Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Localhost access permission #17321

Merged
merged 16 commits into from
Apr 24, 2023
Merged

Localhost access permission #17321

merged 16 commits into from
Apr 24, 2023

Conversation

ShivanKaul
Copy link
Collaborator

@ShivanKaul ShivanKaul commented Feb 22, 2023
edited
Loading

Resolves brave/brave-browser#27346

Submitter Checklist:

  • I confirm that no security/privacy review is needed, or that I have requested one
  • There is a ticket for my issue
  • Used Github auto-closing keywords in the PR description above
  • Wrote a good PR/commit description
  • Squashed any review feedback or "fixup" commits before merge, so that history is a record of what happened in the repo, not your PR
  • Added appropriate labels (QA/Yes or QA/No; release-notes/include or release-notes/exclude; OS/...) to the associated issue
  • Checked the PR locally:
    • npm run test -- brave_browser_tests, npm run test -- brave_unit_tests wiki
    • npm run lint, npm run presubmit wiki, npm run gn_check, npm run tslint
  • Ran git rebase master (if needed)

Reviewer Checklist:

  • A security review is not needed, or a link to one is included in the PR description
  • New files have MPL-2.0 license header
  • Adequate test coverage exists to prevent regressions
  • Major classes, functions and non-trivial code blocks are well-commented
  • Changes in component dependencies are properly reflected in gn
  • Code follows the style guide
  • Test plan is specified in PR before merging

After-merge Checklist:

Test Plan:

I've created a test website at https://shivankaul.com/brave/localhost/ with testing instructions.
A few other things to test:

  1. A localhost connection from a localhost website should Just Work without a prompt.
  2. There should be a new site setting called Localhost access at brave://settings/content/localhostAccess

@ShivanKaul ShivanKaul requested review from iefremov and a team as code owners February 22, 2023 05:05
@github-actions github-actions bot added CI/run-network-audit Run network-audit CI/storybook-url Deploy storybook and provide a unique URL for each build potential-layer-violation-fixes This PR touches a BUILD.gn file with check_includes=false labels Feb 22, 2023
@brave-builds
Copy link
Collaborator

A Storybook has been deployed to preview UI for the latest push

iefremov
iefremov reviewed Feb 22, 2023
View reviewed changes
browser/net/brave_localhost_permission_network_delegate_helper.cc
const auto& request_initiator_url = ctx->initiator_url;
const auto& request_url = ctx->request_url;

if (!IsLocalhostRequest(request_url, request_initiator_url)) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

in case of websocket initiator would be empty, is it okay?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it would come from BraveProxyingWebSocket

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Interesting! Is there a way to detect that? We wouldn't want to get the embedding/initiating URL from contents->GetLastCommittedURL() because we want to only capture the cases where a website is making the localhost request.

Copy link
Collaborator Author

@ShivanKaul ShivanKaul Feb 26, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hm I seem to get the right initiator and request URLs with a WebSocket actually. My test client is https://shivankaul.com/brave/localhost/ws_client.html (check the console for messages) and test server is just a simple WebSocket server running on port 8080 locally: https://shivankaul.com/brave/localhost/ws_server.js

@ShivanKaul
Copy link
Collaborator Author

@goodov The presubmit CI fails on

browser/net/brave_localhost_permission_network_delegate_helper.cc:47:
std::shared_ptr should not be used. Use scoped_refptr instead.

But OnBeforeURLRequest_LocalhostPermissionWork is just adhering to

OnBeforeURLRequestCallback =
    base::RepeatingCallback<int(const ResponseCallback& next_callback,
                                std::shared_ptr<BraveRequestInfo> ctx)>;

@goodov
Copy link
Member

goodov commented Feb 24, 2023

@goodov The presubmit CI fails on

browser/net/brave_localhost_permission_network_delegate_helper.cc:47:
std::shared_ptr should not be used. Use scoped_refptr instead.

But OnBeforeURLRequest_LocalhostPermissionWork is just adhering to

OnBeforeURLRequestCallback =
    base::RepeatingCallback<int(const ResponseCallback& next_callback,
                                std::shared_ptr<BraveRequestInfo> ctx)>;

add your file to this list:

brave-core/chromium_presubmit_config.json5

Line 83 in 9c36ad8

"CheckNoBannedFunctions": [

fmarier
fmarier reviewed Mar 4, 2023
View reviewed changes
app/brave_settings_strings.grdp Outdated Show resolved Hide resolved
browser/about_flags.cc Outdated Show resolved Hide resolved
browser/permissions/localhost_access_permission_browsertest.cc Outdated Show resolved Hide resolved
browser/permissions/localhost_access_permission_browsertest.cc
CheckAskAndDenyFlow(kButtonHtmlId, target_url, 1);
}

IN_PROC_BROWSER_TEST_F(LocalhostAccessBrowserTest, OneTwoSeven) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not a big deal, but for completeness' sake, we could also test the IPv6 version ([::1]).

components/permissions/contexts/brave_localhost_permission_context.cc Outdated Show resolved Hide resolved
@brave-builds
Copy link
Collaborator

A Storybook has been deployed to preview UI for the latest push

@ShivanKaul ShivanKaul removed the CI/storybook-url Deploy storybook and provide a unique URL for each build label Mar 20, 2023
@ShivanKaul ShivanKaul force-pushed the feature/localhost-permission branch 2 times, most recently from f3b0d4e to 62bc1a0 Compare March 21, 2023 23:22
@ShivanKaul ShivanKaul requested a review from a team as a code owner April 12, 2023 18:16
mkarolin
mkarolin approved these changes Apr 13, 2023
View reviewed changes
Copy link
Collaborator

@mkarolin mkarolin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Strings ++

@ShivanKaul
Add network delegate and permission for localhost requests
c97eb45
@ShivanKaul
Add strings and settings UI
c0d9217
@ShivanKaul
Add browsertest
3661687
@ShivanKaul
Various fixes
01dc788 
Only throttle for subresources
No throttling for adblocked resources
Add tests for adblock
@ShivanKaul
Build fixes
15820eb
@ShivanKaul
Add permission string for Android
435827f
@ShivanKaul
Presubmit fixes
3b8f404
@ShivanKaul
Add service worker logic
9ae629d
@ShivanKaul
Presubmit fixes
c504445
@ShivanKaul
Fix settings UI issues
98f654b
@ShivanKaul
Use base::MakeRefCounted in test
d153662
@ShivanKaul
Cleanup unused includes
1f09e1a
@ShivanKaul
Add comment explaining why reload
ac46d2d
@ShivanKaul
Pass frame tree node id to OnPermissionRequestStatus
1c92b4c 
Instead of WebContents pointer
@ShivanKaul
Address review feedback
c1f8d15 
PermissionControllerDelegate => PermissionController
RequestPermissionsForOrigin => RequestPermissionsFromCurrentDocument
@ShivanKaul
Fix merge conflict related to patch
6d79b02
@mihaiplesa mihaiplesa merged commit 11330da into master Apr 24, 2023
@mihaiplesa mihaiplesa deleted the feature/localhost-permission branch April 24, 2023 15:04
@github-actions github-actions bot added the CI/storybook-url Deploy storybook and provide a unique URL for each build label Apr 24, 2023
@github-actions github-actions bot added this to the 1.52.x - Nightly milestone Apr 24, 2023
@ShivanKaul ShivanKaul mentioned this pull request Apr 25, 2023
Merged
25 tasks
@MicahZoltu MicahZoltu mentioned this pull request May 6, 2023
Open
@ShivanKaul ShivanKaul mentioned this pull request May 10, 2023
Closed
@Uni-verse Uni-verse mentioned this pull request May 25, 2023
Closed
@ShivanKaul ShivanKaul mentioned this pull request Jun 1, 2023
Merged
25 tasks
@ShivanKaul ShivanKaul mentioned this pull request Jun 21, 2023
Merged
25 tasks
@uazo uazo mentioned this pull request Jun 22, 2023
Closed
@TGrade
Copy link

TGrade commented Mar 21, 2024

Hey. Sorry I'm a bit curious about this. Does this check your local routes? Will it prevent websites from accessing your local by accessing addresses like 192.168.0.123 for example?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fmarier fmarier fmarier left review comments

@pes10k pes10k pes10k left review comments

@mkarolin mkarolin mkarolin approved these changes

@goodov goodov goodov approved these changes

@iefremov iefremov iefremov approved these changes

Assignees

@ShivanKaul ShivanKaul

Labels
CI/run-network-audit Run network-audit CI/storybook-url Deploy storybook and provide a unique URL for each build potential-layer-violation-fixes This PR touches a BUILD.gn file with check_includes=false
Projects
None yet
Milestone
1.52.x - Release
Development

Successfully merging this pull request may close these issues.

Permissioning access to localhost connections
9 participants
@ShivanKaul @brave-builds @goodov @TGrade @pes10k @fmarier @iefremov @mkarolin @mihaiplesa