Request needs to propagate concept of "main frame navigation" #1327

wanderview · 2021-10-08T15:37:48Z

As discussed in #1321 we want to propagate the internal origin field when a Request constructor copies another request without modifying it. One of the reasons for this is so that SameSite cookies will work properly when there is a pass-through service worker handler.

Unfortunately, during the discussion at the F2F call (w3c/ServiceWorker#1604) I forgot to mention another problem. SameSite cookie computation currently depends on if the request is for a top-level main frame navigation:

https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis-05#section-5.3.7.1

This is used to expose SameSite=LAX cookies on these main frame navigations. In addition, I believe at least chrome defaults cookies to SameSite=LAX if there is no SameSite attribute.

This means that if we want to propagate the origin we probably need to propagate some "main frame navigation" bit as well. Otherwise sites may suddenly start losing cookies on cross-site navigations when they add a service worker.

Ideally we would just propagate the request destination to achieve this. Unfortunately, this also has difficulties as discussed in #1323; e.g. changing the destination would change CSP enforcement behavior.

So that leaves us with an internal "main frame flag" or an internal "original destination" field. What do folks think? @annevk, @arturjanc, @jakearchibald, @asutherland, @youennf

The text was updated successfully, but these errors were encountered:

annevk · 2021-10-11T08:08:02Z

I don't see how destination or "is this top-level" (which I guess is what you mean with main??) helps with the cross-site determination that is needed.

I think what you need is @arturjanc's w3c/webappsec-fetch-metadata#56 (comment), right? cc @davidben

wanderview · 2021-10-11T16:10:45Z

I'm not sure I follow. A single "top-level frame" bit seems to be adequate to satisfy this:

"In the interests of providing a drop-in mechanism that mitigates the risk of CSRF attacks, developers may set the "SameSite" attribute in a "Lax" enforcement mode that carves out an exception which sends same-site cookies along with cross-site requests if and only if they are top-level navigations which use a "safe" (in the [RFC7231] sense) HTTP method."

I think the ancestor frame information is captured in "site for cookies"?

annevk · 2021-10-12T07:28:56Z

Ah, I had missed that. How is "site for cookies" conveyed to the server though?

wanderview · 2021-10-12T14:59:22Z

Well, "site for cookies" itself is not conveyed to the server. It simply takes part in determining if SameSite=Strict cookies, etc, are sent to the server.

I do think, though, that if we had Sec-Fetch-Ancestors we could use that information for this as well. (If its propagated through the fetch in a service worker.) And of course since destination distinguishes between document and iframe it has the information as well, but it isn't propagated through the SW.

This CL contains essentially two changes: 1. The request initiator origin is plumbed through service workers that do `fetch(evt.request)`. In addition to plumbing, this requires changes to how we validate navigation requests in the CorsURLLoaderFactory. 2. Introduces an internal flag to indicate that a request should be treated as a main-frame navigation for SameSite cookie computation. This is necessary to override the service worker's IsolationInfo when a navigation request is passed through. For more detailed information about these changes please see the internal design doc at: https://docs.google.com/document/d/1KZscujuV7bCFEnzJW-0DaCPU-I40RJimQKoCcI0umTQ/edit?usp=sharing In addition, there is some discussion of these features in the following spec issues: whatwg/fetch#1321 whatwg/fetch#1327 Bug: 1115847,1241188 Change-Id: I7e236fa20aeabb705aef40fcf8d5c36da6d2798c

This CL contains essentially two changes: 1. The request initiator origin is plumbed through service workers that do `fetch(evt.request)`. In addition to plumbing, this requires changes to how we validate navigation requests in the CorsURLLoaderFactory. 2. Tracks the original destination of a request passed through a service worker. This is then used in the network service to force SameSite=Lax cookies to treat the request as a main frame navigation where appropriate. For more detailed information about these changes please see the internal design doc at: https://docs.google.com/document/d/1KZscujuV7bCFEnzJW-0DaCPU-I40RJimQKoCcI0umTQ/edit?usp=sharing In addition, there is some discussion of these features in the following spec issues: whatwg/fetch#1321 whatwg/fetch#1327 Bug: 1115847,1241188 Change-Id: I7e236fa20aeabb705aef40fcf8d5c36da6d2798c

This CL contains essentially two changes: 1. The request initiator origin is plumbed through service workers that do `fetch(evt.request)`. In addition to plumbing, this requires changes to how we validate navigation requests in the CorsURLLoaderFactory. 2. Tracks the original destination of a request passed through a service worker. This is then used in the network service to force SameSite=Lax cookies to treat the request as a main frame navigation where appropriate. For more detailed information about these changes please see the internal design doc at: https://docs.google.com/document/d/1KZscujuV7bCFEnzJW-0DaCPU-I40RJimQKoCcI0umTQ/edit?usp=sharing In addition, there is some discussion of these features in the following spec issues: whatwg/fetch#1321 whatwg/fetch#1327 The test includes WPT tests that verify navigation headers and SameSite cookies. Note, chrome has a couple expected failures in the SameSite cookie tests because of the "lax-allowing-unsafe" intervention that is currently enabled. See: https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/web_tests/TestExpectations;l=4635;drc=e8133cbf2469adb99c6610483ab78bcfb8cc4c76 Bug: 1115847,1241188 Change-Id: I7e236fa20aeabb705aef40fcf8d5c36da6d2798c

This CL contains essentially two changes: 1. The request initiator origin is plumbed through service workers that do `fetch(evt.request)`. In addition to plumbing, this requires changes to how we validate navigation requests in the CorsURLLoaderFactory. 2. Tracks the original destination of a request passed through a service worker. This is then used in the network service to force SameSite=Lax cookies to treat the request as a main frame navigation where appropriate. For more detailed information about these changes please see the internal design doc at: https://docs.google.com/document/d/1KZscujuV7bCFEnzJW-0DaCPU-I40RJimQKoCcI0umTQ/edit?usp=sharing In addition, there is some discussion of these features in the following spec issues: whatwg/fetch#1321 whatwg/fetch#1327 The test includes WPT tests that verify navigation headers and SameSite cookies. Note, chrome has a couple expected failures in the SameSite cookie tests because of the "lax-allowing-unsafe" intervention that is currently enabled. See: https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/web_tests/TestExpectations;l=4635;drc=e8133cbf2469adb99c6610483ab78bcfb8cc4c76 Bug: 1115847,1241188 Change-Id: I7e236fa20aeabb705aef40fcf8d5c36da6d2798c Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3115917 Reviewed-by: Matt Menke <mmenke@chromium.org> Reviewed-by: Yutaka Hirano <yhirano@chromium.org> Reviewed-by: Nasko Oskov <nasko@chromium.org> Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org> Commit-Queue: Ben Kelly <wanderview@chromium.org> Cr-Commit-Position: refs/heads/main@{#936029}

…rkers." This reverts commit da0a6501cf321579bd46a27ff9fba1bb8ea910bb. Reason for revert: Failure on many bots with the following error message: The service worker navigation preload request was cancelled before 'preloadResponse' settled. If you intend to use 'preloadResponse', use waitUntil() or respondWith() to wait for the promise to settle.", source: (0) Original change's description: > Fetch: Plumb request initiator through passthrough service workers. > > This CL contains essentially two changes: > > 1. The request initiator origin is plumbed through service workers > that do `fetch(evt.request)`. In addition to plumbing, this > requires changes to how we validate navigation requests in the > CorsURLLoaderFactory. > 2. Tracks the original destination of a request passed through a > service worker. This is then used in the network service to force > SameSite=Lax cookies to treat the request as a main frame navigation > where appropriate. > > For more detailed information about these changes please see the > internal design doc at: > > https://docs.google.com/document/d/1KZscujuV7bCFEnzJW-0DaCPU-I40RJimQKoCcI0umTQ/edit?usp=sharing > > In addition, there is some discussion of these features in the following > spec issues: > > whatwg/fetch#1321 > whatwg/fetch#1327 > > The test includes WPT tests that verify navigation headers and SameSite > cookies. Note, chrome has a couple expected failures in the SameSite > cookie tests because of the "lax-allowing-unsafe" intervention that is > currently enabled. See: > > https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/web_tests/TestExpectations;l=4635;drc=e8133cbf2469adb99c6610483ab78bcfb8cc4c76 > > Bug: 1115847,1241188 > Change-Id: I7e236fa20aeabb705aef40fcf8d5c36da6d2798c > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3115917 > Reviewed-by: Matt Menke <mmenke@chromium.org> > Reviewed-by: Yutaka Hirano <yhirano@chromium.org> > Reviewed-by: Nasko Oskov <nasko@chromium.org> > Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org> > Commit-Queue: Ben Kelly <wanderview@chromium.org> > Cr-Commit-Position: refs/heads/main@{#936029} Bug: 1115847,1241188 Change-Id: I3044a6d20de172b4a8ab7e39a9f26191580003fa No-Presubmit: true No-Tree-Checks: true No-Try: true

…rkers." This reverts commit da0a6501cf321579bd46a27ff9fba1bb8ea910bb. Reason for revert: Failure on many bots with the following error message: The service worker navigation preload request was cancelled before 'preloadResponse' settled. If you intend to use 'preloadResponse', use waitUntil() or respondWith() to wait for the promise to settle.", source: (0) Original change's description: > Fetch: Plumb request initiator through passthrough service workers. > > This CL contains essentially two changes: > > 1. The request initiator origin is plumbed through service workers > that do `fetch(evt.request)`. In addition to plumbing, this > requires changes to how we validate navigation requests in the > CorsURLLoaderFactory. > 2. Tracks the original destination of a request passed through a > service worker. This is then used in the network service to force > SameSite=Lax cookies to treat the request as a main frame navigation > where appropriate. > > For more detailed information about these changes please see the > internal design doc at: > > https://docs.google.com/document/d/1KZscujuV7bCFEnzJW-0DaCPU-I40RJimQKoCcI0umTQ/edit?usp=sharing > > In addition, there is some discussion of these features in the following > spec issues: > > whatwg/fetch#1321 > whatwg/fetch#1327 > > The test includes WPT tests that verify navigation headers and SameSite > cookies. Note, chrome has a couple expected failures in the SameSite > cookie tests because of the "lax-allowing-unsafe" intervention that is > currently enabled. See: > > https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/web_tests/TestExpectations;l=4635;drc=e8133cbf2469adb99c6610483ab78bcfb8cc4c76 > > Bug: 1115847,1241188 > Change-Id: I7e236fa20aeabb705aef40fcf8d5c36da6d2798c > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3115917 > Reviewed-by: Matt Menke <mmenke@chromium.org> > Reviewed-by: Yutaka Hirano <yhirano@chromium.org> > Reviewed-by: Nasko Oskov <nasko@chromium.org> > Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org> > Commit-Queue: Ben Kelly <wanderview@chromium.org> > Cr-Commit-Position: refs/heads/main@{#936029} Bug: 1115847,1241188 Change-Id: I3044a6d20de172b4a8ab7e39a9f26191580003fa No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3251692 Auto-Submit: Alan Screen <awscreen@chromium.org> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Commit-Queue: Alan Screen <awscreen@chromium.org> Owners-Override: Alan Screen <awscreen@chromium.org> Cr-Commit-Position: refs/heads/main@{#936125}

…rkers." This is a reland of da0a6501cf321579bd46a27ff9fba1bb8ea910bb Original change's description: > Fetch: Plumb request initiator through passthrough service workers. > > This CL contains essentially two changes: > > 1. The request initiator origin is plumbed through service workers > that do `fetch(evt.request)`. In addition to plumbing, this > requires changes to how we validate navigation requests in the > CorsURLLoaderFactory. > 2. Tracks the original destination of a request passed through a > service worker. This is then used in the network service to force > SameSite=Lax cookies to treat the request as a main frame navigation > where appropriate. > > For more detailed information about these changes please see the > internal design doc at: > > https://docs.google.com/document/d/1KZscujuV7bCFEnzJW-0DaCPU-I40RJimQKoCcI0umTQ/edit?usp=sharing > > In addition, there is some discussion of these features in the following > spec issues: > > whatwg/fetch#1321 > whatwg/fetch#1327 > > The test includes WPT tests that verify navigation headers and SameSite > cookies. Note, chrome has a couple expected failures in the SameSite > cookie tests because of the "lax-allowing-unsafe" intervention that is > currently enabled. See: > > https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/web_tests/TestExpectations;l=4635;drc=e8133cbf2469adb99c6610483ab78bcfb8cc4c76 > > Bug: 1115847,1241188 > Change-Id: I7e236fa20aeabb705aef40fcf8d5c36da6d2798c > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3115917 > Reviewed-by: Matt Menke <mmenke@chromium.org> > Reviewed-by: Yutaka Hirano <yhirano@chromium.org> > Reviewed-by: Nasko Oskov <nasko@chromium.org> > Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org> > Commit-Queue: Ben Kelly <wanderview@chromium.org> > Cr-Commit-Position: refs/heads/main@{#936029} Bug: 1115847,1241188 Change-Id: Ia26acbdd0d7ce6583d9a44f83ed086708657b8bd

…rkers." This is a reland of da0a6501cf321579bd46a27ff9fba1bb8ea910bb This CL also includes a change to mark the two WPT tests as requiring long timeout durations. On my fast build machine with an opt build they take ~5 seconds each to complete and the default timeout is 10 seconds. On slower bots with debug builds its highly likely that these tests would be marked as timing out. This change gives them a 60 second timeout instead. Original change's description: > Fetch: Plumb request initiator through passthrough service workers. > > This CL contains essentially two changes: > > 1. The request initiator origin is plumbed through service workers > that do `fetch(evt.request)`. In addition to plumbing, this > requires changes to how we validate navigation requests in the > CorsURLLoaderFactory. > 2. Tracks the original destination of a request passed through a > service worker. This is then used in the network service to force > SameSite=Lax cookies to treat the request as a main frame navigation > where appropriate. > > For more detailed information about these changes please see the > internal design doc at: > > https://docs.google.com/document/d/1KZscujuV7bCFEnzJW-0DaCPU-I40RJimQKoCcI0umTQ/edit?usp=sharing > > In addition, there is some discussion of these features in the following > spec issues: > > whatwg/fetch#1321 > whatwg/fetch#1327 > > The test includes WPT tests that verify navigation headers and SameSite > cookies. Note, chrome has a couple expected failures in the SameSite > cookie tests because of the "lax-allowing-unsafe" intervention that is > currently enabled. See: > > https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/web_tests/TestExpectations;l=4635;drc=e8133cbf2469adb99c6610483ab78bcfb8cc4c76 > > Bug: 1115847,1241188 > Change-Id: I7e236fa20aeabb705aef40fcf8d5c36da6d2798c > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3115917 > Reviewed-by: Matt Menke <mmenke@chromium.org> > Reviewed-by: Yutaka Hirano <yhirano@chromium.org> > Reviewed-by: Nasko Oskov <nasko@chromium.org> > Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org> > Commit-Queue: Ben Kelly <wanderview@chromium.org> > Cr-Commit-Position: refs/heads/main@{#936029} Bug: 1115847,1241188 Change-Id: Ia26acbdd0d7ce6583d9a44f83ed086708657b8bd

