Chromium Code Reviews
|
|
Chromium Code Reviews
Issue
2536223002:
Omnibox improvements and fixes. (Closed)
DescriptionOmnibox improvements and fixes.
- Show the correct security icon on the omnibar when out of WebVR. This
change uses the tab's security level to determine whether the security
warnings are shown, rather than the secure origin flag that was
plumbed through the WebVR code path.
- Keep the omnibox visible at all times in 2D browsing.
- Take URLs only from the main frame on a page.
BUG=641508
CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:closure_compilation
Committed: https://crrev.com/340d1da550dbf8290c7da82add22af59b0fa47e4
Cr-Commit-Position: refs/heads/master@{#436974}
Patch Set 1 #
Total comments: 1
Patch Set 2 : Unhook the original security warning control path. #
Total comments: 3
Patch Set 3 : Separate omnibox icon selection from webVR warning toggle. #
Total comments: 4
Patch Set 4 : CHECK -> DCHECK #Patch Set 5 : Revert unintential Javascript change. #Patch Set 6 : Rebase. #
Total comments: 1
Patch Set 7 : Rebase again. #Patch Set 8 : Rebase to lkgr, not just master. #Patch Set 9 : And, onto Michael's rename change. #Patch Set 10 : Make unit tests compile by including chrome/browser and blink. #
Total comments: 1
Messages
Total messages: 68 (36 generated)
Description was changed from ========== Omnibox improvements and fixes. - Show the correct security icon on the omnibar when out of WebVR. This change uses the tab's security level to determine whether the security warnings are shown, rather than the secure origin flag that was plumbed through the WebVR code path. - Keep the omnibox visible at all times in 2D browsing. - Take URLs only from the main frame on a page. BUG=641508 ========== to ========== Omnibox improvements and fixes. - Show the correct security icon on the omnibar when out of WebVR. This change uses the tab's security level to determine whether the security warnings are shown, rather than the secure origin flag that was plumbed through the WebVR code path. - Keep the omnibox visible at all times in 2D browsing. - Take URLs only from the main frame on a page. BUG=641508 CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:closure_compilation ==========
cjgrant@chromium.org changed reviewers: + bajones@chromium.org, clamy@chromium.org, dcheng@chromium.org, klausw@chromium.org, mthiesse@chromium.org
https://codereview.chromium.org/2536223002/diff/1/chrome/browser/android/vr_s... File chrome/browser/android/vr_shell/vr_web_contents_observer.cc (right): https://codereview.chromium.org/2536223002/diff/1/chrome/browser/android/vr_s... chrome/browser/android/vr_shell/vr_web_contents_observer.cc:61: const auto* helper = SecurityStateTabHelper::FromWebContents(web_contents()); dcheng@ and clamy@: This bit of code works for demo purposes, but I'm not comfortable with it, and would like your advice. In https://codereview.chromium.org/2361533003, you discuss how isSecureContext() is currently generated by the renderer, but will (in the future) be made available to the browser process (crbug.com/650203 tracks this). I don't know the difference between isSecureContext(), and the security level I'm querying with my CL. So far, I know that this method yields the same basic result for https and non-https WebVR sites (ie. warnings are shown only on http sites). Assuming that what I'm doing here is okay, my next question is, why isn't security level exposes via a WebContentsObserver callback? WebContentsObserver exposes something called Security "Style" - I haven't yet figured out what that is, but it's not the level. :) Finally, please note that the code here driving the omnibox is demo-grade. Eventually I expect we'll have a fully-functional omnibox that's similar to Clank's version, but done solely in C++. Details are a separate, huge discussion.
https://codereview.chromium.org/2536223002/diff/20001/chrome/browser/android/... File chrome/browser/android/vr_shell/vr_shell.cc (right): https://codereview.chromium.org/2536223002/diff/20001/chrome/browser/android/... chrome/browser/android/vr_shell/vr_shell.cc:916: // TODO(cjgrant): Remove this method, and all related plumbing back to the hurray!
lgtm
Brandon, you had mentioned that this change should preserve "exceptions for localhost". Can you elaborate a bit, Chrome-newb style? What's the easiest way to verify I'm not degrading things?
LGTM, as long as the localhost scenario works. What I meant was that WebVR content run from localhost should be treated as secure and not show the warning. This is crucial for developers, who obviously don't want to have to push to a public server repeatedly during development. To test, you could clone some WebVR content to your local machine (https://github.com/toji/webvr.info should work well) and run a local server ("python -m SimpleHTTPServer" FTW!) The open an instance of Chrome on that same machine, visit "about:inspect" and ensure that port forwarding is enabled and is forwarding the right ports. Now if you connect a phone via USB cable and use it to browse to localhost:8000 (or whatever port you're serving up) you should see the site served from the desktop machine but presented as if it's localhost from the phone. Now you can enter VR mode on one of the samples and see if it causes the warning to show up. If you're not familiar with the process it's a pain to get going the first time, so don't hesitate to ask if you run into problems! https://codereview.chromium.org/2536223002/diff/20001/chrome/browser/android/... File chrome/browser/android/vr_shell/vr_shell.cc (right): https://codereview.chromium.org/2536223002/diff/20001/chrome/browser/android/... chrome/browser/android/vr_shell/vr_shell.cc:916: // TODO(cjgrant): Remove this method, and all related plumbing back to the On 2016/11/29 16:40:19, mthiesse wrote: > hurray! +1!
On 2016/11/29 17:53:23, bajones wrote: > LGTM, as long as the localhost scenario works. > > What I meant was that WebVR content run from localhost should be treated as > secure and not show the warning. This is crucial for developers, who obviously > don't want to have to push to a public server repeatedly during development. > > To test, you could clone some WebVR content to your local machine > (https://github.com/toji/webvr.info should work well) and run a local server > ("python -m SimpleHTTPServer" FTW!) The open an instance of Chrome on that same > machine, visit "about:inspect" and ensure that port forwarding is enabled and is > forwarding the right ports. Now if you connect a phone via USB cable and use it > to browse to localhost:8000 (or whatever port you're serving up) you should see > the site served from the desktop machine but presented as if it's localhost from > the phone. Now you can enter VR mode on one of the samples and see if it causes > the warning to show up. > > If you're not familiar with the process it's a pain to get going the first time, > so don't hesitate to ask if you run into problems! > > https://codereview.chromium.org/2536223002/diff/20001/chrome/browser/android/... > File chrome/browser/android/vr_shell/vr_shell.cc (right): > > https://codereview.chromium.org/2536223002/diff/20001/chrome/browser/android/... > chrome/browser/android/vr_shell/vr_shell.cc:916: // TODO(cjgrant): Remove this > method, and all related plumbing back to the > On 2016/11/29 16:40:19, mthiesse wrote: > > hurray! > > +1! I'm definitely familiar with the port forwarding and local-hosting parts. I'm hazier on the content part, because if I host my own simple test page via localhost, it shows as insecure (both when viewed via the desktop browser and via the phone's forwarded port). I'll try it with the WebVR content to be sure. Thanks!
Conclusion: This CL would break the WebVR warnings as-is. I think I need to sync with dcheng@ on how to rework this.
Brandon, I reworked this to use the new security level query for omnibox, but the original webVR secure origin plumbing for the warnings, so as not to change behavior. From what I can see, the security level isn't computed as secure unless the connection is https, independent of whether we're looking at localhost or not (I think). https://codereview.chromium.org/2536223002/diff/20001/chrome/browser/android/... File chrome/browser/android/vr_shell/vr_shell.cc (right): https://codereview.chromium.org/2536223002/diff/20001/chrome/browser/android/... chrome/browser/android/vr_shell/vr_shell.cc:916: // TODO(cjgrant): Remove this method, and all related plumbing back to the On 2016/11/29 17:53:23, bajones wrote: > On 2016/11/29 16:40:19, mthiesse wrote: > > hurray! > > +1! Sorry that this decoupling isn't happening yet. The logic is different, so we'll have to maintain as-is for now.
