Update adblock-rust with CSP rule support #8281
Conversation
antonok-edm
force-pushed
the
csp-filter-rules
branch
4 times, most recently
from
1e99555
to
814ec95
Compare
|
There are currently some lint errors due to brave/brave-browser#14803. I will get that sorted out first and rebase before merging, but this is ready for review otherwise. |
antonok-edm
force-pushed
the
csp-filter-rules
branch
2 times, most recently
from
12dec05
to
e475c29
Compare
antonok-edm
force-pushed
the
csp-filter-rules
branch
2 times, most recently
from
30dc53d
to
86154a9
Compare
| // If the override_response_headers have already been populated, we should | ||
| // use those directly. Otherwise, we populate them from the original | ||
| // headers. | ||
| if (!*override_response_headers) { | ||
| *override_response_headers = | ||
| new net::HttpResponseHeaders(response_headers->raw_headers()); | ||
| } |
There was a problem hiding this comment.
@iefremov it was confusing to me at first that override_response_headers is not reset in between OnHeadersReceived callbacks. The other callbacks are written to override the headers directly from the original response headers, which is okay when they're the first/only callback but problematic for any further callbacks.
Based on how this is all set up, I would have expected BraveRequestHandler to update response_headers with any non-null override_response_headers in between each callback. Just wanted to point this out in case it's unintentional or needs further work.
There was a problem hiding this comment.
yeah this probably can be improved
| @@ -16,6 +16,13 @@ int OnBeforeURLRequest_AdBlockTPPreWork( | |||
| const ResponseCallback& next_callback, | |||
| std::shared_ptr<BraveRequestInfo> ctx); | |||
|
|
|||
| int OnHeadersReceived_AdBlockCspWork( | |||
There was a problem hiding this comment.
can we please move this to a separate file and also wrap with a base::Feature flag
There was a problem hiding this comment.
FWIW I was modeling this off of ipfs_redirect_network_delegate_helper.h which has both the OnBeforeURLRequest and OnHeadersReceived callbacks in the same file.
antonok-edm
force-pushed
the
csp-filter-rules
branch
from
86154a9
to
045bd4f
Compare
| @@ -21,6 +22,7 @@ | |||
| #include "brave/common/pref_names.h" | |||
| #include "brave/components/brave_referrals/buildflags/buildflags.h" | |||
| #include "brave/components/brave_rewards/browser/buildflags/buildflags.h" | |||
| #include "brave/components/brave_shields/common/features.h" | |||
There was a problem hiding this comment.
Needs a dep in browser/net/BUILD.gn?
antonok-edm
force-pushed
the
csp-filter-rules
branch
from
045bd4f
to
4e9f881
Compare
| @@ -25,6 +25,9 @@ std::vector<adblock::FilterList>::const_iterator FindAdBlockFilterListByLocale( | |||
| std::vector<adblock::FilterList> RegionalCatalogFromJSON( | |||
| const std::string& catalog_json); | |||
|
|
|||
| void MergeCspDirectiveInto(base::Optional<std::string> from, | |||
There was a problem hiding this comment.
personally I don't see much sense in using Optional here and in the service (also CC recommends against it https://chromium.googlesource.com/chromium/src/+/master/docs/optional.md#when-not-to-use).
IMO just (potentially, empty) strings would be more readable.
There was a problem hiding this comment.
I think I disagree here. CSP is a security-sensitive topic, and it's important to make sure these directives are handled with appropriate care. Having the Optional enforces a stronger contract than just passing strings around, with a distinct semantic difference between "there is a directive here" and "no directive". I think it'd be tempting to bypass the merge function here altogether if working directly with strings; we have already run into some issues with incorrectly concatenated CSP directives in the past (e.g. brave/brave-browser#14752).
| // a URL or origin and not a string to a host name. | ||
| bool is_third_party = !SameDomainOrHost( | ||
| url, | ||
| url::Origin::CreateFromNormalizedTuple("https", tab_host.c_str(), 80), |
There was a problem hiding this comment.
-
you should
std::move(tab_host), as described in theCreateFromNormalizedTupledescription -
why not pass the full URL or Origin there from the very beginning?
There was a problem hiding this comment.
I'm just using the same implementation as ShouldStartRequest directly above; would be good to keep the same behavior between the two since I use both the same way in adblock-rust. I think it's worth addressing in a followup.
There was a problem hiding this comment.
yeah, ok - could you file a follow-up to change tab_host from string to GURL in ShouldStartRequest ?
There was a problem hiding this comment.
|
|
||
| (*override_response_headers)->RemoveHeader("Content-Security-Policy"); | ||
|
|
||
| task_runner->PostTaskAndReplyWithResult( |
There was a problem hiding this comment.
I don't really like the idea of adding new thread hops, but we probably can leave it for now until bigger refactoring. I think at some point we should allow querying certain things (e.g. csp rules) from the service on UI thread to avoid jumping between threads, since the jump adds more delay than the lookup
antonok-edm
force-pushed
the
csp-filter-rules
branch
from
4e9f881
to
01b3e0a
Compare
Resolves brave/brave-browser#14792
Security/privacy review at https://github.com/brave/security/issues/374
Submitter Checklist:
QA/YesorQA/No;release-notes/includeorrelease-notes/exclude;OS/...) to the associated issuenpm run test -- brave_browser_tests,npm run test -- brave_unit_tests,npm run lint,npm run gn_check,npm run tslintgit rebase master(if needed)Reviewer Checklist:
gnAfter-merge Checklist:
changes has landed on
Test Plan:
Visit http://pirateiro.com/. Refresh the page while the developer console is open, and check in the console to verify that the browser refused to load scripts violating the policy
script-src 'self' 'unsafe-inline' https://hcaptcha.com *.hcaptcha.com.On Android, it will be sufficient to observe 0 blocked items in the Shields panel rather than 5 (the requests are still blocked, but will not increment the counter).