diff options
author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2020-01-23 17:21:03 +0100 |
---|---|---|
committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2020-01-23 16:25:15 +0000 |
commit | c551f43206405019121bd2b2c93714319a0a3300 (patch) | |
tree | 1f48c30631c421fd4bbb3c36da20183c8a2ed7d7 /chromium/components/content_settings | |
parent | 7961cea6d1041e3e454dae6a1da660b453efd238 (diff) | |
download | qtwebengine-chromium-c551f43206405019121bd2b2c93714319a0a3300.tar.gz |
BASELINE: Update Chromium to 79.0.3945.139
Change-Id: I336b7182fab9bca80b709682489c07db112eaca5
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Diffstat (limited to 'chromium/components/content_settings')
20 files changed, 173 insertions, 84 deletions
diff --git a/chromium/components/content_settings/core/browser/content_settings_policy_provider.cc b/chromium/components/content_settings/core/browser/content_settings_policy_provider.cc index 4e57830be3b..0a2b74071e4 100644 --- a/chromium/components/content_settings/core/browser/content_settings_policy_provider.cc +++ b/chromium/components/content_settings/core/browser/content_settings_policy_provider.cc @@ -44,6 +44,10 @@ const PrefsForManagedContentSettingsMapEntry CONTENT_SETTING_ALLOW}, {prefs::kManagedImagesBlockedForUrls, CONTENT_SETTINGS_TYPE_IMAGES, CONTENT_SETTING_BLOCK}, + {prefs::kManagedInsecureContentAllowedForUrls, + CONTENT_SETTINGS_TYPE_MIXEDSCRIPT, CONTENT_SETTING_ALLOW}, + {prefs::kManagedInsecureContentBlockedForUrls, + CONTENT_SETTINGS_TYPE_MIXEDSCRIPT, CONTENT_SETTING_BLOCK}, {prefs::kManagedJavaScriptAllowedForUrls, CONTENT_SETTINGS_TYPE_JAVASCRIPT, CONTENT_SETTING_ALLOW}, {prefs::kManagedJavaScriptBlockedForUrls, @@ -92,6 +96,8 @@ const PolicyProvider::PrefsForManagedDefaultMapEntry prefs::kManagedDefaultMediaStreamSetting}, {CONTENT_SETTINGS_TYPE_MEDIASTREAM_MIC, prefs::kManagedDefaultMediaStreamSetting}, + {CONTENT_SETTINGS_TYPE_MIXEDSCRIPT, + prefs::kManagedDefaultInsecureContentSetting}, {CONTENT_SETTINGS_TYPE_NOTIFICATIONS, prefs::kManagedDefaultNotificationsSetting}, {CONTENT_SETTINGS_TYPE_PLUGINS, prefs::kManagedDefaultPluginsSetting}, @@ -112,6 +118,8 @@ void PolicyProvider::RegisterProfilePrefs( registry->RegisterListPref(prefs::kManagedCookiesSessionOnlyForUrls); registry->RegisterListPref(prefs::kManagedImagesAllowedForUrls); registry->RegisterListPref(prefs::kManagedImagesBlockedForUrls); + registry->RegisterListPref(prefs::kManagedInsecureContentAllowedForUrls); + registry->RegisterListPref(prefs::kManagedInsecureContentBlockedForUrls); registry->RegisterListPref(prefs::kManagedJavaScriptAllowedForUrls); registry->RegisterListPref(prefs::kManagedJavaScriptBlockedForUrls); registry->RegisterListPref(prefs::kManagedNotificationsAllowedForUrls); @@ -135,6 +143,8 @@ void PolicyProvider::RegisterProfilePrefs( CONTENT_SETTING_DEFAULT); registry->RegisterIntegerPref(prefs::kManagedDefaultImagesSetting, CONTENT_SETTING_DEFAULT); + registry->RegisterIntegerPref(prefs::kManagedDefaultInsecureContentSetting, + CONTENT_SETTING_DEFAULT); registry->RegisterIntegerPref(prefs::kManagedDefaultJavaScriptSetting, CONTENT_SETTING_DEFAULT); registry->RegisterIntegerPref(prefs::kManagedDefaultNotificationsSetting, @@ -168,6 +178,10 @@ PolicyProvider::PolicyProvider(PrefService* prefs) : prefs_(prefs) { prefs::kManagedCookiesSessionOnlyForUrls, callback); pref_change_registrar_.Add(prefs::kManagedImagesAllowedForUrls, callback); pref_change_registrar_.Add(prefs::kManagedImagesBlockedForUrls, callback); + pref_change_registrar_.Add(prefs::kManagedInsecureContentAllowedForUrls, + callback); + pref_change_registrar_.Add(prefs::kManagedInsecureContentBlockedForUrls, + callback); pref_change_registrar_.Add(prefs::kManagedJavaScriptAllowedForUrls, callback); pref_change_registrar_.Add(prefs::kManagedJavaScriptBlockedForUrls, callback); pref_change_registrar_.Add( @@ -194,6 +208,8 @@ PolicyProvider::PolicyProvider(PrefService* prefs) : prefs_(prefs) { pref_change_registrar_.Add( prefs::kManagedDefaultGeolocationSetting, callback); pref_change_registrar_.Add(prefs::kManagedDefaultImagesSetting, callback); + pref_change_registrar_.Add(prefs::kManagedDefaultInsecureContentSetting, + callback); pref_change_registrar_.Add(prefs::kManagedDefaultJavaScriptSetting, callback); pref_change_registrar_.Add( prefs::kManagedDefaultNotificationsSetting, callback); @@ -357,8 +373,7 @@ void PolicyProvider::GetAutoSelectCertificateSettingsFromPreferences( // Don't pass removed values from |value|, because base::Values read with // JSONReader use a shared string buffer. Instead, Clone() here. - filters_map[pattern_str].FindKey("filters")->GetList().push_back( - filter->Clone()); + filters_map[pattern_str].FindKey("filters")->Append(filter->Clone()); } for (const auto& it : filters_map) { @@ -471,6 +486,8 @@ void PolicyProvider::OnPreferenceChanged(const std::string& name) { name == prefs::kManagedCookiesSessionOnlyForUrls || name == prefs::kManagedImagesAllowedForUrls || name == prefs::kManagedImagesBlockedForUrls || + name == prefs::kManagedInsecureContentAllowedForUrls || + name == prefs::kManagedInsecureContentBlockedForUrls || name == prefs::kManagedJavaScriptAllowedForUrls || name == prefs::kManagedJavaScriptBlockedForUrls || name == prefs::kManagedNotificationsAllowedForUrls || diff --git a/chromium/components/content_settings/core/browser/content_settings_registry.cc b/chromium/components/content_settings/core/browser/content_settings_registry.cc index b60c49a9da0..6c4ff4b6bfb 100644 --- a/chromium/components/content_settings/core/browser/content_settings_registry.cc +++ b/chromium/components/content_settings/core/browser/content_settings_registry.cc @@ -378,9 +378,10 @@ void ContentSettingsRegistry::Init() { ContentSettingsInfo::EXCEPTIONS_ON_SECURE_AND_INSECURE_ORIGINS); Register(CONTENT_SETTINGS_TYPE_MIXEDSCRIPT, "mixed-script", - CONTENT_SETTING_DEFAULT, WebsiteSettingsInfo::UNSYNCABLE, - WhitelistedSchemes(), ValidSettings(), - WebsiteSettingsInfo::SINGLE_ORIGIN_WITH_EMBEDDED_EXCEPTIONS_SCOPE, + CONTENT_SETTING_BLOCK, WebsiteSettingsInfo::UNSYNCABLE, + WhitelistedSchemes(), + ValidSettings(CONTENT_SETTING_ALLOW, CONTENT_SETTING_BLOCK), + WebsiteSettingsInfo::SINGLE_ORIGIN_ONLY_SCOPE, WebsiteSettingsRegistry::DESKTOP, ContentSettingsInfo::INHERIT_IF_LESS_PERMISSIVE, ContentSettingsInfo::PERSISTENT, diff --git a/chromium/components/content_settings/core/browser/content_settings_utils.cc b/chromium/components/content_settings/core/browser/content_settings_utils.cc index 4cba738c02f..6b22ca5a8c6 100644 --- a/chromium/components/content_settings/core/browser/content_settings_utils.cc +++ b/chromium/components/content_settings/core/browser/content_settings_utils.cc @@ -124,6 +124,9 @@ void GetRendererContentSettingRules(const HostContentSettingsMap* map, CONTENT_SETTINGS_TYPE_IMAGES, ResourceIdentifier(), &(rules->image_rules)); + map->GetSettingsForOneType(CONTENT_SETTINGS_TYPE_MIXEDSCRIPT, + ResourceIdentifier(), + &(rules->mixed_content_rules)); #else // Android doesn't use image content settings, so ALLOW rule is added for // all origins. @@ -132,6 +135,13 @@ void GetRendererContentSettingRules(const HostContentSettingsMap* map, base::Value::FromUniquePtrValue( ContentSettingToValue(CONTENT_SETTING_ALLOW)), std::string(), map->IsOffTheRecord())); + // In Android active mixed content is hard blocked, with no option to allow + // it. + rules->mixed_content_rules.push_back(ContentSettingPatternSource( + ContentSettingsPattern::Wildcard(), ContentSettingsPattern::Wildcard(), + base::Value::FromUniquePtrValue( + ContentSettingToValue(CONTENT_SETTING_BLOCK)), + std::string(), map->IsOffTheRecord())); #endif map->GetSettingsForOneType( CONTENT_SETTINGS_TYPE_JAVASCRIPT, diff --git a/chromium/components/content_settings/core/browser/cookie_settings.cc b/chromium/components/content_settings/core/browser/cookie_settings.cc index cc7b2843989..a8119bc317f 100644 --- a/chromium/components/content_settings/core/browser/cookie_settings.cc +++ b/chromium/components/content_settings/core/browser/cookie_settings.cc @@ -17,6 +17,7 @@ #include "components/pref_registry/pref_registry_syncable.h" #include "components/prefs/pref_service.h" #include "extensions/buildflags/buildflags.h" +#include "net/cookies/cookie_util.h" #include "url/gurl.h" namespace content_settings { @@ -61,7 +62,9 @@ void CookieSettings::RegisterProfilePrefs( user_prefs::PrefRegistrySyncable::SYNCABLE_PREF); registry->RegisterIntegerPref( prefs::kCookieControlsMode, - static_cast<int>(CookieControlsMode::kIncognitoOnly), + static_cast<int>(kImprovedCookieControlsDefaultInIncognito.Get() + ? CookieControlsMode::kIncognitoOnly + : CookieControlsMode::kOff), user_prefs::PrefRegistrySyncable::SYNCABLE_PREF); } @@ -120,12 +123,17 @@ bool CookieSettings::IsStorageDurable(const GURL& origin) const { } void CookieSettings::GetSettingForLegacyCookieAccess( - const GURL& cookie_domain, + const std::string& cookie_domain, ContentSetting* setting) const { DCHECK(setting); + // The content setting patterns are treated as domains, not URLs, so the + // scheme is irrelevant (so we can just arbitrarily pass false). + GURL cookie_domain_url = net::cookie_util::CookieOriginToURL( + cookie_domain, false /* secure scheme */); + *setting = host_content_settings_map_->GetContentSetting( - cookie_domain, GURL(), CONTENT_SETTINGS_TYPE_LEGACY_COOKIE_ACCESS, + cookie_domain_url, GURL(), CONTENT_SETTINGS_TYPE_LEGACY_COOKIE_ACCESS, std::string() /* resource_identifier */); } @@ -183,6 +191,13 @@ CookieSettings::~CookieSettings() { } bool CookieSettings::IsCookieControlsEnabled() { + if (base::FeatureList::IsEnabled( + kImprovedCookieControlsForThirdPartyCookieBlocking) && + pref_change_registrar_.prefs()->GetBoolean( + prefs::kBlockThirdPartyCookies)) { + return true; + } + if (!base::FeatureList::IsEnabled(kImprovedCookieControls)) return false; diff --git a/chromium/components/content_settings/core/browser/cookie_settings.h b/chromium/components/content_settings/core/browser/cookie_settings.h index 975498681ce..ad6695ddc4d 100644 --- a/chromium/components/content_settings/core/browser/cookie_settings.h +++ b/chromium/components/content_settings/core/browser/cookie_settings.h @@ -115,7 +115,7 @@ class CookieSettings : public CookieSettingsBase, bool ShouldBlockThirdPartyCookies() const; // content_settings::CookieSettingsBase: - void GetSettingForLegacyCookieAccess(const GURL& cookie_domain, + void GetSettingForLegacyCookieAccess(const std::string& cookie_domain, ContentSetting* setting) const override; // Detaches the |CookieSettings| from |PrefService|. This methods needs to be @@ -127,8 +127,10 @@ class CookieSettings : public CookieSettingsBase, void AddObserver(Observer* obs) { observers_.AddObserver(obs); } - void RemoveObserver(const Observer* obs) { observers_.RemoveObserver(obs); } + void RemoveObserver(Observer* obs) { observers_.RemoveObserver(obs); } + // Returns true when the improved cookie control UI should be shown. + // TODO(dullweber): Fix grammar. bool IsCookieControlsEnabled(); private: diff --git a/chromium/components/content_settings/core/browser/cookie_settings_unittest.cc b/chromium/components/content_settings/core/browser/cookie_settings_unittest.cc index 545389d1c71..ded99e46169 100644 --- a/chromium/components/content_settings/core/browser/cookie_settings_unittest.cc +++ b/chromium/components/content_settings/core/browser/cookie_settings_unittest.cc @@ -18,7 +18,6 @@ #include "extensions/buildflags/buildflags.h" #include "net/base/features.h" #include "net/cookies/cookie_constants.h" -#include "net/cookies/cookie_util.h" #include "testing/gtest/include/gtest/gtest.h" #include "url/gurl.h" @@ -95,7 +94,7 @@ class CookieSettingsTest : public testing::Test { // There must be a valid ThreadTaskRunnerHandle in HostContentSettingsMap's // scope. - base::test::TaskEnvironment task_environment_; + base::test::SingleThreadTaskEnvironment task_environment_; sync_preferences::TestingPrefServiceSyncable prefs_; scoped_refptr<HostContentSettingsMap> settings_map_; @@ -475,27 +474,19 @@ TEST_F(CookieSettingsTest, ThirdPartySettingObserver) { TEST_F(CookieSettingsTest, LegacyCookieAccessAllowAll) { settings_map_->SetDefaultContentSetting( CONTENT_SETTINGS_TYPE_LEGACY_COOKIE_ACCESS, CONTENT_SETTING_ALLOW); - EXPECT_EQ( - net::CookieAccessSemantics::LEGACY, - cookie_settings_->GetCookieAccessSemanticsForDomain( - net::cookie_util::CookieOriginToURL(kDomain, true /* is_https */))); EXPECT_EQ(net::CookieAccessSemantics::LEGACY, - cookie_settings_->GetCookieAccessSemanticsForDomain( - net::cookie_util::CookieOriginToURL(kDotDomain, - true /* is_https */))); + cookie_settings_->GetCookieAccessSemanticsForDomain(kDomain)); + EXPECT_EQ(net::CookieAccessSemantics::LEGACY, + cookie_settings_->GetCookieAccessSemanticsForDomain(kDotDomain)); } TEST_F(CookieSettingsTest, LegacyCookieAccessBlockAll) { settings_map_->SetDefaultContentSetting( CONTENT_SETTINGS_TYPE_LEGACY_COOKIE_ACCESS, CONTENT_SETTING_BLOCK); - EXPECT_EQ( - net::CookieAccessSemantics::NONLEGACY, - cookie_settings_->GetCookieAccessSemanticsForDomain( - net::cookie_util::CookieOriginToURL(kDomain, true /* is_https */))); EXPECT_EQ(net::CookieAccessSemantics::NONLEGACY, - cookie_settings_->GetCookieAccessSemanticsForDomain( - net::cookie_util::CookieOriginToURL(kDotDomain, - false /* is_https */))); + cookie_settings_->GetCookieAccessSemanticsForDomain(kDomain)); + EXPECT_EQ(net::CookieAccessSemantics::NONLEGACY, + cookie_settings_->GetCookieAccessSemanticsForDomain(kDotDomain)); } // Test