Only load IPFS subresources within IPFS/IPNS schemes

browser/brave_content_browser_client.cc

@@ -191,15 +191,6 @@ bool BraveContentBrowserClient::HandleExternalProtocol(
     return true;
   }
 #endif
-#if BUILDFLAG(IPFS_ENABLED)
-  if (ipfs::IsIPFSProtocol(url) && is_main_frame) {
-    ipfs::HandleIPFSProtocol(url,
-        std::move(web_contents_getter),
-        page_transition, has_user_gesture,
-        initiating_origin);
-    return true;
-  }
-#endif
 
 #if BUILDFLAG(BRAVE_REWARDS_ENABLED)
   if (brave_rewards::IsRewardsProtocol(url)) {

browser/ipfs/content_browser_client_helper.cc

@@ -56,7 +56,7 @@ bool HandleIPFSURLRewrite(
 
   if (!IpfsServiceFactory::IsIpfsResolveMethodDisabled(browser_context) &&
       // When it's not the local gateway we don't want to show a ipfs:// URL.
-      // We instead will translate the URL later in LoadOrLaunchIPFSURL.
+      // We instead will translate the URL later.
       IsIPFSLocalGateway(browser_context) &&
       (url->SchemeIs(kIPFSScheme) || url->SchemeIs(kIPNSScheme))) {
     return TranslateIPFSURI(*url, url,
@@ -93,55 +93,4 @@ bool HandleIPFSURLReverseRewrite(
   return true;
 }
 
-bool ShouldNavigateIPFSURI(
-    const GURL& url,
-    GURL* new_url,
-    content::BrowserContext* browser_context) {
-  *new_url = url;
-  bool is_ipfs_scheme = url.SchemeIs(kIPFSScheme) || url.SchemeIs(kIPNSScheme);
-  GURL gateway_url = IsIPFSLocalGateway(browser_context)
-                         ? GetDefaultIPFSLocalGateway(chrome::GetChannel())
-                         : GetDefaultIPFSGateway();
-  return !IpfsServiceFactory::IsIpfsResolveMethodDisabled(browser_context) &&
-         (!is_ipfs_scheme || TranslateIPFSURI(url, new_url, gateway_url));
-}
-
-void LoadOrLaunchIPFSURL(
-    const GURL& url,
-    content::WebContents::OnceGetter web_contents_getter,
-    ui::PageTransition page_transition,
-    bool has_user_gesture,
-    const base::Optional<url::Origin>& initiating_origin) {
-  content::WebContents* web_contents = std::move(web_contents_getter).Run();
-  if (!web_contents)
-    return;
-  GURL new_url(url);
-  if (ShouldNavigateIPFSURI(url, &new_url, web_contents->GetBrowserContext())) {
-    web_contents->GetController().LoadURL(new_url, content::Referrer(),
-                                          page_transition, std::string());
-  } else {
-    ExternalProtocolHandler::LaunchUrl(
-        new_url, web_contents->GetRenderViewHost()->GetProcess()->GetID(),
-        web_contents->GetRenderViewHost()->GetRoutingID(), page_transition,
-        has_user_gesture, initiating_origin);
-  }
-}
-
-void HandleIPFSProtocol(
-    const GURL& url,
-    content::WebContents::OnceGetter web_contents_getter,
-    ui::PageTransition page_transition,
-    bool has_user_gesture,
-    const base::Optional<url::Origin>& initiating_origin) {
-  DCHECK(url.SchemeIs(kIPFSScheme) || url.SchemeIs(kIPNSScheme));
-  base::PostTask(
-      FROM_HERE, {content::BrowserThread::UI},
-      base::BindOnce(&LoadOrLaunchIPFSURL, url, std::move(web_contents_getter),
-                     page_transition, has_user_gesture, initiating_origin));
-}
-
-bool IsIPFSProtocol(const GURL& url) {
-  return TranslateIPFSURI(url, nullptr, GetDefaultIPFSGateway());
-}
-
 }  // namespace ipfs

browser/ipfs/content_browser_client_helper.h

@@ -25,10 +25,6 @@ class Origin;
 
 namespace ipfs {
 
-bool ShouldNavigateIPFSURI(const GURL& url,
-    GURL* new_url,
-    content::BrowserContext* browser_context);
-
 bool HandleIPFSURLReverseRewrite(
     GURL* url,
     content::BrowserContext* browser_context);
@@ -43,15 +39,6 @@ void LoadOrLaunchIPFSURL(
 bool HandleIPFSURLRewrite(GURL* url,
     content::BrowserContext* browser_context);
 
-void HandleIPFSProtocol(
-    const GURL& url,
-    content::WebContents::OnceGetter web_contents_getter,
-    ui::PageTransition page_transition,
-    bool has_user_gesture,
-    const base::Optional<url::Origin>& initiating_origin);
-
-bool IsIPFSProtocol(const GURL& url);
-
 }  // namespace ipfs
 
 #endif  // BRAVE_BROWSER_IPFS_CONTENT_BROWSER_CLIENT_HELPER_H_

browser/ipfs/content_browser_client_helper_unittest.cc

@@ -39,47 +39,12 @@ const GURL& GetIPFSURI() {
   return ipfs_url;
 }
 
-const GURL& GetIPFSGatewayURL() {
-  static const GURL ipfs_url(
-      "https://dweb.link/ipfs/"
-      "bafybeiemxf5abjwjbikoz4mc3a3dla6ual3jsgpdr4cjr3oz3evfyavhwq/wiki/"
-      "Vincent_van_Gogh.html");  // NOLINT
-  return ipfs_url;
-}
-
-const GURL& GetIPFSLocalURL() {
-  static const GURL ipfs_url(
-      ipfs::GetDefaultIPFSLocalGateway(chrome::GetChannel()).spec() +
-      "ipfs/bafybeiemxf5abjwjbikoz4mc3a3dla6ual3jsgpdr4cjr3oz3evfyavhwq/wiki/"
-      "Vincent_van_Gogh.html");  // NOLINT
-  return ipfs_url;
-}
-
 const GURL& GetIPNSURI() {
   static const GURL ipns_url(
       "ipns://tr.wikipedia-on-ipfs.org/wiki/Anasayfa.html");  // NOLINT
   return ipns_url;
 }
 
-const GURL& GetIPNSGatewayURL() {
-  static const GURL ipns_url(
-      "https://dweb.link/ipns/tr.wikipedia-on-ipfs.org/wiki/Anasayfa.html");  // NOLINT
-  return ipns_url;
-}
-
-const GURL& GetIPFSLocalhostURL() {
-  static const GURL ipfs_url(
-      "http://bafybeiemxf5abjwjbikoz4mc3a3dla6ual3jsgpdr4cjr3oz3evfyavhwq."
-      "ipfs.localhost/wiki/Vincent_van_Gogh.html");
-  return ipfs_url;
-}
-
-const GURL& GetIPNSLocalhostURL() {
-  static const GURL ipns_url(
-      "http://tr.wikipedia-on-ipfs.org.ipns.localhost/wiki/Anasayfa.html");
-  return ipns_url;
-}
-
 }  // namespace
 
 using content::NavigationThrottle;
@@ -173,72 +138,4 @@ TEST_F(ContentBrowserClientHelperUnitTest, HandleIPNSURLRewriteLocal) {
   ASSERT_TRUE(HandleIPFSURLRewrite(&ipns_uri, browser_context()));
 }
 
-TEST_F(ContentBrowserClientHelperUnitTest, ShouldNavigateIPFSURIDisabled) {
-  profile()->GetPrefs()->SetInteger(
-      kIPFSResolveMethod,
-      static_cast<int>(IPFSResolveMethodTypes::IPFS_DISABLED));
-  GURL new_url;
-  ASSERT_FALSE(
-      ShouldNavigateIPFSURI(GetIPFSURI(), &new_url, browser_context()));
-}
-
-TEST_F(ContentBrowserClientHelperUnitTest,
-       ShouldNavigateIPFSURIGatewayIPFSURI) {
-  profile()->GetPrefs()->SetInteger(
-      kIPFSResolveMethod,
-      static_cast<int>(IPFSResolveMethodTypes::IPFS_GATEWAY));
-  GURL new_url;
-  ASSERT_TRUE(ShouldNavigateIPFSURI(GetIPFSURI(), &new_url, browser_context()));
-  ASSERT_EQ(new_url, GetIPFSGatewayURL());
-}
-
-TEST_F(ContentBrowserClientHelperUnitTest,
-       ShouldNavigateIPFSURIGatewayIPFSHTTPURI) {
-  profile()->GetPrefs()->SetInteger(
-      kIPFSResolveMethod,
-      static_cast<int>(IPFSResolveMethodTypes::IPFS_GATEWAY));
-  GURL new_url;
-  ASSERT_TRUE(
-      ShouldNavigateIPFSURI(GetIPFSGatewayURL(), &new_url, browser_context()));
-  ASSERT_EQ(new_url, GetIPFSGatewayURL());
-}
-
-TEST_F(ContentBrowserClientHelperUnitTest, ShouldNavigateIPFSURILocalIPFSURI) {
-  profile()->GetPrefs()->SetInteger(
-      kIPFSResolveMethod, static_cast<int>(IPFSResolveMethodTypes::IPFS_LOCAL));
-  GURL new_url;
-  ASSERT_TRUE(ShouldNavigateIPFSURI(GetIPFSURI(), &new_url, browser_context()));
-  ASSERT_EQ(new_url, GetIPFSLocalURL());
-}
-
-TEST_F(ContentBrowserClientHelperUnitTest,
-       ShouldNavigateIPFSURILocalIPFSHTTPURI) {
-  profile()->GetPrefs()->SetInteger(
-      kIPFSResolveMethod, static_cast<int>(IPFSResolveMethodTypes::IPFS_LOCAL));
-  GURL new_url;
-  ASSERT_TRUE(
-      ShouldNavigateIPFSURI(GetIPFSLocalURL(), &new_url, browser_context()));
-  ASSERT_EQ(new_url, GetIPFSLocalURL());
-}
-
-TEST_F(ContentBrowserClientHelperUnitTest,
-       ShouldNavigateIPFSURIGatewayIPNSURI) {
-  profile()->GetPrefs()->SetInteger(
-      kIPFSResolveMethod,
-      static_cast<int>(IPFSResolveMethodTypes::IPFS_GATEWAY));
-  GURL new_url;
-  ASSERT_TRUE(ShouldNavigateIPFSURI(GetIPNSURI(), &new_url, browser_context()));
-  ASSERT_EQ(new_url, GetIPNSGatewayURL());
-}
-
-TEST_F(ContentBrowserClientHelperUnitTest, HandleIPFSURLReverseRewrite) {
-  GURL url = GetIPFSLocalhostURL();
-  ASSERT_TRUE(HandleIPFSURLReverseRewrite(&url, browser_context()));
-  ASSERT_EQ(url, GetIPFSURI());
-
-  url = GetIPNSLocalhostURL();
-  ASSERT_TRUE(HandleIPFSURLReverseRewrite(&url, browser_context()));
-  ASSERT_EQ(url, GetIPNSURI());
-}
-
 }  // namespace ipfs

browser/ipfs/ipfs_policy_browsertest.cc

@@ -159,16 +159,4 @@ IN_PROC_BROWSER_TEST_F(IpfsDisabledPolicyTest, HandleIPFSURLRewrite) {
   EXPECT_FALSE(ipfs::HandleIPFSURLRewrite(&url, browser_context()));
 }
 
-IN_PROC_BROWSER_TEST_F(IpfsEnabledPolicyTest, ShouldNavigateIPFSURI) {
-  GURL new_url;
-  EXPECT_TRUE(
-      ipfs::ShouldNavigateIPFSURI(ipfs_url(), &new_url, browser_context()));
-}
-
-IN_PROC_BROWSER_TEST_F(IpfsDisabledPolicyTest, ShouldNavigateIPFSURI) {
-  GURL new_url;
-  EXPECT_FALSE(
-      ipfs::ShouldNavigateIPFSURI(ipfs_url(), &new_url, browser_context()));
-}
-
 }  // namespace policy

browser/net/brave_request_handler.cc

@@ -296,7 +296,8 @@ void BraveRequestHandler::RunNextCallback(
         IsRequestIdentifierValid(ctx->request_identifier)) {
       *ctx->new_url = GURL(ctx->new_url_spec);
     }
-    if (ctx->blocked_by == brave::kAdBlocked) {
+    if (ctx->blocked_by == brave::kAdBlocked ||
+        ctx->blocked_by == brave::kOtherBlocked) {
       if (!ctx->ShouldMockRequest()) {
         RunCallbackForRequestIdentifier(ctx->request_identifier,
                                         net::ERR_BLOCKED_BY_CLIENT);

browser/net/ipfs_redirect_network_delegate_helper.cc

@@ -5,6 +5,8 @@
 
 #include "brave/browser/net/ipfs_redirect_network_delegate_helper.h"
 
+#include "brave/components/ipfs/ipfs_gateway.h"
+#include "brave/components/ipfs/ipfs_utils.h"
 #include "brave/components/ipfs/translate_ipfs_uri.h"
 #include "net/base/net_errors.h"
 
@@ -16,7 +18,21 @@ int OnBeforeURLRequest_IPFSRedirectWork(
   GURL new_url;
   if (ipfs::TranslateIPFSURI(ctx->request_url, &new_url,
                              ctx->ipfs_gateway_url)) {
-    ctx->new_url_spec = new_url.spec();
+    // We only allow translating ipfs:// and ipns:// URIs if the initiator_url
+    // is from the same Brave ipfs/ipns gateway.
+    // For the local case, we don't want a normal site to be able to populate
+    // a user's IPFS local cache with content they didn't know about.
+    // In which case that user would also be able to serve that content.
+    // If the user is not using a local node, we want the experience to be
+    // the same as the local case.
+    if (ctx->resource_type == blink::mojom::ResourceType::kMainFrame ||
+        (IsLocalGatewayURL(new_url) && IsLocalGatewayURL(ctx->initiator_url)) ||
+        (IsDefaultGatewayURL(new_url) &&
+         IsDefaultGatewayURL(ctx->initiator_url))) {
+      ctx->new_url_spec = new_url.spec();
+    } else {
+      ctx->blocked_by = brave::kOtherBlocked;
+    }
   }
   return net::OK;
 }

browser/net/ipfs_redirect_network_delegate_helper_unittest.cc

@@ -11,6 +11,9 @@
 
 #include "brave/browser/net/url_context.h"
 #include "brave/common/translate_network_constants.h"
+#include "brave/components/ipfs/ipfs_gateway.h"
+#include "brave/components/ipfs/ipfs_utils.h"
+#include "chrome/common/channel_info.h"
 #include "chrome/test/base/chrome_render_view_host_test_harness.h"
 #include "net/traffic_annotation/network_traffic_annotation_test_helper.h"
 #include "net/url_request/url_request_test_util.h"
@@ -26,6 +29,9 @@ GURL GetPublicGateway() {
   return GURL("https://dweb.link");
 }
 
+const char initiator_cid[] =
+    "bafybeiemxf5abjwjbikoz4mc3a3dla6ual3jsgpdr4cjr3oz3evfyavhwq";
+
 TEST(IPFSRedirectNetworkDelegateHelperTest, TranslateIPFSURIHTTPScheme) {
   GURL url("http://a.com/ipfs/QmfM2r8seH2GiRaC4esTjeraXEachRt8ZsSeGaWTPLyMoG");
   auto brave_request_info = std::make_shared<brave::BraveRequestInfo>(url);
@@ -39,6 +45,9 @@ TEST(IPFSRedirectNetworkDelegateHelperTest, TranslateIPFSURIIPFSSchemeLocal) {
   GURL url("ipfs://QmfM2r8seH2GiRaC4esTjeraXEachRt8ZsSeGaWTPLyMoG");
   auto brave_request_info = std::make_shared<brave::BraveRequestInfo>(url);
   brave_request_info->ipfs_gateway_url = GetLocalGateway();
+  brave_request_info->initiator_url = ipfs::GetIPFSGatewayURL(
+      initiator_cid, "",
+      ipfs::GetDefaultIPFSLocalGateway(chrome::GetChannel()));
   int rc = ipfs::OnBeforeURLRequest_IPFSRedirectWork(brave::ResponseCallback(),
                                                      brave_request_info);
   EXPECT_EQ(rc, net::OK);
@@ -51,6 +60,8 @@ TEST(IPFSRedirectNetworkDelegateHelperTest, TranslateIPFSURIIPFSScheme) {
   GURL url("ipfs://QmfM2r8seH2GiRaC4esTjeraXEachRt8ZsSeGaWTPLyMoG");
   auto brave_request_info = std::make_shared<brave::BraveRequestInfo>(url);
   brave_request_info->ipfs_gateway_url = GetPublicGateway();
+  brave_request_info->initiator_url =
+      ipfs::GetIPFSGatewayURL(initiator_cid, "", ipfs::GetDefaultIPFSGateway());
   int rc = ipfs::OnBeforeURLRequest_IPFSRedirectWork(brave::ResponseCallback(),
                                                      brave_request_info);
   EXPECT_EQ(rc, net::OK);
@@ -63,6 +74,9 @@ TEST(IPFSRedirectNetworkDelegateHelperTest, TranslateIPFSURIIPNSSchemeLocal) {
   GURL url("ipns://QmSrPmbaUKA3ZodhzPWZnpFgcPMFWF4QsxXbkWfEptTBJd");
   auto brave_request_info = std::make_shared<brave::BraveRequestInfo>(url);
   brave_request_info->ipfs_gateway_url = GetLocalGateway();
+  brave_request_info->initiator_url = ipfs::GetIPFSGatewayURL(
+      initiator_cid, "",
+      ipfs::GetDefaultIPFSLocalGateway(chrome::GetChannel()));
   int rc = ipfs::OnBeforeURLRequest_IPFSRedirectWork(brave::ResponseCallback(),
                                                      brave_request_info);
   EXPECT_EQ(rc, net::OK);
@@ -75,6 +89,8 @@ TEST(IPFSRedirectNetworkDelegateHelperTest, TranslateIPFSURIIPNSScheme) {
   GURL url("ipns://QmSrPmbaUKA3ZodhzPWZnpFgcPMFWF4QsxXbkWfEptTBJd");
   auto brave_request_info = std::make_shared<brave::BraveRequestInfo>(url);
   brave_request_info->ipfs_gateway_url = GetPublicGateway();
+  brave_request_info->initiator_url =
+      ipfs::GetIPFSGatewayURL(initiator_cid, "", ipfs::GetDefaultIPFSGateway());
   int rc = ipfs::OnBeforeURLRequest_IPFSRedirectWork(brave::ResponseCallback(),
                                                      brave_request_info);
   EXPECT_EQ(rc, net::OK);

chromium_src/third_party/blink/common/loader/network_utils.cc

@@ -0,0 +1,23 @@
+/* Copyright (c) 2020 The Brave Authors. All rights reserved.
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "third_party/blink/public/common/loader/network_utils.h"
+
+#define IsURLHandledByNetworkService IsURLHandledByNetworkService_ChromiumImpl
+#include "../../../../../../third_party/blink/common/loader/network_utils.cc"
+#undef IsURLHandledByNetworkService
+
+namespace blink {
+namespace network_utils {
+
+bool IsURLHandledByNetworkService(const GURL& url) {
+  if (url.SchemeIs("ipns") || url.SchemeIs("ipfs")) {
+    return true;
+  }
+  return IsURLHandledByNetworkService_ChromiumImpl(url);
+}
+
+}  // namespace network_utils
+}  // namespace blink