URI must not contain a fragment", null, origin.getFragment());
+
         Uri uriFromServer = Uri.parse(url);
         Assert.assertEquals(uriFromServer.getScheme(), origin.getScheme());
         Assert.assertEquals(uriFromServer.getHost(), origin.getHost());

android_webview/javatests/src/org/chromium/android_webview/test/MultiProfileTest.java

@@ -433,10 +433,10 @@ public void testInjectedJavascriptIsTransferredWhenProfileChanges() throws Throw
         CallbackHelper testDoneHelper = new CallbackHelper();
 
         final WebMessageListener injectedListener =
-                (payload, sourceOrigin, isMainFrame, jsReplyProxy, ports) -> {
-            Assert.assertEquals("success", payload.getAsString());
-            testDoneHelper.notifyCalled();
-        };
+                (payload, topLevelOrigin, sourceOrigin, isMainFrame, jsReplyProxy, ports) -> {
+                    Assert.assertEquals("success", payload.getAsString());
+                    testDoneHelper.notifyCalled();
+                };
 
         // Setup a message listener and a startup script to post on to the listener.
         mRule.runOnUiThread(() -> {

android_webview/javatests/src/org/chromium/android_webview/test/PopupWindowTest.java

@@ -402,8 +402,13 @@ public Data(String message, boolean isMainFrame, JsReplyProxy replyProxy) {
         }
 
         @Override
-        public void onPostMessage(MessagePayload payload, Uri sourceOrigin, boolean isMainFrame,
-                JsReplyProxy replyProxy, MessagePort[] ports) {
+        public void onPostMessage(
+                MessagePayload payload,
+                Uri topLevelOrigin,
+                Uri sourceOrigin,
+                boolean isMainFrame,
+                JsReplyProxy replyProxy,
+                MessagePort[] ports) {
             mQueue.add(new Data(payload.getAsString(), isMainFrame, replyProxy));
         }
 

android_webview/support_library/java/src/org/chromium/support_lib_glue/SupportLibWebMessageListenerAdapter.java

@@ -48,8 +48,13 @@ public SupportLibWebMessageListenerAdapter(
     }
 
     @Override
-    public void onPostMessage(final MessagePayload payload, final Uri sourceOrigin,
-            final boolean isMainFrame, final JsReplyProxy replyProxy, final MessagePort[] ports) {
+    public void onPostMessage(
+            final MessagePayload payload,
+            final Uri topLevelOrigin,
+            final Uri sourceOrigin,
+            final boolean isMainFrame,
+            final JsReplyProxy replyProxy,
+            final MessagePort[] ports) {
         if (!BoundaryInterfaceReflectionUtil.containsFeature(
                     mSupportedFeatures, Features.WEB_MESSAGE_LISTENER)) {
             Log.e(TAG, "The AndroidX doesn't have feature: " + Features.WEB_MESSAGE_LISTENER);

components/js_injection/browser/js_to_browser_messaging.cc

@@ -99,6 +99,8 @@ void JsToBrowserMessaging::PostMessage(
   if (!web_contents)
     return;
 
+  const url::Origin top_level_origin =
+      render_frame_host_->GetMainFrame()->GetLastCommittedOrigin();
   // |source_origin| has no race with this PostMessage call, because of
   // associated mojo channel, the committed origin message and PostMessage are
   // in sequence.
@@ -112,12 +114,16 @@ void JsToBrowserMessaging::PostMessage(
   DCHECK(reply_proxy_);
 
   if (!host_) {
+    const std::string top_level_origin_string =
+        GetOriginString(top_level_origin);
     const std::string origin_string = GetOriginString(source_origin);
     const bool is_main_frame = render_frame_host_->IsInPrimaryMainFrame();
 
-    host_ = connection_factory_->CreateHost(origin_string, is_main_frame,
-                                            reply_proxy_.get());
+    host_ =
+        connection_factory_->CreateHost(top_level_origin_string, origin_string,
+                                        is_main_frame, reply_proxy_.get());
 #if DCHECK_IS_ON()
+    top_level_origin_string_ = top_level_origin_string;
     origin_string_ = origin_string;
     is_main_frame_ = is_main_frame;
 #endif
@@ -127,6 +133,7 @@ void JsToBrowserMessaging::PostMessage(
   // The origin and whether this is the main frame should not change once
   // PostMessage() has been received.
 #if DCHECK_IS_ON()
+  DCHECK_EQ(GetOriginString(top_level_origin), top_level_origin_string_);
   DCHECK_EQ(GetOriginString(source_origin), origin_string_);
   DCHECK_EQ(is_main_frame_, render_frame_host_->IsInPrimaryMainFrame());
 #endif

components/js_injection/browser/js_to_browser_messaging.h

@@ -65,6 +65,7 @@ class JsToBrowserMessaging : public mojom::JsToBrowserMessaging {
   mojo::AssociatedReceiver<mojom::JsToBrowserMessaging> receiver_{this};
   std::unique_ptr<WebMessageHost> host_;
 #if DCHECK_IS_ON()
+  std::string top_level_origin_string_;
   std::string origin_string_;
   bool is_main_frame_;
 #endif

components/js_injection/browser/web_message_host_factory.h

@@ -24,6 +24,7 @@ class WebMessageHostFactory {
   // Creates a WebMessageHost for the specified page. |proxy| is valid for
   // the life of the host and may be used to send messages back to the page.
   virtual std::unique_ptr<WebMessageHost> CreateHost(
+      const std::string& top_level_origin_string,
       const std::string& origin_string,
       bool is_main_frame,
       WebMessageReplyProxy* proxy) = 0;