From b2277c632713fe400752ef4bb60bc88c930fcacd Mon Sep 17 00:00:00 2001 From: Peter Birk Pakkenberg Date: Thu, 22 Sep 2022 16:09:42 +0000 Subject: [aw] Add allowlist for X-Requested-With header This CL reuses the origin matching originally developed for components/js_injection, and moves the computation of the default header mode to native code. The CL adds new API methods, and replaces the original API with stubs, to be removed once the AndroidX library has been updated to use the new methods. Bug: 1295213 Change-Id: Ic96d85d1e159a86461af5b63cac6d87c0ff6497e Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3822948 Reviewed-by: Andrey Zaytsev Reviewed-by: Richard Coles Commit-Queue: Peter Pakkenberg Cr-Commit-Position: refs/heads/main@{#1050218} NOKEYCHECK=True GitOrigin-RevId: 020b57aa6fe80bb66a38cc132a0bbd7afeb26359 --- .../ServiceWorkerWebSettingsBoundaryInterface.java | 8 ++++++++ .../support_lib_boundary/WebSettingsBoundaryInterface.java | 7 +++++++ src/org/chromium/support_lib_boundary/util/Features.java | 11 +++++++++++ 3 files changed, 26 insertions(+) diff --git a/src/org/chromium/support_lib_boundary/ServiceWorkerWebSettingsBoundaryInterface.java b/src/org/chromium/support_lib_boundary/ServiceWorkerWebSettingsBoundaryInterface.java index 8abe41c..5a4b9ab 100644 --- a/src/org/chromium/support_lib_boundary/ServiceWorkerWebSettingsBoundaryInterface.java +++ b/src/org/chromium/support_lib_boundary/ServiceWorkerWebSettingsBoundaryInterface.java @@ -6,6 +6,8 @@ package org.chromium.support_lib_boundary; import org.chromium.support_lib_boundary.WebSettingsBoundaryInterface.RequestedWithHeaderMode; +import java.util.Set; + /** * Boundary interface for ServiceWorkerWebSettings. */ @@ -26,7 +28,13 @@ public interface ServiceWorkerWebSettingsBoundaryInterface { boolean getBlockNetworkLoads(); + @Deprecated void setRequestedWithHeaderMode(@RequestedWithHeaderMode int mode); + @Deprecated @RequestedWithHeaderMode int getRequestedWithHeaderMode(); + + void setRequestedWithHeaderOriginAllowList(Set allowedOriginRules); + + Set getRequestedWithHeaderOriginAllowList(); } diff --git a/src/org/chromium/support_lib_boundary/WebSettingsBoundaryInterface.java b/src/org/chromium/support_lib_boundary/WebSettingsBoundaryInterface.java index 60d8c85..fa298a6 100644 --- a/src/org/chromium/support_lib_boundary/WebSettingsBoundaryInterface.java +++ b/src/org/chromium/support_lib_boundary/WebSettingsBoundaryInterface.java @@ -11,6 +11,7 @@ package org.chromium.support_lib_boundary; import java.lang.annotation.Retention; import java.lang.annotation.RetentionPolicy; +import java.util.Set; /** * Boundary interface for WebSettingsCompat. @@ -56,15 +57,21 @@ public interface WebSettingsBoundaryInterface { @WebAuthnSupport int getWebAuthnSupport(); + @Deprecated @Retention(RetentionPolicy.SOURCE) @interface RequestedWithHeaderMode { int NO_HEADER = 0; int APP_PACKAGE_NAME = 1; } + @Deprecated void setRequestedWithHeaderMode(@RequestedWithHeaderMode int mode); + @Deprecated @RequestedWithHeaderMode int getRequestedWithHeaderMode(); + void setRequestedWithHeaderOriginAllowList(Set allowedOriginRules); + Set getRequestedWithHeaderOriginAllowList(); + void setEnterpriseAuthenticationAppLinkPolicyEnabled(boolean enabled); boolean getEnterpriseAuthenticationAppLinkPolicyEnabled(); } diff --git a/src/org/chromium/support_lib_boundary/util/Features.java b/src/org/chromium/support_lib_boundary/util/Features.java index cc7a597..2ddeece 100644 --- a/src/org/chromium/support_lib_boundary/util/Features.java +++ b/src/org/chromium/support_lib_boundary/util/Features.java @@ -204,8 +204,19 @@ public class Features { // WebSettingsCompat.getRequestedWithHeaderMode // ServiceWorkerWebSettingsCompat.setRequestedWithHeaderMode // ServiceWorkerWebSettingsCompat.getRequestedWithHeaderMode + /** + * @deprecated Feature was never launched. Do not reuse feature name. + */ + @Deprecated() public static final String REQUESTED_WITH_HEADER_CONTROL = "REQUESTED_WITH_HEADER_CONTROL"; + // WebSettingsCompat.setRequestedWithHeaderAllowList + // WebSettingsCompat.getRequestedWithHeaderAllowList + // ServiceWorkerWebSettingsCompat.setRequestedWithHeaderAllowList + // ServiceWorkerWebSettingsCompat.getRequestedWithHeaderAllowList + public static final String REQUESTED_WITH_HEADER_ALLOW_LIST = + "REQUESTED_WITH_HEADER_ALLOW_LIST"; + // WebViewCompat.getVariationsHeader public static final String GET_VARIATIONS_HEADER = "GET_VARIATIONS_HEADER"; -- cgit v1.2.3