From a5b8533e88e7f7f2816a270b0232a6c0cc70d9d8 Mon Sep 17 00:00:00 2001 From: Brandon T Date: Wed, 8 Jan 2025 15:27:22 -0500 Subject: [PATCH] Revert "Add Chromium-Untrusted Support" c72d23a2a609499f914ad3dc1627a677e81b035c --- .../shared/model/profile/profile_ios.mm | 31 -- ios/browser/brave_web_client.h | 3 - ios/browser/brave_web_client.mm | 11 +- ios/browser/ui/webui/BUILD.gn | 2 - .../webui/brave_web_ui_controller_factory.mm | 5 +- .../ui/webui/brave_webui_data_source.h | 93 ------ .../ui/webui/brave_webui_data_source.mm | 302 ------------------ 7 files changed, 2 insertions(+), 445 deletions(-) delete mode 100644 chromium_src/ios/chrome/browser/shared/model/profile/profile_ios.mm delete mode 100644 ios/browser/ui/webui/brave_webui_data_source.h delete mode 100644 ios/browser/ui/webui/brave_webui_data_source.mm diff --git a/chromium_src/ios/chrome/browser/shared/model/profile/profile_ios.mm b/chromium_src/ios/chrome/browser/shared/model/profile/profile_ios.mm deleted file mode 100644 index 68969c67c3fb..000000000000 --- a/chromium_src/ios/chrome/browser/shared/model/profile/profile_ios.mm +++ /dev/null @@ -1,31 +0,0 @@ -// Copyright (c) 2024 The Brave Authors. All rights reserved. -// This Source Code Form is subject to the terms of the Mozilla Public -// License, v. 2.0. If a copy of the MPL was not distributed with this file, -// You can obtain one at https://mozilla.org/MPL/2.0/. - -// URLRequestJobFactory::CreateJob checks the protocol_handler_map_ -// to see what requests can be handled -// The FactoryForMain contains the ProtocolHandlerMap -// This is initialized via ProfileIOSIOData::Init(ProtocolHandlerMap* -// protocol_handlers) Which is called via ProfileIOS::GetRequestContext - -#include "ios/chrome/browser/shared/model/profile/profile_ios.h" - -#include "ios/components/webui/web_ui_url_constants.h" -#include "ios/web/webui/url_data_manager_ios_backend.h" - -// Add the chrome-untrusted scheme -auto CreateRequestContext_Brave(ProfileIOS* profile) { - return [profile](ProtocolHandlerMap* protocol_handlers) { - protocol_handlers->insert( - {kChromeUIUntrustedScheme, - web::URLDataManagerIOSBackend::CreateProtocolHandler(profile)}); - return profile->CreateRequestContext(protocol_handlers); - }; -} - -#define CreateRequestContext CreateRequestContext_Brave(this) - -#include "src/ios/chrome/browser/shared/model/profile/profile_ios.mm" - -#undef CreateRequestContext diff --git a/ios/browser/brave_web_client.h b/ios/browser/brave_web_client.h index cde0655f033f..56713c74cd21 100644 --- a/ios/browser/brave_web_client.h +++ b/ios/browser/brave_web_client.h @@ -37,9 +37,6 @@ class BraveWebClient : public ChromeWebClient { void PostBrowserURLRewriterCreation( web::BrowserURLRewriter* rewriter) override; - void GetAdditionalWebUISchemes( - std::vector* additional_schemes) override; - bool IsWebUIMessageAllowedForFrame(WKFrameInfo* frame, const GURL& origin, NSString** prompt, diff --git a/ios/browser/brave_web_client.mm b/ios/browser/brave_web_client.mm index 641502e2ca47..479b3649f6b8 100644 --- a/ios/browser/brave_web_client.mm +++ b/ios/browser/brave_web_client.mm @@ -50,14 +50,10 @@ schemes->standard_schemes.push_back(kBraveUIScheme); schemes->secure_schemes.push_back(kBraveUIScheme); - - schemes->standard_schemes.push_back(kChromeUIUntrustedScheme); - schemes->secure_schemes.push_back(kChromeUIUntrustedScheme); } bool BraveWebClient::IsAppSpecificURL(const GURL& url) const { - return ChromeWebClient::IsAppSpecificURL(url) || - url.SchemeIs(kBraveUIScheme) || url.SchemeIs(kChromeUIUntrustedScheme); + return ChromeWebClient::IsAppSpecificURL(url) || url.SchemeIs(kBraveUIScheme); } bool WillHandleBraveURLRedirect(GURL* url, web::BrowserState* browser_state) { @@ -82,11 +78,6 @@ bool WillHandleBraveURLRedirect(GURL* url, web::BrowserState* browser_state) { ChromeWebClient::PostBrowserURLRewriterCreation(rewriter); } -void BraveWebClient::GetAdditionalWebUISchemes( - std::vector* additional_schemes) { - ChromeWebClient::GetAdditionalWebUISchemes(additional_schemes); -} - bool BraveWebClient::IsWebUIMessageAllowedForFrame(WKFrameInfo* frame, const GURL& origin, NSString** prompt, diff --git a/ios/browser/ui/webui/BUILD.gn b/ios/browser/ui/webui/BUILD.gn index b2afe18e777b..f4a460623b72 100644 --- a/ios/browser/ui/webui/BUILD.gn +++ b/ios/browser/ui/webui/BUILD.gn @@ -11,8 +11,6 @@ source_set("webui") { sources = [ "brave_web_ui_controller_factory.h", "brave_web_ui_controller_factory.mm", - "brave_webui_data_source.h", - "brave_webui_data_source.mm", "brave_webui_source.h", "brave_webui_source.mm", ] diff --git a/ios/browser/ui/webui/brave_web_ui_controller_factory.mm b/ios/browser/ui/webui/brave_web_ui_controller_factory.mm index cdaaa6d8d95d..58b04d5dc246 100644 --- a/ios/browser/ui/webui/brave_web_ui_controller_factory.mm +++ b/ios/browser/ui/webui/brave_web_ui_controller_factory.mm @@ -41,12 +41,9 @@ // a tab, based on its URL. Returns nullptr if the URL doesn't have WebUIIOS // associated with it. WebUIIOSFactoryFunction GetWebUIIOSFactoryFunction(const GURL& url) { - const char kChromeUIUntrustedScheme[] = "chrome-untrusted"; - // This will get called a lot to check all URLs, so do a quick check of other // schemes to filter out most URLs. - if (!url.SchemeIs(kBraveUIScheme) && !url.SchemeIs(kChromeUIScheme) && - !url.SchemeIs(kChromeUIUntrustedScheme)) { + if (!url.SchemeIs(kBraveUIScheme) && !url.SchemeIs(kChromeUIScheme)) { return nullptr; } diff --git a/ios/browser/ui/webui/brave_webui_data_source.h b/ios/browser/ui/webui/brave_webui_data_source.h deleted file mode 100644 index eec623483cb7..000000000000 --- a/ios/browser/ui/webui/brave_webui_data_source.h +++ /dev/null @@ -1,93 +0,0 @@ -// Copyright (c) 2024 The Brave Authors. All rights reserved. -// This Source Code Form is subject to the terms of the Mozilla Public -// License, v. 2.0. If a copy of the MPL was not distributed with this file, -// You can obtain one at https://mozilla.org/MPL/2.0/. - -#ifndef BRAVE_IOS_BROWSER_UI_WEBUI_BRAVE_WEBUI_DATA_SOURCE_H_ -#define BRAVE_IOS_BROWSER_UI_WEBUI_BRAVE_WEBUI_DATA_SOURCE_H_ - -#include -#include -#include -#include - -#include "base/functional/callback.h" -#include "base/values.h" -#include "ios/web/public/webui/url_data_source_ios.h" -#include "ios/web/webui/url_data_manager_ios.h" -#include "ui/base/template_expressions.h" - -namespace network::mojom { -enum class CSPDirectiveName : std::int32_t; -} // namespace network::mojom - -namespace webui { -struct LocalizedString; -struct ResourcePath; -} // namespace webui - -class BraveWebUIDataSource : public web::URLDataSourceIOS { - public: - BraveWebUIDataSource(); - - ~BraveWebUIDataSource() override; - - BraveWebUIDataSource(const BraveWebUIDataSource&) = delete; - BraveWebUIDataSource& operator=(const BraveWebUIDataSource&) = delete; - - void AddString(const std::string& name, const std::u16string& value); - void AddString(const std::string& name, const std::string& value); - void AddLocalizedString(const std::string& name, int ids); - void AddLocalizedStrings(const base::Value::Dict& localized_strings); - void AddLocalizedStrings(base::span strings); - void AddBoolean(const std::string& name, bool value); - void UseStringsJs(); - void EnableReplaceI18nInJS(); - void AddResourcePath(const std::string& path, int resource_id); - void AddResourcePaths(base::span paths); - void SetDefaultResource(int resource_id); - void DisableDenyXFrameOptions(); - const ui::TemplateReplacements* GetReplacements() const; - - void OverrideContentSecurityPolicy(network::mojom::CSPDirectiveName directive, - const std::string& value); - void AddFrameAncestor(const