Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Re-enable webusb feature #2574

Merged
merged 1 commit into from
Jun 10, 2019
Merged

Re-enable webusb feature #2574

merged 1 commit into from
Jun 10, 2019

Conversation

simonhong
Copy link
Member

@simonhong simonhong commented Jun 3, 2019

This api was disabled by #114

Fix brave/brave-browser#4669

Submitter Checklist:

Test Plan:

Check navigator.usb doesn't return undefined in console.

Reviewer Checklist:

  • New files have MPL-2.0 license header.
  • Request a security/privacy review as needed.
  • Adequate test coverage exists to prevent regressions
  • Verify test plan is specified in PR before merging to source

After-merge Checklist:

  • The associated issue milestone is set to the smallest version that the
    changes has landed on.
  • All relevant documentation has been updated.

@simonhong simonhong added this to the 0.68.x - Nightly milestone Jun 3, 2019
@simonhong simonhong requested review from bbondy, jumde and bsclifton June 3, 2019 06:46
@simonhong simonhong self-assigned this Jun 3, 2019
@simonhong simonhong force-pushed the dont_prevent_webusb branch from d4e7e86 to 3af7350 Compare June 3, 2019 06:47
@simonhong simonhong changed the title Re-enable webusb api Re-enable webusb feature Jun 3, 2019
@keepkeyjon
Copy link

Thanks for considering adding WebUSB back! We (and our users) would love to have it enabled in Brave.

What was the rationale for removing it in the first place? From the thread in #13, it seems it was done out of privacy concerns. Does the need to pair devices in order for websites to talk to them mitigate that?

@diracdeltas
Copy link
Member

@keepkeyjon it was disabled due to a security issue in brave/browser-laptop#13374.

@diracdeltas
Copy link
Member

according to https://www.yubico.com/2018/06/webusb-and-responsible-disclosure/, the original security issue was fixed in chromium 67 so we should be ok to re-enable webusb now.

@simonhong please make sure all necessary wiki pages (linked in the PR template) that mention webusb are updated once this is merged. thanks!

@simonhong
Copy link
Member Author

@diracdeltas two document are updated.

void BraveContentRendererClient::SetRuntimeFeaturesDefaultsBeforeBlinkInitialization() {
blink::WebRuntimeFeatures::EnableWebUsb(false);
void BraveContentRendererClient::
SetRuntimeFeaturesDefaultsBeforeBlinkInitialization() {
blink::WebRuntimeFeatures::EnableSharedArrayBuffer(false);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not your issue, but shouldn't we be calling the base class here?

void ChromeContentRendererClient::
    SetRuntimeFeaturesDefaultsBeforeBlinkInitialization() {
  // The performance manager service interfaces are provided by the chrome
  // embedder only.
  blink::WebRuntimeFeatures::EnablePerformanceManagerInstrumentation(true);

// Web Share is shipped on Android, experimental otherwise. It is enabled here,
// in chrome/, to avoid it being made available in other clients of content/
// that do not have a Web Share Mojo implementation.
#if defined(OS_ANDROID)
  blink::WebRuntimeFeatures::EnableWebShare(true);
  blink::WebRuntimeFeatures::EnableWebShareV2(true);
#endif

  if (base::FeatureList::IsEnabled(subresource_filter::kAdTagging))
    blink::WebRuntimeFeatures::EnableAdTagging(true);
}

Copy link
Member Author

@simonhong simonhong Jun 4, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@bbondy Yup, we should call base class' method also if we don't want to prevent all.
I assume that when @jumde pushed #114, base class methods would be like below.(Only it had android stuff)

void ChromeContentRendererClient::
    SetRuntimeFeaturesDefaultsBeforeBlinkInitialization() {
// Web Share is shipped on Android, experimental otherwise. It is enabled here,
// in chrome/, to avoid it being made available in other clients of content/
// that do not have a Web Share Mojo implementation.
#if defined(OS_ANDROID)
  blink::WebRuntimeFeatures::EnableWebShare(true);
#endif
}

So, @jumde might skip calling it.
Added.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think maybe it is safest to always call it and just undo anything we don't want to do. But probably there is nothing else we don't want to do. We'll have android support soon btw.

@pes10k
Copy link
Contributor

pes10k commented Jun 4, 2019

Just to surface something that came up in #privacy today

Clearing site data does not currently clear suite permissions to access USB devices. Whether thats part of this issue, or its own issue, that seems like something important to work out before enabling WebUSB

@bbondy
Copy link
Member

bbondy commented Jun 4, 2019

Just to surface something that came up in #privacy today

Clearing site data does not currently clear suite permissions to access USB devices. Whether thats part of this issue, or its own issue, that seems like something important to work out before enabling WebUSB

Please post a different issue for that @snyderp , I think we want to have better webcompat sooner than later.

@simonhong simonhong force-pushed the dont_prevent_webusb branch 2 times, most recently from fde0861 to 34fb5d5 Compare June 4, 2019 04:31
@simonhong simonhong requested a review from bbondy June 4, 2019 08:41
@simonhong
Copy link
Member Author

Only unrelated one step in CI was failed - Copy file to S3 - (68 ms in self)

@simonhong simonhong force-pushed the dont_prevent_webusb branch from 34fb5d5 to 5897901 Compare June 6, 2019 01:40
@simonhong
Copy link
Member Author

Passed in CI. Any more comments on this?

@simonhong simonhong merged commit 2f9e791 into master Jun 10, 2019
@simonhong simonhong deleted the dont_prevent_webusb branch June 10, 2019 12:54
brave-builds pushed a commit that referenced this pull request Jun 10, 2019
brave-builds pushed a commit that referenced this pull request Jun 10, 2019
@kjozwiak
Copy link
Member

Went through the following verifications:

Examples:

Screen Shot 2019-06-11 at 6 23 44 PM

Screen Shot 2019-06-11 at 7 23 18 PM

@kjozwiak
Copy link
Member

Just to surface something that came up in #privacy today

Clearing site data does not currently clear suite permissions to access USB devices. Whether thats part of this issue, or its own issue, that seems like something important to work out before enabling WebUSB

@snyderp did you end up creating an issue for the above? Just double checking to make sure it doesn't end up falling through the cracks.

@pes10k
Copy link
Contributor

pes10k commented Jun 12, 2019

@kjozwiak the issue was that I'm a dingbat and was confused by the "Clear data" dialog. I didn't realize the tabs on the "clear data" dialog control the behavior of the "clear" button at the bottom (instead of just showing more information about the same action).

TL;DR: i'm a dumb-dumb and no issue needed. I appreciate you double checking though :)

@kjozwiak
Copy link
Member

@snyderp haha no worries! Appreciate the update 👍

dionyziz pushed a commit to dionyziz/brave-browser-wiki that referenced this pull request Dec 12, 2019
dionyziz pushed a commit to dionyziz/brave-browser-wiki that referenced this pull request Dec 12, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

webusb support
6 participants