Skip to content

Instantly share code, notes, and snippets.

@uazo

uazo/00wip-Add-Local-Access-Network-content-setting.patch

Created March 28, 2023 11:28
Show Gist options
  • Save uazo/e61cf8d777f4111c059466d6c6184972 to your computer and use it in GitHub Desktop.
Save uazo/e61cf8d777f4111c059466d6c6184972 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
00wip-Add-Local-Access-Network-content-setting.patch
From: uazo <uazo@users.noreply.github.com>
Date: Tue, 28 Mar 2023 11:26:37 +0000
Subject: wip Add Local Access Network content setting
---
chrome/app/settings_strings.grdp | 19 +++++
chrome/browser/resources/settings/icons.html | 2 +
.../settings/privacy_page/privacy_page.html | 22 +++++
chrome/browser/resources/settings/route.ts | 1 +
chrome/browser/resources/settings/router.ts | 1 +
.../site_settings/category_default_setting.ts | 1 +
.../settings/site_settings/constants.ts | 1 +
.../settings_category_default_radio_group.ts | 1 +
.../settings/site_settings/site_details.html | 5 ++
.../site_settings_page/site_settings_page.ts | 9 ++
.../site_settings_page_util.ts | 2 +
.../views/page_info/page_info_view_factory.cc | 3 +
.../settings_localized_strings_provider.cc | 7 ++
.../ui/webui/settings/site_settings_helper.cc | 2 +-
.../browser_ui/site_settings/android/BUILD.gn | 3 +
.../BromiteCustomContentSettingImpl.java | 1 +
...omiteLocalNetworkAccessContentSetting.java | 85 +++++++++++++++++++
.../site_settings/SiteSettingsCategory.java | 5 +-
.../strings/android/browser_ui_strings.grd | 1 +
.../strings/android/local_network_access.grdp | 18 ++++
.../renderer_host/navigation_request.cc | 7 +-
.../private_network_access_util.cc | 2 +-
.../renderer_host/render_frame_host_impl.cc | 4 +-
.../embedded_worker_instance.cc | 9 ++
.../worker_host/dedicated_worker_host.cc | 10 +++
.../browser/worker_host/shared_worker_host.cc | 11 +++
content/public/common/content_features.cc | 14 +--
.../platform/loader/cors/cors_error_string.cc | 2 +-
28 files changed, 230 insertions(+), 18 deletions(-)
create mode 100644 components/browser_ui/site_settings/android/java/src/org/chromium/components/browser_ui/site_settings/BromiteLocalNetworkAccessContentSetting.java
create mode 100644 components/browser_ui/strings/android/local_network_access.grdp
diff --git a/chrome/app/settings_strings.grdp b/chrome/app/settings_strings.grdp
--- a/chrome/app/settings_strings.grdp
+++ b/chrome/app/settings_strings.grdp
@@ -4311,6 +4311,25 @@
Not allowed to use Viewport Protection
</message>
+ <message name="IDS_SITE_SETTINGS_LOCAL_NETWORK_ACCESS_TITLE" desc="Description of the LOCAL_NETWORK_ACCESS content setting page title.">
+ Local Access Network
+ </message>
+ <message name="IDS_SETTINGS_SITE_SETTINGS_LOCAL_NETWORK_ACCESS_DESCRIPTION" desc="Description of the LOCAL_NETWORK_ACCESS content setting.">
+ Enable Local Access Network
+ </message>
+ <message name="IDS_SETTINGS_SITE_SETTINGS_LOCAL_NETWORK_ACCESS_ALLOWED" desc="Label for the enabled option of the LOCAL_NETWORK_ACCESS setting.">
+ Local Access Network is enabled
+ </message>
+ <message name="IDS_SETTINGS_SITE_SETTINGS_LOCAL_NETWORK_ACCESS_BLOCKED" desc="Label for the disabled option of the LOCAL_NETWORK_ACCESS setting.">
+ Local Access Network is disabled
+ </message>
+ <message name="IDS_SETTINGS_SITE_SETTINGS_LOCAL_NETWORK_ACCESS_ALLOWED_EXCEPTIONS" desc="Label for the allowed exceptions site list of the LOCAL_NETWORK_ACCESS setting.">
+ Allowed to use local network
+ </message>
+ <message name="IDS_SETTINGS_SITE_SETTINGS_LOCAL_NETWORK_ACCESS_BLOCKED_EXCEPTIONS" desc="Label for the blocked exceptions site list of the LOCAL_NETWORK_ACCESS setting.">
+ Not allowed to use local network
+ </message>
+
<if expr="not is_chromeos">
<!-- Import Settings Dialog -->
<message name="IDS_SETTINGS_IMPORT_SETTINGS_TITLE" desc="Dialog title for import dialog.">
diff --git a/chrome/browser/resources/settings/icons.html b/chrome/browser/resources/settings/icons.html
--- a/chrome/browser/resources/settings/icons.html
+++ b/chrome/browser/resources/settings/icons.html
@@ -198,6 +198,8 @@ NOTE: Chrome OS icons go in ./chromeos/os_icons.html.
<g id="webrtc-off"><path d="M13.002 4.001H7.106L5.252 2.148c.232-.094.485-.147.75-.147h8l6 6v8.896l-2-2V9.001h-5v-5z" fill="#5F6368"></path><path d="M16.002 12.001h-.896l.896.896v-.896zM.6 3.45l1.414-1.414 19.94 19.94-1.414 1.414L.6 3.45zM3.986 20.01V6.84l2 2V20.01h11.172l1.765 1.766c-.28.15-.599.234-.937.234H5.976c-1.1 0-1.99-.9-1.99-2z" fill="#5F6368"></path><path d="M9.158 12.01H7.986v2h3.172l-2-2zM13.158 16.01H7.986v2h7.172l-2-2z" fill="#5F6368"></path></g>
<g id="viewport-protection"><path d="M8 16h8v2H8v-2zm0-4h8v2H8v-2zm6-10H6c-1.1 0-2 .9-2 2v16c0 1.1.89 2 1.99 2H18c1.1 0 2-.9 2-2V8l-6-6zm4 18H6V4h7v5h5v11z" fill="#5F6368"></path></g>
<g id="viewport-protection-off"><path d="M13.002 4.001H7.106L5.252 2.148c.232-.094.485-.147.75-.147h8l6 6v8.896l-2-2V9.001h-5v-5z" fill="#5F6368"></path><path d="M16.002 12.001h-.896l.896.896v-.896zM.6 3.45l1.414-1.414 19.94 19.94-1.414 1.414L.6 3.45zM3.986 20.01V6.84l2 2V20.01h11.172l1.765 1.766c-.28.15-.599.234-.937.234H5.976c-1.1 0-1.99-.9-1.99-2z" fill="#5F6368"></path><path d="M9.158 12.01H7.986v2h3.172l-2-2zM13.158 16.01H7.986v2h7.172l-2-2z" fill="#5F6368"></path></g>
+ <g id="local-network-access"><path d="M8 16h8v2H8v-2zm0-4h8v2H8v-2zm6-10H6c-1.1 0-2 .9-2 2v16c0 1.1.89 2 1.99 2H18c1.1 0 2-.9 2-2V8l-6-6zm4 18H6V4h7v5h5v11z" fill="#5F6368"></path></g>
+ <g id="local-network-access-off"><path d="M13.002 4.001H7.106L5.252 2.148c.232-.094.485-.147.75-.147h8l6 6v8.896l-2-2V9.001h-5v-5z" fill="#5F6368"></path><path d="M16.002 12.001h-.896l.896.896v-.896zM.6 3.45l1.414-1.414 19.94 19.94-1.414 1.414L.6 3.45zM3.986 20.01V6.84l2 2V20.01h11.172l1.765 1.766c-.28.15-.599.234-.937.234H5.976c-1.1 0-1.99-.9-1.99-2z" fill="#5F6368"></path><path d="M9.158 12.01H7.986v2h3.172l-2-2zM13.158 16.01H7.986v2h7.172l-2-2z" fill="#5F6368"></path></g>
</defs>
</svg>
</iron-iconset-svg>
diff --git a/chrome/browser/resources/settings/privacy_page/privacy_page.html b/chrome/browser/resources/settings/privacy_page/privacy_page.html
--- a/chrome/browser/resources/settings/privacy_page/privacy_page.html
+++ b/chrome/browser/resources/settings/privacy_page/privacy_page.html
@@ -1228,4 +1228,26 @@
</category-setting-exceptions>
</settings-subpage>
</template>
+ <template is="dom-if" route-path="/content/local-network-access" no-search>
+ <settings-subpage page-title="$i18n{siteSettingsLocalNetworkAccess}"
+ search-label="$i18n{siteSettingsAllSitesSearch}"
+ search-term="{{searchFilter_}}">
+ <div class="content-settings-header secondary">
+ $i18n{siteSettingsLocalNetworkAccessDescription}
+ </div>
+ <settings-category-default-radio-group
+ category="[[contentSettingsTypesEnum_.LOCAL_NETWORK_ACCESS]]"
+ allow-option-label="$i18n{siteSettingsLocalNetworkAccessAllowed}"
+ allow-option-icon="settings:local-network-access"
+ block-option-label="$i18n{siteSettingsLocalNetworkAccessBlocked}"
+ block-option-icon="settings:local-network-access-off">
+ </settings-category-default-radio-group>
+ <category-setting-exceptions
+ category="[[contentSettingsTypesEnum_.LOCAL_NETWORK_ACCESS]]"
+ block-header="$i18n{siteSettingsLocalNetworkAccessBlockedExceptions}"
+ allow-header="$i18n{siteSettingsLocalNetworkAccessAllowedExceptions}"
+ search-filter="[[searchFilter_]]">
+ </category-setting-exceptions>
+ </settings-subpage>
+ </template>
</settings-animated-pages>
diff --git a/chrome/browser/resources/settings/route.ts b/chrome/browser/resources/settings/route.ts
--- a/chrome/browser/resources/settings/route.ts
+++ b/chrome/browser/resources/settings/route.ts
@@ -117,6 +117,7 @@ function addPrivacyChildRoutes(r: Partial<SettingsRoutes>) {
r.SITE_SETTINGS_WEBGL = r.SITE_SETTINGS.createChild('webgl');
r.SITE_SETTINGS_WEBRTC = r.SITE_SETTINGS.createChild('webrtc');
r.SITE_SETTINGS_VIEWPORT = r.SITE_SETTINGS.createChild('viewport-protection');
+ r.SITE_SETTINGS_LOCAL_NETWORK_ACCESS = r.SITE_SETTINGS.createChild('local-network-access');
}
/**
diff --git a/chrome/browser/resources/settings/router.ts b/chrome/browser/resources/settings/router.ts
--- a/chrome/browser/resources/settings/router.ts
+++ b/chrome/browser/resources/settings/router.ts
@@ -106,6 +106,7 @@ export interface SettingsRoutes {
SITE_SETTINGS_WEBGL: Route;
SITE_SETTINGS_WEBRTC: Route;
SITE_SETTINGS_VIEWPORT: Route;
+ SITE_SETTINGS_LOCAL_NETWORK_ACCESS: Route;
}
/** Class for navigable routes. */
diff --git a/chrome/browser/resources/settings/site_settings/category_default_setting.ts b/chrome/browser/resources/settings/site_settings/category_default_setting.ts
--- a/chrome/browser/resources/settings/site_settings/category_default_setting.ts
+++ b/chrome/browser/resources/settings/site_settings/category_default_setting.ts
@@ -201,6 +201,7 @@ export class CategoryDefaultSettingElement extends
case ContentSettingsTypes.WEBGL:
case ContentSettingsTypes.WEBRTC:
case ContentSettingsTypes.VIEWPORT:
+ case ContentSettingsTypes.LOCAL_NETWORK_ACCESS:
// "Allowed" vs "Blocked".
this.browserProxy.setDefaultValueForContentType(
this.category,
diff --git a/chrome/browser/resources/settings/site_settings/constants.ts b/chrome/browser/resources/settings/site_settings/constants.ts
--- a/chrome/browser/resources/settings/site_settings/constants.ts
+++ b/chrome/browser/resources/settings/site_settings/constants.ts
@@ -51,6 +51,7 @@ export enum ContentSettingsTypes {
WEBGL = 'webgl',
WEBRTC = 'webrtc',
VIEWPORT = 'viewport',
+ LOCAL_NETWORK_ACCESS = 'insecure-private-network',
// The following items are not in the C++ kContentSettingsTypeGroupNames, but
// are used everywhere where ContentSettingsTypes is used in JS.
diff --git a/chrome/browser/resources/settings/site_settings/settings_category_default_radio_group.ts b/chrome/browser/resources/settings/site_settings/settings_category_default_radio_group.ts
--- a/chrome/browser/resources/settings/site_settings/settings_category_default_radio_group.ts
+++ b/chrome/browser/resources/settings/site_settings/settings_category_default_radio_group.ts
@@ -145,6 +145,7 @@ export class SettingsCategoryDefaultRadioGroupElement extends
case ContentSettingsTypes.WEBGL:
case ContentSettingsTypes.WEBRTC:
case ContentSettingsTypes.VIEWPORT:
+ case ContentSettingsTypes.LOCAL_NETWORK_ACCESS:
// "Allowed" vs "Blocked".
return ContentSetting.ALLOW;
case ContentSettingsTypes.AR:
diff --git a/chrome/browser/resources/settings/site_settings/site_details.html b/chrome/browser/resources/settings/site_settings/site_details.html
--- a/chrome/browser/resources/settings/site_settings/site_details.html
+++ b/chrome/browser/resources/settings/site_settings/site_details.html
@@ -292,4 +292,9 @@
icon="settings:viewport-protection"
label="$i18n{siteSettingsViewportProtection}">
</site-details-permission>
+ <site-details-permission
+ category="[[contentSettingsTypesEnum_.LOCAL_NETWORK_ACCESS]]"
+ icon="settings:local-network-access"
+ label="$i18n{siteSettingsLocalNetworkAccess}">
+ </site-details-permission>
</div>
diff --git a/chrome/browser/resources/settings/site_settings_page/site_settings_page.ts b/chrome/browser/resources/settings/site_settings_page/site_settings_page.ts
--- a/chrome/browser/resources/settings/site_settings_page/site_settings_page.ts
+++ b/chrome/browser/resources/settings/site_settings_page/site_settings_page.ts
@@ -373,6 +373,14 @@ function getCategoryItemMap(): Map<ContentSettingsTypes, CategoryListItem> {
enabledLabel: 'siteSettingsViewportProtectionAllowed',
disabledLabel: 'siteSettingsViewportProtectionBlocked',
},
+ {
+ route: routes.SITE_SETTINGS_LOCAL_NETWORK_ACCESS,
+ id: Id.LOCAL_NETWORK_ACCESS,
+ label: 'siteSettingsLocalNetworkAccess',
+ icon: 'settings:local-network-access',
+ enabledLabel: 'siteSettingsLocalNetworkAccessAllowed',
+ disabledLabel: 'siteSettingsLocalNetworkAccessBlocked',
+ },
];
categoryItemMap = new Map(categoryList.map(item => [item.id, item]));
@@ -465,6 +473,7 @@ export class SettingsSiteSettingsPageElement extends
Id.WEBGL,
Id.WEBRTC,
Id.VIEWPORT,
+ Id.LOCAL_NETWORK_ACCESS,
]),
};
},
diff --git a/chrome/browser/resources/settings/site_settings_page/site_settings_page_util.ts b/chrome/browser/resources/settings/site_settings_page/site_settings_page_util.ts
--- a/chrome/browser/resources/settings/site_settings_page/site_settings_page_util.ts
+++ b/chrome/browser/resources/settings/site_settings_page/site_settings_page_util.ts
@@ -89,6 +89,8 @@ export function getLocalizationStringForContentType(
return 'siteSettingsWebRTCMidSentence';
case ContentSettingsTypes.VIEWPORT:
return 'siteSettingsViewportProtectionMidSentence';
+ case ContentSettingsTypes.LOCAL_NETWORK_ACCESS:
+ return 'siteSettingsLocalNetworkAccessMidSentence';
// The following members do not have a mid-sentence localization.
