Support the Clear-Site-Data header on resource requests

content/browser/browsing_data/clear_site_data_throttle.cc

 // Copyright 2016 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/browsing_data/clear_site_data_throttle.h"
 
 #include "base/command_line.h"
 #include "base/json/json_reader.h"
 #include "base/json/json_string_value_serializer.h"
 #include "base/memory/ptr_util.h"
 #include "base/metrics/histogram_macros.h"
+#include "base/scoped_observer.h"
 #include "base/strings/string_util.h"
 #include "base/strings/stringprintf.h"
 #include "base/values.h"
-#include "content/browser/frame_host/navigation_handle_impl.h"
+#include "content/browser/service_worker/service_worker_response_info.h"
 #include "content/public/browser/browser_context.h"
-#include "content/public/browser/content_browser_client.h"
-#include "content/public/browser/navigation_handle.h"
+#include "content/public/browser/browser_thread.h"
+#include "content/public/browser/browsing_data_filter_builder.h"
+#include "content/public/browser/browsing_data_remover.h"
+#include "content/public/browser/render_frame_host.h"
 #include "content/public/browser/web_contents.h"
-#include "content/public/common/content_client.h"
 #include "content/public/common/content_switches.h"
 #include "content/public/common/origin_util.h"
+#include "content/public/common/resource_response_info.h"
+#include "net/base/load_flags.h"
+#include "net/base/registry_controlled_domains/registry_controlled_domain.h"
 #include "net/http/http_response_headers.h"
+#include "net/url_request/redirect_info.h"
 #include "url/gurl.h"
 #include "url/origin.h"
 
 namespace content {
 
 namespace {
 
-static const char* kClearSiteDataHeader = "Clear-Site-Data";
+const char kNameForLogging[] = "ClearSiteDataThrottle";
 
-static const char* kTypesKey = "types";
+const char kClearSiteDataHeader[] = "Clear-Site-Data";
+
+const char kTypesKey[] = "types";
+
+// Datatypes.
+const char kDatatypeCookies[] = "cookies";
+const char kDatatypeStorage[] = "storage";
+const char kDatatypeCache[] = "cache";
 
 // Pretty-printed log output.
-static const char* kConsoleMessagePrefix = "Clear-Site-Data header on '%s': %s";
-static const char* kClearingOneType = "Clearing %s.";
-static const char* kClearingTwoTypes = "Clearing %s and %s.";
-static const char* kClearingThreeTypes = "Clearing %s, %s, and %s.";
-
-// Console logging. Adds a |text| message with |level| to |messages|.
-void ConsoleLog(std::vector<ClearSiteDataThrottle::ConsoleMessage>* messages,
-                const GURL& url,
-                const std::string& text,
-                ConsoleMessageLevel level) {
-  messages->push_back({url, text, level});
-}
+const char kConsoleMessagePrefix[] = "Clear-Site-Data header on '%s': %s";
+const char kConsoleMessageCleared[] = "Cleared datatypes: %s.";
+const char kConsoleMessageDatatypeSeparator[] = ", ";
 
 bool AreExperimentalFeaturesEnabled() {
   return base::CommandLine::ForCurrentProcess()->HasSwitch(
       switches::kEnableExperimentalWebPlatformFeatures);
 }
 
 // Represents the parameters as a single number to be recorded in a histogram.
 int ParametersMask(bool clear_cookies, bool clear_storage, bool clear_cache) {
   return static_cast<int>(clear_cookies) * (1 << 0) +
          static_cast<int>(clear_storage) * (1 << 1) +
          static_cast<int>(clear_cache) * (1 << 2);
 }
 
-}  // namespace
-
-// static
-std::unique_ptr<NavigationThrottle>
-ClearSiteDataThrottle::CreateThrottleForNavigation(NavigationHandle* handle) {
-  if (AreExperimentalFeaturesEnabled())
-    return base::WrapUnique(new ClearSiteDataThrottle(handle));
-
-  return std::unique_ptr<NavigationThrottle>();
+// A helper function to pass an IO thread callback to a method called on
+// the UI thread.
+void JumpFromUIToIOThread(base::OnceClosure callback) {
+  DCHECK_CURRENTLY_ON(BrowserThread::UI);
+  BrowserThread::PostTask(BrowserThread::IO, FROM_HERE, std::move(callback));
 }
 
-ClearSiteDataThrottle::ClearSiteDataThrottle(
-    NavigationHandle* navigation_handle)
-    : NavigationThrottle(navigation_handle),
-      clearing_in_progress_(false),
-      weak_ptr_factory_(this) {}
+// Finds the BrowserContext associated with the request and requests
+// the actual clearing of data for |origin|. The datatypes to be deleted
+// are determined by |clear_cookies|, |clear_storage|, and |clear_cache|.
+// |web_contents_getter| identifies the WebContents from which the request
+// originated. Must be run on the UI thread. The |callback| will be executed
+// on the IO thread.
+class UIThreadSiteDataClearer : public BrowsingDataRemover::Observer {
+ public:
+  static void Run(
+      const ResourceRequestInfo::WebContentsGetter& web_contents_getter,
+      const url::Origin& origin,
+      bool clear_cookies,
+      bool clear_storage,
+      bool clear_cache,
+      base::OnceClosure callback) {
+    WebContents* web_contents = web_contents_getter.Run();
+    if (!web_contents)
+      return;
 
-ClearSiteDataThrottle::~ClearSiteDataThrottle() {
-  // At the end of the navigation we finally have access to the correct
-  // RenderFrameHost. Output the cached console messages. Prefix each sequence
-  // of messages belonging to the same URL with |kConsoleMessagePrefix|.
+    (new UIThreadSiteDataClearer(web_contents, origin, clear_cookies,
+                                 clear_storage, clear_cache,
+                                 std::move(callback)))
+        ->RunAndDestroySelfWhenDone();
+  }
+
+ private:
+  UIThreadSiteDataClearer(const WebContents* web_contents,
+                          const url::Origin& origin,
+                          bool clear_cookies,
+                          bool clear_storage,
+                          bool clear_cache,
+                          base::OnceClosure callback)
+      : origin_(origin),
+        clear_cookies_(clear_cookies),
+        clear_storage_(clear_storage),
+        clear_cache_(clear_cache),
+        callback_(std::move(callback)),
+        pending_task_count_(0),
+        remover_(nullptr),
+        scoped_observer_(this) {
+    DCHECK_CURRENTLY_ON(BrowserThread::UI);
+
+    remover_ = BrowserContext::GetBrowsingDataRemover(
+        web_contents->GetBrowserContext());
+    DCHECK(remover_);
+    scoped_observer_.Add(remover_);
+  }
+
+  ~UIThreadSiteDataClearer() override {}
+
+  void RunAndDestroySelfWhenDone() {
+    DCHECK_CURRENTLY_ON(BrowserThread::UI);
+
+    // Cookies and channel IDs are scoped to
+    // a) eTLD+1 of |origin|'s host if |origin|'s host is a registrable domain
+    //    or a subdomain thereof
+    // b) |origin|'s host exactly if it is an IP address or an internal hostname
+    //    (e.g. "localhost" or "fileserver").
+    // TODO(msramek): What about plugin data?
+    if (clear_cookies_) {
+      std::string domain = GetDomainAndRegistry(
+          origin_.host(),
+          net::registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES);
+
+      if (domain.empty())
+        domain = origin_.host();  // IP address or internal hostname.
+
+      std::unique_ptr<BrowsingDataFilterBuilder> domain_filter_builder(
+          BrowsingDataFilterBuilder::Create(
+              BrowsingDataFilterBuilder::WHITELIST));
+      domain_filter_builder->AddRegisterableDomain(domain);
+
+      pending_task_count_++;
+      remover_->RemoveWithFilterAndReply(
+          base::Time(), base::Time::Max(),
+          BrowsingDataRemover::DATA_TYPE_COOKIES |
+              BrowsingDataRemover::DATA_TYPE_CHANNEL_IDS,
+          BrowsingDataRemover::ORIGIN_TYPE_UNPROTECTED_WEB |
+              BrowsingDataRemover::ORIGIN_TYPE_PROTECTED_WEB,
+          std::move(domain_filter_builder), this);
+    }
+
+    // Delete origin-scoped data.
+    int remove_mask = 0;
+    if (clear_storage_)
+      remove_mask |= BrowsingDataRemover::DATA_TYPE_DOM_STORAGE;
+    if (clear_cache_)
+      remove_mask |= BrowsingDataRemover::DATA_TYPE_CACHE;
+
+    if (remove_mask) {
+      std::unique_ptr<BrowsingDataFilterBuilder> origin_filter_builder(
+          BrowsingDataFilterBuilder::Create(
+              BrowsingDataFilterBuilder::WHITELIST));
+      origin_filter_builder->AddOrigin(origin_);
+
+      pending_task_count_++;
+      remover_->RemoveWithFilterAndReply(
+          base::Time(), base::Time::Max(), remove_mask,
+          BrowsingDataRemover::ORIGIN_TYPE_UNPROTECTED_WEB |
+              BrowsingDataRemover::ORIGIN_TYPE_PROTECTED_WEB,
+          std::move(origin_filter_builder), this);
+    }
+  }
+
+  // BrowsingDataRemover::Observer;
+  void OnBrowsingDataRemoverDone() override {
+    DCHECK(pending_task_count_);
+    if (--pending_task_count_)
+      return;
+
+    JumpFromUIToIOThread(std::move(callback_));
+    delete this;
+  }
+
+  url::Origin origin_;
+  bool clear_cookies_;
+  bool clear_storage_;
+  bool clear_cache_;
+  base::OnceClosure callback_;
+  int pending_task_count_;
+  BrowsingDataRemover* remover_;
+  ScopedObserver<BrowsingDataRemover, BrowsingDataRemover::Observer>
+      scoped_observer_;
+};
+
+// Outputs a single |formatted_message| on the UI thread.
+void OutputFormattedMessage(WebContents* web_contents,
+                            ConsoleMessageLevel level,
+                            const std::string& formatted_text) {
+  if (web_contents)
+    web_contents->GetMainFrame()->AddMessageToConsole(level, formatted_text);
+}
+
+// Outputs |messages| to the console of WebContents retrieved from
+// |web_contents_getter|. Must be run on the UI thread.
+void OutputMessagesOnUIThread(
+    const ResourceRequestInfo::WebContentsGetter& web_contents_getter,
+    const std::vector<ClearSiteDataThrottle::ConsoleMessagesDelegate::Message>&
+        messages,
+    const ClearSiteDataThrottle::ConsoleMessagesDelegate ::
+        OutputFormattedMessageFunction& output_formatted_message_function) {

[mmenke, 2017/05/31 16:25:33]

Are those spaces around the :: valid google style?  I've never seen that before.

[msramek, 2017/06/01 22:02:27]

I don't think so. I ran git cl format, but it might have been confused by a
trailing whitespace or something. Fixed.

+  DCHECK_CURRENTLY_ON(BrowserThread::UI);
+
+  WebContents* web_contents =
+      web_contents_getter.is_null() ? nullptr : web_contents_getter.Run();

[mmenke, 2017/05/31 16:25:33]

I guess this is just for tests, but can we instead pass in a WebContentsGetter
that returns nullptr?  Don't like test code in production, unless it's the only
reasonable option.

[msramek, 2017/06/01 22:02:27]

Done. Yes, this was just for the tests, and it's actually not needed anymore,
since I change the test to not call this directly.

+
+  // Prefix each sequence of messages belonging to the same URL with
+  // |kConsoleMessagePrefix|.
   GURL last_seen_url;
-  for (const ConsoleMessage& message : messages_) {
+  for (const auto& message : messages) {
     if (message.url == last_seen_url) {
-      navigation_handle()->GetRenderFrameHost()->AddMessageToConsole(
-          message.level, message.text);
+      output_formatted_message_function.Run(web_contents, message.level,
+                                            message.text);

[mmenke, 2017/05/31 16:25:33]

Can't remember if I raised this earlier - thought I did, but don't see the
comment.  If we have the same URL requested twice, this will merge their log
messages.  Should it?

Suppose we have a redirected request http://foo/clear-stuff ->
http://foo/clear-stuff -> http://foo/do-not-stuff/ -> http://foo/clear-stuff

We'd only have one prefix, despite having 3 requests that clear stuff.  The
simplest workaround would be to add a header as a message, each time we see a
clear-data header (Each time we see the header, we're going to output some
message, anyways - either a claim we cleared something or an error).  Unlikely
to matter much, but seems trivial to change, and even makes the code a little
simpler, as then we no longer need to track the URLs, right?

[msramek, 2017/06/01 22:02:27]

The main reason for this |last_seen_url| was that a header can output more than
one line (e.g. it can complain that it doesn't recognize one datatype, but still
delete other ones - this is for forward compatibility).

So we get:

"""
Clear-Site-Data header on foo: blah blah blah
blah blah blah
"""

My intention was to avoid spamming the prefix ("Clear-Site-Data header"), but
admittedly, this does look a bit ugly.

We could join messages from one origin into one multiline string, but then we
lose the information about message level.

So it might really be easiest to just add the prefix everywhere. Note that this
doesn't fully address your concern, since if we have three messages from two
origins, you can't tell if it's 2+1, 1+2 from the syntax (you probably can from
their meaning though).

[mmenke, 2017/06/05 21:05:50]

I'm not following.  Couldn't we do:

bool ClearSiteDataThrottle::HandleHeader() {
  if (/* header not present */)
    return false;

  delegate_->AddMessage("Processing Clear-Site-Data header from %s:");
  ...

[mmenke, 2017/06/05 22:39:36]

(Note:  I'm happy with the current approach)

[msramek, 2017/06/06 18:20:56]

I played a bit with the console, and it doesn't look that good to have the
"prefix" as a separate message, because we don't know which logging level to
use. It could happen that "Processing..." will be INFO, but then the next line
will be ERROR.

The current approach will only output one line, which will be ERROR. For mixed
cases (like the one with unrecognized type), we would output one line with
ERROR, one with INFO, and here it's desirable that they both have the prefix. So
I think the current solution works quite well.

And again, we could do a seek-forward during the output to evaluate the
following messages, decide whether the prefix should be LOG or ERROR, join them
into one multiline message with offsets if possible, etc., but I don't want to
overcomplicate it.

     } else {
-      navigation_handle()->GetRenderFrameHost()->AddMessageToConsole(
-          message.level,
+      output_formatted_message_function.Run(
+          web_contents, message.level,
           base::StringPrintf(kConsoleMessagePrefix, message.url.spec().c_str(),
                              message.text.c_str()));
     }
 
     last_seen_url = message.url;
   }
 }
 
-ClearSiteDataThrottle::ThrottleCheckResult
-ClearSiteDataThrottle::WillStartRequest() {
-  current_url_ = navigation_handle()->GetURL();
-  return PROCEED;
-}
-
-ClearSiteDataThrottle::ThrottleCheckResult
-ClearSiteDataThrottle::WillRedirectRequest() {
-  // We are processing a redirect from url1 to url2. GetResponseHeaders()
-  // contains headers from url1, but GetURL() is already equal to url2. Handle
-  // the headers before updating the URL, so that |current_url_| corresponds
-  // to the URL that sent the headers.
-  HandleHeader();
-  current_url_ = navigation_handle()->GetURL();
-
-  return clearing_in_progress_ ? DEFER : PROCEED;
-}
-
-ClearSiteDataThrottle::ThrottleCheckResult
-ClearSiteDataThrottle::WillProcessResponse() {
-  HandleHeader();
-  return clearing_in_progress_ ? DEFER : PROCEED;
-}
-
-const char* ClearSiteDataThrottle::GetNameForLogging() {
-  return "ClearSiteDataThrottle";
-}
-
-void ClearSiteDataThrottle::HandleHeader() {
-  NavigationHandleImpl* handle =
-      static_cast<NavigationHandleImpl*>(navigation_handle());
-  const net::HttpResponseHeaders* headers = handle->GetResponseHeaders();
-
-  if (!headers || !headers->HasHeader(kClearSiteDataHeader))
+}  // namespace
+
+////////////////////////////////////////////////////////////////////////////////
+// ConsoleMessagesDelegate
+
+ClearSiteDataThrottle::ConsoleMessagesDelegate::ConsoleMessagesDelegate()
+    : output_formatted_message_function_(base::Bind(&OutputFormattedMessage)) {}
+
+ClearSiteDataThrottle::ConsoleMessagesDelegate::~ConsoleMessagesDelegate() {}
+
+void ClearSiteDataThrottle::ConsoleMessagesDelegate::AddMessage(
+    const GURL& url,
+    const std::string& text,
+    ConsoleMessageLevel level) {
+  messages_.push_back({url, text, level});
+}
+
+void ClearSiteDataThrottle::ConsoleMessagesDelegate::OutputMessages(
+    const ResourceRequestInfo::WebContentsGetter& web_contents_getter) {
+  if (messages_.empty())
     return;
 
-  // Only accept the header on secure origins.
-  if (!IsOriginSecure(current_url_)) {
-    ConsoleLog(&messages_, current_url_, "Not supported for insecure origins.",
-               CONSOLE_MESSAGE_LEVEL_ERROR);
-    return;
-  }
+  DCHECK_CURRENTLY_ON(BrowserThread::IO);
+  BrowserThread::PostTask(
+      BrowserThread::UI, FROM_HERE,
+      base::BindOnce(&OutputMessagesOnUIThread, web_contents_getter,
+                     std::move(messages_), output_formatted_message_function_));
+
+  messages_.clear();
+}
+
+void ClearSiteDataThrottle::ConsoleMessagesDelegate::
+    SetOutputFormattedMessageFunctionForTesting(
+        const OutputFormattedMessageFunction& function) {
+  output_formatted_message_function_ = function;
+}
+
+////////////////////////////////////////////////////////////////////////////////
+// ClearSiteDataThrottle
+
+// static
+std::unique_ptr<ResourceThrottle>
+ClearSiteDataThrottle::MaybeCreateThrottleForRequest(net::URLRequest* request) {
+  // This is an experimental feature.
+  if (!AreExperimentalFeaturesEnabled())
+    return std::unique_ptr<ResourceThrottle>();
+
+  // The throttle has no purpose if the request has no ResourceRequestInfo,
+  // because we won't be able to determine whose data should be deleted.
+  if (!ResourceRequestInfo::ForRequest(request))
+    return std::unique_ptr<ResourceThrottle>();
+
+  return base::WrapUnique(new ClearSiteDataThrottle(
+      request, base::MakeUnique<ConsoleMessagesDelegate>()));
+}
+
+ClearSiteDataThrottle::~ClearSiteDataThrottle() {
+  // Output the cached console messages. We output console messages when the
+  // request is finished rather than in real time, since in case of navigations
+  // swapping RenderFrameHost would cause the outputs to disappear.
+  const ResourceRequestInfo* info = ResourceRequestInfo::ForRequest(request_);
+  if (info)
+    delegate_->OutputMessages(info->GetWebContentsGetterForRequest());
+}
+
+const char* ClearSiteDataThrottle::GetNameForLogging() const {
+  return kNameForLogging;
+}
+
+void ClearSiteDataThrottle::WillRedirectRequest(
+    const net::RedirectInfo& redirect_info,
+    bool* defer) {
+  *defer = HandleHeader();
+}
+
+void ClearSiteDataThrottle::WillProcessResponse(bool* defer) {
+  *defer = HandleHeader();
+}
+
+// static
+bool ClearSiteDataThrottle::ParseHeaderForTesting(
+    const std::string& header,
+    bool* clear_cookies,
+    bool* clear_storage,
+    bool* clear_cache,
+    ConsoleMessagesDelegate* delegate,
+    const GURL& current_url) {
+  return ClearSiteDataThrottle::ParseHeader(
+      header, clear_cookies, clear_storage, clear_cache, delegate, current_url);
+}
+
+ClearSiteDataThrottle::ClearSiteDataThrottle(
+    net::URLRequest* request,
+    std::unique_ptr<ConsoleMessagesDelegate> delegate)
+    : request_(request),
+      delegate_(std::move(delegate)),
+      weak_ptr_factory_(this) {
+  DCHECK(request_);
+  DCHECK(delegate_);
+}
+
+const GURL& ClearSiteDataThrottle::GetCurrentURL() const {
+  return request_->url();
+}
+
+const net::HttpResponseHeaders* ClearSiteDataThrottle::GetResponseHeaders()
+    const {
+  return request_->response_headers();
+}
+
+bool ClearSiteDataThrottle::HandleHeader() {
+  const net::HttpResponseHeaders* headers = GetResponseHeaders();
 
   std::string header_value;
-  headers->GetNormalizedHeader(kClearSiteDataHeader, &header_value);
+  if (!headers ||
+      !headers->GetNormalizedHeader(kClearSiteDataHeader, &header_value)) {
+    return false;
+  }
+
+  // Only accept the header on secure non-unique origins.
+  if (!IsOriginSecure(GetCurrentURL())) {
+    delegate_->AddMessage(GetCurrentURL(),
+                          "Not supported for insecure origins.",
+                          CONSOLE_MESSAGE_LEVEL_ERROR);
+    return false;
+  }
+
+  url::Origin origin(GetCurrentURL());
+  if (origin.unique()) {
+    delegate_->AddMessage(GetCurrentURL(), "Not supported for unique origins.",
+                          CONSOLE_MESSAGE_LEVEL_ERROR);
+    return false;
+  }
+
+  // The LOAD_DO_NOT_SAVE_COOKIES flag prohibits the request from doing any
+  // modification to cookies. Clear-Site-Data applies this restriction to other
+  // datatypes as well.
+  // TODO(msramek): Consider showing a blocked icon via
+  // TabSpecificContentSettings and reporting the action in the "Blocked"
+  // section of the cookies dialog in OIB.
+  if (request_->load_flags() & net::LOAD_DO_NOT_SAVE_COOKIES) {
+    delegate_->AddMessage(
+        GetCurrentURL(),
+        "The request's credentials mode prohibits modifying cookies "
+        "and other local data.",
+        CONSOLE_MESSAGE_LEVEL_ERROR);
+    return false;
+  }
+
+  // Service workers can handle fetches of third-party resources and inject
+  // arbitrary headers. Ignore responses that came from a service worker,
+  // as supporting Clear-Site-Data would give them the power to delete data from
+  // any website.
+  // See https://w3c.github.io/webappsec-clear-site-data/#service-workers
+  // for more information.
+  const ServiceWorkerResponseInfo* response_info =
+      ServiceWorkerResponseInfo::ForRequest(request_);
+  if (response_info) {
+    ResourceResponseInfo extra_response_info;
+    response_info->GetExtraResponseInfo(&extra_response_info);
+
+    if (extra_response_info.was_fetched_via_service_worker) {
+      delegate_->AddMessage(
+          GetCurrentURL(),
+          "Ignoring, as the response came from a service worker.",
+          CONSOLE_MESSAGE_LEVEL_ERROR);
+      return false;
+    }
+  }
 
   bool clear_cookies;
   bool clear_storage;
   bool clear_cache;
 
