Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't inherit permissions in private windows #24720

Closed
goodov opened this issue Aug 17, 2022 · 4 comments · Fixed by brave/brave-core#14765
Closed

Don't inherit permissions in private windows #24720

goodov opened this issue Aug 17, 2022 · 4 comments · Fixed by brave/brave-core#14765
Assignees
@goodov
Labels
OS/Android Fixes related to Android browser functionality OS/Desktop QA Pass - Android ARM QA Pass - Android Tab QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Test-All-Platforms QA/Test-Plan-Specified QA/Yes release-notes/include
Milestone
1.45.x - Release

Comments

@goodov
Copy link
Member

goodov commented Aug 17, 2022
edited
Loading

Change INHERIT_IF_LESS_PERMISSIVE to some NEVER_INHERIT equivalent in private windows.

The change makes browser work in a way so that incognito profile won't inherit less permissive content setting set in a normal profile.

Example:

  • before: GEOLOCATION BLOCK set in a normal profile will be automatically inherited in incognito profile, i.e. geolocation request will be automatically blocked in incognito.
  • after: Incognito profile will use GEOLOCATION ASK option, even if BLOCK was set as a global default in the normal profile, i.e. geolocation request will trigger a permission request dialog in incognito.
@goodov goodov added OS/Android Fixes related to Android browser functionality OS/Desktop labels Aug 17, 2022
@goodov goodov self-assigned this Aug 17, 2022
@goodov goodov mentioned this issue Aug 23, 2022
Merged
25 tasks
@brave-builds brave-builds added this to the 1.45.x - Nightly milestone Aug 31, 2022
@goodov
Copy link
Member Author

goodov commented Aug 31, 2022
edited
Loading

Test case 1

Don't inherit in incognito less than permissive settings.

  1. Visit https://permission.site/, request and Block Geolocation permission.
  2. Open https://permission.site/ in incognito, request Geolocation permission.
  3. Expect permission dialog is shown with Allow and Block buttons.
  4. Press Allow or Block.
  5. Expect brave://settings/content/location shows two records for a normal and incognito profiles.

Test case 2

Notifications should always block in incognito.

  1. Visit https://permission.site/, request and Allow Notifications permission.
  2. Open https://permission.site/ in incognito, request Notifications permission.
  3. Expect permission is blocked.
  4. Expect brave://settings/content/notifications shows two records for a normal and incognito profiles.

Test case 3

Always-inheritable settings should work as usual.

  1. Select "Don't allow sites to show images" mode on brave://settings/content/images
  2. Visit https://brave.com/, make sure images are not loaded.
  3. Visit https://brave.com/ in incognito, make sure images are not loaded.
  4. Enable images via permissions dialog in incognito, reload:
    image
  5. Expect images are loaded and brave://settings/content/images contains an item for incognito profile.

@stephendonner
Copy link

stephendonner commented Sep 27, 2022
edited
Loading

Verification PASSED using

Brave 1.45.75 Chromium: 106.0.5249.65 (Official Build) beta (x86_64)
Revision 3269dc3633cdd2ab94546fdbe54962e45b17a6e0-refs/branch-heads/5249@{#580}
OS macOS Version 11.7 (Build 20G817)

Test 1: don't inherit less-permissive permissions - PASSED

Steps:

  1. loaded https://permission.site, request and Block Geolocation permission
  2. loaded https://permission.site in a Private tab, request Geolocation permission
  3. confirmed permission dialog is shown with Allow and Block buttons
  4. clicked on Block
  5. brave://settings/content/location shows two records for a normal and Private profiles
blocked (geo)location requested (geo)location brave://settings/content/location
Screen Shot 2022-09-27 at 1 31 29 PM Screen Shot 2022-09-27 at 1 31 48 PM Screen Shot 2022-09-27 at 1 34 54 PM

Test 2: always block notifications in Private windows - PASSED

Steps:

  1. loaded https://permission.site, request and Allow for the notifications permission
  2. opened https://permission.site in a Private tab, request notifications permission
  3. confirmed permission is blocked
  4. confirmed brave://settings/content/notifications shows two records for a normal and Private profiles
notifications allowed notifications blocked brave://settings/content/notifications
Screen Shot 2022-09-27 at 11 38 41 AM Screen Shot 2022-09-27 at 11 38 55 AM Screen Shot 2022-09-27 at 11 39 06 AM

Test 3: always-inheritable settings - PASSED

Steps:

  1. clicked on "Don't allow sites to show images" radio button on brave://settings/content/images
  2. loaded https://brave.com
  3. confirmed images weren't loaded
  4. visited https://brave.com in a Private tab
  5. confirmed images weren't loaded
  6. clicked to enable Sites can show images in a Private tab
  7. reloaded
  8. confirmed images are loaded and brave://settings/content/images contains an item for the Private-tab profile.
brave://settings/content/images normal window Private window toggled images on brave://settings/content/images
Screen Shot 2022-09-27 at 11 41 58 AM Screen Shot 2022-09-27 at 11 42 08 AM Screen Shot 2022-09-27 at 11 42 22 AM Screen Shot 2022-09-27 at 11 43 26 AM Screen Shot 2022-09-27 at 11 43 46 AM

@stephendonner stephendonner added QA/Test-Plan-Specified QA/In-Progress Indicates that QA is currently in progress for that particular issue QA Pass-macOS and removed QA/In-Progress Indicates that QA is currently in progress for that particular issue labels Sep 27, 2022
@MadhaviSeelam
Copy link

MadhaviSeelam commented Oct 3, 2022
edited by btlechowski
Loading

Verification PASSED using

Brave | 1.45.80 Chromium: 106.0.5249.65 (Official Build) beta (64-bit)
-- | --
Revision | 3269dc3633cdd2ab94546fdbe54962e45b17a6e0-refs/branch-heads/5249@{#580}
OS | Windows 11 Version 21H2 (Build 22000.978)

Install 1.45.80
launch Brave

Test 1: don't inherit less-permissive permissions - PASSED

Case 1: request and Block Geolocation permission

Steps:

  1. loaded https://permission.site,
  2. request and Block Geolocation permission for normal window
  3. loaded https://permission.site in a Private tab, request Geolocation permission
  4. confirmed permission dialog is shown with Allow and Block buttons
  5. clicked on Block
  6. brave://settings/content/location shows two records for a normal and Private profiles for Not allowed
step 1 step 2 step3-4 step5 step 6
image image image image image

Case 2: request and Allow Geolocation permission

Steps:

  1. loaded https://permission.site,
  2. request and Allow Geolocation permission for normal window
  3. loaded https://permission.site in a Private tab, request Geolocation permission
  4. confirmed permission dialog is shown with Allow and Block buttons
  5. clicked on Allow
  6. brave://settings/content/location shows two records for a normal and Private profiles for Allowed
step 1-2 step 3-4 step5 step 6
image image image image

Test 2: always block notifications in Private windows - PASSED

Steps:

  1. loaded https://permission.site, request and Allow for the notifications permission for normal window
  2. confirmed permission is allowed
  3. opened https://permission.site in a Private tab, request notifications permission
  4. confirmed permission is blocked
  5. confirmed brave://settings/content/notifications shows two records for a normal and Private profiles
step 1 step 2 step 3-4 step 5
image image image image

Test 3: always-inheritable settings - PASSED

Steps:

  1. clicked on "Don't allow sites to show images" radio button on brave://settings/content/images
  2. loaded https://brave.comin normal window
  3. confirmed images weren't loaded
  4. visited https://brave.com in a Private tab
  5. confirmed images weren't loaded
  6. clicked to enable Sites can show images in a Private tab
  7. reloaded and confirmed images are loaded
  8. brave://settings/content/images contains an item for the Private-tab profile.
step 1 step 2-3 step 4-5 step 6 step 7a step 7b step 8
image image image image image image image

Verification passed on

Brave 1.45.90 Chromium: 106.0.5249.103 (Official Build) beta (64-bit)
Revision 182570408a1f25ab2731ef5f283b918df9b9f956-refs/branch-heads/5249_91@{#6}
OS Ubuntu 18.04 LTS

Test 1: don't inherit less-permissive permissions - PASSED

Steps:

  1. loaded https://permission.site, request and Block Geolocation permission
  2. loaded https://permission.site in a Private tab, request Geolocation permission
  3. confirmed permission dialog is shown with Allow and Block buttons
  4. clicked on Block
  5. brave://settings/content/location shows two records for a normal and Private profiles
blocked (geo)location requested (geo)location brave://settings/content/location
image image image

Test 2: always block notifications in Private windows - PASSED

Steps:

  1. loaded https://permission.site, request and Allow for the notifications permission
  2. opened https://permission.site in a Private tab, request notifications permission
  3. confirmed permission is blocked
  4. confirmed brave://settings/content/notifications shows two records for a normal and Private profiles

image
image
image
image

Test 3: always-inheritable settings - PASSED

Steps:

  1. clicked on "Don't allow sites to show images" radio button on brave://settings/content/images
  2. loaded https://brave.com
  3. confirmed images weren't loaded
  4. visited https://brave.com in a Private tab
  5. confirmed images weren't loaded
  6. clicked to enable Sites can show images in a Private tab
  7. reloaded
  8. confirmed images are loaded and brave://settings/content/images contains an item for the Private-tab profile.
brave://settings/content/images normal window Private window toggled images on brave://settings/content/images
image image image image image

@Uni-verse Uni-verse added the QA/In-Progress Indicates that QA is currently in progress for that particular issue label Oct 19, 2022
@Uni-verse
Copy link
Contributor

Uni-verse commented Oct 20, 2022
edited
Loading

Verified on Samsung Galaxy S21 & Samsung Galaxy Tab S7 using the following build(s):

Brave	1.45.106 Chromium: 107.0.5304.36 (Official Build) (64-bit) 
Revision	2f9c7a5a1fe357d87e9bc07c65cca9136b3651c5-refs/branch-heads/5304@{#671}
OS	Android 12; Build/SP1A.210812.016

Used Test Plan in #24720 (comment)

Pass - Test Case 1: Don't inherit in incognito less than permissive settings.

Example Example Example Example
screenshot-1666278271249 screenshot-1666278353701 screenshot-1666278384777 screenshot-1666278553940

Pass Test Case 2: Notifications should always block in incognito.

Example Example
screenshot-1666278603463 screenshot-1666278709539

Pass Test Case 3: Always-inheritable settings

Example Example
screenshot-1666279017512 screenshot-1666279039428

@Uni-verse Uni-verse added QA Pass - Android ARM QA Pass - Android Tab and removed QA/In-Progress Indicates that QA is currently in progress for that particular issue labels Oct 20, 2022
@LaurenWags LaurenWags mentioned this issue Oct 24, 2022
Closed
@kjozwiak kjozwiak mentioned this issue Oct 27, 2022
Closed
@ghost ghost mentioned this issue Aug 16, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@goodov goodov

Labels
OS/Android Fixes related to Android browser functionality OS/Desktop QA Pass - Android ARM QA Pass - Android Tab QA Pass-Linux QA Pass-macOS QA Pass-Win64 QA/Test-All-Platforms QA/Test-Plan-Specified QA/Yes release-notes/include
Projects
None yet
Milestone
1.45.x - Release
Development

Successfully merging a pull request may close this issue.

Don't inherit privacy-sensitive content settings in incognito. brave/brave-core
7 participants
@stephendonner @goodov @Uni-verse @LaurenWags @btlechowski @brave-builds @MadhaviSeelam