Direct Sockets: Consume transient activation when attempting socket open

Requiring and consuming transient activation prevents a page from repeatedly requesting permission to open a connection, without prior engagement with the page by the user. Not yet done: We should not consume or detect transient activation during re-connection attempts. Bug: 1119600 Change-Id: I3cbfea09bbdeebe30be2f56bee57459eef07f198 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2384229 Auto-Submit: Eric Willigers <ericwilligers@chromium.org> Commit-Queue: Glen Robertson <glenrob@chromium.org> Reviewed-by: Glen Robertson <glenrob@chromium.org> Cr-Commit-Position: refs/heads/master@{#803016}

Direct Sockets: Consume transient activation when attempting socket open
Requiring and consuming transient activation prevents a page from repeatedly requesting permission to open a connection, without prior engagement with the page by the user. Not yet done: We should not consume or detect transient activation during re-connection attempts. Bug: 1119600 Change-Id: I3cbfea09bbdeebe30be2f56bee57459eef07f198 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2384229 Auto-Submit: Eric Willigers <ericwilligers@chromium.org> Commit-Queue: Glen Robertson <glenrob@chromium.org> Reviewed-by: Glen Robertson <glenrob@chromium.org> Cr-Commit-Position: refs/heads/master@{#803016}
213db474 · Eric Willigers · Commit Bot · fcc21285 · 213db474 · 213db474
Commit 213db474 authored Aug 31, 2020 by Eric Willigers Committed by Commit Bot Aug 31, 2020
4 changed files
--- a/content/browser/direct_sockets/direct_sockets_service_impl.cc
+++ b/content/browser/direct_sockets/direct_sockets_service_impl.cc
@@ -113,7 +113,6 @@ net::Error DirectSocketsServiceImpl::EnsurePermission(

  // TODO(crbug.com/1119662): Check for enterprise software policies.
  // TODO(crbug.com/1119659): Check permissions policy.
-  // TODO(crbug.com/1119600): Check for transient activation.
  // TODO(crbug.com/1119600): Implement rate limiting.

  if (options.remote_port == 443) {

--- a/third_party/blink/renderer/modules/direct_sockets/navigator_socket.cc
+++ b/third_party/blink/renderer/modules/direct_sockets/navigator_socket.cc
@@ -237,6 +237,15 @@ bool NavigatorSocket::OpenSocketPermitted(ScriptState* script_state,
    return false;
  }

+  // TODO(crbug.com/1119600): Do not consume (or check) transient activation
+  // for reconnection attempts.
+  if (!LocalFrame::ConsumeTransientUserActivation(window->GetFrame())) {
+    exception_state.ThrowDOMException(
+        DOMExceptionCode::kNotAllowedError,
+        "Must be handling a user gesture to open a socket.");
+    return false;
+  }
+
  DCHECK(options);
  if (!options->hasRemotePort()) {
    exception_state.ThrowTypeError("remotePort was not specified.");

--- a/third_party/blink/web_tests/external/wpt/raw-sockets/open-consume-activation.https.html
+++ b/third_party/blink/web_tests/external/wpt/raw-sockets/open-consume-activation.https.html
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta charset="utf-8" />
+    <title>Sockets test: consume user activation</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+    <script src="/resources/testdriver.js"></script>
+    <script src="/resources/testdriver-vendor.js"></script>
+  </head>
+  <body>
+    <script>
+      'use strict';
+
+      const options = { remoteAddress: "127.0.0.1" };
+
+      promise_test(async t => {
+        // Not activated by user gesture, so not allowed!
+        await promise_rejects_dom(t, "NotAllowedError",
+          navigator.openTCPSocket(options));
+
+        await test_driver.bless("open socket");
+
+        // We have a gesture, but remotePort is omitted - so TypeError!
+        await promise_rejects_js(
+          t,
+          TypeError,
+          navigator.openTCPSocket(options)
+        );
+
+        // The activation has been consumed, so calling openTCPSocket() again
+        // would require a new gesture.
+        await promise_rejects_dom(t, "NotAllowedError",
+          navigator.openTCPSocket(options));
+      }, "Calling openTCPSocket consumes user activation");
+
+      promise_test(async t => {
+        // Not activated by user gesture, so not allowed!
+        await promise_rejects_dom(t, "NotAllowedError",
+          navigator.openUDPSocket(options));
+
+        await test_driver.bless("open socket");
+
+        // We have a gesture, but remotePort is omitted - so TypeError!
+        await promise_rejects_js(
+          t,
+          TypeError,
+          navigator.openUDPSocket(options)
+        );
+
+        // The activation has been consumed, so calling openUDPSocket() again
+        // would require a new gesture.
+        await promise_rejects_dom(t, "NotAllowedError",
+          navigator.openUDPSocket(options));
+      }, "Calling openUDPSocket consumes user activation");
+    </script>
+  </body>
+</html>
--- a/third_party/blink/web_tests/external/wpt/raw-sockets/open-without-user-gesture.https.html
+++ b/third_party/blink/web_tests/external/wpt/raw-sockets/open-without-user-gesture.https.html
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta charset="utf-8">
+    <title>Sockets test: open without user gesture fails</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+  </head>
+  <body>
+    <script>
+      'use strict';
+
+      promise_test(t => {
+        return promise_rejects_dom(
+            t, 'NotAllowedError',
+            navigator.openTCPSocket({remotePort: 53}));
+      }, 'openTCPSocket without a user gesture');
+
+      promise_test(t => {
+        return promise_rejects_dom(
+            t, 'NotAllowedError',
+            navigator.openUDPSocket({remotePort: 53}));
+      }, 'openUDPSocket without a user gesture');
+    </script>
+  </body>
+</html>