Bug 1543068 - P1 Substitute Cross-Origin header with COEP r=nika

(a) Substitute Cross-Origin header with COEP (b) Forcing cors in FetchDriver is removed since COEP doesn't need to IIUC Differential Revision: https://phabricator.services.mozilla.com/D38788 --HG-- extra : moz-landing-system : lando
2019-08-08 18:38:03 +00:00 · 2019-08-08 18:38:03 +00:00 · 2247427ef2
--- a/docshell/base/BrowsingContext.cpp
+++ b/docshell/base/BrowsingContext.cpp
@ -133,13 +133,13 @@ already_AddRefed<BrowsingContext> BrowsingContext::Create(
  // using transactions to set them, as we haven't been attached yet.
  context->mName = aName;
  context->mOpenerId = aOpener ? aOpener->Id() : 0;
-  context->mCrossOriginPolicy = nsILoadInfo::CROSS_ORIGIN_POLICY_NULL;
-  context->mInheritedCrossOriginPolicy = nsILoadInfo::CROSS_ORIGIN_POLICY_NULL;
+  context->mEmbedderPolicy = nsILoadInfo::EMBEDDER_POLICY_NULL;
+  context->mInheritedEmbedderPolicy = nsILoadInfo::EMBEDDER_POLICY_NULL;

  BrowsingContext* inherit = aParent ? aParent : aOpener;
  if (inherit) {
    context->mOpenerPolicy = inherit->mOpenerPolicy;
-    context->mInheritedCrossOriginPolicy = inherit->mCrossOriginPolicy;
+    context->mInheritedEmbedderPolicy = inherit->mEmbedderPolicy;
  }

  Register(context);
--- a/docshell/base/BrowsingContextFieldList.h
+++ b/docshell/base/BrowsingContextFieldList.h
@ -12,8 +12,8 @@
 // `BrowsingContext`.
 MOZ_BC_FIELD(Name, nsString)
 MOZ_BC_FIELD(Closed, bool)
-MOZ_BC_FIELD(CrossOriginPolicy, nsILoadInfo::CrossOriginPolicy)
-MOZ_BC_FIELD(InheritedCrossOriginPolicy, nsILoadInfo::CrossOriginPolicy)
+MOZ_BC_FIELD(EmbedderPolicy, nsILoadInfo::CrossOriginEmbedderPolicy)
+MOZ_BC_FIELD(InheritedEmbedderPolicy, nsILoadInfo::CrossOriginEmbedderPolicy)
 MOZ_BC_FIELD(OpenerPolicy, nsILoadInfo::CrossOriginOpenerPolicy)

 // The current opener for this BrowsingContext. This is a weak reference, and
--- a/dom/fetch/FetchDriver.cpp
+++ b/dom/fetch/FetchDriver.cpp
@ -427,24 +427,6 @@ nsresult FetchDriver::HttpFetch(
  rv = NS_NewURI(getter_AddRefs(uri), url);
  NS_ENSURE_SUCCESS(rv, rv);

-  if (StaticPrefs::browser_tabs_remote_useCrossOriginPolicy()) {
-    // Cross-Origin policy - bug 1525036
-    nsILoadInfo::CrossOriginPolicy corsCredentials =
-        nsILoadInfo::CROSS_ORIGIN_POLICY_NULL;
-    if (mDocument && mDocument->GetBrowsingContext()) {
-      corsCredentials = mDocument->GetBrowsingContext()->GetCrossOriginPolicy();
-    }  // TODO Bug 1532287: else use mClientInfo
-
-    if (mRequest->Mode() == RequestMode::No_cors &&
-        corsCredentials != nsILoadInfo::CROSS_ORIGIN_POLICY_NULL) {
-      mRequest->SetMode(RequestMode::Cors);
-      mRequest->SetCredentialsMode(RequestCredentials::Same_origin);
-      if (corsCredentials == nsILoadInfo::CROSS_ORIGIN_POLICY_USE_CREDENTIALS) {
-        mRequest->SetCredentialsMode(RequestCredentials::Include);
-      }
-    }
-  }
-
  // Unsafe requests aren't allowed with when using no-core mode.
  if (mRequest->Mode() == RequestMode::No_cors && mRequest->UnsafeRequest() &&
      (!mRequest->HasSimpleMethod() ||
--- a/ipc/glue/IPCMessageUtils.h
+++ b/ipc/glue/IPCMessageUtils.h
@ -1075,18 +1075,17 @@ struct ParamTraits<nsILoadInfo::CrossOriginOpenerPolicy>
    : EnumSerializer<nsILoadInfo::CrossOriginOpenerPolicy,
                     CrossOriginOpenerPolicyValidator> {};

-struct CrossOriginPolicyValidator {
-  static bool IsLegalValue(nsILoadInfo::CrossOriginPolicy e) {
-    return e == nsILoadInfo::CROSS_ORIGIN_POLICY_NULL ||
-           e == nsILoadInfo::CROSS_ORIGIN_POLICY_ANONYMOUS ||
-           e == nsILoadInfo::CROSS_ORIGIN_POLICY_USE_CREDENTIALS;
+struct CrossOriginEmbedderPolicyValidator {
+  static bool IsLegalValue(nsILoadInfo::CrossOriginEmbedderPolicy e) {
+    return e == nsILoadInfo::EMBEDDER_POLICY_NULL ||
+           e == nsILoadInfo::EMBEDDER_POLICY_REQUIRE_CORP;
  }
 };

 template <>
-struct ParamTraits<nsILoadInfo::CrossOriginPolicy>
-    : EnumSerializer<nsILoadInfo::CrossOriginPolicy,
-                     CrossOriginPolicyValidator> {};
+struct ParamTraits<nsILoadInfo::CrossOriginEmbedderPolicy>
+    : EnumSerializer<nsILoadInfo::CrossOriginEmbedderPolicy,
+                     CrossOriginEmbedderPolicyValidator> {};

 // Helper class for reading bitfields.
 // If T has bitfields members, derive ParamTraits<T> from BitfieldHelper<T>.
--- a/modules/libpref/init/StaticPrefList.yaml
+++ b/modules/libpref/init/StaticPrefList.yaml
@ -854,8 +854,8 @@
  mirror: always

 # When this pref is enabled document loads with a mismatched
-# Cross-Origin header will fail to load
- name: browser.tabs.remote.useCrossOriginPolicy
+# Cross-Origin-Embedder-Policy header will fail to load
+- name: browser.tabs.remote.useCrossOriginEmbedderPolicy
  type: bool
  value: false
  mirror: always
--- a/netwerk/base/nsILoadInfo.idl
+++ b/netwerk/base/nsILoadInfo.idl
@ -1204,9 +1204,8 @@ interface nsILoadInfo : nsISupports
    OPENER_POLICY_SAME_SITE_ALLOW_OUTGOING = OPENER_POLICY_SAME_SITE | OPENER_POLICY_UNSAFE_ALLOW_OUTGOING_FLAG
  };

-  cenum CrossOriginPolicy : 8 {
-    CROSS_ORIGIN_POLICY_NULL            = 0,
-    CROSS_ORIGIN_POLICY_ANONYMOUS       = 1,
-    CROSS_ORIGIN_POLICY_USE_CREDENTIALS = 2
+  cenum CrossOriginEmbedderPolicy : 8 {
+    EMBEDDER_POLICY_NULL = 0,
+    EMBEDDER_POLICY_REQUIRE_CORP = 1,
  };
 };
--- a/netwerk/protocol/http/nsHttpAtomList.h
+++ b/netwerk/protocol/http/nsHttpAtomList.h
@ -40,7 +40,7 @@ HTTP_ATOM(Content_MD5, "Content-MD5")
 HTTP_ATOM(Content_Range, "Content-Range")
 HTTP_ATOM(Content_Type, "Content-Type")
 HTTP_ATOM(Cookie, "Cookie")
-HTTP_ATOM(Cross_Origin, "Cross-Origin")
+HTTP_ATOM(Cross_Origin_Embedder_Policy, "Cross-Origin-Embedder-Policy")
 HTTP_ATOM(Cross_Origin_Opener_Policy, "Cross-Origin-Opener-Policy")
 HTTP_ATOM(Cross_Origin_Resource_Policy, "Cross-Origin-Resource-Policy")
 HTTP_ATOM(Date, "Date")
--- a/netwerk/protocol/http/nsHttpChannel.cpp
+++ b/netwerk/protocol/http/nsHttpChannel.cpp
@ -2556,7 +2556,7 @@ nsresult nsHttpChannel::ContinueProcessResponse1() {
    LOG(("  continuation state has been reset"));
  }

-  rv = ProcessCrossOriginHeader();
+  rv = ProcessCrossOriginEmbedderPolicyHeader();
  if (NS_FAILED(rv)) {
    mStatus = NS_ERROR_BLOCKED_BY_POLICY;
    HandleAsyncAbort();
@ -7479,36 +7479,35 @@ nsresult nsHttpChannel::ComputeCrossOriginOpenerPolicyMismatch() {
  return NS_OK;
 }

-nsresult nsHttpChannel::GetResponseCrossOriginPolicy(
-    nsILoadInfo::CrossOriginPolicy* aResponseCrossOriginPolicy) {
+nsresult nsHttpChannel::GetResponseEmbedderPolicy(
+    nsILoadInfo::CrossOriginEmbedderPolicy* aResponseEmbedderPolicy) {
  if (!mResponseHead) {
    return NS_ERROR_NOT_AVAILABLE;
  }

-  nsILoadInfo::CrossOriginPolicy policy = nsILoadInfo::CROSS_ORIGIN_POLICY_NULL;
+  nsILoadInfo::CrossOriginEmbedderPolicy policy =
+      nsILoadInfo::EMBEDDER_POLICY_NULL;

  nsAutoCString content;
-  Unused << mResponseHead->GetHeader(nsHttp::Cross_Origin, content);
+  Unused << mResponseHead->GetHeader(nsHttp::Cross_Origin_Embedder_Policy,
+                                     content);

-  // Cross-Origin = %s"anonymous" / %s"use-credentials" ; case-sensitive
-
-  if (content.EqualsLiteral("anonymous")) {
-    policy = nsILoadInfo::CROSS_ORIGIN_POLICY_ANONYMOUS;
-  } else if (content.EqualsLiteral("use-credentials")) {
-    policy = nsILoadInfo::CROSS_ORIGIN_POLICY_USE_CREDENTIALS;
+  if (content.EqualsLiteral("require-corp")) {
+    policy = nsILoadInfo::EMBEDDER_POLICY_REQUIRE_CORP;
  }

-  *aResponseCrossOriginPolicy = policy;
+  *aResponseEmbedderPolicy = policy;
  return NS_OK;
 }

-nsresult nsHttpChannel::ProcessCrossOriginHeader() {
+// https://mikewest.github.io/corpp/#process-navigation-response
+nsresult nsHttpChannel::ProcessCrossOriginEmbedderPolicyHeader() {
  nsresult rv;
-  if (!StaticPrefs::browser_tabs_remote_useCrossOriginPolicy()) {
+  if (!StaticPrefs::browser_tabs_remote_useCrossOriginEmbedderPolicy()) {
    return NS_OK;
  }

-  // Only consider Cross-Origin for document loads.
+  // Only consider Cross-Origin-Embedder-Policy for document loads.
  if (mLoadInfo->GetExternalContentPolicyType() !=
          nsIContentPolicy::TYPE_DOCUMENT &&
      mLoadInfo->GetExternalContentPolicyType() !=
@ -7528,19 +7527,19 @@ nsresult nsHttpChannel::ProcessCrossOriginHeader() {
    return NS_OK;
  }

-  nsILoadInfo::CrossOriginPolicy documentPolicy =
-      ctx->GetInheritedCrossOriginPolicy();
-  nsILoadInfo::CrossOriginPolicy resultPolicy =
-      nsILoadInfo::CROSS_ORIGIN_POLICY_NULL;
-  rv = GetResponseCrossOriginPolicy(&resultPolicy);
+  nsILoadInfo::CrossOriginEmbedderPolicy documentPolicy =
+      ctx->GetInheritedEmbedderPolicy();
+  nsILoadInfo::CrossOriginEmbedderPolicy resultPolicy =
+      nsILoadInfo::EMBEDDER_POLICY_NULL;
+  rv = GetResponseEmbedderPolicy(&resultPolicy);
  if (NS_FAILED(rv)) {
    return NS_OK;
  }

-  ctx->SetCrossOriginPolicy(resultPolicy);
+  ctx->SetEmbedderPolicy(resultPolicy);

-  if (documentPolicy != nsILoadInfo::CROSS_ORIGIN_POLICY_NULL &&
-      resultPolicy == nsILoadInfo::CROSS_ORIGIN_POLICY_NULL) {
+  if (documentPolicy != nsILoadInfo::EMBEDDER_POLICY_NULL &&
+      resultPolicy == nsILoadInfo::EMBEDDER_POLICY_NULL) {
    return NS_ERROR_BLOCKED_BY_POLICY;
  }

@ -7727,7 +7726,7 @@ nsHttpChannel::OnStartRequest(nsIRequest* request) {
    return NS_OK;
  }

-  rv = ProcessCrossOriginHeader();
+  rv = ProcessCrossOriginEmbedderPolicyHeader();
  if (NS_FAILED(rv)) {
    mStatus = NS_ERROR_BLOCKED_BY_POLICY;
    HandleAsyncAbort();
--- a/netwerk/protocol/http/nsHttpChannel.h
+++ b/netwerk/protocol/http/nsHttpChannel.h
@ -480,9 +480,9 @@ class nsHttpChannel final : public HttpBaseChannel,
   */
  void ProcessSecurityReport(nsresult status);

-  nsresult GetResponseCrossOriginPolicy(
-      nsILoadInfo::CrossOriginPolicy* aResponseCrossOriginPolicy);
-  nsresult ProcessCrossOriginHeader();
+  nsresult GetResponseEmbedderPolicy(
+      nsILoadInfo::CrossOriginEmbedderPolicy* aResponseEmbedderPolicy);
+  nsresult ProcessCrossOriginEmbedderPolicyHeader();
  nsresult ProcessCrossOriginResourcePolicyHeader();

  nsresult ComputeCrossOriginOpenerPolicyMismatch();