Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't enable 1PES everywhere when global SESSION_ONLY mode is enabled. #13127

Merged
merged 1 commit into from
Apr 22, 2022
Merged

Don't enable 1PES everywhere when global SESSION_ONLY mode is enabled. #13127

merged 1 commit into from
Apr 22, 2022

Conversation

goodov
Copy link
Member

@goodov goodov commented Apr 22, 2022
edited
Loading

Don't enable 1PES when SESSION_ONLY mode is applied via *, * content settings patterns.

Resolves brave/brave-browser#22493

Submitter Checklist:

  • I confirm that no security/privacy review is needed, or that I have requested one
  • There is a ticket for my issue
  • Used Github auto-closing keywords in the PR description above
  • Wrote a good PR/commit description
  • Squashed any review feedback or "fixup" commits before merge, so that history is a record of what happened in the repo, not your PR
  • Added appropriate labels (QA/Yes or QA/No; release-notes/include or release-notes/exclude; OS/...) to the associated issue
  • Checked the PR locally: npm run test -- brave_browser_tests, npm run test -- brave_unit_tests, npm run lint, npm run gn_check, npm run tslint
  • Ran git rebase master (if needed)

Reviewer Checklist:

  • A security review is not needed, or a link to one is included in the PR description
  • New files have MPL-2.0 license header
  • Adequate test coverage exists to prevent regressions
  • Major classes, functions and non-trivial code blocks are well-commented
  • Changes in component dependencies are properly reflected in gn
  • Code follows the style guide
  • Test plan is specified in PR before merging

After-merge Checklist:

Test Plan:

@goodov goodov requested a review from a team as a code owner April 22, 2022 06:38
goodov
goodov commented Apr 22, 2022
View reviewed changes
chromium_src/components/content_settings/core/common/cookie_settings_base.cc
@@ -105,7 +116,9 @@ bool CookieSettingsBase::ShouldUseEphemeralStorage(

bool allow_3p =
IsCookieAccessAllowedImpl(url, site_for_cookies, top_frame_origin);
bool allow_1p = IsFirstPartyAccessAllowed(first_party_url, this);
bool allow_1p = first_party_setting
? IsAllowed(first_party_setting->setting)
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just use already requested value here if it's available. no logic change here.

@goodov
Copy link
Member Author

goodov commented Apr 22, 2022

@mkarolin PTAL

mkarolin
mkarolin approved these changes Apr 22, 2022
View reviewed changes
Copy link
Collaborator

@mkarolin mkarolin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

chromium_src ++

@goodov goodov merged commit cf0fd0c into master Apr 22, 2022
@goodov goodov deleted the issues/22493 branch April 22, 2022 15:49
@goodov goodov added this to the 1.40.x - Nightly milestone Apr 22, 2022
brave-builds pushed a commit that referenced this pull request Apr 22, 2022
@brave-browser-releases
Uplift of #13127 (squashed) to beta
1d1ec7f
brave-builds pushed a commit that referenced this pull request Apr 22, 2022
@brave-browser-releases
Uplift of #13127 (squashed) to release
6feecf9
This was referenced Apr 22, 2022
Merged
Merged
@kjozwiak
Copy link
Member

kjozwiak commented Apr 23, 2022
edited
Loading

Reproduced the original issues on Win 11 x64 using the following build(s):

Brave | 1.38.105 Chromium: 101.0.4951.41 (Official Build) (64-bit)
-- | --
Revision | 93c720db8323b3ec10d056025ab95c23a31997c9-refs/branch-heads/4951@{#904}
OS | Windows 11 Version 21H2 (Build 22000.613)

Prerequisites: ensure that Clear cookies and site data when you close all windows is selected via brave://settings/cookies as per brave/brave-browser#22493 (comment).

Test Case 1 - Logging into website/Closing Tab

  • login into any website (I used FB when running through the following case)
  • once logged in, close the tab and re-load the same website

You'll notice you'll be logged out even though you've technically didn't close the browser.

Test Case 2 - 404 error via Gmail/Google properties

  • attempt to login into Gmail/YouTube etc.. You'll get a 404 and won't be able to log into the website.

404error

Verification PASSED on Win 11 x64 using the following build(s):

Brave | 1.40.7 Chromium: 101.0.4951.41 (Official Build) nightly (64-bit)
-- | --
Revision | 93c720db8323b3ec10d056025ab95c23a31997c9-refs/branch-heads/4951@{#904}
OS | Windows 11 Version 21H2 (Build 22000.613)

Prerequisites: ensure that Clear cookies and site data when you close all windows is selected via brave://settings/cookies as per brave/brave-browser#22493 (comment).

Test Case 1 - Logging into website/Closing Tab

  • once Clear cookies and site data when you close all windows has been enabled, logged into Facebook
  • once logged into FB, close the tab and re-open a new tab and ensure you stay logged in (don't close the window)
  • run through the above a few times to make sure you're always logged in until you close the browser
  • restart the browser and ensure that all the cookies related to FB are removed from brave://settings/siteData

Test Case 2 - 404 error via Gmail/Google properties

  • log into Gmail and ensure that you can login without any issues/failures (specifically not reviewing the 404)
  • restart the browser and you'll notice that you'll still see some cookies via brave://settings/siteData
    • you should be able to login again
  • disable Allow Google login buttons on third party sites via brave://settings/socialBlocking
    *restart the browser and this time you shouldn't see any cookies that belong to Gmail via brave://settings/siteData

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@iefremov iefremov iefremov approved these changes

@mkarolin mkarolin mkarolin approved these changes

Assignees

@goodov goodov

Labels
None yet
Projects
None yet
Milestone
1.40.x - Release
Development

Successfully merging this pull request may close these issues.

Global "clear cookies when you close all windows" setting conflicts with 1PES
4 participants
@goodov @kjozwiak @iefremov @mkarolin