Created
March 28, 2023 11:28
-
-
Save uazo/e61cf8d777f4111c059466d6c6184972 to your computer and use it in GitHub Desktop.
Work in progress for https://github.com/uazo/bromite-buildtools/issues/105
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
From: uazo <uazo@users.noreply.github.com> | |
Date: Tue, 28 Mar 2023 11:26:37 +0000 | |
Subject: wip Add Local Access Network content setting | |
--- | |
chrome/app/settings_strings.grdp | 19 +++++ | |
chrome/browser/resources/settings/icons.html | 2 + | |
.../settings/privacy_page/privacy_page.html | 22 +++++ | |
chrome/browser/resources/settings/route.ts | 1 + | |
chrome/browser/resources/settings/router.ts | 1 + | |
.../site_settings/category_default_setting.ts | 1 + | |
.../settings/site_settings/constants.ts | 1 + | |
.../settings_category_default_radio_group.ts | 1 + | |
.../settings/site_settings/site_details.html | 5 ++ | |
.../site_settings_page/site_settings_page.ts | 9 ++ | |
.../site_settings_page_util.ts | 2 + | |
.../views/page_info/page_info_view_factory.cc | 3 + | |
.../settings_localized_strings_provider.cc | 7 ++ | |
.../ui/webui/settings/site_settings_helper.cc | 2 +- | |
.../browser_ui/site_settings/android/BUILD.gn | 3 + | |
.../BromiteCustomContentSettingImpl.java | 1 + | |
...omiteLocalNetworkAccessContentSetting.java | 85 +++++++++++++++++++ | |
.../site_settings/SiteSettingsCategory.java | 5 +- | |
.../strings/android/browser_ui_strings.grd | 1 + | |
.../strings/android/local_network_access.grdp | 18 ++++ | |
.../renderer_host/navigation_request.cc | 7 +- | |
.../private_network_access_util.cc | 2 +- | |
.../renderer_host/render_frame_host_impl.cc | 4 +- | |
.../embedded_worker_instance.cc | 9 ++ | |
.../worker_host/dedicated_worker_host.cc | 10 +++ | |
.../browser/worker_host/shared_worker_host.cc | 11 +++ | |
content/public/common/content_features.cc | 14 +-- | |
.../platform/loader/cors/cors_error_string.cc | 2 +- | |
28 files changed, 230 insertions(+), 18 deletions(-) | |
create mode 100644 components/browser_ui/site_settings/android/java/src/org/chromium/components/browser_ui/site_settings/BromiteLocalNetworkAccessContentSetting.java | |
create mode 100644 components/browser_ui/strings/android/local_network_access.grdp | |
diff --git a/chrome/app/settings_strings.grdp b/chrome/app/settings_strings.grdp | |
--- a/chrome/app/settings_strings.grdp | |
+++ b/chrome/app/settings_strings.grdp | |
@@ -4311,6 +4311,25 @@ | |
Not allowed to use Viewport Protection | |
</message> | |
+ <message name="IDS_SITE_SETTINGS_LOCAL_NETWORK_ACCESS_TITLE" desc="Description of the LOCAL_NETWORK_ACCESS content setting page title."> | |
+ Local Access Network | |
+ </message> | |
+ <message name="IDS_SETTINGS_SITE_SETTINGS_LOCAL_NETWORK_ACCESS_DESCRIPTION" desc="Description of the LOCAL_NETWORK_ACCESS content setting."> | |
+ Enable Local Access Network | |
+ </message> | |
+ <message name="IDS_SETTINGS_SITE_SETTINGS_LOCAL_NETWORK_ACCESS_ALLOWED" desc="Label for the enabled option of the LOCAL_NETWORK_ACCESS setting."> | |
+ Local Access Network is enabled | |
+ </message> | |
+ <message name="IDS_SETTINGS_SITE_SETTINGS_LOCAL_NETWORK_ACCESS_BLOCKED" desc="Label for the disabled option of the LOCAL_NETWORK_ACCESS setting."> | |
+ Local Access Network is disabled | |
+ </message> | |
+ <message name="IDS_SETTINGS_SITE_SETTINGS_LOCAL_NETWORK_ACCESS_ALLOWED_EXCEPTIONS" desc="Label for the allowed exceptions site list of the LOCAL_NETWORK_ACCESS setting."> | |
+ Allowed to use local network | |
+ </message> | |
+ <message name="IDS_SETTINGS_SITE_SETTINGS_LOCAL_NETWORK_ACCESS_BLOCKED_EXCEPTIONS" desc="Label for the blocked exceptions site list of the LOCAL_NETWORK_ACCESS setting."> | |
+ Not allowed to use local network | |
+ </message> | |
+ | |
<if expr="not is_chromeos"> | |
<!-- Import Settings Dialog --> | |
<message name="IDS_SETTINGS_IMPORT_SETTINGS_TITLE" desc="Dialog title for import dialog."> | |
diff --git a/chrome/browser/resources/settings/icons.html b/chrome/browser/resources/settings/icons.html | |
--- a/chrome/browser/resources/settings/icons.html | |
+++ b/chrome/browser/resources/settings/icons.html | |
@@ -198,6 +198,8 @@ NOTE: Chrome OS icons go in ./chromeos/os_icons.html. | |
