Merge pull request #7647 from brave/ephemeral-storage

only use ephemeral storage for block 3p setting
brave · Jan 25, 2021 · 3dc841e · 3dc841e
2 parents 2a6a4f7 + bed4ed0
commit 3dc841e
Show file tree

Hide file tree

Showing 15 changed files with 244 additions and 169 deletions.
diff --git a/browser/ephemeral_storage/ephemeral_storage_browsertest.cc b/browser/ephemeral_storage/ephemeral_storage_browsertest.cc
@@ -109,13 +109,6 @@ class EphemeralStorageBrowserTest : public InProcessBrowserTest {
     command_line->AppendSwitch(switches::kIgnoreCertificateErrors);
   }
 
-  void AllowAllCookies() {
-    auto* content_settings =
-        HostContentSettingsMapFactory::GetForProfile(browser()->profile());
-    brave_shields::SetCookieControlType(
-        content_settings, brave_shields::ControlType::ALLOW, GURL());
-  }
-
   void SetValuesInFrame(RenderFrameHost* frame,
                         std::string storage_value,
                         std::string cookie_value) {
@@ -184,8 +177,6 @@ class EphemeralStorageBrowserTest : public InProcessBrowserTest {
 };
 
 IN_PROC_BROWSER_TEST_F(EphemeralStorageBrowserTest, StorageIsPartitioned) {
-  AllowAllCookies();
-
   WebContents* first_party_tab = LoadURLInNewTab(b_site_ephemeral_storage_url_);
   WebContents* site_a_tab1 = LoadURLInNewTab(a_site_ephemeral_storage_url_);
   WebContents* site_a_tab2 = LoadURLInNewTab(a_site_ephemeral_storage_url_);
@@ -263,8 +254,6 @@ IN_PROC_BROWSER_TEST_F(EphemeralStorageBrowserTest, StorageIsPartitioned) {
 
 IN_PROC_BROWSER_TEST_F(EphemeralStorageBrowserTest,
                        NavigatingClearsEphemeralStorage) {
-  AllowAllCookies();
-
   ui_test_utils::NavigateToURL(browser(), a_site_ephemeral_storage_url_);
   auto* web_contents = browser()->tab_strip_model()->GetActiveWebContents();
 
@@ -303,8 +292,6 @@ IN_PROC_BROWSER_TEST_F(EphemeralStorageBrowserTest,
 
 IN_PROC_BROWSER_TEST_F(EphemeralStorageBrowserTest,
                        ClosingTabClearsEphemeralStorage) {
-  AllowAllCookies();
-
   WebContents* site_a_tab = LoadURLInNewTab(a_site_ephemeral_storage_url_);
   EXPECT_EQ(browser()->tab_strip_model()->count(), 2);
 
@@ -353,8 +340,6 @@ IN_PROC_BROWSER_TEST_F(EphemeralStorageBrowserTest,
 
 IN_PROC_BROWSER_TEST_F(EphemeralStorageBrowserTest,
                        ReloadDoesNotClearEphemeralStorage) {
-  AllowAllCookies();
-
   ui_test_utils::NavigateToURL(browser(), a_site_ephemeral_storage_url_);
   auto* web_contents = browser()->tab_strip_model()->GetActiveWebContents();
 
@@ -392,8 +377,6 @@ IN_PROC_BROWSER_TEST_F(EphemeralStorageBrowserTest,
 
 IN_PROC_BROWSER_TEST_F(EphemeralStorageBrowserTest,
                        EphemeralStorageDoesNotLeakBetweenProfiles) {
-  AllowAllCookies();
-
   ui_test_utils::NavigateToURL(browser(), a_site_ephemeral_storage_url_);
   auto* web_contents = browser()->tab_strip_model()->GetActiveWebContents();
 
@@ -456,9 +439,7 @@ IN_PROC_BROWSER_TEST_F(EphemeralStorageBrowserTest,
 }
 
 IN_PROC_BROWSER_TEST_F(EphemeralStorageBrowserTest,
-                       NavigationCookiesArePartitioned) {
-  AllowAllCookies();
-
+                       DISABLED_NavigationCookiesArePartitioned) {
   GURL a_site_set_cookie_url = https_server_.GetURL(
       "a.com", "/set-cookie?name=acom;path=/;SameSite=None;Secure");
   GURL b_site_set_cookie_url = https_server_.GetURL(
@@ -510,8 +491,6 @@ IN_PROC_BROWSER_TEST_F(EphemeralStorageBrowserTest,
 
 IN_PROC_BROWSER_TEST_F(EphemeralStorageBrowserTest,
                        FirstPartyNestedInThirdParty) {
-  AllowAllCookies();
-
   auto* web_contents = browser()->tab_strip_model()->GetActiveWebContents();
 
   GURL a_site_set_cookie_url = https_server_.GetURL(

diff --git a/browser/ephemeral_storage/ephemeral_storage_tab_helper.cc b/browser/ephemeral_storage/ephemeral_storage_tab_helper.cc
@@ -11,6 +11,7 @@
 #include "base/feature_list.h"
 #include "base/hash/md5.h"
 #include "base/no_destructor.h"
+#include "base/optional.h"
 #include "content/public/browser/navigation_handle.h"
 #include "content/public/browser/session_storage_namespace.h"
 #include "content/public/browser/storage_partition.h"
@@ -27,6 +28,10 @@ namespace ephemeral_storage {
 
 namespace {
 
+// TODO(bridiver) - share these constants with DOMWindowStorage
+constexpr char kSessionStorageSuffix[] = "/ephemeral-session-storage";
+constexpr char kLocalStorageSuffix[] = "/ephemeral-local-storage";
+
 // Session storage ids are expected to be 36 character long GUID strings. Since
 // we are constructing our own ids, we convert our string into a 32 character
 // hash and then use that make up our own GUID-like string. Because of the way
@@ -90,9 +95,9 @@ void EphemeralStorageTabHelper::CreateEphemeralStorageAreasForDomainAndURL(
   // namespace, this will just give us a new reference. When the last tab helper
   // drops the reference, the namespace should be deleted.
   std::string local_partition_id =
-      StringToSessionStorageId(new_domain, "/ephemeral-local-storage");
-  local_storage_namespace_ =
-      content::CreateSessionStorageNamespace(partition, local_partition_id);
+      StringToSessionStorageId(new_domain, kLocalStorageSuffix);
+  local_storage_namespace_ = content::CreateSessionStorageNamespace(
+      partition, local_partition_id, base::nullopt);
 
   // Session storage is always per-tab and never per-TLD, so we always delete
   // and recreate the session storage when switching domains.
@@ -104,9 +109,18 @@ void EphemeralStorageTabHelper::CreateEphemeralStorageAreasForDomainAndURL(
 
   std::string session_partition_id = StringToSessionStorageId(
       content::GetSessionStorageNamespaceId(web_contents()),
-      "/ephemeral-session-storage");
-  session_storage_namespace_ =
-      content::CreateSessionStorageNamespace(partition, session_partition_id);
+      kSessionStorageSuffix);
+
+  auto* rfh = web_contents()->GetOpener();
+  session_storage_namespace_ = content::CreateSessionStorageNamespace(
+      partition, session_partition_id,
+      // clone the namespace if there is an opener
+      // https://html.spec.whatwg.org/multipage/browsers.html#copy-session-storage
+      rfh ? base::make_optional<std::string>(StringToSessionStorageId(
+                content::GetSessionStorageNamespaceId(
+                    WebContents::FromRenderFrameHost(rfh)),
+                kSessionStorageSuffix))
+          : base::nullopt);
 
   tld_ephemeral_lifetime_ = content::TLDEphemeralLifetime::GetOrCreate(
       browser_context, partition, new_domain);

diff --git a/chromium_src/components/content_settings/core/common/cookie_settings_base.cc b/chromium_src/components/content_settings/core/common/cookie_settings_base.cc
@@ -11,6 +11,7 @@
 #include "components/content_settings/core/common/content_settings.h"
 #include "components/content_settings/core/common/content_settings_pattern.h"
 #include "components/content_settings/core/common/features.h"
+#include "net/base/features.h"
 #include "net/base/registry_controlled_domains/registry_controlled_domain.h"
 #include "url/gurl.h"
 #include "url/origin.h"
@@ -143,8 +144,46 @@ bool BraveIsAllowedThirdParty(
   return false;
 }
 
+// TODO(bridiver) make this a common method that can be shared with
+// BraveContentSettingsAgentImpl
+bool ShouldUseEphemeralStorage(
+    const GURL& url,
+    const GURL& site_for_cookies,
+    const base::Optional<url::Origin>& top_frame_origin,
+    const CookieSettingsBase* const cookie_settings) {
+  if (!base::FeatureList::IsEnabled(net::features::kBraveEphemeralStorage))
+    return false;
+
+  if (!top_frame_origin || url::Origin::Create(url) == top_frame_origin)
+    return false;
+
+  bool block_3p = !cookie_settings->IsCookieAccessAllowed(url, site_for_cookies,
+                                                          top_frame_origin);
+  bool block_1p = !cookie_settings->IsCookieAccessAllowed(
+      url, url, url::Origin::Create(url));
+
+  // only use ephemeral storage for block 3p
+  return block_3p && !block_1p;
+}
+
 }  // namespace
 
+bool CookieSettingsBase::IsEphemeralCookieAccessAllowed(
+    const GURL& url,
+    const GURL& first_party_url) const {
+  return IsEphemeralCookieAccessAllowed(url, first_party_url, base::nullopt);
+}
+
+bool CookieSettingsBase::IsEphemeralCookieAccessAllowed(
+    const GURL& url,
+    const GURL& site_for_cookies,
+    const base::Optional<url::Origin>& top_frame_origin) const {
+  if (ShouldUseEphemeralStorage(url, site_for_cookies, top_frame_origin, this))
+    return true;
+
+  return IsCookieAccessAllowed(url, site_for_cookies, top_frame_origin);
+}
+
 bool CookieSettingsBase::IsCookieAccessAllowed(
     const GURL& url, const GURL& first_party_url) const {
   return IsCookieAccessAllowed(url, first_party_url, base::nullopt);
@@ -154,7 +193,6 @@ bool CookieSettingsBase::IsCookieAccessAllowed(
     const GURL& url,
     const GURL& site_for_cookies,
     const base::Optional<url::Origin>& top_frame_origin) const {
-
   // Get content settings only - do not consider default 3rd-party blocking.
   ContentSetting setting;
   GetCookieSettingInternal(

diff --git a/chromium_src/components/content_settings/core/common/cookie_settings_base.h b/chromium_src/components/content_settings/core/common/cookie_settings_base.h
@@ -7,12 +7,15 @@
 #define BRAVE_CHROMIUM_SRC_COMPONENTS_CONTENT_SETTINGS_CORE_COMMON_COOKIE_SETTINGS_BASE_H_
 
 #define BRAVE_COOKIE_SETTINGS_BASE_H                                      \
- private:                                                                 \
+  bool IsEphemeralCookieAccessAllowed(const GURL& url,                    \
+                                      const GURL& first_party_url) const; \
+  bool IsEphemeralCookieAccessAllowed(                                    \
+      const GURL& url, const GURL& site_for_cookies,                      \
+      const base::Optional<url::Origin>& top_frame_origin) const;         \
   bool IsChromiumCookieAccessAllowed(const GURL& url,                     \
                                      const GURL& first_party_url) const;  \
   bool IsChromiumCookieAccessAllowed(                                     \
-      const GURL& url,                                                    \
-      const GURL& site_for_cookies,                                       \
+      const GURL& url, const GURL& site_for_cookies,                      \
       const base::Optional<url::Origin>& top_frame_origin) const;
 
 #include "../../../../../../components/content_settings/core/common/cookie_settings_base.h"

diff --git a/chromium_src/content/browser/browser_context.cc b/chromium_src/content/browser/browser_context.cc
@@ -8,6 +8,7 @@
 #include <string>
 
 #include "base/memory/ref_counted.h"
+#include "base/optional.h"
 #include "content/browser/dom_storage/dom_storage_context_wrapper.h"
 #include "content/browser/dom_storage/session_storage_namespace_impl.h"
 #include "content/browser/renderer_host/render_view_host_delegate.h"
@@ -20,13 +21,19 @@ namespace content {
 
 scoped_refptr<content::SessionStorageNamespace> CreateSessionStorageNamespace(
     content::StoragePartition* partition,
-    const std::string& namespace_id) {
+    const std::string& namespace_id,
+    base::Optional<std::string> clone_from_namespace_id) {
   content::DOMStorageContextWrapper* context_wrapper =
       static_cast<content::DOMStorageContextWrapper*>(
           partition->GetDOMStorageContext());
 
-  return content::SessionStorageNamespaceImpl::Create(context_wrapper,
-                                                      namespace_id);
+  if (clone_from_namespace_id) {
+    return content::SessionStorageNamespaceImpl::CloneFrom(
+        context_wrapper, namespace_id, clone_from_namespace_id.value(), true);
+  } else {
+    return content::SessionStorageNamespaceImpl::Create(context_wrapper,
+                                                        namespace_id);
+  }
 }
 
 std::string GetSessionStorageNamespaceId(WebContents* web_contents) {
@@ -38,7 +45,6 @@ std::string GetSessionStorageNamespaceId(WebContents* web_contents) {
 
 }  // namespace content
 
-
 namespace content {
 bool BrowserContext::IsTor() const {
   return false;

diff --git a/chromium_src/content/public/browser/browser_context.h b/chromium_src/content/public/browser/browser_context.h
@@ -6,14 +6,16 @@
 #ifndef BRAVE_CHROMIUM_SRC_CONTENT_PUBLIC_BROWSER_BROWSER_CONTEXT_H_
 #define BRAVE_CHROMIUM_SRC_CONTENT_PUBLIC_BROWSER_BROWSER_CONTEXT_H_
 
-#define IsOffTheRecord IsTor() const; \
-    virtual bool IsOffTheRecord
+#define IsOffTheRecord \
+  IsTor() const;       \
+  virtual bool IsOffTheRecord
 #include "../../../../../content/public/browser/browser_context.h"
 #undef IsOffTheRecord
 
 #include <string>
 
 #include "base/memory/ref_counted.h"
+#include "base/optional.h"
 #include "content/common/content_export.h"
 #include "content/public/browser/tld_ephemeral_lifetime.h"
 
@@ -24,8 +26,10 @@ class SessionStorageNamespace;
 class StoragePartition;
 
 CONTENT_EXPORT scoped_refptr<content::SessionStorageNamespace>
-CreateSessionStorageNamespace(content::StoragePartition* partition,
-                              const std::string& namespace_id);
+CreateSessionStorageNamespace(
+    content::StoragePartition* partition,
+    const std::string& namespace_id,
+    base::Optional<std::string> clone_from_namespace_id);
 
 CONTENT_EXPORT std::string GetSessionStorageNamespaceId(WebContents*);
 

diff --git a/chromium_src/net/url_request/url_request_http_job.cc b/chromium_src/net/url_request/url_request_http_job.cc