diff options
| author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2021-09-01 11:08:40 +0200 |
|---|---|---|
| committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2021-10-01 12:16:21 +0000 |
| commit | 03c549e0392f92c02536d3f86d5e1d8dfa3435ac (patch) | |
| tree | fe49d170a929b34ba82cd10db1a0bd8e3760fa4b /chromium/components/content_settings | |
| parent | 5d013f5804a0d91fcf6c626b2d6fb6eca5c845b0 (diff) | |
| download | qtwebengine-chromium-03c549e0392f92c02536d3f86d5e1d8dfa3435ac.tar.gz | |
BASELINE: Update Chromium to 91.0.4472.160
Change-Id: I0def1f08a2412aeed79a9ab95dd50eb5c3f65f31
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Diffstat (limited to 'chromium/components/content_settings')
21 files changed, 304 insertions, 382 deletions
diff --git a/chromium/components/content_settings/android/BUILD.gn b/chromium/components/content_settings/android/BUILD.gn index ef3b5ba4281..b744eb1eec8 100644 --- a/chromium/components/content_settings/android/BUILD.gn +++ b/chromium/components/content_settings/android/BUILD.gn @@ -16,7 +16,6 @@ android_library("java") { deps = [ ":content_settings_enums_java", "//base:base_java", - "//base:jni_java", "//components/embedder_support/android:browser_context_java", "//content/public/android:content_java", "//third_party/androidx:androidx_annotation_annotation_java", diff --git a/chromium/components/content_settings/browser/page_specific_content_settings_unittest.cc b/chromium/components/content_settings/browser/page_specific_content_settings_unittest.cc index f44d78df1e2..e36561cd1ba 100644 --- a/chromium/components/content_settings/browser/page_specific_content_settings_unittest.cc +++ b/chromium/components/content_settings/browser/page_specific_content_settings_unittest.cc @@ -4,9 +4,10 @@ #include "components/content_settings/browser/page_specific_content_settings.h" +#include <string> + #include "base/macros.h" #include "base/optional.h" -#include "base/strings/string16.h" #include "base/strings/utf_string_conversions.h" #include "build/build_config.h" #include "components/content_settings/browser/test_page_specific_content_settings_delegate.h" diff --git a/chromium/components/content_settings/browser/test_page_specific_content_settings_delegate.cc b/chromium/components/content_settings/browser/test_page_specific_content_settings_delegate.cc index f0e6c93bd8e..579799bba14 100644 --- a/chromium/components/content_settings/browser/test_page_specific_content_settings_delegate.cc +++ b/chromium/components/content_settings/browser/test_page_specific_content_settings_delegate.cc @@ -3,6 +3,7 @@ // found in the LICENSE file. #include "components/content_settings/browser/test_page_specific_content_settings_delegate.h" +#include "base/callback_helpers.h" namespace content_settings { diff --git a/chromium/components/content_settings/browser/ui/cookie_controls_controller.cc b/chromium/components/content_settings/browser/ui/cookie_controls_controller.cc index ba68ae1d3b2..2676603a847 100644 --- a/chromium/components/content_settings/browser/ui/cookie_controls_controller.cc +++ b/chromium/components/content_settings/browser/ui/cookie_controls_controller.cc @@ -109,7 +109,8 @@ void CookieControlsController::OnCookieBlockingEnabledForSite( bool CookieControlsController::FirstPartyCookiesBlocked() { const GURL& url = GetWebContents()->GetURL(); - return !cookie_settings_->IsCookieAccessAllowed(url, url, base::nullopt); + return !cookie_settings_->IsCookieAccessAllowed(url, url, + url::Origin::Create(url)); } int CookieControlsController::GetAllowedCookieCount() { diff --git a/chromium/components/content_settings/core/browser/content_settings_policy_provider.cc b/chromium/components/content_settings/core/browser/content_settings_policy_provider.cc index 383e27fdf0a..7d8f647e848 100644 --- a/chromium/components/content_settings/core/browser/content_settings_policy_provider.cc +++ b/chromium/components/content_settings/core/browser/content_settings_policy_provider.cc @@ -9,9 +9,8 @@ #include <string> #include "base/bind.h" -#include "base/feature_list.h" +#include "base/containers/contains.h" #include "base/json/json_reader.h" -#include "base/stl_util.h" #include "base/values.h" #include "components/content_settings/core/browser/content_settings_info.h" #include "components/content_settings/core/browser/content_settings_registry.h" @@ -32,7 +31,7 @@ struct PrefsForManagedContentSettingsMapEntry { ContentSetting setting; }; -const PrefsForManagedContentSettingsMapEntry +constexpr PrefsForManagedContentSettingsMapEntry kPrefsForManagedContentSettingsMap[] = { {prefs::kManagedCookiesAllowedForUrls, ContentSettingsType::COOKIES, CONTENT_SETTING_ALLOW}, @@ -64,6 +63,10 @@ const PrefsForManagedContentSettingsMapEntry CONTENT_SETTING_ASK}, {prefs::kManagedWebUsbBlockedForUrls, ContentSettingsType::USB_GUARD, CONTENT_SETTING_BLOCK}, + {prefs::kManagedFileHandlingAllowedForUrls, + ContentSettingsType::FILE_HANDLING, CONTENT_SETTING_ALLOW}, + {prefs::kManagedFileHandlingBlockedForUrls, + ContentSettingsType::FILE_HANDLING, CONTENT_SETTING_BLOCK}, {prefs::kManagedFileSystemReadAskForUrls, ContentSettingsType::FILE_SYSTEM_READ_GUARD, CONTENT_SETTING_ASK}, {prefs::kManagedFileSystemReadBlockedForUrls, @@ -86,6 +89,65 @@ const PrefsForManagedContentSettingsMapEntry ContentSettingsType::INSECURE_PRIVATE_NETWORK, CONTENT_SETTING_ALLOW}, }; +constexpr const char* kManagedPrefs[] = { + prefs::kManagedAutoSelectCertificateForUrls, + prefs::kManagedCookiesAllowedForUrls, + prefs::kManagedCookiesBlockedForUrls, + prefs::kManagedCookiesSessionOnlyForUrls, + prefs::kManagedFileHandlingAllowedForUrls, + prefs::kManagedFileHandlingBlockedForUrls, + prefs::kManagedFileSystemReadAskForUrls, + prefs::kManagedFileSystemReadBlockedForUrls, + prefs::kManagedFileSystemWriteAskForUrls, + prefs::kManagedFileSystemWriteBlockedForUrls, + prefs::kManagedImagesAllowedForUrls, + prefs::kManagedImagesBlockedForUrls, + prefs::kManagedInsecureContentAllowedForUrls, + prefs::kManagedInsecureContentBlockedForUrls, + prefs::kManagedInsecurePrivateNetworkAllowedForUrls, + prefs::kManagedJavaScriptAllowedForUrls, + prefs::kManagedJavaScriptBlockedForUrls, + prefs::kManagedLegacyCookieAccessAllowedForDomains, + prefs::kManagedNotificationsAllowedForUrls, + prefs::kManagedNotificationsBlockedForUrls, + prefs::kManagedPopupsAllowedForUrls, + prefs::kManagedPopupsBlockedForUrls, + prefs::kManagedSensorsAllowedForUrls, + prefs::kManagedSensorsBlockedForUrls, + prefs::kManagedSerialAskForUrls, + prefs::kManagedSerialBlockedForUrls, + prefs::kManagedWebUsbAllowDevicesForUrls, + prefs::kManagedWebUsbAskForUrls, + prefs::kManagedWebUsbBlockedForUrls, +}; + +// The following preferences are only used to indicate if a default content +// setting is managed and to hold the managed default setting value. If the +// value for any of the following preferences is set then the corresponding +// default content setting is managed. These preferences exist in parallel to +// the preference default content settings. If a default content settings type +// is managed any user defined exceptions (patterns) for this type are ignored. +constexpr const char* kManagedDefaultPrefs[] = { + prefs::kManagedDefaultAdsSetting, + prefs::kManagedDefaultCookiesSetting, + prefs::kManagedDefaultFileHandlingGuardSetting, + prefs::kManagedDefaultFileSystemReadGuardSetting, + prefs::kManagedDefaultFileSystemWriteGuardSetting, + prefs::kManagedDefaultGeolocationSetting, + prefs::kManagedDefaultImagesSetting, + prefs::kManagedDefaultInsecureContentSetting, + prefs::kManagedDefaultInsecurePrivateNetworkSetting, + prefs::kManagedDefaultJavaScriptSetting, + prefs::kManagedDefaultLegacyCookieAccessSetting, + prefs::kManagedDefaultMediaStreamSetting, + prefs::kManagedDefaultNotificationsSetting, + prefs::kManagedDefaultPopupsSetting, + prefs::kManagedDefaultSensorsSetting, + prefs::kManagedDefaultSerialGuardSetting, + prefs::kManagedDefaultWebBluetoothGuardSetting, + prefs::kManagedDefaultWebUsbGuardSetting, +}; + } // namespace namespace content_settings { @@ -120,6 +182,8 @@ const PolicyProvider::PrefsForManagedDefaultMapEntry prefs::kManagedDefaultWebBluetoothGuardSetting}, {ContentSettingsType::USB_GUARD, prefs::kManagedDefaultWebUsbGuardSetting}, + {ContentSettingsType::FILE_HANDLING, + prefs::kManagedDefaultFileHandlingGuardSetting}, {ContentSettingsType::FILE_SYSTEM_READ_GUARD, prefs::kManagedDefaultFileSystemReadGuardSetting}, {ContentSettingsType::FILE_SYSTEM_WRITE_GUARD, @@ -136,75 +200,13 @@ const PolicyProvider::PrefsForManagedDefaultMapEntry // static void PolicyProvider::RegisterProfilePrefs( user_prefs::PrefRegistrySyncable* registry) { - registry->RegisterListPref(prefs::kManagedAutoSelectCertificateForUrls); - registry->RegisterListPref(prefs::kManagedCookiesAllowedForUrls); - registry->RegisterListPref(prefs::kManagedCookiesBlockedForUrls); - registry->RegisterListPref(prefs::kManagedCookiesSessionOnlyForUrls); - registry->RegisterListPref(prefs::kManagedImagesAllowedForUrls); - registry->RegisterListPref(prefs::kManagedImagesBlockedForUrls); - registry->RegisterListPref(prefs::kManagedInsecureContentAllowedForUrls); - registry->RegisterListPref(prefs::kManagedInsecureContentBlockedForUrls); - registry->RegisterListPref(prefs::kManagedJavaScriptAllowedForUrls); - registry->RegisterListPref(prefs::kManagedJavaScriptBlockedForUrls); - registry->RegisterListPref(prefs::kManagedNotificationsAllowedForUrls); - registry->RegisterListPref(prefs::kManagedNotificationsBlockedForUrls); - registry->RegisterListPref(prefs::kManagedPopupsAllowedForUrls); - registry->RegisterListPref(prefs::kManagedPopupsBlockedForUrls); - registry->RegisterListPref(prefs::kManagedWebUsbAllowDevicesForUrls); - registry->RegisterListPref(prefs::kManagedWebUsbAskForUrls); - registry->RegisterListPref(prefs::kManagedWebUsbBlockedForUrls); - registry->RegisterListPref(prefs::kManagedFileSystemReadAskForUrls); - registry->RegisterListPref(prefs::kManagedFileSystemReadBlockedForUrls); - registry->RegisterListPref(prefs::kManagedFileSystemWriteAskForUrls); - registry->RegisterListPref(prefs::kManagedFileSystemWriteBlockedForUrls); - registry->RegisterListPref( - prefs::kManagedLegacyCookieAccessAllowedForDomains); - registry->RegisterListPref(prefs::kManagedSerialAskForUrls); - registry->RegisterListPref(prefs::kManagedSerialBlockedForUrls); - registry->RegisterListPref(prefs::kManagedSensorsAllowedForUrls); - registry->RegisterListPref(prefs::kManagedSensorsBlockedForUrls); - registry->RegisterListPref( - prefs::kManagedInsecurePrivateNetworkAllowedForUrls); + for (const char* pref : kManagedPrefs) + registry->RegisterListPref(pref); // Preferences for default content setting policies. If a policy is not set of // the corresponding preferences below is set to CONTENT_SETTING_DEFAULT. - registry->RegisterIntegerPref(prefs::kManagedDefaultAdsSetting, - CONTENT_SETTING_DEFAULT); - registry->RegisterIntegerPref(prefs::kManagedDefaultCookiesSetting, - CONTENT_SETTING_DEFAULT); - registry->RegisterIntegerPref(prefs::kManagedDefaultGeolocationSetting, - CONTENT_SETTING_DEFAULT); - registry->RegisterIntegerPref(prefs::kManagedDefaultImagesSetting, - CONTENT_SETTING_DEFAULT); - registry->RegisterIntegerPref(prefs::kManagedDefaultInsecureContentSetting, - CONTENT_SETTING_DEFAULT); - registry->RegisterIntegerPref(prefs::kManagedDefaultJavaScriptSetting, - CONTENT_SETTING_DEFAULT); - registry->RegisterIntegerPref(prefs::kManagedDefaultNotificationsSetting, - CONTENT_SETTING_DEFAULT); - registry->RegisterIntegerPref(prefs::kManagedDefaultMediaStreamSetting, - CONTENT_SETTING_DEFAULT); - registry->RegisterIntegerPref(prefs::kManagedDefaultPopupsSetting, - CONTENT_SETTING_DEFAULT); - registry->RegisterIntegerPref(prefs::kManagedDefaultWebBluetoothGuardSetting, - CONTENT_SETTING_DEFAULT); - registry->RegisterIntegerPref(prefs::kManagedDefaultWebUsbGuardSetting, - CONTENT_SETTING_DEFAULT); - registry->RegisterIntegerPref( - prefs::kManagedDefaultFileSystemReadGuardSetting, - CONTENT_SETTING_DEFAULT); - registry->RegisterIntegerPref( - prefs::kManagedDefaultFileSystemWriteGuardSetting, - CONTENT_SETTING_DEFAULT); - registry->RegisterIntegerPref(prefs::kManagedDefaultLegacyCookieAccessSetting, - CONTENT_SETTING_DEFAULT); - registry->RegisterIntegerPref(prefs::kManagedDefaultSerialGuardSetting, - CONTENT_SETTING_DEFAULT); - registry->RegisterIntegerPref(prefs::kManagedDefaultSensorsSetting, - CONTENT_SETTING_DEFAULT); - registry->RegisterIntegerPref( - prefs::kManagedDefaultInsecurePrivateNetworkSetting, - CONTENT_SETTING_DEFAULT); + for (const char* pref : kManagedDefaultPrefs) + registry->RegisterIntegerPref(pref, CONTENT_SETTING_DEFAULT); } PolicyProvider::PolicyProvider(PrefService* prefs) : prefs_(prefs) { @@ -214,79 +216,11 @@ PolicyProvider::PolicyProvider(PrefService* prefs) : prefs_(prefs) { pref_change_registrar_.Init(prefs_); PrefChangeRegistrar::NamedChangeCallback callback = base::BindRepeating( &PolicyProvider::OnPreferenceChanged, base::Unretained(this)); - pref_change_registrar_.Add( - prefs::kManagedAutoSelectCertificateForUrls, callback); - pref_change_registrar_.Add(prefs::kManagedCookiesAllowedForUrls, callback); - pref_change_registrar_.Add(prefs::kManagedCookiesBlockedForUrls, callback); - pref_change_registrar_.Add( - prefs::kManagedCookiesSessionOnlyForUrls, callback); - pref_change_registrar_.Add(prefs::kManagedImagesAllowedForUrls, callback); - pref_change_registrar_.Add(prefs::kManagedImagesBlockedForUrls, callback); - pref_change_registrar_.Add(prefs::kManagedInsecureContentAllowedForUrls, - callback); - pref_change_registrar_.Add(prefs::kManagedInsecureContentBlockedForUrls, - callback); - pref_change_registrar_.Add(prefs::kManagedJavaScriptAllowedForUrls, callback); - pref_change_registrar_.Add(prefs::kManagedJavaScriptBlockedForUrls, callback); - pref_change_registrar_.Add( - prefs::kManagedNotificationsAllowedForUrls, callback); - pref_change_registrar_.Add( - prefs::kManagedNotificationsBlockedForUrls, callback); - pref_change_registrar_.Add(prefs::kManagedPopupsAllowedForUrls, callback); - pref_change_registrar_.Add(prefs::kManagedPopupsBlockedForUrls, callback); - pref_change_registrar_.Add(prefs::kManagedWebUsbAskForUrls, callback); - pref_change_registrar_.Add(prefs::kManagedWebUsbBlockedForUrls, callback); - pref_change_registrar_.Add(prefs::kManagedFileSystemReadAskForUrls, callback); - pref_change_registrar_.Add(prefs::kManagedFileSystemReadBlockedForUrls, - callback); - pref_change_registrar_.Add(prefs::kManagedFileSystemWriteAskForUrls, - callback); - pref_change_registrar_.Add(prefs::kManagedFileSystemWriteBlockedForUrls, - callback); - pref_change_registrar_.Add(prefs::kManagedLegacyCookieAccessAllowedForDomains, - callback); - pref_change_registrar_.Add(prefs::kManagedSerialAskForUrls, callback); - pref_change_registrar_.Add(prefs::kManagedSerialBlockedForUrls, callback); - pref_change_registrar_.Add(prefs::kManagedSensorsAllowedForUrls, callback); - pref_change_registrar_.Add(prefs::kManagedSensorsBlockedForUrls, callback); - pref_change_registrar_.Add( - prefs::kManagedInsecurePrivateNetworkAllowedForUrls, callback); - - // The following preferences are only used to indicate if a default content - // setting is managed and to hold the managed default setting value. If the - // value for any of the following preferences is set then the corresponding - // default content setting is managed. These preferences exist in parallel to - // the preference default content settings. If a default content settings type - // is managed any user defined exceptions (patterns) for this type are - // ignored. - pref_change_registrar_.Add(prefs::kManagedDefaultAdsSetting, callback); - pref_change_registrar_.Add(prefs::kManagedDefaultCookiesSetting, callback); - pref_change_registrar_.Add( - prefs::kManagedDefaultGeolocationSetting, callback); - pref_change_registrar_.Add(prefs::kManagedDefaultImagesSetting, callback); - pref_change_registrar_.Add(prefs::kManagedDefaultInsecureContentSetting, - callback); - pref_change_registrar_.Add(prefs::kManagedDefaultJavaScriptSetting, callback); - pref_change_registrar_.Add( - prefs::kManagedDefaultNotificationsSetting, callback); - pref_change_registrar_.Add( - prefs::kManagedDefaultMediaStreamSetting, callback); - pref_change_registrar_.Add(prefs::kManagedDefaultPopupsSetting, callback); - pref_change_registrar_.Add(prefs::kManagedDefaultWebBluetoothGuardSetting, - callback); - pref_change_registrar_.Add(prefs::kManagedDefaultWebUsbGuardSetting, - callback); - pref_change_registrar_.Add(prefs::kManagedDefaultFileSystemReadGuardSetting, - callback); - pref_change_registrar_.Add(prefs::kManagedDefaultFileSystemWriteGuardSetting, - callback); - pref_change_registrar_.Add(prefs::kManagedDefaultLegacyCookieAccessSetting, - callback); - pref_change_registrar_.Add(prefs::kManagedDefaultSerialGuardSetting, - callback); - pref_change_registrar_.Add(prefs::kManagedDefaultSensorsSetting, callback); - pref_change_registrar_.Add( - prefs::kManagedDefaultInsecurePrivateNetworkSetting, callback); + for (const char* pref : kManagedPrefs) + pref_change_registrar_.Add(pref, callback); + + for (const char* pref : kManagedDefaultPrefs) + pref_change_registrar_.Add(pref, callback); } PolicyProvider::~PolicyProvider() { @@ -301,34 +235,35 @@ std::unique_ptr<RuleIterator> PolicyProvider::GetRuleIterator( void PolicyProvider::GetContentSettingsFromPreferences( OriginIdentifierValueMap* value_map) { - for (size_t i = 0; i < base::size(kPrefsForManagedContentSettingsMap); ++i) { - const char* pref_name = kPrefsForManagedContentSettingsMap[i].pref_name; + for (const auto& entry : kPrefsForManagedContentSettingsMap) { // Skip unset policies. - if (!prefs_->HasPrefPath(pref_name)) { - VLOG(2) << "Skipping unset preference: " << pref_name; + if (!prefs_->HasPrefPath(entry.pref_name)) { + VLOG(2) << "Skipping unset preference: " << entry.pref_name; continue; } - const PrefService::Preference* pref = prefs_->FindPreference(pref_name); + const PrefService::Preference* pref = + prefs_->FindPreference(entry.pref_name); DCHECK(pref); - DCHECK(!pref->HasUserSetting() && !pref->HasExtensionSetting()); + DCHECK(!pref->HasUserSetting()); + DCHECK(!pref->HasExtensionSetting()); - const base::ListValue* pattern_str_list = nullptr; - if (!pref->GetValue()->GetAsList(&pattern_str_list)) { - NOTREACHED() << "Could not read patterns from " << pref_name; + if (!pref->GetValue()->is_list()) { + NOTREACHED() << "Could not read patterns from " << entry.pref_name; return; } - for (size_t j = 0; j < pattern_str_list->GetSize(); ++j) { - std::string original_pattern_str; - if (!pattern_str_list->GetString(j, &original_pattern_str)) { - NOTREACHED() << "Could not read content settings pattern #" << j - << " from " << pref_name; + base::Value::ConstListView pattern_str_list = pref->GetValue()->GetList(); + for (size_t i = 0; i < pattern_str_list.size(); ++i) { + if (!pattern_str_list[i].is_string()) { + NOTREACHED() << "Could not read content settings pattern #" << i + << " from " << entry.pref_name; continue; } + const std::string& original_pattern_str = pattern_str_list[i].GetString(); VLOG(2) << "Reading content settings pattern " << original_pattern_str - << " from " << pref_name; + << " from " << entry.pref_name; PatternPair pattern_pair = ParsePatternString(original_pattern_str); // Ignore invalid patterns. @@ -338,9 +273,8 @@ void PolicyProvider::GetContentSettingsFromPreferences( continue; } - ContentSettingsType content_type = - kPrefsForManagedContentSettingsMap[i].content_type; - DCHECK_NE(content_type, ContentSettingsType::AUTO_SELECT_CERTIFICATE); + DCHECK_NE(entry.content_type, + ContentSettingsType::AUTO_SELECT_CERTIFICATE); // If only one pattern was defined auto expand it to a pattern pair. ContentSettingsPattern secondary_pattern = !pattern_pair.second.IsValid() ? ContentSettingsPattern::Wildcard() @@ -352,24 +286,23 @@ void PolicyProvider::GetContentSettingsFromPreferences( // All settings that can set pattern pairs support embedded exceptions. if (pattern_pair.first != pattern_pair.second && pattern_pair.second != ContentSettingsPattern::Wildcard() && - !content_settings::WebsiteSettingsRegistry::GetInstance() - ->Get(content_type) + !WebsiteSettingsRegistry::GetInstance() + ->Get(entry.content_type) ->SupportsSecondaryPattern()) { continue; } // Don't set a timestamp for policy settings. - value_map->SetValue( - pattern_pair.first, secondary_pattern, content_type, base::Time(), - base::Value(kPrefsForManagedContentSettingsMap[i].setting), {}); + value_map->SetValue(pattern_pair.first, secondary_pattern, + entry.content_type, base::Time(), + base::Value(entry.setting), {}); } } } void PolicyProvider::GetAutoSelectCertificateSettingsFromPreferences( OriginIdentifierValueMap* value_map) { - const char* pref_name = prefs::kManagedAutoSelectCertificateForUrls; - + constexpr const char* pref_name = prefs::kManagedAutoSelectCertificateForUrls; if (!prefs_->HasPrefPath(pref_name)) { VLOG(2) << "Skipping unset preference: " << pref_name; return; @@ -377,10 +310,10 @@ void PolicyProvider::GetAutoSelectCertificateSettingsFromPreferences( const PrefService::Preference* pref = prefs_->FindPreference(pref_name); DCHECK(pref); - DCHECK(!pref->HasUserSetting() && !pref->HasExtensionSetting()); + DCHECK(!pref->HasUserSetting()); + DCHECK(!pref->HasExtensionSetting()); - const base::ListValue* pattern_filter_str_list = nullptr; - if (!pref->GetValue()->GetAsList(&pattern_filter_str_list)) { + if (!pref->GetValue()->is_list()) { NOTREACHED(); return; } @@ -403,37 +336,34 @@ void PolicyProvider::GetAutoSelectCertificateSettingsFromPreferences( // } // } std::unordered_map<std::string, base::DictionaryValue> filters_map; - for (size_t j = 0; j < pattern_filter_str_list->GetSize(); ++j) { - std::string pattern_filter_json; - if (!pattern_filter_str_list->GetString(j, &pattern_filter_json)) { + for (const auto& pattern_filter_str : pref->GetValue()->GetList()) { + if (!pattern_filter_str.is_string()) { NOTREACHED(); continue; } - std::unique_ptr<base::Value> value = base::JSONReader::ReadDeprecated( - pattern_filter_json, base::JSON_ALLOW_TRAILING_COMMAS); - if (!value || !value->is_dict()) { + base::Optional<base::Value> pattern_filter = base::JSONReader::Read( + pattern_filter_str.GetString(), base::JSON_ALLOW_TRAILING_COMMAS); + if (!pattern_filter || !pattern_filter->is_dict()) { VLOG(1) << "Ignoring invalid certificate auto select setting. Reason:" - " Invalid JSON object: " << pattern_filter_json; + << " Invalid JSON object: " << pattern_filter_str.GetString(); continue; } - std::unique_ptr<base::DictionaryValue> pattern_filter_pair = - base::DictionaryValue::From(std::move(value)); - base::Value* pattern = pattern_filter_pair->FindKey("pattern"); - base::Value* filter = pattern_filter_pair->FindKey("filter"); + const base::Value* pattern = pattern_filter->FindKey("pattern"); + const base::Value* filter = pattern_filter->FindKey("filter"); if (!pattern || !filter) { VLOG(1) << "Ignoring invalid certificate auto select setting. Reason:" - " Missing pattern or filter."; + << " Missing pattern or filter."; continue; } - std::string pattern_str = pattern->GetString(); + const std::string& pattern_str = pattern->GetString(); if (filters_map.find(pattern_str) == filters_map.end()) filters_map[pattern_str].SetKey("filters", base::ListValue()); - // Don't pass removed values from |value|, because base::Values read with - // JSONReader use a shared string buffer. Instead, Clone() here. + // Don't pass removed values from `pattern_filter`, because base::Values + // read with JSONReader use a shared string buffer. Instead, Clone() here. filters_map[pattern_str].FindKey("filters")->Append(filter->Clone()); } @@ -446,8 +376,7 @@ void PolicyProvider::GetAutoSelectCertificateSettingsFromPreferences( // Ignore invalid patterns. if (!pattern.IsValid()) { VLOG(1) << "Ignoring invalid certificate auto select setting:" - " Invalid content settings pattern: " - << pattern.ToString(); + << " Invalid content settings pattern: " << pattern.ToString(); continue; } @@ -503,7 +432,7 @@ void PolicyProvider::ReadManagedContentSettings(bool overwrite) { } // Since the PolicyProvider is a read only content settings provider, all -// methodes of the ProviderInterface that set or delete any settings do nothing. +// methods of the ProviderInterface that set or delete any settings do nothing. bool PolicyProvider::SetWebsiteSetting( const ContentSettingsPattern& primary_pattern, const ContentSettingsPattern& secondary_pattern, @@ -534,32 +463,7 @@ void PolicyProvider::OnPreferenceChanged(const std::string& name) { UpdateManagedDefaultSetting(entry); } - if (name == prefs::kManagedAutoSelectCertificateForUrls || - name == prefs::kManagedCookiesAllowedForUrls || - name == prefs::kManagedCookiesBlockedForUrls || - name == prefs::kManagedCookiesSessionOnlyForUrls || - name == prefs::kManagedFileSystemReadAskForUrls || - name == prefs::kManagedFileSystemReadBlockedForUrls || - name == prefs::kManagedFileSystemWriteAskForUrls || - name == prefs::kManagedFileSystemWriteBlockedForUrls || - name == prefs::kManagedImagesAllowedForUrls || - name == prefs::kManagedImagesBlockedForUrls || - name == prefs::kManagedInsecureContentAllowedForUrls || - name == prefs::kManagedInsecureContentBlockedForUrls || - name == prefs::kManagedJavaScriptAllowedForUrls || - name == prefs::kManagedJavaScriptBlockedForUrls || - name == prefs::kManagedNotificationsAllowedForUrls || - name == prefs::kManagedNotificationsBlockedForUrls || - name == prefs::kManagedPopupsAllowedForUrls || - name == prefs::kManagedPopupsBlockedForUrls || - name == prefs::kManagedWebUsbAskForUrls || - name == prefs::kManagedWebUsbBlockedForUrls || - name == prefs::kManagedLegacyCookieAccessAllowedForDomains || - name == prefs::kManagedSerialAskForUrls || - name == prefs::kManagedSerialBlockedForUrls || - name == prefs::kManagedSensorsAllowedForUrls || - name == prefs::kManagedSensorsBlockedForUrls || - name == prefs::kManagedInsecurePrivateNetworkAllowedForUrls) { + if (base::Contains(kManagedPrefs, name)) { ReadManagedContentSettings(true); ReadManagedDefaultSettings(); } diff --git a/chromium/components/content_settings/core/browser/content_settings_registry.cc b/chromium/components/content_settings/core/browser/content_settings_registry.cc index b8713842419..71297982d3d 100644 --- a/chromium/components/content_settings/core/browser/content_settings_registry.cc +++ b/chromium/components/content_settings/core/browser/content_settings_registry.cc @@ -538,7 +538,7 @@ void ContentSettingsRegistry::Init() { AllowlistedSchemes(), ValidSettings(CONTENT_SETTING_ALLOW, CONTENT_SETTING_ASK, CONTENT_SETTING_BLOCK, CONTENT_SETTING_SESSION_ONLY), - WebsiteSettingsInfo::REQUESTING_ORIGIN_AND_TOP_LEVEL_ORIGIN_SCOPE, + WebsiteSettingsInfo::STORAGE_ACCESS_SCOPE, WebsiteSettingsRegistry::ALL_PLATFORMS, ContentSettingsInfo::INHERIT_IN_INCOGNITO, ContentSettingsInfo::PERSISTENT, @@ -598,6 +598,17 @@ void ContentSettingsRegistry::Init() { ContentSettingsInfo::INHERIT_IF_LESS_PERMISSIVE, ContentSettingsInfo::PERSISTENT, ContentSettingsInfo::EXCEPTIONS_ON_SECURE_ORIGINS_ONLY); + + Register(ContentSettingsType::FILE_HANDLING, "file-handling", + CONTENT_SETTING_ASK, WebsiteSettingsInfo::UNSYNCABLE, + AllowlistedSchemes(), + ValidSettings(CONTENT_SETTING_ALLOW, CONTENT_SETTING_ASK, + CONTENT_SETTING_BLOCK), + WebsiteSettingsInfo::SINGLE_ORIGIN_ONLY_SCOPE, + WebsiteSettingsRegistry::DESKTOP, + ContentSettingsInfo::INHERIT_IF_LESS_PERMISSIVE, + ContentSettingsInfo::PERSISTENT, + ContentSettingsInfo::EXCEPTIONS_ON_SECURE_ORIGINS_ONLY); } void ContentSettingsRegistry::Register( diff --git a/chromium/components/content_settings/core/browser/cookie_settings.cc b/chromium/components/content_settings/core/browser/cookie_settings.cc index eb17bb1058a..b1c017a14bb 100644 --- a/chromium/components/content_settings/core/browser/cookie_settings.cc +++ b/chromium/components/content_settings/core/browser/cookie_settings.cc @@ -90,9 +90,7 @@ bool CookieSettings::IsThirdPartyAccessAllowed( content_settings::SettingSource* source) { // Use GURL() as an opaque primary url to check if any site // could access cookies in a 3p context on |first_party_url|. - ContentSetting setting; - GetCookieSetting(GURL(), first_party_url, source, &setting); - return IsAllowed(setting); + return IsAllowed(GetCookieSetting(GURL(), first_party_url, source)); } void CookieSettings::SetThirdPartyCookieSetting(const GURL& first_party_url, @@ -164,17 +162,14 @@ bool CookieSettings::ShouldAlwaysAllowCookies( return false; } -void CookieSettings::GetCookieSettingInternal( +ContentSetting CookieSettings::GetCookieSettingInternal( const GURL& url, const GURL& first_party_url, bool is_third_party_request, - content_settings::SettingSource* source, - ContentSetting* cookie_setting) const { - DCHECK(cookie_setting); + content_settings::SettingSource* source) const { // Auto-allow in extensions or for WebUI embedding a secure origin. if (ShouldAlwaysAllowCookies(url, first_party_url)) { - *cookie_setting = CONTENT_SETTING_ALLOW; - return; + return CONTENT_SETTING_ALLOW; } // First get any host-specific settings. @@ -227,7 +222,7 @@ void CookieSettings::GetCookieSettingInternal( net::cookie_util::StorageAccessResult::ACCESS_BLOCKED); } - *cookie_setting = block ? CONTENT_SETTING_BLOCK : setting; + return block ? CONTENT_SETTING_BLOCK : setting; } CookieSettings::~CookieSettings() = default; diff --git a/chromium/components/content_settings/core/browser/cookie_settings.h b/chromium/components/content_settings/core/browser/cookie_settings.h index 71c14e2de43..601dd9c9d55 100644 --- a/chromium/components/content_settings/core/browser/cookie_settings.h +++ b/chromium/components/content_settings/core/browser/cookie_settings.h @@ -156,11 +156,11 @@ class CookieSettings : public CookieSettingsBase, const GURL& first_party_url) const; // content_settings::CookieSettingsBase: - void GetCookieSettingInternal(const GURL& url, - const GURL& first_party_url, - bool is_third_party_request, - content_settings::SettingSource* source, - ContentSetting* cookie_setting) const override; + ContentSetting GetCookieSettingInternal( + const GURL& url, + const GURL& first_party_url, + bool is_third_party_request, + content_settings::SettingSource* source) const override; // content_settings::Observer: void OnContentSettingChanged(const ContentSettingsPattern& primary_pattern, diff --git a/chromium/components/content_settings/core/browser/cookie_settings_unittest.cc b/chromium/components/content_settings/core/browser/cookie_settings_unittest.cc index b7abb30c69b..3943d322f58 100644 --- a/chromium/components/content_settings/core/browser/cookie_settings_unittest.cc +++ b/chromium/components/content_settings/core/browser/cookie_settings_unittest.cc @@ -455,9 +455,8 @@ TEST_F(CookieSettingsTest, GetCookieSettingAllowedTelemetry) { base::HistogramTester histogram_tester; histogram_tester.ExpectTotalCount(kAllowedRequestsHistogram, 0); - ContentSetting setting; - cookie_settings_->GetCookieSetting(url, top_level_url, nullptr, &setting); - EXPECT_EQ(setting, CONTENT_SETTING_ALLOW); + EXPECT_EQ(cookie_settings_->GetCookieSetting(url, top_level_url, nullptr), + CONTENT_SETTING_ALLOW); histogram_tester.ExpectTotalCount(kAllowedRequestsHistogram, 1); histogram_tester.ExpectBucketCount( kAllowedRequestsHistogram, @@ -482,9 +481,8 @@ TEST_F(CookieSettingsTest, GetCookieSettingDisabledSAA) { ContentSettingsPattern::FromURLNoWildcard(top_level_url), ContentSettingsType::STORAGE_ACCESS, CONTENT_SETTING_ALLOW); - ContentSetting setting; - cookie_settings_->GetCookieSetting(url, top_level_url, nullptr, &setting); - EXPECT_EQ(setting, CONTENT_SETTING_BLOCK); + EXPECT_EQ(cookie_settings_->GetCookieSetting(url, top_level_url, nullptr), + CONTENT_SETTING_BLOCK); } // The current default behaviour of the Storage Access API should be to not @@ -504,9 +502,8 @@ TEST_F(CookieSettingsTest, GetCookieSettingDefaultSAA) { ContentSettingsPattern::FromURLNoWildcard(top_level_url), ContentSettingsType::STORAGE_ACCESS, CONTENT_SETTING_ALLOW); - ContentSetting setting; - cookie_settings_->GetCookieSetting(url, top_level_url, nullptr, &setting); - EXPECT_EQ(setting, CONTENT_SETTING_BLOCK); + EXPECT_EQ(cookie_settings_->GetCookieSetting(url, top_level_url, nullptr), + CONTENT_SETTING_BLOCK); histogram_tester.ExpectTotalCount(kAllowedRequestsHistogram, 1); histogram_tester.ExpectBucketCount( kAllowedRequestsHistogram, @@ -538,9 +535,8 @@ TEST_F(CookieSettingsTest, GetCookieSettingEnabledSAA) { // When requesting our setting for the url/top-level combination our // grant is for access should be allowed. For any other domain pairs access // should still be blocked. - ContentSetting setting; - cookie_settings_->GetCookieSetting(url, top_level_url, nullptr, &setting); - EXPECT_EQ(setting, CONTENT_SETTING_ALLOW); + EXPECT_EQ(cookie_settings_->GetCookieSetting(url, top_level_url, nullptr), + CONTENT_SETTING_ALLOW); histogram_tester.ExpectTotalCount(kAllowedRequestsHistogram, 1); histogram_tester.ExpectBucketCount( kAllowedRequestsHistogram, @@ -550,15 +546,15 @@ TEST_F(CookieSettingsTest, GetCookieSettingEnabledSAA) { // Invalid pair the |top_level_url| granting access to |url| is now // being loaded under |url| as the top level url. - cookie_settings_->GetCookieSetting(top_level_url, url, nullptr, &setting); - EXPECT_EQ(setting, CONTENT_SETTING_BLOCK); + EXPECT_EQ(cookie_settings_->GetCookieSetting(top_level_url, url, nullptr), + CONTENT_SETTING_BLOCK); // Invalid pairs where a |third_url| is used. - cookie_settings_->GetCookieSetting(url, third_url, nullptr, &setting); - EXPECT_EQ(setting, CONTENT_SETTING_BLOCK); - cookie_settings_->GetCookieSetting(third_url, top_level_url, nullptr, - &setting); - EXPECT_EQ(setting, CONTENT_SETTING_BLOCK); + EXPECT_EQ(cookie_settings_->GetCookieSetting(url, third_url, nullptr), + CONTENT_SETTING_BLOCK); + EXPECT_EQ( + cookie_settings_->GetCookieSetting(third_url, top_level_url, nullptr), + CONTENT_SETTING_BLOCK); } // Subdomains of the granted resource url should not gain access if a valid @@ -578,13 +574,11 @@ TEST_F(CookieSettingsTest, GetCookieSettingSAAResourceWildcards) { ContentSettingsPattern::FromURLNoWildcard(top_level_url), ContentSettingsType::STORAGE_ACCESS, CONTENT_SETTING_ALLOW); - ContentSetting setting; - cookie_settings_->GetCookieSetting(url, top_level_url, nullptr, &setting); - EXPECT_EQ(setting, CONTENT_SETTING_ALLOW); - - cookie_settings_->GetCookieSetting(GURL(kHttpsSubdomainSite), top_level_url, - nullptr, &setting); - EXPECT_EQ(setting, CONTENT_SETTING_BLOCK); + EXPECT_EQ(cookie_settings_->GetCookieSetting(url, top_level_url, nullptr), + CONTENT_SETTING_ALLOW); + EXPECT_EQ(cookie_settings_->GetCookieSetting(GURL(kHttpsSubdomainSite), + top_level_url, nullptr), + CONTENT_SETTING_BLOCK); } // Subdomains of the granted top level url should not grant access if a valid @@ -604,13 +598,11 @@ TEST_F(CookieSettingsTest, GetCookieSettingSAATopLevelWildcards) { ContentSettingsPattern::FromURLNoWildcard(top_level_url), ContentSettingsType::STORAGE_ACCESS, CONTENT_SETTING_ALLOW); - ContentSetting setting; - cookie_settings_->GetCookieSetting(url, top_level_url, nullptr, &setting); - EXPECT_EQ(setting, CONTENT_SETTING_ALLOW); - - cookie_settings_->GetCookieSetting(url, GURL(kHttpsSubdomainSite), nullptr, - &setting); - EXPECT_EQ(setting, CONTENT_SETTING_BLOCK); + EXPECT_EQ(cookie_settings_->GetCookieSetting(url, top_level_url, nullptr), + CONTENT_SETTING_ALLOW); + EXPECT_EQ(cookie_settings_->GetCookieSetting(url, GURL(kHttpsSubdomainSite), + nullptr), + CONTENT_SETTING_BLOCK); } // Any Storage Access API grant should not override an explicit setting to block @@ -629,9 +621,8 @@ TEST_F(CookieSettingsTest, GetCookieSettingSAARespectsSettings) { ContentSettingsPattern::FromURLNoWildcard(top_level_url), ContentSettingsType::STORAGE_ACCESS, CONTENT_SETTING_ALLOW); - ContentSetting setting; - cookie_settings_->GetCookieSetting(url, top_level_url, nullptr, &setting); - EXPECT_EQ(setting, CONTENT_SETTING_BLOCK); + EXPECT_EQ(cookie_settings_->GetCookieSetting(url, top_level_url, nullptr), + CONTENT_SETTING_BLOCK); } // Once a grant expires access should no longer be given. @@ -656,15 +647,14 @@ TEST_F(CookieSettingsTest, GetCookieSettingSAAExpiredGrant) { // When requesting our setting for the url/top-level combination our // grant is for access should be allowed. For any other domain pairs access // should still be blocked. - ContentSetting setting; - cookie_settings_->GetCookieSetting(url, top_level_url, nullptr, &setting); - EXPECT_EQ(setting, CONTENT_SETTING_ALLOW); + EXPECT_EQ(cookie_settings_->GetCookieSetting(url, top_level_url, nullptr), + CONTENT_SETTING_ALLOW); // If we fastforward past the expiration of our grant the result should be // CONTENT_SETTING_BLOCK now. FastForwardTime(base::TimeDelta::FromSeconds(101)); - cookie_settings_->GetCookieSetting(url, top_level_url, nullptr, &setting); - EXPECT_EQ(setting, CONTENT_SETTING_BLOCK); + EXPECT_EQ(cookie_settings_->GetCookieSetting(url, top_level_url, nullptr), + CONTENT_SETTING_BLOCK); } #endif diff --git a/chromium/components/content_settings/core/browser/host_content_settings_map.cc b/chromium/components/content_settings/core/browser/host_content_settings_map.cc index 500a6da1784..6aa89287d22 100644 --- a/chromium/components/content_settings/core/browser/host_content_settings_map.cc +++ b/chromium/components/content_settings/core/browser/host_content_settings_map.cc @@ -33,6 +33,7 @@ #include "components/content_settings/core/browser/content_settings_rule.h" #include "components/content_settings/core/browser/content_settings_utils.h" #include "components/content_settings/core/browser/user_modifiable_provider.h" +#include "components/content_settings/core/browser/website_settings_info.h" #include "components/content_settings/core/browser/website_settings_registry.h" #include "components/content_settings/core/common/content_settings.h" #include "components/content_settings/core/common/content_settings_pattern.h" @@ -160,17 +161,17 @@ content_settings::PatternPair GetPatternsFromScopingType( patterns.first = ContentSettingsPattern::FromURL(primary_url); patterns.second = ContentSettingsPattern::Wildcard(); break; - case WebsiteSettingsInfo::SINGLE_ORIGIN_ONLY_SCOPE: - case WebsiteSettingsInfo::SINGLE_ORIGIN_WITH_EMBEDDED_EXCEPTIONS_SCOPE: - patterns.first = ContentSettingsPattern::FromURLNoWildcard(primary_url); - patterns.second = ContentSettingsPattern::Wildcard(); - break; - case WebsiteSettingsInfo::REQUESTING_ORIGIN_AND_TOP_LEVEL_ORIGIN_SCOPE: + case WebsiteSettingsInfo::STORAGE_ACCESS_SCOPE: DCHECK(!secondary_url.is_empty()); patterns.first = ContentSettingsPattern::FromURLNoWildcard(primary_url); patterns.second = ContentSettingsPattern::FromURLNoWildcard(secondary_url); break; + case WebsiteSettingsInfo::SINGLE_ORIGIN_ONLY_SCOPE: + case WebsiteSettingsInfo::SINGLE_ORIGIN_WITH_EMBEDDED_EXCEPTIONS_SCOPE: + patterns.first = ContentSettingsPattern::FromURLNoWildcard(primary_url); + patterns.second = ContentSettingsPattern::Wildcard(); + break; } return patterns; } @@ -418,7 +419,7 @@ void HostContentSettingsMap::SetDefaultContentSetting( DCHECK(content_settings::ContentSettingsRegistry::GetInstance() ->Get(content_type) ->IsDefaultSettingValid(setting)); - value.reset(new base::Value(setting)); + value = std::make_unique<base::Value>(setting); } SetWebsiteSettingCustomScope(ContentSettingsPattern::Wildcard(), ContentSettingsPattern::Wildcard(), content_type, @@ -553,7 +554,7 @@ void HostContentSettingsMap::SetContentSettingCustomScope( DCHECK(content_settings::ContentSettingsRegistry::GetInstance() ->Get(content_type) ->IsSettingValid(setting)); - value.reset(new base::Value(setting)); + value = std::make_unique<base::Value>(setting); } SetWebsiteSettingCustomScope(primary_pattern, secondary_pattern, content_type, std::move(value), constraints); @@ -836,8 +837,7 @@ std::unique_ptr<base::Value> HostContentSettingsMap::GetWebsiteSetting( info->primary_pattern = ContentSettingsPattern::Wildcard(); info->secondary_pattern = ContentSettingsPattern::Wildcard(); } - return std::unique_ptr<base::Value>( - new base::Value(CONTENT_SETTING_ALLOW)); + return std::make_unique<base::Value>(CONTENT_SETTING_ALLOW); } } } @@ -973,54 +973,69 @@ HostContentSettingsMap::GetContentSettingValueAndPatterns( void HostContentSettingsMap:: MigrateSettingsPrecedingPermissionDelegationActivation() { - content_settings::ContentSettingsRegistry* registry = + auto* content_settings_registry = content_settings::ContentSettingsRegistry::GetInstance(); - for (const content_settings::ContentSettingsInfo* info : *registry) { - // Only migrate settings that don't support secondary patterns. - if (info->website_settings_info()->SupportsSecondaryPattern()) - continue; + for (const content_settings::ContentSettingsInfo* info : + *content_settings_registry) { + MigrateSingleSettingPrecedingPermissionDelegationActivation( + info->website_settings_info()); + } - ContentSettingsType type = info->website_settings_info()->type(); + auto* website_settings_registry = + content_settings::WebsiteSettingsRegistry::GetInstance(); + for (const content_settings::WebsiteSettingsInfo* info : + *website_settings_registry) { + MigrateSingleSettingPrecedingPermissionDelegationActivation(info); + } +} - ContentSettingsForOneType host_settings; - GetSettingsForOneType(type, &host_settings); - for (ContentSettingPatternSource pattern : host_settings) { - if (pattern.source != "preference" || - pattern.secondary_pattern == ContentSettingsPattern::Wildcard()) { - continue; - } +void HostContentSettingsMap:: + MigrateSingleSettingPrecedingPermissionDelegationActivation( + const content_settings::WebsiteSettingsInfo* info) { + // Only migrate settings that don't support secondary patterns. + if (info->SupportsSecondaryPattern()) + return; - // Users were never allowed to add user-specified patterns for these types - // so we can assume they are all origin scoped. - DCHECK(GURL(pattern.primary_pattern.ToString()).is_valid()); - DCHECK(GURL(pattern.secondary_pattern.ToString()).is_valid()); - - if (pattern.secondary_pattern.IsValid() && - pattern.secondary_pattern != pattern.primary_pattern) { - SetContentSettingCustomScope(pattern.primary_pattern, - pattern.secondary_pattern, type, - CONTENT_SETTING_DEFAULT); - // Also clear the setting for the top level origin so that the user - // receives another prompt. This is necessary in case they have allowed - // the top level origin but blocked an embedded origin in which case - // they should have another opportunity to block a request from an - // embedded origin. - SetContentSettingCustomScope(pattern.secondary_pattern, - pattern.secondary_pattern, type, - CONTENT_SETTING_DEFAULT); - SetContentSettingCustomScope(pattern.secondary_pattern, - ContentSettingsPattern::Wildcard(), type, - CONTENT_SETTING_DEFAULT); - } else if (pattern.primary_pattern.IsValid() && - pattern.primary_pattern == pattern.secondary_pattern) { - // Migrate settings from (x,x) -> (x,*). - SetContentSettingCustomScope(pattern.primary_pattern, - pattern.secondary_pattern, type, - CONTENT_SETTING_DEFAULT); - SetContentSettingCustomScope(pattern.primary_pattern, - ContentSettingsPattern::Wildcard(), type, - pattern.GetContentSetting()); - } + ContentSettingsType type = info->type(); + + ContentSettingsForOneType host_settings; + GetSettingsForOneType(type, &host_settings); + for (ContentSettingPatternSource pattern : host_settings) { + if (pattern.source != "preference" || + pattern.secondary_pattern == ContentSettingsPattern::Wildcard()) { + continue; + } + + // Users were never allowed to add user-specified patterns for these types + // so we can assume they are all origin scoped. + DCHECK(GURL(pattern.primary_pattern.ToString()).is_valid()); + DCHECK(GURL(pattern.secondary_pattern.ToString()).is_valid()); + + if (pattern.secondary_pattern.IsValid() && + pattern.secondary_pattern != pattern.primary_pattern) { + SetContentSettingCustomScope(pattern.primary_pattern, + pattern.secondary_pattern, type, + CONTENT_SETTING_DEFAULT); + // Also clear the setting for the top level origin so that the user + // receives another prompt. This is necessary in case they have allowed + // the top level origin but blocked an embedded origin in which case + // they should have another opportunity to block a request from an + // embedded origin. + SetContentSettingCustomScope(pattern.secondary_pattern, + pattern.secondary_pattern, type, + CONTENT_SETTING_DEFAULT); + SetContentSettingCustomScope(pattern.secondary_pattern, + ContentSettingsPattern::Wildcard(), type, + CONTENT_SETTING_DEFAULT); + } else if (pattern.primary_pattern.IsValid() && + pattern.primary_pattern == pattern.secondary_pattern) { + // Migrate settings from (x,x) -> (x,*). + SetContentSettingCustomScope(pattern.primary_pattern, + pattern.secondary_pattern, type, + CONTENT_SETTING_DEFAULT); + SetContentSettingCustomScope(pattern.primary_pattern, + ContentSettingsPattern::Wildcard(), type, + pattern.GetContentSetting()); } } } diff --git a/chromium/components/content_settings/core/browser/host_content_settings_map.h b/chromium/components/content_settings/core/browser/host_content_settings_map.h index 462e8a6b289..b6c425ac577 100644 --- a/chromium/components/content_settings/core/browser/host_content_settings_map.h +++ b/chromium/components/content_settings/core/browser/host_content_settings_map.h @@ -43,6 +43,7 @@ class ProviderInterface; class PrefProvider; class TestUtils; class RuleIterator; +class WebsiteSettingsInfo; } namespace user_prefs { @@ -411,6 +412,8 @@ class HostContentSettingsMap : public content_settings::Observer, // It also ensures that we move away from (http://x.com, http://x.com) // patterns by replacing these patterns with (http://x.com, *). void MigrateSettingsPrecedingPermissionDelegationActivation(); + void MigrateSingleSettingPrecedingPermissionDelegationActivation( + const content_settings::WebsiteSettingsInfo* info); // Verifies that this secondary pattern is allowed. bool IsSecondaryPatternAllowed( diff --git a/chromium/components/content_settings/core/browser/website_settings_info.cc b/chromium/components/content_settings/core/browser/website_settings_info.cc index dafa80f7c5a..1a0ae7123eb 100644 --- a/chromium/components/content_settings/core/browser/website_settings_info.cc +++ b/chromium/components/content_settings/core/browser/website_settings_info.cc @@ -66,8 +66,8 @@ uint32_t WebsiteSettingsInfo::GetPrefRegistrationFlags() const { bool WebsiteSettingsInfo::SupportsSecondaryPattern() const { return scoping_type_ == COOKIES_SCOPE || - scoping_type_ == SINGLE_ORIGIN_WITH_EMBEDDED_EXCEPTIONS_SCOPE || - scoping_type_ == REQUESTING_ORIGIN_AND_TOP_LEVEL_ORIGIN_SCOPE; + scoping_type_ == STORAGE_ACCESS_SCOPE || + scoping_type_ == SINGLE_ORIGIN_WITH_EMBEDDED_EXCEPTIONS_SCOPE; } } // namespace content_settings diff --git a/chromium/components/content_settings/core/browser/website_settings_info.h b/chromium/components/content_settings/core/browser/website_settings_info.h index 5b3acab1a5a..981db04e130 100644 --- a/chromium/components/content_settings/core/browser/website_settings_info.h +++ b/chromium/components/content_settings/core/browser/website_settings_info.h @@ -43,6 +43,10 @@ class WebsiteSettingsInfo { // Embedded settings can be stored. COOKIES_SCOPE, + // Storage access specific scoped that is scoped to the pair of requesting + // and embedding origin. + STORAGE_ACCESS_SCOPE, + // Settings scoped to a single origin (generally either the requesting // origin or the top level origin of a frame) for a request. Embedded // exceptions are not allowed. @@ -53,15 +57,6 @@ class WebsiteSettingsInfo { // exceptions are allowed. This should only be used after careful thought. // Allowing embedded exceptions requires much more complicated UI. SINGLE_ORIGIN_WITH_EMBEDDED_EXCEPTIONS_SCOPE, - - // Settings scoped to the combination of the origin of the requesting - // frame and the origin of the top level frame by default. - // - // The use of this scope is highly discuraged as in introduces user - // confusion. Specifically, UI (e.g. prompts, page actions, etc.) should - // generally only change settings for the top level origin and not for - // embedded origins. - REQUESTING_ORIGIN_AND_TOP_LEVEL_ORIGIN_SCOPE }; enum IncognitoBehavior { diff --git a/chromium/components/content_settings/core/browser/website_settings_registry.cc b/chromium/components/content_settings/core/browser/website_settings_registry.cc index 06b4afba47c..e2900ed03ee 100644 --- a/chromium/components/content_settings/core/browser/website_settings_registry.cc +++ b/chromium/components/content_settings/core/browser/website_settings_registry.cc @@ -146,7 +146,7 @@ void WebsiteSettingsRegistry::Init() { WebsiteSettingsInfo::INHERIT_IN_INCOGNITO); Register(ContentSettingsType::USB_CHOOSER_DATA, "usb-chooser-data", nullptr, WebsiteSettingsInfo::UNSYNCABLE, WebsiteSettingsInfo::NOT_LOSSY, - WebsiteSettingsInfo::REQUESTING_ORIGIN_AND_TOP_LEVEL_ORIGIN_SCOPE, + WebsiteSettingsInfo::SINGLE_ORIGIN_ONLY_SCOPE, DESKTOP | PLATFORM_ANDROID, WebsiteSettingsInfo::DONT_INHERIT_IN_INCOGNITO); Register(ContentSettingsType::IMPORTANT_SITE_INFO, "important-site-info", @@ -193,24 +193,23 @@ void WebsiteSettingsRegistry::Init() { Register(ContentSettingsType::SERIAL_CHOOSER_DATA, "serial-chooser-data", nullptr, WebsiteSettingsInfo::UNSYNCABLE, WebsiteSettingsInfo::NOT_LOSSY, - WebsiteSettingsInfo::REQUESTING_ORIGIN_AND_TOP_LEVEL_ORIGIN_SCOPE, - DESKTOP, WebsiteSettingsInfo::DONT_INHERIT_IN_INCOGNITO); + WebsiteSettingsInfo::SINGLE_ORIGIN_ONLY_SCOPE, DESKTOP, + WebsiteSettingsInfo::DONT_INHERIT_IN_INCOGNITO); Register(ContentSettingsType::HID_CHOOSER_DATA, "hid-chooser-data", nullptr, WebsiteSettingsInfo::UNSYNCABLE, WebsiteSettingsInfo::NOT_LOSSY, - WebsiteSettingsInfo::REQUESTING_ORIGIN_AND_TOP_LEVEL_ORIGIN_SCOPE, - DESKTOP, WebsiteSettingsInfo::DONT_INHERIT_IN_INCOGNITO); + WebsiteSettingsInfo::SINGLE_ORIGIN_ONLY_SCOPE, DESKTOP, + WebsiteSettingsInfo::DONT_INHERIT_IN_INCOGNITO); Register(ContentSettingsType::INSTALLED_WEB_APP_METADATA, "installed-web-app-metadata", nullptr, WebsiteSettingsInfo::UNSYNCABLE, WebsiteSettingsInfo::LOSSY, WebsiteSettingsInfo::SINGLE_ORIGIN_ONLY_SCOPE, DESKTOP, WebsiteSettingsInfo::DONT_INHERIT_IN_INCOGNITO); - Register(ContentSettingsType::BLUETOOTH_CHOOSER_DATA, - "bluetooth-chooser-data", - /*initial_default_value=*/nullptr, WebsiteSettingsInfo::UNSYNCABLE, - WebsiteSettingsInfo::NOT_LOSSY, - WebsiteSettingsInfo::REQUESTING_ORIGIN_AND_TOP_LEVEL_ORIGIN_SCOPE, - DESKTOP | PLATFORM_ANDROID, - WebsiteSettingsInfo::DONT_INHERIT_IN_INCOGNITO); + Register( + ContentSettingsType::BLUETOOTH_CHOOSER_DATA, "bluetooth-chooser-data", + /*initial_default_value=*/nullptr, WebsiteSettingsInfo::UNSYNCABLE, + WebsiteSettingsInfo::NOT_LOSSY, + WebsiteSettingsInfo::SINGLE_ORIGIN_ONLY_SCOPE, DESKTOP | PLATFORM_ANDROID, + WebsiteSettingsInfo::DONT_INHERIT_IN_INCOGNITO); Register(ContentSettingsType::SAFE_BROWSING_URL_CHECK_DATA, "safe-browsing-url-check-data", nullptr, WebsiteSettingsInfo::UNSYNCABLE, WebsiteSettingsInfo::LOSSY, diff --git a/chromium/components/content_settings/core/common/content_settings.cc b/chromium/components/content_settings/core/common/content_settings.cc index 51f992cd3d1..5906e845297 100644 --- a/chromium/components/content_settings/core/common/content_settings.cc +++ b/chromium/components/content_settings/core/common/content_settings.cc @@ -32,7 +32,7 @@ constexpr HistogramValue kHistogramValue[] = { {ContentSettingsType::COOKIES, 0}, {ContentSettingsType::IMAGES, 1}, {ContentSettingsType::JAVASCRIPT, 2}, - {ContentSettingsType::DEPRECATED_PLUGINS, 3}, + // Removed PLUGINS in M91. {ContentSettingsType::POPUPS, 4}, {ContentSettingsType::GEOLOCATION, 5}, {ContentSettingsType::NOTIFICATIONS, 6}, @@ -93,6 +93,7 @@ constexpr HistogramValue kHistogramValue[] = { {ContentSettingsType::PERMISSION_AUTOREVOCATION_DATA, 72}, {ContentSettingsType::FILE_SYSTEM_LAST_PICKED_DIRECTORY, 73}, {ContentSettingsType::DISPLAY_CAPTURE, 74}, + {ContentSettingsType::FILE_HANDLING, 75}, }; } // namespace diff --git a/chromium/components/content_settings/core/common/content_settings_types.h b/chromium/components/content_settings/core/common/content_settings_types.h index a7ea7881126..86739218b10 100644 --- a/chromium/components/content_settings/core/common/content_settings_types.h +++ b/chromium/components/content_settings/core/common/content_settings_types.h @@ -21,7 +21,6 @@ enum class ContentSettingsType : int32_t { COOKIES = 0, IMAGES, JAVASCRIPT, - DEPRECATED_PLUGINS, // This setting governs both popups and unwanted redirects like tab-unders and // framebusting. @@ -237,6 +236,13 @@ enum class ContentSettingsType : int32_t { // register the PermissionContext. DISPLAY_CAPTURE, + // Register file-type associations with the operating system and obtain + // read-only access to files that the user chooses to open with this + // installed web application from the system file manager. This setting has + // no effect on the File System API, <input type="file">, or the ability to + // access files through drag & drop or clipboard paste operations. + FILE_HANDLING, + NUM_TYPES, }; diff --git a/chromium/components/content_settings/core/common/cookie_settings_base.cc b/chromium/components/content_settings/core/common/cookie_settings_base.cc index c670a897ce2..eaab010af84 100644 --- a/chromium/components/content_settings/core/common/cookie_settings_base.cc +++ b/chromium/components/content_settings/core/common/cookie_settings_base.cc @@ -31,8 +31,7 @@ bool CookieSettingsBase::ShouldDeleteCookieOnExit( const std::string& domain, bool is_https) const { GURL origin = net::cookie_util::CookieOriginToURL(domain, is_https); - ContentSetting setting; - GetCookieSetting(origin, origin, nullptr, &setting); + ContentSetting setting = GetCookieSetting(origin, origin, nullptr); DCHECK(IsValidSetting(setting)); if (setting == CONTENT_SETTING_ALLOW) return false; @@ -61,14 +60,12 @@ bool CookieSettingsBase::ShouldDeleteCookieOnExit( return setting == CONTENT_SETTING_SESSION_ONLY || matches_session_only_rule; } -void CookieSettingsBase::GetCookieSetting( +ContentSetting CookieSettingsBase::GetCookieSetting( const GURL& url, const GURL& first_party_url, - content_settings::SettingSource* source, - ContentSetting* cookie_setting) const { - GetCookieSettingInternal(url, first_party_url, - IsThirdPartyRequest(url, first_party_url), source, - cookie_setting); + content_settings::SettingSource* source) const { + return GetCookieSettingInternal( + url, first_party_url, IsThirdPartyRequest(url, first_party_url), source); } bool CookieSettingsBase::IsCookieAccessAllowed( @@ -79,25 +76,21 @@ bool CookieSettingsBase::IsCookieAccessAllowed( // content settings on IOS, so it does not matter. DCHECK(!first_party_url.is_empty() || url.is_empty()) << url; #endif - ContentSetting setting; - GetCookieSetting(url, first_party_url, nullptr, &setting); - return IsAllowed(setting); + return IsAllowed(GetCookieSetting(url, first_party_url, nullptr)); } bool CookieSettingsBase::IsCookieAccessAllowed( const GURL& url, const GURL& site_for_cookies, const base::Optional<url::Origin>& top_frame_origin) const { - ContentSetting setting; - GetCookieSettingInternal( + ContentSetting setting = GetCookieSettingInternal( url, top_frame_origin ? top_frame_origin->GetURL() : site_for_cookies, - IsThirdPartyRequest(url, site_for_cookies), nullptr, &setting); + IsThirdPartyRequest(url, site_for_cookies), nullptr); return IsAllowed(setting); } bool CookieSettingsBase::IsCookieSessionOnly(const GURL& origin) const { - ContentSetting setting; - GetCookieSetting(origin, origin, nullptr, &setting); + ContentSetting setting = GetCookieSetting(origin, origin, nullptr); DCHECK(IsValidSetting(setting)); return setting == CONTENT_SETTING_SESSION_ONLY; } diff --git a/chromium/components/content_settings/core/common/cookie_settings_base.h b/chromium/components/content_settings/core/common/cookie_settings_base.h index fb41bd86314..509fbf0fa3a 100644 --- a/chromium/components/content_settings/core/common/cookie_settings_base.h +++ b/chromium/components/content_settings/core/common/cookie_settings_base.h @@ -107,10 +107,10 @@ class CookieSettingsBase { bool IsCookieSessionOnly(const GURL& url) const; // A helper for applying third party cookie blocking rules. - void GetCookieSetting(const GURL& url, - const GURL& first_party_url, - content_settings::SettingSource* source, - ContentSetting* cookie_setting) const; + ContentSetting GetCookieSetting( + const GURL& url, + const GURL& first_party_url, + content_settings::SettingSource* source) const; // Returns the cookie access semantics (legacy or nonlegacy) to be applied for // cookies on the given domain. The |cookie_domain| can be provided as the @@ -171,12 +171,11 @@ class CookieSettingsBase { static bool IsValidSettingForLegacyAccess(ContentSetting setting); private: - virtual void GetCookieSettingInternal( + virtual ContentSetting GetCookieSettingInternal( const GURL& url, const GURL& first_party_url, bool is_third_party_request, - content_settings::SettingSource* source, - ContentSetting* cookie_setting) const = 0; + content_settings::SettingSource* source) const = 0; DISALLOW_COPY_AND_ASSIGN(CookieSettingsBase); }; diff --git a/chromium/components/content_settings/core/common/cookie_settings_base_unittest.cc b/chromium/components/content_settings/core/common/cookie_settings_base_unittest.cc index 71c06e1b2dc..245d63448ea 100644 --- a/chromium/components/content_settings/core/common/cookie_settings_base_unittest.cc +++ b/chromium/components/content_settings/core/common/cookie_settings_base_unittest.cc @@ -38,12 +38,12 @@ class CallbackCookieSettings : public CookieSettingsBase { : callback_(std::move(callback)) {} // CookieSettingsBase: - void GetCookieSettingInternal(const GURL& url, - const GURL& first_party_url, - bool is_third_party_request, - content_settings::SettingSource* source, - ContentSetting* cookie_setting) const override { - *cookie_setting = callback_.Run(url); + ContentSetting GetCookieSettingInternal( + const GURL& url, + const GURL& first_party_url, + bool is_third_party_request, + content_settings::SettingSource* source) const override { + return callback_.Run(url); } void GetSettingForLegacyCookieAccess(const std::string& cookie_domain, ContentSetting* setting) const override { diff --git a/chromium/components/content_settings/core/common/pref_names.cc b/chromium/components/content_settings/core/common/pref_names.cc index e54f28e5868..19561c36c9c 100644 --- a/chromium/components/content_settings/core/common/pref_names.cc +++ b/chromium/components/content_settings/core/common/pref_names.cc @@ -45,6 +45,8 @@ const char kManagedDefaultWebBluetoothGuardSetting[] = "profile.managed_default_content_settings.web_bluetooth_guard"; const char kManagedDefaultWebUsbGuardSetting[] = "profile.managed_default_content_settings.web_usb_guard"; +const char kManagedDefaultFileHandlingGuardSetting[] = + "profile.managed_default_content_settings.file_handling_guard"; const char kManagedDefaultFileSystemReadGuardSetting[] = "profile.managed_default_content_settings.file_system_read_guard"; const char kManagedDefaultFileSystemWriteGuardSetting[] = @@ -95,6 +97,10 @@ const char kManagedWebUsbAllowDevicesForUrls[] = const char kManagedWebUsbAskForUrls[] = "profile.managed_web_usb_ask_for_urls"; const char kManagedWebUsbBlockedForUrls[] = "profile.managed_web_usb_blocked_for_urls"; +const char kManagedFileHandlingAllowedForUrls[] = + "profile.managed_file_handling_allowed_for_urls"; +const char kManagedFileHandlingBlockedForUrls[] = + "profile.managed_file_handling_blocked_for_urls"; const char kManagedFileSystemReadAskForUrls[] = "profile.managed_file_system_read_ask_for_urls"; const char kManagedFileSystemReadBlockedForUrls[] = diff --git a/chromium/components/content_settings/core/common/pref_names.h b/chromium/components/content_settings/core/common/pref_names.h index 66d1a333168..4638673a98e 100644 --- a/chromium/components/content_settings/core/common/pref_names.h +++ b/chromium/components/content_settings/core/common/pref_names.h @@ -30,6 +30,7 @@ extern const char kManagedDefaultMediaStreamSetting[]; extern const char kManagedDefaultSensorsSetting[]; extern const char kManagedDefaultWebBluetoothGuardSetting[]; extern const char kManagedDefaultWebUsbGuardSetting[]; +extern const char kManagedDefaultFileHandlingGuardSetting[]; extern const char kManagedDefaultFileSystemReadGuardSetting[]; extern const char kManagedDefaultFileSystemWriteGuardSetting[]; extern const char kManagedDefaultLegacyCookieAccessSetting[]; @@ -55,6 +56,8 @@ extern const char kManagedAutoSelectCertificateForUrls[]; extern const char kManagedWebUsbAllowDevicesForUrls[]; extern const char kManagedWebUsbAskForUrls[]; extern const char kManagedWebUsbBlockedForUrls[]; +extern const char kManagedFileHandlingAllowedForUrls[]; +extern const char kManagedFileHandlingBlockedForUrls[]; extern const char kManagedFileSystemReadAskForUrls[]; extern const char kManagedFileSystemReadBlockedForUrls[]; extern const char kManagedFileSystemWriteAskForUrls[]; |