case ContentSettingsTypes.PDF_DOCUMENTS:
case ContentSettingsTypes.PRIVATE_NETWORK_DEVICES:
diff --git a/chrome/browser/ui/views/page_info/page_info_view_factory.cc b/chrome/browser/ui/views/page_info/page_info_view_factory.cc
--- a/chrome/browser/ui/views/page_info/page_info_view_factory.cc
+++ b/chrome/browser/ui/views/page_info/page_info_view_factory.cc
@@ -354,6 +354,9 @@ const ui::ImageModel PageInfoViewFactory::GetPermissionIcon(
case ContentSettingsType::VIEWPORT:
icon = &vector_icons::kProtectedContentIcon;
break;
+ case ContentSettingsType::INSECURE_PRIVATE_NETWORK:
+ icon = &vector_icons::kProtectedContentIcon;
+ break;
default:
// All other |ContentSettingsType|s do not have icons on desktop or are
// not shown in the Page Info bubble.
diff --git a/chrome/browser/ui/webui/settings/settings_localized_strings_provider.cc b/chrome/browser/ui/webui/settings/settings_localized_strings_provider.cc
--- a/chrome/browser/ui/webui/settings/settings_localized_strings_provider.cc
+++ b/chrome/browser/ui/webui/settings/settings_localized_strings_provider.cc
@@ -2470,6 +2470,13 @@ void AddSiteSettingsStrings(content::WebUIDataSource* html_source,
{"siteSettingsViewportProtectionAllowedExceptions",IDS_SETTINGS_SITE_SETTINGS_VIEWPORT_PROTECTION_ALLOWED_EXCEPTIONS},
{"siteSettingsViewportProtectionBlockedExceptions", IDS_SETTINGS_SITE_SETTINGS_VIEWPORT_PROTECTION_BLOCKED_EXCEPTIONS},
{"siteSettingsViewportProtectionMidSentence", IDS_SITE_SETTINGS_VIEWPORT_PROTECTION_TITLE},
+ {"siteSettingsLocalNetworkAccess", IDS_SITE_SETTINGS_LOCAL_NETWORK_ACCESS_TITLE},
+ {"siteSettingsLocalNetworkAccessDescription", IDS_SETTINGS_SITE_SETTINGS_LOCAL_NETWORK_ACCESS_DESCRIPTION},
+ {"siteSettingsLocalNetworkAccessAllowed", IDS_SETTINGS_SITE_SETTINGS_LOCAL_NETWORK_ACCESS_ALLOWED},
+ {"siteSettingsLocalNetworkAccessBlocked", IDS_SETTINGS_SITE_SETTINGS_LOCAL_NETWORK_ACCESS_BLOCKED},
+ {"siteSettingsLocalNetworkAccessAllowedExceptions",IDS_SETTINGS_SITE_SETTINGS_LOCAL_NETWORK_ACCESS_ALLOWED_EXCEPTIONS},
+ {"siteSettingsLocalNetworkAccessBlockedExceptions", IDS_SETTINGS_SITE_SETTINGS_LOCAL_NETWORK_ACCESS_BLOCKED_EXCEPTIONS},
+ {"siteSettingsLocalNetworkAccessMidSentence", IDS_SITE_SETTINGS_LOCAL_NETWORK_ACCESS_TITLE},
{"addSite", IDS_SETTINGS_ADD_SITE},
{"addSiteTitle", IDS_SETTINGS_ADD_SITE_TITLE},
#if BUILDFLAG(IS_CHROMEOS_ASH)
diff --git a/chrome/browser/ui/webui/settings/site_settings_helper.cc b/chrome/browser/ui/webui/settings/site_settings_helper.cc
--- a/chrome/browser/ui/webui/settings/site_settings_helper.cc
+++ b/chrome/browser/ui/webui/settings/site_settings_helper.cc
@@ -130,6 +130,7 @@ const ContentSettingsTypeNameEntry kContentSettingsTypeGroupNames[] = {
{ContentSettingsType::WEBGL, "webgl"},
{ContentSettingsType::WEBRTC, "webrtc"},
{ContentSettingsType::VIEWPORT, "viewport"},
+ {ContentSettingsType::INSECURE_PRIVATE_NETWORK, "insecure-private-network"},
// Add new content settings here if a corresponding Javascript string
// representation for it is not required, for example if the content setting
@@ -161,7 +162,6 @@ const ContentSettingsTypeNameEntry kContentSettingsTypeGroupNames[] = {
{ContentSettingsType::FILE_SYSTEM_READ_GUARD, nullptr},
{ContentSettingsType::STORAGE_ACCESS, nullptr},
{ContentSettingsType::CAMERA_PAN_TILT_ZOOM, nullptr},
- {ContentSettingsType::INSECURE_PRIVATE_NETWORK, nullptr},
{ContentSettingsType::PERMISSION_AUTOREVOCATION_DATA, nullptr},
{ContentSettingsType::FILE_SYSTEM_LAST_PICKED_DIRECTORY, nullptr},
{ContentSettingsType::DISPLAY_CAPTURE, nullptr},
diff --git a/components/browser_ui/site_settings/android/BUILD.gn b/components/browser_ui/site_settings/android/BUILD.gn
--- a/components/browser_ui/site_settings/android/BUILD.gn
+++ b/components/browser_ui/site_settings/android/BUILD.gn
@@ -115,6 +115,9 @@ android_library("java") {
sources += [
"java/src/org/chromium/components/browser_ui/site_settings/BromiteViewportContentSetting.java",
]
+ sources += [
+ "java/src/org/chromium/components/browser_ui/site_settings/BromiteLocalNetworkAccessContentSetting.java",
+ ]
annotation_processor_deps = [ "//base/android/jni_generator:jni_processor" ]
resources_package = "org.chromium.components.browser_ui.site_settings"
deps = [
diff --git a/components/browser_ui/site_settings/android/java/src/org/chromium/components/browser_ui/site_settings/BromiteCustomContentSettingImpl.java b/components/browser_ui/site_settings/android/java/src/org/chromium/components/browser_ui/site_settings/BromiteCustomContentSettingImpl.java
--- a/components/browser_ui/site_settings/android/java/src/org/chromium/components/browser_ui/site_settings/BromiteCustomContentSettingImpl.java
+++ b/components/browser_ui/site_settings/android/java/src/org/chromium/components/browser_ui/site_settings/BromiteCustomContentSettingImpl.java
@@ -46,6 +46,7 @@ public abstract class BromiteCustomContentSettingImpl {
mItemList.add(new BromiteWebGLContentSetting());
mItemList.add(new BromiteWebRTCContentSetting());
mItemList.add(new BromiteViewportContentSetting());
+ mItemList.add(new BromiteLocalNetworkAccessContentSetting());
}
public static SiteSettingsCategory createFromType(
diff --git a/components/browser_ui/site_settings/android/java/src/org/chromium/components/browser_ui/site_settings/BromiteLocalNetworkAccessContentSetting.java b/components/browser_ui/site_settings/android/java/src/org/chromium/components/browser_ui/site_settings/BromiteLocalNetworkAccessContentSetting.java
new file mode 100644
--- /dev/null
+++ b/components/browser_ui/site_settings/android/java/src/org/chromium/components/browser_ui/site_settings/BromiteLocalNetworkAccessContentSetting.java
@@ -0,0 +1,85 @@
+/*
+ This file is part of Bromite.
+
+ Bromite is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ Bromite is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with Bromite. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+package org.chromium.components.browser_ui.site_settings;
+
+import org.chromium.components.browser_ui.site_settings.ContentSettingsResources;
+import org.chromium.components.browser_ui.site_settings.SiteSettingsCategory;
+import org.chromium.components.content_settings.ContentSettingValues;
+import org.chromium.components.content_settings.ContentSettingsType;
+import org.chromium.content_public.browser.BrowserContextHandle;
+
+import androidx.annotation.Nullable;
+import androidx.preference.Preference;
+import androidx.preference.PreferenceScreen;
+
+import java.util.ArrayList;
+
+public class BromiteLocalNetworkAccessContentSetting extends BromiteCustomContentSetting {
+ public BromiteLocalNetworkAccessContentSetting() {
+ super(/*contentSettingsType*/ ContentSettingsType.INSECURE_PRIVATE_NETWORK,
+ /*siteSettingsCategory*/ SiteSettingsCategory.Type.LOCAL_NETWORK_ACCESS,
+ /*defaultEnabledValue*/ ContentSettingValues.ALLOW,
+ /*defaultDisabledValue*/ ContentSettingValues.BLOCK,
+ /*allowException*/ true,
+ /*preferenceKey*/ "insecure-private-network",
+ /*profilePrefKey*/ "insecure-private-network");
+ }
+
+ @Override
+ public ContentSettingsResources.ResourceItem getResourceItem() {
+ return new ContentSettingsResources.ResourceItem(
+ /*icon*/ R.drawable.web_asset,
+ /*title*/ R.string.local_network_access_permission_title,
+ /*defaultEnabledValue*/ getDefaultEnabledValue(),
+ /*defaultDisabledValue*/ getDefaultDisabledValue(),
+ /*enabledSummary*/ R.string.website_settings_category_local_network_access_enabled,
+ /*disabledSummary*/ R.string.website_settings_category_local_network_access_disabled);
+ }
+
+ @Override
+ public int getCategorySummary(@Nullable @ContentSettingValues int value) {
+ switch (value) {
+ case ContentSettingValues.ALLOW:
+ return R.string.website_settings_category_local_network_access_enabled;
+ case ContentSettingValues.BLOCK:
+ return R.string.website_settings_category_local_network_access_disabled;
+ default:
+ return 0;
+ }
+ }
+
+ @Override
+ public boolean requiresTriStateContentSetting() {
+ return false;
+ }
+
+ @Override
+ public boolean showOnlyDescriptions() {
+ return true;
+ }
+
+ @Override
+ public int getAddExceptionDialogMessage() {
+ return R.string.website_settings_category_local_network_access_enabled;
+ }
+
+ @Override
+ public @Nullable Boolean considerException(SiteSettingsCategory category, @ContentSettingValues int value) {
+ return value != ContentSettingValues.BLOCK;
+ }
+}
diff --git a/components/browser_ui/site_settings/android/java/src/org/chromium/components/browser_ui/site_settings/SiteSettingsCategory.java b/components/browser_ui/site_settings/android/java/src/org/chromium/components/browser_ui/site_settings/SiteSettingsCategory.java
--- a/components/browser_ui/site_settings/android/java/src/org/chromium/components/browser_ui/site_settings/SiteSettingsCategory.java
+++ b/components/browser_ui/site_settings/android/java/src/org/chromium/components/browser_ui/site_settings/SiteSettingsCategory.java
@@ -48,7 +48,7 @@ public class SiteSettingsCategory {
Type.USE_STORAGE, Type.AUTO_DARK_WEB_CONTENT, Type.REQUEST_DESKTOP_SITE,
Type.FEDERATED_IDENTITY_API, Type.THIRD_PARTY_COOKIES, Type.SITE_DATA,
Type.TIMEZONE_OVERRIDE, Type.AUTOPLAY, Type.JAVASCRIPT_JIT, Type.IMAGES,
- Type.NUM_ENTRIES, Type.WEBGL, Type.WEBRTC, Type.VIEWPORT})
+ Type.NUM_ENTRIES, Type.WEBGL, Type.WEBRTC, Type.VIEWPORT, Type.LOCAL_NETWORK_ACCESS})
@Retention(RetentionPolicy.SOURCE)
public @interface Type {
// All updates here must also be reflected in {@link #preferenceKey(int)
@@ -88,10 +88,11 @@ public class SiteSettingsCategory {
int WEBGL = 32;
int WEBRTC = 33;
int VIEWPORT = 34;
+ int LOCAL_NETWORK_ACCESS = 35;
/**
* Number of handled categories used for calculating array sizes.
*/
- int NUM_ENTRIES = 35;
+ int NUM_ENTRIES = 36;
}
private final BrowserContextHandle mBrowserContextHandle;
diff --git a/components/browser_ui/strings/android/browser_ui_strings.grd b/components/browser_ui/strings/android/browser_ui_strings.grd
--- a/components/browser_ui/strings/android/browser_ui_strings.grd
+++ b/components/browser_ui/strings/android/browser_ui_strings.grd
@@ -177,6 +177,7 @@
<part file="webgl.grdp" />
<part file="webrtc.grdp" />
<part file="viewport.grdp" />
+ <part file="local_network_access.grdp" />
<message name="IDS_GOT_IT" desc="Button for the user to accept a disclosure/message" formatter_data="android_java">
Got it
diff --git a/components/browser_ui/strings/android/local_network_access.grdp b/components/browser_ui/strings/android/local_network_access.grdp
new file mode 100644
--- /dev/null
+++ b/components/browser_ui/strings/android/local_network_access.grdp
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="utf-8"?>
+<grit-part>
+ <message name="IDS_SITE_SETTINGS_TYPE_LOCAL_NETWORK_ACCESS" desc="The label used for LOCAL_NETWORK_ACCESS site settings controls.">
+ Local Network Access
+ </message>
+ <message name="IDS_SITE_SETTINGS_TYPE_LOCAL_NETWORK_ACCESS_MID_SENTENCE" desc="The label used for LOCAL_NETWORK_ACCESS site settings controls when used mid-sentence.">
+ Local Network Access
+ </message>
+ <message name="IDS_LOCAL_NETWORK_ACCESS_PERMISSION_TITLE" desc="Title of the permission to use LOCAL_NETWORK_ACCESS [CHAR-LIMIT=32]">
+ Local Network Access
+ </message>
+ <message name="IDS_WEBSITE_SETTINGS_CATEGORY_LOCAL_NETWORK_ACCESS_ENABLED" desc="Summary text explaining that LOCAL_NETWORK_ACCESS is full enabled.">
+ Enabled
+ </message>
+ <message name="IDS_WEBSITE_SETTINGS_CATEGORY_LOCAL_NETWORK_ACCESS_DISABLED" desc="Summary text explaining that LOCAL_NETWORK_ACCESS is full disabled.">
+ Disabled
+ </message>
+</grit-part>
diff --git a/content/browser/renderer_host/navigation_request.cc b/content/browser/renderer_host/navigation_request.cc
--- a/content/browser/renderer_host/navigation_request.cc
+++ b/content/browser/renderer_host/navigation_request.cc
@@ -6744,11 +6744,10 @@ void NavigationRequest::UpdatePrivateNetworkRequestPolicy() {
frame_tree_node_->navigator().controller().GetBrowserContext();
url::Origin origin = GetOriginToCommit().value();
- if (client->ShouldAllowInsecurePrivateNetworkRequests(context, origin)) {
- // The content browser client decided to make an exception for this URL.
+ if (!client->ShouldAllowInsecurePrivateNetworkRequests(context, origin)) {
private_network_request_policy_ =
- network::mojom::PrivateNetworkRequestPolicy::kAllow;
- return;
+ network::mojom::PrivateNetworkRequestPolicy::kBlock;
+ if ((true)) return;
}
const PolicyContainerPolicies& policies =
diff --git a/content/browser/renderer_host/private_network_access_util.cc b/content/browser/renderer_host/private_network_access_util.cc
--- a/content/browser/renderer_host/private_network_access_util.cc
+++ b/content/browser/renderer_host/private_network_access_util.cc
@@ -193,4 +193,4 @@ AddressSpace CalculateIPAddressSpace(
return IPAddressSpaceForSpecialScheme(url, client);
}
-} // namespace content
+} // namespace content // only to mark
diff --git a/content/browser/renderer_host/render_frame_host_impl.cc b/content/browser/renderer_host/render_frame_host_impl.cc
--- a/content/browser/renderer_host/render_frame_host_impl.cc
+++ b/content/browser/renderer_host/render_frame_host_impl.cc
@@ -4093,10 +4093,10 @@ void RenderFrameHostImpl::SetOriginDependentStateOfNewFrame(
new_frame_origin, base::OptionalToPtr(isolation_info_.nonce())));
// Apply private network request policy according to our new origin.
- if (GetContentClient()->browser()->ShouldAllowInsecurePrivateNetworkRequests(
+ if (!GetContentClient()->browser()->ShouldAllowInsecurePrivateNetworkRequests(
GetBrowserContext(), new_frame_origin)) {
private_network_request_policy_ =
- network::mojom::PrivateNetworkRequestPolicy::kAllow;
+ network::mojom::PrivateNetworkRequestPolicy::kBlock;
}
// Construct the frame's permissions policy only once we know its initial
diff --git a/content/browser/service_worker/embedded_worker_instance.cc b/content/browser/service_worker/embedded_worker_instance.cc
--- a/content/browser/service_worker/embedded_worker_instance.cc
+++ b/content/browser/service_worker/embedded_worker_instance.cc
@@ -318,6 +318,15 @@ void EmbeddedWorkerInstance::Start(
network::mojom::ClientSecurityStatePtr client_security_state =
owner_version_->BuildClientSecurityState();
+ const url::Origin origin_to_check = url::Origin::Create(params->script_url);
+ LOG(INFO) << "---EmbeddedWorkerInstance::Start "
+ << "--" << origin_to_check.GetDebugString();
+ BrowserContext* context = rph->GetBrowserContext();
+ if (!GetContentClient()->browser()->ShouldAllowInsecurePrivateNetworkRequests(context, origin_to_check)) {
+ LOG(INFO) << "---EmbeddedWorkerInstance::Start2";
+ client_security_state->private_network_request_policy =
+ network::mojom::PrivateNetworkRequestPolicy::kBlock;
+ }
const network::CrossOriginEmbedderPolicy* coep =
client_security_state
? &client_security_state->cross_origin_embedder_policy
diff --git a/content/browser/worker_host/dedicated_worker_host.cc b/content/browser/worker_host/dedicated_worker_host.cc
--- a/content/browser/worker_host/dedicated_worker_host.cc
+++ b/content/browser/worker_host/dedicated_worker_host.cc
@@ -418,6 +418,16 @@ void DedicatedWorkerHost::DidStartScriptLoad(
->cross_origin_embedder_policy;
}
+ LOG(ERROR) << "---DedicatedWorkerHost::Start "
+ << "--" << final_response_url
+ << "--" << creator_origin_.GetDebugString();
+ BrowserContext* context = GetProcessHost()->GetBrowserContext();
+ if (!GetContentClient()->browser()->ShouldAllowInsecurePrivateNetworkRequests(context, creator_origin_)) {
+ LOG(INFO) << "---DedicatedWorkerHost::Start2";
+ worker_client_security_state_->private_network_request_policy =
+ network::mojom::PrivateNetworkRequestPolicy::kBlock;
+ }
+
auto* storage_partition = static_cast<StoragePartitionImpl*>(
worker_process_host_->GetStoragePartition());
diff --git a/content/browser/worker_host/shared_worker_host.cc b/content/browser/worker_host/shared_worker_host.cc
--- a/content/browser/worker_host/shared_worker_host.cc
+++ b/content/browser/worker_host/shared_worker_host.cc
@@ -304,6 +304,17 @@ void SharedWorkerHost::Start(
GetReportingSource(), GetNetworkAnonymizationKey());
}
+ LOG(INFO) << "---SharedWorkerHost::Start " << instance_.url()
+ << "--" << final_response_url
+ << "--" << GetStorageKey().origin().GetDebugString();
+ const url::Origin origin = GetStorageKey().origin();
+ BrowserContext* context = GetProcessHost()->GetBrowserContext();
+ if (!client->ShouldAllowInsecurePrivateNetworkRequests(context, origin)) {
+ LOG(INFO) << "---SharedWorkerHost::Start2 " << instance_.url();
+ worker_client_security_state_->private_network_request_policy =
+ network::mojom::PrivateNetworkRequestPolicy::kBlock;
+ }
+
auto options = blink::mojom::WorkerOptions::New(
instance_.script_type(), instance_.credentials_mode(), instance_.name());
blink::mojom::SharedWorkerInfoPtr info(blink::mojom::SharedWorkerInfo::New(
diff --git a/content/public/common/content_features.cc b/content/public/common/content_features.cc
--- a/content/public/common/content_features.cc
+++ b/content/public/common/content_features.cc
@@ -161,8 +161,8 @@ BASE_FEATURE(kVibration,
// - kBlockInsecurePrivateNetworkRequestsFromUnknown
// - kBlockInsecurePrivateNetworkRequestsForNavigations
BASE_FEATURE(kBlockInsecurePrivateNetworkRequests,
- "BlockInsecurePrivateNetworkRequests",
- base::FEATURE_ENABLED_BY_DEFAULT);
+ "BlockInsecurePrivateNetworkRequests", // must be
+ base::FEATURE_ENABLED_BY_DEFAULT); // enabled
// When this feature is enabled, requests to localhost initiated from non-secure
// contexts in the `private` IP address space are blocked.
@@ -171,8 +171,8 @@ BASE_FEATURE(kBlockInsecurePrivateNetworkRequests,
// - https://wicg.github.io/private-network-access/#integration-fetch
// - kBlockInsecurePrivateNetworkRequests
BASE_FEATURE(kBlockInsecurePrivateNetworkRequestsFromPrivate,
- "BlockInsecurePrivateNetworkRequestsFromPrivate",
- base::FEATURE_DISABLED_BY_DEFAULT);
+ "BlockInsecurePrivateNetworkRequestsFromPrivate", // must be
+ base::FEATURE_DISABLED_BY_DEFAULT); // disabled
// When this feature is enabled, requests to localhost initiated from non-secure
// contexts in the `unknown` IP address space are blocked.
@@ -898,15 +898,15 @@ BASE_FEATURE(kPrivateNetworkAccessForWorkers,
// Similar to `kPrivateNetworkAccessForWorkers`, except that it does not require
// CORS preflight requests to succeed, and shows a warning in devtools instead.
BASE_FEATURE(kPrivateNetworkAccessForWorkersWarningOnly,
- "PrivateNetworkAccessForWorkersWarningOnly",
- base::FEATURE_ENABLED_BY_DEFAULT);
+ "PrivateNetworkAccessForWorkersWarningOnly", // must be
+ base::FEATURE_ENABLED_BY_DEFAULT); // disabled?
// Requires that CORS preflight requests succeed before sending private network
// requests. This flag implies `kPrivateNetworkAccessSendPreflights`.
// See: https://wicg.github.io/private-network-access/#cors-preflight
BASE_FEATURE(kPrivateNetworkAccessRespectPreflightResults,
"PrivateNetworkAccessRespectPreflightResults",
- base::FEATURE_DISABLED_BY_DEFAULT);
+ base::FEATURE_DISABLED_BY_DEFAULT); // to be checked
// Enables sending CORS preflight requests ahead of private network requests.
// See: https://wicg.github.io/private-network-access/#cors-preflight
diff --git a/third_party/blink/renderer/platform/loader/cors/cors_error_string.cc b/third_party/blink/renderer/platform/loader/cors/cors_error_string.cc
--- a/third_party/blink/renderer/platform/loader/cors/cors_error_string.cc
+++ b/third_party/blink/renderer/platform/loader/cors/cors_error_string.cc
@@ -111,7 +111,7 @@ String GetErrorString(const network::CorsErrorStatus& status,
builder.Append("The response is invalid.");
break;
case CorsError::kInsecurePrivateNetwork:
- Append(builder, {"The request client is not a secure context and the "
+ Append(builder, {"The request client is not a secure context or the "
"resource is in more-private address space `",
ShortAddressSpace(status.resource_address_space), "`."});
break;
--
2.25.1
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment