0ct0pu5/bromite
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Add missing changes from third-party origin trials patch

Browse source
This commit is contained in:
csagan5 2021-11-05 17:28:58 +01:00 committed by Allen Luce
parent 31410483b9
commit 09022856e6
1 changed files with 53 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

55
build/patches/Disable-third-party-origin-trials.patch
View file

@ -3,9 +3,60 @@ Date: Thu, 4 Nov 2021 09:19:24 +0100
Subject: Disable third-party origin trials
---
.../blink/renderer/platform/runtime_enabled_features.json5 | 4 ----
1 file changed, 4 deletions(-)
.../blink/renderer/core/loader/http_equiv.cc | 16 ----------------
.../core/origin_trials/origin_trial_context.cc | 13 ++-----------
.../platform/runtime_enabled_features.json5 | 4 ----
3 files changed, 2 insertions(+), 31 deletions(-)
diff --git a/third_party/blink/renderer/core/loader/http_equiv.cc b/third_party/blink/renderer/core/loader/http_equiv.cc
--- a/third_party/blink/renderer/core/loader/http_equiv.cc
+++ b/third_party/blink/renderer/core/loader/http_equiv.cc
@@ -148,22 +148,6 @@ void HttpEquiv::ProcessHttpEquivOriginTrial(LocalDOMWindow* window,
const AtomicString& content) {
if (!window)
return;
- // For meta tags injected by script, process the token with the origin of the
- // external script, if available.
- // NOTE: The external script origin is not considered security-critical. See
- // the comment thread in the design doc for details:
- // https://docs.google.com/document/d/1xALH9W7rWmX0FpjudhDeS2TNTEOXuPn4Tlc9VmuPdHA/edit?disco=AAAAJyG8StI
- if (RuntimeEnabledFeatures::ThirdPartyOriginTrialsEnabled()) {
- KURL external_script_url(GetCurrentScriptUrl(/*max_stack_depth=*/1));
-
- if (external_script_url.IsValid()) {
- scoped_refptr<SecurityOrigin> external_origin =
- SecurityOrigin::Create(external_script_url);
- window->GetOriginTrialContext()->AddTokenFromExternalScript(
- content, external_origin.get());
- return;
- }
- }
// Process token as usual, without an external script origin.
window->GetOriginTrialContext()->AddToken(content);
diff --git a/third_party/blink/renderer/core/origin_trials/origin_trial_context.cc b/third_party/blink/renderer/core/origin_trials/origin_trial_context.cc
--- a/third_party/blink/renderer/core/origin_trials/origin_trial_context.cc
+++ b/third_party/blink/renderer/core/origin_trials/origin_trial_context.cc
@@ -275,17 +275,8 @@ void OriginTrialContext::AddToken(const String& token) {
void OriginTrialContext::AddTokenFromExternalScript(
const String& token,
const SecurityOrigin* origin) {
- bool is_script_origin_secure = false;
- if (origin &&
- RuntimeEnabledFeatures::ThirdPartyOriginTrialsEnabled(context_)) {
- DVLOG(1) << "AddTokenFromExternalScript: "
- << (origin ? origin->ToString() : "null");
- is_script_origin_secure = origin->IsPotentiallyTrustworthy();
- } else {
- origin = nullptr;
- }
- AddTokenInternal(token, GetSecurityOrigin(), IsSecureContext(), origin,
- is_script_origin_secure);
+ AddTokenInternal(token, GetSecurityOrigin(), IsSecureContext(), nullptr,
+ false);
}
void OriginTrialContext::AddTokenInternal(const String& token,
diff --git a/third_party/blink/renderer/platform/runtime_enabled_features.json5 b/third_party/blink/renderer/platform/runtime_enabled_features.json5
--- a/third_party/blink/renderer/platform/runtime_enabled_features.json5
+++ b/third_party/blink/renderer/platform/runtime_enabled_features.json5