[m103] fido: remove broken --webauthn-remote-desktop-support check

The remoteDesktopClientOverride extension is gated on a Blink feature. The enabled state for this feature is tied to the --webauthn-remote-desktop-support browser switch. The switch in turn can be added automatically to the renderer process command line by turning on the webauthn.remote_proxied_requests enterprise policy. However, AuthenticatorCommon checks for the switch on the *browser* command line when receiving a request with a remoteDesktopClientOverride extension. Hence, if you simply enable the enterprise policy and make a request with the extension, the browser doesn't find that flag and kills the renderer. The correct fix here is to also make the policy append the switch to the browser command line. But that is a bit more involved, so in the meantime just remove the check to unbreak things. The check isn't security critical: Even if a popped renderer enabled the flag unilaterally and tried to exercise the extension, the browser process would still refuse any such request from an origin that isn't authorized to use it. Origins can only be authorized via the enterprise policy or via another browser-side command-line switch (--webauthn-remote-proxied-requests-allowed-additional-origin). (cherry picked from commit 9a420ed) Bug: 1327438 Change-Id: I8cbe7b1a9c8c2a0cf1f26e2e026550175dabf32d Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3652407 Reviewed-by: Adam Langley <agl@chromium.org> Commit-Queue: Martin Kreichgauer <martinkr@google.com> Cr-Original-Commit-Position: refs/heads/main@{#1005561} Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3662002 Auto-Submit: Martin Kreichgauer <martinkr@google.com> Bot-Commit: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Commit-Queue: Rubber Stamper <rubber-stamper@appspot.gserviceaccount.com> Cr-Commit-Position: refs/branch-heads/5060@{#196} Cr-Branched-From: b83393d-refs/heads/main@{#1002911}
chromium · May 23, 2022 · 59bbe63 · 59bbe63
1 parent 3b2ed2c
commit 59bbe63
Showing 1 changed file with 0 additions and 20 deletions.
diff --git a/content/browser/webauth/authenticator_common.cc b/content/browser/webauth/authenticator_common.cc
@@ -549,16 +549,6 @@ void AuthenticatorCommon::MakeCredential(
 
   BeginRequestTimeout(options->timeout);
 
-  if (options->remote_desktop_client_override) {
-    // WebAuthRequestSecurityChecker will validate whether use of the extension
-    // is authorized.
-    if (!base::CommandLine::ForCurrentProcess()->HasSwitch(
-            switches::kWebAuthRemoteDesktopSupport)) {
-      mojo::ReportBadMessage("--webauthn-remote-desktop-support not enabled");
-      return;
-    }
-  }
-
   WebAuthRequestSecurityChecker::RequestType request_type =
       options->is_payment_credential_creation
           ? WebAuthRequestSecurityChecker::RequestType::kMakePaymentCredential
@@ -866,16 +856,6 @@ void AuthenticatorCommon::GetAssertion(
   DCHECK(get_assertion_response_callback_.is_null());
   get_assertion_response_callback_ = std::move(callback);
 
-  if (options->remote_desktop_client_override) {
-    // WebAuthRequestSecurityChecker will validate whether use of the extension
-    // is authorized.
-    if (!base::CommandLine::ForCurrentProcess()->HasSwitch(
-            switches::kWebAuthRemoteDesktopSupport)) {
-      mojo::ReportBadMessage("--webauthn-remote-desktop-support not enabled");
-      return;
-    }
-  }
-
   if (!options->is_conditional) {
     BeginRequestTimeout(options->timeout);
   }