Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Restore navigator.plugins and navigator.mimeTypes as PDF-focused #6738

Merged
merged 9 commits into from
Jul 13, 2021

Conversation

domenic
Copy link
Member

@domenic domenic commented Jun 4, 2021

This is an attempt at addressing the discussion starting at #6003 (comment).

It ensures browsers only vary on a single boolean, "PDF viewer supported". Then, it:

  • Standardizes a new navigator.pdfSupported property which exposes that boolean directly.
  • Makes the legacy navigator.plugins and navigator.mimeType interfaces expose a uniform set of Plugin and MimeType objects, across every browser, in one of two configurations (depending on the PDF viewer supported boolean).

For PDF viewer supported UAs, the resulting structure is:

  • 5 Plugin objects, named (in order) "PDF Viewer", "Chrome PDF Viewer", "Chromium PDF Viewer", "Microsoft Edge PDF Viewer", "WebKit built-in PDF".
    • description: "Portable Document Format" (like Chrome. Safari is the empty string.)
    • filename: "internal-pdf-viewer" (like one of Chrome's two possibilities. Safari is the empty string.)
    • All 5 point to both of the following MimeType objects via their named/indexed properties.
  • 2 MimeType objects, for the types "application/pdf" and "text/pdf".
    • description: "Portable Document Format" (like both Safari and Chrome)
    • suffixes: "pdf" (like both Safari and Chrome)
    • Both point to the 0th "PDF Viewer" Plugin object via their enabledPlugin getter.
    • application/x-google-chrome-pdf is not included

(See WHATWG Working Mode: Changes for more details.)

Original change description This is an attempt at addressing the discussion starting at https://github.com//issues/6003#issuecomment-805389170. There is another approach, discussed in https://github.com//issues/6003#issuecomment-854887958, which might supersede this one.

It also includes navigator.pdfSupported as a modern way of doing detection so that web developers have a bit of an easier time, and maybe in five years we can revisit removing navigator.plugins and navigator.mimeTypes.

This approach (for PDF-supporting UAs) is:

  • Such UAs have a single Plugin with the following properties:
    • name: implementation-defined, but must contain the string "PDF".
    • description: "Portable Document Format" (like Chrome. Safari is the empty string.)
    • filename: "internal-pdf-viewer" (like one of Chrome's two possibilities. Safari is the empty string.)
  • Such UAs have two MimeTypes with the following properties:
    • type: application/pdf for the 0th, and text/pdf for the 1st. (Like Safari. Chrome has application/x-google-chrome-pdf for the 0th, and application/pdf for the 1st.)
    • description: "Portable Document Format" (like both Safari and Chrome)
    • suffixes: "pdf" (like both Safari and Chrome)
  • These objects are related in the following manner: the Plugin maps to both MimeTypes (via named/indexed properties), and each MimeType maps to the single Plugin (via its enabledPlugin getter).

Notable differences in object structure:

  • Safari also has a third MimeType for application/postscript, mapping to the same Plugin. Per Removing plugins? #6003 (comment) I left that out (although you can see an earlier commit that supported it).

  • Chrome has two MimeTypes and two corresponding Plugins which map to each other. I went with the single-plugin-two-MimeType approach from Safari because it's simpler.

Potential variants:

  • We could try to cut out text/pdf. It's somewhat harmless but while we're simplifying it might be nice to get rid of...

  • This leaves one bit of implementation-defined behavior, the name of the plugin. Could we clean that up? See the discussion in Removing plugins? #6003 (comment).


/browsing-the-web.html ( diff )
/common-dom-interfaces.html ( diff )
/index.html ( diff )
/infrastructure.html ( diff )
/obsolete.html ( diff )
/system-state.html ( diff )
/window-object.html ( diff )

domenic added 2 commits June 4, 2021 12:39
- Adds window.pdfSupported
- Either 0, 2, or 3 MIME types (the third is PostScript)
- 1 Plugin, with implementation-defined name
@domenic domenic mentioned this pull request Jun 4, 2021
@domenic domenic requested a review from annevk June 10, 2021 21:01
@domenic domenic added the interop Implementations are not interoperable with each other label Jun 15, 2021
Copy link
Member

@annevk annevk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good editorially, but is everyone on the same page with regards to the PDF boolean? Does this match what implementations do today when the user disables inline viewing support? And also, does this allow for an implementation to say that it's not supported, but still support it? (I think that's what mobile Safari does.)

cc @rniwa @smaug----

@domenic
Copy link
Member Author

domenic commented Jun 17, 2021

Does this match what implementations do today when the user disables inline viewing support?

Quite probably not, but I think there was general interest in aligning on this model to reduce fingerprinting.

And also, does this allow for an implementation to say that it's not supported, but still support it? (I think that's what mobile Safari does.)

Yes, this is allowed. There is no connection between the boolean and the navigation processing model, so they can vary independently.

@annevk
Copy link
Member

annevk commented Jun 17, 2021

Given web-platform-tests/wpt#27129 it seems more useful if this is aligned with the processing model (and thus user preferences) at no additional fingerprinting cost (unless you take into account how quickly you can acquire the bit). Although that would argue that mobile Safari changes what they do. Hmm, I guess I'm curious what others think.

source Outdated
<dd>
<p>Returns true if the user agent supports inline viewing of PDF files, or false otherwise.</p>

<p>Note that this does not reflect user preferences, but instead the basic capabilities of the user agent. If the user agent supports PDF viewing, but a user has disabled that ability through a browser preference, this property still returns true.</p>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm, I do think this should reflect the user preference. The code that was incompatible with the original "empty" plugins list was just trying to figure out if that setting was on/off, so they could take appropriate action. And from an author point of view, I do see the need. If PDFs are supported, show the PDF. If not, take a different course of action which may or may not involve downloading the PDF or showing something alternative. Or just not giving them the option to see a PDF in the first place.

source Outdated
false, to reflect the inherent capabilities of these different browser builds. But if the user
disables inline PDF viewing on the desktop browser, the user agent has to keep the <span>PDF
viewer supported</span> value of true, so as to avoid identifying users which have changed that
setting.</p>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I do understand that this exposes one bit of entropy. But the original list already exposed that same bit, and we're hopefully reducing the remaining (>1 bit) entropy leak from the previously variable plugin lists. And I believe developers do need a way to tell whether PDFs are viewable, no?

@mfreed7
Copy link
Contributor

mfreed7 commented Jun 17, 2021

Nice work on this PR - it looks very clean and makes sense to me. I think with one exception (see below), it should be web compatible for at least the previously-identified breakages from the empty plugins array.

Given web-platform-tests/wpt#27129 it seems more useful if this is aligned with the processing model (and thus user preferences) at no additional fingerprinting cost (unless you take into account how quickly you can acquire the bit). Although that would argue that mobile Safari changes what they do. Hmm, I guess I'm curious what others think.

I put some comments in to this effect as well, but I think the bit needs to reflect the user preference, for web compat as well as general developer capabilities.

@domenic
Copy link
Member Author

domenic commented Jun 22, 2021

I'm working on such a change now, including updates to the navigate processing model.

I wrote a quick test to see how text/pdf should play into things and I found out that in Chrome and Firefox at least, if the server sets text/pdf, the result is not treated as a PDF:

However in Safari it is.