This CL contains essentially two changes: 1. The request initiator origin is plumbed through service workers that do `fetch(evt.request)`. In addition to plumbing, this requires changes to how we validate navigation requests in the CorsURLLoaderFactory. 2. Tracks the original destination of a request passed through a service worker. This is then used in the network service to force SameSite=Lax cookies to treat the request as a main frame navigation where appropriate. For more detailed information about these changes please see the internal design doc at: https://docs.google.com/document/d/1KZscujuV7bCFEnzJW-0DaCPU-I40RJimQKoCcI0umTQ/edit?usp=sharing In addition, there is some discussion of these features in the following spec issues: whatwg/fetch#1321 whatwg/fetch#1327 The test includes WPT tests that verify navigation headers and SameSite cookies. Note, chrome has a couple expected failures in the SameSite cookie tests because of the "lax-allowing-unsafe" intervention that is currently enabled. See: https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/web_tests/TestExpectations;l=4635;drc=e8133cbf2469adb99c6610483ab78bcfb8cc4c76 Bug: 1115847,1241188 Change-Id: I7e236fa20aeabb705aef40fcf8d5c36da6d2798c Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3115917 Reviewed-by: Matt Menke <mmenke@chromium.org> Reviewed-by: Yutaka Hirano <yhirano@chromium.org> Reviewed-by: Nasko Oskov <nasko@chromium.org> Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org> Commit-Queue: Ben Kelly <wanderview@chromium.org> Cr-Commit-Position: refs/heads/main@{#936029}

…rkers." This reverts commit da0a650. Reason for revert: Failure on many bots with the following error message: The service worker navigation preload request was cancelled before 'preloadResponse' settled. If you intend to use 'preloadResponse', use waitUntil() or respondWith() to wait for the promise to settle.", source: (0) Original change's description: > Fetch: Plumb request initiator through passthrough service workers. > > This CL contains essentially two changes: > > 1. The request initiator origin is plumbed through service workers > that do `fetch(evt.request)`. In addition to plumbing, this > requires changes to how we validate navigation requests in the > CorsURLLoaderFactory. > 2. Tracks the original destination of a request passed through a > service worker. This is then used in the network service to force > SameSite=Lax cookies to treat the request as a main frame navigation > where appropriate. > > For more detailed information about these changes please see the > internal design doc at: > > https://docs.google.com/document/d/1KZscujuV7bCFEnzJW-0DaCPU-I40RJimQKoCcI0umTQ/edit?usp=sharing > > In addition, there is some discussion of these features in the following > spec issues: > > whatwg/fetch#1321 > whatwg/fetch#1327 > > The test includes WPT tests that verify navigation headers and SameSite > cookies. Note, chrome has a couple expected failures in the SameSite > cookie tests because of the "lax-allowing-unsafe" intervention that is > currently enabled. See: > > https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/web_tests/TestExpectations;l=4635;drc=e8133cbf2469adb99c6610483ab78bcfb8cc4c76 > > Bug: 1115847,1241188 > Change-Id: I7e236fa20aeabb705aef40fcf8d5c36da6d2798c > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3115917 > Reviewed-by: Matt Menke <mmenke@chromium.org> > Reviewed-by: Yutaka Hirano <yhirano@chromium.org> > Reviewed-by: Nasko Oskov <nasko@chromium.org> > Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org> > Commit-Queue: Ben Kelly <wanderview@chromium.org> > Cr-Commit-Position: refs/heads/main@{#936029} Bug: 1115847,1241188 Change-Id: I3044a6d20de172b4a8ab7e39a9f26191580003fa No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3251692 Auto-Submit: Alan Screen <awscreen@chromium.org> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Commit-Queue: Alan Screen <awscreen@chromium.org> Owners-Override: Alan Screen <awscreen@chromium.org> Cr-Commit-Position: refs/heads/main@{#936125}

…rkers." This is a reland of da0a6501cf321579bd46a27ff9fba1bb8ea910bb This CL also includes a change to mark the two WPT tests as requiring long timeout durations. On my fast build machine with an opt build they take ~5 seconds each to complete and the default timeout is 10 seconds. On slower bots with debug builds its highly likely that these tests would be marked as timing out. This change gives them a 60 second timeout instead. Original change's description: > Fetch: Plumb request initiator through passthrough service workers. > > This CL contains essentially two changes: > > 1. The request initiator origin is plumbed through service workers > that do `fetch(evt.request)`. In addition to plumbing, this > requires changes to how we validate navigation requests in the > CorsURLLoaderFactory. > 2. Tracks the original destination of a request passed through a > service worker. This is then used in the network service to force > SameSite=Lax cookies to treat the request as a main frame navigation > where appropriate. > > For more detailed information about these changes please see the > internal design doc at: > > https://docs.google.com/document/d/1KZscujuV7bCFEnzJW-0DaCPU-I40RJimQKoCcI0umTQ/edit?usp=sharing > > In addition, there is some discussion of these features in the following > spec issues: > > whatwg/fetch#1321 > whatwg/fetch#1327 > > The test includes WPT tests that verify navigation headers and SameSite > cookies. Note, chrome has a couple expected failures in the SameSite > cookie tests because of the "lax-allowing-unsafe" intervention that is > currently enabled. See: > > https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/web_tests/TestExpectations;l=4635;drc=e8133cbf2469adb99c6610483ab78bcfb8cc4c76 > > Bug: 1115847,1241188 > Change-Id: I7e236fa20aeabb705aef40fcf8d5c36da6d2798c > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3115917 > Reviewed-by: Matt Menke <mmenke@chromium.org> > Reviewed-by: Yutaka Hirano <yhirano@chromium.org> > Reviewed-by: Nasko Oskov <nasko@chromium.org> > Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org> > Commit-Queue: Ben Kelly <wanderview@chromium.org> > Cr-Commit-Position: refs/heads/main@{#936029} Bug: 1115847,1241188 Change-Id: Ia26acbdd0d7ce6583d9a44f83ed086708657b8bd Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3251368 Reviewed-by: Matt Menke <mmenke@chromium.org> Reviewed-by: Yutaka Hirano <yhirano@chromium.org> Reviewed-by: Nasko Oskov <nasko@chromium.org> Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org> Auto-Submit: Ben Kelly <wanderview@chromium.org> Commit-Queue: Ben Kelly <wanderview@chromium.org> Cr-Commit-Position: refs/heads/main@{#936560}

…rkers." This is a reland of da0a650 This CL also includes a change to mark the two WPT tests as requiring long timeout durations. On my fast build machine with an opt build they take ~5 seconds each to complete and the default timeout is 10 seconds. On slower bots with debug builds its highly likely that these tests would be marked as timing out. This change gives them a 60 second timeout instead. Original change's description: > Fetch: Plumb request initiator through passthrough service workers. > > This CL contains essentially two changes: > > 1. The request initiator origin is plumbed through service workers > that do `fetch(evt.request)`. In addition to plumbing, this > requires changes to how we validate navigation requests in the > CorsURLLoaderFactory. > 2. Tracks the original destination of a request passed through a > service worker. This is then used in the network service to force > SameSite=Lax cookies to treat the request as a main frame navigation > where appropriate. > > For more detailed information about these changes please see the > internal design doc at: > > https://docs.google.com/document/d/1KZscujuV7bCFEnzJW-0DaCPU-I40RJimQKoCcI0umTQ/edit?usp=sharing > > In addition, there is some discussion of these features in the following > spec issues: > > whatwg/fetch#1321 > whatwg/fetch#1327 > > The test includes WPT tests that verify navigation headers and SameSite > cookies. Note, chrome has a couple expected failures in the SameSite > cookie tests because of the "lax-allowing-unsafe" intervention that is > currently enabled. See: > > https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/web_tests/TestExpectations;l=4635;drc=e8133cbf2469adb99c6610483ab78bcfb8cc4c76 > > Bug: 1115847,1241188 > Change-Id: I7e236fa20aeabb705aef40fcf8d5c36da6d2798c > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3115917 > Reviewed-by: Matt Menke <mmenke@chromium.org> > Reviewed-by: Yutaka Hirano <yhirano@chromium.org> > Reviewed-by: Nasko Oskov <nasko@chromium.org> > Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org> > Commit-Queue: Ben Kelly <wanderview@chromium.org> > Cr-Commit-Position: refs/heads/main@{#936029} Bug: 1115847,1241188 Change-Id: Ia26acbdd0d7ce6583d9a44f83ed086708657b8bd Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3251368 Reviewed-by: Matt Menke <mmenke@chromium.org> Reviewed-by: Yutaka Hirano <yhirano@chromium.org> Reviewed-by: Nasko Oskov <nasko@chromium.org> Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org> Auto-Submit: Ben Kelly <wanderview@chromium.org> Commit-Queue: Ben Kelly <wanderview@chromium.org> Cr-Commit-Position: refs/heads/main@{#936560}

…assthrough service workers., a=testonly Automatic update from web-platform-tests Fetch: Plumb request initiator through passthrough service workers. This CL contains essentially two changes: 1. The request initiator origin is plumbed through service workers that do `fetch(evt.request)`. In addition to plumbing, this requires changes to how we validate navigation requests in the CorsURLLoaderFactory. 2. Tracks the original destination of a request passed through a service worker. This is then used in the network service to force SameSite=Lax cookies to treat the request as a main frame navigation where appropriate. For more detailed information about these changes please see the internal design doc at: https://docs.google.com/document/d/1KZscujuV7bCFEnzJW-0DaCPU-I40RJimQKoCcI0umTQ/edit?usp=sharing In addition, there is some discussion of these features in the following spec issues: whatwg/fetch#1321 whatwg/fetch#1327 The test includes WPT tests that verify navigation headers and SameSite cookies. Note, chrome has a couple expected failures in the SameSite cookie tests because of the "lax-allowing-unsafe" intervention that is currently enabled. See: https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/web_tests/TestExpectations;l=4635;drc=e8133cbf2469adb99c6610483ab78bcfb8cc4c76 Bug: 1115847,1241188 Change-Id: I7e236fa20aeabb705aef40fcf8d5c36da6d2798c Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3115917 Reviewed-by: Matt Menke <mmenke@chromium.org> Reviewed-by: Yutaka Hirano <yhirano@chromium.org> Reviewed-by: Nasko Oskov <nasko@chromium.org> Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org> Commit-Queue: Ben Kelly <wanderview@chromium.org> Cr-Commit-Position: refs/heads/main@{#936029} -- wpt-commits: cd0951f4268af579e9e26913fbefea1684c67f2d wpt-pr: 31378

…hrough passthrough service workers.", a=testonly Automatic update from web-platform-tests Revert "Fetch: Plumb request initiator through passthrough service workers." This reverts commit da0a6501cf321579bd46a27ff9fba1bb8ea910bb. Reason for revert: Failure on many bots with the following error message: The service worker navigation preload request was cancelled before 'preloadResponse' settled. If you intend to use 'preloadResponse', use waitUntil() or respondWith() to wait for the promise to settle.", source: (0) Original change's description: > Fetch: Plumb request initiator through passthrough service workers. > > This CL contains essentially two changes: > > 1. The request initiator origin is plumbed through service workers > that do `fetch(evt.request)`. In addition to plumbing, this > requires changes to how we validate navigation requests in the > CorsURLLoaderFactory. > 2. Tracks the original destination of a request passed through a > service worker. This is then used in the network service to force > SameSite=Lax cookies to treat the request as a main frame navigation > where appropriate. > > For more detailed information about these changes please see the > internal design doc at: > > https://docs.google.com/document/d/1KZscujuV7bCFEnzJW-0DaCPU-I40RJimQKoCcI0umTQ/edit?usp=sharing > > In addition, there is some discussion of these features in the following > spec issues: > > whatwg/fetch#1321 > whatwg/fetch#1327 > > The test includes WPT tests that verify navigation headers and SameSite > cookies. Note, chrome has a couple expected failures in the SameSite > cookie tests because of the "lax-allowing-unsafe" intervention that is > currently enabled. See: > > https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/web_tests/TestExpectations;l=4635;drc=e8133cbf2469adb99c6610483ab78bcfb8cc4c76 > > Bug: 1115847,1241188 > Change-Id: I7e236fa20aeabb705aef40fcf8d5c36da6d2798c > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3115917 > Reviewed-by: Matt Menke <mmenke@chromium.org> > Reviewed-by: Yutaka Hirano <yhirano@chromium.org> > Reviewed-by: Nasko Oskov <nasko@chromium.org> > Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org> > Commit-Queue: Ben Kelly <wanderview@chromium.org> > Cr-Commit-Position: refs/heads/main@{#936029} Bug: 1115847,1241188 Change-Id: I3044a6d20de172b4a8ab7e39a9f26191580003fa No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3251692 Auto-Submit: Alan Screen <awscreen@chromium.org> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Commit-Queue: Alan Screen <awscreen@chromium.org> Owners-Override: Alan Screen <awscreen@chromium.org> Cr-Commit-Position: refs/heads/main@{#936125} -- wpt-commits: 85ebe754c6a2f8a706d582c71433301ed7901a18 wpt-pr: 31425

…assthrough service workers., a=testonly Automatic update from web-platform-tests Fetch: Plumb request initiator through passthrough service workers. This CL contains essentially two changes: 1. The request initiator origin is plumbed through service workers that do `fetch(evt.request)`. In addition to plumbing, this requires changes to how we validate navigation requests in the CorsURLLoaderFactory. 2. Tracks the original destination of a request passed through a service worker. This is then used in the network service to force SameSite=Lax cookies to treat the request as a main frame navigation where appropriate. For more detailed information about these changes please see the internal design doc at: https://docs.google.com/document/d/1KZscujuV7bCFEnzJW-0DaCPU-I40RJimQKoCcI0umTQ/edit?usp=sharing In addition, there is some discussion of these features in the following spec issues: whatwg/fetch#1321 whatwg/fetch#1327 The test includes WPT tests that verify navigation headers and SameSite cookies. Note, chrome has a couple expected failures in the SameSite cookie tests because of the "lax-allowing-unsafe" intervention that is currently enabled. See: https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/web_tests/TestExpectations;l=4635;drc=e8133cbf2469adb99c6610483ab78bcfb8cc4c76 Bug: 1115847,1241188 Change-Id: I7e236fa20aeabb705aef40fcf8d5c36da6d2798c Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3115917 Reviewed-by: Matt Menke <mmenke@chromium.org> Reviewed-by: Yutaka Hirano <yhirano@chromium.org> Reviewed-by: Nasko Oskov <nasko@chromium.org> Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org> Commit-Queue: Ben Kelly <wanderview@chromium.org> Cr-Commit-Position: refs/heads/main@{#936029} -- wpt-commits: cd0951f4268af579e9e26913fbefea1684c67f2d wpt-pr: 31378

…hrough passthrough service workers.", a=testonly Automatic update from web-platform-tests Revert "Fetch: Plumb request initiator through passthrough service workers." This reverts commit da0a6501cf321579bd46a27ff9fba1bb8ea910bb. Reason for revert: Failure on many bots with the following error message: The service worker navigation preload request was cancelled before 'preloadResponse' settled. If you intend to use 'preloadResponse', use waitUntil() or respondWith() to wait for the promise to settle.", source: (0) Original change's description: > Fetch: Plumb request initiator through passthrough service workers. > > This CL contains essentially two changes: > > 1. The request initiator origin is plumbed through service workers > that do `fetch(evt.request)`. In addition to plumbing, this > requires changes to how we validate navigation requests in the > CorsURLLoaderFactory. > 2. Tracks the original destination of a request passed through a > service worker. This is then used in the network service to force > SameSite=Lax cookies to treat the request as a main frame navigation > where appropriate. > > For more detailed information about these changes please see the > internal design doc at: > > https://docs.google.com/document/d/1KZscujuV7bCFEnzJW-0DaCPU-I40RJimQKoCcI0umTQ/edit?usp=sharing > > In addition, there is some discussion of these features in the following > spec issues: > > whatwg/fetch#1321 > whatwg/fetch#1327 > > The test includes WPT tests that verify navigation headers and SameSite > cookies. Note, chrome has a couple expected failures in the SameSite > cookie tests because of the "lax-allowing-unsafe" intervention that is > currently enabled. See: > > https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/web_tests/TestExpectations;l=4635;drc=e8133cbf2469adb99c6610483ab78bcfb8cc4c76 > > Bug: 1115847,1241188 > Change-Id: I7e236fa20aeabb705aef40fcf8d5c36da6d2798c > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3115917 > Reviewed-by: Matt Menke <mmenke@chromium.org> > Reviewed-by: Yutaka Hirano <yhirano@chromium.org> > Reviewed-by: Nasko Oskov <nasko@chromium.org> > Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org> > Commit-Queue: Ben Kelly <wanderview@chromium.org> > Cr-Commit-Position: refs/heads/main@{#936029} Bug: 1115847,1241188 Change-Id: I3044a6d20de172b4a8ab7e39a9f26191580003fa No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3251692 Auto-Submit: Alan Screen <awscreen@chromium.org> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Commit-Queue: Alan Screen <awscreen@chromium.org> Owners-Override: Alan Screen <awscreen@chromium.org> Cr-Commit-Position: refs/heads/main@{#936125} -- wpt-commits: 85ebe754c6a2f8a706d582c71433301ed7901a18 wpt-pr: 31425

…hrough passthrough service workers.", a=testonly Automatic update from web-platform-tests Reland "Fetch: Plumb request initiator through passthrough service workers." This is a reland of da0a6501cf321579bd46a27ff9fba1bb8ea910bb This CL also includes a change to mark the two WPT tests as requiring long timeout durations. On my fast build machine with an opt build they take ~5 seconds each to complete and the default timeout is 10 seconds. On slower bots with debug builds its highly likely that these tests would be marked as timing out. This change gives them a 60 second timeout instead. Original change's description: > Fetch: Plumb request initiator through passthrough service workers. > > This CL contains essentially two changes: > > 1. The request initiator origin is plumbed through service workers > that do `fetch(evt.request)`. In addition to plumbing, this > requires changes to how we validate navigation requests in the > CorsURLLoaderFactory. > 2. Tracks the original destination of a request passed through a > service worker. This is then used in the network service to force > SameSite=Lax cookies to treat the request as a main frame navigation > where appropriate. > > For more detailed information about these changes please see the > internal design doc at: > > https://docs.google.com/document/d/1KZscujuV7bCFEnzJW-0DaCPU-I40RJimQKoCcI0umTQ/edit?usp=sharing > > In addition, there is some discussion of these features in the following > spec issues: > > whatwg/fetch#1321 > whatwg/fetch#1327 > > The test includes WPT tests that verify navigation headers and SameSite > cookies. Note, chrome has a couple expected failures in the SameSite > cookie tests because of the "lax-allowing-unsafe" intervention that is > currently enabled. See: > > https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/web_tests/TestExpectations;l=4635;drc=e8133cbf2469adb99c6610483ab78bcfb8cc4c76 > > Bug: 1115847,1241188 > Change-Id: I7e236fa20aeabb705aef40fcf8d5c36da6d2798c > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3115917 > Reviewed-by: Matt Menke <mmenke@chromium.org> > Reviewed-by: Yutaka Hirano <yhirano@chromium.org> > Reviewed-by: Nasko Oskov <nasko@chromium.org> > Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org> > Commit-Queue: Ben Kelly <wanderview@chromium.org> > Cr-Commit-Position: refs/heads/main@{#936029} Bug: 1115847,1241188 Change-Id: Ia26acbdd0d7ce6583d9a44f83ed086708657b8bd Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3251368 Reviewed-by: Matt Menke <mmenke@chromium.org> Reviewed-by: Yutaka Hirano <yhirano@chromium.org> Reviewed-by: Nasko Oskov <nasko@chromium.org> Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org> Auto-Submit: Ben Kelly <wanderview@chromium.org> Commit-Queue: Ben Kelly <wanderview@chromium.org> Cr-Commit-Position: refs/heads/main@{#936560} -- wpt-commits: ef9899c9503c50c675ba1c374a04a82600d23aaf wpt-pr: 31430

This CL contains essentially two changes: 1. The request initiator origin is plumbed through service workers that do `fetch(evt.request)`. In addition to plumbing, this requires changes to how we validate navigation requests in the CorsURLLoaderFactory. 2. Tracks the original destination of a request passed through a service worker. This is then used in the network service to force SameSite=Lax cookies to treat the request as a main frame navigation where appropriate. For more detailed information about these changes please see the internal design doc at: https://docs.google.com/document/d/1KZscujuV7bCFEnzJW-0DaCPU-I40RJimQKoCcI0umTQ/edit?usp=sharing In addition, there is some discussion of these features in the following spec issues: whatwg/fetch#1321 whatwg/fetch#1327 The test includes WPT tests that verify navigation headers and SameSite cookies. Note, chrome has a couple expected failures in the SameSite cookie tests because of the "lax-allowing-unsafe" intervention that is currently enabled. See: https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/web_tests/TestExpectations;l=4635;drc=e8133cbf2469adb99c6610483ab78bcfb8cc4c76 Bug: 1115847,1241188 Change-Id: I7e236fa20aeabb705aef40fcf8d5c36da6d2798c Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3115917 Reviewed-by: Matt Menke <mmenke@chromium.org> Reviewed-by: Yutaka Hirano <yhirano@chromium.org> Reviewed-by: Nasko Oskov <nasko@chromium.org> Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org> Commit-Queue: Ben Kelly <wanderview@chromium.org> Cr-Commit-Position: refs/heads/main@{#936029}

…rkers." This reverts commit da0a6501cf321579bd46a27ff9fba1bb8ea910bb. Reason for revert: Failure on many bots with the following error message: The service worker navigation preload request was cancelled before 'preloadResponse' settled. If you intend to use 'preloadResponse', use waitUntil() or respondWith() to wait for the promise to settle.", source: (0) Original change's description: > Fetch: Plumb request initiator through passthrough service workers. > > This CL contains essentially two changes: > > 1. The request initiator origin is plumbed through service workers > that do `fetch(evt.request)`. In addition to plumbing, this > requires changes to how we validate navigation requests in the > CorsURLLoaderFactory. > 2. Tracks the original destination of a request passed through a > service worker. This is then used in the network service to force > SameSite=Lax cookies to treat the request as a main frame navigation > where appropriate. > > For more detailed information about these changes please see the > internal design doc at: > > https://docs.google.com/document/d/1KZscujuV7bCFEnzJW-0DaCPU-I40RJimQKoCcI0umTQ/edit?usp=sharing > > In addition, there is some discussion of these features in the following > spec issues: > > whatwg/fetch#1321 > whatwg/fetch#1327 > > The test includes WPT tests that verify navigation headers and SameSite > cookies. Note, chrome has a couple expected failures in the SameSite > cookie tests because of the "lax-allowing-unsafe" intervention that is > currently enabled. See: > > https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/web_tests/TestExpectations;l=4635;drc=e8133cbf2469adb99c6610483ab78bcfb8cc4c76 > > Bug: 1115847,1241188 > Change-Id: I7e236fa20aeabb705aef40fcf8d5c36da6d2798c > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3115917 > Reviewed-by: Matt Menke <mmenke@chromium.org> > Reviewed-by: Yutaka Hirano <yhirano@chromium.org> > Reviewed-by: Nasko Oskov <nasko@chromium.org> > Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org> > Commit-Queue: Ben Kelly <wanderview@chromium.org> > Cr-Commit-Position: refs/heads/main@{#936029} Bug: 1115847,1241188 Change-Id: I3044a6d20de172b4a8ab7e39a9f26191580003fa No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3251692 Auto-Submit: Alan Screen <awscreen@chromium.org> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Commit-Queue: Alan Screen <awscreen@chromium.org> Owners-Override: Alan Screen <awscreen@chromium.org> Cr-Commit-Position: refs/heads/main@{#936125}

…rkers." This is a reland of da0a6501cf321579bd46a27ff9fba1bb8ea910bb This CL also includes a change to mark the two WPT tests as requiring long timeout durations. On my fast build machine with an opt build they take ~5 seconds each to complete and the default timeout is 10 seconds. On slower bots with debug builds its highly likely that these tests would be marked as timing out. This change gives them a 60 second timeout instead. Original change's description: > Fetch: Plumb request initiator through passthrough service workers. > > This CL contains essentially two changes: > > 1. The request initiator origin is plumbed through service workers > that do `fetch(evt.request)`. In addition to plumbing, this > requires changes to how we validate navigation requests in the > CorsURLLoaderFactory. > 2. Tracks the original destination of a request passed through a > service worker. This is then used in the network service to force > SameSite=Lax cookies to treat the request as a main frame navigation > where appropriate. > > For more detailed information about these changes please see the > internal design doc at: > > https://docs.google.com/document/d/1KZscujuV7bCFEnzJW-0DaCPU-I40RJimQKoCcI0umTQ/edit?usp=sharing > > In addition, there is some discussion of these features in the following > spec issues: > > whatwg/fetch#1321 > whatwg/fetch#1327 > > The test includes WPT tests that verify navigation headers and SameSite > cookies. Note, chrome has a couple expected failures in the SameSite > cookie tests because of the "lax-allowing-unsafe" intervention that is > currently enabled. See: > > https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/web_tests/TestExpectations;l=4635;drc=e8133cbf2469adb99c6610483ab78bcfb8cc4c76 > > Bug: 1115847,1241188 > Change-Id: I7e236fa20aeabb705aef40fcf8d5c36da6d2798c > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3115917 > Reviewed-by: Matt Menke <mmenke@chromium.org> > Reviewed-by: Yutaka Hirano <yhirano@chromium.org> > Reviewed-by: Nasko Oskov <nasko@chromium.org> > Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org> > Commit-Queue: Ben Kelly <wanderview@chromium.org> > Cr-Commit-Position: refs/heads/main@{#936029} Bug: 1115847,1241188 Change-Id: Ia26acbdd0d7ce6583d9a44f83ed086708657b8bd Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3251368 Reviewed-by: Matt Menke <mmenke@chromium.org> Reviewed-by: Yutaka Hirano <yhirano@chromium.org> Reviewed-by: Nasko Oskov <nasko@chromium.org> Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org> Auto-Submit: Ben Kelly <wanderview@chromium.org> Commit-Queue: Ben Kelly <wanderview@chromium.org> Cr-Commit-Position: refs/heads/main@{#936560}

Manual backprort of patch for "CVE-2022-0111: Inappropriate implementation in Navigation." and "CVE-2022-0117: Policy bypass in Service Workers", originally reviewed on https://chromium-review.googlesource.com/c/chromium/src/+/3251368: Reland "Fetch: Plumb request initiator through passthrough service workers." This is a reland of da0a6501cf321579bd46a27ff9fba1bb8ea910bb This CL also includes a change to mark the two WPT tests as requiring long timeout durations. On my fast build machine with an opt build they take ~5 seconds each to complete and the default timeout is 10 seconds. On slower bots with debug builds its highly likely that these tests would be marked as timing out. This change gives them a 60 second timeout instead. Original change's description: > Fetch: Plumb request initiator through passthrough service workers. > > This CL contains essentially two changes: > > 1. The request initiator origin is plumbed through service workers > that do `fetch(evt.request)`. In addition to plumbing, this > requires changes to how we validate navigation requests in the > CorsURLLoaderFactory. > 2. Tracks the original destination of a request passed through a > service worker. This is then used in the network service to force > SameSite=Lax cookies to treat the request as a main frame navigation > where appropriate. > > For more detailed information about these changes please see the > internal design doc at: > > https://docs.google.com/document/d/1KZscujuV7bCFEnzJW-0DaCPU-I40RJimQKoCcI0umTQ/edit?usp=sharing > > In addition, there is some discussion of these features in the following > spec issues: > > whatwg/fetch#1321 > whatwg/fetch#1327 > > The test includes WPT tests that verify navigation headers and SameSite > cookies. Note, chrome has a couple expected failures in the SameSite > cookie tests because of the "lax-allowing-unsafe" intervention that is > currently enabled. See: > > https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/web_tests/TestExpectations;l=4635;drc=e8133cbf2469adb99c6610483ab78bcfb8cc4c76 > > Bug: 1115847,1241188 > Change-Id: I7e236fa20aeabb705aef40fcf8d5c36da6d2798c > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3115917 > Reviewed-by: Matt Menke <mmenke@chromium.org> > Reviewed-by: Yutaka Hirano <yhirano@chromium.org> > Reviewed-by: Nasko Oskov <nasko@chromium.org> > Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org> > Commit-Queue: Ben Kelly <wanderview@chromium.org> > Cr-Commit-Position: refs/heads/main@{#936029} Bug: 1115847,1241188 Change-Id: Ia26acbdd0d7ce6583d9a44f83ed086708657b8bd Reviewed-by: Matt Menke <mmenke@chromium.org> Reviewed-by: Yutaka Hirano <yhirano@chromium.org> Reviewed-by: Nasko Oskov <nasko@chromium.org> Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org> Auto-Submit: Ben Kelly <wanderview@chromium.org> Commit-Queue: Ben Kelly <wanderview@chromium.org> Cr-Commit-Position: refs/heads/main@{#936560} Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>

Manual icherry-pick of patch for "CVE-2022-0111: Inappropriate implementation in Navigation." and "CVE-2022-0117: Policy bypass in Service Workers", originally reviewed on https://chromium-review.googlesource.com/c/chromium/src/+/3251368: Reland "Fetch: Plumb request initiator through passthrough service workers." This is a reland of da0a6501cf321579bd46a27ff9fba1bb8ea910bb This CL also includes a change to mark the two WPT tests as requiring long timeout durations. On my fast build machine with an opt build they take ~5 seconds each to complete and the default timeout is 10 seconds. On slower bots with debug builds its highly likely that these tests would be marked as timing out. This change gives them a 60 second timeout instead. Original change's description: > Fetch: Plumb request initiator through passthrough service workers. > > This CL contains essentially two changes: > > 1. The request initiator origin is plumbed through service workers > that do `fetch(evt.request)`. In addition to plumbing, this > requires changes to how we validate navigation requests in the > CorsURLLoaderFactory. > 2. Tracks the original destination of a request passed through a > service worker. This is then used in the network service to force > SameSite=Lax cookies to treat the request as a main frame navigation > where appropriate. > > For more detailed information about these changes please see the > internal design doc at: > > https://docs.google.com/document/d/1KZscujuV7bCFEnzJW-0DaCPU-I40RJimQKoCcI0umTQ/edit?usp=sharing > > In addition, there is some discussion of these features in the following > spec issues: > > whatwg/fetch#1321 > whatwg/fetch#1327 > > The test includes WPT tests that verify navigation headers and SameSite > cookies. Note, chrome has a couple expected failures in the SameSite > cookie tests because of the "lax-allowing-unsafe" intervention that is > currently enabled. See: > > https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/web_tests/TestExpectations;l=4635;drc=e8133cbf2469adb99c6610483ab78bcfb8cc4c76 > > Bug: 1115847,1241188 > Change-Id: I7e236fa20aeabb705aef40fcf8d5c36da6d2798c > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3115917 > Reviewed-by: Matt Menke <mmenke@chromium.org> > Reviewed-by: Yutaka Hirano <yhirano@chromium.org> > Reviewed-by: Nasko Oskov <nasko@chromium.org> > Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org> > Commit-Queue: Ben Kelly <wanderview@chromium.org> > Cr-Commit-Position: refs/heads/main@{#936029} Bug: 1115847,1241188 Change-Id: Ia26acbdd0d7ce6583d9a44f83ed086708657b8bd Reviewed-by: Matt Menke <mmenke@chromium.org> Reviewed-by: Yutaka Hirano <yhirano@chromium.org> Reviewed-by: Nasko Oskov <nasko@chromium.org> Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org> Auto-Submit: Ben Kelly <wanderview@chromium.org> Commit-Queue: Ben Kelly <wanderview@chromium.org> Cr-Commit-Position: refs/heads/main@{#936560} Reviewed-by: Michal Klocek <michal.klocek@qt.io>

Manual backport of patch for "CVE-2022-0111: Inappropriate implementation in Navigation." and "CVE-2022-0117: Policy bypass in Service Workers", originally reviewed on https://chromium-review.googlesource.com/c/chromium/src/+/3251368: Reland "Fetch: Plumb request initiator through passthrough service workers." This is a reland of da0a6501cf321579bd46a27ff9fba1bb8ea910bb This CL also includes a change to mark the two WPT tests as requiring long timeout durations. On my fast build machine with an opt build they take ~5 seconds each to complete and the default timeout is 10 seconds. On slower bots with debug builds its highly likely that these tests would be marked as timing out. This change gives them a 60 second timeout instead. Original change's description: > Fetch: Plumb request initiator through passthrough service workers. > > This CL contains essentially two changes: > > 1. The request initiator origin is plumbed through service workers >that do `fetch(evt.request)`. In addition to plumbing, this >requires changes to how we validate navigation requests in the >CorsURLLoaderFactory. > 2. Tracks the original destination of a request passed through a >service worker. This is then used in the network service to force >SameSite=Lax cookies to treat the request as a main frame navigation >where appropriate. > > For more detailed information about these changes please see the > internal design doc at: > > https://docs.google.com/document/d/1KZscujuV7bCFEnzJW-0DaCPU-I40RJimQKoCcI0umTQ/edit?usp=sharing > > In addition, there is some discussion of these features in the following > spec issues: > > whatwg/fetch#1321 > whatwg/fetch#1327 > > The test includes WPT tests that verify navigation headers and SameSite > cookies. Note, chrome has a couple expected failures in the SameSite > cookie tests because of the "lax-allowing-unsafe" intervention that is > currently enabled. See: > > https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/web_tests/TestExpectations;l=4635;drc=e8133cbf2469adb99c6610483ab78bcfb8cc4c76 > > Bug: 1115847,1241188 > Change-Id: I7e236fa20aeabb705aef40fcf8d5c36da6d2798c > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3115917 > Reviewed-by: Matt Menke <mmenke@chromium.org> > Reviewed-by: Yutaka Hirano <yhirano@chromium.org> > Reviewed-by: Nasko Oskov <nasko@chromium.org> > Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org> > Commit-Queue: Ben Kelly <wanderview@chromium.org> > Cr-Commit-Position: refs/heads/main@{#936029} Bug: 1115847,1241188 Change-Id: Ia26acbdd0d7ce6583d9a44f83ed086708657b8bd Reviewed-by: Matt Menke <mmenke@chromium.org> Reviewed-by: Michal Klocek <michal.klocek@qt.io>

This CL contains essentially two changes: 1. The request initiator origin is plumbed through service workers that do `fetch(evt.request)`. In addition to plumbing, this requires changes to how we validate navigation requests in the CorsURLLoaderFactory. 2. Tracks the original destination of a request passed through a service worker. This is then used in the network service to force SameSite=Lax cookies to treat the request as a main frame navigation where appropriate. For more detailed information about these changes please see the internal design doc at: https://docs.google.com/document/d/1KZscujuV7bCFEnzJW-0DaCPU-I40RJimQKoCcI0umTQ/edit?usp=sharing In addition, there is some discussion of these features in the following spec issues: whatwg/fetch#1321 whatwg/fetch#1327 The test includes WPT tests that verify navigation headers and SameSite cookies. Note, chrome has a couple expected failures in the SameSite cookie tests because of the "lax-allowing-unsafe" intervention that is currently enabled. See: https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/web_tests/TestExpectations;l=4635;drc=e8133cbf2469adb99c6610483ab78bcfb8cc4c76 Bug: 1115847,1241188 Change-Id: I7e236fa20aeabb705aef40fcf8d5c36da6d2798c Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3115917 Reviewed-by: Matt Menke <mmenke@chromium.org> Reviewed-by: Yutaka Hirano <yhirano@chromium.org> Reviewed-by: Nasko Oskov <nasko@chromium.org> Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org> Commit-Queue: Ben Kelly <wanderview@chromium.org> Cr-Commit-Position: refs/heads/main@{#936029} NOKEYCHECK=True GitOrigin-RevId: da0a6501cf321579bd46a27ff9fba1bb8ea910bb

…rkers." This reverts commit da0a6501cf321579bd46a27ff9fba1bb8ea910bb. Reason for revert: Failure on many bots with the following error message: The service worker navigation preload request was cancelled before 'preloadResponse' settled. If you intend to use 'preloadResponse', use waitUntil() or respondWith() to wait for the promise to settle.", source: (0) Original change's description: > Fetch: Plumb request initiator through passthrough service workers. > > This CL contains essentially two changes: > > 1. The request initiator origin is plumbed through service workers > that do `fetch(evt.request)`. In addition to plumbing, this > requires changes to how we validate navigation requests in the > CorsURLLoaderFactory. > 2. Tracks the original destination of a request passed through a > service worker. This is then used in the network service to force > SameSite=Lax cookies to treat the request as a main frame navigation > where appropriate. > > For more detailed information about these changes please see the > internal design doc at: > > https://docs.google.com/document/d/1KZscujuV7bCFEnzJW-0DaCPU-I40RJimQKoCcI0umTQ/edit?usp=sharing > > In addition, there is some discussion of these features in the following > spec issues: > > whatwg/fetch#1321 > whatwg/fetch#1327 > > The test includes WPT tests that verify navigation headers and SameSite > cookies. Note, chrome has a couple expected failures in the SameSite > cookie tests because of the "lax-allowing-unsafe" intervention that is > currently enabled. See: > > https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/web_tests/TestExpectations;l=4635;drc=e8133cbf2469adb99c6610483ab78bcfb8cc4c76 > > Bug: 1115847,1241188 > Change-Id: I7e236fa20aeabb705aef40fcf8d5c36da6d2798c > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3115917 > Reviewed-by: Matt Menke <mmenke@chromium.org> > Reviewed-by: Yutaka Hirano <yhirano@chromium.org> > Reviewed-by: Nasko Oskov <nasko@chromium.org> > Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org> > Commit-Queue: Ben Kelly <wanderview@chromium.org> > Cr-Commit-Position: refs/heads/main@{#936029} Bug: 1115847,1241188 Change-Id: I3044a6d20de172b4a8ab7e39a9f26191580003fa No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3251692 Auto-Submit: Alan Screen <awscreen@chromium.org> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Commit-Queue: Alan Screen <awscreen@chromium.org> Owners-Override: Alan Screen <awscreen@chromium.org> Cr-Commit-Position: refs/heads/main@{#936125} NOKEYCHECK=True GitOrigin-RevId: a6601b2cf2bb7c0a0ffa3c795a0dbc730ef81d1a

…rkers." This is a reland of da0a6501cf321579bd46a27ff9fba1bb8ea910bb This CL also includes a change to mark the two WPT tests as requiring long timeout durations. On my fast build machine with an opt build they take ~5 seconds each to complete and the default timeout is 10 seconds. On slower bots with debug builds its highly likely that these tests would be marked as timing out. This change gives them a 60 second timeout instead. Original change's description: > Fetch: Plumb request initiator through passthrough service workers. > > This CL contains essentially two changes: > > 1. The request initiator origin is plumbed through service workers > that do `fetch(evt.request)`. In addition to plumbing, this > requires changes to how we validate navigation requests in the > CorsURLLoaderFactory. > 2. Tracks the original destination of a request passed through a > service worker. This is then used in the network service to force > SameSite=Lax cookies to treat the request as a main frame navigation > where appropriate. > > For more detailed information about these changes please see the > internal design doc at: > > https://docs.google.com/document/d/1KZscujuV7bCFEnzJW-0DaCPU-I40RJimQKoCcI0umTQ/edit?usp=sharing > > In addition, there is some discussion of these features in the following > spec issues: > > whatwg/fetch#1321 > whatwg/fetch#1327 > > The test includes WPT tests that verify navigation headers and SameSite > cookies. Note, chrome has a couple expected failures in the SameSite > cookie tests because of the "lax-allowing-unsafe" intervention that is > currently enabled. See: > > https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/web_tests/TestExpectations;l=4635;drc=e8133cbf2469adb99c6610483ab78bcfb8cc4c76 > > Bug: 1115847,1241188 > Change-Id: I7e236fa20aeabb705aef40fcf8d5c36da6d2798c > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3115917 > Reviewed-by: Matt Menke <mmenke@chromium.org> > Reviewed-by: Yutaka Hirano <yhirano@chromium.org> > Reviewed-by: Nasko Oskov <nasko@chromium.org> > Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org> > Commit-Queue: Ben Kelly <wanderview@chromium.org> > Cr-Commit-Position: refs/heads/main@{#936029} Bug: 1115847,1241188 Change-Id: Ia26acbdd0d7ce6583d9a44f83ed086708657b8bd Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3251368 Reviewed-by: Matt Menke <mmenke@chromium.org> Reviewed-by: Yutaka Hirano <yhirano@chromium.org> Reviewed-by: Nasko Oskov <nasko@chromium.org> Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org> Auto-Submit: Ben Kelly <wanderview@chromium.org> Commit-Queue: Ben Kelly <wanderview@chromium.org> Cr-Commit-Position: refs/heads/main@{#936560} NOKEYCHECK=True GitOrigin-RevId: 2d916566085e4f09bca93021f2b1650ea6237077

annevk added addition/proposal New features or enhancements topic: http topic: service workers labels Oct 11, 2021

annevk mentioned this issue Oct 12, 2021

Request constructor should propagate origin internal field #1321

Closed

chromium-wpt-export-bot mentioned this issue Oct 25, 2021

Fetch: Plumb request initiator through passthrough service workers. web-platform-tests/wpt#31378

Merged

chromium-wpt-export-bot mentioned this issue Oct 28, 2021

Revert "Fetch: Plumb request initiator through passthrough service workers." web-platform-tests/wpt#31425

Merged

chromium-wpt-export-bot mentioned this issue Oct 28, 2021

Reland "Fetch: Plumb request initiator through passthrough service workers." web-platform-tests/wpt#31430

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Request needs to propagate concept of "main frame navigation" #1327

Request needs to propagate concept of "main frame navigation" #1327

wanderview commented Oct 8, 2021

annevk commented Oct 11, 2021 •

edited

Loading

wanderview commented Oct 11, 2021

annevk commented Oct 12, 2021

wanderview commented Oct 12, 2021

Request needs to propagate concept of "main frame navigation" #1327

Request needs to propagate concept of "main frame navigation" #1327

Comments

wanderview commented Oct 8, 2021

annevk commented Oct 11, 2021 • edited Loading

wanderview commented Oct 11, 2021

annevk commented Oct 12, 2021

wanderview commented Oct 12, 2021

annevk commented Oct 11, 2021 •

edited

Loading