-  if (!ParseHeader(header_value, &clear_cookies, &clear_storage, &clear_cache,
-                   &messages_)) {
-    return;
-  }
+  if (!ClearSiteDataThrottle::ParseHeader(header_value, &clear_cookies,
+                                          &clear_storage, &clear_cache,
+                                          delegate_.get(), GetCurrentURL())) {
+    return false;
+  }
+
+  // If the header is valid, clear the data for this browser context and origin.
+  clearing_started_ = base::TimeTicks::Now();
 
   // Record the call parameters.
   UMA_HISTOGRAM_ENUMERATION(
       "Navigation.ClearSiteData.Parameters",
       ParametersMask(clear_cookies, clear_storage, clear_cache), (1 << 3));
 
-  // If the header is valid, clear the data for this browser context and origin.
-  BrowserContext* browser_context =
-      navigation_handle()->GetWebContents()->GetBrowserContext();
-  url::Origin origin(current_url_);
-
-  if (origin.unique()) {
-    ConsoleLog(&messages_, current_url_, "Not supported for unique origins.",
-               CONSOLE_MESSAGE_LEVEL_ERROR);
-    return;
-  }
-
-  clearing_in_progress_ = true;
-  clearing_started_ = base::TimeTicks::Now();
-  GetContentClient()->browser()->ClearSiteData(
-      browser_context, origin, clear_cookies, clear_storage, clear_cache,
-      base::Bind(&ClearSiteDataThrottle::TaskFinished,
-                 weak_ptr_factory_.GetWeakPtr()));
-}
-
+  base::WeakPtr<ClearSiteDataThrottle> weak_ptr =
+      weak_ptr_factory_.GetWeakPtr();
+
+  // Immediately bind the weak pointer to the current thread (IO). This will
+  // make a potential misuse on the UI thread DCHECK immediately rather than
+  // later when it's correctly used on the IO thread again.
+  weak_ptr.get();
+
+  ExecuteClearingTask(
+      origin, clear_cookies, clear_storage, clear_cache,
+      base::BindOnce(&ClearSiteDataThrottle::TaskFinished, weak_ptr));
+
+  return true;
+}
+
+// static
 bool ClearSiteDataThrottle::ParseHeader(const std::string& header,
                                         bool* clear_cookies,
                                         bool* clear_storage,
                                         bool* clear_cache,
-                                        std::vector<ConsoleMessage>* messages) {
+                                        ConsoleMessagesDelegate* delegate,
+                                        const GURL& current_url) {
   if (!base::IsStringASCII(header)) {
-    ConsoleLog(messages, current_url_, "Must only contain ASCII characters.",
-               CONSOLE_MESSAGE_LEVEL_ERROR);
+    delegate->AddMessage(current_url, "Must only contain ASCII characters.",
+                         CONSOLE_MESSAGE_LEVEL_ERROR);
     return false;
   }
 
   std::unique_ptr<base::Value> parsed_header = base::JSONReader::Read(header);
 
   if (!parsed_header) {
-    ConsoleLog(messages, current_url_, "Not a valid JSON.",
-               CONSOLE_MESSAGE_LEVEL_ERROR);
-    return false;
-  }
-
+    delegate->AddMessage(current_url, "Not a valid JSON.",
+                         CONSOLE_MESSAGE_LEVEL_ERROR);
+    return false;
+  }
+
   const base::DictionaryValue* dictionary = nullptr;
   const base::ListValue* types = nullptr;
   if (!parsed_header->GetAsDictionary(&dictionary) ||
       !dictionary->GetListWithoutPathExpansion(kTypesKey, &types)) {
-    ConsoleLog(messages, current_url_,
-               "Expecting a JSON dictionary with a 'types' field.",
-               CONSOLE_MESSAGE_LEVEL_ERROR);
+    delegate->AddMessage(current_url,
+                         "Expecting a JSON dictionary with a 'types' field.",
+                         CONSOLE_MESSAGE_LEVEL_ERROR);
     return false;
   }
 
   DCHECK(types);
 
   *clear_cookies = false;
   *clear_storage = false;
   *clear_cache = false;
 
-  std::vector<std::string> type_names;
+  std::string type_names;
   for (const base::Value& value : *types) {
     std::string type;
     value.GetAsString(&type);
 
     bool* datatype = nullptr;
 
