mirrors/electron
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions 1
electron/patches/chromium/add_trustedauthclient_to_urlloaderfactory.patch
Charles Kerr b9ea4a6ba4 Revert "chore: bump chromium to 91.0.4448.0 (master) (#28009)" 
This reverts commit a006cf681b.

It was squash-merged by accident; let's redo that without squashing.
2021-03-30 21:28:40 -05:00

161 lines
7.9 KiB
Diff
Raw Blame History

From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: deepak1556 <hop2deep@gmail.com>
Date: Wed, 27 Jan 2021 15:20:01 -0800
Subject: add TrustedAuthClient to URLLoaderFactory
This allows intercepting authentication requests for the 'net' module.
Without this, the 'login' event for electron.net.ClientRequest can't be
implemented, because the existing path checks for the presence of a
WebContents, and cancels the authentication if there's no WebContents
available, which there isn't in the case of the 'net' module.
diff --git a/services/network/public/mojom/network_context.mojom b/services/network/public/mojom/network_context.mojom
index 84ab373ac9472bba739ca98c52b1f97c71169e88..0bcc7e95109fea4ff1b25672ac007b926ae52984 100644
--- a/services/network/public/mojom/network_context.mojom
+++ b/services/network/public/mojom/network_context.mojom
@@ -222,6 +222,26 @@ struct CTPolicy {
array<string> excluded_legacy_spkis;
};
+interface TrustedAuthClient {
+ OnAuthRequired(
+ mojo_base.mojom.UnguessableToken? window_id,
+ uint32 process_id,
+ uint32 routing_id,
+ uint32 request_id,
+ url.mojom.Url url,
+ bool first_auth_attempt,
+ AuthChallengeInfo auth_info,
+ URLResponseHead? head,
+ pending_remote<AuthChallengeResponder> auth_challenge_responder);
+};
+
+interface TrustedURLLoaderAuthClient {
+ // When a new URLLoader is created, this will be called to pass a
+ // corresponding |auth_client|.
+ OnLoaderCreated(int32 request_id,
+ pending_receiver<TrustedAuthClient> auth_client);
+};
+
interface CertVerifierClient {
Verify(
int32 default_error,
@@ -653,6 +673,8 @@ struct URLLoaderFactoryParams {
// impact because of the extra process hops, so use should be minimized.
pending_remote<TrustedURLLoaderHeaderClient>? header_client;
+ pending_remote<TrustedURLLoaderAuthClient>? auth_client;
+
// Information used restrict access to identity information (like SameSite
// cookies) and to shard network resources, like the cache. If set, takes
// precedence over ResourceRequest::TrustedParams::IsolationInfo field
diff --git a/services/network/url_loader.cc b/services/network/url_loader.cc
index a6ea05b42fce15d576c029afa086a3007282ee71..14c17ccbc0e184f03c4ca6a9833ae83db386a011 100644
--- a/services/network/url_loader.cc
+++ b/services/network/url_loader.cc
@@ -462,6 +462,7 @@ URLLoader::URLLoader(
base::WeakPtr<KeepaliveStatisticsRecorder> keepalive_statistics_recorder,
base::WeakPtr<NetworkUsageAccumulator> network_usage_accumulator,
mojom::TrustedURLLoaderHeaderClient* url_loader_header_client,
+ mojom::TrustedURLLoaderAuthClient* url_loader_auth_client,
mojom::OriginPolicyManager* origin_policy_manager,
std::unique_ptr<TrustTokenRequestHelperFactory> trust_token_helper_factory,
const cors::OriginAccessList& origin_access_list,
@@ -529,6 +530,11 @@ URLLoader::URLLoader(
header_client_.set_disconnect_handler(
base::BindOnce(&URLLoader::OnMojoDisconnect, base::Unretained(this)));
}
+ if (url_loader_auth_client) {
+ url_loader_auth_client->OnLoaderCreated(request_id_, auth_client_.BindNewPipeAndPassReceiver());
+ auth_client_.set_disconnect_handler(
+ base::BindOnce(&URLLoader::OnMojoDisconnect, base::Unretained(this)));
+ }
if (want_raw_headers_) {
options_ |= mojom::kURLLoadOptionSendSSLInfoWithResponse |
mojom::kURLLoadOptionSendSSLInfoForCertificateError;
@@ -1187,7 +1193,7 @@ void URLLoader::OnAuthRequired(net::URLRequest* url_request,
// |this| may have been deleted.
return;
}
- if (!network_context_client_) {
+ if (!network_context_client_ && !auth_client_) {
OnAuthCredentials(base::nullopt);
return;
}
@@ -1203,11 +1209,19 @@ void URLLoader::OnAuthRequired(net::URLRequest* url_request,
if (url_request->response_headers())
head->headers = url_request->response_headers();
head->auth_challenge_info = auth_info;
- network_context_client_->OnAuthRequired(
- fetch_window_id_, factory_params_->process_id, render_frame_id_,
- request_id_, url_request_->url(), first_auth_attempt_, auth_info,
- std::move(head),
- auth_challenge_responder_receiver_.BindNewPipeAndPassRemote());
+ if (auth_client_) {
+ auth_client_->OnAuthRequired(
+ fetch_window_id_, factory_params_->process_id, render_frame_id_,
+ request_id_, url_request_->url(), first_auth_attempt_, auth_info,
+ std::move(head),
+ auth_challenge_responder_receiver_.BindNewPipeAndPassRemote());
+ } else {
+ network_context_client_->OnAuthRequired(
+ fetch_window_id_, factory_params_->process_id, render_frame_id_,
+ request_id_, url_request_->url(), first_auth_attempt_, auth_info,
+ std::move(head),
+ auth_challenge_responder_receiver_.BindNewPipeAndPassRemote());
+ }
auth_challenge_responder_receiver_.set_disconnect_handler(
base::BindOnce(&URLLoader::DeleteSelf, base::Unretained(this)));
diff --git a/services/network/url_loader.h b/services/network/url_loader.h
index e35076146d1b2205c851f815de943eef47bcdbc6..fa2beab3a2358da8a089cee78a4294af81352d2a 100644
--- a/services/network/url_loader.h
+++ b/services/network/url_loader.h
@@ -130,6 +130,7 @@ class COMPONENT_EXPORT(NETWORK_SERVICE) URLLoader
base::WeakPtr<KeepaliveStatisticsRecorder> keepalive_statistics_recorder,
base::WeakPtr<NetworkUsageAccumulator> network_usage_accumulator,
mojom::TrustedURLLoaderHeaderClient* url_loader_header_client,
+ mojom::TrustedURLLoaderAuthClient* url_loader_auth_client,
mojom::OriginPolicyManager* origin_policy_manager,
std::unique_ptr<TrustTokenRequestHelperFactory>
trust_token_helper_factory,
@@ -497,6 +498,7 @@ class COMPONENT_EXPORT(NETWORK_SERVICE) URLLoader
base::Optional<base::UnguessableToken> fetch_window_id_;
mojo::Remote<mojom::TrustedHeaderClient> header_client_;
+ mojo::Remote<mojom::TrustedAuthClient> auth_client_;
std::unique_ptr<FileOpenerForUpload> file_opener_for_upload_;
diff --git a/services/network/url_loader_factory.cc b/services/network/url_loader_factory.cc
index e72645de2bd9073966e3f220d3663f157d29650e..6b12fb88c25d506494e8d2b8cab950dedf89ce0c 100644
--- a/services/network/url_loader_factory.cc
+++ b/services/network/url_loader_factory.cc
@@ -77,6 +77,7 @@ URLLoaderFactory::URLLoaderFactory(
resource_scheduler_client_(std::move(resource_scheduler_client)),
header_client_(std::move(params_->header_client)),
coep_reporter_(std::move(params_->coep_reporter)),
+ auth_client_(std::move(params_->auth_client)),
cors_url_loader_factory_(cors_url_loader_factory),
cookie_observer_(std::move(params_->cookie_observer)),
auth_cert_observer_(std::move(params_->auth_cert_observer)) {
@@ -296,6 +297,7 @@ void URLLoaderFactory::CreateLoaderAndStart(
std::move(keepalive_statistics_recorder),
std::move(network_usage_accumulator),
header_client_.is_bound() ? header_client_.get() : nullptr,
+ auth_client_.is_bound() ? auth_client_.get() : nullptr,
context_->origin_policy_manager(), std::move(trust_token_factory),
context_->cors_origin_access_list(), std::move(cookie_observer),
std::move(auth_cert_observer));
diff --git a/services/network/url_loader_factory.h b/services/network/url_loader_factory.h
index 14bf9839d142531e4e7f6dc6a461d97713d435ed..e5bca17b40fad7a553ef1b70fa6c4eacbb3cd1a9 100644
--- a/services/network/url_loader_factory.h
+++ b/services/network/url_loader_factory.h
@@ -74,6 +74,7 @@ class URLLoaderFactory : public mojom::URLLoaderFactory {
scoped_refptr<ResourceSchedulerClient> resource_scheduler_client_;
mojo::Remote<mojom::TrustedURLLoaderHeaderClient> header_client_;
mojo::Remote<mojom::CrossOriginEmbedderPolicyReporter> coep_reporter_;
+ mojo::Remote<mojom::TrustedURLLoaderAuthClient> auth_client_;
// |cors_url_loader_factory_| owns this.
cors::CorsURLLoaderFactory* cors_url_loader_factory_;
Reference in a new issue View git blame Copy permalink