Disable shields for extensions #975
Conversation
The reasoning is they have APIs to do much worse tracking than our shields would protect them from. Users install them knowing they will have elevated permissions Fix brave/brave-browser#1380
bbondy
force-pushed
the
breaking-extensions
branch
from
638fc5a
to
8b8c9d9
Compare
| brave_shields::IsAllowContentSettingWithIOData( | ||
| io_data, tab_origin, tab_origin, CONTENT_SETTINGS_TYPE_PLUGINS, | ||
| brave_shields::kBraveShields) && | ||
| !first_party.SchemeIs(kChromeExtensionScheme); |
There was a problem hiding this comment.
The idea to implement this was just to follow where we allow things because of Brave shields down.
| @@ -39,6 +40,7 @@ void ExtensionFunctionalTest::InstallExtensionSilently(ExtensionService* service | |||
|
|
|||
| const Extension* extension = registry_observer.WaitForExtensionReady(); | |||
| EXPECT_TRUE(extension); | |||
| return extension; | |||
There was a problem hiding this comment.
I return this just so I can log the generated extension ID more easily in debugging.
| @@ -65,4 +67,68 @@ IN_PROC_BROWSER_TEST_F(BraveExtensionProviderTest, PDFJSInstalls) { | |||
| ASSERT_TRUE(pdfjs_exists); | |||
| } | |||
|
|
|||
| // Load an extension page with an ad image, and make sure it is NOT blocked. | |||
| // It would otherwise be blocked though if it wasn't an extension. | |||
| IN_PROC_BROWSER_TEST_F(BraveExtensionProviderTest, AdsNotBlockedByDefaultBlockerInExtension) { | |||
There was a problem hiding this comment.
Nearly the same test is done in the adblock service tests, but with the result of ads blocked 1 and a different call to setExpectations to indicate that the test expects an item to be blocked.
| contents, | ||
| "canSetCookie('test', 'testval', 'http://a.com')", | ||
| &as_expected)); | ||
| EXPECT_TRUE(as_expected); |
There was a problem hiding this comment.
We already didn't block this, but I added a test to make sure it doesn't break.
| contents, | ||
| "canGetCookie('test', 'http://a.com')", | ||
| &as_expected)); | ||
| EXPECT_TRUE(as_expected); |
There was a problem hiding this comment.
We already didn't block this, but I added a test to make sure it doesn't break.
| // https://developer.att.com/.../file.pdf | ||
| // So if the tab origin is chrome-extension, set it to that of the PDF only for PDFJS | ||
| std::string tab_host = brave::GetURLOrPDFURL(ctx->tab_url).host(); | ||
| std::string tab_host = ctx->tab_origin.host(); |
There was a problem hiding this comment.
No longer need the last fix for the PDF being seen as 3p.
| @@ -28,6 +29,9 @@ bool ApplyPotentialReferrerBlock(net::URLRequest* request) { | |||
| DCHECK_CURRENTLY_ON(BrowserThread::IO); | |||
| GURL target_origin = GURL(request->url()).GetOrigin(); | |||
| GURL tab_origin = request->site_for_cookies().GetOrigin(); | |||
| if (tab_origin.SchemeIs(kChromeExtensionScheme)) { | |||
There was a problem hiding this comment.
Don't do referrer blocking for ApplyPotentialReferrerBlock
| @@ -271,4 +271,32 @@ TEST_F(BraveSiteHacksNetworkDelegateHelperTest, ReferrerCleared) { | |||
| }); | |||
| } | |||
|
|
|||
| TEST_F(BraveSiteHacksNetworkDelegateHelperTest, ReferrerWouldBeClearedButExtensionSite) { | |||
There was a problem hiding this comment.
Verifies ApplyPotentialReferrerBlock
| @@ -0,0 +1,28 @@ | |||
| -----BEGIN PRIVATE KEY----- | |||
There was a problem hiding this comment.
Intentionally not private, useful if we want to re-generate the crx file for tests after doing changes.
| @@ -0,0 +1,99 @@ | |||
| <html> | |||
There was a problem hiding this comment.
Copy of blocking.html in test/data with some additions for cookies. I intentionally kept some functions that are unused like xhr because we might use them for more tests later. Repackaging an extension is a pain and you have to get a new CSP SHA.
bbondy
changed the title
|
0.57.x: 48bfd75 |
The reasoning is they have APIs to do much worse tracking than our shields would protect them from. Users install them knowing they will have elevated permissions
Fix brave/brave-browser#1380
Submitter Checklist:
npm test brave_unit_tests && npm test brave_browser_tests) ongit rebase master(if needed).git rebase -ito squash commits (if needed).Test Plan:
Reviewer Checklist: