BASELINE: Update Chromium to 70.0.3538.78

Change-Id: Ie634710bf039e26c1957f4ae45e101bd4c434ae7
Reviewed-by: Michael Brüning <michael.bruning@qt.io>

8 files changed, 66 insertions, 45 deletions

diff --git a/chromium/third_party/blink/renderer/core/loader/modulescript/document_module_script_fetcher.cc b/chromium/third_party/blink/renderer/core/loader/modulescript/document_module_script_fetcher.cc
index 81cbd3aba62..da5a8736d80 100644
--- a/chromium/third_party/blink/renderer/core/loader/modulescript/document_module_script_fetcher.cc
+++ b/chromium/third_party/blink/renderer/core/loader/modulescript/document_module_script_fetcher.cc
@@ -6,8 +6,8 @@
 
 #include "third_party/blink/renderer/core/inspector/console_message.h"
 #include "third_party/blink/renderer/core/script/layered_api.h"
+#include "third_party/blink/renderer/platform/bindings/parkable_string.h"
 #include "third_party/blink/renderer/platform/runtime_enabled_features.h"
-#include "third_party/blink/renderer/platform/wtf/text/movable_string.h"
 #include "third_party/blink/renderer/platform/wtf/vector.h"
 
 namespace blink {
@@ -44,8 +44,7 @@ void DocumentModuleScriptFetcher::NotifyFinished(Resource* resource) {
   ModuleScriptCreationParams params(
       script_resource->GetResponse().Url(), script_resource->SourceText(),
       script_resource->GetResourceRequest().GetFetchCredentialsMode(),
-      script_resource->CalculateAccessControlStatus(
-          fetcher_->Context().GetSecurityOrigin()));
+      script_resource->CalculateAccessControlStatus());
   client_->NotifyFetchFinished(params, error_messages);
 }
 
@@ -77,7 +76,7 @@ bool DocumentModuleScriptFetcher::FetchIfLayeredAPI(
   }
 
   ModuleScriptCreationParams params(
-      layered_api_url, MovableString(source_text.ReleaseImpl()),
+      layered_api_url, ParkableString(source_text.ReleaseImpl()),
       fetch_params.GetResourceRequest().GetFetchCredentialsMode(),
       kSharableCrossOrigin);
   client_->NotifyFetchFinished(params, HeapVector<Member<ConsoleMessage>>());
diff --git a/chromium/third_party/blink/renderer/core/loader/modulescript/module_script_creation_params.h b/chromium/third_party/blink/renderer/core/loader/modulescript/module_script_creation_params.h
index f9d9b548116..a161709660c 100644
--- a/chromium/third_party/blink/renderer/core/loader/modulescript/module_script_creation_params.h
+++ b/chromium/third_party/blink/renderer/core/loader/modulescript/module_script_creation_params.h
@@ -7,10 +7,10 @@
 
 #include "base/optional.h"
 #include "third_party/blink/public/platform/web_url_request.h"
+#include "third_party/blink/renderer/platform/bindings/parkable_string.h"
 #include "third_party/blink/renderer/platform/cross_thread_copier.h"
 #include "third_party/blink/renderer/platform/loader/fetch/access_control_status.h"
 #include "third_party/blink/renderer/platform/weborigin/kurl.h"
-#include "third_party/blink/renderer/platform/wtf/text/movable_string.h"
 #include "third_party/blink/renderer/platform/wtf/text/wtf_string.h"
 
 namespace blink {
@@ -20,7 +20,7 @@ class ModuleScriptCreationParams {
  public:
   ModuleScriptCreationParams(
       const KURL& response_url,
-      const MovableString& source_text,
+      const ParkableString& source_text,
       network::mojom::FetchCredentialsMode fetch_credentials_mode,
       AccessControlStatus access_control_status)
       : response_url_(response_url),
@@ -39,10 +39,10 @@ class ModuleScriptCreationParams {
         GetFetchCredentialsMode(), GetAccessControlStatus());
   }
 
-  const KURL& GetResponseUrl() const { return response_url_; };
-  const MovableString& GetSourceText() const {
+  const KURL& GetResponseUrl() const { return response_url_; }
+  const ParkableString& GetSourceText() const {
     if (is_isolated_) {
-      source_text_ = MovableString(isolated_source_text_.ReleaseImpl());
+      source_text_ = ParkableString(isolated_source_text_.ReleaseImpl());
       isolated_source_text_ = String();
       is_isolated_ = false;
     }
@@ -78,7 +78,7 @@ class ModuleScriptCreationParams {
   // Mutable because an isolated copy can become bound to a thread when
   // calling GetSourceText().
   mutable bool is_isolated_;
-  mutable MovableString source_text_;
+  mutable ParkableString source_text_;
   mutable String isolated_source_text_;
 
   const network::mojom::FetchCredentialsMode fetch_credentials_mode_;
diff --git a/chromium/third_party/blink/renderer/core/loader/modulescript/module_script_fetch_request.h b/chromium/third_party/blink/renderer/core/loader/modulescript/module_script_fetch_request.h
index 687c8cfa85a..518c7d4bf62 100644
--- a/chromium/third_party/blink/renderer/core/loader/modulescript/module_script_fetch_request.h
+++ b/chromium/third_party/blink/renderer/core/loader/modulescript/module_script_fetch_request.h
@@ -8,7 +8,6 @@
 #include "third_party/blink/public/platform/web_url_request.h"
 #include "third_party/blink/renderer/platform/loader/fetch/script_fetch_options.h"
 #include "third_party/blink/renderer/platform/weborigin/kurl.h"
-#include "third_party/blink/renderer/platform/weborigin/referrer.h"
 #include "third_party/blink/renderer/platform/wtf/text/wtf_string.h"
 
 namespace blink {
@@ -24,32 +23,32 @@ class ModuleScriptFetchRequest final {
   ModuleScriptFetchRequest(const KURL& url,
                            WebURLRequest::RequestContext destination,
                            const ScriptFetchOptions& options,
-                           const Referrer& referrer,
+                           const String& referrer_string,
                            const TextPosition& referrer_position)
       : url_(url),
         destination_(destination),
         options_(options),
-        referrer_(referrer),
+        referrer_string_(referrer_string),
         referrer_position_(referrer_position) {}
 
   static ModuleScriptFetchRequest CreateForTest(const KURL& url) {
-    return ModuleScriptFetchRequest(url, WebURLRequest::kRequestContextScript,
-                                    ScriptFetchOptions(), Referrer(),
-                                    TextPosition::MinimumPosition());
+    return ModuleScriptFetchRequest(
+        url, WebURLRequest::kRequestContextScript, ScriptFetchOptions(),
+        Referrer::ClientReferrerString(), TextPosition::MinimumPosition());
   }
   ~ModuleScriptFetchRequest() = default;
 
   const KURL& Url() const { return url_; }
   WebURLRequest::RequestContext Destination() const { return destination_; }
   const ScriptFetchOptions& Options() const { return options_; }
-  const Referrer& GetReferrer() const { return referrer_; }
+  const String& ReferrerString() const { return referrer_string_; }
   const TextPosition& GetReferrerPosition() const { return referrer_position_; }
 
  private:
   const KURL url_;
   const WebURLRequest::RequestContext destination_;
   const ScriptFetchOptions options_;
-  const Referrer referrer_;
+  const String referrer_string_;
   const TextPosition referrer_position_;
 };
 
diff --git a/chromium/third_party/blink/renderer/core/loader/modulescript/module_script_loader.cc b/chromium/third_party/blink/renderer/core/loader/modulescript/module_script_loader.cc
index 5b6548957fa..9ba4cfc2814 100644
--- a/chromium/third_party/blink/renderer/core/loader/modulescript/module_script_loader.cc
+++ b/chromium/third_party/blink/renderer/core/loader/modulescript/module_script_loader.cc
@@ -92,7 +92,7 @@ void ModuleScriptLoader::Fetch(
                         custom_fetch_type);
 }
 
-// https://html.spec.whatwg.org/#fetch-a-single-module-script
+// https://html.spec.whatwg.org/multipage/webappapis.html#fetch-a-single-module-script
 void ModuleScriptLoader::FetchInternal(
     const ModuleScriptFetchRequest& module_request,
     FetchClientSettingsObjectSnapshot* fetch_client_settings_object,
@@ -122,13 +122,13 @@ void ModuleScriptLoader::FetchInternal(
   options.parser_disposition = options_.ParserState();
 
   // As initiator for module script fetch is not specified in HTML spec,
-  // we specity "" as initiator per:
+  // we specify "" as initiator per:
   // https://fetch.spec.whatwg.org/#concept-request-initiator
   options.initiator_info.name = g_empty_atom;
 
   if (level == ModuleGraphLevel::kDependentModuleFetch) {
     options.initiator_info.imported_module_referrer =
-        module_request.GetReferrer().referrer;
+        module_request.ReferrerString();
     options.initiator_info.position = module_request.GetReferrerPosition();
   }
 
@@ -145,6 +145,12 @@ void ModuleScriptLoader::FetchInternal(
   // cryptographic nonce, ..." [spec text]
   fetch_params.SetContentSecurityPolicyNonce(options_.Nonce());
 
+  // [SMSR] "... its referrer policy to options's referrer policy." [spec text]
+  // Note: For now this is done below with SetHTTPReferrer()
+  ReferrerPolicy referrer_policy = module_request.Options().GetReferrerPolicy();
+  if (referrer_policy == kReferrerPolicyDefault)
+    referrer_policy = fetch_client_settings_object->GetReferrerPolicy();
+
   // Step 5. "... mode is "cors", ..."
   // [SMSR] "... and its credentials mode to options's credentials mode."
   // [spec text]
@@ -153,14 +159,23 @@ void ModuleScriptLoader::FetchInternal(
       options_.CredentialsMode());
 
   // Step 5. "... referrer is referrer, ..." [spec text]
+  // Note: For now this is done below with SetHTTPReferrer()
+  String referrer_string = module_request.ReferrerString();
+  if (referrer_string == Referrer::ClientReferrerString())
+    referrer_string = fetch_client_settings_object->GetOutgoingReferrer();
+
+  // TODO(domfarolino): Stop storing ResourceRequest's referrer as a
+  // blink::Referrer (https://crbug.com/850813).
   fetch_params.MutableResourceRequest().SetHTTPReferrer(
-      module_request.GetReferrer());
+      SecurityPolicy::GenerateReferrer(referrer_policy,
+                                       fetch_params.GetResourceRequest().Url(),
+                                       referrer_string));
 
   // Step 5. "... and client is fetch client settings object." [spec text]
   // -> set by ResourceFetcher
 
   // Note: The fetch request's "origin" isn't specified in
-  // https://html.spec.whatwg.org/#fetch-a-single-module-script
+  // https://html.spec.whatwg.org/multipage/webappapis.html#fetch-a-single-module-script
   // Thus, the "origin" is "client" per
   // https://fetch.spec.whatwg.org/#concept-request-origin
 
diff --git a/chromium/third_party/blink/renderer/core/loader/modulescript/module_script_loader_test.cc b/chromium/third_party/blink/renderer/core/loader/modulescript/module_script_loader_test.cc
index 0e9271fc523..a89913ce278 100644
--- a/chromium/third_party/blink/renderer/core/loader/modulescript/module_script_loader_test.cc
+++ b/chromium/third_party/blink/renderer/core/loader/modulescript/module_script_loader_test.cc
@@ -186,13 +186,15 @@ void ModuleScriptLoaderTest::InitializeForWorklet() {
       GetDocument().Url(), ScriptType::kModule, GetDocument().UserAgent(),
       Vector<CSPHeaderAndType>(), GetDocument().GetReferrerPolicy(),
       GetDocument().GetSecurityOrigin(), GetDocument().IsSecureContext(),
-      nullptr /* worker_clients */, GetDocument().AddressSpace(),
+      GetDocument().GetHttpsState(), nullptr /* worker_clients */,
+      GetDocument().AddressSpace(),
       OriginTrialContext::GetTokens(&GetDocument()).get(),
       base::UnguessableToken::Create(), nullptr /* worker_settings */,
       kV8CacheOptionsDefault, new WorkletModuleResponsesMap);
   global_scope_ = new MainThreadWorkletGlobalScope(
       &GetFrame(), std::move(creation_params), *reporting_proxy_);
-  global_scope_->ScriptController()->InitializeContextIfNeeded("Dummy Context");
+  global_scope_->ScriptController()->InitializeContextIfNeeded("Dummy Context",
+                                                               NullURL());
   modulator_ = new ModuleScriptLoaderTestModulator(
       global_scope_->ScriptController()->GetScriptState(),
       GetDocument().GetSecurityOrigin(), fetcher);
diff --git a/chromium/third_party/blink/renderer/core/loader/modulescript/module_tree_linker.cc b/chromium/third_party/blink/renderer/core/loader/modulescript/module_tree_linker.cc
index 67a0ecfa41a..bfd13580d31 100644
--- a/chromium/third_party/blink/renderer/core/loader/modulescript/module_tree_linker.cc
+++ b/chromium/third_party/blink/renderer/core/loader/modulescript/module_tree_linker.cc
@@ -163,10 +163,8 @@ void ModuleTreeLinker::FetchRoot(const KURL& original_url,
   // href="https://github.com/drufball/layered-apis/blob/master/spec.md#fetch-a-module-script-graph"
   // step="1">Set url to the layered API fetching URL given url and the current
   // settings object's API base URL.</spec>
-  if (RuntimeEnabledFeatures::LayeredAPIEnabled()) {
-    url = blink::layered_api::ResolveFetchingURL(
-        url, fetch_client_settings_object_->BaseURL());
-  }
+  if (RuntimeEnabledFeatures::LayeredAPIEnabled())
+    url = blink::layered_api::ResolveFetchingURL(url);
 
 #if DCHECK_IS_ON()
   url_ = url;
@@ -188,13 +186,11 @@ void ModuleTreeLinker::FetchRoot(const KURL& original_url,
   visited_set_.insert(url);
 
   // Step 2. Perform the internal module script graph fetching procedure given
-  // ... with the top-level module fetch flag set. ...
-  ModuleScriptFetchRequest request(
-      url, destination_, options,
-      SecurityPolicy::GenerateReferrer(
-          options.GetReferrerPolicy(), url,
-          fetch_client_settings_object_->GetOutgoingReferrer()),
-      TextPosition::MinimumPosition());
+  // url, settings object, destination, options, settings object, visited set,
+  // "client", and with the top-level module fetch flag set.
+  ModuleScriptFetchRequest request(url, destination_, options,
+                                   Referrer::ClientReferrerString(),
+                                   TextPosition::MinimumPosition());
 
   InitiateInternalModuleScriptGraphFetching(
       request, ModuleGraphLevel::kTopLevelModuleFetch);
@@ -386,11 +382,9 @@ void ModuleTreeLinker::FetchDescendants(ModuleScript* module_script) {
     // procedure given url, fetch client settings object, destination, options,
     // module script's settings object, visited set, module script's base URL,
     // and with the top-level module fetch flag unset. ...
-    ModuleScriptFetchRequest request(
-        urls[i], destination_, options,
-        SecurityPolicy::GenerateReferrer(options.GetReferrerPolicy(), urls[i],
-                                         module_script->BaseURL().GetString()),
-        positions[i]);
+    ModuleScriptFetchRequest request(urls[i], destination_, options,
+                                     module_script->BaseURL().GetString(),
+                                     positions[i]);
     InitiateInternalModuleScriptGraphFetching(
         request, ModuleGraphLevel::kDependentModuleFetch);
   }
diff --git a/chromium/third_party/blink/renderer/core/loader/modulescript/worker_module_script_fetcher.cc b/chromium/third_party/blink/renderer/core/loader/modulescript/worker_module_script_fetcher.cc
index 54878e001e2..092915a99d8 100644
--- a/chromium/third_party/blink/renderer/core/loader/modulescript/worker_module_script_fetcher.cc
+++ b/chromium/third_party/blink/renderer/core/loader/modulescript/worker_module_script_fetcher.cc
@@ -4,6 +4,7 @@
 
 #include "third_party/blink/renderer/core/loader/modulescript/worker_module_script_fetcher.h"
 
+#include "third_party/blink/renderer/core/inspector/console_message.h"
 #include "third_party/blink/renderer/core/workers/worker_global_scope.h"
 #include "third_party/blink/renderer/platform/loader/fetch/resource_fetcher.h"
 #include "third_party/blink/renderer/platform/network/http_names.h"
@@ -61,6 +62,19 @@ void WorkerModuleScriptFetcher::NotifyFinished(Resource* resource) {
     // and run them after module loading. This may require the spec change.
     // (https://crbug.com/845285)
 
+    // Ensure redirects don't affect SecurityOrigin.
+    const KURL request_url = resource->Url();
+    const KURL response_url = resource->GetResponse().Url();
+    if (request_url != response_url &&
+        !global_scope_->GetSecurityOrigin()->IsSameSchemeHostPort(
+            SecurityOrigin::Create(response_url).get())) {
+      error_messages.push_back(ConsoleMessage::Create(
+          kSecurityMessageSource, kErrorMessageLevel,
+          "Refused to cross-origin redirects of the top-level worker script."));
+      client_->NotifyFetchFinished(base::nullopt, error_messages);
+      return;
+    }
+
     // Step 13.3. "Set worker global scope's url to response's url." [spec text]
     // Step 13.4. "Set worker global scope's HTTPS state to response's HTTPS
     // state." [spec text]
@@ -85,8 +99,7 @@ void WorkerModuleScriptFetcher::NotifyFinished(Resource* resource) {
   ModuleScriptCreationParams params(
       script_resource->GetResponse().Url(), script_resource->SourceText(),
       script_resource->GetResourceRequest().GetFetchCredentialsMode(),
-      script_resource->CalculateAccessControlStatus(
-          global_scope_->EnsureFetcher()->Context().GetSecurityOrigin()));
+      script_resource->CalculateAccessControlStatus());
 
   // Step 13.7. "Asynchronously complete the perform the fetch steps with
   // response." [spec text]
diff --git a/chromium/third_party/blink/renderer/core/loader/modulescript/worklet_module_script_fetcher.cc b/chromium/third_party/blink/renderer/core/loader/modulescript/worklet_module_script_fetcher.cc
index 4edfaeadd2d..b14d8929c2a 100644
--- a/chromium/third_party/blink/renderer/core/loader/modulescript/worklet_module_script_fetcher.cc
+++ b/chromium/third_party/blink/renderer/core/loader/modulescript/worklet_module_script_fetcher.cc
@@ -51,8 +51,7 @@ void WorkletModuleScriptFetcher::NotifyFinished(Resource* resource) {
     params.emplace(
         script_resource->GetResponse().Url(), script_resource->SourceText(),
         script_resource->GetResourceRequest().GetFetchCredentialsMode(),
-        script_resource->CalculateAccessControlStatus(
-            fetcher_->Context().GetSecurityOrigin()));
+        script_resource->CalculateAccessControlStatus());
   }
 
   // This will eventually notify |client| passed to