[Backport] CVE-2021-21175: Inappropriate implementation in Site isolation

Manual backport of patch originally reviewed on
https://chromium-review.googlesource.com/c/chromium/src/+/2731577:
Strip url to origin in X-Frame-Options violation messages

X-Frame-Options violations are logged via a console message in the
parent frame. To avoid leaking sensitive data to the parent frame,
let's report as "blocked url" just the origin of the blocked frame's
url, as we are already doing for the frame-ancestors CSP directive.

[M86 Merge]: ancestor_throttle.cc was moved.

(cherry picked from commit 93ce5606cd9a9597993ba70670b4092ab6722281)

Bug: 1146651
Change-Id: If5e5ac62f7e44e714b109e6adc389f11999e0f8b
Commit-Queue: Antonio Sartori <[email protected]>
Reviewed-by: Charlie Reis <[email protected]>
Reviewed-by: Arthur Sonzogni <[email protected]>
Cr-Original-Commit-Position: refs/heads/master@{#828651}
Reviewed-by: Achuith Bhandarkar <[email protected]>
Commit-Queue: Victor-Gabriel Savu <[email protected]>
Cr-Commit-Position: refs/branch-heads/4240@{#1563}
Cr-Branched-From: f297677702651916bbf65e59c0d4bbd4ce57d1ee-refs/heads/master@{#800218}
Reviewed-by: Allan Sandfeld Jensen <[email protected]>
Reviewed-by: Jüri Valdmann <[email protected]>

Author: antosart

chromium/content/browser/frame_host/ancestor_throttle.cc

@@ -227,12 +227,20 @@ void AncestorThrottle::ParseError(const std::string& value,
         "Refused to display '%s' in a frame because it set multiple "
         "'X-Frame-Options' headers with conflicting values "
         "('%s'). Falling back to 'deny'.",
-        navigation_handle()->GetURL().spec().c_str(), value.c_str());
+        url::Origin::Create(navigation_handle()->GetURL())
+            .GetURL()
+            .spec()
+            .c_str(),
+        value.c_str());
   } else {
     message = base::StringPrintf(
         "Invalid 'X-Frame-Options' header encountered when loading '%s': "
         "'%s' is not a recognized directive. The header will be ignored.",
-        navigation_handle()->GetURL().spec().c_str(), value.c_str());
+        url::Origin::Create(navigation_handle()->GetURL())
+            .GetURL()
+            .spec()
+            .c_str(),
+        value.c_str());
   }
 
   // Log a console error in the parent of the current RenderFrameHost (as
@@ -250,11 +258,19 @@ void AncestorThrottle::ConsoleError(HeaderDisposition disposition) {
   std::string message = base::StringPrintf(
       "Refused to display '%s' in a frame because it set 'X-Frame-Options' "
       "to '%s'.",
-      navigation_handle()->GetURL().spec().c_str(),
+      url::Origin::Create(navigation_handle()->GetURL())
+          .GetURL()
+          .spec()
+          .c_str(),
       disposition == HeaderDisposition::DENY ? "deny" : "sameorigin");
 
   // Log a console error in the parent of the current RenderFrameHost (as
   // the current RenderFrameHost itself doesn't yet have a document).
+  //
+  // TODO(https://crbug.com/1146651): We should not leak any information at all
+  // to the parent frame. Send a message directly to Devtools instead (without
+  // passing through a renderer): that can also contain more information (like
+  // the full blocked url).
   navigation_handle()->GetRenderFrameHost()->GetParent()->AddMessageToConsole(
       CONSOLE_MESSAGE_LEVEL_ERROR, message);
 }