Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix for CAPTCHA problem in Release channel (1.16.x - already fixed in Chromium 87 upgrade) #6993

Merged
merged 5 commits into from
Nov 2, 2020
Merged

Fix for CAPTCHA problem in Release channel (1.16.x - already fixed in Chromium 87 upgrade) #6993

merged 5 commits into from
Nov 2, 2020

Conversation

bsclifton
Copy link
Member

@bsclifton bsclifton commented Oct 30, 2020
edited by fmarier
Loading

Fixes brave/brave-browser#12359

Test I tried when looking for a fix

I worked back on previous versions of Brave using a simple test:

  1. Fresh profile
  2. Launch Brave + visit paypal.com
  3. Login to real account

After login, you are either shown:
a. SMS 2FA screen (I consider a success)
b. Challenge screen (I consider this a failure)

When did this problem start?

Using this test, I was able to trace the first Release version that broke down to 1.15.72. Using Beta/Dev versions I was able to further narrow that down to:

  • 1.15.56 does NOT have the problem
  • 1.15.59 DOES have the problem

What this PR includes (and why)

What landed between those versions was Chromium 86 with #6195.
In Nightly, the overall problem seems to be gone and Nightly was recently upgraded to Chromium 87 with #6554

In Chromium 86, I saw this commit which caught my eye:
ea29650

In Chromium 87, this was revisited and fixed properly:
0b06833

This PR pulled that in along with the following commit from Chromium 87:
aadceeb

Steps to verify fix

  1. Clone brave-browser
  2. Check out 1.16.x branch
  3. Edit package.json to point at this branch (bsc-1.16.x)
  4. Run npm run init && npm run build -- Release --gn=is_official_build:true
  5. After compile finishes, move your Brave-Browser profile (if you have one) so that you have a clean profile
  6. Launch using npm start -- Release
  7. Try PayPal login (described above)
  8. You should not be shown a CAPTCHA

Submitter Checklist:

Test Plan:

  1. Create an account on https://levalet.com/en/customer/account/login/ with Chrome.
  2. Try to log into https://levalet.com/en/customer/account/login/ using Brave.

If it works, you should see reCAPTCHA underneath the login form:
Screenshot from 2020-11-02 10-33-04

If it fails, you'll see this error message after submitting the login form:
Screenshot from 2020-11-02 10-30-21

Reviewer Checklist:

  • New files have MPL-2.0 license header.
  • Request a security/privacy review as needed.
  • Adequate test coverage exists to prevent regressions
  • Verify test plan is specified in PR before merging to source

After-merge Checklist:

  • The associated issue milestone is set to the smallest version that the
    changes has landed on.
  • All relevant documentation has been updated.

@bsclifton bsclifton self-assigned this Oct 30, 2020
antonok-edm
antonok-edm reviewed Oct 31, 2020
View reviewed changes
Copy link
Collaborator

@antonok-edm antonok-edm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I built and confirmed that this fixed the captcha issues we've been seeing (at least for me!)

mariospr and others added 2 commits November 1, 2020 10:22
@mariospr @bsclifton
Drop references to kBlockThirdPartyCookies, handled by CookieControls…
3a83d32 
…Mode

Chromium change:

https://chromium.googlesource.com/chromium/src/+/b1917744868247ea5103eb2ca903be8c3a27b51f

commit b1917744868247ea5103eb2ca903be8c3a27b51f
Author: Christian Dullweber <dullweber@chromium.org>
Date:   Thu Sep 3 17:55:57 2020 +0000

    Reland "Remove BlockThirdPartyCookies preference"

    This is a reland of 1180542ba81582ea964e4ee7fe32f439462fb245

    The internal CL is rolled in now. Let's try again...

    Original change's description:
    > Remove BlockThirdPartyCookies preference
    >
    > The boolean BlockThirdPartyCookies preference was replaced by
    > CookieControlsMode enum. Existing settings were migrated since M83.
    > Since all usage of the preference has been removed, the preference
    > can be removed and existing settings cleared.
    >
    > Bug: 1104836
    > Change-Id: Ie6e38b0a424981395c627459d684030ea84a58b7
    > Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2387805
    > Reviewed-by: Balazs Engedy <engedy@chromium.org>
    > Reviewed-by: Gabriel Charette <gab@chromium.org>
    > Commit-Queue: Christian Dullweber <dullweber@chromium.org>
    > Cr-Commit-Position: refs/heads/master@{#803844}

    Tbr: engedy@chromium.org, gab@chromium.org
    Bug: 1104836, 1124326
@mkarolin @bsclifton
Remove override of use_blink_v8_binding_new_idl_interface.
6947c62 
The override was added in
ea29650
due to build errors like

gen/third_party/blink/renderer/bindings/modules/v8/v8_shared_worker_global_scope.cc:4614:34: error: no member named 'isReportingObserversEnabled' in 'blink::ContextFeatureSettings'
       context_feature_settings->isReportingObserversEnabled())) {
       ~~~~~~~~~~~~~~~~~~~~~~~~  ^
1 error generated.

As it turns out, the error were due to us making ReportingObservers
ContextEnabled in this change:
https://github.com/brave/brave-core/pull/4578/files

To fix added missing methods to blink::ContextFeatureSettings similarly
to how MojoJS is handled.
@bsclifton bsclifton force-pushed the bsc-1.16.x branch 2 times, most recently from b4d375a to 6da803a Compare November 1, 2020 22:41
mariospr and others added 3 commits November 1, 2020 15:43
@mariospr @bsclifton
Use full relative path to Brave module files from generated V8 bindings
b6ffcd4 
The new IDL compiler removes the ../../ prefix for include files in an
attempt to "canonicalize the paths heuristically", which works well for
modules under //third_party/blink/renderer/modules.

Unfortunately, that does not work well with our Brave module since it
lives under //brave/third_party/blink/renderer/modules, and the prefix
needs to be kept so that header files can be correctly included from
the generated sources' directory.

This patch adapts the python code that does this adjustment so that
it does not remove the prefix for Brave-specific files.
@mariospr @bsclifton
List generated V8 bindings for Brave module in generated_in_modules.gni
e022413 
With the new IDL compiler, every source file related to a Blink module
needs to be listed here so that the right symbols get properly exposed
and we don't find build errors like the following one while linking:

  ld.lld: error: undefined symbol: blink::Brave::wrapper_type_info_
  >>> referenced by navigator_brave.cc
  >>>               obj/brave/third_party/blink/renderer/modules/brave/brave/navigator_brave.o:(blink::Brave::GetWrapperTypeInfo() const)

This patch adds v8_brave.{h,cc} to the list so that we can keep
building the Brave module with the new IDL compiler enabled, which
is the default upstream now.
@mkarolin @bsclifton
Minimized patching of composition_parts.py.
584201d
@bsclifton bsclifton changed the title DO NOT MERGE - proof of concept / WIP Fix for CAPTCHA problem in Release channel (1.16.x - already fixed in Chromium 87 upgrade) Nov 2, 2020
@bsclifton bsclifton closed this Nov 2, 2020
@bsclifton bsclifton reopened this Nov 2, 2020
mariospr
mariospr approved these changes Nov 2, 2020
View reviewed changes
Copy link
Contributor

@mariospr mariospr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was not aware of this being an issue but, now I saw this PR, it reminded me that lately I "had the feeling" that I was seeing more captcha challenges than what I recalled in the past... and this PR fixed that for me as well (at least in the cases I normally saw them, in www.correos.es > "Localizar Envío"). LGTM!

@iefremov
Copy link
Contributor

iefremov commented Nov 2, 2020

Can't test it myself - don't have a paypal account - but changes look fine

@bsclifton
Copy link
Member Author

CI looks good on all platforms (ex: lint/build/unit and browser tests all passed)

Only problem is audit-deps which @jumde fixed already in master (uplift available to 1.16.x here)

Audit deps issue:

@bsclifton bsclifton merged commit 9633d81 into 1.16.x Nov 2, 2020
@bsclifton bsclifton deleted the bsc-1.16.x branch November 2, 2020 16:49
@bsclifton bsclifton added this to the 1.16.x - Release #3 milestone Nov 2, 2020
This was referenced Nov 2, 2020
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mariospr mariospr mariospr approved these changes

@iefremov iefremov iefremov approved these changes

@antonok-edm antonok-edm antonok-edm approved these changes

@bridiver bridiver Awaiting requested review from bridiver bridiver is a code owner

@mkarolin mkarolin Awaiting requested review from mkarolin

@pes10k pes10k Awaiting requested review from pes10k

Assignees

@bsclifton bsclifton

Labels
None yet
Projects
None yet
Milestone
1.16.x - Release #3
Development

Successfully merging this pull request may close these issues.
5 participants
@bsclifton @iefremov @mariospr @antonok-edm @mkarolin