diff --git a/app/brave_generated_resources.grd b/app/brave_generated_resources.grd
index e5d12adb70e2..2a2cb55c6fef 100644
--- a/app/brave_generated_resources.grd
+++ b/app/brave_generated_resources.grd
@@ -340,6 +340,9 @@ By installing this extension, you are agreeing to the Google Widevine Terms of U
Block scripts
+
+ Allow Google logins
+
Allow Facebook logins and embedded posts
diff --git a/browser/brave_profile_prefs.cc b/browser/brave_profile_prefs.cc
index 3adcc95f7e9f..7e3fa0da6262 100644
--- a/browser/brave_profile_prefs.cc
+++ b/browser/brave_profile_prefs.cc
@@ -77,6 +77,9 @@ void RegisterProfilePrefs(user_prefs::PrefRegistrySyncable* registry) {
registry->RegisterBooleanPref(kShieldsAdvancedViewEnabled,
is_new_user == false);
+
+ // Google-oauth should work by default
+ registry->RegisterBooleanPref(kGoogleLoginControlType, true);
registry->RegisterBooleanPref(kFBEmbedControlType, true);
registry->RegisterBooleanPref(kTwitterEmbedControlType, true);
registry->RegisterBooleanPref(kLinkedInEmbedControlType, false);
diff --git a/browser/brave_profile_prefs_browsertest.cc b/browser/brave_profile_prefs_browsertest.cc
index 9f98d1b01c9a..b5bc12c1cecf 100644
--- a/browser/brave_profile_prefs_browsertest.cc
+++ b/browser/brave_profile_prefs_browsertest.cc
@@ -37,6 +37,8 @@ IN_PROC_BROWSER_TEST_F(BraveProfilePrefsBrowserTest, MiscBravePrefs) {
browser()->profile()->GetPrefs()->GetBoolean(kNoScriptControlType));
EXPECT_TRUE(
browser()->profile()->GetPrefs()->GetBoolean(kAdControlType));
+ EXPECT_TRUE(
+ browser()->profile()->GetPrefs()->GetBoolean(kGoogleLoginControlType));
EXPECT_TRUE(
browser()->profile()->GetPrefs()->GetBoolean(kFBEmbedControlType));
EXPECT_TRUE(
diff --git a/browser/extensions/api/settings_private/brave_prefs_util.cc b/browser/extensions/api/settings_private/brave_prefs_util.cc
index 5772904119e7..e87903b5fc0b 100644
--- a/browser/extensions/api/settings_private/brave_prefs_util.cc
+++ b/browser/extensions/api/settings_private/brave_prefs_util.cc
@@ -48,6 +48,8 @@ const PrefsUtil::TypedPrefMap& BravePrefsUtil::GetWhitelistedKeys() {
settings_api::PrefType::PREF_TYPE_BOOLEAN;
(*s_brave_whitelist)[kNoScriptControlType] =
settings_api::PrefType::PREF_TYPE_BOOLEAN;
+ (*s_brave_whitelist)[kGoogleLoginControlType] =
+ settings_api::PrefType::PREF_TYPE_BOOLEAN;
(*s_brave_whitelist)[kFBEmbedControlType] =
settings_api::PrefType::PREF_TYPE_BOOLEAN;
(*s_brave_whitelist)[kTwitterEmbedControlType] =
diff --git a/browser/net/brave_network_delegate_browsertest.cc b/browser/net/brave_network_delegate_browsertest.cc
index 199220c74251..d39e255e0c68 100644
--- a/browser/net/brave_network_delegate_browsertest.cc
+++ b/browser/net/brave_network_delegate_browsertest.cc
@@ -5,6 +5,7 @@
#include "base/path_service.h"
#include "brave/common/brave_paths.h"
+#include "brave/common/pref_names.h"
#include "brave/components/brave_shields/browser/brave_shields_util.h"
#include "brave/components/brave_shields/common/brave_shield_constants.h"
#include "chrome/browser/content_settings/host_content_settings_map_factory.h"
@@ -14,15 +15,21 @@
#include "chrome/test/base/ui_test_utils.h"
#include "components/content_settings/core/browser/host_content_settings_map.h"
#include "components/content_settings/core/common/pref_names.h"
+#include "components/network_session_configurator/common/network_switches.h"
#include "components/prefs/pref_service.h"
+#include "content/public/common/content_paths.h"
#include "content/public/test/browser_test_utils.h"
#include "net/dns/mock_host_resolver.h"
+#include "net/test/embedded_test_server/default_handlers.h"
#include "url/gurl.h"
using net::test_server::EmbeddedTestServer;
class BraveNetworkDelegateBrowserTest : public InProcessBrowserTest {
public:
+ BraveNetworkDelegateBrowserTest()
+ : https_server_(net::EmbeddedTestServer::TYPE_HTTPS) {}
+
void SetUpOnMainThread() override {
InProcessBrowserTest::SetUpOnMainThread();
@@ -36,11 +43,27 @@ class BraveNetworkDelegateBrowserTest : public InProcessBrowserTest {
ASSERT_TRUE(embedded_test_server()->Start());
+ https_server_.ServeFilesFromDirectory(test_data_dir);
+ net::test_server::RegisterDefaultHandlers(&https_server_);
+ ASSERT_TRUE(https_server_.Start());
+
url_ = embedded_test_server()->GetURL("a.com", "/nested_iframe.html");
nested_iframe_script_url_ =
embedded_test_server()->GetURL("a.com", "/nested_iframe_script.html");
top_level_page_url_ = embedded_test_server()->GetURL("a.com", "/");
+ https_top_level_page_url_ = https_server_.GetURL("a.com", "/");
+
+ cookie_iframe_url_ =
+ embedded_test_server()->GetURL("a.com", "/cookie_iframe.html");
+ https_cookie_iframe_url_ =
+ https_server_.GetURL("a.com", "/cookie_iframe.html");
+
+ third_party_cookie_url_ =
+ embedded_test_server()->GetURL("b.com", "/set-cookie?name=Good");
+ google_oauth_cookie_url_ =
+ https_server_.GetURL("accounts.google.com", "/set-cookie?oauth=true");
+
top_level_page_pattern_ =
ContentSettingsPattern::FromString("http://a.com/*");
first_party_pattern_ =
@@ -51,70 +74,87 @@ class BraveNetworkDelegateBrowserTest : public InProcessBrowserTest {
return HostContentSettingsMapFactory::GetForProfile(browser()->profile());
}
+ void SetUpCommandLine(base::CommandLine* command_line) override {
+ // This is needed to load pages from "domain.com" without an interstitial.
+ command_line->AppendSwitch(switches::kIgnoreCertificateErrors);
+ }
+
void DefaultBlockAllCookies() {
brave_shields::SetCookieControlType(
browser()->profile(), brave_shields::ControlType::BLOCK, GURL());
}
- void BlockThirdPartyCookies() {
+ void DefaultBlockThirdPartyCookies() {
brave_shields::SetCookieControlType(
browser()->profile(), brave_shields::ControlType::BLOCK_THIRD_PARTY,
GURL());
}
- void AllowAllCookies() {
+ void DefaultAllowAllCookies() {
brave_shields::SetCookieControlType(
browser()->profile(), brave_shields::ControlType::ALLOW, GURL());
}
- void AllowCookies() {
+ void AllowCookies(const GURL url) {
brave_shields::SetCookieControlType(browser()->profile(),
brave_shields::ControlType::ALLOW,
- top_level_page_url_);
+ url);
+ }
+
+ void BlockThirdPartyCookies(const GURL url) {
+ brave_shields::SetCookieControlType(
+ browser()->profile(),
+ brave_shields::ControlType::BLOCK_THIRD_PARTY,
+ url);
}
- void BlockCookies() {
+ void BlockCookies(const GURL url) {
brave_shields::SetCookieControlType(browser()->profile(),
brave_shields::ControlType::BLOCK,
- top_level_page_url_);
+ url);
}
- void ShieldsDown() {
+ void ShieldsDown(const GURL url) {
brave_shields::SetBraveShieldsEnabled(browser()->profile(), false,
- top_level_page_url_);
+ url);
}
- void NavigateToPageWithFrame(const EmbeddedTestServer* server,
- const std::string& host) {
- ui_test_utils::NavigateToURL(browser(),
- server->GetURL(host, "/cookie_iframe.html"));
+ void NavigateToPageWithFrame(const GURL url) {
+ ui_test_utils::NavigateToURL(browser(), url);
}
- void ExpectCookiesOnHost(const EmbeddedTestServer* server,
- const std::string& host,
+ void ExpectCookiesOnHost(const GURL url,
const std::string& expected) {
EXPECT_EQ(expected, content::GetCookies(browser()->profile(),
- server->GetURL(host, "/")));
+ url));
}
- void NavigateFrameTo(const EmbeddedTestServer* server,
- const std::string& host,
- const std::string& path) {
- GURL page = server->GetURL(host, path);
+ void NavigateFrameTo(const GURL url) {
content::WebContents* web_contents =
browser()->tab_strip_model()->GetActiveWebContents();
- EXPECT_TRUE(NavigateIframeToURL(web_contents, "test", page));
+ EXPECT_TRUE(NavigateIframeToURL(web_contents, "test", url));
+ }
+
+ void BlockGoogleOAuthCookies() {
+ browser()->profile()->GetPrefs()->SetBoolean(kGoogleLoginControlType,
+ false);
}
protected:
GURL url_;
GURL nested_iframe_script_url_;
+ GURL top_level_page_url_;
+ GURL https_top_level_page_url_;
+ GURL cookie_iframe_url_;
+ GURL https_cookie_iframe_url_;
+ GURL third_party_cookie_url_;
+ GURL google_oauth_cookie_url_;
private:
- GURL top_level_page_url_;
ContentSettingsPattern top_level_page_pattern_;
ContentSettingsPattern first_party_pattern_;
ContentSettingsPattern iframe_pattern_;
+ net::test_server::EmbeddedTestServer https_server_;
};
// It is important that cookies in following tests are set by response headers,
@@ -127,7 +167,7 @@ IN_PROC_BROWSER_TEST_F(BraveNetworkDelegateBrowserTest, Iframe3PCookieBlocked) {
}
IN_PROC_BROWSER_TEST_F(BraveNetworkDelegateBrowserTest, Iframe3PCookieAllowed) {
- AllowCookies();
+ AllowCookies(top_level_page_url_);
ui_test_utils::NavigateToURL(browser(), url_);
const std::string cookie =
content::GetCookies(browser()->profile(), GURL("http://c.com/"));
@@ -135,7 +175,7 @@ IN_PROC_BROWSER_TEST_F(BraveNetworkDelegateBrowserTest, Iframe3PCookieAllowed) {
}
IN_PROC_BROWSER_TEST_F(BraveNetworkDelegateBrowserTest, Iframe3PShieldsDown) {
- ShieldsDown();
+ ShieldsDown(top_level_page_url_);
ui_test_utils::NavigateToURL(browser(), url_);
const std::string cookie =
content::GetCookies(browser()->profile(), GURL("http://c.com/"));
@@ -145,13 +185,13 @@ IN_PROC_BROWSER_TEST_F(BraveNetworkDelegateBrowserTest, Iframe3PShieldsDown) {
IN_PROC_BROWSER_TEST_F(BraveNetworkDelegateBrowserTest,
Iframe3PShieldsDownOverridesCookieBlock) {
// create an explicit override
- BlockCookies();
+ BlockCookies(top_level_page_url_);
ui_test_utils::NavigateToURL(browser(), url_);
std::string cookie =
content::GetCookies(browser()->profile(), GURL("http://c.com/"));
EXPECT_TRUE(cookie.empty()) << "Actual cookie: " << cookie;
- ShieldsDown();
+ ShieldsDown(top_level_page_url_);
ui_test_utils::NavigateToURL(browser(), url_);
cookie = content::GetCookies(browser()->profile(), GURL("http://c.com/"));
EXPECT_FALSE(cookie.empty());
@@ -168,7 +208,7 @@ IN_PROC_BROWSER_TEST_F(BraveNetworkDelegateBrowserTest,
IN_PROC_BROWSER_TEST_F(BraveNetworkDelegateBrowserTest,
IframeJs3PCookieAllowed) {
- AllowCookies();
+ AllowCookies(top_level_page_url_);
ui_test_utils::NavigateToURL(browser(), nested_iframe_script_url_);
const std::string cookie =
content::GetCookies(browser()->profile(), GURL("http://c.com/"));
@@ -188,7 +228,7 @@ IN_PROC_BROWSER_TEST_F(BraveNetworkDelegateBrowserTest, DefaultCookiesBlocked) {
IN_PROC_BROWSER_TEST_F(BraveNetworkDelegateBrowserTest,
PrefToggleBlockAllToBlockThirdParty) {
DefaultBlockAllCookies();
- BlockThirdPartyCookies();
+ DefaultBlockThirdPartyCookies();
EXPECT_TRUE(browser()->profile()->GetPrefs()->GetBoolean(
prefs::kBlockThirdPartyCookies));
@@ -196,18 +236,17 @@ IN_PROC_BROWSER_TEST_F(BraveNetworkDelegateBrowserTest,
"profile.default_content_setting_values.cookies"),
ContentSetting::CONTENT_SETTING_ALLOW);
- NavigateToPageWithFrame(embedded_test_server(), "a.com");
+ NavigateToPageWithFrame(cookie_iframe_url_);
+ NavigateFrameTo(third_party_cookie_url_);
- NavigateFrameTo(embedded_test_server(), "b.com", "/set-cookie?name=Good");
-
- ExpectCookiesOnHost(embedded_test_server(), "a.com", "name=Good");
- ExpectCookiesOnHost(embedded_test_server(), "b.com", "");
+ ExpectCookiesOnHost(top_level_page_url_, "name=Good");
+ ExpectCookiesOnHost(GURL(third_party_cookie_url_.host()), "");
}
IN_PROC_BROWSER_TEST_F(BraveNetworkDelegateBrowserTest,
PrefToggleBlockAllToAllowAll) {
DefaultBlockAllCookies();
- AllowAllCookies();
+ DefaultAllowAllCookies();
EXPECT_FALSE(browser()->profile()->GetPrefs()->GetBoolean(
prefs::kBlockThirdPartyCookies));
@@ -215,18 +254,17 @@ IN_PROC_BROWSER_TEST_F(BraveNetworkDelegateBrowserTest,
"profile.default_content_setting_values.cookies"),
ContentSetting::CONTENT_SETTING_ALLOW);
- NavigateToPageWithFrame(embedded_test_server(), "a.com");
-
- NavigateFrameTo(embedded_test_server(), "b.com", "/set-cookie?name=Good");
+ NavigateToPageWithFrame(cookie_iframe_url_);
+ NavigateFrameTo(third_party_cookie_url_);
- ExpectCookiesOnHost(embedded_test_server(), "a.com", "name=Good");
- ExpectCookiesOnHost(embedded_test_server(), "b.com", "name=Good");
+ ExpectCookiesOnHost(top_level_page_url_, "name=Good");
+ ExpectCookiesOnHost(GURL("http://b.com"), "name=Good");
}
IN_PROC_BROWSER_TEST_F(BraveNetworkDelegateBrowserTest,
PrefToggleBlockThirdPartyToAllowAll) {
- BlockThirdPartyCookies();
- AllowAllCookies();
+ DefaultBlockThirdPartyCookies();
+ DefaultAllowAllCookies();
EXPECT_FALSE(browser()->profile()->GetPrefs()->GetBoolean(
prefs::kBlockThirdPartyCookies));
@@ -234,17 +272,16 @@ IN_PROC_BROWSER_TEST_F(BraveNetworkDelegateBrowserTest,
"profile.default_content_setting_values.cookies"),
ContentSetting::CONTENT_SETTING_ALLOW);
- NavigateToPageWithFrame(embedded_test_server(), "a.com");
+ NavigateToPageWithFrame(cookie_iframe_url_);
+ NavigateFrameTo(third_party_cookie_url_);
- NavigateFrameTo(embedded_test_server(), "b.com", "/set-cookie?name=Good");
-
- ExpectCookiesOnHost(embedded_test_server(), "a.com", "name=Good");
- ExpectCookiesOnHost(embedded_test_server(), "b.com", "name=Good");
+ ExpectCookiesOnHost(top_level_page_url_, "name=Good");
+ ExpectCookiesOnHost(GURL("http://b.com"), "name=Good");
}
IN_PROC_BROWSER_TEST_F(BraveNetworkDelegateBrowserTest,
PrefToggleBlockThirdPartyToBlockAll) {
- BlockThirdPartyCookies();
+ DefaultBlockThirdPartyCookies();
DefaultBlockAllCookies();
EXPECT_FALSE(browser()->profile()->GetPrefs()->GetBoolean(
@@ -253,18 +290,17 @@ IN_PROC_BROWSER_TEST_F(BraveNetworkDelegateBrowserTest,
"profile.default_content_setting_values.cookies"),
ContentSetting::CONTENT_SETTING_BLOCK);
- NavigateToPageWithFrame(embedded_test_server(), "a.com");
-
- NavigateFrameTo(embedded_test_server(), "b.com", "/set-cookie?name=Good");
+ NavigateToPageWithFrame(cookie_iframe_url_);
+ NavigateFrameTo(third_party_cookie_url_);
- ExpectCookiesOnHost(embedded_test_server(), "a.com", "");
- ExpectCookiesOnHost(embedded_test_server(), "b.com", "");
+ ExpectCookiesOnHost(top_level_page_url_, "");
+ ExpectCookiesOnHost(GURL("http://b.com"), "");
}
IN_PROC_BROWSER_TEST_F(BraveNetworkDelegateBrowserTest,
PrefToggleAllowAllToBlockThirdParty) {
- AllowAllCookies();
- BlockThirdPartyCookies();
+ DefaultAllowAllCookies();
+ DefaultBlockThirdPartyCookies();
EXPECT_TRUE(browser()->profile()->GetPrefs()->GetBoolean(
prefs::kBlockThirdPartyCookies));
@@ -272,17 +308,16 @@ IN_PROC_BROWSER_TEST_F(BraveNetworkDelegateBrowserTest,
"profile.default_content_setting_values.cookies"),
ContentSetting::CONTENT_SETTING_ALLOW);
- NavigateToPageWithFrame(embedded_test_server(), "a.com");
+ NavigateToPageWithFrame(cookie_iframe_url_);
+ NavigateFrameTo(third_party_cookie_url_);
- NavigateFrameTo(embedded_test_server(), "b.com", "/set-cookie?name=Good");
-
- ExpectCookiesOnHost(embedded_test_server(), "a.com", "name=Good");
- ExpectCookiesOnHost(embedded_test_server(), "b.com", "");
+ ExpectCookiesOnHost(top_level_page_url_, "name=Good");
+ ExpectCookiesOnHost(GURL("http://b.com"), "");
}
IN_PROC_BROWSER_TEST_F(BraveNetworkDelegateBrowserTest,
PrefToggleAllowAllToBlockAll) {
- AllowAllCookies();
+ DefaultAllowAllCookies();
DefaultBlockAllCookies();
EXPECT_FALSE(browser()->profile()->GetPrefs()->GetBoolean(
@@ -291,10 +326,130 @@ IN_PROC_BROWSER_TEST_F(BraveNetworkDelegateBrowserTest,
"profile.default_content_setting_values.cookies"),
ContentSetting::CONTENT_SETTING_BLOCK);
- NavigateToPageWithFrame(embedded_test_server(), "a.com");
+ NavigateToPageWithFrame(cookie_iframe_url_);
+ NavigateFrameTo(third_party_cookie_url_);
+
+ ExpectCookiesOnHost(top_level_page_url_, "");
+ ExpectCookiesOnHost(GURL("http://b.com"), "");
+}
+
+IN_PROC_BROWSER_TEST_F(BraveNetworkDelegateBrowserTest,
+ ThirdPartyGoogleOauthCookieAllowed) {
+ NavigateToPageWithFrame(https_cookie_iframe_url_);
+ ExpectCookiesOnHost(GURL("https://accounts.google.com"), "");
+
+ NavigateFrameTo(google_oauth_cookie_url_);
+ ExpectCookiesOnHost(GURL("https://accounts.google.com"), "oauth=true");
+}
+
+IN_PROC_BROWSER_TEST_F(BraveNetworkDelegateBrowserTest,
+ ThirdPartyGoogleOauthCookieDefaultAllowSiteOverride) {
+ AllowCookies(https_top_level_page_url_);
+ NavigateToPageWithFrame(https_cookie_iframe_url_);
+ ExpectCookiesOnHost(GURL("https://accounts.google.com"), "");
+
+ NavigateFrameTo(google_oauth_cookie_url_);
+ ExpectCookiesOnHost(GURL("https://accounts.google.com"), "oauth=true");
+}
+
+IN_PROC_BROWSER_TEST_F(BraveNetworkDelegateBrowserTest,
+ ThirdPartyGoogleOauthCookieDefaultBlock3pSiteOverride) {
+ BlockThirdPartyCookies(https_top_level_page_url_);
+ NavigateToPageWithFrame(https_cookie_iframe_url_);
+ ExpectCookiesOnHost(GURL("https://accounts.google.com"), "");
+
+ NavigateFrameTo(google_oauth_cookie_url_);
+ ExpectCookiesOnHost(GURL("https://accounts.google.com"), "oauth=true");
+}
+
+IN_PROC_BROWSER_TEST_F(BraveNetworkDelegateBrowserTest,
+ ThirdPartyGoogleOauthCookieDefaultBlockSiteOverride) {
+ BlockCookies(https_top_level_page_url_);
+ NavigateToPageWithFrame(https_cookie_iframe_url_);
+ ExpectCookiesOnHost(GURL("https://accounts.google.com"), "");
+
+ // Cookies for accounts.google.com will be allowed since the exception
+ // for google oauth will be parsed first.
+ NavigateFrameTo(google_oauth_cookie_url_);
+ ExpectCookiesOnHost(GURL("https://accounts.google.com"), "oauth=true");
+}
+
+IN_PROC_BROWSER_TEST_F(BraveNetworkDelegateBrowserTest,
+ ThirdPartyGoogleOauthCookieAllowAllAlowSiteOverride) {
+ DefaultAllowAllCookies();
+ AllowCookies(https_top_level_page_url_);
+ NavigateToPageWithFrame(https_cookie_iframe_url_);
+ ExpectCookiesOnHost(GURL("https://accounts.google.com"), "");
+
+ NavigateFrameTo(google_oauth_cookie_url_);
+ ExpectCookiesOnHost(GURL("https://accounts.google.com"), "oauth=true");
+}
+
+IN_PROC_BROWSER_TEST_F(BraveNetworkDelegateBrowserTest,
+ ThirdPartyGoogleOauthCookieAllowAllBlock3pSiteOverride) {
+ DefaultAllowAllCookies();
+ BlockThirdPartyCookies(https_top_level_page_url_);
+ NavigateToPageWithFrame(https_cookie_iframe_url_);
+ ExpectCookiesOnHost(GURL("https://accounts.google.com"), "");
+
+ NavigateFrameTo(google_oauth_cookie_url_);
+ ExpectCookiesOnHost(GURL("https://accounts.google.com"), "oauth=true");
+}
+
+IN_PROC_BROWSER_TEST_F(BraveNetworkDelegateBrowserTest,
+ ThirdPartyGoogleOauthCookieAllowAllBlockSiteOverride) {
+ DefaultAllowAllCookies();
+ BlockCookies(https_top_level_page_url_);
+ NavigateToPageWithFrame(https_cookie_iframe_url_);
+ ExpectCookiesOnHost(GURL("https://accounts.google.com"), "");
+
+ NavigateFrameTo(google_oauth_cookie_url_);
+ ExpectCookiesOnHost(GURL("https://accounts.google.com"), "oauth=true");
+}
- NavigateFrameTo(embedded_test_server(), "b.com", "/set-cookie?name=Good");
+IN_PROC_BROWSER_TEST_F(BraveNetworkDelegateBrowserTest,
+ ThirdPartyGoogleOauthCookieBlockAllAllowSiteOverride) {
+ DefaultBlockAllCookies();
+ AllowCookies(https_top_level_page_url_);
+ NavigateToPageWithFrame(https_cookie_iframe_url_);
+ ExpectCookiesOnHost(https_top_level_page_url_, "name=Good");
+ ExpectCookiesOnHost(GURL("https://accounts.google.com"), "");
- ExpectCookiesOnHost(embedded_test_server(), "a.com", "");
- ExpectCookiesOnHost(embedded_test_server(), "b.com", "");
+ NavigateFrameTo(google_oauth_cookie_url_);
+ ExpectCookiesOnHost(GURL("https://accounts.google.com"), "oauth=true");
}
+
+IN_PROC_BROWSER_TEST_F(BraveNetworkDelegateBrowserTest,
+ ThirdPartyGoogleOauthCookieBlockAllBlock3pSiteOverride) {
+ DefaultBlockAllCookies();
+ BlockThirdPartyCookies(https_top_level_page_url_);
+ NavigateToPageWithFrame(https_cookie_iframe_url_);
+ ExpectCookiesOnHost(https_top_level_page_url_, "name=Good");
+ ExpectCookiesOnHost(GURL("https://accounts.google.com"), "");
+
+ NavigateFrameTo(google_oauth_cookie_url_);
+ ExpectCookiesOnHost(GURL("https://accounts.google.com"), "oauth=true");
+}
+
+IN_PROC_BROWSER_TEST_F(BraveNetworkDelegateBrowserTest,
+ ThirdPartyGoogleOauthCookieBlockAllBlockSiteOverride) {
+ DefaultBlockAllCookies();
+ BlockCookies(https_top_level_page_url_);
+ NavigateToPageWithFrame(https_cookie_iframe_url_);
+ ExpectCookiesOnHost(https_top_level_page_url_, "");
+ ExpectCookiesOnHost(GURL("https://accounts.google.com"), "");
+
+ NavigateFrameTo(google_oauth_cookie_url_);
+ ExpectCookiesOnHost(GURL("https://accounts.google.com"), "oauth=true");
+}
+
+IN_PROC_BROWSER_TEST_F(BraveNetworkDelegateBrowserTest,
+ ThirdPartyGoogleOauthCookieBlocked) {
+ BlockGoogleOAuthCookies();
+ NavigateToPageWithFrame(https_cookie_iframe_url_);
+ ExpectCookiesOnHost(GURL("https://accounts.google.com"), "");
+
+ NavigateFrameTo(google_oauth_cookie_url_);
+ ExpectCookiesOnHost(GURL("https://accounts.google.com"), "");
+}
+
diff --git a/browser/resources/settings/social_blocking_page/social_blocking_page.html b/browser/resources/settings/social_blocking_page/social_blocking_page.html
index d122586ad6b3..76c87be2f193 100644
--- a/browser/resources/settings/social_blocking_page/social_blocking_page.html
+++ b/browser/resources/settings/social_blocking_page/social_blocking_page.html
@@ -10,6 +10,10 @@
+
+
diff --git a/chromium_src/chrome/browser/ui/webui/settings/settings_localized_strings_provider.cc b/chromium_src/chrome/browser/ui/webui/settings/settings_localized_strings_provider.cc
index d75e5a003bff..7b5c03a02b46 100644
--- a/chromium_src/chrome/browser/ui/webui/settings/settings_localized_strings_provider.cc
+++ b/chromium_src/chrome/browser/ui/webui/settings/settings_localized_strings_provider.cc
@@ -97,7 +97,9 @@ void BraveAddCommonStrings(content::WebUIDataSource* html_source,
IDS_SETTINGS_BRAVE_SHIELDS_HTTPS_EVERYWHERE_CONTROL_LABEL},
{"noScriptControlLabel",
IDS_SETTINGS_BRAVE_SHIELDS_NO_SCRIPT_CONTROL_LABEL},
- {"fbEmbedControlLabel",
+ {"googleLoginControlLabel",
+ IDS_SETTINGS_BRAVE_SHIELDS_GOOGLE_LOGINS_LABEL},
+ {"fbEmbedControlLabel",
IDS_SETTINGS_BRAVE_SHIELDS_FACEBOOK_EMBEDDED_POSTS_LABEL},
{"twitterEmbedControlLabel",
IDS_SETTINGS_BRAVE_SHIELDS_TWITTER_EMBEDDED_TWEETS_LABEL},
diff --git a/common/network_constants.cc b/common/network_constants.cc
index 86a2d6eb123f..b91b1881381b 100644
--- a/common/network_constants.cc
+++ b/common/network_constants.cc
@@ -57,6 +57,7 @@ const char kForbesExtraCookies[] =
"forbes_ab=true; welcomeAd=true; adblock_session=Off; "
"dailyWelcomeCookie=true";
const char kTwitterPattern[] = "https://*.twitter.com/*";
+const char kGoogleOAuthPattern[] = "https://accounts.google.com/*";
const char kCookieHeader[] = "Cookie";
// Intentional misspelling on referrer to match HTTP spec
diff --git a/common/network_constants.h b/common/network_constants.h
index 8a69a3953453..e0d7df86bfd3 100644
--- a/common/network_constants.h
+++ b/common/network_constants.h
@@ -38,6 +38,7 @@ extern const char kCRLSetPrefix3[];
extern const char kCRLSetPrefix4[];
extern const char kChromeCastPrefix[];
extern const char kTwitterPattern[];
+extern const char kGoogleOAuthPattern[];
extern const char kCookieHeader[];
extern const char kRefererHeader[];
diff --git a/common/pref_names.cc b/common/pref_names.cc
index ac01e1e73254..cf1173c75ea7 100644
--- a/common/pref_names.cc
+++ b/common/pref_names.cc
@@ -48,6 +48,7 @@ const char kNoScriptControlType[] = "brave.no_script_default";
const char kShieldsAdvancedViewEnabled[] =
"brave.shields.advanced_view_enabled";
const char kAdControlType[] = "brave.ad_default";
+const char kGoogleLoginControlType[] = "brave.google_login_default";
const char kFBEmbedControlType[] = "brave.fb_embed_default";
const char kTwitterEmbedControlType[] = "brave.twitter_embed_default";
const char kLinkedInEmbedControlType[] = "brave.linkedin_embed_default";
diff --git a/common/pref_names.h b/common/pref_names.h
index 49d5bd976951..8c3006d77977 100644
--- a/common/pref_names.h
+++ b/common/pref_names.h
@@ -41,6 +41,7 @@ extern const char kHTTPSEVerywhereControlType[];
extern const char kNoScriptControlType[];
extern const char kShieldsAdvancedViewEnabled[];
extern const char kAdControlType[];
+extern const char kGoogleLoginControlType[];
extern const char kFBEmbedControlType[];
extern const char kTwitterEmbedControlType[];
extern const char kLinkedInEmbedControlType[];
diff --git a/components/content_settings/core/browser/brave_content_settings_pref_provider.cc b/components/content_settings/core/browser/brave_content_settings_pref_provider.cc
index 42e1102882de..658e7c77317d 100644
--- a/components/content_settings/core/browser/brave_content_settings_pref_provider.cc
+++ b/components/content_settings/core/browser/brave_content_settings_pref_provider.cc
@@ -10,10 +10,13 @@
#include "base/bind.h"
#include "base/task/post_task.h"
+#include "brave/common/network_constants.h"
+#include "brave/common/pref_names.h"
#include "brave/components/brave_shields/common/brave_shield_constants.h"
#include "components/content_settings/core/browser/content_settings_pref.h"
#include "components/content_settings/core/browser/website_settings_registry.h"
#include "components/content_settings/core/common/content_settings_utils.h"
+#include "components/prefs/pref_service.h"
#include "content/public/browser/browser_task_traits.h"
#include "content/public/browser/browser_thread.h"
@@ -96,6 +99,10 @@ BravePrefProvider::BravePrefProvider(PrefService* prefs,
: PrefProvider(prefs, off_the_record, store_last_modified),
weak_factory_(this) {
brave_pref_change_registrar_.Init(prefs_);
+ brave_pref_change_registrar_.Add(
+ kGoogleLoginControlType,
+ base::BindRepeating(&BravePrefProvider::OnCookiePrefsChanged,
+ base::Unretained(this)));
WebsiteSettingsRegistry* website_settings =
WebsiteSettingsRegistry::GetInstance();
@@ -193,8 +200,24 @@ std::unique_ptr BravePrefProvider::GetRuleIterator(
void BravePrefProvider::UpdateCookieRules(ContentSettingsType content_type,
bool incognito) {
auto& rules = cookie_rules_[incognito];
+ auto old_rules = std::move(brave_cookie_rules_[incognito]);
+
rules.clear();
+ // kGoogleLoginControlType preference adds an exception for
+ // accounts.google.com to access cookies in 3p context to allow login using
+ // google oauth. The exception is added before all overrides to allow google
+ // oauth to work when the user sets custom overrides for a site.
+ // For example: Google OAuth will be allowed if the user allows all cookies
+ // and sets 3p cookie blocking for a site.
+ if (prefs_->GetBoolean(kGoogleLoginControlType)) {
+ auto rule = Rule(ContentSettingsPattern::FromString(kGoogleOAuthPattern),
+ ContentSettingsPattern::Wildcard(),
+ ContentSettingToValue(CONTENT_SETTING_ALLOW)->Clone());
+ rules.push_back(CloneRule(rule));
+ brave_cookie_rules_[incognito].push_back(CloneRule(rule));
+ }
+
// add chromium cookies
auto chromium_cookies_iterator = PrefProvider::GetRuleIterator(
CONTENT_SETTINGS_TYPE_COOKIES,
@@ -224,8 +247,6 @@ void BravePrefProvider::UpdateCookieRules(ContentSettingsType content_type,
brave_shields::kCookies,
incognito);
- auto old_rules = std::move(brave_cookie_rules_[incognito]);
-
// Matching cookie rules against shield rules.
while (brave_cookies_iterator && brave_cookies_iterator->HasNext()) {
auto rule = brave_cookies_iterator->Next();
@@ -314,6 +335,12 @@ void BravePrefProvider::NotifyChanges(const std::vector& rules,
"");
}
}
+
+void BravePrefProvider::OnCookiePrefsChanged(
+ const std::string& pref) {
+ OnCookieSettingsChanged(CONTENT_SETTINGS_TYPE_PLUGINS);
+}
+
void BravePrefProvider::OnCookieSettingsChanged(
ContentSettingsType content_type) {
UpdateCookieRules(content_type, true);
diff --git a/components/content_settings/core/browser/brave_content_settings_pref_provider.h b/components/content_settings/core/browser/brave_content_settings_pref_provider.h
index d66b8907b4b2..3f9d49542bcb 100644
--- a/components/content_settings/core/browser/brave_content_settings_pref_provider.h
+++ b/components/content_settings/core/browser/brave_content_settings_pref_provider.h
@@ -56,6 +56,7 @@ class BravePrefProvider : public PrefProvider,
const ContentSettingsPattern& secondary_pattern,
ContentSettingsType content_type,
const std::string& resource_identifier) override;
+ void OnCookiePrefsChanged(const std::string& pref);
// PrefProvider::pref_change_registrar_ alreay has plugin type.
PrefChangeRegistrar brave_pref_change_registrar_;