From f2097b6d27905bb87012a5bc748db02feb3fdff5 Mon Sep 17 00:00:00 2001 From: Aleksey Khoroshilov Date: Fri, 20 Sep 2024 21:00:24 +0700 Subject: [PATCH] Add farbling token into ShieldsSettings. --- browser/brave_content_browser_client.cc | 5 ++- .../brave_shields_web_contents_observer.cc | 13 +++++--- .../brave_browsing_data_remover_delegate.cc | 12 +++++++ .../ui/webui/settings/site_settings_helper.cc | 3 +- .../worker_content_settings_client.cc | 2 +- .../core/browser/content_settings_registry.cc | 9 ++++++ .../core/browser/content_settings_uma_util.cc | 3 +- .../core/common/content_settings_types.mojom | 2 ++ .../content/browser/brave_shields_util.cc | 28 +++++++++++++++- .../content/browser/brave_shields_util.h | 2 ++ .../core/common/brave_shield_constants.h | 1 + .../core/common/shields_settings.mojom | 1 + .../brave_content_settings_agent_impl.cc | 32 ++++++++----------- ...data-content-browsing_data_helper.cc.patch | 13 ++++++++ 14 files changed, 98 insertions(+), 28 deletions(-) create mode 100644 patches/components-browsing_data-content-browsing_data_helper.cc.patch diff --git a/browser/brave_content_browser_client.cc b/browser/brave_content_browser_client.cc index 3f791013429..c1bcc8c7c81 100644 --- a/browser/brave_content_browser_client.cc +++ b/browser/brave_content_browser_client.cc @@ -692,8 +692,11 @@ BraveContentBrowserClient::WorkerGetBraveShieldSettings( PrefService* pref_service = user_prefs::UserPrefs::Get(browser_context); + base::Token farbling_token = brave_shields::GetFarblingToken( + HostContentSettingsMapFactory::GetForProfile(browser_context), url); + return brave_shields::mojom::ShieldsSettings::New( - farbling_level, std::vector(), + farbling_level, farbling_token, std::vector(), brave_shields::IsReduceLanguageEnabledForProfile(pref_service)); } diff --git a/browser/brave_shields/brave_shields_web_contents_observer.cc b/browser/brave_shields/brave_shields_web_contents_observer.cc index f513e2fd427..17a9b578b73 100644 --- a/browser/brave_shields/brave_shields_web_contents_observer.cc +++ b/browser/brave_shields/brave_shields_web_contents_observer.cc @@ -21,6 +21,7 @@ #include "chrome/browser/content_settings/host_content_settings_map_factory.h" #include "chrome/browser/profiles/profile.h" #include "chrome/common/renderer_configuration.mojom.h" +#include "components/content_settings/core/browser/host_content_settings_map.h" #include "components/prefs/pref_registry_simple.h" #include "components/prefs/pref_service.h" #include "components/user_prefs/user_prefs.h" @@ -294,11 +295,13 @@ void BraveShieldsWebContentsObserver::SendShieldsSettings( ->GetLastCommittedURL() : navigation_handle->GetURL(); + HostContentSettingsMap* host_content_settings_map = + HostContentSettingsMapFactory::GetForProfile(rfh->GetBrowserContext()); const brave_shields::mojom::FarblingLevel farbling_level = - brave_shields::GetFarblingLevel( - HostContentSettingsMapFactory::GetForProfile( - rfh->GetBrowserContext()), - primary_url); + brave_shields::GetFarblingLevel(host_content_settings_map, primary_url); + + base::Token farbling_token = + brave_shields::GetFarblingToken(host_content_settings_map, primary_url); PrefService* pref_service = user_prefs::UserPrefs::Get(rfh->GetBrowserContext()); @@ -306,7 +309,7 @@ void BraveShieldsWebContentsObserver::SendShieldsSettings( mojo::AssociatedRemote agent; rfh->GetRemoteAssociatedInterfaces()->GetInterface(&agent); agent->SetShieldsSettings(brave_shields::mojom::ShieldsSettings::New( - farbling_level, allowed_scripts_, + farbling_level, farbling_token, allowed_scripts_, brave_shields::IsReduceLanguageEnabledForProfile(pref_service))); } diff --git a/browser/browsing_data/brave_browsing_data_remover_delegate.cc b/browser/browsing_data/brave_browsing_data_remover_delegate.cc index 49f9d408d9a..236f8b2789a 100644 --- a/browser/browsing_data/brave_browsing_data_remover_delegate.cc +++ b/browser/browsing_data/brave_browsing_data_remover_delegate.cc @@ -17,6 +17,7 @@ #include "chrome/browser/content_settings/host_content_settings_map_factory.h" #include "chrome/browser/profiles/profile.h" #include "chrome/common/buildflags.h" +#include "components/browsing_data/content/browsing_data_helper.h" #include "components/content_settings/core/browser/host_content_settings_map.h" #if BUILDFLAG(ENABLE_AI_CHAT) @@ -65,6 +66,17 @@ void BraveBrowsingDataRemoverDelegate::RemoveEmbedderData( ClearAiChatHistory(delete_begin, delete_end); } #endif // BUILDFLAG(ENABLE_AI_CHAT) + + if ((remove_mask & chrome_browsing_data_remover::DATA_TYPE_SITE_USAGE_DATA) || + (remove_mask & chrome_browsing_data_remover::DATA_TYPE_HISTORY)) { + HostContentSettingsMap::PatternSourcePredicate website_settings_filter = + browsing_data::CreateWebsiteSettingsFilter(filter_builder); + HostContentSettingsMap* host_content_settings_map = + HostContentSettingsMapFactory::GetForProfile(profile_); + host_content_settings_map->ClearSettingsForOneTypeWithPredicate( + ContentSettingsType::BRAVE_SHIELDS_METADATA, delete_begin, delete_end, + website_settings_filter); + } } void BraveBrowsingDataRemoverDelegate::ClearShieldsSettings( diff --git a/chromium_src/chrome/browser/ui/webui/settings/site_settings_helper.cc b/chromium_src/chrome/browser/ui/webui/settings/site_settings_helper.cc index e146674d0cb..2a42843d6d2 100644 --- a/chromium_src/chrome/browser/ui/webui/settings/site_settings_helper.cc +++ b/chromium_src/chrome/browser/ui/webui/settings/site_settings_helper.cc @@ -49,7 +49,8 @@ {ContentSettingsType::BRAVE_WEBCOMPAT_WEBGL, nullptr}, \ {ContentSettingsType::BRAVE_WEBCOMPAT_WEBGL2, nullptr}, \ {ContentSettingsType::BRAVE_WEBCOMPAT_WEB_SOCKETS_POOL, nullptr}, \ - {ContentSettingsType::BRAVE_WEBCOMPAT_ALL, nullptr}, + {ContentSettingsType::BRAVE_WEBCOMPAT_ALL, nullptr}, \ + {ContentSettingsType::BRAVE_SHIELDS_METADATA, nullptr}, // clang-format on #define BRAVE_SITE_SETTINGS_HELPER_CONTENT_SETTINGS_TYPE_FROM_GROUP_NAME \ diff --git a/chromium_src/chrome/renderer/worker_content_settings_client.cc b/chromium_src/chrome/renderer/worker_content_settings_client.cc index 67fb4066893..04affb9340a 100644 --- a/chromium_src/chrome/renderer/worker_content_settings_client.cc +++ b/chromium_src/chrome/renderer/worker_content_settings_client.cc @@ -96,7 +96,7 @@ WorkerContentSettingsClient_BraveImpl::GetBraveShieldsSettings( } else { DCHECK(!HasContentSettingsRules()); return brave_shields::mojom::ShieldsSettings::New( - farbling_level, std::vector(), false); + farbling_level, base::Token(), std::vector(), false); } } diff --git a/chromium_src/components/content_settings/core/browser/content_settings_registry.cc b/chromium_src/components/content_settings/core/browser/content_settings_registry.cc index 06ad62a9ab9..bf6a4fba02e 100644 --- a/chromium_src/components/content_settings/core/browser/content_settings_registry.cc +++ b/chromium_src/components/content_settings/core/browser/content_settings_registry.cc @@ -320,6 +320,15 @@ void