From: uazo <uazo@users.noreply.github.com>
Date: Tue, 3 May 2022 14:44:11 +0000
Subject: Add webGL site setting

Requires patch: Content-settings-infrastructure.patch
---
 .../browser_ui/site_settings/android/BUILD.gn |  3 +
 .../BromiteCustomContentSettingImpl.java      |  1 +
 .../BromiteWebGLContentSetting.java           | 85 +++++++++++++++++++
 .../site_settings/SiteSettingsCategory.java   |  5 +-
 .../strings/android/browser_ui_strings.grd    |  1 +
 .../browser_ui/strings/android/webgl.grdp     | 18 ++++
 components/components_strings.grd             |  1 +
 .../core/browser/content_settings_registry.cc | 14 +++
 .../core/browser/content_settings_utils.cc    |  2 +
 .../core/common/content_settings.cc           |  3 +-
 .../core/common/content_settings.h            |  1 +
 .../core/common/content_settings.mojom        |  1 +
 .../common/content_settings_mojom_traits.cc   |  3 +-
 .../common/content_settings_mojom_traits.h    |  5 ++
 .../core/common/content_settings_types.h      |  2 +
 .../renderer/content_settings_agent_impl.cc   |  9 ++
 .../renderer/content_settings_agent_impl.h    |  1 +
 .../platform/web_content_settings_client.h    |  2 +
 .../execution_context/execution_context.cc    | 23 +++++
 .../execution_context/execution_context.h     |  5 ++
 .../webgl/webgl_rendering_context_base.cc     | 32 +++----
 .../webgl/webgl_rendering_context_base.h      |  2 +
 22 files changed, 196 insertions(+), 23 deletions(-)
 create mode 100644 components/browser_ui/site_settings/android/java/src/org/chromium/components/browser_ui/site_settings/BromiteWebGLContentSetting.java
 create mode 100644 components/browser_ui/strings/android/webgl.grdp

diff --git a/components/browser_ui/site_settings/android/BUILD.gn b/components/browser_ui/site_settings/android/BUILD.gn
--- a/components/browser_ui/site_settings/android/BUILD.gn
+++ b/components/browser_ui/site_settings/android/BUILD.gn
@@ -72,6 +72,9 @@ android_library("java") {
     "java/src/org/chromium/components/browser_ui/site_settings/BromiteCustomContentSettingImpl.java",
     "java/src/org/chromium/components/browser_ui/site_settings/BromiteCustomContentSetting.java",
   ]
+  sources += [
+    "java/src/org/chromium/components/browser_ui/site_settings/BromiteWebGLContentSetting.java",
+  ]
   annotation_processor_deps = [ "//base/android/jni_generator:jni_processor" ]
   resources_package = "org.chromium.components.browser_ui.site_settings"
   deps = [
diff --git a/components/browser_ui/site_settings/android/java/src/org/chromium/components/browser_ui/site_settings/BromiteCustomContentSettingImpl.java b/components/browser_ui/site_settings/android/java/src/org/chromium/components/browser_ui/site_settings/BromiteCustomContentSettingImpl.java
--- a/components/browser_ui/site_settings/android/java/src/org/chromium/components/browser_ui/site_settings/BromiteCustomContentSettingImpl.java
+++ b/components/browser_ui/site_settings/android/java/src/org/chromium/components/browser_ui/site_settings/BromiteCustomContentSettingImpl.java
@@ -43,6 +43,7 @@ public abstract class BromiteCustomContentSettingImpl {
 
     static {
         mItemList = new ArrayList<BromiteCustomContentSetting>();
+        mItemList.add(new BromiteWebGLContentSetting());
     }
 
     public static SiteSettingsCategory createFromType(
diff --git a/components/browser_ui/site_settings/android/java/src/org/chromium/components/browser_ui/site_settings/BromiteWebGLContentSetting.java b/components/browser_ui/site_settings/android/java/src/org/chromium/components/browser_ui/site_settings/BromiteWebGLContentSetting.java
new file mode 100644
--- /dev/null
+++ b/components/browser_ui/site_settings/android/java/src/org/chromium/components/browser_ui/site_settings/BromiteWebGLContentSetting.java
@@ -0,0 +1,85 @@
+/*
+    This file is part of Bromite.
+
+    Bromite is free software: you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation, either version 3 of the License, or
+    (at your option) any later version.
+
+    Bromite is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with Bromite. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+package org.chromium.components.browser_ui.site_settings;
+
+import org.chromium.components.browser_ui.site_settings.ContentSettingsResources;
+import org.chromium.components.browser_ui.site_settings.SiteSettingsCategory;
+import org.chromium.components.content_settings.ContentSettingValues;
+import org.chromium.components.content_settings.ContentSettingsType;
+import org.chromium.content_public.browser.BrowserContextHandle;
+
+import androidx.annotation.Nullable;
+import androidx.preference.Preference;
+import androidx.preference.PreferenceScreen;
+
+import java.util.ArrayList;
+
+public class BromiteWebGLContentSetting extends BromiteCustomContentSetting {
+    public BromiteWebGLContentSetting() {
+        super(/*contentSettingsType*/ ContentSettingsType.WEBGL,
+              /*siteSettingsCategory*/ SiteSettingsCategory.Type.WEBGL,
+              /*initialDefaultValue*/ ContentSettingValues.BLOCK,
+              /*defaultDisabledValue*/ ContentSettingValues.BLOCK,
+              /*allowException*/ true,
+              /*preferenceKey*/ "webgl",
+              /*profilePrefKey*/ "webgl");
+    }
+
+    @Override
+    public ContentSettingsResources.ResourceItem getResourceItem() {
+        return new ContentSettingsResources.ResourceItem(
+            /*icon*/ R.drawable.web_asset,
+            /*title*/ R.string.webgl_permission_title,
+            /*defaultEnabledValue*/ getInitialDefaultValue(),
+            /*defaultDisabledValue*/ getDefaultDisabledValue(),
+            /*enabledSummary*/ R.string.website_settings_category_webgl_enabled,
+            /*disabledSummary*/ R.string.website_settings_category_webgl_disabled);
+    }
+
+    @Override
+    public int getCategorySummary(@Nullable @ContentSettingValues int value) {
+        switch (value) {
+            case ContentSettingValues.ALLOW:
+                return R.string.website_settings_category_webgl_enabled;
+            case ContentSettingValues.BLOCK:
+                return R.string.website_settings_category_webgl_disabled;
+            default:
+                return 0;
+        }
+    }
+
+    @Override
+    public boolean requiresTriStateContentSetting() {
+        return false;
+    }
+
+    @Override
+    public boolean showOnlyDescriptions() {
+        return true;
+    }
+
+    @Override
+    public int getAddExceptionDialogMessage() {
+        return R.string.website_settings_category_webgl_enabled;
+    }
+
+    @Override
+    public @Nullable Boolean considerException(SiteSettingsCategory category, @ContentSettingValues int value) {
+        return value != ContentSettingValues.BLOCK;
+    }
+}
diff --git a/components/browser_ui/site_settings/android/java/src/org/chromium/components/browser_ui/site_settings/SiteSettingsCategory.java b/components/browser_ui/site_settings/android/java/src/org/chromium/components/browser_ui/site_settings/SiteSettingsCategory.java
--- a/components/browser_ui/site_settings/android/java/src/org/chromium/components/browser_ui/site_settings/SiteSettingsCategory.java
+++ b/components/browser_ui/site_settings/android/java/src/org/chromium/components/browser_ui/site_settings/SiteSettingsCategory.java
@@ -44,7 +44,7 @@ public class SiteSettingsCategory {
             Type.PROTECTED_MEDIA, Type.SENSORS, Type.SOUND, Type.USB, Type.VIRTUAL_REALITY,
             Type.USE_STORAGE, Type.AUTO_DARK_WEB_CONTENT, Type.REQUEST_DESKTOP_SITE,
             Type.FEDERATED_IDENTITY_API, Type.TIMEZONE_OVERRIDE, Type.AUTOPLAY, Type.JAVASCRIPT_JIT,
-            Type.IMAGES})
+            Type.IMAGES, Type.WEBGL})
     @Retention(RetentionPolicy.SOURCE)
     public @interface Type {
         // All updates here must also be reflected in {@link #preferenceKey(int)
@@ -79,10 +79,11 @@ public class SiteSettingsCategory {
         int AUTOPLAY = 27;
         int JAVASCRIPT_JIT = 28;
         int IMAGES = 29;
+        int WEBGL = 30;
         /**
          * Number of handled categories used for calculating array sizes.
          */
-        int NUM_ENTRIES = 30;
+        int NUM_ENTRIES = 31;
     }
 
     private final BrowserContextHandle mBrowserContextHandle;
diff --git a/components/browser_ui/strings/android/browser_ui_strings.grd b/components/browser_ui/strings/android/browser_ui_strings.grd
--- a/components/browser_ui/strings/android/browser_ui_strings.grd
+++ b/components/browser_ui/strings/android/browser_ui_strings.grd
@@ -174,6 +174,7 @@
   <release seq="1">
     <messages fallback_to_english="true">
       <part file="site_settings.grdp" />
+      <part file="webgl.grdp" />
 
       <message name="IDS_GOT_IT" desc="Button for the user to accept a disclosure/message">
         Got it
diff --git a/components/browser_ui/strings/android/webgl.grdp b/components/browser_ui/strings/android/webgl.grdp
new file mode 100644
--- /dev/null
+++ b/components/browser_ui/strings/android/webgl.grdp
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="utf-8"?>
+<grit-part>
+  <message name="IDS_SITE_SETTINGS_TYPE_WEBGL" desc="The label used for webgl site settings controls.">
+    Webgl
+  </message>
+  <message name="IDS_SITE_SETTINGS_TYPE_WEBGL_MID_SENTENCE" desc="The label used for webgl site settings controls when used mid-sentence.">
+    webgl
+  </message>
+  <message name="IDS_WEBGL_PERMISSION_TITLE" desc="Title of the permission to use webgl [CHAR-LIMIT=32]">
+    Webgl
+  </message>
+  <message name="IDS_WEBSITE_SETTINGS_CATEGORY_WEBGL_ENABLED" desc="Summary text explaining that webgl is full enabled.">
+    Enabled
+  </message>
+  <message name="IDS_WEBSITE_SETTINGS_CATEGORY_WEBGL_DISABLED" desc="Summary text explaining that webgl is full disabled.">
+    Disabled
+  </message>
+</grit-part>
diff --git a/components/components_strings.grd b/components/components_strings.grd
--- a/components/components_strings.grd
+++ b/components/components_strings.grd
@@ -336,6 +336,7 @@
       <part file="version_ui_strings.grdp" />
       <part file="webapps_strings.grdp" />
       <part file="user_scripts/strings/userscripts_strings.grdp" />
+      <part file="browser_ui/strings/android/webgl.grdp" />
 
       <if expr="not is_ios">
         <part file="management_strings.grdp" />
diff --git a/components/content_settings/core/browser/content_settings_registry.cc b/components/content_settings/core/browser/content_settings_registry.cc
--- a/components/content_settings/core/browser/content_settings_registry.cc
+++ b/components/content_settings/core/browser/content_settings_registry.cc
@@ -677,6 +677,20 @@ void ContentSettingsRegistry::Init() {
            ContentSettingsInfo::INHERIT_IN_INCOGNITO,
            ContentSettingsInfo::PERSISTENT,
            ContentSettingsInfo::EXCEPTIONS_ON_SECURE_ORIGINS_ONLY);
+
+  Register(ContentSettingsType::WEBGL, "webgl", CONTENT_SETTING_BLOCK,
+           WebsiteSettingsInfo::SYNCABLE,
+           AllowlistedSchemes(),
+           ValidSettings(CONTENT_SETTING_ALLOW,
+                         CONTENT_SETTING_BLOCK),
+           WebsiteSettingsInfo::SINGLE_ORIGIN_WITH_EMBEDDED_EXCEPTIONS_SCOPE,
+           WebsiteSettingsRegistry::PLATFORM_ANDROID,
+           ContentSettingsInfo::INHERIT_IN_INCOGNITO,
+           ContentSettingsInfo::PERSISTENT,
+           ContentSettingsInfo::EXCEPTIONS_ON_SECURE_AND_INSECURE_ORIGINS,
+           /*show_into_info_page*/ true,
+           /*permission_type_ui*/ IDS_SITE_SETTINGS_TYPE_WEBGL,
+           /*permission_type_ui_mid_sentence*/ IDS_SITE_SETTINGS_TYPE_WEBGL_MID_SENTENCE);
 }
 
 void ContentSettingsRegistry::Register(
diff --git a/components/content_settings/core/browser/content_settings_utils.cc b/components/content_settings/core/browser/content_settings_utils.cc
--- a/components/content_settings/core/browser/content_settings_utils.cc
+++ b/components/content_settings/core/browser/content_settings_utils.cc
@@ -155,6 +155,8 @@ void GetRendererContentSettingRules(const HostContentSettingsMap* map,
   std::string timezone;
   map->GetTimezoneOverrideValue(timezone);
   rules->timezone_override_value = timezone;
+  map->GetSettingsForOneType(ContentSettingsType::WEBGL,
+                             &(rules->webgl_rules));
 }
 
 bool IsMorePermissive(ContentSetting a, ContentSetting b) {
diff --git a/components/content_settings/core/common/content_settings.cc b/components/content_settings/core/common/content_settings.cc
--- a/components/content_settings/core/common/content_settings.cc
+++ b/components/content_settings/core/common/content_settings.cc
@@ -204,7 +204,8 @@ bool RendererContentSettingRules::IsRendererContentSetting(
          content_type == ContentSettingsType::AUTOPLAY ||
          content_type == ContentSettingsType::MIXEDSCRIPT ||
          content_type == ContentSettingsType::AUTO_DARK_WEB_CONTENT ||
-         content_type == ContentSettingsType::TIMEZONE_OVERRIDE;
+         content_type == ContentSettingsType::TIMEZONE_OVERRIDE ||
+         content_type == ContentSettingsType::WEBGL;
 }
 
 void RendererContentSettingRules::FilterRulesByOutermostMainFrameURL(
diff --git a/components/content_settings/core/common/content_settings.h b/components/content_settings/core/common/content_settings.h
--- a/components/content_settings/core/common/content_settings.h
+++ b/components/content_settings/core/common/content_settings.h
@@ -97,6 +97,7 @@ struct RendererContentSettingRules {
   ContentSettingsForOneType auto_dark_content_rules;
   ContentSettingsForOneType timezone_override_rules;
   std::string timezone_override_value;
+  ContentSettingsForOneType webgl_rules;
 };
 
 namespace content_settings {
diff --git a/components/content_settings/core/common/content_settings.mojom b/components/content_settings/core/common/content_settings.mojom
--- a/components/content_settings/core/common/content_settings.mojom
+++ b/components/content_settings/core/common/content_settings.mojom
@@ -81,4 +81,5 @@ struct RendererContentSettingRules {
   array<ContentSettingPatternSource> auto_dark_content_rules;
   array<ContentSettingPatternSource> timezone_override_rules;
   string timezone_override_value;
+  array<ContentSettingPatternSource> webgl_rules;
 };
diff --git a/components/content_settings/core/common/content_settings_mojom_traits.cc b/components/content_settings/core/common/content_settings_mojom_traits.cc
--- a/components/content_settings/core/common/content_settings_mojom_traits.cc
+++ b/components/content_settings/core/common/content_settings_mojom_traits.cc
@@ -104,7 +104,8 @@ bool StructTraits<content_settings::mojom::RendererContentSettingRulesDataView,
          data.ReadMixedContentRules(&out->mixed_content_rules) &&
          data.ReadAutoDarkContentRules(&out->auto_dark_content_rules) &&
          data.ReadTimezoneOverrideRules(&out->timezone_override_rules) &&
-         data.ReadTimezoneOverrideValue(&out->timezone_override_value);
+         data.ReadTimezoneOverrideValue(&out->timezone_override_value) &&
+         data.ReadWebglRules(&out->webgl_rules);
 }
 
 }  // namespace mojo
diff --git a/components/content_settings/core/common/content_settings_mojom_traits.h b/components/content_settings/core/common/content_settings_mojom_traits.h
--- a/components/content_settings/core/common/content_settings_mojom_traits.h
+++ b/components/content_settings/core/common/content_settings_mojom_traits.h
@@ -165,6 +165,11 @@ struct StructTraits<
     return r.timezone_override_value;
   }
 
+  static const std::vector<ContentSettingPatternSource>& webgl_rules(
+      const RendererContentSettingRules& r) {
+    return r.webgl_rules;
+  }
+
   static bool Read(
       content_settings::mojom::RendererContentSettingRulesDataView data,
       RendererContentSettingRules* out);
diff --git a/components/content_settings/core/common/content_settings_types.h b/components/content_settings/core/common/content_settings_types.h
--- a/components/content_settings/core/common/content_settings_types.h
+++ b/components/content_settings/core/common/content_settings_types.h
@@ -287,6 +287,8 @@ enum class ContentSettingsType : int32_t {
   // site instead of the mobile one.
   REQUEST_DESKTOP_SITE,
 
+  WEBGL,
+
   // Setting to indicate whether browser should allow signing into a website via
   // the browser FedCM API.
   FEDERATED_IDENTITY_API,
diff --git a/components/content_settings/renderer/content_settings_agent_impl.cc b/components/content_settings/renderer/content_settings_agent_impl.cc
--- a/components/content_settings/renderer/content_settings_agent_impl.cc
+++ b/components/content_settings/renderer/content_settings_agent_impl.cc
@@ -455,6 +455,15 @@ void ContentSettingsAgentImpl::ClearBlockedContentSettings() {
   cached_script_permissions_.clear();
 }
 
+bool ContentSettingsAgentImpl::AllowWebgl(bool enabled_per_settings) {
+  if (!content_setting_rules_)
+    return false;
+  blink::WebLocalFrame* frame = render_frame()->GetWebFrame();
+  return CONTENT_SETTING_ALLOW == GetContentSettingFromRules(
+             content_setting_rules_->webgl_rules,
+             url::Origin(frame->GetDocument().GetSecurityOrigin()).GetURL());
+}
+
 bool ContentSettingsAgentImpl::IsAllowlistedForContentSettings() const {
   if (should_allowlist_)
     return true;
diff --git a/components/content_settings/renderer/content_settings_agent_impl.h b/components/content_settings/renderer/content_settings_agent_impl.h
--- a/components/content_settings/renderer/content_settings_agent_impl.h
+++ b/components/content_settings/renderer/content_settings_agent_impl.h
@@ -94,6 +94,7 @@ class ContentSettingsAgentImpl
   bool AllowAutoplay(bool default_value) override;
   bool AllowPopupsAndRedirects(bool default_value) override;
   bool ShouldAutoupgradeMixedContent() override;
+  bool AllowWebgl(bool enabled_per_settings) override;
 
   bool allow_running_insecure_content() const {
     return allow_running_insecure_content_;
diff --git a/third_party/blink/public/platform/web_content_settings_client.h b/third_party/blink/public/platform/web_content_settings_client.h
--- a/third_party/blink/public/platform/web_content_settings_client.h
+++ b/third_party/blink/public/platform/web_content_settings_client.h
@@ -99,6 +99,8 @@ class WebContentSettingsClient {
     return default_value;
   }
 
+  virtual bool AllowWebgl(bool default_value) { return default_value; }
+
   // Reports that passive mixed content was found at the provided URL.
   virtual void PassiveInsecureContentFound(const WebURL&) {}
 
diff --git a/third_party/blink/renderer/core/execution_context/execution_context.cc b/third_party/blink/renderer/core/execution_context/execution_context.cc
--- a/third_party/blink/renderer/core/execution_context/execution_context.cc
+++ b/third_party/blink/renderer/core/execution_context/execution_context.cc
@@ -64,6 +64,29 @@
 
 namespace blink {
 
+blink::WebContentSettingsClient* GetContentSettingsClientFor(
+    ExecutionContext* context) {
+  blink::WebContentSettingsClient* settings = nullptr;
+  if (!context)
+    return settings;
+  if (auto* window = blink::DynamicTo<blink::LocalDOMWindow>(context)) {
+    auto* frame = window->GetFrame();
+    if (frame)
+      settings = frame->GetContentSettingsClient();
+  } else if (context->IsWorkerGlobalScope()) {
+    settings =
+        blink::To<blink::WorkerGlobalScope>(context)->ContentSettingsClient();
+  }
+  return settings;
+}
+
+bool AllowWebgl(ExecutionContext* context) {
+  blink::WebContentSettingsClient* settings = GetContentSettingsClientFor(context);
+  if (settings)
+    return settings->AllowWebgl(false);
+  return false;
+}
+
 ExecutionContext::ExecutionContext(v8::Isolate* isolate, Agent* agent)
     : isolate_(isolate),
       security_context_(this),
diff --git a/third_party/blink/renderer/core/execution_context/execution_context.h b/third_party/blink/renderer/core/execution_context/execution_context.h
--- a/third_party/blink/renderer/core/execution_context/execution_context.h
+++ b/third_party/blink/renderer/core/execution_context/execution_context.h
@@ -97,6 +97,7 @@ class SecurityOrigin;
 class ScriptState;
 class ScriptWrappable;
 class TrustedTypePolicyFactory;
+class WebContentSettingsClient;
 
 enum ReasonForCallingCanExecuteScripts {
   kAboutToExecuteScript,
@@ -105,6 +106,10 @@ enum ReasonForCallingCanExecuteScripts {
 
 enum ReferrerPolicySource { kPolicySourceHttpHeader, kPolicySourceMetaTag };
 
+CORE_EXPORT bool AllowWebgl(ExecutionContext* context);
+CORE_EXPORT WebContentSettingsClient* GetContentSettingsClientFor(
+    ExecutionContext* context);
+
 // An environment in which script can execute. This class exposes the common
 // properties of script execution environments on the web (i.e, common between
 // script executing in a window and script executing in a worker), such as:
diff --git a/third_party/blink/renderer/modules/webgl/webgl_rendering_context_base.cc b/third_party/blink/renderer/modules/webgl/webgl_rendering_context_base.cc
--- a/third_party/blink/renderer/modules/webgl/webgl_rendering_context_base.cc
+++ b/third_party/blink/renderer/modules/webgl/webgl_rendering_context_base.cc
@@ -242,6 +242,13 @@ void WebGLRenderingContextBase::InitializeWebGLContextLimits(
   }
 }
 
+bool WebGLRenderingContextBase::AllowWebglForHost(blink::CanvasRenderingContextHost* host) {
+  if (!host)
+    return false;
+  blink::ExecutionContext* context = host->GetTopExecutionContext();
+  return blink::AllowWebgl(context);
+}
+
 unsigned WebGLRenderingContextBase::CurrentMaxGLContexts() {
   MutexLocker locker(WebGLContextLimitMutex());
   DCHECK(webgl_context_limits_initialized_);
@@ -488,25 +495,6 @@ static String ExtractWebGLContextCreationError(
     const Platform::GraphicsInfo& info) {
   StringBuilder builder;
   builder.Append("Could not create a WebGL context");
-  FormatWebGLStatusString(
-      "VENDOR",
-      info.vendor_id ? String::Format("0x%04x", info.vendor_id) : "0xffff",
-      builder);
-  FormatWebGLStatusString(
-      "DEVICE",
-      info.device_id ? String::Format("0x%04x", info.device_id) : "0xffff",
-      builder);
-  FormatWebGLStatusString("GL_VENDOR", info.vendor_info, builder);
-  FormatWebGLStatusString("GL_RENDERER", info.renderer_info, builder);
-  FormatWebGLStatusString("GL_VERSION", info.driver_version, builder);
-  FormatWebGLStatusString("Sandboxed", info.sandboxed ? "yes" : "no", builder);
-  FormatWebGLStatusString("Optimus", info.optimus ? "yes" : "no", builder);
-  FormatWebGLStatusString("AMD switchable", info.amd_switchable ? "yes" : "no",
-                          builder);
-  FormatWebGLStatusString(
-      "Reset notification strategy",
-      String::Format("0x%04x", info.reset_notification_strategy).Utf8().c_str(),
-      builder);
   FormatWebGLStatusString("ErrorMessage", info.error_message.Utf8().c_str(),
                           builder);
   builder.Append('.');
@@ -574,6 +562,12 @@ WebGLRenderingContextBase::CreateWebGraphicsContext3DProvider(
     const CanvasContextCreationAttributesCore& attributes,
     Platform::ContextType context_type,
     Platform::GraphicsInfo* graphics_info) {
+  if (!AllowWebglForHost(host)) {
+    host->HostDispatchEvent(WebGLContextEvent::Create(
+        event_type_names::kWebglcontextcreationerror,
+        "disabled by site settings policy."));
+    return nullptr;
+  }
   if ((context_type == Platform::kWebGL1ContextType &&
        !host->IsWebGL1Enabled()) ||
       (context_type == Platform::kWebGL2ContextType &&
diff --git a/third_party/blink/renderer/modules/webgl/webgl_rendering_context_base.h b/third_party/blink/renderer/modules/webgl/webgl_rendering_context_base.h
--- a/third_party/blink/renderer/modules/webgl/webgl_rendering_context_base.h
+++ b/third_party/blink/renderer/modules/webgl/webgl_rendering_context_base.h
@@ -1771,6 +1771,8 @@ class MODULES_EXPORT WebGLRenderingContextBase : public CanvasRenderingContext,
                         DOMArrayBufferView* pixels,
                         int64_t offset);
 
+  static bool AllowWebglForHost(blink::CanvasRenderingContextHost* host);
+
   // Record Canvas/OffscreenCanvas.RenderingContextDrawnTo at the first draw
   // call.
   void RecordUKMCanvasDrawnToAtFirstDrawCall();
--
2.25.1