Support custom SafeSites error page in PolicyBlocklistNavigationThrottle

If specified, the content will be displayed when a navigation is canceled due to the SafeSites filter. Bug: 1147231 Change-Id: Id5d77bc6cacae69c3f873404ace8de5cfa898612 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2527730 Commit-Queue: David Dorwin <ddorwin@chromium.org> Commit-Queue: Owen Min <zmin@chromium.org> Auto-Submit: David Dorwin <ddorwin@chromium.org> Reviewed-by: Owen Min <zmin@chromium.org> Cr-Commit-Position: refs/heads/master@{#825939}

Support custom SafeSites error page in PolicyBlocklistNavigationThrottle
If specified, the content will be displayed when a navigation is canceled due to the SafeSites filter. Bug: 1147231 Change-Id: Id5d77bc6cacae69c3f873404ace8de5cfa898612 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2527730 Commit-Queue: David Dorwin <ddorwin@chromium.org> Commit-Queue: Owen Min <zmin@chromium.org> Auto-Submit: David Dorwin <ddorwin@chromium.org> Reviewed-by: Owen Min <zmin@chromium.org> Cr-Commit-Position: refs/heads/master@{#825939}
d6e3040b · David Dorwin · Commit Bot · e910bf98 · d6e3040b · d6e3040b
Commit d6e3040b authored Nov 10, 2020 by David Dorwin Committed by Commit Bot Nov 10, 2020
3 changed files
--- a/components/policy/content/policy_blocklist_navigation_throttle.cc
+++ b/components/policy/content/policy_blocklist_navigation_throttle.cc
@@ -6,6 +6,7 @@

 #include "base/bind.h"
 #include "base/check_op.h"
+#include "base/strings/string_piece.h"
 #include "components/policy/content/policy_blocklist_service.h"
 #include "components/policy/core/browser/url_blocklist_manager.h"
 #include "components/policy/core/browser/url_blocklist_policy_handler.h"
@@ -23,12 +24,20 @@ using SafeSitesFilterBehavior = policy::SafeSitesFilterBehavior;
 PolicyBlocklistNavigationThrottle::PolicyBlocklistNavigationThrottle(
    content::NavigationHandle* navigation_handle,
    content::BrowserContext* context)
-    : NavigationThrottle(navigation_handle) {
-  blocklist_service_ = PolicyBlocklistFactory::GetForBrowserContext(context);
-  prefs_ = user_prefs::UserPrefs::Get(context);
+    : NavigationThrottle(navigation_handle),
+      blocklist_service_(PolicyBlocklistFactory::GetForBrowserContext(context)),
+      prefs_(user_prefs::UserPrefs::Get(context)) {
  DCHECK(prefs_);
 }

+PolicyBlocklistNavigationThrottle::PolicyBlocklistNavigationThrottle(
+    content::NavigationHandle* navigation_handle,
+    content::BrowserContext* context,
+    base::StringPiece safe_sites_error_page_content)
+    : PolicyBlocklistNavigationThrottle(navigation_handle, context) {
+  safe_sites_error_page_content_ = safe_sites_error_page_content.as_string();
+}
+
 PolicyBlocklistNavigationThrottle::~PolicyBlocklistNavigationThrottle() =
    default;

@@ -51,6 +60,11 @@ PolicyBlocklistNavigationThrottle::WillStartRequest() {
  if (blocklist_state == URLBlocklistState::URL_IN_ALLOWLIST)
    return PROCEED;

+  return CheckSafeSitesFilter(url);
+}
+
+content::NavigationThrottle::ThrottleCheckResult
+PolicyBlocklistNavigationThrottle::CheckSafeSitesFilter(const GURL& url) {
  // Safe Sites filter applies to top-level HTTP[S] requests.
  if (!url.SchemeIsHTTPOrHTTPS())
    return PROCEED;
@@ -78,7 +92,8 @@ PolicyBlocklistNavigationThrottle::WillStartRequest() {
  }

  if (should_cancel_)
-    return ThrottleCheckResult(CANCEL, net::ERR_BLOCKED_BY_ADMINISTRATOR);
+    return ThrottleCheckResult(CANCEL, net::ERR_BLOCKED_BY_ADMINISTRATOR,
+                               safe_sites_error_page_content_);
  return PROCEED;
 }

@@ -102,6 +117,7 @@ void PolicyBlocklistNavigationThrottle::CheckSafeSearchCallback(bool is_safe) {
    Resume();
  } else {
    CancelDeferredNavigation(
-        ThrottleCheckResult(CANCEL, net::ERR_BLOCKED_BY_ADMINISTRATOR));
+        ThrottleCheckResult(CANCEL, net::ERR_BLOCKED_BY_ADMINISTRATOR,
+                            safe_sites_error_page_content_));
  }
 }
--- a/components/policy/content/policy_blocklist_navigation_throttle.h
+++ b/components/policy/content/policy_blocklist_navigation_throttle.h
@@ -7,8 +7,10 @@

 #include "base/macros.h"
 #include "base/memory/weak_ptr.h"
+#include "base/strings/string_piece_forward.h"
 #include "content/public/browser/navigation_throttle.h"

+class GURL;
 class PolicyBlocklistService;
 class PrefService;

@@ -28,15 +30,20 @@ class PolicyBlocklistNavigationThrottle : public content::NavigationThrottle {
  PolicyBlocklistNavigationThrottle(
      content::NavigationHandle* navigation_handle,
      content::BrowserContext* context);
+  PolicyBlocklistNavigationThrottle(
+      content::NavigationHandle* navigation_handle,
+      content::BrowserContext* context,
+      base::StringPiece safe_sites_error_page_content);
  ~PolicyBlocklistNavigationThrottle() override;

  // NavigationThrottle overrides.
  ThrottleCheckResult WillStartRequest() override;
  ThrottleCheckResult WillRedirectRequest() override;
-
  const char* GetNameForLogging() override;

 private:
+  ThrottleCheckResult CheckSafeSitesFilter(const GURL& url);
+
  // Callback from PolicyBlocklistService.
  void CheckSafeSearchCallback(bool is_safe);

@@ -44,6 +51,10 @@ class PolicyBlocklistNavigationThrottle : public content::NavigationThrottle {

  PrefService* prefs_;

+  // HTML to be displayed when navigation is canceled by the Safe Sites filter.
+  // If null, a default error page will be displayed.
+  base::Optional<std::string> safe_sites_error_page_content_;
+
  // Whether the request was deferred in order to check the Safe Search API.
  bool deferred_ = false;


--- a/components/policy/content/policy_blocklist_navigation_throttle_unittest.cc
+++ b/components/policy/content/policy_blocklist_navigation_throttle_unittest.cc
@@ -123,6 +123,23 @@ class PolicyBlocklistNavigationThrottleTest
  DISALLOW_COPY_AND_ASSIGN(PolicyBlocklistNavigationThrottleTest);
 };

+class PolicyBlocklistNavigationThrottleWithSafeSitesErrorContentTest
+    : public PolicyBlocklistNavigationThrottleTest {
+ public:
+  static const char kErrorPageContent[];
+  // content::WebContentsObserver:
+  void DidStartNavigation(
+      content::NavigationHandle* navigation_handle) override {
+    auto throttle = std::make_unique<PolicyBlocklistNavigationThrottle>(
+        navigation_handle, browser_context(), kErrorPageContent);
+
+    navigation_handle->RegisterThrottleForTesting(std::move(throttle));
+  }
+};
+
+const char PolicyBlocklistNavigationThrottleWithSafeSitesErrorContentTest::
+    kErrorPageContent[] = "<html><body>URL was filtered.</body></html>";
+
 TEST_F(PolicyBlocklistNavigationThrottleTest, Blocklist) {
  SetBlocklistUrlPattern("example.com");

@@ -133,7 +150,7 @@ TEST_F(PolicyBlocklistNavigationThrottleTest, Blocklist) {
            navigation_simulator->GetLastThrottleCheckResult());
 }

-TEST_F(PolicyBlocklistNavigationThrottleTest, Whitelist) {
+TEST_F(PolicyBlocklistNavigationThrottleTest, Allowlist) {
  SetAllowlistUrlPattern("www.example.com");
  SetBlocklistUrlPattern("example.com");

@@ -144,7 +161,7 @@ TEST_F(PolicyBlocklistNavigationThrottleTest, Whitelist) {
            navigation_simulator->GetLastThrottleCheckResult());
 }

-TEST_F(PolicyBlocklistNavigationThrottleTest, Safe) {
+TEST_F(PolicyBlocklistNavigationThrottleTest, SafeSites_Safe) {
  SetSafeSitesFilterBehavior(SafeSitesFilterBehavior::kSafeSitesFilterEnabled);
  stub_url_checker_.SetUpValidResponse(false /* is_porn */);

@@ -156,7 +173,7 @@ TEST_F(PolicyBlocklistNavigationThrottleTest, Safe) {
            navigation_simulator->GetLastThrottleCheckResult());
 }

-TEST_F(PolicyBlocklistNavigationThrottleTest, Porn) {
+TEST_F(PolicyBlocklistNavigationThrottleTest, SafeSites_Porn) {
  SetSafeSitesFilterBehavior(SafeSitesFilterBehavior::kSafeSitesFilterEnabled);
  stub_url_checker_.SetUpValidResponse(true /* is_porn */);

@@ -168,7 +185,7 @@ TEST_F(PolicyBlocklistNavigationThrottleTest, Porn) {
            navigation_simulator->GetLastThrottleCheckResult());
 }

-TEST_F(PolicyBlocklistNavigationThrottleTest, Allowlisted) {
+TEST_F(PolicyBlocklistNavigationThrottleTest, SafeSites_Allowlisted) {
  SetAllowlistUrlPattern("example.com");
  SetSafeSitesFilterBehavior(SafeSitesFilterBehavior::kSafeSitesFilterEnabled);
  stub_url_checker_.SetUpValidResponse(true /* is_porn */);
@@ -180,7 +197,7 @@ TEST_F(PolicyBlocklistNavigationThrottleTest, Allowlisted) {
            navigation_simulator->GetLastThrottleCheckResult());
 }

-TEST_F(PolicyBlocklistNavigationThrottleTest, Schemes) {
+TEST_F(PolicyBlocklistNavigationThrottleTest, SafeSites_Schemes) {
  SetSafeSitesFilterBehavior(SafeSitesFilterBehavior::kSafeSitesFilterEnabled);
  stub_url_checker_.SetUpValidResponse(true /* is_porn */);

@@ -197,7 +214,7 @@ TEST_F(PolicyBlocklistNavigationThrottleTest, Schemes) {
            navigation_simulator->GetLastThrottleCheckResult());
 }

-TEST_F(PolicyBlocklistNavigationThrottleTest, PolicyChange) {
+TEST_F(PolicyBlocklistNavigationThrottleTest, SafeSites_PolicyChange) {
  stub_url_checker_.SetUpValidResponse(true /* is_porn */);

  // The safe sites filter is initially disabled.
@@ -228,7 +245,7 @@ TEST_F(PolicyBlocklistNavigationThrottleTest, PolicyChange) {
  }
 }

-TEST_F(PolicyBlocklistNavigationThrottleTest, DISABLED_Failure) {
+TEST_F(PolicyBlocklistNavigationThrottleTest, DISABLED_SafeSites_Failure) {
  SetSafeSitesFilterBehavior(SafeSitesFilterBehavior::kSafeSitesFilterEnabled);
  stub_url_checker_.SetUpFailedResponse();

@@ -240,7 +257,7 @@ TEST_F(PolicyBlocklistNavigationThrottleTest, DISABLED_Failure) {
            navigation_simulator->GetLastThrottleCheckResult());
 }

-TEST_F(PolicyBlocklistNavigationThrottleTest, CachedSites) {
+TEST_F(PolicyBlocklistNavigationThrottleTest, SafeSites_CachedSites) {
  SetSafeSitesFilterBehavior(SafeSitesFilterBehavior::kSafeSitesFilterEnabled);

  // Check a couple of sites.
@@ -255,6 +272,8 @@ TEST_F(PolicyBlocklistNavigationThrottleTest, CachedSites) {
    navigation_simulator->Wait();
    EXPECT_EQ(content::NavigationThrottle::PROCEED,
              navigation_simulator->GetLastThrottleCheckResult());
+    EXPECT_FALSE(navigation_simulator->GetLastThrottleCheckResult()
+                     .error_page_content());
  }

  stub_url_checker_.SetUpValidResponse(true /* is_porn */);
@@ -264,6 +283,8 @@ TEST_F(PolicyBlocklistNavigationThrottleTest, CachedSites) {
    navigation_simulator->Wait();
    EXPECT_EQ(content::NavigationThrottle::CANCEL,
              navigation_simulator->GetLastThrottleCheckResult());
+    EXPECT_FALSE(navigation_simulator->GetLastThrottleCheckResult()
+                     .error_page_content());
  }

  stub_url_checker_.ClearResponses();
@@ -273,12 +294,74 @@ TEST_F(PolicyBlocklistNavigationThrottleTest, CachedSites) {
    ASSERT_FALSE(navigation_simulator->IsDeferred());
    EXPECT_EQ(content::NavigationThrottle::PROCEED,
              navigation_simulator->GetLastThrottleCheckResult());
+    EXPECT_FALSE(navigation_simulator->GetLastThrottleCheckResult()
+                     .error_page_content());
+  }
+
+  {
+    // This check is synchronous since the site is in the cache.
+    auto navigation_simulator = StartNavigation(porn_site);
+    ASSERT_FALSE(navigation_simulator->IsDeferred());
+    EXPECT_EQ(content::NavigationThrottle::CANCEL,
+              navigation_simulator->GetLastThrottleCheckResult());
+    EXPECT_FALSE(navigation_simulator->GetLastThrottleCheckResult()
+                     .error_page_content());
  }
+}
+
+TEST_F(PolicyBlocklistNavigationThrottleWithSafeSitesErrorContentTest,
+       SafeSites_CachedSites) {
+  SetSafeSitesFilterBehavior(SafeSitesFilterBehavior::kSafeSitesFilterEnabled);
+
+  // Check a couple of sites.
+  ASSERT_EQ(2u, kCacheSize);
+  const GURL safe_site = GURL("http://example.com/");
+  const GURL porn_site = GURL("http://example2.com/");
+
+  stub_url_checker_.SetUpValidResponse(false /* is_porn */);
+  {
+    auto navigation_simulator = StartNavigation(safe_site);
+    EXPECT_TRUE(navigation_simulator->IsDeferred());
+    navigation_simulator->Wait();
+    EXPECT_EQ(content::NavigationThrottle::PROCEED,
+              navigation_simulator->GetLastThrottleCheckResult());
+    EXPECT_FALSE(navigation_simulator->GetLastThrottleCheckResult()
+                     .error_page_content());
+  }
+
+  stub_url_checker_.SetUpValidResponse(true /* is_porn */);
+  {
+    auto navigation_simulator = StartNavigation(porn_site);
+    EXPECT_TRUE(navigation_simulator->IsDeferred());
+    navigation_simulator->Wait();
+    EXPECT_EQ(content::NavigationThrottle::CANCEL,
+              navigation_simulator->GetLastThrottleCheckResult());
+    EXPECT_STREQ(kErrorPageContent,
+                 navigation_simulator->GetLastThrottleCheckResult()
+                     .error_page_content()
+                     ->c_str());
+  }
+
+  stub_url_checker_.ClearResponses();
+  {
+    // This check is synchronous since the site is in the cache.
+    auto navigation_simulator = StartNavigation(safe_site);
+    ASSERT_FALSE(navigation_simulator->IsDeferred());
+    EXPECT_EQ(content::NavigationThrottle::PROCEED,
+              navigation_simulator->GetLastThrottleCheckResult());
+    EXPECT_FALSE(navigation_simulator->GetLastThrottleCheckResult()
+                     .error_page_content());
+  }
+
  {
    // This check is synchronous since the site is in the cache.
    auto navigation_simulator = StartNavigation(porn_site);
    ASSERT_FALSE(navigation_simulator->IsDeferred());
    EXPECT_EQ(content::NavigationThrottle::CANCEL,
              navigation_simulator->GetLastThrottleCheckResult());
+    EXPECT_STREQ(kErrorPageContent,
+                 navigation_simulator->GetLastThrottleCheckResult()
+                     .error_page_content()
+                     ->c_str());
  }
 }