Add variations flag for mixed content autoupgrades in AW

Mixed content autoupgrades are currently completely disabled for
webview, this makes them controllable with a webview specific
variations flag. Flag is also exposed in AW devtools.

Bug: 1139424
Change-Id: I9095cdd98eef0136106d087af3f1f104784d3dd6
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2480817Reviewed-by: Nate Fischer <ntfschr@chromium.org>
Reviewed-by: Bo <boliu@chromium.org>
Commit-Queue: Carlos IL <carlosil@chromium.org>
Cr-Commit-Position: refs/heads/master@{#818568}

android_webview/browser/aw_feature_list.cc

@@ -26,6 +26,7 @@ namespace {
 const base::Feature* kFeaturesExposedToJava[] = {
     &features::kWebViewConnectionlessSafeBrowsing,
     &features::kWebViewDisplayCutout,
+    &features::kWebViewMixedContentAutoupgrades,
     &features::kWebViewTestFeature,
     &features::kWebViewMeasureScreenCoverage,
 };

android_webview/common/aw_features.cc

@@ -29,6 +29,15 @@ const base::Feature kWebViewDisplayCutout{"WebViewDisplayCutout",
 const base::Feature kWebViewExtraHeadersSameDomainOnly{
     "WebViewExtraHeadersSameDomainOnly", base::FEATURE_ENABLED_BY_DEFAULT};
 
+// When enabled, passive mixed content (Audio/Video/Image subresources loaded
+// over HTTP on HTTPS sites) will be autoupgraded to HTTPS, and the load will be
+// blocked if the resource fails to load over HTTPS. This only affects apps that
+// set the mixed content mode to MIXED_CONTENT_COMPATIBILITY_MODE, autoupgrades
+// are always disabled for MIXED_CONTENT_NEVER_ALLOW and
+// MIXED_CONTENT_ALWAYS_ALLOW modes.
+const base::Feature kWebViewMixedContentAutoupgrades{
+    "WebViewMixedContentAutoupgrades", base::FEATURE_DISABLED_BY_DEFAULT};
+
 // Only allow extra headers added via loadUrl() to be sent to the original
 // origin; strip them from the request if a cross-origin redirect occurs.
 // When this is enabled, kWebViewExtraHeadersSameDomainOnly has no effect.

android_webview/common/aw_features.h

@@ -20,6 +20,7 @@ extern const base::Feature kWebViewDisplayCutout;
 extern const base::Feature kWebViewExtraHeadersSameDomainOnly;
 extern const base::Feature kWebViewExtraHeadersSameOriginOnly;
 extern const base::Feature kWebViewMeasureScreenCoverage;
+extern const base::Feature kWebViewMixedContentAutoupgrades;
 extern const base::Feature kWebViewTestFeature;
 extern const base::Feature kWebViewWideColorGamutSupport;
 

android_webview/java/src/org/chromium/android_webview/AwSettings.java

@@ -17,6 +17,7 @@ import android.webkit.WebSettings;
 
 import androidx.annotation.IntDef;
 
+import org.chromium.android_webview.common.AwFeatures;
 import org.chromium.android_webview.safe_browsing.AwSafeBrowsingConfigHelper;
 import org.chromium.android_webview.settings.ForceDarkBehavior;
 import org.chromium.android_webview.settings.ForceDarkMode;
@@ -1841,10 +1842,16 @@ public class AwSettings {
 
     @CalledByNative
     private boolean getAllowMixedContentAutoupgradesLocked() {
-        // TODO(crbug.com/1139424): Mixed content autoupgrades are temporarily disabled completely
-        // on WebView. This should remain as is for MIXED_CONTENT_ALWAYS_ALLOW and
-        // MIXED_CONTENT_NEVER_ALLOW, but should be controlled via a variations flag for
-        // MIXED_CONTENT_COMPATIBILITY_MODE.
+        if (AwFeatureList.isEnabled(AwFeatures.WEBVIEW_MIXED_CONTENT_AUTOUPGRADES)) {
+            // We only allow mixed content autoupgrades (upgrading HTTP subresources to HTTPS in
+            // HTTPS sites) when the mixed content mode is set to MIXED_CONTENT_COMPATIBILITY, which
+            // keeps it in line with the behavior in Chrome. With MIXED_CONTENT_ALWAYS_ALLOW, we
+            // disable autoupgrades since the developer is explicitly allowing mixed content,
+            // whereas with MIXED_CONTENT_NEVER_ALLOW, there is no need to autoupgrade since the
+            // content will be blocked.
+            assert Thread.holdsLock(mAwSettingsLock);
+            return mMixedContentMode == WebSettings.MIXED_CONTENT_COMPATIBILITY_MODE;
+        }
         return false;
     }
 

android_webview/java/src/org/chromium/android_webview/common/ProductionSupportedFlagList.java

@@ -98,5 +98,8 @@ public final class ProductionSupportedFlagList {
                     "Forces WebView to do rendering work in little cores"),
             Flag.baseFeature(BlinkFeatures.WEBVIEW_ACCELERATE_SMALL_CANVASES,
                     "Accelerate all canvases in webview."),
+            Flag.baseFeature(AwFeatures.WEBVIEW_MIXED_CONTENT_AUTOUPGRADES,
+                    "Enables autoupgrades for audio/video/image mixed content when mixed content "
+                            + "mode is set to MIXED_CONTENT_COMPATIBILITY_MODE"),
     };
 }

android_webview/javatests/src/org/chromium/android_webview/test/AwSettingsTest.java

@@ -27,8 +27,10 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 
 import org.chromium.android_webview.AwContents;
+import org.chromium.android_webview.AwFeatureList;
 import org.chromium.android_webview.AwSettings;
 import org.chromium.android_webview.AwSettings.LayoutAlgorithm;
+import org.chromium.android_webview.common.AwFeatures;
 import org.chromium.android_webview.test.AwActivityTestRule.TestDependencyFactory;
 import org.chromium.android_webview.test.TestAwContentsClient.DoUpdateVisitedHistoryHelper;
 import org.chromium.android_webview.test.util.CommonResources;
@@ -3309,6 +3311,7 @@ public class AwSettingsTest {
             httpsServer = TestWebServer.startSsl();
             httpServer = TestWebServer.start();
             httpServer.setServerHost("example.com");
+            httpsServer.setServerHost("secure.com");
 
             final String jsUrl = "/insecure.js";
             final String imageUrl = "/insecure.png";
@@ -3338,11 +3341,29 @@ public class AwSettingsTest {
             Assert.assertEquals(1, httpServer.getRequestCount(imageUrl));
 
             awSettings.setMixedContentMode(WebSettings.MIXED_CONTENT_COMPATIBILITY_MODE);
-            mActivityTestRule.loadUrlSync(
-                    awContents, contentClient.getOnPageFinishedHelper(), fullSecureUrl);
-            Assert.assertEquals(3, httpsServer.getRequestCount(secureUrl));
-            Assert.assertEquals(1, httpServer.getRequestCount(jsUrl));
-            Assert.assertEquals(2, httpServer.getRequestCount(imageUrl));
+            if (AwFeatureList.isEnabled(AwFeatures.WEBVIEW_MIXED_CONTENT_AUTOUPGRADES)) {
+                // COMPATIBILITY_MODE enables autoupgrades for passive mixed content (including
+                // images), so we set the image url to the HTTP version of the HTTPS server, and
+                // check it was autoupgraded by expecting the HTTPS server to be hit.
+                String httpImageUrl = httpsServer.setResponseBase64(
+                        imageUrl, CommonResources.FAVICON_DATA_BASE64, null);
+                httpImageUrl = httpImageUrl.replaceFirst("https", "http");
+                final String autoupgradedImageHtml = "<img src=\"" + httpImageUrl + "\" />";
+                final String htmlForAutoupgrade =
+                        "<body>" + autoupgradedImageHtml + " " + jsHtml + "</body>";
+                fullSecureUrl = httpsServer.setResponse(secureUrl, htmlForAutoupgrade, null);
+                mActivityTestRule.loadUrlSync(
+                        awContents, contentClient.getOnPageFinishedHelper(), fullSecureUrl);
+                Assert.assertEquals(1, httpsServer.getRequestCount(secureUrl));
+                Assert.assertEquals(1, httpsServer.getRequestCount(imageUrl));
+                Assert.assertEquals(1, httpServer.getRequestCount(jsUrl));
+            } else {
+                mActivityTestRule.loadUrlSync(
+                        awContents, contentClient.getOnPageFinishedHelper(), fullSecureUrl);
+                Assert.assertEquals(3, httpsServer.getRequestCount(secureUrl));
+                Assert.assertEquals(1, httpServer.getRequestCount(jsUrl));
+                Assert.assertEquals(2, httpServer.getRequestCount(imageUrl));
+            }
         } finally {
             if (httpServer != null) {
                 httpServer.shutdown();

tools/metrics/histograms/enums.xml

@@ -42930,6 +42930,7 @@ from previous Chrome versions.
   <int value="-770319039" label="enable-touch-editing"/>
   <int value="-769865314" label="AutofillCacheQueryResponses:disabled"/>
   <int value="-766805224" label="MirroringService:enabled"/>
+  <int value="-764463072" label="WebViewMixedContentAutoupgrades:disabled"/>
   <int value="-763900417" label="CCTModuleUseIntentExtras:enabled"/>
   <int value="-763759697" label="enable-audio-support-for-desktop-share"/>
   <int value="-763730918" label="CCTTargetTranslateLanguage:disabled"/>
@@ -42976,6 +42977,7 @@ from previous Chrome versions.
   <int value="-726892130" label="AndroidMessagesIntegration:disabled"/>
   <int value="-723224470" label="enable-password-force-saving:enabled"/>
   <int value="-722474177" label="browser-side-navigation:disabled"/>
+  <int value="-721685663" label="WebViewMixedContentAutoupgrades:enabled"/>
   <int value="-721245076" label="DesktopPWAsStayInWindow:disabled"/>
   <int value="-719819631" label="TranslateUI:disabled"/>
   <int value="-719698123" label="LegacyTLSWarnings:enabled"/>