Merge pull request #20202 from brave/issues/33077

Invalidate Ephemeral Storage origin key on page reload.
brave · Sep 25, 2023 · cd24de4 · cd24de4
2 parents cd701f7 + 4de7ace
commit cd24de4
Show file tree

Hide file tree

Showing 3 changed files with 81 additions and 14 deletions.
diff --git a/browser/ephemeral_storage/ephemeral_storage_1p_browsertest.cc b/browser/ephemeral_storage/ephemeral_storage_1p_browsertest.cc
@@ -36,19 +36,6 @@ class EphemeralStorage1pBrowserTest : public EphemeralStorageBrowserTest {
   base::test::ScopedFeatureList scoped_feature_list_;
 };
 
-class EphemeralStorage1pDisabledBrowserTest
-    : public EphemeralStorageBrowserTest {
- public:
-  EphemeralStorage1pDisabledBrowserTest() {
-    scoped_feature_list_.InitAndDisableFeature(
-        net::features::kBraveFirstPartyEphemeralStorage);
-  }
-  ~EphemeralStorage1pDisabledBrowserTest() override = default;
-
- private:
-  base::test::ScopedFeatureList scoped_feature_list_;
-};
-
 IN_PROC_BROWSER_TEST_F(EphemeralStorage1pBrowserTest, FirstPartyIsEphemeral) {
   SetCookieSetting(a_site_ephemeral_storage_url_, CONTENT_SETTING_SESSION_ONLY);
 
@@ -540,6 +527,75 @@ IN_PROC_BROWSER_TEST_F(
   EXPECT_EQ("name=bcom_simple", site_a_tab_values.iframe_2.cookies);
 }
 
+IN_PROC_BROWSER_TEST_F(EphemeralStorage1pBrowserTest,
+                       UseEphemeralStorageAfterReload) {
+  WebContents* first_party_tab = LoadURLInNewTab(a_site_ephemeral_storage_url_);
+
+  // Set values in the main frame.
+  SetValuesInFrame(first_party_tab->GetPrimaryMainFrame(), "a.com",
+                   "from=a.com");
+
+  {
+    ValuesFromFrame first_party_values =
+        GetValuesFromFrame(first_party_tab->GetPrimaryMainFrame());
+    EXPECT_EQ("a.com", first_party_values.local_storage);
+    EXPECT_EQ("a.com", first_party_values.session_storage);
+    EXPECT_EQ("from=a.com", first_party_values.cookies);
+  }
+
+  // Enable 1p Ephemeral Storage mode.
+  SetCookieSetting(a_site_ephemeral_storage_url_, CONTENT_SETTING_SESSION_ONLY);
+
+  {
+    ValuesFromFrame first_party_values =
+        GetValuesFromFrame(first_party_tab->GetPrimaryMainFrame());
+    // Local/Session storage should still access the non-Ephemeral backend.
+    EXPECT_EQ("a.com", first_party_values.local_storage);
+    EXPECT_EQ("a.com", first_party_values.session_storage);
+    // Cookies storage always uses sync calls, which means it will access
+    // Ephemeral Storage immediately after Content Settings change.
+    EXPECT_EQ("", first_party_values.cookies);
+  }
+
+  // Reload the page.
+  first_party_tab->GetController().Reload(content::ReloadType::NORMAL, true);
+  WaitForLoadStop(first_party_tab);
+
+  // After reload all values should be read from the Ephemeral Storage and be
+  // empty.
+  ExpectValuesFromFramesAreEmpty(FROM_HERE,
+                                 GetValuesFromFrames(first_party_tab));
+
+  // Disable 1p Ephemeral Storage mode.
+  SetCookieSetting(a_site_ephemeral_storage_url_, CONTENT_SETTING_DEFAULT);
+
+  // Reload the page.
+  first_party_tab->GetController().Reload(content::ReloadType::NORMAL, true);
+  WaitForLoadStop(first_party_tab);
+
+  // Data should be read from non-Ephemeral Storage.
+  {
+    ValuesFromFrame first_party_values =
+        GetValuesFromFrame(first_party_tab->GetPrimaryMainFrame());
+    EXPECT_EQ("a.com", first_party_values.local_storage);
+    EXPECT_EQ("a.com", first_party_values.session_storage);
+    EXPECT_EQ("from=a.com", first_party_values.cookies);
+  }
+}
+
+class EphemeralStorage1pDisabledBrowserTest
+    : public EphemeralStorageBrowserTest {
+ public:
+  EphemeralStorage1pDisabledBrowserTest() {
+    scoped_feature_list_.InitAndDisableFeature(
+        net::features::kBraveFirstPartyEphemeralStorage);
+  }
+  ~EphemeralStorage1pDisabledBrowserTest() override = default;
+
+ private:
+  base::test::ScopedFeatureList scoped_feature_list_;
+};
+
 // By default SESSION_ONLY setting means that data for a website should be
 // deleted after a restart, but this also implicitly changes how a website
 // behaves in 3p context: when the setting is explicit, Chromium removes 3p

diff --git a/components/content_settings/renderer/brave_content_settings_agent_impl.cc b/components/content_settings/renderer/brave_content_settings_agent_impl.cc
@@ -311,6 +311,14 @@ bool BraveContentSettingsAgentImpl::IsFirstPartyCosmeticFilteringEnabled(
   return setting == CONTENT_SETTING_BLOCK;
 }
 
+void BraveContentSettingsAgentImpl::DidCommitProvisionalLoad(
+    ui::PageTransition transition) {
+  ContentSettingsAgentImpl::DidCommitProvisionalLoad(transition);
+  // Invalidate Ephemeral Storage opaque origins. Page reload might change the
+  // Ephemeral Storage mode, in this case we should re-request it.
+  cached_ephemeral_storage_origins_.clear();
+}
+
 BraveFarblingLevel BraveContentSettingsAgentImpl::GetBraveFarblingLevel() {
   blink::WebLocalFrame* frame = render_frame()->GetWebFrame();
 

diff --git a/components/content_settings/renderer/brave_content_settings_agent_impl.h b/components/content_settings/renderer/brave_content_settings_agent_impl.h
@@ -48,6 +48,9 @@ class BraveContentSettingsAgentImpl
 
   bool IsFirstPartyCosmeticFilteringEnabled(const GURL& url) override;
 
+  // RenderFrameObserver:
+  void DidCommitProvisionalLoad(ui::PageTransition transition) override;
+
  protected:
   bool AllowScript(bool enabled_per_settings) override;
   bool AllowScriptFromSource(bool enabled_per_settings,
@@ -98,7 +101,7 @@ class BraveContentSettingsAgentImpl
   GURL blocked_script_url_;
 
   // Status of "reduce language identifiability" feature.
-  bool reduce_language_enabled_;
+  bool reduce_language_enabled_ = false;
 
   base::flat_map<url::Origin, blink::WebSecurityOrigin>
       cached_ephemeral_storage_origins_;