SameSite-by-default disabled (default semantics is LEGACY) @@ -525,11 +516,7 @@ TEST_F(CookieSettingsTest, {net::CookieAccessSemantics::LEGACY, kOtherDomain}}; for (const auto& test : kTestCases) { EXPECT_EQ(test.status, cookie_settings_->GetCookieAccessSemanticsForDomain( - net::cookie_util::CookieOriginToURL( - test.cookie_domain, true /* is_https */))); - EXPECT_EQ(test.status, cookie_settings_->GetCookieAccessSemanticsForDomain( - net::cookie_util::CookieOriginToURL( - test.cookie_domain, false /* is_https */))); + test.cookie_domain)); } } @@ -560,11 +547,7 @@ TEST_F(CookieSettingsTest, {net::CookieAccessSemantics::LEGACY, kOtherDomain}}; for (const auto& test : kTestCases) { EXPECT_EQ(test.status, cookie_settings_->GetCookieAccessSemanticsForDomain( - net::cookie_util::CookieOriginToURL( - test.cookie_domain, true /* is_https */))); - EXPECT_EQ(test.status, cookie_settings_->GetCookieAccessSemanticsForDomain( - net::cookie_util::CookieOriginToURL( - test.cookie_domain, false /* is_https */))); + test.cookie_domain)); } } @@ -606,11 +589,7 @@ TEST_F(SameSiteByDefaultCookieSettingsTest, {net::CookieAccessSemantics::NONLEGACY, kOtherDomain}}; for (const auto& test : kTestCases) { EXPECT_EQ(test.status, cookie_settings_->GetCookieAccessSemanticsForDomain( - net::cookie_util::CookieOriginToURL( - test.cookie_domain, true /* is_https */))); - EXPECT_EQ(test.status, cookie_settings_->GetCookieAccessSemanticsForDomain( - net::cookie_util::CookieOriginToURL( - test.cookie_domain, false /* is_https */))); + test.cookie_domain)); } } @@ -640,11 +619,7 @@ TEST_F(SameSiteByDefaultCookieSettingsTest, {net::CookieAccessSemantics::NONLEGACY, kOtherDomain}}; for (const auto& test : kTestCases) { EXPECT_EQ(test.status, cookie_settings_->GetCookieAccessSemanticsForDomain( - net::cookie_util::CookieOriginToURL( - test.cookie_domain, true /* is_https */))); - EXPECT_EQ(test.status, cookie_settings_->GetCookieAccessSemanticsForDomain( - net::cookie_util::CookieOriginToURL( - test.cookie_domain, false /* is_https */))); + test.cookie_domain)); } } diff --git a/chromium/components/content_settings/core/browser/host_content_settings_map.cc b/chromium/components/content_settings/core/browser/host_content_settings_map.cc index 539e8415be1..5b81d5fe30a 100644 --- a/chromium/components/content_settings/core/browser/host_content_settings_map.cc +++ b/chromium/components/content_settings/core/browser/host_content_settings_map.cc @@ -12,7 +12,6 @@ #include "base/command_line.h" #include "base/containers/flat_map.h" -#include "base/memory/ptr_util.h" #include "base/metrics/histogram_functions.h" #include "base/metrics/histogram_macros.h" #include "base/stl_util.h" @@ -253,22 +252,25 @@ HostContentSettingsMap::HostContentSettingsMap( store_last_modified_(store_last_modified) { TRACE_EVENT0("startup", "HostContentSettingsMap::HostContentSettingsMap"); - content_settings::PolicyProvider* policy_provider = - new content_settings::PolicyProvider(prefs_); - content_settings_providers_[POLICY_PROVIDER] = - base::WrapUnique(policy_provider); + auto policy_provider_ptr = + std::make_unique<content_settings::PolicyProvider>(prefs_); + auto* policy_provider = policy_provider_ptr.get(); + content_settings_providers_[POLICY_PROVIDER] = std::move(policy_provider_ptr); policy_provider->AddObserver(this); - pref_provider_ = new content_settings::PrefProvider( + auto pref_provider_ptr = std::make_unique<content_settings::PrefProvider>( prefs_, is_off_the_record_, store_last_modified_); - content_settings_providers_[PREF_PROVIDER] = base::WrapUnique(pref_provider_); + pref_provider_ = pref_provider_ptr.get(); + content_settings_providers_[PREF_PROVIDER] = std::move(pref_provider_ptr); user_modifiable_providers_.push_back(pref_provider_); pref_provider_->AddObserver(this); - content_settings::EphemeralProvider* ephemeral_provider = - new content_settings::EphemeralProvider(store_last_modified_); + auto ephemeral_provider_ptr = + std::make_unique<content_settings::EphemeralProvider>( + store_last_modified_); + auto* ephemeral_provider = ephemeral_provider_ptr.get(); content_settings_providers_[EPHEMERAL_PROVIDER] = - base::WrapUnique(ephemeral_provider); + std::move(ephemeral_provider_ptr); user_modifiable_providers_.push_back(ephemeral_provider); ephemeral_provider->AddObserver(this); diff --git a/chromium/components/content_settings/core/browser/website_settings_registry.cc b/chromium/components/content_settings/core/browser/website_settings_registry.cc index 62d824a9f24..e7627f3a89d 100644 --- a/chromium/components/content_settings/core/browser/website_settings_registry.cc +++ b/chromium/components/content_settings/core/browser/website_settings_registry.cc @@ -157,11 +157,11 @@ void WebsiteSettingsRegistry::Init() { WebsiteSettingsInfo::SINGLE_ORIGIN_WITH_EMBEDDED_EXCEPTIONS_SCOPE, DESKTOP | PLATFORM_ANDROID, WebsiteSettingsInfo::INHERIT_IN_INCOGNITO); - Register(CONTENT_SETTINGS_TYPE_PASSWORD_PROTECTION, "password-protection", - nullptr, WebsiteSettingsInfo::UNSYNCABLE, - WebsiteSettingsInfo::NOT_LOSSY, - WebsiteSettingsInfo::SINGLE_ORIGIN_WITH_EMBEDDED_EXCEPTIONS_SCOPE, - DESKTOP, WebsiteSettingsInfo::INHERIT_IN_INCOGNITO); + Register( + CONTENT_SETTINGS_TYPE_PASSWORD_PROTECTION, "password-protection", nullptr, + WebsiteSettingsInfo::UNSYNCABLE, WebsiteSettingsInfo::NOT_LOSSY, + WebsiteSettingsInfo::SINGLE_ORIGIN_WITH_EMBEDDED_EXCEPTIONS_SCOPE, + DESKTOP | PLATFORM_ANDROID, WebsiteSettingsInfo::INHERIT_IN_INCOGNITO); // Set when an origin is activated for subresource filtering and the // associated UI is shown to the user. Cleared when a site is de-activated or // the first URL matching the origin is removed from history. diff --git a/chromium/components/content_settings/core/common/content_settings.cc b/chromium/components/content_settings/core/common/content_settings.cc index 5fc4d9fdcb6..e1aca34c93a 100644 --- a/chromium/components/content_settings/core/common/content_settings.cc +++ b/chromium/components/content_settings/core/common/content_settings.cc @@ -156,7 +156,8 @@ bool RendererContentSettingRules::IsRendererContentSetting( content_type == CONTENT_SETTINGS_TYPE_JAVASCRIPT || content_type == CONTENT_SETTINGS_TYPE_AUTOPLAY || content_type == CONTENT_SETTINGS_TYPE_CLIENT_HINTS || - content_type == CONTENT_SETTINGS_TYPE_POPUPS; + content_type == CONTENT_SETTINGS_TYPE_POPUPS || + content_type == CONTENT_SETTINGS_TYPE_MIXEDSCRIPT; } RendererContentSettingRules::RendererContentSettingRules() {} diff --git a/chromium/components/content_settings/core/common/content_settings.h b/chromium/components/content_settings/core/common/content_settings.h index 0565046f47c..824c42112ec 100644 --- a/chromium/components/content_settings/core/common/content_settings.h +++ b/chromium/components/content_settings/core/common/content_settings.h @@ -75,6 +75,7 @@ struct RendererContentSettingRules { ContentSettingsForOneType autoplay_rules; ContentSettingsForOneType client_hints_rules; ContentSettingsForOneType popup_redirect_rules; + ContentSettingsForOneType mixed_content_rules; }; namespace content_settings { diff --git a/chromium/components/content_settings/core/common/content_settings.mojom b/chromium/components/content_settings/core/common/content_settings.mojom index 3635caff1e2..771b4dbc435 100644 --- a/chromium/components/content_settings/core/common/content_settings.mojom +++ b/chromium/components/content_settings/core/common/content_settings.mojom @@ -73,4 +73,5 @@ struct RendererContentSettingRules { array<ContentSettingPatternSource> autoplay_rules; array<ContentSettingPatternSource> client_hints_rules; array<ContentSettingPatternSource> popup_redirect_rules; + array<ContentSettingPatternSource> mixed_content_rules; }; diff --git a/chromium/components/content_settings/core/common/content_settings_mojom_traits.cc b/chromium/components/content_settings/core/common/content_settings_mojom_traits.cc index e4faf6a2a5c..84eceacac92 100644 --- a/chromium/components/content_settings/core/common/content_settings_mojom_traits.cc +++ b/chromium/components/content_settings/core/common/content_settings_mojom_traits.cc @@ -101,7 +101,8 @@ bool StructTraits<content_settings::mojom::RendererContentSettingRulesDataView, data.ReadScriptRules(&out->script_rules) && data.ReadAutoplayRules(&out->autoplay_rules) && data.ReadClientHintsRules(&out->client_hints_rules) && - data.ReadPopupRedirectRules(&out->popup_redirect_rules); + data.ReadPopupRedirectRules(&out->popup_redirect_rules) && + data.ReadMixedContentRules(&out->mixed_content_rules); } } // namespace mojo diff --git a/chromium/components/content_settings/core/common/content_settings_mojom_traits.h b/chromium/components/content_settings/core/common/content_settings_mojom_traits.h index c8b57f679ad..13cae3069f6 100644 --- a/chromium/components/content_settings/core/common/content_settings_mojom_traits.h +++ b/chromium/components/content_settings/core/common/content_settings_mojom_traits.h @@ -145,6 +145,11 @@ struct StructTraits< return r.popup_redirect_rules; } + static const std::vector<ContentSettingPatternSource>& mixed_content_rules( + const RendererContentSettingRules& r) { + return r.mixed_content_rules; + } + static bool Read( content_settings::mojom::RendererContentSettingRulesDataView data, RendererContentSettingRules* out); diff --git a/chromium/components/content_settings/core/common/cookie_settings_base.cc b/chromium/components/content_settings/core/common/cookie_settings_base.cc index afbff0630db..eb4304f5021 100644 --- a/chromium/components/content_settings/core/common/cookie_settings_base.cc +++ b/chromium/components/content_settings/core/common/cookie_settings_base.cc @@ -8,6 +8,7 @@ #include "base/debug/task_trace.h" #include "base/feature_list.h" #include "base/logging.h" +#include "build/build_config.h" #include "components/content_settings/core/common/features.h" #include "net/base/net_errors.h" #include "net/base/static_cookie_policy.h" @@ -41,7 +42,12 @@ bool CookieSettingsBase::ShouldDeleteCookieOnExit( // Check if there is a more precise rule that "domain matches" this cookie. bool matches_session_only_rule = false; for (const auto& entry : cookie_settings) { - const std::string& host = entry.primary_pattern.GetHost(); + // While we don't know on which top-frame-origin a cookie was set, we still + // use exceptions that only specify a secondary pattern to handle cookies + // that match this pattern. + const std::string& host = entry.primary_pattern.MatchesAllHosts() + ? entry.secondary_pattern.GetHost() + : entry.primary_pattern.GetHost(); if (net::cookie_util::IsDomainMatch(domain, host)) { if (entry.GetContentSetting() == CONTENT_SETTING_ALLOW) { return false; @@ -66,9 +72,11 @@ void CookieSettingsBase::GetCookieSetting( bool CookieSettingsBase::IsCookieAccessAllowed( const GURL& url, const GURL& first_party_url) const { - DCHECK(!base::FeatureList::IsEnabled(kImprovedCookieControls) || - !first_party_url.is_empty() || url.is_empty()) - << url; +#if !defined(OS_IOS) + // IOS uses this method with an empty |first_party_url| but we don't have + // content settings on IOS, so it does not matter. + DCHECK(!first_party_url.is_empty() || url.is_empty()) << url; +#endif ContentSetting setting; GetCookieSetting(url, first_party_url, nullptr, &setting); return IsAllowed(setting); @@ -78,16 +86,9 @@ bool CookieSettingsBase::IsCookieAccessAllowed( const GURL& url, const GURL& site_for_cookies, const base::Optional<url::Origin>& top_frame_origin) const { - // TODO(crbug.com/988398): top_frame_origin is not yet always available. - // Ensure that the DCHECK always passes and remove the FeatureList check. - if (!base::FeatureList::IsEnabled(kImprovedCookieControls)) - return IsCookieAccessAllowed(url, site_for_cookies); - DCHECK(top_frame_origin || site_for_cookies.is_empty()) - << url << " " << site_for_cookies; - ContentSetting setting; GetCookieSettingInternal( - url, top_frame_origin ? top_frame_origin->GetURL() : GURL(), + url, top_frame_origin ? top_frame_origin->GetURL() : site_for_cookies, IsThirdPartyRequest(url, site_for_cookies), nullptr, &setting); return IsAllowed(setting); } @@ -101,7 +102,7 @@ bool CookieSettingsBase::IsCookieSessionOnly(const GURL& origin) const { net::CookieAccessSemantics CookieSettingsBase::GetCookieAccessSemanticsForDomain( - const GURL& cookie_domain) const { + const std::string& cookie_domain) const { ContentSetting setting; GetSettingForLegacyCookieAccess(cookie_domain, &setting); DCHECK(IsValidSettingForLegacyAccess(setting)); diff --git a/chromium/components/content_settings/core/common/cookie_settings_base.h b/chromium/components/content_settings/core/common/cookie_settings_base.h index e410e0d3e40..af4eb0e4e79 100644 --- a/chromium/components/content_settings/core/common/cookie_settings_base.h +++ b/chromium/components/content_settings/core/common/cookie_settings_base.h @@ -108,16 +108,20 @@ class CookieSettingsBase { ContentSetting* cookie_setting) const; // Returns the cookie access semantics (legacy or nonlegacy) to be applied for - // cookies on the given domain. + // cookies on the given domain. The |cookie_domain| can be provided as the + // direct output of CanonicalCookie::Domain(), i.e. any leading dot does not + // have to be removed. // // This may be called on any thread. net::CookieAccessSemantics GetCookieAccessSemanticsForDomain( - const GURL& cookie_domain) const; + const std::string& cookie_domain) const; // Gets the setting that controls whether legacy access is allowed for a given - // cookie domain (provided as a URL). + // cookie domain. The |cookie_domain| can be provided as the direct output of + // CanonicalCookie::Domain(), i.e. any leading dot does not have to be + // removed. virtual void GetSettingForLegacyCookieAccess( - const GURL& cookie_domain, + const std::string& cookie_domain, ContentSetting* setting) const = 0; // Determines whether |setting| is a valid content setting for cookies. diff --git a/chromium/components/content_settings/core/common/cookie_settings_base_unittest.cc b/chromium/components/content_settings/core/common/cookie_settings_base_unittest.cc index a606322f064..479024de92e 100644 --- a/chromium/components/content_settings/core/common/cookie_settings_base_unittest.cc +++ b/chromium/components/content_settings/core/common/cookie_settings_base_unittest.cc @@ -6,6 +6,7 @@ #include "base/bind.h" #include "base/callback.h" +#include "net/cookies/cookie_util.h" #include "testing/gtest/include/gtest/gtest.h" #include "url/gurl.h" @@ -23,6 +24,13 @@ ContentSettingPatternSource CreateSetting(ContentSetting setting) { false); } +ContentSettingPatternSource CreateThirdPartySetting(ContentSetting setting) { + return ContentSettingPatternSource( + ContentSettingsPattern::Wildcard(), + ContentSettingsPattern::FromString(kDomain), base::Value(setting), + std::string(), false); +} + class CallbackCookieSettings : public CookieSettingsBase { public: explicit CallbackCookieSettings(GetSettingCallback callback) @@ -36,9 +44,11 @@ class CallbackCookieSettings : public CookieSettingsBase { ContentSetting* cookie_setting) const override { *cookie_setting = callback_.Run(url); } - void GetSettingForLegacyCookieAccess(const GURL& cookie_domain, + void GetSettingForLegacyCookieAccess(const std::string& cookie_domain, ContentSetting* setting) const override { - *setting = callback_.Run(cookie_domain); + GURL cookie_domain_url = + net::cookie_util::CookieOriginToURL(cookie_domain, false); + *setting = callback_.Run(cookie_domain_url); } private: @@ -73,6 +83,13 @@ TEST(CookieSettingsBaseTest, ShouldDeleteDomainSettingSessionOnly) { {CreateSetting(CONTENT_SETTING_SESSION_ONLY)}, kDomain, false)); } +TEST(CookieSettingsBaseTest, ShouldDeleteDomainThirdPartySettingSessionOnly) { + CallbackCookieSettings settings( + base::BindRepeating([](const GURL&) { return CONTENT_SETTING_BLOCK; })); + EXPECT_TRUE(settings.ShouldDeleteCookieOnExit( + {CreateThirdPartySetting(CONTENT_SETTING_SESSION_ONLY)}, kDomain, false)); +} + TEST(CookieSettingsBaseTest, ShouldNotDeleteDomainSettingAllow) { CallbackCookieSettings settings( base::BindRepeating([](const GURL&) { return CONTENT_SETTING_BLOCK; })); @@ -104,6 +121,14 @@ TEST(CookieSettingsBaseTest, ShouldNotDeleteNoDomainMatch) { {CreateSetting(CONTENT_SETTING_SESSION_ONLY)}, "other.com", false)); } +TEST(CookieSettingsBaseTest, ShouldNotDeleteNoThirdPartyDomainMatch) { + CallbackCookieSettings settings( + base::BindRepeating([](const GURL&) { return CONTENT_SETTING_BLOCK; })); + EXPECT_FALSE(settings.ShouldDeleteCookieOnExit( + {CreateThirdPartySetting(CONTENT_SETTING_SESSION_ONLY)}, "other.com", + false)); +} + TEST(CookieSettingsBaseTest, CookieAccessNotAllowedWithBlockedSetting) { CallbackCookieSettings settings( base::BindRepeating([](const GURL&) { return CONTENT_SETTING_BLOCK; })); @@ -126,11 +151,11 @@ TEST(CookieSettingsBaseTest, LegacyCookieAccessSemantics) { CallbackCookieSettings settings1( base::BindRepeating([](const GURL&) { return CONTENT_SETTING_ALLOW; })); EXPECT_EQ(net::CookieAccessSemantics::LEGACY, - settings1.GetCookieAccessSemanticsForDomain(GURL())); + settings1.GetCookieAccessSemanticsForDomain(std::string())); CallbackCookieSettings settings2( base::BindRepeating([](const GURL&) { return CONTENT_SETTING_BLOCK; })); EXPECT_EQ(net::CookieAccessSemantics::NONLEGACY, - settings2.GetCookieAccessSemanticsForDomain(GURL())); + settings2.GetCookieAccessSemanticsForDomain(std::string())); } TEST(CookieSettingsBaseTest, IsCookieSessionOnlyWithAllowSetting) { diff --git a/chromium/components/content_settings/core/common/features.cc b/chromium/components/content_settings/core/common/features.cc index 1f434f70697..17dceed1a0d 100644 --- a/chromium/components/content_settings/core/common/features.cc +++ b/chromium/components/content_settings/core/common/features.cc @@ -5,10 +5,20 @@ #include "components/content_settings/core/common/features.h" #include "base/feature_list.h" +#include "base/metrics/field_trial_params.h" namespace content_settings { +// Enables an improved UI for third-party cookie blocking in incognito mode. const base::Feature kImprovedCookieControls{"ImprovedCookieControls", base::FEATURE_DISABLED_BY_DEFAULT}; +// Default setting for improved cookie controls. +const base::FeatureParam<bool> kImprovedCookieControlsDefaultInIncognito{ + &kImprovedCookieControls, "DefaultInIncognito", true}; + +// Enables an improved UI for existing third-party cookie blocking users. +const base::Feature kImprovedCookieControlsForThirdPartyCookieBlocking{ + "ImprovedCookieControlsForThirdPartyCookieBlocking", + base::FEATURE_DISABLED_BY_DEFAULT}; }
\ No newline at end of file diff --git a/chromium/components/content_settings/core/common/features.h b/chromium/components/content_settings/core/common/features.h index 846d495ef9d..9d6965be065 100644 --- a/chromium/components/content_settings/core/common/features.h +++ b/chromium/components/content_settings/core/common/features.h @@ -6,6 +6,7 @@ #define COMPONENTS_CONTENT_SETTINGS_CORE_COMMON_FEATURES_H_ #include "base/component_export.h" +#include "base/metrics/field_trial_params.h" namespace base { struct Feature; @@ -17,6 +18,14 @@ namespace content_settings { COMPONENT_EXPORT(CONTENT_SETTINGS_FEATURES) extern const base::Feature kImprovedCookieControls; +COMPONENT_EXPORT(CONTENT_SETTINGS_FEATURES) +extern const base::FeatureParam<bool> kImprovedCookieControlsDefaultInIncognito; + +// Feature to enable the improved cookie contronls ui for third-party cookie +// blocking users. +COMPONENT_EXPORT(CONTENT_SETTINGS_FEATURES) +extern const base::Feature kImprovedCookieControlsForThirdPartyCookieBlocking; + } // namespace content_settings #endif // COMPONENTS_CONTENT_SETTINGS_CORE_COMMON_FEATURES_H_
\ No newline at end of file diff --git a/chromium/components/content_settings/core/common/pref_names.cc b/chromium/components/content_settings/core/common/pref_names.cc index 42751eee13a..59280df37db 100644 --- a/chromium/components/content_settings/core/common/pref_names.cc +++ b/chromium/components/content_settings/core/common/pref_names.cc @@ -33,6 +33,8 @@ const char kManagedDefaultGeolocationSetting[] = "profile.managed_default_content_settings.geolocation"; const char kManagedDefaultImagesSetting[] = "profile.managed_default_content_settings.images"; +const char kManagedDefaultInsecureContentSetting[] = + "profile.managed_default_content_settings.insecure_content"; const char kManagedDefaultJavaScriptSetting[] = "profile.managed_default_content_settings.javascript"; const char kManagedDefaultNotificationsSetting[] = @@ -64,6 +66,10 @@ const char kManagedImagesAllowedForUrls[] = "profile.managed_images_allowed_for_urls"; const char kManagedImagesBlockedForUrls[] = "profile.managed_images_blocked_for_urls"; +const char kManagedInsecureContentAllowedForUrls[] = + "profile.managed_insecure_content_allowed_for_urls"; +const char kManagedInsecureContentBlockedForUrls[] = + "profile.managed_insecure_content_blocked_for_urls"; const char kManagedJavaScriptAllowedForUrls[] = "profile.managed_javascript_allowed_for_urls"; const char kManagedJavaScriptBlockedForUrls[] = diff --git a/chromium/components/content_settings/core/common/pref_names.h b/chromium/components/content_settings/core/common/pref_names.h index 6b843a97fa3..a4c4bffdbd1 100644 --- a/chromium/components/content_settings/core/common/pref_names.h +++ b/chromium/components/content_settings/core/common/pref_names.h @@ -24,6 +24,7 @@ extern const char kContentSettingsWindowLastTabIndex[]; extern const char kManagedDefaultAdsSetting[]; extern const char kManagedDefaultCookiesSetting[]; extern const char kManagedDefaultImagesSetting[]; +extern const char kManagedDefaultInsecureContentSetting[]; extern const char kManagedDefaultJavaScriptSetting[]; extern const char kManagedDefaultPluginsSetting[]; extern const char kManagedDefaultPopupsSetting[]; @@ -39,6 +40,8 @@ extern const char kManagedCookiesBlockedForUrls[]; extern const char kManagedCookiesSessionOnlyForUrls[]; extern const char kManagedImagesAllowedForUrls[]; extern const char kManagedImagesBlockedForUrls[]; +extern const char kManagedInsecureContentAllowedForUrls[]; +extern const char kManagedInsecureContentBlockedForUrls[]; extern const char kManagedJavaScriptAllowedForUrls[]; extern const char kManagedJavaScriptBlockedForUrls[]; extern const char kManagedPluginsAllowedForUrls[]; |