Probably we should align on Safari behavior, since it doesn't hurt anything and keeps things in sync with navigator.mimeTypes? Or we could remove text/pdf from navigator.mimeTypes and ask Safari to remove this...

@domenic
Copy link
Member Author

domenic commented Jun 22, 2021

I've pushed a commit that makes pdf viewer support respect user preferences and be tied to the processing model (although the navigation processing model is a bit shaky around plugins/"inline content").

@mfreed7
Copy link
Contributor

mfreed7 commented Jun 22, 2021

I'm working on such a change now, including updates to the navigate processing model.

Thanks for working on the change to respect user preferences!

I wrote a quick test to see how text/pdf should play into things and I found out that in Chrome and Firefox at least, if the server sets text/pdf, the result is not treated as a PDF:

However in Safari it is.

Probably we should align on Safari behavior, since it doesn't hurt anything and keeps things in sync with navigator.mimeTypes? Or we could remove text/pdf from navigator.mimeTypes and ask Safari to remove this...

I agree that this sounds like a bug in Chromium to me - I would think text/pdf should invoke the PDF viewer. Do you know if that's already been reported as a bug? If not, I can file it.

@domenic
Copy link
Member Author

domenic commented Jun 22, 2021

I'm not aware of such a bug. Arguably it's more correct to not support text/pdf, since the official MIME type is application/pdf. But since this whole business is an exercise in maximal compatibility anyway, that's why I was leaning toward supporting it in Chrome.

@mfreed7
Copy link
Contributor

mfreed7 commented Jun 23, 2021

I'm not aware of such a bug. Arguably it's more correct to not support text/pdf, since the official MIME type is application/pdf. But since this whole business is an exercise in maximal compatibility anyway, that's why I was leaning toward supporting it in Chrome.

I agree with the last part of what you said - let's try to maximize compatibility. It doesn't seem like there should be any potential issues with starting to run the PDF viewer on text/pdf files, when they currently just show the user garbage. But you never know, I guess?

Side-note, Gecko puts up a "What should Firefox do with this file?" dialog for text/pdf, and doesn't display it.

I filed this Chromium bug.

source Outdated Show resolved Hide resolved
@domenic
Copy link
Member Author

domenic commented Jul 1, 2021

@rniwa, ping to give your review on the choices we've made here. What do you think?

@mfreed7
Copy link
Contributor

mfreed7 commented Jul 9, 2021

@smaug---- also ping. We discussed this overall change at the last spec triage meeting, and I believe you were supportive, but this was not captured in the notes. Could you please confirm your support here?

@domenic
Copy link
Member Author

domenic commented Jul 13, 2021

I'd like to merge and file bugs on this now, since we had supportive comments from Mozilla and Apple at the triage meeting and in #6003. Normally I'd prefer to get more explicit support for the exact proposal, but we have a bit of an unusual situation here, where the current spec (post-#6296) does not have the support of the implementer community. So moving from the current empty-lists spec to this spec is a strict improvement, I think.

I still do need a green checkmark from someone with write privileges, though. @foolip perhaps? (I believe @annevk is out of office.)

@mfreed7
Copy link
Contributor

mfreed7 commented Jul 13, 2021

I'd like to merge and file bugs on this now, since we had supportive comments from Mozilla and Apple at the triage meeting and in #6003. Normally I'd prefer to get more explicit support for the exact proposal, but we have a bit of an unusual situation here, where the current spec (post-#6296) does not have the support of the implementer community. So moving from the current empty-lists spec to this spec is a strict improvement, I think.

I still do need a green checkmark from someone with write privileges, though. @foolip perhaps? (I believe @annevk is out of office.)

Thank you - I agree that it would be good to merge this. I'm working through the Intent to Ship for Chromium, but this was an immediate question. As I mentioned above, I do believe there was agreement on this direction from (at least) @smaug---- at the last meeting, but that isn't documented, unfortunately.

@foolip foolip added the impacts documentation Used by documentation communities, such as MDN, to track changes that impact documentation label Jul 13, 2021
Copy link
Member

@foolip foolip left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Green check mark with nits.


<div w-nodev>

<p>Although these days detecting PDF viewer support can be done via <code
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great note!


<p class="note">These names were chosen based on evidence of what websites historically search
for, and thus what is necessary for user agents to expose in order to maintain compatibility with
existing content. They are ordered alphabetically The "<code data-x="">PDF Viewer</code>" name was
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
existing content. They are ordered alphabetically The "<code data-x="">PDF Viewer</code>" name was
existing content. They are ordered alphabetically. The "<code data-x="">PDF Viewer</code>" name was

<li><p>Return null.</p></li>
</ol>

<p>The <code>PluginArray</code> interface <span data-x="support named properties">support indexed
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
<p>The <code>PluginArray</code> interface <span data-x="support named properties">support indexed
<p>The <code>PluginArray</code> interface <span data-x="support named properties">supports indexed

</ol>

<p>The <code>PluginArray</code> interface's <dfn attribute for="PluginArray"><code
data-x="dom-PluginArray-length">length</code></dfn> getter steps are to return 5 if the user
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Optional nit: the hardcoded 5 here is kind of fun, but could this instead be defined in terms of the "PDF viewer plugin objects", with less words overall?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, good point, the 5 could be nicer since we can just look at the size of the list. The « 0, 1, 2, 3, 4 » is a bit trickier to make generic, just in terms of wording... I might try anyway.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll punt on fixing the indices for now but can do an editorial followup once whatwg/infra#386 is merged.

mariospr added a commit to brave/brave-core that referenced this pull request Aug 19, 2021
…ssInfo

MimeClassInfo now requires to pass a list of extensions to the
constructor, so we need to generate at least a random one to create
the fake MimeClassInfo used for farbling purposes.

FIXME: 3 browser tests failing likely because of this patch being wrong:

  BraveNavigatorPluginsFarblingBrowserTest.FarbleNavigatorPlugins
  BraveNavigatorPluginsFarblingBrowserTest.FarbleNavigatorPluginsBuiltin
  BraveNavigatorPluginsFarblingBrowserTest.FarbleNavigatorPluginsReset

Chromium change:

https://source.chromium.org/chromium/chromium/src/+/fb96360c18b517bcc487c0de7235eec27e3adf5e

commit fb96360c18b517bcc487c0de7235eec27e3adf5e
Author: Mason Freed <masonf@chromium.org>
Date:   Fri Aug 6 20:20:17 2021 +0000

    Hard-code the list of plugins and mimetypes in navigator

    See [1] for a previous attempt to completely empty the navigator.plugins
    and navigator.mimeTypes APIs. That caused site breakage due to sites
    scanning for a PDF reader. This new attempt is discussed in significant
    detail in [2], and involves the hard-coding of a list of PDF viewers and
    mime types.

    The plugins/mimetypes lists will be empty if the user setting to
    download PDFs instead of viewing them
    (chrome://settings/content/pdfDocuments) is enabled. This is to ensure
    compat with sites that scan the plugins list for specific PDF plugins
    to decide on behavior. Prior to this CL, when the PDF viewer is
    disabled, the PDF viewer plugins are unloaded.

    Tests were copied mostly verbatim from [3], thanks @domenic.

    I2S:
    https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM

    [1] https://chromium-review.googlesource.com/c/chromium/src/+/2783393
    [2] whatwg/html#6738
    [3] web-platform-tests/wpt#29559

    Bug: 1164635
mariospr added a commit to brave/brave-core that referenced this pull request Aug 19, 2021
The CL below made a change to make fingerprinting more difficult in
Chromium without breaking existing sites by returning a fixed list
of PDF plugins, regardless of the actual ones available, which broke
our farbling of the navigator.plugins array.

Since farbling in Brave works in a different way (i.e. differently
depending on the selected "farbling level"), we're just disabling this
runtime feature to get back to the original code we had before, which
would make sure the actual list of plugins is only returned if the
used has explicitly disabled fingerprinting protections, otherwise
a farbled, randomly generated and always different list of plugins
will be returned (which is better than a fixed list anyway).

Last, we add some new chromium_src overrides here to avoid the need
of a C++ patch to disable this runtime feature via WebRuntimeFeatures.

Chromium change:

https://chromium.googlesource.com/chromium/src/+/fb96360c18b517bcc487c0de7235eec27e3adf5e

commit fb96360c18b517bcc487c0de7235eec27e3adf5e
Author: Mason Freed <masonf@chromium.org>
Date:   Fri Aug 6 20:20:17 2021 +0000

    Hard-code the list of plugins and mimetypes in navigator

    See [1] for a previous attempt to completely empty the navigator.plugins
    and navigator.mimeTypes APIs. That caused site breakage due to sites
    scanning for a PDF reader. This new attempt is discussed in significant
    detail in [2], and involves the hard-coding of a list of PDF viewers and
    mime types.

    The plugins/mimetypes lists will be empty if the user setting to
    download PDFs instead of viewing them
    (chrome://settings/content/pdfDocuments) is enabled. This is to ensure
    compat with sites that scan the plugins list for specific PDF plugins
    to decide on behavior. Prior to this CL, when the PDF viewer is
    disabled, the PDF viewer plugins are unloaded.

    Tests were copied mostly verbatim from [3], thanks @domenic.

    I2S:
    https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM

    [1] https://chromium-review.googlesource.com/c/chromium/src/+/2783393
    [2] whatwg/html#6738
    [3] web-platform-tests/wpt#29559

    Bug: 1164635
jamienicol pushed a commit to jamienicol/gecko that referenced this pull request Aug 20, 2021
…pes in navigator, a=testonly

Automatic update from web-platform-tests
Hard-code the list of plugins and mimetypes in navigator

See [1] for a previous attempt to completely empty the navigator.plugins
and navigator.mimeTypes APIs. That caused site breakage due to sites
scanning for a PDF reader. This new attempt is discussed in significant
detail in [2], and involves the hard-coding of a list of PDF viewers and
mime types.

The plugins/mimetypes lists will be empty if the user setting to
download PDFs instead of viewing them
(chrome://settings/content/pdfDocuments) is enabled. This is to ensure
compat with sites that scan the plugins list for specific PDF plugins
to decide on behavior. Prior to this CL, when the PDF viewer is
disabled, the PDF viewer plugins are unloaded.

Tests were copied mostly verbatim from [3], thanks @domenic.

I2S:
https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM

[1] https://chromium-review.googlesource.com/c/chromium/src/+/2783393
[2] whatwg/html#6738
[3] web-platform-tests/wpt#29559

Bug: 1164635
Change-Id: I7c52af5b918768d8b4c4a9faa409fb4e6b72ecc2
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3017890
Commit-Queue: Mason Freed <masonf@chromium.org>
Auto-Submit: Mason Freed <masonf@chromium.org>
Reviewed-by: Joey Arhar <jarhar@chromium.org>
Reviewed-by: Chris Harrelson <chrishtr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#909443}

--

wpt-commits: 7be5ecfd72f0e95257f435a101b88e5ad277206f
wpt-pr: 29652
mariospr added a commit to brave/brave-core that referenced this pull request Aug 20, 2021
…ssInfo

MimeClassInfo now requires to pass a list of extensions to the
constructor, so we need to generate at least a random one to create
the fake MimeClassInfo used for farbling purposes.

FIXME: 3 browser tests failing likely because of this patch being wrong:

  BraveNavigatorPluginsFarblingBrowserTest.FarbleNavigatorPlugins
  BraveNavigatorPluginsFarblingBrowserTest.FarbleNavigatorPluginsBuiltin
  BraveNavigatorPluginsFarblingBrowserTest.FarbleNavigatorPluginsReset

Chromium change:

https://source.chromium.org/chromium/chromium/src/+/fb96360c18b517bcc487c0de7235eec27e3adf5e

commit fb96360c18b517bcc487c0de7235eec27e3adf5e
Author: Mason Freed <masonf@chromium.org>
Date:   Fri Aug 6 20:20:17 2021 +0000

    Hard-code the list of plugins and mimetypes in navigator

    See [1] for a previous attempt to completely empty the navigator.plugins
    and navigator.mimeTypes APIs. That caused site breakage due to sites
    scanning for a PDF reader. This new attempt is discussed in significant
    detail in [2], and involves the hard-coding of a list of PDF viewers and
    mime types.

    The plugins/mimetypes lists will be empty if the user setting to
    download PDFs instead of viewing them
    (chrome://settings/content/pdfDocuments) is enabled. This is to ensure
    compat with sites that scan the plugins list for specific PDF plugins
    to decide on behavior. Prior to this CL, when the PDF viewer is
    disabled, the PDF viewer plugins are unloaded.

    Tests were copied mostly verbatim from [3], thanks @domenic.

    I2S:
    https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM

    [1] https://chromium-review.googlesource.com/c/chromium/src/+/2783393
    [2] whatwg/html#6738
    [3] web-platform-tests/wpt#29559

    Bug: 1164635
mariospr added a commit to brave/brave-core that referenced this pull request Aug 20, 2021
The CL below made a change to make fingerprinting more difficult in
Chromium without breaking existing sites by returning a fixed list
of PDF plugins, regardless of the actual ones available, which broke
our farbling of the navigator.plugins array.

Since farbling in Brave works in a different way (i.e. differently
depending on the selected "farbling level"), we're just disabling this
runtime feature to get back to the original code we had before, which
would make sure the actual list of plugins is only returned if the
used has explicitly disabled fingerprinting protections, otherwise
a farbled, randomly generated and always different list of plugins
will be returned (which is better than a fixed list anyway).

Last, we add some new chromium_src overrides here to avoid the need
of a C++ patch to disable this runtime feature via WebRuntimeFeatures.

Chromium change:

https://chromium.googlesource.com/chromium/src/+/fb96360c18b517bcc487c0de7235eec27e3adf5e

commit fb96360c18b517bcc487c0de7235eec27e3adf5e
Author: Mason Freed <masonf@chromium.org>
Date:   Fri Aug 6 20:20:17 2021 +0000

    Hard-code the list of plugins and mimetypes in navigator

    See [1] for a previous attempt to completely empty the navigator.plugins
    and navigator.mimeTypes APIs. That caused site breakage due to sites
    scanning for a PDF reader. This new attempt is discussed in significant
    detail in [2], and involves the hard-coding of a list of PDF viewers and
    mime types.

    The plugins/mimetypes lists will be empty if the user setting to
    download PDFs instead of viewing them
    (chrome://settings/content/pdfDocuments) is enabled. This is to ensure
    compat with sites that scan the plugins list for specific PDF plugins
    to decide on behavior. Prior to this CL, when the PDF viewer is
    disabled, the PDF viewer plugins are unloaded.

