BASELINE: Update Chromium to 86.0.4240.124

Change-Id: Ide0ff151e94cd665ae6521a446995d34a9d1d644
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>

5 files changed, 93 insertions, 49 deletions

diff --git a/chromium/third_party/blink/renderer/platform/network/BUILD.gn b/chromium/third_party/blink/renderer/platform/network/BUILD.gn
index c36f20ba4ed..d443bfdd01f 100644
--- a/chromium/third_party/blink/renderer/platform/network/BUILD.gn
+++ b/chromium/third_party/blink/renderer/platform/network/BUILD.gn
@@ -2,7 +2,6 @@
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 
-import("//build/config/jumbo.gni")
 import("//third_party/blink/renderer/build/scripts/scripts.gni")
 import("//third_party/blink/renderer/platform/platform.gni")
 import("//third_party/blink/renderer/platform/platform_generated.gni")
@@ -67,7 +66,7 @@ blink_platform_sources("network") {
   deps = [ "//media" ]
 }
 
-jumbo_source_set("unit_tests") {
+source_set("unit_tests") {
   visibility = [ "//third_party/blink/renderer/platform:*" ]
   testonly = true
 
@@ -88,7 +87,7 @@ jumbo_source_set("unit_tests") {
   public_deps = [ "//third_party/blink/renderer/platform:platform" ]
 }
 
-jumbo_source_set("test_support") {
+source_set("test_support") {
   visibility = [ "//third_party/blink/renderer/platform:test_support" ]
   testonly = true
 
diff --git a/chromium/third_party/blink/renderer/platform/network/http_names.json5 b/chromium/third_party/blink/renderer/platform/network/http_names.json5
index fa2fda6cc0d..345bf464553 100644
--- a/chromium/third_party/blink/renderer/platform/network/http_names.json5
+++ b/chromium/third_party/blink/renderer/platform/network/http_names.json5
@@ -49,6 +49,8 @@
     "Location",
     "Origin",
     "Origin-Trial",
+    "Permissions-Policy",
+    "Permissions-Policy-Report-Only",
     "Ping-From",
     "Ping-To",
     "Pragma",
diff --git a/chromium/third_party/blink/renderer/platform/network/http_parsers.cc b/chromium/third_party/blink/renderer/platform/network/http_parsers.cc
index 4c1eea52ce5..af9d9ff48f2 100644
--- a/chromium/third_party/blink/renderer/platform/network/http_parsers.cc
+++ b/chromium/third_party/blink/renderer/platform/network/http_parsers.cc
@@ -65,14 +65,31 @@ blink::CSPSourcePtr ConvertToBlink(CSPSourcePtr source) {
       source->is_port_wildcard);
 }
 
+blink::CSPHashSourcePtr ConvertToBlink(CSPHashSourcePtr hash) {
+  return blink::CSPHashSource::New(hash->algorithm,
+                                   String::FromUTF8(hash->value));
+}
+
 blink::CSPSourceListPtr ConvertToBlink(CSPSourceListPtr source_list) {
   WTF::Vector<blink::CSPSourcePtr> sources;
   for (auto& it : source_list->sources)
     sources.push_back(ConvertToBlink(std::move(it)));
 
-  return blink::CSPSourceList::New(std::move(sources), source_list->allow_self,
-                                   source_list->allow_star,
-                                   source_list->allow_response_redirects);
+  WTF::Vector<String> nonces;
+  for (const auto& nonce : source_list->nonces)
+    nonces.push_back(String::FromUTF8(std::move(nonce)));
+
+  WTF::Vector<blink::CSPHashSourcePtr> hashes;
+  for (auto& it : source_list->hashes)
+    hashes.push_back(ConvertToBlink(std::move(it)));
+
+  return blink::CSPSourceList::New(
+      std::move(sources), std::move(nonces), std::move(hashes),
+      source_list->allow_self, source_list->allow_star,
+      source_list->allow_response_redirects, source_list->allow_inline,
+      source_list->allow_eval, source_list->allow_wasm_eval,
+      source_list->allow_dynamic, source_list->allow_unsafe_hashes,
+      source_list->report_sample);
 }
 
 blink::CSPDirectiveName ConvertToBlink(CSPDirectiveName name) {
@@ -85,25 +102,34 @@ blink::ContentSecurityPolicyHeaderPtr ConvertToBlink(
       String::FromUTF8(header->header_value), header->type, header->source);
 }
 
-blink::ContentSecurityPolicyPtr ConvertToBlink(
-    ContentSecurityPolicyPtr policy_in) {
-  auto policy = blink::ContentSecurityPolicy::New();
+WTF::HashMap<blink::CSPDirectiveName, blink::CSPSourceListPtr> ConvertToBlink(
+    base::flat_map<CSPDirectiveName, CSPSourceListPtr> directives) {
+  WTF::HashMap<blink::CSPDirectiveName, blink::CSPSourceListPtr> out;
 
-  policy->header = ConvertToBlink(std::move(policy_in->header));
-  policy->use_reporting_api = policy_in->use_reporting_api;
-
-  for (auto& list : policy_in->directives) {
-    policy->directives.insert(ConvertToBlink(list.first),
-                              ConvertToBlink(std::move(list.second)));
+  for (auto& list : directives) {
+    out.insert(ConvertToBlink(list.first),
+               ConvertToBlink(std::move(list.second)));
   }
-  policy->upgrade_insecure_requests = policy_in->upgrade_insecure_requests;
-  policy->sandbox = policy_in->sandbox;
-  policy->treat_as_public_address = policy_in->treat_as_public_address;
 
-  for (auto& endpoint : policy_in->report_endpoints)
-    policy->report_endpoints.push_back(String::FromUTF8(endpoint));
+  return out;
+}
 
-  return policy;
+WTF::Vector<WTF::String> ConvertToBlink(std::vector<std::string> in) {
+  WTF::Vector<WTF::String> out;
+  for (auto& el : in)
+    out.push_back(String::FromUTF8(el));
+  return out;
+}
+
+blink::ContentSecurityPolicyPtr ConvertToBlink(
+    ContentSecurityPolicyPtr policy_in) {
+  return blink::ContentSecurityPolicy::New(
+      ConvertToBlink(std::move(policy_in->directives)),
+      policy_in->upgrade_insecure_requests, policy_in->treat_as_public_address,
+      policy_in->sandbox, ConvertToBlink(std::move(policy_in->header)),
+      policy_in->use_reporting_api,
+      ConvertToBlink(std::move(policy_in->report_endpoints)),
+      ConvertToBlink(std::move(policy_in->parsing_errors)));
 }
 
 WTF::Vector<blink::ContentSecurityPolicyPtr> ConvertToBlink(
@@ -115,6 +141,24 @@ WTF::Vector<blink::ContentSecurityPolicyPtr> ConvertToBlink(
   return blink_policies;
 }
 
+blink::AllowCSPFromHeaderValuePtr ConvertToBlink(
+    AllowCSPFromHeaderValuePtr allow_csp_from) {
+  if (!allow_csp_from)
+    return nullptr;
+  switch (allow_csp_from->which()) {
+    case AllowCSPFromHeaderValue::Tag::ALLOW_STAR:
+      return blink::AllowCSPFromHeaderValue::NewAllowStar(
+          allow_csp_from->get_allow_star());
+    case AllowCSPFromHeaderValue::Tag::ORIGIN:
+      return blink::AllowCSPFromHeaderValue::NewOrigin(
+          ::blink::SecurityOrigin::CreateFromUrlOrigin(
+              allow_csp_from->get_origin()));
+    case AllowCSPFromHeaderValue::Tag::ERROR_MESSAGE:
+      return blink::AllowCSPFromHeaderValue::NewErrorMessage(
+          String::FromUTF8(allow_csp_from->get_error_message()));
+  }
+}
+
 WTF::Vector<network::mojom::blink::WebClientHintsType> ConvertToBlink(
     const std::vector<network::mojom::WebClientHintsType>& accept_ch) {
   WTF::Vector<network::mojom::blink::WebClientHintsType> blink_accept_ch;
@@ -125,13 +169,15 @@ WTF::Vector<network::mojom::blink::WebClientHintsType> ConvertToBlink(
 blink::ParsedHeadersPtr ConvertToBlink(ParsedHeadersPtr parsed_headers) {
   return blink::ParsedHeaders::New(
       ConvertToBlink(std::move(parsed_headers->content_security_policy)),
+      ConvertToBlink(std::move(parsed_headers->allow_csp_from)),
       std::move(parsed_headers->cross_origin_embedder_policy),
       std::move(parsed_headers->cross_origin_opener_policy),
       parsed_headers->origin_isolation,
       parsed_headers->accept_ch.has_value()
           ? base::make_optional(
                 ConvertToBlink(parsed_headers->accept_ch.value()))
-          : base::nullopt);
+          : base::nullopt,
+      parsed_headers->accept_ch_lifetime);
 }
 
 }  // namespace mojom
diff --git a/chromium/third_party/blink/renderer/platform/network/http_parsers_test.cc b/chromium/third_party/blink/renderer/platform/network/http_parsers_test.cc
index c26749a3b54..de5a21c3aff 100644
--- a/chromium/third_party/blink/renderer/platform/network/http_parsers_test.cc
+++ b/chromium/third_party/blink/renderer/platform/network/http_parsers_test.cc
@@ -683,7 +683,7 @@ TEST(HTTPParsersTest, ParseContentSecurityPolicyDirectiveName) {
       "Content-Security-Policy: frame-ancestors 'none'\r\n"
       "Content-Security-Policy: sandbox allow-script\r\n"
       "Content-Security-Policy: form-action 'none'\r\n"
-      "Content-Security-Policy: navigate-to'none'\r\n"
+      "Content-Security-Policy: navigate-to 'none'\r\n"
       "Content-Security-Policy: frame-src 'none'\r\n"
       "Content-Security-Policy: child-src 'none'\r\n"
       "Content-Security-Policy: script-src 'none'\r\n"
@@ -694,18 +694,18 @@ TEST(HTTPParsersTest, ParseContentSecurityPolicyDirectiveName) {
   EXPECT_EQ(1u, policies[0]->directives.size());
   // sandbox. TODO(https://crbug.com/1041376) Implement this.
   EXPECT_EQ(0u, policies[1]->directives.size());
-  // form-action. Not parsed.
-  EXPECT_EQ(0u, policies[2]->directives.size());
-  // navigate-to. Not parsed.
-  EXPECT_EQ(0u, policies[3]->directives.size());
-  // frame-src. Not parsed.
-  EXPECT_EQ(0u, policies[4]->directives.size());
-  // child-src. Not parsed.
-  EXPECT_EQ(0u, policies[5]->directives.size());
-  // script-src. Not parsed.
-  EXPECT_EQ(0u, policies[6]->directives.size());
-  // default-src. Not parsed.
-  EXPECT_EQ(0u, policies[7]->directives.size());
+  // form-action.
+  EXPECT_EQ(1u, policies[2]->directives.size());
+  // navigate-to.
+  EXPECT_EQ(1u, policies[3]->directives.size());
+  // frame-src.
+  EXPECT_EQ(1u, policies[4]->directives.size());
+  // child-src.
+  EXPECT_EQ(1u, policies[5]->directives.size());
+  // script-src.
+  EXPECT_EQ(1u, policies[6]->directives.size());
+  // default-src.
+  EXPECT_EQ(1u, policies[7]->directives.size());
   // upgrade-insecure-policies.
   EXPECT_EQ(true, policies[8]->upgrade_insecure_requests);
 }
diff --git a/chromium/third_party/blink/renderer/platform/network/network_state_notifier.cc b/chromium/third_party/blink/renderer/platform/network/network_state_notifier.cc
index dbc9d03a813..32328e88187 100644
--- a/chromium/third_party/blink/renderer/platform/network/network_state_notifier.cc
+++ b/chromium/third_party/blink/renderer/platform/network/network_state_notifier.cc
@@ -26,6 +26,7 @@
 #include "third_party/blink/renderer/platform/network/network_state_notifier.h"
 
 #include <memory>
+
 #include "net/nqe/effective_connection_type.h"
 #include "net/nqe/network_quality_estimator_params.h"
 #include "third_party/blink/public/common/client_hints/client_hints.h"
@@ -430,25 +431,21 @@ double NetworkStateNotifier::GetRandomMultiplier(const String& host) const {
 uint32_t NetworkStateNotifier::RoundRtt(
     const String& host,
     const base::Optional<base::TimeDelta>& rtt) const {
-  // Limit the size of the buckets and the maximum reported value to reduce
-  // fingerprinting.
-  static const size_t kBucketSize = 50;
-  static const double kMaxRttMsec = 3.0 * 1000;
-
   if (!rtt.has_value()) {
     // RTT is unavailable. So, return the fastest value.
     return 0;
   }
 
-  double rtt_msec = static_cast<double>(rtt.value().InMilliseconds());
-  rtt_msec *= GetRandomMultiplier(host);
-  rtt_msec = std::min(rtt_msec, kMaxRttMsec);
-
-  DCHECK_LE(0, rtt_msec);
-  DCHECK_GE(kMaxRttMsec, rtt_msec);
-
-  // Round down to the nearest kBucketSize msec value.
-  return std::round(rtt_msec / kBucketSize) * kBucketSize;
+  // Limit the maximum reported value and the granularity to reduce
+  // fingerprinting.
+  constexpr auto kMaxRtt = base::TimeDelta::FromSeconds(3);
+  constexpr auto kGranularity = base::TimeDelta::FromMilliseconds(50);
+
+  const base::TimeDelta modified_rtt =
+      std::min(rtt.value() * GetRandomMultiplier(host), kMaxRtt);
+  DCHECK_GE(modified_rtt, base::TimeDelta());
+  return static_cast<uint32_t>(
+      modified_rtt.RoundToMultiple(kGranularity).InMilliseconds());
 }
 
 double NetworkStateNotifier::RoundMbps(