[aw] Add allowlist for X-Requested-With header

This CL reuses the origin matching originally developed for components/js_injection, and moves the computation of the default header mode to native code. The CL adds new API methods, and replaces the original API with stubs, to be removed once the AndroidX library has been updated to use the new methods. Bug: 1295213 Change-Id: Ic96d85d1e159a86461af5b63cac6d87c0ff6497e Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3822948 Reviewed-by: Andrey Zaytsev <andzaytsev@google.com> Reviewed-by: Richard Coles <torne@chromium.org> Commit-Queue: Peter Pakkenberg <pbirk@chromium.org> Cr-Commit-Position: refs/heads/main@{#1050218} NOKEYCHECK=True GitOrigin-RevId: 020b57aa6fe80bb66a38cc132a0bbd7afeb26359
author: Peter Birk Pakkenberg <pbirk@chromium.org> 2022-09-22 16:09:42 +0000
committer: Copybara-Service <copybara-worker@google.com> 2022-09-22 09:17:44 -0700
commit: b2277c632713fe400752ef4bb60bc88c930fcacd (patch)
tree: 9808dc3db3692aac0ea7a3eab12b9c253c2256c5
parent: 9aa4cef01c1f51ce6ebd34451d1b4ae6f7bb70a0 (diff)
download: webview_support_interfaces-b2277c632713fe400752ef4bb60bc88c930fcacd.tar.gz
3 files changed, 26 insertions, 0 deletions
diff --git a/src/org/chromium/support_lib_boundary/ServiceWorkerWebSettingsBoundaryInterface.java b/src/org/chromium/support_lib_boundary/ServiceWorkerWebSettingsBoundaryInterface.java
index 8abe41c..5a4b9ab 100644
--- a/src/org/chromium/support_lib_boundary/ServiceWorkerWebSettingsBoundaryInterface.java
+++ b/src/org/chromium/support_lib_boundary/ServiceWorkerWebSettingsBoundaryInterface.java
@@ -6,6 +6,8 @@ package org.chromium.support_lib_boundary;
 
 import org.chromium.support_lib_boundary.WebSettingsBoundaryInterface.RequestedWithHeaderMode;
 
+import java.util.Set;
+
 /**
  * Boundary interface for ServiceWorkerWebSettings.
  */
@@ -26,7 +28,13 @@ public interface ServiceWorkerWebSettingsBoundaryInterface {
 
     boolean getBlockNetworkLoads();
 
+    @Deprecated
     void setRequestedWithHeaderMode(@RequestedWithHeaderMode int mode);
+    @Deprecated
     @RequestedWithHeaderMode
     int getRequestedWithHeaderMode();
+
+    void setRequestedWithHeaderOriginAllowList(Set<String> allowedOriginRules);
+
+    Set<String> getRequestedWithHeaderOriginAllowList();
 }
diff --git a/src/org/chromium/support_lib_boundary/WebSettingsBoundaryInterface.java b/src/org/chromium/support_lib_boundary/WebSettingsBoundaryInterface.java
index 60d8c85..fa298a6 100644
--- a/src/org/chromium/support_lib_boundary/WebSettingsBoundaryInterface.java
+++ b/src/org/chromium/support_lib_boundary/WebSettingsBoundaryInterface.java
@@ -11,6 +11,7 @@ package org.chromium.support_lib_boundary;
 
 import java.lang.annotation.Retention;
 import java.lang.annotation.RetentionPolicy;
+import java.util.Set;
 
 /**
  * Boundary interface for WebSettingsCompat.
@@ -56,15 +57,21 @@ public interface WebSettingsBoundaryInterface {
     @WebAuthnSupport
     int getWebAuthnSupport();
 
+    @Deprecated
     @Retention(RetentionPolicy.SOURCE)
     @interface RequestedWithHeaderMode {
         int NO_HEADER = 0;
         int APP_PACKAGE_NAME = 1;
     }
+    @Deprecated
     void setRequestedWithHeaderMode(@RequestedWithHeaderMode int mode);
+    @Deprecated
     @RequestedWithHeaderMode
     int getRequestedWithHeaderMode();
 
+    void setRequestedWithHeaderOriginAllowList(Set<String> allowedOriginRules);
+    Set<String> getRequestedWithHeaderOriginAllowList();
+
     void setEnterpriseAuthenticationAppLinkPolicyEnabled(boolean enabled);
     boolean getEnterpriseAuthenticationAppLinkPolicyEnabled();
 }
diff --git a/src/org/chromium/support_lib_boundary/util/Features.java b/src/org/chromium/support_lib_boundary/util/Features.java
index cc7a597..2ddeece 100644
--- a/src/org/chromium/support_lib_boundary/util/Features.java
+++ b/src/org/chromium/support_lib_boundary/util/Features.java
@@ -204,8 +204,19 @@ public class Features {
     // WebSettingsCompat.getRequestedWithHeaderMode
     // ServiceWorkerWebSettingsCompat.setRequestedWithHeaderMode
     // ServiceWorkerWebSettingsCompat.getRequestedWithHeaderMode
+    /**
+     * @deprecated Feature was never launched. Do not reuse feature name.
+     */
+    @Deprecated()
     public static final String REQUESTED_WITH_HEADER_CONTROL = "REQUESTED_WITH_HEADER_CONTROL";
 
+    // WebSettingsCompat.setRequestedWithHeaderAllowList
+    // WebSettingsCompat.getRequestedWithHeaderAllowList
+    // ServiceWorkerWebSettingsCompat.setRequestedWithHeaderAllowList
+    // ServiceWorkerWebSettingsCompat.getRequestedWithHeaderAllowList
+    public static final String REQUESTED_WITH_HEADER_ALLOW_LIST =
+            "REQUESTED_WITH_HEADER_ALLOW_LIST";
+
     // WebViewCompat.getVariationsHeader
     public static final String GET_VARIATIONS_HEADER = "GET_VARIATIONS_HEADER";
author	Peter Birk Pakkenberg <pbirk@chromium.org>	2022-09-22 16:09:42 +0000
committer	Copybara-Service <copybara-worker@google.com>	2022-09-22 09:17:44 -0700
commit	b2277c632713fe400752ef4bb60bc88c930fcacd (patch)
tree	9808dc3db3692aac0ea7a3eab12b9c253c2256c5
parent	9aa4cef01c1f51ce6ebd34451d1b4ae6f7bb70a0 (diff)
download	webview_support_interfaces-b2277c632713fe400752ef4bb60bc88c930fcacd.tar.gz