From 9a0c3e16d42f1a7c808410823f6f9f8ac0105b95 Mon Sep 17 00:00:00 2001 From: yan Date: Fri, 21 Jun 2019 17:18:47 -0700 Subject: [PATCH] Add fingerprinting exception for Uphold Fix https://github.com/brave/brave-browser/issues/4139 --- common/shield_exceptions.cc | 21 +++++++++++++++++ common/shield_exceptions.h | 2 ++ common/shield_exceptions_unittest.cc | 25 +++++++++++++++++++++ renderer/brave_content_settings_observer.cc | 5 +++++ 4 files changed, 53 insertions(+) diff --git a/common/shield_exceptions.cc b/common/shield_exceptions.cc index 3c269f9bf45c..aaa98137ce6d 100644 --- a/common/shield_exceptions.cc +++ b/common/shield_exceptions.cc @@ -72,4 +72,25 @@ bool IsWhitelistedCookieException(const GURL& firstPartyOrigin, }); } +bool IsWhitelistedFingerprintingException(const GURL& firstPartyOrigin, + const GURL& subresourceUrl) { + static std::map > whitelist_patterns = { + { + GURL("https://uphold.com/"), + std::vector({URLPattern(URLPattern::SCHEME_ALL, + "https://uphold.netverify.com/*")}) + } + }; + std::map >::iterator i = + whitelist_patterns.find(firstPartyOrigin); + if (i == whitelist_patterns.end()) { + return false; + } + std::vector &exceptions = i->second; + return std::any_of(exceptions.begin(), exceptions.end(), + [&subresourceUrl](const URLPattern& pattern) { + return pattern.MatchesURL(subresourceUrl); + }); +} + } // namespace brave diff --git a/common/shield_exceptions.h b/common/shield_exceptions.h index c1f9f87d812e..96948547cf77 100644 --- a/common/shield_exceptions.h +++ b/common/shield_exceptions.h @@ -15,6 +15,8 @@ bool IsBlockedResource(const GURL& gurl); bool IsWhitelistedCookieException(const GURL& firstPartyOrigin, const GURL& subresourceUrl, bool allow_google_auth); +bool IsWhitelistedFingerprintingException(const GURL& firstPartyOrigin, + const GURL& subresourceUrl); } // namespace brave diff --git a/common/shield_exceptions_unittest.cc b/common/shield_exceptions_unittest.cc index 7c2a2241dfcc..1e0948370a83 100644 --- a/common/shield_exceptions_unittest.cc +++ b/common/shield_exceptions_unittest.cc @@ -12,6 +12,7 @@ namespace { typedef testing::Test BraveShieldsExceptionsTest; using brave::IsWhitelistedCookieException; +using brave::IsWhitelistedFingerprintingException; TEST_F(BraveShieldsExceptionsTest, IsWhitelistedCookieException) { // Cookie exceptions for Google auth domains @@ -23,4 +24,28 @@ TEST_F(BraveShieldsExceptionsTest, IsWhitelistedCookieException) { GURL("https://accounts.google.com/o/oauth2/iframe"), false)); } +TEST_F(BraveShieldsExceptionsTest, IsWhitelistedFingerprintingException) { + EXPECT_TRUE(IsWhitelistedFingerprintingException( + GURL("https://uphold.com"), + GURL("https://uphold.netverify.com/iframe"))); + EXPECT_TRUE(IsWhitelistedFingerprintingException( + GURL("https://uphold.com/"), + GURL("https://uphold.netverify.com"))); + EXPECT_FALSE(IsWhitelistedFingerprintingException( + GURL("http://uphold.com/"), + GURL("https://uphold.netverify.com/"))); + EXPECT_FALSE(IsWhitelistedFingerprintingException( + GURL("https://uphold.com/"), + GURL("http://uphold.netverify.com/"))); + EXPECT_FALSE(IsWhitelistedFingerprintingException( + GURL("https://uphold.netverify.com/iframe"), + GURL("https://uphold.com/"))); + EXPECT_FALSE(IsWhitelistedFingerprintingException( + GURL("https://uphold.com/"), + GURL("https://netverify.com/iframe"))); + EXPECT_FALSE(IsWhitelistedFingerprintingException( + GURL("https://www.uphold.com/"), + GURL("https://uphold.netverify.com/iframe"))); +} + } // namespace diff --git a/renderer/brave_content_settings_observer.cc b/renderer/brave_content_settings_observer.cc index 2dc6f79325dd..4cc10395f891 100644 --- a/renderer/brave_content_settings_observer.cc +++ b/renderer/brave_content_settings_observer.cc @@ -12,6 +12,7 @@ #include "base/bind_helpers.h" #include "base/strings/utf_string_conversions.h" #include "brave/common/render_messages.h" +#include "brave/common/shield_exceptions.h" #include "brave/content/common/frame_messages.h" #include "components/content_settings/core/common/content_settings_pattern.h" #include "components/content_settings/core/common/content_settings_utils.h" @@ -204,6 +205,10 @@ bool BraveContentSettingsObserver::AllowFingerprinting( if (IsBraveShieldsDown(frame, secondary_url)) { return true; } + const GURL& primary_url = GetOriginOrURL(frame); + if (brave::IsWhitelistedFingerprintingException(primary_url, secondary_url)) { + return true; + } ContentSettingsForOneType rules; if (content_setting_rules_) { rules = content_setting_rules_->fingerprinting_rules;