[Sync] Add an option in setting page to Enter Custom Sync Url #25484
Conversation
jagadeshjai
changed the title
jagadeshjai
force-pushed
the
feature__add_option_custom_sync_url
branch
from
8d7d7ff
to
f26c2e6
Compare
|
Hey @aguscruiz ! Could you confirm the design for this UI? Kindly refer SC in Overview. |
jagadeshjai
force-pushed
the
feature__add_option_custom_sync_url
branch
2 times, most recently
from
e2da192
to
4fc9c3e
Compare
jagadeshjai
force-pushed
the
feature__add_option_custom_sync_url
branch
5 times, most recently
from
7ddc422
to
8cc6efd
Compare
jagadeshjai
changed the title
jagadeshjai
force-pushed
the
feature__add_option_custom_sync_url
branch
2 times, most recently
from
e0844cf
to
6034292
Compare
| #include "brave/components/sync/service/brave_sync_service_impl.h" | ||
| #include "chrome/browser/history/history_service_factory.h" | ||
| #include "chrome/browser/sync/device_info_sync_service_factory.h" | ||
| #include "components/sync/base/command_line_switches.h" | ||
|
|
||
| // Below includes are just to prevent redefining of |
There was a problem hiding this comment.
These included seems nasty,
@goodov Do we have any known alternatives to avoid this, other than direct patching?
There was a problem hiding this comment.
yeah, this is too messy.
I think we should stop using syncer::kSyncServiceURL for setting the URL via the command line, but instead do this:
- override
syncer::internal::kSyncServerUrlandsyncer::internal::kSyncDevServerUrlto beBUILDFLAG(BRAVE_SYNC_ENDPOINT). - modify
BraveGetSyncServiceURLto also use the pref value ifsyncer::kSyncServiceURLflag is not passed (right now it's used only if the pref is managed). - remove
syncer::kSyncServiceURLsetting in//brave/app/brave_main_delegate.cc. - support
AdjustSyncServiceUrlForAndroidinBraveGetSyncServiceURL.
There was a problem hiding this comment.
cc @AlexeyBarabash ^ does this sound correct? aren't there any hidden shenanigans on iOS/Android if we go this way?
There was a problem hiding this comment.
Sorry, @jagadeshjai @goodov I have conmpletly missed this PR and the question.
all above sounds correct and I see the code is now much cleaner.
No hidden shenanigans on Android.
iOS should also be ok. Just in case lets ask @Brandon-T, does iOS have any code to setup custom sync server url?
I just have tested the PR on Android and Desktop - works fine.
jagadeshjai
force-pushed
the
feature__add_option_custom_sync_url
branch
from
6034292
to
c42c7ba
Compare
jagadeshjai
force-pushed
the
feature__add_option_custom_sync_url
branch
5 times, most recently
from
2c9a8ce
to
0d046ba
Compare
jagadeshjai
force-pushed
the
feature__add_option_custom_sync_url
branch
from
0d046ba
to
bf28c14
Compare
jagadeshjai
force-pushed
the
feature__add_option_custom_sync_url
branch
from
ae64392
to
a8b34bc
Compare
Fixed 👍 |
| // on Desktop OSes. However, we should also handle it on Android in the future. | ||
| #if !BUILDFLAG(IS_ANDROID) | ||
| if (prefs) { | ||
| std::string value = prefs->GetString(brave_sync::kCustomSyncServiceUrl); | ||
| if (!value.empty()) { | ||
| GURL custom_sync_url(value); | ||
| // Provided URL must be HTTPS. | ||
| if (custom_sync_url.is_valid() && | ||
| custom_sync_url.SchemeIs(url::kHttpsScheme)) { |
There was a problem hiding this comment.
I have doubt - Do we really need to check for the https scheme here? I feel that most users likely won’t serve their custom server over https, especially when it's within a personal/home network.
CC: @bsclifton
There was a problem hiding this comment.
I will add that I use a server over http. (And for remote access away from home, I use a VPN, so it's http within a Wireguard tunnel).
There was a problem hiding this comment.
Sorry for not responding earlier @jagadeshjai - thanks for raising
It was a requirement to have HTTPS by our security team. I haven't tested - but it should still be possible to use sync with a self signed cert. Also Let's Encrypt is pretty great now too
There was a problem hiding this comment.
Does the sync server have E2E encryption of the data that only the client can decrypt?
My understanding is that it does and that this is independent of the connection protocol (HTTP/HTTPS) so even if someone did something dumb and opened an http sync server to the internet, the only thing that might be visible is metadata but the actual data is encrypted.
If the security team is convinced something must be done, I would suggest a compromise of a warning, a sub-setting, or a flag.
Of course, if nothing is changed, then yeah, it'll force users to setup a reverse proxy (I'm not aware of a built-in way to use HTTPS with the docker container for the sync server as there is a lack of documentation for self-hosting the sync server because basic setup is basically just run the docker compose).
I hope this will be considered by the Brave teams. I appreciate all of the work done by Brave to make such a great browser!
There was a problem hiding this comment.
Brave uses client side encryption/description - it's impossible for us to see what is in a blob being stored (a bookmark, password, etc). We can see the type and that's it. Chrome has this too - but it's something you need to enable and provide a pass phrase. Hosting the https://github.com/brave/go-sync should be enough
jagadeshjai
force-pushed
the
feature__add_option_custom_sync_url
branch
from
a8b34bc
to
c5623ab
Compare
|
@goodov Could you please review this PR? |
bsclifton
force-pushed
the
feature__add_option_custom_sync_url
branch
2 times, most recently
from
83b5438
to
9d2de48
Compare
|
OK pinged a few folks - I need to share the UI with design / product to make sure it's good. I can follow up about any concerns once that happens. Thanks for your patience |
|
Just a few screenshots to share - I know the original post has a video too Here is what brave://settings/braveSync looks like (basically clicking Sync on left menu of brave://settings) for a new user: Here's what it looks like for folks that have a sync group setup: I think we should disable editing Custom Sync URL if the sync group is established. The reason for this would be: person would have created the data on the existing backend (by default, Brave). If they edit the URL, the browser code likely won't handle the switch to the new backend gracefully. The person would need to delete the sync group first before changing the URL. If the person didn't change the Sync URL and the group is created, we can probably hide this setting. And here's what it looks like if you have group policy setup that overrides This case looks good - but I think it needs a tooltip over the special group policy icon - so it could say |
jagadeshjai
force-pushed
the
feature__add_option_custom_sync_url
branch
from
9d2de48
to
3b1d897
Compare
relaunch button when toogle/url change.
…ndling custom sync url. Also show Relauch button and Managed icon when required. Conflicts: browser/ui/webui/brave_settings_ui.cc
…ervice via command line before bulding its service in browser context.
…DevServerUrl using chromium_src overrides instead of passing it via command_line
…in Android to |BraveGetSyncServiceURL|.
…s_sync_service_[sources/deps]. And Remove some unused includes.
jagadeshjai
force-pushed
the
feature__add_option_custom_sync_url
branch
from
3b1d897
to
4c3ef66
Compare
brave_components_sync_driver_[sources/deps]->brave_components_sync_service_[sources/deps]Resolves brave/brave-browser#12314
Resolves brave/brave-browser#41280
UI:
brave_custom_sync_input.webm
After configuring policy
Two different Profiles
Submitter Checklist:
QA/YesorQA/No;release-notes/includeorrelease-notes/exclude;OS/...) to the associated issuenpm run test -- brave_browser_tests,npm run test -- brave_unit_testswikinpm run presubmitwiki,npm run gn_check,npm run tslintgit rebase master(if needed)Reviewer Checklist:
gnAfter-merge Checklist:
changes has landed on
Test Plan: