-
Notifications
You must be signed in to change notification settings - Fork 879
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Localhost access permission #17321
Localhost access permission #17321
Conversation
A Storybook has been deployed to preview UI for the latest push |
const auto& request_initiator_url = ctx->initiator_url; | ||
const auto& request_url = ctx->request_url; | ||
|
||
if (!IsLocalhostRequest(request_url, request_initiator_url)) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
in case of websocket initiator
would be empty, is it okay?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it would come from BraveProxyingWebSocket
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Interesting! Is there a way to detect that? We wouldn't want to get the embedding/initiating URL from contents->GetLastCommittedURL()
because we want to only capture the cases where a website is making the localhost request.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hm I seem to get the right initiator and request URLs with a WebSocket actually. My test client is https://shivankaul.com/brave/localhost/ws_client.html (check the console for messages) and test server is just a simple WebSocket server running on port 8080 locally: https://shivankaul.com/brave/localhost/ws_server.js
browser/net/brave_localhost_permission_network_delegate_helper.cc
Outdated
Show resolved
Hide resolved
@goodov The presubmit CI fails on
But
|
add your file to this list:
|
CheckAskAndDenyFlow(kButtonHtmlId, target_url, 1); | ||
} | ||
|
||
IN_PROC_BROWSER_TEST_F(LocalhostAccessBrowserTest, OneTwoSeven) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not a big deal, but for completeness' sake, we could also test the IPv6 version ([::1]
).
components/permissions/contexts/brave_localhost_permission_context.cc
Outdated
Show resolved
Hide resolved
A Storybook has been deployed to preview UI for the latest push |
ce472f2
to
cba92ad
Compare
b6e3c2e
to
9db4b4b
Compare
f3b0d4e
to
62bc1a0
Compare
62bc1a0
to
c45e59c
Compare
c45e59c
to
fdf8b55
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Strings ++
6d9e822
to
dd086b1
Compare
browser/net/brave_localhost_permission_network_delegate_helper.h
Outdated
Show resolved
Hide resolved
Only throttle for subresources No throttling for adblocked resources Add tests for adblock
Instead of WebContents pointer
PermissionControllerDelegate => PermissionController RequestPermissionsForOrigin => RequestPermissionsFromCurrentDocument
96b03e3
to
6d79b02
Compare
Hey. Sorry I'm a bit curious about this. Does this check your local routes? Will it prevent websites from accessing your local by accessing addresses like |
Resolves brave/brave-browser#27346
Submitter Checklist:
QA/Yes
orQA/No
;release-notes/include
orrelease-notes/exclude
;OS/...
) to the associated issuenpm run test -- brave_browser_tests
,npm run test -- brave_unit_tests
wikinpm run lint
,npm run presubmit
wiki,npm run gn_check
,npm run tslint
git rebase master
(if needed)Reviewer Checklist:
gn
After-merge Checklist:
changes has landed on
Test Plan:
I've created a test website at https://shivankaul.com/brave/localhost/ with testing instructions.
A few other things to test: