1 files changed, 57 insertions, 29 deletions

diff --git a/chromium/third_party/blink/renderer/core/workers/worker_or_worklet_global_scope.cc b/chromium/third_party/blink/renderer/core/workers/worker_or_worklet_global_scope.cc
index 539f44a9456..141b1d06dda 100644
--- a/chromium/third_party/blink/renderer/core/workers/worker_or_worklet_global_scope.cc
+++ b/chromium/third_party/blink/renderer/core/workers/worker_or_worklet_global_scope.cc
@@ -4,11 +4,14 @@
 
 #include "third_party/blink/renderer/core/workers/worker_or_worklet_global_scope.h"
 
+#include "third_party/blink/public/common/features.h"
+#include "third_party/blink/public/mojom/security_context/insecure_request_policy.mojom-blink.h"
 #include "third_party/blink/public/platform/task_type.h"
 #include "third_party/blink/public/platform/web_worker_fetch_context.h"
 #include "third_party/blink/renderer/bindings/core/v8/worker_or_worklet_script_controller.h"
 #include "third_party/blink/renderer/core/dom/events/event_queue.h"
 #include "third_party/blink/renderer/core/execution_context/agent.h"
+#include "third_party/blink/renderer/core/execution_context/security_context_init.h"
 #include "third_party/blink/renderer/core/frame/deprecation.h"
 #include "third_party/blink/renderer/core/inspector/console_message.h"
 #include "third_party/blink/renderer/core/loader/loader_factory_for_worker.h"
@@ -24,6 +27,7 @@
 #include "third_party/blink/renderer/core/workers/worker_global_scope.h"
 #include "third_party/blink/renderer/core/workers/worker_reporting_proxy.h"
 #include "third_party/blink/renderer/core/workers/worker_thread.h"
+#include "third_party/blink/renderer/platform/heap/heap.h"
 #include "third_party/blink/renderer/platform/loader/fetch/detachable_use_counter.h"
 #include "third_party/blink/renderer/platform/loader/fetch/fetch_client_settings_object_snapshot.h"
 #include "third_party/blink/renderer/platform/loader/fetch/null_resource_fetcher_properties.h"
@@ -59,7 +63,7 @@ class OutsideSettingsCSPDelegate final
     DCHECK(global_scope_for_logging_->IsContextThread());
   }
 
-  void Trace(blink::Visitor* visitor) override {
+  void Trace(Visitor* visitor) override {
     visitor->Trace(global_scope_for_logging_);
     visitor->Trace(outside_settings_object_);
   }
@@ -74,6 +78,19 @@ class OutsideSettingsCSPDelegate final
     return outside_settings_object_->GetSecurityOrigin();
   }
 
+  SecureContextMode GetSecureContextMode() override {
+    DCHECK(global_scope_for_logging_->IsContextThread());
+    // TODO(mkwst): This doesn't handle nested workers correctly; we ought to
+    // be reading the SecureContextMode from the relevant SecurityContext, but
+    // we don't have it here. This code simply checks the worker's origin, which
+    // generally works, but would incorrectly consider a secure worker nested in
+    // a non-secure worker as a "secure context".
+    return outside_settings_object_->GetSecurityOrigin()
+                   ->IsPotentiallyTrustworthy()
+               ? SecureContextMode::kSecureContext
+               : SecureContextMode::kInsecureContext;
+  }
+
   // We don't have to do anything here, as we don't want to update
   // SecurityContext of either parent context or WorkerOrWorkletGlobalScope.
   // TODO(hiroshige): Revisit the relationship of ContentSecurityPolicy,
@@ -82,7 +99,7 @@ class OutsideSettingsCSPDelegate final
   // https://crbug.com/924041 https://crbug.com/924043
   void SetSandboxFlags(SandboxFlags) override {}
   void SetRequireTrustedTypes() override {}
-  void AddInsecureRequestPolicy(WebInsecureRequestPolicy) override {}
+  void AddInsecureRequestPolicy(mojom::blink::InsecureRequestPolicy) override {}
   void DisableEval(const String& error_message) override {}
 
   std::unique_ptr<SourceLocation> GetSourceLocation() override {
@@ -146,7 +163,7 @@ class OutsideSettingsCSPDelegate final
   }
 
   void DidAddContentSecurityPolicies(
-      const blink::WebVector<WebContentSecurityPolicy>&) override {
+      WTF::Vector<network::mojom::blink::ContentSecurityPolicyPtr>) override {
     DCHECK(global_scope_for_logging_->IsContextThread());
     // We do nothing here, because if the added policies should be reported to
     // LocalFrameClient, then they are already reported on the parent
@@ -169,7 +186,6 @@ WorkerOrWorkletGlobalScope::WorkerOrWorkletGlobalScope(
     v8::Isolate* isolate,
     scoped_refptr<SecurityOrigin> origin,
     Agent* agent,
-    OffMainThreadWorkerScriptFetchOption off_main_thread_fetch_option,
     const String& name,
     const base::UnguessableToken& parent_devtools_token,
     V8CacheOptions v8_cache_options,
@@ -177,11 +193,12 @@ WorkerOrWorkletGlobalScope::WorkerOrWorkletGlobalScope(
     std::unique_ptr<WebContentSettingsClient> content_settings_client,
     scoped_refptr<WebWorkerFetchContext> web_worker_fetch_context,
     WorkerReportingProxy& reporting_proxy)
-    : ExecutionContext(isolate,
-                       agent,
-                       MakeGarbageCollected<OriginTrialContext>()),
-      SecurityContext(std::move(origin), WebSandboxFlags::kNone, nullptr),
-      off_main_thread_fetch_option_(off_main_thread_fetch_option),
+    : ExecutionContext(isolate),
+      security_context_(
+          SecurityContextInit(origin,
+                              MakeGarbageCollected<OriginTrialContext>(),
+                              agent),
+          SecurityContext::kLocal),
       name_(name),
       parent_devtools_token_(parent_devtools_token),
       worker_clients_(worker_clients),
@@ -191,6 +208,7 @@ WorkerOrWorkletGlobalScope::WorkerOrWorkletGlobalScope(
           MakeGarbageCollected<WorkerOrWorkletScriptController>(this, isolate)),
       v8_cache_options_(v8_cache_options),
       reporting_proxy_(reporting_proxy) {
+  GetSecurityContext().GetOriginTrialContext()->BindExecutionContext(this);
   if (worker_clients_)
     worker_clients_->ReattachThread();
 }
@@ -204,7 +222,7 @@ const AtomicString& WorkerOrWorkletGlobalScope::InterfaceName() const {
   return g_null_atom;
 }
 
-v8::Local<v8::Object> WorkerOrWorkletGlobalScope::Wrap(
+v8::Local<v8::Value> WorkerOrWorkletGlobalScope::Wrap(
     v8::Isolate*,
     v8::Local<v8::Object> creation_context) {
   LOG(FATAL) << "WorkerOrWorkletGlobalScope must never be wrapped with wrap "
@@ -249,10 +267,10 @@ void WorkerOrWorkletGlobalScope::CountDeprecation(WebFeature feature) {
 
   // Adds a deprecation message to the console.
   DCHECK(!Deprecation::DeprecationMessage(feature).IsEmpty());
-  AddConsoleMessage(
-      ConsoleMessage::Create(mojom::ConsoleMessageSource::kDeprecation,
-                             mojom::ConsoleMessageLevel::kWarning,
-                             Deprecation::DeprecationMessage(feature)));
+  AddConsoleMessage(MakeGarbageCollected<ConsoleMessage>(
+      mojom::ConsoleMessageSource::kDeprecation,
+      mojom::ConsoleMessageLevel::kWarning,
+      Deprecation::DeprecationMessage(feature)));
   ReportingProxy().CountDeprecation(feature);
 }
 
@@ -270,7 +288,7 @@ void WorkerOrWorkletGlobalScope::InitializeWebFetchContextIfNeeded() {
       web_worker_fetch_context_->TakeSubresourceFilter();
   if (web_filter) {
     subresource_filter_ =
-        SubresourceFilter::Create(*this, std::move(web_filter));
+        MakeGarbageCollected<SubresourceFilter>(this, std::move(web_filter));
   }
 }
 
@@ -355,7 +373,7 @@ ResourceFetcher* WorkerOrWorkletGlobalScope::CreateOutsideSettingsFetcher(
   for (const auto& policy_and_type : outside_content_security_policy_headers_) {
     content_security_policy->DidReceiveHeader(
         policy_and_type.first, policy_and_type.second,
-        kContentSecurityPolicyHeaderSourceHTTP);
+        network::mojom::ContentSecurityPolicySource::kHTTP);
   }
 
   OutsideSettingsCSPDelegate* csp_delegate =
@@ -406,10 +424,11 @@ WorkerOrWorkletGlobalScope::GetTaskRunner(TaskType type) {
 }
 
 void WorkerOrWorkletGlobalScope::ApplySandboxFlags(SandboxFlags mask) {
-  sandbox_flags_ |= mask;
-  if (IsSandboxed(WebSandboxFlags::kOrigin) &&
+  GetSecurityContext().ApplySandboxFlags(mask);
+  if (IsSandboxed(mojom::blink::WebSandboxFlags::kOrigin) &&
       !GetSecurityOrigin()->IsOpaque()) {
-    SetSecurityOrigin(GetSecurityOrigin()->DeriveNewOpaqueOrigin());
+    GetSecurityContext().SetSecurityOrigin(
+        GetSecurityOrigin()->DeriveNewOpaqueOrigin());
   }
 }
 
@@ -422,12 +441,12 @@ void WorkerOrWorkletGlobalScope::InitContentSecurityPolicyFromVector(
     const Vector<CSPHeaderAndType>& headers) {
   if (!GetContentSecurityPolicy()) {
     auto* csp = MakeGarbageCollected<ContentSecurityPolicy>();
-    SetContentSecurityPolicy(csp);
+    GetSecurityContext().SetContentSecurityPolicy(csp);
   }
   for (const auto& policy_and_type : headers) {
     GetContentSecurityPolicy()->DidReceiveHeader(
         policy_and_type.first, policy_and_type.second,
-        kContentSecurityPolicyHeaderSourceHTTP);
+        network::mojom::ContentSecurityPolicySource::kHTTP);
   }
 }
 
@@ -444,7 +463,8 @@ void WorkerOrWorkletGlobalScope::FetchModuleScript(
     const KURL& module_url_record,
     const FetchClientSettingsObjectSnapshot& fetch_client_settings_object,
     WorkerResourceTimingNotifier& resource_timing_notifier,
-    mojom::RequestContextType destination,
+    mojom::RequestContextType context_type,
+    network::mojom::RequestDestination destination,
     network::mojom::CredentialsMode credentials_mode,
     ModuleScriptCustomFetchType custom_fetch_type,
     ModuleTreeClient* client) {
@@ -455,6 +475,14 @@ void WorkerOrWorkletGlobalScope::FetchModuleScript(
   String integrity_attribute;
   // parser metadata is "not-parser-inserted,
   ParserDisposition parser_state = kNotParserInserted;
+
+  RejectCoepUnsafeNone reject_coep_unsafe_none(false);
+  if (ShouldRejectCoepUnsafeNoneTopModuleScript() &&
+      destination == network::mojom::RequestDestination::kWorker) {
+    DCHECK(!base::FeatureList::IsEnabled(features::kPlzDedicatedWorker));
+    reject_coep_unsafe_none = RejectCoepUnsafeNone(true);
+  }
+
   // credentials mode is credentials mode, and referrer policy is the empty
   // string."
   // TODO(domfarolino): Module worker scripts are fetched with kImportanceAuto.
@@ -462,10 +490,10 @@ void WorkerOrWorkletGlobalScope::FetchModuleScript(
   // worker script tree" sets the script fetch options struct's "importance" to
   // "auto". See https://github.com/whatwg/html/issues/3670 and
   // https://crbug.com/821464.
-  ScriptFetchOptions options(nonce, IntegrityMetadataSet(), integrity_attribute,
-                             parser_state, credentials_mode,
-                             network::mojom::ReferrerPolicy::kDefault,
-                             mojom::FetchImportanceMode::kImportanceAuto);
+  ScriptFetchOptions options(
+      nonce, IntegrityMetadataSet(), integrity_attribute, parser_state,
+      credentials_mode, network::mojom::ReferrerPolicy::kDefault,
+      mojom::FetchImportanceMode::kImportanceAuto, reject_coep_unsafe_none);
 
   Modulator* modulator = Modulator::From(ScriptController()->GetScriptState());
   // Step 3. "Perform the internal module script graph fetching procedure ..."
@@ -473,7 +501,7 @@ void WorkerOrWorkletGlobalScope::FetchModuleScript(
       module_url_record,
       CreateOutsideSettingsFetcher(fetch_client_settings_object,
                                    resource_timing_notifier),
-      destination, options, custom_fetch_type, client);
+      context_type, destination, options, custom_fetch_type, client);
 }
 
 void WorkerOrWorkletGlobalScope::SetDefersLoadingForResourceFetchers(
@@ -482,7 +510,8 @@ void WorkerOrWorkletGlobalScope::SetDefersLoadingForResourceFetchers(
     resource_fetcher->SetDefersLoading(defers);
 }
 
-void WorkerOrWorkletGlobalScope::Trace(blink::Visitor* visitor) {
+void WorkerOrWorkletGlobalScope::Trace(Visitor* visitor) {
+  visitor->Trace(security_context_);
   visitor->Trace(inside_settings_resource_fetcher_);
   visitor->Trace(resource_fetchers_);
   visitor->Trace(subresource_filter_);
@@ -490,7 +519,6 @@ void WorkerOrWorkletGlobalScope::Trace(blink::Visitor* visitor) {
   visitor->Trace(modulator_);
   EventTargetWithInlineData::Trace(visitor);
   ExecutionContext::Trace(visitor);
-  SecurityContext::Trace(visitor);
 }
 
 }  // namespace blink