-
Notifications
You must be signed in to change notification settings - Fork 868
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
only use ephemeral storage for block 3p setting #7647
Conversation
still needs tests so technically a wip, but I wanted to get a build |
just to keep everything stitched together, manual tests are here: https://dev-pages.brave.software/storage/ephemeral-storage.html |
AllowStorageAccessForMainFrameSync(storage_type); | ||
} | ||
|
||
bool BraveContentSettingsAgentImpl::AllowStorageAccessSync( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
still need to update the non-sync versions of these methods just for consistency in the results
2bc6577
to
2a6b094
Compare
2a6b094
to
357c273
Compare
0439048
to
83a051b
Compare
session_storage_namespace_ = content::CreateSessionStorageNamespace( | ||
partition, session_partition_id, | ||
// clone the namespace if there is an opener | ||
// https://html.spec.whatwg.org/multipage/browsers.html#copy-session-storage |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Will this clone copy non-ephemeral session storage data into the ephemeral session storage? I'm pretty sure that's why I didn't do this in the past.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it shouldn't be, I'm only passing the id of the parent session storage and it passes all the tests on https://dev-pages.brave.software/storage/ephemeral-storage.html
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
and since the opener will be suppressed if it's not same domain the owner window will always have ephemeral storage enabled, but it might be worth adding a check in case there's some edge case with subdomains
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
looks like it should be ok
// If the namespace doesn't exist or it's not populated yet, just create
// an empty session storage by not marking it as pending a clone.
if (clone_from_ns == namespaces_.end() ||
!clone_from_ns->second->IsPopulated()) {
break;
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
would be nice to have a browser test
bool block_3p = !cookie_settings->IsCookieAccessAllowed( | ||
url, site_for_cookies, top_frame_origin); | ||
bool block_1p = !cookie_settings->IsCookieAccessAllowed( | ||
url, url, url::Origin::Create(url)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a clever way of doing this. Nice!
// only use ephemeral storage for block 3p | ||
if (block_3p && !block_1p) | ||
return true; | ||
|
||
return false; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit: Here you could simply do:
return block_3p && !block_1p;
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yea, I could still attach the same comment to it for clarity so I'll clean that up
bool IsEphemeralCookieAccessAllowed(const GURL& url, \ | ||
const GURL& first_party_url) const; \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think you could eliminate this method by giving the three-argument version a default argument:
bool IsEphemeralCookieAccessAllowed( \
const GURL& url, const GURL& site_for_cookies, \
const base::Optional<url::Origin>& top_frame_origin = base::nullopt) const;
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wanted to stay consistent with the original methods for clarity
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
and also when the two argument version is removed that might cause us to miss something
if (use_ephemeral_storage) { \ | ||
auto top_frame_url = \ | ||
request_->isolation_info().top_frame_origin()->GetURL(); \ | ||
auto cookie_1p = net::CanonicalCookie::CreateSanitizedCookie( \ | ||
top_frame_url, cookie->Name(), cookie->Value(), cookie->Domain(), \ | ||
cookie->Path(), cookie->CreationDate(), cookie->ExpiryDate(), \ | ||
cookie->LastAccessDate(), cookie->IsSecure(), cookie->IsHttpOnly(), \ | ||
cookie->SameSite(), cookie->Priority(), cookie->IsSameParty()); \ | ||
\ | ||
net::CookieOptions::SameSiteCookieContext same_site_context = \ | ||
net::cookie_util::ComputeSameSiteContextForResponse( \ | ||
top_frame_url, request_->site_for_cookies(), \ | ||
request_->initiator(), false); \ | ||
net::CookieOptions options_1p = CreateCookieOptions(same_site_context); \ | ||
\ | ||
if (!(CanSetCookie(*cookie_1p, &options_1p) && \ | ||
!CanSetCookie(*cookie, &options))) \ | ||
use_ephemeral_storage = false; \ | ||
} \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think you can avoid duplicating this code by making it part of ShouldUseEphemeralStorage
and passing in the cookie
parameter.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yea, I think there are several places this can be cleaned up so I'll create some follow-up issues
