Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Issue 2252: Refactor the referrer hiding. #1240

Merged
merged 5 commits into from
Jan 8, 2019
Merged

Issue 2252: Refactor the referrer hiding. #1240

merged 5 commits into from
Jan 8, 2019

Conversation

iefremov
Copy link
Contributor

@iefremov iefremov commented Jan 7, 2019
edited by bbondy
Loading

Fix brave/brave-browser#2252

Current solution for hiding the referer string requires readirecting literally
all requests for which the referrer was modified. This approach conflicts
with the fact that certain requests are not allowed to be redirected (i.e.
CORS preflight requests). That said, current approach breaks a lot of sites.

To refactor this we move the referrer hiding code to the earlier stage,
where navigation requests are created and started. This is a convenient
place to patch both renderer and browser initiated navigations and utilize
ContentBrowserClient interface on the browser thread.

Submitter Checklist:

  • Submitted a ticket for my issue if one did not already exist.
  • Used Github auto-closing keywords in the commit message.
  • Added/updated tests for this change (for new code or code which already has tests).
  • Verified that these changes build without errors on
    • Windows
    • macOS
    • Linux
  • Verified that these changes pass automated tests (npm test brave_unit_tests && npm test brave_browser_tests) on
    • Windows
    • macOS
    • Linux
  • Ran git rebase master (if needed).
  • Ran git rebase -i to squash commits (if needed).
  • Tagged reviewers and labelled the pull request as needed.
  • Request a security/privacy review as needed.
  • Add appropriate QA labels (QA/Yes or QA/No) to include the closed issue in milestone

Test Plan:

Reviewer Checklist:

  • New files have MPL-2.0 license header.
  • Request a security/privacy review as needed.
  • Adequate test coverage exists to prevent regressions
  • Verify test plan is specified in PR before merging to source

@iefremov
Copy link
Contributor Author

iefremov commented Jan 7, 2019

TODO:

  • Add test against the origin CORS problem (chromium has one, but it is buried deeply in blink tests infrastructure)
  • Add unittests against referrer blocking function instead of removed ones
  • Possibly add referrer hiding call to NavigationRequest::OnRequestRedirected

yrliou
yrliou reviewed Jan 8, 2019
View reviewed changes
browser/brave_content_browser_client.cc Outdated
referrer);
}


Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: Please remove the extra line.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

components/brave_shields/browser/brave_shields_util.cc Outdated

} // namespace


Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: remove the extra line

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done

@iefremov iefremov force-pushed the referrer_block branch 2 times, most recently from b9efbe8 to f7a53f4 Compare January 8, 2019 12:28
@iefremov
Copy link
Contributor Author

iefremov commented Jan 8, 2019

it's easier to review per-commit, since I've clang-formatted one of the files.

Ivan Efremov added 5 commits January 9, 2019 01:37
Issue 2252: Refactor the referrer hiding.
3b0f83e 
Fix #2252

Current solution for hiding the referer string requires readirecting literally
all requests for which the referrer was modified. This approach conflicts
with the fact that certain requests are not allowed to be redirected (i.e.
CORS preflight requests). That said, current approach breaks a lot of sites.

To refactor this we move the referrer hiding code to the earlier stage,
where navigation requests are created and started. This is a convenient
place to patch both renderer and browser initiated navigations and utilize
ContentBrowserClient interface on the browser thread.
Issue 2252: Whitespace fix & clang-format.
e416e79
Issue 2252: Add a smoke test against referrer hiding.
0c6ddcc
Issue 2252: Renamings.
033fe66
Issues 2252: Restore the URLRequest hook that hides referrers.
71bc678 
We have to keep this at least for a while, because we still want
to hide referrers for all requests, including resource requests
originated from renderer. But now we do not want to trigger internal
redirects for each request to avoid CORS or any other issues.
@bbondy bbondy merged commit fd934ed into master Jan 8, 2019
@bbondy bbondy added the 0.61.x label Jan 8, 2019
bbondy added a commit that referenced this pull request Jan 8, 2019
@bbondy
Merge pull request #1240 from brave/referrer_block
8794a37 
Issue 2252: Refactor the referrer hiding.
@cndouglas cndouglas mentioned this pull request Jan 8, 2019
Closed
bbondy added a commit that referenced this pull request Jan 8, 2019
@bbondy
Merge pull request #1240 from brave/referrer_block
142d94a 
Issue 2252: Refactor the referrer hiding.
This was referenced Jan 8, 2019
Merged
Merged
Merged
bbondy added a commit that referenced this pull request Jan 8, 2019
@bbondy
Merge pull request #1240 from brave/referrer_block
cf3c677 
Issue 2252: Refactor the referrer hiding.
@bbondy bbondy added this to the 0.61.x - Nightly milestone Jan 14, 2019
@bsclifton bsclifton deleted the referrer_block branch January 24, 2019 21:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bridiver bridiver bridiver left review comments

@yrliou yrliou yrliou left review comments

@bbondy bbondy bbondy approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.61.x - Release
Development

Successfully merging this pull request may close these issues.

CORS issue because of Brave Shields
4 participants
@iefremov @bridiver @bbondy @yrliou