[Web Payment][Android] Do not download app store manifests.

Before this patch, Chrome would attempt to download a payment method manifest from https://play.google.com/billing, which is a reserved URL for pointing to the invoking Trusted Web Activity and should not be dereferenced. This patch prevents downloads of any manifests for an Android payment app whose default payment method identifier is an app store payment method identifier. After this patch, Chrome does not attempt to download a payment method manifest from https://play.google.com/billing. Bug: 1099683 Change-Id: I3799d0486a7404ea0095b0c59a3d2467efd5b09f Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2329404 Commit-Queue: Rouslan Solomakhin <rouslan@chromium.org> Reviewed-by: Liquan (Max) Gu <maxlg@chromium.org> Cr-Commit-Position: refs/heads/master@{#793559}

[Web Payment][Android] Do not download app store manifests.
Before this patch, Chrome would attempt to download a payment method manifest from https://play.google.com/billing, which is a reserved URL for pointing to the invoking Trusted Web Activity and should not be dereferenced. This patch prevents downloads of any manifests for an Android payment app whose default payment method identifier is an app store payment method identifier. After this patch, Chrome does not attempt to download a payment method manifest from https://play.google.com/billing. Bug: 1099683 Change-Id: I3799d0486a7404ea0095b0c59a3d2467efd5b09f Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2329404 Commit-Queue: Rouslan Solomakhin <rouslan@chromium.org> Reviewed-by: Liquan (Max) Gu <maxlg@chromium.org> Cr-Commit-Position: refs/heads/master@{#793559}
bd1cad4b · Rouslan Solomakhin · Commit Bot · d0a28562 · bd1cad4b
Commit bd1cad4b authored Jul 31, 2020 by Rouslan Solomakhin Committed by Commit Bot Jul 31, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 14 additions and 0 deletions

chrome/android/java/src/org/chromium/chrome/browser/payments/AndroidPaymentAppFinder.java ...mium/chrome/browser/payments/AndroidPaymentAppFinder.java +14 -0

No files found.
--- a/chrome/android/java/src/org/chromium/chrome/browser/payments/AndroidPaymentAppFinder.java
+++ b/chrome/android/java/src/org/chromium/chrome/browser/payments/AndroidPaymentAppFinder.java
@@ -359,6 +359,14 @@ public class AndroidPaymentAppFinder implements ManifestVerifyCallback {
            GURL defaultUrlMethod = null;
            if (!TextUtils.isEmpty(defaultMethod)) {
                defaultUrlMethod = new GURL(defaultMethod);
+                // Do not download any manifests for the app whose default payment method identifier
+                // is an app store payment method identifier, because app store method URLs are used
+                // only for identification and do not host manifest files.
+                if (mAppStores.values().contains(defaultUrlMethod)) {
+                    continue;
+                }
                if (UrlUtils.isURLValid(defaultUrlMethod)) {
                    defaultMethod = urlToStringWithoutTrailingSlash(defaultUrlMethod);
                }
@@ -394,6 +402,12 @@ public class AndroidPaymentAppFinder implements ManifestVerifyCallback {
                    continue;
                }
+                // Ignore payment method identifiers of app stores, because app store method URLs
+                // are used only for identification and do not host manifest files.
+                if (mAppStores.values().contains(supportedUrlMethod)) {
+                    continue;
+                }
                if (!methodToAppsMapping.containsKey(supportedMethod)) {
                    methodToAppsMapping.put(supportedMethod, new HashSet<ResolveInfo>());
                }