Reporting: Allow document token to change

Since the RenderFrameHostImpl is reused for same-origin navigations,
the reporting source token must be able to change when a new document
is loaded into the frame. This is important for reporting isolation when
reports are still queued for the old document.

WPT is added to catch the situation where not changing this token would
cause previously queued reports to be sent to the new document's
configured endpoints.

This is part of a series of CLs implementing V1 reporting isolation.
A summary of the architectural changes introduced can be found at
https://docs.google.com/document/d/1RmEz17pGSUQITPoRKV4s3IBgbyHjv-HLZqtVYYZ4lMg/edit

CLs in this series:
https://crrev.com/c/2878175 Update NEL browser tests to require Report-To
https://crrev.com/c/2878376 Separate parsing from processing Reporting-Endpoints
https://crrev.com/c/2889833 Add reporting source to worker objects
https://crrev.com/c/2889975 Add reporting source to COOP/COEP reporters
https://crrev.com/c/3039579 Add source token to reports
https://crrev.com/c/3041880 Add source token to IPC calls
https://crrev.com/c/3042463 Isolate v1 reports from each other
https://crrev.com/c/3042465 (This CL) Allow document source token to change
https://crrev.com/c/3042521 Clean up when docs/workers are destroyed

Bug: 1062359
Change-Id: I908e49b7b773c57335f8c527843643c896082ce4
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3042465
Commit-Queue: Ian Clelland <iclelland@chromium.org>
Reviewed-by: Matt Menke <mmenke@chromium.org>
Reviewed-by: Matt Falkenhagen <falken@chromium.org>
Reviewed-by: Lily Chen <chlily@chromium.org>
Reviewed-by: Kinuko Yasuda <kinuko@chromium.org>
Cr-Commit-Position: refs/heads/main@{#914491}

lint.ignore

@@ -191,6 +191,8 @@ SET TIMEOUT: portals/resources/portals-adopt-predecessor-portal.html
 SET TIMEOUT: preload/single-download-preload.html
 SET TIMEOUT: resize-observer/resources/iframe.html
 SET TIMEOUT: resource-timing/resources/nested-contexts.js
+SET TIMEOUT: reporting/resources/first-csp-report.https.sub.html
+SET TIMEOUT: reporting/resources/second-csp-report.https.sub.html
 SET TIMEOUT: secure-contexts/basic-popup-and-iframe-tests.https.js
 SET TIMEOUT: service-workers/cache-storage/script-tests/cache-abort.js
 SET TIMEOUT: service-workers/service-worker/activation.https.html

reporting/reporting-isolated-across-navigations.https.sub.html

@@ -0,0 +1,56 @@
+<!DOCTYPE html>
+<meta charset="utf-8">
+<title>Bug test page 1</title>
+<script src="/resources/testharness.js"></script>
+<script src="/resources/testharnessreport.js"></script>
+<script src="resources/report-helper.js"></script>
+<script>
+promise_test(async t => {
+  await new Promise(resolve => {
+    window.addEventListener("message", resolve);
+  });
+  // At this point, the reporting endpoint should have received all three
+  // reports. Ensure that reports from the first page are not batched with
+  // those from the second, or sent to its endpoint.
+  const csp1_uuid = "112868aa-4b59-57c7-a388-db909ef24295";
+  const csp2_uuid = "612bf2ee-b9b8-5f8d-a239-0981c6ff057e";
+  const reports1 = await pollReports('/reporting/resources/report.py', csp1_uuid);
+  const reports2 = await pollReports('/reporting/resources/report.py', csp2_uuid);
+
+  const url_prefix = "https://{{location[host]}}/reporting/resources/";
+
+  // Validate that both received reports were CSP img-src violations from the
+  // same reporting source. Each image should be represented once, although the
+  // order does not matter.
+
+  assert_equals(reports1.length, 2, "First endpoint should receive two reports");
+
+  assert_equals(reports1[0].type, "csp-violation");
+  assert_equals(reports1[0].url, url_prefix + "first-csp-report.https.sub.html");
+  assert_equals(reports1[0].body.disposition, "enforce");
+  assert_equals(reports1[0].body.effectiveDirective, "img-src");
+
+  assert_equals(reports1[1].type, "csp-violation");
+  assert_equals(reports1[1].url, url_prefix + "first-csp-report.https.sub.html");
+  assert_equals(reports1[1].body.disposition, "enforce");
+  assert_equals(reports1[1].body.effectiveDirective, "img-src");
+
+  var image_sources = [reports1[0].body.blockedURL, reports1[1].body.blockedURL].sort();
+  assert_equals(image_sources[0], url_prefix + "missing1.png");
+  assert_equals(image_sources[1], url_prefix + "missing2.png");
+
+  // Validate that the report received from the second endpoint was also a CSP
+  // img-source violation, from a different URL.
+
+  assert_equals(reports2.length, 1, "Second endpoint should reecive one report");
+  assert_equals(reports2[0].type, "csp-violation");
+  assert_equals(reports2[0].url, url_prefix + "second-csp-report.https.sub.html");
+  assert_equals(reports2[0].body.disposition, "enforce");
+  assert_equals(reports2[0].body.effectiveDirective, "img-src");
+  assert_equals(reports2[0].body.blockedURL, url_prefix + "missing3.png");
+}, "Reports should be sent to the correct endpoints");
+</script>
+<body>
+<h1>Bug test main frame</h1>
+<iframe id="frame" src="resources/first-csp-report.https.sub.html"></iframe>
+</body>

reporting/resources/first-csp-report.https.sub.html

@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>Bug test page 1</title>
+</head>
+<body>
+<h1>Bug test page 1</h1>
+<!-- This image will cause a CSP violation, which will trigger an immediate report -->
+<img src="missing1.png">
+<script>
+setTimeout(()=>{
+  var img = document.createElement('img');
+  img.src = "missing2.png";
+  // Appending this image will cause a second CSP violation, which will trigger
+  // a second report.
+  document.body.appendChild(img);
+  location.href = "second-csp-report.https.sub.html";
+}, 1);
+</script>
+</body>
+</html>
+

reporting/resources/first-csp-report.https.sub.html.sub.headers

@@ -0,0 +1,2 @@
+Reporting-Endpoints: csp="/reporting/resources/report.py?pipe=trickle(d1)&endpoint=csp1"
+Content-Security-Policy: img-src 'none'; report-to csp

reporting/resources/second-csp-report.https.sub.html

@@ -0,0 +1,24 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>Bug test page 2</title>
+</head>
+<body>
+<h1>Bug test page 2</h1>
+<script>
+var img = document.createElement('img');
+img.src = "missing3.png";
+// Appending this image will cause a third CSP violation. The report generated
+// here must not be batched with the reports from the previous page, regardless
+// of whether they have been sent or not.
+document.body.appendChild(img);
+// Give the report handler enough time to finish handling any reports from the
+// previous page (Reports there are delayed by 1 second because of the trickle
+// pipe in the headers in first-csp-report.https.sub.html.sub.headers) and then
+// inform the parent that reports may be checked.
+setTimeout(()=>{
+  parent.postMessage("ready", "*");
+},1250);
+</script>
+</body>
+</html>

reporting/resources/second-csp-report.https.sub.html.sub.headers

@@ -0,0 +1,2 @@
+Reporting-Endpoints: csp="/reporting/resources/report.py?endpoint=csp2"
+Content-Security-Policy: img-src 'none'; report-to csp