Refactor into separate classes instead of chromium overrides

brave · Dec 18, 2024 · 014a4ae · 014a4ae
1 parent 526d238
commit 014a4ae
Show file tree

Hide file tree

Showing 13 changed files with 613 additions and 303 deletions.
diff --git a/chromium_src/ios/web/public/webui/url_data_source_ios.h b/chromium_src/ios/web/public/webui/url_data_source_ios.h
@@ -6,30 +6,12 @@
 #ifndef BRAVE_CHROMIUM_SRC_IOS_WEB_PUBLIC_WEBUI_URL_DATA_SOURCE_IOS_H_
 #define BRAVE_CHROMIUM_SRC_IOS_WEB_PUBLIC_WEBUI_URL_DATA_SOURCE_IOS_H_
 
-#include <cstdint>
-
-namespace network::mojom {
-enum class CSPDirectiveName : std::int32_t;
-}  // namespace network::mojom
-
-#define GetContentSecurityPolicyObjectSrc                 \
-  GetContentSecurityPolicyObjectSrc_ChromiumImpl() const; \
-  virtual std::string GetContentSecurityPolicyObjectSrc
-
-#define ShouldServiceRequest                                    \
-  ShouldServiceRequest_ChromiumImpl(const GURL& url) const;     \
-  virtual bool ShouldServiceRequest(const GURL& url) const;     \
-  virtual bool ShouldAddContentSecurityPolicy() const;          \
-  virtual std::string GetContentSecurityPolicyFrameSrc() const; \
-  virtual std::string GetContentSecurityPolicy(                 \
-      network::mojom::CSPDirectiveName directive) const;        \
-                                                                \
- private:                                                       \
-  bool Dummy
+#define GetContentSecurityPolicyObjectSrc    \
+  GetContentSecurityPolicyObjectSrc() const; \
+  virtual std::string GetContentSecurityPolicyFrameSrc
 
 #import "src/ios/web/public/webui/url_data_source_ios.h"  // IWYU pragma: export
 
 #undef GetContentSecurityPolicyObjectSrc
-#undef ShouldServiceRequest
 
 #endif  // BRAVE_CHROMIUM_SRC_IOS_WEB_PUBLIC_WEBUI_URL_DATA_SOURCE_IOS_H_
diff --git a/chromium_src/ios/web/public/webui/web_ui_ios_data_source.h b/chromium_src/ios/web/public/webui/web_ui_ios_data_source.h
diff --git a/chromium_src/ios/web/webui/url_data_manager_ios_backend.mm b/chromium_src/ios/web/webui/url_data_manager_ios_backend.mm
@@ -5,13 +5,9 @@
 
 #include "ios/web/webui/url_data_manager_ios_backend.h"
 
-#define ShouldDenyXFrameOptions ShouldDenyXFrameOptions());   \
-  job->set_add_content_security_policy(                       \
-      source->source()->ShouldAddContentSecurityPolicy());    \
-  job->set_content_security_policy_object_source(             \
-      source->source()->GetContentSecurityPolicyObjectSrc()); \
-  job->set_content_security_policy_frame_source(              \
-      source->source()->GetContentSecurityPolicyFrameSrc());  \
+#define ShouldDenyXFrameOptions ShouldDenyXFrameOptions());  \
+  job->set_content_security_policy_frame_source(             \
+      source->source()->GetContentSecurityPolicyFrameSrc()); \
         void(void
 
 #include "src/ios/web/webui/url_data_manager_ios_backend.mm"

diff --git a/chromium_src/ios/web/webui/url_data_source_ios.mm b/chromium_src/ios/web/webui/url_data_source_ios.mm
@@ -5,149 +5,14 @@
 
 #include "ios/web/public/webui/url_data_source_ios.h"
 
-#include "base/containers/span.h"
-#include "base/no_destructor.h"
-#include "base/strings/strcat.h"
-#include "base/strings/stringprintf.h"
-#include "base/strings/utf_string_conversions.h"
-#include "ios/components/webui/web_ui_url_constants.h"
-#include "services/network/public/mojom/content_security_policy.mojom.h"
-
-namespace {
-
-// A chrome-untrusted data source's name starts with chrome-untrusted://.
-bool IsChromeUntrustedDataSource(const web::URLDataSourceIOS* source) {
-  static const base::NoDestructor<std::string> kChromeUntrustedSourceNamePrefix(
-      base::StrCat({kChromeUIUntrustedScheme, url::kStandardSchemeSeparator}));
-
-  return base::StartsWith(source->GetSource(),
-                          *kChromeUntrustedSourceNamePrefix,
-                          base::CompareCase::SENSITIVE);
-}
-
-}  // namespace
-
 namespace web {
-bool URLDataSourceIOS::ShouldAddContentSecurityPolicy() const {
-  return true;
-}
-
-bool URLDataSourceIOS::ShouldServiceRequest(const GURL& url) const {
-  return URLDataSourceIOS::ShouldServiceRequest_ChromiumImpl(url);
-}
-
-std::string URLDataSourceIOS::GetContentSecurityPolicyObjectSrc() const {
-  if (ShouldAddContentSecurityPolicy()) {
-    std::string csp_header;
-
-    const network::mojom::CSPDirectiveName kAllDirectives[] = {
-        network::mojom::CSPDirectiveName::BaseURI,
-        network::mojom::CSPDirectiveName::ChildSrc,
-        network::mojom::CSPDirectiveName::ConnectSrc,
-        network::mojom::CSPDirectiveName::DefaultSrc,
-        network::mojom::CSPDirectiveName::FencedFrameSrc,
-        network::mojom::CSPDirectiveName::FormAction,
-        network::mojom::CSPDirectiveName::FontSrc,
-        network::mojom::CSPDirectiveName::ImgSrc,
-        network::mojom::CSPDirectiveName::MediaSrc,
-        network::mojom::CSPDirectiveName::ObjectSrc,
-        network::mojom::CSPDirectiveName::RequireTrustedTypesFor,
-        network::mojom::CSPDirectiveName::ScriptSrc,
-        network::mojom::CSPDirectiveName::StyleSrc,
-        network::mojom::CSPDirectiveName::TrustedTypes,
-        network::mojom::CSPDirectiveName::WorkerSrc};
-
-    for (auto& directive : kAllDirectives) {
-      csp_header.append(GetContentSecurityPolicy(directive));
-    }
-
-    // TODO(crbug.com/40118579): Both CSP frame ancestors and XFO headers may be
-    // added to the response but frame ancestors would take precedence. In the
-    // future, XFO will be removed so when that happens remove the check and
-    // always add frame ancestors.
-    if (ShouldDenyXFrameOptions()) {
-      csp_header.append(GetContentSecurityPolicy(
-          network::mojom::CSPDirectiveName::FrameAncestors));
-    }
-
-    return csp_header;
-  }
-
-  return URLDataSourceIOS::GetContentSecurityPolicyObjectSrc_ChromiumImpl();
-}
 
 std::string URLDataSourceIOS::GetContentSecurityPolicyFrameSrc() const {
-  std::string frame_src =
-      GetContentSecurityPolicy(network::mojom::CSPDirectiveName::FrameSrc);
-  if (!frame_src.empty()) {
-    return frame_src;
-  }
-
+  // Default for iOS:
+  // https://source.chromium.org/chromium/chromium/src/+/main:ios/web/webui/url_data_manager_ios_backend.mm;l=511?q=set_content_security_policy_frame_source&ss=chromium%2Fchromium%2Fsrc
   return "frame-src 'none';";
 }
 
-std::string URLDataSourceIOS::GetContentSecurityPolicy(
-    network::mojom::CSPDirectiveName directive) const {
-  switch (directive) {
-    case network::mojom::CSPDirectiveName::ChildSrc:
-      return "child-src 'none';";
-    case network::mojom::CSPDirectiveName::DefaultSrc:
-      return IsChromeUntrustedDataSource(this) ? "default-src 'self';"
-                                               : std::string();
-    case network::mojom::CSPDirectiveName::ObjectSrc:
-      return "object-src 'none';";
-    case network::mojom::CSPDirectiveName::ScriptSrc:
-      // Note: Do not add 'unsafe-eval' here. Instead override CSP for the
-      // specific pages that need it, see context http://crbug.com/525224.
-      return IsChromeUntrustedDataSource(this)
-                 ? base::StrCat({"script-src", kChromeUIUntrustedScheme,
-                                 url::kStandardSchemeSeparator,
-                                 "resources 'self';"})
-                 : "script-src chrome://resources 'self';";
-    case network::mojom::CSPDirectiveName::FrameAncestors:
-      return "frame-ancestors 'none';";
-    case network::mojom::CSPDirectiveName::RequireTrustedTypesFor:
-      return "require-trusted-types-for 'script';";
-    case network::mojom::CSPDirectiveName::TrustedTypes:
-      return "trusted-types;";
-    case network::mojom::CSPDirectiveName::BaseURI:
-      return IsChromeUntrustedDataSource(this) ? "base-uri 'none';"
-                                               : std::string();
-    case network::mojom::CSPDirectiveName::FormAction:
-      return IsChromeUntrustedDataSource(this) ? "form-action 'none';"
-                                               : std::string();
-    case network::mojom::CSPDirectiveName::BlockAllMixedContent:
-    case network::mojom::CSPDirectiveName::ConnectSrc:
-    case network::mojom::CSPDirectiveName::FencedFrameSrc:
-    case network::mojom::CSPDirectiveName::FrameSrc:
-    case network::mojom::CSPDirectiveName::FontSrc:
-    case network::mojom::CSPDirectiveName::ImgSrc:
-    case network::mojom::CSPDirectiveName::ManifestSrc:
-    case network::mojom::CSPDirectiveName::MediaSrc:
-    case network::mojom::CSPDirectiveName::ReportURI:
-    case network::mojom::CSPDirectiveName::Sandbox:
-    case network::mojom::CSPDirectiveName::ScriptSrcAttr:
-    case network::mojom::CSPDirectiveName::ScriptSrcElem:
-    case network::mojom::CSPDirectiveName::StyleSrc:
-    case network::mojom::CSPDirectiveName::StyleSrcAttr:
-    case network::mojom::CSPDirectiveName::StyleSrcElem:
-    case network::mojom::CSPDirectiveName::UpgradeInsecureRequests:
-    case network::mojom::CSPDirectiveName::TreatAsPublicAddress:
-    case network::mojom::CSPDirectiveName::WorkerSrc:
-    case network::mojom::CSPDirectiveName::ReportTo:
-    case network::mojom::CSPDirectiveName::Unknown:
-      return std::string();
-  }
-}
-
 }  // namespace web
 
-#define GetContentSecurityPolicyObjectSrc \
-  GetContentSecurityPolicyObjectSrc_ChromiumImpl
-
-#define ShouldServiceRequest ShouldServiceRequest_ChromiumImpl
-
 #include "src/ios/web/webui/url_data_source_ios.mm"
-
-#undef ShouldServiceRequest
-#undef GetContentSecurityPolicyObjectSrc
diff --git a/chromium_src/ios/web/webui/web_ui_ios_data_source_impl.h b/chromium_src/ios/web/webui/web_ui_ios_data_source_impl.h
diff --git a/chromium_src/ios/web/webui/web_ui_ios_data_source_impl.mm b/chromium_src/ios/web/webui/web_ui_ios_data_source_impl.mm
diff --git a/ios/browser/ui/webui/BUILD.gn b/ios/browser/ui/webui/BUILD.gn
@@ -1,4 +1,4 @@
-# Copyright (c) 2023 The Brave Authors. All rights reserved.
+# Copyright (c) 2024 The Brave Authors. All rights reserved.
 # This Source Code Form is subject to the terms of the Mozilla Public
 # License, v. 2.0. If a copy of the MPL was not distributed with this file,
 # You can obtain one at https://mozilla.org/MPL/2.0/.
@@ -19,6 +19,7 @@ source_set("webui") {
     "//brave/components/constants",
     "//brave/components/webui",
     "//brave/ios/browser/ui/webui/ads",
+    "//brave/ios/browser/ui/webui/public",
     "//brave/ios/browser/ui/webui/skus",
     "//components/prefs",
     "//components/profile_metrics",

diff --git a/ios/browser/ui/webui/brave_webui_source.mm b/ios/browser/ui/webui/brave_webui_source.mm
@@ -12,6 +12,7 @@
 #include "base/strings/utf_string_conversions.h"
 #include "brave/components/constants/url_constants.h"
 #include "brave/components/webui/webui_resources.h"
+#include "brave/ios/browser/ui/webui/public/brave_web_ui_ios_data_source.h"
 #include "build/build_config.h"
 #include "components/grit/components_resources.h"
 #include "ios/chrome/browser/shared/model/profile/profile_ios.h"
@@ -36,7 +37,7 @@ void CustomizeWebUIHTMLSource(web::WebUIIOS* web_ui,
     size_t resource_map_size,
     int html_resource_id,
     bool disable_trusted_types_csp) {
-  web::WebUIIOSDataSource* source = web::WebUIIOSDataSource::Create(name);
+  web::WebUIIOSDataSource* source = BraveWebUIIOSDataSource::Create(name);
   web::WebUIIOSDataSource::Add(ProfileIOS::FromWebUIIOS(web_ui), source);
 
   source->UseStringsJs();