Removal of geolocation APIs on insecure origins

This disallows the geolocation APIs getCurrentPosition() and watchPosition() from being used on insecure origins. Adds a console warning message that the API call has failed because of this. Note that this is a re-land of https://codereview.chromium.org/1485973002/. See that CL for full discussion. BUG=520765, 561641 [email protected],[email protected],[email protected],[email protected] Review URL: https://codereview.chromium.org/1530403002 Cr-Commit-Position: refs/heads/master@{#370185}
crosswalk-project · Jan 19, 2016 · 9d4ca2d · 9d4ca2d
1 parent 5dc7e94
commit 9d4ca2d
Show file tree

Hide file tree

Showing 17 changed files with 97 additions and 84 deletions.
diff --git a/android_webview/javatests/src/org/chromium/android_webview/test/GeolocationTest.java b/android_webview/javatests/src/org/chromium/android_webview/test/GeolocationTest.java
@@ -123,8 +123,8 @@ public Boolean call() throws Exception {
     @Feature({"AndroidWebView"})
     public void testGetPosition() throws Throwable {
         initAwContents(new GrantPermisionAwContentClient());
-        loadDataSync(mAwContents, mContentsClient.getOnPageFinishedHelper(),
-                RAW_HTML, "text/html", false);
+        loadDataWithBaseUrlSync(mAwContents, mContentsClient.getOnPageFinishedHelper(), RAW_HTML,
+                "text/html", false, "https://google.com/", "about:blank");
 
         mAwContents.evaluateJavaScriptForTests("initiate_getCurrentPosition();", null);
 
@@ -151,8 +151,8 @@ public Boolean call() throws Exception {
     @Feature({"AndroidWebView"})
     public void testWatchPosition() throws Throwable {
         initAwContents(new GrantPermisionAwContentClient());
-        loadDataSync(mAwContents, mContentsClient.getOnPageFinishedHelper(),
-                RAW_HTML, "text/html", false);
+        loadDataWithBaseUrlSync(mAwContents, mContentsClient.getOnPageFinishedHelper(), RAW_HTML,
+                "text/html", false, "https://google.com/", "about:blank");
 
         mAwContents.evaluateJavaScriptForTests("initiate_watchPosition();", null);
 
@@ -169,8 +169,8 @@ public Boolean call() throws Exception {
     public void testPauseGeolocationOnPause() throws Throwable {
         initAwContents(new GrantPermisionAwContentClient());
         // Start a watch going.
-        loadDataSync(mAwContents, mContentsClient.getOnPageFinishedHelper(),
-                RAW_HTML, "text/html", false);
+        loadDataWithBaseUrlSync(mAwContents, mContentsClient.getOnPageFinishedHelper(), RAW_HTML,
+                "text/html", false, "https://google.com/", "about:blank");
 
         mAwContents.evaluateJavaScriptForTests("initiate_watchPosition();", null);
 
@@ -228,8 +228,8 @@ public void run() {
         });
 
         // Start a watch going.
-        loadDataSync(mAwContents, mContentsClient.getOnPageFinishedHelper(),
-                RAW_HTML, "text/html", false);
+        loadDataWithBaseUrlSync(mAwContents, mContentsClient.getOnPageFinishedHelper(), RAW_HTML,
+                "text/html", false, "https://google.com/", "about:blank");
 
         mAwContents.evaluateJavaScriptForTests("initiate_watchPosition();", null);
 
@@ -265,8 +265,8 @@ public void run() {
             }
         });
 
-        loadDataSync(mAwContents, mContentsClient.getOnPageFinishedHelper(),
-                RAW_HTML, "text/html", false);
+        loadDataWithBaseUrlSync(mAwContents, mContentsClient.getOnPageFinishedHelper(), RAW_HTML,
+                "text/html", false, "https://google.com/", "about:blank");
 
         getInstrumentation().runOnMainSync(new Runnable() {
             @Override
@@ -282,8 +282,8 @@ public void run() {
     @SmallTest
     public void testDenyAccessByDefault() throws Throwable {
         initAwContents(new DefaultPermisionAwContentClient());
-        loadDataSync(mAwContents, mContentsClient.getOnPageFinishedHelper(),
-                RAW_HTML, "text/html", false);
+        loadDataWithBaseUrlSync(mAwContents, mContentsClient.getOnPageFinishedHelper(), RAW_HTML,
+                "text/html", false, "https://google.com/", "about:blank");
 
         mAwContents.evaluateJavaScriptForTests("initiate_getCurrentPosition();", null);
 

diff --git a/android_webview/native/aw_settings.cc b/android_webview/native/aw_settings.cc
@@ -433,6 +433,10 @@ void AwSettings::PopulateWebPreferencesLocked(JNIEnv* env,
       Java_AwSettings_getFullscreenSupportedLocked(env, obj);
   web_prefs->record_whole_document =
       Java_AwSettings_getRecordFullDocument(env, obj);
+
+  // TODO(jww): This should be removed once sufficient warning has been given of
+  // possible API breakage because of disabling insecure use of geolocation.
+  web_prefs->allow_geolocation_on_insecure_origins = true;
 }
 
 static jlong Init(JNIEnv* env,

diff --git a/chrome/browser/geolocation/geolocation_permission_context.cc b/chrome/browser/geolocation/geolocation_permission_context.cc
@@ -89,5 +89,5 @@ void GeolocationPermissionContext::UpdateTabContext(
 }
 
 bool GeolocationPermissionContext::IsRestrictedToSecureOrigins() const {
-  return false;
+  return true;
 }
diff --git a/chrome/browser/geolocation/geolocation_permission_context_unittest.cc b/chrome/browser/geolocation/geolocation_permission_context_unittest.cc
@@ -385,7 +385,7 @@ base::string16 GeolocationPermissionContextTests::GetPromptText() {
 // Tests ----------------------------------------------------------------------
 
 TEST_F(GeolocationPermissionContextTests, SinglePermissionBubble) {
-  GURL requesting_frame("http://www.example.com/geolocation");
+  GURL requesting_frame("https://www.example.com/geolocation");
   NavigateAndCommit(requesting_frame);
   BubbleManagerDocumentLoadCompleted();
 
@@ -395,9 +395,21 @@ TEST_F(GeolocationPermissionContextTests, SinglePermissionBubble) {
   ASSERT_EQ(1U, GetNumberOfPrompts());
 }
 
+TEST_F(GeolocationPermissionContextTests,
+       SinglePermissionBubbleFailsOnInsecureOrigin) {
+  GURL requesting_frame("http://www.example.com/geolocation");
+  NavigateAndCommit(requesting_frame);
+  BubbleManagerDocumentLoadCompleted();
+
+  EXPECT_EQ(0U, GetNumberOfPrompts());
+  RequestGeolocationPermission(web_contents(), RequestID(0), requesting_frame,
+                               true);
+  ASSERT_EQ(0U, GetNumberOfPrompts());
+}
+
 #if BUILDFLAG(ANDROID_JAVA_UI)
 TEST_F(GeolocationPermissionContextTests, SinglePermissionInfobar) {
-  GURL requesting_frame("http://www.example.com/geolocation");
+  GURL requesting_frame("https://www.example.com/geolocation");
   NavigateAndCommit(requesting_frame);
   EXPECT_EQ(0U, infobar_service()->infobar_count());
   RequestGeolocationPermission(
@@ -415,7 +427,7 @@ TEST_F(GeolocationPermissionContextTests, SinglePermissionInfobar) {
 
 // Infobar-only tests; Android doesn't support permission bubbles.
 TEST_F(GeolocationPermissionContextTests, GeolocationEnabledDisabled) {
-  GURL requesting_frame("http://www.example.com/geolocation");
+  GURL requesting_frame("https://www.example.com/geolocation");
   NavigateAndCommit(requesting_frame);
   MockLocationSettings::SetLocationStatus(true, true);
   EXPECT_EQ(0U, infobar_service()->infobar_count());
@@ -437,7 +449,7 @@ TEST_F(GeolocationPermissionContextTests, GeolocationEnabledDisabled) {
 }
 
 TEST_F(GeolocationPermissionContextTests, MasterEnabledGoogleAppsEnabled) {
-  GURL requesting_frame("http://www.example.com/geolocation");
+  GURL requesting_frame("https://www.example.com/geolocation");
   NavigateAndCommit(requesting_frame);
   MockLocationSettings::SetLocationStatus(true, true);
   EXPECT_EQ(0U, infobar_service()->infobar_count());
@@ -453,7 +465,7 @@ TEST_F(GeolocationPermissionContextTests, MasterEnabledGoogleAppsEnabled) {
 }
 
 TEST_F(GeolocationPermissionContextTests, MasterEnabledGoogleAppsDisabled) {
-  GURL requesting_frame("http://www.example.com/geolocation");
+  GURL requesting_frame("https://www.example.com/geolocation");
   NavigateAndCommit(requesting_frame);
   MockLocationSettings::SetLocationStatus(true, false);
   EXPECT_EQ(0U, infobar_service()->infobar_count());
@@ -464,8 +476,8 @@ TEST_F(GeolocationPermissionContextTests, MasterEnabledGoogleAppsDisabled) {
 #endif
 
 TEST_F(GeolocationPermissionContextTests, QueuedPermission) {
-  GURL requesting_frame_0("http://www.example.com/geolocation");
-  GURL requesting_frame_1("http://www.example-2.com/geolocation");
+  GURL requesting_frame_0("https://www.example.com/geolocation");
+  GURL requesting_frame_1("https://www.example-2.com/geolocation");
   EXPECT_EQ(
       CONTENT_SETTING_ASK,
       GetGeolocationContentSetting(requesting_frame_0, requesting_frame_1));
@@ -530,8 +542,8 @@ TEST_F(GeolocationPermissionContextTests, QueuedPermission) {
 }
 
 TEST_F(GeolocationPermissionContextTests, HashIsIgnored) {
-  GURL url_a("http://www.example.com/geolocation#a");
-  GURL url_b("http://www.example.com/geolocation#b");
+  GURL url_a("https://www.example.com/geolocation#a");
+  GURL url_b("https://www.example.com/geolocation#b");
 
   // Navigate to the first url.
   NavigateAndCommit(url_a);
@@ -597,8 +609,8 @@ TEST_F(GeolocationPermissionContextTests, MAYBE_PermissionForFileScheme) {
 }
 
 TEST_F(GeolocationPermissionContextTests, CancelGeolocationPermissionRequest) {
-  GURL frame_0("http://www.example.com/geolocation");
-  GURL frame_1("http://www.example-2.com/geolocation");
+  GURL frame_0("https://www.example.com/geolocation");
+  GURL frame_1("https://www.example-2.com/geolocation");
   EXPECT_EQ(
       CONTENT_SETTING_ASK, GetGeolocationContentSetting(frame_0, frame_0));
   EXPECT_EQ(
@@ -662,8 +674,8 @@ TEST_F(GeolocationPermissionContextTests, InvalidURL) {
 }
 
 TEST_F(GeolocationPermissionContextTests, SameOriginMultipleTabs) {
-  GURL url_a("http://www.example.com/geolocation");
-  GURL url_b("http://www.example-2.com/geolocation");
+  GURL url_a("https://www.example.com/geolocation");
+  GURL url_b("https://www.example-2.com/geolocation");
   NavigateAndCommit(url_a);  // Tab A0
   AddNewTab(url_b);          // Tab B (extra_tabs_[0])
   AddNewTab(url_a);          // Tab A1 (extra_tabs_[1])
@@ -723,8 +735,8 @@ TEST_F(GeolocationPermissionContextTests, SameOriginMultipleTabs) {
 }
 
 TEST_F(GeolocationPermissionContextTests, QueuedOriginMultipleTabs) {
-  GURL url_a("http://www.example.com/geolocation");
-  GURL url_b("http://www.example-2.com/geolocation");
+  GURL url_a("https://www.example.com/geolocation");
+  GURL url_b("https://www.example-2.com/geolocation");
   NavigateAndCommit(url_a);  // Tab A0.
   AddNewTab(url_a);          // Tab A1.
 #if !BUILDFLAG(ANDROID_JAVA_UI)
@@ -798,8 +810,8 @@ TEST_F(GeolocationPermissionContextTests, QueuedOriginMultipleTabs) {
 }
 
 TEST_F(GeolocationPermissionContextTests, TabDestroyed) {
-  GURL requesting_frame_0("http://www.example.com/geolocation");
-  GURL requesting_frame_1("http://www.example-2.com/geolocation");
+  GURL requesting_frame_0("https://www.example.com/geolocation");
+  GURL requesting_frame_1("https://www.example-2.com/geolocation");
   EXPECT_EQ(
       CONTENT_SETTING_ASK,
       GetGeolocationContentSetting(requesting_frame_0, requesting_frame_0));
@@ -837,7 +849,7 @@ TEST_F(GeolocationPermissionContextTests, TabDestroyed) {
 }
 
 TEST_F(GeolocationPermissionContextTests, LastUsageAudited) {
-  GURL requesting_frame("http://www.example.com/geolocation");
+  GURL requesting_frame("https://www.example.com/geolocation");
   NavigateAndCommit(requesting_frame);
   BubbleManagerDocumentLoadCompleted();
 
@@ -889,8 +901,8 @@ TEST_F(GeolocationPermissionContextTests, LastUsageAuditedMultipleFrames) {
       HostContentSettingsMapFactory::GetForProfile(profile());
   map->SetPrefClockForTesting(scoped_ptr<base::Clock>(test_clock));
 
-  GURL requesting_frame_0("http://www.example.com/geolocation");
-  GURL requesting_frame_1("http://www.example-2.com/geolocation");
+  GURL requesting_frame_0("https://www.example.com/geolocation");
+  GURL requesting_frame_1("https://www.example-2.com/geolocation");
 
   // The permission shouldn't have been used yet.
   EXPECT_EQ(map->GetLastUsage(requesting_frame_0.GetOrigin(),

diff --git a/content/public/common/common_param_traits_macros.h b/content/public/common/common_param_traits_macros.h
@@ -168,6 +168,7 @@ IPC_STRUCT_TRAITS_BEGIN(content::WebPreferences)
   IPC_STRUCT_TRAITS_MEMBER(disable_reading_from_canvas)
   IPC_STRUCT_TRAITS_MEMBER(strict_mixed_content_checking)
   IPC_STRUCT_TRAITS_MEMBER(strict_powerful_feature_restrictions)
+  IPC_STRUCT_TRAITS_MEMBER(allow_geolocation_on_insecure_origins)
   IPC_STRUCT_TRAITS_MEMBER(strictly_block_blockable_mixed_content)
   IPC_STRUCT_TRAITS_MEMBER(block_mixed_plugin_content)
   IPC_STRUCT_TRAITS_MEMBER(enable_scroll_animator)

diff --git a/content/public/common/content_switches.cc b/content/public/common/content_switches.cc
@@ -456,8 +456,8 @@ const char kEnableStatsTable[]              = "enable-stats-table";
 const char kEnableStrictMixedContentChecking[] =
     "enable-strict-mixed-content-checking";
 
-// Blocks insecure usage of number of powerful features (geolocation, for
-// example) that we haven't yet deprecated for the web at large.
+// Blocks insecure usage of a number of powerful features (device orientation,
+// for example) that we haven't yet deprecated for the web at large.
 const char kEnableStrictPowerfulFeatureRestrictions[] =
     "enable-strict-powerful-feature-restrictions";
 

diff --git a/content/public/common/web_preferences.cc b/content/public/common/web_preferences.cc
@@ -123,6 +123,7 @@ WebPreferences::WebPreferences()
       disable_reading_from_canvas(false),
       strict_mixed_content_checking(false),
       strict_powerful_feature_restrictions(false),
+      allow_geolocation_on_insecure_origins(false),
       strictly_block_blockable_mixed_content(false),
       block_mixed_plugin_content(false),
       password_echo_enabled(false),

diff --git a/content/public/common/web_preferences.h b/content/public/common/web_preferences.h
@@ -135,9 +135,11 @@ struct CONTENT_EXPORT WebPreferences {
   // requested (thereby preventing user override).
   bool strict_mixed_content_checking;
   // Strict powerful feature restrictions block insecure usage of powerful
-  // features (like geolocation) that we haven't yet disabled for the web at
-  // large.
+  // features (like device orientation) that we haven't yet disabled for the web
+  // at large.
   bool strict_powerful_feature_restrictions;
+  // TODO(jww): Remove when WebView no longer needs this exception.
+  bool allow_geolocation_on_insecure_origins;
   // Disallow user opt-in for blockable mixed content.
   bool strictly_block_blockable_mixed_content;
   bool block_mixed_plugin_content;

diff --git a/content/renderer/render_view_impl.cc b/content/renderer/render_view_impl.cc
@@ -1004,6 +1004,8 @@ void RenderView::ApplyWebPreferences(const WebPreferences& prefs,
 
   settings->setStrictPowerfulFeatureRestrictions(
       prefs.strict_powerful_feature_restrictions);
+  settings->setAllowGeolocationOnInsecureOrigins(
+      prefs.allow_geolocation_on_insecure_origins);
   settings->setPasswordEchoEnabled(prefs.password_echo_enabled);
   settings->setShouldPrintBackgrounds(prefs.should_print_backgrounds);
   settings->setShouldClearDocumentBackground(

diff --git a/...ecurity/powerfulFeatureRestrictions/old-powerful-features-on-insecure-origin-expected.txt b/...ecurity/powerfulFeatureRestrictions/old-powerful-features-on-insecure-origin-expected.txt
@@ -1,14 +1,14 @@
-CONSOLE WARNING: getCurrentPosition() and watchPosition() are deprecated on insecure origins, and support will be removed in the future. You should consider switching your application to a secure origin, such as HTTPS. See https://goo.gl/rStTGz for more details.
 CONSOLE WARNING: The devicemotion event is deprecated on insecure origins, and support will be removed in the future. You should consider switching your application to a secure origin, such as HTTPS. See https://goo.gl/rStTGz for more details.
 CONSOLE WARNING: The deviceorientation event is deprecated on insecure origins, and support will be removed in the future. You should consider switching your application to a secure origin, such as HTTPS. See https://goo.gl/rStTGz for more details.
+CONSOLE WARNING: getCurrentPosition() and watchPosition() are deprecated on insecure origins. To use this feature, you should consider switching your application to a secure origin, such as HTTPS. See https://goo.gl/rStTGz for more details.
 CONSOLE WARNING: getUserMedia() no longer works on insecure origins. To use this feature, you should consider switching your application to a secure origin, such as HTTPS. See https://goo.gl/rStTGz for more details.
 CONSOLE WARNING: requestMediaKeySystemAccess() is deprecated on insecure origins in the specification. Support will be removed in the future. You should consider switching your application to a secure origin, such as HTTPS. See https://goo.gl/rStTGz for more details.
 This is a testharness.js-based test.
-PASS getCurrentPosition 
-PASS watchPosition 
 PASS device motion 
 PASS device orientation 
 PASS requestMediaKeySystemAccess 
+PASS getCurrentPosition 
+PASS watchPosition 
 PASS navigator.webkitGetUserMedia 
 PASS navigator.mediaDevices.getUserMedia 
 Harness: the test ran to completion.

diff --git a/.../tests/security/powerfulFeatureRestrictions/old-powerful-features-on-insecure-origin.html b/.../tests/security/powerfulFeatureRestrictions/old-powerful-features-on-insecure-origin.html
@@ -29,55 +29,39 @@
 
     // Tests for APIs that are deprecated, but still allowed, on
     // insecure origins
-    async_test(function() {
-        navigator.geolocation.getCurrentPosition(
-            this.step_func(function() {
-                this.done();
-            }),
-            this.step_func(function(error) {
-                assert_unreached('getCurrentPosition should succeed, but failed.');
-                this.done();
-            }));
-    }, 'getCurrentPosition');
-
-    // Note that the deprecation message for watchPosition() will be supressed
-    // because it is an exact duplicate of the getCurrentPosition() message.
-    // Thus, this test is really to confirm that it still executes.
-    async_test(function() {
-        navigator.geolocation.watchPosition(
-            this.step_func(function() {
-                this.done();
-            }),
-            this.step_func(function(error) {
-                assert_unreached('watchPosition should succeed, but failed.');
-                this.done();
-            }));
-    }, 'watchPosition');
-
     async_test(function() {
         testRunner.setMockDeviceMotion(true, 0, true, 0, true, 0,
                                        true, 0, true, 0, true, 0,
                                        true, 0, true, 0, true, 0,
                                        0);
-
-        window.addEventListener('devicemotion', this.step_func(function() {
-            this.done();
-        }));
+        window.addEventListener('devicemotion', this.step_func_done());
     }, 'device motion');
 
     async_test(function() {
         testRunner.setMockDeviceOrientation(11.1, 22.2, 33.3, true);
-
-        window.addEventListener('deviceorientation', this.step_func(function() {
-            this.done();
-        }));
+        window.addEventListener('deviceorientation', this.step_func_done());
     }, 'device orientation');
 
     promise_test(function(test) {
         return navigator.requestMediaKeySystemAccess('org.w3.clearkey', [{}]);
     }, 'requestMediaKeySystemAccess');
 
     // Tests for APIs that have been turned off on insecure origins
+    async_test(function() {
+        navigator.geolocation.getCurrentPosition(
+            this.unreached_func('getCurrentPosition should fail, but succeeded.'),
+            this.step_func_done());
+    }, 'getCurrentPosition');
+
+    // Note that the deprecation message for watchPosition() will be suppressed
+    // because it is an exact duplicate of the getCurrentPosition() message.
+    // Thus, this test is really to confirm that it still executes (and fails).
+    async_test(function() {
+        navigator.geolocation.watchPosition(
+            this.unreached_func('watchPosition should fail, but succeeded.'),
+            this.step_func_done());
+    }, 'watchPosition');
+
     async_test(function() {
         navigator.webkitGetUserMedia({ audio: true, video: true },
             this.unreached_func('navigator.webkitGetUserMedia should call the error callback, but called the success callback instead.'),

diff --git a/third_party/WebKit/Source/core/frame/Settings.in b/third_party/WebKit/Source/core/frame/Settings.in
@@ -332,6 +332,7 @@ strictMixedContentChecking initial=false
 strictMixedContentCheckingForPlugin initial=false
 strictPowerfulFeatureRestrictions initial=false
 strictlyBlockBlockableMixedContent initial=false
+allowGeolocationOnInsecureOrigins initial=false
 logDnsPrefetchAndPreconnect initial=false
 logPreload initial=false
 

diff --git a/third_party/WebKit/Source/core/frame/UseCounter.cpp b/third_party/WebKit/Source/core/frame/UseCounter.cpp
@@ -899,7 +899,11 @@ String UseCounter::deprecationMessage(Feature feature)
         return "The deviceorientationabsolute event is deprecated on insecure origins, and support will be removed in the future. You should consider switching your application to a secure origin, such as HTTPS. See https://goo.gl/rStTGz for more details.";
 
     case GeolocationInsecureOrigin:
-        return "getCurrentPosition() and watchPosition() are deprecated on insecure origins, and support will be removed in the future. You should consider switching your application to a secure origin, such as HTTPS. See https://goo.gl/rStTGz for more details.";
+        // TODO(jww): This message should be made less ambigous after WebView
+        // is fixed so geolocation can be removed there. After that, this
+        // should be updated to read similarly to GetUserMediaInsecureOrigin's
+        // message.
+        return "getCurrentPosition() and watchPosition() are deprecated on insecure origins. To use this feature, you should consider switching your application to a secure origin, such as HTTPS. See https://goo.gl/rStTGz for more details.";
 
     case GetUserMediaInsecureOrigin:
         return "getUserMedia() no longer works on insecure origins. To use this feature, you should consider switching your application to a secure origin, such as HTTPS. See https://goo.gl/rStTGz for more details.";