| OLD | NEW |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "chrome/browser/permissions/permission_context_base.h" | 5 #include "chrome/browser/permissions/permission_context_base.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 | 8 |
| 9 #include <string> | 9 #include <string> |
| 10 #include <utility> | 10 #include <utility> |
| (...skipping 117 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 128 // Synchronously check the content setting to see if the user has already made | 128 // Synchronously check the content setting to see if the user has already made |
| 129 // a decision, or if the origin is under embargo. If so, respect that | 129 // a decision, or if the origin is under embargo. If so, respect that |
| 130 // decision. | 130 // decision. |
| 131 // TODO(raymes): Pass in the RenderFrameHost of the request here. | 131 // TODO(raymes): Pass in the RenderFrameHost of the request here. |
| 132 PermissionResult result = GetPermissionStatus( | 132 PermissionResult result = GetPermissionStatus( |
| 133 nullptr /* render_frame_host */, requesting_origin, embedding_origin); | 133 nullptr /* render_frame_host */, requesting_origin, embedding_origin); |
| 134 | 134 |
| 135 if (result.content_setting == CONTENT_SETTING_ALLOW || | 135 if (result.content_setting == CONTENT_SETTING_ALLOW || |
| 136 result.content_setting == CONTENT_SETTING_BLOCK) { | 136 result.content_setting == CONTENT_SETTING_BLOCK) { |
| 137 switch (result.source) { | 137 switch (result.source) { |
| 138 case PermissionStatusSource::SAFE_BROWSING_BLACKLIST: |
| 139 LogPermissionBlockedMessage(web_contents, |
| 140 kPermissionBlockedBlacklistMessage, |
| 141 content_settings_type_); |
| 142 break; |
| 138 case PermissionStatusSource::KILL_SWITCH: | 143 case PermissionStatusSource::KILL_SWITCH: |
| 139 // Block the request and log to the developer console. | 144 // Block the request and log to the developer console. |
| 140 LogPermissionBlockedMessage(web_contents, | 145 LogPermissionBlockedMessage(web_contents, |
| 141 kPermissionBlockedKillSwitchMessage, | 146 kPermissionBlockedKillSwitchMessage, |
| 142 content_settings_type_); | 147 content_settings_type_); |
| 143 callback.Run(CONTENT_SETTING_BLOCK); | 148 callback.Run(CONTENT_SETTING_BLOCK); |
| 144 return; | 149 return; |
| 145 case PermissionStatusSource::MULTIPLE_DISMISSALS: | 150 case PermissionStatusSource::MULTIPLE_DISMISSALS: |
| 146 LogPermissionBlockedMessage(web_contents, | 151 LogPermissionBlockedMessage(web_contents, |
| 147 kPermissionBlockedRepeatedDismissalsMessage, | 152 kPermissionBlockedRepeatedDismissalsMessage, |
| 148 content_settings_type_); | 153 content_settings_type_); |
| 149 break; | 154 break; |
| 150 case PermissionStatusSource::MULTIPLE_IGNORES: | 155 case PermissionStatusSource::MULTIPLE_IGNORES: |
| 151 LogPermissionBlockedMessage(web_contents, | 156 LogPermissionBlockedMessage(web_contents, |
| 152 kPermissionBlockedRepeatedIgnoresMessage, | 157 kPermissionBlockedRepeatedIgnoresMessage, |
| 153 content_settings_type_); | 158 content_settings_type_); |
| 154 break; | 159 break; |
| 155 case PermissionStatusSource::SAFE_BROWSING_BLACKLIST: | |
| 156 LogPermissionBlockedMessage(web_contents, | |
| 157 kPermissionBlockedBlacklistMessage, | |
| 158 content_settings_type_); | |
| 159 break; | |
| 160 case PermissionStatusSource::UNSPECIFIED: | 160 case PermissionStatusSource::UNSPECIFIED: |
| 161 case PermissionStatusSource::INSECURE_ORIGIN: |
| 162 case PermissionStatusSource::ENTERPRISE_POLICY: |
| 163 case PermissionStatusSource::EXTENSION: |
| 161 break; | 164 break; |
| 162 } | 165 } |
| 163 | 166 |
| 164 // If we are under embargo, record the embargo reason for which we have | 167 // If we are under embargo, record the embargo reason for which we have |
| 165 // suppressed the prompt. | 168 // suppressed the prompt. |
| 166 PermissionUmaUtil::RecordEmbargoPromptSuppressionFromSource(result.source); | 169 PermissionUmaUtil::RecordEmbargoPromptSuppressionFromSource(result.source); |
| 167 NotifyPermissionSet(id, requesting_origin, embedding_origin, callback, | 170 NotifyPermissionSet(id, requesting_origin, embedding_origin, callback, |
| 168 false /* persist */, result.content_setting); | 171 false /* persist */, result.content_setting); |
| 169 return; | 172 return; |
| 170 } | 173 } |
| (...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 225 const GURL& embedding_origin) const { | 228 const GURL& embedding_origin) const { |
| 226 // If the permission has been disabled through Finch, block all requests. | 229 // If the permission has been disabled through Finch, block all requests. |
| 227 if (IsPermissionKillSwitchOn()) { | 230 if (IsPermissionKillSwitchOn()) { |
| 228 return PermissionResult(CONTENT_SETTING_BLOCK, | 231 return PermissionResult(CONTENT_SETTING_BLOCK, |
| 229 PermissionStatusSource::KILL_SWITCH); | 232 PermissionStatusSource::KILL_SWITCH); |
| 230 } | 233 } |
| 231 | 234 |
| 232 if (IsRestrictedToSecureOrigins()) { | 235 if (IsRestrictedToSecureOrigins()) { |
| 233 if (!content::IsOriginSecure(requesting_origin)) { | 236 if (!content::IsOriginSecure(requesting_origin)) { |
| 234 return PermissionResult(CONTENT_SETTING_BLOCK, | 237 return PermissionResult(CONTENT_SETTING_BLOCK, |
| 235 PermissionStatusSource::UNSPECIFIED); | 238 PermissionStatusSource::INSECURE_ORIGIN); |
| 236 } | 239 } |
| 237 | 240 |
| 238 // TODO(raymes): We should check the entire chain of embedders here whenever | 241 // TODO(raymes): We should check the entire chain of embedders here whenever |
| 239 // possible as this corresponds to the requirements of the secure contexts | 242 // possible as this corresponds to the requirements of the secure contexts |
| 240 // spec and matches what is implemented in blink. Right now we just check | 243 // spec and matches what is implemented in blink. Right now we just check |
| 241 // the top level and requesting origins. Note: chrome-extension:// origins | 244 // the top level and requesting origins. Note: chrome-extension:// origins |
| 242 // are currently exempt from checking the embedder chain. crbug.com/530507. | 245 // are currently exempt from checking the embedder chain. crbug.com/530507. |
| 243 if (!requesting_origin.SchemeIs(extensions::kExtensionScheme) && | 246 if (!requesting_origin.SchemeIs(extensions::kExtensionScheme) && |
| 244 !content::IsOriginSecure(embedding_origin)) { | 247 !content::IsOriginSecure(embedding_origin)) { |
| 245 return PermissionResult(CONTENT_SETTING_BLOCK, | 248 return PermissionResult(CONTENT_SETTING_BLOCK, |
| 246 PermissionStatusSource::UNSPECIFIED); | 249 PermissionStatusSource::INSECURE_ORIGIN); |
| 247 } | 250 } |
| 248 } | 251 } |
| 249 | 252 |
| 250 // Check whether the feature is enabled for the frame by feature policy. We | 253 // Check whether the feature is enabled for the frame by feature policy. We |
| 251 // can only do this when a RenderFrameHost has been provided. | 254 // can only do this when a RenderFrameHost has been provided. |
| 252 if (render_frame_host && | 255 if (render_frame_host && |
| 253 !PermissionAllowedByFeaturePolicy(render_frame_host)) { | 256 !PermissionAllowedByFeaturePolicy(render_frame_host)) { |
| 254 return PermissionResult(CONTENT_SETTING_BLOCK, | 257 return PermissionResult(CONTENT_SETTING_BLOCK, |
| 255 PermissionStatusSource::UNSPECIFIED); | 258 PermissionStatusSource::UNSPECIFIED); |
| 256 } | 259 } |
| 257 | 260 |
| 258 ContentSetting content_setting = GetPermissionStatusInternal( | 261 PermissionResult result = GetPermissionStatusInternal( |
| 259 render_frame_host, requesting_origin, embedding_origin); | 262 render_frame_host, requesting_origin, embedding_origin); |
| 260 if (content_setting == CONTENT_SETTING_ASK) { | 263 if (result.content_setting == CONTENT_SETTING_ASK) { |
| 261 PermissionResult result = | 264 result = PermissionDecisionAutoBlocker::GetForProfile(profile_) |
| 262 PermissionDecisionAutoBlocker::GetForProfile(profile_) | 265 ->GetEmbargoResult(requesting_origin, content_settings_type_); |
| 263 ->GetEmbargoResult(requesting_origin, content_settings_type_); | |
| 264 DCHECK(result.content_setting == CONTENT_SETTING_ASK || | 266 DCHECK(result.content_setting == CONTENT_SETTING_ASK || |
| 265 result.content_setting == CONTENT_SETTING_BLOCK); | 267 result.content_setting == CONTENT_SETTING_BLOCK); |
| 266 return result; | |
| 267 } | 268 } |
| 268 | 269 return result; |
| 269 return PermissionResult(content_setting, PermissionStatusSource::UNSPECIFIED); | |
| 270 } | 270 } |
| 271 | 271 |
| 272 PermissionResult PermissionContextBase::UpdatePermissionStatusWithDeviceStatus( | 272 PermissionResult PermissionContextBase::UpdatePermissionStatusWithDeviceStatus( |
| 273 PermissionResult result, | 273 PermissionResult result, |
| 274 const GURL& requesting_origin, | 274 const GURL& requesting_origin, |
| 275 const GURL& embedding_origin) const { | 275 const GURL& embedding_origin) const { |
| 276 return result; | 276 return result; |
| 277 } | 277 } |
| 278 | 278 |
| 279 void PermissionContextBase::ResetPermission(const GURL& requesting_origin, | 279 void PermissionContextBase::ResetPermission(const GURL& requesting_origin, |
| (...skipping 26 matching lines...) Expand all Loading... |
| 306 } | 306 } |
| 307 | 307 |
| 308 bool PermissionContextBase::IsPermissionKillSwitchOn() const { | 308 bool PermissionContextBase::IsPermissionKillSwitchOn() const { |
| 309 const std::string param = variations::GetVariationParamValue( | 309 const std::string param = variations::GetVariationParamValue( |
| 310 kPermissionsKillSwitchFieldStudy, | 310 kPermissionsKillSwitchFieldStudy, |
| 311 PermissionUtil::GetPermissionString(content_settings_type_)); | 311 PermissionUtil::GetPermissionString(content_settings_type_)); |
| 312 | 312 |
| 313 return param == kPermissionsKillSwitchBlockedValue; | 313 return param == kPermissionsKillSwitchBlockedValue; |
| 314 } | 314 } |
| 315 | 315 |
| 316 ContentSetting PermissionContextBase::GetPermissionStatusInternal( | 316 PermissionResult PermissionContextBase::GetPermissionStatusInternal( |
| 317 content::RenderFrameHost* render_frame_host, | 317 content::RenderFrameHost* render_frame_host, |
| 318 const GURL& requesting_origin, | 318 const GURL& requesting_origin, |
| 319 const GURL& embedding_origin) const { | 319 const GURL& embedding_origin) const { |
| 320 return HostContentSettingsMapFactory::GetForProfile(profile_) | 320 content_settings::SettingInfo info; |
| 321 ->GetContentSetting(requesting_origin, embedding_origin, | 321 std::unique_ptr<base::Value> value = |
| 322 content_settings_storage_type(), std::string()); | 322 HostContentSettingsMapFactory::GetForProfile(profile_)->GetWebsiteSetting( |
| 323 requesting_origin, embedding_origin, content_settings_storage_type(), |
| 324 std::string(), &info); |
| 325 ContentSetting content_setting = CONTENT_SETTING_DEFAULT; |
| 326 DCHECK(value.get()); |
| 327 DCHECK_EQ(base::Value::Type::INTEGER, value->GetType()); |
| 328 content_setting = content_settings::ValueToContentSetting(value.get()); |
| 329 return PermissionResult( |
| 330 content_setting, |
| 331 PermissionUtil::ConvertSettingSourceToPermissionStatusSource( |
| 332 info.source)); |
| 323 } | 333 } |
| 324 | 334 |
| 325 void PermissionContextBase::DecidePermission( | 335 void PermissionContextBase::DecidePermission( |
| 326 content::WebContents* web_contents, | 336 content::WebContents* web_contents, |
| 327 const PermissionRequestID& id, | 337 const PermissionRequestID& id, |
| 328 const GURL& requesting_origin, | 338 const GURL& requesting_origin, |
| 329 const GURL& embedding_origin, | 339 const GURL& embedding_origin, |
| 330 bool user_gesture, | 340 bool user_gesture, |
| 331 const BrowserPermissionCallback& callback) { | 341 const BrowserPermissionCallback& callback) { |
| 332 DCHECK_CURRENTLY_ON(content::BrowserThread::UI); | 342 DCHECK_CURRENTLY_ON(content::BrowserThread::UI); |
| (...skipping 149 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 482 // Default to ignoring the feature policy. | 492 // Default to ignoring the feature policy. |
| 483 return true; | 493 return true; |
| 484 } | 494 } |
| 485 | 495 |
| 486 // Some features don't have an associated feature policy yet. Allow those. | 496 // Some features don't have an associated feature policy yet. Allow those. |
| 487 if (feature_policy_feature_ == blink::WebFeaturePolicyFeature::kNotFound) | 497 if (feature_policy_feature_ == blink::WebFeaturePolicyFeature::kNotFound) |
| 488 return true; | 498 return true; |
| 489 | 499 |
| 490 return rfh->IsFeatureEnabled(feature_policy_feature_); | 500 return rfh->IsFeatureEnabled(feature_policy_feature_); |
| 491 } | 501 } |
| OLD | NEW |