GURL& frame_ancestor); - void DisableTrustedTypesCSP(); - - private: - void EnsureLoadTimeDataDefaultsAdded(); - void SendLocalizedStringsAsJSON(GotDataCallback callback, - bool from_js_module); - int PathToIdrOrDefault(const std::string& path) const; - - // web::URLDataSourceIOS overrides: - std::string GetSource() const override; - void StartDataRequest(const std::string& path, - GotDataCallback callback) override; - std::string GetMimeType(const std::string& path) const override; - bool ShouldReplaceExistingSource() const override; - bool ShouldReplaceI18nInJS() const override; - bool AllowCaching() const override; - bool ShouldDenyXFrameOptions() const override; - - bool ShouldServiceRequest(const GURL& url) const override; - std::string GetContentSecurityPolicy( - network::mojom::CSPDirectiveName directive) const override; - std::string GetContentSecurityPolicyObjectSrc() const override; - std::string GetContentSecurityPolicyFrameSrc() const override; - - int default_resource_; - bool use_strings_js_; - std::map path_to_idr_map_; - base::Value::Dict localized_strings_; - ui::TemplateReplacements replacements_; - bool deny_xframe_options_; - bool load_time_data_defaults_added_; - bool replace_existing_source_; - bool should_replace_i18n_in_js_; - - base::flat_map csp_overrides_; - std::set frame_ancestors_; -}; - -#endif // BRAVE_IOS_BROWSER_UI_WEBUI_BRAVE_WEBUI_DATA_SOURCE_H_ diff --git a/ios/browser/ui/webui/brave_webui_data_source.mm b/ios/browser/ui/webui/brave_webui_data_source.mm deleted file mode 100644 index 374327d7daab..000000000000 --- a/ios/browser/ui/webui/brave_webui_data_source.mm +++ /dev/null @@ -1,302 +0,0 @@ -// Copyright (c) 2024 The Brave Authors. All rights reserved. -// This Source Code Form is subject to the terms of the Mozilla Public -// License, v. 2.0. If a copy of the MPL was not distributed with this file, -// You can obtain one at https://mozilla.org/MPL/2.0/. - -#include "brave/ios/browser/ui/webui/brave_webui_data_source.h" - -#include "base/functional/bind.h" -#include "base/memory/raw_ptr.h" -#include "base/memory/ref_counted_memory.h" -#include "base/strings/strcat.h" -#include "base/strings/string_util.h" -#include "base/strings/utf_string_conversions.h" -#include "ios/chrome/browser/shared/model/url/chrome_url_constants.h" -#include "ios/web/public/web_client.h" -#include "services/network/public/mojom/content_security_policy.mojom.h" -#include "ui/base/webui/jstemplate_builder.h" -#include "ui/base/webui/resource_path.h" -#include "ui/base/webui/web_ui_util.h" - -BraveWebUIDataSource::BraveWebUIDataSource() - : default_resource_(-1), - use_strings_js_(false), - deny_xframe_options_(true), - load_time_data_defaults_added_(false), - replace_existing_source_(true), - should_replace_i18n_in_js_(false) {} - -BraveWebUIDataSource::~BraveWebUIDataSource() = default; - -void BraveWebUIDataSource::AddString(const std::string& name, - const std::u16string& value) { - localized_strings_.Set(name, value); - replacements_[name] = base::UTF16ToUTF8(value); -} - -void BraveWebUIDataSource::AddString(const std::string& name, - const std::string& value) { - localized_strings_.Set(name, value); - replacements_[name] = value; -} - -void BraveWebUIDataSource::AddLocalizedString(const std::string& name, - int ids) { - localized_strings_.Set(name, web::GetWebClient()->GetLocalizedString(ids)); - replacements_[name] = - base::UTF16ToUTF8(web::GetWebClient()->GetLocalizedString(ids)); -} - -void BraveWebUIDataSource::AddLocalizedStrings( - const base::Value::Dict& localized_strings) { - localized_strings_.Merge(localized_strings.Clone()); - ui::TemplateReplacementsFromDictionaryValue(localized_strings, - &replacements_); -} - -void BraveWebUIDataSource::AddLocalizedStrings( - base::span strings) { - for (const auto& str : strings) { - AddLocalizedString(str.name, str.id); - } -} - -void BraveWebUIDataSource::AddBoolean(const std::string& name, bool value) { - localized_strings_.Set(name, value); -} - -void BraveWebUIDataSource::UseStringsJs() { - use_strings_js_ = true; -} - -void BraveWebUIDataSource::EnableReplaceI18nInJS() { - should_replace_i18n_in_js_ = true; -} - -bool BraveWebUIDataSource::ShouldReplaceI18nInJS() const { - return should_replace_i18n_in_js_; -} - -void BraveWebUIDataSource::AddResourcePath(const std::string& path, - int resource_id) { - path_to_idr_map_[path] = resource_id; -} - -void BraveWebUIDataSource::AddResourcePaths( - base::span paths) { - for (const auto& path : paths) { - AddResourcePath(path.path, path.id); - } -} - -void BraveWebUIDataSource::SetDefaultResource(int resource_id) { - default_resource_ = resource_id; -} - -void BraveWebUIDataSource::DisableDenyXFrameOptions() { - deny_xframe_options_ = false; -} - -const ui::TemplateReplacements* BraveWebUIDataSource::GetReplacements() const { - return &replacements_; -} - -void BraveWebUIDataSource::OverrideContentSecurityPolicy( - network::mojom::CSPDirectiveName directive, - const std::string& value) { - csp_overrides_.insert_or_assign(directive, value); -} - -void BraveWebUIDataSource::AddFrameAncestor(const GURL& frame_ancestor) { - // Do not allow a wildcard to be a frame ancestor or it will allow any website - // to embed the WebUI. - CHECK(frame_ancestor.SchemeIs(kChromeUIScheme) || - frame_ancestor.SchemeIs(kChromeUIUntrustedScheme)); - frame_ancestors_.insert(frame_ancestor); -} - -void BraveWebUIDataSource::DisableTrustedTypesCSP() { - // TODO(crbug.com/40137141): Trusted Type remaining WebUI - // This removes require-trusted-types-for and trusted-types directives - // from the CSP header. - OverrideContentSecurityPolicy( - network::mojom::CSPDirectiveName::RequireTrustedTypesFor, std::string()); - OverrideContentSecurityPolicy(network::mojom::CSPDirectiveName::TrustedTypes, - std::string()); -} - -// URLDataSourceIOS - -std::string BraveWebUIDataSource::GetSource() const { - return base::StrCat( - {kChromeUIUntrustedScheme, url::kStandardSchemeSeparator}); -} - -void BraveWebUIDataSource::StartDataRequest(const std::string& path, - GotDataCallback callback) { - EnsureLoadTimeDataDefaultsAdded(); - - if (use_strings_js_) { - bool from_js_module = path == "strings.m.js"; - if (from_js_module || path == "strings.js") { - SendLocalizedStringsAsJSON(std::move(callback), from_js_module); - return; - } - } - - int resource_id = PathToIdrOrDefault(path); - DCHECK_NE(resource_id, -1); - scoped_refptr response( - web::GetWebClient()->GetDataResourceBytes(resource_id)); - std::move(callback).Run(response); -} - -std::string BraveWebUIDataSource::GetMimeType(const std::string& path) const { - if (base::EndsWith(path, ".png", base::CompareCase::INSENSITIVE_ASCII)) { - return "image/png"; - } - - if (base::EndsWith(path, ".gif", base::CompareCase::INSENSITIVE_ASCII)) { - return "image/gif"; - } - - if (base::EndsWith(path, ".jpg", base::CompareCase::INSENSITIVE_ASCII)) { - return "image/jpg"; - } - - if (base::EndsWith(path, ".js", base::CompareCase::INSENSITIVE_ASCII)) { - return "application/javascript"; - } - - if (base::EndsWith(path, ".json", base::CompareCase::INSENSITIVE_ASCII)) { - return "application/json"; - } - - if (base::EndsWith(path, ".pdf", base::CompareCase::INSENSITIVE_ASCII)) { - return "application/pdf"; - } - - if (base::EndsWith(path, ".css", base::CompareCase::INSENSITIVE_ASCII)) { - return "text/css"; - } - - if (base::EndsWith(path, ".svg", base::CompareCase::INSENSITIVE_ASCII)) { - return "image/svg+xml"; - } - - return "text/html"; -} - -bool BraveWebUIDataSource::ShouldReplaceExistingSource() const { - return replace_existing_source_; -} - -bool BraveWebUIDataSource::AllowCaching() const { - return false; -} - -bool BraveWebUIDataSource::ShouldDenyXFrameOptions() const { - return deny_xframe_options_; -} - -bool BraveWebUIDataSource::ShouldServiceRequest(const GURL& url) const { - return web::URLDataSourceIOS::ShouldServiceRequest(url); -} - -std::string BraveWebUIDataSource::GetContentSecurityPolicy( - network::mojom::CSPDirectiveName directive) const { - if (csp_overrides_.contains(directive)) { - return csp_overrides_.at(directive); - } else if (directive == network::mojom::CSPDirectiveName::FrameAncestors) { - std::string frame_ancestors; - if (frame_ancestors_.size() == 0) { - frame_ancestors += " 'none'"; - } - for (const GURL& frame_ancestor : frame_ancestors_) { - frame_ancestors += " " + frame_ancestor.spec(); - } - return "frame-ancestors" + frame_ancestors + ";"; - } - return web::URLDataSourceIOS::GetContentSecurityPolicy(directive); -} - -std::string BraveWebUIDataSource::GetContentSecurityPolicyObjectSrc() const { - if (ShouldAddContentSecurityPolicy()) { - std::string csp_header; - - const network::mojom::CSPDirectiveName kAllDirectives[] = { - network::mojom::CSPDirectiveName::BaseURI, - network::mojom::CSPDirectiveName::ChildSrc, - network::mojom::CSPDirectiveName::ConnectSrc, - network::mojom::CSPDirectiveName::DefaultSrc, - network::mojom::CSPDirectiveName::FencedFrameSrc, - network::mojom::CSPDirectiveName::FormAction, - network::mojom::CSPDirectiveName::FontSrc, - network::mojom::CSPDirectiveName::ImgSrc, - network::mojom::CSPDirectiveName::MediaSrc, - network::mojom::CSPDirectiveName::ObjectSrc, - network::mojom::CSPDirectiveName::RequireTrustedTypesFor, - network::mojom::CSPDirectiveName::ScriptSrc, - network::mojom::CSPDirectiveName::StyleSrc, - network::mojom::CSPDirectiveName::TrustedTypes, - network::mojom::CSPDirectiveName::WorkerSrc}; - - for (auto& directive : kAllDirectives) { - csp_header.append(GetContentSecurityPolicy(directive)); - } - - // TODO(crbug.com/40118579): Both CSP frame ancestors and XFO headers may be - // added to the response but frame ancestors would take precedence. In the - // future, XFO will be removed so when that happens remove the check and - // always add frame ancestors. - if (ShouldDenyXFrameOptions()) { - csp_header.append(GetContentSecurityPolicy( - network::mojom::CSPDirectiveName::FrameAncestors)); - } - - return csp_header; - } - - return web::URLDataSourceIOS::GetContentSecurityPolicyObjectSrc(); -} - -std::string BraveWebUIDataSource::GetContentSecurityPolicyFrameSrc() const { - if (csp_overrides_.contains(network::mojom::CSPDirectiveName::FrameSrc)) { - return csp_overrides_.at(network::mojom::CSPDirectiveName::FrameSrc); - } - - std::string frame_src = - GetContentSecurityPolicy(network::mojom::CSPDirectiveName::FrameSrc); - if (!frame_src.empty()) { - return frame_src; - } - - // See url_data_manager_ios_backend.mm chromium_src override for more details - return web::URLDataSourceIOS::GetContentSecurityPolicyFrameSrc(); -} - -void BraveWebUIDataSource::EnsureLoadTimeDataDefaultsAdded() { - if (load_time_data_defaults_added_) { - return; - } - - load_time_data_defaults_added_ = true; - base::Value::Dict defaults; - webui::SetLoadTimeDataDefaults(web::GetWebClient()->GetApplicationLocale(), - &defaults); - AddLocalizedStrings(defaults); -} - -void BraveWebUIDataSource::SendLocalizedStringsAsJSON( - URLDataSourceIOS::GotDataCallback callback, - bool from_js_module) { - std::string template_data; - webui::AppendJsonJS(localized_strings_, &template_data, from_js_module); - std::move(callback).Run( - base::MakeRefCounted(std::move(template_data))); -} - -int BraveWebUIDataSource::PathToIdrOrDefault(const std::string& path) const { - auto it = path_to_idr_map_.find(path); - return it == path_to_idr_map_.end() ? default_resource_ : it->second; -}