From e4530a4e4e24749f8c041ff26c92f2b31dbbb659 Mon Sep 17 00:00:00 2001
From: Garrett Tanzer <gtanzer@chromium.org>
Date: Wed, 15 Jun 2022 22:55:26 +0000
Subject: [PATCH] Fenced Frames: Temporarily allow window.fence.reportEvent
 from iframes

Associated with the FLEDGE origin trial, there is a flag that allows iframes to load urn:uuids. This CL also enables window.fence.reportEvent in that case, to make it easier to test the new APIs. This will be removed when the iframe urn:uuid flag is removed.

For implementation reasons, the behavior right now is:
- If the invoking frame is in a fenced frame tree, the behavior is the same as before.
- If the invoking frame isn't in a fenced frame tree, reportEvent is available only when the invoking frame is an iframe whose document was navigated to a urn:uuid with attached reporting metadata.

For some examples:

* embedder > iframe1 (urn1) > iframe2 (https)
  fence.reportEvent works from iframe1 only.
* embedder > iframe1 (urn1) > iframe2 (urn2)
  fence.reportEvent works from iframe1 (to urn1) and iframe2 (to urn2)
* embedder > fencedframe1 (urn1) > iframe2 (https)
  fence.reportEvent works from fencedframe1 and iframe2 (both to urn1)
* embedder > fencedframe1 (urn1) > iframe2 (urn2)
  fence.reportEvent works from fencedframe1 and iframe2 (BOTH to urn1)

https://github.com/WICG/turtledove/issues/309

Change-Id: Ie85bfb5264eb1ae78769533b2b8939f3168c8656
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3690741
Reviewed-by: Daniel Cheng <dcheng@chromium.org>
Reviewed-by: Arthur Sonzogni <arthursonzogni@chromium.org>
Reviewed-by: Shivani Sharma <shivanisha@chromium.org>
Commit-Queue: Garrett Tanzer <gtanzer@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1014688}
NOKEYCHECK=True
GitOrigin-RevId: 95b0232d46b725c457f406db36de6461a9250e60
---
 blink/renderer/core/frame/local_dom_window.cc | 11 +++++-
 .../renderer/core/html/fenced_frame/fence.cc  | 34 ++++++++++++++-----
 2 files changed, 36 insertions(+), 9 deletions(-)

diff --git a/blink/renderer/core/frame/local_dom_window.cc b/blink/renderer/core/frame/local_dom_window.cc
index 98e4b66ff58..84eca5b0b66 100644
--- a/blink/renderer/core/frame/local_dom_window.cc
+++ b/blink/renderer/core/frame/local_dom_window.cc
@@ -2314,9 +2314,18 @@ void LocalDOMWindow::DidBufferLoadWhileInBackForwardCache(size_t num_bytes) {
 
 Fence* LocalDOMWindow::fence() {
   // Return nullptr if we aren't in a fenced subtree.
-  if (!GetFrame() || !GetFrame()->IsInFencedFrameTree()) {
+  if (!GetFrame()) {
     return nullptr;
   }
+  if (!GetFrame()->IsInFencedFrameTree()) {
+    // We temporarily allow window.fence in iframes with fenced frame reporting
+    // metadata (navigated by urn:uuids).
+    // If we are in an iframe that doesn't qualify, return nullptr.
+    if (!blink::features::IsAllowURNsInIframeEnabled() ||
+        !GetFrame()->GetDocument()->Loader()->FencedFrameReporting()) {
+      return nullptr;
+    }
+  }
 
   if (!fence_) {
     fence_ = MakeGarbageCollected<Fence>(*this);
diff --git a/blink/renderer/core/html/fenced_frame/fence.cc b/blink/renderer/core/html/fenced_frame/fence.cc
index 7a6b1a6c6f0..fd5e4bab98d 100644
--- a/blink/renderer/core/html/fenced_frame/fence.cc
+++ b/blink/renderer/core/html/fenced_frame/fence.cc
@@ -5,6 +5,7 @@
 #include "third_party/blink/renderer/core/html/fenced_frame/fence.h"
 
 #include "third_party/abseil-cpp/absl/types/optional.h"
+#include "third_party/blink/public/common/features.h"
 #include "third_party/blink/public/common/frame/frame_policy.h"
 #include "third_party/blink/public/mojom/devtools/console_message.mojom-blink.h"
 #include "third_party/blink/public/mojom/fenced_frame/fenced_frame.mojom-blink.h"
@@ -56,17 +57,34 @@ void Fence::reportEvent(ScriptState* script_state,
 
   LocalFrame* frame = DomWindow()->GetFrame();
   DCHECK(frame);
-  DCHECK(frame->IsInFencedFrameTree());
 
-  if (frame->GetFencedFrameMode() !=
-      mojom::blink::FencedFrameMode::kOpaqueAds) {
-    AddConsoleMessage(
-        "fence.reportEvent is only available in the 'opaque-ads' mode.");
-    return;
+  LocalFrame* fenced_frame = nullptr;
+  if (blink::features::IsAllowURNsInIframeEnabled() &&
+      !frame->IsInFencedFrameTree()) {
+    // The only way to get a Fence outside a fenced frame is from
+    // LocalDOMWindow::fence(), when both:
+    // - blink::features::IsAllowURNsInIframeEnabled() is true
+    // - the Document itself was loaded from a urn:uuid
+    // In that case, pretend that the frame is a fenced frame root for this
+    // temporary experiment.
+    // TODO(crbug.com/1123606): Disable window.fence.reportEvent in iframes.
+    // In order to disable, run the else branch unconditionally.
+    // Also remove the features.h include above.
+    fenced_frame = frame;
+  } else {
+    DCHECK(frame->IsInFencedFrameTree());
+
+    if (frame->GetFencedFrameMode() !=
+        mojom::blink::FencedFrameMode::kOpaqueAds) {
+      AddConsoleMessage(
+          "fence.reportEvent is only available in the 'opaque-ads' mode.");
+      return;
+    }
+
+    fenced_frame = DynamicTo<LocalFrame>(
+        DomWindow()->GetFrame()->Top(FrameTreeBoundary::kFenced));
   }
 
-  LocalFrame* fenced_frame = DynamicTo<LocalFrame>(
-      DomWindow()->GetFrame()->Top(FrameTreeBoundary::kFenced));
   DCHECK(fenced_frame);
   DCHECK(fenced_frame->GetDocument());