Chromium Code Reviews Chromium Code Reviews
Issue 1882783002:
[WebView] Disallow geolocation on insecure origins for apps targeting N and higher. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2012 The Chromium Authors. All rights reserved. | 1 // Copyright 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 package org.chromium.android_webview; | 5 package org.chromium.android_webview; |
| 6 | 6 |
| 7 import android.annotation.SuppressLint; | 7 import android.annotation.SuppressLint; |
| 8 import android.content.Context; | 8 import android.content.Context; |
| 9 import android.content.pm.PackageManager; | 9 import android.content.pm.PackageManager; |
| 10 import android.os.Handler; | 10 import android.os.Handler; |
| (...skipping 94 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 105 private boolean mAllowContentUrlAccess = true; | 105 private boolean mAllowContentUrlAccess = true; |
| 106 private boolean mAllowFileUrlAccess = true; | 106 private boolean mAllowFileUrlAccess = true; |
| 107 private int mCacheMode = WebSettings.LOAD_DEFAULT; | 107 private int mCacheMode = WebSettings.LOAD_DEFAULT; |
| 108 private boolean mShouldFocusFirstNode = true; | 108 private boolean mShouldFocusFirstNode = true; |
| 109 private boolean mGeolocationEnabled = true; | 109 private boolean mGeolocationEnabled = true; |
| 110 private boolean mAutoCompleteEnabled = true; | 110 private boolean mAutoCompleteEnabled = true; |
| 111 private boolean mFullscreenSupported = false; | 111 private boolean mFullscreenSupported = false; |
| 112 private boolean mSupportZoom = true; | 112 private boolean mSupportZoom = true; |
| 113 private boolean mBuiltInZoomControls = false; | 113 private boolean mBuiltInZoomControls = false; |
| 114 private boolean mDisplayZoomControls = true; | 114 private boolean mDisplayZoomControls = true; |
| 115 private boolean mAllowGeolocationOnInsecureOrigins = true; | |
|
Torne
2016/04/13 15:33:01
The other API level settings are final; I assume t
timvolodine
2016/04/13 16:38:57
right, not a problem ;) done.
| |
| 115 | 116 |
| 116 static class LazyDefaultUserAgent{ | 117 static class LazyDefaultUserAgent{ |
| 117 // Lazy Holder pattern | 118 // Lazy Holder pattern |
| 118 private static final String sInstance = nativeGetDefaultUserAgent(); | 119 private static final String sInstance = nativeGetDefaultUserAgent(); |
| 119 } | 120 } |
| 120 | 121 |
| 121 // Protects access to settings global fields. | 122 // Protects access to settings global fields. |
| 122 private static final Object sGlobalContentSettingsLock = new Object(); | 123 private static final Object sGlobalContentSettingsLock = new Object(); |
| 123 // For compatibility with the legacy WebView, we can only enable AppCache wh en the path is | 124 // For compatibility with the legacy WebView, we can only enable AppCache wh en the path is |
| 124 // provided. However, we don't use the path, so we just check if we have rec eived it from the | 125 // provided. However, we don't use the path, so we just check if we have rec eived it from the |
| (...skipping 78 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 203 } | 204 } |
| 204 | 205 |
| 205 interface ZoomSupportChangeListener { | 206 interface ZoomSupportChangeListener { |
| 206 public void onGestureZoomSupportChanged( | 207 public void onGestureZoomSupportChanged( |
| 207 boolean supportsDoubleTapZoom, boolean supportsMultiTouchZoom); | 208 boolean supportsDoubleTapZoom, boolean supportsMultiTouchZoom); |
| 208 } | 209 } |
| 209 | 210 |
| 210 public AwSettings(Context context, | 211 public AwSettings(Context context, |
| 211 boolean isAccessFromFileURLsGrantedByDefault, | 212 boolean isAccessFromFileURLsGrantedByDefault, |
| 212 boolean supportsLegacyQuirks, | 213 boolean supportsLegacyQuirks, |
| 213 boolean allowEmptyDocumentPersistence) { | 214 boolean allowEmptyDocumentPersistence, |
| 215 boolean allowGeolocationOnInsecureOrigins) { | |
| 214 boolean hasInternetPermission = context.checkPermission( | 216 boolean hasInternetPermission = context.checkPermission( |
| 215 android.Manifest.permission.INTERNET, | 217 android.Manifest.permission.INTERNET, |
| 216 Process.myPid(), | 218 Process.myPid(), |
| 217 Process.myUid()) == PackageManager.PERMISSION_GRANTED; | 219 Process.myUid()) == PackageManager.PERMISSION_GRANTED; |
| 218 synchronized (mAwSettingsLock) { | 220 synchronized (mAwSettingsLock) { |
| 219 mHasInternetPermission = hasInternetPermission; | 221 mHasInternetPermission = hasInternetPermission; |
| 220 mBlockNetworkLoads = !hasInternetPermission; | 222 mBlockNetworkLoads = !hasInternetPermission; |
| 221 mEventHandler = new EventHandler(); | 223 mEventHandler = new EventHandler(); |
| 222 if (isAccessFromFileURLsGrantedByDefault) { | 224 if (isAccessFromFileURLsGrantedByDefault) { |
| 223 mAllowUniversalAccessFromFileURLs = true; | 225 mAllowUniversalAccessFromFileURLs = true; |
| 224 mAllowFileAccessFromFileURLs = true; | 226 mAllowFileAccessFromFileURLs = true; |
| 225 } | 227 } |
| 226 | 228 |
| 227 mUserAgent = LazyDefaultUserAgent.sInstance; | 229 mUserAgent = LazyDefaultUserAgent.sInstance; |
| 228 | 230 |
| 229 // Best-guess a sensible initial value based on the features support ed on the device. | 231 // Best-guess a sensible initial value based on the features support ed on the device. |
| 230 mSpatialNavigationEnabled = !context.getPackageManager().hasSystemFe ature( | 232 mSpatialNavigationEnabled = !context.getPackageManager().hasSystemFe ature( |
| 231 PackageManager.FEATURE_TOUCHSCREEN); | 233 PackageManager.FEATURE_TOUCHSCREEN); |
| 232 | 234 |
| 233 // Respect the system setting for password echoing. | 235 // Respect the system setting for password echoing. |
| 234 mPasswordEchoEnabled = Settings.System.getInt(context.getContentReso lver(), | 236 mPasswordEchoEnabled = Settings.System.getInt(context.getContentReso lver(), |
| 235 Settings.System.TEXT_SHOW_PASSWORD, 1) == 1; | 237 Settings.System.TEXT_SHOW_PASSWORD, 1) == 1; |
| 236 | 238 |
| 237 // By default, scale the text size by the system font scale factor. Embedders | 239 // By default, scale the text size by the system font scale factor. Embedders |
| 238 // may override this by invoking setTextZoom(). | 240 // may override this by invoking setTextZoom(). |
| 239 mTextSizePercent *= context.getResources().getConfiguration().fontSc ale; | 241 mTextSizePercent *= context.getResources().getConfiguration().fontSc ale; |
| 240 | 242 |
| 241 mSupportLegacyQuirks = supportsLegacyQuirks; | 243 mSupportLegacyQuirks = supportsLegacyQuirks; |
| 242 mAllowEmptyDocumentPersistence = allowEmptyDocumentPersistence; | 244 mAllowEmptyDocumentPersistence = allowEmptyDocumentPersistence; |
| 245 mAllowGeolocationOnInsecureOrigins = allowGeolocationOnInsecureOrigi ns; | |
| 243 } | 246 } |
| 244 // Defer initializing the native side until a native WebContents instanc e is set. | 247 // Defer initializing the native side until a native WebContents instanc e is set. |
| 245 } | 248 } |
| 246 | 249 |
| 247 @CalledByNative | 250 @CalledByNative |
| 248 private void nativeAwSettingsGone(long nativeAwSettings) { | 251 private void nativeAwSettingsGone(long nativeAwSettings) { |
| 249 assert mNativeAwSettings != 0 && mNativeAwSettings == nativeAwSettings; | 252 assert mNativeAwSettings != 0 && mNativeAwSettings == nativeAwSettings; |
| 250 mNativeAwSettings = 0; | 253 mNativeAwSettings = 0; |
| 251 } | 254 } |
| 252 | 255 |
| (...skipping 995 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1248 assert Thread.holdsLock(mAwSettingsLock); | 1251 assert Thread.holdsLock(mAwSettingsLock); |
| 1249 return mSupportLegacyQuirks; | 1252 return mSupportLegacyQuirks; |
| 1250 } | 1253 } |
| 1251 | 1254 |
| 1252 @CalledByNative | 1255 @CalledByNative |
| 1253 private boolean getAllowEmptyDocumentPersistenceLocked() { | 1256 private boolean getAllowEmptyDocumentPersistenceLocked() { |
| 1254 assert Thread.holdsLock(mAwSettingsLock); | 1257 assert Thread.holdsLock(mAwSettingsLock); |
| 1255 return mAllowEmptyDocumentPersistence; | 1258 return mAllowEmptyDocumentPersistence; |
| 1256 } | 1259 } |
| 1257 | 1260 |
| 1261 @CalledByNative | |
| 1262 private boolean getAllowGeolocationOnInsecureOrigins() { | |
| 1263 assert Thread.holdsLock(mAwSettingsLock); | |
| 1264 return mAllowGeolocationOnInsecureOrigins; | |
| 1265 } | |
| 1266 | |
| 1258 /** | 1267 /** |
| 1259 * See {@link android.webkit.WebSettings#setUseWideViewPort}. | 1268 * See {@link android.webkit.WebSettings#setUseWideViewPort}. |
| 1260 */ | 1269 */ |
| 1261 public void setUseWideViewPort(boolean use) { | 1270 public void setUseWideViewPort(boolean use) { |
| 1262 if (TRACE) Log.d(LOGTAG, "setUseWideViewPort=" + use); | 1271 if (TRACE) Log.d(LOGTAG, "setUseWideViewPort=" + use); |
| 1263 synchronized (mAwSettingsLock) { | 1272 synchronized (mAwSettingsLock) { |
| 1264 if (mUseWideViewport != use) { | 1273 if (mUseWideViewport != use) { |
| 1265 mUseWideViewport = use; | 1274 mUseWideViewport = use; |
| 1266 onGestureZoomSupportChanged( | 1275 onGestureZoomSupportChanged( |
| 1267 supportsDoubleTapZoomLocked(), supportsMultiTouchZoomLoc ked()); | 1276 supportsDoubleTapZoomLocked(), supportsMultiTouchZoomLoc ked()); |
| (...skipping 466 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1734 if (mNativeAwSettings != 0) { | 1743 if (mNativeAwSettings != 0) { |
| 1735 nativeUpdateRendererPreferencesLocked(mNativeAwSetti ngs); | 1744 nativeUpdateRendererPreferencesLocked(mNativeAwSetti ngs); |
| 1736 } | 1745 } |
| 1737 } | 1746 } |
| 1738 }); | 1747 }); |
| 1739 } | 1748 } |
| 1740 } | 1749 } |
| 1741 } | 1750 } |
| 1742 | 1751 |
| 1743 @VisibleForTesting | 1752 @VisibleForTesting |
| 1753 public void setAllowGeolocationOnInsecureOriginsForTests(final boolean allow ) { | |
| 1754 synchronized (mAwSettingsLock) { | |
| 1755 mAllowGeolocationOnInsecureOrigins = allow; | |
| 1756 } | |
| 1757 } | |
| 1758 | |
| 1759 @VisibleForTesting | |
| 1744 public void updateAcceptLanguages() { | 1760 public void updateAcceptLanguages() { |
| 1745 synchronized (mAwSettingsLock) { | 1761 synchronized (mAwSettingsLock) { |
| 1746 mEventHandler.runOnUiThreadBlockingAndLocked(new Runnable() { | 1762 mEventHandler.runOnUiThreadBlockingAndLocked(new Runnable() { |
| 1747 @Override | 1763 @Override |
| 1748 public void run() { | 1764 public void run() { |
| 1749 if (mNativeAwSettings != 0) { | 1765 if (mNativeAwSettings != 0) { |
| 1750 nativeUpdateRendererPreferencesLocked(mNativeAwSettings) ; | 1766 nativeUpdateRendererPreferencesLocked(mNativeAwSettings) ; |
| 1751 } | 1767 } |
| 1752 } | 1768 } |
| 1753 }); | 1769 }); |
| (...skipping 84 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1838 private native void nativeUpdateWebkitPreferencesLocked(long nativeAwSetting s); | 1854 private native void nativeUpdateWebkitPreferencesLocked(long nativeAwSetting s); |
| 1839 | 1855 |
| 1840 private static native String nativeGetDefaultUserAgent(); | 1856 private static native String nativeGetDefaultUserAgent(); |
| 1841 | 1857 |
| 1842 private native void nativeUpdateFormDataPreferencesLocked(long nativeAwSetti ngs); | 1858 private native void nativeUpdateFormDataPreferencesLocked(long nativeAwSetti ngs); |
| 1843 | 1859 |
| 1844 private native void nativeUpdateRendererPreferencesLocked(long nativeAwSetti ngs); | 1860 private native void nativeUpdateRendererPreferencesLocked(long nativeAwSetti ngs); |
| 1845 | 1861 |
| 1846 private native void nativeUpdateOffscreenPreRasterLocked(long nativeAwSettin gs); | 1862 private native void nativeUpdateOffscreenPreRasterLocked(long nativeAwSettin gs); |
| 1847 } | 1863 } |
| OLD | NEW |
