[client hints] Clear client hint preferences on session shutdown

Bug: 1017166 Change-Id: I627c576a322c5e701fad105659b213c415e32a40 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1940207Reviewed-by: Yoav Weiss <yoavweiss@chromium.org> Reviewed-by: Scott Violet <sky@chromium.org> Commit-Queue: Aaron Tagliaboschi <aarontag@chromium.org> Cr-Commit-Position: refs/heads/master@{#721295}

[client hints] Clear client hint preferences on session shutdown
Bug: 1017166 Change-Id: I627c576a322c5e701fad105659b213c415e32a40 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1940207Reviewed-by: Yoav Weiss <yoavweiss@chromium.org> Reviewed-by: Scott Violet <sky@chromium.org> Commit-Queue: Aaron Tagliaboschi <aarontag@chromium.org> Cr-Commit-Position: refs/heads/master@{#721295}
6b57ecfe · Aaron Tagliaboschi · Commit Bot · 72044840 · 6b57ecfe · 6b57ecfe
Commit 6b57ecfe authored Dec 04, 2019 by Aaron Tagliaboschi Committed by Commit Bot Dec 04, 2019
3 changed files
--- a/chrome/browser/sessions/better_session_restore_browsertest.cc
+++ b/chrome/browser/sessions/better_session_restore_browsertest.cc
@@ -46,6 +46,7 @@
 #include "components/keep_alive_registry/scoped_keep_alive.h"
 #include "components/prefs/pref_service.h"
 #include "content/public/browser/web_contents.h"
+#include "content/public/common/content_switches.h"
 #include "content/public/common/url_constants.h"
 #include "content/public/test/browser_test_utils.h"
 #include "content/public/test/url_loader_interceptor.h"
@@ -145,6 +146,29 @@ class BetterSessionRestoreTest : public InProcessBrowserTest {
                    params->client.get());
                return true;
              }
+
+              if (path == path_prefix + "accept_ch.html") {
+                std::string header =
+                    "HTTP/1.1 200 OK\nContent-type: text/html\nAccept-CH: "
+                    "device-memory\n\n";
+
+                if (params->url_request.url.query().find("lifetime") !=
+                    std::string::npos)
+                  header += "Accept-CH-Lifetime: 10000\n";
+                header += "\n";
+
+                // Make title consistent with other tests
+                std::string title = "<html><head><title>";
+                if (params->url_request.headers.HasHeader("device-memory"))
+                  title += "PASS";
+                else
+                  title += "STORING";
+
+                title += "</title></head><body>Data posted</body></html>";
+                content::URLLoaderInterceptor::WriteResponse(
+                    header, title, params->client.get());
+                return true;
+              }
              return false;
            }));
  }
@@ -307,10 +331,12 @@ class BetterSessionRestoreTest : public InProcessBrowserTest {
    return fake_server_address_;
  }

-  std::string test_path() {
-    return test_path_;
+  void SetSecureFakeServerAddress() {
+    fake_server_address_ = "https://www.test.com/";
  }

+  std::string test_path() { return test_path_; }
+
 #if BUILDFLAG(ENABLE_BACKGROUND_MODE)
  void EnableBackgroundMode() {
    static_cast<FakeBackgroundModeManager*>(
@@ -325,9 +351,10 @@ class BetterSessionRestoreTest : public InProcessBrowserTest {
  }
 #endif  // BUILDFLAG(ENABLE_BACKGROUND_MODE)

+  std::string fake_server_address_;
+
 private:
  std::string last_upload_bytes_;
-  const std::string fake_server_address_;
  std::vector<std::string> test_files_;
  const std::string test_path_;
  const base::string16 title_pass_;
@@ -850,4 +877,57 @@ IN_PROC_BROWSER_TEST_F(NoSessionRestoreTest, SessionCookiesBrowserClose) {
    StoreDataWithPage(new_browser, "session_cookies.html");
 }

+// These tests ensure that the Better Session Restore features are not triggered
+// when they shouldn't be.
+class NoClientHintRestoreTest : public NoSessionRestoreTest {
+ public:
+  NoClientHintRestoreTest() {
+    scoped_feature_list_.InitWithFeatureList(EnabledFeatures());
+  }
+
+  void SetUpCommandLine(base::CommandLine* command_line) override {
+    // TODO(aarontag): tie FeaturePolicyForClientHints runtime feature and blink
+    // feature together
+    command_line->AppendSwitchASCII(switches::kEnableBlinkFeatures,
+                                    "FeaturePolicyForClientHints");
+  }
+
+  std::unique_ptr<base::FeatureList> EnabledFeatures() {
+    std::unique_ptr<base::FeatureList> feature_list(new base::FeatureList);
+    feature_list->InitializeFromCommandLine("FeaturePolicyForClientHints", "");
+    return feature_list;
+  }
+
+ private:
+  base::test::ScopedFeatureList scoped_feature_list_;
+  DISALLOW_COPY_AND_ASSIGN(NoClientHintRestoreTest);
+};
+
+IN_PROC_BROWSER_TEST_F(NoSessionRestoreTest,
+                       PersistClientHintsCloseAllBrowsers) {
+  SetSecureFakeServerAddress();
+  // Without the feature, the lifetime is needed to persist opt-in preferences.
+  StoreDataWithPage("accept_ch.html?lifetime");
+  NavigateAndCheckStoredData("accept_ch.html?lifetime");
+  EnableBackgroundMode();
+  Browser* new_browser = QuitBrowserAndRestore(browser(), true);
+  NavigateAndCheckStoredData(new_browser, "accept_ch.html?lifetime");
+  DisableBackgroundMode();
+  new_browser = QuitBrowserAndRestore(new_browser, true);
+  NavigateAndCheckStoredData(new_browser, "accept_ch.html?lifetime");
+}
+
+IN_PROC_BROWSER_TEST_F(NoClientHintRestoreTest,
+                       ClearClientHintsCloseAllBrowsers) {
+  SetSecureFakeServerAddress();
+  StoreDataWithPage("accept_ch.html");
+  NavigateAndCheckStoredData("accept_ch.html");
+  EnableBackgroundMode();
+  Browser* new_browser = QuitBrowserAndRestore(browser(), true);
+  StoreDataWithPage(new_browser, "accept_ch.html");
+  DisableBackgroundMode();
+  new_browser = QuitBrowserAndRestore(new_browser, true);
+  StoreDataWithPage(new_browser, "accept_ch.html");
+}
+
 #endif  // BUILDFLAG(ENABLE_BACKGROUND_MODE)
--- a/chrome/browser/sessions/session_data_deleter.cc
+++ b/chrome/browser/sessions/session_data_deleter.cc
@@ -8,17 +8,22 @@
 #include "base/bind.h"
 #include "base/bind_helpers.h"
 #include "base/command_line.h"
+#include "base/feature_list.h"
 #include "base/macros.h"
 #include "base/memory/ref_counted.h"
 #include "build/build_config.h"
+#include "chrome/browser/content_settings/host_content_settings_map_factory.h"
 #include "chrome/browser/lifetime/browser_shutdown.h"
 #include "chrome/browser/prefs/session_startup_pref.h"
 #include "chrome/browser/profiles/profile.h"
 #include "chrome/browser/ui/startup/startup_browser_creator.h"
+#include "components/content_settings/core/browser/host_content_settings_map.h"
 #include "content/public/browser/browser_context.h"
 #include "content/public/browser/browser_thread.h"
 #include "content/public/browser/storage_partition.h"
 #include "content/public/browser/storage_usage_info.h"
+#include "content/public/common/content_features.h"
+#include "content/public/common/content_switches.h"
 #include "mojo/public/cpp/bindings/remote.h"
 #include "net/cookies/cookie_util.h"
 #include "services/network/public/mojom/cookie_manager.mojom.h"
@@ -39,7 +44,8 @@ class SessionDataDeleter
  SessionDataDeleter(storage::SpecialStoragePolicy* storage_policy,
                     bool delete_only_by_session_only_policy);

-  void Run(content::StoragePartition* storage_partition);
+  void Run(content::StoragePartition* storage_partition,
+           HostContentSettingsMap* host_content_settings_map);

 private:
  friend class base::RefCountedThreadSafe<SessionDataDeleter>;
@@ -65,7 +71,9 @@ SessionDataDeleter::SessionDataDeleter(
      delete_only_by_session_only_policy_(delete_only_by_session_only_policy) {
 }

-void SessionDataDeleter::Run(content::StoragePartition* storage_partition) {
+void SessionDataDeleter::Run(
+    content::StoragePartition* storage_partition,
+    HostContentSettingsMap* host_content_settings_map) {
  if (storage_policy_.get() && storage_policy_->HasSessionOnlyOrigins()) {
    // Cookies are not origin scoped, so they are handled separately.
    const uint32_t removal_mask =
@@ -91,6 +99,15 @@ void SessionDataDeleter::Run(content::StoragePartition* storage_partition) {
        std::move(filter),
        // Fire and forget
        network::mojom::CookieManager::DeleteCookiesCallback());
+
+    // If the feature policy feature is enabled, delete the client hint
+    // preferences
+    if (base::FeatureList::IsEnabled(features::kFeaturePolicyForClientHints) ||
+        base::CommandLine::ForCurrentProcess()->HasSwitch(
+            switches::kEnableExperimentalWebPlatformFeatures)) {
+      host_content_settings_map->ClearSettingsForOneType(
+          ContentSettingsType::CLIENT_HINTS);
+    }
  }

  if (!storage_policy_.get() || !storage_policy_->HasSessionOnlyOrigins())
@@ -148,5 +165,6 @@ void DeleteSessionOnlyData(Profile* profile) {
  scoped_refptr<SessionDataDeleter> deleter(
      new SessionDataDeleter(profile->GetSpecialStoragePolicy(),
                             startup_pref_type == SessionStartupPref::LAST));
-  deleter->Run(Profile::GetDefaultStoragePartition(profile));
+  deleter->Run(Profile::GetDefaultStoragePartition(profile),
+               HostContentSettingsMapFactory::GetForProfile(profile));
 }
--- a/third_party/blink/renderer/core/loader/document_loader.cc
+++ b/third_party/blink/renderer/core/loader/document_loader.cc
@@ -1793,7 +1793,11 @@ void DocumentLoader::ParseAndPersistClientHints(
  // do the same thing.

  if (RuntimeEnabledFeatures::FeaturePolicyForClientHintsEnabled()) {
-    persist_duration = base::TimeDelta::Max();
+    // JSON cannot store "non-finite" values (i.e. NaN or infinite) so
+    // base::TimeDelta::Max cannot be used. As this will be removed once
+    // the FeaturePolicyForClientHints feature is shipped, a reasonably
+    // large was chosen instead
+    persist_duration = base::TimeDelta::FromDays(1000000);
  } else {
    persist_duration = client_hints_preferences_.GetPersistDuration();
  }