Commit a9871df8 authored by Peter E Conn's avatar Peter E Conn Committed by Commit Bot

🤝 Restrict browserservices.Origin to HTTP and HTTPS.

Bug: 1019244
Change-Id: I9f8dfdf858e57e78c282d88924ff2e8edb24442e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1892961Reviewed-by: default avatarFinnur Thorarinsson <finnur@chromium.org>
Reviewed-by: default avatarŁukasz Anforowicz <lukasza@chromium.org>
Reviewed-by: default avatarTheresa  <twellington@chromium.org>
Commit-Queue: Peter Conn <peconn@chromium.org>
Cr-Commit-Position: refs/heads/master@{#712934}
parent e4c1bac3
...@@ -11,7 +11,7 @@ import org.chromium.chrome.browser.util.UrlConstants; ...@@ -11,7 +11,7 @@ import org.chromium.chrome.browser.util.UrlConstants;
import androidx.annotation.Nullable; import androidx.annotation.Nullable;
/** /**
* A class to canonically represent a web origin in Java. In comparison to * A class to canonically represent a HTTP or HTTPS web origin in Java. In comparison to
* {@link org.chromium.net.GURLUtils#getOrigin} it can be used before native is loaded and lets us * {@link org.chromium.net.GURLUtils#getOrigin} it can be used before native is loaded and lets us
* ensure conversion to an origin has been done with the type system. * ensure conversion to an origin has been done with the type system.
* *
...@@ -32,7 +32,8 @@ public class Origin { ...@@ -32,7 +32,8 @@ public class Origin {
} }
/** /**
* Constructs a canonical Origin from a String. * Constructs a canonical Origin from a String. Will return {@code null} for origins that are
* not HTTP or HTTPS.
*/ */
@Nullable @Nullable
public static Origin create(String uri) { public static Origin create(String uri) {
...@@ -40,7 +41,8 @@ public class Origin { ...@@ -40,7 +41,8 @@ public class Origin {
} }
/** /**
* Constructs a canonical Origin from an Uri. * Constructs a canonical Origin from an Uri. Will return {@code null} for origins that are not
* HTTP or HTTPS.
*/ */
@Nullable @Nullable
public static Origin create(Uri uri) { public static Origin create(Uri uri) {
...@@ -48,9 +50,14 @@ public class Origin { ...@@ -48,9 +50,14 @@ public class Origin {
return null; return null;
} }
// This class can only correctly handle certain origins, see https://crbug.com/1019244.
String scheme = uri.getScheme();
if (!scheme.equals(UrlConstants.HTTP_SCHEME) && !scheme.equals(UrlConstants.HTTPS_SCHEME)) {
return null;
}
// Make explicit ports implicit and remove any user:password. // Make explicit ports implicit and remove any user:password.
int port = uri.getPort(); int port = uri.getPort();
String scheme = uri.getScheme();
if (scheme.equals(UrlConstants.HTTP_SCHEME) && port == HTTP_DEFAULT_PORT) port = -1; if (scheme.equals(UrlConstants.HTTP_SCHEME) && port == HTTP_DEFAULT_PORT) port = -1;
if (scheme.equals(UrlConstants.HTTPS_SCHEME) && port == HTTPS_DEFAULT_PORT) port = -1; if (scheme.equals(UrlConstants.HTTPS_SCHEME) && port == HTTPS_DEFAULT_PORT) port = -1;
......
...@@ -128,9 +128,11 @@ class PermissionParamsListBuilder { ...@@ -128,9 +128,11 @@ class PermissionParamsListBuilder {
String managedBy = null; String managedBy = null;
if (permission.type == ContentSettingsType.NOTIFICATIONS) { if (permission.type == ContentSettingsType.NOTIFICATIONS) {
TrustedWebActivityPermissionManager manager = TrustedWebActivityPermissionManager.get(); TrustedWebActivityPermissionManager manager = TrustedWebActivityPermissionManager.get();
Origin origin = Origin.createOrThrow(mFullUrl); Origin origin = Origin.create(mFullUrl);
if (origin != null) {
managedBy = manager.getDelegateAppName(origin); managedBy = manager.getDelegateAppName(origin);
} }
}
if (managedBy != null) { if (managedBy != null) {
status_text = String.format( status_text = String.format(
mContext.getString(R.string.website_notification_managed_by_app), managedBy); mContext.getString(R.string.website_notification_managed_by_app), managedBy);
......
...@@ -428,17 +428,20 @@ public class SingleWebsitePreferences extends PreferenceFragmentCompat ...@@ -428,17 +428,20 @@ public class SingleWebsitePreferences extends PreferenceFragmentCompat
private void setUpNotificationsPreference(Preference preference) { private void setUpNotificationsPreference(Preference preference) {
TrustedWebActivityPermissionManager manager = TrustedWebActivityPermissionManager.get(); TrustedWebActivityPermissionManager manager = TrustedWebActivityPermissionManager.get();
Origin origin = Origin.createOrThrow(mSite.getAddress().getOrigin()); Origin origin = Origin.create(mSite.getAddress().getOrigin());
if (origin != null) {
String managedBy = manager.getDelegateAppName(origin); String managedBy = manager.getDelegateAppName(origin);
if (managedBy != null) { if (managedBy != null) {
final Intent notificationSettingsIntent = final Intent notificationSettingsIntent =
getNotificationSettingsIntent(manager.getDelegatePackageName(origin)); getNotificationSettingsIntent(manager.getDelegatePackageName(origin));
String summaryText = getString(R.string.website_notification_managed_by_app, managedBy); String summaryText = getString(R.string.website_notification_managed_by_app,
managedBy);
ChromeImageViewPreference newPreference = ChromeImageViewPreference newPreference =
replaceWithReadOnlyCopyOf(preference, summaryText); replaceWithReadOnlyCopyOf(preference, summaryText);
setupNotificationManagedByPreference(newPreference, notificationSettingsIntent); setupNotificationManagedByPreference(newPreference, notificationSettingsIntent);
return; return;
} }
}
final @ContentSettingValues @Nullable Integer value = final @ContentSettingValues @Nullable Integer value =
mSite.getPermission(PermissionInfo.Type.NOTIFICATION); mSite.getPermission(PermissionInfo.Type.NOTIFICATION);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment