Block filesystem access when cookies are blocked

Partial fix for brave/browser-laptop#3214. Auditors: @bridiver
brave · Aug 19, 2016 · de678ee · de678ee
1 parent c49913f
commit de678ee
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 2 deletions.
diff --git a/atom/renderer/content_settings_client.cc b/atom/renderer/content_settings_client.cc
@@ -143,6 +143,36 @@ bool ContentSettingsClient::allowDatabase(const WebString& name,
   return allow;
 }
 
+
+void ContentSettingsClient::requestFileSystemAccessAsync(
+        const WebContentSettingCallbacks& callbacks) {
+  WebFrame* frame = render_frame()->GetWebFrame();
+  WebContentSettingCallbacks permissionCallbacks(callbacks);
+  if (frame->getSecurityOrigin().isUnique() ||
+      frame->top()->getSecurityOrigin().isUnique()) {
+      permissionCallbacks.doDeny();
+      return;
+  }
+
+  bool allow = true;
+  GURL secondary_url(
+      blink::WebStringToGURL(frame->getSecurityOrigin().toString()));
+  if (content_settings_manager_->content_settings()) {
+    allow =
+        content_settings_manager_->GetSetting(
+          GetOriginOrURL(frame),
+          secondary_url,
+          "cookies",
+          allow) != CONTENT_SETTING_BLOCK;
+  }
+  if (!allow) {
+      DidBlockContentType("filesystem", secondary_url.spec());
+      permissionCallbacks.doDeny();
+  } else {
+      permissionCallbacks.doAllow();
+  }
+}
+
 bool ContentSettingsClient::allowImage(bool enabled_per_settings,
                                          const WebURL& image_url) {
   if (enabled_per_settings && IsWhitelistedForContentSettings())

diff --git a/atom/renderer/content_settings_client.h b/atom/renderer/content_settings_client.h
@@ -58,8 +58,8 @@ class ContentSettingsClient
   bool allowDatabase(const blink::WebString& name,
                      const blink::WebString& display_name,
                      unsigned long estimated_size) override;  // NOLINT
-  // void requestFileSystemAccessAsync(
-  //     const blink::WebContentSettingCallbacks& callbacks) override;
+  void requestFileSystemAccessAsync(
+          const blink::WebContentSettingCallbacks& callbacks) override;
   bool allowImage(bool enabled_per_settings,
                   const blink::WebURL& image_url) override;
   bool allowIndexedDB(const blink::WebString& name,