From af5bef0aeac784b5f9f8d625487a77759bcee72d Mon Sep 17 00:00:00 2001
From: Mark Pilgrim <43750833+pilgrim-brave@users.noreply.github.com>
Date: Thu, 15 Jun 2023 02:01:19 -0400
Subject: [PATCH] Set reduce-lang origin correctly in service workers (#18756)
* Set reduce-lang origin correctly in service workers
* tests
---
...avigator_languages_farbling_browsertest.cc | 19 ++++++++++++++
...reduce_language_network_delegate_helper.cc | 23 +++++++++++------
.../service-workers-accept-language.html | 21 ++++++++++++++++
.../service-workers-accept-language.js | 25 +++++++++++++++++++
4 files changed, 80 insertions(+), 8 deletions(-)
create mode 100644 test/data/reduce-language/service-workers-accept-language.html
create mode 100644 test/data/reduce-language/service-workers-accept-language.js
diff --git a/browser/farbling/brave_navigator_languages_farbling_browsertest.cc b/browser/farbling/brave_navigator_languages_farbling_browsertest.cc
index 5bf9dd5bda1e..f0cafd47571b 100644
--- a/browser/farbling/brave_navigator_languages_farbling_browsertest.cc
+++ b/browser/farbling/brave_navigator_languages_farbling_browsertest.cc
@@ -329,3 +329,22 @@ IN_PROC_BROWSER_TEST_F(BraveNavigatorLanguagesFarblingBrowserTest,
BlockFingerprinting(domain_y);
ASSERT_TRUE(ui_test_utils::NavigateToURL(browser(), url_y));
}
+
+// Tests results of farbling HTTP Accept-Language header
+IN_PROC_BROWSER_TEST_F(BraveNavigatorLanguagesFarblingBrowserTest,
+ FarbleHTTPAcceptLanguageFromServiceWorker) {
+ std::string domain_b = "b.test";
+ GURL url_b_sw = https_server_.GetURL(
+ domain_b, "/reduce-language/service-workers-accept-language.html");
+
+ // Farbling level: maximum
+ // HTTP Accept-Language header should be farbled by the same across domains,
+ // even if fetch originated from a service worker.
+ SetFingerprintingDefault(domain_b);
+ SetAcceptLanguages("zh-HK,zh,la");
+ SetExpectedHTTPAcceptLanguage("zh-HK,zh;q=0.7");
+ ASSERT_TRUE(ui_test_utils::NavigateToURL(browser(), url_b_sw));
+ std::u16string expected_title(u"LOADED");
+ TitleWatcher watcher(web_contents(), expected_title);
+ EXPECT_EQ(expected_title, watcher.WaitAndGetTitle());
+}
diff --git a/browser/net/brave_reduce_language_network_delegate_helper.cc b/browser/net/brave_reduce_language_network_delegate_helper.cc
index f09dc9c1f1df..fe9c665fa525 100644
--- a/browser/net/brave_reduce_language_network_delegate_helper.cc
+++ b/browser/net/brave_reduce_language_network_delegate_helper.cc
@@ -40,7 +40,7 @@ static constexpr auto kFarbleAcceptLanguageExceptions =
} // namespace
std::string FarbleAcceptLanguageHeader(
- const GURL& tab_origin,
+ const GURL& origin_url,
Profile* profile,
HostContentSettingsMap* content_settings) {
std::string languages = profile->GetPrefs()
@@ -58,7 +58,7 @@ std::string FarbleAcceptLanguageHeader(
brave::FarblingPRNG prng;
if (g_brave_browser_process->brave_farbling_service()
->MakePseudoRandomGeneratorForURL(
- tab_origin, profile && profile->IsOffTheRecord(), &prng)) {
+ origin_url, profile && profile->IsOffTheRecord(), &prng)) {
accept_language_string += kFakeQValues[prng() % kFakeQValues.size()];
}
return accept_language_string;
@@ -73,12 +73,19 @@ int OnBeforeStartTransaction_ReduceLanguageWork(
HostContentSettingsMap* content_settings =
HostContentSettingsMapFactory::GetForProfile(profile);
DCHECK(content_settings);
- if (!brave_shields::ShouldDoReduceLanguage(content_settings, ctx->tab_origin,
+ GURL origin_url(ctx->tab_origin);
+ if (origin_url.is_empty()) {
+ origin_url = ctx->initiator_url;
+ }
+ if (origin_url.is_empty()) {
+ return net::OK;
+ }
+ if (!brave_shields::ShouldDoReduceLanguage(content_settings, origin_url,
profile->GetPrefs())) {
return net::OK;
}
- base::StringPiece tab_origin_host(ctx->tab_origin.host_piece());
- if (kFarbleAcceptLanguageExceptions.contains(tab_origin_host)) {
+ base::StringPiece origin_host(origin_url.host_piece());
+ if (kFarbleAcceptLanguageExceptions.contains(origin_host)) {
return net::OK;
}
@@ -96,7 +103,7 @@ int OnBeforeStartTransaction_ReduceLanguageWork(
std::string accept_language_string;
switch (brave_shields::GetFingerprintingControlType(content_settings,
- ctx->tab_origin)) {
+ origin_url)) {
case ControlType::BLOCK: {
// If fingerprint blocking is maximum, set Accept-Language header to
// static value regardless of other preferences.
@@ -106,8 +113,8 @@ int OnBeforeStartTransaction_ReduceLanguageWork(
case ControlType::DEFAULT: {
// If fingerprint blocking is default, compute Accept-Language header
// based on user preferences and some randomization.
- accept_language_string = FarbleAcceptLanguageHeader(
- ctx->tab_origin, profile, content_settings);
+ accept_language_string =
+ FarbleAcceptLanguageHeader(origin_url, profile, content_settings);
break;
}
default:
diff --git a/test/data/reduce-language/service-workers-accept-language.html b/test/data/reduce-language/service-workers-accept-language.html
new file mode 100644
index 000000000000..c8ff1ad729f6
--- /dev/null
+++ b/test/data/reduce-language/service-workers-accept-language.html
@@ -0,0 +1,21 @@
+
+
+
+
+
+
+
+
+
+
+
diff --git a/test/data/reduce-language/service-workers-accept-language.js b/test/data/reduce-language/service-workers-accept-language.js
new file mode 100644
index 000000000000..350f426c55ef
--- /dev/null
+++ b/test/data/reduce-language/service-workers-accept-language.js
@@ -0,0 +1,25 @@
+// Copyright (c) 2023 The Brave Authors. All rights reserved.
+// This Source Code Form is subject to the terms of the Mozilla Public
+// License, v. 2.0. If a copy of the MPL was not distributed with this file,
+// You can obtain one at https://mozilla.org/MPL/2.0/.
+
+addEventListener('install', function(event) {
+ event.waitUntil(self.skipWaiting()); // Activate worker immediately
+});
+
+addEventListener('activate', function(event) {
+ event.waitUntil(self.clients.claim()); // Become available to all pages
+});
+
+addEventListener('message', (event) => {
+ if (event.data == 'fetch') {
+ fetch('/reduce-language/empty.json')
+ .then(r => r.text())
+ .then(data => {
+ event.source.postMessage('LOADED');
+ })
+ .catch((e) => {
+ event.source.postMessage('FAILED');
+ });
+ }
+});