-    if (type == "cookies") {
+    if (type == kDatatypeCookies) {
       datatype = clear_cookies;
-    } else if (type == "storage") {
+    } else if (type == kDatatypeStorage) {
       datatype = clear_storage;
-    } else if (type == "cache") {
+    } else if (type == kDatatypeCache) {
       datatype = clear_cache;
     } else {
       std::string serialized_type;
       JSONStringValueSerializer serializer(&serialized_type);
       serializer.Serialize(value);
-      ConsoleLog(
-          messages, current_url_,
-          base::StringPrintf("Invalid type: %s.", serialized_type.c_str()),
+      delegate->AddMessage(
+          current_url,
+          base::StringPrintf("Unrecognized type: %s.", serialized_type.c_str()),
           CONSOLE_MESSAGE_LEVEL_ERROR);
       continue;
     }
 
+    DCHECK(datatype);
+
     // Each data type should only be processed once.
-    DCHECK(datatype);
     if (*datatype)
       continue;
 
     *datatype = true;
-    type_names.push_back(type);
+    if (!type_names.empty())
+      type_names += kConsoleMessageDatatypeSeparator;
+    type_names += type;
   }
 
   if (!*clear_cookies && !*clear_storage && !*clear_cache) {
-    ConsoleLog(messages, current_url_,
-               "No valid types specified in the 'types' field.",
-               CONSOLE_MESSAGE_LEVEL_ERROR);
+    delegate->AddMessage(current_url,
+                         "No recognized types specified in the 'types' field.",
+                         CONSOLE_MESSAGE_LEVEL_ERROR);
     return false;
   }
 
   // Pretty-print which types are to be cleared.
-  std::string output;
-  switch (type_names.size()) {
-    case 1:
-      output = base::StringPrintf(kClearingOneType, type_names[0].c_str());
-      break;
-    case 2:
-      output = base::StringPrintf(kClearingTwoTypes, type_names[0].c_str(),
-                                  type_names[1].c_str());
-      break;
-    case 3:
-      output = base::StringPrintf(kClearingThreeTypes, type_names[0].c_str(),
-                                  type_names[1].c_str(), type_names[2].c_str());
-      break;
-    default:
-      NOTREACHED();
-  }
-  ConsoleLog(messages, current_url_, output, CONSOLE_MESSAGE_LEVEL_INFO);
+  delegate->AddMessage(
+      current_url,
+      base::StringPrintf(kConsoleMessageCleared, type_names.c_str()),
+      CONSOLE_MESSAGE_LEVEL_INFO);
 
   return true;
 }
 
+void ClearSiteDataThrottle::ExecuteClearingTask(const url::Origin& origin,
+                                                bool clear_cookies,
+                                                bool clear_storage,
+                                                bool clear_cache,
+                                                base::OnceClosure callback) {
+  DCHECK_CURRENTLY_ON(BrowserThread::IO);
+  BrowserThread::PostTask(
+      BrowserThread::UI, FROM_HERE,
+      base::BindOnce(&UIThreadSiteDataClearer::Run,
+                     ResourceRequestInfo::ForRequest(request_)
+                         ->GetWebContentsGetterForRequest(),
+                     origin, clear_cookies, clear_storage, clear_cache,
+                     std::move(callback)));
+}
+
 void ClearSiteDataThrottle::TaskFinished() {
-  DCHECK(clearing_in_progress_);
-  clearing_in_progress_ = false;
+  DCHECK_CURRENTLY_ON(BrowserThread::IO);
+  DCHECK(!clearing_started_.is_null());
 
   UMA_HISTOGRAM_CUSTOM_TIMES("Navigation.ClearSiteData.Duration",
                              base::TimeTicks::Now() - clearing_started_,
                              base::TimeDelta::FromMilliseconds(1),
                              base::TimeDelta::FromSeconds(1), 50);
 
-  navigation_handle()->Resume();
+  Resume();
 }
 
 }  // namespace content