Skip to content

Commit

Permalink
Refactor into separate classes instead of chromium overrides
Browse files Browse the repository at this point in the history
  • Loading branch information
Brandon-T committed Dec 18, 2024
1 parent 167db02 commit 762e56e
Show file tree
Hide file tree
Showing 18 changed files with 645 additions and 321 deletions.
24 changes: 3 additions & 21 deletions chromium_src/ios/web/public/webui/url_data_source_ios.h
Original file line number Diff line number Diff line change
Expand Up @@ -6,30 +6,12 @@
#ifndef BRAVE_CHROMIUM_SRC_IOS_WEB_PUBLIC_WEBUI_URL_DATA_SOURCE_IOS_H_
#define BRAVE_CHROMIUM_SRC_IOS_WEB_PUBLIC_WEBUI_URL_DATA_SOURCE_IOS_H_

#include <cstdint>

namespace network::mojom {
enum class CSPDirectiveName : std::int32_t;
} // namespace network::mojom

#define GetContentSecurityPolicyObjectSrc \
GetContentSecurityPolicyObjectSrc_ChromiumImpl() const; \
virtual std::string GetContentSecurityPolicyObjectSrc

#define ShouldServiceRequest \
ShouldServiceRequest_ChromiumImpl(const GURL& url) const; \
virtual bool ShouldServiceRequest(const GURL& url) const; \
virtual bool ShouldAddContentSecurityPolicy() const; \
virtual std::string GetContentSecurityPolicyFrameSrc() const; \
virtual std::string GetContentSecurityPolicy( \
network::mojom::CSPDirectiveName directive) const; \
\
private: \
bool Dummy
#define GetContentSecurityPolicyObjectSrc \
GetContentSecurityPolicyObjectSrc() const; \
virtual std::string GetContentSecurityPolicyFrameSrc

#import "src/ios/web/public/webui/url_data_source_ios.h" // IWYU pragma: export

#undef GetContentSecurityPolicyObjectSrc
#undef ShouldServiceRequest

#endif // BRAVE_CHROMIUM_SRC_IOS_WEB_PUBLIC_WEBUI_URL_DATA_SOURCE_IOS_H_
27 changes: 0 additions & 27 deletions chromium_src/ios/web/public/webui/web_ui_ios_data_source.h

This file was deleted.

10 changes: 3 additions & 7 deletions chromium_src/ios/web/webui/url_data_manager_ios_backend.mm
Original file line number Diff line number Diff line change
Expand Up @@ -5,13 +5,9 @@

#include "ios/web/webui/url_data_manager_ios_backend.h"

#define ShouldDenyXFrameOptions ShouldDenyXFrameOptions()); \
job->set_add_content_security_policy( \
source->source()->ShouldAddContentSecurityPolicy()); \
job->set_content_security_policy_object_source( \
source->source()->GetContentSecurityPolicyObjectSrc()); \
job->set_content_security_policy_frame_source( \
source->source()->GetContentSecurityPolicyFrameSrc()); \
#define ShouldDenyXFrameOptions ShouldDenyXFrameOptions()); \
job->set_content_security_policy_frame_source( \
source->source()->GetContentSecurityPolicyFrameSrc()); \
void(void

#include "src/ios/web/webui/url_data_manager_ios_backend.mm"
Expand Down
139 changes: 2 additions & 137 deletions chromium_src/ios/web/webui/url_data_source_ios.mm
Original file line number Diff line number Diff line change
Expand Up @@ -5,149 +5,14 @@

#include "ios/web/public/webui/url_data_source_ios.h"

#include "base/containers/span.h"
#include "base/no_destructor.h"
#include "base/strings/strcat.h"
#include "base/strings/stringprintf.h"
#include "base/strings/utf_string_conversions.h"
#include "ios/components/webui/web_ui_url_constants.h"
#include "services/network/public/mojom/content_security_policy.mojom.h"

namespace {

// A chrome-untrusted data source's name starts with chrome-untrusted://.
bool IsChromeUntrustedDataSource(const web::URLDataSourceIOS* source) {
static const base::NoDestructor<std::string> kChromeUntrustedSourceNamePrefix(
base::StrCat({kChromeUIUntrustedScheme, url::kStandardSchemeSeparator}));

return base::StartsWith(source->GetSource(),
*kChromeUntrustedSourceNamePrefix,
base::CompareCase::SENSITIVE);
}

} // namespace

namespace web {
bool URLDataSourceIOS::ShouldAddContentSecurityPolicy() const {
return true;
}

bool URLDataSourceIOS::ShouldServiceRequest(const GURL& url) const {
return URLDataSourceIOS::ShouldServiceRequest_ChromiumImpl(url);
}

std::string URLDataSourceIOS::GetContentSecurityPolicyObjectSrc() const {
if (ShouldAddContentSecurityPolicy()) {
std::string csp_header;

const network::mojom::CSPDirectiveName kAllDirectives[] = {
network::mojom::CSPDirectiveName::BaseURI,
network::mojom::CSPDirectiveName::ChildSrc,
network::mojom::CSPDirectiveName::ConnectSrc,
network::mojom::CSPDirectiveName::DefaultSrc,
network::mojom::CSPDirectiveName::FencedFrameSrc,
network::mojom::CSPDirectiveName::FormAction,
network::mojom::CSPDirectiveName::FontSrc,
network::mojom::CSPDirectiveName::ImgSrc,
network::mojom::CSPDirectiveName::MediaSrc,
network::mojom::CSPDirectiveName::ObjectSrc,
network::mojom::CSPDirectiveName::RequireTrustedTypesFor,
network::mojom::CSPDirectiveName::ScriptSrc,
network::mojom::CSPDirectiveName::StyleSrc,
network::mojom::CSPDirectiveName::TrustedTypes,
network::mojom::CSPDirectiveName::WorkerSrc};

for (auto& directive : kAllDirectives) {
csp_header.append(GetContentSecurityPolicy(directive));
}

// TODO(crbug.com/40118579): Both CSP frame ancestors and XFO headers may be
// added to the response but frame ancestors would take precedence. In the
// future, XFO will be removed so when that happens remove the check and
// always add frame ancestors.
if (ShouldDenyXFrameOptions()) {
csp_header.append(GetContentSecurityPolicy(
network::mojom::CSPDirectiveName::FrameAncestors));
}

return csp_header;
}

return URLDataSourceIOS::GetContentSecurityPolicyObjectSrc_ChromiumImpl();
}

std::string URLDataSourceIOS::GetContentSecurityPolicyFrameSrc() const {
std::string frame_src =
GetContentSecurityPolicy(network::mojom::CSPDirectiveName::FrameSrc);
if (!frame_src.empty()) {
return frame_src;
}

// Default for iOS:
// https://source.chromium.org/chromium/chromium/src/+/main:ios/web/webui/url_data_manager_ios_backend.mm;l=511?q=set_content_security_policy_frame_source&ss=chromium%2Fchromium%2Fsrc
return "frame-src 'none';";
}

std::string URLDataSourceIOS::GetContentSecurityPolicy(
network::mojom::CSPDirectiveName directive) const {
switch (directive) {
case network::mojom::CSPDirectiveName::ChildSrc:
return "child-src 'none';";
case network::mojom::CSPDirectiveName::DefaultSrc:
return IsChromeUntrustedDataSource(this) ? "default-src 'self';"
: std::string();
case network::mojom::CSPDirectiveName::ObjectSrc:
return "object-src 'none';";
case network::mojom::CSPDirectiveName::ScriptSrc:
// Note: Do not add 'unsafe-eval' here. Instead override CSP for the
// specific pages that need it, see context http://crbug.com/525224.
return IsChromeUntrustedDataSource(this)
? base::StrCat({"script-src", kChromeUIUntrustedScheme,
url::kStandardSchemeSeparator,
"resources 'self';"})
: "script-src chrome://resources 'self';";
case network::mojom::CSPDirectiveName::FrameAncestors:
return "frame-ancestors 'none';";
case network::mojom::CSPDirectiveName::RequireTrustedTypesFor:
return "require-trusted-types-for 'script';";
case network::mojom::CSPDirectiveName::TrustedTypes:
return "trusted-types;";
case network::mojom::CSPDirectiveName::BaseURI:
return IsChromeUntrustedDataSource(this) ? "base-uri 'none';"
: std::string();
case network::mojom::CSPDirectiveName::FormAction:
return IsChromeUntrustedDataSource(this) ? "form-action 'none';"
: std::string();
case network::mojom::CSPDirectiveName::BlockAllMixedContent:
case network::mojom::CSPDirectiveName::ConnectSrc:
case network::mojom::CSPDirectiveName::FencedFrameSrc:
case network::mojom::CSPDirectiveName::FrameSrc:
case network::mojom::CSPDirectiveName::FontSrc:
case network::mojom::CSPDirectiveName::ImgSrc:
case network::mojom::CSPDirectiveName::ManifestSrc:
case network::mojom::CSPDirectiveName::MediaSrc:
case network::mojom::CSPDirectiveName::ReportURI:
case network::mojom::CSPDirectiveName::Sandbox:
case network::mojom::CSPDirectiveName::ScriptSrcAttr:
case network::mojom::CSPDirectiveName::ScriptSrcElem:
case network::mojom::CSPDirectiveName::StyleSrc:
case network::mojom::CSPDirectiveName::StyleSrcAttr:
case network::mojom::CSPDirectiveName::StyleSrcElem:
case network::mojom::CSPDirectiveName::UpgradeInsecureRequests:
case network::mojom::CSPDirectiveName::TreatAsPublicAddress:
case network::mojom::CSPDirectiveName::WorkerSrc:
case network::mojom::CSPDirectiveName::ReportTo:
case network::mojom::CSPDirectiveName::Unknown:
return std::string();
}
}

} // namespace web

#define GetContentSecurityPolicyObjectSrc \
GetContentSecurityPolicyObjectSrc_ChromiumImpl

#define ShouldServiceRequest ShouldServiceRequest_ChromiumImpl

#include "src/ios/web/webui/url_data_source_ios.mm"

#undef ShouldServiceRequest
#undef GetContentSecurityPolicyObjectSrc
35 changes: 0 additions & 35 deletions chromium_src/ios/web/webui/web_ui_ios_data_source_impl.h

This file was deleted.

74 changes: 0 additions & 74 deletions chromium_src/ios/web/webui/web_ui_ios_data_source_impl.mm

This file was deleted.

7 changes: 5 additions & 2 deletions ios/BUILD.gn
Original file line number Diff line number Diff line change
Expand Up @@ -53,8 +53,11 @@ assert(is_debug || current_cpu != "arm64" || use_lld,

config("internal_config") {
visibility = [ ":*" ]
ldflags =
[ "-Wl,-rpath,/usr/lib/swift,-rpath,@executable_path/../Frameworks" ]
ldflags = [
"-Wl,-rpath,/usr/lib/swift,-rpath,@executable_path/../Frameworks",
"-fstandalone-debug",
"-fno-limit-debug-info",
]
}

group("brave_ios") {
Expand Down
5 changes: 5 additions & 0 deletions ios/brave-ios/App/Configuration/Debug-AppStore.xcconfig
Original file line number Diff line number Diff line change
Expand Up @@ -13,3 +13,8 @@ SWIFT_ACTIVE_COMPILATION_CONDITIONS = DEBUG BRAVE_CHANNEL_RELEASE $(brave_swift_
// Manual Code-Signing
DEVELOPMENT_TEAM = KL8N8XSYF4
CODE_SIGN_STYLE = Manual

RETAIN_RAW_BINARIES = YES
GCC_DEBUGGING_SYMBOLS = default
STRIP_INSTALLED_PRODUCT = NO
OTHER_LDFLAGS = $(OTHER_LDFLAGS) -fstandalone-debug -fno-limit-debug-info
2 changes: 2 additions & 0 deletions ios/brave-ios/App/Configuration/Debug.xcconfig
Original file line number Diff line number Diff line change
Expand Up @@ -25,3 +25,5 @@ OTHER_SWIFT_FLAGS=$(brave_ios_debug_prefix_map_flag)
ENABLE_TESTABILITY = YES

GCC_PREPROCESSOR_DEFINITIONS= DEBUG=1

OTHER_LDFLAGS = $(OTHER_LDFLAGS) -fstandalone-debug -fno-limit-debug-info
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ struct LeoAssetsPlugin: BuildToolPlugin {
}

// Check to make sure the plugin is being used correctly in SPM
guard let target = target as? SourceModuleTarget else {
guard target is SourceModuleTarget else {
Diagnostics.error("Attempted to use `LeoAssetsPlugin` on an unsupported module target")
return []
}
Expand Down
Loading

0 comments on commit 762e56e

Please sign in to comment.