<g id="webrtc-off"><path d="M13.002 4.001H7.106L5.252 2.148c.232-.094.485-.147.75-.147h8l6 6v8.896l-2-2V9.001h-5v-5z" fill="#5F6368"></path><path d="M16.002 12.001h-.896l.896.896v-.896zM.6 3.45l1.414-1.414 19.94 19.94-1.414 1.414L.6 3.45zM3.986 20.01V6.84l2 2V20.01h11.172l1.765 1.766c-.28.15-.599.234-.937.234H5.976c-1.1 0-1.99-.9-1.99-2z" fill="#5F6368"></path><path d="M9.158 12.01H7.986v2h3.172l-2-2zM13.158 16.01H7.986v2h7.172l-2-2z" fill="#5F6368"></path></g> | |
<g id="viewport-protection"><path d="M8 16h8v2H8v-2zm0-4h8v2H8v-2zm6-10H6c-1.1 0-2 .9-2 2v16c0 1.1.89 2 1.99 2H18c1.1 0 2-.9 2-2V8l-6-6zm4 18H6V4h7v5h5v11z" fill="#5F6368"></path></g> | |
<g id="viewport-protection-off"><path d="M13.002 4.001H7.106L5.252 2.148c.232-.094.485-.147.75-.147h8l6 6v8.896l-2-2V9.001h-5v-5z" fill="#5F6368"></path><path d="M16.002 12.001h-.896l.896.896v-.896zM.6 3.45l1.414-1.414 19.94 19.94-1.414 1.414L.6 3.45zM3.986 20.01V6.84l2 2V20.01h11.172l1.765 1.766c-.28.15-.599.234-.937.234H5.976c-1.1 0-1.99-.9-1.99-2z" fill="#5F6368"></path><path d="M9.158 12.01H7.986v2h3.172l-2-2zM13.158 16.01H7.986v2h7.172l-2-2z" fill="#5F6368"></path></g> | |
+ <g id="local-network-access"><path d="M8 16h8v2H8v-2zm0-4h8v2H8v-2zm6-10H6c-1.1 0-2 .9-2 2v16c0 1.1.89 2 1.99 2H18c1.1 0 2-.9 2-2V8l-6-6zm4 18H6V4h7v5h5v11z" fill="#5F6368"></path></g> | |
+ <g id="local-network-access-off"><path d="M13.002 4.001H7.106L5.252 2.148c.232-.094.485-.147.75-.147h8l6 6v8.896l-2-2V9.001h-5v-5z" fill="#5F6368"></path><path d="M16.002 12.001h-.896l.896.896v-.896zM.6 3.45l1.414-1.414 19.94 19.94-1.414 1.414L.6 3.45zM3.986 20.01V6.84l2 2V20.01h11.172l1.765 1.766c-.28.15-.599.234-.937.234H5.976c-1.1 0-1.99-.9-1.99-2z" fill="#5F6368"></path><path d="M9.158 12.01H7.986v2h3.172l-2-2zM13.158 16.01H7.986v2h7.172l-2-2z" fill="#5F6368"></path></g> | |
</defs> | |
</svg> | |
</iron-iconset-svg> | |
diff --git a/chrome/browser/resources/settings/privacy_page/privacy_page.html b/chrome/browser/resources/settings/privacy_page/privacy_page.html | |
--- a/chrome/browser/resources/settings/privacy_page/privacy_page.html | |
+++ b/chrome/browser/resources/settings/privacy_page/privacy_page.html | |
@@ -1228,4 +1228,26 @@ | |
</category-setting-exceptions> | |
</settings-subpage> | |
</template> | |
+ <template is="dom-if" route-path="/content/local-network-access" no-search> | |
+ <settings-subpage page-title="$i18n{siteSettingsLocalNetworkAccess}" | |
+ search-label="$i18n{siteSettingsAllSitesSearch}" | |
+ search-term="{{searchFilter_}}"> | |
+ <div class="content-settings-header secondary"> | |
+ $i18n{siteSettingsLocalNetworkAccessDescription} | |
+ </div> | |
+ <settings-category-default-radio-group | |
+ category="[[contentSettingsTypesEnum_.LOCAL_NETWORK_ACCESS]]" | |
+ allow-option-label="$i18n{siteSettingsLocalNetworkAccessAllowed}" | |
+ allow-option-icon="settings:local-network-access" | |
+ block-option-label="$i18n{siteSettingsLocalNetworkAccessBlocked}" | |
+ block-option-icon="settings:local-network-access-off"> | |
+ </settings-category-default-radio-group> | |
+ <category-setting-exceptions | |
+ category="[[contentSettingsTypesEnum_.LOCAL_NETWORK_ACCESS]]" | |
+ block-header="$i18n{siteSettingsLocalNetworkAccessBlockedExceptions}" | |
+ allow-header="$i18n{siteSettingsLocalNetworkAccessAllowedExceptions}" | |
+ search-filter="[[searchFilter_]]"> | |
+ </category-setting-exceptions> | |
+ </settings-subpage> | |
+ </template> | |
</settings-animated-pages> | |
diff --git a/chrome/browser/resources/settings/route.ts b/chrome/browser/resources/settings/route.ts | |
--- a/chrome/browser/resources/settings/route.ts | |
+++ b/chrome/browser/resources/settings/route.ts | |
@@ -117,6 +117,7 @@ function addPrivacyChildRoutes(r: Partial<SettingsRoutes>) { | |
r.SITE_SETTINGS_WEBGL = r.SITE_SETTINGS.createChild('webgl'); | |
r.SITE_SETTINGS_WEBRTC = r.SITE_SETTINGS.createChild('webrtc'); | |
r.SITE_SETTINGS_VIEWPORT = r.SITE_SETTINGS.createChild('viewport-protection'); | |
+ r.SITE_SETTINGS_LOCAL_NETWORK_ACCESS = r.SITE_SETTINGS.createChild('local-network-access'); | |
} | |
/** | |
diff --git a/chrome/browser/resources/settings/router.ts b/chrome/browser/resources/settings/router.ts | |
--- a/chrome/browser/resources/settings/router.ts | |
+++ b/chrome/browser/resources/settings/router.ts | |
@@ -106,6 +106,7 @@ export interface SettingsRoutes { | |
SITE_SETTINGS_WEBGL: Route; | |
SITE_SETTINGS_WEBRTC: Route; | |
SITE_SETTINGS_VIEWPORT: Route; | |
+ SITE_SETTINGS_LOCAL_NETWORK_ACCESS: Route; | |
} | |
/** Class for navigable routes. */ | |
diff --git a/chrome/browser/resources/settings/site_settings/category_default_setting.ts b/chrome/browser/resources/settings/site_settings/category_default_setting.ts | |
--- a/chrome/browser/resources/settings/site_settings/category_default_setting.ts | |
+++ b/chrome/browser/resources/settings/site_settings/category_default_setting.ts | |
@@ -201,6 +201,7 @@ export class CategoryDefaultSettingElement extends | |
case ContentSettingsTypes.WEBGL: | |
case ContentSettingsTypes.WEBRTC: | |
case ContentSettingsTypes.VIEWPORT: | |
+ case ContentSettingsTypes.LOCAL_NETWORK_ACCESS: | |
// "Allowed" vs "Blocked". | |
this.browserProxy.setDefaultValueForContentType( | |
this.category, | |
diff --git a/chrome/browser/resources/settings/site_settings/constants.ts b/chrome/browser/resources/settings/site_settings/constants.ts | |
--- a/chrome/browser/resources/settings/site_settings/constants.ts | |
+++ b/chrome/browser/resources/settings/site_settings/constants.ts | |
@@ -51,6 +51,7 @@ export enum ContentSettingsTypes { | |
WEBGL = 'webgl', | |
WEBRTC = 'webrtc', | |
VIEWPORT = 'viewport', | |
+ LOCAL_NETWORK_ACCESS = 'insecure-private-network', | |
// The following items are not in the C++ kContentSettingsTypeGroupNames, but | |
// are used everywhere where ContentSettingsTypes is used in JS. | |
diff --git a/chrome/browser/resources/settings/site_settings/settings_category_default_radio_group.ts b/chrome/browser/resources/settings/site_settings/settings_category_default_radio_group.ts | |
--- a/chrome/browser/resources/settings/site_settings/settings_category_default_radio_group.ts | |
+++ b/chrome/browser/resources/settings/site_settings/settings_category_default_radio_group.ts | |
@@ -145,6 +145,7 @@ export class SettingsCategoryDefaultRadioGroupElement extends | |
case ContentSettingsTypes.WEBGL: | |
case ContentSettingsTypes.WEBRTC: | |
case ContentSettingsTypes.VIEWPORT: | |
+ case ContentSettingsTypes.LOCAL_NETWORK_ACCESS: | |
// "Allowed" vs "Blocked". | |
return ContentSetting.ALLOW; | |
case ContentSettingsTypes.AR: | |
diff --git a/chrome/browser/resources/settings/site_settings/site_details.html b/chrome/browser/resources/settings/site_settings/site_details.html | |
--- a/chrome/browser/resources/settings/site_settings/site_details.html | |
+++ b/chrome/browser/resources/settings/site_settings/site_details.html | |
@@ -292,4 +292,9 @@ | |
icon="settings:viewport-protection" | |
label="$i18n{siteSettingsViewportProtection}"> | |
</site-details-permission> | |
+ <site-details-permission | |
+ category="[[contentSettingsTypesEnum_.LOCAL_NETWORK_ACCESS]]" | |
+ icon="settings:local-network-access" | |
+ label="$i18n{siteSettingsLocalNetworkAccess}"> | |
+ </site-details-permission> | |
</div> | |
diff --git a/chrome/browser/resources/settings/site_settings_page/site_settings_page.ts b/chrome/browser/resources/settings/site_settings_page/site_settings_page.ts | |
--- a/chrome/browser/resources/settings/site_settings_page/site_settings_page.ts | |
+++ b/chrome/browser/resources/settings/site_settings_page/site_settings_page.ts | |
@@ -373,6 +373,14 @@ function getCategoryItemMap(): Map<ContentSettingsTypes, CategoryListItem> { | |
enabledLabel: 'siteSettingsViewportProtectionAllowed', | |
disabledLabel: 'siteSettingsViewportProtectionBlocked', | |
}, | |
+ { | |
+ route: routes.SITE_SETTINGS_LOCAL_NETWORK_ACCESS, | |
+ id: Id.LOCAL_NETWORK_ACCESS, | |
+ label: 'siteSettingsLocalNetworkAccess', | |
+ icon: 'settings:local-network-access', | |
+ enabledLabel: 'siteSettingsLocalNetworkAccessAllowed', | |
+ disabledLabel: 'siteSettingsLocalNetworkAccessBlocked', | |
+ }, | |
]; | |
categoryItemMap = new Map(categoryList.map(item => [item.id, item])); | |
@@ -465,6 +473,7 @@ export class SettingsSiteSettingsPageElement extends | |
Id.WEBGL, | |
Id.WEBRTC, | |
Id.VIEWPORT, | |
+ Id.LOCAL_NETWORK_ACCESS, | |
]), | |
}; | |
}, | |
diff --git a/chrome/browser/resources/settings/site_settings_page/site_settings_page_util.ts b/chrome/browser/resources/settings/site_settings_page/site_settings_page_util.ts | |
--- a/chrome/browser/resources/settings/site_settings_page/site_settings_page_util.ts | |
+++ b/chrome/browser/resources/settings/site_settings_page/site_settings_page_util.ts | |
@@ -89,6 +89,8 @@ export function getLocalizationStringForContentType( | |
return 'siteSettingsWebRTCMidSentence'; | |
case ContentSettingsTypes.VIEWPORT: | |
return 'siteSettingsViewportProtectionMidSentence'; | |
+ case ContentSettingsTypes.LOCAL_NETWORK_ACCESS: | |
+ return 'siteSettingsLocalNetworkAccessMidSentence'; | |
// The following members do not have a mid-sentence localization. | |
case ContentSettingsTypes.PDF_DOCUMENTS: | |
case ContentSettingsTypes.PRIVATE_NETWORK_DEVICES: | |
diff --git a/chrome/browser/ui/views/page_info/page_info_view_factory.cc b/chrome/browser/ui/views/page_info/page_info_view_factory.cc | |
--- a/chrome/browser/ui/views/page_info/page_info_view_factory.cc | |
+++ b/chrome/browser/ui/views/page_info/page_info_view_factory.cc | |
@@ -354,6 +354,9 @@ const ui::ImageModel PageInfoViewFactory::GetPermissionIcon( | |
case ContentSettingsType::VIEWPORT: | |
icon = &vector_icons::kProtectedContentIcon; | |
break; | |
+ case ContentSettingsType::INSECURE_PRIVATE_NETWORK: | |
+ icon = &vector_icons::kProtectedContentIcon; | |
+ break; | |
default: | |
// All other |ContentSettingsType|s do not have icons on desktop or are | |
// not shown in the Page Info bubble. | |
diff --git a/chrome/browser/ui/webui/settings/settings_localized_strings_provider.cc b/chrome/browser/ui/webui/settings/settings_localized_strings_provider.cc | |
--- a/chrome/browser/ui/webui/settings/settings_localized_strings_provider.cc | |
+++ b/chrome/browser/ui/webui/settings/settings_localized_strings_provider.cc | |
@@ -2470,6 +2470,13 @@ void AddSiteSettingsStrings(content::WebUIDataSource* html_source, | |
{"siteSettingsViewportProtectionAllowedExceptions",IDS_SETTINGS_SITE_SETTINGS_VIEWPORT_PROTECTION_ALLOWED_EXCEPTIONS}, | |
{"siteSettingsViewportProtectionBlockedExceptions", IDS_SETTINGS_SITE_SETTINGS_VIEWPORT_PROTECTION_BLOCKED_EXCEPTIONS}, | |
{"siteSettingsViewportProtectionMidSentence", IDS_SITE_SETTINGS_VIEWPORT_PROTECTION_TITLE}, | |
+ {"siteSettingsLocalNetworkAccess", IDS_SITE_SETTINGS_LOCAL_NETWORK_ACCESS_TITLE}, | |
+ {"siteSettingsLocalNetworkAccessDescription", IDS_SETTINGS_SITE_SETTINGS_LOCAL_NETWORK_ACCESS_DESCRIPTION}, | |
+ {"siteSettingsLocalNetworkAccessAllowed", IDS_SETTINGS_SITE_SETTINGS_LOCAL_NETWORK_ACCESS_ALLOWED}, | |
+ {"siteSettingsLocalNetworkAccessBlocked", IDS_SETTINGS_SITE_SETTINGS_LOCAL_NETWORK_ACCESS_BLOCKED}, | |
+ {"siteSettingsLocalNetworkAccessAllowedExceptions",IDS_SETTINGS_SITE_SETTINGS_LOCAL_NETWORK_ACCESS_ALLOWED_EXCEPTIONS}, | |
+ {"siteSettingsLocalNetworkAccessBlockedExceptions", IDS_SETTINGS_SITE_SETTINGS_LOCAL_NETWORK_ACCESS_BLOCKED_EXCEPTIONS}, | |
+ {"siteSettingsLocalNetworkAccessMidSentence", IDS_SITE_SETTINGS_LOCAL_NETWORK_ACCESS_TITLE}, | |
{"addSite", IDS_SETTINGS_ADD_SITE}, | |
{"addSiteTitle", IDS_SETTINGS_ADD_SITE_TITLE}, | |
#if BUILDFLAG(IS_CHROMEOS_ASH) | |
diff --git a/chrome/browser/ui/webui/settings/site_settings_helper.cc b/chrome/browser/ui/webui/settings/site_settings_helper.cc | |
--- a/chrome/browser/ui/webui/settings/site_settings_helper.cc | |
+++ b/chrome/browser/ui/webui/settings/site_settings_helper.cc | |
@@ -130,6 +130,7 @@ const ContentSettingsTypeNameEntry kContentSettingsTypeGroupNames[] = { | |
{ContentSettingsType::WEBGL, "webgl"}, | |
{ContentSettingsType::WEBRTC, "webrtc"}, | |
{ContentSettingsType::VIEWPORT, "viewport"}, | |
+ {ContentSettingsType::INSECURE_PRIVATE_NETWORK, "insecure-private-network"}, | |
// Add new content settings here if a corresponding Javascript string | |
// representation for it is not required, for example if the content setting | |
@@ -161,7 +162,6 @@ const ContentSettingsTypeNameEntry kContentSettingsTypeGroupNames[] = { | |
{ContentSettingsType::FILE_SYSTEM_READ_GUARD, nullptr}, | |
{ContentSettingsType::STORAGE_ACCESS, nullptr}, | |
{ContentSettingsType::CAMERA_PAN_TILT_ZOOM, nullptr}, | |
- {ContentSettingsType::INSECURE_PRIVATE_NETWORK, nullptr}, | |
{ContentSettingsType::PERMISSION_AUTOREVOCATION_DATA, nullptr}, | |
{ContentSettingsType::FILE_SYSTEM_LAST_PICKED_DIRECTORY, nullptr}, | |
{ContentSettingsType::DISPLAY_CAPTURE, nullptr}, | |
diff --git a/components/browser_ui/site_settings/android/BUILD.gn b/components/browser_ui/site_settings/android/BUILD.gn | |
--- a/components/browser_ui/site_settings/android/BUILD.gn | |
+++ b/components/browser_ui/site_settings/android/BUILD.gn | |
@@ -115,6 +115,9 @@ android_library("java") { | |
sources += [ | |
"java/src/org/chromium/components/browser_ui/site_settings/BromiteViewportContentSetting.java", | |
] | |
+ sources += [ | |
+ "java/src/org/chromium/components/browser_ui/site_settings/BromiteLocalNetworkAccessContentSetting.java", | |
+ ] | |
annotation_processor_deps = [ "//base/android/jni_generator:jni_processor" ] | |
resources_package = "org.chromium.components.browser_ui.site_settings" | |
deps = [ | |
diff --git a/components/browser_ui/site_settings/android/java/src/org/chromium/components/browser_ui/site_settings/BromiteCustomContentSettingImpl.java b/components/browser_ui/site_settings/android/java/src/org/chromium/components/browser_ui/site_settings/BromiteCustomContentSettingImpl.java | |
--- a/components/browser_ui/site_settings/android/java/src/org/chromium/components/browser_ui/site_settings/BromiteCustomContentSettingImpl.java | |
+++ b/components/browser_ui/site_settings/android/java/src/org/chromium/components/browser_ui/site_settings/BromiteCustomContentSettingImpl.java | |
@@ -46,6 +46,7 @@ public abstract class BromiteCustomContentSettingImpl { | |
mItemList.add(new BromiteWebGLContentSetting()); | |
mItemList.add(new BromiteWebRTCContentSetting()); | |
mItemList.add(new BromiteViewportContentSetting()); | |
+ mItemList.add(new BromiteLocalNetworkAccessContentSetting()); | |
} | |
public static SiteSettingsCategory createFromType( | |
diff --git a/components/browser_ui/site_settings/android/java/src/org/chromium/components/browser_ui/site_settings/BromiteLocalNetworkAccessContentSetting.java b/components/browser_ui/site_settings/android/java/src/org/chromium/components/browser_ui/site_settings/BromiteLocalNetworkAccessContentSetting.java | |
new file mode 100644 | |
--- /dev/null | |
+++ b/components/browser_ui/site_settings/android/java/src/org/chromium/components/browser_ui/site_settings/BromiteLocalNetworkAccessContentSetting.java | |
@@ -0,0 +1,85 @@ | |
+/* | |
+ This file is part of Bromite. | |
+ | |
+ Bromite is free software: you can redistribute it and/or modify | |
+ it under the terms of the GNU General Public License as published by | |
+ the Free Software Foundation, either version 3 of the License, or | |
+ (at your option) any later version. | |
+ | |
+ Bromite is distributed in the hope that it will be useful, | |
+ but WITHOUT ANY WARRANTY; without even the implied warranty of | |
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
+ GNU General Public License for more details. | |
+ | |
+ You should have received a copy of the GNU General Public License | |
+ along with Bromite. If not, see <https://www.gnu.org/licenses/>. | |
+*/ | |
+ | |
+package org.chromium.components.browser_ui.site_settings; | |
+ | |
+import org.chromium.components.browser_ui.site_settings.ContentSettingsResources; | |
+import org.chromium.components.browser_ui.site_settings.SiteSettingsCategory; | |
+import org.chromium.components.content_settings.ContentSettingValues; | |
+import org.chromium.components.content_settings.ContentSettingsType; | |
+import org.chromium.content_public.browser.BrowserContextHandle; | |
+ | |
+import androidx.annotation.Nullable; | |
+import androidx.preference.Preference; | |
+import androidx.preference.PreferenceScreen; | |
+ | |
+import java.util.ArrayList; | |
+ | |
+public class BromiteLocalNetworkAccessContentSetting extends BromiteCustomContentSetting { | |
+ public BromiteLocalNetworkAccessContentSetting() { | |
+ super(/*contentSettingsType*/ ContentSettingsType.INSECURE_PRIVATE_NETWORK, | |
+ /*siteSettingsCategory*/ SiteSettingsCategory.Type.LOCAL_NETWORK_ACCESS, | |
+ /*defaultEnabledValue*/ ContentSettingValues.ALLOW, | |
+ /*defaultDisabledValue*/ ContentSettingValues.BLOCK, | |
+ /*allowException*/ true, | |
+ /*preferenceKey*/ "insecure-private-network", | |
+ /*profilePrefKey*/ "insecure-private-network"); | |
+ } | |
+ | |
+ @Override | |
+ public ContentSettingsResources.ResourceItem getResourceItem() { | |
+ return new ContentSettingsResources.ResourceItem( | |
+ /*icon*/ R.drawable.web_asset, | |
+ /*title*/ R.string.local_network_access_permission_title, | |
+ /*defaultEnabledValue*/ getDefaultEnabledValue(), | |
+ /*defaultDisabledValue*/ getDefaultDisabledValue(), | |
+ /*enabledSummary*/ R.string.website_settings_category_local_network_access_enabled, | |
+ /*disabledSummary*/ R.string.website_settings_category_local_network_access_disabled); | |
+ } | |
+ | |
+ @Override | |
+ public int getCategorySummary(@Nullable @ContentSettingValues int value) { | |
+ switch (value) { | |
+ case ContentSettingValues.ALLOW: | |
+ return R.string.website_settings_category_local_network_access_enabled; | |
+ case ContentSettingValues.BLOCK: | |
+ return R.string.website_settings_category_local_network_access_disabled; | |
+ default: | |
+ return 0; | |
+ } | |
+ } | |
+ | |
+ @Override | |
+ public boolean requiresTriStateContentSetting() { | |
+ return false; | |
+ } | |
+ | |
+ @Override | |
+ public boolean showOnlyDescriptions() { | |
+ return true; | |
+ } | |
+ | |
+ @Override | |
+ public int getAddExceptionDialogMessage() { | |
+ return R.string.website_settings_category_local_network_access_enabled; | |
+ } | |
+ | |
+ @Override | |
+ public @Nullable Boolean considerException(SiteSettingsCategory category, @ContentSettingValues int value) { | |
+ return value != ContentSettingValues.BLOCK; | |
+ } | |
+} | |
diff --git a/components/browser_ui/site_settings/android/java/src/org/chromium/components/browser_ui/site_settings/SiteSettingsCategory.java b/components/browser_ui/site_settings/android/java/src/org/chromium/components/browser_ui/site_settings/SiteSettingsCategory.java | |
--- a/components/browser_ui/site_settings/android/java/src/org/chromium/components/browser_ui/site_settings/SiteSettingsCategory.java | |
+++ b/components/browser_ui/site_settings/android/java/src/org/chromium/components/browser_ui/site_settings/SiteSettingsCategory.java | |
@@ -48,7 +48,7 @@ public class SiteSettingsCategory { | |
Type.USE_STORAGE, Type.AUTO_DARK_WEB_CONTENT, Type.REQUEST_DESKTOP_SITE, | |
Type.FEDERATED_IDENTITY_API, Type.THIRD_PARTY_COOKIES, Type.SITE_DATA, | |
Type.TIMEZONE_OVERRIDE, Type.AUTOPLAY, Type.JAVASCRIPT_JIT, Type.IMAGES, | |
- Type.NUM_ENTRIES, Type.WEBGL, Type.WEBRTC, Type.VIEWPORT}) | |
+ Type.NUM_ENTRIES, Type.WEBGL, Type.WEBRTC, Type.VIEWPORT, Type.LOCAL_NETWORK_ACCESS}) | |
@Retention(RetentionPolicy.SOURCE) | |
public @interface Type { | |
// All updates here must also be reflected in {@link #preferenceKey(int) | |
@@ -88,10 +88,11 @@ public class SiteSettingsCategory { | |
int WEBGL = 32; | |
int WEBRTC = 33; | |
int VIEWPORT = 34; | |
+ int LOCAL_NETWORK_ACCESS = 35; | |
/** | |
* Number of handled categories used for calculating array sizes. | |
*/ | |
- int NUM_ENTRIES = 35; | |
+ int NUM_ENTRIES = 36; | |
} | |
private final BrowserContextHandle mBrowserContextHandle; | |
diff --git a/components/browser_ui/strings/android/browser_ui_strings.grd b/components/browser_ui/strings/android/browser_ui_strings.grd | |
--- a/components/browser_ui/strings/android/browser_ui_strings.grd | |
+++ b/components/browser_ui/strings/android/browser_ui_strings.grd | |
@@ -177,6 +177,7 @@ | |
<part file="webgl.grdp" /> | |
<part file="webrtc.grdp" /> | |
<part file="viewport.grdp" /> | |
+ <part file="local_network_access.grdp" /> | |
<message name="IDS_GOT_IT" desc="Button for the user to accept a disclosure/message" formatter_data="android_java"> | |
Got it | |
diff --git a/components/browser_ui/strings/android/local_network_access.grdp b/components/browser_ui/strings/android/local_network_access.grdp | |
new file mode 100644 | |
--- /dev/null | |
+++ b/components/browser_ui/strings/android/local_network_access.grdp | |
@@ -0,0 +1,18 @@ | |
+<?xml version="1.0" encoding="utf-8"?> | |
+<grit-part> | |
+ <message name="IDS_SITE_SETTINGS_TYPE_LOCAL_NETWORK_ACCESS" desc="The label used for LOCAL_NETWORK_ACCESS site settings controls."> | |
+ Local Network Access | |
+ </message> | |
+ <message name="IDS_SITE_SETTINGS_TYPE_LOCAL_NETWORK_ACCESS_MID_SENTENCE" desc="The label used for LOCAL_NETWORK_ACCESS site settings controls when used mid-sentence."> | |
+ Local Network Access | |
+ </message> | |
+ <message name="IDS_LOCAL_NETWORK_ACCESS_PERMISSION_TITLE" desc="Title of the permission to use LOCAL_NETWORK_ACCESS [CHAR-LIMIT=32]"> | |
+ Local Network Access | |
+ </message> | |
+ <message name="IDS_WEBSITE_SETTINGS_CATEGORY_LOCAL_NETWORK_ACCESS_ENABLED" desc="Summary text explaining that LOCAL_NETWORK_ACCESS is full enabled."> | |
+ Enabled | |
+ </message> | |
+ <message name="IDS_WEBSITE_SETTINGS_CATEGORY_LOCAL_NETWORK_ACCESS_DISABLED" desc="Summary text explaining that LOCAL_NETWORK_ACCESS is full disabled."> | |
+ Disabled | |
+ </message> | |
+</grit-part> | |
diff --git a/content/browser/renderer_host/navigation_request.cc b/content/browser/renderer_host/navigation_request.cc | |
--- a/content/browser/renderer_host/navigation_request.cc | |
+++ b/content/browser/renderer_host/navigation_request.cc | |
@@ -6744,11 +6744,10 @@ void NavigationRequest::UpdatePrivateNetworkRequestPolicy() { | |
frame_tree_node_->navigator().controller().GetBrowserContext(); | |
url::Origin origin = GetOriginToCommit().value(); | |
- if (client->ShouldAllowInsecurePrivateNetworkRequests(context, origin)) { | |
- // The content browser client decided to make an exception for this URL. | |
+ if (!client->ShouldAllowInsecurePrivateNetworkRequests(context, origin)) { | |
private_network_request_policy_ = | |
- network::mojom::PrivateNetworkRequestPolicy::kAllow; | |
- return; | |
+ network::mojom::PrivateNetworkRequestPolicy::kBlock; | |
+ if ((true)) return; | |
} | |
const PolicyContainerPolicies& policies = | |
diff --git a/content/browser/renderer_host/private_network_access_util.cc b/content/browser/renderer_host/private_network_access_util.cc | |
--- a/content/browser/renderer_host/private_network_access_util.cc | |
+++ b/content/browser/renderer_host/private_network_access_util.cc | |
@@ -193,4 +193,4 @@ AddressSpace CalculateIPAddressSpace( | |
return IPAddressSpaceForSpecialScheme(url, client); | |
} | |
-} // namespace content | |
+} // namespace content // only to mark | |
diff --git a/content/browser/renderer_host/render_frame_host_impl.cc b/content/browser/renderer_host/render_frame_host_impl.cc | |
--- a/content/browser/renderer_host/render_frame_host_impl.cc | |
+++ b/content/browser/renderer_host/render_frame_host_impl.cc | |
@@ -4093,10 +4093,10 @@ void RenderFrameHostImpl::SetOriginDependentStateOfNewFrame( | |
new_frame_origin, base::OptionalToPtr(isolation_info_.nonce()))); | |
// Apply private network request policy according to our new origin. | |
- if (GetContentClient()->browser()->ShouldAllowInsecurePrivateNetworkRequests( | |
+ if (!GetContentClient()->browser()->ShouldAllowInsecurePrivateNetworkRequests( | |
GetBrowserContext(), new_frame_origin)) { | |
private_network_request_policy_ = | |
- network::mojom::PrivateNetworkRequestPolicy::kAllow; | |
+ network::mojom::PrivateNetworkRequestPolicy::kBlock; | |
} | |
// Construct the frame's permissions policy only once we know its initial | |
diff --git a/content/browser/service_worker/embedded_worker_instance.cc b/content/browser/service_worker/embedded_worker_instance.cc | |
--- a/content/browser/service_worker/embedded_worker_instance.cc | |
+++ b/content/browser/service_worker/embedded_worker_instance.cc | |
@@ -318,6 +318,15 @@ void EmbeddedWorkerInstance::Start( | |
network::mojom::ClientSecurityStatePtr client_security_state = | |
owner_version_->BuildClientSecurityState(); | |
+ const url::Origin origin_to_check = url::Origin::Create(params->script_url); | |
+ LOG(INFO) << "---EmbeddedWorkerInstance::Start " | |
+ << "--" << origin_to_check.GetDebugString(); | |
+ BrowserContext* context = rph->GetBrowserContext(); | |
+ if (!GetContentClient()->browser()->ShouldAllowInsecurePrivateNetworkRequests(context, origin_to_check)) { | |
+ LOG(INFO) << "---EmbeddedWorkerInstance::Start2"; | |
+ client_security_state->private_network_request_policy = | |
+ network::mojom::PrivateNetworkRequestPolicy::kBlock; | |
+ } | |
const network::CrossOriginEmbedderPolicy* coep = | |
client_security_state | |
? &client_security_state->cross_origin_embedder_policy | |
diff --git a/content/browser/worker_host/dedicated_worker_host.cc b/content/browser/worker_host/dedicated_worker_host.cc | |
--- a/content/browser/worker_host/dedicated_worker_host.cc | |
+++ b/content/browser/worker_host/dedicated_worker_host.cc | |
@@ -418,6 +418,16 @@ void DedicatedWorkerHost::DidStartScriptLoad( | |
->cross_origin_embedder_policy; | |
} | |
+ LOG(ERROR) << "---DedicatedWorkerHost::Start " | |
+ << "--" << final_response_url | |
+ << "--" << creator_origin_.GetDebugString(); | |
+ BrowserContext* context = GetProcessHost()->GetBrowserContext(); | |
+ if (!GetContentClient()->browser()->ShouldAllowInsecurePrivateNetworkRequests(context, creator_origin_)) { | |
+ LOG(INFO) << "---DedicatedWorkerHost::Start2"; | |
+ worker_client_security_state_->private_network_request_policy = | |
+ network::mojom::PrivateNetworkRequestPolicy::kBlock; | |
+ } | |
+ | |
auto* storage_partition = static_cast<StoragePartitionImpl*>( | |
worker_process_host_->GetStoragePartition()); | |
diff --git a/content/browser/worker_host/shared_worker_host.cc b/content/browser/worker_host/shared_worker_host.cc | |
--- a/content/browser/worker_host/shared_worker_host.cc | |
+++ b/content/browser/worker_host/shared_worker_host.cc | |
@@ -304,6 +304,17 @@ void SharedWorkerHost::Start( | |
GetReportingSource(), GetNetworkAnonymizationKey()); | |
} | |
+ LOG(INFO) << "---SharedWorkerHost::Start " << instance_.url() | |
+ << "--" << final_response_url | |
+ << "--" << GetStorageKey().origin().GetDebugString(); | |
+ const url::Origin origin = GetStorageKey().origin(); | |
+ BrowserContext* context = GetProcessHost()->GetBrowserContext(); | |
+ if (!client->ShouldAllowInsecurePrivateNetworkRequests(context, origin)) { | |
+ LOG(INFO) << "---SharedWorkerHost::Start2 " << instance_.url(); | |
+ worker_client_security_state_->private_network_request_policy = | |
+ network::mojom::PrivateNetworkRequestPolicy::kBlock; | |
+ } | |
+ | |
auto options = blink::mojom::WorkerOptions::New( | |
instance_.script_type(), instance_.credentials_mode(), instance_.name()); | |
blink::mojom::SharedWorkerInfoPtr info(blink::mojom::SharedWorkerInfo::New( | |
diff --git a/content/public/common/content_features.cc b/content/public/common/content_features.cc | |
--- a/content/public/common/content_features.cc | |
+++ b/content/public/common/content_features.cc | |
@@ -161,8 +161,8 @@ BASE_FEATURE(kVibration, | |
// - kBlockInsecurePrivateNetworkRequestsFromUnknown | |
// - kBlockInsecurePrivateNetworkRequestsForNavigations | |
BASE_FEATURE(kBlockInsecurePrivateNetworkRequests, | |
- "BlockInsecurePrivateNetworkRequests", | |
- base::FEATURE_ENABLED_BY_DEFAULT); | |
+ "BlockInsecurePrivateNetworkRequests", // must be | |
+ base::FEATURE_ENABLED_BY_DEFAULT); // enabled | |
// When this feature is enabled, requests to localhost initiated from non-secure | |
// contexts in the `private` IP address space are blocked. | |
@@ -171,8 +171,8 @@ BASE_FEATURE(kBlockInsecurePrivateNetworkRequests, | |
// - https://wicg.github.io/private-network-access/#integration-fetch | |
// - kBlockInsecurePrivateNetworkRequests | |
BASE_FEATURE(kBlockInsecurePrivateNetworkRequestsFromPrivate, | |
- "BlockInsecurePrivateNetworkRequestsFromPrivate", | |
- base::FEATURE_DISABLED_BY_DEFAULT); | |
+ "BlockInsecurePrivateNetworkRequestsFromPrivate", // must be | |
+ base::FEATURE_DISABLED_BY_DEFAULT); // disabled | |
// When this feature is enabled, requests to localhost initiated from non-secure | |
// contexts in the `unknown` IP address space are blocked. | |
@@ -898,15 +898,15 @@ BASE_FEATURE(kPrivateNetworkAccessForWorkers, | |
// Similar to `kPrivateNetworkAccessForWorkers`, except that it does not require | |
// CORS preflight requests to succeed, and shows a warning in devtools instead. | |
BASE_FEATURE(kPrivateNetworkAccessForWorkersWarningOnly, | |
- "PrivateNetworkAccessForWorkersWarningOnly", | |
- base::FEATURE_ENABLED_BY_DEFAULT); | |
+ "PrivateNetworkAccessForWorkersWarningOnly", // must be | |
+ base::FEATURE_ENABLED_BY_DEFAULT); // disabled? | |
// Requires that CORS preflight requests succeed before sending private network | |
// requests. This flag implies `kPrivateNetworkAccessSendPreflights`. | |
// See: https://wicg.github.io/private-network-access/#cors-preflight | |
BASE_FEATURE(kPrivateNetworkAccessRespectPreflightResults, | |
"PrivateNetworkAccessRespectPreflightResults", | |
- base::FEATURE_DISABLED_BY_DEFAULT); | |
+ base::FEATURE_DISABLED_BY_DEFAULT); // to be checked | |
// Enables sending CORS preflight requests ahead of private network requests. | |
// See: https://wicg.github.io/private-network-access/#cors-preflight | |
diff --git a/third_party/blink/renderer/platform/loader/cors/cors_error_string.cc b/third_party/blink/renderer/platform/loader/cors/cors_error_string.cc | |
--- a/third_party/blink/renderer/platform/loader/cors/cors_error_string.cc | |
+++ b/third_party/blink/renderer/platform/loader/cors/cors_error_string.cc | |
@@ -111,7 +111,7 @@ String GetErrorString(const network::CorsErrorStatus& status, | |
builder.Append("The response is invalid."); | |
break; | |
case CorsError::kInsecurePrivateNetwork: | |
- Append(builder, {"The request client is not a secure context and the " | |
+ Append(builder, {"The request client is not a secure context or the " | |
"resource is in more-private address space `", | |
ShortAddressSpace(status.resource_address_space), "`."}); | |
break; | |
-- | |
2.25.1 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment