From 4de7aceadef480c3d59ccb186627f090dcee3134 Mon Sep 17 00:00:00 2001 From: Aleksey Khoroshilov Date: Mon, 18 Sep 2023 19:28:54 +0700 Subject: [PATCH] Invalidate Ephemeral Storage origin key on page reload. --- .../ephemeral_storage_1p_browsertest.cc | 82 ++++++++++++++++--- .../brave_content_settings_agent_impl.cc | 8 ++ .../brave_content_settings_agent_impl.h | 5 +- 3 files changed, 81 insertions(+), 14 deletions(-) diff --git a/browser/ephemeral_storage/ephemeral_storage_1p_browsertest.cc b/browser/ephemeral_storage/ephemeral_storage_1p_browsertest.cc index 4854ca57e429..8622921d092c 100644 --- a/browser/ephemeral_storage/ephemeral_storage_1p_browsertest.cc +++ b/browser/ephemeral_storage/ephemeral_storage_1p_browsertest.cc @@ -36,19 +36,6 @@ class EphemeralStorage1pBrowserTest : public EphemeralStorageBrowserTest { base::test::ScopedFeatureList scoped_feature_list_; }; -class EphemeralStorage1pDisabledBrowserTest - : public EphemeralStorageBrowserTest { - public: - EphemeralStorage1pDisabledBrowserTest() { - scoped_feature_list_.InitAndDisableFeature( - net::features::kBraveFirstPartyEphemeralStorage); - } - ~EphemeralStorage1pDisabledBrowserTest() override = default; - - private: - base::test::ScopedFeatureList scoped_feature_list_; -}; - IN_PROC_BROWSER_TEST_F(EphemeralStorage1pBrowserTest, FirstPartyIsEphemeral) { SetCookieSetting(a_site_ephemeral_storage_url_, CONTENT_SETTING_SESSION_ONLY); @@ -540,6 +527,75 @@ IN_PROC_BROWSER_TEST_F( EXPECT_EQ("name=bcom_simple", site_a_tab_values.iframe_2.cookies); } +IN_PROC_BROWSER_TEST_F(EphemeralStorage1pBrowserTest, + UseEphemeralStorageAfterReload) { + WebContents* first_party_tab = LoadURLInNewTab(a_site_ephemeral_storage_url_); + + // Set values in the main frame. + SetValuesInFrame(first_party_tab->GetPrimaryMainFrame(), "a.com", + "from=a.com"); + + { + ValuesFromFrame first_party_values = + GetValuesFromFrame(first_party_tab->GetPrimaryMainFrame()); + EXPECT_EQ("a.com", first_party_values.local_storage); + EXPECT_EQ("a.com", first_party_values.session_storage); + EXPECT_EQ("from=a.com", first_party_values.cookies); + } + + // Enable 1p Ephemeral Storage mode. + SetCookieSetting(a_site_ephemeral_storage_url_, CONTENT_SETTING_SESSION_ONLY); + + { + ValuesFromFrame first_party_values = + GetValuesFromFrame(first_party_tab->GetPrimaryMainFrame()); + // Local/Session storage should still access the non-Ephemeral backend. + EXPECT_EQ("a.com", first_party_values.local_storage); + EXPECT_EQ("a.com", first_party_values.session_storage); + // Cookies storage always uses sync calls, which means it will access + // Ephemeral Storage immediately after Content Settings change. + EXPECT_EQ("", first_party_values.cookies); + } + + // Reload the page. + first_party_tab->GetController().Reload(content::ReloadType::NORMAL, true); + WaitForLoadStop(first_party_tab); + + // After reload all values should be read from the Ephemeral Storage and be + // empty. + ExpectValuesFromFramesAreEmpty(FROM_HERE, + GetValuesFromFrames(first_party_tab)); + + // Disable 1p Ephemeral Storage mode. + SetCookieSetting(a_site_ephemeral_storage_url_, CONTENT_SETTING_DEFAULT); + + // Reload the page. + first_party_tab->GetController().Reload(content::ReloadType::NORMAL, true); + WaitForLoadStop(first_party_tab); + + // Data should be read from non-Ephemeral Storage. + { + ValuesFromFrame first_party_values = + GetValuesFromFrame(first_party_tab->GetPrimaryMainFrame()); + EXPECT_EQ("a.com", first_party_values.local_storage); + EXPECT_EQ("a.com", first_party_values.session_storage); + EXPECT_EQ("from=a.com", first_party_values.cookies); + } +} + +class EphemeralStorage1pDisabledBrowserTest + : public EphemeralStorageBrowserTest { + public: + EphemeralStorage1pDisabledBrowserTest() { + scoped_feature_list_.InitAndDisableFeature( + net::features::kBraveFirstPartyEphemeralStorage); + } + ~EphemeralStorage1pDisabledBrowserTest() override = default; + + private: + base::test::ScopedFeatureList scoped_feature_list_; +}; + // By default SESSION_ONLY setting means that data for a website should be // deleted after a restart, but this also implicitly changes how a website // behaves in 3p context: when the setting is explicit, Chromium removes 3p diff --git a/components/content_settings/renderer/brave_content_settings_agent_impl.cc b/components/content_settings/renderer/brave_content_settings_agent_impl.cc index 91cd8b56c924..1991b0add736 100644 --- a/components/content_settings/renderer/brave_content_settings_agent_impl.cc +++ b/components/content_settings/renderer/brave_content_settings_agent_impl.cc @@ -311,6 +311,14 @@ bool BraveContentSettingsAgentImpl::IsFirstPartyCosmeticFilteringEnabled( return setting == CONTENT_SETTING_BLOCK; } +void BraveContentSettingsAgentImpl::DidCommitProvisionalLoad( + ui::PageTransition transition) { + ContentSettingsAgentImpl::DidCommitProvisionalLoad(transition); + // Invalidate Ephemeral Storage opaque origins. Page reload might change the + // Ephemeral Storage mode, in this case we should re-request it. + cached_ephemeral_storage_origins_.clear(); +} + BraveFarblingLevel BraveContentSettingsAgentImpl::GetBraveFarblingLevel() { blink::WebLocalFrame* frame = render_frame()->GetWebFrame(); diff --git a/components/content_settings/renderer/brave_content_settings_agent_impl.h b/components/content_settings/renderer/brave_content_settings_agent_impl.h index 76a719134d39..20d8afee23ff 100644 --- a/components/content_settings/renderer/brave_content_settings_agent_impl.h +++ b/components/content_settings/renderer/brave_content_settings_agent_impl.h @@ -48,6 +48,9 @@ class BraveContentSettingsAgentImpl bool IsFirstPartyCosmeticFilteringEnabled(const GURL& url) override; + // RenderFrameObserver: + void DidCommitProvisionalLoad(ui::PageTransition transition) override; + protected: bool AllowScript(bool enabled_per_settings) override; bool AllowScriptFromSource(bool enabled_per_settings, @@ -98,7 +101,7 @@ class BraveContentSettingsAgentImpl GURL blocked_script_url_; // Status of "reduce language identifiability" feature. - bool reduce_language_enabled_; + bool reduce_language_enabled_ = false; base::flat_map cached_ephemeral_storage_origins_;