// only use ephemeral storage for block 3p | ||
if (block_3p && !block_1p) | ||
return true; | ||
|
||
return false; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This could use the same simplification that I mentioned above.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
MaybeClearAccessDeniedException(storage, *window, &exception_state); | ||
if (!base::FeatureList::IsEnabled(net::features::kBraveEphemeralStorage)) | ||
if (!ShouldUseEphemeralStorage( | ||
window, WebContentSettingsClient::StorageType::kSessionStorage)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should this be WebContentSettingsClient::StorageType::kLocalStorage
instead? If not, can the argument be eliminated from the function entirely since each call site passes WebContentSettingsClient::StorageType::kSessionStorage
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good catch. It won't affect anything because the ephemeral storage settings are the same for session and local storage, but it should be correct in case something changes with that in the future
net::CookieInclusionStatus returned_status; \ | ||
auto cookie = net::CanonicalCookie::Create( \ | ||
request_->url(), "a=a", base::Time::Now(), base::nullopt, \ | ||
&returned_status); \ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This param has a default value of nullptr
and we don't seem to be using returned_status
afterwords.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
++ on chromium_src
chromium_src/net/base/features.cc
Outdated
@@ -8,6 +8,6 @@ | |||
namespace net { | |||
namespace features { | |||
const base::Feature kBraveEphemeralStorage{"EphemeralStorage", | |||
base::FEATURE_DISABLED_BY_DEFAULT}; | |||
base::FEATURE_ENABLED_BY_DEFAULT}; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
removing this change as it was not intentional
@@ -8,6 +8,7 @@ | |||
|
|||
#include <memory> | |||
#include <string> | |||
#include <utility> | |||
#include <vector> | |||
|
|||
#include "base/strings/string16.h" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
also base/containers/flat_map.h
auto* rfh = web_contents()->GetOpener(); | ||
session_storage_namespace_ = content::CreateSessionStorageNamespace( | ||
partition, session_partition_id, | ||
// clone the namespace if there is an opener |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
really a nit, but the style guide wants us to use proper punctuation, i.e. start sentenses with a capital and end with a dot.
https://google.github.io/styleguide/cppguide.html#Punctuation,_Spelling_and_Grammar
frame->GetDocument().TopFrameOrigin(), | ||
url::Origin(frame->GetDocument().TopFrameOrigin()).GetURL(), | ||
frame->GetDocument().TopFrameOrigin(), &result); | ||
cached_storage_permissions_[key] = result; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
do we need the cache at all? Growing it indefinitely looks pretty scary
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is copied from ContentSettingsAgentImpl and it's per-frame so it doesn't grow indefinitely
LGTM in general, but I'd like to understand whether we have tests for toggling the ephemeral storage on/off? Also, should we explicitly delete existing ephemeral storage for a given domain when a user disables shields? |
oops, something happened with network cookies |
As long as the "when to clear the ephemeral storage" logic doesn't change, i dont think we need to "force clear" it when shields are dropped. So, if i have two tabs, example.org/1.html and example.org/2.html w/ ephemeral storage enabled, and both pages have some thirdparty frame (e.g., third.org/frame.html). Even if i drop shields on example.org (so ephemeral storage is not being applied to the page), the <example.org, third.org> partition should be cleared when all example.org tabs are closed |
@bridiver what happened to network cookies?.. |
We stripped it from the initial implementation bc (my understanding is) it made implementation much more complicated and ugly, and its by far the less important part of the system. It would still be very good to get it supported, but my preference was to not delay getting this 95%-of-the-benefit part shipped while we figure out whats possible network side. @bridiver @iefremov if there isn't already a follow up issue for network navigation cookies, would you like me to create one? |
Resolves brave/brave-browser#12789
Submitter Checklist:
QA/Yes
orQA/No
;release-notes/include
orrelease-notes/exclude
;OS/...
) to the associated issuenpm run test -- brave_browser_tests
,npm run test -- brave_unit_tests
,npm run lint
,npm run gn_check
,npm run tslint
git rebase master
(if needed).Reviewer Checklist:
gn
After-merge Checklist:
changes has landed on.
Test Plan: