Bug 1626486 - Use structured field value parser for COOP and COEP r=kershaw,annevk,necko-reviewers

Differential Revision: https://phabricator.services.mozilla.com/D88003

netwerk/base/nsNetUtil.cpp

@@ -102,6 +102,7 @@
 #include "nsResProtocolHandler.h"
 #include "mozilla/net/ExtensionProtocolHandler.h"
 #include "mozilla/net/PageThumbProtocolHandler.h"
+#include "mozilla/net/SFVService.h"
 #include <limits>
 
 #if defined(MOZ_THUNDERBIRD) || defined(MOZ_SUITE)
@@ -2549,6 +2550,38 @@ nsresult NS_MaybeOpenChannelUsingAsyncOpen(nsIChannel* aChannel,
   return aChannel->AsyncOpen(aListener);
 }
 
+nsILoadInfo::CrossOriginEmbedderPolicy
+NS_GetCrossOriginEmbedderPolicyFromHeader(const nsACString& aHeader) {
+  nsCOMPtr<nsISFVService> sfv = GetSFVService();
+
+  nsCOMPtr<nsISFVItem> item;
+  nsresult rv = sfv->ParseItem(aHeader, getter_AddRefs(item));
+  if (NS_FAILED(rv)) {
+    return nsILoadInfo::EMBEDDER_POLICY_NULL;
+  }
+
+  nsCOMPtr<nsISFVBareItem> value;
+  rv = item->GetValue(getter_AddRefs(value));
+  if (NS_FAILED(rv)) {
+    return nsILoadInfo::EMBEDDER_POLICY_NULL;
+  }
+
+  nsCOMPtr<nsISFVToken> token = do_QueryInterface(value);
+  if (!token) {
+    return nsILoadInfo::EMBEDDER_POLICY_NULL;
+  }
+
+  nsAutoCString embedderPolicy;
+  rv = token->GetValue(embedderPolicy);
+  if (NS_FAILED(rv)) {
+    return nsILoadInfo::EMBEDDER_POLICY_NULL;
+  }
+
+  return embedderPolicy.EqualsLiteral("require-corp")
+             ? nsILoadInfo::EMBEDDER_POLICY_REQUIRE_CORP
+             : nsILoadInfo::EMBEDDER_POLICY_NULL;
+}
+
 /** Given the first (disposition) token from a Content-Disposition header,
  * tell whether it indicates the content is inline or attachment
  * @param aDispToken the disposition token from the content-disposition header

netwerk/base/nsNetUtil.h

@@ -797,12 +797,8 @@ nsresult NS_MaybeOpenChannelUsingAsyncOpen(nsIChannel* aChannel,
  *
  * See: https://mikewest.github.io/corpp/#parsing
  */
-inline nsILoadInfo::CrossOriginEmbedderPolicy
-NS_GetCrossOriginEmbedderPolicyFromHeader(const nsACString& aHeader) {
-  return aHeader.EqualsLiteral("require-corp")
-             ? nsILoadInfo::EMBEDDER_POLICY_REQUIRE_CORP
-             : nsILoadInfo::EMBEDDER_POLICY_NULL;
-}
+nsILoadInfo::CrossOriginEmbedderPolicy
+NS_GetCrossOriginEmbedderPolicyFromHeader(const nsACString& aHeader);
 
 /** Given the first (disposition) token from a Content-Disposition header,
  * tell whether it indicates the content is inline or attachment

netwerk/protocol/http/HttpBaseChannel.cpp

@@ -83,6 +83,7 @@
 #include "nsURLHelper.h"
 #include "mozilla/RemoteLazyInputStreamChild.h"
 #include "mozilla/RemoteLazyInputStreamUtils.h"
+#include "mozilla/net/SFVService.h"
 
 namespace mozilla {
 namespace net {
@@ -4790,6 +4791,30 @@ NS_IMETHODIMP HttpBaseChannel::ComputeCrossOriginOpenerPolicy(
   //                              %s"same-origin-allow-popups" /
   //                              %s"unsafe-none"; case-sensitive
 
+  nsCOMPtr<nsISFVService> sfv = GetSFVService();
+
+  nsCOMPtr<nsISFVItem> item;
+  nsresult rv = sfv->ParseItem(openerPolicy, getter_AddRefs(item));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  nsCOMPtr<nsISFVBareItem> value;
+  rv = item->GetValue(getter_AddRefs(value));
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
+  nsCOMPtr<nsISFVToken> token = do_QueryInterface(value);
+  if (!token) {
+    return NS_ERROR_UNEXPECTED;
+  }
+
+  rv = token->GetValue(openerPolicy);
+  if (NS_FAILED(rv)) {
+    return rv;
+  }
+
   nsILoadInfo::CrossOriginOpenerPolicy policy =
       nsILoadInfo::OPENER_POLICY_UNSAFE_NONE;
 

testing/web-platform/meta/html/cross-origin-opener-policy/header-parsing.https.html.ini

@@ -1,7 +0,0 @@
-[header-parsing.https.html]
-  [unspecified document opening popup to https://web-platform.test:8443 with COOP: "same-origin;same-origin"]
-    expected: FAIL
-
-  [unspecified document opening popup to https://web-platform.test:8443 with COOP: "same-origin; foo=bar"]
-    expected: FAIL
-

testing/web-platform/meta/html/cross-origin-opener-policy/popup-with-structured-header.https.html.ini

@@ -1,4 +0,0 @@
-[popup-with-structured-header.https.html]
-  [same-origin with structured headers document opening popup to https://web-platform.test:8443 with COOP: "same-origin; report-to=endpoint"]
-    expected: FAIL
-