Fenced frame: fix 'src' permissions policy allowlist.
The 'src' allowlist is a feature unique to iframes and fenced frames
that, if set, only allows a given feature for the origin loaded in the
src attribute. This is calculated in the embedder. However, when loading
a fenced frame or iframe with a fenced frame config, that origin is
opaque to the embedder but transparent to the inner content. This causes
a mismatch where the inner content is told to only allow a feature for
an opaque 'src', but it will see it was navigated to a transparent URL.
It will then disallow the feature, even though it is navigated to the
FencedFrameConfig installed in the "src" or "config" attribute.
This CL fixes that mismatch by re-calculating the frame tree node's
pending container policy once the mapped URL is known. More
specifically, we do this in
NavigationRequest::ReadyToCommitNavigation(). Any allowlists that
match the opaque 'src' (a value set by the embedder that doesn't and
shouldn't know the final navigated URL) are replaced with the fenced
frame config's mapped URL's origin. This updated container policy is
sent to the inner container's renderer process as normal where it is
used to construct the final permissions policy, as well as being used to
calculate the final permissions policy on the browser side.
Bug: 349080952
Change-Id: Ia255fc991b466ae35214d432cbf705279ca1da79
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5714693
Reviewed-by: Andrew Verge averge@chromium.org
Commit-Queue: Liam Brady lbrady@google.com
Reviewed-by: Arthur Sonzogni arthursonzogni@chromium.org
Reviewed-by: Ian Kilpatrick ikilpatrick@chromium.org
Cr-Commit-Position: refs/heads/main@{#1334900}