only use ephemeral storage for block 3p setting #7647
Conversation
bridiver
changed the title
|
still needs tests so technically a wip, but I wanted to get a build |
|
just to keep everything stitched together, manual tests are here: https://dev-pages.brave.software/storage/ephemeral-storage.html |
| AllowStorageAccessForMainFrameSync(storage_type); | ||
| } | ||
|
|
||
| bool BraveContentSettingsAgentImpl::AllowStorageAccessSync( |
There was a problem hiding this comment.
still need to update the non-sync versions of these methods just for consistency in the results
bridiver
force-pushed
the
ephemeral-storage
branch
2 times, most recently
from
2bc6577
to
2a6b094
Compare
bridiver
force-pushed
the
ephemeral-storage
branch
from
2a6b094
to
357c273
Compare
bridiver
force-pushed
the
ephemeral-storage
branch
from
0439048
to
83a051b
Compare
| session_storage_namespace_ = content::CreateSessionStorageNamespace( | ||
| partition, session_partition_id, | ||
| // clone the namespace if there is an opener | ||
| // https://html.spec.whatwg.org/multipage/browsers.html#copy-session-storage |
There was a problem hiding this comment.
Will this clone copy non-ephemeral session storage data into the ephemeral session storage? I'm pretty sure that's why I didn't do this in the past.
There was a problem hiding this comment.
it shouldn't be, I'm only passing the id of the parent session storage and it passes all the tests on https://dev-pages.brave.software/storage/ephemeral-storage.html
There was a problem hiding this comment.
and since the opener will be suppressed if it's not same domain the owner window will always have ephemeral storage enabled, but it might be worth adding a check in case there's some edge case with subdomains
There was a problem hiding this comment.
looks like it should be ok
// If the namespace doesn't exist or it's not populated yet, just create
// an empty session storage by not marking it as pending a clone.
if (clone_from_ns == namespaces_.end() ||
!clone_from_ns->second->IsPopulated()) {
break;
}
There was a problem hiding this comment.
would be nice to have a browser test
| bool block_3p = !cookie_settings->IsCookieAccessAllowed( | ||
| url, site_for_cookies, top_frame_origin); | ||
| bool block_1p = !cookie_settings->IsCookieAccessAllowed( | ||
| url, url, url::Origin::Create(url)); |
There was a problem hiding this comment.
This is a clever way of doing this. Nice!
| // only use ephemeral storage for block 3p | ||
| if (block_3p && !block_1p) | ||
| return true; | ||
|
|
||
| return false; |
There was a problem hiding this comment.
Nit: Here you could simply do:
return block_3p && !block_1p;There was a problem hiding this comment.
yea, I could still attach the same comment to it for clarity so I'll clean that up
| bool IsEphemeralCookieAccessAllowed(const GURL& url, \ | ||
| const GURL& first_party_url) const; \ |
There was a problem hiding this comment.
I think you could eliminate this method by giving the three-argument version a default argument:
bool IsEphemeralCookieAccessAllowed( \
const GURL& url, const GURL& site_for_cookies, \
const base::Optional<url::Origin>& top_frame_origin = base::nullopt) const; There was a problem hiding this comment.
I wanted to stay consistent with the original methods for clarity
There was a problem hiding this comment.
and also when the two argument version is removed that might cause us to miss something
| if (use_ephemeral_storage) { \ | ||
| auto top_frame_url = \ | ||
| request_->isolation_info().top_frame_origin()->GetURL(); \ | ||
| auto cookie_1p = net::CanonicalCookie::CreateSanitizedCookie( \ | ||
| top_frame_url, cookie->Name(), cookie->Value(), cookie->Domain(), \ | ||
| cookie->Path(), cookie->CreationDate(), cookie->ExpiryDate(), \ | ||
| cookie->LastAccessDate(), cookie->IsSecure(), cookie->IsHttpOnly(), \ | ||
| cookie->SameSite(), cookie->Priority(), cookie->IsSameParty()); \ | ||
| \ | ||
| net::CookieOptions::SameSiteCookieContext same_site_context = \ | ||
| net::cookie_util::ComputeSameSiteContextForResponse( \ | ||
| top_frame_url, request_->site_for_cookies(), \ | ||
| request_->initiator(), false); \ | ||
| net::CookieOptions options_1p = CreateCookieOptions(same_site_context); \ | ||
| \ | ||
| if (!(CanSetCookie(*cookie_1p, &options_1p) && \ | ||
| !CanSetCookie(*cookie, &options))) \ | ||
| use_ephemeral_storage = false; \ | ||
| } \ |
There was a problem hiding this comment.
I think you can avoid duplicating this code by making it part of ShouldUseEphemeralStorage and passing in the cookie parameter.
There was a problem hiding this comment.
yea, I think there are several places this can be cleaned up so I'll create some follow-up issues
| // only use ephemeral storage for block 3p | ||
| if (block_3p && !block_1p) | ||
| return true; | ||
|
|
||
| return false; |
There was a problem hiding this comment.
This could use the same simplification that I mentioned above.
There was a problem hiding this comment.
| MaybeClearAccessDeniedException(storage, *window, &exception_state); | ||
| if (!base::FeatureList::IsEnabled(net::features::kBraveEphemeralStorage)) | ||
| if (!ShouldUseEphemeralStorage( | ||
| window, WebContentSettingsClient::StorageType::kSessionStorage)) |
There was a problem hiding this comment.
Should this be WebContentSettingsClient::StorageType::kLocalStorage instead? If not, can the argument be eliminated from the function entirely since each call site passes WebContentSettingsClient::StorageType::kSessionStorage?
There was a problem hiding this comment.
Good catch. It won't affect anything because the ephemeral storage settings are the same for session and local storage, but it should be correct in case something changes with that in the future
| net::CookieInclusionStatus returned_status; \ | ||
| auto cookie = net::CanonicalCookie::Create( \ | ||
| request_->url(), "a=a", base::Time::Now(), base::nullopt, \ | ||
| &returned_status); \ |
There was a problem hiding this comment.
This param has a default value of nullptr and we don't seem to be using returned_status afterwords.
chromium_src/net/base/features.cc
Outdated
| @@ -8,6 +8,6 @@ | |||
| namespace net { | |||
| namespace features { | |||
| const base::Feature kBraveEphemeralStorage{"EphemeralStorage", | |||
| base::FEATURE_DISABLED_BY_DEFAULT}; | |||
| base::FEATURE_ENABLED_BY_DEFAULT}; | |||
There was a problem hiding this comment.
removing this change as it was not intentional
| @@ -8,6 +8,7 @@ | |||
|
|
|||
| #include <memory> | |||
| #include <string> | |||
| #include <utility> | |||
| #include <vector> | |||
|
|
|||
| #include "base/strings/string16.h" | |||
There was a problem hiding this comment.
also base/containers/flat_map.h
| auto* rfh = web_contents()->GetOpener(); | ||
| session_storage_namespace_ = content::CreateSessionStorageNamespace( | ||
| partition, session_partition_id, | ||
| // clone the namespace if there is an opener |
There was a problem hiding this comment.
really a nit, but the style guide wants us to use proper punctuation, i.e. start sentenses with a capital and end with a dot.
https://google.github.io/styleguide/cppguide.html#Punctuation,_Spelling_and_Grammar
| frame->GetDocument().TopFrameOrigin(), | ||
| url::Origin(frame->GetDocument().TopFrameOrigin()).GetURL(), | ||
| frame->GetDocument().TopFrameOrigin(), &result); | ||
| cached_storage_permissions_[key] = result; |
There was a problem hiding this comment.
do we need the cache at all? Growing it indefinitely looks pretty scary
There was a problem hiding this comment.
this is copied from ContentSettingsAgentImpl and it's per-frame so it doesn't grow indefinitely
|
LGTM in general, but I'd like to understand whether we have tests for toggling the ephemeral storage on/off? Also, should we explicitly delete existing ephemeral storage for a given domain when a user disables shields? |
|
oops, something happened with network cookies |
|
As long as the "when to clear the ephemeral storage" logic doesn't change, i dont think we need to "force clear" it when shields are dropped. So, if i have two tabs, example.org/1.html and example.org/2.html w/ ephemeral storage enabled, and both pages have some thirdparty frame (e.g., third.org/frame.html). Even if i drop shields on example.org (so ephemeral storage is not being applied to the page), the <example.org, third.org> partition should be cleared when all example.org tabs are closed |
|
@bridiver what happened to network cookies?.. |
|
We stripped it from the initial implementation bc (my understanding is) it made implementation much more complicated and ugly, and its by far the less important part of the system. It would still be very good to get it supported, but my preference was to not delay getting this 95%-of-the-benefit part shipped while we figure out whats possible network side. @bridiver @iefremov if there isn't already a follow up issue for network navigation cookies, would you like me to create one? |
Resolves brave/brave-browser#12789
Submitter Checklist:
QA/YesorQA/No;release-notes/includeorrelease-notes/exclude;OS/...) to the associated issuenpm run test -- brave_browser_tests,npm run test -- brave_unit_tests,npm run lint,npm run gn_check,npm run tslintgit rebase master(if needed).Reviewer Checklist:
gnAfter-merge Checklist:
changes has landed on.
Test Plan: