Permission host mismatch #13475
Permission host mismatch #13475
Conversation
Codecov Report
@@ Coverage Diff @@
## master #13475 +/- ##
==========================================
- Coverage 56.74% 56.66% -0.09%
==========================================
Files 285 285
Lines 28797 28894 +97
Branches 4755 4775 +20
==========================================
+ Hits 16341 16372 +31
- Misses 12456 12522 +66
|
app/filtering.js
Outdated
| @@ -495,9 +496,10 @@ function registerPermissionHandler (session, partition) { | |||
| } | |||
| } | |||
|
|
|||
| let parsedMainFrameUrl = new URL(mainFrameUrl) | |||
There was a problem hiding this comment.
With urlParse:
tps://oogle.com/search?q=s%3A%2F%2Fwww.lcebook.com%2F
{ hash: '',
hostname: '',
host: '',
href: 'tps://oogle.com/search?q=s%3A%2F%2Fwww.lcebook.com%2F',
path: '//oogle.com/search?q=s%3A%2F%2Fwww.lcebook.com%2F',
pathname: '//oogle.com/search',
port: '',
protocol: 'tps:',
query: 'q=s%3A%2F%2Fwww.lcebook.com%2F',
search: '?q=s%3A%2F%2Fwww.lcebook.com%2F',
origin: '' }
There was a problem hiding this comment.
with new URL
URL {
href: tps://oogle.com/search?q=s%3A%2F%2Fwww.lcebook.com%2F
protocol: tps:
hostname: oogle.com
pathname: /search
search: ?q=s%3A%2F%2Fwww.lcebook.com%2F
}
There was a problem hiding this comment.
Fails here: <a href="tp://ttt.com">Test Url</a>
|
could you please add a test plan with the expected behavior? |
app/common/urlParse.js
Outdated
| urlParse = require('url').parse | ||
| } | ||
|
|
||
| let urlParse = require('url').parse |
There was a problem hiding this comment.
there are some security issues with Node's default URL parser - can this behavior be fixed in Muon's url parser?
There was a problem hiding this comment.
yes, working on that.
app/filtering.js
Outdated
| @@ -511,7 +511,7 @@ function registerPermissionHandler (session, partition) { | |||
| {text: locale.translation('deny')}, | |||
| {text: locale.translation('allow')} | |||
| ], | |||
| frameOrigin: getOrigin(mainFrameUrl), | |||
| frameOrigin: getOrigin(origin), | |||
There was a problem hiding this comment.
i think you want mainFrameUrl here
There was a problem hiding this comment.
The variable names need to be updated here.
In brave/muon#540. I updated the origin to be the security origin of the current frame, and the mainFrameUrl to the URL requesting the permission.
|
@jumde previously, the If we are going to change it to the behavior specified in your test plan, we need to also:
i agree that the behavior in this PR makes more sense than the existing behavior, but i also want to note that the scope of these changes is larger than #13471 (which can be fixed by just changing the displayed URL to be the external URL in the case where a main frame URL doesn't exist or if the request was initiated by directly entering a link in the URL bar). could you open a new issue for the change in the openExternal permissions model? |
js/lib/urlutil.js
Outdated
| if (parsed.origin.length !== 0) { | ||
| return parsed.origin.replace(/\/+$/, '') | ||
| } | ||
| return parsed.href.replace(/\/+$/, '') |
There was a problem hiding this comment.
is this change still needed? i don't think this works on arbitrary URLs, ex:
muon.url.parse('sms://bing/kfdk').href.replace(/\/+$/, '') // returns "sms://bing/kfdk"
There was a problem hiding this comment.
let's remove this diff if it's no longer needed
There was a problem hiding this comment.
This is still needed, muon.url.parse for muon.url.parse('sms://bing/kfdk') returns NULL origin. The warning message if this change is not present, the warning message will read Allow Brave Browser to open an external application?
There was a problem hiding this comment.
@jumde what if instead of this change, you just change https://github.com/brave/browser-laptop/pull/13475/files#diff-7b5b041c814805dd8496488bc6a53d3cR469 to parsed.origin != undefined so that the null origin will trigger https://github.com/brave/browser-laptop/pull/13475/files#diff-7b5b041c814805dd8496488bc6a53d3cR479 ?
also please add a test case in the getOrigin unit tests
There was a problem hiding this comment.
Host is also null for arbitrary URLs:
Url: hps://nodejs.org/en/download/
{ hash: '',
hostname: '',
host: '',
href: 'hps://nodejs.org/en/download/',
path: '//nodejs.org/en/download/',
pathname: '//nodejs.org/en/download/',
port: '',
protocol: 'hps:',
query: '',
search: '',
origin: '' }
There was a problem hiding this comment.
@jumde i see. what if instead of changing the behavior of getOrigin, we just change https://github.com/brave/browser-laptop/pull/13475/files#diff-8a9bac13ef6264feb2b6da7c18d86b3cR500 to requestingOrigin || requestingUrl || 'Brave Browser' so it displays correctly?
i am reluctant to change getOrigin since it's used in various places for security checks
app/filtering.js
Outdated
| } | ||
|
|
||
| let response = [] | ||
|
|
||
| if (origin == null) { | ||
| if (requestingUrl == null) { | ||
| response = new Array(permissionTypes.length) |
There was a problem hiding this comment.
This looks to be the first real change (origin => requestingUrl)- everything else above this line is just renaming, is that correct?
app/filtering.js
Outdated
| @@ -497,7 +497,7 @@ function registerPermissionHandler (session, partition) { | |||
|
|
|||
| // Display 'Brave Browser' if the origin is null; ex: when a mailto: link | |||
| // is opened in a new tab via right-click | |||
| const message = locale.translation('permissionMessage').replace(/{{\s*host\s*}}/, origin || 'Brave Browser').replace(/{{\s*permission\s*}}/, permissions[permission].action) | |||
| const message = locale.translation('permissionMessage').replace(/{{\s*host\s*}}/, getOrigin(requestingUrl) || 'Brave Browser').replace(/{{\s*permission\s*}}/, permissions[permission].action) | |||
There was a problem hiding this comment.
Do you have an example of where the setPermissionRequestHandler handler gets called from? I see the definition in Muon, but am not sure when the handler is called?
There was a problem hiding this comment.
UPDATE: found it-
PlatformNotificationServiceImpl::DisplayNotification
I wanted to find an example of the args passed in
There was a problem hiding this comment.
Looking at the code in Muon...
mainFrameOrigin maps to current_origin
requestingUrl maps to requesting_origin
Super glad you fixed this mismatch issue 😄
app/filtering.js
Outdated
| @@ -530,7 +530,7 @@ function registerPermissionHandler (session, partition) { | |||
| response[index] = result | |||
| if (persist) { | |||
| // remember site setting for this host | |||
| appActions.changeSiteSetting(origin, permission + 'Permission', result, isPrivate) | |||
| appActions.changeSiteSetting(requestingUrl, permission + 'Permission', result, isPrivate) | |||
There was a problem hiding this comment.
I'm confused why we are getting the permissions for the main frame origin in https://github.com/brave/browser-laptop/pull/13475/files#diff-8a9bac13ef6264feb2b6da7c18d86b3cR452, but here we apply permissions by requestingUrl instead of mainFrameOrigin. seems like these two lines should either both use requestingUrl or both use mainFrameOrigin
There was a problem hiding this comment.
see https://github.com/brave/browser-laptop/pull/13475/files#r177257591 - this should apply the change by requesting origin, not full URL
app/filtering.js
Outdated
| settings = siteSettings.getSiteSettingsForHostPattern(appState.get('siteSettings'), origin) | ||
| tempSettings = siteSettings.getSiteSettingsForHostPattern(appState.get('temporarySiteSettings'), origin) | ||
| } else if (mainFrameUrl.startsWith('magnet:')) { | ||
| settings = siteSettings.getSiteSettingsForHostPattern(appState.get('siteSettings'), mainFrameOrigin) |
There was a problem hiding this comment.
are you sure this and the other getSiteSettingsForHostPattern lines aren't supposed to use getOrigin(requestingUrl) instead of mainFrameOrigin since that's what is actually shown in the message?
There was a problem hiding this comment.
… permissions are requested Auditors - @bsclifton, @diracdeltas
app/filtering.js
Outdated
| tempSettings = siteSettings.getSiteSettingsForHostPattern(appState.get('temporarySiteSettings'), origin) | ||
| } else if (mainFrameUrl.startsWith('magnet:')) { | ||
| settings = siteSettings.getSiteSettingsForHostPattern(appState.get('siteSettings'), requestingUrl) | ||
| tempSettings = siteSettings.getSiteSettingsForHostPattern(appState.get('temporarySiteSettings'), requestingUrl) |
There was a problem hiding this comment.
you have to do requestingUrl = getOrigin(requestingUrl) before calling these settings since these were previously saved by origin not full URL
There was a problem hiding this comment.
or better yet, define const requestingOrigin = getOrigin(requestingUrl) in the function scope so that it's harder to confuse URL with origin
app/filtering.js
Outdated
| origin = getOrigin(origin) | ||
| settings = siteSettings.getSiteSettingsForURL(appState.get('siteSettings'), origin) | ||
| tempSettings = siteSettings.getSiteSettingsForURL(appState.get('temporarySiteSettings'), origin) | ||
| requestingUrl = getOrigin(requestingUrl) |
There was a problem hiding this comment.
app/filtering.js
Outdated
| @@ -497,7 +497,7 @@ function registerPermissionHandler (session, partition) { | |||
|
|
|||
| // Display 'Brave Browser' if the origin is null; ex: when a mailto: link | |||
| // is opened in a new tab via right-click | |||
| const message = locale.translation('permissionMessage').replace(/{{\s*host\s*}}/, origin || 'Brave Browser').replace(/{{\s*permission\s*}}/, permissions[permission].action) | |||
| const message = locale.translation('permissionMessage').replace(/{{\s*host\s*}}/, getOrigin(requestingUrl) || 'Brave Browser').replace(/{{\s*permission\s*}}/, permissions[permission].action) | |||
There was a problem hiding this comment.
can also be simplified using https://github.com/brave/browser-laptop/pull/13475/files#r177257591
app/filtering.js
Outdated
| if (mainFrameUrl === appUrlUtil.getBraveExtIndexHTML() || isPDFOrigin || isBraveOrigin) { | ||
| let requestingOrigin = getOrigin(requestingUrl) | ||
|
|
||
| if (requestingOrigin === appUrlUtil.getBraveExtIndexHTML() || isPDFOrigin || isBraveOrigin) { |
There was a problem hiding this comment.
you want requestingUrl in this line i think
|
@jumde thanks for making the changes. PR looks good to me now :). i will test it once the muon build is out. |
app/filtering.js
Outdated
| @@ -471,7 +471,7 @@ function registerPermissionHandler (session, partition) { | |||
| response.push(false) | |||
| } else if (permission === 'fullscreen' && | |||
| // The Torrent Viewer extension is always allowed to show fullscreen media | |||
| origin.startsWith('chrome-extension://' + config.torrentExtensionId)) { | |||
| mainFrameOrigin.startsWith('chrome-extension://' + config.torrentExtensionId)) { | |||
There was a problem hiding this comment.
this throws an error when you go to http://www.orimi.com/pdf-test.pdf and click the fullscreen button
should be requestingOrigin instead of mainFrameOrigin i think
There was a problem hiding this comment.
actually it shouldn't - https://github.com/brave/browser-laptop/pull/13475/files#diff-8a9bac13ef6264feb2b6da7c18d86b3cR440 set the mainFrameOrigin to null deliberately
so i think this just has to check if mainFrameOrigin is null
app/filtering.js
Outdated
| } else if (mainFrameUrl.startsWith('magnet:')) { | ||
| settings = siteSettings.getSiteSettingsForHostPattern(appState.get('siteSettings'), requestingOrigin) | ||
| tempSettings = siteSettings.getSiteSettingsForHostPattern(appState.get('temporarySiteSettings'), requestingOrigin) | ||
| } else if (requestingOrigin.startsWith('magnet:')) { |
There was a problem hiding this comment.
this if block` is actually not necessary anymore since it will show the magnet URL itself
|
I am an idiot and just merged again without squashing 😛 |
Fixes: #13471
Depends: brave/muon#540
Test plan
<a href="sms://ggle.com">Test</a>sms://ggle.comand not<webserver>