Use an opaque initiator for intents to CCTs

(cherry picked from commit 17de496) Bug: 1368230 Change-Id: Ia7c70f27e523be50b98078335c6ac91dae55e828 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4021621 Commit-Queue: Michael Thiessen <mthiesse@chromium.org> Reviewed-by: Ella Ge <eirage@chromium.org> Cr-Original-Commit-Position: refs/heads/main@{#1071653} Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4156856 Commit-Queue: Ella Ge <eirage@chromium.org> Auto-Submit: Michael Thiessen <mthiesse@chromium.org> Cr-Commit-Position: refs/branch-heads/5414@{#1347} Cr-Branched-From: 4417ee5-refs/heads/main@{#1070088}
chromium · Jan 11, 2023 · e8feb6f · e8feb6f
1 parent d5387bf
commit e8feb6f
Show file tree

Hide file tree

Showing 4 changed files with 86 additions and 1 deletion.
diff --git a/chrome/android/java/src/org/chromium/chrome/browser/customtabs/HiddenTabHolder.java b/chrome/android/java/src/org/chromium/chrome/browser/customtabs/HiddenTabHolder.java
@@ -19,6 +19,7 @@
 import org.chromium.base.TraceEvent;
 import org.chromium.chrome.browser.IntentHandler;
 import org.chromium.chrome.browser.app.tab_activity_glue.ReparentingTask;
+import org.chromium.chrome.browser.flags.ChromeFeatureList;
 import org.chromium.chrome.browser.tab.EmptyTabObserver;
 import org.chromium.chrome.browser.tab.RedirectHandlerTabHelper;
 import org.chromium.chrome.browser.tab.Tab;
@@ -31,6 +32,7 @@
 import org.chromium.network.mojom.ReferrerPolicy;
 import org.chromium.ui.base.PageTransition;
 import org.chromium.ui.base.WindowAndroid;
+import org.chromium.url.Origin;
 
 /**
  * Holds a hidden tab which may be used to preload pages before a CustomTabActivity is launched.
@@ -127,6 +129,11 @@ void launchUrlInHiddenTab(Callback<Tab> tabCreatedCallback, CustomTabsSessionTok
         if (!referrer.isEmpty()) {
             loadParams.setReferrer(new Referrer(referrer, ReferrerPolicy.DEFAULT));
         }
+        if (ChromeFeatureList.isEnabled(ChromeFeatureList.OPAQUE_ORIGIN_FOR_INCOMING_INTENTS)) {
+            // The sender of an intent can't be trusted, so we navigate from an opaque Origin to
+            // avoid sending same-site cookies.
+            loadParams.setInitiatorOrigin(Origin.createOpaqueOrigin());
+        }
 
         loadParams.setTransitionType(PageTransition.LINK | PageTransition.FROM_API);
         RedirectHandlerTabHelper.getOrCreateHandlerFor(tab).setIsPrefetchLoadForIntent(true);

diff --git a/...org/chromium/chrome/browser/customtabs/content/CustomTabActivityNavigationController.java b/...org/chromium/chrome/browser/customtabs/content/CustomTabActivityNavigationController.java
@@ -32,6 +32,7 @@
 import org.chromium.chrome.browser.customtabs.CustomTabsConnection;
 import org.chromium.chrome.browser.dependency_injection.ActivityScope;
 import org.chromium.chrome.browser.externalnav.ExternalNavigationDelegateImpl;
+import org.chromium.chrome.browser.flags.ChromeFeatureList;
 import org.chromium.chrome.browser.init.ChromeBrowserInitializer;
 import org.chromium.chrome.browser.lifecycle.ActivityLifecycleDispatcher;
 import org.chromium.chrome.browser.lifecycle.StartStopWithNativeObserver;
@@ -45,6 +46,7 @@
 import org.chromium.content_public.browser.WebContents;
 import org.chromium.ui.base.PageTransition;
 import org.chromium.url.GURL;
+import org.chromium.url.Origin;
 
 import java.lang.annotation.Retention;
 import java.lang.annotation.RetentionPolicy;
@@ -201,6 +203,12 @@ public void navigate(final LoadUrlParams params, long timeStamp) {
         params.setTransitionType(IntentHandler.getTransitionTypeFromIntent(
                 mIntentDataProvider.getIntent(), transition));
 
+        if (ChromeFeatureList.isEnabled(ChromeFeatureList.OPAQUE_ORIGIN_FOR_INCOMING_INTENTS)) {
+            // The sender of an intent can't be trusted, so we navigate from an opaque Origin to
+            // avoid sending same-site cookies.
+            params.setInitiatorOrigin(Origin.createOpaqueOrigin());
+        }
+
         tab.loadUrl(params);
     }
 

diff --git a/...e/android/javatests/src/org/chromium/chrome/browser/customtabs/CustomTabActivityTest.java b/...e/android/javatests/src/org/chromium/chrome/browser/customtabs/CustomTabActivityTest.java
@@ -60,6 +60,7 @@
 import androidx.browser.customtabs.CustomTabsService;
 import androidx.browser.customtabs.CustomTabsSession;
 import androidx.browser.customtabs.CustomTabsSessionToken;
+import androidx.test.filters.LargeTest;
 import androidx.test.filters.MediumTest;
 import androidx.test.filters.SmallTest;
 
@@ -1842,6 +1843,62 @@ public void testLaunchPartialCustomTabActivity() throws Exception {
         eventHelper.waitForCallback(0);
     }
 
+    private void doOpaqueOriginTest(boolean enabled, boolean prefetch) throws Exception {
+        TestWebServer webServer = createTestWebServer();
+        String url = webServer.setResponse("/ok.html", "<html>ok</html>", null);
+        CustomTabsConnection connection = CustomTabsTestUtils.warmUpAndWait();
+        Context context = InstrumentationRegistry.getInstrumentation()
+                                  .getTargetContext()
+                                  .getApplicationContext();
+        Intent intent = CustomTabsIntentTestUtils.createMinimalCustomTabIntent(context, url);
+        CustomTabsSessionToken token = CustomTabsSessionToken.getSessionTokenFromIntent(intent);
+        connection.newSession(token);
+
+        if (prefetch) {
+            setCanUseHiddenTabForSession(connection, token, true);
+            Assert.assertTrue(connection.mayLaunchUrl(token, Uri.parse(url), null, null));
+            CriteriaHelper.pollUiThread(() -> {
+                Criteria.checkThat(connection.getHiddenTab(), Matchers.notNullValue());
+            });
+            Tab hiddenTab = TestThreadUtils.runOnUiThreadBlocking(
+                    () -> { return connection.getHiddenTab(); });
+            ChromeTabUtils.waitForTabPageLoaded(hiddenTab, url);
+        } else {
+            mCustomTabActivityTestRule.startCustomTabActivityWithIntent(intent);
+        }
+        String actualHeader = webServer.getLastRequest("/ok.html").headerValue("Sec-Fetch-Site");
+        assertEquals(enabled ? "cross-site" : "none", actualHeader);
+        webServer.shutdown();
+    }
+
+    @Test
+    @LargeTest
+    @Features.EnableFeatures(ChromeFeatureList.OPAQUE_ORIGIN_FOR_INCOMING_INTENTS)
+    public void testOpaqueOriginFromPrefetch_Enabled() throws Exception {
+        doOpaqueOriginTest(true, true);
+    }
+
+    @Test
+    @LargeTest
+    @Features.DisableFeatures(ChromeFeatureList.OPAQUE_ORIGIN_FOR_INCOMING_INTENTS)
+    public void testOpaqueOriginFromPrefetch_Disabled() throws Exception {
+        doOpaqueOriginTest(false, true);
+    }
+
+    @Test
+    @LargeTest
+    @Features.EnableFeatures(ChromeFeatureList.OPAQUE_ORIGIN_FOR_INCOMING_INTENTS)
+    public void testOpaqueOriginFromIntent_Enabled() throws Exception {
+        doOpaqueOriginTest(true, false);
+    }
+
+    @Test
+    @LargeTest
+    @Features.DisableFeatures(ChromeFeatureList.OPAQUE_ORIGIN_FOR_INCOMING_INTENTS)
+    public void testOpaqueOriginFromIntent_Disabled() throws Exception {
+        doOpaqueOriginTest(false, false);
+    }
+
     /** Asserts that the Overlay Panel is set to allow or not allow ever hiding the Toolbar. */
     private void assertOverlayPanelCanHideAndroidBrowserControls(boolean canEverHide) {
         // Wait for CS to get initialized.

diff --git a/...t/src/org/chromium/chrome/browser/customtabs/content/CustomTabActivityUrlLoadingTest.java b/...t/src/org/chromium/chrome/browser/customtabs/content/CustomTabActivityUrlLoadingTest.java
@@ -30,6 +30,8 @@
 import org.mockito.Mock;
 import org.mockito.MockitoAnnotations;
 import org.robolectric.annotation.Config;
+import org.robolectric.annotation.Implementation;
+import org.robolectric.annotation.Implements;
 
 import org.chromium.base.test.BaseRobolectricTestRunner;
 import org.chromium.base.test.util.JniMocker;
@@ -41,20 +43,31 @@
 import org.chromium.chrome.browser.tab.Tab;
 import org.chromium.chrome.test.util.browser.Features;
 import org.chromium.chrome.test.util.browser.Features.DisableFeatures;
+import org.chromium.chrome.test.util.browser.Features.EnableFeatures;
 import org.chromium.components.embedder_support.util.UrlUtilities;
 import org.chromium.components.embedder_support.util.UrlUtilitiesJni;
 import org.chromium.content_public.browser.LoadUrlParams;
+import org.chromium.url.Origin;
 
 /**
  * Integration tests involving several classes in Custom Tabs content layer, checking that urls are
  * properly loaded in Custom Tabs in different conditions.
  */
 @RunWith(BaseRobolectricTestRunner.class)
-@Config(manifest = Config.NONE)
+@Config(manifest = Config.NONE, shadows = {CustomTabActivityUrlLoadingTest.ShadowOrigin.class})
 @DisableFeatures({ChromeFeatureList.CCT_REAL_TIME_ENGAGEMENT_SIGNALS})
+@EnableFeatures({ChromeFeatureList.OPAQUE_ORIGIN_FOR_INCOMING_INTENTS})
 public class CustomTabActivityUrlLoadingTest {
     public static final String PASSWORD_CHANGE_USERNAME = "Peter";
 
+    @Implements(Origin.class)
+    public static class ShadowOrigin {
+        @Implementation
+        public static Origin createOpaqueOrigin() {
+            return null;
+        }
+    }
+
     @Rule
     public final CustomTabActivityContentTestEnvironment env =
             new CustomTabActivityContentTestEnvironment();