Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Prevent external favicons fetch on password manager page. #27066

Merged
merged 2 commits into from
Dec 20, 2024
Merged

Conversation

goodov
Copy link
Member

@goodov goodov commented Dec 19, 2024

Disable cr-auto-img fetch introduced in CL [1]. Instead chrome://favicon2-based div is used which only access cached icons.

  1. https://chromium-review.googlesource.com/c/chromium/src/+/4032157

Resolves brave/brave-browser#42955

Submitter Checklist:

  • I confirm that no security/privacy review is needed and no other type of reviews are needed, or that I have requested them
  • There is a ticket for my issue
  • Used Github auto-closing keywords in the PR description above
  • Wrote a good PR/commit description
  • Squashed any review feedback or "fixup" commits before merge, so that history is a record of what happened in the repo, not your PR
  • Added appropriate labels (QA/Yes or QA/No; release-notes/include or release-notes/exclude; OS/...) to the associated issue
  • Checked the PR locally:
    • npm run test -- brave_browser_tests, npm run test -- brave_unit_tests wiki
    • npm run presubmit wiki, npm run gn_check, npm run tslint
  • Ran git rebase master (if needed)

Reviewer Checklist:

  • A security review is not needed, or a link to one is included in the PR description
  • New files have MPL-2.0 license header
  • Adequate test coverage exists to prevent regressions
  • Major classes, functions and non-trivial code blocks are well-commented
  • Changes in component dependencies are properly reflected in gn
  • Code follows the style guide
  • Test plan is specified in PR before merging

After-merge Checklist:

Test Plan:

with open(definition_file, encoding='utf-8', mode='r') as f:
content = f.read()

if POLYMER_OVERRIDING_TOKEN in content:
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if chromium_src override doesn't have //resources/polymer/v3_0/polymer/polymer_bundled.min.js line, then template html is treated incorrectly.

our overrides can miss this line when it's not necessary, so we need to improve the content detector to handle such cases.

@brave-builds
Copy link
Collaborator

A Storybook has been deployed to preview UI for the latest push

@goodov goodov marked this pull request as ready for review December 19, 2024 10:48
@goodov goodov requested review from a team as code owners December 19, 2024 10:48
Copy link
Contributor

The security team is monitoring all repositories for certain keywords. This PR includes the word(s) "password" and so security team members have been added as reviewers to take a look.

No need to request a full security review at this stage, the security team will take a look shortly and either clear the label or request more information/changes.

Notifications have already been sent, but if this is blocking your merge feel free to reach out directly to the security team on Slack so that we can expedite this check.

@goodov goodov force-pushed the issues/42955 branch 3 times, most recently from b650d1b to afaf7fa Compare December 20, 2024 13:35
@goodov goodov enabled auto-merge (squash) December 20, 2024 14:27
@goodov goodov merged commit 6a75a93 into master Dec 20, 2024
24 checks passed
@goodov goodov deleted the issues/42955 branch December 20, 2024 14:56
@github-actions github-actions bot added this to the 1.75.x - Nightly milestone Dec 20, 2024
@brave-builds
Copy link
Collaborator

Released in v1.75.116

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
CI/storybook-url Deploy storybook and provide a unique URL for each build
Projects
None yet
5 participants