🤝 Add flag to disable server-side Digital Asset Link verification.

Digital Asset Link verification consists of two parts, verifying the link from the app to the website and verifying the link from the website to the app. The first part is done client side and a developer can easily satisfy this by putting a line in their app's manifest. The second part is done server side and thus a developer cannot create a link between their app and a locally running web server for development. This CL adds a command line Chrome flag that disables the server-side check allowing developers to use trusted web activity on locally hosted websites. Change-Id: I47a00ec45e5016ef398e876c1b35be680b2284f8 Reviewed-on: https://chromium-review.googlesource.com/883467 Commit-Queue: Peter Conn <peconn@chromium.org> Reviewed-by: Bernhard Bauer <bauerb@chromium.org> Cr-Commit-Position: refs/heads/master@{#544351}

🤝 Add flag to disable server-side Digital Asset Link verification.
Digital Asset Link verification consists of two parts, verifying the link from the app to the website and verifying the link from the website to the app. The first part is done client side and a developer can easily satisfy this by putting a line in their app's manifest. The second part is done server side and thus a developer cannot create a link between their app and a locally running web server for development. This CL adds a command line Chrome flag that disables the server-side check allowing developers to use trusted web activity on locally hosted websites. Change-Id: I47a00ec45e5016ef398e876c1b35be680b2284f8 Reviewed-on: https://chromium-review.googlesource.com/883467 Commit-Queue: Peter Conn <peconn@chromium.org> Reviewed-by: Bernhard Bauer <bauerb@chromium.org> Cr-Commit-Position: refs/heads/master@{#544351}
70b55043 · Peter E Conn · Commit Bot · d9c3034b · 70b55043 · 70b55043
Commit 70b55043 authored Mar 20, 2018 by Peter E Conn Committed by Commit Bot Mar 20, 2018
2 changed files
--- a/chrome/android/java/src/org/chromium/chrome/browser/ChromeSwitches.java
+++ b/chrome/android/java/src/org/chromium/chrome/browser/ChromeSwitches.java
@@ -183,6 +183,12 @@ public abstract class ChromeSwitches {
     */
    public static final String DONT_CRASH_ON_VIEW_MAIN_INTENTS = "dont-crash-on-view-main-intents";

+    /**
+     * Disables digital asset link verification for the given website.
+     */
+    public static final String DISABLE_DIGITAL_ASSET_LINK_VERIFICATION =
+            "disable-digital-asset-link-verification-for-url";
+
    // Prevent instantiation.
    private ChromeSwitches() {}
 }
--- a/chrome/android/java/src/org/chromium/chrome/browser/browserservices/OriginVerifier.java
+++ b/chrome/android/java/src/org/chromium/chrome/browser/browserservices/OriginVerifier.java
@@ -14,6 +14,7 @@ import android.support.customtabs.CustomTabsService.Relation;
 import android.support.v4.util.Pair;
 import android.text.TextUtils;

+import org.chromium.base.CommandLine;
 import org.chromium.base.ContextUtils;
 import org.chromium.base.Log;
 import org.chromium.base.ThreadUtils;
@@ -21,6 +22,7 @@ import org.chromium.base.VisibleForTesting;
 import org.chromium.base.annotations.CalledByNative;
 import org.chromium.base.annotations.JNINamespace;
 import org.chromium.base.library_loader.LibraryProcessType;
+import org.chromium.chrome.browser.ChromeSwitches;
 import org.chromium.chrome.browser.IntentHandler;
 import org.chromium.chrome.browser.UrlConstants;
 import org.chromium.chrome.browser.profiles.Profile;
@@ -166,15 +168,29 @@ public class OriginVerifier {
    public void start(@NonNull Origin origin) {
        ThreadUtils.assertOnUiThread();
        mOrigin = origin;
+
+        // Website to app Digital Asset Link verification can be skipped for a specific URL by
+        // passing a command line flag to ease development.
+        String disableDalUrl = CommandLine.getInstance().getSwitchValue(
+                ChromeSwitches.DISABLE_DIGITAL_ASSET_LINK_VERIFICATION);
+        if (!TextUtils.isEmpty(disableDalUrl)
+                && mOrigin.equals(new Origin(disableDalUrl))) {
+            Log.i(TAG, "Verification skipped for %s due to command line flag.", origin);
+            ThreadUtils.runOnUiThread(new VerifiedCallback(true));
+            return;
+        }
+
        String scheme = mOrigin.uri().getScheme();
        if (TextUtils.isEmpty(scheme)
                || !UrlConstants.HTTPS_SCHEME.equals(scheme.toLowerCase(Locale.US))) {
+            Log.i(TAG, "Verification failed for %s as not https.", origin);
            ThreadUtils.runOnUiThread(new VerifiedCallback(false));
            return;
        }

        // If this origin is cached as verified already, use that.
        if (isValidOrigin(mPackageName, origin, mRelation)) {
+            Log.i(TAG, "Verification succeeded for %s, it was cached.", origin);
            ThreadUtils.runOnUiThread(new VerifiedCallback(true));
            return;
        }
@@ -271,6 +287,7 @@ public class OriginVerifier {

    @CalledByNative
    private void originVerified(boolean originVerified) {
+        Log.i(TAG, "Verification %s.", (originVerified ? "succeeded" : "failed"));
        if (originVerified) {
            addVerifiedOriginForPackage(mPackageName, mOrigin, mRelation);
        }