From: csagan5 <32685696+csagan5@users.noreply.github.com> Date: Fri, 24 Jun 2022 22:24:22 +0200 Subject: Revert removal of execution context address space Revert "[Private Network Access] Remove ExecutionContext::SetAddressSpace()." This reverts commit dfa3a4a6c0d023e5126dad31f6c479dc8d20e416. Revert "[Private Network Access] Remove ExecutionContext::AddressSpace()." This reverts commit a5c64b9f5f985cfebab3375b53062321a62e3e31. Revert "[Private Network Access] Remove GlobalScopeCreationParams address space." This reverts commit c32df617780283942d49ca5574fcd6b7f691e9c1. Revert "[Private Network Access] Remove WorkerClassicScriptLoader address space." This reverts commit 11f6a3e29bee9a6590a4fd56b28e8048200c18d0. Original License: BSD-3-Clause - https://spdx.org/licenses/BSD-3-Clause.html License: GPL-3.0-only - https://spdx.org/licenses/GPL-3.0-only.html --- content/public/common/content_features.cc | 2 +- .../execution_context/execution_context.cc | 9 +++++ .../execution_context/execution_context.h | 4 +++ .../core/exported/web_shared_worker_impl.cc | 1 + .../renderer/core/frame/policy_container.cc | 10 ++++++ .../renderer/core/frame/policy_container.h | 11 ++++++ .../renderer/core/frame/web_frame_test.cc | 34 +++++++++++++++++++ .../layout_worklet_global_scope_proxy.cc | 2 +- ...ed_service_worker_module_script_fetcher.cc | 1 + .../modulescript/module_script_loader_test.cc | 1 + .../worker_module_script_fetcher.cc | 3 +- .../renderer/core/workers/dedicated_worker.cc | 22 +++++++----- .../renderer/core/workers/dedicated_worker.h | 4 ++- .../workers/dedicated_worker_global_scope.cc | 9 ++++- .../workers/dedicated_worker_global_scope.h | 1 + .../workers/global_scope_creation_params.cc | 2 ++ .../workers/global_scope_creation_params.h | 7 ++++ .../core/workers/installed_scripts_manager.cc | 16 +++++++++ .../core/workers/installed_scripts_manager.h | 5 +++ .../core/workers/main_thread_worklet_test.cc | 1 + .../workers/shared_worker_global_scope.cc | 7 ++++ .../core/workers/shared_worker_global_scope.h | 1 + .../threaded_worklet_messaging_proxy.cc | 2 ++ .../core/workers/threaded_worklet_test.cc | 1 + .../workers/worker_classic_script_loader.cc | 5 ++- .../workers/worker_classic_script_loader.h | 6 ++++ .../core/workers/worker_global_scope.h | 2 ++ .../core/workers/worker_thread_test.cc | 2 ++ .../core/workers/worker_thread_test_helper.h | 6 ++++ .../paint_worklet_global_scope_proxy.cc | 2 +- .../exported/web_embedded_worker_impl.cc | 4 ++- .../service_worker_global_scope.cc | 25 +++++++++----- .../service_worker_global_scope.h | 2 ++ .../audio_worklet_global_scope_test.cc | 1 + .../webaudio/audio_worklet_thread_test.cc | 1 + .../worklet/worklet_thread_test_common.cc | 2 +- 36 files changed, 189 insertions(+), 25 deletions(-) diff --git a/content/public/common/content_features.cc b/content/public/common/content_features.cc --- a/content/public/common/content_features.cc +++ b/content/public/common/content_features.cc @@ -125,7 +125,7 @@ BASE_FEATURE(kBlockInsecurePrivateNetworkRequests, // - kBlockInsecurePrivateNetworkRequests BASE_FEATURE(kBlockInsecurePrivateNetworkRequestsFromPrivate, "BlockInsecurePrivateNetworkRequestsFromPrivate", - base::FEATURE_DISABLED_BY_DEFAULT); + base::FEATURE_ENABLED_BY_DEFAULT); // Enables use of the PrivateNetworkAccessNonSecureContextsAllowed deprecation // trial. This is a necessary yet insufficient condition: documents that wish to diff --git a/third_party/blink/renderer/core/execution_context/execution_context.cc b/third_party/blink/renderer/core/execution_context/execution_context.cc --- a/third_party/blink/renderer/core/execution_context/execution_context.cc +++ b/third_party/blink/renderer/core/execution_context/execution_context.cc @@ -516,6 +516,15 @@ void ExecutionContext::SetReferrerPolicy( policy_container_->UpdateReferrerPolicy(referrer_policy); } +network::mojom::IPAddressSpace ExecutionContext::AddressSpace() const { + return policy_container_->GetIPAddressSpace(); +} + +void ExecutionContext::SetAddressSpace( + network::mojom::blink::IPAddressSpace ip_address_space) { + GetPolicyContainer()->SetIPAddressSpace(ip_address_space); +} + void ExecutionContext::SetPolicyContainer( std::unique_ptr container) { policy_container_ = std::move(container); diff --git a/third_party/blink/renderer/core/execution_context/execution_context.h b/third_party/blink/renderer/core/execution_context/execution_context.h --- a/third_party/blink/renderer/core/execution_context/execution_context.h +++ b/third_party/blink/renderer/core/execution_context/execution_context.h @@ -33,6 +33,7 @@ #include "base/notreached.h" #include "base/task/single_thread_task_runner.h" #include "services/metrics/public/cpp/ukm_source_id.h" +#include "services/network/public/mojom/ip_address_space.mojom-blink-forward.h" #include "services/network/public/mojom/referrer_policy.mojom-blink-forward.h" #include "third_party/abseil-cpp/absl/types/optional.h" #include "third_party/blink/public/common/tokens/tokens.h" @@ -386,6 +387,9 @@ class CORE_EXPORT ExecutionContext : public Supplementable, const String& message = g_empty_string, const String& source_file = g_empty_string) const {} + network::mojom::IPAddressSpace AddressSpace() const; + void SetAddressSpace(network::mojom::blink::IPAddressSpace ip_address_space); + HeapObserverSet& ContextLifecycleObserverSet(); unsigned ContextLifecycleStateObserverCountForTesting() const; diff --git a/third_party/blink/renderer/core/exported/web_shared_worker_impl.cc b/third_party/blink/renderer/core/exported/web_shared_worker_impl.cc --- a/third_party/blink/renderer/core/exported/web_shared_worker_impl.cc +++ b/third_party/blink/renderer/core/exported/web_shared_worker_impl.cc @@ -251,6 +251,7 @@ void WebSharedWorkerImpl::StartWorkerContext( MakeGarbageCollected(), std::make_unique( std::move(content_settings)), + absl::nullopt /* response_address_space */, nullptr /* inherited_trial_features */, devtools_worker_token, std::move(worker_settings), mojom::blink::V8CacheOptions::kDefault, nullptr /* worklet_module_response_map */, diff --git a/third_party/blink/renderer/core/frame/policy_container.cc b/third_party/blink/renderer/core/frame/policy_container.cc --- a/third_party/blink/renderer/core/frame/policy_container.cc +++ b/third_party/blink/renderer/core/frame/policy_container.cc @@ -56,12 +56,22 @@ network::mojom::blink::ReferrerPolicy PolicyContainer::GetReferrerPolicy() return policies_->referrer_policy; } +network::mojom::blink::IPAddressSpace PolicyContainer::GetIPAddressSpace() + const { + return policies_->ip_address_space; +} + void PolicyContainer::UpdateReferrerPolicy( network::mojom::blink::ReferrerPolicy policy) { policies_->referrer_policy = policy; policy_container_host_remote_->SetReferrerPolicy(policy); } +void PolicyContainer::SetIPAddressSpace( + network::mojom::IPAddressSpace ip_address_space) { + policies_->ip_address_space = ip_address_space; +} + const mojom::blink::PolicyContainerPolicies& PolicyContainer::GetPolicies() const { return *policies_; diff --git a/third_party/blink/renderer/core/frame/policy_container.h b/third_party/blink/renderer/core/frame/policy_container.h --- a/third_party/blink/renderer/core/frame/policy_container.h +++ b/third_party/blink/renderer/core/frame/policy_container.h @@ -8,6 +8,7 @@ #include "mojo/public/cpp/bindings/associated_remote.h" #include "mojo/public/cpp/bindings/pending_remote.h" #include "services/network/public/mojom/content_security_policy.mojom-blink-forward.h" +#include "services/network/public/mojom/ip_address_space.mojom-shared.h" #include "services/network/public/mojom/referrer_policy.mojom-shared.h" #include "services/network/public/mojom/web_sandbox_flags.mojom-shared.h" #include "third_party/blink/public/mojom/frame/policy_container.mojom-blink.h" @@ -44,6 +45,16 @@ class CORE_EXPORT PolicyContainer { void UpdateReferrerPolicy(network::mojom::blink::ReferrerPolicy policy); network::mojom::blink::ReferrerPolicy GetReferrerPolicy() const; + // This setter is used only by worklets and workers, which do not sync the + // PolicyContainer with the browser. + // + // TODO(https://crbug.com/1177199): Remove this when we implement policy + // inheritance for workers/worklets using the PolicyContainer. + void SetIPAddressSpace( + network::mojom::IPAddressSpace ip_address_space); + + network::mojom::blink::IPAddressSpace GetIPAddressSpace() const; + // Append |policies| to the list of Content Security Policy and sync them with // the PolicyContainerHost. void AddContentSecurityPolicies( diff --git a/third_party/blink/renderer/core/frame/web_frame_test.cc b/third_party/blink/renderer/core/frame/web_frame_test.cc --- a/third_party/blink/renderer/core/frame/web_frame_test.cc +++ b/third_party/blink/renderer/core/frame/web_frame_test.cc @@ -8069,6 +8069,40 @@ TEST_F(WebFrameTest, PushStateStartsAndStops) { EXPECT_EQ(client.StopLoadingCount(), 2); } +TEST_F(WebFrameTest, IPAddressSpace) { + frame_test_helpers::WebViewHelper web_view_helper; + WebViewImpl* web_view = + web_view_helper.InitializeAndLoad("data:text/html,ip_address_space"); + + network::mojom::IPAddressSpace values[] = { + network::mojom::IPAddressSpace::kUnknown, + network::mojom::IPAddressSpace::kLocal, + network::mojom::IPAddressSpace::kPrivate, + network::mojom::IPAddressSpace::kPublic}; + + for (auto value : values) { + auto params = std::make_unique(); + params->url = url_test_helpers::ToKURL("about:blank"); + params->navigation_timings.navigation_start = base::TimeTicks::Now(); + params->navigation_timings.fetch_start = base::TimeTicks::Now(); + params->is_browser_initiated = true; + MockPolicyContainerHost mock_policy_container_host; + params->policy_container = std::make_unique( + WebPolicyContainerPolicies(), + mock_policy_container_host.BindNewEndpointAndPassDedicatedRemote()); + params->policy_container->policies.ip_address_space = value; + params->sandbox_flags = network::mojom::WebSandboxFlags::kNone; + web_view_helper.LocalMainFrame()->CommitNavigation(std::move(params), + nullptr); + frame_test_helpers::PumpPendingRequestsForFrameToLoad( + web_view_helper.LocalMainFrame()); + + ExecutionContext* context = + web_view->MainFrameImpl()->GetFrame()->DomWindow(); + EXPECT_EQ(value, context->AddressSpace()); + } +} + TEST_F(WebFrameTest, CommitSynchronousNavigationForAboutBlankAndCheckStorageKeyNonce) { frame_test_helpers::WebViewHelper web_view_helper; diff --git a/third_party/blink/renderer/core/layout/ng/custom/layout_worklet_global_scope_proxy.cc b/third_party/blink/renderer/core/layout/ng/custom/layout_worklet_global_scope_proxy.cc --- a/third_party/blink/renderer/core/layout/ng/custom/layout_worklet_global_scope_proxy.cc +++ b/third_party/blink/renderer/core/layout/ng/custom/layout_worklet_global_scope_proxy.cc @@ -48,7 +48,7 @@ LayoutWorkletGlobalScopeProxy::LayoutWorkletGlobalScopeProxy( window->GetReferrerPolicy(), window->GetSecurityOrigin(), window->IsSecureContext(), window->GetHttpsState(), nullptr /* worker_clients */, - frame_client->CreateWorkerContentSettingsClient(), + frame_client->CreateWorkerContentSettingsClient(), window->AddressSpace(), OriginTrialContext::GetInheritedTrialFeatures(window).get(), base::UnguessableToken::Create(), nullptr /* worker_settings */, mojom::blink::V8CacheOptions::kDefault, module_responses_map, diff --git a/third_party/blink/renderer/core/loader/modulescript/installed_service_worker_module_script_fetcher.cc b/third_party/blink/renderer/core/loader/modulescript/installed_service_worker_module_script_fetcher.cc --- a/third_party/blink/renderer/core/loader/modulescript/installed_service_worker_module_script_fetcher.cc +++ b/third_party/blink/renderer/core/loader/modulescript/installed_service_worker_module_script_fetcher.cc @@ -69,6 +69,7 @@ void InstalledServiceWorkerModuleScriptFetcher::Fetch( global_scope_->Initialize( response_url, response_referrer_policy, + script_data->GetResponseAddressSpace(), ParseContentSecurityPolicyHeaders( script_data->GetContentSecurityPolicyResponseHeaders()), script_data->CreateOriginTrialTokens().get()); diff --git a/third_party/blink/renderer/core/loader/modulescript/module_script_loader_test.cc b/third_party/blink/renderer/core/loader/modulescript/module_script_loader_test.cc --- a/third_party/blink/renderer/core/loader/modulescript/module_script_loader_test.cc +++ b/third_party/blink/renderer/core/loader/modulescript/module_script_loader_test.cc @@ -208,6 +208,7 @@ void ModuleScriptLoaderTest::InitializeForWorklet() { network::mojom::ReferrerPolicy::kDefault, security_origin_.get(), true /* is_secure_context */, HttpsState::kModern, nullptr /* worker_clients */, nullptr /* content_settings_client */, + network::mojom::IPAddressSpace::kLocal, nullptr /* inherited_trial_features */, base::UnguessableToken::Create(), nullptr /* worker_settings */, mojom::blink::V8CacheOptions::kDefault, MakeGarbageCollected(), diff --git a/third_party/blink/renderer/core/loader/modulescript/worker_module_script_fetcher.cc b/third_party/blink/renderer/core/loader/modulescript/worker_module_script_fetcher.cc --- a/third_party/blink/renderer/core/loader/modulescript/worker_module_script_fetcher.cc +++ b/third_party/blink/renderer/core/loader/modulescript/worker_module_script_fetcher.cc @@ -6,6 +6,7 @@ #include +#include "services/network/public/mojom/ip_address_space.mojom-blink.h" #include "services/network/public/mojom/referrer_policy.mojom-blink.h" #include "third_party/blink/public/common/features.h" #include "third_party/blink/public/common/loader/network_utils.h" @@ -182,7 +183,7 @@ void WorkerModuleScriptFetcher::NotifyClient( // Step 12.3-12.6 are implemented in Initialize(). global_scope_->Initialize( - response_url, response_referrer_policy, + response_url, response_referrer_policy, response.AddressSpace(), ParseContentSecurityPolicyHeaders( ContentSecurityPolicyResponseHeaders(response)), response_origin_trial_tokens.get()); diff --git a/third_party/blink/renderer/core/workers/dedicated_worker.cc b/third_party/blink/renderer/core/workers/dedicated_worker.cc --- a/third_party/blink/renderer/core/workers/dedicated_worker.cc +++ b/third_party/blink/renderer/core/workers/dedicated_worker.cc @@ -276,12 +276,12 @@ void DedicatedWorker::OnHostCreated( if (options_->type() == script_type_names::kModule) { // Specify empty source code etc. here because scripts will be fetched on // the worker thread. - ContinueStart(script_request_url_, - nullptr /* worker_main_script_load_params */, - network::mojom::ReferrerPolicy::kDefault, - Vector(), - String() /* source_code */, reject_coep_unsafe_none, - std::move(back_forward_cache_controller_host)); + ContinueStart( + script_request_url_, nullptr /* worker_main_script_load_params */, + network::mojom::ReferrerPolicy::kDefault, + Vector(), + absl::nullopt /* response_address_space */, String() /* source_code */, + reject_coep_unsafe_none, std::move(back_forward_cache_controller_host)); return; } NOTREACHED() << "Invalid type: " << IDLEnumAsString(options_->type()); @@ -329,6 +329,7 @@ void DedicatedWorker::OnScriptLoadStarted( ContinueStart(script_request_url_, std::move(worker_main_script_load_params), network::mojom::ReferrerPolicy::kDefault, Vector(), + absl::nullopt /* response_address_space */, String() /* source_code */, RejectCoepUnsafeNone(false), std::move(back_forward_cache_controller_host)); } @@ -392,6 +393,7 @@ void DedicatedWorker::OnFinished( ? mojo::Clone(classic_script_loader_->GetContentSecurityPolicy() ->GetParsedPolicies()) : Vector(), + classic_script_loader_->ResponseAddressSpace(), classic_script_loader_->SourceText(), RejectCoepUnsafeNone(false), std::move(back_forward_cache_controller_host)); probe::ScriptImported(GetExecutionContext(), @@ -408,6 +410,7 @@ void DedicatedWorker::ContinueStart( network::mojom::ReferrerPolicy referrer_policy, Vector response_content_security_policies, + absl::optional response_address_space, const String& source_code, RejectCoepUnsafeNone reject_coep_unsafe_none, mojo::PendingRemote @@ -415,7 +418,8 @@ void DedicatedWorker::ContinueStart( context_proxy_->StartWorkerGlobalScope( CreateGlobalScopeCreationParams( script_url, referrer_policy, - std::move(response_content_security_policies)), + std::move(response_content_security_policies), + response_address_space), std::move(worker_main_script_load_params), options_, script_url, *outside_fetch_client_settings_object_, v8_stack_trace_id_, source_code, reject_coep_unsafe_none, token_, @@ -452,7 +456,8 @@ DedicatedWorker::CreateGlobalScopeCreationParams( const KURL& script_url, network::mojom::ReferrerPolicy referrer_policy, Vector - response_content_security_policies) { + response_content_security_policies, + absl::optional response_address_space) { base::UnguessableToken parent_devtools_token; std::unique_ptr settings; ExecutionContext* execution_context = GetExecutionContext(); @@ -501,6 +506,7 @@ DedicatedWorker::CreateGlobalScopeCreationParams( execution_context->GetSecurityOrigin(), execution_context->IsSecureContext(), execution_context->GetHttpsState(), MakeGarbageCollected(), CreateWebContentSettingsClient(), + response_address_space, OriginTrialContext::GetInheritedTrialFeatures(execution_context).get(), parent_devtools_token, std::move(settings), mojom::blink::V8CacheOptions::kDefault, diff --git a/third_party/blink/renderer/core/workers/dedicated_worker.h b/third_party/blink/renderer/core/workers/dedicated_worker.h --- a/third_party/blink/renderer/core/workers/dedicated_worker.h +++ b/third_party/blink/renderer/core/workers/dedicated_worker.h @@ -137,6 +137,7 @@ class CORE_EXPORT DedicatedWorker final network::mojom::ReferrerPolicy, Vector response_content_security_policies, + absl::optional response_address_space, const String& source_code, RejectCoepUnsafeNone reject_coep_unsafe_none, mojo::PendingRemote @@ -145,7 +146,8 @@ class CORE_EXPORT DedicatedWorker final const KURL& script_url, network::mojom::ReferrerPolicy, Vector - response_content_security_policies); + response_content_security_policies, + absl::optional response_address_space); scoped_refptr CreateWebWorkerFetchContext(); // May return nullptr. std::unique_ptr CreateWebContentSettingsClient(); diff --git a/third_party/blink/renderer/core/workers/dedicated_worker_global_scope.cc b/third_party/blink/renderer/core/workers/dedicated_worker_global_scope.cc --- a/third_party/blink/renderer/core/workers/dedicated_worker_global_scope.cc +++ b/third_party/blink/renderer/core/workers/dedicated_worker_global_scope.cc @@ -82,6 +82,8 @@ DedicatedWorkerGlobalScope* DedicatedWorkerGlobalScope::Create( KURL response_script_url = creation_params->script_url; network::mojom::ReferrerPolicy response_referrer_policy = creation_params->referrer_policy; + absl::optional response_address_space = + creation_params->response_address_space; const bool parent_cross_origin_isolated_capability = creation_params->parent_cross_origin_isolated_capability; const bool parent_is_isolated_context = @@ -101,7 +103,7 @@ DedicatedWorkerGlobalScope* DedicatedWorkerGlobalScope::Create( // Pass dummy origin trial tokens here as it is already set to outside's // origin trial tokens in DedicatedWorkerGlobalScope's constructor. global_scope->Initialize(response_script_url, response_referrer_policy, - std::move(response_csp), + *response_address_space, std::move(response_csp), nullptr /* response_origin_trial_tokens */); return global_scope; } else { @@ -218,6 +220,7 @@ const AtomicString& DedicatedWorkerGlobalScope::InterfaceName() const { void DedicatedWorkerGlobalScope::Initialize( const KURL& response_url, network::mojom::ReferrerPolicy response_referrer_policy, + network::mojom::IPAddressSpace response_address_space, Vector response_csp, const Vector* /* response_origin_trial_tokens */) { // Step 14.3. "Set worker global scope's url to response's url." @@ -231,6 +234,9 @@ void DedicatedWorkerGlobalScope::Initialize( // parsing the `Referrer-Policy` header of response." SetReferrerPolicy(response_referrer_policy); + // https://wicg.github.io/cors-rfc1918/#integration-html + SetAddressSpace(response_address_space); + // The following is the Content-Security-Policy part of "Initialize worker // global scope's policy container" // https://html.spec.whatwg.org/#initialize-worker-policy-container @@ -443,6 +449,7 @@ void DedicatedWorkerGlobalScope::DidFetchClassicScript( // Pass dummy origin trial tokens here as it is already set to outside's // origin trial tokens in DedicatedWorkerGlobalScope's constructor. Initialize(classic_script_loader->ResponseURL(), response_referrer_policy, + classic_script_loader->ResponseAddressSpace(), classic_script_loader->GetContentSecurityPolicy() ? mojo::Clone(classic_script_loader->GetContentSecurityPolicy() ->GetParsedPolicies()) diff --git a/third_party/blink/renderer/core/workers/dedicated_worker_global_scope.h b/third_party/blink/renderer/core/workers/dedicated_worker_global_scope.h --- a/third_party/blink/renderer/core/workers/dedicated_worker_global_scope.h +++ b/third_party/blink/renderer/core/workers/dedicated_worker_global_scope.h @@ -107,6 +107,7 @@ class CORE_EXPORT DedicatedWorkerGlobalScope final : public WorkerGlobalScope { void Initialize( const KURL& response_url, network::mojom::ReferrerPolicy response_referrer_policy, + network::mojom::IPAddressSpace response_address_space, Vector response_csp, const Vector* response_origin_trial_tokens) override; void FetchAndRunClassicScript( diff --git a/third_party/blink/renderer/core/workers/global_scope_creation_params.cc b/third_party/blink/renderer/core/workers/global_scope_creation_params.cc --- a/third_party/blink/renderer/core/workers/global_scope_creation_params.cc +++ b/third_party/blink/renderer/core/workers/global_scope_creation_params.cc @@ -31,6 +31,7 @@ GlobalScopeCreationParams::GlobalScopeCreationParams( HttpsState starter_https_state, WorkerClients* worker_clients, std::unique_ptr content_settings_client, + absl::optional response_address_space, const Vector* inherited_trial_features, const base::UnguessableToken& parent_devtools_token, std::unique_ptr worker_settings, @@ -67,6 +68,7 @@ GlobalScopeCreationParams::GlobalScopeCreationParams( starter_https_state(starter_https_state), worker_clients(worker_clients), content_settings_client(std::move(content_settings_client)), + response_address_space(response_address_space), parent_devtools_token(parent_devtools_token), worker_settings(std::move(worker_settings)), v8_cache_options(v8_cache_options), diff --git a/third_party/blink/renderer/core/workers/global_scope_creation_params.h b/third_party/blink/renderer/core/workers/global_scope_creation_params.h --- a/third_party/blink/renderer/core/workers/global_scope_creation_params.h +++ b/third_party/blink/renderer/core/workers/global_scope_creation_params.h @@ -11,6 +11,7 @@ #include "base/unguessable_token.h" #include "mojo/public/cpp/bindings/pending_remote.h" #include "services/metrics/public/cpp/ukm_source_id.h" +#include "services/network/public/mojom/ip_address_space.mojom-blink-forward.h" #include "services/network/public/mojom/referrer_policy.mojom-blink-forward.h" #include "third_party/abseil-cpp/absl/types/optional.h" #include "third_party/blink/public/common/permissions_policy/permissions_policy.h" @@ -61,6 +62,7 @@ struct CORE_EXPORT GlobalScopeCreationParams final { HttpsState starter_https_state, WorkerClients*, std::unique_ptr, + absl::optional, const Vector* inherited_trial_features, const base::UnguessableToken& parent_devtools_token, std::unique_ptr, @@ -167,6 +169,11 @@ struct CORE_EXPORT GlobalScopeCreationParams final { std::unique_ptr content_settings_client; + // Worker script response's address space. This is valid only when the worker + // script is fetched on the main thread (i.e., when + // |off_main_thread_fetch_option| is kDisabled). + absl::optional response_address_space; + base::UnguessableToken parent_devtools_token; std::unique_ptr worker_settings; diff --git a/third_party/blink/renderer/core/workers/installed_scripts_manager.cc b/third_party/blink/renderer/core/workers/installed_scripts_manager.cc --- a/third_party/blink/renderer/core/workers/installed_scripts_manager.cc +++ b/third_party/blink/renderer/core/workers/installed_scripts_manager.cc @@ -4,6 +4,7 @@ #include "third_party/blink/renderer/core/workers/installed_scripts_manager.h" +#include "services/network/public/mojom/ip_address_space.mojom-blink.h" #include "third_party/blink/renderer/core/frame/csp/content_security_policy.h" #include "third_party/blink/renderer/core/origin_trials/origin_trial_context.h" #include "third_party/blink/renderer/platform/network/http_names.h" @@ -20,6 +21,21 @@ InstalledScriptsManager::ScriptData::ScriptData( source_text_(std::move(source_text)), meta_data_(std::move(meta_data)) { headers_.Adopt(std::move(header_data)); + + // Calculate an address space from worker script's response url according to + // the "CORS and RFC1918" spec: + // https://wicg.github.io/cors-rfc1918/#integration-html + // + // Currently this implementation is not fully consistent with the spec for + // historical reasons. + // TODO(https://crbug.com/955213): Make this consistent with the spec. + // TODO(https://crbug.com/955213): Move this function to a more appropriate + // place so that this is shareable out of worker code. + response_address_space_ = network::mojom::IPAddressSpace::kPublic; + if (network_utils::IsReservedIPAddress(script_url_.Host())) + response_address_space_ = network::mojom::IPAddressSpace::kLocal; + if (SecurityOrigin::Create(script_url_)->IsLocalhost()) + response_address_space_ = network::mojom::IPAddressSpace::kLoopback; } ContentSecurityPolicyResponseHeaders diff --git a/third_party/blink/renderer/core/workers/installed_scripts_manager.h b/third_party/blink/renderer/core/workers/installed_scripts_manager.h --- a/third_party/blink/renderer/core/workers/installed_scripts_manager.h +++ b/third_party/blink/renderer/core/workers/installed_scripts_manager.h @@ -5,6 +5,7 @@ #ifndef THIRD_PARTY_BLINK_RENDERER_CORE_WORKERS_INSTALLED_SCRIPTS_MANAGER_H_ #define THIRD_PARTY_BLINK_RENDERER_CORE_WORKERS_INSTALLED_SCRIPTS_MANAGER_H_ +#include "services/network/public/mojom/ip_address_space.mojom-blink-forward.h" #include "third_party/blink/renderer/core/core_export.h" #include "third_party/blink/renderer/platform/network/content_security_policy_response_headers.h" #include "third_party/blink/renderer/platform/network/http_header_map.h" @@ -45,6 +46,9 @@ class InstalledScriptsManager { GetContentSecurityPolicyResponseHeaders(); String GetReferrerPolicy(); String GetHttpContentType(); + network::mojom::IPAddressSpace GetResponseAddressSpace() const { + return response_address_space_; + } std::unique_ptr> CreateOriginTrialTokens(); private: @@ -52,6 +56,7 @@ class InstalledScriptsManager { String source_text_; std::unique_ptr> meta_data_; HTTPHeaderMap headers_; + network::mojom::IPAddressSpace response_address_space_; }; // Used on the main or worker thread. Returns true if the script has been diff --git a/third_party/blink/renderer/core/workers/main_thread_worklet_test.cc b/third_party/blink/renderer/core/workers/main_thread_worklet_test.cc --- a/third_party/blink/renderer/core/workers/main_thread_worklet_test.cc +++ b/third_party/blink/renderer/core/workers/main_thread_worklet_test.cc @@ -72,6 +72,7 @@ class MainThreadWorkletTest : public PageTestBase { window->GetReferrerPolicy(), window->GetSecurityOrigin(), window->IsSecureContext(), window->GetHttpsState(), nullptr /* worker_clients */, nullptr /* content_settings_client */, + window->AddressSpace(), OriginTrialContext::GetInheritedTrialFeatures(window).get(), base::UnguessableToken::Create(), nullptr /* worker_settings */, mojom::blink::V8CacheOptions::kDefault, diff --git a/third_party/blink/renderer/core/workers/shared_worker_global_scope.cc b/third_party/blink/renderer/core/workers/shared_worker_global_scope.cc --- a/third_party/blink/renderer/core/workers/shared_worker_global_scope.cc +++ b/third_party/blink/renderer/core/workers/shared_worker_global_scope.cc @@ -76,6 +76,7 @@ const AtomicString& SharedWorkerGlobalScope::InterfaceName() const { void SharedWorkerGlobalScope::Initialize( const KURL& response_url, network::mojom::ReferrerPolicy response_referrer_policy, + network::mojom::IPAddressSpace response_address_space, Vector response_csp, const Vector* response_origin_trial_tokens) { // Step 12.3. "Set worker global scope's url to response's url." @@ -89,6 +90,9 @@ void SharedWorkerGlobalScope::Initialize( // parsing the `Referrer-Policy` header of response." SetReferrerPolicy(response_referrer_policy); + // https://wicg.github.io/cors-rfc1918/#integration-html + SetAddressSpace(response_address_space); + // Step 12.6. "Execute the Initialize a global object's CSP list algorithm // on worker global scope and response. [CSP]" // SharedWorkerGlobalScope inherits the outside's CSP instead of the response @@ -98,6 +102,8 @@ void SharedWorkerGlobalScope::Initialize( // https://fetch.spec.whatwg.org/#local-scheme // // https://w3c.github.io/webappsec-csp/#initialize-global-object-csp + // These should be called after SetAddressSpace() to correctly override the + // address space by the "treat-as-public-address" CSP directive. Vector csp_headers = response_url.ProtocolIsAbout() || response_url.ProtocolIsData() || response_url.ProtocolIs("blob") @@ -245,6 +251,7 @@ void SharedWorkerGlobalScope::DidFetchClassicScript( // Step 12.3-12.6 are implemented in Initialize(). Initialize(classic_script_loader->ResponseURL(), response_referrer_policy, + classic_script_loader->ResponseAddressSpace(), classic_script_loader->GetContentSecurityPolicy() ? mojo::Clone(classic_script_loader->GetContentSecurityPolicy() ->GetParsedPolicies()) diff --git a/third_party/blink/renderer/core/workers/shared_worker_global_scope.h b/third_party/blink/renderer/core/workers/shared_worker_global_scope.h --- a/third_party/blink/renderer/core/workers/shared_worker_global_scope.h +++ b/third_party/blink/renderer/core/workers/shared_worker_global_scope.h @@ -64,6 +64,7 @@ class CORE_EXPORT SharedWorkerGlobalScope final : public WorkerGlobalScope { void Initialize( const KURL& response_url, network::mojom::ReferrerPolicy response_referrer_policy, + network::mojom::IPAddressSpace response_address_space, Vector response_csp, const Vector* response_origin_trial_tokens) override; void FetchAndRunClassicScript( diff --git a/third_party/blink/renderer/core/workers/threaded_worklet_messaging_proxy.cc b/third_party/blink/renderer/core/workers/threaded_worklet_messaging_proxy.cc --- a/third_party/blink/renderer/core/workers/threaded_worklet_messaging_proxy.cc +++ b/third_party/blink/renderer/core/workers/threaded_worklet_messaging_proxy.cc @@ -85,6 +85,7 @@ void ThreadedWorkletMessagingProxy::Initialize( /*starter_https_state=*/HttpsState::kNone, /*worker_clients=*/nullptr, /*content_settings_client=*/nullptr, + /*response_address_space*/network::mojom::IPAddressSpace::kUnknown, /*inherited_trial_features=*/nullptr, /*parent_devtools_token=*/ client_provided_global_scope_creation_params->devtools_token, @@ -130,6 +131,7 @@ void ThreadedWorkletMessagingProxy::Initialize( window->GetReferrerPolicy(), window->GetSecurityOrigin(), window->IsSecureContext(), window->GetHttpsState(), worker_clients, frame_client->CreateWorkerContentSettingsClient(), + window->AddressSpace(), OriginTrialContext::GetInheritedTrialFeatures(window).get(), base::UnguessableToken::Create(), std::make_unique(window->GetFrame()->GetSettings()), diff --git a/third_party/blink/renderer/core/workers/threaded_worklet_test.cc b/third_party/blink/renderer/core/workers/threaded_worklet_test.cc --- a/third_party/blink/renderer/core/workers/threaded_worklet_test.cc +++ b/third_party/blink/renderer/core/workers/threaded_worklet_test.cc @@ -217,6 +217,7 @@ class ThreadedWorkletMessagingProxyForTest GetExecutionContext()->IsSecureContext(), GetExecutionContext()->GetHttpsState(), worker_clients, nullptr /* content_settings_client */, + GetExecutionContext()->AddressSpace(), OriginTrialContext::GetInheritedTrialFeatures(GetExecutionContext()) .get(), base::UnguessableToken::Create(), std::move(worker_settings), diff --git a/third_party/blink/renderer/core/workers/worker_classic_script_loader.cc b/third_party/blink/renderer/core/workers/worker_classic_script_loader.cc --- a/third_party/blink/renderer/core/workers/worker_classic_script_loader.cc +++ b/third_party/blink/renderer/core/workers/worker_classic_script_loader.cc @@ -29,6 +29,7 @@ #include #include "base/memory/scoped_refptr.h" +#include "services/network/public/mojom/ip_address_space.mojom-blink.h" #include "third_party/blink/public/common/features.h" #include "third_party/blink/public/mojom/fetch/fetch_api_request.mojom-blink.h" #include "third_party/blink/renderer/core/execution_context/execution_context.h" @@ -98,7 +99,8 @@ String CheckSameOriginEnforcement(const KURL& request_url, } // namespace -WorkerClassicScriptLoader::WorkerClassicScriptLoader() {} +WorkerClassicScriptLoader::WorkerClassicScriptLoader() + : response_address_space_(network::mojom::IPAddressSpace::kPublic) {} void WorkerClassicScriptLoader::LoadSynchronously( ExecutionContext& execution_context, @@ -238,6 +240,7 @@ void WorkerClassicScriptLoader::DidReceiveResponse( identifier_ = identifier; response_url_ = response.ResponseUrl(); response_encoding_ = response.TextEncodingName(); + response_address_space_ = response.AddressSpace(); referrer_policy_ = response.HttpHeaderField(http_names::kReferrerPolicy); ProcessContentSecurityPolicy(response); diff --git a/third_party/blink/renderer/core/workers/worker_classic_script_loader.h b/third_party/blink/renderer/core/workers/worker_classic_script_loader.h --- a/third_party/blink/renderer/core/workers/worker_classic_script_loader.h +++ b/third_party/blink/renderer/core/workers/worker_classic_script_loader.h @@ -32,6 +32,7 @@ #include "base/memory/scoped_refptr.h" #include "mojo/public/cpp/bindings/pending_remote.h" #include "services/network/public/mojom/fetch_api.mojom-blink-forward.h" +#include "services/network/public/mojom/ip_address_space.mojom-blink-forward.h" #include "services/network/public/mojom/url_loader_factory.mojom-blink.h" #include "third_party/blink/public/mojom/loader/resource_load_info_notifier.mojom-shared.h" #include "third_party/blink/public/platform/cross_variant_mojo_util.h" @@ -122,6 +123,10 @@ class CORE_EXPORT WorkerClassicScriptLoader final const String& GetReferrerPolicy() const { return referrer_policy_; } + network::mojom::IPAddressSpace ResponseAddressSpace() const { + return response_address_space_; + } + const Vector* OriginTrialTokens() const { return origin_trial_tokens_.get(); } @@ -177,6 +182,7 @@ class CORE_EXPORT WorkerClassicScriptLoader final uint64_t identifier_ = 0; std::unique_ptr> cached_metadata_; Member content_security_policy_; + network::mojom::IPAddressSpace response_address_space_; std::unique_ptr> origin_trial_tokens_; String referrer_policy_; diff --git a/third_party/blink/renderer/core/workers/worker_global_scope.h b/third_party/blink/renderer/core/workers/worker_global_scope.h --- a/third_party/blink/renderer/core/workers/worker_global_scope.h +++ b/third_party/blink/renderer/core/workers/worker_global_scope.h @@ -32,6 +32,7 @@ #include "base/task/single_thread_task_runner.h" #include "base/time/time.h" #include "services/network/public/mojom/fetch_api.mojom-blink-forward.h" +#include "services/network/public/mojom/ip_address_space.mojom-blink-forward.h" #include "third_party/blink/public/common/browser_interface_broker_proxy.h" #include "third_party/blink/public/common/loader/worker_main_script_load_parameters.h" #include "third_party/blink/public/common/tokens/tokens.h" @@ -172,6 +173,7 @@ class CORE_EXPORT WorkerGlobalScope virtual void Initialize( const KURL& response_url, network::mojom::ReferrerPolicy response_referrer_policy, + network::mojom::IPAddressSpace response_address_space, Vector response_csp, const Vector* response_origin_trial_tokens) = 0; diff --git a/third_party/blink/renderer/core/workers/worker_thread_test.cc b/third_party/blink/renderer/core/workers/worker_thread_test.cc --- a/third_party/blink/renderer/core/workers/worker_thread_test.cc +++ b/third_party/blink/renderer/core/workers/worker_thread_test.cc @@ -9,6 +9,7 @@ #include "base/synchronization/lock.h" #include "base/synchronization/waitable_event.h" +#include "services/network/public/mojom/ip_address_space.mojom-blink.h" #include "testing/gmock/include/gmock/gmock.h" #include "testing/gtest/include/gtest/gtest.h" #include "third_party/blink/public/mojom/v8_cache_options.mojom-blink.h" @@ -372,6 +373,7 @@ TEST_F(WorkerThreadTest, Terminate_WhileDebuggerTaskIsRunningOnInitialization) { CalculateHttpsState(security_origin_.get()), MakeGarbageCollected(), nullptr /* content_settings_client */, + network::mojom::IPAddressSpace::kLocal, nullptr /* inherited_trial_features */, base::UnguessableToken::Create(), std::make_unique(std::make_unique().get()), diff --git a/third_party/blink/renderer/core/workers/worker_thread_test_helper.h b/third_party/blink/renderer/core/workers/worker_thread_test_helper.h --- a/third_party/blink/renderer/core/workers/worker_thread_test_helper.h +++ b/third_party/blink/renderer/core/workers/worker_thread_test_helper.h @@ -9,6 +9,7 @@ #include "base/synchronization/waitable_event.h" #include "services/metrics/public/cpp/ukm_source_id.h" +#include "services/network/public/mojom/ip_address_space.mojom-blink.h" #include "testing/gmock/include/gmock/gmock.h" #include "third_party/blink/public/mojom/v8_cache_options.mojom-blink.h" #include "third_party/blink/renderer/bindings/core/v8/v8_gc_controller.h" @@ -80,11 +81,15 @@ class FakeWorkerGlobalScope : public WorkerGlobalScope { void Initialize( const KURL& response_url, network::mojom::ReferrerPolicy response_referrer_policy, + network::mojom::IPAddressSpace response_address_space, Vector response_csp, const Vector* response_origin_trial_tokens) override { InitializeURL(response_url); SetReferrerPolicy(response_referrer_policy); + SetAddressSpace(response_address_space); + // These should be called after SetAddressSpace() to correctly override the + // address space by the "treat-as-public-address" CSP directive. InitContentSecurityPolicyFromVector(std::move(response_csp)); BindContentSecurityPolicyToExecutionContext(); @@ -162,6 +167,7 @@ class WorkerThreadForTest : public WorkerThread { false /* starter_secure_context */, CalculateHttpsState(security_origin), worker_clients, nullptr /* content_settings_client */, + network::mojom::IPAddressSpace::kLocal, nullptr /* inherited_trial_features */, base::UnguessableToken::Create(), std::make_unique(std::make_unique().get()), diff --git a/third_party/blink/renderer/modules/csspaint/paint_worklet_global_scope_proxy.cc b/third_party/blink/renderer/modules/csspaint/paint_worklet_global_scope_proxy.cc --- a/third_party/blink/renderer/modules/csspaint/paint_worklet_global_scope_proxy.cc +++ b/third_party/blink/renderer/modules/csspaint/paint_worklet_global_scope_proxy.cc @@ -47,7 +47,7 @@ PaintWorkletGlobalScopeProxy::PaintWorkletGlobalScopeProxy( window->GetReferrerPolicy(), window->GetSecurityOrigin(), window->IsSecureContext(), window->GetHttpsState(), nullptr /* worker_clients */, - frame_client->CreateWorkerContentSettingsClient(), + frame_client->CreateWorkerContentSettingsClient(), window->AddressSpace(), OriginTrialContext::GetInheritedTrialFeatures(window).get(), base::UnguessableToken::Create(), nullptr /* worker_settings */, mojom::blink::V8CacheOptions::kDefault, module_responses_map, diff --git a/third_party/blink/renderer/modules/exported/web_embedded_worker_impl.cc b/third_party/blink/renderer/modules/exported/web_embedded_worker_impl.cc --- a/third_party/blink/renderer/modules/exported/web_embedded_worker_impl.cc +++ b/third_party/blink/renderer/modules/exported/web_embedded_worker_impl.cc @@ -205,7 +205,9 @@ void WebEmbeddedWorkerImpl::StartWorkerThread( Vector(), network::mojom::ReferrerPolicy::kDefault, starter_origin.get(), starter_secure_context, starter_https_state, nullptr /* worker_clients */, - std::move(content_settings_proxy), nullptr /* inherited_trial_features */, + std::move(content_settings_proxy), + absl::nullopt /* response_address_space */, + nullptr /* inherited_trial_features */, worker_start_data->devtools_worker_token, std::move(worker_settings), // Generate the full code cache in the first execution of the script. mojom::blink::V8CacheOptions::kFullCodeWithoutHeatCheck, diff --git a/third_party/blink/renderer/modules/service_worker/service_worker_global_scope.cc b/third_party/blink/renderer/modules/service_worker/service_worker_global_scope.cc --- a/third_party/blink/renderer/modules/service_worker/service_worker_global_scope.cc +++ b/third_party/blink/renderer/modules/service_worker/service_worker_global_scope.cc @@ -474,6 +474,7 @@ void ServiceWorkerGlobalScope::DidFetchClassicScript( // is set, and with the following callback steps given evaluationStatus:" RunClassicScript( classic_script_loader->ResponseURL(), referrer_policy, + classic_script_loader->ResponseAddressSpace(), classic_script_loader->GetContentSecurityPolicy() ? mojo::Clone(classic_script_loader->GetContentSecurityPolicy() ->GetParsedPolicies()) @@ -487,6 +488,7 @@ void ServiceWorkerGlobalScope::DidFetchClassicScript( void ServiceWorkerGlobalScope::Initialize( const KURL& response_url, network::mojom::ReferrerPolicy response_referrer_policy, + network::mojom::IPAddressSpace response_address_space, Vector response_csp, const Vector* response_origin_trial_tokens) { // Step 4.5. "Set workerGlobalScope's url to serviceWorker's script url." @@ -500,6 +502,9 @@ void ServiceWorkerGlobalScope::Initialize( // script resource's referrer policy." SetReferrerPolicy(response_referrer_policy); + // https://wicg.github.io/cors-rfc1918/#integration-html + SetAddressSpace(response_address_space); + // This is quoted from the "Content Security Policy" algorithm in the service // workers spec: // "Whenever a user agent invokes Run Service Worker algorithm with a service @@ -510,6 +515,9 @@ void ServiceWorkerGlobalScope::Initialize( // - If serviceWorker's script resource was delivered with a // Content-Security-Policy-Report-Only HTTP header containing the value // policy, the user agent must monitor policy for serviceWorker." + // + // These should be called after SetAddressSpace() to correctly override the + // address space by the "treat-as-public-address" CSP directive. InitContentSecurityPolicyFromVector(std::move(response_csp)); BindContentSecurityPolicyToExecutionContext(); @@ -550,26 +558,27 @@ void ServiceWorkerGlobalScope::LoadAndRunInstalledClassicScript( kDoNotSupportReferrerPolicyLegacyKeywords, &referrer_policy); } - RunClassicScript(script_url, referrer_policy, - ParseContentSecurityPolicyHeaders( - script_data->GetContentSecurityPolicyResponseHeaders()), - script_data->CreateOriginTrialTokens().get(), - script_data->TakeSourceText(), script_data->TakeMetaData(), - stack_id); + RunClassicScript( + script_url, referrer_policy, script_data->GetResponseAddressSpace(), + ParseContentSecurityPolicyHeaders( + script_data->GetContentSecurityPolicyResponseHeaders()), + script_data->CreateOriginTrialTokens().get(), + script_data->TakeSourceText(), script_data->TakeMetaData(), stack_id); } // https://w3c.github.io/ServiceWorker/#run-service-worker-algorithm void ServiceWorkerGlobalScope::RunClassicScript( const KURL& response_url, network::mojom::ReferrerPolicy response_referrer_policy, + network::mojom::IPAddressSpace response_address_space, Vector response_csp, const Vector* response_origin_trial_tokens, const String& source_code, std::unique_ptr> cached_meta_data, const v8_inspector::V8StackTraceId& stack_id) { // Step 4.5-4.11 are implemented in Initialize(). - Initialize(response_url, response_referrer_policy, std::move(response_csp), - response_origin_trial_tokens); + Initialize(response_url, response_referrer_policy, response_address_space, + std::move(response_csp), response_origin_trial_tokens); // Step 4.12. "Let evaluationStatus be the result of running the classic // script script if script is a classic script, otherwise, the result of diff --git a/third_party/blink/renderer/modules/service_worker/service_worker_global_scope.h b/third_party/blink/renderer/modules/service_worker/service_worker_global_scope.h --- a/third_party/blink/renderer/modules/service_worker/service_worker_global_scope.h +++ b/third_party/blink/renderer/modules/service_worker/service_worker_global_scope.h @@ -129,6 +129,7 @@ class MODULES_EXPORT ServiceWorkerGlobalScope final void Initialize( const KURL& response_url, network::mojom::ReferrerPolicy response_referrer_policy, + network::mojom::IPAddressSpace response_address_space, Vector response_csp, const Vector* response_origin_trial_tokens) override; // Fetches and runs the top-level classic worker script. @@ -400,6 +401,7 @@ class MODULES_EXPORT ServiceWorkerGlobalScope final void RunClassicScript( const KURL& response_url, network::mojom::ReferrerPolicy response_referrer_policy, + network::mojom::IPAddressSpace response_address_space, Vector response_csp, const Vector* response_origin_trial_tokens, const String& source_code, diff --git a/third_party/blink/renderer/modules/webaudio/audio_worklet_global_scope_test.cc b/third_party/blink/renderer/modules/webaudio/audio_worklet_global_scope_test.cc --- a/third_party/blink/renderer/modules/webaudio/audio_worklet_global_scope_test.cc +++ b/third_party/blink/renderer/modules/webaudio/audio_worklet_global_scope_test.cc @@ -86,6 +86,7 @@ class AudioWorkletGlobalScopeTest : public PageTestBase, public ModuleTestBase { window->GetReferrerPolicy(), window->GetSecurityOrigin(), window->IsSecureContext(), window->GetHttpsState(), nullptr /* worker_clients */, nullptr /* content_settings_client */, + window->AddressSpace(), OriginTrialContext::GetInheritedTrialFeatures(window).get(), base::UnguessableToken::Create(), nullptr /* worker_settings */, mojom::blink::V8CacheOptions::kDefault, diff --git a/third_party/blink/renderer/modules/webaudio/audio_worklet_thread_test.cc b/third_party/blink/renderer/modules/webaudio/audio_worklet_thread_test.cc --- a/third_party/blink/renderer/modules/webaudio/audio_worklet_thread_test.cc +++ b/third_party/blink/renderer/modules/webaudio/audio_worklet_thread_test.cc @@ -100,6 +100,7 @@ class AudioWorkletThreadTest : public PageTestBase, public ModuleTestBase { window->GetReferrerPolicy(), window->GetSecurityOrigin(), window->IsSecureContext(), window->GetHttpsState(), nullptr /* worker_clients */, nullptr /* content_settings_client */, + window->AddressSpace(), OriginTrialContext::GetInheritedTrialFeatures(window).get(), base::UnguessableToken::Create(), nullptr /* worker_settings */, mojom::blink::V8CacheOptions::kDefault, diff --git a/third_party/blink/renderer/modules/worklet/worklet_thread_test_common.cc b/third_party/blink/renderer/modules/worklet/worklet_thread_test_common.cc --- a/third_party/blink/renderer/modules/worklet/worklet_thread_test_common.cc +++ b/third_party/blink/renderer/modules/worklet/worklet_thread_test_common.cc @@ -38,7 +38,7 @@ CreateAnimationAndPaintWorkletThread( Vector(), window->GetReferrerPolicy(), window->GetSecurityOrigin(), window->IsSecureContext(), window->GetHttpsState(), clients, - nullptr /* content_settings_client */, + nullptr /* content_settings_client */, window->AddressSpace(), OriginTrialContext::GetInheritedTrialFeatures(window).get(), base::UnguessableToken::Create(), nullptr /* worker_settings */, mojom::blink::V8CacheOptions::kDefault, -- 2.25.1