From 17c181420d24539096ad70a9d4488a316f73bf6a Mon Sep 17 00:00:00 2001 From: petemill Date: Wed, 28 Mar 2018 21:27:33 -0700 Subject: [PATCH] move expireContentSettings to browser --- app/browser/reducers/tabsReducer.js | 40 ++++++++++++++++++++++++++ app/common/state/tabState.js | 3 +- app/renderer/components/frame/frame.js | 29 ------------------- 3 files changed, 42 insertions(+), 30 deletions(-) diff --git a/app/browser/reducers/tabsReducer.js b/app/browser/reducers/tabsReducer.js index 07adc40efa6..ccb93561038 100644 --- a/app/browser/reducers/tabsReducer.js +++ b/app/browser/reducers/tabsReducer.js @@ -6,6 +6,7 @@ const appConfig = require('../../../js/constants/appConfig') const appConstants = require('../../../js/constants/appConstants') +const appActions = require('../../../js/actions/appActions') const tabs = require('../tabs') const windows = require('../windows') const {getWebContents} = require('../webContentsCache') @@ -46,6 +47,37 @@ const getWebRTCPolicy = (state, tabId) => { } } +function expireContentSettings (state, tabId, origin) { + // Expired Flash settings should be deleted when the webview is + // navigated or closed. Same for NoScript's allow-once option. + const tabValue = tabState.getByTabId(state, tabId) + const isPrivate = tabValue.get('incognito') === true + const allSiteSettings = siteSettingsState.getAllSiteSettings(state, isPrivate) + const tabSiteSettings = + siteSettings.getSiteSettingsForURL(allSiteSettings, tabValue.get('url')) + if (!tabSiteSettings) { + return + } + const originFlashEnabled = tabSiteSettings.get('flash') + const originWidevineEnabled = tabSiteSettings.get('widevine') + const originNoScriptEnabled = tabSiteSettings.get('noScript') + const originNoScriptExceptions = tabSiteSettings.get('noScriptExceptions') + if (typeof originFlashEnabled === 'number') { + if (originFlashEnabled < Date.now()) { + appActions.removeSiteSetting(origin, 'flash', isPrivate) + } + } + if (originWidevineEnabled === 0) { + appActions.removeSiteSetting(origin, 'widevine', isPrivate) + } + if (originNoScriptEnabled === 0) { + appActions.removeSiteSetting(origin, 'noScript', isPrivate) + } + if (originNoScriptExceptions) { + appActions.noScriptExceptionsAdded(origin, originNoScriptExceptions.map(value => value === 0 ? false : value)) + } +} + const tabsReducer = (state, action, immutableAction) => { action = immutableAction || makeImmutable(action) switch (action.get('actionType')) { @@ -53,7 +85,13 @@ const tabsReducer = (state, action, immutableAction) => { case tabActionConsts.START_NAVIGATION: { const tabId = action.get('tabId') + const originalOrigin = tabState.getVisibleOrigin(state, tabId) state = tabState.setNavigationState(state, tabId, action.get('navigationState')) + const newOrigin = tabState.getVisibleOrigin(state, tabId) + // For cross-origin navigation, clear temp approvals + if (originalOrigin !== newOrigin) { + expireContentSettings(state, tabId, originalOrigin) + } setImmediate(() => { tabs.setWebRTCIPHandlingPolicy(tabId, getWebRTCPolicy(state, tabId)) }) @@ -226,6 +264,8 @@ const tabsReducer = (state, action, immutableAction) => { // But still check for no tabId because on tab detach there's a dummy tabId const tabValue = tabState.getByTabId(state, tabId) if (tabValue) { + const lastOrigin = tabState.getVisibleOrigin(state, tabId) + expireContentSettings(state, tabId, lastOrigin) const windowIdOfTabBeingRemoved = tabState.getWindowId(state, tabId) state = tabs.updateTabsStateForWindow(state, windowIdOfTabBeingRemoved) } diff --git a/app/common/state/tabState.js b/app/common/state/tabState.js index 268c3e22982..b9c7a4f1ae5 100644 --- a/app/common/state/tabState.js +++ b/app/common/state/tabState.js @@ -656,7 +656,8 @@ const tabState = { getVisibleOrigin: (state, tabId) => { const entry = tabState.getVisibleEntry(state, tabId) - const origin = entry ? entry.get('origin') : '' + // plain js in browser, immutable in renderer + const origin = entry ? entry.get ? entry.get('origin') : entry.origin : '' // TODO(bridiver) - all origins in browser-laptop should be changed to have a trailing slash to match chromium return (origin || '').replace(/\/$/, '') }, diff --git a/app/renderer/components/frame/frame.js b/app/renderer/components/frame/frame.js index 83da2e0aac6..5a5037b8967 100644 --- a/app/renderer/components/frame/frame.js +++ b/app/renderer/components/frame/frame.js @@ -90,30 +90,6 @@ class Frame extends React.Component { } - expireContentSettings (props) { - // Expired Flash settings should be deleted when the webview is - // navigated or closed. Same for NoScript's allow-once option. - if (typeof props.flash === 'number') { - if (props.flash < Date.now()) { - appActions.removeSiteSetting(props.origin, 'flash', props.isPrivate) - } - } - if (props.widevine === 0) { - appActions.removeSiteSetting(props.origin, 'widevine', props.isPrivate) - } - if (props.noScript === 0) { - appActions.removeSiteSetting(props.origin, 'noScript', props.isPrivate) - } - if (props.noScriptExceptions) { - appActions.noScriptExceptionsAdded(props.origin, props.noScriptExceptions.map(value => value === 0 ? false : value)) - } - } - - componentWillUnmount () { - this.expireContentSettings(this.props) - } - - componentDidMount () { this.addEventListeners() } @@ -154,11 +130,6 @@ class Frame extends React.Component { this.lastFrame = this.frame.delete('lastAccessedTime') - // For cross-origin navigation, clear temp approvals - if (this.props.origin !== prevProps.origin) { - this.expireContentSettings(prevProps) - } - // make sure the webview content updates to // match the fullscreen state of the frame if (prevProps.isFullScreen !== this.props.isFullScreen ||