| // Copyright 2024 The Chromium Authors |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "chrome/browser/tpcd/support/validity_service.h" |
| |
| #include <memory> |
| #include <utility> |
| |
| #include "chrome/browser/content_settings/cookie_settings_factory.h" |
| #include "chrome/browser/content_settings/host_content_settings_map_factory.h" |
| #include "chrome/browser/profiles/profile.h" |
| #include "chrome/browser/tpcd/support/tpcd_support_service.h" |
| #include "chrome/browser/tpcd/support/tpcd_support_service_factory.h" |
| #include "components/content_settings/core/browser/content_settings_type_set.h" |
| #include "components/content_settings/core/browser/cookie_settings.h" |
| #include "components/content_settings/core/browser/host_content_settings_map.h" |
| #include "components/content_settings/core/common/content_settings.h" |
| #include "components/content_settings/core/common/content_settings_types.h" |
| #include "content/public/browser/browser_context.h" |
| #include "content/public/browser/browser_thread.h" |
| #include "content/public/browser/cookie_access_details.h" |
| #include "content/public/browser/navigation_handle.h" |
| #include "content/public/browser/origin_trials_controller_delegate.h" |
| #include "content/public/browser/render_frame_host.h" |
| #include "content/public/browser/storage_partition.h" |
| #include "content/public/common/content_features.h" |
| #include "net/base/registry_controlled_domains/registry_controlled_domain.h" |
| #include "net/cookies/site_for_cookies.h" |
| #include "net/cookies/static_cookie_policy.h" |
| #include "services/network/public/mojom/cookie_manager.mojom.h" |
| |
| namespace tpcd::trial { |
| |
| namespace { |
| |
| using ThirdPartyCookieAllowMechanism = |
| content_settings::CookieSettingsBase::ThirdPartyCookieAllowMechanism; |
| |
| bool g_disabled_for_testing = false; |
| |
| bool IsThirdParty(const GURL& url, const GURL& first_party_url) { |
| return !net::SiteForCookies::FromUrl(first_party_url).IsFirstParty(url); |
| } |
| |
| std::optional<ContentSettingsType> GetTrialContentSettingsType( |
| ThirdPartyCookieAllowMechanism mechanism) { |
| switch (mechanism) { |
| case ThirdPartyCookieAllowMechanism::kAllowBy3PCD: |
| return ContentSettingsType::TPCD_TRIAL; |
| case ThirdPartyCookieAllowMechanism::kAllowByTopLevel3PCD: |
| return ContentSettingsType::TOP_LEVEL_TPCD_TRIAL; |
| default: |
| // The other mechanisms do not map to a |ContentSettingsType| for a |
| // third-party cookie deprecation trial. |
| return std::nullopt; |
| } |
| } |
| |
| } // namespace |
| |
| /* static */ |
| void ValidityService::DisableForTesting() { |
| g_disabled_for_testing = true; |
| } |
| |
| /* static */ |
| void ValidityService::MaybeCreateForWebContents( |
| content::WebContents* web_contents) { |
| auto* tpcd_trial_service = TpcdTrialServiceFactory::GetForProfile( |
| Profile::FromBrowserContext(web_contents->GetBrowserContext())); |
| if (!tpcd_trial_service) { |
| return; |
| } |
| |
| ValidityService::CreateForWebContents(web_contents); |
| } |
| |
| ValidityService::ValidityService(content::WebContents* web_contents) |
| : content::WebContentsObserver(web_contents), |
| content::WebContentsUserData<ValidityService>(*web_contents) {} |
| |
| ValidityService::~ValidityService() = default; |
| |
| void ValidityService::UpdateTrialSettings( |
| const ContentSettingsType trial_settings_type, |
| const GURL& url, |
| const GURL& first_party_url, |
| bool enabled) { |
| DCHECK_CURRENTLY_ON(content::BrowserThread::UI); |
| |
| if (g_disabled_for_testing || enabled) { |
| return; |
| } |
| |
| HostContentSettingsMap* settings_map = |
| HostContentSettingsMapFactory::GetForProfile( |
| web_contents()->GetBrowserContext()); |
| CHECK(settings_map); |
| |
| // Find the setting that permitted the cookie access for the pair. |
| content_settings::SettingInfo info; |
| bool setting_exists = CheckTrialContentSetting(url, first_party_url, |
| trial_settings_type, &info); |
| |
| // If a matching setting no longer exists, there is no need to update |
| // |settings_map|. |
| if (!setting_exists) { |
| return; |
| } |
| |
| // Because the same token is used to enable the trial for the request origin |
| // under all top-level origins, only the primary_pattern is checked here. This |
| // means all settings created with the same token as the setting represented |
| // by |info| should be deleted. |
| auto matches = [&](const ContentSettingPatternSource& setting) -> bool { |
| return (setting.primary_pattern == info.primary_pattern); |
| }; |
| settings_map->ClearSettingsForOneTypeWithPredicate(trial_settings_type, |
| matches); |
| |
| SyncTrialSettingsToNetworkService( |
| trial_settings_type, |
| settings_map->GetSettingsForOneType(trial_settings_type)); |
| } |
| |
| void ValidityService::SyncTrialSettingsToNetworkService( |
| const ContentSettingsType trial_settings_type, |
| const ContentSettingsForOneType& trial_settings) { |
| web_contents() |
| ->GetBrowserContext() |
| ->GetDefaultStoragePartition() |
| ->GetCookieManagerForBrowserProcess() |
| ->SetContentSettings(trial_settings_type, std::move(trial_settings), |
| base::NullCallback()); |
| } |
| |
| void ValidityService::OnCookiesAccessed( |
| content::RenderFrameHost* render_frame_host, |
| const content::CookieAccessDetails& details) { |
| OnCookiesAccessedImpl(details); |
| } |
| |
| void ValidityService::OnCookiesAccessed( |
| content::NavigationHandle* navigation_handle, |
| const content::CookieAccessDetails& details) { |
| OnCookiesAccessedImpl(details); |
| } |
| |
| void ValidityService::OnCookiesAccessedImpl( |
| const content::CookieAccessDetails& details) { |
| if (details.blocked_by_policy || |
| !IsThirdParty(details.url, details.first_party_url)) { |
| return; |
| } |
| |
| Profile* profile = |
| Profile::FromBrowserContext(web_contents()->GetBrowserContext()); |
| |
| // If third-party cookies are allowed globally, there's no reason to continue |
| // with performing checks. |
| if (!CookieSettingsFactory::GetForProfile(profile) |
| ->ShouldBlockThirdPartyCookies()) { |
| return; |
| } |
| |
| scoped_refptr<content_settings::CookieSettings> cookie_settings = |
| CookieSettingsFactory::GetForProfile(profile); |
| CHECK(cookie_settings); |
| |
| // Check for an existing trial setting applicable to the pair. |
| ThirdPartyCookieAllowMechanism allow_mechanism = |
| cookie_settings->GetThirdPartyCookieAllowMechanism( |
| details.url, net::SiteForCookies::FromUrl(details.first_party_url), |
| details.first_party_url, details.cookie_setting_overrides); |
| std::optional<ContentSettingsType> setting_type = |
| GetTrialContentSettingsType(allow_mechanism); |
| |
| if (setting_type.has_value()) { |
| CheckTrialStatusAsync( |
| base::BindOnce(&ValidityService::UpdateTrialSettings, |
| weak_factory_.GetWeakPtr(), setting_type.value()), |
| setting_type.value(), details.url, details.first_party_url); |
| } |
| } |
| |
| void ValidityService::CheckTrialStatusAsync( |
| ContentSettingUpdateCallback update_callback, |
| const ContentSettingsType trial_settings_type, |
| const GURL& url, |
| const GURL& first_party_url) { |
| content::GetUIThreadTaskRunner({})->PostTask( |
| FROM_HERE, base::BindOnce(&ValidityService::CheckTrialStatusOnUiThread, |
| weak_factory_.GetWeakPtr(), |
| std::move(update_callback), trial_settings_type, |
| std::move(url), std::move(first_party_url))); |
| } |
| |
| // Persistent origin trials can only be checked on the UI thread. |
| void ValidityService::CheckTrialStatusOnUiThread( |
| ContentSettingUpdateCallback update_callback, |
| const ContentSettingsType trial_settings_type, |
| const GURL& url, |
| const GURL& first_party_url) { |
| DCHECK_CURRENTLY_ON(content::BrowserThread::UI); |
| |
| content::OriginTrialsControllerDelegate* trial_delegate = |
| WebContentsObserver::web_contents() |
| ->GetBrowserContext() |
| ->GetOriginTrialsControllerDelegate(); |
| if (!trial_delegate) { |
| return; |
| } |
| |
| bool enabled = false; |
| url::Origin partition_origin = url::Origin::Create(first_party_url); |
| |
| switch (trial_settings_type) { |
| case ContentSettingsType::TPCD_TRIAL: |
| enabled = trial_delegate->IsFeaturePersistedForOrigin( |
| url::Origin::Create(url), partition_origin, |
| blink::mojom::OriginTrialFeature::kTpcd, base::Time::Now()); |
| break; |
| case ContentSettingsType::TOP_LEVEL_TPCD_TRIAL: |
| enabled = trial_delegate->IsFeaturePersistedForOrigin( |
| url::Origin::Create(first_party_url), partition_origin, |
| blink::mojom::OriginTrialFeature::kTopLevelTpcd, base::Time::Now()); |
| |
| break; |
| default: |
| NOTREACHED() << "ContentSettingsType::" << trial_settings_type |
| << " is not associated with a 3PCD trial."; |
| } |
| |
| std::move(update_callback) |
| .Run(std::move(url), std::move(first_party_url), enabled); |
| } |
| |
| bool ValidityService::CheckTrialContentSetting( |
| const GURL& url, |
| const GURL& first_party_url, |
| ContentSettingsType trial_settings_type, |
| content_settings::SettingInfo* info) { |
| HostContentSettingsMap* settings_map = |
| HostContentSettingsMapFactory::GetForProfile( |
| web_contents()->GetBrowserContext()); |
| CHECK(settings_map); |
| |
| switch (trial_settings_type) { |
| case ContentSettingsType::TPCD_TRIAL: |
| return (settings_map->GetContentSetting(url, first_party_url, |
| trial_settings_type, |
| info) == CONTENT_SETTING_ALLOW); |
| case ContentSettingsType::TOP_LEVEL_TPCD_TRIAL: |
| // Top-level 3pcd trial settings use |
| // |WebsiteSettingsInfo::TOP_ORIGIN_ONLY_SCOPE| by default and as a result |
| // only use a primary pattern (with wildcard placeholder for the secondary |
| // pattern). |
| return (settings_map->GetContentSetting(first_party_url, first_party_url, |
| trial_settings_type, |
| info) == CONTENT_SETTING_ALLOW); |
| default: |
| NOTREACHED() << "ContentSettingsType::" << trial_settings_type |
| << " is not associated with a 3PCD trial."; |
| } |
| } |
| |
| WEB_CONTENTS_USER_DATA_KEY_IMPL(ValidityService); |
| |
| } // namespace tpcd::trial |
