🤝 Restrict browserservices.Origin to HTTP and HTTPS.

Bug: 1019244 Change-Id: I9f8dfdf858e57e78c282d88924ff2e8edb24442e Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1892961Reviewed-by: Finnur Thorarinsson <finnur@chromium.org> Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org> Reviewed-by: Theresa <twellington@chromium.org> Commit-Queue: Peter Conn <peconn@chromium.org> Cr-Commit-Position: refs/heads/master@{#712934}

🤝 Restrict browserservices.Origin to HTTP and HTTPS.
Bug: 1019244 Change-Id: I9f8dfdf858e57e78c282d88924ff2e8edb24442e Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1892961Reviewed-by: Finnur Thorarinsson <finnur@chromium.org> Reviewed-by: Łukasz Anforowicz <lukasza@chromium.org> Reviewed-by: Theresa <twellington@chromium.org> Commit-Queue: Peter Conn <peconn@chromium.org> Cr-Commit-Position: refs/heads/master@{#712934}
a9871df8 · Peter E Conn · Commit Bot · e4c1bac3 · a9871df8 · a9871df8
Commit a9871df8 authored Nov 06, 2019 by Peter E Conn Committed by Commit Bot Nov 06, 2019
3 changed files
--- a/chrome/android/java/src/org/chromium/chrome/browser/browserservices/Origin.java
+++ b/chrome/android/java/src/org/chromium/chrome/browser/browserservices/Origin.java
@@ -11,7 +11,7 @@ import org.chromium.chrome.browser.util.UrlConstants;
 import androidx.annotation.Nullable;

 /**
- * A class to canonically represent a web origin in Java. In comparison to
+ * A class to canonically represent a HTTP or HTTPS web origin in Java. In comparison to
 * {@link org.chromium.net.GURLUtils#getOrigin} it can be used before native is loaded and lets us
 * ensure conversion to an origin has been done with the type system.
 *
@@ -32,7 +32,8 @@ public class Origin {
    }

    /**
-     * Constructs a canonical Origin from a String.
+     * Constructs a canonical Origin from a String. Will return {@code null} for origins that are
+     * not HTTP or HTTPS.
     */
    @Nullable
    public static Origin create(String uri) {
@@ -40,7 +41,8 @@ public class Origin {
    }

    /**
-     * Constructs a canonical Origin from an Uri.
+     * Constructs a canonical Origin from an Uri. Will return {@code null} for origins that are not
+     * HTTP or HTTPS.
     */
    @Nullable
    public static Origin create(Uri uri) {
@@ -48,9 +50,14 @@ public class Origin {
            return null;
        }

+        // This class can only correctly handle certain origins, see https://crbug.com/1019244.
+        String scheme = uri.getScheme();
+        if (!scheme.equals(UrlConstants.HTTP_SCHEME) && !scheme.equals(UrlConstants.HTTPS_SCHEME)) {
+            return null;
+        }
+
        // Make explicit ports implicit and remove any user:password.
        int port = uri.getPort();
-        String scheme = uri.getScheme();
        if (scheme.equals(UrlConstants.HTTP_SCHEME) && port == HTTP_DEFAULT_PORT) port = -1;
        if (scheme.equals(UrlConstants.HTTPS_SCHEME) && port == HTTPS_DEFAULT_PORT) port = -1;


--- a/chrome/android/java/src/org/chromium/chrome/browser/page_info/PermissionParamsListBuilder.java
+++ b/chrome/android/java/src/org/chromium/chrome/browser/page_info/PermissionParamsListBuilder.java
@@ -128,8 +128,10 @@ class PermissionParamsListBuilder {
        String managedBy = null;
        if (permission.type == ContentSettingsType.NOTIFICATIONS) {
            TrustedWebActivityPermissionManager manager = TrustedWebActivityPermissionManager.get();
-            Origin origin = Origin.createOrThrow(mFullUrl);
-            managedBy = manager.getDelegateAppName(origin);
+            Origin origin = Origin.create(mFullUrl);
+            if (origin != null) {
+                managedBy = manager.getDelegateAppName(origin);
+            }
        }
        if (managedBy != null) {
            status_text = String.format(

--- a/chrome/android/java/src/org/chromium/chrome/browser/preferences/website/SingleWebsitePreferences.java
+++ b/chrome/android/java/src/org/chromium/chrome/browser/preferences/website/SingleWebsitePreferences.java
@@ -428,16 +428,19 @@ public class SingleWebsitePreferences extends PreferenceFragmentCompat

    private void setUpNotificationsPreference(Preference preference) {
        TrustedWebActivityPermissionManager manager = TrustedWebActivityPermissionManager.get();
-        Origin origin = Origin.createOrThrow(mSite.getAddress().getOrigin());
-        String managedBy = manager.getDelegateAppName(origin);
-        if (managedBy != null) {
-            final Intent notificationSettingsIntent =
-                    getNotificationSettingsIntent(manager.getDelegatePackageName(origin));
-            String summaryText = getString(R.string.website_notification_managed_by_app, managedBy);
-            ChromeImageViewPreference newPreference =
-                    replaceWithReadOnlyCopyOf(preference, summaryText);
-            setupNotificationManagedByPreference(newPreference, notificationSettingsIntent);
-            return;
+        Origin origin = Origin.create(mSite.getAddress().getOrigin());
+        if (origin != null) {
+            String managedBy = manager.getDelegateAppName(origin);
+            if (managedBy != null) {
+                final Intent notificationSettingsIntent =
+                        getNotificationSettingsIntent(manager.getDelegatePackageName(origin));
+                String summaryText = getString(R.string.website_notification_managed_by_app,
+                        managedBy);
+                ChromeImageViewPreference newPreference =
+                        replaceWithReadOnlyCopyOf(preference, summaryText);
+                setupNotificationManagedByPreference(newPreference, notificationSettingsIntent);
+                return;
+            }
        }

        final @ContentSettingValues @Nullable Integer value =