ContentSettingsRegistry::BraveInit() { ContentSettingsInfo::EXCEPTIONS_ON_SECURE_AND_INSECURE_ORIGINS); } } + + website_settings_registry_->Register( + ContentSettingsType::BRAVE_SHIELDS_METADATA, + brave_shields::kBraveShieldsMetadata, base::Value(), + WebsiteSettingsInfo::UNSYNCABLE, WebsiteSettingsInfo::NOT_LOSSY, + WebsiteSettingsInfo::REQUESTING_SCHEMEFUL_SITE_ONLY_SCOPE, + WebsiteSettingsRegistry::DESKTOP | + WebsiteSettingsRegistry::PLATFORM_ANDROID, + WebsiteSettingsInfo::DONT_INHERIT_IN_INCOGNITO); } } // namespace content_settings diff --git a/chromium_src/components/content_settings/core/browser/content_settings_uma_util.cc b/chromium_src/components/content_settings/core/browser/content_settings_uma_util.cc index a85492a344e..dddc97f0047 100644 --- a/chromium_src/components/content_settings/core/browser/content_settings_uma_util.cc +++ b/chromium_src/components/content_settings/core/browser/content_settings_uma_util.cc @@ -63,7 +63,8 @@ static_assert(static_cast(ContentSettingsType::kMaxValue) < {ContentSettingsType::BRAVE_WEBCOMPAT_WEBGL, brave_value(65)}, \ {ContentSettingsType::BRAVE_WEBCOMPAT_WEBGL2, brave_value(66)}, \ {ContentSettingsType::BRAVE_WEBCOMPAT_WEB_SOCKETS_POOL, brave_value(67)}, \ - {ContentSettingsType::BRAVE_WEBCOMPAT_ALL, brave_value(68)}, + {ContentSettingsType::BRAVE_WEBCOMPAT_ALL, brave_value(68)}, \ + {ContentSettingsType::BRAVE_SHIELDS_METADATA, brave_value(69)}, // clang-format on #define kDefaultProvider \ diff --git a/chromium_src/components/content_settings/core/common/content_settings_types.mojom b/chromium_src/components/content_settings/core/common/content_settings_types.mojom index 8f061e6343f..ea0c830ee24 100644 --- a/chromium_src/components/content_settings/core/common/content_settings_types.mojom +++ b/chromium_src/components/content_settings/core/common/content_settings_types.mojom @@ -44,4 +44,6 @@ enum ContentSettingsType { BRAVE_WEBCOMPAT_WEBGL2, BRAVE_WEBCOMPAT_WEB_SOCKETS_POOL, BRAVE_WEBCOMPAT_ALL, + + BRAVE_SHIELDS_METADATA, }; diff --git a/components/brave_shields/content/browser/brave_shields_util.cc b/components/brave_shields/content/browser/brave_shields_util.cc index f3ac6eeab13..34d0f5b16c5 100644 --- a/components/brave_shields/content/browser/brave_shields_util.cc +++ b/components/brave_shields/content/browser/brave_shields_util.cc @@ -5,7 +5,7 @@ #include "brave/components/brave_shields/content/browser/brave_shields_util.h" -#include +#include #include "base/feature_list.h" #include "base/logging.h" @@ -914,4 +914,30 @@ mojom::FarblingLevel GetFarblingLevel(HostContentSettingsMap* map, } } +base::Token GetFarblingToken(HostContentSettingsMap* map, const GURL& url) { + if (!url.SchemeIsHTTPOrHTTPS()) { + return base::Token(); + } + auto shields_metadata_value = map->GetWebsiteSetting( + url, url, ContentSettingsType::BRAVE_SHIELDS_METADATA); + auto* shields_metadata_dict = shields_metadata_value.GetIfDict(); + if (!shields_metadata_dict) { + shields_metadata_value = base::Value(base::Value::Type::DICT); + shields_metadata_dict = &shields_metadata_value.GetDict(); + } + base::Token token; + if (auto* farbling_token = + shields_metadata_dict->FindString("farbling_token")) { + token = base::Token::FromString(*farbling_token).value_or(base::Token()); + } else { + token = base::Token::CreateRandom(); + shields_metadata_dict->Set("farbling_token", token.ToString()); + map->SetWebsiteSettingDefaultScope( + url, url, ContentSettingsType::BRAVE_SHIELDS_METADATA, + std::move(shields_metadata_value)); + } + // LOG(ERROR) << token.ToString(); + return token; +} + } // namespace brave_shields diff --git a/components/brave_shields/content/browser/brave_shields_util.h b/components/brave_shields/content/browser/brave_shields_util.h index a6f6fa75924..a5314eb8fbf 100644 --- a/components/brave_shields/content/browser/brave_shields_util.h +++ b/components/brave_shields/content/browser/brave_shields_util.h @@ -167,6 +167,8 @@ ShieldsSettingCounts GetAdsSettingCount(HostContentSettingsMap* map); mojom::FarblingLevel GetFarblingLevel(HostContentSettingsMap* map, const GURL& primary_url); +base::Token GetFarblingToken(HostContentSettingsMap* map, const GURL& url); + } // namespace brave_shields #endif // BRAVE_COMPONENTS_BRAVE_SHIELDS_CONTENT_BROWSER_BRAVE_SHIELDS_UTIL_H_ diff --git a/components/brave_shields/core/common/brave_shield_constants.h b/components/brave_shields/core/common/brave_shield_constants.h index 0269c7e648b..e8e79e5ba0c 100644 --- a/components/brave_shields/core/common/brave_shield_constants.h +++ b/components/brave_shields/core/common/brave_shield_constants.h @@ -18,6 +18,7 @@ inline constexpr char kHTTPSUpgrades[] = "httpsUpgrades"; inline constexpr char kJavaScript[] = "javascript"; inline constexpr char kFingerprintingV2[] = "fingerprintingV2"; inline constexpr char kBraveShields[] = "braveShields"; +inline constexpr char kBraveShieldsMetadata[] = "braveShieldsMetadata"; inline constexpr char kReferrers[] = "referrers"; inline constexpr char kCookies[] = "shieldsCookiesV3"; inline constexpr char kFacebookEmbeds[] = "fb-embeds"; diff --git a/components/brave_shields/core/common/shields_settings.mojom b/components/brave_shields/core/common/shields_settings.mojom index 23f7c04fa1a..f2891821f53 100644 --- a/components/brave_shields/core/common/shields_settings.mojom +++ b/components/brave_shields/core/common/shields_settings.mojom @@ -15,6 +15,7 @@ enum FarblingLevel { struct ShieldsSettings { FarblingLevel farbling_level; + mojo_base.mojom.Token farbling_token; array origins_to_allow_scripts; bool reduce_language; }; diff --git a/components/content_settings/renderer/brave_content_settings_agent_impl.cc b/components/content_settings/renderer/brave_content_settings_agent_impl.cc index 4dbdc005d6c..50ff50dac9d 100644 --- a/components/content_settings/renderer/brave_content_settings_agent_impl.cc +++ b/components/content_settings/renderer/brave_content_settings_agent_impl.cc @@ -44,24 +44,19 @@ bool IsFrameWithOpaqueOrigin(blink::WebFrame* frame) { frame->Top()->GetSecurityOrigin().IsOpaque(); } -GURL GetOriginOrURL(const blink::WebFrame* frame) { - url::Origin top_origin = url::Origin(frame->Top()->GetSecurityOrigin()); - // The |top_origin| is unique ("null") e.g., for file:// URLs. Use the - // document URL as the primary URL in those cases. - // TODO(alexmos): This is broken for --site-per-process, since top() can be a - // WebRemoteFrame which does not have a document(), and the WebRemoteFrame's - // URL is not replicated. See https://crbug.com/628759. - if (top_origin.opaque() && frame->Top()->IsWebLocalFrame()) { - return frame->Top()->ToWebLocalFrame()->GetDocument().Url(); - } - return top_origin.GetURL(); +GURL GetTopFrameOriginAsURL(const blink::WebFrame* frame) { + DCHECK(frame); + url::Origin top_origin(frame->Top()->GetSecurityOrigin()); + return top_origin.opaque() + ? top_origin.GetTupleOrPrecursorTupleIfOpaque().GetURL() + : top_origin.GetURL(); } bool IsBraveShieldsDown(const blink::WebFrame* frame, const GURL& secondary_url, const ContentSettingsForOneType& rules) { ContentSetting setting = CONTENT_SETTING_DEFAULT; - const GURL& primary_url = GetOriginOrURL(frame); + const GURL& primary_url = GetTopFrameOriginAsURL(frame); for (const auto& rule : rules) { if (rule.primary_pattern.Matches(primary_url) && @@ -291,7 +286,7 @@ bool BraveContentSettingsAgentImpl::IsCosmeticFilteringEnabled( ContentSetting setting = CONTENT_SETTING_DEFAULT; if (content_setting_rules_) { - const GURL& primary_url = GetOriginOrURL(frame); + const GURL& primary_url = GetTopFrameOriginAsURL(frame); for (const auto& rule : content_setting_rules_->cosmetic_filtering_rules) { if (rule.primary_pattern.Matches(primary_url) && @@ -315,7 +310,7 @@ bool BraveContentSettingsAgentImpl::IsFirstPartyCosmeticFilteringEnabled( ContentSetting setting = CONTENT_SETTING_DEFAULT; if (content_setting_rules_) { - const GURL& primary_url = GetOriginOrURL(frame); + const GURL& primary_url = GetTopFrameOriginAsURL(frame); for (const auto& rule : content_setting_rules_->cosmetic_filtering_rules) { if (rule.primary_pattern.Matches(primary_url) && @@ -351,13 +346,14 @@ BraveContentSettingsAgentImpl::GetBraveShieldsSettings( setting = CONTENT_SETTING_ALLOW; } else { setting = brave_shields::GetBraveFPContentSettingFromRules( - content_setting_rules_->fingerprinting_rules, GetOriginOrURL(frame)); + content_setting_rules_->fingerprinting_rules, + GetTopFrameOriginAsURL(frame)); } if (setting != CONTENT_SETTING_ALLOW) { auto webcompat_setting = brave_shields::GetBraveWebcompatContentSettingFromRules( - content_setting_rules_->webcompat_rules, GetOriginOrURL(frame), - webcompat_settings_type); + content_setting_rules_->webcompat_rules, + GetTopFrameOriginAsURL(frame), webcompat_settings_type); if (webcompat_setting == CONTENT_SETTING_ALLOW) { setting = CONTENT_SETTING_ALLOW; } @@ -384,7 +380,7 @@ BraveContentSettingsAgentImpl::GetBraveShieldsSettings( // TODO(goodov): Parent or Incumbent frame should be used in this case. DCHECK(!HasContentSettingsRules()); return brave_shields::mojom::ShieldsSettings::New( - farbling_level, std::vector(), false); + farbling_level, base::Token(), std::vector(), false); } } diff --git a/patches/components-browsing_data-content-browsing_data_helper.cc.patch b/patches/components-browsing_data-content-browsing_data_helper.cc.patch new file mode 100644 index 00000000000..d2b99e51266 --- /dev/null +++ b/patches/components-browsing_data-content-browsing_data_helper.cc.patch @@ -0,0 +1,13 @@ +diff --git a/components/browsing_data/content/browsing_data_helper.cc b/components/browsing_data/content/browsing_data_helper.cc +index 7d9f7945a59b302a5eab7d0e1fb4d0855ba2eab1..ab064f3b8e129d59e4956545c7928c3854aa8836 100644 +--- a/components/browsing_data/content/browsing_data_helper.cc ++++ b/components/browsing_data/content/browsing_data_helper.cc +@@ -39,7 +39,7 @@ bool WebsiteSettingsFilterAdapter( + // Website settings only use origin-scoped patterns. The only content setting + // this filter is used for is DURABLE_STORAGE, which also only uses + // origin-scoped patterns. Such patterns can be directly translated to a GURL. +- GURL url(primary_pattern.ToString()); ++ GURL url(primary_pattern.ToRepresentativeUrl()); + DCHECK(url.is_valid()) << "url: '" << url.possibly_invalid_spec() << "' " + << "pattern: '" << primary_pattern.ToString() << "'"; + return predicate.Run(url);