1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
// Copyright 2022 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "chrome/browser/webid/federated_identity_api_permission_context.h"
#include "chrome/browser/browser_features.h"
#include "chrome/browser/content_settings/cookie_settings_factory.h"
#include "chrome/browser/content_settings/host_content_settings_map_factory.h"
#include "chrome/browser/permissions/permission_decision_auto_blocker_factory.h"
#include "chrome/browser/profiles/profile.h"
#include "components/content_settings/core/common/content_settings_types.h"
#include "components/permissions/permission_decision_auto_blocker.h"
#include "content/public/browser/render_frame_host.h"
#include "content/public/common/content_features.h"
#include "net/cookies/site_for_cookies.h"
#include "third_party/blink/public/common/storage_key/storage_key.h"
#include "url/origin.h"
using PermissionStatus =
content::FederatedIdentityApiPermissionContextDelegate::PermissionStatus;
FederatedIdentityApiPermissionContext::FederatedIdentityApiPermissionContext(
content::BrowserContext* browser_context)
: host_content_settings_map_(
HostContentSettingsMapFactory::GetForProfile(browser_context)),
cookie_settings_(CookieSettingsFactory::GetForProfile(
Profile::FromBrowserContext(browser_context))),
permission_autoblocker_(
PermissionDecisionAutoBlockerFactory::GetForProfile(
Profile::FromBrowserContext(browser_context))) {}
FederatedIdentityApiPermissionContext::
~FederatedIdentityApiPermissionContext() = default;
content::FederatedIdentityApiPermissionContextDelegate::PermissionStatus
FederatedIdentityApiPermissionContext::GetApiPermissionStatus(
const url::Origin& relying_party_embedder) {
if (!base::FeatureList::IsEnabled(features::kFedCm))
return PermissionStatus::BLOCKED_VARIATIONS;
const GURL rp_embedder_url = relying_party_embedder.GetURL();
const ContentSetting setting = host_content_settings_map_->GetContentSetting(
rp_embedder_url, rp_embedder_url,
ContentSettingsType::FEDERATED_IDENTITY_API);
switch (setting) {
case CONTENT_SETTING_ALLOW:
break;
case CONTENT_SETTING_BLOCK:
return PermissionStatus::BLOCKED_SETTINGS;
default:
NOTREACHED();
}
if (permission_autoblocker_->IsEmbargoed(
rp_embedder_url, ContentSettingsType::FEDERATED_IDENTITY_API)) {
return PermissionStatus::BLOCKED_EMBARGO;
}
return PermissionStatus::GRANTED;
}
void FederatedIdentityApiPermissionContext::RecordDismissAndEmbargo(
const url::Origin& relying_party_embedder) {
const GURL rp_embedder_url = relying_party_embedder.GetURL();
// If content setting is allowed for `rp_embedder_url` but is disabled
// globally, reset it first to make sure the toggle in PageInfo is correct.
// See crbug.com/40230194 for why the resetting is not conditional on the
// default content setting state.
const ContentSetting setting = host_content_settings_map_->GetContentSetting(
rp_embedder_url, rp_embedder_url,
ContentSettingsType::FEDERATED_IDENTITY_API);
if (setting == CONTENT_SETTING_ALLOW) {
host_content_settings_map_->SetContentSettingDefaultScope(
rp_embedder_url, rp_embedder_url,
ContentSettingsType::FEDERATED_IDENTITY_API, CONTENT_SETTING_DEFAULT);
}
permission_autoblocker_->RecordDismissAndEmbargo(
rp_embedder_url, ContentSettingsType::FEDERATED_IDENTITY_API,
/*dismissed_prompt_was_quiet=*/false);
}
void FederatedIdentityApiPermissionContext::RemoveEmbargoAndResetCounts(
const url::Origin& relying_party_embedder) {
permission_autoblocker_->RemoveEmbargoAndResetCounts(
relying_party_embedder.GetURL(),
ContentSettingsType::FEDERATED_IDENTITY_API);
}
void FederatedIdentityApiPermissionContext::RecordIgnoreAndEmbargo(
const url::Origin& relying_party_embedder) {
const GURL rp_embedder_url = relying_party_embedder.GetURL();
// If content setting is allowed for `rp_embedder_url` but is disabled
// globally, reset it first to make sure the toggle in PageInfo is correct.
// See crbug.com/40230194 for why the resetting is not conditional on the
// default content setting state.
const ContentSetting setting = host_content_settings_map_->GetContentSetting(
rp_embedder_url, rp_embedder_url,
ContentSettingsType::FEDERATED_IDENTITY_API);
if (setting == CONTENT_SETTING_ALLOW) {
host_content_settings_map_->SetContentSettingDefaultScope(
rp_embedder_url, rp_embedder_url,
ContentSettingsType::FEDERATED_IDENTITY_API, CONTENT_SETTING_DEFAULT);
}
permission_autoblocker_->RecordIgnoreAndEmbargo(
rp_embedder_url, ContentSettingsType::FEDERATED_IDENTITY_API,
/*ignored_prompt_was_quiet=*/false);
}
bool FederatedIdentityApiPermissionContext::HasThirdPartyCookiesAccess(
content::RenderFrameHost& host,
const GURL& provider_url,
const url::Origin& relying_party_embedder) const {
return cookie_settings_->IsFullCookieAccessAllowed(
/*request_url=*/provider_url,
/*first_party_url=*/
net::SiteForCookies::FromOrigin(relying_party_embedder),
/*top_frame_origin=*/relying_party_embedder,
host.GetCookieSettingOverrides(),
host.GetStorageKey().ToCookiePartitionKey());
}
bool FederatedIdentityApiPermissionContext::
AreThirdPartyCookiesEnabledInSettings() const {
return !cookie_settings_->ShouldBlockThirdPartyCookies();
}
|
