From de678eee4fa301f16a7bb0d64d74222496193834 Mon Sep 17 00:00:00 2001
From: yan <yan@mit.edu>
Date: Tue, 16 Aug 2016 13:11:10 -0700
Subject: [PATCH] Block filesystem access when cookies are blocked

Partial fix for https://github.com/brave/browser-laptop/issues/3214.

Auditors: @bridiver
---
 atom/renderer/content_settings_client.cc | 30 ++++++++++++++++++++++++
 atom/renderer/content_settings_client.h  |  4 ++--
 2 files changed, 32 insertions(+), 2 deletions(-)

diff --git a/atom/renderer/content_settings_client.cc b/atom/renderer/content_settings_client.cc
index e13e90f052..0fcbcb9e04 100644
--- a/atom/renderer/content_settings_client.cc
+++ b/atom/renderer/content_settings_client.cc
@@ -143,6 +143,36 @@ bool ContentSettingsClient::allowDatabase(const WebString& name,
   return allow;
 }
 
+
+void ContentSettingsClient::requestFileSystemAccessAsync(
+        const WebContentSettingCallbacks& callbacks) {
+  WebFrame* frame = render_frame()->GetWebFrame();
+  WebContentSettingCallbacks permissionCallbacks(callbacks);
+  if (frame->getSecurityOrigin().isUnique() ||
+      frame->top()->getSecurityOrigin().isUnique()) {
+      permissionCallbacks.doDeny();
+      return;
+  }
+
+  bool allow = true;
+  GURL secondary_url(
+      blink::WebStringToGURL(frame->getSecurityOrigin().toString()));
+  if (content_settings_manager_->content_settings()) {
+    allow =
+        content_settings_manager_->GetSetting(
+          GetOriginOrURL(frame),
+          secondary_url,
+          "cookies",
+          allow) != CONTENT_SETTING_BLOCK;
+  }
+  if (!allow) {
+      DidBlockContentType("filesystem", secondary_url.spec());
+      permissionCallbacks.doDeny();
+  } else {
+      permissionCallbacks.doAllow();
+  }
+}
+
 bool ContentSettingsClient::allowImage(bool enabled_per_settings,
                                          const WebURL& image_url) {
   if (enabled_per_settings && IsWhitelistedForContentSettings())
diff --git a/atom/renderer/content_settings_client.h b/atom/renderer/content_settings_client.h
index 349889d900..87942c4dc5 100644
--- a/atom/renderer/content_settings_client.h
+++ b/atom/renderer/content_settings_client.h
@@ -58,8 +58,8 @@ class ContentSettingsClient
   bool allowDatabase(const blink::WebString& name,
                      const blink::WebString& display_name,
                      unsigned long estimated_size) override;  // NOLINT
-  // void requestFileSystemAccessAsync(
-  //     const blink::WebContentSettingCallbacks& callbacks) override;
+  void requestFileSystemAccessAsync(
+          const blink::WebContentSettingCallbacks& callbacks) override;
   bool allowImage(bool enabled_per_settings,
                   const blink::WebURL& image_url) override;
   bool allowIndexedDB(const blink::WebString& name,