Issue 2095: use the proper tab origin.

[iefremov]

Fix brave/brave-browser#2095

As per URLRequest documentation and the corresponding RFC,
site_for_cookies cannot be used as a top-level document origin since it
can be empty in certain cases. We need to replace it with something more
reliable.

Submitter Checklist:

• Submitted a ticket for my issue if one did not already exist.
• Used Github auto-closing keywords in the commit message.
• Added/updated tests for this change (for new code or code which already has tests).
• Verified that these changes build without errors on
  • Windows
  • macOS
  • Linux
• Verified that these changes pass automated tests (npm test brave_unit_tests && npm test brave_browser_tests) on
  • Windows
  • macOS
  • Linux
• Ran git rebase master (if needed).
• Ran git rebase -i to squash commits (if needed).
• Tagged reviewers and labelled the pull request as needed.
• Request a security/privacy review as needed.
• Add appropriate QA labels (QA/Yes or QA/No) to include the closed issue in milestone

Test Plan:

Reviewer Checklist:

• New files have MPL-2.0 license header.
• Request a security/privacy review as needed.
• Adequate test coverage exists to prevent regressions
• Verify test plan is specified in PR before merging to source

[iefremov]

Just a quick fix without tests since the issue is urgent. At the moment I'm continuing to make a reasonable test, but mocking site_for_cookies() is not obvious for me now.

I'm also worried with the presence of a global lock for all requests with cookies, so probably we should create something more clever here. I can suggest at least one (not so clever) improvement:

• Keep a copy of the global map on the IO thread to avoid locking from URLRequests
• When the global map on UI changes, make a new copy and atomically swap the new copy with the instance on IO thread.

[iefremov]

Status update: SNAFU

1. I was hasty in making this fix, obviously patching tab_origin must be inside of FillCTXFromRequest
2. Testing this particular scenario turned out quite hard, it is still not clear how to get a pure cross-site iframe in tests (i.e. with empty site_for_cookies()). So I managed to do it by hand using URLRequestInterceptor, just to discover that frame ids attached to URLRequests in tests are not initialized (?)
3. The fix doesn't work at all, and basically the main scenario of using that global map (frame id -> URL) in BraveContentBrowserClient is not working, because tracking of created/deleted frames is obviously not enough. There could be navigations in frames without any *Created, etc. events.
4. Prepared a new fix that also tracks finished navigations, seems to work with draw.io, etc. Still not sure how to make proper tests for this.
5. I believe that we have to get rid of this global map based approach and develop something less error-prone and architecture violating in the mid-term perspective. Any ideas welcome, I've also asked for help from some network layer gurus.

[iefremov]

Pushed fix that seems working. Still no tests.

[iefremov]

Typo - wrong order of render_process_id and render_frame_id

[iefremov]

@bbondy PTAL

• Added tests.
• Also added additional map to track subframes which process/frame ids we cannot obtain on the IO thread.
• Fixed wrong order and some other typos.

[iefremov]

dead code

[iefremov]

Additional map for tracking frame tree node ids. They are available on the IO thread for frames/subframes instead of the pair procces_id/frame_id

[iefremov]

Rebased

[bbondy]

0.58.x: d16bb42
master: 25a24f5

[kjozwiak]

Approving uplift to 0.57.x after deliberating with @rebron 👍

[bbondy]

0.57.x: 48cb280