Merge pull request #10339 from brave/debounce+1pes

Domain block and 1PES integration
brave · Dec 17, 2021 · 6d7fb31 · 6d7fb31
2 parents 92bef25 + f3c6d3e
commit 6d7fb31
Show file tree

Hide file tree

Showing 31 changed files with 1,112 additions and 143 deletions.
diff --git a/app/brave_generated_resources.grd b/app/brave_generated_resources.grd
@@ -279,6 +279,13 @@ By installing this extension, you are agreeing to the Google Widevine Terms of U
       <message name="IDS_SETTINGS_BRAVE_EDIT_PROFILE" desc="Title to edit the profile user name and picture">
         Profile name and icon
       </message>
+      <!-- Settings / Cookies and other site data -->
+      <message name="IDS_SETTINGS_COOKIES_USE_EPHEMERAL_STORAGE_EXCEPTIONS" desc="Title of the list containing sites to clear cookies when all windows with the site are closed">
+        Sites that clear cookies when you close them
+      </message>
+      <message name="IDS_SETTINGS_SITE_SETTINGS_USE_EPHEMERAL_STORAGE" desc="Label for sites in site settings enabling cookies cleanup when all windows with the site are clsoed.">
+        Clear on site close
+      </message>
       <!-- Appearance -->
       <message name="IDS_SETTINGS_APPEARANCE_SETTINGS_BRAVE_THEMES" desc="The label for brave theme change setting options">
         Brave colors

diff --git a/browser/about_flags.cc b/browser/about_flags.cc
@@ -59,6 +59,7 @@ using brave_shields::features::kBraveAdblockCspRules;
 using brave_shields::features::kBraveAdblockDefault1pBlocking;
 using brave_shields::features::kBraveDarkModeBlock;
 using brave_shields::features::kBraveDomainBlock;
+using brave_shields::features::kBraveDomainBlock1PES;
 using brave_shields::features::kBraveExtensionNetworkBlocking;
 using brave_shields::features::kCosmeticFilteringSyncLoad;
 
@@ -129,6 +130,15 @@ constexpr char kBraveDomainBlockName[] = "Enable domain blocking";
 constexpr char kBraveDomainBlockDescription[] =
     "Enable support for blocking domains with an interstitial page";
 
+constexpr char kBraveDomainBlock1PESName[] =
+    "Enable domain blocking using First Party Ephemeral Storage";
+constexpr char kBraveDomainBlock1PESDescription[] =
+    "When visiting a blocked domain, Brave will try to enable Ephemeral "
+    "Storage for a first party context, meaning neither cookies nor "
+    "localStorage data will be persisted after a website is closed. Ephemeral "
+    "Storage will be auto-enabled only if no data was previously stored for a "
+    "website";
+
 constexpr char kBraveDebounceName[] = "Enable debouncing";
 constexpr char kBraveDebounceDescription[] =
     "Enable support for skipping top-level redirect tracking URLs";
@@ -191,9 +201,9 @@ constexpr char kBraveEphemeralStorageKeepAliveDescription[] =
     "tabs for that origin are closed";
 
 constexpr char kBraveFirstPartyEphemeralStorageName[] =
-    "First Party Ephemeral Storage";
+    "Enable First Party Ephemeral Storage";
 constexpr char kBraveFirstPartyEphemeralStorageDescription[] =
-    "Enable support for first party ephemeral storage using SESSION ONLY "
+    "Enable support for First Party Ephemeral Storage using SESSION_ONLY "
     "cookie setting";
 
 #if BUILDFLAG(ENABLE_GEMINI_WALLET)
@@ -415,6 +425,10 @@ constexpr char kFileSystemAccessAPIDescription[] =
      flag_descriptions::kBraveDomainBlockName,                              \
      flag_descriptions::kBraveDomainBlockDescription, kOsAll,               \
      FEATURE_VALUE_TYPE(kBraveDomainBlock)},                                \
+    {"brave-domain-block-1pes",                                             \
+     flag_descriptions::kBraveDomainBlock1PESName,                          \
+     flag_descriptions::kBraveDomainBlock1PESDescription, kOsAll,           \
+     FEATURE_VALUE_TYPE(kBraveDomainBlock1PES)},                            \
     {"brave-debounce",                                                      \
         flag_descriptions::kBraveDebounceName,                              \
         flag_descriptions::kBraveDebounceDescription, kOsAll,               \

diff --git a/browser/brave_content_browser_client.cc b/browser/brave_content_browser_client.cc
@@ -25,6 +25,7 @@
 #include "brave/browser/brave_wallet/keyring_controller_factory.h"
 #include "brave/browser/brave_wallet/rpc_controller_factory.h"
 #include "brave/browser/debounce/debounce_service_factory.h"
+#include "brave/browser/ephemeral_storage/ephemeral_storage_service_factory.h"
 #include "brave/browser/ethereum_remote_client/buildflags/buildflags.h"
 #include "brave/browser/net/brave_proxying_url_loader_factory.h"
 #include "brave/browser/net/brave_proxying_web_socket.h"
@@ -847,6 +848,7 @@ BraveContentBrowserClient::CreateThrottlesForNavigation(
           brave_shields::DomainBlockNavigationThrottle::MaybeCreateThrottleFor(
               handle, g_brave_browser_process->ad_block_service(),
               g_brave_browser_process->ad_block_custom_filters_service(),
+              EphemeralStorageServiceFactory::GetForContext(context),
               HostContentSettingsMapFactory::GetForProfile(
                   Profile::FromBrowserContext(context)),
               g_browser_process->GetApplicationLocale()))

diff --git a/browser/ephemeral_storage/BUILD.gn b/browser/ephemeral_storage/BUILD.gn
diff --git a/browser/ephemeral_storage/ephemeral_storage_1p_browsertest.cc b/browser/ephemeral_storage/ephemeral_storage_1p_browsertest.cc
@@ -6,7 +6,6 @@
 #include "brave/browser/ephemeral_storage/ephemeral_storage_browsertest.h"
 
 #include "base/strings/strcat.h"
-#include "base/test/bind.h"
 #include "brave/components/brave_shields/browser/brave_shields_util.h"
 #include "chrome/browser/content_settings/cookie_settings_factory.h"
 #include "chrome/browser/content_settings/host_content_settings_map_factory.h"
@@ -32,63 +31,18 @@ class EphemeralStorage1pBrowserTest : public EphemeralStorageBrowserTest {
   }
   ~EphemeralStorage1pBrowserTest() override {}
 
-  void SetCookieSetting(const GURL& url, ContentSetting content_setting) {
-    auto* host_content_settings_map =
-        HostContentSettingsMapFactory::GetForProfile(browser()->profile());
-    host_content_settings_map->SetContentSettingCustomScope(
-        ContentSettingsPattern::FromString(
-            base::StrCat({"[*.]", url.host_piece(), ":*"})),
-        ContentSettingsPattern::Wildcard(), ContentSettingsType::COOKIES,
-        content_setting);
-  }
-
-  // Helper to load easy-to-use Indexed DB API.
-  void LoadIndexedDbHelper(RenderFrameHost* host) {
-    const char kLoadIndexMinScript[] =
-        "new Promise((resolve) => {"
-        "  const script = document.createElement('script');"
-        "  script.onload = () => {"
-        "    resolve(true);"
-        "  };"
-        "  script.onerror = () => {"
-        "    resolve(false);"
-        "  };"
-        "  script.src = '/ephemeral-storage/static/js/libs/index-min.js';"
-        "  document.body.appendChild(script);"
-        "});";
-
-    ASSERT_EQ(true, content::EvalJs(host, kLoadIndexMinScript));
-  }
-
-  bool SetIDBValue(RenderFrameHost* host) {
-    LoadIndexedDbHelper(host);
-    content::EvalJsResult eval_js_result = content::EvalJs(
-        host, "(async () => { await window.idbKeyval.set('a', 'a'); })()");
-    return eval_js_result.error.empty();
-  }
-
-  HostContentSettingsMap* content_settings() {
-    return HostContentSettingsMapFactory::GetForProfile(browser()->profile());
-  }
-
-  network::mojom::CookieManager* CookieManager() {
-    return browser()
-        ->profile()
-        ->GetDefaultStoragePartition()
-        ->GetCookieManagerForBrowserProcess();
-  }
+ private:
+  base::test::ScopedFeatureList scoped_feature_list_;
+};
 
-  std::vector<net::CanonicalCookie> GetAllCookies() {
-    base::RunLoop run_loop;
-    std::vector<net::CanonicalCookie> cookies_out;
-    CookieManager()->GetAllCookies(base::BindLambdaForTesting(
-        [&](const std::vector<net::CanonicalCookie>& cookies) {
-          cookies_out = cookies;
-          run_loop.Quit();
-        }));
-    run_loop.Run();
-    return cookies_out;
+class EphemeralStorage1pDisabledBrowserTest
+    : public EphemeralStorageBrowserTest {
+ public:
+  EphemeralStorage1pDisabledBrowserTest() {
+    scoped_feature_list_.InitAndDisableFeature(
+        net::features::kBraveFirstPartyEphemeralStorage);
   }
+  ~EphemeralStorage1pDisabledBrowserTest() override {}
 
  private:
   base::test::ScopedFeatureList scoped_feature_list_;
@@ -509,3 +463,96 @@ IN_PROC_BROWSER_TEST_F(
   EXPECT_EQ("name=bcom_simple", site_a_tab_values.iframe_1.cookies);
   EXPECT_EQ("name=bcom_simple", site_a_tab_values.iframe_2.cookies);
 }
+
+// By default SESSION_ONLY setting means that data for a website should be
+// deleted after a restart, but this also implicitly change how a website
+// behaves in 3p context: when the setting is explicit, Chromium removes 3p
+// restrictions which effectively allows the website store any data persistently
+// in 3p context. We change Chromium behaviour for this option to keep blocking
+// a website in 3p context when a global "block_third_party" option is enabled.
+IN_PROC_BROWSER_TEST_F(EphemeralStorage1pDisabledBrowserTest,
+                       SessionOnlyModeUsesEphemeralStorage) {
+  SetCookieSetting(b_site_ephemeral_storage_url_, CONTENT_SETTING_SESSION_ONLY);
+
+  WebContents* first_party_tab = LoadURLInNewTab(a_site_ephemeral_storage_url_);
+
+  // We set a value in the page where all the frames are first-party.
+  SetValuesInFrames(first_party_tab, "a.com", "from=a.com");
+
+  {
+    ValuesFromFrames first_party_values = GetValuesFromFrames(first_party_tab);
+    EXPECT_EQ("a.com", first_party_values.main_frame.local_storage);
+    EXPECT_EQ("a.com", first_party_values.iframe_1.local_storage);
+    EXPECT_EQ("a.com", first_party_values.iframe_2.local_storage);
+
+    EXPECT_EQ("a.com", first_party_values.main_frame.session_storage);
+    EXPECT_EQ("a.com", first_party_values.iframe_1.session_storage);
+    EXPECT_EQ("a.com", first_party_values.iframe_2.session_storage);
+
+    EXPECT_EQ("from=a.com", first_party_values.main_frame.cookies);
+    EXPECT_EQ("from=a.com", first_party_values.iframe_1.cookies);
+    EXPECT_EQ("from=a.com", first_party_values.iframe_2.cookies);
+  }
+
+  // After keepalive b.com values should be cleared.
+  ASSERT_TRUE(
+      ui_test_utils::NavigateToURL(browser(), b_site_ephemeral_storage_url_));
+  WaitForCleanupAfterKeepAlive();
+  first_party_tab = WebContents::FromRenderFrameHost(
+      ui_test_utils::NavigateToURL(browser(), a_site_ephemeral_storage_url_));
+
+  {
+    ValuesFromFrames first_party_values = GetValuesFromFrames(first_party_tab);
+    EXPECT_EQ("a.com", first_party_values.main_frame.local_storage);
+    EXPECT_EQ(nullptr, first_party_values.iframe_1.local_storage);
+    EXPECT_EQ(nullptr, first_party_values.iframe_2.local_storage);
+
+    EXPECT_EQ("a.com", first_party_values.main_frame.session_storage);
+    EXPECT_EQ(nullptr, first_party_values.iframe_1.session_storage);
+    EXPECT_EQ(nullptr, first_party_values.iframe_2.session_storage);
+
+    EXPECT_EQ("from=a.com", first_party_values.main_frame.cookies);
+    EXPECT_EQ("", first_party_values.iframe_1.cookies);
+    EXPECT_EQ("", first_party_values.iframe_2.cookies);
+  }
+}
+
+IN_PROC_BROWSER_TEST_F(EphemeralStorage1pDisabledBrowserTest,
+                       SessionOnlyModeUsesEphemeralStorageForNetworkCookies) {
+  SetCookieSetting(b_site_ephemeral_storage_url_, CONTENT_SETTING_SESSION_ONLY);
+
+  // Navigate to a.com which includes b.com.
+  WebContents* site_a_tab_network_cookies =
+      LoadURLInNewTab(a_site_ephemeral_storage_with_network_cookies_url_);
+  http_request_monitor_.Clear();
+
+  // Cookies should be stored in persistent storage for the main frame only.
+  EXPECT_EQ(1u, GetAllCookies().size());
+
+  // Navigate to other website and ensure no a.com/b.com cookies are sent (they
+  // are third-party and ephemeral inside c.com).
+  ASSERT_TRUE(content::NavigateToURL(site_a_tab_network_cookies,
+                                     c_site_ephemeral_storage_url_));
+  EXPECT_FALSE(http_request_monitor_.HasHttpRequestWithCookie(
+      a_site_ephemeral_storage_url_, "name=acom_simple"));
+  EXPECT_FALSE(http_request_monitor_.HasHttpRequestWithCookie(
+      b_site_ephemeral_storage_url_, "name=bcom_simple"));
+  WaitForCleanupAfterKeepAlive();
+  http_request_monitor_.Clear();
+
+  // a.com cookies should be intact.
+  EXPECT_EQ(1u, GetAllCookies().size());
+
+  // Navigate to a.com again and expect a.com cookies are sent with headers.
+  WebContents* site_a_tab = LoadURLInNewTab(a_site_ephemeral_storage_url_);
+  EXPECT_TRUE(http_request_monitor_.HasHttpRequestWithCookie(
+      a_site_ephemeral_storage_url_, "name=acom_simple"));
+  EXPECT_FALSE(http_request_monitor_.HasHttpRequestWithCookie(
+      b_site_ephemeral_storage_url_, "name=bcom_simple"));
+
+  // Make sure cookies are also accessible via JS.
+  ValuesFromFrames site_a_tab_values = GetValuesFromFrames(site_a_tab);
+  EXPECT_EQ("name=acom_simple", site_a_tab_values.main_frame.cookies);
+  EXPECT_EQ("", site_a_tab_values.iframe_1.cookies);
+  EXPECT_EQ("", site_a_tab_values.iframe_2.cookies);
+}