Google Git
Sign in
chromium / chromium / src / 59bbe6384e88a0cae33852a216dbe19ce2f007e0
commit59bbe6384e88a0cae33852a216dbe19ce2f007e0[log] [tgz]
authorMartin Kreichgauer <martinkr@google.com>Mon May 23 20:35:11 2022
committerChromium LUCI CQ <chromium-scoped@luci-project-accounts.iam.gserviceaccount.com>Mon May 23 20:35:11 2022
treed37f53a7e519f2a8cb922d39577b95975c8b9e18
parent3b2ed2cbe1c37b27724a6418d859448a5b091431 [diff]
[m103] fido: remove broken --webauthn-remote-desktop-support check

The remoteDesktopClientOverride extension is gated on a Blink feature.
The enabled state for this feature is tied to the
--webauthn-remote-desktop-support browser switch. The switch in turn can
be added automatically to the renderer process command line by turning
on the webauthn.remote_proxied_requests enterprise policy.

However, AuthenticatorCommon checks for the switch on the *browser*
command line when receiving a request with a remoteDesktopClientOverride
extension. Hence, if you simply enable the enterprise policy and make a
request with the extension, the browser doesn't find that flag and kills
the renderer.

The correct fix here is to also make the policy append the switch to
the browser command line. But that is a bit more involved, so in the
meantime just remove the check to unbreak things. The check isn't
security critical: Even if a popped renderer enabled the flag
unilaterally and tried to exercise the extension, the browser process
would still refuse any such request from an origin that isn't
authorized to use it. Origins can only be authorized via the enterprise
policy or via another browser-side command-line switch
(--webauthn-remote-proxied-requests-allowed-additional-origin).

(cherry picked from commit 9a420ed19576a578f688c98c7bb177d03c45093d)

Bug: 1327438
Change-Id: I8cbe7b1a9c8c2a0cf1f26e2e026550175dabf32d
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3652407
Reviewed-by: Adam Langley <agl@chromium.org>
Commit-Queue: Martin Kreichgauer <martinkr@google.com>
Cr-Original-Commit-Position: refs/heads/main@{#1005561}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3662002
Auto-Submit: Martin Kreichgauer <martinkr@google.com>
Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com>
Cr-Commit-Position: refs/branch-heads/5060@{#196}
Cr-Branched-From: b83393d0f4038aeaf67f970a024d8101df7348d1-refs/heads/main@{#1002911}
1 file changed
tree: d37f53a7e519f2a8cb922d39577b95975c8b9e18
  1. android_webview/
  2. apps/
  3. ash/
  4. base/
  5. build/
  6. build_overrides/
  7. buildtools/
  8. cc/
  9. chrome/
  10. chromecast/
  11. chromeos/
  12. codelabs/
  13. components/
  14. content/
  15. courgette/
  16. crypto/
  17. dbus/
  18. device/
  19. docs/
  20. extensions/
  21. fuchsia/
  22. fuchsia_webengine/
  23. gin/
  24. google_apis/
  25. google_update/
  26. gpu/
  27. headless/
  28. infra/
  29. ios/
  30. ipc/
  31. media/
  32. mojo/
  33. native_client_sdk/
  34. net/
  35. pdf/
  36. ppapi/
  37. printing/
  38. remoting/
  39. rlz/
  40. sandbox/
  41. services/
  42. skia/
  43. sql/
  44. storage/
  45. styleguide/
  46. testing/
  47. third_party/
  48. tools/
  49. ui/
  50. url/
  51. weblayer/
  52. .clang-format
  53. .clang-tidy
  54. .eslintrc.js
  55. .git-blame-ignore-revs
  56. .gitattributes
  57. .gitignore
  58. .gn
  59. .mailmap
  60. .rustfmt.toml
  61. .vpython
  62. .vpython3
  63. .yapfignore
  64. AUTHORS
  65. BUILD.gn
  66. CODE_OF_CONDUCT.md
  67. codereview.settings
  68. DEPS
  69. DIR_METADATA
  70. ENG_REVIEW_OWNERS
  71. LICENSE
  72. LICENSE.chromium_os
  73. OWNERS
  74. PRESUBMIT.py
  75. PRESUBMIT_test.py
  76. PRESUBMIT_test_mocks.py
  77. README.md
  78. WATCHLISTS
README.md

Logo Chromium

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.

The project's web site is https://www.chromium.org.

To check out the source code locally, don't use git clone! Instead, follow the instructions on how to get the code.

Documentation in the source is rooted in docs/README.md.

Learn how to Get Around the Chromium Source Code Directory Structure .

For historical reasons, there are some small top level directories. Now the guidance is that new top level directories are for product (e.g. Chrome, Android WebView, Ash). Even if these products have multiple executables, the code should be in subdirectories of the product.

If you found a bug, please file it at https://crbug.com/new.