[java] Adding remote-allow-origins argument only when the Java 11 http client is not used.

Fixes #11949

Author: diemol

java/src/org/openqa/selenium/chrome/ChromeDriverInfo.java

@@ -45,14 +45,17 @@ public String getDisplayName() {
 
   @Override
   public Capabilities getCanonicalCapabilities() {
-    // Allowing any origin "*" through remote-allow-origins might sound risky but an attacker
-    // would need to know the port used to start DevTools to establish a connection. Given
-    // these sessions are relatively short-lived, the risk is reduced. Also, this will be
-    // removed when we only support Java 11 and above.
-    return new ImmutableCapabilities(
-      CapabilityType.BROWSER_NAME, CHROME.browserName(),
-      ChromeOptions.CAPABILITY,
-      ImmutableMap.of("args", ImmutableList.of("--remote-allow-origins=*")));
+    if (!"jdk-http-client".equalsIgnoreCase(System.getProperty("webdriver.http.factory", ""))) {
+      // Allowing any origin "*" through remote-allow-origins might sound risky but an attacker
+      // would need to know the port used to start DevTools to establish a connection. Given
+      // these sessions are relatively short-lived, the risk is reduced. Only set when the Java
+      // 11 client is not used.
+      return new ImmutableCapabilities(
+        CapabilityType.BROWSER_NAME, CHROME.browserName(),
+        ChromeOptions.CAPABILITY,
+        ImmutableMap.of("args", ImmutableList.of("--remote-allow-origins=*")));
+    }
+    return new ImmutableCapabilities(CapabilityType.BROWSER_NAME, CHROME.browserName());
   }
 
   @Override

java/src/org/openqa/selenium/chromium/ChromiumOptions.java

@@ -75,11 +75,13 @@ public class ChromiumOptions<T extends ChromiumOptions<?>> extends AbstractDrive
   public ChromiumOptions(String capabilityType, String browserType, String capability) {
     this.capabilityName = capability;
     setCapability(capabilityType, browserType);
-    // Allowing any origin "*" might sound risky but an attacker would need to know
-    // the port used to start DevTools to establish a connection. Given these sessions
-    // are relatively short-lived, the risk is reduced. Also, this will be removed when
-    // we only support Java 11 and above.
-    addArguments("--remote-allow-origins=*");
+    if (!"jdk-http-client".equalsIgnoreCase(System.getProperty("webdriver.http.factory", ""))) {
+      // Allowing any origin "*" might sound risky but an attacker would need to know
+      // the port used to start DevTools to establish a connection. Given these sessions
+      // are relatively short-lived, the risk is reduced. Only set when the Java 11 client
+      // is not used.
+      addArguments("--remote-allow-origins=*");
+    }
   }
 
   /**

java/src/org/openqa/selenium/edge/EdgeDriverInfo.java

@@ -44,14 +44,17 @@ public String getDisplayName() {
 
   @Override
   public Capabilities getCanonicalCapabilities() {
-    // Allowing any origin "*" through remote-allow-origins might sound risky but an attacker
-    // would need to know the port used to start DevTools to establish a connection. Given
-    // these sessions are relatively short-lived, the risk is reduced. Also, this will be
-    // removed when we only support Java 11 and above.
-    return new ImmutableCapabilities(
-      CapabilityType.BROWSER_NAME, EDGE.browserName(),
-      EdgeOptions.CAPABILITY,
-      ImmutableMap.of("args", ImmutableList.of("--remote-allow-origins=*")));
+    if (!"jdk-http-client".equalsIgnoreCase(System.getProperty("webdriver.http.factory", ""))) {
+      // Allowing any origin "*" through remote-allow-origins might sound risky but an attacker
+      // would need to know the port used to start DevTools to establish a connection. Given
+      // these sessions are relatively short-lived, the risk is reduced. Only set when the Java
+      // 11 client is not used.
+      return new ImmutableCapabilities(
+        CapabilityType.BROWSER_NAME, EDGE.browserName(),
+        EdgeOptions.CAPABILITY,
+        ImmutableMap.of("args", ImmutableList.of("--remote-allow-origins=*")));
+    }
+    return new ImmutableCapabilities(CapabilityType.BROWSER_NAME, EDGE.browserName());
   }
 
   @Override