commit | 59bbe6384e88a0cae33852a216dbe19ce2f007e0 | [log] [tgz] |
---|---|---|
author | Martin Kreichgauer <martinkr@google.com> | Mon May 23 20:35:11 2022 |
committer | Chromium LUCI CQ <chromium-scoped@luci-project-accounts.iam.gserviceaccount.com> | Mon May 23 20:35:11 2022 |
tree | d37f53a7e519f2a8cb922d39577b95975c8b9e18 | |
parent | 3b2ed2cbe1c37b27724a6418d859448a5b091431 [diff] |
[m103] fido: remove broken --webauthn-remote-desktop-support check The remoteDesktopClientOverride extension is gated on a Blink feature. The enabled state for this feature is tied to the --webauthn-remote-desktop-support browser switch. The switch in turn can be added automatically to the renderer process command line by turning on the webauthn.remote_proxied_requests enterprise policy. However, AuthenticatorCommon checks for the switch on the *browser* command line when receiving a request with a remoteDesktopClientOverride extension. Hence, if you simply enable the enterprise policy and make a request with the extension, the browser doesn't find that flag and kills the renderer. The correct fix here is to also make the policy append the switch to the browser command line. But that is a bit more involved, so in the meantime just remove the check to unbreak things. The check isn't security critical: Even if a popped renderer enabled the flag unilaterally and tried to exercise the extension, the browser process would still refuse any such request from an origin that isn't authorized to use it. Origins can only be authorized via the enterprise policy or via another browser-side command-line switch (--webauthn-remote-proxied-requests-allowed-additional-origin). (cherry picked from commit 9a420ed19576a578f688c98c7bb177d03c45093d) Bug: 1327438 Change-Id: I8cbe7b1a9c8c2a0cf1f26e2e026550175dabf32d Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3652407 Reviewed-by: Adam Langley <agl@chromium.org> Commit-Queue: Martin Kreichgauer <martinkr@google.com> Cr-Original-Commit-Position: refs/heads/main@{#1005561} Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3662002 Auto-Submit: Martin Kreichgauer <martinkr@google.com> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/branch-heads/5060@{#196} Cr-Branched-From: b83393d0f4038aeaf67f970a024d8101df7348d1-refs/heads/main@{#1002911}
Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all users to experience the web.
The project's web site is https://www.chromium.org.
To check out the source code locally, don't use git clone
! Instead, follow the instructions on how to get the code.
Documentation in the source is rooted in docs/README.md.
Learn how to Get Around the Chromium Source Code Directory Structure .
For historical reasons, there are some small top level directories. Now the guidance is that new top level directories are for product (e.g. Chrome, Android WebView, Ash). Even if these products have multiple executables, the code should be in subdirectories of the product.
If you found a bug, please file it at https://crbug.com/new.