[WebInstallAPI] 2/n: Add manifest URL fetcher [chromium/src : main]

0 views
Skip to first unread message

Daniel Murphy (Gerrit)

unread,
Jun 22, 2026, 5:36:41 PM (7 days ago) Jun 22
to Lia Hiscock, Daniel Murphy, Lu Huang, Mike West, android-bu...@system.gserviceaccount.com, Chromium LUCI CQ, chromium...@chromium.org, crmulli...@chromium.org, nicolas...@chromium.org, ramyagopa...@google.com, jorgel...@chromium.org, aixba+wat...@chromium.org, blink-re...@chromium.org, blink-revie...@chromium.org, blink-rev...@chromium.org, blink-revie...@chromium.org, blink-...@chromium.org, dibyapal+wa...@chromium.org, dmurph+watc...@chromium.org, ipc-securi...@chromium.org, japhet+...@chromium.org, jmedle...@chromium.org, kinuko...@chromium.org, kuragin+web-ap...@chromium.org, loyso...@chromium.org, mek+w...@chromium.org, mgiuca...@chromium.org, philli...@chromium.org, webap...@microsoft.com, zelin+watch-we...@chromium.org
Attention needed from Lia Hiscock and Mike West

Daniel Murphy voted and added 5 comments

Votes added by Daniel Murphy

Code-Review+1

5 comments

File chrome/browser/web_applications/web_install_manifest_fetcher.cc
Line 120, Patchset 14 (Latest): // Manifest URLs that redirect are not supported. Abort the download
Daniel Murphy . unresolved

side note: I could see us allowing same-origin redirect, to help with versioning (e.g. app.com/manifest.json -> app.com/manifest_v1.2.json), but IDK if that conflicts with restrictions you have planned.

File chrome/browser/web_applications/web_install_manifest_fetcher_unittest.cc
Line 87, Patchset 14 (Latest): EXPECT_THAT(future.Take(), ValueIs(Eq(kValidManifestJson)));
Daniel Murphy . unresolved

nit: ASSERT_TRUE(future.Wait());, then expect_that

this makes it so it doesn't crash if it is a timeout

here and elsewhere

File chrome/browser/web_applications/web_install_service_impl.h
Line 238, Patchset 14 (Latest): std::unique_ptr<WebInstallManifestFetcher> manifest_fetcher_;
Daniel Murphy . unresolved

forward declar

Line 16, Patchset 14 (Latest):#include "chrome/browser/web_applications/web_install_manifest_fetcher.h"
Daniel Murphy . unresolved

prefer to have a dedicated file for the result, instead of an inner class. you can likely put it in the model/ subdir

File chrome/browser/web_applications/web_install_service_impl.cc
Line 323, Patchset 6: if (!install_target.SchemeIsHTTPOrHTTPS()) {
Lu Huang . unresolved

Why is HTTP ok?

Lia Hiscock

hmm...so for the install_url flow, HTTP gets excluded because WebAppDataRetriever [sets `check_eligibility = true`](https://source.chromium.org/chromium/chromium/src/+/main:chrome/browser/web_applications/web_contents/web_app_data_retriever.cc;l=181?q=web_app_data_retriever.cc&ss=chromium%2Fchromium%2Fsrc) when it asks the InstallableManager for the page manifest, which traces to [InstallableEvaluator::CheckEligibility](https://source.chromium.org/chromium/chromium/src/+/main:components/webapps/browser/installable/installable_evaluator.cc;l=270)

but I'm realizing since we're not using the data retriever, we actually do need to exclude HTTP on our own.

**Updated so we only allow HTTPS or http://localhost. Also added service_impl unittest coverage**

Lu Huang

Ack - but why allow localhost? Is there a similar example elsewhere?

Lia Hiscock

yeah it's explicitly treated as trustworthy by the web app [`installable_evaluator`](https://source.chromium.org/chromium/chromium/src/+/main:components/webapps/browser/installable/installable_evaluator.cc;l=317-323?q=installable_evaluator.cc&ss=chromium). This enables devs to do local testing, also pretty sure browsertests use localhost to install test apps?

