summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAllan Sandfeld Jensen <allan.jensen@qt.io>2018-02-15 17:58:31 +0100
committerAllan Sandfeld Jensen <allan.jensen@qt.io>2018-04-03 16:37:32 +0000
commitdd2acb8a0a5ccbbf34664987fdcf4b3a418c54f9 (patch)
treece784d2a3f8d21bd1a57ec562dfc121906411085
parentcce649b65d31353754af9e34148c0e8d4068d3cf (diff)
Tie worker rights to cookie policy like Chromium doesv5.11.0-beta3
Instead of always allowing all workers, disallow when similar cookies would have been disallowed. This is following the same logic as Chromium is using. Change-Id: I6b9d6c63b894287f64171b138fe03ec080af5115 Reviewed-by: Leena Miettinen <riitta-leena.miettinen@qt.io> Reviewed-by: Peter Varga <pvarga@inf.u-szeged.hu>
-rw-r--r--src/core/api/qwebenginecookiestore.cpp4
-rw-r--r--src/core/content_browser_client_qt.cpp45
-rw-r--r--src/core/content_browser_client_qt.h19
3 files changed, 68 insertions, 0 deletions
diff --git a/src/core/api/qwebenginecookiestore.cpp b/src/core/api/qwebenginecookiestore.cpp
index adf0cc49e..76e79c570 100644
--- a/src/core/api/qwebenginecookiestore.cpp
+++ b/src/core/api/qwebenginecookiestore.cpp
@@ -353,6 +353,10 @@ void QWebEngineCookieStore::deleteAllCookies()
The callback should not be used to execute heavy tasks since it is running on the
IO thread and therefore blocks the Chromium networking.
+ \note The cookie filter also controls other features with tracking capabilities similar to
+ those of cookies; including IndexedDB, DOM storage, filesystem API, service workers,
+ and AppCache.
+
\sa deleteAllCookies(), loadAllCookies()
*/
void QWebEngineCookieStore::setCookieFilter(const std::function<bool(const FilterRequest &)> &filterCallback)
diff --git a/src/core/content_browser_client_qt.cpp b/src/core/content_browser_client_qt.cpp
index 1f5f76a4d..3e620bd1f 100644
--- a/src/core/content_browser_client_qt.cpp
+++ b/src/core/content_browser_client_qt.cpp
@@ -95,6 +95,7 @@
#include "media_capture_devices_dispatcher.h"
#include "net/network_delegate_qt.h"
#include "net/qrc_protocol_handler_qt.h"
+#include "net/url_request_context_getter_qt.h"
#if BUILDFLAG(ENABLE_BASIC_PRINTING)
#include "printing/printing_message_filter_qt.h"
#endif // BUILDFLAG(ENABLE_BASIC_PRINTING)
@@ -740,6 +741,7 @@ bool ContentBrowserClientQt::AllowGetCookie(const GURL &url,
int /*render_process_id*/,
int /*render_frame_id*/)
{
+ DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
NetworkDelegateQt *networkDelegate = static_cast<NetworkDelegateQt *>(context->GetRequestContext()->network_delegate());
return networkDelegate->canGetCookies(first_party, url);
}
@@ -752,10 +754,53 @@ bool ContentBrowserClientQt::AllowSetCookie(const GURL &url,
int /*render_frame_id*/,
const net::CookieOptions& /*options*/)
{
+ DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
NetworkDelegateQt *networkDelegate = static_cast<NetworkDelegateQt *>(context->GetRequestContext()->network_delegate());
return networkDelegate->canSetCookies(first_party, url, std::string());
}
+bool ContentBrowserClientQt::AllowAppCache(const GURL &manifest_url,
+ const GURL &first_party,
+ content::ResourceContext *context)
+{
+ DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
+ NetworkDelegateQt *networkDelegate = static_cast<NetworkDelegateQt *>(context->GetRequestContext()->network_delegate());
+ return networkDelegate->canGetCookies(first_party, manifest_url);
+}
+
+bool ContentBrowserClientQt::AllowServiceWorker(const GURL &scope,
+ const GURL &first_party,
+ content::ResourceContext *context,
+ const base::Callback<content::WebContents*(void)> &/*wc_getter*/)
+{
+ DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
+ // FIXME: Chrome also checks if javascript is enabled here to check if has been disabled since the service worker
+ // was started.
+ NetworkDelegateQt *networkDelegate = static_cast<NetworkDelegateQt *>(context->GetRequestContext()->network_delegate());
+ return networkDelegate->canGetCookies(first_party, scope);
+}
+
+// We control worker access to FS and indexed-db using cookie permissions, this is mirroring Chromium's logic.
+void ContentBrowserClientQt::AllowWorkerFileSystem(const GURL &url,
+ content::ResourceContext *context,
+ const std::vector<std::pair<int, int> > &/*render_frames*/,
+ base::Callback<void(bool)> callback)
+{
+ DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
+ NetworkDelegateQt *networkDelegate = static_cast<NetworkDelegateQt *>(context->GetRequestContext()->network_delegate());
+ callback.Run(networkDelegate->canSetCookies(url, url, std::string()));
+}
+
+bool ContentBrowserClientQt::AllowWorkerIndexedDB(const GURL &url,
+ const base::string16 &/*name*/,
+ content::ResourceContext *context,
+ const std::vector<std::pair<int, int> > &/*render_frames*/)
+{
+ DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
+ NetworkDelegateQt *networkDelegate = static_cast<NetworkDelegateQt *>(context->GetRequestContext()->network_delegate());
+ return networkDelegate->canSetCookies(url, url, std::string());
+}
+
} // namespace QtWebEngineCore
DEFINE_WEB_CONTENTS_USER_DATA_KEY(QtWebEngineCore::ServiceDriver);
diff --git a/src/core/content_browser_client_qt.h b/src/core/content_browser_client_qt.h
index 86bd2977c..5ef2cddfb 100644
--- a/src/core/content_browser_client_qt.h
+++ b/src/core/content_browser_client_qt.h
@@ -150,6 +150,25 @@ public:
int render_frame_id,
const net::CookieOptions& options) override;
+ bool AllowAppCache(const GURL& manifest_url,
+ const GURL& first_party,
+ content::ResourceContext* context) override;
+
+ bool AllowServiceWorker(const GURL& scope,
+ const GURL& first_party,
+ content::ResourceContext* context,
+ const base::Callback<content::WebContents*(void)>& wc_getter) override;
+
+ void AllowWorkerFileSystem(const GURL &url,
+ content::ResourceContext *context,
+ const std::vector<std::pair<int, int> > &render_frames,
+ base::Callback<void(bool)> callback) override;
+
+ bool AllowWorkerIndexedDB(const GURL &url,
+ const base::string16 &name,
+ content::ResourceContext *context,
+ const std::vector<std::pair<int, int> > &render_frames) override;
+
#if defined(Q_OS_LINUX)
void GetAdditionalMappedFilesForChildProcess(const base::CommandLine& command_line, int child_process_id, content::PosixFileDescriptorInfo* mappings) override;
#endif