Merge pull request #5390 from brave/3rd-party-cookie-registry-domains

3rd party cookie registry domains
brave · Apr 28, 2020 · f3700fa · f3700fa
2 parents dbd5060 + 340dc92
commit f3700fa
Show file tree

Hide file tree

Showing 2 changed files with 92 additions and 25 deletions.
diff --git a/browser/net/brave_network_delegate_browsertest.cc b/browser/net/brave_network_delegate_browsertest.cc
@@ -60,10 +60,20 @@ class BraveNetworkDelegateBrowserTest : public InProcessBrowserTest {
         https_server_.GetURL("a.com", "/cookie_iframe.html");
 
     third_party_cookie_url_ =
-        embedded_test_server()->GetURL("b.com", "/set-cookie?name=Good");
+        embedded_test_server()->GetURL("b.com", "/set-cookie?name=bcom");
+    first_party_cookie_url_ =
+        embedded_test_server()->GetURL("a.com",
+                                       "/set-cookie?name=acom");
     subdomain_first_party_cookie_url_ =
         embedded_test_server()->GetURL("subdomain.a.com",
-                                       "/set-cookie?name=Good");
+                                       "/set-cookie?name=subdomainacom");
+
+    domain_registry_url_ = embedded_test_server()->GetURL("mobile.twitter.com",
+                                                        "/cookie_iframe.html");
+    iframe_domain_registry_url_ =
+        embedded_test_server()->GetURL("blah.twitter.com",
+                          "/set-cookie?name=blahtwittercom;domain=twitter.com");
+
     google_oauth_cookie_url_ =
         https_server_.GetURL("accounts.google.com", "/set-cookie?oauth=true");
 
@@ -161,7 +171,10 @@ class BraveNetworkDelegateBrowserTest : public InProcessBrowserTest {
   GURL cookie_iframe_url_;
   GURL https_cookie_iframe_url_;
   GURL third_party_cookie_url_;
+  GURL first_party_cookie_url_;
   GURL subdomain_first_party_cookie_url_;
+  GURL domain_registry_url_;
+  GURL iframe_domain_registry_url_;
   GURL google_oauth_cookie_url_;
   GURL wordpress_top_url_;
   GURL wordpress_frame_url_;
@@ -262,9 +275,7 @@ IN_PROC_BROWSER_TEST_F(BraveNetworkDelegateBrowserTest,
   ExpectCookiesOnHost(third_party_cookie_url_, "");
 
   NavigateFrameTo(subdomain_first_party_cookie_url_);
-
-  ExpectCookiesOnHost(top_level_page_url_, "name=Good");
-  ExpectCookiesOnHost(subdomain_first_party_cookie_url_, "name=Good");
+  ExpectCookiesOnHost(subdomain_first_party_cookie_url_, "name=subdomainacom");
 }
 
 IN_PROC_BROWSER_TEST_F(BraveNetworkDelegateBrowserTest,
@@ -282,7 +293,7 @@ IN_PROC_BROWSER_TEST_F(BraveNetworkDelegateBrowserTest,
   NavigateFrameTo(third_party_cookie_url_);
 
   ExpectCookiesOnHost(top_level_page_url_, "name=Good");
-  ExpectCookiesOnHost(GURL("http://b.com"), "name=Good");
+  ExpectCookiesOnHost(GURL("http://b.com"), "name=bcom");
 }
 
 IN_PROC_BROWSER_TEST_F(BraveNetworkDelegateBrowserTest,
@@ -300,7 +311,7 @@ IN_PROC_BROWSER_TEST_F(BraveNetworkDelegateBrowserTest,
   NavigateFrameTo(third_party_cookie_url_);
 
   ExpectCookiesOnHost(top_level_page_url_, "name=Good");
-  ExpectCookiesOnHost(GURL("http://b.com"), "name=Good");
+  ExpectCookiesOnHost(GURL("http://b.com"), "name=bcom");
 }
 
 IN_PROC_BROWSER_TEST_F(BraveNetworkDelegateBrowserTest,
@@ -337,11 +348,6 @@ IN_PROC_BROWSER_TEST_F(BraveNetworkDelegateBrowserTest,
 
   ExpectCookiesOnHost(top_level_page_url_, "name=Good");
   ExpectCookiesOnHost(GURL("http://b.com"), "");
-
-  NavigateFrameTo(subdomain_first_party_cookie_url_);
-
-  ExpectCookiesOnHost(top_level_page_url_, "name=Good");
-  ExpectCookiesOnHost(subdomain_first_party_cookie_url_, "name=Good");
 }
 
 IN_PROC_BROWSER_TEST_F(BraveNetworkDelegateBrowserTest,
@@ -482,6 +488,62 @@ IN_PROC_BROWSER_TEST_F(BraveNetworkDelegateBrowserTest,
   ExpectCookiesOnHost(GURL("https://accounts.google.com"), "");
 }
 
+IN_PROC_BROWSER_TEST_F(BraveNetworkDelegateBrowserTest,
+                       ShieldsToggleBlockThirdPartyWithDefaultAllowAll) {
+  DefaultAllowAllCookies();
+
+  BlockThirdPartyCookies(cookie_iframe_url_);
+  NavigateToPageWithFrame(cookie_iframe_url_);
+  NavigateFrameTo(third_party_cookie_url_);
+
+  ExpectCookiesOnHost(cookie_iframe_url_, "name=Good");
+  ExpectCookiesOnHost(third_party_cookie_url_, "");
+
+  NavigateFrameTo(first_party_cookie_url_);
+  ExpectCookiesOnHost(cookie_iframe_url_, "name=acom");
+  ExpectCookiesOnHost(first_party_cookie_url_, "name=acom");
+}
+
+IN_PROC_BROWSER_TEST_F(BraveNetworkDelegateBrowserTest,
+                       ShieldsToggleBlockThirdPartyWithDefaultBlockAll) {
+  DefaultBlockAllCookies();
+
+  BlockThirdPartyCookies(cookie_iframe_url_);
+  NavigateToPageWithFrame(cookie_iframe_url_);
+  NavigateFrameTo(third_party_cookie_url_);
+
+  ExpectCookiesOnHost(cookie_iframe_url_, "name=Good");
+  ExpectCookiesOnHost(third_party_cookie_url_, "");
+
+  NavigateFrameTo(first_party_cookie_url_);
+  ExpectCookiesOnHost(cookie_iframe_url_, "name=acom");
+  ExpectCookiesOnHost(first_party_cookie_url_, "name=acom");
+}
+
+IN_PROC_BROWSER_TEST_F(BraveNetworkDelegateBrowserTest,
+                       ShieldsToggleBlockThirdPartyAllowSubdomain) {
+  DefaultBlockAllCookies();
+
+  BlockThirdPartyCookies(cookie_iframe_url_);
+  NavigateToPageWithFrame(cookie_iframe_url_);
+  NavigateFrameTo(subdomain_first_party_cookie_url_);
+
+  ExpectCookiesOnHost(top_level_page_url_, "name=Good");
+  ExpectCookiesOnHost(subdomain_first_party_cookie_url_, "name=subdomainacom");
+}
+
+IN_PROC_BROWSER_TEST_F(BraveNetworkDelegateBrowserTest,
+                       ShieldsToggleBlockThirdPartyAllowDomainRegistry) {
+  DefaultBlockAllCookies();
+
+  BlockThirdPartyCookies(domain_registry_url_);
+  NavigateToPageWithFrame(domain_registry_url_);
+  NavigateFrameTo(iframe_domain_registry_url_);
+
+  ExpectCookiesOnHost(domain_registry_url_, "name=blahtwittercom");
+  ExpectCookiesOnHost(iframe_domain_registry_url_, "name=blahtwittercom");
+}
+
 // Test to ensure that we treat wp.com and wordpress.com as equal first parties
 // for the purposes of ability to set / send storage.
 // The following tests check each of the following.

diff --git a/components/content_settings/core/browser/brave_content_settings_pref_provider.cc b/components/content_settings/core/browser/brave_content_settings_pref_provider.cc
@@ -22,30 +22,35 @@
 #include "components/prefs/pref_service.h"
 #include "content/public/browser/browser_task_traits.h"
 #include "content/public/browser/browser_thread.h"
+#include "net/base/registry_controlled_domains/registry_controlled_domain.h"
 
 namespace content_settings {
 
 namespace {
 
 Rule CloneRule(const Rule& rule, bool reverse_patterns = false) {
-  auto secondary_pattern = rule.secondary_pattern;
-  if (secondary_pattern ==
+  // brave plugin rules incorrectly use first party url as primary
+  auto primary_pattern = reverse_patterns ? rule.secondary_pattern
+                                          : rule.primary_pattern;
+  auto secondary_pattern = reverse_patterns ? rule.primary_pattern
+                                            : rule.secondary_pattern;
+
+  if (primary_pattern ==
       ContentSettingsPattern::FromString("https://firstParty/*")) {
-    if (!rule.primary_pattern.MatchesAllHosts()) {
-      secondary_pattern = ContentSettingsPattern::FromString(
-          "*://[*.]" + rule.primary_pattern.GetHost() + "/*");
+    DCHECK(reverse_patterns);  // we should only hit this for brave plugin rules
+    if (!secondary_pattern.MatchesAllHosts()) {
+      primary_pattern = ContentSettingsPattern::FromString(
+          "*://[*.]" +
+          net::registry_controlled_domains::GetDomainAndRegistry(
+              secondary_pattern.GetHost(),
+              net::registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES) +
+          "/*");
     } else {
-      secondary_pattern = rule.primary_pattern;
+      primary_pattern = secondary_pattern;
     }
   }
 
-  // brave plugin rules incorrectly use the embedded url as the primary
-  if (reverse_patterns)
-    return Rule(secondary_pattern,
-                rule.primary_pattern,
-                rule.value.Clone());
-
-  return Rule(rule.primary_pattern,
+  return Rule(primary_pattern,
               secondary_pattern,
               rule.value.Clone());
 }