Limit foreign fetch to only intercept requests made from secure contexts.

content/browser/service_worker/foreign_fetch_request_handler.cc

 // Copyright 2015 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/service_worker/foreign_fetch_request_handler.h"
 
 #include <string>
 
 #include "base/macros.h"
 #include "content/browser/service_worker/service_worker_context_wrapper.h"
@@ skipping 40 matching lines @@
     storage::BlobStorageContext* blob_storage_context,
     int process_id,
     int provider_id,
     bool skip_service_worker,
     FetchRequestMode request_mode,
     FetchCredentialsMode credentials_mode,
     FetchRedirectMode redirect_mode,
     ResourceType resource_type,
     RequestContextType request_context_type,
     RequestContextFrameType frame_type,
-    scoped_refptr<ResourceRequestBody> body) {
+    scoped_refptr<ResourceRequestBody> body,
+    bool initiated_in_secure_context) {
   if (!context_wrapper) {
     return;
   }
 
+  if (!initiated_in_secure_context)
+    return;

[kinuko, 2016/06/03 09:17:16]

This makes me feel if we should just skip calling InitializeHandler if this is
false in resource_dispatcher_host_impl... any reason we don't do that?

[Marijn Kruisselbrink, 2016/06/06 19:23:34]

No particular reason, other than keeping all the checks in one place. Similarly
ResourceDispatcherHost could skip calling InitializeHandler (and
ServiceWorkerRequestHandler::InitializeHandler) when context_wrapper is null,
and for a few other checks that InitializeHandler does. So it's mostly a
question of how much you want ResourceDispatcherHost to know about service
worker specific checks.
(also in a future (still very much WIP) patch I'm working on to limit which
requests we process Link rel=serviceworker HTTP response headers for the same
initiated_in_secure_context flag is used for that as well, so ResourceDH won't
be just passing the flag on to InitializeHandler anymore then:
https://codereview.chromium.org/1914593002)

[kinuko, 2016/06/07 06:55:57]

Ah ok, makes sense.  Yeah having decision related logic here would be probably
better.

+
   if (!context_wrapper->OriginHasForeignFetchRegistrations(
           request->url().GetOrigin())) {
     return;
   }
 
   if (request->initiator().IsSameOriginWith(url::Origin(request->url())))
     return;
+
   if (ServiceWorkerUtils::IsMainResourceType(resource_type))
     return;
 
   // Any more precise checks to see if the request should be intercepted are
   // asynchronous, so just create our handler in all cases.
   std::unique_ptr<ForeignFetchRequestHandler> handler(
       new ForeignFetchRequestHandler(
           context_wrapper, blob_storage_context->AsWeakPtr(), request_mode,
           credentials_mode, redirect_mode, resource_type, request_context_type,
           frame_type, body));
@@ skipping 138 matching lines @@
   }
   return target_worker_.get();
 }
 
 void ForeignFetchRequestHandler::ClearJob() {
   job_.reset();
   target_worker_ = nullptr;
 }
 
 }  // namespace content