    Tests were copied mostly verbatim from [3], thanks @domenic.

    I2S:
    https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM

    [1] https://chromium-review.googlesource.com/c/chromium/src/+/2783393
    [2] whatwg/html#6738
    [3] web-platform-tests/wpt#29559

    Bug: 1164635
mariospr added a commit to brave/brave-core that referenced this pull request Aug 20, 2021
MimeClassInfo now requires to pass a list of extensions to the
constructor, so we need to generate at least a random one to create
the fake MimeClassInfo used for farbling purposes.

Note that 3 browser tests failing likely because of this patch:

  BraveNavigatorPluginsFarblingBrowserTest.FarbleNavigatorPlugins
  BraveNavigatorPluginsFarblingBrowserTest.FarbleNavigatorPluginsBuiltin
  BraveNavigatorPluginsFarblingBrowserTest.FarbleNavigatorPluginsReset

This is because of Chromium now enabling a feature that will return a
hardcoded list via navigator.plugins which is incompatible with Brave's
farbling code. That will be addressed in the next patch.

Chromium change:

https://source.chromium.org/chromium/chromium/src/+/fb96360c18b517bcc487c0de7235eec27e3adf5e

commit fb96360c18b517bcc487c0de7235eec27e3adf5e
Author: Mason Freed <masonf@chromium.org>
Date:   Fri Aug 6 20:20:17 2021 +0000

    Hard-code the list of plugins and mimetypes in navigator

    See [1] for a previous attempt to completely empty the navigator.plugins
    and navigator.mimeTypes APIs. That caused site breakage due to sites
    scanning for a PDF reader. This new attempt is discussed in significant
    detail in [2], and involves the hard-coding of a list of PDF viewers and
    mime types.

    The plugins/mimetypes lists will be empty if the user setting to
    download PDFs instead of viewing them
    (chrome://settings/content/pdfDocuments) is enabled. This is to ensure
    compat with sites that scan the plugins list for specific PDF plugins
    to decide on behavior. Prior to this CL, when the PDF viewer is
    disabled, the PDF viewer plugins are unloaded.

    Tests were copied mostly verbatim from [3], thanks @domenic.

    I2S:
    https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM

    [1] https://chromium-review.googlesource.com/c/chromium/src/+/2783393
    [2] whatwg/html#6738
    [3] web-platform-tests/wpt#29559

    Bug: 1164635
mariospr added a commit to brave/brave-core that referenced this pull request Aug 20, 2021
The CL below made a change to make fingerprinting more difficult in
Chromium without breaking existing sites by returning a fixed list
of PDF plugins, regardless of the actual ones available, which broke
our farbling of the navigator.plugins array.

Since farbling in Brave works in a different way (i.e. differently
depending on the selected "farbling level"), we're just disabling this
runtime feature to get back to the original code we had before, which
would make sure the actual list of plugins is only returned if the
used has explicitly disabled fingerprinting protections, otherwise
a farbled, randomly generated and always different list of plugins
will be returned (which is better than a fixed list anyway).

Last, we add some new chromium_src overrides here to avoid the need
of a C++ patch to disable this runtime feature via WebRuntimeFeatures.

Chromium change:

https://chromium.googlesource.com/chromium/src/+/fb96360c18b517bcc487c0de7235eec27e3adf5e

commit fb96360c18b517bcc487c0de7235eec27e3adf5e
Author: Mason Freed <masonf@chromium.org>
Date:   Fri Aug 6 20:20:17 2021 +0000

    Hard-code the list of plugins and mimetypes in navigator

    See [1] for a previous attempt to completely empty the navigator.plugins
    and navigator.mimeTypes APIs. That caused site breakage due to sites
    scanning for a PDF reader. This new attempt is discussed in significant
    detail in [2], and involves the hard-coding of a list of PDF viewers and
    mime types.

    The plugins/mimetypes lists will be empty if the user setting to
    download PDFs instead of viewing them
    (chrome://settings/content/pdfDocuments) is enabled. This is to ensure
    compat with sites that scan the plugins list for specific PDF plugins
    to decide on behavior. Prior to this CL, when the PDF viewer is
    disabled, the PDF viewer plugins are unloaded.

    Tests were copied mostly verbatim from [3], thanks @domenic.

    I2S:
    https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM

    [1] https://chromium-review.googlesource.com/c/chromium/src/+/2783393
    [2] whatwg/html#6738
    [3] web-platform-tests/wpt#29559

    Bug: 1164635
mkarolin pushed a commit to brave/brave-core that referenced this pull request Aug 26, 2021
MimeClassInfo now requires to pass a list of extensions to the
constructor, so we need to generate at least a random one to create
the fake MimeClassInfo used for farbling purposes.

Note that 3 browser tests failing likely because of this patch:

  BraveNavigatorPluginsFarblingBrowserTest.FarbleNavigatorPlugins
  BraveNavigatorPluginsFarblingBrowserTest.FarbleNavigatorPluginsBuiltin
  BraveNavigatorPluginsFarblingBrowserTest.FarbleNavigatorPluginsReset

This is because of Chromium now enabling a feature that will return a
hardcoded list via navigator.plugins which is incompatible with Brave's
farbling code. That will be addressed in the next patch.

Chromium change:

https://source.chromium.org/chromium/chromium/src/+/fb96360c18b517bcc487c0de7235eec27e3adf5e

commit fb96360c18b517bcc487c0de7235eec27e3adf5e
Author: Mason Freed <masonf@chromium.org>
Date:   Fri Aug 6 20:20:17 2021 +0000

    Hard-code the list of plugins and mimetypes in navigator

    See [1] for a previous attempt to completely empty the navigator.plugins
    and navigator.mimeTypes APIs. That caused site breakage due to sites
    scanning for a PDF reader. This new attempt is discussed in significant
    detail in [2], and involves the hard-coding of a list of PDF viewers and
    mime types.

    The plugins/mimetypes lists will be empty if the user setting to
    download PDFs instead of viewing them
    (chrome://settings/content/pdfDocuments) is enabled. This is to ensure
    compat with sites that scan the plugins list for specific PDF plugins
    to decide on behavior. Prior to this CL, when the PDF viewer is
    disabled, the PDF viewer plugins are unloaded.

    Tests were copied mostly verbatim from [3], thanks @domenic.

    I2S:
    https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM

    [1] https://chromium-review.googlesource.com/c/chromium/src/+/2783393
    [2] whatwg/html#6738
    [3] web-platform-tests/wpt#29559

    Bug: 1164635
mkarolin pushed a commit to brave/brave-core that referenced this pull request Aug 26, 2021
The CL below made a change to make fingerprinting more difficult in
Chromium without breaking existing sites by returning a fixed list
of PDF plugins, regardless of the actual ones available, which broke
our farbling of the navigator.plugins array.

Since farbling in Brave works in a different way (i.e. differently
depending on the selected "farbling level"), we're just disabling this
runtime feature to get back to the original code we had before, which
would make sure the actual list of plugins is only returned if the
used has explicitly disabled fingerprinting protections, otherwise
a farbled, randomly generated and always different list of plugins
will be returned (which is better than a fixed list anyway).

Last, we add some new chromium_src overrides here to avoid the need
of a C++ patch to disable this runtime feature via WebRuntimeFeatures.

Chromium change:

https://chromium.googlesource.com/chromium/src/+/fb96360c18b517bcc487c0de7235eec27e3adf5e

commit fb96360c18b517bcc487c0de7235eec27e3adf5e
Author: Mason Freed <masonf@chromium.org>
Date:   Fri Aug 6 20:20:17 2021 +0000

    Hard-code the list of plugins and mimetypes in navigator

    See [1] for a previous attempt to completely empty the navigator.plugins
    and navigator.mimeTypes APIs. That caused site breakage due to sites
    scanning for a PDF reader. This new attempt is discussed in significant
    detail in [2], and involves the hard-coding of a list of PDF viewers and
    mime types.

    The plugins/mimetypes lists will be empty if the user setting to
    download PDFs instead of viewing them
    (chrome://settings/content/pdfDocuments) is enabled. This is to ensure
    compat with sites that scan the plugins list for specific PDF plugins
    to decide on behavior. Prior to this CL, when the PDF viewer is
    disabled, the PDF viewer plugins are unloaded.

    Tests were copied mostly verbatim from [3], thanks @domenic.

    I2S:
    https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM

    [1] https://chromium-review.googlesource.com/c/chromium/src/+/2783393
    [2] whatwg/html#6738
    [3] web-platform-tests/wpt#29559

    Bug: 1164635
mariospr added a commit to brave/brave-core that referenced this pull request Aug 31, 2021
MimeClassInfo now requires to pass a list of extensions to the
constructor, so we need to generate at least a random one to create
the fake MimeClassInfo used for farbling purposes.

Note that 3 browser tests failing likely because of this patch:

  BraveNavigatorPluginsFarblingBrowserTest.FarbleNavigatorPlugins
  BraveNavigatorPluginsFarblingBrowserTest.FarbleNavigatorPluginsBuiltin
  BraveNavigatorPluginsFarblingBrowserTest.FarbleNavigatorPluginsReset

This is because of Chromium now enabling a feature that will return a
hardcoded list via navigator.plugins which is incompatible with Brave's
farbling code. That will be addressed in the next patch.

Chromium change:

https://source.chromium.org/chromium/chromium/src/+/fb96360c18b517bcc487c0de7235eec27e3adf5e

commit fb96360c18b517bcc487c0de7235eec27e3adf5e
Author: Mason Freed <masonf@chromium.org>
Date:   Fri Aug 6 20:20:17 2021 +0000

    Hard-code the list of plugins and mimetypes in navigator

    See [1] for a previous attempt to completely empty the navigator.plugins
    and navigator.mimeTypes APIs. That caused site breakage due to sites
    scanning for a PDF reader. This new attempt is discussed in significant
    detail in [2], and involves the hard-coding of a list of PDF viewers and
    mime types.

    The plugins/mimetypes lists will be empty if the user setting to
    download PDFs instead of viewing them
    (chrome://settings/content/pdfDocuments) is enabled. This is to ensure
    compat with sites that scan the plugins list for specific PDF plugins
    to decide on behavior. Prior to this CL, when the PDF viewer is
    disabled, the PDF viewer plugins are unloaded.

    Tests were copied mostly verbatim from [3], thanks @domenic.

    I2S:
    https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM

    [1] https://chromium-review.googlesource.com/c/chromium/src/+/2783393
    [2] whatwg/html#6738
    [3] web-platform-tests/wpt#29559

    Bug: 1164635
mariospr added a commit to brave/brave-core that referenced this pull request Aug 31, 2021
The CL below made a change to make fingerprinting more difficult in
Chromium without breaking existing sites by returning a fixed list
of PDF plugins, regardless of the actual ones available, which broke
our farbling of the navigator.plugins array.

Since farbling in Brave works in a different way (i.e. differently
depending on the selected "farbling level"), we're just disabling this
runtime feature to get back to the original code we had before, which
would make sure the actual list of plugins is only returned if the
used has explicitly disabled fingerprinting protections, otherwise
a farbled, randomly generated and always different list of plugins
will be returned (which is better than a fixed list anyway).

Last, we add some new chromium_src overrides here to avoid the need
of a C++ patch to disable this runtime feature via WebRuntimeFeatures.

Chromium change:

https://chromium.googlesource.com/chromium/src/+/fb96360c18b517bcc487c0de7235eec27e3adf5e

commit fb96360c18b517bcc487c0de7235eec27e3adf5e
Author: Mason Freed <masonf@chromium.org>
Date:   Fri Aug 6 20:20:17 2021 +0000

    Hard-code the list of plugins and mimetypes in navigator

    See [1] for a previous attempt to completely empty the navigator.plugins
    and navigator.mimeTypes APIs. That caused site breakage due to sites
    scanning for a PDF reader. This new attempt is discussed in significant
    detail in [2], and involves the hard-coding of a list of PDF viewers and
    mime types.

    The plugins/mimetypes lists will be empty if the user setting to
    download PDFs instead of viewing them
    (chrome://settings/content/pdfDocuments) is enabled. This is to ensure
    compat with sites that scan the plugins list for specific PDF plugins
    to decide on behavior. Prior to this CL, when the PDF viewer is
    disabled, the PDF viewer plugins are unloaded.

    Tests were copied mostly verbatim from [3], thanks @domenic.

    I2S:
    https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM

    [1] https://chromium-review.googlesource.com/c/chromium/src/+/2783393
    [2] whatwg/html#6738
    [3] web-platform-tests/wpt#29559

    Bug: 1164635
mkarolin pushed a commit to brave/brave-core that referenced this pull request Sep 1, 2021
MimeClassInfo now requires to pass a list of extensions to the
constructor, so we need to generate at least a random one to create
the fake MimeClassInfo used for farbling purposes.

Note that 3 browser tests failing likely because of this patch:

  BraveNavigatorPluginsFarblingBrowserTest.FarbleNavigatorPlugins
  BraveNavigatorPluginsFarblingBrowserTest.FarbleNavigatorPluginsBuiltin
  BraveNavigatorPluginsFarblingBrowserTest.FarbleNavigatorPluginsReset

This is because of Chromium now enabling a feature that will return a
hardcoded list via navigator.plugins which is incompatible with Brave's
farbling code. That will be addressed in the next patch.

Chromium change:

https://source.chromium.org/chromium/chromium/src/+/fb96360c18b517bcc487c0de7235eec27e3adf5e

commit fb96360c18b517bcc487c0de7235eec27e3adf5e
Author: Mason Freed <masonf@chromium.org>
Date:   Fri Aug 6 20:20:17 2021 +0000

    Hard-code the list of plugins and mimetypes in navigator

    See [1] for a previous attempt to completely empty the navigator.plugins
    and navigator.mimeTypes APIs. That caused site breakage due to sites
    scanning for a PDF reader. This new attempt is discussed in significant
    detail in [2], and involves the hard-coding of a list of PDF viewers and
    mime types.

    The plugins/mimetypes lists will be empty if the user setting to
    download PDFs instead of viewing them
    (chrome://settings/content/pdfDocuments) is enabled. This is to ensure
    compat with sites that scan the plugins list for specific PDF plugins
    to decide on behavior. Prior to this CL, when the PDF viewer is
    disabled, the PDF viewer plugins are unloaded.

    Tests were copied mostly verbatim from [3], thanks @domenic.

    I2S:
    https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM

    [1] https://chromium-review.googlesource.com/c/chromium/src/+/2783393
    [2] whatwg/html#6738
    [3] web-platform-tests/wpt#29559

    Bug: 1164635
mkarolin pushed a commit to brave/brave-core that referenced this pull request Sep 1, 2021
The CL below made a change to make fingerprinting more difficult in
Chromium without breaking existing sites by returning a fixed list
of PDF plugins, regardless of the actual ones available, which broke
our farbling of the navigator.plugins array.

Since farbling in Brave works in a different way (i.e. differently
depending on the selected "farbling level"), we're just disabling this
runtime feature to get back to the original code we had before, which
would make sure the actual list of plugins is only returned if the
used has explicitly disabled fingerprinting protections, otherwise
a farbled, randomly generated and always different list of plugins
will be returned (which is better than a fixed list anyway).

Last, we add some new chromium_src overrides here to avoid the need
of a C++ patch to disable this runtime feature via WebRuntimeFeatures.

Chromium change:

https://chromium.googlesource.com/chromium/src/+/fb96360c18b517bcc487c0de7235eec27e3adf5e

commit fb96360c18b517bcc487c0de7235eec27e3adf5e
Author: Mason Freed <masonf@chromium.org>
Date:   Fri Aug 6 20:20:17 2021 +0000

    Hard-code the list of plugins and mimetypes in navigator

    See [1] for a previous attempt to completely empty the navigator.plugins
    and navigator.mimeTypes APIs. That caused site breakage due to sites
    scanning for a PDF reader. This new attempt is discussed in significant
    detail in [2], and involves the hard-coding of a list of PDF viewers and
    mime types.

    The plugins/mimetypes lists will be empty if the user setting to
    download PDFs instead of viewing them
    (chrome://settings/content/pdfDocuments) is enabled. This is to ensure
    compat with sites that scan the plugins list for specific PDF plugins
    to decide on behavior. Prior to this CL, when the PDF viewer is
    disabled, the PDF viewer plugins are unloaded.

    Tests were copied mostly verbatim from [3], thanks @domenic.

    I2S:
    https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM

    [1] https://chromium-review.googlesource.com/c/chromium/src/+/2783393
    [2] whatwg/html#6738
    [3] web-platform-tests/wpt#29559

    Bug: 1164635
mariospr added a commit to brave/brave-core that referenced this pull request Sep 3, 2021
MimeClassInfo now requires to pass a list of extensions to the
constructor, so we need to generate at least a random one to create
the fake MimeClassInfo used for farbling purposes.

Note that 3 browser tests failing likely because of this patch:

  BraveNavigatorPluginsFarblingBrowserTest.FarbleNavigatorPlugins
  BraveNavigatorPluginsFarblingBrowserTest.FarbleNavigatorPluginsBuiltin
  BraveNavigatorPluginsFarblingBrowserTest.FarbleNavigatorPluginsReset

This is because of Chromium now enabling a feature that will return a
hardcoded list via navigator.plugins which is incompatible with Brave's
farbling code. That will be addressed in the next patch.

Chromium change:

https://source.chromium.org/chromium/chromium/src/+/fb96360c18b517bcc487c0de7235eec27e3adf5e

commit fb96360c18b517bcc487c0de7235eec27e3adf5e
Author: Mason Freed <masonf@chromium.org>
Date:   Fri Aug 6 20:20:17 2021 +0000

    Hard-code the list of plugins and mimetypes in navigator

    See [1] for a previous attempt to completely empty the navigator.plugins
    and navigator.mimeTypes APIs. That caused site breakage due to sites
    scanning for a PDF reader. This new attempt is discussed in significant
    detail in [2], and involves the hard-coding of a list of PDF viewers and
    mime types.

    The plugins/mimetypes lists will be empty if the user setting to
    download PDFs instead of viewing them
    (chrome://settings/content/pdfDocuments) is enabled. This is to ensure
    compat with sites that scan the plugins list for specific PDF plugins
    to decide on behavior. Prior to this CL, when the PDF viewer is
    disabled, the PDF viewer plugins are unloaded.

    Tests were copied mostly verbatim from [3], thanks @domenic.

    I2S:
    https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM

    [1] https://chromium-review.googlesource.com/c/chromium/src/+/2783393
    [2] whatwg/html#6738
    [3] web-platform-tests/wpt#29559

    Bug: 1164635
mariospr added a commit to brave/brave-core that referenced this pull request Sep 3, 2021
The CL below made a change to make fingerprinting more difficult in
Chromium without breaking existing sites by returning a fixed list
of PDF plugins, regardless of the actual ones available, which broke
our farbling of the navigator.plugins array.

Since farbling in Brave works in a different way (i.e. differently
depending on the selected "farbling level"), we're just disabling this
runtime feature to get back to the original code we had before, which
would make sure the actual list of plugins is only returned if the
used has explicitly disabled fingerprinting protections, otherwise
a farbled, randomly generated and always different list of plugins
will be returned (which is better than a fixed list anyway).

Last, we add some new chromium_src overrides here to avoid the need
of a C++ patch to disable this runtime feature via WebRuntimeFeatures.

Chromium change:

https://chromium.googlesource.com/chromium/src/+/fb96360c18b517bcc487c0de7235eec27e3adf5e

commit fb96360c18b517bcc487c0de7235eec27e3adf5e
Author: Mason Freed <masonf@chromium.org>
Date:   Fri Aug 6 20:20:17 2021 +0000

    Hard-code the list of plugins and mimetypes in navigator

    See [1] for a previous attempt to completely empty the navigator.plugins
    and navigator.mimeTypes APIs. That caused site breakage due to sites
    scanning for a PDF reader. This new attempt is discussed in significant
    detail in [2], and involves the hard-coding of a list of PDF viewers and
    mime types.

    The plugins/mimetypes lists will be empty if the user setting to
    download PDFs instead of viewing them
    (chrome://settings/content/pdfDocuments) is enabled. This is to ensure
    compat with sites that scan the plugins list for specific PDF plugins
    to decide on behavior. Prior to this CL, when the PDF viewer is
    disabled, the PDF viewer plugins are unloaded.

    Tests were copied mostly verbatim from [3], thanks @domenic.

    I2S:
    https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM

    [1] https://chromium-review.googlesource.com/c/chromium/src/+/2783393
    [2] whatwg/html#6738
    [3] web-platform-tests/wpt#29559

    Bug: 1164635
mkarolin pushed a commit to brave/brave-core that referenced this pull request Sep 7, 2021
MimeClassInfo now requires to pass a list of extensions to the
constructor, so we need to generate at least a random one to create
the fake MimeClassInfo used for farbling purposes.

Note that 3 browser tests failing likely because of this patch:

  BraveNavigatorPluginsFarblingBrowserTest.FarbleNavigatorPlugins
  BraveNavigatorPluginsFarblingBrowserTest.FarbleNavigatorPluginsBuiltin
  BraveNavigatorPluginsFarblingBrowserTest.FarbleNavigatorPluginsReset

This is because of Chromium now enabling a feature that will return a
hardcoded list via navigator.plugins which is incompatible with Brave's
farbling code. That will be addressed in the next patch.

Chromium change:

https://source.chromium.org/chromium/chromium/src/+/fb96360c18b517bcc487c0de7235eec27e3adf5e

commit fb96360c18b517bcc487c0de7235eec27e3adf5e
Author: Mason Freed <masonf@chromium.org>
Date:   Fri Aug 6 20:20:17 2021 +0000

    Hard-code the list of plugins and mimetypes in navigator

    See [1] for a previous attempt to completely empty the navigator.plugins
    and navigator.mimeTypes APIs. That caused site breakage due to sites
    scanning for a PDF reader. This new attempt is discussed in significant
    detail in [2], and involves the hard-coding of a list of PDF viewers and
    mime types.

    The plugins/mimetypes lists will be empty if the user setting to
    download PDFs instead of viewing them
    (chrome://settings/content/pdfDocuments) is enabled. This is to ensure
    compat with sites that scan the plugins list for specific PDF plugins
    to decide on behavior. Prior to this CL, when the PDF viewer is
    disabled, the PDF viewer plugins are unloaded.

    Tests were copied mostly verbatim from [3], thanks @domenic.

    I2S:
    https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM

    [1] https://chromium-review.googlesource.com/c/chromium/src/+/2783393
    [2] whatwg/html#6738
    [3] web-platform-tests/wpt#29559

    Bug: 1164635
mkarolin pushed a commit to brave/brave-core that referenced this pull request Sep 7, 2021
The CL below made a change to make fingerprinting more difficult in
Chromium without breaking existing sites by returning a fixed list
of PDF plugins, regardless of the actual ones available, which broke
our farbling of the navigator.plugins array.

Since farbling in Brave works in a different way (i.e. differently
depending on the selected "farbling level"), we're just disabling this
runtime feature to get back to the original code we had before, which
would make sure the actual list of plugins is only returned if the
used has explicitly disabled fingerprinting protections, otherwise
a farbled, randomly generated and always different list of plugins
will be returned (which is better than a fixed list anyway).

Last, we add some new chromium_src overrides here to avoid the need
of a C++ patch to disable this runtime feature via WebRuntimeFeatures.

Chromium change:

https://chromium.googlesource.com/chromium/src/+/fb96360c18b517bcc487c0de7235eec27e3adf5e

commit fb96360c18b517bcc487c0de7235eec27e3adf5e
Author: Mason Freed <masonf@chromium.org>
Date:   Fri Aug 6 20:20:17 2021 +0000

    Hard-code the list of plugins and mimetypes in navigator

    See [1] for a previous attempt to completely empty the navigator.plugins
    and navigator.mimeTypes APIs. That caused site breakage due to sites
    scanning for a PDF reader. This new attempt is discussed in significant
    detail in [2], and involves the hard-coding of a list of PDF viewers and
    mime types.

    The plugins/mimetypes lists will be empty if the user setting to
    download PDFs instead of viewing them
    (chrome://settings/content/pdfDocuments) is enabled. This is to ensure
    compat with sites that scan the plugins list for specific PDF plugins
    to decide on behavior. Prior to this CL, when the PDF viewer is
    disabled, the PDF viewer plugins are unloaded.

    Tests were copied mostly verbatim from [3], thanks @domenic.

    I2S:
    https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM

    [1] https://chromium-review.googlesource.com/c/chromium/src/+/2783393
    [2] whatwg/html#6738
    [3] web-platform-tests/wpt#29559

    Bug: 1164635
mkarolin pushed a commit to brave/brave-core that referenced this pull request Sep 11, 2021
MimeClassInfo now requires to pass a list of extensions to the
constructor, so we need to generate at least a random one to create
the fake MimeClassInfo used for farbling purposes.

Note that 3 browser tests failing likely because of this patch:

  BraveNavigatorPluginsFarblingBrowserTest.FarbleNavigatorPlugins
  BraveNavigatorPluginsFarblingBrowserTest.FarbleNavigatorPluginsBuiltin
  BraveNavigatorPluginsFarblingBrowserTest.FarbleNavigatorPluginsReset

This is because of Chromium now enabling a feature that will return a
hardcoded list via navigator.plugins which is incompatible with Brave's
farbling code. That will be addressed in the next patch.

Chromium change:

https://source.chromium.org/chromium/chromium/src/+/fb96360c18b517bcc487c0de7235eec27e3adf5e

commit fb96360c18b517bcc487c0de7235eec27e3adf5e
Author: Mason Freed <masonf@chromium.org>
Date:   Fri Aug 6 20:20:17 2021 +0000

    Hard-code the list of plugins and mimetypes in navigator

    See [1] for a previous attempt to completely empty the navigator.plugins
    and navigator.mimeTypes APIs. That caused site breakage due to sites
    scanning for a PDF reader. This new attempt is discussed in significant
    detail in [2], and involves the hard-coding of a list of PDF viewers and
    mime types.

    The plugins/mimetypes lists will be empty if the user setting to
    download PDFs instead of viewing them
    (chrome://settings/content/pdfDocuments) is enabled. This is to ensure
    compat with sites that scan the plugins list for specific PDF plugins
    to decide on behavior. Prior to this CL, when the PDF viewer is
    disabled, the PDF viewer plugins are unloaded.

    Tests were copied mostly verbatim from [3], thanks @domenic.

    I2S:
    https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM

    [1] https://chromium-review.googlesource.com/c/chromium/src/+/2783393
    [2] whatwg/html#6738
    [3] web-platform-tests/wpt#29559

    Bug: 1164635
mkarolin pushed a commit to brave/brave-core that referenced this pull request Sep 11, 2021
The CL below made a change to make fingerprinting more difficult in
Chromium without breaking existing sites by returning a fixed list
of PDF plugins, regardless of the actual ones available, which broke
our farbling of the navigator.plugins array.

Since farbling in Brave works in a different way (i.e. differently
depending on the selected "farbling level"), we're just disabling this
runtime feature to get back to the original code we had before, which
would make sure the actual list of plugins is only returned if the
used has explicitly disabled fingerprinting protections, otherwise
a farbled, randomly generated and always different list of plugins
will be returned (which is better than a fixed list anyway).

Last, we add some new chromium_src overrides here to avoid the need
of a C++ patch to disable this runtime feature via WebRuntimeFeatures.

Chromium change:

https://chromium.googlesource.com/chromium/src/+/fb96360c18b517bcc487c0de7235eec27e3adf5e

commit fb96360c18b517bcc487c0de7235eec27e3adf5e
Author: Mason Freed <masonf@chromium.org>
Date:   Fri Aug 6 20:20:17 2021 +0000

    Hard-code the list of plugins and mimetypes in navigator

    See [1] for a previous attempt to completely empty the navigator.plugins
    and navigator.mimeTypes APIs. That caused site breakage due to sites
    scanning for a PDF reader. This new attempt is discussed in significant
    detail in [2], and involves the hard-coding of a list of PDF viewers and
    mime types.

    The plugins/mimetypes lists will be empty if the user setting to
    download PDFs instead of viewing them
    (chrome://settings/content/pdfDocuments) is enabled. This is to ensure
    compat with sites that scan the plugins list for specific PDF plugins
    to decide on behavior. Prior to this CL, when the PDF viewer is
    disabled, the PDF viewer plugins are unloaded.

    Tests were copied mostly verbatim from [3], thanks @domenic.

    I2S:
    https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM

    [1] https://chromium-review.googlesource.com/c/chromium/src/+/2783393
    [2] whatwg/html#6738
    [3] web-platform-tests/wpt#29559

    Bug: 1164635
mkarolin pushed a commit to brave/brave-core that referenced this pull request Sep 13, 2021
MimeClassInfo now requires to pass a list of extensions to the
constructor, so we need to generate at least a random one to create
the fake MimeClassInfo used for farbling purposes.

Note that 3 browser tests failing likely because of this patch:

  BraveNavigatorPluginsFarblingBrowserTest.FarbleNavigatorPlugins
  BraveNavigatorPluginsFarblingBrowserTest.FarbleNavigatorPluginsBuiltin
  BraveNavigatorPluginsFarblingBrowserTest.FarbleNavigatorPluginsReset

This is because of Chromium now enabling a feature that will return a
hardcoded list via navigator.plugins which is incompatible with Brave's
farbling code. That will be addressed in the next patch.

Chromium change:

https://source.chromium.org/chromium/chromium/src/+/fb96360c18b517bcc487c0de7235eec27e3adf5e

commit fb96360c18b517bcc487c0de7235eec27e3adf5e
Author: Mason Freed <masonf@chromium.org>
Date:   Fri Aug 6 20:20:17 2021 +0000

    Hard-code the list of plugins and mimetypes in navigator

    See [1] for a previous attempt to completely empty the navigator.plugins
    and navigator.mimeTypes APIs. That caused site breakage due to sites
    scanning for a PDF reader. This new attempt is discussed in significant
    detail in [2], and involves the hard-coding of a list of PDF viewers and
    mime types.

    The plugins/mimetypes lists will be empty if the user setting to
    download PDFs instead of viewing them
    (chrome://settings/content/pdfDocuments) is enabled. This is to ensure
    compat with sites that scan the plugins list for specific PDF plugins
    to decide on behavior. Prior to this CL, when the PDF viewer is
    disabled, the PDF viewer plugins are unloaded.

    Tests were copied mostly verbatim from [3], thanks @domenic.

    I2S:
    https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM

    [1] https://chromium-review.googlesource.com/c/chromium/src/+/2783393
    [2] whatwg/html#6738
    [3] web-platform-tests/wpt#29559

    Bug: 1164635
mkarolin pushed a commit to brave/brave-core that referenced this pull request Sep 13, 2021
The CL below made a change to make fingerprinting more difficult in
Chromium without breaking existing sites by returning a fixed list
of PDF plugins, regardless of the actual ones available, which broke
our farbling of the navigator.plugins array.

Since farbling in Brave works in a different way (i.e. differently
depending on the selected "farbling level"), we're just disabling this
runtime feature to get back to the original code we had before, which
would make sure the actual list of plugins is only returned if the
used has explicitly disabled fingerprinting protections, otherwise
a farbled, randomly generated and always different list of plugins
will be returned (which is better than a fixed list anyway).

Chromium change:

https://chromium.googlesource.com/chromium/src/+/fb96360c18b517bcc487c0de7235eec27e3adf5e

commit fb96360c18b517bcc487c0de7235eec27e3adf5e
Author: Mason Freed <masonf@chromium.org>
Date:   Fri Aug 6 20:20:17 2021 +0000

    Hard-code the list of plugins and mimetypes in navigator

    See [1] for a previous attempt to completely empty the navigator.plugins
    and navigator.mimeTypes APIs. That caused site breakage due to sites
    scanning for a PDF reader. This new attempt is discussed in significant
    detail in [2], and involves the hard-coding of a list of PDF viewers and
    mime types.

    The plugins/mimetypes lists will be empty if the user setting to
    download PDFs instead of viewing them
    (chrome://settings/content/pdfDocuments) is enabled. This is to ensure
    compat with sites that scan the plugins list for specific PDF plugins
    to decide on behavior. Prior to this CL, when the PDF viewer is
    disabled, the PDF viewer plugins are unloaded.

    Tests were copied mostly verbatim from [3], thanks @domenic.

    I2S:
    https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM

    [1] https://chromium-review.googlesource.com/c/chromium/src/+/2783393
    [2] whatwg/html#6738
    [3] web-platform-tests/wpt#29559

    Bug: 1164635
mjfroman pushed a commit to mjfroman/moz-libwebrtc-third-party that referenced this pull request Oct 14, 2022
See [1] for a previous attempt to completely empty the navigator.plugins
and navigator.mimeTypes APIs. That caused site breakage due to sites
scanning for a PDF reader. This new attempt is discussed in significant
detail in [2], and involves the hard-coding of a list of PDF viewers and
mime types.

The plugins/mimetypes lists will be empty if the user setting to
download PDFs instead of viewing them
(chrome://settings/content/pdfDocuments) is enabled. This is to ensure
compat with sites that scan the plugins list for specific PDF plugins
to decide on behavior. Prior to this CL, when the PDF viewer is
disabled, the PDF viewer plugins are unloaded.

Tests were copied mostly verbatim from [3], thanks @domenic.

I2S:
https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM

[1] https://chromium-review.googlesource.com/c/chromium/src/+/2783393
[2] whatwg/html#6738
[3] web-platform-tests/wpt#29559

Bug: 1164635
Change-Id: I7c52af5b918768d8b4c4a9faa409fb4e6b72ecc2
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3017890
Commit-Queue: Mason Freed <masonf@chromium.org>
Auto-Submit: Mason Freed <masonf@chromium.org>
Reviewed-by: Joey Arhar <jarhar@chromium.org>
Reviewed-by: Chris Harrelson <chrishtr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#909443}
NOKEYCHECK=True
GitOrigin-RevId: fb96360c18b517bcc487c0de7235eec27e3adf5e
i3roly pushed a commit to i3roly/firefox-dynasty that referenced this pull request Jun 1, 2024
…pes in navigator, a=testonly

Automatic update from web-platform-tests
Hard-code the list of plugins and mimetypes in navigator

See [1] for a previous attempt to completely empty the navigator.plugins
and navigator.mimeTypes APIs. That caused site breakage due to sites
scanning for a PDF reader. This new attempt is discussed in significant
detail in [2], and involves the hard-coding of a list of PDF viewers and
mime types.

The plugins/mimetypes lists will be empty if the user setting to
download PDFs instead of viewing them
(chrome://settings/content/pdfDocuments) is enabled. This is to ensure
compat with sites that scan the plugins list for specific PDF plugins
to decide on behavior. Prior to this CL, when the PDF viewer is
disabled, the PDF viewer plugins are unloaded.

Tests were copied mostly verbatim from [3], thanks @domenic.

I2S:
https://groups.google.com/a/chromium.org/g/blink-dev/c/bbxAGu90LgM

[1] https://chromium-review.googlesource.com/c/chromium/src/+/2783393
[2] whatwg/html#6738
[3] web-platform-tests/wpt#29559

Bug: 1164635
Change-Id: I7c52af5b918768d8b4c4a9faa409fb4e6b72ecc2
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3017890
Commit-Queue: Mason Freed <masonf@chromium.org>
Auto-Submit: Mason Freed <masonf@chromium.org>
Reviewed-by: Joey Arhar <jarhar@chromium.org>
Reviewed-by: Chris Harrelson <chrishtr@chromium.org>
Cr-Commit-Position: refs/heads/master@{#909443}

--

wpt-commits: 7be5ecfd72f0e95257f435a101b88e5ad277206f
wpt-pr: 29652
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
impacts documentation Used by documentation communities, such as MDN, to track changes that impact documentation interop Implementations are not interoperable with each other
Development

Successfully merging this pull request may close these issues.

5 participants