diff options
author | Peter Birk Pakkenberg <pbirk@chromium.org> | 2022-09-22 16:09:42 +0000 |
---|---|---|
committer | Copybara-Service <copybara-worker@google.com> | 2022-09-22 09:17:44 -0700 |
commit | b2277c632713fe400752ef4bb60bc88c930fcacd (patch) | |
tree | 9808dc3db3692aac0ea7a3eab12b9c253c2256c5 | |
parent | 9aa4cef01c1f51ce6ebd34451d1b4ae6f7bb70a0 (diff) | |
download | webview_support_interfaces-b2277c632713fe400752ef4bb60bc88c930fcacd.tar.gz |
[aw] Add allowlist for X-Requested-With header
This CL reuses the origin matching originally developed for
components/js_injection, and moves the computation of the default
header mode to native code.
The CL adds new API methods, and replaces the original API with stubs,
to be removed once the AndroidX library has been updated to use the
new methods.
Bug: 1295213
Change-Id: Ic96d85d1e159a86461af5b63cac6d87c0ff6497e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3822948
Reviewed-by: Andrey Zaytsev <andzaytsev@google.com>
Reviewed-by: Richard Coles <torne@chromium.org>
Commit-Queue: Peter Pakkenberg <pbirk@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1050218}
NOKEYCHECK=True
GitOrigin-RevId: 020b57aa6fe80bb66a38cc132a0bbd7afeb26359
3 files changed, 26 insertions, 0 deletions
diff --git a/src/org/chromium/support_lib_boundary/ServiceWorkerWebSettingsBoundaryInterface.java b/src/org/chromium/support_lib_boundary/ServiceWorkerWebSettingsBoundaryInterface.java index 8abe41c..5a4b9ab 100644 --- a/src/org/chromium/support_lib_boundary/ServiceWorkerWebSettingsBoundaryInterface.java +++ b/src/org/chromium/support_lib_boundary/ServiceWorkerWebSettingsBoundaryInterface.java @@ -6,6 +6,8 @@ package org.chromium.support_lib_boundary; import org.chromium.support_lib_boundary.WebSettingsBoundaryInterface.RequestedWithHeaderMode; +import java.util.Set; + /** * Boundary interface for ServiceWorkerWebSettings. */ @@ -26,7 +28,13 @@ public interface ServiceWorkerWebSettingsBoundaryInterface { boolean getBlockNetworkLoads(); + @Deprecated void setRequestedWithHeaderMode(@RequestedWithHeaderMode int mode); + @Deprecated @RequestedWithHeaderMode int getRequestedWithHeaderMode(); + + void setRequestedWithHeaderOriginAllowList(Set<String> allowedOriginRules); + + Set<String> getRequestedWithHeaderOriginAllowList(); } diff --git a/src/org/chromium/support_lib_boundary/WebSettingsBoundaryInterface.java b/src/org/chromium/support_lib_boundary/WebSettingsBoundaryInterface.java index 60d8c85..fa298a6 100644 --- a/src/org/chromium/support_lib_boundary/WebSettingsBoundaryInterface.java +++ b/src/org/chromium/support_lib_boundary/WebSettingsBoundaryInterface.java @@ -11,6 +11,7 @@ package org.chromium.support_lib_boundary; import java.lang.annotation.Retention; import java.lang.annotation.RetentionPolicy; +import java.util.Set; /** * Boundary interface for WebSettingsCompat. @@ -56,15 +57,21 @@ public interface WebSettingsBoundaryInterface { @WebAuthnSupport int getWebAuthnSupport(); + @Deprecated @Retention(RetentionPolicy.SOURCE) @interface RequestedWithHeaderMode { int NO_HEADER = 0; int APP_PACKAGE_NAME = 1; } + @Deprecated void setRequestedWithHeaderMode(@RequestedWithHeaderMode int mode); + @Deprecated @RequestedWithHeaderMode int getRequestedWithHeaderMode(); + void setRequestedWithHeaderOriginAllowList(Set<String> allowedOriginRules); + Set<String> getRequestedWithHeaderOriginAllowList(); + void setEnterpriseAuthenticationAppLinkPolicyEnabled(boolean enabled); boolean getEnterpriseAuthenticationAppLinkPolicyEnabled(); } diff --git a/src/org/chromium/support_lib_boundary/util/Features.java b/src/org/chromium/support_lib_boundary/util/Features.java index cc7a597..2ddeece 100644 --- a/src/org/chromium/support_lib_boundary/util/Features.java +++ b/src/org/chromium/support_lib_boundary/util/Features.java @@ -204,8 +204,19 @@ public class Features { // WebSettingsCompat.getRequestedWithHeaderMode // ServiceWorkerWebSettingsCompat.setRequestedWithHeaderMode // ServiceWorkerWebSettingsCompat.getRequestedWithHeaderMode + /** + * @deprecated Feature was never launched. Do not reuse feature name. + */ + @Deprecated() public static final String REQUESTED_WITH_HEADER_CONTROL = "REQUESTED_WITH_HEADER_CONTROL"; + // WebSettingsCompat.setRequestedWithHeaderAllowList + // WebSettingsCompat.getRequestedWithHeaderAllowList + // ServiceWorkerWebSettingsCompat.setRequestedWithHeaderAllowList + // ServiceWorkerWebSettingsCompat.getRequestedWithHeaderAllowList + public static final String REQUESTED_WITH_HEADER_ALLOW_LIST = + "REQUESTED_WITH_HEADER_ALLOW_LIST"; + // WebViewCompat.getVariationsHeader public static final String GET_VARIATIONS_HEADER = "GET_VARIATIONS_HEADER"; |