On 2016/11/30 20:33:56, cjgrant wrote: > Brandon, I reworked this to use the new security level query for omnibox, but > the original webVR secure origin plumbing for the warnings, so as not to change > behavior. > > From what I can see, the security level isn't computed as secure unless the > connection is https, independent of whether we're looking at localhost or not (I > think). > > Sorry that this decoupling isn't happening yet. The logic is different, so > we'll have to maintain as-is for now. That's OK, still LGTM. I'm a bit confused, though, since the SecurityStateTabHelper::GetSecurityInfo call seems end up here: https://cs.chromium.org/chromium/src/content/common/origin_util.cc?sq=package... And that explicitly has a branch that returns true for localhost. Maybe we can just call content::IsOriginSecure directly when determining the WebVR warning state?
cjgrant@chromium.org changed reviewers: + bshe@chromium.org - clamy@chromium.org, dcheng@chromium.org
Adding Biao to check the UI JS change. Removing clamy@ and dcheng@ - that discussion is now offline.
lgtm https://codereview.chromium.org/2536223002/diff/40001/chrome/browser/android/... File chrome/browser/android/vr_shell/vr_web_contents_observer.cc (right): https://codereview.chromium.org/2536223002/diff/40001/chrome/browser/android/... chrome/browser/android/vr_shell/vr_web_contents_observer.cc:62: CHECK(helper); Perhaps a DCHECK here so the code is not in production?
https://codereview.chromium.org/2536223002/diff/40001/chrome/browser/android/... File chrome/browser/android/vr_shell/vr_web_contents_observer.cc (right): https://codereview.chromium.org/2536223002/diff/40001/chrome/browser/android/... chrome/browser/android/vr_shell/vr_web_contents_observer.cc:62: CHECK(helper); On 2016/12/01 15:32:46, bshe wrote: > Perhaps a DCHECK here so the code is not in production? The last time we discussed CHECK/DCHECK, we settled on using CHECK for anything security-impacting (see ui_scene.cc, etc). This is definitely security impacting, so it seems prudent to bail out if we can't obtain the correct security status, right?
https://codereview.chromium.org/2536223002/diff/40001/chrome/browser/android/... File chrome/browser/android/vr_shell/vr_web_contents_observer.cc (right): https://codereview.chromium.org/2536223002/diff/40001/chrome/browser/android/... chrome/browser/android/vr_shell/vr_web_contents_observer.cc:62: CHECK(helper); On 2016/12/01 21:21:51, cjgrant wrote: > On 2016/12/01 15:32:46, bshe wrote: > > Perhaps a DCHECK here so the code is not in production? > > The last time we discussed CHECK/DCHECK, we settled on using CHECK for anything > security-impacting (see ui_scene.cc, etc). This is definitely security > impacting, so it seems prudent to bail out if we can't obtain the correct > security status, right? My understanding is that it is better to use DCHECK for nullity. Since if helper is null, the code would crash anyway without the CHECK. And the point of using DCHECK is to let other commiters know that you are expecting helper never be null and they shouldn't try to add code which handle null case below.
https://codereview.chromium.org/2536223002/diff/40001/chrome/browser/android/... File chrome/browser/android/vr_shell/vr_web_contents_observer.cc (right): https://codereview.chromium.org/2536223002/diff/40001/chrome/browser/android/... chrome/browser/android/vr_shell/vr_web_contents_observer.cc:62: CHECK(helper); On 2016/12/02 14:21:36, bshe wrote: > On 2016/12/01 21:21:51, cjgrant wrote: > > On 2016/12/01 15:32:46, bshe wrote: > > > Perhaps a DCHECK here so the code is not in production? > > > > The last time we discussed CHECK/DCHECK, we settled on using CHECK for > anything > > security-impacting (see ui_scene.cc, etc). This is definitely security > > impacting, so it seems prudent to bail out if we can't obtain the correct > > security status, right? > > My understanding is that it is better to use DCHECK for nullity. Since if helper > is null, the code would crash anyway without the CHECK. > And the point of using DCHECK is to let other commiters know that you are > expecting helper never be null > and they shouldn't try to add code which handle null case below. Done.
The CQ bit was checked by cjgrant@chromium.org
The patchset sent to the CQ was uploaded after l-g-t-m from mthiesse@chromium.org, bajones@chromium.org, bshe@chromium.org Link to the patchset: https://codereview.chromium.org/2536223002/#ps80001 (title: "Revert unintential Javascript change.")
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Try jobs failed on following builders: mac_chromium_compile_dbg_ng on master.tryserver.chromium.mac (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.mac/builders/mac_chromium_comp...) mac_chromium_rel_ng on master.tryserver.chromium.mac (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.mac/builders/mac_chromium_rel_...)
The CQ bit was checked by cjgrant@chromium.org
The patchset sent to the CQ was uploaded after l-g-t-m from mthiesse@chromium.org, bajones@chromium.org, bshe@chromium.org Link to the patchset: https://codereview.chromium.org/2536223002/#ps100001 (title: "Rebase.")
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Try jobs failed on following builders: mac_chromium_compile_dbg_ng on master.tryserver.chromium.mac (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.mac/builders/mac_chromium_comp...) mac_chromium_rel_ng on master.tryserver.chromium.mac (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.mac/builders/mac_chromium_rel_...)
estark@chromium.org changed reviewers: + estark@chromium.org
https://codereview.chromium.org/2536223002/diff/100001/chrome/browser/android... File chrome/browser/android/vr_shell/vr_web_contents_observer.cc (right): https://codereview.chromium.org/2536223002/diff/100001/chrome/browser/android... chrome/browser/android/vr_shell/vr_web_contents_observer.cc:40: SetSecurityLevel(); Drive-by (not intending to block this CL, just noting something that should be addressed in future)... the security level can also change after a navigation has completed, see WebContents::DidChangeVisibleSecurityState. (For example, mixed content can appear on the page dynamically.) There isn't currently a WebContentsObserver method that does exactly what you want to pick up DidChangeVisibleSecurityState events. I think we can make that work with a little refactoring though: I'd suggest renaming WebContentsObserver::SecurityStyleChanged to WebContentsObserver::VisibleSecurityStateChanged and removing its arguments. Implementations that use the arguments can obtain them directly from WebContents::delegate()->GetSecurityStyle(). Then you can update the security level from a WebContentsObserver::VisibleSecurityStateChanged implementation here. (This should be better documented somewhere, but in case you're wondering, SecurityStyleChanged conveys security state info to observers in //content. The blink::WebSecurityStyle enum is a lossy representation of SecurityLevel, since the latter contains Chrome-specific security information that //content doesn't know about.)
The CQ bit was checked by cjgrant@chromium.org
The patchset sent to the CQ was uploaded after l-g-t-m from mthiesse@chromium.org, bajones@chromium.org, bshe@chromium.org Link to the patchset: https://codereview.chromium.org/2536223002/#ps120001 (title: "Rebase again.")
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Try jobs failed on following builders: mac_chromium_compile_dbg_ng on master.tryserver.chromium.mac (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.mac/builders/mac_chromium_comp...)
cjgrant@chromium.org changed reviewers: - estark@chromium.org, klausw@chromium.org
Dropping a couple people to limit noise while the patch conflicts are hammered out.
The CQ bit was checked by cjgrant@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: ios-device on master.tryserver.chromium.mac (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.mac/builders/ios-device/builds...) ios-simulator on master.tryserver.chromium.mac (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.mac/builders/ios-simulator/bui...)
The CQ bit was checked by cjgrant@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was checked by cjgrant@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: Try jobs failed on following builders: mac_chromium_rel_ng on master.tryserver.chromium.mac (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.mac/builders/mac_chromium_rel_...)
The CQ bit was checked by cjgrant@chromium.org
The patchset sent to the CQ was uploaded after l-g-t-m from mthiesse@chromium.org, bajones@chromium.org, bshe@chromium.org Link to the patchset: https://codereview.chromium.org/2536223002/#ps160001 (title: "And, onto Michael's rename change.")
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Try jobs failed on following builders: android_arm64_dbg_recipe on master.tryserver.chromium.android (JOB_FAILED, https://build.chromium.org/p/tryserver.chromium.android/builders/android_arm6...)
This change is getting interesting. Unit tests exposed that my approach to obtaining security level is a layer violation. I need to go back to the drawing board on this. estart@ earlier proposed a means of reworking WebContentsObserver to do what we need, and I'm going to try that.
This change is getting interesting. Unit tests exposed that my approach to obtaining security level is a layer violation. I need to go back to the drawing board on this. estart@ earlier proposed a means of reworking WebContentsObserver to do what we need, and I'm going to try that.
cjgrant@chromium.org changed reviewers: - bajones@chromium.org
Dropping bajones@. Michael and Biao, PTAL at the new unit test dependency change. I dislike it, but it's probably fine for now.
On 2016/12/07 15:02:07, cjgrant wrote: > Dropping bajones@. > > Michael and Biao, PTAL at the new unit test dependency change. I dislike it, > but it's probably fine for now. lgtm
The CQ bit was checked by cjgrant@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
lgtm https://codereview.chromium.org/2536223002/diff/180001/chrome/browser/resourc... File chrome/browser/resources/vr_shell/vr_shell_ui.js (right): https://codereview.chromium.org/2536223002/diff/180001/chrome/browser/resourc... chrome/browser/resources/vr_shell/vr_shell_ui.js:350: let secure = this.level == 2 || this.level == 3; nit: enum names for these constants?
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
The CQ bit was checked by cjgrant@chromium.org
The patchset sent to the CQ was uploaded after l-g-t-m from bajones@chromium.org Link to the patchset: https://codereview.chromium.org/2536223002/#ps180001 (title: "Make unit tests compile by including chrome/browser and blink.")
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
CQ is committing da patch.
Bot data: {"patchset_id": 180001, "attempt_start_ts": 1481127493177240,
"parent_rev": "2ebc48a1568b776b3b7113c09460cb1d549f0862", "commit_rev":
"6e1e663bc49f03f2947984d1d30246e74f42042a"}
Message was sent while issue was closed.
Committed patchset #10 (id:180001)
Message was sent while issue was closed.
Description was changed from ========== Omnibox improvements and fixes. - Show the correct security icon on the omnibar when out of WebVR. This change uses the tab's security level to determine whether the security warnings are shown, rather than the secure origin flag that was plumbed through the WebVR code path. - Keep the omnibox visible at all times in 2D browsing. - Take URLs only from the main frame on a page. BUG=641508 CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:closure_compilation ========== to ========== Omnibox improvements and fixes. - Show the correct security icon on the omnibar when out of WebVR. This change uses the tab's security level to determine whether the security warnings are shown, rather than the secure origin flag that was plumbed through the WebVR code path. - Keep the omnibox visible at all times in 2D browsing. - Take URLs only from the main frame on a page. BUG=641508 CQ_INCLUDE_TRYBOTS=master.tryserver.chromium.linux:closure_compilation Committed: https://crrev.com/340d1da550dbf8290c7da82add22af59b0fa47e4 Cr-Commit-Position: refs/heads/master@{#436974} ==========
Message was sent while issue was closed.
Patchset 10 (id:??) landed as https://crrev.com/340d1da550dbf8290c7da82add22af59b0fa47e4 Cr-Commit-Position: refs/heads/master@{#436974} |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
