Issue 1549: Return constant results for navigator.plugins and navigator.mimeTypes #697
Conversation
jumde
force-pushed
the
mimetypes_fingerprinting
branch
2 times, most recently
from
b515e1b
to
6be3441
Compare
| @@ -0,0 +1,5 @@ | |||
| <script> | |||
There was a problem hiding this comment.
This test works since flash is explicitly disabled by default
There was a problem hiding this comment.
can we test to make sure it does show up when it is enabled?
There was a problem hiding this comment.
jumde
force-pushed
the
mimetypes_fingerprinting
branch
3 times, most recently
from
1e390a8
to
2e9acc2
Compare
| Vector<mojom::blink::PluginInfoPtr> plugins; | ||
| registry->GetPlugins(false, main_frame_origin_, &plugins); | ||
| for (const auto& plugin : plugins) { | ||
| + if (plugin->name != "Shockwave Flash") { |
There was a problem hiding this comment.
if i understand correctly, this will never add any plugins to navigator.plugins/mimeTypes unless it is the Flash plugin. but the behavior we want is:
- if flash is not enabled for the site via click-to-play, navigator.plugins/mimeTypes is empty
- if flash is enabled, navigator.plugins/mimeTypes only shows Flash
i will update https://github.com/brave/brave-browser/wiki/Fingerprinting-Protection-Mode#privacy-protection-enabled-regardless-of-whether-fingerprinting-protection-mode-is-on to be more clear about this
There was a problem hiding this comment.
@diracdeltas - GetPlugins does not return the flash plugin if its not enabled via click-to-play. If flash is not enabled via click-to-play, navigator.plugins/mimeTypes will return empty.
There was a problem hiding this comment.
@jumde right, i'm saying that GetPlugins should return flash when it's enabled via click to play, which i don't think happens with this PR.
There was a problem hiding this comment.
Resolved after offline conversation.
There was a problem hiding this comment.
I think it would be better to implement this by subclassing PluginRegistryImpl and doing a chromium_src override to replace it in RenderProcessHostImpl
There was a problem hiding this comment.
then we can filter it out in PluginRegistryImpl::GetPlugins without affecting the actual PluginList used by the browser process
|
PJ showed me the behavior of this PR in-person and it lgtm. defer on code approval. |
jumde
force-pushed
the
mimetypes_fingerprinting
branch
9 times, most recently
from
21d7eea
to
f813bb8
Compare
|
|
||
| for(std::vector<blink::mojom::PluginInfoPtr>::iterator it = plugins.begin(); | ||
| it != plugins.end(); ++it) { | ||
| if ((*it) && (*it)->name == base::ASCIIToUTF16("Shockwave Flash")) { |
There was a problem hiding this comment.
content::kFlashPluginName for "Shockwave Flash"
| GetPluginsCallback callback) { | ||
| PluginRegistryImpl::GetPlugins(refresh, main_frame_origin, | ||
| base::BindOnce( | ||
| &BravePluginRegistryImpl::GetPluginsComplete, base::Unretained(this), |
There was a problem hiding this comment.
you must use weak ptr here just like the superclass
There was a problem hiding this comment.
actually this should be handled because the lifetime issue is already covered by the superclass WeakPtr in the original callback.
There was a problem hiding this comment.
the embedded callback will be called synchronously so no lifetime issues at that point
|
|
||
| #include "brave/content/browser/renderer_host/brave_plugin_registry_impl.h" | ||
|
|
||
| #define PluginRegistryImpl BravePluginRegistryImpl |
There was a problem hiding this comment.
if you are overriding a class like this, you should always include the header for the class you are overriding before redefining it. Otherwise it's possible that it won't already be defined at this point and you'll change the original header file (likely resulting in a build failure)
There was a problem hiding this comment.
it gets added from brave_plugin_registry_impl.h, but better to be explicit and make sure there are no issues
jumde
force-pushed
the
mimetypes_fingerprinting
branch
2 times, most recently
from
7ac9edd
to
2845757
Compare
…or.mimeTypes auditors: @diracdeltas, @bridiver
jumde
force-pushed
the
mimetypes_fingerprinting
branch
from
2845757
to
d039e8f
Compare
|
Note that this introduced a build error on master as described in brave/brave-browser#2222. It's fixed by #952 which I've merged since it solves the issue. Please check it out and see if it's the preferred fix. If not, perhaps create a follow-up... |
|
was this tested with Widevine? |
Yes! For detecting widevine web-authors use |
I was trying a different patch that addresses this issue: https://github.com/brave/brave-core/compare/fixes_2222?expand=1. Was testing this on windows to see if linker errors were resolved. |
fixes brave/brave-browser#1549
Description
From: brave/brave-browser#1549 (comment) -
navigator.pluginsandnavigator.mimeTypeswill return an empty array until Flash is installed and explicitly enabled.navigator.pluginsandnavigator.mimeTypeswill return an empty array in tor mode.Submitter Checklist:
npm test brave_unit_tests && npm test brave_browser_tests) ongit rebase master(if needed).git rebase -ito squash commits (if needed).Test Plan:
Without flash:
With Flash:
Yes.Verify that
navigator.pluginsandnavigator.mimeTypesreturn empty arrays in tor mode.Reviewer Checklist: