brave · bsclifton · May 28, 2020 · May 7, 2020 · May 28, 2020
@@ -17,6 +17,8 @@
 #include "components/content_settings/core/common/pref_names.h"
 #include "components/network_session_configurator/common/network_switches.h"
 #include "components/prefs/pref_service.h"
+#include "content/public/browser/render_frame_host.h"
+#include "content/public/browser/web_contents.h"
 #include "content/public/common/content_paths.h"
 #include "content/public/test/browser_test_utils.h"
 #include "net/dns/mock_host_resolver.h"
@@ -25,6 +27,22 @@
 
 using net::test_server::EmbeddedTestServer;
 
+bool NavigateRenderFrameToURL(content::RenderFrameHost* frame,
+                              std::string iframe_id,
+                              const GURL& url) {
+  std::string script = base::StringPrintf(
+      "setTimeout(\""
+      "var iframes = document.getElementById('%s');iframes.src='%s';"
+      "\",0)",
+      iframe_id.c_str(), url.spec().c_str());
+
+  content::TestNavigationManager navigation_manager(
+      content::WebContents::FromRenderFrameHost(frame), url);
+  bool result = ExecuteScript(frame, script);
+  navigation_manager.WaitForNavigationFinished();
+  return result;
+}
+
 class BraveNetworkDelegateBrowserTest : public InProcessBrowserTest {
  public:
   BraveNetworkDelegateBrowserTest()
@@ -63,7 +81,7 @@ class BraveNetworkDelegateBrowserTest : public InProcessBrowserTest {
         embedded_test_server()->GetURL("b.com", "/set-cookie?name=Good");
     subdomain_first_party_cookie_url_ =
         embedded_test_server()->GetURL("subdomain.a.com",
-                                       "/set-cookie?name=Good");
+                                       "/set-cookie?name=subdomainacom");
     google_oauth_cookie_url_ =
         https_server_.GetURL("accounts.google.com", "/set-cookie?oauth=true");
 
@@ -132,10 +150,10 @@ class BraveNetworkDelegateBrowserTest : public InProcessBrowserTest {
                                             url));
   }
 
-  void NavigateFrameTo(const GURL url) {
+  void NavigateFrameTo(const GURL url, const std::string& id = "test") {
     content::WebContents* web_contents =
         browser()->tab_strip_model()->GetActiveWebContents();
-    EXPECT_TRUE(NavigateIframeToURL(web_contents, "test", url));
+    EXPECT_TRUE(NavigateIframeToURL(web_contents, id, url));
   }
 
   void BlockGoogleOAuthCookies() {
@@ -229,6 +247,28 @@ IN_PROC_BROWSER_TEST_F(BraveNetworkDelegateBrowserTest, DefaultCookiesBlocked) {
   EXPECT_TRUE(cookie.empty()) << "Actual cookie: " << cookie;
 }
 
+// 1stpartydomain.com -> 3rdpartydomain.com -> 1stpartydomain.com nested iframe
+IN_PROC_BROWSER_TEST_F(BraveNetworkDelegateBrowserTest,
+                       ThirdPartyCookiesBlockedNestedFirstPartyIframe) {
+  DefaultBlockThirdPartyCookies();
+
+  ui_test_utils::NavigateToURL(browser(), url_);
+
+  auto* web_contents = browser()->tab_strip_model()->GetActiveWebContents();
+
+  NavigateFrameTo(
+      embedded_test_server()->GetURL("b.com", "/iframe_cookie.html"),
+      "nested_iframe");
+
+  content::RenderFrameHost* child_frame =
+      content::ChildFrameAt(web_contents->GetMainFrame(), 0);
+  NavigateRenderFrameToURL(child_frame, "iframe_cookie",
+      subdomain_first_party_cookie_url_);
+
+  ExpectCookiesOnHost(subdomain_first_party_cookie_url_, "name=subdomainacom");
+}
+
+
 IN_PROC_BROWSER_TEST_F(BraveNetworkDelegateBrowserTest,
                        PrefToggleBlockAllToBlockThirdParty) {
   DefaultBlockAllCookies();
@@ -249,7 +289,7 @@ IN_PROC_BROWSER_TEST_F(BraveNetworkDelegateBrowserTest,
   NavigateFrameTo(subdomain_first_party_cookie_url_);
 
   ExpectCookiesOnHost(top_level_page_url_, "name=Good");
-  ExpectCookiesOnHost(subdomain_first_party_cookie_url_, "name=Good");
+  ExpectCookiesOnHost(subdomain_first_party_cookie_url_, "name=subdomainacom");
 }
 
 IN_PROC_BROWSER_TEST_F(BraveNetworkDelegateBrowserTest,
@@ -326,7 +366,7 @@ IN_PROC_BROWSER_TEST_F(BraveNetworkDelegateBrowserTest,
   NavigateFrameTo(subdomain_first_party_cookie_url_);
 
   ExpectCookiesOnHost(top_level_page_url_, "name=Good");
-  ExpectCookiesOnHost(subdomain_first_party_cookie_url_, "name=Good");
+  ExpectCookiesOnHost(subdomain_first_party_cookie_url_, "name=subdomainacom");
 }
 
 IN_PROC_BROWSER_TEST_F(BraveNetworkDelegateBrowserTest,

@@ -0,0 +1,106 @@
+/* Copyright (c) 2020 The Brave Authors. All rights reserved.
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "components/content_settings/core/common/cookie_settings_base.h"
+
+#include "base/no_destructor.h"
+#include "base/optional.h"
+#include "net/base/registry_controlled_domains/registry_controlled_domain.h"
+#include "components/content_settings/core/common/content_settings.h"
+#include "components/content_settings/core/common/content_settings_pattern.h"
+#include "url/gurl.h"
+#include "url/origin.h"
+
+namespace content_settings {
+
+namespace {
+
+constexpr char kWp[] = "https://[*.]wp.com/*";
+constexpr char kWordpress[] = "https://[*.]wordpress.com/*";
+constexpr char kPlaystation[] = "https://[*.]playstation.com/*";
+constexpr char kSonyentertainmentnetwork[] =
+    "https://[*.]sonyentertainmentnetwork.com/*";
+
+bool BraveIsAllowedThirdParty(
+    const GURL& url,
+    const GURL& site_for_cookies,
+    const base::Optional<url::Origin>& top_frame_origin) {
+  static const base::NoDestructor<
+      // url -> first_party_url allow map
+      std::vector<std::pair<ContentSettingsPattern,
+                            ContentSettingsPattern>>> entity_list({
+          {
+            ContentSettingsPattern::FromString(kWp),
+            ContentSettingsPattern::FromString(kWordpress)
+          },
+          {
+            ContentSettingsPattern::FromString(kWordpress),
+            ContentSettingsPattern::FromString(kWp)
+          },
+          {
+            ContentSettingsPattern::FromString(kPlaystation),
+            ContentSettingsPattern::FromString(kSonyentertainmentnetwork)},
+          {
+            ContentSettingsPattern::FromString(kSonyentertainmentnetwork),
+            ContentSettingsPattern::FromString(kPlaystation)
+          },
+      });
+
+  GURL first_party_url = site_for_cookies;
+
+  if (!first_party_url.is_valid() && top_frame_origin)
+      first_party_url = top_frame_origin->GetURL();
+
+  if (net::registry_controlled_domains::GetDomainAndRegistry(
+          url,
+          net::registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES) ==
+      net::registry_controlled_domains::GetDomainAndRegistry(
+          first_party_url,
+          net::registry_controlled_domains::INCLUDE_PRIVATE_REGISTRIES))
+    return true;
+
+  for (auto i = entity_list->begin();
+       i != entity_list->end();
+       ++i) {
+    if (i->first.Matches(url) && i->second.Matches(first_party_url))
+      return true;
+  }
+
+  return false;
+}
+
+}  // namespace
+
+bool CookieSettingsBase::IsCookieAccessAllowed(
+    const GURL& url, const GURL& first_party_url) const {
+  return IsCookieAccessAllowed(url, first_party_url, base::nullopt);
+}
+
+bool CookieSettingsBase::IsCookieAccessAllowed(
+    const GURL& url,
+    const GURL& site_for_cookies,
+    const base::Optional<url::Origin>& top_frame_origin) const {
+
+  // Get content settings only - do not consider default 3rd-party blocking.
+  ContentSetting setting;
+  GetCookieSettingInternal(
+      url, top_frame_origin ? top_frame_origin->GetURL() : site_for_cookies,
+      false, nullptr, &setting);
+
+  // Content settings should always override any defaults.
+  if (!IsAllowed(setting))
+    return false;
+
+  if (BraveIsAllowedThirdParty(url, site_for_cookies, top_frame_origin))
+    return true;
+
+  return IsChromiumCookieAccessAllowed(url, site_for_cookies, top_frame_origin);
+}
+
+}  // namespace content_settings
+
+#define IsCookieAccessAllowed IsChromiumCookieAccessAllowed
+#include "../../../../../../components/content_settings/core/common/cookie_settings_base.cc"  // NOLINT
+#undef IsCookieAccessAllowed
@@ -0,0 +1,22 @@
+/* Copyright (c) 2020 The Brave Authors. All rights reserved.
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef BRAVE_CHROMIUM_SRC_COMPONENTS_CONTENT_SETTINGS_CORE_COMMON_COOKIE_SETTINGS_BASE_H_
+#define BRAVE_CHROMIUM_SRC_COMPONENTS_CONTENT_SETTINGS_CORE_COMMON_COOKIE_SETTINGS_BASE_H_
+
+#define BRAVE_COOKIE_SETTINGS_BASE_H                                      \
+ private:                                                                 \
+  bool IsChromiumCookieAccessAllowed(const GURL& url,                     \
+                                     const GURL& first_party_url) const;  \
+  bool IsChromiumCookieAccessAllowed(                                     \
+      const GURL& url,                                                    \
+      const GURL& site_for_cookies,                                       \
+      const base::Optional<url::Origin>& top_frame_origin) const;
+
+#include "../../../../../../components/content_settings/core/common/cookie_settings_base.h"
+
+#undef BRAVE_COOKIE_SETTINGS_BASE_H
+
+#endif  // BRAVE_CHROMIUM_SRC_COMPONENTS_CONTENT_SETTINGS_CORE_COMMON_COOKIE_SETTINGS_BASE_H_
diff --git a/components/content_settings/core/browser/brave_content_settings_pref_provider.cc b/components/content_settings/core/browser/brave_content_settings_pref_provider.cc
@@ -313,6 +313,8 @@ void BravePrefProvider::UpdateCookieRules(ContentSettingsType content_type,
       rules.push_back(CloneRule(rule));
       brave_cookie_rules_[incognito].push_back(CloneRule(rule));
   }
+  // non-pref based exceptions should go in the cookie_settings_base.cc
+  // chromium_src override
 
   // add chromium cookies
   auto chromium_cookies_iterator = PrefProvider::GetRuleIterator(

@@ -0,0 +1,12 @@
+diff --git a/components/content_settings/core/common/cookie_settings_base.h b/components/content_settings/core/common/cookie_settings_base.h
+index fb41bd86314482bb8f9116e4da454c7913b74158..987040b59709fc7cca7a28ea75a880fc5bc6171a 100644
+--- a/components/content_settings/core/common/cookie_settings_base.h
++++ b/components/content_settings/core/common/cookie_settings_base.h
+@@ -169,6 +169,7 @@ class CookieSettingsBase {
+   // Determines whether |setting| is a valid content setting for legacy cookie
+   // access.
+   static bool IsValidSettingForLegacyAccess(ContentSetting setting);
++  BRAVE_COOKIE_SETTINGS_BASE_H
+
+  private:
+   virtual void GetCookieSettingInternal(