Here's the spec text too on [secure contexts - 5.2. localhost](https://www.w3.org/TR/secure-contexts/#localhost)

Lu Huang

I'll leave the choice here to Dan.

Sorry I was more pointing at the http:// part of the http://localhost. In browser tests we do use https test servers when necessary so I don't know if testing is a good enough reason to special case http://localhost. If we require https, whether it's localhost then doesn't matter.

Daniel Murphy

:shrug: seems fine to allow http on localhost, it matches our existing behavior I believe.

Open in Gerrit

Related details

Attention is currently required from:
  • Lia Hiscock
  • Mike West
Submit Requirements:
  • requirement satisfiedCode-Coverage
  • requirement is not satisfiedCode-Owners
  • requirement satisfiedCode-Review
  • requirement is not satisfiedNo-Unresolved-Comments
  • requirement satisfiedReview-Enforcement
Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
Gerrit-MessageType: comment
Gerrit-Project: chromium/src
Gerrit-Branch: main
Gerrit-Change-Id: I5d8de7ade78813e425a971438ee32d7325f12ddd
Gerrit-Change-Number: 7960357
Gerrit-PatchSet: 14
Gerrit-Owner: Lia Hiscock <liahi...@microsoft.com>
Gerrit-Reviewer: Daniel Murphy <dmu...@chromium.org>
Gerrit-Reviewer: Lia Hiscock <liahi...@microsoft.com>
Gerrit-Reviewer: Lu Huang <lu...@microsoft.com>
Gerrit-Reviewer: Mike West <mk...@chromium.org>
Gerrit-Attention: Lia Hiscock <liahi...@microsoft.com>
Gerrit-Attention: Mike West <mk...@chromium.org>
Gerrit-Comment-Date: Mon, 22 Jun 2026 21:36:21 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: Yes
Comment-In-Reply-To: Lu Huang <lu...@microsoft.com>
Comment-In-Reply-To: Lia Hiscock <liahi...@microsoft.com>
satisfied_requirement
unsatisfied_requirement
open
diffy

Lia Hiscock (Gerrit)

unread,
Jun 22, 2026, 7:37:08 PM (7 days ago) Jun 22
to Daniel Murphy, Lu Huang, Mike West, android-bu...@system.gserviceaccount.com, Chromium LUCI CQ, chromium...@chromium.org, crmulli...@chromium.org, nicolas...@chromium.org, ramyagopa...@google.com, jorgel...@chromium.org, aixba+wat...@chromium.org, blink-re...@chromium.org, blink-revie...@chromium.org, blink-rev...@chromium.org, blink-revie...@chromium.org, blink-...@chromium.org, dibyapal+wa...@chromium.org, dmurph+watc...@chromium.org, ipc-securi...@chromium.org, japhet+...@chromium.org, jmedle...@chromium.org, kinuko...@chromium.org, kuragin+web-ap...@chromium.org, loyso...@chromium.org, mek+w...@chromium.org, mgiuca...@chromium.org, philli...@chromium.org, webap...@microsoft.com, zelin+watch-we...@chromium.org
Attention needed from Daniel Murphy, Lu Huang and Mike West

Lia Hiscock voted and added 5 comments

Votes added by Lia Hiscock

Commit-Queue+1

5 comments

File chrome/browser/web_applications/web_install_manifest_fetcher.cc
Line 120, Patchset 14: // Manifest URLs that redirect are not supported. Abort the download
Daniel Murphy . resolved

side note: I could see us allowing same-origin redirect, to help with versioning (e.g. app.com/manifest.json -> app.com/manifest_v1.2.json), but IDK if that conflicts with restrictions you have planned.

Lia Hiscock

Acknowledged - no known conflicts ATM. Tracking as a followup for simplicity - https://issues.chromium.org/issues/526696765

File chrome/browser/web_applications/web_install_manifest_fetcher_unittest.cc
Line 87, Patchset 14: EXPECT_THAT(future.Take(), ValueIs(Eq(kValidManifestJson)));
Daniel Murphy . resolved

nit: ASSERT_TRUE(future.Wait());, then expect_that

this makes it so it doesn't crash if it is a timeout

here and elsewhere

Lia Hiscock

Acknowledged

File chrome/browser/web_applications/web_install_service_impl.h
Line 238, Patchset 14: std::unique_ptr<WebInstallManifestFetcher> manifest_fetcher_;
Daniel Murphy . resolved

forward declar

Lia Hiscock

Done

Line 16, Patchset 14:#include "chrome/browser/web_applications/web_install_manifest_fetcher.h"
Daniel Murphy . resolved

prefer to have a dedicated file for the result, instead of an inner class. you can likely put it in the model/ subdir

Lia Hiscock

Done

File chrome/browser/web_applications/web_install_service_impl.cc
Line 323, Patchset 6: if (!install_target.SchemeIsHTTPOrHTTPS()) {
Lu Huang . resolved

Why is HTTP ok?

Lia Hiscock

hmm...so for the install_url flow, HTTP gets excluded because WebAppDataRetriever [sets `check_eligibility = true`](https://source.chromium.org/chromium/chromium/src/+/main:chrome/browser/web_applications/web_contents/web_app_data_retriever.cc;l=181?q=web_app_data_retriever.cc&ss=chromium%2Fchromium%2Fsrc) when it asks the InstallableManager for the page manifest, which traces to [InstallableEvaluator::CheckEligibility](https://source.chromium.org/chromium/chromium/src/+/main:components/webapps/browser/installable/installable_evaluator.cc;l=270)

but I'm realizing since we're not using the data retriever, we actually do need to exclude HTTP on our own.

**Updated so we only allow HTTPS or http://localhost. Also added service_impl unittest coverage**

Lu Huang

Ack - but why allow localhost? Is there a similar example elsewhere?

Lia Hiscock

yeah it's explicitly treated as trustworthy by the web app [`installable_evaluator`](https://source.chromium.org/chromium/chromium/src/+/main:components/webapps/browser/installable/installable_evaluator.cc;l=317-323?q=installable_evaluator.cc&ss=chromium). This enables devs to do local testing, also pretty sure browsertests use localhost to install test apps?

Here's the spec text too on [secure contexts - 5.2. localhost](https://www.w3.org/TR/secure-contexts/#localhost)

Lu Huang

I'll leave the choice here to Dan.

Sorry I was more pointing at the http:// part of the http://localhost. In browser tests we do use https test servers when necessary so I don't know if testing is a good enough reason to special case http://localhost. If we require https, whether it's localhost then doesn't matter.

Daniel Murphy

:shrug: seems fine to allow http on localhost, it matches our existing behavior I believe.

Lia Hiscock
ACK - leaving as is then. And yes, per the [installable_evaluator](https://source.chromium.org/chromium/chromium/src/+/main:components/webapps/browser/installable/installable_evaluator.cc;l=317-323?q=installable_evaluator.cc&ss=chromium) -
```
bool InstallableEvaluator::IsOriginConsideredSecure(const GURL& url) {
auto origin = url::Origin::Create(url);
auto* webapps_client = webapps::WebappsClient::Get();
return (webapps_client && webapps_client->IsOriginConsideredSecure(origin)) ||
--> net::IsLocalhost(url) ||
network::SecureOriginAllowlist::GetInstance().IsOriginAllowlisted(
origin);
```
Open in Gerrit

Related details

Attention is currently required from:
  • Daniel Murphy
  • Lu Huang
  • Mike West
Submit Requirements:
    • requirement satisfiedCode-Coverage
    • requirement is not satisfiedCode-Owners
    • requirement is not satisfiedCode-Review
    • requirement is not satisfiedNo-Unresolved-Comments
    • requirement is not satisfiedReview-Enforcement
    Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
    Gerrit-MessageType: comment
    Gerrit-Project: chromium/src
    Gerrit-Branch: main
    Gerrit-Change-Id: I5d8de7ade78813e425a971438ee32d7325f12ddd
    Gerrit-Change-Number: 7960357
    Gerrit-PatchSet: 15
    Gerrit-Owner: Lia Hiscock <liahi...@microsoft.com>
    Gerrit-Reviewer: Daniel Murphy <dmu...@chromium.org>
    Gerrit-Reviewer: Lia Hiscock <liahi...@microsoft.com>
    Gerrit-Reviewer: Lu Huang <lu...@microsoft.com>
    Gerrit-Reviewer: Mike West <mk...@chromium.org>
    Gerrit-Attention: Lu Huang <lu...@microsoft.com>
    Gerrit-Attention: Daniel Murphy <dmu...@chromium.org>
    Gerrit-Attention: Mike West <mk...@chromium.org>
    Gerrit-Comment-Date: Mon, 22 Jun 2026 23:36:50 +0000
    Gerrit-HasComments: Yes
    Gerrit-Has-Labels: Yes
    Comment-In-Reply-To: Lu Huang <lu...@microsoft.com>
    Comment-In-Reply-To: Daniel Murphy <dmu...@chromium.org>
    Comment-In-Reply-To: Lia Hiscock <liahi...@microsoft.com>
    satisfied_requirement
    unsatisfied_requirement
    open
    diffy

    Lia Hiscock (Gerrit)

    unread,
    Jun 22, 2026, 7:37:32 PM (7 days ago) Jun 22
    to Daniel Murphy, Lu Huang, Mike West, android-bu...@system.gserviceaccount.com, Chromium LUCI CQ, chromium...@chromium.org, crmulli...@chromium.org, nicolas...@chromium.org, ramyagopa...@google.com, jorgel...@chromium.org, aixba+wat...@chromium.org, blink-re...@chromium.org, blink-revie...@chromium.org, blink-rev...@chromium.org, blink-revie...@chromium.org, blink-...@chromium.org, dibyapal+wa...@chromium.org, dmurph+watc...@chromium.org, ipc-securi...@chromium.org, japhet+...@chromium.org, jmedle...@chromium.org, kinuko...@chromium.org, kuragin+web-ap...@chromium.org, loyso...@chromium.org, mek+w...@chromium.org, mgiuca...@chromium.org, philli...@chromium.org, webap...@microsoft.com, zelin+watch-we...@chromium.org
    Attention needed from Daniel Murphy, Lu Huang and Mike West

    Lia Hiscock added 1 comment

    Patchset-level comments
    File-level comment, Patchset 8:
    Lu Huang . resolved

    Looks good for more reviewers. Thanks!

    Lia Hiscock

    Done

    Open in Gerrit

    Related details

    Attention is currently required from:
    • Daniel Murphy
    • Lu Huang
    • Mike West
    Submit Requirements:
      • requirement satisfiedCode-Coverage
      • requirement is not satisfiedCode-Owners
      • requirement is not satisfiedCode-Review
      • requirement is not satisfiedReview-Enforcement
      Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
      Gerrit-MessageType: comment
      Gerrit-Project: chromium/src
      Gerrit-Branch: main
      Gerrit-Change-Id: I5d8de7ade78813e425a971438ee32d7325f12ddd
      Gerrit-Change-Number: 7960357
      Gerrit-PatchSet: 15
      Gerrit-Owner: Lia Hiscock <liahi...@microsoft.com>
      Gerrit-Reviewer: Daniel Murphy <dmu...@chromium.org>
      Gerrit-Reviewer: Lia Hiscock <liahi...@microsoft.com>
      Gerrit-Reviewer: Lu Huang <lu...@microsoft.com>
      Gerrit-Reviewer: Mike West <mk...@chromium.org>
      Gerrit-Attention: Lu Huang <lu...@microsoft.com>
      Gerrit-Attention: Daniel Murphy <dmu...@chromium.org>
      Gerrit-Attention: Mike West <mk...@chromium.org>
      Gerrit-Comment-Date: Mon, 22 Jun 2026 23:37:17 +0000
      Gerrit-HasComments: Yes
      Gerrit-Has-Labels: No
      Comment-In-Reply-To: Lu Huang <lu...@microsoft.com>
      satisfied_requirement
      unsatisfied_requirement
      open
      diffy

      Mike West (Gerrit)

      unread,
      Jun 23, 2026, 3:35:14 AM (6 days ago) Jun 23
      to Lia Hiscock, Daniel Murphy, Lu Huang, android-bu...@system.gserviceaccount.com, Chromium LUCI CQ, chromium...@chromium.org, crmulli...@chromium.org, nicolas...@chromium.org, ramyagopa...@google.com, jorgel...@chromium.org, aixba+wat...@chromium.org, blink-re...@chromium.org, blink-revie...@chromium.org, blink-rev...@chromium.org, blink-revie...@chromium.org, blink-...@chromium.org, dibyapal+wa...@chromium.org, dmurph+watc...@chromium.org, ipc-securi...@chromium.org, japhet+...@chromium.org, jmedle...@chromium.org, kinuko...@chromium.org, kuragin+web-ap...@chromium.org, loyso...@chromium.org, mek+w...@chromium.org, mgiuca...@chromium.org, philli...@chromium.org, webap...@microsoft.com, zelin+watch-we...@chromium.org
      Attention needed from Daniel Murphy, Lia Hiscock and Lu Huang

      Mike West voted and added 1 comment

      Votes added by Mike West

      Code-Review+1

      1 comment

      Patchset-level comments
      File-level comment, Patchset 17 (Latest):
      Mike West . resolved

      annotations LGTM. I skimmed the rest and it looked reasonable, but I'm mostly relying on Dan's review of //c/b/web_applications

      Open in Gerrit

      Related details

      Attention is currently required from:
      • Daniel Murphy
      • Lia Hiscock
      • Lu Huang
      Submit Requirements:
        • requirement satisfiedCode-Coverage
        • requirement is not satisfiedCode-Owners
        • requirement satisfiedCode-Review
        • requirement is not satisfiedReview-Enforcement
        Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
        Gerrit-MessageType: comment
        Gerrit-Project: chromium/src
        Gerrit-Branch: main
        Gerrit-Change-Id: I5d8de7ade78813e425a971438ee32d7325f12ddd
        Gerrit-Change-Number: 7960357
        Gerrit-PatchSet: 17
        Gerrit-Owner: Lia Hiscock <liahi...@microsoft.com>
        Gerrit-Reviewer: Daniel Murphy <dmu...@chromium.org>
        Gerrit-Reviewer: Lia Hiscock <liahi...@microsoft.com>
        Gerrit-Reviewer: Lu Huang <lu...@microsoft.com>
        Gerrit-Reviewer: Mike West <mk...@chromium.org>
        Gerrit-Attention: Lu Huang <lu...@microsoft.com>
        Gerrit-Attention: Daniel Murphy <dmu...@chromium.org>
        Gerrit-Attention: Lia Hiscock <liahi...@microsoft.com>
        Gerrit-Comment-Date: Tue, 23 Jun 2026 07:34:53 +0000
        Gerrit-HasComments: Yes
        Gerrit-Has-Labels: Yes
        satisfied_requirement
        unsatisfied_requirement
        open
        diffy

        Daniel Murphy (Gerrit)

        unread,
        Jun 23, 2026, 5:47:38 PM (6 days ago) Jun 23
        to Lia Hiscock, Daniel Murphy, Mike West, Lu Huang, android-bu...@system.gserviceaccount.com, Chromium LUCI CQ, chromium...@chromium.org, crmulli...@chromium.org, nicolas...@chromium.org, ramyagopa...@google.com, jorgel...@chromium.org, aixba+wat...@chromium.org, blink-re...@chromium.org, blink-revie...@chromium.org, blink-rev...@chromium.org, blink-revie...@chromium.org, blink-...@chromium.org, dibyapal+wa...@chromium.org, dmurph+watc...@chromium.org, ipc-securi...@chromium.org, japhet+...@chromium.org, jmedle...@chromium.org, kinuko...@chromium.org, kuragin+web-ap...@chromium.org, loyso...@chromium.org, mek+w...@chromium.org, mgiuca...@chromium.org, philli...@chromium.org, webap...@microsoft.com, zelin+watch-we...@chromium.org
        Attention needed from Lia Hiscock

        Daniel Murphy voted Code-Review+1

        Code-Review+1
        Open in Gerrit

        Related details

        Attention is currently required from:
        • Lia Hiscock
        Submit Requirements:
        • requirement satisfiedCode-Coverage
        • requirement satisfiedCode-Owners
        • requirement satisfiedCode-Review
        • requirement satisfiedReview-Enforcement
        Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
        Gerrit-MessageType: comment
        Gerrit-Project: chromium/src
        Gerrit-Branch: main
        Gerrit-Change-Id: I5d8de7ade78813e425a971438ee32d7325f12ddd
        Gerrit-Change-Number: 7960357
        Gerrit-PatchSet: 17
        Gerrit-Owner: Lia Hiscock <liahi...@microsoft.com>
        Gerrit-Reviewer: Daniel Murphy <dmu...@chromium.org>
        Gerrit-Reviewer: Lia Hiscock <liahi...@microsoft.com>
        Gerrit-Reviewer: Lu Huang <lu...@microsoft.com>
        Gerrit-Reviewer: Mike West <mk...@chromium.org>
        Gerrit-Attention: Lia Hiscock <liahi...@microsoft.com>
        Gerrit-Comment-Date: Tue, 23 Jun 2026 21:47:18 +0000
        Gerrit-HasComments: No
        Gerrit-Has-Labels: Yes
        satisfied_requirement
        open
        diffy

        Lia Hiscock (Gerrit)

        unread,
        Jun 23, 2026, 6:13:33 PM (6 days ago) Jun 23
        to Daniel Murphy, Mike West, Lu Huang, android-bu...@system.gserviceaccount.com, Chromium LUCI CQ, chromium...@chromium.org, crmulli...@chromium.org, nicolas...@chromium.org, ramyagopa...@google.com, jorgel...@chromium.org, aixba+wat...@chromium.org, blink-re...@chromium.org, blink-revie...@chromium.org, blink-rev...@chromium.org, blink-revie...@chromium.org, blink-...@chromium.org, dibyapal+wa...@chromium.org, dmurph+watc...@chromium.org, ipc-securi...@chromium.org, japhet+...@chromium.org, jmedle...@chromium.org, kinuko...@chromium.org, kuragin+web-ap...@chromium.org, loyso...@chromium.org, mek+w...@chromium.org, mgiuca...@chromium.org, philli...@chromium.org, webap...@microsoft.com, zelin+watch-we...@chromium.org

        Lia Hiscock voted Commit-Queue+2

        Commit-Queue+2
        Open in Gerrit

        Related details

        Attention set is empty
        Submit Requirements:
        • requirement satisfiedCode-Coverage
        • requirement satisfiedCode-Owners
        • requirement satisfiedCode-Review
        • requirement satisfiedReview-Enforcement
        Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
        Gerrit-MessageType: comment
        Gerrit-Project: chromium/src
        Gerrit-Branch: main
        Gerrit-Change-Id: I5d8de7ade78813e425a971438ee32d7325f12ddd
        Gerrit-Change-Number: 7960357
        Gerrit-PatchSet: 18
        Gerrit-Owner: Lia Hiscock <liahi...@microsoft.com>
        Gerrit-Reviewer: Daniel Murphy <dmu...@chromium.org>
        Gerrit-Reviewer: Lia Hiscock <liahi...@microsoft.com>
        Gerrit-Reviewer: Lu Huang <lu...@microsoft.com>
        Gerrit-Reviewer: Mike West <mk...@chromium.org>
        Gerrit-Comment-Date: Tue, 23 Jun 2026 22:13:15 +0000
        Gerrit-HasComments: No
        Gerrit-Has-Labels: Yes
        satisfied_requirement
        open
        diffy

        Chromium LUCI CQ (Gerrit)

        unread,
        Jun 23, 2026, 6:39:27 PM (6 days ago) Jun 23
        to Lia Hiscock, Daniel Murphy, Mike West, Lu Huang, android-bu...@system.gserviceaccount.com, chromium...@chromium.org, crmulli...@chromium.org, nicolas...@chromium.org, ramyagopa...@google.com, jorgel...@chromium.org, aixba+wat...@chromium.org, blink-re...@chromium.org, blink-revie...@chromium.org, blink-rev...@chromium.org, blink-revie...@chromium.org, blink-...@chromium.org, dibyapal+wa...@chromium.org, dmurph+watc...@chromium.org, ipc-securi...@chromium.org, japhet+...@chromium.org, jmedle...@chromium.org, kinuko...@chromium.org, kuragin+web-ap...@chromium.org, loyso...@chromium.org, mek+w...@chromium.org, mgiuca...@chromium.org, philli...@chromium.org, webap...@microsoft.com, zelin+watch-we...@chromium.org

        Chromium LUCI CQ submitted the change

        Unreviewed changes

        17 is the latest approved patch-set.
        No files were changed between the latest approved patch-set and the submitted one.

        Change information

        Commit message:
        [WebInstallAPI] 2/n: Add manifest URL fetcher

        Introduce WebInstallManifestFetcher, a class that downloads web app
        manifest JSON from a URL using SimpleURLLoader. This supports the
        manifest-first install flow where a page provides a manifest URL via
        navigator.install() or an <install> element.

        The fetcher:
        - Downloads manifest content up to a 5MB size limit
        - Rejects redirecting manifest URLs
        - Retries up to 3 times on 5xx errors and network changes
        - Omits cookies from requests
        - Returns raw manifest content without parsing

        Wire the fetcher into WebInstallServiceImpl::InstallFromManifest,
        introducing InstallFromManifestInternal (parallel of InstallInternal)
        which wraps the mojo callback and auto-releases the install-in-progress
        guard on every exit path. Non-HTTPS URLs (excluding localhost) are
        rejected early with kDataError. Fetch failures also return kDataError.

        Manifest parsing will be 3/n.

        Dev design doc -
        https://docs.google.com/document/d/1rGvLhD4SR8Y9M1wVmqgyesPNkbZGU7HOqlttjEFJ5Vo/edit?tab=t.eiywj6swkfs6#bookmark=id.g6hjyl26llpy

        Explainer - aka.ms/WebInstall
        Low-Coverage-Reason: TESTS_IN_SEPARATE_CL See next CL in relation chain
        Bug: 333795265
        Change-Id: I5d8de7ade78813e425a971438ee32d7325f12ddd
        Include-Ci-Only-Tests: chromium.mac:mac15-x64-rel-tests|browser_tests
        Reviewed-by: Daniel Murphy <dmu...@chromium.org>
        Reviewed-by: Mike West <mk...@chromium.org>
        Commit-Queue: Lia Hiscock <liahi...@microsoft.com>
        Cr-Commit-Position: refs/heads/main@{#1651337}
        Files:
        • M chrome/browser/web_applications/BUILD.gn
        • A chrome/browser/web_applications/model/web_install_manifest_fetch_error.h
        • A chrome/browser/web_applications/web_install_manifest_fetcher.cc
        • A chrome/browser/web_applications/web_install_manifest_fetcher.h
        • A chrome/browser/web_applications/web_install_manifest_fetcher_unittest.cc
        • M chrome/browser/web_applications/web_install_service_impl.cc
        • M chrome/browser/web_applications/web_install_service_impl.h
        • M chrome/browser/web_applications/web_install_service_impl_unittest.cc
        • M tools/traffic_annotation/summary/annotations.xml
        • M tools/traffic_annotation/summary/grouping.xml
        Change size: L
        Delta: 10 files changed, 593 insertions(+), 2 deletions(-)
        Branch: refs/heads/main
        Submit Requirements:
        • requirement satisfiedCode-Review: +1 by Daniel Murphy, +1 by Mike West
        Open in Gerrit
        Inspect html for hidden footers to help with email filtering. To unsubscribe visit settings. DiffyGerrit
        Gerrit-MessageType: merged
        Gerrit-Project: chromium/src
        Gerrit-Branch: main
        Gerrit-Change-Id: I5d8de7ade78813e425a971438ee32d7325f12ddd
        Gerrit-Change-Number: 7960357
        Gerrit-PatchSet: 19
        Gerrit-Owner: Lia Hiscock <liahi...@microsoft.com>
        Gerrit-Reviewer: Chromium LUCI CQ <chromiu...@luci-project-accounts.iam.gserviceaccount.com>
        Gerrit-Reviewer: Daniel Murphy <dmu...@chromium.org>
        Gerrit-Reviewer: Lia Hiscock <liahi...@microsoft.com>
        Gerrit-Reviewer: Lu Huang <lu...@microsoft.com>
        Gerrit-Reviewer: Mike West <mk...@chromium.org>
        open
        diffy
        satisfied_requirement
        Reply all
        Reply to author
        Forward
        0 new messages