PlzNavigate: Enforce 'form-action' CSP on the browser-side.

content/browser/frame_host/navigation_request.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/browser/frame_host/navigation_request.h"
 
 #include <utility>
 
 #include "base/memory/ptr_util.h"
 #include "content/browser/appcache/appcache_navigation_handle.h"
@@ skipping 203 matching lines @@
       frame_entry, request_body, dest_url, dest_referrer, navigation_type,
       previews_state, navigation_start);
 
   std::unique_ptr<NavigationRequest> navigation_request(new NavigationRequest(
       frame_tree_node, common_params,
       BeginNavigationParams(entry.extra_headers(), net::LOAD_NORMAL,
                             false,  // has_user_gestures
                             false,  // skip_service_worker
                             REQUEST_CONTEXT_TYPE_LOCATION,
                             blink::WebMixedContentContextType::Blockable,
+                            false,  // is_form_submission

[nasko, 2017/03/16 21:49:47]

I know the browser pops up a dialog warning you if you refresh a form submission
navigation. Does reload go through this path or a different one? I guess if the
submission was allowed in the first place, the reload should be allowed too.
However semantically it might be incorrect to say that it isn't a form
submission.

[arthursonzogni, 2017/03/17 14:58:25]

You are right.

The current behavior is to check the CSP on form resubmission. I think it is
wrong since the CSPs of the previous document doesn't exist anymore. Instead it
uses the CSP of the current document which doesn't make sense to me.
It is probably better to allow every form resubmission since the navigation was
allowed in the first place.

I talk with @mkwst today. Not checking form-action on form resubmission is
probably the right thing to do. Nevertheless, care should be taken when the
current document is the error page.

I will add a TODO for the moment. I am working on storing is_form_submission
attribute close to the post_body.

                             initiator),
       entry.ConstructRequestNavigationParams(
           frame_entry, common_params.url, common_params.method,
           is_history_navigation_in_new_child,
           entry.GetSubframeUniqueNames(frame_tree_node),
           frame_tree_node->has_committed_real_load(),
           controller->GetPendingEntryIndex() == -1,
           controller->GetIndexOfEntry(&entry),
           controller->GetLastCommittedEntryIndex(),
           controller->GetEntryCount()),
@@ skipping 160 matching lines @@
   redirect_chain.push_back(common_params_.url);
 
   std::unique_ptr<NavigationHandleImpl> navigation_handle =
       NavigationHandleImpl::Create(common_params_.url, redirect_chain,
                                    frame_tree_node_, !browser_initiated_,
                                    FrameMsg_Navigate_Type::IsSameDocument(
                                        common_params_.navigation_type),
                                    common_params_.navigation_start,
                                    pending_nav_entry_id,
                                    false,  // started_in_context_menu
-                                   common_params_.should_bypass_main_world_csp);
+                                   common_params_.should_bypass_main_world_csp,
+                                   begin_params_.is_form_submission);
 
   if (!frame_tree_node->navigation_request()) {
     // A callback could have cancelled this request synchronously in which case
     // |this| is deleted.
     return;
   }
 
   navigation_handle_ = std::move(navigation_handle);
 
   if (!begin_params_.searchable_form_url.is_empty()) {
@@ skipping 368 matching lines @@
   DCHECK_EQ(request_params_.has_user_gesture, begin_params_.has_user_gesture);
 
   render_frame_host->CommitNavigation(response_.get(), std::move(body_),
                                       common_params_, request_params_,
                                       is_view_source_);
 
   frame_tree_node_->ResetNavigationRequest(true);
 }
 
 }  // namespace content